diff --git a/docs/infrastructure-stabilization-pickup-checkpoint.md b/docs/infrastructure-stabilization-pickup-checkpoint.md index 5528237..d3b13bc 100644 --- a/docs/infrastructure-stabilization-pickup-checkpoint.md +++ b/docs/infrastructure-stabilization-pickup-checkpoint.md @@ -66,8 +66,8 @@ separate ops-warden worker. | --- | --- | --- | --- | | State Hub pragmatic cutover | Custodian operator approval; `CUST-WP-0011-T07` | Final dump id/time, row-count comparison, chosen private endpoint, stabilization notes | Approve freeze/final restore and make railiance01 State Hub primary, or leave WSL2 primary explicitly. | | State Hub fallback retirement | Custodian/operator approval; `CUST-WP-0038-T08` | HA failover drill id, restore drill id, stabilization pass | Keep deferred until after HA drills; do not retire WSL2 fallback early. | -| Inter-Hub ops-hub bootstrap | `inter-hub-bootstrap-ssh`, `openbao-api-key`, `ssh-cert-host-access` as needed | Hub id, manifest id, widget count, runtime key prefix only, smoke result | Use the aligned live-vocabulary mapping, then run attended bootstrap and protected widget lookup. | -| Ops-hub runtime evidence key | `openbao-api-key` / OpenBao custody | OpenBao path/version or populated key count, event smoke id | Store/provide `OPS_HUB_KEY` outside Git and run the protected evidence smoke. | +| Inter-Hub ops-hub bootstrap | `inter-hub-bootstrap-ssh`, `openbao-api-key`, `ssh-cert-host-access` as needed | Hub id, manifest id, widget count, runtime key prefix only, smoke result | Legacy/fallback only. Prefer Core Hub deployed smoke; run attended Inter-Hub bootstrap only by explicit operator supersede/rollback decision. | +| Ops-hub runtime evidence key | `openbao-api-key` / OpenBao custody | OpenBao path/version or populated key count, event smoke id | Do not materialize legacy `OPS_HUB_KEY` until a deployed Core Hub smoke or explicit legacy Inter-Hub smoke is ready to use it. | | Daily-triage live proof | activity-core deploy/runtime operator | State Hub `daily_triage` id, output-valid or partial/quarantine status, working-memory path | Deploy WP-0016 code/schema and bounded runtime prompt bundle, then run railiance01 smoke. | | activity-core to issue-core | route `activity-core-issue-sink` | `actcore-runtime-secret` has key, activity-core points to issue-core port `8765`, HTTP 201, Gitea issue id | Inject `ISSUE_CORE_API_KEY` through approved custody, set REST sink env, restart/sync, run safe emission. | | Forgejo production design | Forgejo/operator decisions plus OpenBao/KeyCape/ops-bridge routes as needed | Decision id, SMTP smoke, backup/restore drill, package/action smoke, cutover approval id | Resolve T02 production choices before any production cutover work. | @@ -99,30 +99,31 @@ Resume from `docs/daily-triage-stabilization-status.md` and | Surface | Stable fact | Remaining gate | | --- | --- | --- | | State Hub | Pragmatic railiance01 path has image, manifests, empty deploy, migrations, restored WSL2 data, row-count comparison, and healthy API through `CUST-WP-0011-T06`. | `CUST-WP-0011-T07` cutover approval, then stabilization; HA path stays deferred. | -| Inter-Hub / Core Hub | Public `https://hub.coulomb.social/api/v2/hubs` exposes `ops-hub`; Core Hub has local `/api/v2` compatibility and ops-hub bootstrap smoke evidence. | Reframe remaining Inter-Hub evidence as Core Hub API-first replacement work, keeping Haskell Inter-Hub only for migration/rollback proof. | -| ops-hub evidence | `ops-hub` exists as the Inter-Hub Operations extension; Core Hub can locally create the ops-hub resources through protected persistence-backed routes. | Create/update Core Hub continuation workplan, then prove deployed ops-hub bootstrap/evidence smoke with approved custody. | +| Inter-Hub / Core Hub | Public `https://hub.coulomb.social/api/v2/hubs` exposes `ops-hub`; `CORE-WP-0008` finished the Core Hub API smoke harness, activity-core sink, staging profile, CLI wrappers, UI backlog, and Custodian handoff. | Run deployed Core Hub smoke, staging import, activity-core sink smoke, and readiness summary; keep Haskell Inter-Hub only for migration/rollback proof. | +| ops-hub evidence | `CUST-WP-0025-T13` through `T19` now use Core Hub API/CLI/UI gates; `CUST-WP-0047` and `CUST-WP-0049` remain legacy/fallback records. | Execute `CUST-WP-0025-T14`, `T16`, `T17`, and `T18`; close legacy Inter-Hub waits only through deployed Core Hub evidence or explicit supersede decision. | | issue-core | ArgoCD service is healthy on port `8765`; image `0.2.1`; ExternalSecret Ready; authenticated smoke created Gitea issue `175`. | activity-core still needs `ISSUE_CORE_API_KEY`, URL port `8765`, `ISSUE_SINK_TYPE=rest`, and a safe emission smoke. | | Forgejo | Migration inventory/design lane is active but pre-cutover. | Production design decisions, SMTP/email recovery, package registry, Actions, backup/restore, migration drill, cutover approval. | | artifact-store | Workplan is active with all tasks open and no current live secret handoff recorded. | Start D7.1 fork/object-store landscape and D7.2 compatibility harness. | -| FOS hub | Old NK-WP-0001 Keycloak prerequisite is cancelled; NK-WP-0002 local identity and IAM Profile v0.2 are done; hub-core extraction/dev-hub work is done. | Keep `CUST-WP-0025-T03` as the identity integration test, then reconcile old ops-hub scaffold tasks after first Inter-Hub ops event lands. | +| FOS hub | Old NK-WP-0001 Keycloak prerequisite is cancelled; NK-WP-0002 local identity and IAM Profile v0.2 are done; hub-core extraction/dev-hub work is done; CUST-WP-0025 Phase 3 has been rewritten for Core Hub. | Keep `CUST-WP-0025-T03` as the identity integration test, then execute the rewritten Core Hub ops evidence, deployed smoke/cutover, and UI first-screen gates. | ## Next-Pick List -1. Use `CUST-WP-0052` to open or update the Core Hub API-first continuation - lane for ops-hub bootstrap/evidence replacement. +1. Execute the rewritten `CUST-WP-0025` Core Hub gates: identity integration + (`T03`), ops evidence/read-model contract (`T14`), deployed smoke and + activity-core proof (`T16`), cutover decision coupling (`T17`), and first UI + screens (`T18`). 2. Keep `CUST-WP-0047` and `CUST-WP-0049` as legacy evidence/fallback until - Core Hub smoke evidence or an explicit supersede decision closes them. -3. Store/confirm `OPS_HUB_KEY` through approved custody only when a deployed - Core Hub or explicit legacy Inter-Hub smoke is ready to use it. -4. Deploy the activity-core WP-0016 code/schema and bounded runtime prompt + Core Hub deployed smoke evidence or an explicit supersede decision closes + them. +3. Deploy the activity-core WP-0016 code/schema and bounded runtime prompt bundle, then run the railiance01 daily-triage smoke. -5. Complete the issue-core handoff by wiring activity-core to port `8765` with +4. Complete the issue-core handoff by wiring activity-core to port `8765` with `ISSUE_SINK_TYPE=rest` and one known-safe emission smoke. -6. Request explicit State Hub cutover approval for `CUST-WP-0011-T07`, or +5. Request explicit State Hub cutover approval for `CUST-WP-0011-T07`, or record that WSL2 remains primary for the next operating period. -7. Start artifact-store D7.1/D7.2; Forgejo and storage work can now inherit +6. Start artifact-store D7.1/D7.2; Forgejo and storage work can now inherit the finished staged-promotion gates. -8. Keep Forgejo cutover and State Hub HA work parked until their human decision +7. Keep Forgejo cutover and State Hub HA work parked until their human decision and drill gates are satisfied. ## Resume Commands diff --git a/workplans/CUST-WP-0051-infrastructure-stabilization-metaplan.md b/workplans/CUST-WP-0051-infrastructure-stabilization-metaplan.md index f744641..3f92682 100644 --- a/workplans/CUST-WP-0051-infrastructure-stabilization-metaplan.md +++ b/workplans/CUST-WP-0051-infrastructure-stabilization-metaplan.md @@ -438,16 +438,20 @@ mega-hub pattern. Recommended order: -1. Finish identity foundations: NK-WP-0001, NK-WP-0002, then the IAM profile - integration test. -2. Create the standalone ops-hub repo from hub-core and ingest the inventory - artifacts from `CUST-WP-0047`. -3. Add ops models, MCP tools, Railiance integration, dev-hub coupling, dashboard, - and MCP registration. -4. Only then start the fin-hub/business-model tasks. +1. Keep `CUST-WP-0025-T03` as the remaining identity integration gate, targeting + the current IAM Profile v0.2 contract and local-identity or KeyCape issuer. +2. Execute the rewritten Core Hub Phase 3 lane: ops evidence contract/read-model + gaps, deployed Core Hub smoke, activity-core Core Hub sink smoke, + migration/cutover readiness, and whynot-aligned first UI screens. +3. Keep `CUST-WP-0047-T05` and `CUST-WP-0049-T06` as legacy/fallback Inter-Hub + records until deployed Core Hub evidence or an explicit supersede decision + closes them. +4. Start fin-hub/business-model tasks only after identity and Core Hub ops-hub + evidence are proven enough to demonstrate the multi-hub pattern. Done when `CUST-WP-0025` has no open foundational identity or ops-hub tasks and -fin-hub work is either started on a stable scaffold or deliberately deferred. +fin-hub work is either started on a stable Core Hub pattern or deliberately +deferred with a dated condition. Progress 2026-06-27: @@ -473,6 +477,17 @@ Progress 2026-06-27 Core Hub reset: dual-run smokes, cutover evidence, and Haskell retirement approval remain open. +Progress 2026-06-27 CUST-WP-0052 closeout: + +- `CUST-WP-0052` is finished. It closed the Core Hub reframe, rewrote + `CUST-WP-0025-T13` through `T19`, aligned the build/release lane with + HelixForge/Railiance Forge practice, and posted non-secret State Hub + requirements to `railiance-apps` and `railiance-forge`. +- The remaining T07 gates are execution gates, not sequencing ambiguity: + `CUST-WP-0025-T03` identity integration, `T14` Core Hub ops evidence contract + gaps, `T16/T17` deployed evidence/cutover waits, and `T18` Core Hub operator + UI first screens. + ## Task: Create The Stable Pickup Checkpoint ```task