# Current Forge Asset Inventory

Date: 2026-06-05

This inventory covers forge-related assets currently visible in
`/home/worsch/railiance-apps`. It supports `FORGE-WP-0001-T03` and the
coordinating `RAILIANCE-WP-0006` extraction plan.

No files have been moved yet. This document assigns each candidate asset a
target disposition for the first migration plan.

## Summary

| Disposition | Meaning |
|-------------|---------|
| Move | Canonical file should move to `railiance-forge`. |
| Copy pointer | Copy canonical content to `railiance-forge`, leave a short pointer in `railiance-apps` temporarily. |
| Leave | Keep in `railiance-apps`; it is S5 app-release surface. |
| Adapt | Keep local behavior, but update references after forge extraction. |
| Supersede | Historical or transitional content should be replaced by new forge-owned docs/workplans. |

## Move To `railiance-forge`

| Asset | Current role | Target disposition | Notes |
|-------|--------------|--------------------|-------|
| `helm/gitea-values.sops.yaml` | SOPS-encrypted Gitea Helm values. | Move | Must preserve secret boundary; move without decrypting. |
| `helm/gitea-registry-values.yaml` | Non-secret overlay enabling Gitea package/container registry behavior. | Move | This is forge runtime config, not S5 app config. |
| `manifests/gitea-ingress.yaml` | Registry-facing Gitea ingress for `/v2`. | Move | Forge owns Gitea/registry exposure; cluster ingress primitives remain S2. |
| `releases/gitea/values.yaml` | Legacy/plain Gitea release values reference. | Move or supersede | Likely keep only as historical migration reference if still useful. |
| `Makefile` variables `GITEA_*` | Gitea release/chart/value/ingress defaults. | Move | Recreate in `railiance-forge/Makefile`; remove from S5 after compatibility window. |
| `make gitea-deploy` | Deploy/upgrade current Gitea release. | Move | Should become `railiance-forge` operator target. |
| `make gitea-ingress-deploy` | Apply Gitea registry ingress. | Move | Should become `railiance-forge` operator target. |
| `make gitea-status` | Check Gitea pod/service/ingress and `gitea-db` status. | Move | Keep database status as consumer evidence; S3 still owns DB implementation. |

## Copy With Compatibility Pointer

| Asset | Current role | Target disposition | Notes |
|-------|--------------|--------------------|-------|
| `docs/gitea-container-registry.md` | Canonical operator recipe for container registry host, auth, pull secrets, storage note. | Copy pointer | Copy to `railiance-forge/docs/`; leave S5 pointer for app consumers. |
| `docs/gitea-package-registry.md` | Python package registry publishing/install recipe and `issue-core` handoff. | Copy pointer | Forge owns endpoint/registry posture; app/source repos own package release details. |
| `workplans/RAIL-AP-WP-0001-gitea-container-registry.md` | Historical implementation evidence for enabling Gitea registry in S5. | Copy pointer or archive | Keep historical record in S5, but create forge follow-up for storage/retention/restore posture. |
| `workplans/RAILIANCE-WP-0006-railiance-forge-extraction.md` | Cross-repo coordination plan. | Leave plus pointer | Remains in `railiance-apps` as extraction coordinator; forge work proceeds in `FORGE-WP-*`. |

## Leave In `railiance-apps`

| Asset | Current role | Target disposition | Notes |
|-------|--------------|--------------------|-------|
| `.gitea/workflows/manifest-server-dry-run.yaml` | S5 manifest dry-run workflow for app charts/manifests. | Leave | Runner substrate belongs in forge; this app-release check remains S5. |
| `make k8s-server-dry-run` | Server-side dry-run for S5 charts/manifests. | Leave | Document runner/cluster prerequisites in forge, but keep app release check here. |
| `tools/k8s-server-dry-run.sh` | Implements S5 dry-run. | Leave | Consumes runner/cluster access; does not operate forge runtime. |
| `charts/vergabe-teilnahme/**` | S5 app chart. | Leave | Application release ownership. |
| `helm/vergabe-teilnahme-values.yaml` | S5 app values, including registry image reference. | Leave | Consumes forge registry; does not own registry. |
| `manifests/vergabe-teilnahme-ingress.yaml` | S5 app ingress. | Leave | Application endpoint ownership. |
| `docs/vergabe-teilnahme.md` | S5 app runbook. | Leave | Update links to point at forge-owned registry docs after migration. |
| `docs/django-on-railiance.md` | Framework-specific S5 app recipe. | Leave | Should reference forge registry capabilities as upstream infrastructure. |
| `docs/operator-recipes.md` | S5 operator recipes. | Leave | Keep only app-release recipes here. |
| `docs/operator-setup.md` | S5 operator setup. | Leave | May need forge cross-link for registry credentials and runner expectations. |
| `tools/build-database-url-secret.sh` | App DB secret helper. | Leave | S5 app data/secret consumer behavior. |
| `tools/smoke-service.sh` | App smoke helper. | Leave | S5 verification. |
| `make apps-pg-status` | Checks shared app database cluster. | Leave or move to platform later | Not forge; keep while S5 needs consumer readiness evidence. |
| `make vergabe-*` targets | App release operations. | Leave | S5 app surface. |

## Adapt In Place

| Asset | Current role | Target disposition | Notes |
|-------|--------------|--------------------|-------|
| `SCOPE.md` | Currently lists Gitea as S5-owned workload. | Adapt | After migration, describe forge as upstream release infrastructure. |
| `INTENT.md` | Mentions Gitea/current forge as S5 workload/learning surface. | Adapt | Keep S5 intent but remove long-term forge ownership language. |
| `AGENTS.md` | Repo identity still says application Helm releases, Gitea, coulomb services. | Adapt | Update after Gitea files move. Also update task status examples to State Hub canon. |
| `Makefile` `SOPS_SENTINEL ?= $(GITEA_VALUES)` | `check-sops` currently validates Gitea SOPS values. | Adapt | Once Gitea values move, choose an S5 sentinel or make the check no-op when no SOPS file exists. |
| `tools/check-sops.sh` | Generic SOPS sentinel check. | Leave/adapt | Useful beyond forge, but current default must change after move. |
| `.custodian-brief.md` | Generated State Hub brief. | Generated | Do not edit manually; consistency sync updates it. |

## Supersede Or Re-home Planning Content

| Asset | Current role | Target disposition | Notes |
|-------|--------------|--------------------|-------|
| `RAILIANCE-WP-0005-T04` | App data backup/restore handoffs includes Gitea package blobs. | Split | App DB handoff stays S5; Gitea package blob durability moves to forge. |
| `RAILIANCE-WP-0005-T06` | Gitea package registry storage and retention posture. | Re-home | Should become forge-owned follow-up, likely under `FORGE-WP-*`. |
| `railiance-apps-WP-0004` I03 | PyPI issue-core blocker references Gitea package registry. | Adapt | Source/package publication remains source repo; forge owns registry endpoint and credentials posture. |
| `railiance-apps-WP-0002` registry references | Historical app deployment evidence. | Leave/adapt | Keep as app deployment history; cross-link to forge docs for current registry operation. |

## First Safe Move Candidate

The first migration should avoid live service changes and move documentation
before deployment configuration:

1. Copy `docs/gitea-container-registry.md` and
   `docs/gitea-package-registry.md` into `railiance-forge/docs/`.
2. Replace the originals in `railiance-apps` with short compatibility pointers.
3. Add a `railiance-forge/Makefile` with read-only/status targets first.
4. Move deploy-capable Gitea targets only after the operator path is reviewed.

This gives operators a new canonical forge home while keeping current S5 app
runbooks discoverable.

## Remote Creation Note

Creating `coulomb/railiance-forge` on the current Gitea instance is blocked:
the configured `tea` login `coulomb` exists, but the stored token is invalid as
of 2026-06-05. The local repo is initialized and State Hub-registered, but
`origin` should not be added until the remote repository exists.