## Stack - **Language:** Bash tooling (`tools/cmd/`) orchestrating kubectl/Helm over SSH - **Key deps:** k3s on railiance01 (COULOMBCORE), Helm, SOPS/age for secrets, State Hub REST for evidence notes - **Execution model:** commands run from the workstation; cluster access is `ssh railiance01` (most `tools/cmd/*` accept a `CLUSTER_HOST` override) ## Dev Commands ```bash make help # list all targets make preflight # pre-migration safety gate — run before cluster work make smoke # Kubernetes smoke tests make test-ha-failover # HA failover test (kills primary PG pod, asserts recovery) sudo make backup # age-encrypted backup: k3s state + Helm values + kubeconfig make restore # list backups + restore guide make verify-activity-core # reconcile activity-core runtime + probe evidence make reconcile-activity-core-llm-connect # llm-connect reconcile + non-secret gate checks ``` Production-touching targets (deploy/reconcile/backup) need operator approval — see `docs/operator-runbook.md`. There is no test suite or linter in this repo; validation is the preflight + smoke targets against the live cluster.