coulomb/phase-memory
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement credentialed live hardening workplan

Browse Source
This commit is contained in:
Bernd Worsch
2026-05-19 03:51:51 +02:00
parent b85f4c02f4
commit 1ccbab5c04
14 changed files with 906 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
docs/operator-readiness-runbook.md
View File

@@ -130,6 +130,72 @@ python3 -m pytest tests/test_credentialed_drills.py
The report redacts tokens and uses a credential fingerprint rather than
persisting secrets.
Persist a redacted operator report from the same environment:
```python
from phase_memory import write_credentialed_operator_report
write_credentialed_operator_report("reports/credentialed-operator-report.json")
```
Run the credentialed telemetry retention drill when an operator has approved
using the local fixture path or the required credentials are present:
```python
from phase_memory import credentialed_telemetry_retention_drill
report = credentialed_telemetry_retention_drill(operator_approved_fixture=True)
```
The drill records old and new audit events, plans retention, applies pruning,
and reports retained/pruned operation ids without storing credential values.
## Managed Deployment Manifest
Build and validate a deployment manifest before handing it to platform-specific
packaging:
```python
from phase_memory import managed_deployment_manifest, validate_managed_deployment_manifest
from phase_memory import ServiceAppConfig
manifest = managed_deployment_manifest(
ServiceAppConfig(host="0.0.0.0", port=8080, local_store_path="/var/lib/phase-memory")
)
validation = validate_managed_deployment_manifest(manifest)
```
Required manifest features:
- `phase-memory-service` command entrypoint;
- `/health` liveness probe;
- `/ready` readiness probe;
- writable local-store mount;
- rollback checks that include `phase-memory-service --check` and
`runtime.repair_diagnostics`.
## Evaluation Trend History
Persist trend artifacts into a history file after evaluation runs:
```python
from phase_memory import write_evaluation_trend_history
history = write_evaluation_trend_history("reports/evaluation-trend-history.json", trend)
```
Repeated writes of the same trend id do not duplicate the run.
## Troubleshooting Matrix
| Category | Diagnostic | Operator action |
| --- | --- | --- |
| Credentials | `credential_env_missing` | Set the four credential environment variables in the drill shell; do not write them to files. |
| Readiness | `unsupported_operation` | Run service contract and public API snapshot tests, then update dispatch or release notes. |
| Migrations | `store_migration_unsupported` | Use a file-backed local store or run repair diagnostics before accepting traffic. |
| Audit retention | `audit_retention_apply_unsupported` | Switch to a JSONL or telemetry audit sink with retention support, then rerun the retention drill. |
| Adapter manifest | `adapter_pack_manifest_invalid` | Regenerate and validate the adapter pack manifest before using the pack. |
## Compatibility Release Discipline
When public exports or service operations change: