coulomb/ops-warden
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8e2c548626c8ddce3a1fc0f7e18893a4dffb8397
ops-warden/wiki/playbooks/activity-core-issue-sink.md
tegwick 03a7901347 Add activity-core-issue-sink routing playbook and catalog entry 
Agents can discover the activity-core → issue-core emission contract via
`warden route show activity-core-issue-sink` instead of messaging ops-warden
for ISSUE_CORE_API_KEY. The playbook points at owner-repo docs per the
no-double-source rule.
2026-06-18 22:34:59 +02:00

2.8 KiB
Raw Blame History

activity-core IssueSink → issue-core REST emission

Date: 2026-06-18

Pointer playbook for agents wiring activity-core task emission to the issue-core REST ingestion endpoint. Authoritative contracts live in the owner repos — this page is a checklist and index only (no-double-source rule).

Owners

Concern Owner repo Authoritative doc
IssueSink consumer (IssueCoreRestSink) activity-core docs/issue-core-emission-boundary.md
Ingestion server (POST /issues/) issue-core README.md — REST Ingestion Server
Production secret injection (K8s/OpenBao) railiance-platform catalog id issue-core-ingestion-api-key (draft until path ships)

Do not ask ops-warden

ISSUE_CORE_API_KEY is a shared ingestion key between activity-core and issue-core. It is not an SSH certificate and ops-warden does not vend it.

  • Generic API-key routing: warden route show openbao-api-key --json
  • This emission lane: warden route show activity-core-issue-sink --json
  • State Hub messages to ops-warden expecting a key value will not succeed.

Never paste key values into Git, State Hub, workplans, logs, or agent chat.

Worker checklist

  1. Confirm sink modeISSUE_SINK_TYPE=rest for live emission; null for dry-run (Railiance production default today). See activity-core SCOPE.md.
  2. Pair env vars on both sides (same value):
    • ISSUE_CORE_URL — e.g. http://127.0.0.1:8765 locally
    • ISSUE_CORE_API_KEY — shared secret; activity-core sends Authorization: Bearer <key>; issue-core validates on ingest
  3. Local dev — generate once, export on both processes: 
    export ISSUE_CORE_API_KEY="$(python3 -c 'import secrets; print(secrets.token_urlsafe(32))')"
issue serve --host 127.0.0.1 --port 8765   # issue-core terminal
    Use default: local in ~/.config/issue-tracker/backends.json for local smoke — a remote Gitea default backend will hang on ingest.
  4. Verifyuv run pytest tests/test_issue_sink.py in activity-core; one live POST should return 201 with issue_id (see issue-core README).
  5. Production — inject ISSUE_CORE_API_KEY via OpenBao/K8s on both deployments; coordinate with railiance-platform when the canonical path ships (issue-core-ingestion-api-key catalog entry).

Known contract gap

issue-core requires triggering_event_id as a UUID; activity-core cron paths may send non-UUID keys (e.g. "scheduled"). Event-driven emission with real event UUIDs works; align schemas before enabling cron rules against live REST.

See also

  • activity-core/AGENTS.md — Issue-core emission section
  • issue-core/AGENTS.md — REST ingestion API key section
  • WARDEN-WP-0012 — playbook backlog and promotion gates
Reference in New Issue View Git Blame Copy Permalink