Re-homed implementation of CUST-WP-0050 Phase 3-4. P1 merges the schema
redesign, data migration, and workstream->workplan rename into one Alembic
window; P2 API/MCP/validation; P3 auto-registration; P4 surfaces & cutover.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Apply the new 'tooling' category (reusable internal tooling/infrastructure)
from the Repo Classification Standard. First-pass agent classification.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
First-pass agent classification per the Repo Classification Standard v1.0
(canon-repo-classification); pending human review.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
STATE-WP-0064 cutover (state-hub only):
- Retire local custodian-sync.timer; archive units under infra/systemd/archived/
- Mark workplan finished; update infra/README, cron-migration, runbook, AGENTS.md
- Point activity-core-delegation at the consistency-sweep runbook
Consistency engine — automation error vs assessment failure:
- C-00 is an automation error; C-01..C-23 assessment failures are recorded
for follow-up but no longer fail --remote --all scheduled sweeps (exit 0)
- Skip workplans/README.md in the workplan glob (human index, not a workplan)
- Progress events and compare script expose automation_error and
assessment_failures separately from exit_code
Tag consistency_sweep_remote_all progress events by source, route the local
timer through the API, add a parallel-week comparison script, and document
the 2026-06-21 to 2026-06-28 observation window for T03.
Replace the 24h observation wait with evidence from post-repair sweeps:
seven consecutive custodian-sync passes, four hourly RecentlyOnScope
events, and a stable state-hub-railiance01 tunnel.
Extract the JSON payload from mixed script output and document Railiance01
kubectl sync steps. Mark T02 done after cluster bridge and resolver canaries.
Expose POST /consistency/sweep/remote-all so activity-core can trigger
the workstation ADR-001 remote-all sweep via the bridge tunnel pattern.
Records consistency_sweep_remote_all progress events and documents the
cutover runbook while the local custodian-sync timer remains interim.
Document stale remote sshd forward on Railiance01 :18000 as root cause of
reconnect loop; T03 verified after bridge maintenance cleanup and manual
canaries for hourly RecentlyOnScope and daily WSJF triage.
Persist the Fri-evening→Sun-afternoon automation gap assessment in
history/, and add STATE-WP-0063 (repair broken paths and cluster
reachability) plus STATE-WP-0064 (move State Hub consistency sync to
Railiance01 via activity-core). Workplans registered in State Hub via
fix-consistency.
fix-consistency registered the workstream and tasks and wrote their UUIDs into
the workplan frontmatter/task blocks.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Add /docs/services reference (two-dimension model, persistence, API) and a
pointer note from /docs/tpsc; add it to the Reference nav.
- Add a test asserting first_party.repo_slug resolves to a managed_repos FK
(8 services tests green).
- Mark STATE-WP-0062 tasks done / status finished.
Known classes seeded in the live catalog via the API (Gitea, Postgres as
self-hosted/third-party; State Hub as self-hosted/first-party at Level 2).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Rename Tier 1/2/3 -> Level 1/2/3 (Core/Standard/Full) in the Service DoM policy
and the checklist header to "Level", aligning with the service_catalog
maturity_level column. The DoI tier subsystem is intentionally untouched.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Replace the single "Services (TPSC)" nav entry with a Services section:
Third Party (existing /tpsc cloud-third-party view), First Party
(/services/first-party — Service Maturity Level + dev-repo columns,
development_type=first_party), and Self Hosted (/services/self-hosted —
self_hosted third-party OSS with upstream/host/runbook). New pages are filtered
views over /services/catalog and degrade to an empty-state if the API is offline.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Add a local /services router (source of truth for the catalog itself):
- GET /services/catalog with hosting_type / development_type / maturity_level /
status filters (eager-loads all four extensions)
- GET /services/{slug}
- POST /services/catalog upsert-by-slug, applying the dimension extensions;
first_party.repo_slug resolves to a managed_repos FK.
Extensions are read/written via session.get (not the relationship attribute) to
avoid async lazy-load. /tpsc/* is left intact for dependency snapshots. 7 tests.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Add ServiceCatalog core (hosting_type, development_type, maturity_level) plus
1:1 per-dimension extension tables (service_third_party, service_first_party,
service_cloud, service_self_hosted) keyed by service_id. Migration creates the
tables and copies existing tpsc_catalog rows into service_catalog as
(cloud_hosted, third_party), reusing the tpsc_catalog id as the service_catalog
id so existing tpsc_entries.catalog_id keep resolving without a column change.
GDPR/data-processing fields move to service_cloud; pricing_model to
service_third_party.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Proposed plan to restructure the single TPSC services view into a catalog
classified along two orthogonal dimensions — hosting (self_hosted|cloud_hosted)
and development (first_party|third_party). Common fields live in a core
service_catalog table; dimension-specific data composes via extension tables
(third-party upstream contacts, first-party repo link, cloud data-processing/
GDPR, self-hosted infra). Existing TPSC migrates to (cloud_hosted, third_party)
with /tpsc/* kept as a back-compat view. Includes Services nav section and the
Tier->Level rename scoped to the Service DoM policy.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Mirror the repo-doi/workstream-dod Observable policy pages for service-dom:
read/edit view backed by GET/PUT /policy/service-dom. Add it to the Policies
nav section and the State Hub reference doc. Builds clean (62 pages).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Establish policies/service-dom.md as the service-level companion to the repo
DoI and workstream DoD. Its load-bearing Core criterion is a cheap, side-effect
free health endpoint for availability probing — satisfied by the existing
GET /state/health (DB readiness, 200/503). Served automatically at
/policy/service-dom by the existing policy router.
Add a regression test asserting /state/health returns 200 with the expected
shape, since none existed (DoM Standard criterion #4).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Proposed plan (status: proposed) for a Suggestion entity with a persisted
relevance/demand counter feeding a WSJF read-model projection. Authored during
ops-warden WP-0012 triage; tracks gated needs as relevance-accruing suggestions
rather than inert todo tasks.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Introduce credential-routing.template for Codex, Claude Code, Grok, and
llm-connect agents. Wire into agents-codex.template and claude-md.template.
Add propagate_credential_routing.py for surgical rollout without clobbering
repo-specific AGENTS.md extensions (REPO-AGENTS-EXTENSIONS marker).
