Update stabilization checkpoint after staged promotion finish

This commit is contained in:
2026-06-27 17:08:48 +02:00
parent 4f49f6f23f
commit da0735a05a
3 changed files with 22 additions and 8 deletions

View File

@@ -25,7 +25,6 @@ State Hub active workstreams queried on 2026-06-27:
| `cust-wp-0051` | This metaplan is the coordination layer for remaining cross-workplan gates. | | `cust-wp-0051` | This metaplan is the coordination layer for remaining cross-workplan gates. |
| `activity-wp-0016-llm-output-robustness-trust-boundary` | Repo-side output robustness bundle is prepared; live deploy/smoke proof remains. | | `activity-wp-0016-llm-output-robustness-trust-boundary` | Repo-side output robustness bundle is prepared; live deploy/smoke proof remains. |
| `three-phoenix-ha-cluster` | HA substrate remains future critical-workload work, not the current State Hub cutover blocker. | | `three-phoenix-ha-cluster` | HA substrate remains future critical-workload work, not the current State Hub cutover blocker. |
| `staged-promotion-lifecycle` | T02 `railiance/app.toml` contract, T03 overlay repo pattern/script, T04 Stage 1 runner, T05 canary template, and T06 deploy/observe tooling are done; continue with T07 promote/rollback/onboarding before broad production migrations. |
| `rail-ho-wp-0005` | Forgejo production migration is parked behind explicit design, SMTP, backup, runner, and cutover decisions. | | `rail-ho-wp-0005` | Forgejo production migration is parked behind explicit design, SMTP, backup, runner, and cutover decisions. |
| `net-wp-0020` | OpenBao unseal/token custody remains an operator design and smoke gate. | | `net-wp-0020` | OpenBao unseal/token custody remains an operator design and smoke gate. |
| `issue-wp-0003` | issue-core service is healthy; activity-core REST emission wiring remains. | | `issue-wp-0003` | issue-core service is healthy; activity-core REST emission wiring remains. |
@@ -44,6 +43,9 @@ Hygiene status:
cleared during this stabilization session. cleared during this stabilization session.
- `make fix-consistency REPO=the-custodian` still reports pre-existing C-12 - `make fix-consistency REPO=the-custodian` still reports pre-existing C-12
orphan-row warnings, but the relevant workplan lifecycle and task states sync. orphan-row warnings, but the relevant workplan lifecycle and task states sync.
- `RAIL-BS-WP-0006-staged-promotion-lifecycle` is finished: all seven tasks
are done, the workstream is finished in State Hub, and the file frontmatter
is `status: finished`.
## Blocker Board ## Blocker Board
@@ -106,8 +108,8 @@ Resume from `docs/daily-triage-stabilization-status.md` and
`ISSUE_SINK_TYPE=rest` and one known-safe emission smoke. `ISSUE_SINK_TYPE=rest` and one known-safe emission smoke.
5. Request explicit State Hub cutover approval for `CUST-WP-0011-T07`, or 5. Request explicit State Hub cutover approval for `CUST-WP-0011-T07`, or
record that WSL2 remains primary for the next operating period. record that WSL2 remains primary for the next operating period.
6. Continue staged-promotion T07 and start artifact-store D7.1/D7.2 6. Start artifact-store D7.1/D7.2; Forgejo and storage work can now inherit
so Forgejo and storage work inherit clear production promotion gates. the finished staged-promotion gates.
7. Keep Forgejo cutover and State Hub HA work parked until their human decision 7. Keep Forgejo cutover and State Hub HA work parked until their human decision
and drill gates are satisfied. and drill gates are satisfied.

View File

@@ -14,7 +14,7 @@ before starting larger migrations.
| `issue-wp-0003` | issue-core is live through ArgoCD; image `0.2.1`, Service port `8765`, ExternalSecret Ready, authenticated smoke created Gitea issue `175`. | Do not flip activity-core blindly. First inject `ISSUE_CORE_API_KEY` into `actcore-runtime-secret` through route `activity-core-issue-sink`; then set activity-core `ISSUE_CORE_URL` to port `8765`, set `ISSUE_SINK_TYPE=rest`, restart/sync, and run one safe emission smoke. | | `issue-wp-0003` | issue-core is live through ArgoCD; image `0.2.1`, Service port `8765`, ExternalSecret Ready, authenticated smoke created Gitea issue `175`. | Do not flip activity-core blindly. First inject `ISSUE_CORE_API_KEY` into `actcore-runtime-secret` through route `activity-core-issue-sink`; then set activity-core `ISSUE_CORE_URL` to port `8765`, set `ISSUE_SINK_TYPE=rest`, restart/sync, and run one safe emission smoke. |
| `rail-ho-wp-0005` | Forgejo migration remains pre-implementation. Inventory is in progress; production decisions, SMTP/email recovery, cutover, and legacy retirement are human-gated. | Resolve T02 production decisions first, then build the disposable Forgejo probe. Do not start production cutover before promotion lifecycle, email recovery, package registry, Actions, backup/restore, and migration drill pass. | | `rail-ho-wp-0005` | Forgejo migration remains pre-implementation. Inventory is in progress; production decisions, SMTP/email recovery, cutover, and legacy retirement are human-gated. | Resolve T02 production decisions first, then build the disposable Forgejo probe. Do not start production cutover before promotion lifecycle, email recovery, package registry, Actions, backup/restore, and migration drill pass. |
| `artifact-store-wp-0007` | All tasks are still `todo`; no live secret gate is currently recorded. | Start with D7.1 fork/object-store landscape and D7.2 compatibility harness. Route D7.3 STS credential vending to NetKingdom if implementation belongs outside artifact-store. | | `artifact-store-wp-0007` | All tasks are still `todo`; no live secret gate is currently recorded. | Start with D7.1 fork/object-store landscape and D7.2 compatibility harness. Route D7.3 STS credential vending to NetKingdom if implementation belongs outside artifact-store. |
| `staged-promotion-lifecycle` | Lifecycle spec, T02 `railiance/app.toml` contract, T03 overlay repo pattern/script, T04 `railiance run` Stage 1 runner, T05 canary Helm template, and T06 deploy/observe tooling are done; promotion, rollback, and onboarding remain. | Start T07 `railiance promote`, `railiance rollback`, and onboarding guide using generated overlays as reference consumers for Stage 3 gates. | | `staged-promotion-lifecycle` | Finished. Lifecycle spec, app contract, overlay scaffold, Stage 1 runner, canary template, deploy/observe tooling, promote/rollback tooling, and onboarding guide are done. | Use the finished promotion gates as prerequisites for Forgejo/source-forge and storage production work. |
## Credential And Operator Routing ## Credential And Operator Routing
@@ -40,7 +40,7 @@ No secret value was read or written. The required non-secret evidence is:
1. Close the issue-core handoff gate because the service is already healthy and 1. Close the issue-core handoff gate because the service is already healthy and
only activity-core live emission remains. only activity-core live emission remains.
2. Continue staged-promotion with T07 promote/rollback/onboarding before 2. Treat staged-promotion as complete; use it as the gate model before
Forgejo cutover work accelerates. Forgejo cutover work accelerates.
3. Run artifact-store D7.1/D7.2 as an assessment/build harness lane, with D7.3 3. Run artifact-store D7.1/D7.2 as an assessment/build harness lane, with D7.3
routed to NetKingdom if STS vending is not artifact-store-owned. routed to NetKingdom if STS vending is not artifact-store-owned.

View File

@@ -44,7 +44,7 @@ Active registered workstreams with open work:
| cust-wp-0049 | 1 wait, 5 done | Access lane is ready; live bootstrap needs approved admin execution. | | cust-wp-0049 | 1 wait, 5 done | Access lane is ready; live bootstrap needs approved admin execution. |
| activity-wp-0016 | 1 wait, 2 progress, 5 todo, 2 done | Daily-triage output robustness needs live deploy/smoke evidence. | | activity-wp-0016 | 1 wait, 2 progress, 5 todo, 2 done | Daily-triage output robustness needs live deploy/smoke evidence. |
| three-phoenix-ha-cluster | 7 todo | Target HA substrate is planned but not executed. | | three-phoenix-ha-cluster | 7 todo | Target HA substrate is planned but not executed. |
| staged-promotion-lifecycle | 1 todo, 6 done | Promotion discipline needed before broad production cutovers. | | staged-promotion-lifecycle | finished, 7 done | Promotion discipline ready for broad production cutovers. |
| rail-ho-wp-0005 | 11 todo, 1 progress | Forgejo production migration needs human design and cutover decisions. | | rail-ho-wp-0005 | 11 todo, 1 progress | Forgejo production migration needs human design and cutover decisions. |
| cust-wp-0045-cutover-runbook | 0 tasks | Registered runbook is appearing as an active no-task workstream. | | cust-wp-0045-cutover-runbook | 0 tasks | Registered runbook is appearing as an active no-task workstream. |
| net-wp-0020 | 2 wait, 1 todo, 2 done | OpenBao unseal custody models still need operator profile decisions. | | net-wp-0020 | 2 wait, 1 todo, 2 done | OpenBao unseal custody models still need operator profile decisions. |
@@ -295,8 +295,7 @@ Progress 2026-06-27 staged promotion:
rollback, and human approval gates. rollback, and human approval gates.
- `make fix-consistency REPO=railiance-cluster` passed with pre-existing - `make fix-consistency REPO=railiance-cluster` passed with pre-existing
C-12 warnings and synced the T02 status into State Hub. C-12 warnings and synced the T02 status into State Hub.
- T02 through T06 are complete; the next staged-promotion pick is T07 - T02 through T07 are complete; the staged-promotion lifecycle is finished.
promote/rollback/onboarding.
Progress 2026-06-27 staged promotion T03: Progress 2026-06-27 staged promotion T03:
@@ -357,6 +356,19 @@ Progress 2026-06-27 staged promotion T06:
- `make fix-consistency REPO=railiance-cluster` passed with pre-existing - `make fix-consistency REPO=railiance-cluster` passed with pre-existing
C-12 warnings and synced the T06 status into State Hub. C-12 warnings and synced the T06 status into State Hub.
Progress 2026-06-27 staged promotion T07 and finish:
- Completed `RAIL-BS-WP-0006-T07` in `/home/worsch/railiance-cluster`.
Added `tools/cmd/railiance-stage3`, `bin/railiance promote`,
`bin/railiance rollback`, and `docs/promote-rollback-onboarding.md`.
Generated overlays now declare promote/rollback plan commands.
- Verified a fresh generated Forgejo overlay through Stage 1 run, Stage 2
deploy/observe plans, Stage 3 promote/rollback plans, and blocked apply paths
for missing approval/Helm/revision evidence.
- Marked `RAIL-BS-WP-0006` `status: finished`; `make fix-consistency
REPO=railiance-cluster` synced the finished workstream with only pre-existing
C-12 orphan-row warnings.
## Task: Decide State Hub Migration Strategy ## Task: Decide State Hub Migration Strategy
```task ```task