Record artifact-store MinIO lane progress

2026-06-27 23:38:36 +02:00
parent 225f3a7834
commit 46fff69fc0
3 changed files with 23 additions and 6 deletions
--- a/docs/infrastructure-stabilization-pickup-checkpoint.md
+++ b/docs/infrastructure-stabilization-pickup-checkpoint.md
@@ -103,7 +103,7 @@ Resume from `docs/daily-triage-stabilization-status.md` and
 | ops-hub evidence | `CUST-WP-0025-T13` through `T19` now use Core Hub API/CLI/UI gates; `CUST-WP-0047` and `CUST-WP-0049` remain legacy/fallback records. | Execute `CUST-WP-0025-T14`, `T16`, `T17`, and `T18`; close legacy Inter-Hub waits only through deployed Core Hub evidence or explicit supersede decision. |
 | issue-core | ArgoCD service is healthy on port `8765`; image `0.2.1`; ExternalSecret Ready; authenticated smoke created Gitea issue `175`. | activity-core still needs `ISSUE_CORE_API_KEY`, URL port `8765`, `ISSUE_SINK_TYPE=rest`, and a safe emission smoke. |
 | Forgejo | Migration inventory/design lane is active but pre-cutover. | Production design decisions, SMTP/email recovery, package registry, Actions, backup/restore, migration drill, cutover approval. |
-| artifact-store | Workplan is active with all tasks open and no current live secret handoff recorded. | Start D7.1 fork/object-store landscape and D7.2 compatibility harness. |
+| artifact-store | D7.1 is done; D7.2 has an opt-in live MinIO compatibility harness and manual smoke docs. No live secret handoff is recorded. | Run D7.2 against an approved MinIO-compatible endpoint, then route D7.3 STS vending through identity/platform custody before changing credential behavior. |
 | FOS hub | Old NK-WP-0001 Keycloak prerequisite is cancelled; NK-WP-0002 local identity and IAM Profile v0.2 are done; hub-core extraction/dev-hub work is done; CUST-WP-0025 Phase 3 has been rewritten for Core Hub. | Keep `CUST-WP-0025-T03` as the identity integration test, then execute the rewritten Core Hub ops evidence, deployed smoke/cutover, and UI first-screen gates. |

 ## Next-Pick List
@@ -121,8 +121,8 @@ Resume from `docs/daily-triage-stabilization-status.md` and
   `ISSUE_SINK_TYPE=rest` and one known-safe emission smoke.
 5. Request explicit State Hub cutover approval for `CUST-WP-0011-T07`, or
   record that WSL2 remains primary for the next operating period.
-6. Start artifact-store D7.1/D7.2; Forgejo and storage work can now inherit
-   the finished staged-promotion gates.
+6. Run artifact-store D7.2 live MinIO-compatible evidence; Forgejo and storage
+   work can now inherit the finished staged-promotion gates.
 7. Keep Forgejo cutover and State Hub HA work parked until their human decision
   and drill gates are satisfied.

--- a/docs/near-term-production-service-lanes-status.md
+++ b/docs/near-term-production-service-lanes-status.md
@@ -13,7 +13,7 @@ before starting larger migrations.
 | --- | --- | --- |
 | `issue-wp-0003` | issue-core is live through ArgoCD; image `0.2.1`, Service port `8765`, ExternalSecret Ready, authenticated smoke created Gitea issue `175`. | Do not flip activity-core blindly. First inject `ISSUE_CORE_API_KEY` into `actcore-runtime-secret` through route `activity-core-issue-sink`; then set activity-core `ISSUE_CORE_URL` to port `8765`, set `ISSUE_SINK_TYPE=rest`, restart/sync, and run one safe emission smoke. |
 | `rail-ho-wp-0005` | Forgejo migration remains pre-implementation. Inventory is in progress; production decisions, SMTP/email recovery, cutover, and legacy retirement are human-gated. | Resolve T02 production decisions first, then build the disposable Forgejo probe. Do not start production cutover before promotion lifecycle, email recovery, package registry, Actions, backup/restore, and migration drill pass. |
-| `artifact-store-wp-0007` | All tasks are still `todo`; no live secret gate is currently recorded. | Start with D7.1 fork/object-store landscape and D7.2 compatibility harness. Route D7.3 STS credential vending to NetKingdom if implementation belongs outside artifact-store. |
+| `artifact-store-wp-0007` | D7.1 is done. The dated MinIO/fork/object-store landscape assessment chose a compatibility-profile lane rather than a direct MaxIO fork. D7.2 is in progress with an opt-in live MinIO pytest harness and manual smoke docs; no secret value was read or recorded. | Run the D7.2 harness against an approved MinIO-compatible endpoint and capture health/round-trip/multipart evidence. Route D7.3 STS credential vending through identity/platform custody before changing artifact-store credential behavior. |
 | `staged-promotion-lifecycle` | Finished. Lifecycle spec, app contract, overlay scaffold, Stage 1 runner, canary template, deploy/observe tooling, promote/rollback tooling, and onboarding guide are done. | Use the finished promotion gates as prerequisites for Forgejo/source-forge and storage production work. |

 ## Credential And Operator Routing
@@ -42,7 +42,8 @@ No secret value was read or written. The required non-secret evidence is:
   only activity-core live emission remains.
 2. Treat staged-promotion as complete; use it as the gate model before
   Forgejo cutover work accelerates.
-3. Run artifact-store D7.1/D7.2 as an assessment/build harness lane, with D7.3
-   routed to NetKingdom if STS vending is not artifact-store-owned.
+3. Run artifact-store D7.2 live evidence against an approved MinIO-compatible
+   endpoint, with D7.3 routed to identity/platform custody if STS vending is
+   not artifact-store-owned.
 4. Keep Forgejo production cutover parked behind explicit T02 decisions and the
   staged-promotion/backup/email/package/action gates.
--- a/workplans/CUST-WP-0051-infrastructure-stabilization-metaplan.md
+++ b/workplans/CUST-WP-0051-infrastructure-stabilization-metaplan.md
@@ -300,6 +300,22 @@ Progress 2026-06-27:
  artifact-store D7.1/D7.2 remains open; staged-promotion T02 is now complete
  before broad production source-forge migration work.

+Progress 2026-06-27 artifact-store D7.1/D7.2:
+
+- Advanced `/home/worsch/artifact-store` `ARTIFACT-STORE-WP-0007`: D7.1 is
+  done with `docs/minio-compatibility-landscape-2026-06-27.md`, deciding to
+  pursue a compatibility profile instead of a direct MaxIO server fork.
+- D7.2 is now `progress` with an opt-in live MinIO compatibility pytest harness
+  (`tests/integration/test_storage_s3_minio.py`), `make test-minio`, and manual
+  smoke docs in `docs/OPERATOR.md`.
+- Verified artifact-store with `make test` (`110 passed, 2 skipped`), targeted
+  Ruff checks for the new harness, direct harness execution (`2 skipped` without
+  endpoint variables), and `git diff --check`. Repo-wide `make lint` still
+  reports pre-existing Ruff format drift in seven untouched files.
+- Remaining artifact-store gate is live evidence: run D7.2 against an approved
+  MinIO-compatible endpoint with non-secret health, round-trip, and multipart
+  output. D7.3 STS vending remains identity/platform-routed work.
+
 Progress 2026-06-27 staged promotion:

 - Completed `RAIL-BS-WP-0006-T02` in `/home/worsch/railiance-cluster`.