Compare commits

...

6 Commits

Author SHA1 Message Date
6572a2ac99 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-03:
  - update .custodian-brief.md for ops-bridge
2026-07-03 18:52:51 +02:00
ce0aa728b1 tunnels: optional remote_host forward destination (default 127.0.0.1)
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 14:18:18 +02:00
00671f5133 Normalize agent instructions and workplan frontmatter (STATE-WP-0067)
- Align agent files with on-disk workplan prefixes (infer from workplan ids)
- Set workplan domain to registered domain_slug; add topic_slug where applicable
- Repair frontmatter delimiter formatting; migrate legacy task status literals
- Regenerate AGENTS.md, CLAUDE.md, and .claude/rules from State Hub templates
2026-06-22 23:16:27 +02:00
09f2cd4b7a Mark .repo-classification.yaml human-reviewed (CUST-WP-0050 T02)
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 11:40:44 +02:00
c3b4fb9d55 Reclassify as tooling (CUST-WP-0050 T02)
Apply the new 'tooling' category (reusable internal tooling/infrastructure)
from the Repo Classification Standard. First-pass agent classification.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 03:06:02 +02:00
fab7409c66 Add repo classification (CUST-WP-0050 T02)
First-pass agent classification per the Repo Classification Standard v1.0
(canon-repo-classification); pending human review.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 02:44:47 +02:00
18 changed files with 95 additions and 34 deletions

View File

@@ -1,11 +1,11 @@
## First Session Protocol
Triggered when `get_domain_summary("custodian")` shows **no workstreams**.
Triggered when `get_domain_summary("infotech")` shows **no workstreams**.
The project is registered but work has not yet been structured.
**Step 1 — Read, don't write**
- `~/the-custodian/canon/projects/custodian/project_charter_v0.1.md` — purpose, scope
- `~/the-custodian/canon/projects/custodian/roadmap_v0.1.md` — planned phases
- `~/the-custodian/canon/projects/infotech/project_charter_v0.1.md` — purpose, scope
- `~/the-custodian/canon/projects/infotech/roadmap_v0.1.md` — planned phases
- Scan repo root: README, directory structure, existing code or docs
**Step 2 — Survey in-progress work**
@@ -17,7 +17,7 @@ roadmap phase. **Wait for approval before creating.**
**Step 4 — Create workplan file first, then DB record (ADR-001)**
```
workplans/ops-bridge-WP-NNNN-<slug>.md ← write this first
workplans/BRIDGE-WP-NNNN-<slug>.md ← write this first
```
Then register in the hub:
```
@@ -28,7 +28,7 @@ create_task(workstream_id="<id>", title="...", priority="high|medium|low")
**Step 5 — Record the setup**
```
add_progress_event(
summary="First session: structured custodian into N workstreams, M tasks",
summary="First session: structured infotech into N workstreams, M tasks",
event_type="milestone",
topic_id="cee7bedf-2b48-46ef-8601-006474f2ad7a",
detail={"workstreams": [...], "tasks_created": M}

View File

@@ -1,5 +1,5 @@
**Purpose:** SSH reverse tunnel lifecycle manager. Keeps remote execution environments (COULOMBCORE, Railiance nodes) connected to the local state hub. Small CLI tool: bridge up/down/status/logs per named tunnel config.
**Domain:** custodian
**Domain:** infotech
**Repo slug:** ops-bridge
**Topic ID:** cee7bedf-2b48-46ef-8601-006474f2ad7a

View File

@@ -1,6 +1,7 @@
## Session Protocol
State Hub: http://127.0.0.1:8000
Dev Hub (State Hub API): http://127.0.0.1:8000
MCP server name in `~/.claude.json`: `dev-hub`
**Step 1 — Orient**
@@ -10,7 +11,7 @@ cat .custodian-brief.md
```
Then call the MCP tool for richer cross-domain context when MCP tools are exposed:
```
get_domain_summary("custodian")
get_domain_summary("infotech")
```
If MCP tools are unavailable in the current agent session, use the REST API:
```bash
@@ -39,11 +40,11 @@ curl -s -X PATCH "http://127.0.0.1:8000/messages/<id>/read" \
ls workplans/
```
For each file with `status: ready`, `active`, or `blocked`, note pending
`todo`/`in_progress` tasks.
`wait`/`todo`/`progress` tasks.
**Step 4 — Present brief**
1. **Active workstreams** for `custodian` — title, task counts, blocking decisions
1. **Active workstreams** for `infotech` — title, task counts, blocking decisions
2. **Pending tasks** from `workplans/` + any `[repo:ops-bridge]` hub tasks
3. **Goal guidance** — if `goal_guidance` in summary:
- `needs_workplan`: surface as top action — *"Repo goal '{title}' has no workplan yet"*

View File

@@ -1,7 +1,7 @@
## Workplan Convention (ADR-001)
File location: `workplans/ops-bridge-WP-NNNN-<slug>.md`
ID prefix: `OPS-WP`
File location: `workplans/BRIDGE-WP-NNNN-<slug>.md`
ID prefix: `BRIDGE-WP-`
Work items originate as files in this repo **before** being registered in the hub.
@@ -12,7 +12,7 @@ repo state, and `finished` when implementation is complete. `stalled` and
`needs_review` are derived health labels, not stored statuses.
Closed workplans may be moved to `workplans/archived/` with a completion-date
prefix: `YYMMDD-ops-bridge-WP-NNNN-<slug>.md`. The frontmatter id remains
prefix: `YYMMDD-BRIDGE-WP-NNNN-<slug>.md`. The frontmatter id remains
unchanged; the prefix is only for quick visual reference.
Small opportunistic tasks discovered during another session use **Ad Hoc Tasks**:
@@ -25,4 +25,16 @@ Ecosystem todos from other agents arrive as `[repo:ops-bridge]` hub tasks —
visible at session start. Pick one up by creating the workplan file, then registering
the workstream.
Task blocks use this shape:
```task
id: BRIDGE-WP-NNNN-T01
status: wait | todo | progress | done | cancel
priority: high | medium | low
state_hub_task_id: "<uuid>" # written by fix-consistency — do not edit
```
Status progression is `todo``progress``done`; use `wait` for waiting or
blocked work and `cancel` for stopped work.
<!-- Ralph Loop rules and HEUREKA sequence: ~/.claude/CLAUDE.md — do not duplicate here -->

View File

@@ -1,8 +1,8 @@
<!-- custodian-brief: generated by fix-consistency — do not edit manually -->
# Custodian Brief — ops-bridge
**Domain:** custodian
**Last synced:** 2026-06-21 18:12 UTC
**Domain:** infotech
**Last synced:** 2026-07-03 16:52 UTC
**State Hub:** http://127.0.0.1:8000 *(adjust if running on a remote machine)*
## Active Workstreams
@@ -13,6 +13,6 @@
## MCP Orientation (when available)
If the state-hub MCP server is reachable, call:
`get_domain_summary("custodian")`
`get_domain_summary("infotech")`
This provides richer cross-domain context.
If the MCP call fails, use this file as your orientation source.

26
.repo-classification.yaml Normal file
View File

@@ -0,0 +1,26 @@
# Repo classification (Repo Classification Standard v1.0).
repo_classification:
standard: Repo Classification Standard
version: '1.0'
classified_at: '2026-06-22'
classified_by: human
category: tooling
domain: infotech
secondary_domains: []
capability_tags:
- operations
- access-control
- platform
- observability
- orchestration
business_stake:
- operations
- technology
- automation
business_mechanics:
- control
- operation
- adaptation
notes: SSH reverse-tunnel lifecycle manager keeping remote environments connected to the
State Hub. Operational tooling -> product.

View File

@@ -4,10 +4,10 @@
**Purpose:** SSH reverse tunnel lifecycle manager. Keeps remote execution environments (COULOMBCORE, Railiance nodes) connected to the local state hub. Small CLI tool: bridge up/down/status/logs per named tunnel config.
**Domain:** custodian
**Domain:** infotech
**Repo slug:** ops-bridge
**Topic ID:** `cee7bedf-2b48-46ef-8601-006474f2ad7a`
**Workplan prefix:** `OPS-WP-`
**Workplan prefix:** `BRIDGE-WP-`
---
@@ -63,8 +63,8 @@ Omit `workstream_id` / `task_id` when not applicable.
```bash
curl -s -X PATCH "http://127.0.0.1:8000/tasks/<task_id>" \
-H "Content-Type: application/json" \
-d '{"status": "in_progress"}'
# values: todo | in_progress | done | blocked
-d '{"status": "progress"}'
# values: wait | todo | progress | done | cancel
```
### Flag a task for human review
@@ -83,7 +83,7 @@ curl -s -X PATCH "http://127.0.0.1:8000/tasks/<task_id>" \
1. `cat .custodian-brief.md` — domain goal and open workstreams (offline-safe)
2. Check inbox: `GET /messages/?to_agent=ops-bridge&unread_only=true`; mark read
3. Scan workplans: `ls workplans/` — note `status: ready`, `active`, or `blocked` files and open tasks
4. Check blocked tasks: `GET /tasks/?needs_human=true`
4. Check human-needed tasks: `GET /tasks/?needs_human=true`
**During work:**
- Update task statuses in workplan files as tasks progress
@@ -151,6 +151,11 @@ every repo's agent instructions because it is high-frequency, high-risk, and eas
get wrong.
**Canon:** `~/ops-warden/wiki/CredentialRouting.md` · catalog `~/ops-warden/registry/routing/catalog.yaml`
<!-- REPO-AGENTS-EXTENSIONS -->
<!-- Append repo-specific agent instructions below this marker.
The state-hub template sync preserves content after this line. -->
---
## Workplan Convention (ADR-001)
@@ -176,7 +181,7 @@ anything needing analysis, design, approval, dependencies, or multiple phases.
id: OPS-WP-NNNN
type: workplan
title: "..."
domain: custodian
domain: infotech
repo: ops-bridge
status: proposed | ready | active | blocked | backlog | finished | archived
owner: codex
@@ -198,7 +203,7 @@ derived health labels, not frontmatter statuses.
` ` `task
id: OPS-WP-NNNN-T01
status: todo | in_progress | done | blocked
status: wait | todo | progress | done | cancel
priority: high | medium | low
state_hub_task_id: "<uuid>" # written by fix-consistency — do not edit
` ` `
@@ -206,7 +211,7 @@ state_hub_task_id: "<uuid>" # written by fix-consistency — do not edit
Task description text.
```
Status progression: `todo` → `in_progress` → `done` (or `blocked`)
Status progression: `todo` → `progress` → `done`; use `wait` for waiting/blocked work and `cancel` for stopped work.
To create a new workplan:
1. Write the file following the format above

View File

@@ -107,6 +107,7 @@ def _parse_tunnel(name: str, data: dict) -> TunnelConfig:
reconnect=reconnect,
health_check=health_check,
direction=direction,
remote_host=str(data.get("remote_host", "127.0.0.1")),
cert_command=cert_command,
)

View File

@@ -29,9 +29,9 @@ def build_ssh_command(cfg: TunnelConfig, cert_path: Optional[Path] = None) -> Li
"""Build the SSH tunnel command (reverse -R or local -L)."""
key = os.path.expanduser(cfg.ssh_key)
if cfg.direction == "local":
forward_flag = ["-L", f"{cfg.local_port}:127.0.0.1:{cfg.remote_port}"]
forward_flag = ["-L", f"{cfg.local_port}:{cfg.remote_host}:{cfg.remote_port}"]
else:
forward_flag = ["-R", f"{cfg.remote_port}:127.0.0.1:{cfg.local_port}"]
forward_flag = ["-R", f"{cfg.remote_port}:{cfg.remote_host}:{cfg.local_port}"]
cmd = [
"ssh",
"-N",

View File

@@ -51,6 +51,10 @@ class TunnelConfig:
reconnect: ReconnectPolicy = field(default_factory=ReconnectPolicy)
health_check: Optional[HealthCheckConfig] = None
direction: str = "reverse" # "reverse" (-R) or "local" (-L)
# Forward-destination host as seen from the remote end (direction "local")
# or from this workstation (direction "reverse"). Defaults to loopback;
# set e.g. a k3s ClusterIP to tunnel to an in-cluster Service.
remote_host: str = "127.0.0.1"
cert_command: Optional[str] = None

View File

@@ -3,6 +3,8 @@ import os
import signal
from unittest.mock import MagicMock, patch
from dataclasses import replace
import pytest
from bridge.models import BridgeState, ReconnectPolicy, TunnelConfig
@@ -38,6 +40,16 @@ class TestBuildSshCommand:
assert "-i" in cmd
assert "ubuntu@host.local" in cmd
def test_remote_host_override_local(self, tunnel_cfg):
cfg = replace(tunnel_cfg, direction="local", remote_host="10.43.103.154")
cmd = build_ssh_command(cfg)
assert "-L" in cmd
assert f"{cfg.local_port}:10.43.103.154:{cfg.remote_port}" in cmd
def test_remote_host_default_loopback(self, tunnel_cfg):
cmd = build_ssh_command(tunnel_cfg)
assert "18000:127.0.0.1:8000" in cmd
def test_server_alive_options(self, tunnel_cfg):
cmd = build_ssh_command(tunnel_cfg)
assert "-o" in cmd

View File

@@ -2,7 +2,7 @@
id: BRIDGE-WP-0001
type: workplan
title: "OpsBridge Initial Implementation"
domain: custodian
domain: infotech
repo: ops-bridge
status: completed
owner: Bernd

View File

@@ -2,7 +2,7 @@
id: BRIDGE-WP-0002
type: workplan
title: "OpsCatalog Extension"
domain: custodian
domain: infotech
repo: ops-bridge
status: completed
owner: Bernd

View File

@@ -2,7 +2,7 @@
id: BRIDGE-WP-0003
type: workplan
title: "OpsBridge MCP Server, Skill, and Cross-Mode Test Coverage"
domain: custodian
domain: infotech
repo: ops-bridge
status: done
owner: Bernd

View File

@@ -2,7 +2,7 @@
id: BRIDGE-WP-0004
type: workplan
title: "AccessManagementDirective Alignment"
domain: custodian
domain: infotech
repo: ops-bridge
status: done
owner: Bernd

View File

@@ -2,7 +2,7 @@
id: BRIDGE-WP-0005
type: workplan
title: "Restart includes remote cleanup (blank-slate recovery)"
domain: custodian
domain: infotech
repo: ops-bridge
status: finished
owner: codex
@@ -156,7 +156,7 @@ Document the blank-slate restart contract:
```task
id: BRIDGE-WP-0005-T04
status: cancelled
status: cancel
priority: low
state_hub_task_id: "518f1b5e-3098-42aa-9662-bdab1d7d269b"
```

View File

@@ -2,7 +2,7 @@
id: OPS-WP-0001
type: workplan
title: "ops-bridge diagnostics and flow improvements"
domain: custodian
domain: infotech
repo: ops-bridge
status: done
owner: claude

View File

@@ -2,7 +2,7 @@
id: OPS-WP-0002
type: workplan
title: "Agent Usability — MCP Registration, Skill, and Worker Orientation"
domain: custodian
domain: infotech
repo: ops-bridge
status: done
owner: custodian