# activity-core IssueSink → issue-core REST emission

Date: 2026-06-18

Pointer playbook for agents wiring **activity-core** task emission to the
**issue-core** REST ingestion endpoint. Authoritative contracts live in the
owner repos — this page is a checklist and index only (no-double-source rule).

---

## Owners

| Concern | Owner repo | Authoritative doc |
| --- | --- | --- |
| IssueSink consumer (`IssueCoreRestSink`) | `activity-core` | `docs/issue-core-emission-boundary.md` |
| Ingestion server (`POST /issues/`) | `issue-core` | `README.md` — REST Ingestion Server |
| Production secret injection (K8s/OpenBao) | `railiance-platform` | catalog id `issue-core-ingestion-api-key` (draft until path ships) |

---

## Do not ask ops-warden

`ISSUE_CORE_API_KEY` is a **shared ingestion key** between activity-core and
issue-core. It is not an SSH certificate and ops-warden does not vend it.

- Generic API-key routing: `warden route show openbao-api-key --json`
- This emission lane: `warden route show activity-core-issue-sink --json`
- State Hub messages to `ops-warden` expecting a key value will not succeed.

Never paste key values into Git, State Hub, workplans, logs, or agent chat.

---

## Worker checklist

1. **Confirm sink mode** — `ISSUE_SINK_TYPE=rest` for live emission; `null` for
   dry-run (Railiance production default today). See activity-core `SCOPE.md`.
2. **Pair env vars on both sides** (same value):
   - `ISSUE_CORE_URL` — e.g. `http://127.0.0.1:8765` locally
   - `ISSUE_CORE_API_KEY` — shared secret; activity-core sends
     `Authorization: Bearer <key>`; issue-core validates on ingest
3. **Local dev** — generate once, export on both processes:
   ```bash
   export ISSUE_CORE_API_KEY="$(python3 -c 'import secrets; print(secrets.token_urlsafe(32))')"
   issue serve --host 127.0.0.1 --port 8765   # issue-core terminal
   ```
   Use `default: local` in `~/.config/issue-tracker/backends.json` for local
   smoke — a remote Gitea default backend will hang on ingest.
4. **Verify** — `uv run pytest tests/test_issue_sink.py` in activity-core;
   one live POST should return `201` with `issue_id` (see issue-core README).
5. **Production** — inject `ISSUE_CORE_API_KEY` via OpenBao/K8s on both
   deployments; coordinate with `railiance-platform` when the canonical path
   ships (`issue-core-ingestion-api-key` catalog entry).

### Known contract gap

issue-core requires `triggering_event_id` as a UUID; activity-core cron paths
may send non-UUID keys (e.g. `"scheduled"`). Event-driven emission with real
event UUIDs works; align schemas before enabling cron rules against live REST.

---

## See also

- `activity-core/AGENTS.md` — Issue-core emission section
- `issue-core/AGENTS.md` — REST ingestion API key section
- `WARDEN-WP-0012` — playbook backlog and promotion gates