Documents the 2026-05-03 session covering registry page crashes,
logout 405, wrong password hash format, and the left sidebar
navigation refactor. Includes wall-clock profiling per build and
five improvement suggestions (GHCi loop, Nix cache, package split,
Tailwind safelist, IHP NameSupport rename strategy).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
flex-col and flex-1 were absent from the compiled prod.css (Tailwind only
bundles classes that appeared in templates at build time; these were new).
The body ended up as flex-row, placing the top nav beside the sidebar
instead of above it.
Replace Tailwind layout-structural classes with inline styles on body and
the sidebar wrapper so the column layout is independent of the CSS bundle.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Move all operational links out of the top nav and into a grouped left
sidebar (192px). Top nav retains only the inter-hub logo (left) and
About / Tutorial / Extend / Sign out (right). Sidebar groups:
Core, Governance, Intelligence, Platform, Registry, API & Market.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
IHP NameSupport cannot parse trailing-underscore field names at runtime.
orderByAsc #label_ in all four registry list actions (and the API V2
equivalents) crashed the page with ParseErrorBundle. Changed to orderByAsc
#name which avoids the NameSupport conversion path entirely.
textField #label_ in the four registry form views has the same issue.
Replaced with a plain <input> element that reads entry.label_ directly.
Logout <a href={DeleteSessionAction}> sent GET but IHP requires DELETE.
IHP includes methodOverridePost middleware, so a POST form with
_method=DELETE handles this correctly.
Also corrected the seed admin-user migration hash from bcrypt to the
pwstore-fast format (sha256|17|...) that IHP actually uses.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The Helm init container used /bin/RunProdServer which doesn't exist in IHP's
Nix Docker image (binary is at a Nix store path). Additionally, IHP v1.5's
RunProdServer starts the server after migrating — it never exits — so init
containers are the wrong pattern. IHP applies schema changes on startup.
Changes:
- Remove initContainers block from deployment.yaml entirely
- Set runMigrations: false as default in values.yaml
- Update RUNBOOK.md with correct skopeo push procedure (pre-fetch bearer token
to work around Gitea's misconfigured token realm URL: port 80 vs actual 32166)
- Add note that the Nix image has no /bin/sh or /bin/RunProdServer wrapper
k3s registry auth: credentials added to /etc/rancher/k3s/registries.yaml and
iptables DNAT rule added on Railiance01 (92.205.130.254:80 → 32166) so the
ACME token realm redirect works. hub.coulomb.social DNS A record still needed.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The inter-hub-lib postUnpack that expanded `import Generated.Types` to
119 individual imports was incorrect: it deleted `module Generated.Types`
from Prelude export lists without replacing it, so consumers of the
Prelude lost all entity types (Build 32: GHC-76037 not-in-scope errors).
Fix: keep Generated.Types as a real module in inter-hub-models (remove the
empty stub). With the ActualTypes.hi fix already in place (explicit T(..)
exports), the cascade is shallow: each entity .hi is compact, so
Generated.Types.hi stays well under GHC's 274 MB limit. This makes
`import Generated.Types` work normally throughout inter-hub-lib without
any source patching.
The entire inter-hub-lib overrideAttrs block is removed; the
inter-hub-models overlay now only rewrites ActualTypes.hs.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Root cause: libHSghc-9.10.3-5702.a (287,768,576 bytes) has its last AR
entry (Expr.o) claiming 517,544 bytes but only 82,258 bytes remain —
the archive is truncated. GHC's internal readAr (Data.Binary.Get) panics
at position 287,686,318 when it tries to read the full claimed size.
The truncated .a is read lazily: IHP's TH splices queue a dependency on
the ghc package, which flushes to readAr after all 477 modules compile.
This explains the invariant crash at [477 of 477] WidgetVersionInclude.
ghc-iserv-dyn is not exposed in ghc-with-packages/bin/ (why
-fexternal-interpreter alone silently fell back to the internal linker).
Use -pgmi with the absolute path in the unwrapped GHC store to force
iserv-dyn, which uses dlopen on libHSghc.so (intact, 110 MB) instead
of readAr on the truncated .a. No crash.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
