Update stabilization checkpoint after app contract

This commit is contained in:
2026-06-27 15:35:00 +02:00
parent aa81d712e1
commit eae31bab6e
3 changed files with 22 additions and 8 deletions

View File

@@ -25,7 +25,7 @@ State Hub active workstreams queried on 2026-06-27:
| `cust-wp-0051` | This metaplan is the coordination layer for remaining cross-workplan gates. | | `cust-wp-0051` | This metaplan is the coordination layer for remaining cross-workplan gates. |
| `activity-wp-0016-llm-output-robustness-trust-boundary` | Repo-side output robustness bundle is prepared; live deploy/smoke proof remains. | | `activity-wp-0016-llm-output-robustness-trust-boundary` | Repo-side output robustness bundle is prepared; live deploy/smoke proof remains. |
| `three-phoenix-ha-cluster` | HA substrate remains future critical-workload work, not the current State Hub cutover blocker. | | `three-phoenix-ha-cluster` | HA substrate remains future critical-workload work, not the current State Hub cutover blocker. |
| `staged-promotion-lifecycle` | Start T02 to make promotion gates concrete before broad production migrations. | | `staged-promotion-lifecycle` | T02 `railiance/app.toml` contract is done; continue with T03 overlay repo pattern and T04/T05 command/canary implementation before broad production migrations. |
| `rail-ho-wp-0005` | Forgejo production migration is parked behind explicit design, SMTP, backup, runner, and cutover decisions. | | `rail-ho-wp-0005` | Forgejo production migration is parked behind explicit design, SMTP, backup, runner, and cutover decisions. |
| `net-wp-0020` | OpenBao unseal/token custody remains an operator design and smoke gate. | | `net-wp-0020` | OpenBao unseal/token custody remains an operator design and smoke gate. |
| `issue-wp-0003` | issue-core service is healthy; activity-core REST emission wiring remains. | | `issue-wp-0003` | issue-core service is healthy; activity-core REST emission wiring remains. |
@@ -106,8 +106,8 @@ Resume from `docs/daily-triage-stabilization-status.md` and
`ISSUE_SINK_TYPE=rest` and one known-safe emission smoke. `ISSUE_SINK_TYPE=rest` and one known-safe emission smoke.
5. Request explicit State Hub cutover approval for `CUST-WP-0011-T07`, or 5. Request explicit State Hub cutover approval for `CUST-WP-0011-T07`, or
record that WSL2 remains primary for the next operating period. record that WSL2 remains primary for the next operating period.
6. Start staged-promotion T02 and artifact-store D7.1/D7.2 so Forgejo and 6. Continue staged-promotion T03/T04/T05 and start artifact-store D7.1/D7.2
storage work inherit clear production promotion gates. so Forgejo and storage work inherit clear production promotion gates.
7. Keep Forgejo cutover and State Hub HA work parked until their human decision 7. Keep Forgejo cutover and State Hub HA work parked until their human decision
and drill gates are satisfied. and drill gates are satisfied.

View File

@@ -14,7 +14,7 @@ before starting larger migrations.
| `issue-wp-0003` | issue-core is live through ArgoCD; image `0.2.1`, Service port `8765`, ExternalSecret Ready, authenticated smoke created Gitea issue `175`. | Do not flip activity-core blindly. First inject `ISSUE_CORE_API_KEY` into `actcore-runtime-secret` through route `activity-core-issue-sink`; then set activity-core `ISSUE_CORE_URL` to port `8765`, set `ISSUE_SINK_TYPE=rest`, restart/sync, and run one safe emission smoke. | | `issue-wp-0003` | issue-core is live through ArgoCD; image `0.2.1`, Service port `8765`, ExternalSecret Ready, authenticated smoke created Gitea issue `175`. | Do not flip activity-core blindly. First inject `ISSUE_CORE_API_KEY` into `actcore-runtime-secret` through route `activity-core-issue-sink`; then set activity-core `ISSUE_CORE_URL` to port `8765`, set `ISSUE_SINK_TYPE=rest`, restart/sync, and run one safe emission smoke. |
| `rail-ho-wp-0005` | Forgejo migration remains pre-implementation. Inventory is in progress; production decisions, SMTP/email recovery, cutover, and legacy retirement are human-gated. | Resolve T02 production decisions first, then build the disposable Forgejo probe. Do not start production cutover before promotion lifecycle, email recovery, package registry, Actions, backup/restore, and migration drill pass. | | `rail-ho-wp-0005` | Forgejo migration remains pre-implementation. Inventory is in progress; production decisions, SMTP/email recovery, cutover, and legacy retirement are human-gated. | Resolve T02 production decisions first, then build the disposable Forgejo probe. Do not start production cutover before promotion lifecycle, email recovery, package registry, Actions, backup/restore, and migration drill pass. |
| `artifact-store-wp-0007` | All tasks are still `todo`; no live secret gate is currently recorded. | Start with D7.1 fork/object-store landscape and D7.2 compatibility harness. Route D7.3 STS credential vending to NetKingdom if implementation belongs outside artifact-store. | | `artifact-store-wp-0007` | All tasks are still `todo`; no live secret gate is currently recorded. | Start with D7.1 fork/object-store landscape and D7.2 compatibility harness. Route D7.3 STS credential vending to NetKingdom if implementation belongs outside artifact-store. |
| `staged-promotion-lifecycle` | Lifecycle spec is done; schema/tooling/canary/promotion tasks are still `todo`. | Start T02 `railiance/app.toml` contract, then use issue-core/Forgejo as reference consumers for Stage 1/2/3 promotion gates. | | `staged-promotion-lifecycle` | Lifecycle spec and T02 `railiance/app.toml` contract are done; overlay pattern, CLI commands, canary template, deployment observation, promotion, and rollback tasks remain. | Start T03 overlay repo pattern, then T04/T05 command and canary template implementation using issue-core/Forgejo as reference consumers for Stage 1/2/3 promotion gates. |
## Credential And Operator Routing ## Credential And Operator Routing
@@ -40,8 +40,8 @@ No secret value was read or written. The required non-secret evidence is:
1. Close the issue-core handoff gate because the service is already healthy and 1. Close the issue-core handoff gate because the service is already healthy and
only activity-core live emission remains. only activity-core live emission remains.
2. Start staged-promotion T02 so Forgejo has a repeatable promotion contract 2. Continue staged-promotion with T03 overlay repo pattern, then T04/T05
before production cutover work accelerates. command and canary template implementation before Forgejo cutover work accelerates.
3. Run artifact-store D7.1/D7.2 as an assessment/build harness lane, with D7.3 3. Run artifact-store D7.1/D7.2 as an assessment/build harness lane, with D7.3
routed to NetKingdom if STS vending is not artifact-store-owned. routed to NetKingdom if STS vending is not artifact-store-owned.
4. Keep Forgejo production cutover parked behind explicit T02 decisions and the 4. Keep Forgejo production cutover parked behind explicit T02 decisions and the

View File

@@ -281,8 +281,22 @@ Progress 2026-06-27:
recovery, package registry, Actions, backup/restore, migration drill, and recovery, package registry, Actions, backup/restore, migration drill, and
cutover approval. cutover approval.
- artifact-store and staged promotion are executable planning/build lanes: - artifact-store and staged promotion are executable planning/build lanes:
start artifact-store D7.1/D7.2 and staged-promotion T02 before broad artifact-store D7.1/D7.2 remains open; staged-promotion T02 is now complete
production source-forge migration work. before broad production source-forge migration work.
Progress 2026-06-27 staged promotion:
- Completed `RAIL-BS-WP-0006-T02` in `/home/worsch/railiance-cluster`.
Added `docs/app-toml-contract.md`, `schemas/railiance-app.schema.json`,
and `examples/railiance/app.toml`, defining the repository-local
`railiance/app.toml` declaration for identity, ownership, source/artifact
policy, platform dependencies, secret references without plaintext values,
observability, stage commands/checks/evidence, canary/promotion modes,
rollback, and human approval gates.
- `make fix-consistency REPO=railiance-cluster` passed with pre-existing
C-12 warnings and synced the T02 status into State Hub.
- Next staged-promotion picks are T03 overlay repo pattern, then T04/T05
command and canary template implementation.
## Task: Decide State Hub Migration Strategy ## Task: Decide State Hub Migration Strategy