coulomb/ops-warden
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1a02ec675385e7c8f4e5bd2fb202bdc6e450b512
ops-warden/wiki/playbooks/activity-core-issue-sink.md
tegwick 03a7901347 Add activity-core-issue-sink routing playbook and catalog entry 
Agents can discover the activity-core → issue-core emission contract via
`warden route show activity-core-issue-sink` instead of messaging ops-warden
for ISSUE_CORE_API_KEY. The playbook points at owner-repo docs per the
no-double-source rule.
2026-06-18 22:34:59 +02:00

67 lines
2.8 KiB
Markdown
Raw Blame History

# activity-core IssueSink → issue-core REST emission
Date: 2026-06-18
Pointer playbook for agents wiring **activity-core** task emission to the
**issue-core** REST ingestion endpoint. Authoritative contracts live in the
owner repos — this page is a checklist and index only (no-double-source rule).
---
## Owners
| Concern | Owner repo | Authoritative doc |
| --- | --- | --- |
| IssueSink consumer (`IssueCoreRestSink`) | `activity-core` | `docs/issue-core-emission-boundary.md` |
| Ingestion server (`POST /issues/`) | `issue-core` | `README.md` — REST Ingestion Server |
| Production secret injection (K8s/OpenBao) | `railiance-platform` | catalog id `issue-core-ingestion-api-key` (draft until path ships) |
---
## Do not ask ops-warden
`ISSUE_CORE_API_KEY` is a **shared ingestion key** between activity-core and
issue-core. It is not an SSH certificate and ops-warden does not vend it.
- Generic API-key routing: `warden route show openbao-api-key --json`
- This emission lane: `warden route show activity-core-issue-sink --json`
- State Hub messages to `ops-warden` expecting a key value will not succeed.
Never paste key values into Git, State Hub, workplans, logs, or agent chat.
---
## Worker checklist
1. **Confirm sink mode**`ISSUE_SINK_TYPE=rest` for live emission; `null` for
dry-run (Railiance production default today). See activity-core `SCOPE.md`.
2. **Pair env vars on both sides** (same value):
- `ISSUE_CORE_URL` — e.g. `http://127.0.0.1:8765` locally
- `ISSUE_CORE_API_KEY` — shared secret; activity-core sends
`Authorization: Bearer <key>`; issue-core validates on ingest
3. **Local dev** — generate once, export on both processes:
```bash
export ISSUE_CORE_API_KEY="$(python3 -c 'import secrets; print(secrets.token_urlsafe(32))')"
issue serve --host 127.0.0.1 --port 8765 # issue-core terminal
```
Use `default: local` in `~/.config/issue-tracker/backends.json` for local
smoke — a remote Gitea default backend will hang on ingest.
4. **Verify** — `uv run pytest tests/test_issue_sink.py` in activity-core;
one live POST should return `201` with `issue_id` (see issue-core README).
5. **Production** — inject `ISSUE_CORE_API_KEY` via OpenBao/K8s on both
deployments; coordinate with `railiance-platform` when the canonical path
ships (`issue-core-ingestion-api-key` catalog entry).
### Known contract gap
issue-core requires `triggering_event_id` as a UUID; activity-core cron paths
may send non-UUID keys (e.g. `"scheduled"`). Event-driven emission with real
event UUIDs works; align schemas before enabling cron rules against live REST.
---
## See also
- `activity-core/AGENTS.md` — Issue-core emission section
- `issue-core/AGENTS.md` — REST ingestion API key section
- `WARDEN-WP-0012` — playbook backlog and promotion gates
Reference in New Issue View Git Blame Copy Permalink