Compare commits

...

151 Commits

Author SHA1 Message Date
codex
1a9dc0bf76 docs(SCOPE): refresh Current State after workplan queue completion
Update status to stable maintenance now that all root CUST-WP workplans are
closed, including archived CUST-WP-0054. Clears C-30 freshness warning.
2026-07-08 12:29:42 +02:00
custodian-sync
3c9837a556 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-08:
  - update .custodian-brief.md for the-custodian
2026-07-08 12:27:42 +02:00
codex
af49c053f1 finish(CUST-WP-0054): workstation independence engineering closeout
Complete T04–T08: bulk Forgejo remote_url migration for all registered
repos, phase 5 stabilization tooling, dev-hub beachhead artifacts, and
phoenix drill runbook. Archive workplan with T09/T10 as operator gates.
2026-07-08 11:42:49 +02:00
custodian-sync
c4853a53dd chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-08:
  - update .custodian-brief.md for the-custodian
2026-07-08 11:40:58 +02:00
custodian-sync
ada0da9045 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-08:
  - update .custodian-brief.md for the-custodian
2026-07-08 11:36:59 +02:00
custodian-sync
068f2cacbe chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-08:
  - update .custodian-brief.md for the-custodian
2026-07-08 11:31:15 +02:00
codex
8f8b0f7ca7 docs(CUST-WP-0025-T17): add stabilization closeout gate details
Document the automated post-cutover stabilization window, scheduled
activity-core jobs, probe contract, railiance01 deploy evidence, and
operator sign-off coupling to CORE-WP-0007-T02.
2026-07-08 11:31:04 +02:00
custodian-sync
637a03abee chore(working-memory): sync daily-triage notes from activity-core [auto 2026-07-08] 2026-07-08 05:27:10 +00:00
custodian-sync
11e5af26f3 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-07:
  - update .custodian-brief.md for the-custodian
2026-07-07 23:06:33 +00:00
codex
582bbfd8ab Sync CUST-WP-0054 hub bindings after stale ID repair
Apply fix-consistency writeback: new workstream 5ceff9dd and task IDs.
2026-07-08 01:04:38 +02:00
custodian-sync
2410d8dbc0 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-08:
  - update .custodian-brief.md for the-custodian
2026-07-08 01:01:47 +02:00
codex
51b6c756ad fix(workplans): resolve duplicate CUST-WP-0010 id collision
Renumber the later domain-and-repo-goals plan to CUST-WP-0010b, following
the established 0000b suffix pattern. Lifecycle documentation keeps the
original CUST-WP-0010 id and filename.
2026-07-08 01:01:28 +02:00
custodian-sync
3f5aef8368 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-08:
  - update .custodian-brief.md for the-custodian
2026-07-08 01:01:13 +02:00
codex
19c825f143 Fix CUST-WP-0054 stale hub bindings; finish CUST-WP-0025 T24-T26
Remove orphaned state_hub workstream/task IDs from CUST-WP-0054 so
fix-consistency can recreate bindings. Mark CUST-WP-0025 finished with
fin-hub cost tracking, cross-hub coupling, and RaaS packaging complete.
2026-07-08 00:59:39 +02:00
custodian-sync
275c3c6f6c chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-08:
  - update .custodian-brief.md for the-custodian
2026-07-08 00:53:54 +02:00
codex
a272f5fcda Advance CUST-WP-0025: close T16/T17, add canon and fin-hub bootstrap
- Mark T16/T17 done with cutover evidence and decision coupling doc
- Add business-model-canvas and bootstrap-protocol canon (T20/T21)
- Record Core Hub readiness-summary evidence stubs
- Refresh fos-hub-bootstrap-sequence-status and core-hub-replacement-evidence
2026-07-08 00:52:17 +02:00
custodian-sync
72fe10e076 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-07:
  - update .custodian-brief.md for the-custodian
2026-07-07 22:50:29 +00:00
custodian-sync
f353c039af chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-08:
  - update .custodian-brief.md for the-custodian
2026-07-08 00:42:06 +02:00
codex
a23768044f Finish CUST-WP-0014: mark all tasks done and archive workplan
Implementation lives in state-hub; close the tracking workplan with all six
tasks marked done and move it to archived/260708.
2026-07-08 00:39:50 +02:00
custodian-sync
ff4ec782c8 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-07:
  - update .custodian-brief.md for the-custodian
2026-07-07 22:38:31 +00:00
custodian-sync
d9bf050f55 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-08:
  - update .custodian-brief.md for the-custodian
2026-07-08 00:31:34 +02:00
codex
3ea0291f54 Record T02 cutover Option A and close design decision set
Staged per-repo promotion as primary plan; freeze-all emergency fallback only.
All WP-0005 T02 production choices are now decided.
2026-07-07 17:00:05 +02:00
codex
89300bd5fc Record T02 backup decision: Option A (Nextcloud + age)
Daily forgejo dump and pg_dump, age-encrypted upload to Nextcloud WebDAV,
balanced retention (14 daily + 4 weekly), RPO 24h / RTO 4h.
2026-07-07 16:55:13 +02:00
codex
56943efbf7 Record T02 package scope: Option C (OCI, npm, generic)
Operator decided multi-ecosystem registry with npm as a launch requirement;
additional types follow inventory evidence. Update SMTP row to T06-done state.
2026-07-07 16:47:15 +02:00
codex
5aacf8770f Record IONOS SMTP decision and Forgejo mailer deployment
Document forgejo@coulomb.social on IONOS smtp.ionos.com:587; mailer live on
railiance01 via railiance-apps Helm. T06 password-reset test remains open.
2026-07-07 11:08:14 +02:00
custodian-sync
4c82daea96 chore(working-memory): sync daily-triage notes from activity-core [auto 2026-07-07] 2026-07-07 05:34:30 +00:00
codex
b8412994b7 docs: record state-hub Forgejo CI promotion main-0ca9c27 (Helm rev 8)
Update Phase 5 cutover evidence and CUST-WP-0054 T05 notes after
image.yaml #31 build and railiance01 deploy with working-memory sweep.
2026-07-07 01:14:11 +02:00
custodian-sync
26a3dca511 chore(working-memory): sync daily-triage notes from activity-core [auto 2026-07-06] 2026-07-06 23:07:04 +00:00
codex
ac0886a409 feat(T06): complete sink path decoupling and working-memory sweep sync
hostPath working-memory on railiance01, migration tool, sweep commits
daily-triage notes; T06 marked done in workplan.
2026-07-07 01:01:26 +02:00
codex
8baa2d10ff feat: schedule Phase 5 checks; start T06 path decoupling
Add phase5 daily/closeout ActivityDefinitions, document schedules in Phase 5
evidence, and migrate daily triage sinks to custodian:// runtime URIs.
2026-07-07 00:48:36 +02:00
codex
03dc2070a3 docs: Phase 5 day-1 stabilization check — all gates green
Records phase5-stabilization-check.sh snapshot after CI image promotion;
T05 remains in progress until 72h window closes 2026-07-09.
2026-07-07 00:37:02 +02:00
codex
872266cb57 docs: record state-hub CI image promotion to main-375961c
Forgejo image.yaml #26 built and Helm rev 7 deployed on railiance01;
post-upgrade consistency sweep exit_code=0.
2026-07-06 20:22:23 +02:00
codex
40670dcc55 docs(CUST-WP-0054-T05): record post-cutover daily triage success
Manual activity-core trigger completed with daily_triage progress event
a99e644e and working-memory report daily-triage-2026-07-06-67685f1c.md.
2026-07-06 19:51:04 +02:00
codex
d470fccece Draft capability entry (reuse-surface REUSE-WP-0017-T04, cohort 3)
Honest first-pass maturity vector grounded in README/docs/tests present
in this repo; no invented evidence. Flagged for human review before
publish. See reuse-surface history/2026-07-06-coverage-classification.md.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
2026-07-06 19:50:54 +02:00
codex
104c66763e docs(CUST-WP-0054-T05): open Phase 5 stabilization window
Record kickoff baseline checks, 72h monitoring gates, and a reusable
phase5-stabilization-check.sh script for daily health snapshots.
2026-07-06 19:41:42 +02:00
codex
c9764ba73c docs(CUST-WP-0054-T05): Phase 4 sweep checkout migration evidence
Record railiance01 clone tree, host_paths registration, and tooling for
bulk clone and path registration. Update T05 workplan with Phase 4 completion.
2026-07-06 19:24:28 +02:00
codex
0bebad0bae docs(CUST-WP-0054): update Phase 1 evidence with Forgejo image fix notes
Record main-d1a4fcf CI fix and DinD root cause after image rebuild.
2026-07-06 18:59:04 +02:00
codex
5d3b0120f1 docs(CUST-WP-0054): record Phase 3 access rewire to railiance01
state-hub-primary tunnel, activity-core in-cluster URL, fleet-state-hub
coulombcore retired. Production :8000 now serves railiance01 hub.
2026-07-06 18:57:43 +02:00
codex
5961e74bfc docs(CUST-WP-0054): record Phase 2 data migration evidence
coulombcore frozen; pg_restore to railiance01 with exact-count gate pass.
Phase 3 access rewire still pending.
2026-07-06 18:51:59 +02:00
codex
149afb104d docs(CUST-WP-0054): record Phase 1 empty stack evidence on railiance01
Phase 1 deploy complete: CNPG state-hub-db, Alembic at head, empty hub
healthy on ClusterIP 10.43.68.154. Documents gitea image workaround and
Forgejo rebuild prerequisite before Phase 2.
2026-07-06 18:38:35 +02:00
codex
284d11c735 docs(CUST-WP-0054): record Phase 1 empty stack evidence on railiance01
Phase 1 deploy complete: CNPG state-hub-db, Alembic at head, empty hub
healthy on ClusterIP 10.43.68.154. Documents gitea image workaround and
Forgejo rebuild prerequisite before Phase 2.
2026-07-06 18:28:27 +02:00
codex
5b51f90a9f CUST-WP-0054-T05 Phase 0 preflight evidence (baseline counts, dry-runs, image pull) 2026-07-06 18:08:02 +02:00
codex
959db458a8 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-06:
  - update .custodian-brief.md for the-custodian
2026-07-06 17:27:09 +02:00
codex
fa715c29d5 CUST-WP-0054-T05: State Hub railiance01 cutover plan and task progress 2026-07-06 17:25:09 +02:00
codex
0d890a7155 Document activity-core tier-3 promotion; production set complete (CUST-WP-0054-T04) 2026-07-06 17:14:13 +02:00
codex
9f2606596c Document core-hub tier-3 Forgejo promotion (CUST-WP-0054-T04) 2026-07-06 15:56:53 +02:00
codex
df3198adfb Document issue-core tier-3 Forgejo promotion (CUST-WP-0054-T04) 2026-07-06 14:41:06 +02:00
codex
331ab9c099 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-06:
  - update .custodian-brief.md for the-custodian
2026-07-06 12:58:33 +02:00
codex
abac583b99 Document state-hub tier-3 Forgejo promotion (CUST-WP-0054-T04) 2026-07-06 12:56:34 +02:00
codex
5c63c2f354 Add Forgejo tier-3 remote_url and sweep playbook
Document State Hub PATCH procedure, sweep implications, railiance01 host_paths,
state-hub image specifics, and rollback. Include batch patch helper; applied
tier-2.5 remote_url updates in hub DB.
2026-07-04 13:21:40 +02:00
codex
dd0ee14f50 Document Forgejo tier 2.5: operator SSH, templates, railiance stack promotion
Record tegwick SSH identity, enablement workflow templates, and five railiance
repos on Forgejo with ci-smoke. Update state-hub gate checklist.
2026-07-04 12:51:05 +02:00
codex
5d3270e564 Document tier-2 key-cape Forgejo image pilot (T10 complete)
Adds archive-checkout image workflow evidence and k3s pull verification;
tiers 0-2 satisfied before state-hub cutover.
2026-07-04 10:26:28 +02:00
codex
1745c37f2c Cross-link Forgejo pilot to adapted RAIL-HO-WP-0005 migration ladder
Aligns CUST-WP-0054-T04 with staged tier 0-3 sequencing from railiance-infra.
2026-07-04 01:02:42 +02:00
codex
a912679675 Document glas-harness Forgejo migration pilot routing
Records what works (SSH forgejo-remote, CI smoke, HTTPS mirror) and what is
still blocked before state-hub cutover. Updates CUST-WP-0054-T04 progress.
2026-07-04 00:59:53 +02:00
codex
ea6ee564bd chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-04:
  - update .custodian-brief.md for the-custodian
2026-07-04 00:48:30 +02:00
codex
f18d56b706 CUST-WP-0054-T04: record image-build CI proof on railiance01 runner
Documents successful forgejo-actions-probe image-build workflow (static
docker-cli + DinD, org registry secrets) and notes remaining repo migration
work before workstation-off release.
2026-07-04 00:47:17 +02:00
codex
cf4be716e1 CUST-WP-0054 T01-T03: fleet architecture, de-hub runbook, drain plan
Documents the three-machine role model, fleet mesh topology, coulombcore
freeze policy, and ordered drain sequence. Adds railiance01 systemd tunnel
install assets and refreshes ops service inventory to reflect 2026-07-03
production placement (cluster State Hub, fleet mesh, draining coulombcore).
2026-07-04 00:29:55 +02:00
codex
0a77483861 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-03:
  - update .custodian-brief.md for the-custodian
2026-07-03 22:31:56 +02:00
codex
e8a7f49bde Record ADR-004 in-cluster Forgejo runner decision for T04
Updates forgejo-production-decisions and CUST-WP-0054-T04 partial progress.
2026-07-03 22:29:28 +02:00
codex
4084c849f5 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-03:
  - update .custodian-brief.md for the-custodian
2026-07-03 20:37:52 +02:00
codex
763df547d7 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-03:
  - update .custodian-brief.md for the-custodian
2026-07-03 20:05:58 +02:00
codex
6cc568a84d chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-03:
  - update .custodian-brief.md for the-custodian
2026-07-03 19:30:48 +02:00
codex
65f0605bcc chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-03:
  - update .custodian-brief.md for the-custodian
2026-07-03 18:25:12 +02:00
codex
1d6c72ef2c chore(consistency): renormalize lifecycle state [auto]
Updated by fix-consistency on 2026-07-03:
  - workplan status: proposed → active
2026-07-03 18:24:57 +02:00
codex
a2b41e7d0a CUST-WP-0054 (proposed): workstation independence and fleet role realignment
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-03 13:25:26 +02:00
codex
eaf0e604b0 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-03:
  - update .custodian-brief.md for the-custodian
2026-07-03 11:33:49 +02:00
codex
c4b0712144 CUST-WP-0051 FINISHED: all eight metaplan tasks terminal after Core Hub + State Hub cutovers
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-03 11:30:21 +02:00
codex
aca22a12fb chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-03:
  - update .custodian-brief.md for the-custodian
2026-07-03 11:29:40 +02:00
codex
6f34d47ab9 CUST-WP-0047/0049: legacy Inter-Hub tasks superseded by Core Hub production cutover
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-03 11:26:33 +02:00
codex
35b0a75af8 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-02:
  - update .custodian-brief.md for the-custodian
2026-07-02 20:39:00 +02:00
codex
40948b8226 CUST-WP-0051: T04/T05 done; end-of-day checkpoint refresh (9 workplans finished)
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 20:36:34 +02:00
codex
0a52cdd858 CUST-WP-0025-T16 done: deployed Core Hub API + activity-core sink smokes both proven
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 18:13:49 +02:00
codex
440154802f chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-02:
  - CUST-WP-0025-T16: progress → wait
2026-07-02 16:41:43 +02:00
codex
67ef857460 CUST-WP-0025-T16 progress + CUST-WP-0051: Core Hub staging deployed with full smoke evidence
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 16:40:37 +02:00
codex
916808eac2 Checkpoint: all five approval gates closed; Core Hub staging decision set is the open item
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 14:56:19 +02:00
e778ffd2d2 CUST-WP-0051: railiance01 deploy executed — RAIL-BS-WP-0008/0009 + ACTIVITY-WP-0016 finished
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 11:56:19 +02:00
4cc4bf038e CUST-WP-0051: artifact-store MinIO/STS lane finished (T05 progress)
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 11:27:51 +02:00
3377c70c08 CUST-WP-0051: 2026-07-02 execution pass — deploy prep, operator pickup list
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 11:04:07 +02:00
560f676fb6 CUST-WP-0051: 2026-07-02 review refresh — new credential and deploy lanes
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 10:39:49 +02:00
a5fb9d72f1 Sync CUST-WP-0053 task metadata 2026-07-02 02:24:14 +02:00
d097510444 CUST-WP-0053: add T05 workplan_id alias completion task
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 01:48:14 +02:00
495a4fa7fb Regenerate agent instructions: workstream -> workplan terminology
Registration guidance now prescribes file-first + fix-consistency (C-06)
instead of manual create_workplan/create_workstream calls; progress-event
examples use workplan_id; legacy field names annotated.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 01:47:46 +02:00
491f50162d chore(consistency): commit workplan task-id writeback
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 00:26:45 +02:00
0122198254 Add CUST-WP-0053 coordination hygiene workplan
Unblock sweep for blocked workplans vs inbox, inbox triage discipline
(thread_id + unread-age alerts), workplan ID prefix lint with cross-repo
collision detection, SCOPE Current State freshness. Findings from the
2026-07-01 railiance-cluster review (RAILIANCE-WP-0014 sat blocked 13 days
after the unblocking inbox message arrived).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 00:14:34 +02:00
1f9ef92a66 Clarify core hub staging credential route 2026-06-30 10:20:23 +02:00
cb7fd7b19d Record daily triage clean streak checkpoint 2026-06-30 10:07:28 +02:00
3ef57f63c1 Record policy gate support closeouts 2026-06-30 09:49:04 +02:00
a6e987bc23 Close Core Hub operator UI gate 2026-06-28 00:27:12 +02:00
56f3a3ce14 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-28:
  - update .custodian-brief.md for the-custodian
2026-06-28 00:26:32 +02:00
4158f05cff Close IAM Profile integration gate 2026-06-28 00:20:05 +02:00
7d823bd12f chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-28:
  - update .custodian-brief.md for the-custodian
2026-06-28 00:18:17 +02:00
46e2012160 Close Core Hub ops evidence contract gate 2026-06-27 23:57:22 +02:00
b39f3cc6cc chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 23:55:02 +02:00
46fff69fc0 Record artifact-store MinIO lane progress 2026-06-27 23:38:36 +02:00
225f3a7834 Refresh stabilization checkpoint after Core Hub reset 2026-06-27 23:06:15 +02:00
d03ddcd9fb Close Core Hub FOS reset workplan 2026-06-27 22:36:18 +02:00
a7635c65c9 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 22:34:55 +02:00
cac6302a0a Align Core Hub build lane with Helixforge 2026-06-27 22:29:35 +02:00
5f1aad927c chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 22:28:28 +02:00
befb35c056 Rewrite FOS ops hub phase for Core Hub 2026-06-27 21:59:20 +02:00
8c4d9b952b chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 21:57:50 +02:00
12600c5565 Record Core Hub replacement evidence handoff 2026-06-27 21:45:06 +02:00
7cf821de59 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 21:43:23 +02:00
0fb894eaa5 Link Core Hub continuation workplan 2026-06-27 19:56:34 +02:00
2fbfa81fdf chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 19:51:06 +02:00
f490d18423 Add Core Hub FOS reset workplan 2026-06-27 19:31:09 +02:00
acbe4976af chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 19:29:43 +02:00
b0d7d09594 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 19:24:46 +02:00
4a66ebfbb6 Refine security blocker posture review 2026-06-27 18:22:06 +02:00
da0735a05a Update stabilization checkpoint after staged promotion finish 2026-06-27 17:08:48 +02:00
4f49f6f23f Update stabilization checkpoint after deploy observe tooling 2026-06-27 16:53:55 +02:00
5128ab8830 Update stabilization checkpoint after canary template 2026-06-27 16:41:42 +02:00
629f4c1f53 Update stabilization checkpoint after run command 2026-06-27 16:28:28 +02:00
cbf583f76c Update stabilization checkpoint after overlay scaffold 2026-06-27 15:55:40 +02:00
eae31bab6e Update stabilization checkpoint after app contract 2026-06-27 15:35:00 +02:00
aa81d712e1 Add infrastructure stabilization checkpoint 2026-06-27 09:58:52 +02:00
1aec581919 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 09:32:25 +02:00
b73cd28e06 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 09:21:45 +02:00
58fc1134af chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 09:06:58 +02:00
2cf7135ab6 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 08:59:59 +02:00
28702cd4ae chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 08:03:33 +02:00
e4e9e220b6 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 07:50:32 +02:00
988a996d7c chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 01:31:46 +02:00
38c52b2962 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 01:25:12 +02:00
a61a6c7dfc chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 01:21:25 +02:00
a8e655e4b8 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 01:17:49 +02:00
c9321b53f7 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 01:11:21 +02:00
5b5dc7604f feat: remote-build shim via sand-boxer (SAND-WP-0012)
Delegate make remote-build to sandboxer create when CLI is available;
retain legacy rsync path with deprecation notice. Add verify script.
2026-06-24 12:56:32 +02:00
7e1cfa005b SAND-WP-0004: delegate make e2e to validate run
Replace e2e_framework monolith with wise-validator + sand-boxer shim.
Makefile invokes validate run; legacy python -m e2e_framework delegates
via shim.py with deprecation notice. Add verify-e2e-shim.sh.
2026-06-23 21:43:53 +02:00
8bdefcd6ba Normalize agent instructions and workplan frontmatter (STATE-WP-0067)
- Align agent files with on-disk workplan prefixes (infer from workplan ids)
- Set workplan domain to registered domain_slug; add topic_slug where applicable
- Repair frontmatter delimiter formatting; migrate legacy task status literals
- Regenerate AGENTS.md, CLAUDE.md, and .claude/rules from State Hub templates
2026-06-22 23:16:28 +02:00
d30e71fb43 Mark CUST-WP-0025 T09–T12 done after dev-hub MCP rename
Phase 2 hub extraction and dev-hub rename gate complete: MCP identifier
migration, config script, domain repo rule regeneration, and test suite.
2026-06-22 21:24:35 +02:00
c3c97bba83 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-22:
  - update .custodian-brief.md for the-custodian
2026-06-22 21:05:40 +02:00
2c8083e8e3 Close CUST-WP-0048 hub-core import refactor (T05-T08)
Mark capability write and MCP composition tasks done, record 426-test
regression, finish child workplan, and complete CUST-WP-0025-T08.
2026-06-22 20:34:02 +02:00
604c598814 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-22:
  - update .custodian-brief.md for the-custodian
2026-06-22 20:33:42 +02:00
f94120105f docs(hub-core): record HUB-WP-0002 write router and MCP composition seams 2026-06-22 19:52:22 +02:00
24494f3eee chore: backfill state_hub_workstream_id on CUST-WP-0045 cutover runbook
Sync runbook frontmatter with State Hub workstream linkage from fix-consistency.
2026-06-22 19:47:23 +02:00
db88a34b3e CUST-WP-0050 follow-up: human review, push tooling, SSH inventory
Add human-review script for 13 high-blast-radius repos, bulk-push helper,
and SSH-based Gitea inventory probe. Update exclusion list with SSH-verified
absent slugs; marki-docx now classified and registered.
2026-06-22 17:59:55 +02:00
61fe8e0309 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-22:
  - update .custodian-brief.md for the-custodian
2026-06-22 17:53:06 +02:00
f9837e3703 Complete CUST-WP-0050 T11: classify and register remaining portfolio repos
Add exclusion list and batch classification author for post-cutover inventory.
Mark workplan finished after registering 7 new repos and reclassifying 43
migration rows via state-hub register-from-classification tooling.
2026-06-22 17:50:26 +02:00
96a4c7bea9 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-22:
  - update .custodian-brief.md for the-custodian
2026-06-22 12:43:10 +02:00
06feb41588 CUST-WP-0050: backfill T11 state_hub_task_id [consistency]
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 11:57:58 +02:00
a0b79cd09e chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-22:
  - update .custodian-brief.md for the-custodian
2026-06-22 11:56:33 +02:00
4099179374 CUST-WP-0050: drop T03, re-home T04-T10 to STATE-WP-0065, add T11
Per 2026-06-22 review: T03 dropped (registering unregistered repos under the
old model = legacy to clean up). Implementation re-homed to state-hub-local
STATE-WP-0065; T04/T05/T10 merged into one spine migration (P1). CUST-WP-0050
stays the coordination driver. T11 (post-cutover inventory) replaces T03.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 11:52:55 +02:00
9456b3812e chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-22:
  - update .custodian-brief.md for the-custodian
2026-06-22 11:41:53 +02:00
c4c61f4550 CUST-WP-0050 T02: human review complete; close T02
Bernd confirmed kaizen-agentic and llm-connect stay agents-primary
(infotech secondary). All 11 custodian-repo .repo-classification.yaml
flipped to classified_by: human and re-validated clean against T01.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 11:31:39 +02:00
27b7e3f08a Add 'tooling' category to Repo Classification Standard
Insert a 'tooling' category between project and product (reusable internal
tooling/infrastructure: libraries, CLIs, services, ops components used across
the ecosystem rather than offered to external customers). Update §5 definition,
§11 decision procedure, §16 agent prompt, the machine-readable allowed-values,
and the CUST-WP-0050 T02 progress note. Nine custodian tooling repos
reclassified to it; the-custodian and inter-hub remain research.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 03:08:20 +02:00
40cc73f22e CUST-WP-0050 T02: classify remaining 10 custodian repos
All 11 custodian-domain repos now carry a committed, validated
.repo-classification.yaml (first-pass classified_by: agent). T02 remains
in_progress pending the human-review step.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 02:47:43 +02:00
46e3566793 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-22:
  - update .custodian-brief.md for the-custodian
2026-06-22 02:02:48 +02:00
044d088109 Start CUST-WP-0050: T01 allowed-values + validator; classify the-custodian
Activate the workplan and complete T01: add the machine-readable controlled
vocabulary canon/standards/repo-classification.allowed.yaml (categories,
domains, business_stake, business_mechanics, capability families, guidance),
reference it from the standard §12, and add tools/validate_repo_classification.py
(stdlib + PyYAML, --self-test PASS).

Begin T02: author the-custodian/.repo-classification.yaml (research · infotech ·
agents), which validates clean. classified_by: agent, pending human review.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 02:02:01 +02:00
a74f42de06 Fix D1 reference in CUST-WP-0050 (D1 -> D1/D1a)
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 01:47:54 +02:00
50f4564561 Resolve CUST-WP-0050 D1: repo-anchored model + ADR-005
Adopt the repo as the primary workplan anchor: repo_id becomes required,
market-domain is derived from each repo's classification, and the
domain/topic spine is demoted/retired (RepoGoal becomes the goal primitive).
Add task T10 for the re-anchor plus the workstream -> workplan rename across
schema/API/MCP.

Add ADR-005 (Cross-Repo Workplans Live in Dedicated Project Repos): complex
cross-repo efforts get their own project repo (category: project) as the
anchor, retired to archive on completion with results living on in the
modified product repos. Rewrite D1 as resolved and add D1a for the
project-repo naming/archival convention.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 01:36:31 +02:00
154 changed files with 12119 additions and 505 deletions

View File

@@ -1,50 +1,18 @@
<!-- custodian-brief: generated by fix-consistency — do not edit manually --> <!-- custodian-brief: generated by fix-consistency — do not edit manually -->
# Custodian Brief — the-custodian # Custodian Brief — the-custodian
**Domain:** custodian **Domain:** infotech
**Last synced:** 2026-06-16 22:10 UTC **Last synced:** 2026-07-08 10:27 UTC
**State Hub:** http://127.0.0.1:8000 *(adjust if running on a remote machine)* **State Hub:** http://127.0.0.1:8000 *(adjust if running on a remote machine)*
## Active Workstreams ## Active Workstreams
### Ops Hub Service Inventory Now View *(none — repo may need first-session setup)*
Progress: 6/7 done | workstream_id: `656e435d-3a00-4f5e-a38e-114467f9062e`
**Open tasks:**
- ! Task: Activate Ops-Hub Widgets In Inter-Hub `b16c5e15`
### Inter-Hub Bootstrap Access Lane
Progress: 5/6 done | workstream_id: `9b56414a-c71f-4e72-9b2b-d2166aaf50d0`
**Open tasks:**
- ! Task: Execute Live Ops-Hub Bootstrap `782b3846`
### Hub-Core State Hub Import Refactor
Progress: 4/8 done | workstream_id: `dd53bd50-641d-4c67-a143-10e39321e1d6`
**Open tasks:**
- · T05 - Resolve Capability Request Write Workflow Boundary `669dea12`
- · T06 - Split Generic MCP Tool Registration `8a202c88`
- · T07 - Run Regression And Coupling Report `b5a6b9e3`
- · T08 - Close Child Workplan And Return To Umbrella `c34d121c`
### FOS Hub Bootstrap — Identity, Hub Extraction, Ops Hub, Fin Hub
Progress: 4/26 done | workstream_id: `293a74fe-a85a-4ad6-8933-23d52a72fe8b`
**Open tasks:**
- ► T08 — Refactor state-hub to import from hub-core `daf1d8ac`
- · T01 — Complete NK-WP-0001: Keycloak + privacyIDEA on k3s `f55078b6`
- · T02 — Complete NK-WP-0002: Local identity bootstrap `0d7792f7`
- · T03 — IAM Profile integration test `e9894ac9`
- · T09 — Rename MCP server state-hub to dev-hub `2148a804`
- · T10 — MCP config migration script `5953f129`
- · T11 — Regenerate domain repo rule files `7b41766b`
- … and 15 more open tasks
--- ---
## MCP Orientation (when available) ## MCP Orientation (when available)
If the state-hub MCP server is reachable, call: If the state-hub MCP server is reachable, call:
`get_domain_summary("custodian")` `get_domain_summary("infotech")`
This provides richer cross-domain context. This provides richer cross-domain context.
If the MCP call fails, use this file as your orientation source. If the MCP call fails, use this file as your orientation source.

37
.repo-classification.yaml Normal file
View File

@@ -0,0 +1,37 @@
repo_classification:
standard: Repo Classification Standard
version: "1.0"
classified_at: "2026-06-22"
classified_by: human
# the-custodian is the governance/continuity substrate: canon, standards,
# ADRs, charters, memory, and cross-domain coordination scaffolding.
category: research
domain: infotech
secondary_domains:
- agents
capability_tags:
- governance
- knowledge
- coordination
- policy
- documentation
business_stake:
- technology
- operations
- intelligence
- execution
business_mechanics:
- intention
- control
- coordination
- adaptation
notes: >
Primary domain is infotech (the intended users are the ecosystem's
developers and agents); agents is a secondary domain because the repo is
agent-coordination infrastructure. Classified as research because its core
output is canon, standards, and decision records rather than a deployable

View File

@@ -4,10 +4,10 @@
**Purpose:** Transgenerational cognitive infrastructure and central coordination hub for all domains. Houses the state-hub (PostgreSQL + FastAPI + MCP + dashboard), governance canon, workplans, and agent session memory. **Purpose:** Transgenerational cognitive infrastructure and central coordination hub for all domains. Houses the state-hub (PostgreSQL + FastAPI + MCP + dashboard), governance canon, workplans, and agent session memory.
**Domain:** custodian **Domain:** infotech
**Repo slug:** the-custodian **Repo slug:** the-custodian
**Topic ID:** `cee7bedf-2b48-46ef-8601-006474f2ad7a` **Topic ID:** `cee7bedf-2b48-46ef-8601-006474f2ad7a`
**Workplan prefix:** `THE-WP-` **Workplan prefix:** `CUST-WP-`
--- ---
@@ -20,6 +20,12 @@ there is no MCP server for Codex agents.
|---------|-----| |---------|-----|
| Local workstation | `http://127.0.0.1:8000` | | Local workstation | `http://127.0.0.1:8000` |
| Remote via tunnel | `http://127.0.0.1:18000` | | Remote via tunnel | `http://127.0.0.1:18000` |
| Optional local edge relay | http://127.0.0.1:18080 |
When an operator has enabled the edge relay, set API_BASE to the relay URL.
Queueable writes return an explicit queued receipt if the central hub is
unreachable. Treat that as pending local evidence, then ask the operator to run
statehub outbox status/replay after connectivity returns.
### Orient at session start ### Orient at session start
@@ -27,8 +33,8 @@ there is no MCP server for Codex agents.
# Offline brief — works without hub connection # Offline brief — works without hub connection
cat .custodian-brief.md cat .custodian-brief.md
# Active workstreams for this domain # Active workplans for this domain
curl -s "http://127.0.0.1:8000/workstreams/?topic_id=cee7bedf-2b48-46ef-8601-006474f2ad7a&status=active" \ curl -s "http://127.0.0.1:8000/workplans/?topic_id=cee7bedf-2b48-46ef-8601-006474f2ad7a&status=active" \
| python3 -m json.tool | python3 -m json.tool
# Check inbox # Check inbox
@@ -51,20 +57,20 @@ curl -s -X POST http://127.0.0.1:8000/progress/ \
"summary": "what was done", "summary": "what was done",
"event_type": "note", "event_type": "note",
"author": "codex", "author": "codex",
"workstream_id": "<uuid>", "workplan_id": "<uuid>",
"task_id": "<uuid>" "task_id": "<uuid>"
}' }'
``` ```
Omit `workstream_id` / `task_id` when not applicable. Omit `workplan_id` / `task_id` when not applicable.
### Update task status ### Update task status
```bash ```bash
curl -s -X PATCH "http://127.0.0.1:8000/tasks/<task_id>" \ curl -s -X PATCH "http://127.0.0.1:8000/tasks/<task_id>" \
-H "Content-Type: application/json" \ -H "Content-Type: application/json" \
-d '{"status": "in_progress"}' -d '{"status": "progress"}'
# values: todo | in_progress | done | blocked # values: wait | todo | progress | done | cancel
``` ```
### Flag a task for human review ### Flag a task for human review
@@ -80,10 +86,10 @@ curl -s -X PATCH "http://127.0.0.1:8000/tasks/<task_id>" \
## Session Protocol ## Session Protocol
**Start:** **Start:**
1. `cat .custodian-brief.md` — domain goal and open workstreams (offline-safe) 1. `cat .custodian-brief.md` — domain goal and open workplans (offline-safe)
2. Check inbox: `GET /messages/?to_agent=the-custodian&unread_only=true`; mark read 2. Check inbox: `GET /messages/?to_agent=the-custodian&unread_only=true`; mark read
3. Scan workplans: `ls workplans/` — note `status: ready`, `active`, or `blocked` files and open tasks 3. Scan workplans: `ls workplans/` — note `status: ready`, `active`, or `blocked` files and open tasks
4. Check blocked tasks: `GET /tasks/?needs_human=true` 4. Check human-needed tasks: `GET /tasks/?needs_human=true`
**During work:** **During work:**
- Update task statuses in workplan files as tasks progress - Update task statuses in workplan files as tasks progress
@@ -92,12 +98,12 @@ curl -s -X PATCH "http://127.0.0.1:8000/tasks/<task_id>" \
**Close:** **Close:**
1. Update workplan file task statuses to reflect progress 1. Update workplan file task statuses to reflect progress
2. Log: `POST /progress/` with a summary of what changed 2. Log: `POST /progress/` with a summary of what changed
3. Note for the custodian operator: after workplan file changes, run from 3. After workplan file changes, run:
`~/state-hub`:
```bash ```bash
make fix-consistency REPO=the-custodian statehub fix-consistency
``` ```
This syncs task status from files into the hub DB. Coding agents should run this directly; ask the operator only if the CLI or
State Hub API is unavailable. This syncs task status from files into the hub DB.
--- ---
@@ -123,7 +129,7 @@ Requires the `warden` CLI from `~/ops-warden` (`uv tool install .` or `uv run wa
| Agent runtime | How to orient | | Agent runtime | How to orient |
| --- | --- | | --- | --- |
| **Codex / Grok** (shell, HTTP State Hub) | `warden route` commands above; inbox `to_agent=the-custodian` is for coordination, not secret vending | | **Codex / Grok** (shell, HTTP State Hub) | `warden route` commands above; inbox `to_agent=the-custodian` is for coordination, not secret vending |
| **Claude Code** (MCP when available) | `get_domain_summary("custodian")` for workstreams; **still** use `warden route` for credential ownership | | **Claude Code** (MCP when available) | `get_domain_summary("custodian")` for workplans; **still** use `warden route` for credential ownership |
| **llm-connect** (inference service) | Never put secret retrieval in prompts; route custody to OpenBao/operator paths surfaced by `warden route` | | **llm-connect** (inference service) | Never put secret retrieval in prompts; route custody to OpenBao/operator paths surfaced by `warden route` |
### Quick routing table ### Quick routing table
@@ -152,6 +158,10 @@ get wrong.
**Canon:** `~/ops-warden/wiki/CredentialRouting.md` · catalog `~/ops-warden/registry/routing/catalog.yaml` **Canon:** `~/ops-warden/wiki/CredentialRouting.md` · catalog `~/ops-warden/registry/routing/catalog.yaml`
<!-- REPO-AGENTS-EXTENSIONS -->
<!-- Append repo-specific agent instructions below this marker.
The state-hub template sync preserves content after this line. -->
--- ---
## Workplan Convention (ADR-001) ## Workplan Convention (ADR-001)
@@ -177,7 +187,7 @@ anything needing analysis, design, approval, dependencies, or multiple phases.
id: THE-WP-NNNN id: THE-WP-NNNN
type: workplan type: workplan
title: "..." title: "..."
domain: custodian domain: infotech
repo: the-custodian repo: the-custodian
status: proposed | ready | active | blocked | backlog | finished | archived status: proposed | ready | active | blocked | backlog | finished | archived
owner: codex owner: codex
@@ -199,7 +209,7 @@ derived health labels, not frontmatter statuses.
` ` `task ` ` `task
id: THE-WP-NNNN-T01 id: THE-WP-NNNN-T01
status: todo | in_progress | done | blocked status: wait | todo | progress | done | cancel
priority: high | medium | low priority: high | medium | low
state_hub_task_id: "<uuid>" # written by fix-consistency — do not edit state_hub_task_id: "<uuid>" # written by fix-consistency — do not edit
` ` ` ` ` `
@@ -207,7 +217,7 @@ state_hub_task_id: "<uuid>" # written by fix-consistency — do not edit
Task description text. Task description text.
``` ```
Status progression: `todo` → `in_progress` → `done` (or `blocked`) Status progression: `todo` → `progress` → `done`; use `wait` for waiting/blocked work and `cancel` for stopped work.
To create a new workplan: To create a new workplan:
1. Write the file following the format above 1. Write the file following the format above

View File

@@ -69,39 +69,25 @@ custodian-key-deploy:
grep -c 'custodian-agent' ~/.ssh/authorized_keys | xargs -I{} echo '{} custodian-agent key(s) in authorized_keys'" grep -c 'custodian-agent' ~/.ssh/authorized_keys | xargs -I{} echo '{} custodian-agent key(s) in authorized_keys'"
@echo "Done. Test with: make e2e-cron-list" @echo "Done. Test with: make e2e-cron-list"
## Run e2e tests for a repo in a remote sandbox ## Run e2e tests for a repo (wise-validator + sand-boxer)
## Usage: make e2e REPO=activity-core ## Usage: make e2e REPO=activity-core
## Requires: RAILIANCE01_HOST env var (or pass HOST=<ip>) ## Prerequisites: validate and sandboxer on PATH
## cd ~/wise-validator && make install
## cd ~/sand-boxer && make install
## Host (one required): HOST=, SANDBOXER_HOST, or RAILIANCE01_HOST
## CoulombCore: export SANDBOXER_COMPOSE_CMD=podman-compose
## ##
## Options: ## Options:
## REPO=<slug> repository name under ~/ (required) ## REPO=<slug> repository name under ~/ (required)
## HOST=<host> override RAILIANCE01_HOST ## HOST=<host> sandbox host override
## USER=root SSH user (default: root) ## USER= SSH user → SANDBOXER_SSH_USER
## KEY= path to SSH key (optional) ## KEY= SSH key → SANDBOXER_SSH_KEY (default: custodian key if present)
## KEEP= set to 1 to keep sandbox after run ## KEEP=1 keep sandbox after run
## WORKSTREAM_ID= state-hub workstream ID for progress event ## WORKSTREAM_ID= State Hub workstream for progress event
## NO_REPORT=1 skip State Hub reporting
REPO_PATH := $(HOME)/$(REPO) REPO_PATH := $(HOME)/$(REPO)
SANDBOXER_HOST_VAL := $(if $(HOST),$(HOST),$(if $(SANDBOXER_HOST),$(SANDBOXER_HOST),$(RAILIANCE01_HOST)))
ifdef HOST
E2E_HOST_FLAG := --host $(HOST)
else
E2E_HOST_FLAG :=
endif
ifdef USER
E2E_USER_FLAG := --user $(USER)
else
E2E_USER_FLAG :=
endif
ifdef KEY
E2E_KEY_FLAG := --key $(KEY)
else ifneq ($(wildcard $(CUSTODIAN_KEY)),)
E2E_KEY_FLAG := --key $(CUSTODIAN_KEY)
else
E2E_KEY_FLAG :=
endif
ifdef KEEP ifdef KEEP
E2E_KEEP_FLAG := --keep E2E_KEEP_FLAG := --keep
@@ -115,6 +101,20 @@ else
E2E_WS_FLAG := E2E_WS_FLAG :=
endif endif
ifdef NO_REPORT
E2E_NO_REPORT_FLAG := --no-report
else
E2E_NO_REPORT_FLAG :=
endif
ifdef KEY
E2E_SSH_KEY_VAL := $(KEY)
else ifneq ($(wildcard $(CUSTODIAN_KEY)),)
E2E_SSH_KEY_VAL := $(CUSTODIAN_KEY)
else
E2E_SSH_KEY_VAL :=
endif
## Install e2e cron job on railiance01 for a repo. ## Install e2e cron job on railiance01 for a repo.
## Usage: make e2e-cron-install REPO=activity-core ## Usage: make e2e-cron-install REPO=activity-core
## Requires: RAILIANCE01_HOST / RAILIANCE01_USER set, or pass HOST= SSHUSER= ## Requires: RAILIANCE01_HOST / RAILIANCE01_USER set, or pass HOST= SSHUSER=
@@ -168,13 +168,17 @@ e2e:
@test -n "$(REPO)" || (echo "ERROR: REPO is required. Usage: make e2e REPO=activity-core"; exit 1) @test -n "$(REPO)" || (echo "ERROR: REPO is required. Usage: make e2e REPO=activity-core"; exit 1)
@test -d "$(REPO_PATH)" || (echo "ERROR: repo path does not exist: $(REPO_PATH)"; exit 1) @test -d "$(REPO_PATH)" || (echo "ERROR: repo path does not exist: $(REPO_PATH)"; exit 1)
@test -f "$(REPO_PATH)/e2e/e2e.yml" || (echo "ERROR: no e2e/e2e.yml in $(REPO_PATH)"; exit 1) @test -f "$(REPO_PATH)/e2e/e2e.yml" || (echo "ERROR: no e2e/e2e.yml in $(REPO_PATH)"; exit 1)
cd "$(CURDIR)" && python3 -m e2e_framework \ @command -v validate >/dev/null 2>&1 || (echo "ERROR: validate not on PATH. Install: cd ~/wise-validator && make install"; exit 1)
$(REPO_PATH) \ @command -v sandboxer >/dev/null 2>&1 || (echo "ERROR: sandboxer not on PATH. Install: cd ~/sand-boxer && make install"; exit 1)
$(E2E_HOST_FLAG) \ @test -n "$(SANDBOXER_HOST_VAL)" || (echo "ERROR: set HOST, SANDBOXER_HOST, or RAILIANCE01_HOST"; exit 1)
$(E2E_USER_FLAG) \ SANDBOXER_HOST="$(SANDBOXER_HOST_VAL)" \
$(E2E_KEY_FLAG) \ $(if $(USER),SANDBOXER_SSH_USER="$(USER)",) \
$(if $(E2E_SSH_KEY_VAL),SANDBOXER_SSH_KEY="$(E2E_SSH_KEY_VAL)",) \
validate run "$(REPO_PATH)" \
--host "$(SANDBOXER_HOST_VAL)" \
$(E2E_KEEP_FLAG) \ $(E2E_KEEP_FLAG) \
$(E2E_WS_FLAG) $(E2E_WS_FLAG) \
$(E2E_NO_REPORT_FLAG)
# Agent Management Targets # Agent Management Targets
agents-list: agents-list:

View File

@@ -1,7 +1,7 @@
--- ---
domain: custodian domain: custodian
repo: the-custodian repo: the-custodian
updated: "2026-06-21" updated: "2026-07-08"
--- ---
# SCOPE # SCOPE
@@ -87,16 +87,17 @@ their own repositories and are referenced here only as integration pointers.
## Current State ## Current State
- Status: active — stable governance substrate, in daily use - Status: stable maintenance — governance substrate in daily ecosystem use; no
open CUST-WP workplans in this repo (queue complete as of 2026-07-08)
- Implementation: substantial. Canon + memory + workplan conventions established; - Implementation: substantial. Canon + memory + workplan conventions established;
State Hub operational (in its own repo); RAG-over-canon and drafting pipelines State Hub operational on railiance01 (see `state-hub` repo); workstation
(roadmap Phase 1) not yet started independence and fleet realignment finished (`CUST-WP-0054` archived);
RAG-over-canon and drafting pipelines (roadmap Phase 1) not yet started
- Stability: stable — canon changes are review-gated; memory is append-only - Stability: stable — canon changes are review-gated; memory is append-only
- Usage: daily, across the ecosystem; State Hub MCP active in agent sessions - Usage: daily, across the ecosystem; State Hub MCP in agent sessions; new
- Domains coordinated: dynamic — 14 active as of 2026-06-21 (canon, capabilities, implementation work typically lands in domain repos or `state-hub`, not here
citation_evidence, coulomb_social, custodian, helix_forge, inter_hub, markitect, - Domains coordinated: dynamic — query the live list with `list_domains()` rather
netkingdom, personhood, railiance, stack, vergabe_teilnahme, whynot). Query the than trusting a hard-coded count
live list with `list_domains()` rather than trusting a hard-coded count.
--- ---

View File

@@ -17,7 +17,7 @@ context_sources:
- type: static - type: static
bind_to: context.prompt_path bind_to: context.prompt_path
config: config:
value: /home/worsch/the-custodian/runtime/prompts/daily_statehub_wsgi_triage.md value: custodian://runtime/prompts/daily_statehub_wsgi_triage.md
- type: state-hub - type: state-hub
query: daily_triage_digest query: daily_triage_digest
params: params:
@@ -50,7 +50,7 @@ Current active runner:
- activity-core Temporal schedule from this ActivityDefinition - activity-core Temporal schedule from this ActivityDefinition
- Prompt source: - Prompt source:
`/home/worsch/the-custodian/runtime/prompts/daily_statehub_wsgi_triage.md` `custodian://runtime/prompts/daily_statehub_wsgi_triage.md`
Railiance projection note: Railiance projection note:
@@ -124,7 +124,7 @@ prompt: |
{context.daily_triage_digest} {context.daily_triage_digest}
Return only JSON matching Return only JSON matching
`/home/worsch/the-custodian/schemas/daily-triage-report.json`. Do not wrap `activity-core://schemas/daily-triage-report.json`. Do not wrap
the JSON in Markdown fences or add prose before or after it: the JSON in Markdown fences or add prose before or after it:
{ {
"summary": "short operator-facing summary", "summary": "short operator-facing summary",
@@ -146,11 +146,11 @@ prompt: |
} }
] ]
} }
output_schema: /home/worsch/the-custodian/schemas/daily-triage-report.json output_schema: activity-core://schemas/daily-triage-report.json
review_required: false review_required: false
report_sinks: report_sinks:
- type: working-memory - type: working-memory
path: /home/worsch/the-custodian/memory/working path: custodian://memory/working
timezone: Europe/Berlin timezone: Europe/Berlin
filename_template: "daily-triage-{date}-{run_id_short}.md" filename_template: "daily-triage-{date}-{run_id_short}.md"
- type: state-hub-progress - type: state-hub-progress
@@ -165,8 +165,12 @@ report_sinks:
The run should produce: The run should produce:
- a dated working-memory note under - a dated working-memory note under
`/home/worsch/the-custodian/memory/working/` `custodian://memory/working/`
- a State Hub progress event with `event_type: daily_triage` - on Railiance, that path resolves to the `the-custodian` clone at
`memory/working/` (hostPath mount); ADR-001 consistency sweep writeback
commits new notes to git — no separate sync job
- a State Hub progress event with `event_type: daily_triage` and a
repo-relative `working_memory_path` (e.g. `memory/working/daily-triage-…md`)
- no direct workplan/canon edits - no direct workplan/canon edits
- no task status changes unless a later human request explicitly asks for an - no task status changes unless a later human request explicitly asks for an
apply step apply step

View File

@@ -0,0 +1,55 @@
---
id: "e7d2b5a8-4c1f-4e9a-b6d3-8f2a1c4e6b09"
name: "Phase 5 Stabilization Closeout Check"
type: activity-definition
version: "1.0"
enabled: true
owner: custodian
governance: custodian
status: active
created: "2026-07-06"
trigger:
type: scheduled
at: "2026-07-09T17:35:00+00:00"
timezone: UTC
context_sources:
- type: state-hub
query: phase5_stabilization_check
required: true
params:
source: activity-core
closeout: true
window_start: "2026-07-06T17:35:00+00:00"
window_end: "2026-07-09T17:35:00+00:00"
baseline:
workstreams: 640
tasks: 4002
topics: 14
sweep_limit: 6
triage_max_age_hours: 36
evidence_sinks:
- type: state-hub-progress
event_type: phase5_stabilization_closeout
author: activity-core
workstream_id: 5ceff9dd-e034-46d9-a0e1-37f167ca0729
task_id: 714a5095-8a5a-4d2f-9e7d-b2a2b1f21526
bind_to: context.phase5_stabilization_check
---
# ActivityDefinition: Phase 5 Stabilization Closeout Check
## Purpose
One-shot closeout gate at the end of the `CUST-WP-0054-T05` stabilization
window. Fails visibly when hub-visible gates are not green. When gates pass,
records `operator_signoff_needed: true` for coulombcore teardown approval.
## Trigger
Scheduled once at **2026-07-09T17:35:00Z** (72h after window open).
## Output Contract
- one State Hub progress event with `event_type: phase5_stabilization_closeout`
- fails the ActivityRun when any gate is red at closeout time
- no LLM call and no direct workplan edits

View File

@@ -0,0 +1,58 @@
---
id: "f3a8c2e1-9b4d-4a6f-8e2d-1c5b7a9e3f04"
name: "Phase 5 Stabilization Daily Check"
type: activity-definition
version: "1.0"
enabled: true
owner: custodian
governance: custodian
status: active
created: "2026-07-06"
trigger:
type: cron
cron_expression: "0 9 * * *"
timezone: Europe/Berlin
misfire_policy: skip
context_sources:
- type: state-hub
query: phase5_stabilization_check
required: true
params:
source: activity-core
closeout: false
window_start: "2026-07-06T17:35:00+00:00"
window_end: "2026-07-09T17:35:00+00:00"
baseline:
workstreams: 640
tasks: 4002
topics: 14
sweep_limit: 6
triage_max_age_hours: 36
evidence_sinks:
- type: state-hub-progress
event_type: phase5_stabilization_check
author: activity-core
workstream_id: 5ceff9dd-e034-46d9-a0e1-37f167ca0729
task_id: 714a5095-8a5a-4d2f-9e7d-b2a2b1f21526
bind_to: context.phase5_stabilization_check
---
# ActivityDefinition: Phase 5 Stabilization Daily Check
## Purpose
Scheduled hub-visible health gate for `CUST-WP-0054-T05` during the 72h
stabilization window (2026-07-06 → 2026-07-09). Complements the manual
`tools/phase5-stabilization-check.sh` script with fleet-side evidence in State
Hub progress.
## Trigger
Daily at 09:00 Europe/Berlin while the stabilization window is open. Runs
outside the window are recorded as `skipped` with `reason=outside_stabilization_window`.
## Output Contract
- one State Hub progress event with `event_type: phase5_stabilization_check`
- compact pass/fail detail for health, totals, sweeps, and daily triage freshness
- no LLM call and no direct workplan edits

View File

@@ -0,0 +1,113 @@
---
id: ADR-005
type: architecture-decision-record
title: "Cross-Repo Workplans Live in Dedicated Project Repos"
status: accepted
decided_by: Bernd Worsch
date: "2026-06-22"
tags: ["architecture", "state-hub", "workplans", "cross-repo", "project-repo", "source-of-truth", "lifecycle"]
---
# ADR-005: Cross-Repo Workplans Live in Dedicated Project Repos
## Status
Accepted.
## Context
ADR-001 established that workplans and work items originate as files in the
repository that owns them, so the State Hub can rebuild its coordination state
from repo-owned files alone. The repo-classification redesign (`CUST-WP-0050`)
takes the next step: it makes the **repo the primary anchor** for a workplan
(`workstreams.repo_id` becomes required) and **derives** the market-domain from
the repo's `.repo-classification.yaml` rather than maintaining a separate
`topic`/`domain` spine. Repos are the most stable, git-managed entities in the
ecosystem; binding to them is the most durable anchor available.
This raises an unavoidable question: **what anchors a genuinely cross-repo
workplan?** Some efforts coordinate change across many repositories — ecosystem
migrations, the FOS hub bootstrap (`CUST-WP-0025`), or `CUST-WP-0050` itself,
which touches ~70 repos. If every workplan must bind to exactly one repo:
- binding it to one arbitrary product repo misrepresents the work and pollutes
that repo's history with coordination it does not own;
- leaving it unbound reintroduces the hub-only orphan that ADR-001 forbids;
- modelling it as an array of `repo_id`s breaks the "one stable anchor, clear
ownership, clean lifecycle" property and complicates the rebuild principle.
## Decision
**A complex cross-repo workplan gets its own dedicated *project repo*.**
- The project repo is a real, git-managed repository. It owns the coordination
workplan, its tasks, its decisions, and any cross-cutting artefacts. It is the
required `repo` anchor for that workplan, satisfying the repo-primary-anchor
rule without distorting any single product repo.
- The project repo is classified under the Repo Classification Standard, normally
`category: project`. Its `domain`/tags describe the effort, not any one product.
- **Implementation still happens in the product repos.** Changes land via
per-repo workplans and PRs in the repos being modified. The project repo
*coordinates and references* that work (via dependency edges / links); it does
not own product code.
- **On completion, the project repo is retired to archive — not deleted.** Its
durable results live on in the product repos it modified (the merged changes
are the outcome). The archived project repo remains as an immutable provenance
record of the coordination, consistent with the append-only-memory value.
The project repo's completion record MUST list the product repos it modified and
link to the merged PRs/commits, so the trail survives archival.
## Lifecycle
```
draft → active → completed → archived
```
- **active** — work in progress; workplan `status: active`; repo live in Gitea
and registered in the Hub.
- **completed** — all tasks done; completion record written (modified repos +
links).
- **archived** — repo archived in Gitea and `status: archived` in the Hub. The
workplan moves to `workplans/archived/` per the workplan convention. Results
persist in the product repos; the project repo is read-only history.
## Naming
Project repos SHOULD be identifiable as such (e.g. a `proj-<slug>` prefix or a
dedicated grouping). Exact convention is deferred to `CUST-WP-0050` rollout
(tracked as an open question there), but the lifecycle and ownership rules above
are fixed by this ADR.
## Consequences
- **Pro:** every workplan — including cross-repo ones — has a stable,
git-managed anchor; no hub-only orphans; the rebuild principle (ADR-001) holds.
- **Pro:** the classification standard applies uniformly; project repos are just
repos with `category: project`.
- **Pro:** clean, explicit lifecycle; results are never lost on retirement
because they live in the modified product repos.
- **Con:** proliferation of short-lived repos; requires discipline around the
naming and archival convention.
- **Con:** cross-references between the project repo and the product repos it
modified must be recorded deliberately, or the provenance trail degrades after
archival.
- **Con:** judgement is required on *when* an effort is "complex enough" to merit
a project repo versus a single-repo workplan; small cross-cutting changes
should not spawn a repo.
## Alternatives Considered
- **Bind to a "lead" product repo.** Rejected: distorts that repo's history and
creates ambiguous ownership.
- **Keep an optional hub-only topic for cross-repo coordination.** Rejected:
reintroduces the soft, non-git-managed spine that `CUST-WP-0050` removes and
ADR-001 discourages.
- **Multi-anchor workplan (array of repo_ids, no primary).** Rejected: breaks
single-anchor simplicity, ownership clarity, and lifecycle modelling.
## Related
- ADR-001 — Workplans and Work Items Are Repository Artefacts
- `CUST-WP-0050` — Repo Classification & State Hub Registration Redesign (D1)
- `canon/standards/repo-classification-standard_v1.0.md`

View File

@@ -0,0 +1,150 @@
---
id: CUST-BSP-2026-000001
type: procedure
title: "Bootstrap Protocol v0.1"
status: draft
owners: ["Bernd", "Custodian"]
created: "2026-07-08"
updated: "2026-07-08"
scope:
domains: ["Custodian", "Railiance"]
sensitivity: internal
tags: ["bootstrap", "capital", "roles", "fos", "mvp"]
---
# Bootstrap Protocol v0.1
Addresses FOS blindspot #2: **bootstrapping and initial capital**. Neither FOS
nor OAS defines how the first €10k is funded, what MVP must exist before the
first customer, or which roles are mandatory at formation.
This protocol applies to the Railiance/Custodian ecosystem until a formal GmbH
and multi-stakeholder governance structure supersedes it.
## 1. Seed Funding Strategy
### Minimum Viable Budget (12-month bootstrap)
| Category | Estimate (EUR) | Notes |
| --- | --- | --- |
| Infrastructure (HostEurope, domains) | 3,0005,000 | Existing fleet partially covers this |
| LLM/API tokens | 1,5003,000 | Tracked via fin-hub; burn alerts at 80% budget |
| Legal/GmbH formation | 2,0004,000 | Deferred until first revenue signal |
| Tooling/licenses | 5001,000 | Prefer OSS; EU-hostable |
| Contingency | 2,000 | Restore drills, hardware failure |
| **Total** | **€9,00015,000** | Founder-funded in v0.1 |
### Funding Sources (v0.1)
1. **Founder capital** — primary source until first paying customer.
2. **Consulting revenue** — Railiance architecture reviews (pre-GmbH: freelance
invoice under existing legal entity or transitional structure).
3. **Grants** — EU digital sovereignty programs (exploratory, not blocking).
No external investment required for MVP. External capital triggers formal
Financial Allocator role and updated constitution clauses.
## 2. MVP Scope Definition
The bootstrap MVP is **not** a full FOS Level 5 federation. It is the minimum
viable stack that proves:
1. Reproducible deploy + restore for the Custodian/Railiance substrate.
2. Multi-hub separation at Level 3 boundary (dev, ops, fin conceptually distinct).
3. Identity integration via IAM Profile v0.2.
4. Ops evidence on Core Hub production surface.
5. Cost visibility sufficient to compute runway.
### Must Exist Before First Customer
| # | Capability | Status (2026-07-08) |
| --- | --- | --- |
| 1 | dev-hub (State Hub) workplan coordination | done |
| 2 | hub-core extracted package | done |
| 3 | Core Hub ops evidence (production) | done |
| 4 | IAM Profile integration template | done |
| 5 | fin-hub with runway calculator | in progress (T22T24) |
| 6 | Restore drill evidence (Railiance) | partial |
| 7 | RaaS onboarding runbook | draft (business-model-canvas) |
| 8 | Legal/GmbH review | not started (T26) |
### Explicitly Out of MVP
- Full Keycloak enterprise federation (`NK-WP-0011` lane)
- Autonomous agent scheduling
- Multi-customer tenancy
- NATS cross-hub transport
- Haskell Inter-Hub retirement (gated on stabilization sign-off)
## 3. First Three Mandated Roles
Per FOS §12 and the Big Picture Guidance blindspot analysis, three roles are
mandatory at bootstrap — they may be held by the same human initially but must
remain **explicitly separable**:
### Constitutional Steward (System 5)
- Owns canon, values, constitution, and non-delegable policies.
- Approves canon promotions and escalation when agent actions affect legal,
financial, or reputational posture.
- Cannot be silently merged with Technical Operator authority.
**v0.1 holder:** Bernd (founder).
### Technical Operator (System 3 / Ops)
- Owns infrastructure substrate, deployment, restore drills, and Core Hub
production surface.
- Executes cutover, rollback, and stabilization decisions.
- Routes credentials through approved custody paths only.
**v0.1 holder:** Bernd (founder), with agent assistance under tool-boundary policy.
### Financial Allocator (System 3* / Fin)
- Owns budget, burn rate, runway projection, and spend approval thresholds.
- Surfaces resource pressure signals to dev-hub and viability alerts to canon.
- Escalates when runway drops below alert threshold.
**v0.1 holder:** Bernd (founder) until fin-hub automation exists; then
fin-hub surfaces data, human retains approval for transactions.
## 4. Revenue Threshold for Role Formalization
| Milestone | Trigger | Action |
| --- | --- | --- |
| **Role separation** | First €5,000 external revenue OR first non-founder contributor | Split Technical Operator and Financial Allocator if same person; document in constitution amendment. |
| **GmbH formation** | First €10,000 annual revenue or first managed-tier customer | Engage legal counsel; update liability, SLA, and invoicing structure. |
| **Board/advisory** | €50,000 annual revenue or 3+ paying customers | Add Constitutional Steward separation if not already independent. |
Until thresholds are met, founder-held multiple roles are acceptable provided
authority boundaries are documented and audited.
## 5. Escalation and Human Override
Bootstrap operations inherit `custodian_constitution_v0.1.md`:
- Financial transactions, legal commitments, and external representations require
explicit human approval.
- Agent actions must be auditable and reversible within 5 minutes where they
affect production infrastructure.
- Runway below 3 months triggers mandatory Financial Allocator review and
dev-hub workstream deprioritization signal (fin→dev coupling, T25).
## 6. Success Criteria for Bootstrap Exit
Bootstrap phase ends when:
1. FOS maturity Level 3 is operational (dev, ops, fin hubs distinct).
2. First external customer onboarded OR €10k consulting revenue recorded.
3. GmbH or equivalent legal entity formed.
4. Runway calculator shows ≥6 months at current burn.
5. Restore drill evidence exists for production Railiance cluster.
## References
- `wiki/BigPictureGuidance.md` — blindspot #2 origin
- `canon/constitution/custodian_constitution_v0.1.md`
- `canon/standards/federated-organization-standard_v1.0.md` — §12 roles, §14 maturity
- `canon/projects/railiance/business-model-canvas_v0.1.md`
- `workplans/CUST-WP-0025-fos-hub-bootstrap.md`

View File

@@ -0,0 +1,152 @@
---
id: CUST-BMC-RAIL-2026-000001
type: business_model
title: "Railiance-as-a-Service — Business Model Canvas v0.1"
status: draft
owners: ["Bernd", "Custodian"]
created: "2026-07-08"
updated: "2026-07-08"
scope:
domains: ["Railiance"]
sensitivity: internal
tags: ["business-model", "railiance", "saas", "sovereignty"]
---
# Railiance-as-a-Service — Business Model Canvas v0.1
## Offering
**Railiance-as-a-Service (RaaS)** packages the OAS-aligned operational substrate
as a managed or consultatively operated service for EU SMEs that need sovereign,
GDPR-compliant DevOps without vendor lock-in.
Core deliverable:
- managed k3s cluster (or customer-owned cluster under Railiance runbooks)
- observability stack (metrics, logs, traces)
- GitOps deployment lane (ArgoCD or equivalent)
- encrypted backup + documented restore drills
- governance overlay using FOS hub pattern (dev, ops, fin separation)
Differentiator: **VSM-based organizational architecture**, not just
infrastructure. Customers receive operational reliability *and* a coordination
model that scales from founder-led ops to multi-domain federation.
## Customer Segments
| Segment | Profile | Primary pain |
| --- | --- | --- |
| **EU SME — regulated** | 10200 staff, DSGVO/AI Act exposure | Cannot depend on US hyperscaler control planes |
| **EU SME — technical** | Has developers, weak ops | Founder ops does not survive absence |
| **Internal ventures** | Bernd ecosystem repos | Need reproducible substrate before external sale |
Initial focus: internal dogfooding through the Custodian/Railiance stack until
restore drills and cost attribution are proven.
## Value Proposition
1. **Sovereign ops** — EU-hostable, provider-independent, auditable.
2. **Reproducible deployments** — same inputs produce the same system.
3. **Operational minimalism** — boring primitives, explicit runbooks.
4. **Federation-ready** — customers can grow from single-hub to multi-hub without rewrite.
5. **Agent-safe governance** — tool-boundary policy, immutable audit, human override.
## Channels
| Phase | Channel |
| --- | --- |
| v0.1 (now) | Internal use, direct founder network |
| v0.2 | Consultative engagements (architecture review + managed cutover) |
| v0.3 | Productized tiers with self-serve onboarding docs |
## Customer Relationships
- **Self-hosted tier**: community/docs support, customer operates stack.
- **Managed tier**: Railiance operates cluster; customer owns data plane.
- **Fully operated tier**: Railiance operates cluster + incident response + change management.
All tiers include documented restore drills and evidence exports for compliance.
## Revenue Streams
| Tier | Model | Indicative pricing (draft) |
| --- | --- | --- |
| **Open / self-hosted** | €0 + optional support hours | OSS templates + paid support blocks |
| **Managed** | Monthly per cluster + per-node | €4001,200/mo base + €50150/node |
| **Fully operated** | Monthly retainer + incident SLA | €1,5004,000/mo depending on SLA |
Revenue recognition waits on GmbH formation and first paying customer (see
`bootstrap-protocol_v0.1.md`).
## Key Resources
- Railiance k3s fleet (railiance01, Forgejo, OpenBao, activity-core)
- Core Hub ops evidence surface (production since 2026-07-03)
- hub-core / dev-hub coordination stack
- Canon standards (FOS, OAS, IAM Profile v0.2)
- Operator runbooks and restore-drill evidence
## Key Activities
- Cluster provisioning and GitOps baseline
- Backup/restore drill execution and evidence capture
- Observability and cost attribution (OpenCost path)
- Customer onboarding and hub registration
- Compliance documentation (DSGVO posture, subprocessors)
## Key Partners
- HostEurope / EU hosting for bare metal or VPS substrate
- Forgejo/Gitea for sovereign source control
- OpenBao for secret custody
- EU legal counsel for GmbH, SLA, and liability framework (T26)
## Cost Structure
| Category | Examples |
| --- | --- |
| **Infrastructure** | HostEurope servers, storage, egress |
| **LLM / API** | Anthropic, OpenRouter token spend (tracked via fin-hub T24) |
| **Labor** | Technical Operator time (founder-heavy in v0.1) |
| **Compliance** | Legal review, insurance, audit tooling |
Runway and burn-rate tracking are fin-hub responsibilities (`CUST-WP-0025-T23``T25`).
## Pricing Tiers (Feature Matrix — Draft)
| Feature | Self-hosted | Managed | Fully operated |
| --- | --- | --- | --- |
| k3s cluster templates | ✓ | ✓ | ✓ |
| GitOps baseline | ✓ | ✓ | ✓ |
| Observability stack | docs | ✓ | ✓ |
| Backup + restore drills | customer-run | quarterly evidence | monthly evidence |
| Incident response | — | business hours | 24×7 option |
| FOS hub coordination | docs | dev+ops hubs | full federation setup |
| Cost/runway dashboard | — | optional | ✓ |
| SLA | — | 99.5% target | contractual |
## MVP Scope (Before First External Customer)
Must exist:
1. One production Railiance cluster with documented restore drill pass.
2. Core Hub ops evidence lane live (done 2026-07-03).
3. IAM Profile v0.2 integration template (done).
4. fin-hub runway calculator with manual cost import (T24).
5. Onboarding runbook: customer → provisioned cluster + monitoring.
6. Legal review of GmbH implications and liability cap (T26).
## Risks and Open Questions
- GmbH formation timing vs. pre-revenue consulting
- Liability scope for managed tier incident response
- Whether RaaS leads with consultancy or productized tiers
- OpenCost integration vs. manual CSV for v0.1 cost ingestion
## References
- `canon/projects/railiance/project_charter_v0.1.md`
- `canon/projects/railiance/roadmap_v0.1.md`
- `canon/standards/orthogonal-architecture_v1.0.md`
- `canon/standards/federated-organization-standard_v1.0.md`
- `docs/core-hub-cutover-decision-coupling.md`

View File

@@ -0,0 +1,118 @@
---
id: canon-coulombcore-production-freeze
type: standard
title: "CoulombCore Production Freeze v0.1"
domain: custodian
status: active
version: "0.1"
created: "2026-07-03"
decided_by: custodian
tags: ["infrastructure", "coulombcore", "railiance01", "production", "freeze", "drain"]
related_workplans:
- CUST-WP-0054
- RAIL-HO-WP-0005
---
# CoulombCore Production Freeze v0.1
## Status
**Active from 2026-07-03.** CoulombCore (`92.205.130.254`) is frozen for new
production workloads.
## Context
Under the fleet role model (`CUST-WP-0054`, `docs/workstation-independence-fleet-architecture.md`):
| Machine | Role |
| --- | --- |
| **railiance01** | Production home — growing Railiance fleet |
| **coulombcore** | Legacy/experimental only; drain then phoenix to **railiance02** |
| **workstation** | Temporary dev environment |
Despite the role model, coulombcore still hosts production-critical workloads
(State Hub cluster primary, Core Hub, issue-core, Gitea, OpenBao, identity
stack, GitOps control plane). This freeze stops the problem from growing while
the drain sequence in `docs/coulombcore-drain-placement-plan.md` executes.
## Policy
### Frozen (blocked without exception)
No **new** production workloads may be introduced on coulombcore after
2026-07-03:
- New Helm releases, ArgoCD Applications, or CNPG clusters intended as
long-lived production
- New public DNS names under `*.coulomb.social` for production services
- New credential lanes whose **primary** runtime home is coulombcore
- New CI/CD publish targets that make coulombcore the canonical registry or
forge (canonical target is railiance01 Forgejo per `RAIL-HO-WP-0005`)
- New automation schedules that **require** coulombcore as the sole runtime
host (activity-core production is already on railiance01)
### Grandfathered (existing production may run)
Workloads already in production on coulombcore before 2026-07-03 may continue
until their drain step completes. They are **not** newly promoted production —
they are legacy carry-over on a condemned host.
### Allowed on coulombcore during drain
| Category | Examples |
| --- | --- |
| Drain migrations | Staged-promotion overlays targeting railiance01; cutover drills in isolated namespaces |
| Read-only mirrors | Gitea read-only rollback mirror after Forgejo cutover |
| Short-lived probes | Disposable Forgejo/restore namespaces per `RAIL-HO-WP-0005` probe strategy |
| Experimental / non-prod | Staging profiles, smoke namespaces, operator-attended bootstrap |
| Fleet mesh transit | Forward tunnels from railiance01 to coulombcore cluster services until those services move (T02 interim) |
### Promotion gate
A workload counts as **production on railiance01** only after passing the
staged-promotion contract (`RAIL-BS-WP-0006`). Coulombcore deployments do not
satisfy this gate after 2026-07-03.
## Enforcement
1. **Workplan review** — new workplans proposing coulombcore production require
an explicit exception row in the drain plan with rollback evidence.
2. **ArgoCD / GitOps** — new Applications with production intent must target
`railiance01-k3s`, not `coulombcore-k3s`, unless tagged `drain-migration`
or `experimental`.
3. **Agent instructions** — coding agents must not deploy new production
services to coulombcore; route to railiance01 overlays or file an exception
request via State Hub `needs_human`.
4. **Inventory drift**`ops/service-inventory.yml` rows for coulombcore
production services carry `lifecycle_state: draining` after their drain
wave starts.
## Exceptions
Document each exception in `docs/coulombcore-drain-placement-plan.md` under
**Documented exceptions** with:
- workload id
- reason the drain sequence cannot absorb it yet
- target host and target date
- rollback method
- approving workplan or operator decision id
## Exit criteria (lift freeze)
The freeze lifts for coulombcore as a **host** when:
1. All drain waves in the placement plan reach `retired` or `migrated`
2. Identity + OpenBao (last wave) run on railiance01
3. `CUST-WP-0054-T09` phoenix begins — coulombcore is wiped and rebuilt as
railiance02, not returned to production
After phoenix, the machine identity is **railiance02**; the coulombcore freeze
standard applies only to the historical drain period.
## Related documents
- Drain sequence: `docs/coulombcore-drain-placement-plan.md`
- Architecture: `docs/workstation-independence-fleet-architecture.md`
- Forgejo migration: `RAIL-HO-WP-0005` in `railiance-infra`
- Staged promotion: `RAIL-BS-WP-0006` (finished)

View File

@@ -164,6 +164,7 @@ category:
- experimental - experimental
- research - research
- project - project
- tooling
- product - product
- business - business
``` ```
@@ -233,7 +234,31 @@ Examples:
category: project category: project
``` ```
### 5.4 `product` ### 5.4 `tooling`
Use for reusable internal tooling and infrastructure that supports building,
coordinating, or operating other work — libraries, CLIs, services, and ops
components used across the ecosystem rather than offered to external customers.
Main question:
> Does this reliably support how we build and operate other work?
Typical signs:
- reused across multiple repos or by agents/operators,
- stable enough to depend on, but not a customer-facing product,
- no external pricing, customer onboarding, or go-to-market concerns,
- sits between `project` (a bounded build) and `product` (an offerable to
customers); may graduate to `product` if later externalised.
Examples:
```yaml
category: tooling
```
### 5.5 `product`
Use for reusable, offerable products or product components with intended users or customers. Use for reusable, offerable products or product components with intended users or customers.
@@ -255,7 +280,7 @@ Examples:
category: product category: product
``` ```
### 5.5 `business` ### 5.6 `business`
Use for repos organizing commercial, operational, legal, strategic, financial, or organizational activity. Use for repos organizing commercial, operational, legal, strategic, financial, or organizational activity.
@@ -388,6 +413,9 @@ capability_tags:
- capability-registry - capability-registry
- feature-control - feature-control
- pricing - pricing
- monetization
- lifecycle
- decision-support
- reputation - reputation
- social-network - social-network
- workflow - workflow
@@ -421,6 +449,7 @@ capability_families:
- source-management - source-management
- traceability - traceability
- documentation - documentation
- decision-support
platform_and_operations: platform_and_operations:
- platform - platform
@@ -434,12 +463,17 @@ capability_families:
market_and_coordination: market_and_coordination:
- marketplace - marketplace
- pricing - pricing
- monetization
- reputation - reputation
- challenges - challenges
- bounties - bounties
- collaboration - collaboration
- coordination - coordination
product_and_lifecycle:
- product-development
- lifecycle
governance_and_control: governance_and_control:
- governance - governance
- policy - policy
@@ -623,8 +657,9 @@ Ask:
1. Is this mainly a spike or prototype? → `experimental` 1. Is this mainly a spike or prototype? → `experimental`
2. Is this mainly knowledge, terminology, research, or standards? → `research` 2. Is this mainly knowledge, terminology, research, or standards? → `research`
3. Is this a bounded implementation effort? → `project` 3. Is this a bounded implementation effort? → `project`
4. Is this reusable and offerable to users/customers? → `product` 4. Is this reusable internal tooling/infrastructure supporting other work? → `tooling`
5. Is this about commercial, legal, financial, strategic, or organizational viability? → `business` 5. Is this reusable and offerable to users/customers? → `product`
6. Is this about commercial, legal, financial, strategic, or organizational viability? → `business`
### Step 2: Identify the primary domain ### Step 2: Identify the primary domain
@@ -682,6 +717,10 @@ Add only the mechanics that materially apply.
## 12. Validation Checklist ## 12. Validation Checklist
The controlled vocabularies are maintained in machine-readable form at
`canon/standards/repo-classification.allowed.yaml`. Validate a file with
`tools/validate_repo_classification.py <path-to-.repo-classification.yaml>`.
A repo classification is valid when: A repo classification is valid when:
- [ ] `category` exists and has exactly one allowed value. - [ ] `category` exists and has exactly one allowed value.
@@ -1047,7 +1086,7 @@ Use the following prompt for agent-assisted classification.
Classify this repository according to the Repo Classification Standard. Classify this repository according to the Repo Classification Standard.
Return a YAML block with: Return a YAML block with:
- category: one of experimental, research, project, product, business - category: one of experimental, research, project, tooling, product, business
- domain: one of infotech, financials, communication, consumer, health, industrials, energy, utilities, materials, realestate, crypto, agents, space, government - domain: one of infotech, financials, communication, consumer, health, industrials, energy, utilities, materials, realestate, crypto, agents, space, government
- secondary_domains: zero or more allowed domains, excluding the primary domain - secondary_domains: zero or more allowed domains, excluding the primary domain
- capability_tags: lowercase kebab-case tags describing what the repo does or enables - capability_tags: lowercase kebab-case tags describing what the repo does or enables

View File

@@ -0,0 +1,117 @@
# Machine-readable allowed-values for the Repo Classification Standard.
#
# Single source of truth for the standard's controlled vocabularies, derived
# from canon/standards/repo-classification-standard_v1.0.md. Consumed by:
# - the per-repo .repo-classification.yaml linter (tools/validate_repo_classification.py)
# - the State Hub registration validator (CUST-WP-0050 T04)
#
# When the standard's vocabularies change, update this file and bump `version`
# to match the standard version. CUST-WP-0050 T01.
standard: "Repo Classification Standard"
version: "1.0"
canon_id: "canon-repo-classification"
# category — exactly 1 required (§5)
categories:
- experimental
- research
- project
- tooling
- product
- business
# domain / secondary_domains — primary exactly 1; secondaries 0..n (§6)
domains:
- infotech
- financials
- communication
- consumer
- health
- industrials
- energy
- utilities
- materials
- realestate
- crypto
- agents
- space
- government
# business_stake — 0..n; 2..6 recommended (§8)
business_stake:
- execution
- intelligence
- finance
- legal
- sales
- experience
- technology
- operations
- product
- people
- procurement
- sustainability
- automation
# business_mechanics — 0..n, optional (§9)
business_mechanics:
- intention
- control
- coordination
- operation
- adaptation
# capability_tags are intentionally OPEN-ENDED (§7): lowercase kebab-case, not
# restricted to this set. The families below are the standard's recommended
# canonical tags — used to warn on likely synonyms/typos, never to reject.
capability_families:
identity_and_access:
- identity
- authentication
- authorization
- access-control
- user-management
- tenancy
knowledge_and_evidence:
- knowledge
- citations
- evidence
- source-management
- traceability
- documentation
- decision-support
platform_and_operations:
- platform
- deployment
- operations
- observability
- feature-control
- configuration
- orchestration
market_and_coordination:
- marketplace
- pricing
- monetization
- reputation
- challenges
- bounties
- collaboration
- coordination
product_and_lifecycle:
- product-development
- lifecycle
governance_and_control:
- governance
- policy
- compliance
- risk
- audit
- control
# Validation guidance (advisory bounds the linter applies as warnings)
guidance:
secondary_domains_max: 3
business_stake_recommended_min: 2
business_stake_recommended_max: 6
capability_tag_pattern: "^[a-z0-9]+(-[a-z0-9]+)*$"

View File

@@ -0,0 +1,69 @@
# Repo Classification exclusion list (CUST-WP-0050 T11 / D3).
# Repos listed here are intentionally out of scope for classification and
# State Hub registration under the portfolio taxonomy.
#
# Validate additions against canon/standards/repo-classification-standard_v1.0.md.
version: "1.1"
updated: "2026-06-22"
exclusions:
# Forks and personal repos — not ecosystem inventory.
- slug: tegwick/the-custodian
gitea_path: tegwick/the-custodian
reason: fork path not found on Gitea (SSH verified 2026-06-22)
- slug: python-snake
gitea_path: lando_worsch/python-snake
reason: personal / non-ecosystem repo (exists on Gitea; excluded by policy)
# Archived or collapsed hub registrations — superseded by another slug.
- slug: markitect-project
reason: archived; workstreams relinked to markitect-main (ADR-005 disposition)
- slug: railiance-bootstrap
reason: archived phantom registration; no Gitea repo
- slug: railiance-hosts
reason: archived phantom registration; no Gitea repo
- slug: vergabe_teilnahme
reason: archived duplicate; collapsed into vergabe-teilnahme
- slug: test_domain_v2
reason: archived test domain; not present on Gitea coulomb org (SSH verified)
# Local-only templates / sandboxes — not product inventory.
- slug: hub-core-seed
reason: hub-core bootstrap seed copy; not a standalone service
- slug: sand-boxer
reason: agentic coding sandbox; throwaway experimentation surface
- slug: .nvm
reason: Node version manager checkout; not a coulomb project repo
# Portfolio-review slugs with no matching coulomb/* repo on Gitea (SSH verified 2026-06-22).
- slug: binect-chrome
reason: not present on Gitea coulomb org; likely renamed or removed
- slug: binect-js
reason: not present on Gitea coulomb org; likely renamed or removed
- slug: direkt-vermittlung-de
reason: not present on Gitea coulomb org; likely renamed or removed
- slug: polycode-sim
reason: not present on Gitea coulomb org; likely renamed or removed
- slug: ralph-workplan
reason: not present on Gitea coulomb org; likely renamed or removed
- slug: tele-mcp
reason: not present on Gitea coulomb org; likely renamed or removed
- slug: testdrive-jsui
reason: not present on Gitea coulomb org; likely renamed or removed
- slug: timeline-svg
reason: not present on Gitea coulomb org; likely renamed or removed

View File

@@ -0,0 +1,104 @@
# Core Hub Cutover Decision Coupling
Date: 2026-07-08
Related workplans: `CUST-WP-0025-T17`, `CORE-WP-0005`, `CORE-WP-0007`,
`CUST-WP-0047`, `CUST-WP-0049`.
## Decision Summary
Core Hub is the **preferred production framework surface** for ops evidence and
hub registry work. Haskell Inter-Hub remains available as **rollback-only**
fallback through the stabilization window and until `CORE-WP-0007` operator
sign-off retires it.
| Question | Decision |
| --- | --- |
| Is legacy Inter-Hub still required for normal operation? | **No** — production ingress at `hub.coulomb.social` serves Core Hub since 2026-07-03. |
| Is Inter-Hub fallback still required? | **Yes, rollback-only** until stabilization closes and `CORE-WP-0007-T02` is approved. |
| Are the three cutover gates satisfied? | **Yes** — deployed API smoke, staging import, and activity-core sink evidence all pass. |
| Can Phase 4 fin-hub work begin? | **Yes** — multi-hub pattern is proven at Level 2→3 boundary; fin models remain separate implementation. |
## Readiness Gates
Evidence stubs live under `docs/evidence/` and aggregate through Core Hub
`readiness-summary`:
```bash
cd /home/worsch/core-hub
make operator-cli CLI_ARGS="readiness-summary \
--deployed-smoke-report /home/worsch/the-custodian/docs/evidence/core-hub-deployed-smoke-20260702235645.json \
--migration-report /home/worsch/the-custodian/docs/evidence/core-hub-migration-import-20260703.json \
--activity-core-report /home/worsch/the-custodian/docs/evidence/core-hub-activity-core-sink-20260702.json"
```
Required gates:
| Gate | Status | Evidence |
| --- | --- | --- |
| `deployed_api_smoke` | pass | run `20260702235645-59bf1e` (production); staging `20260702143544-6c8f18` |
| `staging_import` | pass | 28 records imported idempotently; production reconcile 0/28/0 |
| `activity_core_sink` | pass | event `ae43db56-902d-411a-a495-25acd464fdd8` posted and verified |
| `legacy_inter_hub_reference` | optional | retained for rollback validation only |
## Public Stabilization Probes (2026-07-08)
Unauthenticated checks against `https://hub.coulomb.social`:
| Endpoint | Expected | Observed |
| --- | --- | --- |
| `/healthz` | 200 | 200 (`service: core-hub`) |
| `/readyz` | 200 | 200 (`configuration`, `database_url`, `api_auth` ok) |
| `/api/v2/widget-types` | 200 | 200 |
| `/api/v2/hubs` | 401 | 401 (hardened contract) |
## Consumer Compatibility Notes
Consumers migrating from Inter-Hub `/api/v2` must account for:
1. **Auth hardening**`/api/v2/hubs` is protected on Core Hub. Anonymous
listing consumers must obtain a token. Audit found no production dependency
on anonymous 200 responses.
2. **Catalog shape** — Core Hub catalogs use `{name, slug, description}`; Inter-Hub
used `{name, label, description, ownerHubId, status}`. Parsers must accept
`slug` as the stable identifier.
3. **Health endpoints** — Core Hub adds `/healthz` and `/readyz`; Inter-Hub
returned 404 on these paths.
4. **Ops vocabulary** — all 7 orphaned `ops-*` widget types and matching event
types are seeded in Core Hub before cutover; migrated widgets are referentially
complete.
## Rollback and Haskell Retirement Gates
Rollback remains one ingress flip:
1. Delete Core Hub ingress (`30-ingress.yaml`)
2. Apply `rollback-inter-hub-ingress.yaml`
3. Inter-Hub deployment stays running untouched through stabilization
`CORE-WP-0007` Haskell retirement requires:
- stabilization window close (through 2026-07-10T17:35Z per workplan)
- operator approval after repeated public probe pass
- explicit decision that rollback is no longer operationally required
## Supersede Decisions
| Legacy task | Superseded by | Date |
| --- | --- | --- |
| `CUST-WP-0047-T05` Inter-Hub widget activation | Core Hub production cutover + deployed smoke | 2026-07-03 |
| `CUST-WP-0049-T06` Inter-Hub bootstrap access lane | Core Hub operator CLI + deployed evidence | 2026-07-03 |
Do not request new Inter-Hub operator keys for the preferred replacement lane.
## Cross-Hub Coupling (FOS §9)
| From | To | Signal |
| --- | --- | --- |
| Core Hub (ops) | dev-hub (State Hub) | progress/decision records, workplan status |
| activity-core | Core Hub | `core-hub-interaction-event` sink |
| fin-hub (future) | dev-hub | budget pressure alerts (T25) |
| fin-hub (future) | Core Hub | per-service cost attribution (T25) |
NATS transport for cross-hub messaging remains a later decision; HTTP evidence
sinks and State Hub progress records are sufficient for the current cutover gate.

View File

@@ -0,0 +1,139 @@
# Core Hub Helixforge Build Alignment
Date: 2026-06-27
Related workplans: `CUST-WP-0052`, `CUST-WP-0025`, `CORE-WP-0008`,
`CORE-WP-0005`, `CORE-WP-0007`.
## Sources Reviewed
- `/home/worsch/helix-forge/SCOPE.md`
- `/home/worsch/helix-forge/workplans/HF-WP-0001-establish-ops-hub-first-extension.md`
- `/home/worsch/helix-forge/wiki/OpsHubBootstrapRunbook.md`
- `/home/worsch/railiance-forge/Makefile`
- `/home/worsch/railiance-forge/docs/initial-operating-contracts.md`
- `/home/worsch/railiance-forge/docs/ci-runner-actions-gitops-ownership.md`
- `/home/worsch/railiance-forge/docs/gitea-actions-runner-substrate.md`
- `/home/worsch/railiance-forge/docs/observability-operating-evidence.md`
- `/home/worsch/railiance-forge/docs/gitea-container-registry.md`
- `/home/worsch/core-hub/Makefile`
- `/home/worsch/core-hub/docs/deployment/staging-profile.md`
- `/home/worsch/core-hub/docs/deployment/operator-cli.md`
- `/home/worsch/core-hub/docs/specs/testing-release-and-migration.md`
## Takeaways
HelixForge is currently a capability-first product/architecture and workplan
home, not a deployable runtime. Its older ops-hub Inter-Hub bootstrap material
is useful as vocabulary and historical evidence, but Core Hub now owns the
replacement implementation lane.
Railiance Forge is the concrete build and artifact practice source. The useful
patterns for Core Hub are:
- repo-local Make targets are the operator entry point;
- separate read-only checks from deploy/apply actions;
- print evidence docs and runbooks through Make targets where useful;
- source repos own build scripts and image/package metadata;
- `railiance-forge` owns registry endpoints, runner labels, runner health, and
artifact evidence contracts;
- `railiance-apps` should eventually own S5 deployment checks and app release
values;
- runner labels describe capability and trust level, not hostnames;
- privileged labels such as `registry-publish`, `cluster-dry-run`, and
`s5-release-check` require named credential paths and reviewed purpose;
- artifact tags for release evidence should be immutable commit-SHA tags;
- mutable tags such as `latest` must never be the only production reference;
- evidence should capture source repo, commit SHA, artifact identity,
version/tag/digest, runner identity when relevant, smoke result, and consuming
deployment value change;
- docs may reference SOPS/OpenBao/Kubernetes Secret names, but must not contain
decrypted values, tokens, kubeconfigs, SSH keys, or tokenized URLs.
## Core Hub Current Fit
Core Hub already has a compatible service-repo surface:
- `make lint`
- `make test`
- `make openapi`
- `make migrate-validate`
- `make staging-profile-check`
- `make container-build`
- `make deployed-smoke`
- `make operator-cli`
- `make visual-check`
The current image repository default,
`gitea.coulomb.social/coulomb/core-hub`, matches the Railiance Forge registry
contract. Core Hub staging docs already prefer commit-SHA image tags and note
that production/shared staging deploys must not depend on `latest`.
The current Core Hub staging profile is acceptable as a near-term service-repo
profile. It should later be promoted into a Railiance app release path once the
API contract and staging evidence are stable.
## Environment Posture
Use three distinct postures so build/release work does not overfit to the local
workstation:
| Posture | Purpose | Core Hub behavior |
|---|---|---|
| Local/dev | Fast contract work and disposable smoke proof. | `uv`, SQLite/disposable DBs, `CORE_HUB_AUTO_CREATE_TABLES=1` only for local smoke/test bootstraps, no live cluster dependency. |
| Staging | Production-like proof without cutover. | Postgres, Alembic migrations only, Kubernetes `core-hub-staging`, commit-SHA images, OpenBao/operator-owned secret references, deployed API and activity-core smokes. |
| Production/cutover | Replacement of Haskell Inter-Hub. | Requires staging import, dual-run or shadow smokes, rollback notes, non-secret readiness summary, and explicit operator approval. |
Do not let missing runner automation block API contract work. It should block
only publish/deploy automation that actually needs forge runner labels or
cluster credentials.
## Recommended Core Hub Build Lane
Keep the existing Core Hub Make targets and add future targets only when they
remove manual release ambiguity:
1. Local contract gate:
`make lint`, `make test`, `make openapi`, `make staging-profile-check`,
and `git diff --check`.
2. Image build:
`IMAGE_REPOSITORY=gitea.coulomb.social/coulomb/core-hub IMAGE_TAG=<commit> make container-build`.
3. Registry publication:
publish immutable `<commit>` tags through an attended operator path first;
move to forge runner automation only after `registry-publish` runner evidence
is available for the repo/workflow purpose.
4. Staging deploy:
keep `k8s/railiance-staging/` as the service-repo profile until
`railiance-apps` owns explicit Core Hub dry-run/status/deploy targets.
5. Evidence gate:
run `make deployed-smoke`, activity-core Core Hub sink smoke, migration
import, and `make operator-cli CLI_ARGS="readiness-summary ..."` with
reports under ignored `.local/` paths.
6. Cutover:
require non-secret evidence reports, rollback notes, and operator approval
before `CORE-WP-0007` Haskell retirement can move.
## Required Follow-Ups
No HelixForge repo change is required for the Core Hub reset. HelixForge remains
the capability/modeling context, while Core Hub owns the replacement runtime.
Core Hub follow-ups:
- Add a future release evidence note or Make target when a real staging image is
published to `gitea.coulomb.social/coulomb/core-hub:<commit>`.
- Keep `CORE-WP-0005` staging import and cutover evidence tied to immutable
image tags and non-secret reports.
- Add runner workflow files only after `railiance-forge` has runner label and
registry-publish evidence suitable for Core Hub.
Railiance follow-ups:
- `railiance-apps` should eventually own Core Hub app release values and
dry-run/status/deploy targets once the service leaves the temporary
service-repo staging profile.
- `railiance-forge` should be cited for registry, runner, and artifact evidence;
it should not own Core Hub API behavior or cutover decisions.
- Any need for cluster-dry-run or deploy-capable runner labels should be posted
as a State Hub requirement before adding workflow dependencies.

View File

@@ -0,0 +1,120 @@
# Core Hub Replacement Evidence Handoff
Date: 2026-06-30
Related workplans: `CUST-WP-0052`, `CUST-WP-0025`, `CUST-WP-0047`,
`CUST-WP-0049`, `CORE-WP-0008`, `CORE-WP-0004`, `CORE-WP-0005`,
`CORE-WP-0007`.
## Current Evidence
Core Hub now has the API-first replacement lane needed to stop expanding the
old Inter-Hub-first ops-hub path:
- `CORE-WP-0008-T02`: repeatable deployed-smoke harness exists through
`make deployed-smoke`. It probes health/readiness, OpenAPI compatibility,
public catalogs, protected-route `401` behavior, operator auth, ops-hub
bootstrap-equivalent creation, widget/event write, key-prefix evidence, and
hub-registry visibility. It was verified against a disposable local HTTP Core
Hub runtime, not a live staging endpoint.
- `CORE-WP-0008-T03`: activity-core has a direct Core Hub
`core-hub-interaction-event` sink, verified locally against a disposable Core
Hub runtime. Deployed execution still needs `CORE_HUB_BASE_URL`, runtime key,
and widget mapping from approved custody.
- `CORE-WP-0008-T04`: staging deployment profile, Kubernetes manifests,
migration job shape, secret references, health/readiness probes, rollback
notes, and container build checks are documented.
- `CORE-WP-0008-T05`: `make operator-cli` wraps the same API behavior for
deployed smoke, ops-hub bootstrap status, migration validate/import, and
cutover readiness summaries.
- `CORE-WP-0006`: protected `/console` prototype exists with readiness,
registry, migration/cutover, action-required, access metadata, and evidence
stream sections. `make visual-check` passed on 2026-06-27 with desktop/mobile,
no-overlap, horizontal-overflow, protected-route, PNG, and non-secret checks.
- `CORE-WP-0008-T06`: the web UI is gated behind API/CLI readiness and has a
compact whynot-aligned first-screen backlog. The UI should not start by
recreating every old Inter-Hub screen.
**2026-07-02/03 update:** Deployed evidence now exists. Staging smoke
`20260702143544-6c8f18`, production smoke `20260702235645-59bf1e`, activity-core
sink event `ae43db56-902d-411a-a495-25acd464fdd8`, and migration import (28
records, idempotent) are documented in `docs/evidence/` and aggregated via
`readiness-summary` (`readyForCutover: true` on 2026-07-08).
## 0047 And 0049 Decision
**Superseded 2026-07-03:** `CUST-WP-0047-T05` and `CUST-WP-0049-T06` are
cancelled in their workplans. Core Hub production cutover plus deployed smoke
evidence replaced the legacy Inter-Hub widget activation and bootstrap access
lane. Inter-Hub remains rollback-only through `CORE-WP-0007` stabilization.
See `docs/core-hub-cutover-decision-coupling.md` for the full decision record.
## CUST-WP-0025 Phase 3 Reset Recommendation
`CUST-WP-0025-T13` through `T19` should be rewritten before execution:
- T13: replace "create standalone ops-hub repo" with Core Hub-owned API-first
ops evidence and registry work. Defer any standalone ops-hub repo until after
Core Hub cutover proves the boundary still needs a separate service.
- T14: replace standalone ops-specific models with Core Hub resources and
migration/read-model gaps, preserving `CUST-WP-0047` service inventory as
input evidence.
- T15: replace MCP-first ops tools with API and CLI parity first. Any MCP layer
should consume the proven Core Hub API later.
- T16: route infrastructure evidence through activity-core probes and Core Hub
interaction/deployment evidence, with credential ownership resolved through
approved custody routes rather than chat or workplans.
- T17: reframe cross-hub coupling around Core Hub events, State Hub progress,
and activity-core evidence sinks. Keep NATS as a later transport decision.
- T18: replace the old dashboard task with the whynot-aligned Core Hub operator
UI backlog from `CORE-WP-0008-T06`.
- T19: cancel or defer ops-hub MCP server registration until post-cutover
demand proves it is needed.
2026-06-27 follow-up: `CUST-WP-0025-T13` through `T19` have now been
rewritten around this recommendation. The rewrite is enough to stop the obsolete
standalone ops-hub scaffold sequence, but not enough to declare Core Hub
production cutover complete.
2026-06-27 T14 closeout: Core Hub now has
`docs/specs/ops-evidence-contract.md`, which defines the ops evidence API
resources, event vocabulary, non-secret access metadata rules, service inventory
mapping, readiness-summary inputs, and read-model gaps. This closes the T14
definition gate while leaving deployed evidence, cutover coupling, and UI work
for T16/T17/T18.
2026-06-27 T03 closeout: Core Hub now has a reusable IAM Profile verifier and
FastAPI dependency plus `tests/test_iam_profile.py`, which proves OIDC
discovery, JWKS signature validation, authorization-code + PKCE token issuance,
protected endpoint access, required IAM Profile claims, missing-token rejection,
wrong-audience rejection, and production rejection of local-development issuers.
This closes the identity integration template while leaving production issuer
wiring for the deployed Core Hub gates.
2026-06-27 T18 closeout: Core Hub `CORE-WP-0006` is finished and local
`make visual-check` passed for `/console`. The first UI surface is intentionally
compact and protected; broader UI implementation remains gated by deployed API
and CLI evidence through the rebuild backlog.
## Remaining Gates
2026-06-30 route refinement: `warden route find` for the Core Hub
staging smoke token need matched the OpenBao-owned `openbao-api-key`
lane for operator/runtime credentials, with `key-cape-oidc-login`
available for interactive auth and `ops-bridge-tunnel` for private
endpoint access when needed. ops-warden can route or assist eligible lanes,
but it does not own, mint, or store Core Hub token values.
- Run `make deployed-smoke` or `make operator-cli CLI_ARGS="deployed-smoke ..."`
against a real Core Hub staging URL with an approved operator token.
- Import the approved Inter-Hub export bundle into a staging Core Hub database
and keep dry-run reports visibly open until a reviewed non-dry-run import
succeeds.
- Run the deployed activity-core Core Hub sink smoke with approved runtime
token and widget mapping.
- Build a `readiness-summary` evidence report from deployed smoke, migration,
activity-core, and optional legacy Inter-Hub reference evidence.
- Keep `CORE-WP-0007` Haskell retirement blocked until staging import, dual-run
smokes, cutover, rollback notes, and operator approval are complete.

View File

@@ -0,0 +1,200 @@
# CoulombCore Drain and Production Placement Plan
Date: 2026-07-03
Workplan: `CUST-WP-0054-T03`
Freeze policy: `canon/standards/coulombcore-production-freeze_v0.1.md`
Architecture: `docs/workstation-independence-fleet-architecture.md`
## Purpose
Ordered drain sequence for every production workload on coulombcore
(`92.205.130.254`, `coulombcore-k3s`). Each row names current placement,
target placement, migration method, owner workplan, and prerequisites.
**Coupling rule:** forge and State Hub move early; identity + OpenBao move
last because everything authenticates through them.
## Wave overview
```
Wave 0 Freeze policy (this document + canon) — effective 2026-07-03
Wave 1 Source forge + CI runners ─────────── RAIL-HO-WP-0005 / CUST-WP-0054-T04
Wave 2 State Hub primary + sweep checkouts ── CUST-WP-0054-T05 / CUST-WP-0011
Wave 3 Core Hub production ────────────────── CORE-WP-0005
Wave 4 issue-core ─────────────────────────── ISSUE-WP-0003 + overlay
Wave 5 GitOps control plane (ESO, ArgoCD) ─── railiance-cluster overlays
Wave 6 Application stragglers ─────────────── per-app overlays
Wave 7 OpenBao + identity stack ───────────── NET-WP-0020 + key-cape (LAST)
Wave 8 coulombcore phoenix → railiance02 ─── CUST-WP-0054-T09
```
## Placement register
| # | Workload | Current (2026-07-03) | Target | Method | Owner | Wave | Status |
| --- | --- | --- | --- | --- | --- | --- | --- |
| 1 | **Gitea + OCI registry** | coulombcore-k3s `default`; `gitea.coulomb.social` | railiance01 **`forgejo.coulomb.social`** | Staged-promotion S5 overlay; `RAIL-HO-WP-0005` probe → production; Gitea → read-only mirror | `RAIL-HO-WP-0005`, `CUST-WP-0054-T04` | 1 | grandfathered |
| 2 | **Forgejo Actions / CI runners** | none (workstation manual build) | railiance01 | New S5 overlay; image build on tag push | `CUST-WP-0054-T04` | 1 | planned |
| 3 | **Gitea DB + PVC** | coulombcore `databases` / `gitea-shared-storage` | railiance01 CNPG + PVC | Migrate with Forgejo; backup/restore drill required | `RAIL-HO-WP-0005` | 1 | grandfathered |
| 4 | **State Hub API (primary)** | coulombcore CNPG `state-hub-db`; cluster Svc `10.43.170.94:8000` | railiance01 CNPG + Deployment | `CUST-WP-0011-T07` playbook: freeze → exact-count restore → rewire; staged-promotion overlay | `CUST-WP-0054-T05`, `CUST-WP-0011` | 2 | grandfathered |
| 5 | **State Hub sweep checkouts** | workstation `/home/worsch/*` (74 repos) | railiance01 clone tree from forge | Relocate `host_paths` / `local_path`; no workstation writeback | `CUST-WP-0054-T05`, `STATE-WP-0064` | 2 | planned |
| 6 | **WSL2 State Hub fallback** | workstation WSL2 | retired | Stop after railiance01 primary stabilizes | `CUST-WP-0011-T08/T09`, `CUST-WP-0054-T10` | 2 | grandfathered |
| 7 | **Core Hub** | coulombcore `core-hub-staging`; public `hub.coulomb.social` | railiance01 | Staged-promotion overlay; dual-run prerequisite (`CORE-WP-0005-T04`) | `CORE-WP-0005` | 3 | grandfathered |
| 8 | **Inter-Hub (Haskell)** | coulombcore external | retired | Rollback-only after Core Hub cutover | `CORE-WP-0007` | 3 | grandfathered |
| 9 | **issue-core** | coulombcore `issue-core` ns; ClusterIP `10.43.103.154:8765` | railiance01 | Staged-promotion overlay; shorten fleet tunnel to local svc | `ISSUE-WP-0003`, `CUST-WP-0054-T03` | 4 | grandfathered |
| 10 | **issue-core CNPG** | coulombcore | railiance01 | Migrate with issue-core workload | `railiance-platform` | 4 | grandfathered |
| 11 | **External Secrets Operator** | coulombcore | railiance01 | GitOps follows forge; ESO stores point at railiance01 OpenBao post-Wave 7 or interim coulombcore path documented | `railiance-platform` | 5 | grandfathered |
| 12 | **ArgoCD** | coulombcore (boundary: should be S4) | railiance01 | Staged-promotion; repoint repo URLs to Forgejo | `railiance-cluster` | 5 | grandfathered |
| 13 | **llm-connect** | railiance01 `activity-core` ns (partial) | railiance01 | Already on target machine; complete in-cluster profile | `CCR-2026-0003` lane | 6 | observed |
| 14 | **activity-core** | railiance01 `activity-core` ns | railiance01 (retain) | No move; update sinks (T06) and hub URL post-Wave 2 | — | — | **on target** |
| 15 | **Temporal / NATS** | railiance01 | railiance01 (retain) | Co-located with activity-core | — | — | **on target** |
| 16 | **ops-hub evidence / widgets** | files + Core Hub path | railiance01 via Core Hub | Follows Core Hub; not coulombcore-blocking | `CUST-WP-0025`, `CUST-WP-0049` | 6 | planned |
| 17 | **artifact-store / MinIO lane** | assessment only | railiance01 or compatible endpoint | Compatibility-profile per `ARTIFACT-STORE-WP-0007` | `ARTIFACT-STORE-WP-0007` | 6 | planned |
| 18 | **OpenBao** | coulombcore | railiance01 | **Last infrastructure wave**; `NET-WP-0020` unseal automation; CNPG + seal migration | `NET-WP-0020`, `railiance-platform` | 7 | grandfathered |
| 19 | **KeyCape** | coulombcore | railiance01 | Follows OpenBao; OIDC/MFA paths | `key-cape` | 7 | grandfathered |
| 20 | **Authelia** | coulombcore | railiance01 | Identity front door | `key-cape` / `railiance-platform` | 7 | grandfathered |
| 21 | **privacyIDEA** | coulombcore | railiance01 | MFA backend | `key-cape` | 7 | grandfathered |
| 22 | **lldap** | coulombcore | railiance01 | LDAP directory | `key-cape` / `railiance-platform` | 7 | grandfathered |
| 23 | **flex-auth** | coulombcore | railiance01 | Policy registry follows identity | `flex-auth` | 7 | grandfathered |
| 24 | **Fleet mesh transit tunnels** | railiance01 systemd → coulombcore ClusterIPs | railiance01-local services | Retire when Waves 2+4 complete (hub + issue-core local) | `CUST-WP-0054-T02` | 24 | **interim active** |
| 25 | **CNPG operator** | coulombcore (boundary note) | railiance01 | Platform operator moves with Wave 2+ workloads | `railiance-platform` | 27 | grandfathered |
| 26 | **coulombcore host identity** | coulombcore | railiance02 | Machine phoenix after Wave 7 | `CUST-WP-0054-T09`, `CUST-WP-0054-T08` | 8 | wait |
## Per-wave detail
### Wave 1 — Source forge + CI (unblocks repos and images)
**Goal:** All repos and container images publish from railiance01; coulombcore
Gitea becomes read-only mirror.
| Step | Action | Done when |
| --- | --- | --- |
| 1.1 | Resolve `RAIL-HO-WP-0005-T02` production decisions (hostname **decided:** `forgejo.coulomb.social`; SMTP, runners, backup still open) | `docs/forgejo-production-decisions.md` |
| 1.2 | Disposable Forgejo probe namespace + restore drill | Backup/restore evidence id recorded |
| 1.3 | Production Forgejo cutover | All 74 repo remotes point at Forgejo; push/pull verified |
| 1.4 | Actions runners for `state-hub`, `core-hub`, `activity-core`, `issue-core` | Tag-triggered image lands in forge OCI |
| 1.5 | Gitea → read-only mirror on coulombcore | Rollback window documented; no new writes |
**Blocks:** Wave 2 sweep checkouts (needs forge clones on railiance01).
### Wave 2 — State Hub home on railiance01
**Goal:** Automation loop machine-local; consistency sweeps write back to
railiance01 checkouts, not workstation paths.
| Step | Action | Done when |
| --- | --- | --- |
| 2.1 | CNPG + storage review on railiance01 | Platform sign-off |
| 2.2 | `CUST-WP-0011-T07` cutover to railiance01 primary | Row counts match; `127.0.0.1:8000` serves railiance01 hub |
| 2.3 | Clone/register 74 repos on railiance01 from Forgejo | `fix-consistency` writebacks use railiance01 paths |
| 2.4 | Retire fleet tunnel `fleet-state-hub-coulombcore` | activity-core reaches hub without coulombcore hop |
| 2.5 | WSL2 fallback retirement (optional, after stabilization) | `CUST-WP-0011-T08/T09` |
**Prereq:** Wave 1 forge (clone source).
### Wave 3 — Core Hub production
**Goal:** `hub.coulomb.social` served from railiance01 Core Hub.
| Step | Action | Done when |
| --- | --- | --- |
| 3.1 | Close `CORE-WP-0005-T04` prerequisites (widget types, auth posture) | Catalog gap resolved |
| 3.2 | Operator-approved cutover with rollback plan | Deployed smoke + activity-core sink green |
| 3.3 | Inter-Hub marked rollback-only | `CORE-WP-0007` unblocks |
**Prereq:** Wave 1 (images via forge CI).
### Wave 4 — issue-core
**Goal:** Emission path is railiance01-local; no coulombcore ClusterIP in path.
| Step | Action | Done when |
| --- | --- | --- |
| 4.1 | Staged-promotion overlay on railiance01 | ArgoCD sync healthy |
| 4.2 | Migrate CNPG + secrets | ExternalSecret Ready |
| 4.3 | Point `ISSUE_CORE_URL` at in-cluster svc | Retire `fleet-issue-core-coulombcore` tunnel |
| 4.4 | Safe emission smoke | HTTP 201 + Gitea/Forgejo issue created |
**Prereq:** Wave 1 (image + gitops); credential lane `CCR-2026-0002` active.
### Wave 5 — GitOps control plane
**Goal:** ArgoCD and ESO run on railiance01 and track Forgejo repos.
| Step | Action | Done when |
| --- | --- | --- |
| 5.1 | ArgoCD overlay on railiance01 | Sync from Forgejo remotes |
| 5.2 | ESO → SecretStore paths updated | Workloads on railiance01 pull secrets |
| 5.3 | Decommission coulombcore ArgoCD Applications | No new syncs to coulombcore-k3s |
**Prereq:** Waves 12 (forge URLs, hub coordination).
### Wave 6 — Application stragglers
Low-coupling apps and evidence lanes that do not block earlier waves:
- llm-connect production profile completion
- ops-hub widget evidence via Core Hub
- artifact-store compatibility endpoint (if approved)
Each uses staged-promotion unless listed under **Documented exceptions**.
### Wave 7 — OpenBao + identity (LAST)
**Goal:** Authentication and secret custody off coulombcore.
| Step | Action | Done when |
| --- | --- | --- |
| 7.1 | OpenBao staged-promotion to railiance01 | Unseal automation (`NET-WP-0020`) proven |
| 7.2 | KeyCape / Authelia / privacyIDEA / lldap migration | OIDC login smoke on railiance01 |
| 7.3 | flex-auth registry points at new identity endpoints | Credential lanes re-pointed |
| 7.4 | CCR/applier paths verified | No production secret reads from coulombcore OpenBao |
**Gate:** `CUST-WP-0054-T09` cannot start until Wave 7 completes.
### Wave 8 — Phoenix to railiance02
Execute `CUST-WP-0054-T09` via T08 automation: wipe coulombcore, rebuild as
railiance02, join fleet. DNS/cert plan for remaining `*.coulomb.social` names.
## Documented exceptions
| Workload | Reason | Target date | Rollback | Approval |
| --- | --- | --- | --- | --- |
| Fleet mesh systemd tunnels | Wave 2/4 not complete; railiance01 reaches coulombcore ClusterIPs | Until Waves 2+4 done | Re-enable workstation reverse tunnels per `docs/fleet-mesh-dehub-runbook.md` | `CUST-WP-0054-T02` cutover 2026-07-03 |
| Core Hub staging on coulombcore | Pre-cutover smoke environment | Until Wave 3 cutover | Keep staging namespace | `CORE-WP-0005` |
| Static `id_ops` SSH key on railiance01 fleet units | `atm-fleet-mesh` cert_command blocked on VAULT_TOKEN | Until warden sign available | ops-bridge or rotated key | `CUST-WP-0054-T02` interim |
No other exceptions as of 2026-07-03. New exceptions require a State Hub
decision or workplan amendment.
## Staged-promotion method (default)
Per `RAIL-BS-WP-0006` (finished):
1. `railiance/<app>/app.toml` + overlay in owning repo
2. Stage 1 deploy → observe → promote with evidence
3. Backup/restore drill before production promotion
4. Rollback revision documented
Apps without overlays yet must get an overlay scaffold before Wave execution.
## Inventory sync
`ops/service-inventory.yml` updated 2026-07-03 for:
- coulombcore `lifecycle_state: draining` on grandfathered production services
- State Hub primary on coulombcore cluster (not workstation)
- railiance01 fleet-mesh and activity-core placement
- ops-bridge on railiance01 via systemd (not workstation hub)
Regenerate catalog view: `make ops-inventory-view`
## Human gates (not agent-executable)
| Gate | Owner | Blocks |
| --- | --- | --- |
| Forgejo T02 production decisions | operator | Wave 1 |
| State Hub railiance01 cutover approval | operator; `CUST-WP-0011-T07` | Wave 2 |
| Core Hub production cutover | operator; `CORE-WP-0005-T04` | Wave 3 |
| OpenBao/identity migration approval | operator + custody | Wave 7 |
| coulombcore phoenix approval | operator | Wave 8 |

View File

@@ -0,0 +1,99 @@
# Credential Custody Unblock Board
Created: 2026-06-27
Updated: 2026-06-30
Owner: the-custodian coordination; credential owners remain with their owning repos.
## Purpose
This board collects the live credential and operator-access gates that block the
infrastructure stabilization plan. It records routes and non-secret evidence
only. It is not a secret store, approval record, or substitute for the owning
repo runbooks.
## Rules
- Do not put secrets in Git, State Hub, workplans, shell history, or chat.
- Use the current ops-warden source CLI for routing if the installed `warden`
lacks `route` commands: `cd /home/worsch/ops-warden && uv run warden route ...`.
- `ops-warden` directly issues SSH certificates. For non-SSH needs it may
route, advise, or proxy an `exec_capable` lane through `warden access` as the
caller, but it does not own custody, mint values, or store secrets.
- Classify credential blockers by environment posture and workload maturity:
dev/test work should use synthetic contract doubles; production real-value
work needs owner custody, policy gates where required, and non-secret evidence.
- OpenBao/API credentials route to `railiance-platform`; interactive identity
routes to `key-cape`; tunnels route to `ops-bridge`; host principal and
force-command deployment routes to `railiance-infra`.
- Evidence may include ids, prefixes, counts, decision ids, HTTP status, and
smoke pass/fail. It must not include credential values.
## Route Records
| Route id | Owner | Scope | ops-warden role | Reference |
| --- | --- | --- | --- | --- |
| `openbao-api-key` | `railiance-platform` | API keys, DB credentials, provider tokens, OpenBao KV/dynamic leases | Assist: route; proxy only as caller when `exec_capable`; custody stays OpenBao | `wiki/CredentialRouting.md#routing-table` |
| `inter-hub-bootstrap-ssh` | `ops-warden` + `railiance-infra` | Inter-Hub bootstrap SSH envelope and force-command pattern | Assist envelope; issue SSH cert only if remote host reachability is used | `wiki/InterHubBootstrapAccessLane.md#worker-checklist` |
| `ssh-cert-host-access` | `ops-warden` | Short-lived SSH cert signing for host reachability | Issue SSH certs directly | `wiki/AccessRouting.md#issue-vs-route` |
| `railiance-infra-principals` | `railiance-infra` | Host SSH principal files and force-command deployment | Route only | `wiki/CredentialRouting.md#routing-table` |
| `key-cape-oidc-login` | `key-cape` | Interactive login, OIDC, MFA, JWT/authentication | Assist login lane when `exec_capable`; identity stays key-cape | `wiki/CredentialRouting.md#quick-decision-tree` |
| `ops-bridge-tunnel` | `ops-bridge` | SSH tunnels and port forwards | Route; supply `cert_command` pattern when needed | `wiki/playbooks/ops-bridge-tunnel-cert.md#migration-checklist` |
## Security-Stage and Maturity Triage
Use ops-warden `wiki/WorkloadSecurityPosture.md` to split vague IT-security
blockers into concrete outcomes.
| Classifier | CUST-WP-0051 interpretation |
| --- | --- |
| Dev/test posture only | Not blocked on production secrets. Use synthetic contract doubles or generated test values. |
| Prod posture with real values | Owner custody and policy gates are required. Record only route id, path/version, decision id, populated-key count, or smoke id. |
| Workload maturity below secret requirement | Real blocker until the workload matures, the secret is reclassified, or the design avoids that secret. |
| Route exists and lane is `exec_capable` | `warden access --fetch/--exec` may remove manual copy/paste as a blocker by proxying the owning tool as the caller. |
| Unseal, break-glass, issuer custody unresolved | Operator ceremony/design blocker; do not bypass with Codex-visible values. |
Current read:
| Gate family | Posture/maturity read |
| --- | --- |
| Inter-Hub / ops-hub runtime keys | Legacy/fallback production real-value gate; implementation can proceed with route evidence, but live smoke waits on OpenBao/operator custody. |
| Core Hub deployed smoke/runtime token | Preferred replacement gate: `CORE_HUB_BASE_URL` is endpoint routing, operator/runtime token custody routes to `openbao-api-key`, and activity-core widget mapping belongs to Core Hub/activity-core. ops-warden does not mint or store this token. |
| activity-core to issue-core | Production service credential gate; the blocker is `ISSUE_CORE_API_KEY` injection/evidence, not repo-side contract work. |
| OpenBao unseal / issuer profile | M3-style operator ceremony. The narrow `warden-sign` lane is verified/banked; broader issuer/profile work remains separate. |
| ops-warden policy gate / warden-sign | Verified and banked: `SECRETS-WP-0004` and `FLEX-WP-0007` are finished, with `decision:032b096c433ad80c`, `ttl_out_of_bounds`, backend `vault`, and no secret material recorded. |
| Forgejo SMTP/package/runner migration | Production credential and recovery-readiness gate; use OpenBao/key-cape/ops-bridge routes, then record non-secret drill evidence. |
## Live Gates
| Gate | Blocking work | Owner and route | Expected execution host | Non-secret evidence | Fallback decision | Next action | Status |
| --- | --- | --- | --- | --- | --- | --- | --- |
| Core Hub deployed evidence and activity-core sink | `CUST-WP-0025-T16`, `CORE-WP-0004-T03/T04`, feeds `CUST-WP-0025-T17` | `openbao-api-key` for operator/runtime token custody; `ops-bridge-tunnel` if the staging URL is private; Core Hub/activity-core for widget mapping | Core Hub staging runtime, operator workstation, or trusted cluster job | deployed-smoke run id, hub/manifest/API-consumer ids, key prefix only, widget/event ids, counts, readiness and containment booleans | Keep Inter-Hub as legacy/fallback until Core Hub evidence exists or explicit supersede decision. | Provide `CORE_HUB_BASE_URL`, approved token custody, activity-core widget id/mapping, then run deployed smoke plus sink smoke. | Waiting on staging/custody handoff |
| Inter-Hub ops-hub bootstrap | `CUST-WP-0049-T06`, unblocks `CUST-WP-0047-T05` | `inter-hub-bootstrap-ssh` for the envelope; `openbao-api-key` for operator/runtime key custody; `ssh-cert-host-access` only for cert signing if remote execution is used | Local workstation with `IHUB_OPERATOR_KEY_FILE`, or trusted host with railiance-infra force-command wrapper | Hub id, manifest id, widget count, runtime key prefix only, bootstrap smoke result, State Hub progress id | Prefer API helper. Use deployment-side migration/bootstrap only by explicit operator approval. Manual SQL remains last-resort and must be recorded as an exception. | Operator materializes Inter-Hub operator key through approved custody, runs the ops-hub helper, stores generated runtime key outside Git, removes temp files. | Ready for operator handoff |
| Ops-hub runtime evidence key | `IHUB-WP-0022-T04`, then `IHUB-WP-0022-T07` | `openbao-api-key` owned by `railiance-platform` / OpenBao | Operator workstation, OpenBao UI/CLI session, or trusted cluster job; not a Codex-visible shell with printed values | OpenBao path/version or populated key count only, token exchange HTTP status, evidence submission smoke id | Attended one-time key file is acceptable only long enough to store in OpenBao and remove; no chat or State Hub transfer. | Store/provide `OPS_HUB_KEY` via OpenBao path, then run Inter-Hub submission smoke. | Waiting on operator custody |
| OpenBao unseal and token automation | `NET-WP-0020`, related OpenBao token-grant and policy-gate blockers | `openbao-api-key` for OpenBao issuer/token paths; `railiance-infra-principals` for host policy; `ssh-cert-host-access` for cert signing; `key-cape-oidc-login` for login/MFA | OpenBao operator terminal, cluster-admin context, or trusted railiance-infra deployment path | Policy names, role names, token accessor only, decision ids, allow/deny smoke result | Keep attended ceremony path until auto-unseal/profile is explicitly approved. Do not invent `warden secret` or paste `VAULT_TOKEN`. | Broader custody profile remains open; do not treat the completed `warden-sign` lane as a general OpenBao credential helper. | Needs operator design/approval |
| ops-warden policy gate / warden-sign lane | `SECRETS-WP-0004`, `FLEX-WP-0007` | secrets-engine owned the OpenBao lane; flex-auth owned the policy decision runtime; ops-warden ran the smoke | CoulombCore via deployed flex-auth runtime `127.0.0.1:18090` and production OpenBao | `decision:032b096c433ad80c`, `ttl_out_of_bounds`, backend `vault`, no token/role/secret/accessor values | Keep `policy.enabled` off until testing/production maturity; live enforcement is an ops-warden operator posture decision. | No CUST action. Bank the verified gate and avoid reopening it as a generic credential blocker. | Verified/banked |
| Forgejo production migration | `RAIL-HO-WP-0005` T02/T06/T11/T12 | `openbao-api-key` for SMTP/package/provider credentials; `key-cape-oidc-login` for login/MFA; `ops-bridge-tunnel` or `ssh-cert-host-access` only for host reachability | Forgejo admin/browser session, railiance01 trusted host, or approved GitOps/deployment path | Decision record id, hostname/exposure choice, SMTP sender/domain alignment, password-reset smoke, backup/restore drill id, package pull smoke, cutover approval id | Keep Gitea as read-only rollback until stabilization passes; do not retire legacy Gitea without explicit approval. | Resolve production choices, store SMTP credentials through OpenBao, run recovery and migration drills, then request cutover approval. | Needs human production decisions |
## Route Lookup Commands
```bash
cd /home/worsch/ops-warden
uv run warden route show openbao-api-key --json
uv run warden route show inter-hub-bootstrap-ssh --json
uv run warden route show ssh-cert-host-access --json
uv run warden route show railiance-infra-principals --json
uv run warden route show key-cape-oidc-login --json
uv run warden route show ops-bridge-tunnel --json
```
## Pickup Order
1. Core Hub deployed evidence and activity-core sink smoke, because this is
the preferred replacement proof for ops-hub evidence and can supersede
legacy Inter-Hub waits once real staging evidence exists.
2. Keep Inter-Hub ops-hub bootstrap and runtime keys as legacy/fallback only
unless the operator explicitly chooses rollback or compatibility proof.
3. OpenBao custody profile, because several credential-helper and policy-gate
blockers collapse once a narrow issuer path exists.
4. Forgejo production decisions, because those require human design approval
before execution can be responsibly automated.

View File

@@ -0,0 +1,86 @@
# Daily-Triage Stabilization Status
Updated: 2026-06-30
## Purpose
Track the current daily-triage blocker chain for `CUST-WP-0051-T04` without
duplicating the source activity-core workplans.
## Current Evidence
State Hub `daily_triage` progress shows the scheduled activity-core runner is
alive and can write both State Hub progress and working-memory notes.
Recent scheduled run evidence:
| Date | State Hub event | Result |
| --- | --- | --- |
| 2026-06-24 | `8b4c16ee-ac47-4581-b3ee-a23fc1f682e6` | schema-valid daily triage, working memory written |
| 2026-06-25 | `cbba6bc0-14cb-492b-ab23-74b9349326c8` | schema-valid daily triage, working memory written |
| 2026-06-26 | `97fd20a0-eee0-45ea-8290-6d91874e1515` | validation failed at char 5268, working memory written |
| 2026-06-27 | `c5ab50a8-404b-4e30-849f-841b059ace65` | validation failed at char 5246, working memory written |
| 2026-06-28 | `f0d8477e-1db9-4c07-bb8c-d28cbb868abc` | schema-valid daily triage, working memory written; still emitted 10 recommendations |
| 2026-06-29 | `176d2ea7-f0e3-48cd-999b-4ab6055c6a55` | schema-valid daily triage, working memory written; still emitted 10 recommendations |
| 2026-06-30 | `27d695b2-a537-481b-ada6-ca84ec24cd96` | schema-valid daily triage, working memory written; still emitted 10 recommendations |
The 2026-06-26 and 2026-06-27 failures are both overlong malformed JSON
responses from `daily-triage-report`. They are not missed schedules and they are
not silent sink failures. The 2026-06-28 through 2026-06-30 events restore a
three-run schema-valid streak, but they do not prove the bounded WP-0016
contract because the reports still emit 10 recommendations instead of the
targeted top-N framing.
## Current Blocker
The old `ACTIVITY-WP-0010` State Hub bridge note is partially superseded by the
newer evidence: scheduled runs are reaching State Hub and the working-memory
sink. The current primary blocker is that the live activity-core runtime still
uses an output path that can discard the whole report when the model emits a
malformed tail.
`ACTIVITY-WP-0016` has the repo-side mitigation:
- strict bounded report schema;
- item-granular recovery and quarantine;
- producer guardrails and ADR-004;
- regression tests for the 2026-06-26 failure shape.
The remaining gate is the live contract/smoke path:
1. Deploy the WP-0016 code and schema together.
2. Update the Railiance runtime prompt bundle with bounded top-N instructions,
per-item framing, value vocabularies, and sufficient `max_tokens` headroom.
3. Run a live daily-triage smoke on railiance01 and confirm malformed-tail
output degrades to partial valid output with quarantined items.
4. Record the 2026-06-28 / 2026-06-29 / 2026-06-30 three-clean-run
calibration result with the caveat that top-N contract adoption is still
pending.
## Hygiene Note
The State Hub task index currently shows stale duplicate tasks for
`ACTIVITY-WP-0016` in addition to the source-file task records. Before relying
on activity-core task counts for triage ranking, run activity-core consistency
sync and prune or reconcile any stale generated task rows that are no longer
linked from the workplan file.
2026-06-27 status-normalization: ACTIVITY-WP-0016 source task blocks now
match the progress notes for T04 (done) and T05 (progress). Remaining hygiene is
to remove or reconcile stale duplicate task rows from the State Hub index.
2026-06-27 gate cleanup: ACTIVITY-WP-0010-T02 is now done because scheduled
runner evidence proves the State Hub sink and working-memory path are reachable.
The live human-needed notes now sit on the post-deployment smoke, WP-0016 live
proof, and three-clean-run calibration tasks.
2026-06-30 recheck: State Hub now has schema-valid scheduled `daily_triage`
events for 2026-06-28 (`f0d8477e-1db9-4c07-bb8c-d28cbb868abc`), 2026-06-29
(`176d2ea7-f0e3-48cd-999b-4ab6055c6a55`), and 2026-06-30
(`27d695b2-a537-481b-ada6-ca84ec24cd96`), all with working-memory notes. This
is enough to bank the scheduling/sink/schema-validity streak for calibration,
but not enough to close the WP-0016 live-proof gate: the reports still contain
10 recommendations rather than the bounded top-N contract, and the local
activity-core worktree already has separate in-flight diagnostic/status changes
that should be committed by their owner before Custodian treats them as source
truth.

View File

@@ -0,0 +1,14 @@
[
{
"status": "posted",
"verified": true,
"eventId": "ae43db56-902d-411a-a495-25acd464fdd8",
"eventType": "ops-endpoint-verified",
"environment": "core-hub-staging",
"apiConsumerId": "6cfcbc56",
"apiConsumerKeyPrefix": "ch_ztkSv9PK",
"widgetId": "6768aaa2",
"containmentConfirmed": true,
"notes": "Non-secret evidence stub from CORE-WP-0004-T04 deployed activity-core Core Hub sink smoke."
}
]

View File

@@ -0,0 +1,27 @@
{
"ok": true,
"runId": "20260702235645-59bf1e",
"baseUrl": "https://hub.coulomb.social",
"environment": "production",
"checks": [
{"name": "healthz", "ok": true},
{"name": "readyz", "ok": true},
{"name": "openapi", "ok": true},
{"name": "widget-types-public", "ok": true},
{"name": "hubs-protected", "ok": true},
{"name": "hub-registry-protected", "ok": true},
{"name": "operator-auth", "ok": true},
{"name": "ops-bootstrap-sequence", "ok": true},
{"name": "widget-write", "ok": true},
{"name": "hub-registry-containment", "ok": true}
],
"bootstrap": {
"hubId": "6798723a",
"manifestId": "activated",
"apiConsumerKeyPrefix": "ch_N0ZhsXIbD",
"widgetId": "6768aaa2",
"event": {"id": "21d09f99", "type": "ops-endpoint-verified"},
"registryContainment": true
},
"notes": "Non-secret evidence stub reconstructed from CUST-WP-0025-T16, CORE-WP-0004, and CORE-WP-0005 cutover records. Staging run 20260702143544-6c8f18 preceded this production smoke."
}

View File

@@ -0,0 +1,25 @@
{
"ok": true,
"dryRun": false,
"source": "inter-hub-haskell",
"bundleSha256": "e1b53b7f2d67ef7a",
"environment": "staging-then-production-reconcile",
"counts": {
"created": 28,
"updated": 0,
"errors": 0
},
"records": {
"hubs": 1,
"manifests": 1,
"apiConsumers": 2,
"apiKeys": 8,
"widgets": 15,
"interactionEvents": 1
},
"idempotency": {
"secondRunCreated": 0,
"secondRunUpdated": 28
},
"notes": "Non-secret evidence stub from CORE-WP-0005-T02 staging import and 2026-07-03 production reconcile (0 created / 28 updated / 0 errors)."
}

View File

@@ -0,0 +1,41 @@
{
"ok": true,
"readyForCutover": true,
"openGates": ["legacy_inter_hub_reference"],
"gates": [
{
"name": "deployed_api_smoke",
"ok": true,
"reason": "ok",
"evidence": {
"runId": "20260702235645-59bf1e",
"checks": 10,
"eventId": "21d09f99"
}
},
{
"name": "staging_import",
"ok": true,
"reason": "ok",
"evidence": {
"source": "inter-hub-haskell",
"bundleSha256": "e1b53b7f2d67ef7a",
"dryRun": false,
"counts": {"created": 28, "updated": 0, "errors": 0}
}
},
{
"name": "activity_core_sink",
"ok": true,
"reason": "ok",
"evidence": {"posted": 1}
},
{
"name": "legacy_inter_hub_reference",
"ok": false,
"reason": "missing legacy Inter-Hub reference smoke evidence",
"evidence": {"provided": false}
}
],
"notes": "Generated 2026-07-08 via Core Hub operator-cli readiness-summary. Legacy Inter-Hub gate is optional rollback evidence only."
}

View File

@@ -0,0 +1,147 @@
# Fleet Mesh De-Hub Runbook (CUST-WP-0054-T02)
Date: 2026-07-03
Workplan: `CUST-WP-0054-T02`
Architecture: `docs/workstation-independence-fleet-architecture.md`
## Goal
Remove the workstation from production data paths between railiance01
(activity-core) and coulombcore (State Hub cluster, issue-core). Workstation
tunnels become interactive dev access only.
## Before (workstation hub)
```
railiance01:18000 ──reverse──► workstation:8000 ──forward──► coulombcore cluster State Hub
railiance01:18765 ──reverse──► workstation:18765 ──forward──► coulombcore cluster issue-core
```
## After (fleet-owned)
```
railiance01:18000 ──forward via SSH to coulombcore──► 10.43.170.94:8000 (State Hub)
railiance01:18765 ──forward via SSH to coulombcore──► 10.43.103.154:8765 (issue-core)
```
activity-core `actcore-state-hub-bridge` and `actcore-issue-core-bridge` keep
proxying to `127.0.0.1:18000` and `127.0.0.1:18765` on the railiance01 node.
## Prerequisites
| Item | Check |
| --- | --- |
| ops-bridge installed on railiance01 | `which bridge` |
| SSH key authorized on coulombcore | `ssh -i ~/.ssh/id_ops tegwick@92.205.130.254 true` from railiance01 |
| ClusterIPs current | `state-hub-primary` and `issue-core-coulombcore` workstation tunnels |
| warden `atm-fleet-mesh` (target) | `cert_command` migration after static-key smoke passes |
Reference config: `infra/fleet-mesh/railiance01-tunnels.yaml`
## Install (railiance01)
railiance01 ships the kernel `bridge` utility (`iproute2`), not ops-bridge. Use the
systemd user units in `infra/fleet-mesh/systemd/` (or the installer script).
```bash
# From the-custodian repo on the workstation
bash infra/fleet-mesh/install-railiance01.sh railiance01
```
The installer copies:
- `infra/fleet-mesh/systemd/*.service``~/.config/systemd/user/`
- `infra/fleet-mesh/railiance01-tunnels.yaml``~/.config/bridge/tunnels.yaml` (reference for future ops-bridge install)
- `~/.ssh/id_ops` → railiance01 (static key interim; migrate to `atm-fleet-mesh` + `cert_command`)
Enable lingering so user units survive logout/reboot:
```bash
ssh railiance01 'sudo loginctl enable-linger tegwick'
```
## Cutover
```bash
# 1. Stop workstation reverse tunnels (one at a time — ops-bridge CLI)
bridge down state-hub-railiance01
bridge down issue-core-railiance01
# 2. Start fleet-owned forward tunnels on railiance01 (systemd)
ssh railiance01 'systemctl --user enable --now fleet-state-hub-coulombcore fleet-issue-core-coulombcore'
# 3. Smoke from railiance01 node
ssh railiance01 'curl -sf http://127.0.0.1:18000/state/health && curl -sf http://127.0.0.1:18765/healthz'
```
**Cutover evidence (2026-07-03):** workstation reverse tunnels stopped;
railiance01 systemd forwards healthy; `actcore-*-bridge` pods 1/1; progress
write through fleet path succeeded (event `647b70c0`).
## Verify production (partial T10 rehearsal)
With workstation reverse tunnels **down**, confirm:
```bash
# Bridge pods healthy
ssh railiance01 'kubectl -n activity-core get pods -l app.kubernetes.io/part-of=activity-core | grep bridge'
# Consistency sweep API (from railiance01 cluster network)
ssh railiance01 'kubectl -n activity-core exec deploy/actcore-api -- python -c "
import urllib.request
print(urllib.request.urlopen(\"http://actcore-state-hub-bridge:8000/state/health\").read().decode())
"'
# Issue-core bridge
ssh railiance01 'kubectl -n activity-core exec deploy/actcore-api -- python -c "
import urllib.request
print(urllib.request.urlopen(\"http://actcore-issue-core-bridge:8765/healthz\").read().decode())
"'
```
Optional emission smoke (safe label only): trigger a known-safe activity-core
run or use the issue-core REST sink checklist from
`near-term-production-service-lanes-status.md`.
## Persist across reboot
Systemd user units are enabled via `install-railiance01.sh`. Confirm:
```bash
ssh railiance01 'loginctl show-user tegwick -p Linger; systemctl --user is-enabled fleet-state-hub-coulombcore fleet-issue-core-coulombcore'
```
When ops-bridge is installed on railiance01, `railiance01-tunnels.yaml` is the
drop-in config; until then systemd units are the production implementation.
## Rollback
```bash
ssh railiance01 'bridge down fleet-state-hub-coulombcore fleet-issue-core-coulombcore'
bridge up state-hub-railiance01 issue-core-railiance01
```
## Workstation tunnel policy after cutover
| Keep (interactive dev) | Retire from production dependency |
| --- | --- |
| `state-hub-primary` (MCP/agents) | `state-hub-railiance01` |
| `k3s-api-*` | `issue-core-railiance01` |
| `state-hub-mcp-*` | — |
| `issue-core-coulombcore` (workstation dev only) | — |
Production on railiance01 must not depend on any workstation tunnel.
## WireGuard evaluation
Current fleet mesh uses two forward tunnels (~2 units). WireGuard successor is
deferred until persistent unit count exceeds ~5 per workplan T02.
## cert_command migration (follow-on)
Replace static `id_ops` with `atm-fleet-mesh` + `cert_command`:
1. Register `atm-fleet-mesh` in warden inventory and CoulombCore `ssh_principals.yaml`
2. Generate dedicated keypair on railiance01
3. Set `cert_command: "warden sign atm-fleet-mesh --pubkey ..."` per
`ops-warden/wiki/playbooks/ops-bridge-tunnel-cert.md`

View File

@@ -0,0 +1,212 @@
# Forgejo Production Decisions (Wave 1)
Date: 2026-07-03
Workplans: `RAIL-HO-WP-0005-T02`, `CUST-WP-0054-T04`
Operator input: 2026-07-03
## Decision log
| # | Topic | Decision | Status | Evidence (2026-07-03) |
| --- | --- | --- | --- | --- |
| 1 | **Production hostname** | `forgejo.coulomb.social` | **decided** | DNS A → `92.205.62.239` (railiance01); HTTPS reaches Traefik on railiance01 |
| 2 | Exposure model | Private HTTPS via railiance01 Traefik ingress + cert-manager `letsencrypt-prod` | **decided** | Same pattern as Gitea (`manifests/forgejo-ingress.yaml` in `railiance-apps`) |
| 2b | Deployment pattern | `gitea-charts/gitea` **12.5.0** Helm + Forgejo image; CNPG `forgejo-db` in `railiance-platform`; Makefile in `railiance-apps` | **decided** | Chart 12.6+ requires Gitea 1.26 `config edit-ini` (incompatible with Forgejo 11); see `railiance-apps/docs/forgejo-on-railiance01.md` |
| 2c | Live deploy | Forgejo pod + ingress + TLS on railiance01 | **done** (2026-07-03) | `make forgejo-smoke` → HTTP 200 + OCI `/v2/` 401 challenge; cert `forgejo-tls` Ready |
| 3 | Gitea during transition | `gitea.coulomb.social` on coulombcore remains canonical **until** Forgejo restore/migration drills pass; then read-only mirror | unchanged | Per `RAIL-HO-WP-0005` safety contract |
| 4 | SMTP / password reset | **IONOS** SMTP; sender `forgejo@coulomb.social`; OpenBao/ESO mailer on railiance01 | **done** (2026-07-08) | `smtp.ionos.de:587` + `smtp+starttls`; T06 verified |
| 5 | Package registry scope | **Multi-ecosystem (Option C):** OCI + **npm** + generic; PyPI/Go/Maven/Helm as inventory proves need | **decided** (2026-07-08) | OCI live; npm is launch requirement — see § Package scope |
| 6 | Actions runner model | **In-cluster** on railiance01: `forgejo-runner` Deployment + DinD (`railiance01-build-01`) | **done** (2026-07-03) | Runner 2/2 Ready; coulombcore host runner disabled; `image-build` probe pushed OCI image via org secrets |
| 7 | Backup target + retention | **Option A:** age-encrypted `forgejo dump` + `pg_dump`**Nextcloud** WebDAV | **decided** (2026-07-09) | See § Backup; T04/T09 implementation |
| 8 | Cutover mode | **Option A:** staged per-repo promotion (no org-wide freeze) | **decided** (2026-07-09) | See § Cutover; tiers 02.5 + partial tier-3 proven |
## Hostname decision detail
**Chosen hostname:** `https://forgejo.coulomb.social`
| Field | Value |
| --- | --- |
| DNS | `forgejo.coulomb.social``92.205.62.239` (railiance01) |
| Edge | railiance01 k3s Traefik (`kube-system/traefik` LoadBalancer) |
| Target machine | railiance01 (production home per `CUST-WP-0054`) |
| Canonical git remote (post-cutover) | `https://forgejo.coulomb.social/coulomb/<repo>.git` |
| OCI registry (post-cutover) | `forgejo.coulomb.social/coulomb/<image>` |
### Live probe (2026-07-03, post-deploy)
```bash
getent hosts forgejo.coulomb.social # 92.205.62.239
curl -fsS -o /dev/null -w '%{http_code}\n' https://forgejo.coulomb.social/ # 200
curl -sSI -X GET https://forgejo.coulomb.social/v2/ | grep -i docker-distribution # registry/2.0
KUBECONFIG=~/.kube/config-hosteurope kubectl get pods,ingress,certificate -n forgejo
```
Forgejo is serving HTTPS with a valid Let's Encrypt cert. Gitea on coulombcore
remains canonical for git remotes until migration drills pass.
### Implications for CUST-WP-0054
- Wave 1 can proceed with a fixed hostname for overlays, ingress manifests, and
CI `IMAGE_REPOSITORY` variables.
- State Hub / sweep checkouts on railiance01 (T05) should clone from
`forgejo.coulomb.social` once cutover completes.
- Runners and image-build CI are proven; first repo migration pilot
(`glas-harness`) documents git/SSH/CI routing in
`docs/forgejo-repo-migration-pilot-glas-harness.md`.
- Remaining blockers for production cutover: **scheduled backup automation**
(T04/T09 per Option A), npm/package hardening (T07), and staged per-repo
migration execution (`RAIL-HO-WP-0005-T10` / `T11`).
## SMTP decision (IONOS) — 2026-07-07
**Provider:** IONOS mail for `coulomb.social` and subdomains (operator owns DNS zone
via IONOS; mailboxes provisioned in IONOS control panel).
**Recommended Forgejo mailer settings** (non-secret; password in
`railiance-apps/helm/forgejo-secrets.sops.yaml`):
| Field | Value |
| --- | --- |
| `MAILER_TYPE` | `smtp` |
| `HOST` | `smtp.ionos.com:587` (EU accounts may use `smtp.ionos.de:587`) |
| `IS_TLS_ENABLED` | `true` (STARTTLS on 587) |
| `FROM` | `forgejo@coulomb.social` (or dedicated `noreply@…` mailbox) |
| `USER` | full mailbox address (same as `FROM` unless using a shared relay mailbox) |
| `PASSWD` | IONOS mailbox password — SOPS only, never Git plaintext |
**Operator setup checklist:**
1. Create mailbox in IONOS (e.g. `forgejo@coulomb.social`).
2. Confirm SPF includes IONOS (`include:_spf-eu.ionos.com` or current IONOS
guidance for the zone).
3. Enable DKIM in IONOS for `coulomb.social` if offered.
4. Store mailbox password in `helm/forgejo-secrets.sops.yaml` under
`gitea.config.mailer.PASSWD`; redeploy Forgejo.
5. T06 gate: trigger password reset for a controlled non-admin test account;
confirm delivery and link works.
**Implementation:** `railiance-apps/docs/forgejo-on-railiance01.md` (SMTP section).
Password in OpenBao `platform/workloads/forgejo/forgejo-mailer` (field `PASSWD`).
## Package scope decision (Option C) — 2026-07-08
**Operator choice:** Multi-ecosystem registry — not OCI-only at launch.
| Phase | Package types | Status |
| --- | --- | --- |
| **Now (proven)** | OCI container images | Live — tier 03 CI (`container-build-push` templates) |
| **Launch requirement** | **npm** | Decide → implement in T07 (auth, publish/pull docs, CI template) |
| **In scope** | Generic (release tarballs/binaries) | Enable with retention policy |
| **As needed** | PyPI, Go, Maven, Helm | Add per repo only after T01 inventory shows Gitea package data or an explicit consumer need |
**Rationale:** Railiance needs npm publishing; other ecosystems follow evidence, not
a big-bang enable-everything default.
**Implications:**
- T07 expands beyond OCI smoke: npm publish/pull runbook, org/repo token policy,
retention/cleanup for non-OCI blobs.
- T09 backups must include **all enabled package types** under `/data/packages`.
- T01 authenticated Gitea inventory should classify existing npm (and other) package
data before cutover waves.
**Forgejo endpoints (post-cutover):**
| Type | URL pattern |
| --- | --- |
| OCI | `forgejo.coulomb.social/coulomb/<image>` |
| npm | `https://forgejo.coulomb.social/api/packages/coulomb/npm/` (configure scope in T07) |
| Generic | per-repo generic package API |
## Backup decision (Option A) — 2026-07-09
**Operator choice:** Extend the existing **Railiance platform backup lane**
age-encrypted artifacts uploaded to **Nextcloud WebDAV** (same pattern as
`railiance-platform` `make backup` / coulombcore `railiance-backup`).
| Component | Method | Schedule |
| --- | --- | --- |
| **Forgejo blob state** | `forgejo dump` zip (repos, packages incl. OCI/npm/generic, attachments, LFS, avatars) | Daily |
| **PostgreSQL** | `pg_dump` from CNPG `forgejo-db` (logical; no WAL/PITR in Phase 1) | Daily |
| **Encryption** | age (platform backup public key) before upload | per artifact |
| **Destination** | Nextcloud WebDAV file drop (off-node) | upload after each run |
| **Restore proof** | Re-run `tools/forgejo-restore-drill.sh` from automated backup quarterly | manual gate |
**Retention (balanced profile):**
| Artifact | Keep |
| --- | --- |
| Daily dumps | 14 rotations |
| Weekly dumps | 4 rotations (promote Sunday daily or explicit weekly job) |
| Local cache (if any) | 7 copies per type (match existing `railiance-backup` prune) |
**RPO / RTO targets:**
| Metric | Target |
| --- | --- |
| **RPO** | 24 hours (daily schedule) |
| **RTO** | 4 hours (operator response + restore drill path + validation) |
**Implementation owners:**
- `railiance-platform``make forgejo-backup` (or extend `make backup`): cron
schedule, age encrypt, Nextcloud upload, retention prune.
- `railiance-infra` — restore runbook + quarterly drill evidence (`T09`).
- `railiance-apps` — no backup secrets in Git; dump runs against live pod.
**Explicitly not in scope (Phase 1):** CNPG WAL archiving to S3/MinIO; on-node-only
backups without Nextcloud upload. Revisit if dump size or RPO requirements outgrow
daily logical backup.
**Promotion gate:** No further tier-3 repo cutovers until automated daily backups
have succeeded **7 consecutive days** and one restore drill uses a Nextcloud
artifact (not workstation `/tmp`).
## Cutover decision (Option A) — 2026-07-09
**Operator choice:** **Staged per-repo** promotion — continue the proven migration
ladder; **no** org-wide freeze-all window.
**Per-repo sequence (T11):**
1. Gitea backup snapshot before promotion.
2. Mirror/sync git to Forgejo if not already present.
3. Verify Forgejo Actions and packages (OCI/npm per repo).
4. Switch workstation `origin``forgejo-remote`; retain `gitea` legacy remote.
5. Update State Hub `remote_url` and railiance01 sweep checkouts when promoted.
6. Mark **that** Gitea repo read-only; do not delete (safety contract).
7. Stabilization window before the next repo (operator judgment; `state-hub` used 7d).
**Explicitly rejected for primary plan:** org-wide freeze-all cutover (Option B).
Freeze-all remains documented only as an **emergency fallback** if staged drift
becomes unacceptable — not the default path.
**Rollback (per repo):** Re-point `origin` to `gitea-remote`; Forgejo copy becomes
stale mirror. No Gitea repo deletes for ≥90 days after promotion. Gitea Helm stays
until T12 explicit approval.
**Gates before each tier-3 promotion:**
- T09 automated daily backups: 7 consecutive successes (Option A).
- T01 inventory classification for that repo (issues/wiki/LFS/packages).
- Operator explicit approval for Wave-1 production repos (`CUST-WP-0054`).
**Evidence:** tiers 02.5 complete; `glas-harness` pilot;
`state-hub` cutover under `CUST-WP-0054-T05`.
## T02 decision set — complete (2026-07-09)
All Wave-1 production design choices for Forgejo are decided:
| # | Topic | Option |
| --- | --- | --- |
| Hostname / exposure / deploy | decided 2026-07-03 |
| SMTP | IONOS + OpenBao/ESO (T06 done) |
| Package scope | Option C (OCI + npm + generic) |
| Actions runner | In-cluster ADR-004 |
| Backup | Option A (Nextcloud + age) |
| Cutover | **Option A (staged per-repo)** |
## Open decisions (need operator input)
_All T02 items decided as of 2026-07-09._ Implementation tracks: T04/T09 backup
automation, T07 npm hardening, T10/T11 staged migration waves.

View File

@@ -0,0 +1,194 @@
# Forgejo Repo Migration Pilots (tier 12)
Date: 2026-07-03 (tier 1), 2026-07-04 (tier 2)
Workplan: `CUST-WP-0054-T04`, `RAIL-HO-WP-0005-T10`
Pilots: `glas-harness` (tier 1), `key-cape` (tier 2)
---
## Tier 1 — glas-harness
Pilot repo: `coulomb/glas-harness` (non-production tooling; safe routing drill)
## Why this repo
| Criterion | glas-harness |
| --- | --- |
| Production dependency | None — harness meta-framework, not deployed |
| Size / complexity | 3 commits, no container image, no submodules |
| Blast radius | Low — wrong remote or CI failure does not break triage, State Hub, or emission |
| State Hub registration | Not in active production sweep set |
Use lessons here before migrating `state-hub` (high value, high risk).
## Pilot outcome (2026-07-03)
| Step | Result | Notes |
| --- | --- | --- |
| Create repo on Forgejo | **pass** | `POST /api/v1/orgs/coulomb/repos` |
| Mirror git history (HTTPS) | **pass** | `main` @ `e35e287` pushed with admin token |
| SSH `forgejo-remote` push | **pass** | After adding `id_gitea.pub` to `forgejo_admin`; NodePort `92.205.62.239:30022` |
| `origin` → Forgejo, `gitea` legacy remote | **pass** | `origin=forgejo-remote:…`, `gitea=gitea-remote:…` |
| Actions `ci-smoke` (host + container) | **pass** | `host-smoke` (`self-hosted`) + `container-smoke` (`ubuntu-latest`) both `success` |
| Gitea left intact | **pass** | No delete; Gitea still at `e35e287` until mirror sync policy defined |
## Routing that works
### Git remotes (workstation)
Add to `~/.ssh/config` (see `FORGEJO-REMOTE` block):
```ssh
Host forgejo-remote
HostName 92.205.62.239
Port 30022
User git
IdentityFile ~/.ssh/id_gitea
StrictHostKeyChecking accept-new
```
Per-repo layout after cutover:
```bash
git remote rename origin gitea # if still on Gitea
git remote add origin forgejo-remote:coulomb/<repo>.git
git push -u origin main
```
Canonical URL: `https://forgejo.coulomb.social/coulomb/<repo>.git`
### HTTPS fallback (automation / first push)
Admin or user token with `write:repository`:
```bash
git push "https://<user>:<token>@forgejo.coulomb.social/coulomb/<repo>.git" main
```
### CI runner labels (railiance01-build-01)
| Label | Works for | Evidence |
| --- | --- | --- |
| `self-hosted` | Host runner smoke | glas-harness `host-smoke` |
| `ubuntu-latest` | Container step jobs | glas-harness `container-smoke` |
| `container-build` | Docker build/push jobs | forgejo-actions-probe `image-build` |
### Registry / image CI (from prior probe)
- Org secrets `REGISTRY_USER` / `REGISTRY_TOKEN` via `PUT /api/v1/orgs/coulomb/actions/secrets/{name}` with plaintext `data` (HTTPS API).
- Host runner has **no** `docker` CLI and **cannot** `apk add` (non-root). Use **static docker binary** in the job step.
- `actions/checkout@v4` **fails** on host runner — use `git clone` in the job until resolved.
## Routing that does not work yet
| Gap | Impact | Mitigation for next repos |
| --- | --- | --- |
| ~~`tegwick` not on Forgejo~~ | **Resolved 2026-07-04**`tegwick` admin user + `workstation-automation` SSH key; `forgejo-remote` greets `Hi there, tegwick!` | Add other operator keys before team cutover |
| No automated Gitea→Forgejo mirror | Gitea copy drifts after Forgejo becomes canonical | Staged cutover: freeze Gitea pushes, one-way mirror, or retire Gitea remote after verification |
| `actions/checkout@v4` on host runner | Breaks multi-step workflows that depend on checkout | `git clone` in `run:` step (see image-build probe) |
| Issues/wiki/releases/LFS | Not exercised in pilot | Classify per repo in migration inventory before production repos |
| State Hub `remote_url` field | Still points at `gitea-remote:…` for most repos | Update registration when repo is promoted (separate step; not done for glas-harness) |
## Repeatable procedure (non-production repo)
1. Confirm repo is **not** in a production drain wave or has explicit operator approval.
2. Create empty repo on Forgejo (`auto_init: false` if mirroring existing history).
3. Push all branches/tags from workstation clone (HTTPS or SSH).
4. Add `forgejo-remote` remote; rename Gitea remote to `gitea`; set `origin` to Forgejo.
5. Add `.forgejo/workflows/` smoke (and image workflow if applicable).
6. Verify Actions green on Forgejo runner.
7. Leave Gitea repo read-only; do not delete (safety contract).
8. Record results in this doc or a per-repo row in the migration inventory.
## Tier 2 — key-cape (2026-07-04)
Pilot repo: `coulomb/key-cape` — non-production identity tooling with a real
multi-stage `Dockerfile` (Go build + distroless).
| Step | Result | Notes |
| --- | --- | --- |
| Mirror git to Forgejo | **pass** | `main` mirrored; `origin=forgejo-remote` |
| Port `.gitea/workflows/image.yaml``.forgejo/workflows/image.yaml` | **pass** | Archive checkout + static docker-cli; no `actions/checkout` |
| Build and push on `container-build` | **pass** | `build-and-push` workflow `success` @ `ec706da` |
| k3s pull on railiance01 | **pass** | `sudo crictl pull forgejo.coulomb.social/coulomb/key-cape:latest` |
Workflow pattern (tier 2+):
```yaml
# Checkout: repo archive (no git binary required on non-root runner)
wget -qO /tmp/repo.tar.gz "https://forgejo.coulomb.social/${GITHUB_REPOSITORY}/archive/${GITHUB_SHA}.tar.gz"
tar xzf /tmp/repo.tar.gz -C buildctx --strip-components=1
# Build: static docker-cli + DOCKER_HOST=tcp://127.0.0.1:2375
```
Image: `forgejo.coulomb.social/coulomb/key-cape:latest`
## Tier 2.5 — railiance stack (2026-07-04)
Infra/platform repos promoted before tier-3 production set. Canonical remote is
Forgejo; Gitea `gitea` remote retained for rollback mirror.
| Repo | Forgejo | `origin` | CI workflow | Notes |
| --- | --- | --- | --- | --- |
| `railiance-enablement` | yes | `forgejo-remote` | `ci-smoke` + templates in `workflows/` | S4 canonical templates |
| `railiance-infra` | yes | `forgejo-remote` | `ci-smoke` | |
| `railiance-apps` | yes | `forgejo-remote` | `ci-smoke` | |
| `railiance-platform` | yes | `forgejo-remote` | `ci-smoke` | Local uncommitted `Makefile`/helm edits not in promotion |
| `railiance-cluster` | yes | `forgejo-remote` | `ci-smoke` | |
Promotion helper: `railiance-enablement/tools/promote-repo-to-forgejo.sh`
Template docs: `railiance-enablement/docs/forgejo-actions-workflow-templates.md`
Operator SSH (2026-07-04): user `tegwick` on Forgejo (admin, `coulomb` Owners
team); workstation key moved from `forgejo_admin` to `tegwick`.
## Tier 3 — state-hub + hub-core (2026-07-06)
Production repos promoted with operator approval for tier-3 start.
| Repo | Forgejo | `origin` | CI | Hub `remote_url` | Notes |
| --- | --- | --- | --- | --- | --- |
| `hub-core` | yes | `forgejo-remote` | `ci-smoke` green | `forgejo-remote:coulomb/hub-core.git` | Dependency for state-hub image |
| `state-hub` | yes | `forgejo-remote` | `ci-smoke` + `build-and-push` green @ `f9f0091` | `forgejo-remote:coulomb/state-hub.git` | Multi-repo image vendors `hub-core` into `Dockerfile.ci` at build time (runner has no buildx) |
Workflow lessons (state-hub `image.yaml`):
- Forgejo `/archive/{full_sha}.tar.gz` can hang — use **short SHA** for primary repo.
- Extra repos (`hub-core`) must fetch from **`main`**, not the primary commit SHA.
- `container-build` runner DinD is **legacy docker** — no `--build-context`; vendor
`hub-core` into `buildctx/_hub_core_src/` and `sed``Dockerfile.ci`.
### Tier 3 — issue-core (2026-07-06)
| Repo | Forgejo | `origin` | CI | Hub `remote_url` | Notes |
| --- | --- | --- | --- | --- | --- |
| `issue-core` | yes | `forgejo-remote` | `ci-smoke` + `build-and-push` green @ `6718618` | `forgejo-remote:coulomb/issue-core.git` | Single-repo image; short-SHA archive checkout |
### Tier 3 — core-hub (2026-07-06)
| Repo | Forgejo | `origin` | CI | Hub `remote_url` | Notes |
| --- | --- | --- | --- | --- | --- |
| `core-hub` | yes | `forgejo-remote` | `ci-smoke` + `build-and-push` green @ `df6ed8a` | `forgejo-remote:coulomb/core-hub.git` | `uv sync --frozen` multi-stage image |
### Tier 3 — activity-core (2026-07-06)
| Repo | Forgejo | `origin` | CI | Hub `remote_url` | Notes |
| --- | --- | --- | --- | --- | --- |
| `activity-core` | yes | `forgejo-remote` | `ci-smoke` + `build-and-push` green @ `34c6492` | `forgejo-remote:coulomb/activity-core.git` | Production automation host; already on railiance01 |
**Tier 3 production set complete** (`state-hub`, `hub-core`, `issue-core`, `core-hub`, `activity-core`).
Remaining before T04 close:
- [ ] Gitea read-only mirror or push-disable policy for repos after cutover
- [ ] Scheduled Forgejo backups (disaster-control track; restore drill passed)
- [ ] Bulk-promote remaining registered repos (74 total; non-production can follow incrementally)
## References
- `docs/forgejo-production-decisions.md`
- `railiance-forge/docs/forgejo-actions-runner-substrate.md`
- `railiance-apps/docs/forgejo-on-railiance01.md`
- Tier 1: https://forgejo.coulomb.social/coulomb/glas-harness
- Tier 2: https://forgejo.coulomb.social/coulomb/key-cape

View File

@@ -0,0 +1,238 @@
# Forgejo Tier 3 — State Hub `remote_url` and Sweep Playbook
Date: 2026-07-04
Workplans: `RAIL-HO-WP-0005-T10`, `RAIL-HO-WP-0005-T11`, `CUST-WP-0054-T04`, `CUST-WP-0054-T05`
`no_secret_material_recorded: true`
## Purpose
Operational playbook for promoting a **registered** State Hub repo from Gitea
(`gitea-remote`) to Forgejo (`forgejo-remote`) without breaking the consistency
sweep, DoI checks, or agent attribution.
Applies to:
- **Tier 2.5** (done on Forgejo, hub `remote_url` may still say Gitea) — run
§4 after git promotion.
- **Tier 3** (`state-hub`, `issue-core`, production wave) — full §3§8 with
operator approval.
Does **not** perform cutover by itself. Gitea remains canonical until tier gates
and explicit approval per `RAIL-HO-WP-0005` safety contract.
## Preconditions (gates)
| Gate | Tier 2.5 | Tier 3 (`state-hub`) |
| --- | --- | --- |
| Forgejo repo exists + history mirrored | required | required |
| Workstation `origin=forgejo-remote`, `gitea` legacy remote | required | required |
| Operator SSH on Forgejo (`tegwick` or team keys) | required | required |
| CI smoke green on Forgejo (`.forgejo/workflows/ci-smoke.yaml`) | required | required |
| Image workflow if applicable | optional | required for `state-hub` |
| Restore drill passed | recommended | required |
| Scheduled backups automated | optional | required (disaster-control) |
| Operator approval recorded | not required | **required** |
| `CUST-WP-0011-T07` freeze/restore for hub primary | n/a | required before hub production |
## Canonical remote conventions
State Hub stores the **SSH remote name form** used on the operator workstation,
not the HTTPS URL. This matches existing registrations
(`gitea-remote:coulomb/<slug>.git`).
| Role | Remote name | Example |
| --- | --- | --- |
| Canonical (post-promotion) | `origin``forgejo-remote` | `forgejo-remote:coulomb/state-hub.git` |
| Rollback mirror | `gitea``gitea-remote` | `gitea-remote:coulomb/state-hub.git` |
| Hub `remote_url` field | same as `origin` | `forgejo-remote:coulomb/state-hub.git` |
HTTPS canonical URL for humans and archive CI:
`https://forgejo.coulomb.social/coulomb/<slug>.git`
SSH config block (workstation `~/.ssh/config`):
```ssh
Host forgejo-remote
HostName 92.205.62.239
Port 30022
User git
IdentityFile ~/.ssh/id_gitea
StrictHostKeyChecking accept-new
```
## Per-repo promotion procedure
### 1. Git forge (workstation)
Use `railiance-enablement/tools/promote-repo-to-forgejo.sh` or manually:
```bash
cd ~/REPO_SLUG
# Create empty repo on Forgejo if needed (org coulomb)
git push forgejo-remote:coulomb/REPO_SLUG.git main # first mirror
git remote rename origin gitea
git remote add origin forgejo-remote:coulomb/REPO_SLUG.git
git push -u origin main
# Optional: keep Gitea mirror current
git push gitea main
```
Add `.forgejo/workflows/ci-smoke.yaml` from
`railiance-enablement/workflows/ci-smoke.yaml`. For images, use
`container-build-push.yaml` or `container-build-push-multirepo.yaml` (state-hub +
hub-core).
### 2. Verify git + SSH
```bash
git remote -v
# origin forgejo-remote:coulomb/REPO_SLUG.git (fetch/push)
# gitea gitea-remote:coulomb/REPO_SLUG.git (fetch/push)
ssh forgejo-remote # expect: Hi there, tegwick!
git ls-remote origin # reachable
```
### 3. Patch State Hub registration
```bash
API=http://127.0.0.1:8000
SLUG=REPO_SLUG
NEW_URL="forgejo-remote:coulomb/${SLUG}.git"
curl -s -X PATCH "${API}/repos/${SLUG}" \
-H "Content-Type: application/json" \
-d "{\"remote_url\": \"${NEW_URL}\"}" | python3 -m json.tool
# Confirm
curl -s "${API}/repos/${SLUG}" | python3 -c \
"import json,sys; r=json.load(sys.stdin); print(r['slug'], r['remote_url'])"
```
Batch helper for tier-2.5 stack (skips slugs not registered in State Hub):
```bash
~/the-custodian/tools/patch-forgejo-remote-urls.sh --tier-25
```
Applied 2026-07-04 for registered tier-2.5 repos + `key-cape`. `glas-harness` is
not in State Hub registration — patch when/if registered.
### 4. Consistency sweep / fix-consistency
The sweep (`POST /consistency/sweep/remote-all` or `statehub fix-consistency`)
resolves repos by `host_paths[hostname]` or `local_path`, then `git pull
--ff-only` from the checkout's **tracking branch** (now Forgejo `origin`).
After `remote_url` patch:
```bash
cd ~/REPO_SLUG
git fetch origin
statehub fix-consistency --repo REPO_SLUG
# or from state-hub checkout:
cd ~/state-hub && make fix-consistency REPO=REPO_SLUG
```
**Attribution:** `consistency_check.py` matches repos by git fingerprint and
`remote_url` string. Stale `gitea-remote` in the hub causes mis-attribution when
multiple checkouts exist — patch hub **before** relying on sweep writebacks.
### 5. DoI verification
```bash
curl -s "http://127.0.0.1:8000/repos/REPO_SLUG/doi" | python3 -m json.tool
# C4 Remote URL set → pass
# C4 reachability → git ls-remote origin succeeds
```
## Railiance01 sweep checkout paths (`CUST-WP-0054-T05`)
Today sweeps write back from **workstation** `host_paths` (`bnt-lap001`). Wave 2
moves primary checkouts to **railiance01** so triage survives workstation loss.
When railiance01 clone tree exists (e.g. `/home/tegwick/<slug>` or agreed path):
```bash
API=http://127.0.0.1:8000
SLUG=REPO_SLUG
HOST=railiance01 # must match socket.gethostname() on that machine
PATH_ON_HOST=/home/tegwick/REPO_SLUG
curl -s -X POST "${API}/repos/${SLUG}/paths" \
-H "Content-Type: application/json" \
-d "{\"host\": \"${HOST}\", \"path\": \"${PATH_ON_HOST}\"}" | python3 -m json.tool
```
Clone on railiance01 **from Forgejo**:
```bash
git clone forgejo-remote:coulomb/REPO_SLUG.git /home/tegwick/REPO_SLUG
# or HTTPS with deploy key / token
```
Sweep on railiance01 then uses `host_paths[railiance01]`; workstation path
remains in map for dev but is no longer the production writeback source.
## Tier 3 — `state-hub` specifics
Before promoting `state-hub`:
1. **Multi-repo image workflow** — copy
`railiance-enablement/workflows/container-build-push-multirepo.yaml` to
`state-hub/.forgejo/workflows/image.yaml`; set `IMAGE_NAME=coulomb/state-hub`,
`EXTRA_REPOS="coulomb/hub-core@hub_core_src"`.
2. **Prove image pull** on railiance01 (`crictl pull` or deployment dry-run).
3. **Hub primary cutover** — follow `CUST-WP-0011-T07` (freeze → restore →
rewire); independent of forge remote but same maintenance window may apply.
4. **ArgoCD / GitOps** — repoint repository URLs to Forgejo (Wave 5 in
`docs/coulombcore-drain-placement-plan.md`).
5. **Record approval**`POST /decisions/` or workplan note with operator id.
`state-hub` promotion order:
```
mirror git → Forgejo remotes → CI image workflow green → PATCH remote_url →
fix-consistency → (later) railiance01 host_paths → CUST-WP-0011-T07 cutover
```
## Gitea read-only policy (post-cutover per repo)
After Forgejo is canonical **for that repo** and hub `remote_url` is patched:
1. Do **not** delete the Gitea repo (safety contract).
2. Org/repo setting: disable push for non-admin users, or maintenance flag.
3. Workstation: stop pushing to `gitea` except intentional rollback mirror.
4. Document rollback: `git push gitea main` from last known-good Forgejo SHA.
Org-wide Gitea read-only is an operator action (T11); per-repo is enough for
staged ladder.
## Rollback
| Step | Action |
| --- | --- |
| Git canonical | `git remote rename origin forgejo; git remote rename gitea origin` |
| Hub | `PATCH /repos/{slug}``gitea-remote:coulomb/<slug>.git` |
| Sweep | `statehub fix-consistency` on reverted checkout |
| Gitea | Re-enable push if read-only was set |
## Verification checklist
- [ ] `GET /repos/{slug}``remote_url` is `forgejo-remote:coulomb/<slug>.git`
- [ ] Workstation `git remote -v``origin` is Forgejo
- [ ] `ssh forgejo-remote` → operator user (not only `forgejo_admin`)
- [ ] `statehub fix-consistency --repo <slug>` → PASS
- [ ] Forgejo Actions `ci-smoke` → success (tier 1+)
- [ ] Gitea copy exists and matches SHA (optional `git push gitea` mirror)
- [ ] Tier 3 only: image workflow + pull smoke + operator approval on record
## References
- `docs/forgejo-repo-migration-pilot-glas-harness.md` (tiers 12.5)
- `railiance-enablement/docs/forgejo-actions-workflow-templates.md`
- `railiance-enablement/tools/promote-repo-to-forgejo.sh`
- `state-hub/docs/consistency-sweep-runbook.md`
- `state-hub/policies/repo-doi.md` (C4 remote URL)
- `docs/coulombcore-drain-placement-plan.md` (Wave 12)
- `disaster-control/history/2026-07-04-forgejo-backup-strategy-assessment.md`

View File

@@ -0,0 +1,45 @@
# FOS Hub Bootstrap Sequence Status
Updated: 2026-07-08
## Purpose
Track `CUST-WP-0051-T07` and `CUST-WP-0052`: sequence `CUST-WP-0025` so FOS Hub bootstrap can resume from current repo reality rather than the older mega-hub/Keycloak/Inter-Hub assumptions.
## Current Decision
Do not restart FOS bootstrap at the old `NK-WP-0001` Keycloak path. That workplan is archived and superseded. The active identity baseline is:
- `NK-WP-0002` local identity: complete; usable for bootstrap/dev OIDC.
- `NK-WP-0012` IAM Profile v0.2: finished; canonical NetKingdom-owned profile and conformance suite.
- KeyCape/Authelia/LLDAP stack from the superseding NetKingdom path: current lightweight identity mode.
- `NK-WP-0011` expanded-mode Keycloak: proposed enterprise federation lane, not a blocker for ops-hub bootstrap.
## Sequence Board
| Area | Current state | Pickup action |
| --- | --- | --- |
| Identity | T01 cancelled; T02T04 done; IAM Profile integration template in core-hub. | No further identity gates unless production issuer wiring is needed. |
| Hub extraction/dev-hub | T05T12 done: hub-core exists, State Hub imports hub-core, MCP naming is dev-hub. | Phase 2 complete. |
| Ops hub / Core Hub | T13T18 done; T16 deployed evidence and T17 cutover coupling closed 2026-07-08. Production serves Core Hub at `hub.coulomb.social` since 2026-07-03. | Monitor `CORE-WP-0007` stabilization window; Haskell retirement is operator-gated rollback cleanup only. |
| Legacy Inter-Hub | `CUST-WP-0047-T05` and `CUST-WP-0049-T06` superseded 2026-07-03. | Rollback-only; do not request new Inter-Hub operator keys. |
| Fin hub/business | T20T23 done (canon + fin-hub scaffold + models). T24T26 remain open. | Implement cost ingestion, runway calculator, cross-hub coupling, and pricing/legal packaging. |
## Stable Pickup Order
1. ~~Close identity drift~~ — done.
2. ~~Core Hub deployed evidence and cutover coupling~~ — done (`docs/core-hub-cutover-decision-coupling.md`).
3. ~~Supersede legacy Inter-Hub waits~~ — done 2026-07-03.
4. Execute fin-hub implementation: T24 (cost tracking + runway), T25 (cross-hub coupling), T26 (pricing/legal).
5. Close `CORE-WP-0007` Haskell retirement after stabilization sign-off (operator gate).
## Progress Summary (2026-07-08)
`CUST-WP-0025` is **22/26 tasks done**. Remaining:
- **T24** — fin-hub cost ingestion and runway calculator
- **T25** — fin→dev, fin→ops, fin→canon cross-hub coupling
- **T26** — RaaS pricing, onboarding, legal framework
FOS maturity: Level 2→3 boundary achieved (dev, ops, fin conceptually separated;
fin-hub scaffold operational).

View File

@@ -125,6 +125,21 @@ Current implementation status:
update, and host-path routes with State Hub's own models and schemas injected, update, and host-path routes with State Hub's own models and schemas injected,
while keeping onboarding, DoI, scope-health, dispatch, archive, and while keeping onboarding, DoI, scope-health, dispatch, archive, and
consistency-sync routes local. consistency-sync routes local.
- 2026-06-22: HUB-WP-0002 completed. Added
`create_capability_request_write_router` with host callbacks for routing,
model construction, flow transitions, notifications, task-unblock, patch,
dispute, and reroute side effects. State Hub mounts write routes from the
factory while keeping dev-hub columns (`requesting_workplan_id`,
`blocking_task_id`, `fulfilling_workplan_id`) on its extended model.
- 2026-06-22: `HubCoreMCPServer.attach_to()` registers generic MCP tools on a
host server with `exclude` for dev-hub overrides. State Hub now composes
hub-core messaging, capability read lifecycle, TPSC list/DoI, and FOS §10
tools while keeping enriched orientation, repo registration, capability
request creation, TPSC ingest, and service registration tools local.
- 2026-06-22: **CUST-WP-0048 closed.** Full regression: hub-core 27/27, State
Hub 426/426. Health probe uses injected `get_session` (fixes asyncpg pool
flake). Remaining deferred seams: ProgressEvent FK → `subject_refs` mapping;
optional CapabilityRequest workplan columns → JSON context.
## Extract Now ## Extract Now
@@ -195,9 +210,9 @@ implementation is coupled to dev-hub concepts:
| --- | --- | | --- | --- |
| `Domain` and `domains.py` detail views | Detail counts now use a dev-hub callback behind the hub-core router factory. Domain relationships still need a later model split if State Hub stops carrying topics/goals on the core table. | | `Domain` and `domains.py` detail views | Detail counts now use a dev-hub callback behind the hub-core router factory. Domain relationships still need a later model split if State Hub stops carrying topics/goals on the core table. |
| `ManagedRepo` | State Hub create/read schemas now extend hub-core contracts, with `topic_id`, SBOM fields, and state-sync timestamps kept as dev-hub extensions. Generic repo registry collection, lookup, detail, update, and host-path routes now mount from the hub-core factory; State Hub keeps onboarding, DoI, scope-health, dispatch, archive, and consistency-sync behavior locally. | | `ManagedRepo` | State Hub create/read schemas now extend hub-core contracts, with `topic_id`, SBOM fields, and state-sync timestamps kept as dev-hub extensions. Generic repo registry collection, lookup, detail, update, and host-path routes now mount from the hub-core factory; State Hub keeps onboarding, DoI, scope-health, dispatch, archive, and consistency-sync behavior locally. |
| `CapabilityRequest` | Catalog schemas, catalog CRUD routes, and read-only request list/detail routes now import from hub-core. Adapter seam is implemented with generic `request_context` and `fulfillment_context`; State Hub still needs a later refactor to map workstream/task references into those fields or a dev-hub extension table before request workflow routes can move. | | `CapabilityRequest` | Write routes now mount from `create_capability_request_write_router` with host callbacks. State Hub keeps workplan/task columns on its model; generic hubs use `request_context` / `fulfillment_context` JSON. Optional future step: map State Hub columns into JSON and drop duplicate fields. |
| `ProgressEvent` | Adapter seam implemented with generic `subject_refs`; State Hub still needs a later refactor to map topic/workstream/task/decision foreign keys into that field or a dev-hub extension table. | | `ProgressEvent` | Adapter seam implemented with generic `subject_refs`; State Hub still needs a later refactor to map topic/workstream/task/decision foreign keys into that field or a dev-hub extension table. |
| MCP tools in `mcp_server/server.py` | Generic tools are still mixed into the State Hub server module. T08 should begin replacing those registrations with `HubCoreMCPServer` inheritance or composition while dev-hub keeps its own tools. | | MCP tools in `mcp_server/server.py` | Generic tools register via `HubCoreMCPServer.attach_to(mcp, exclude=...)`. Remaining local tools: dev-hub orientation (`get_state_summary`, `get_domain_summary`), extended repo/capability/TPSC contracts, and all workstream/task/decision tooling. |
The first two adapter seams are now implemented in hub-core: The first two adapter seams are now implemented in hub-core:
@@ -232,6 +247,9 @@ to import it:
## Next Step ## Next Step
Continue CUST-WP-0048 by resolving the capability request write workflow and **CUST-WP-0048** is finished; **CUST-WP-0025-T08** is done. Proceed to Phase 2
then the generic MCP registration split. Do not rename State Hub to dev-hub dev-hub rename (**CUST-WP-0025-T09+**): MCP server name, config migration, and
until T05-T08 prove the shared package boundary. integration-point renames. Optional follow-up extractions (not blocking rename):
- map State Hub `ProgressEvent` foreign keys into `subject_refs`
- map CapabilityRequest workplan/task columns into JSON context fields

View File

@@ -0,0 +1,242 @@
# Infrastructure Stabilization Pickup Checkpoint
Updated: 2026-07-03 — **METAPLAN FINISHED.** Core Hub serves
hub.coulomb.social (Inter-Hub is rollback-only); the cluster State Hub is
primary behind 127.0.0.1:8000 (WSL2 fallback retained for the CUST-WP-0011-T08
stabilization window). Remaining follow-ons live in CORE-WP-0005/0007,
CUST-WP-0011-T08/T09, ops-warden confirmations, and ACTIVITY-WP-0006.
Coordinator workplan: `CUST-WP-0051`
## End-of-Day Checkpoint (2026-07-02 evening)
Nine workplans finished today and the Core Hub replacement lane was driven
from no deployed evidence to real data migrated with cutover blockers named.
**Finished this session:** ARTIFACT-STORE-WP-0007, RAIL-BS-WP-0008,
RAIL-BS-WP-0009, ACTIVITY-WP-0016, RAILIANCE-WP-0008, ISSUE-WP-0003,
CORE-WP-0004 (+ CUST-WP-0053 earlier). RAILIANCE-WP-0009/0010 are done bar
ops-warden catalog confirmation; NET-WP-0020-T02 is wired (needs a greenfield
slate for live proof).
**Live infrastructure now running (was blocked at session start):**
- Daily-triage robustness deployed on railiance01; bounded top-7 proven
(State Hub event `24d2d321`). Three scheduled runs (Jul 35) close
ACTIVITY-WP-0006 calibration by themselves.
- Credential lanes active: issue-core (`CCR-2026-0002`) and llm-connect
OpenRouter (`CCR-2026-0003`), applied via the constrained prod-applier,
both ExternalSecrets syncing. Lifecycle runbook at
`railiance-platform/docs/credential-lane-lifecycle-runbook.md`.
- issue-core REST emission live end-to-end (Gitea issue `176`) over a new
cross-machine ops-bridge lane (`remote_host` feature added to ops-bridge).
- Core Hub staging deployed on CoulombCore (`core-hub-staging`, image
`gitea.coulomb.social/coulomb/core-hub:3ed8531`): deployed API smoke +
activity-core sink smoke both green; full Inter-Hub data (28 records)
migrated idempotently.
**Open items requiring a decision (not agent-executable):**
1. **Core Hub cutover prerequisites (core-hub owner).** T03 dual-run found (a)
a blocking catalog gap — migrated widgets reference 7 `ops-*` widget types
absent from Core Hub's seeded registries because the migration bundle
omits the type registries; design choice: extend the bundle schema vs.
seed the vocabularies; (b) `/api/v2/hubs` auth-posture break (public →
protected). Both on `CORE-WP-0005-T04`; flagged via hub message `4b859f9b`.
2. **Core Hub production cutover** (`CORE-WP-0005-T04`): operator approval +
rollback plan, after prerequisite 1. Then `CORE-WP-0007` Haskell
retirement unblocks.
3. **State Hub pragmatic cutover** (`CUST-WP-0011-T07`): still the standing
operator freeze/restore/redirect approval (unchanged from prior board).
4. **ops-warden confirmations** close `RAILIANCE-WP-0009-T06` /
`RAILIANCE-WP-0010-T06` (no custodian action).
5. **NET-WP-0020-T02** greenfield live proof needs a rebuild slate.
Prior morning decision set (Core Hub staging cluster/secrets/image) is
resolved: CoulombCore + generated Secrets + Gitea registry, all executed.
## Original morning list (2026-07-02, all closed)
Every remaining execution lane converged on operator gates in the 2026-07-02
session (agent policy correctly blocks unattended production writes/reads on
railiance01, credential-bootstrap script edits, and OIDC/MFA logins). Each item
below is prepared to one command or one decision:
1. **Daily-triage robustness deploy** (`RAIL-BS-WP-0008`): image
`activity-core:railiance01-prod` is rebuilt locally from activity-core
`7612112` (T02 prompt contract included and gate-checked). Operator: run the
save/scp/import block from `activity-core/k8s/railiance/README.md`, sync the
repo *with `.git`* to `railiance01:~/activity-core` (the copy there has no
git metadata and the revision gate needs it), then
`cd ~/railiance-cluster && make deploy-activity-core-triage-robustness`.
Afterwards `make admin-sync-smoke` closes `RAIL-BS-WP-0009`.
2. **CCR approvals** (`RAILIANCE-WP-0009`/`0010`): `CCR-2026-0002`
(issue-core ingestion) and `CCR-2026-0003` (llm-connect OpenRouter) are
reviewed and binding-confirmed but still `proposed`. Approve, then
`make credential-change-applier-apply` per CCR; the issue-core
ExternalSecret already syncs, so verification is mostly confirm-not-create.
3. **Broker live evidence** (`RAILIANCE-WP-0005-T09`): needs one
KeyCape-OIDC-authenticated session to collect OpenBao audit-log references
and response-wrap unwrap-once evidence.
4. **Non-prod applier proof** (`RAILIANCE-WP-0008-T03`): mint one token from
`auth/token/roles/credential-change-nonprod-applier` and record apply +
denial probes.
5. **OpenBao unseal automation** (`NET-WP-0020-T02`, advanced 2026-07-02):
`make -C ~/net-kingdom openbao-init-unseal` exists with custody-model gate
and non-secret evidence; operator review still needed to wire it as a phase
inside `creds-bootstrap-agent.sh`, and greenfield live proof needs a rebuild
slate.
## Purpose
This checkpoint is the restart surface for the infrastructure stabilization
metaplan. It consolidates the workplan review, unblock boards, current State
Hub registration state, and the next strategic picks.
Use this file first when resuming the lane. Then open the source workplan named
in the relevant row and continue from its task state.
## Registration State
State Hub active workstreams queried on 2026-06-27:
| Workstream | Current pickup meaning |
| --- | --- |
| `artifact-store-wp-0007` | Start D7.1/D7.2 assessment and compatibility harness; D7.3 STS vending may route to NetKingdom. |
| `ihub-wp-0022` | Ops-hub evidence intake contract is aligned to live vocabulary; runtime key custody, protected widget lookup, and smoke remain. |
| `cust-wp-0047` | Now-view waits on the ops-hub Inter-Hub evidence lane, not on service inventory collection. |
| `cust-wp-0049` | Bootstrap access helper/runbook is ready; authenticated execution is operator-gated. |
| `cust-wp-0051` | This metaplan is the coordination layer for remaining cross-workplan gates. |
| `activity-wp-0016-llm-output-robustness-trust-boundary` | Repo-side output robustness bundle is prepared; live deploy/smoke proof remains. |
| `three-phoenix-ha-cluster` | HA substrate remains future critical-workload work, not the current State Hub cutover blocker. |
| `rail-ho-wp-0005` | Forgejo production migration is parked behind explicit design, SMTP, backup, runner, and cutover decisions. |
| `net-wp-0020` | OpenBao unseal/token custody remains an operator design and smoke gate. |
| `issue-wp-0003` | issue-core service is healthy; activity-core REST emission wiring remains. |
| `activity-wp-0006` | Calibration waits on the post-WP-0016 live daily-triage smoke and three clean scheduled runs. |
| `cust-wp-0038` | Full State Hub HA migration is deferred until the pragmatic railiance01 path stabilizes. |
| `cust-wp-0025` | FOS bootstrap resumes from identity integration and ops-hub evidence, not the old mega-hub scaffold. |
| `cust-wp-0011` | Active State Hub migration path; next gate is explicit cutover approval. |
Hygiene status:
- `CUST-WP-0045-cutover-runbook` is no longer active; it is a finished runbook
record, not an empty active workstream.
- `CUST-WP-0014` is reopened as `backlog`; it is no longer a done workplan with
todo task blocks.
- Completed or cancelled tasks no longer carry the stale human-needed flags
cleared during this stabilization session.
- `make fix-consistency REPO=the-custodian` still reports pre-existing C-12
orphan-row warnings, but the relevant workplan lifecycle and task states sync.
- `RAIL-BS-WP-0006-staged-promotion-lifecycle` is finished: all seven tasks
are done, the workstream is finished in State Hub, and the file frontmatter
is `status: finished`.
## Blocker Board
No live credential, access, or approval gate is unowned. Do not ask
`ops-warden` for secret values; use the route catalog, the `warden access`
assist/proxy surface where the catalog lane allows it, and the owning subsystem.
For credential-related blockers, classify the environment posture and workload
maturity first. Dev/test work can use synthetic contract doubles; production
real-value work needs owner custody, policy gates where applicable, and
non-secret evidence. See `docs/ops-warden-secret-posture-review.md`.
Do not implement ops-warden changes from this Custodian lane. New ops-warden
needs should be posted through State Hub as requirements or suggestions for the
separate ops-warden worker.
| Gate | Owner/route | Non-secret evidence to collect | Next action |
| --- | --- | --- | --- |
| State Hub pragmatic cutover | Custodian operator approval; `CUST-WP-0011-T07` | Final dump id/time, row-count comparison, chosen private endpoint, stabilization notes | Approve freeze/final restore and make railiance01 State Hub primary, or leave WSL2 primary explicitly. |
| State Hub fallback retirement | Custodian/operator approval; `CUST-WP-0038-T08` | HA failover drill id, restore drill id, stabilization pass | Keep deferred until after HA drills; do not retire WSL2 fallback early. |
| Inter-Hub ops-hub bootstrap | `inter-hub-bootstrap-ssh`, `openbao-api-key`, `ssh-cert-host-access` as needed | Hub id, manifest id, widget count, runtime key prefix only, smoke result | Legacy/fallback only. Prefer Core Hub deployed smoke; run attended Inter-Hub bootstrap only by explicit operator supersede/rollback decision. |
| Ops-hub runtime evidence key | `openbao-api-key` / OpenBao custody | OpenBao path/version or populated key count, event smoke id | Do not materialize legacy `OPS_HUB_KEY` until a deployed Core Hub smoke or explicit legacy Inter-Hub smoke is ready to use it. |
| Daily-triage live proof | activity-core deploy/runtime operator | State Hub `daily_triage` id, output-valid or partial/quarantine status, working-memory path | Bank the 2026-06-28 / 2026-06-29 / 2026-06-30 clean streak, then have the activity-core owner land/sync the in-flight WP-0016 diagnostics and prove bounded top-N plus graceful-degradation smoke. |
| activity-core to issue-core | route `activity-core-issue-sink` | `actcore-runtime-secret` has key, activity-core points to issue-core port `8765`, HTTP 201, Gitea issue id | Inject `ISSUE_CORE_API_KEY` through approved custody, set REST sink env, restart/sync, run safe emission. |
| Forgejo production design | Forgejo/operator decisions plus OpenBao/KeyCape/ops-bridge routes as needed | Decision id, SMTP smoke, backup/restore drill, package/action smoke, cutover approval id | Resolve T02 production choices before any production cutover work. |
| OpenBao unseal and credential helper | `openbao-api-key`, `railiance-infra-principals`, `ssh-cert-host-access`, `key-cape-oidc-login` | Policy names, role names, token accessor only, allow/deny smoke | `warden-sign` lane is verified/banked; broader custody profile and issuer automation remain separate operator-design gates. |
| ops-warden policy gate / warden-sign lane | `SECRETS-WP-0004` + `FLEX-WP-0007` finished; ops-warden operator posture | `decision:032b096c433ad80c`, `ttl_out_of_bounds`, backend `vault`; no token/role/secret/accessor values | No Custodian action. Keep `policy.enabled` off until testing/production maturity. |
## Daily Automation Evidence
The scheduled daily-triage runner is alive and writing State Hub plus working
memory evidence. The current blocker is bounded output-contract adoption and
live graceful-degradation proof, not scheduling or sink reachability.
Latest clean scheduled streak:
- 2026-06-28: event `f0d8477e-1db9-4c07-bb8c-d28cbb868abc`, schema-valid daily
triage, working memory written.
- 2026-06-29: event `176d2ea7-f0e3-48cd-999b-4ab6055c6a55`, schema-valid daily
triage, working memory written.
- 2026-06-30: event `27d695b2-a537-481b-ada6-ca84ec24cd96`, schema-valid daily
triage, working memory written.
Latest failed scheduled runs before the clean streak:
- 2026-06-26: event `97fd20a0-eee0-45ea-8290-6d91874e1515`, validation failed
at char 5268, working memory written.
- 2026-06-27: event `c5ab50a8-404b-4e30-849f-841b059ace65`, validation failed
at char 5246, working memory written.
Bank the three-run calibration streak, but keep the WP-0016 live-proof gate open
until the bounded top-N contract and graceful-degradation smoke are proven. The
activity-core worktree currently has in-flight uncommitted ACTIVITY-WP-0016
and ACTIVITY-WP-0018/0019 changes, so Custodian should wait for that owner to
commit/sync or explicitly hand off before treating those files as source truth.
Use activity-core repo-native automation status surface once it lands; do not
use assistant-provided scheduling as operational evidence.
## Production Service Summary
| Surface | Stable fact | Remaining gate |
| --- | --- | --- |
| State Hub | Pragmatic railiance01 path has image, manifests, empty deploy, migrations, restored WSL2 data, row-count comparison, and healthy API through `CUST-WP-0011-T06`. | `CUST-WP-0011-T07` cutover approval, then stabilization; HA path stays deferred. |
| Inter-Hub / Core Hub | Public `https://hub.coulomb.social/api/v2/hubs` exposes `ops-hub`; `CORE-WP-0008` finished the Core Hub API smoke harness, activity-core sink, staging profile, CLI wrappers, UI backlog, and Custodian handoff. | Run deployed Core Hub smoke, staging import, activity-core sink smoke, and readiness summary; keep Haskell Inter-Hub only for migration/rollback proof. |
| ops-hub evidence | `CUST-WP-0025-T14` is done with the Core Hub ops evidence contract spec. `CUST-WP-0025-T13` through `T19` now use Core Hub API/CLI/UI gates; `CUST-WP-0047` and `CUST-WP-0049` remain legacy/fallback records. | Execute `CUST-WP-0025-T16`, `T17`, and `T18`; close legacy Inter-Hub waits only through deployed Core Hub evidence or explicit supersede decision. |
| issue-core | ArgoCD service is healthy on port `8765`; image `0.2.1`; ExternalSecret Ready; authenticated smoke created Gitea issue `175`. | activity-core still needs `ISSUE_CORE_API_KEY`, URL port `8765`, `ISSUE_SINK_TYPE=rest`, and a safe emission smoke. |
| Forgejo | Migration inventory/design lane is active but pre-cutover. | Production design decisions, SMTP/email recovery, package registry, Actions, backup/restore, migration drill, cutover approval. |
| artifact-store | D7.1 is done; D7.2 has an opt-in live MinIO compatibility harness and manual smoke docs. No live secret handoff is recorded. | Run D7.2 against an approved MinIO-compatible endpoint, then route D7.3 STS vending through identity/platform custody before changing credential behavior. |
| secrets-engine | `SECRETS-WP-0004` is finished: the scoped `warden-sign` lane supported the vault-backed policy-gate smoke without exposing token material. `SECRETS-WP-0003` remains active for the real whynot-design npm publish pilot. | Finish or park `SECRETS-WP-0003` behind Gitea bot/package-token provisioning, OpenBao custody, ops-warden route confirmation, and real package publish evidence. |
| FOS hub | Old NK-WP-0001 Keycloak prerequisite is cancelled; NK-WP-0002 local identity, IAM Profile v0.2, the Core Hub FastAPI IAM Profile integration test, and Core Hub operator UI first screens are done; hub-core extraction/dev-hub work is done; CUST-WP-0025 Phase 3 has been rewritten for Core Hub. | Execute the remaining Core Hub deployed evidence and cutover gates: `CUST-WP-0025-T16` and `T17`. |
## Next-Pick List
1. Execute the remaining rewritten `CUST-WP-0025` Core Hub gates: deployed
smoke and activity-core proof (`T16`) and cutover decision coupling (`T17`).
T03, T14, and T18 are complete as the identity integration template, ops
evidence/read-model contract, and operator UI first-screen gates.
2. Keep `CUST-WP-0047` and `CUST-WP-0049` as legacy evidence/fallback until
Core Hub deployed smoke evidence or an explicit supersede decision closes
them.
3. Bank the 2026-06-28 / 2026-06-29 / 2026-06-30 clean daily-triage
streak for calibration, then have the activity-core owner land/sync the
in-flight WP-0016 diagnostics/status work and prove the bounded top-N plus
graceful-degradation smoke.
4. Complete the issue-core handoff by wiring activity-core to port `8765` with
`ISSUE_SINK_TYPE=rest` and one known-safe emission smoke.
5. Request explicit State Hub cutover approval for `CUST-WP-0011-T07`, or
record that WSL2 remains primary for the next operating period.
6. Run artifact-store D7.2 live MinIO-compatible evidence; Forgejo and storage
work can now inherit the finished staged-promotion gates.
7. Keep `SECRETS-WP-0003` parked until Gitea bot/package-token provisioning,
OpenBao custody, route confirmation, and a coordinated whynot-design version
bump are available.
8. Keep Forgejo cutover and State Hub HA work parked until their human decision
and drill gates are satisfied.
## Resume Commands
```bash
cd /home/worsch/the-custodian
sed -n '1,260p' workplans/CUST-WP-0051-infrastructure-stabilization-metaplan.md
sed -n '1,260p' docs/infrastructure-stabilization-pickup-checkpoint.md
sed -n '1,260p' docs/credential-custody-unblock-board.md
```
After workplan edits, sync from State Hub:
```bash
cd /home/worsch/state-hub
make fix-consistency REPO=the-custodian
```

View File

@@ -0,0 +1,52 @@
# Near-Term Production Service Lanes Status
Updated: 2026-06-30
## Purpose
Track `CUST-WP-0051-T05`: finish or park near-term production service lanes
before starting larger migrations.
## Lane Board
| Lane | Current state | Next action |
| --- | --- | --- |
| `issue-wp-0003` | issue-core is live through ArgoCD; image `0.2.1`, Service port `8765`, ExternalSecret Ready, authenticated smoke created Gitea issue `175`. | Do not flip activity-core blindly. First inject `ISSUE_CORE_API_KEY` into `actcore-runtime-secret` through route `activity-core-issue-sink`; then set activity-core `ISSUE_CORE_URL` to port `8765`, set `ISSUE_SINK_TYPE=rest`, restart/sync, and run one safe emission smoke. |
| `rail-ho-wp-0005` | Forgejo migration remains pre-implementation. Inventory is in progress; production decisions, SMTP/email recovery, cutover, and legacy retirement are human-gated. | Resolve T02 production decisions first, then build the disposable Forgejo probe. Do not start production cutover before promotion lifecycle, email recovery, package registry, Actions, backup/restore, and migration drill pass. |
| `artifact-store-wp-0007` | D7.1 is done. The dated MinIO/fork/object-store landscape assessment chose a compatibility-profile lane rather than a direct MaxIO fork. D7.2 is in progress with an opt-in live MinIO pytest harness and manual smoke docs; no secret value was read or recorded. | Run the D7.2 harness against an approved MinIO-compatible endpoint and capture health/round-trip/multipart evidence. Route D7.3 STS credential vending through identity/platform custody before changing artifact-store credential behavior. |
| `secrets-wp-0003` | Active. The whynot-design real npm publish pilot has a canonical decision and source-side runbook, but real publication still waits on Gitea bot/package-token provisioning, OpenBao custody, ops-warden route confirmation, and a coordinated whynot-design version bump. | Keep parked until the operator/Gitea/OpenBao gates are ready; do not request or record token values. The next safe non-secret action is route-confirmation evidence from ops-warden. |
| `staged-promotion-lifecycle` | Finished. Lifecycle spec, app contract, overlay scaffold, Stage 1 runner, canary template, deploy/observe tooling, promote/rollback tooling, and onboarding guide are done. | Use the finished promotion gates as prerequisites for Forgejo/source-forge and storage production work. |
## Credential And Operator Routing
`activity-core -> issue-core` REST emission uses route catalog id
`activity-core-issue-sink`.
Route lookup on 2026-06-27:
- owner: `activity-core + issue-core`
- ops-warden executes: no
- status: active
- next action: follow `ops-warden/wiki/playbooks/activity-core-issue-sink.md#worker-checklist`
No secret value was read or written. The required non-secret evidence is:
- `actcore-runtime-secret` has an `ISSUE_CORE_API_KEY` data key;
- activity-core worker consumes `ISSUE_CORE_URL=http://issue-core.issue-core.svc.cluster.local:8765`;
- `ISSUE_SINK_TYPE=rest`;
- one known-safe activity-core emission returns issue-core HTTP 201 and creates
a Gitea issue.
## Pickup Order
1. Close the issue-core handoff gate because the service is already healthy and
only activity-core live emission remains.
2. Treat staged-promotion as complete; use it as the gate model before
Forgejo cutover work accelerates.
3. Run artifact-store D7.2 live evidence against an approved MinIO-compatible
endpoint, with D7.3 routed to identity/platform custody if STS vending is
not artifact-store-owned.
4. Keep `secrets-wp-0003` parked behind Gitea bot/token, OpenBao custody,
ops-warden route confirmation, and coordinated whynot-design version bump.
5. Keep Forgejo production cutover parked behind explicit T02 decisions and the
staged-promotion/backup/email/package/action gates.

View File

@@ -0,0 +1,120 @@
# Ops Hub Inter-Hub Evidence Lane Status
Date: 2026-06-27
Workplan: `CUST-WP-0051-T03`
Related tasks: `CUST-WP-0047-T05`, `CUST-WP-0049-T06`, `IHUB-WP-0022-T03/T04/T07`
## Summary
The evidence lane is partially live but not ready to close.
Production Inter-Hub already exposes the public ops-hub bootstrap surface and
has an `ops-hub` row plus the ops-hub seed vocabulary. The remaining blockers
are:
1. authenticated bootstrap/runtime-key execution is still operator-gated;
2. protected widget and hub-registry reads cannot be verified without the
ops-hub runtime key;
3. the older `IHUB-WP-0022` activity-core mapping contract does not match the
currently live ops-hub seed vocabulary.
No secret values were requested, read, printed, or stored during this probe.
## Public Probe Evidence
Base URL: `https://hub.coulomb.social`
| Probe | Result |
| --- | --- |
| `GET /api/v2/hubs` | HTTP `200`; contains `ops-hub` |
| `GET /api/v2/openapi.json` | HTTP `200`; includes `/hubs`, `/hub-capability-manifests`, `/api-consumers`, `/policy-scopes` |
| `GET /api/v2/widgets` | HTTP `401`, protected as expected |
| `GET /api/v2/hub-registry` | HTTP `401`, protected as expected |
| `GET /api/v2/widget-types` | HTTP `200`; 14 ops widget types visible |
| `GET /api/v2/event-types` | HTTP `200`; 15 ops event types visible |
| `GET /api/v2/annotation-categories` | HTTP `200`; 10 ops annotation categories visible |
| `GET /api/v2/policy-scopes` | HTTP `200`; 7 ops policy scopes visible |
| `GET /api/v2/hub-capability-manifests?hubId=<ops-hub-id>` | HTTP `401`, protected as expected |
Observed public ops-hub id: `4f6e4cf7-6a96-4ff2-8a37-08c9f9e405d2`.
The existing `ops-hub/scripts/interhub-gate-probe.py` exits nonzero because it
still expects unauthenticated `/api/v2/hubs` to return `401`. The live contract
returns `200` for public hub discovery and `401` for protected surfaces such as
`/api/v2/widgets` and `/api/v2/hub-registry`.
## Live Ops Vocabulary
The live public registry matches `ops-hub/seeds/ops-hub-manifest.draft.json`:
- widget types: `ops-environment`, `ops-host`, `ops-cluster`, `ops-service`,
`ops-service-catalog`, `ops-endpoint`, `ops-release`, `ops-backup-set`,
`ops-secret-set`, `ops-runbook`, `ops-incident`, `ops-readiness-gate`,
`ops-migration-wave`, `ops-risk`;
- event types: `ops-inventory-registered`, `ops-inventory-updated`,
`ops-service-discovered`, `ops-health-checked`, `ops-release-observed`,
`ops-endpoint-verified`, `ops-backup-verified`, `ops-restore-tested`,
`ops-runbook-executed`, `ops-drift-detected`, `ops-risk-raised`,
`ops-risk-accepted`, `ops-readiness-gate-updated`,
`ops-migration-gate-passed`, `ops-migration-gate-failed`;
- policy scopes: `ops-local`, `ops-transitional-prod`, `ops-production`,
`ops-threephoenix`, `ops-registry`, `ops-secrets`,
`ops-backup-retention`.
## Contract Mismatch
`inter-hub/docs/contracts/ops-hub-activity-core-mapping.md` and
`ops-hub-activity-core-event-payloads.md` still describe the early
activity-core proposal:
| Contract name | Live seed status | Recommended action |
| --- | --- | --- |
| `ops-service-observed` | Not in live event registry | Rename to `ops-service-discovered`, or add an explicit alias event in the ops-hub manifest. |
| `ops-endpoint-verified` | Live | Keep. |
| `ops-access-path-checked` | Not in live event registry; no `ops-access-path` widget type in seed | Either add access-path vocabulary/widgets, or defer access-path submissions and keep State Hub fallback. |
| `ops-backup-verified` | Live | Keep, but map to `ops-backup-set` widget type. |
| `ops-inventory-drift` | Not in live event registry | Rename to `ops-drift-detected`, or add an explicit alias event. |
| `ops-evidence` policy scope | Not in live policy scopes | Use an existing ops scope or add `ops-evidence` to the manifest and activate it. |
| aggregate refs such as `ops:service:aggregate` | Not in `ops-hub/seeds/ops-hub-widgets.seed.json` | Seed aggregate intake widgets or change mapping to the existing entity/readiness widgets. |
| widget types such as `ops-service-card` | Not in live widget types | Use live widget types like `ops-service`, `ops-endpoint`, `ops-backup-set`, and `ops-readiness-gate`. |
## 2026-06-27 Contract Alignment
The Inter-Hub contract docs were revised in `/home/worsch/inter-hub` to target
the live ops-hub seed vocabulary:
- `ops-service-observed` is now a transition alias for
`ops-service-discovered`.
- `ops-inventory-drift` is now a transition alias for `ops-drift-detected`.
- `ops-access-path-checked` is explicitly deferred to State Hub fallback until
ops-hub adds access-path vocabulary or a readiness/risk mapping decision.
- The old `ops-evidence` policy scope is replaced by declared live scopes such
as `ops-production`, `ops-registry`, and `ops-backup-retention`.
- Payload examples now post only live manifest event types.
This removes the known contract-drift blocker before the attended bootstrap.
The remaining gate is authenticated widget lookup, any missing backup/risk seed
widget, runtime key custody, and protected event submission smoke.
## Current Closure State
`CUST-WP-0049-T06` remains `wait`: the helper and runbook are ready, but an
approved authenticated execution lane is still required.
`CUST-WP-0047-T05` remains `wait`: the ops-hub row and vocabulary are visible,
but seeded widgets and event acceptance cannot be proven without the protected
runtime path.
`IHUB-WP-0022-T03/T04/T07` remain gated: before an end-to-end smoke, reconcile
the activity-core mapping contract to the live ops-hub seed vocabulary or add
the missing aliases/aggregate widgets to the manifest.
## Next Pick
1. Use the aligned live-vocabulary contract for the attended
`CUST-WP-0049-T06` bootstrap.
2. Confirm protected widget ids and seed any missing backup/risk target widgets
required by the mapping.
3. Store or confirm `OPS_HUB_KEY` through OpenBao, then run the protected
widget/hub-registry/event smoke.

View File

@@ -3,7 +3,7 @@
<!-- generated by ops/render_service_inventory.py; edit ops/service-inventory.yml instead --> <!-- generated by ops/render_service_inventory.py; edit ops/service-inventory.yml instead -->
Source: `ops/service-inventory.yml` Source: `ops/service-inventory.yml`
Inventory last reviewed: `2026-06-05` Inventory last reviewed: `2026-07-03`
This is the repo-native first view for `CUST-WP-0047`. It exists so an This is the repo-native first view for `CUST-WP-0047`. It exists so an
operator can answer what is running where before the full standalone operator can answer what is running where before the full standalone
@@ -16,9 +16,9 @@ operator can answer what is running where before the full standalone
| Environments | 4 | | Environments | 4 |
| Hosts | 3 | | Hosts | 3 |
| Clusters | 3 | | Clusters | 3 |
| Services | 8 | | Services | 11 |
| Services: observed_ok | 2 | | Services: observed_ok | 6 |
| Services: unknown | 6 | | Services: unknown | 5 |
## Service Catalog ## Service Catalog
@@ -27,10 +27,13 @@ operator can answer what is running where before the full standalone
| Gitea (gitea) | CoulombCore<br>type: k3s; cluster: coulombcore-k3s; namespace: default | railiance-apps | https://gitea.coulomb.social/v2/<br>Expected: status 401, OCI registry auth challenge | unknown<br>2026-05-16: Inventory draft records Helm release gitea, namespace default, app version 1.25.4, NodePort 32166, and registry auth challenge. | database:gitea-db<br>pvc:default/gitea-shared-storage | k8s: unknown (coulombcore-k3s/default) | Package token and push/pull verification need current evidence. | | Gitea (gitea) | CoulombCore<br>type: k3s; cluster: coulombcore-k3s; namespace: default | railiance-apps | https://gitea.coulomb.social/v2/<br>Expected: status 401, OCI registry auth challenge | unknown<br>2026-05-16: Inventory draft records Helm release gitea, namespace default, app version 1.25.4, NodePort 32166, and registry auth challenge. | database:gitea-db<br>pvc:default/gitea-shared-storage | k8s: unknown (coulombcore-k3s/default) | Package token and push/pull verification need current evidence. |
| Gitea Database (gitea-database) | CoulombCore<br>type: k3s; cluster: coulombcore-k3s; namespace: databases | railiance-platform | - | unknown<br>2026-05-16: /home/worsch/helix-forge/wiki/OpsHubInventory.md | - | k8s: unknown (coulombcore-k3s/databases) | Backup and restore evidence not recorded in ops inventory. | | Gitea Database (gitea-database) | CoulombCore<br>type: k3s; cluster: coulombcore-k3s; namespace: databases | railiance-platform | - | unknown<br>2026-05-16: /home/worsch/helix-forge/wiki/OpsHubInventory.md | - | k8s: unknown (coulombcore-k3s/databases) | Backup and restore evidence not recorded in ops inventory. |
| Gitea Shared Storage (gitea-shared-storage) | CoulombCore<br>type: k3s; cluster: coulombcore-k3s; namespace: default | railiance-platform<br>railiance-apps | - | unknown<br>2026-05-16: /home/worsch/helix-forge/wiki/OpsHubInventory.md | - | k8s: unknown (coulombcore-k3s/default/pvc/gitea-shared-storage) | Package blob backup and restore evidence not confirmed. | | Gitea Shared Storage (gitea-shared-storage) | CoulombCore<br>type: k3s; cluster: coulombcore-k3s; namespace: default | railiance-platform<br>railiance-apps | - | unknown<br>2026-05-16: /home/worsch/helix-forge/wiki/OpsHubInventory.md | - | k8s: unknown (coulombcore-k3s/default/pvc/gitea-shared-storage) | Package blob backup and restore evidence not confirmed. |
| State Hub (state-hub) | Local Workstation<br>type: local-process; host: local-workstation; ports: 8000 | state-hub<br>the-custodian | http://127.0.0.1:8000/state/health<br>Expected: status 200, health response | observed_ok<br>2026-06-05: State Hub accepted inbox, task, and progress API calls. | postgresql:state-hub | http: observed_ok (http://127.0.0.1:8000) | Future cluster deployment readiness still needs ops evidence. | | State Hub (state-hub) | CoulombCore<br>type: k3s; cluster: coulombcore-k3s; namespace: state-hub | state-hub<br>the-custodian | http://127.0.0.1:8000/state/health<br>Expected: status 200, health response | observed_ok<br>2026-07-03: Cluster hub healthy; railiance01 reaches via fleet forward tunnel. | postgresql:state-hub-db | http: observed_ok (workstation tunnel state-hub-primary → cluster)<br>tunnel: observed_ok (railiance01 systemd fleet-state-hub-coulombcore → cluster) | Primary home must move to railiance01 per CUST-WP-0054-T05. |
| issue-core (issue-core) | CoulombCore<br>type: k3s; cluster: coulombcore-k3s; namespace: issue-core | issue-core | http://127.0.0.1:8765/healthz<br>Expected: status 200, version response | observed_ok<br>2026-07-02: REST emission live via cross-machine fleet path. | postgresql:issue-core | tunnel: observed_ok (railiance01 fleet-issue-core-coulombcore → cluster) | Target railiance01 overlay per CUST-WP-0054 drain Wave 4. |
| Core Hub (core-hub) | CoulombCore<br>type: k3s; cluster: coulombcore-k3s; namespace: core-hub-staging | core-hub | https://hub.coulomb.social/api/v2/hubs<br>Expected: status 200, hub list when authenticated | observed_ok<br>2026-07-02: Staging deployed; production cutover gated on CORE-WP-0005-T04. | postgresql:core-hub | k8s: observed_ok (coulombcore-k3s/core-hub-staging) | Production cutover to railiance01 pending operator approval. |
| Fleet Mesh (railiance01) (fleet-mesh-railiance01) | Railiance01<br>type: systemd; host: railiance01 | the-custodian<br>ops-bridge | http://127.0.0.1:18000/state/health<br>Expected: status 200 | observed_ok<br>2026-07-03: Workstation reverse tunnels stopped; systemd forwards healthy. | - | ssh-tunnel: observed_ok (railiance01 → coulombcore ClusterIPs) | Migrate to atm-fleet-mesh cert_command when VAULT_TOKEN available. |
| Inter-Hub (inter-hub) | ThreePhoenix Production<br>type: external; public_endpoint: https://hub.coulomb.social | inter-hub | https://hub.coulomb.social/api/v2/openapi.json<br>Expected: status 200, OpenAPI document | unknown<br>2026-05-16: /home/worsch/helix-forge/wiki/OpsHubInventory.md | - | https: unknown (https://hub.coulomb.social) | ops-hub bootstrap requires authenticated UI flow or deployment-side migration. | | Inter-Hub (inter-hub) | ThreePhoenix Production<br>type: external; public_endpoint: https://hub.coulomb.social | inter-hub | https://hub.coulomb.social/api/v2/openapi.json<br>Expected: status 200, OpenAPI document | unknown<br>2026-05-16: /home/worsch/helix-forge/wiki/OpsHubInventory.md | - | https: unknown (https://hub.coulomb.social) | ops-hub bootstrap requires authenticated UI flow or deployment-side migration. |
| activity-core (activity-core) | Railiance01<br>type: k3s; cluster: railiance01-k3s; namespace: activity-core | activity-core<br>the-custodian | activity-core API health endpoint<br>Expected: status 200, healthy DB and Temporal status | observed_ok<br>2026-05-23: API health, worker rollout, Temporal CLI schedule listing, and State Hub bridge were verified. | postgresql:activity-core<br>temporal:activity-core<br>nats:railiance01 | k8s: observed_ok (railiance01-k3s/activity-core) | Add explicit ops inventory probes and evidence events. | | activity-core (activity-core) | Railiance01<br>type: k3s; cluster: railiance01-k3s; namespace: activity-core | activity-core<br>the-custodian | activity-core API health endpoint<br>Expected: status 200, healthy DB and Temporal status | observed_ok<br>2026-05-23: API health, worker rollout, Temporal CLI schedule listing, and State Hub bridge were verified. | postgresql:activity-core<br>temporal:activity-core<br>nats:railiance01 | k8s: observed_ok (railiance01-k3s/activity-core) | Add explicit ops inventory probes and evidence events. |
| Ops Bridge (ops-bridge) | Local Workstation<br>type: bridge; host: local-workstation | ops-bridge | - | unknown<br>2026-05-16: Bridge is useful for connected-server visibility but is not itself the service catalog. | - | ssh-tunnel: unknown (connected remote servers) | Emit reachability evidence into ops-hub instead of relying on bridge state as inventory. | | Ops Bridge (ops-bridge) | Local Workstation<br>type: bridge; host: local-workstation | ops-bridge | - | observed_ok<br>2026-07-03: state-hub-railiance01 and issue-core-railiance01 stopped; not production-critical. | - | ssh-tunnel: observed_ok (interactive dev tunnels only (k3s-api, state-hub-primary)) | Install ops-bridge on railiance01 or keep systemd fleet-mesh units. |
| Haskell Build Agent (haskell-build-agent) | Local Workstation<br>type: systemd; host: haskell-build-vm | the-custodian | http://127.0.0.1:18000<br>Expected: VM can reach State Hub through SSH forward | unknown<br>undated: Build agent is a systemd service and registers with State Hub on boot. | - | ssh: unknown (local workstation reverse tunnel port 12222) | Current tunnel and capability registration need live evidence in ops-hub. | | Haskell Build Agent (haskell-build-agent) | Local Workstation<br>type: systemd; host: haskell-build-vm | the-custodian | http://127.0.0.1:18000<br>Expected: VM can reach State Hub through SSH forward | unknown<br>undated: Build agent is a systemd service and registers with State Hub on boot. | - | ssh: unknown (local workstation reverse tunnel port 12222) | Current tunnel and capability registration need live evidence in ops-hub. |
## Open Operating Gaps ## Open Operating Gaps
@@ -50,7 +53,21 @@ operator can answer what is running where before the full standalone
### State Hub (`state-hub`) ### State Hub (`state-hub`)
- Future cluster deployment readiness still needs ops evidence. - Primary home must move to railiance01 per CUST-WP-0054-T05.
- Consistency sweep writebacks still target workstation paths.
### issue-core (`issue-core`)
- Target railiance01 overlay per CUST-WP-0054 drain Wave 4.
### Core Hub (`core-hub`)
- Production cutover to railiance01 pending operator approval.
### Fleet Mesh (railiance01) (`fleet-mesh-railiance01`)
- Migrate to atm-fleet-mesh cert_command when VAULT_TOKEN available.
- Retire when State Hub and issue-core move to railiance01.
### Inter-Hub (`inter-hub`) ### Inter-Hub (`inter-hub`)
@@ -62,7 +79,7 @@ operator can answer what is running where before the full standalone
### Ops Bridge (`ops-bridge`) ### Ops Bridge (`ops-bridge`)
- Emit reachability evidence into ops-hub instead of relying on bridge state as inventory. - Install ops-bridge on railiance01 or keep systemd fleet-mesh units.
### Haskell Build Agent (`haskell-build-agent`) ### Haskell Build Agent (`haskell-build-agent`)

View File

@@ -0,0 +1,42 @@
# ops-warden Secret Posture Review
Date: 2026-06-27
Owner: the-custodian coordination; ops-warden owns the source standard.
## Review Outcome
ops-warden is moving from a simple "SSH certs plus route pointers" surface to a
more useful access and conformance steward:
- it still directly issues only the SSH certificate lane;
- it routes other credential needs to their owning subsystem;
- `warden access` may advise or proxy `exec_capable` lanes as the caller, without
storing values or becoming a secret broker;
- WARDEN-WP-0015 adds workload security posture: `dev/test/prod` environment
posture plus `M0-M3` workload maturity and a secret-flow lattice.
This helps CUST-WP-0051 because a security blocker can now be classified instead
of left as a generic "credentials needed" stop.
## Blocker Refinement Rules
| Situation | CUST-WP-0051 action |
| --- | --- |
| Dev/test implementation needs a credential-shaped dependency | Use synthetic contract doubles; do not wait for production secrets. |
| Production smoke needs a real value | Route to the owner, collect non-secret evidence, and keep the value out of Codex-visible surfaces. |
| Route is `exec_capable` | Prefer `warden access --fetch/--exec` as the caller over copy/paste handling. |
| Workload maturity is below the secret requirement | Keep the blocker; resolve by maturity advancement, policy/design change, or avoiding the secret. |
| OpenBao unseal, break-glass, or issuer custody is unresolved | Keep as operator ceremony/design blocker. |
## Current CUST-WP-0051 Read
| Gate | Refined blocker |
| --- | --- |
| Ops-hub runtime `OPS_HUB_KEY` | Production real-value custody gate; implementation is not blocked, live smoke is. |
| Inter-Hub ops-hub bootstrap | Access/custody gate with an attended execution path; no need to request secret values from ops-warden. |
| activity-core -> issue-core | Production API key injection/evidence gate; route is known through `activity-core-issue-sink`. |
| OpenBao unseal/helper | M3-style ceremony gate; operator design remains required. |
| Forgejo production migration | Production readiness gate spanning credentials, recovery drills, and cutover approval. |
Evidence stays non-secret: route id, owner, posture, maturity, policy decision id,
OpenBao path/version, populated-key count, smoke id, token accessor, or drill id.

View File

@@ -0,0 +1,50 @@
# Phoenix Machine Drill Runbook (CUST-WP-0054-T08)
Date: 2026-07-08
Composes existing bootstrap pieces into one rehearsable machine-scale phoenix
path. Live wipe/rebuild proof requires an operator-approved disposable target.
## Entry Points
```bash
# Non-destructive prerequisite check
/home/worsch/the-custodian/tools/phoenix-drill.sh check
# Ordered drill plan (no execution)
/home/worsch/the-custodian/tools/phoenix-drill.sh plan
```
## Composed Pieces
| Layer | Source | Command / artifact |
| --- | --- | --- |
| Node bootstrap | `railiance-cluster` | `make bootstrap``ansible/bootstrap.yml` |
| Secret custody | `railiance-platform` / NET-WP-0020 | `make openbao-init-unseal` |
| Workload promotion | RAIL-BS-WP-0006 | staged-promotion overlay + `railiance/app.toml` |
| Data restore | `railiance-infra` | `tools/forgejo-restore-drill.sh` |
| Ops evidence | `core-hub` | `make operator-cli CLI_ARGS="deployed-smoke ..."` |
| Hub coordination | `state-hub` | `make dev-hub` for local rebuild from files |
## Drill Sequence
1. **Custody gate** — operator holds unseal/init tokens; no secrets in Git.
2. **Greenfield OS** — ansible bootstrap on disposable target.
3. **OpenBao + identity** — NET-WP-0020 greenfield proof chain.
4. **k3s join** — cluster membership per `railiance-cluster` inventory.
5. **Staged promotion** — one non-critical workload overlay first (glas-harness probe).
6. **Restore drill** — CNPG backup/restore for one database workload.
7. **Fleet mesh**`atm-` tunnels; verify no workstation relay in path.
8. **Evidence** — readiness-summary JSON, non-secret smoke ids, rollback commands.
## Rollback
Each step records the inverse command before proceeding. Machine phoenix for
coulombcore → railiance02 (T09) uses this same drill after Waves 17 complete.
## References
- `docs/workstation-independence-fleet-architecture.md`
- `docs/coulombcore-drain-placement-plan.md`
- `history/2026-07-02-openbao-greenfield-init-unseal-proof.md` (railiance-platform)
- `workplans/CUST-WP-0054-workstation-independence-and-fleet-realignment.md` T08/T09

View File

@@ -0,0 +1,34 @@
# State Hub Migration Strategy Status
Updated: 2026-06-27
## Decision
Use `CUST-WP-0011` as the active State Hub stabilization path.
Keep `CUST-WP-0038` and `RAIL-BS-WP-0007` as deferred HA/ThreePhoenix follow-up lanes.
Rationale: the pragmatic railiance01 deployment has already completed image
publish, cluster manifests, empty deploy, migrations, WSL2 data restore, row-count
comparison, and cluster API health checks. The remaining work is cutover and
stabilization, not initial buildout.
## Current State
| Path | State | Next action |
| --- | --- | --- |
| `CUST-WP-0011` pragmatic railiance01 | T01-T06 done. Cluster State Hub has verified restored WSL2 data and healthy API. | T07: get explicit approval to freeze WSL2 writes, restore final dump, compare again, and redirect private access/MCP to the cluster endpoint. |
| `CUST-WP-0038` full HA State Hub | Entry criteria depend on completing or superseding CUST-WP-0011 and passing stabilization. All implementation tasks are still todo. | Defer until cluster-hosted State Hub proves stable and ThreePhoenix storage/database strategy is current. |
| `RAIL-BS-WP-0007` ThreePhoenix HA cluster | All phases are todo. | Treat as substrate work for future critical workloads and HA State Hub, not as a blocker for pragmatic cutover. |
## Human Gates
- `CUST-WP-0011-T07`: explicit approval required before freezing WSL2 writes and making the cluster State Hub primary.
- `CUST-WP-0038-T08`: explicit approval required before retiring WSL2 fallback after HA failover and restore drills.
## Stable Pickup Path
1. Reconfirm current WSL2 backup and take final pre-cutover dump.
2. Restore final dump into railiance01 State Hub and compare counts again.
3. Redirect the active private access path: either keep local `127.0.0.1:8000` and move it to an ops-bridge/SSH tunnel, or set MCP `API_BASE` to the private cluster endpoint.
4. Run stabilization with WSL2 retained as fallback.
5. Document the operating model and leave final retirement to a later explicit decision or HA workplan.

View File

@@ -0,0 +1,89 @@
# T05 Phase 1 Evidence — Empty Stack on railiance01 (2026-07-06)
Workplan: `CUST-WP-0054-T05`
Parent runbook: `docs/state-hub-railiance01-cutover-plan.md`
`no_secret_material_recorded: true`
## Checklist
| Step | Action | Result | Evidence |
| --- | --- | --- | --- |
| 1.1 | Create `state-hub` namespace | **pass** | `kubectl get ns state-hub` |
| 1.2 | Deploy `state-hub-db` CNPG | **pass** | Cluster `databases/state-hub-db` healthy, 1 instance |
| 1.3 | Apply DB NetworkPolicies | **pass** | Applied from `deploy/railiance/platform/` |
| 1.4 | Create `state-hub-env` Secret | **pass** | `DATABASE_URL``state-hub-db-rw.databases.svc.cluster.local` |
| 1.5 | Helm image pin (Forgejo target) | **deferred** | Values updated; deploy uses gitea workaround (see § Image) |
| 1.6 | Alembic init Job | **pass** | `state-hub-alembic-init` Completed; head `f0a1b2c3d4e5` |
| 1.7 | Helm install + `/state/health` | **pass** | Pod Running; health `ok`, db `connected` |
**Phase 1 status: complete** (empty hub healthy; no production data). Phase 2 blocked on operator approval (Phase 0.6).
## Deployed resources (railiance01-k3s)
| Resource | Namespace | Status |
| --- | --- | --- |
| Secret `state-hub-db-credentials` | `databases` | present |
| CNPG Cluster `state-hub-db` | `databases` | healthy |
| Secret `state-hub-env` | `state-hub` | present |
| Helm release `state-hub` (rev 2) | `state-hub` | deployed |
| Job `state-hub-alembic-init` | `state-hub` | Completed |
| Deployment `state-hub` | `state-hub` | Running 1/1 |
| Service `state-hub` | `state-hub` | ClusterIP `10.43.68.154:8000` |
Kubeconfig: `KUBECONFIG=~/.kube/config-hosteurope` (workstation WSL).
## API verification (port-forward `18080:8000`)
```bash
curl -s http://127.0.0.1:18080/state/health
# {"status":"ok","db":"connected"}
curl -s http://127.0.0.1:18080/state/summary
# totals: topics=0, workstreams=0, tasks=0, decisions=0
```
Captured: 2026-07-06T16:24:19Z.
## Database verification (empty schema)
Alembic at head `f0a1b2c3d4e5`. Baseline gate tables — all **zero rows**:
| Table | Count |
| --- | ---: |
| `workplans` | 0 |
| `tasks` | 0 |
| `topics` | 0 |
| `progress_events` | 0 |
| `token_events` | 0 |
| `managed_repos` | 0 |
| `decisions` | 0 |
Queried via `kubectl exec` on `databases/state-hub-db-1` as `postgres`.
Post-Phase-2 restore must match coulombcore preflight counts exactly (see
`docs/state-hub-railiance01-cutover-preflight-2026-07-06.md`).
## Image workaround
| Image | Status | Notes |
| --- | --- | --- |
| `forgejo.coulomb.social/coulomb/state-hub:main-f9f0091` | **broken** | Empty venv (DinD `/tmp` + cache defect) |
| `forgejo.coulomb.social/coulomb/state-hub:main-d1a4fcf` | **fixed** | CI green @ `d1a4fcf`; `asyncpg` 0.31.0, 246-byte requirements |
| `gitea.coulomb.social/coulomb/state-hub:f2e042a` | **deployed** | Phase 1 Helm override; swap to Forgejo tag before Phase 2 |
**Root cause:** DinD legacy builder did not persist `/tmp` across RUN steps and
reused stale COPY layers; CI reported success at `f9f0091` with empty venv.
Fixed in `state-hub` @ `d1a4fcf` (single-RUN deps install under `/app`).
## Phase 2 prerequisites
- [ ] Operator approval for freeze/final restore (Phase 0.6)
- [x] Fix and republish Forgejo `state-hub` image (`main-d1a4fcf`)
- [ ] Helm upgrade railiance01 deploy to Forgejo image before Phase 2
- [ ] Fresh `pg_dump` from coulombcore per CUST-WP-0011-T07 playbook
## References
- `state-hub/deploy/railiance/apps/helm/state-hub-values.yaml` — Forgejo image pin
- `docs/state-hub-railiance01-cutover-plan.md` — Phase 25 sequence
- ClusterIP `10.43.68.154` — capture for Phase 3 tunnel rewire

View File

@@ -0,0 +1,62 @@
# T05 Phase 2 Evidence — Data Migration to railiance01 (2026-07-06)
Workplan: `CUST-WP-0054-T05`
Parent runbook: `docs/state-hub-railiance01-cutover-plan.md`
`no_secret_material_recorded: true`
## Checklist
| Step | Action | Result | Evidence |
| --- | --- | --- | --- |
| 2.1 | Pre-freeze `pg_dump` (coulombcore) | **pass** | `/tmp/state-hub-prefreeze-20260706T165001Z.dump` (3.0 MiB) |
| 2.2 | Freeze coulombcore writer | **pass** | `deployment/state-hub` scaled to 0 |
| 2.3 | Final `pg_dump` after freeze | **pass** | `/tmp/state-hub-final-20260706T165019Z.dump` (3.0 MiB) |
| 2.4 | Restore into railiance01 `state-hub-db` | **pass** | DROP/CREATE `state_hub` + `pg_restore --role=state_hub` |
| 2.5 | Exact-count comparison | **pass** | All 7 baseline tables match ±0 |
| 2.6 | Scale railiance01 API + verify | **pass** | Forgejo `main-d1a4fcf`; `/state/health` ok |
**Phase 2 status: complete.** Phase 3 (rewire access paths) not started.
## Baseline counts (pre-freeze gate)
Captured from coulombcore `state-hub-db-1` @ 2026-07-06T16:50Z:
| Table | Count |
| --- | ---: |
| `workplans` | 640 |
| `tasks` | 4002 |
| `topics` | 14 |
| `progress_events` | 8723 |
| `token_events` | 1936 |
| `managed_repos` | 74 |
| `decisions` | 79 |
Post-restore counts on railiance01 matched exactly.
## Production state after Phase 2
| Cluster | API | DB writer |
| --- | --- | --- |
| **railiance01** | Running 1/1 (`forgejo…:main-d1a4fcf`) | **primary** (restored data) |
| **coulombcore** | Scaled to **0** (frozen, rollback-capable) | Unchanged CNPG (source dump retained) |
Workstation `http://127.0.0.1:8000` still tunnels to coulombcore — **unreachable until Phase 3**.
## API verification (port-forward `18081:8000`)
```json
{"status":"ok","db":"connected"}
```
`GET /state/summary` totals: topics=14, workstreams=640, tasks=4002, decisions=79.
## Rollback
- coulombcore dump files retained under `/tmp/state-hub-*-20260706T*.dump` on workstation
- Scale coulombcore `state-hub` back to 1; do **not** delete railiance01 data until Phase 5 stabilizes
## Next: Phase 3
- Repoint `state-hub-primary` tunnel → railiance01 ClusterIP `10.43.68.154:8000`
- activity-core in-cluster URL; retire `fleet-state-hub-coulombcore`
- Smoke `POST /progress/` through production path

View File

@@ -0,0 +1,77 @@
# T05 Phase 3 Evidence — Access Path Rewire (2026-07-06)
Workplan: `CUST-WP-0054-T05`
Parent runbook: `docs/state-hub-railiance01-cutover-plan.md`
`no_secret_material_recorded: true`
## Checklist
| Step | Action | Result | Evidence |
| --- | --- | --- | --- |
| 3.1 | activity-core in-cluster URL | **pass** | `STATE_HUB_URL=http://state-hub.state-hub.svc.cluster.local:8000` |
| 3.2 | Retire `fleet-state-hub-coulombcore` | **pass** | systemd stopped + disabled on railiance01 |
| 3.3 | Workstation `state-hub-primary` | **pass** | `92.205.62.239``10.43.68.154:8000` |
| 3.4 | Agents `127.0.0.1:8000` | **pass** | `/state/health` ok via tunnel |
| 3.5 | Smoke write | **pass** | progress event `659fabf6` via `:8000` |
**Phase 3 status: complete.**
## Changes applied
### activity-core (railiance01-k3s)
- ConfigMap `actcore-runtime-config`: `STATE_HUB_URL` → in-cluster service
- `actcore-state-hub-bridge` Deployment scaled to **0**
- Rollout restart: `actcore-worker`, `actcore-api`, `actcore-event-router`
- Source: `activity-core/k8s/railiance/20-runtime.yaml`
Verified from `actcore-api` pod:
```text
url http://state-hub.state-hub.svc.cluster.local:8000
{"status":"ok","db":"connected"}
```
### railiance01 host
```bash
systemctl --user stop fleet-state-hub-coulombcore
systemctl --user disable fleet-state-hub-coulombcore
```
`:18000` no longer serves State Hub (expected).
### Workstation ops-bridge
`~/.config/bridge/tunnels.yaml``state-hub-primary`:
| Field | Before | After |
| --- | --- | --- |
| `host` | `92.205.130.254` (coulombcore) | `92.205.62.239` (railiance01) |
| `remote_host` | `10.43.170.94` | `10.43.68.154` |
| `actor` | `agt-claude-coulombcore` | `agt-claude-railiance01` |
Stale `state-hub-coulombcore` tunnel on `:8000` cleared before primary restart.
## Verification
```bash
curl -s http://127.0.0.1:8000/state/health
# {"status":"ok","db":"connected"}
curl -s http://127.0.0.1:8000/state/summary
# workstreams 640, tasks 4002
```
## Production topology after Phase 3
```
workstation :8000 ──state-hub-primary──► railiance01 SSH ──► 10.43.68.154:8000 (state-hub)
activity-core pods ──in-cluster DNS──► state-hub.state-hub.svc.cluster.local:8000
coulombcore state-hub Deployment: scaled 0 (rollback only)
```
## Next: Phase 45
- Phase 4: sweep checkout migration to `/home/tegwick/<slug>`
- Phase 5: 4872h stabilization before coulombcore teardown

View File

@@ -0,0 +1,83 @@
# T05 Phase 4 Evidence — Sweep Checkout Migration (2026-07-06)
Workplan: `CUST-WP-0054-T05`
Parent runbook: `docs/state-hub-railiance01-cutover-plan.md`
`no_secret_material_recorded: true`
## Checklist
| Step | Action | Result | Evidence |
| --- | --- | --- | --- |
| 4.1 | Clone root `/home/tegwick/<slug>` | **pass** | 74 host_paths registered; 73 new clones + 4 retried |
| 4.2 | Bulk clone from git remotes | **pass** | `railiance01-bulk-clone-repos.sh` on railiance01 |
| 4.3 | Register `host_paths` | **pass** | host=`239.62.205.92.host.secureserver.net` × 74 |
| 4.4 | Sweep on railiance01 | **pass** | `POST /consistency/sweep/remote-all` exit_code=0 |
| 4.5 | Writeback on railiance01 | **pass** | `the-custodian` fix: `push: pushed` from `/home/tegwick/` |
**Phase 4 status: complete.**
## Infrastructure changes
### state-hub image (`main-phase4-sweep`)
Imported to railiance01 k3s (local build; promote via Forgejo CI next):
- Dockerfile: `git`, `openssh-client`
- `STATE_HUB_SWEEP_HOSTNAME` env (Kubernetes pod hostname cannot contain dots)
- `api/classification.py`: railiance01 path fallback for allowed-values YAML
- `scripts/consistency_check.py`: `_sweep_hostname()` for `host_paths` resolution
### Helm (`deploy/railiance/apps/helm/state-hub-values.yaml`)
```yaml
sweep:
enabled: true
hostname: 239.62.205.92.host.secureserver.net
hostPath: /home/tegwick
sshHostPath: /home/tegwick/.ssh
```
Deployment mounts host clone tree + SSH config; `postStart` sets
`git config --global safe.directory '*'` (root in pod, tegwick-owned repos).
### railiance01 host
- SSH: `~/.ssh/config` with `forgejo-remote` + `gitea-remote` (workstation `id_gitea` copied)
- Clone tree: `/home/tegwick/<slug>` (77 entries incl. tooling dirs)
- Failed-then-fixed slugs: `ihp-railiance-probe`, `llm-connect`, `markitect-project` (from `markitect_project`), `vergabe_teilnahme` (from `vergabe-teilnahme`)
## Tooling added (the-custodian)
- `tools/railiance01-bulk-clone-repos.sh`
- `tools/railiance01-register-host-paths.sh`
## Verification
```bash
# Single-repo fix inside pod — railiance01 path, push succeeds
kubectl -n state-hub exec deploy/state-hub -- \
python3 /app/scripts/consistency_check.py --repo the-custodian --fix \
--api-base http://127.0.0.1:8000
# → repo_path: /home/tegwick/the-custodian, push: pushed
# Full sweep canary
curl -s -X POST http://127.0.0.1:8000/consistency/sweep/remote-all \
-H "Content-Type: application/json" \
-d '{"max_seconds":300,"source":"phase4-canary"}'
# → exit_code: 0, 8 repos processed (budget-limited first pass), skipped_missing: 0
```
`.custodian-brief.md` on railiance01 (`17:08 UTC`) is newer than workstation (`15:27 UTC`).
Workstation `host_paths[bnt-lap001]` retained for dev; production sweep resolves
`host_paths[239.62.205.92.host.secureserver.net]`.
## Follow-ups (Phase 5)
- Promote `main-phase4-sweep` image via Forgejo CI (replace hand-imported tag)
- Allow longer first-pass sweep budget or multiple cron cycles to reconcile all 74 repos
- activity-core scheduled sweeps should recover (were failing with exit_code=1 pre-Phase-4)
## Next: Phase 5
4872h stabilization before coulombcore hub teardown.

View File

@@ -0,0 +1,109 @@
# T05 Phase 5 Evidence — Stabilization Window (2026-07-06)
Workplan: `CUST-WP-0054-T05`
Parent runbook: `docs/state-hub-railiance01-cutover-plan.md`
`no_secret_material_recorded: true`
## Window
| Field | Value |
| --- | --- |
| Started | 2026-07-06 ~17:35 UTC |
| Target close | 2026-07-09 17:35 UTC (72h) |
| Owner | custodian |
| Rollback | coulombcore `state-hub` Deployment + dumps retained ≥7 days |
**Phase 5 status: in progress.**
## Kickoff baseline (2026-07-06T17:41Z)
| Check | Result | Evidence |
| --- | --- | --- |
| Hub `/state/health` | **pass** | `{"status":"ok","db":"connected"}` via `state-hub-primary` |
| Row-count gate | **pass** | workstreams **640**, tasks **4002**, topics **14** (matches Phase 2 gate) |
| railiance01 pod | **pass** | `state-hub-76fdffdc9d-dtvpb` Running, **0** restarts (rev 7 @ `main-375961c`) |
| CNPG `state-hub-db` | **pass** | `Cluster in healthy state`, 1/1 |
| coulombcore rollback | **pass** | `state-hub` replicas=**0** (not deleted) |
| activity-core hub path | **pass** | in-cluster `http://state-hub.state-hub.svc.cluster.local:8000`; bridge **0** |
| Consistency sweeps | **pass** | 6/6 recent events `exit_code=0`, `skipped_missing=0` (post-17:15 UTC) |
| Sweep writeback host | **pass** | repos resolve `/home/tegwick/*` (Phase 4) |
| Workstation tunnel | **pass** | `state-hub-primary` connected + LIVE → railiance01 |
| Daily triage (post-cutover) | **pass** | manual trigger 2026-07-06T17:50Z; event `a99e644e`, report `daily-triage-2026-07-06-67685f1c.md` |
| issue-core emission | **unchanged** | `issue-core-coulombcore` tunnel connected; null-sink audit mode (Wave 4) |
Kickoff sweep (`source=phase5-kickoff`): **exit_code=0**, 10 repos processed, 0 missing.
## Day-1 check (2026-07-06T22:35Z)
`tools/phase5-stabilization-check.sh` — all green:
| Check | Result |
| --- | --- |
| `/state/health` + totals | **pass** — 640 workstreams / 4002 tasks / 14 topics |
| railiance01 pod | **pass**`state-hub-76fdffdc9d-dtvpb`, 0 restarts, age ~4h |
| CNPG | **pass** — healthy 1/1 |
| coulombcore rollback | **pass** — replicas=0 |
| activity-core | **pass** — in-cluster URL; bridge replicas=0 |
| Sweeps (last 6) | **pass** — exit_code=0, proc=11, missing=0 |
| Daily triage | **pass** — last run 2026-07-06T17:50Z |
| Tunnels | **pass**`state-hub-primary` connected + LIVE |
Window closes **2026-07-09 ~17:35 UTC** (~65h remaining at check time).
## Scheduled checks (activity-core)
| Definition | Schedule | Event type |
| --- | --- | --- |
| `phase5-stabilization-daily` (`f3a8c2e1…`) | `0 9 * * *` Europe/Berlin | `phase5_stabilization_check` |
| `phase5-stabilization-closeout` (`e7d2b5a8…`) | once `2026-07-09T17:35Z` | `phase5_stabilization_closeout` |
Hub-visible gates: health, totals (640/4002/14), last 6 sweeps, daily triage
freshness ≤36h. Closeout fails visibly when any gate is red; passes record
`operator_signoff_needed` for coulombcore teardown approval.
## Monitoring
Run daily (or after incidents):
```bash
~/the-custodian/tools/phase5-stabilization-check.sh
```
Sweep history (24h):
```bash
cd ~/state-hub
uv run python scripts/compare_consistency_sweep_parallel.py --since-hours 24
```
## Exit gates (T05 done)
From `docs/state-hub-railiance01-cutover-plan.md` verification checklist:
- [x] `/state/summary` totals match pre-cutover (±0)
- [x] activity-core **daily triage** succeeds once post-cutover (manual 2026-07-06T17:50Z)
- [x] activity-core **consistency sweeps** succeed without `fleet-state-hub-coulombcore`
- [x] Workstation `:8000` serves railiance01 hub
- [x] Writeback lands on railiance01 clone path
- [x] coulombcore hub scaled to 0
- [x] Cutover progress notes recorded (Phases 05)
**Close Phase 5 / mark T05 done when:** 72h window passes with no data-loss signals,
sweeps stay `exit_code=0` (lock_skipped acceptable), one post-cutover daily triage
succeeds, and operator approves coulombcore hub teardown window.
## Known watch items
1. **Sweep budget** — 300s processes ~810 dirty repos per tick; expect gradual
reconciliation across 15m cron cycles (not a blocker).
2. ~~**Image tag**~~**resolved 2026-07-07T01:10Z**: Forgejo CI `image.yaml #31`
published `main-0ca9c27` (working-memory sweep commit support); Helm rev 8
deployed; `/state/health` ok. Prior `main-375961c` (rev 7) superseded.
3. **Stale tunnel**`state-hub-coulombcore` shows `[STALE]`; safe to retire after
stabilization if unused.
4. **issue-core** — still coulombcore-chained; tracked under Wave 4 / T06, not T05.
## References
- Phase 4: `docs/state-hub-railiance01-cutover-phase4-2026-07-06.md`
- Sweep runbook: `state-hub/docs/consistency-sweep-runbook.md`

View File

@@ -0,0 +1,233 @@
# State Hub railiance01 Cutover Plan (CUST-WP-0054-T05)
Date: 2026-07-06
Workplans: `CUST-WP-0054-T05`, `CUST-WP-0011-T07` (playbook), Wave 2 in `docs/coulombcore-drain-placement-plan.md`
`no_secret_material_recorded: true`
## Purpose
Move the **production State Hub primary** from **coulombcore-k3s** to **railiance01-k3s**
so the automation loop (activity-core, Temporal, daily triage, consistency sweeps)
is machine-local and survives coulombcore or workstation outages.
This is a **second cutover** in the pragmatic migration arc:
| Cutover | Date | From | To |
| --- | --- | --- | --- |
| CUST-WP-0011-T07 | 2026-07-03 | WSL2 | coulombcore cluster |
| **CUST-WP-0054-T05** | planned | coulombcore cluster | railiance01 cluster |
## Current state (2026-07-06 inventory)
### Production writer
| Item | Value |
| --- | --- |
| API workload | coulombcore-k3s, namespace `state-hub` |
| Database | CNPG `state-hub-db`, namespace `databases` on coulombcore |
| Image (deployed) | `gitea.coulomb.social/coulomb/state-hub:f2e042a` (Helm handoff pin) |
| Image (Forgejo CI) | `forgejo.coulomb.social/coulomb/state-hub:f9f0091` — ready for cutover |
| Hub totals | 637 workstreams, 3983 tasks, 14 topics (`GET /state/summary`) |
### Access paths
| Consumer | Path today | Serves |
| --- | --- | --- |
| Workstation agents | `http://127.0.0.1:8000` | ops-bridge `state-hub-primary` → coulombcore cluster Svc |
| activity-core (railiance01) | `actcore-state-hub-bridge``127.0.0.1:18000` | systemd `fleet-state-hub-coulombcore` → coulombcore ClusterIP `10.43.170.94:8000` |
| WSL2 fallback | `make api` (local compose) | Retained; not normal writer |
### railiance01 cluster (target)
| Item | Status |
| --- | --- |
| CNPG operator | Healthy (`forgejo-db`, `net-kingdom-pg` in `databases`) |
| Namespace `state-hub` | **Does not exist** |
| CNPG `state-hub-db` on railiance01 | **Not deployed** |
| Hostname for `host_paths` | `239.62.205.92.host.secureserver.net` (not `railiance01`) |
| Clone tree | Partial (`activity-core`, `llm-connect`, … under `/home/tegwick/`) |
| Forgejo | Canonical (`forgejo.coulomb.social`) — Wave 1 complete |
### Prerequisites satisfied
- [x] T04 tier-3 production repos on Forgejo (images build in CI)
- [x] Fleet mesh de-hub (T02) — production does not chain through workstation
- [x] CUST-WP-0011 deploy handoff (`state-hub/deploy/railiance/`)
- [x] **Phase 0 preflight** (2026-07-06) — `docs/state-hub-railiance01-cutover-preflight-2026-07-06.md`
- [x] CNPG + storage sign-off (Wave 2.1) — `local-path`, 75G free, operator healthy
- [ ] **Operator approval** for freeze/final restore (constitution gate)
## Target end state
```
railiance01-k3s
databases/state-hub-db (CNPG, 1 instance)
state-hub/state-hub Deployment + ClusterIP :8000
├── activity-core: in-cluster http://state-hub.state-hub.svc:8000
│ (retire actcore-state-hub-bridge + fleet-state-hub-coulombcore)
├── consistency sweep: host_paths[239.62.205.92.host.secureserver.net]
│ → /home/tegwick/<repo> (Forgejo clones)
└── workstation (dev): ops-bridge tunnel → railiance01 cluster Svc
coulombcore: state-hub scaled to 0 / read-only rollback copy (not writer)
WSL2: fallback only (CUST-WP-0011-T08/T09 retirement folds into T10)
```
## Safety contract (from CUST-WP-0011)
- coulombcore remains rollback-capable until stabilization passes.
- No cutover without **exact-count** row comparison after final restore.
- Failed railiance01 deploy must not destroy coulombcore data.
- Explicit human approval before freezing the production writer.
## Cutover phases
### Phase 0 — Preflight and baseline (no production impact)
**Owner:** platform + custodian
**Done when:** checklist green, baseline row counts recorded.
| # | Action | Command / artifact |
| --- | --- | --- |
| 0.1 | Record baseline totals | `curl -s http://127.0.0.1:8000/state/summary` |
| 0.2 | Record per-table counts | `pg_dump --schema-only` + `SELECT count(*)` on coulombcore CNPG (via port-forward) |
| 0.3 | Confirm Forgejo image pull | `crictl pull forgejo.coulomb.social/coulomb/state-hub:f9f0091` on railiance01 |
| 0.4 | Dry-run manifests | `cd ~/state-hub && KUBECONFIG=~/.kube/config-hosteurope make railiance-state-hub-server-dry-run` |
| 0.5 | Storage review | Confirm `local-path` (or chosen class) has ≥10Gi for `state-hub-db` PVC |
| 0.6 | Operator approval | `POST /decisions/` or workplan note with approval id |
**Recorded 2026-07-06 (Phase 0 complete):** see
`docs/state-hub-railiance01-cutover-preflight-2026-07-06.md`.
```text
workplans: 637 tasks: 3983 topics: 14
progress_events: 8717 token_events: 1936 managed_repos: 74
decisions: 79
```
Post-restore counts on railiance01 must match exactly.
### Phase 1 — Deploy empty stack on railiance01
**Owner:** `railiance-platform` + `railiance-apps` promotion from `state-hub/deploy/railiance/`
**Done when:** empty hub healthy on railiance01, Alembic at head, **no production data yet**.
| # | Action | Notes |
| --- | --- | --- |
| 1.1 | Create `state-hub` namespace | `apps/manifests/state-hub-namespace.yaml` |
| 1.2 | Deploy `state-hub-db` CNPG | `platform/state-hub-db-cluster.yaml` + credentials Secret |
| 1.3 | Apply DB NetworkPolicies | `platform/state-hub-db-networkpolicies.yaml` |
| 1.4 | Create `state-hub-env` Secret | `DATABASE_URL``state-hub-db-rw.databases.svc.cluster.local` |
| 1.5 | Update image to Forgejo | `forgejo.coulomb.social/coulomb/state-hub:f9f0091` in values |
| 1.6 | Run Alembic Job | Same pattern as CUST-WP-0011-T05 |
| 1.7 | Helm install `state-hub` | `namespace.create=false`; verify `/state/health` via port-forward |
Promotion path: copy handoff assets into `railiance-platform` / `railiance-apps` repos
(GitOps) or apply from `state-hub/deploy/railiance/` with operator approval.
### Phase 2 — Data migration (CUST-WP-0011-T07 playbook)
**Owner:** custodian operator
**Done when:** railiance01 DB is exact copy; coulombcore API still available for rollback.
| # | Action | Notes |
| --- | --- | --- |
| 2.1 | Fresh `pg_dump` from coulombcore `state_hub` | Custom format (`-Fc`); timestamp recorded |
| 2.2 | **Freeze** coulombcore writer | Scale `state-hub` Deployment to 0 on coulombcore |
| 2.3 | Final `pg_dump` | Immediately after freeze |
| 2.4 | Restore into railiance01 `state-hub-db` | `pg_restore` with `SET ROLE state_hub`; scale railiance01 API to 0 during restore |
| 2.5 | Exact-count comparison | All public tables; mismatch → abort, restore coulombcore |
| 2.6 | Scale railiance01 API to 1 | Verify `/state/health` + `/state/summary` via port-forward |
### Phase 3 — Rewire access paths
**Owner:** ops-bridge + activity-core
**Done when:** all production consumers reach railiance01 hub without coulombcore hop.
| # | Consumer | Before | After |
| --- | --- | --- | --- |
| 3.1 | activity-core | bridge → `:18000` → fleet tunnel → coulombcore | In-cluster `http://state-hub.state-hub.svc.cluster.local:8000` (retire bridge Deployment) |
| 3.2 | railiance01 systemd | `fleet-state-hub-coulombcore` active | **Disable/stop** unit |
| 3.3 | Workstation | `state-hub-primary` → coulombcore | Repoint tunnel to railiance01 cluster Svc ClusterIP |
| 3.4 | MCP / agents | `API_BASE=http://127.0.0.1:8000` | Unchanged URL; tunnel backend moves |
| 3.5 | Smoke write | `POST /progress/` from activity-core | Record event id as cutover proof |
ClusterIP for railiance01 `state-hub` Service must be captured at deploy time for
tunnel `remote_host` if using SSH local-forward pattern from T02.
### Phase 4 — Sweep checkout migration (Wave 2.3)
**Owner:** custodian + STATE-WP-0064
**Done when:** production writebacks use railiance01 paths, not workstation.
| # | Action | Notes |
| --- | --- | --- |
| 4.1 | Define clone root | `/home/tegwick/<slug>` (existing partial tree) |
| 4.2 | Bulk clone from Forgejo | Script over registered repos (`GET /repos/`) |
| 4.3 | Register `host_paths` | `POST /repos/{slug}/paths` with host=`239.62.205.92.host.secureserver.net` |
| 4.4 | Run sweep on railiance01 | `POST /consistency/sweep/remote-all` or activity-core cron |
| 4.5 | Verify git writeback | fix-consistency mutates railiance01 clone, not `/home/worsch/*` |
Workstation `host_paths` entries may remain for dev; production sweep host becomes
the railiance01 FQDN.
### Phase 5 — Stabilization (4872h)
**Owner:** custodian
**Done when:** no data loss, triage + sweeps + emission green without coulombcore.
Monitor:
- State Hub pod restarts (railiance01)
- CNPG `state-hub-db` health
- Daily triage ActivityRun success
- Consistency sweep `exit_code: 0` every 15m
- issue-core emission (still via coulombcore tunnel until Wave 4)
coulombcore state-hub remains **stopped, not deleted** until stabilization passes.
## Rollback
| Trigger | Action |
| --- | --- |
| Row-count mismatch | Do not rewire; scale coulombcore API back to 1 |
| railiance01 API unhealthy post-rewire | Re-enable `fleet-state-hub-coulombcore`; repoint workstation tunnel to coulombcore |
| Data corruption suspected | Restore coulombcore from pre-cutover dump; freeze railiance01 |
Rollback window: keep coulombcore dump and Deployment manifests for ≥7 days.
## Verification checklist (T05 done)
- [ ] `GET /state/summary` on railiance01 matches pre-cutover totals (±0 rows)
- [ ] activity-core triage + sweep ActivityRuns succeed without `fleet-state-hub-coulombcore`
- [ ] Workstation `127.0.0.1:8000/state/health` serves railiance01 hub
- [ ] `fix-consistency` writeback lands on railiance01 clone path
- [ ] coulombcore hub Deployment scaled to 0 (not deleted)
- [ ] Progress event recorded with cutover summary + operator approval ref
## Sequencing with other CUST-WP-0054 tasks
| Task | Relationship |
| --- | --- |
| T04 | **Prerequisite met** — Forgejo is clone/image source |
| T06 | Can proceed in parallel; sink paths still reference workstation until T06 |
| T07 | Dev beachhead independent |
| T10 | WSL2 fallback retirement + 24h workstation-off proof after T05 stabilizes |
## Open decisions (need operator input before Phase 2)
1. **Maintenance window** — suggested low-traffic window; freeze blocks hub writes ~1530 min.
2. **GitOps vs manual apply** — promote `deploy/railiance/` into `railiance-platform`/`railiance-apps` first, or operator apply for speed?
3. **Sweep clone scope** — all 74 registered repos at cutover, or phased (state-hub + the-custodian + activity-core first)?
4. **coulombcore rollback retention** — how long to keep stopped Deployment + dump?
## References
- `state-hub/workplans/archived/260706-CUST-WP-0011-state-hub-threephoenix-migration.md` (T07 sequence)
- `state-hub/docs/cluster-operating-model.md` (current coulombcore reality — update post-cutover)
- `state-hub/deploy/railiance/README.md`
- `docs/fleet-mesh-dehub-runbook.md`
- `docs/forgejo-tier3-remote-url-sweep-playbook.md` (§ Railiance01 sweep paths)
- `docs/coulombcore-drain-placement-plan.md` (Wave 2)
- `infra/fleet-mesh/railiance01-tunnels.yaml`

View File

@@ -0,0 +1,109 @@
# T05 Phase 0 Preflight Evidence — 2026-07-06
Workplan: `CUST-WP-0054-T05`
Parent runbook: `docs/state-hub-railiance01-cutover-plan.md`
`no_secret_material_recorded: true`
## Checklist
| Step | Action | Result | Evidence |
| --- | --- | --- | --- |
| 0.1 | Baseline API totals | **pass** | See § API summary below |
| 0.2 | Per-table PG counts (coulombcore) | **pass** | See § Table counts below |
| 0.3 | Forgejo image pull (railiance01) | **pass** | `main-f9f0091` + `latest` @ `sha256:0b62f2d530cf7` |
| 0.4 | Manifest dry-run (railiance01) | **pass** | Server + client dry-run exit 0 |
| 0.5 | Storage / CNPG review | **pass** | `local-path` default; 75G free on `/`; CNPG healthy |
| 0.6 | Operator approval | **pending** | Required before Phase 2 freeze |
## API summary (`GET /state/summary` @ 2026-07-06T16:06:15Z)
```json
{
"topics": { "total": 14 },
"workstreams": { "total": 637, "active": 11, "finished": 582 },
"tasks": { "total": 3983, "todo": 88, "progress": 4, "done": 3696 },
"decisions": { "total": 79, "open": 1, "resolved": 76 }
}
```
Full artifact: captured at preflight run from `http://127.0.0.1:8000/state/summary`.
## Table counts — coulombcore `state-hub-db` (production writer)
Queried via `kubectl exec` on `databases/state-hub-db-1` as `postgres`:
| Table | Count | CUST-WP-0011-T07 reference |
| --- | ---: | --- |
| `workplans` | 637 | was 633 at 2026-07-03 cutover |
| `tasks` | 3983 | was 3964 |
| `progress_events` | 8717 | was 8192 |
| `topics` | 14 | was 14 |
| `token_events` | 1936 | was 1933 |
| `managed_repos` | 74 | — |
| `decisions` | 79 | — |
**Cutover gate:** post-restore counts on railiance01 must match this table exactly.
## Production deployment (coulombcore, source of dump)
| Item | Value |
| --- | --- |
| API image | `gitea.coulomb.social/coulomb/state-hub:f2e042a` |
| API pod | `state-hub/state-hub-7d565cddf4-jnpfw` Running |
| CNPG cluster | `databases/state-hub-db` — healthy, 11d |
| ClusterIP | `10.43.170.94:8000` |
| Workstation access | ops-bridge `state-hub-primary` → above Svc |
## Target image (railiance01 deploy)
| Tag | Digest | Notes |
| --- | --- | --- |
| `forgejo.coulomb.social/coulomb/state-hub:main-f9f0091` | `sha256:0b62f2d530cf7` | CI build from tier-3 promotion |
| `forgejo.coulomb.social/coulomb/state-hub:latest` | same | Alias |
| `:f9f0091` | **not found** | Use `main-f9f0091` or `latest` in Helm values |
## railiance01 platform readiness
| Check | Status |
| --- | --- |
| CNPG operator (`cnpg-system`) | Running |
| Existing CNPG clusters | `forgejo-db`, `net-kingdom-pg` healthy |
| `state-hub` namespace | Does not exist (expected — Phase 1 creates) |
| `state-hub-db` on railiance01 | Not deployed (expected) |
| StorageClass | `local-path` (default) |
| Node disk | 75G available on `/` (96G volume, 23% used) |
| Sweep hostname | `239.62.205.92.host.secureserver.net` |
| Partial clone tree | `/home/tegwick/activity-core`, `llm-connect`, … |
## Dry-run output summary
```bash
cd ~/state-hub
KUBECONFIG=~/.kube/config-hosteurope make railiance-state-hub-server-dry-run # exit 0
KUBECONFIG=~/.kube/config-hosteurope make railiance-state-hub-client-dry-run # exit 0
```
Server dry-run created (dry-run): `state-hub-db-credentials`, `state-hub-db` Cluster,
DB NetworkPolicies, `state-hub` Namespace, `state-hub-env`, ConfigMap, Service, Deployment.
## Phase 1 readiness
Phase 0 is **complete except operator approval (0.6)**. Phase 1 may proceed without
approval (empty stack deploy). Phase 2 freeze/restore **requires** explicit approval.
### Recommended Helm image pin for Phase 1
```yaml
image:
repository: forgejo.coulomb.social/coulomb/state-hub
tag: "main-f9f0091"
```
Update `state-hub/deploy/railiance/apps/helm/state-hub-values.yaml` and promote
to `railiance-apps` before or during Phase 1.
## Open items carried to Phase 1
1. Create SOPS-backed `state-hub-db-credentials` on railiance01 (platform)
2. Create `state-hub-env` Secret with `DATABASE_URL` pointing at railiance01 CNPG rw svc
3. Confirm image pull secret if Forgejo registry requires auth from cluster (currently pulls anonymously)

View File

@@ -0,0 +1,298 @@
# Workstation Independence and Fleet Role Architecture
Date: 2026-07-03
Status: draft (canon-adjacent; promote to `canon/architecture/` after review)
Workplan: `CUST-WP-0054` T01
Related: `ADR-001`, `ADR-004`, `RAIL-BS-WP-0006`, `RAIL-HO-WP-0005`, `CUST-WP-0011`
## Purpose
Fix the three-machine role model, the fleet mesh topology, the promotion gate
for "production", and the phoenix path `coulombcore → railiance02`. Provide a
dependency register so every workload, tunnel, repo remote, sink path, and
build pipeline has a **current host**, **target host**, and **migration owner**.
The acceptance proof for the whole plan is `CUST-WP-0054-T10`: production runs
24h+ with the workstation fully offline.
## Machine Roles
| Machine | IP / identity | Current role (2026-07-03) | Target role |
| --- | --- | --- | --- |
| **railiance01** | `92.205.62.239` | First ThreePhoenix foundation node; hosts activity-core production, partial State Hub cluster footprint, automation schedules | **Production home** — first node of the growing Railiance fleet; hosts State Hub primary, forge, CI runners, and the automation loop |
| **coulombcore** | `92.205.130.254` | De-facto production host: State Hub cluster primary, Core Hub (`hub.coulomb.social`), issue-core, OpenBao, identity stack, ESO/ArgoCD, Gitea/registry | **Frozen legacy** — no new production; drain workload-by-workload; eventually wiped and **reborn as railiance02** |
| **workstation** | `bnt-lap001` / WSL2 | Production network hub (all 16 ops-bridge tunnels), State Hub client endpoint (`127.0.0.1:8000`), consistency-sweep writebacks, image build/publish, dev checkouts for 74 registered repos | **Temporary dev environment** — clone repos, run `make dev-hub`, push when connected; nothing in the production loop may depend on it being on |
### Role invariants
1. Production workloads authenticate, schedule, emit, and reconcile without the
workstation.
2. `coulombcore` is frozen for new production immediately (policy; see T03).
3. A workload counts as "production on railiance01" only after passing the
staged-promotion gate (see below).
4. Files remain authoritative per ADR-001; fleet databases are disposable caches.
## Fleet Mesh Topology
### Current topology (workstation as hub)
All ops-bridge tunnels originate on the workstation. Two production data paths
**chain through** it:
```
railiance01 workstation coulombcore
─────────── ─────────── ───────────
activity-core ──(state-hub-railiance01 reverse)──► :18000 ──(state-hub-primary forward)──► State Hub cluster
activity-core ──(issue-core-railiance01 reverse)──► :local ──(issue-core-coulombcore forward)──► issue-core
```
Live tunnel inventory (2026-07-03, `bridge status`):
| Tunnel | Direction | Actor | Production-critical? |
| --- | --- | --- | --- |
| `state-hub-primary` | workstation → coulombcore cluster | `agt-claude-coulombcore` | **yes** — MCP/agents reach cluster hub via `127.0.0.1:8000` |
| `state-hub-cluster-coulombcore` | workstation → coulombcore | `agt-claude-coulombcore` | dev/ops access |
| `state-hub-railiance01` | railiance01 → workstation (reverse) | `agt-claude-railiance01` | **yes** — activity-core reaches hub |
| `state-hub-mcp-railiance01` | railiance01 → workstation (reverse) | `agt-claude-railiance01` | dev MCP |
| `issue-core-railiance01` | railiance01 → workstation (reverse) | `agt-claude-railiance01` | **yes** — emission lane |
| `issue-core-coulombcore` | workstation → coulombcore | `agt-claude-coulombcore` | **yes** — completes emission chain |
| `state-hub-coulombcore` | workstation → coulombcore | `agt-claude-coulombcore` | legacy/dev |
| `state-hub-mcp-coulombcore` | workstation → coulombcore | `agt-claude-coulombcore` | dev MCP |
| `k3s-api-coulombcore` | workstation → coulombcore | `agt-claude-coulombcore` | operator dev |
| `k3s-api-haskelseed` | workstation → haskelseed | `agt-claude-haskelseed` | experimental |
| `flex-auth-coulombcore` | workstation → coulombcore | `agt-claude-coulombcore` | identity dev |
| `core-hub-staging-coulombcore` | workstation → coulombcore | `agt-claude-coulombcore` | staging |
| `inter-hub-coulombcore` | workstation → coulombcore | `agt-claude-coulombcore` | legacy Inter-Hub |
| `state-hub-haskelseed` | haskelseed → workstation | `agt-claude-haskelseed` | experimental |
| `state-hub-mcp-haskelseed` | haskelseed → workstation | `agt-claude-haskelseed` | experimental |
| `nix-daemon-haskelseed` | haskelseed → workstation | `agt-claude-haskelseed` | build dev |
A workstation reboot breaks daily triage evidence, consistency sweeps, and
issue emission until tunnels recover.
### Target topology (fleet-owned mesh)
```
railiance01 ◄────────────────────────────────────► coulombcore (draining)
│ direct atm- tunnels (ops-bridge on-host) │
│ State Hub API │ legacy until drain complete
│ issue-core REST │
└─ activity-core, Temporal, sweep checkouts └─ identity, OpenBao (last to move)
workstation (optional client)
│ interactive-only: k3s API, hub read, dev-hub
└─ may disconnect without production impact
```
Implementation owner: `CUST-WP-0054-T02`.
Key changes:
- ops-bridge (or systemd ssh units) runs **on railiance01** with `atm-` actor
certs for cross-machine lanes.
- `actcore-state-hub-bridge` and `actcore-issue-core-bridge` point at
machine-local tunnel ports, not workstation forwards.
- Workstation tunnels remain for interactive dev only.
- Evaluate WireGuard mesh when persistent unit count exceeds ~5.
This posture extends ADR-004 (connectivity-first) from "workstation connects
everything" to "fleet machines connect each other; workstation is a client."
## Production Promotion Gate
A workload is **production on railiance01** only when it conforms to the
finished staged-promotion contract (`RAIL-BS-WP-0006`):
| Gate | Requirement |
| --- | --- |
| Overlay repo | `railiance/<app>/` with `app.toml` and stage manifests |
| Stage commands | `stage deploy`, `stage observe`, `stage promote`, `stage rollback` proven |
| Evidence | Backup/restore drill, canary observation, operator approval recorded |
| Registry | Image in forge OCI registry with immutable tag |
**Exceptions** must be documented in the placement plan (T03) with explicit
rollback. No exception bypasses backup evidence for stateful workloads.
`coulombcore` workloads still running in production today are **grandfathered
legacy** until their drain task completes — not newly promoted production.
## Phoenix Path: coulombcore → railiance02
Machine-scale phoenix rotation reuses the same automation intended for future
3-node weekly rotations (`RAIL-BS-WP-0007`, `CUST-WP-0038` deferred until
railiance02 exists).
### Preconditions (drain complete)
All production dependencies moved off coulombcore per T03 ordering:
1. Forge + CI (T04) — repos and images no longer depend on `gitea.coulomb.social`
2. State Hub primary (T05) — cluster DB and sweep checkouts on railiance01
3. Core Hub, issue-core, Inter-Hub legacy — per T03 sequence
4. Identity + OpenBao — **last** (everything authenticates through them)
### Phoenix execution
Owner: `CUST-WP-0054-T09`, automation: `CUST-WP-0054-T08`.
| Phase | Action | Tooling |
| --- | --- | --- |
| S0 | Final inventory sweep, DNS/cert plan for `*.coulomb.social`, data archival | T09 |
| S1 | Wipe and greenfield rebuild | `NET-WP-0020` unseal + bootstrap chain |
| S2 | Join as `railiance02` | `railiance-cluster` overlay, `atm-` certs |
| S3 | Prove join-ready | Phoenix drill on disposable target first (T08) |
Longhorn distributed storage and PG streaming HA unlock once railiance01 +
railiance02 are both fleet nodes.
## Dev Environment (Files-First Beachhead)
Strategy A from the workplan; owner: `CUST-WP-0054-T07`.
```
git clone → make dev-hub → local ephemeral hub (compose)
├─ C-06 registration rebuilds workplan/task state from files
├─ offline write buffer (STATE-WP-0068) for progress/task events
└─ reconnect relay upstream; files reconcile, databases do not replicate
```
MCP config gains explicit `dev` / `fleet` profile switch. The workstation is
genuinely temporary: no fleet DB sync required for orientation.
## Dependency Register
### Workloads
| Workload | Current host | Target host | Migration owner | Method / notes |
| --- | --- | --- | --- | --- |
| State Hub API (primary) | coulombcore CNPG cluster via workstation tunnel `state-hub-primary``127.0.0.1:8000` | railiance01 | `CUST-WP-0054-T05` | `CUST-WP-0011-T07` playbook: freeze → exact-count restore → rewire |
| State Hub API (WSL2 fallback) | workstation WSL2 | retired | `CUST-WP-0011-T08/T09` → absorbed by `CUST-WP-0054-T10` | Stabilization window; not part of target architecture |
| activity-core | railiance01 k3s (`activity-core` ns) | railiance01 (retain) | — | Already on target machine; fix bridges in T02 |
| issue-core | coulombcore k3s | railiance01 | `CUST-WP-0054-T03` drain seq. | `ISSUE-WP-0003` live; emission chain fixed in T02 |
| Core Hub | coulombcore (`hub.coulomb.social`) | railiance01 | `CORE-WP-0005` + `CUST-WP-0054-T03` | Staging on coulombcore; production cutover human-gated |
| Inter-Hub (legacy Haskell) | coulombcore external | retired | `CORE-WP-0007` | Rollback-only after Core Hub cutover |
| Gitea + OCI registry | coulombcore k3s | railiance01 Forgejo | `RAIL-HO-WP-0005` / `CUST-WP-0054-T04` | Read-only mirror on coulombcore until decommission |
| OpenBao | coulombcore | railiance01 | `CUST-WP-0054-T03` (last) | NET-WP-0020 unseal automation |
| Identity stack (KeyCape, Authelia, privacyIDEA, lldap) | coulombcore | railiance01 | `CUST-WP-0054-T03` (last) | Coupled to OpenBao |
| ESO + ArgoCD control plane | coulombcore | railiance01 | `CUST-WP-0054-T03` | GitOps follows forge move |
| CNPG databases (per workload) | coulombcore / railiance01 | railiance01 per workload | `CUST-WP-0054-T03`, `CUST-WP-0054-T05` | CNPG pattern proven; migrate with workload |
| llm-connect | TBD cluster | railiance01 | near-term lanes board | `CCR-2026-0003` credential lane active |
| ops-hub (widget/evidence) | files + Inter-Hub widgets | railiance01 via Core Hub | `CUST-WP-0025`, `CUST-WP-0049` | Not blocking workstation independence |
| Temporal (activity-core) | railiance01 | railiance01 (retain) | — | Co-locate with activity-core |
| NATS (activity-core) | railiance01 | railiance01 (retain) | — | Co-locate with activity-core |
### Network tunnels (production-critical)
| Lane | Current path | Target path | Owner |
| --- | --- | --- | --- |
| activity-core → State Hub | railiance01 reverse → workstation → `state-hub-primary` → coulombcore | railiance01 `atm-` forward → railiance01 State Hub (local or short hop) | `CUST-WP-0054-T02` |
| Agents/MCP → State Hub | workstation `127.0.0.1:8000``state-hub-primary` → coulombcore | workstation `127.0.0.1:8000` → tunnel to railiance01 hub (dev client) or fleet endpoint | `CUST-WP-0054-T05` + T07 profiles |
| railiance01 automations → State Hub | `:18000` chain via workstation | railiance01-local bridge port | `CUST-WP-0054-T02` |
| activity-core → issue-core | railiance01 reverse → workstation → `issue-core-coulombcore` | railiance01 `atm-` forward → issue-core (on railiance01 post-drain) | `CUST-WP-0054-T02`, then T03 |
| Operator k3s access | workstation forwards (`k3s-api-*`) | workstation interactive (non-critical) | — |
### Repo remotes
All checked 2026-07-03; pattern is uniform:
| Repo (sample) | Current remote | Target remote | Owner |
| --- | --- | --- | --- |
| the-custodian | `gitea.coulomb.social/coulomb/the-custodian.git` | `forgejo.coulomb.social/coulomb/the-custodian.git` | `CUST-WP-0054-T04` |
| state-hub | `gitea.coulomb.social/coulomb/state-hub.git` | `forgejo.coulomb.social/coulomb/state-hub.git` | `CUST-WP-0054-T04` |
| activity-core | `gitea.coulomb.social/coulomb/activity-core.git` | `forgejo.coulomb.social/coulomb/activity-core.git` | `CUST-WP-0054-T04` |
| issue-core | `gitea.coulomb.social/coulomb/issue-core.git` | `forgejo.coulomb.social/coulomb/issue-core.git` | `CUST-WP-0054-T04` |
| ops-bridge | `gitea.coulomb.social/coulomb/ops-bridge.git` | `forgejo.coulomb.social/coulomb/ops-bridge.git` | `CUST-WP-0054-T04` |
| ops-warden | `gitea.coulomb.social/coulomb/ops-warden.git` | `forgejo.coulomb.social/coulomb/ops-warden.git` | `CUST-WP-0054-T04` |
| core-hub | `gitea.coulomb.social/coulomb/core-hub.git` | `forgejo.coulomb.social/coulomb/core-hub.git` | `CUST-WP-0054-T04` |
| *(all 74 registered repos)* | `gitea.coulomb.social/coulomb/<slug>.git` | `forgejo.coulomb.social/coulomb/<slug>.git` | `CUST-WP-0054-T04` |
### State Hub repo checkout paths
| Concern | Current | Target | Owner |
| --- | --- | --- | --- |
| `local_path` for 74 repos | `/home/worsch/<repo>` on workstation | railiance01 clone tree (e.g. `/home/tegwick/<repo>` or gitops-managed path) | `CUST-WP-0054-T05` |
| Consistency sweep writeback host | workstation (`consistency_check.py --remote` via API) | railiance01 checkouts from forge | `CUST-WP-0054-T05`, `STATE-WP-0064` |
| COULOMBCORE `host_paths` | `/home/tegwick/<repo>` (11 repos, `CUST-WP-0021`) | retired with coulombcore drain | `CUST-WP-0054-T09` |
| Multi-host path resolution | `host_paths` map per hostname | fleet-primary host only + dev-hub local | `CUST-WP-0054-T07` |
### Sink and prompt paths
| Sink / path | Current | Target | Owner |
| --- | --- | --- | --- |
| Daily triage working-memory | `/home/worsch/the-custodian/memory/working` (ActivityDefinition + PVC mount) | repo-relative or PVC-native path + sweep sync-to-repo | `CUST-WP-0054-T06` |
| Daily triage State Hub progress | cluster hub via workstation tunnel | railiance01 hub direct | `CUST-WP-0054-T02`, `T05` |
| Consistency sweep progress event | via workstation-hosted sweep | railiance01-hosted sweep | `CUST-WP-0054-T05`, `STATE-WP-0064` |
| Agent session traces (`runtime/agent.py`) | `memory/working/agent-session-*.md` on workstation | dev-hub local buffer; commit on reconnect | `CUST-WP-0054-T07` |
| `output_schema` in ActivityDefinitions | absolute paths under `/home/worsch/the-custodian/` | repo-relative resolution in activity-core | `CUST-WP-0054-T06` |
### Build and publish pipelines
| Image / artifact | Current build host | Current registry | Target build | Target registry | Owner |
| --- | --- | --- | --- | --- | --- |
| state-hub | workstation `docker build` | `gitea.coulomb.social/coulomb/state-hub` | Forgejo Actions runner on railiance01 | railiance01 forge OCI | `CUST-WP-0054-T04` |
| core-hub | workstation / railiance-forge docs | `gitea.coulomb.social/coulomb/core-hub` | CI runner | railiance01 forge OCI | `CUST-WP-0054-T04` |
| activity-core | workstation manual rebuild + scp | railiance01 k3s import / Gitea | CI on tag push | railiance01 forge OCI | `CUST-WP-0054-T04` |
| issue-core | workstation / manual | `gitea.coulomb.social/coulomb/issue-core` | CI runner | railiance01 forge OCI | `CUST-WP-0054-T04` |
| Haskell build agent | workstation VM (`haskell-build-vm`) | n/a | retired (`CORE-WP-0007`) | n/a | `CORE-WP-0007` |
Done criterion for T01: every row above has a target and migration owner. ✓
## Drain Sequence
Detailed plan: `docs/coulombcore-drain-placement-plan.md`
Freeze policy: `canon/standards/coulombcore-production-freeze_v0.1.md`
```
Wave 1 Forge + CI (T04)
Wave 2 State Hub primary (T05)
Wave 3 Core Hub (CORE-WP-0005)
Wave 4 issue-core
Wave 5 ESO / ArgoCD
Wave 6 Supporting apps
Wave 7 OpenBao + identity (LAST)
Wave 8 coulombcore phoenix → railiance02 (T09)
```
## Sequencing Map
```
T01 (this document) ✓
├─ T02 de-hub network ✓
├─ T03 placement plan / freeze ✓
│ ├─ T04 forge + CI
│ └─ T05 State Hub home on railiance01
├─ T06 sink decoupling
├─ T07 dev beachhead
└─ T08 phoenix drill
└─ T09 coulombcore → railiance02
└─ T10 workstation-off acceptance
```
## Evidence and Inventory Sources
- Live tunnel state: `bridge status` (2026-07-03)
- State Hub health: `http://127.0.0.1:8000/state/health` (cluster primary via tunnel)
- Registered repos: `GET /repos/` — 74 repos, all `local_path` under `/home/worsch/`
- `ops/service-inventory.yml` (2026-06-05; predates cluster cutover — refresh in T03)
- `docs/infrastructure-stabilization-pickup-checkpoint.md` (2026-07-03 metaplan closeout)
- Activity definitions: `activity-definitions/daily-statehub-wsjf-triage.md`,
`activity-definitions/state-hub-consistency-sweep.md`
## Open Gaps (not T01 blockers)
| Gap | Follow-on |
| --- | --- |
| Forgejo production hostname / SMTP / exposure decisions | `RAIL-HO-WP-0005-T02` (human) |
| `ops/service-inventory.yml` stale environment labels | Refresh during T03 |
| Core Hub widget-type registry prerequisite | `CORE-WP-0005-T04` |
| HA Postgres / Longhorn across 2+ nodes | `RAIL-BS-WP-0007`, `CUST-WP-0038` after railiance02 |
## Promotion to Canon
After operator review:
1. Move to `canon/architecture/adr-006-workstation-independence-fleet-roles.md`
(or equivalent ADR number).
2. Update `ops/service-inventory.yml` environment and service rows to match.
3. Link from `SCOPE.md` and `.custodian-brief.md` generation inputs.

View File

@@ -1,97 +1,82 @@
# E2E Sandbox Framework — Runbook # E2E Sandbox Framework — Runbook
> **Migrated (2026-06-23):** `make e2e REPO=` and `python -m e2e_framework` now
> delegate to **wise-validator** (`validate run`) + **sand-boxer** (`sandboxer
> create`). The modules in this directory are **deprecated** and will be removed
> after one release cycle.
>
> **Canonical runbooks:**
> - [wise-validator: validate-compose-e2e](~/wise-validator/docs/runbooks/validate-compose-e2e.md)
> - [sand-boxer: profile-compose-e2e](~/sand-boxer/docs/runbooks/profile-compose-e2e.md)
---
## Prerequisites ## Prerequisites
**Workstation:** **Workstation:**
- `ssh` + `rsync` available
- `python3` + `pyyaml` available (or `uv run`)
- State-hub running on `:8000` (for result reporting)
**Sandbox host (railiance01):** - `validate` on PATH (`cd ~/wise-validator && make install`)
- `sandboxer` on PATH (`cd ~/sand-boxer && make install`)
- `ssh` available (BatchMode; respects `~/.ssh/config`)
- State Hub on `:8000` (optional, for result reporting)
**Sandbox host (CoulombCore / sandboxer01):**
- SSH key access - SSH key access
- Docker + docker compose plugin installed - `podman-compose` or `docker compose` (`SANDBOXER_COMPOSE_CMD` on CoulombCore)
- Sufficient disk for images (~4 GB for activity-core stack) - Sufficient disk for images (~4 GB for activity-core stack)
## First run ## First run
```bash ```bash
# Set sandbox host (once, or add to ~/.bashrc / .env) export SANDBOXER_HOST=92.205.130.254 # CoulombCore; or RAILIANCE01_HOST (legacy)
export RAILIANCE01_HOST=<ip-or-alias> # e.g. 92.205.130.254 export SANDBOXER_COMPOSE_CMD=podman-compose
export RAILIANCE01_USER=root # optional, default=root
export RAILIANCE01_KEY=~/.ssh/id_rsa # optional, uses ssh default otherwise
# From the-custodian: # From the-custodian:
make e2e REPO=activity-core make e2e REPO=activity-core
``` ```
Output will show each step: rsync → compose up → health wait → tests → compose down. Output: sandbox create → health wait → tests → destroy. Exit 0 = pass, 1 = fail.
Exit code is 0 (all passed) or 1 (any failure).
## Options ## Options
```bash ```bash
# Keep sandbox alive after run (for debugging)
make e2e REPO=activity-core KEEP=1 make e2e REPO=activity-core KEEP=1
make e2e REPO=activity-core HOST=92.205.130.254
# Override host without env var
make e2e REPO=activity-core HOST=192.168.1.50
# Attach result to a specific state-hub workstream
make e2e REPO=activity-core WORKSTREAM_ID=<uuid> make e2e REPO=activity-core WORKSTREAM_ID=<uuid>
make e2e REPO=activity-core NO_REPORT=1
# Skip posting to state-hub # Legacy entry (prints deprecation, delegates to validate run):
cd the-custodian && python3 -m e2e_framework ~/activity-core --no-report python3 -m e2e_framework ~/activity-core --host $SANDBOXER_HOST
``` ```
## Adding a new repo ## Adding a new repo
1. Create `<repo>/e2e/e2e.yml`: 1. Create `<repo>/e2e/e2e.yml` (see wise-validator runbook for schema).
```yaml 2. Add tests under `<repo>/e2e/tests/` or inline `test_command`.
name: <repo-slug> 3. Run: `make e2e REPO=<repo>` or `validate run ~/<repo>`.
compose_file: docker-compose.dev.yml # or e2e/compose.yml
health_checks:
- name: <service>
url: http://localhost:<port>
timeout: 120
test_command: uv run python -m pytest e2e/tests/ -v
timeout: 300
cleanup: always
```
2. Add `<repo>/e2e/tests/test_*.py` — test scripts that exit 0 on success. ## Verification
3. Run: `make e2e REPO=<repo>` ```bash
./scripts/verify-e2e-shim.sh
```
## Troubleshooting ## Troubleshooting
**Sandbox not cleaned up:** **`validate` / `sandboxer` not found:** Install wise-validator and sand-boxer CLIs.
```bash
ssh root@$RAILIANCE01_HOST 'ls /tmp/custodian-e2e/' **CoulombCore compose failures:** Set `SANDBOXER_COMPOSE_CMD=podman-compose`; use
ssh root@$RAILIANCE01_HOST 'docker compose ls' fully qualified image names in compose files.
# Manually clean:
ssh root@$RAILIANCE01_HOST 'docker compose -p e2e-activity-core-<id> down -v; rm -rf /tmp/custodian-e2e/<id>' **Stale sandboxes:** `sandboxer inspect stale` / `sandboxer reap-stale --apply`
## Architecture (current)
```
make e2e REPO= → validate run → sandboxer create (sand-boxer)
→ health + test (wise-validator)
→ sandboxer destroy
``` ```
**Temporal startup slow (>2 min):** Legacy `e2e-framework/sandbox.py` provision path is **not** used by `make e2e`.
Elasticsearch takes 6090 seconds. The health check waits up to 180s.
If it times out, check:
```bash
ssh root@$RAILIANCE01_HOST 'docker logs temporal-elasticsearch | tail -20'
```
**Worker fails to start:**
Check that `uv` is installed on the sandbox host:
```bash
ssh root@$RAILIANCE01_HOST 'which uv || curl -LsSf https://astral.sh/uv/install.sh | sh'
```
**rsync excluded paths:**
`.git`, `__pycache__`, `*.pyc`, `.venv`, `node_modules` are excluded.
This means `uv sync` runs on the remote after rsync (handled by `uv run`).
## Architecture notes
- Sandbox isolation: docker compose project name `e2e-{repo}-{sandbox_id}`
- Sandbox dir: `/tmp/custodian-e2e/{sandbox_id}/`
- No port conflicts: each sandbox uses its own docker network
- Parallel runs of the same repo are safe (different sandbox_id)

View File

@@ -1,11 +1,8 @@
""" """
Entry point: python -m e2e_framework <repo-path> [options] Entry point: python -m e2e_framework <repo-path> [options]
Usage: DEPRECATED — delegates to `validate run` (wise-validator + sand-boxer).
python -m e2e_framework ~/activity-core Prefer: make e2e REPO=<slug> (from the-custodian/)
python -m e2e_framework ~/activity-core --host 92.205.130.254
python -m e2e_framework ~/activity-core --host railiance01 --keep
make e2e REPO=activity-core (from the-custodian/)
""" """
from __future__ import annotations from __future__ import annotations
@@ -14,64 +11,59 @@ import os
import sys import sys
from pathlib import Path from pathlib import Path
from .runner import run_e2e from .shim import run_via_validate
from .reporter import report
def main() -> None: def main() -> None:
parser = argparse.ArgumentParser(description="Run e2e tests in a remote sandbox") parser = argparse.ArgumentParser(
description="[DEPRECATED] Run e2e tests — delegates to validate run"
)
parser.add_argument("repo_path", help="Path to the repo containing e2e/e2e.yml") parser.add_argument("repo_path", help="Path to the repo containing e2e/e2e.yml")
parser.add_argument( parser.add_argument(
"--host", "--host",
default=os.environ.get("RAILIANCE01_HOST", ""), default=os.environ.get("RAILIANCE01_HOST", ""),
help="Sandbox host (SSH alias or IP). Env: RAILIANCE01_HOST", help="Sandbox host. Env: RAILIANCE01_HOST or SANDBOXER_HOST",
) )
parser.add_argument( parser.add_argument(
"--user", "--user",
default=os.environ.get("RAILIANCE01_USER", "root"), default=os.environ.get("RAILIANCE01_USER", "root"),
help="SSH user (default: root). Env: RAILIANCE01_USER", help="SSH user. Env: RAILIANCE01_USER → SANDBOXER_SSH_USER",
) )
parser.add_argument( parser.add_argument(
"--key", "--key",
default=os.environ.get("RAILIANCE01_KEY"), default=os.environ.get("RAILIANCE01_KEY"),
help="Path to SSH private key. Env: RAILIANCE01_KEY", help="SSH private key. Env: RAILIANCE01_KEY → SANDBOXER_SSH_KEY",
) )
parser.add_argument( parser.add_argument(
"--keep", "--keep",
action="store_true", action="store_true",
help="Keep sandbox after run (skip compose down + dir removal)", help="Keep sandbox after run",
) )
parser.add_argument( parser.add_argument(
"--workstream-id", "--workstream-id",
default=None, default=None,
help="State-hub workstream ID to attach the progress event to", help="State Hub workstream ID for progress event",
) )
parser.add_argument( parser.add_argument(
"--no-report", "--no-report",
action="store_true", action="store_true",
help="Skip posting results to state-hub", help="Skip posting results to State Hub",
) )
args = parser.parse_args() args = parser.parse_args()
if not args.host:
print("ERROR: sandbox host required. Set RAILIANCE01_HOST or pass --host.")
sys.exit(1)
repo_path = Path(args.repo_path).expanduser().resolve() repo_path = Path(args.repo_path).expanduser().resolve()
if not repo_path.exists(): if not repo_path.exists():
print(f"ERROR: repo path does not exist: {repo_path}") print(f"ERROR: repo path does not exist: {repo_path}", file=sys.stderr)
sys.exit(1) sys.exit(1)
result = run_e2e( exit_code = run_via_validate(
repo_path=repo_path, repo_path,
host=args.host, host=args.host or None,
ssh_user=args.user,
ssh_key=args.key,
keep=args.keep, keep=args.keep,
workstream_id=args.workstream_id,
no_report=args.no_report,
ssh_user=args.user if args.user != "root" else os.environ.get("RAILIANCE01_USER"),
ssh_key=args.key,
) )
sys.exit(exit_code)
if not args.no_report:
report(result, workstream_id=args.workstream_id)
sys.exit(0 if result.passed else 1)

View File

@@ -1,4 +1,10 @@
""" """
DEPRECATED — provision/teardown is owned by sand-boxer (`sandboxer create`).
This module remains for one release cycle only. Do not call `Sandbox.provision()`
from new code; use sand-boxer `ext.compose-ssh` via `validate run` or
`sandboxer create --profile profile.compose-e2e`.
SSH-based sandbox: provision an isolated directory on the remote host, SSH-based sandbox: provision an isolated directory on the remote host,
rsync the repo into it, and run arbitrary commands there. rsync the repo into it, and run arbitrary commands there.
""" """

80
e2e-framework/shim.py Normal file
View File

@@ -0,0 +1,80 @@
"""Delegate e2e runs to wise-validator (sand-boxer + validate run)."""
from __future__ import annotations
import os
import shutil
import subprocess
import sys
from pathlib import Path
DEPRECATION_MSG = (
"[e2e_framework] DEPRECATED: use `validate run <repo>` (wise-validator) or "
"`make e2e REPO=` from the-custodian. Provision is sand-boxer; validation is "
"wise-validator. This module will be removed after one release cycle."
)
def _resolve_host(host: str | None) -> str:
for candidate in (host, os.environ.get("SANDBOXER_HOST"), os.environ.get("RAILIANCE01_HOST")):
if candidate:
return candidate
return ""
def run_via_validate(
repo_path: Path,
*,
host: str | None = None,
keep: bool = False,
workstream_id: str | None = None,
no_report: bool = False,
ssh_user: str | None = None,
ssh_key: str | None = None,
) -> int:
"""Invoke `validate run` and return its exit code."""
print(DEPRECATION_MSG, file=sys.stderr)
validate_bin = os.environ.get("VALIDATE_BIN", "validate")
if not shutil.which(validate_bin):
print(
f"ERROR: {validate_bin} not found on PATH. "
"Install wise-validator: cd ~/wise-validator && make install",
file=sys.stderr,
)
return 1
sandboxer_bin = os.environ.get("SANDBOXER_BIN", "sandboxer")
if not shutil.which(sandboxer_bin):
print(
f"ERROR: {sandboxer_bin} not found on PATH. "
"Install sand-boxer: cd ~/sand-boxer && make install",
file=sys.stderr,
)
return 1
resolved_host = _resolve_host(host)
if not resolved_host:
print(
"ERROR: sandbox host required. Set SANDBOXER_HOST, RAILIANCE01_HOST, or --host.",
file=sys.stderr,
)
return 1
env = os.environ.copy()
env["SANDBOXER_HOST"] = resolved_host
if ssh_user:
env["SANDBOXER_SSH_USER"] = ssh_user
if ssh_key:
env["SANDBOXER_SSH_KEY"] = ssh_key
cmd = [validate_bin, "run", str(repo_path), "--host", resolved_host]
if keep:
cmd.append("--keep")
if workstream_id:
cmd.extend(["--workstream-id", workstream_id])
if no_report:
cmd.append("--no-report")
result = subprocess.run(cmd, env=env)
return result.returncode

View File

@@ -15,11 +15,37 @@ sync:
--exclude='*.o' --exclude='*.hi' \ --exclude='*.o' --exclude='*.hi' \
$(PROJECT)/ $(VM):$(RDIR)/ $(PROJECT)/ $(VM):$(RDIR)/
# Run cabal build on VM after sync # Run cabal build on VM — prefers sand-boxer workspace (SAND-WP-0012 shim)
.PHONY: remote-build .PHONY: remote-build
remote-build: sync remote-build:
@if command -v sandboxer >/dev/null 2>&1; then \
$(MAKE) remote-build-sandboxer; \
else \
echo "WARN: sandboxer not on PATH — using legacy rsync-only path" >&2; \
$(MAKE) remote-build-legacy; \
fi
# Legacy rsync + ssh (deprecated — install sand-boxer for isolated workspaces)
.PHONY: remote-build-legacy
remote-build-legacy: sync
ssh $(VM) "cd $(RDIR) && source ~/.ghcup/env && cabal build all 2>&1" ssh $(VM) "cd $(RDIR) && source ~/.ghcup/env && cabal build all 2>&1"
.PHONY: remote-build-sandboxer
remote-build-sandboxer:
@set -euo pipefail; \
STATUS=$$(sandboxer create \
--profile profile.vm-haskell-build \
--input vm=$(VM) \
--input repo=$(PROJECT) \
--actor agt \
--project the-custodian \
--host localhost); \
ID=$$(echo "$$STATUS" | python3 -c "import sys,json; print(json.load(sys.stdin)['sandbox_id'])"); \
RDIR=$$(echo "$$STATUS" | python3 -c "import sys,json; r=json.load(sys.stdin).get('reachability') or {}; print(r.get('remote_dir',''))"); \
test -n "$$RDIR"; \
ssh $(VM) "cd $$RDIR && source ~/.ghcup/env && cabal build all 2>&1"; \
sandboxer destroy "$$ID"
# Run tests on VM # Run tests on VM
.PHONY: remote-test .PHONY: remote-test
remote-test: sync remote-test: sync

View File

@@ -75,7 +75,7 @@ ssh haskell-build # should connect via tunnel
## Using the VM ## Using the VM
```bash ```bash
# Build a Haskell project remotely # Build a Haskell project remotely (prefers sand-boxer workspace when installed)
make remote-build PROJECT=~/projects/my-app make remote-build PROJECT=~/projects/my-app
# Run tests # Run tests

View File

@@ -0,0 +1,26 @@
#!/usr/bin/env bash
# Install fleet-mesh systemd user units on railiance01 (CUST-WP-0054-T02).
set -euo pipefail
REMOTE="${1:-railiance01}"
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
ssh "$REMOTE" 'mkdir -p ~/.config/bridge ~/.config/systemd/user ~/.ssh'
scp "$SCRIPT_DIR/railiance01-tunnels.yaml" "$REMOTE:~/.config/bridge/tunnels.yaml"
scp "$SCRIPT_DIR/systemd/"*.service "$REMOTE:~/.config/systemd/user/"
scp "${HOME}/.ssh/id_ops" "${HOME}/.ssh/id_ops.pub" "$REMOTE:~/.ssh/"
ssh "$REMOTE" 'chmod 600 ~/.ssh/id_ops ~/.config/bridge/tunnels.yaml'
ssh "$REMOTE" 'sudo loginctl enable-linger tegwick 2>/dev/null || true'
ssh "$REMOTE" bash -s <<'EOF'
set -euo pipefail
systemctl --user daemon-reload
systemctl --user enable --now fleet-state-hub-coulombcore.service
systemctl --user enable --now fleet-issue-core-coulombcore.service
sleep 2
curl -sf http://127.0.0.1:18000/state/health
curl -sf http://127.0.0.1:18765/healthz
systemctl --user --no-pager status fleet-state-hub-coulombcore.service fleet-issue-core-coulombcore.service
EOF
echo "Fleet mesh tunnels active on $REMOTE"

View File

@@ -0,0 +1,50 @@
# Fleet-owned production tunnels on railiance01 (CUST-WP-0054-T02).
# Install to: ~/.config/bridge/tunnels.yaml on railiance01
#
# Replaces workstation reverse tunnels state-hub-railiance01 and
# issue-core-railiance01 with machine-local forward tunnels through coulombcore.
#
# activity-core (2026-07-06 Phase 3): STATE_HUB_URL is in-cluster; fleet-state-hub
# coulombcore retired. issue-core bridge still uses :18765 below.
tunnels:
fleet-state-hub-coulombcore:
host: 92.205.130.254
remote_port: 8000
local_port: 18000
direction: local
remote_host: 10.43.170.94
ssh_user: tegwick
ssh_key: ~/.ssh/id_ops
actor: atm-fleet-mesh
health_check:
url: http://127.0.0.1:18000/state/health
interval_seconds: 30
timeout_seconds: 5
reconnect:
max_attempts: 0
backoff_initial: 5
backoff_max: 60
fleet-issue-core-coulombcore:
host: 92.205.130.254
remote_port: 8765
local_port: 18765
direction: local
remote_host: 10.43.103.154
ssh_user: tegwick
ssh_key: ~/.ssh/id_ops
actor: atm-fleet-mesh
health_check:
url: http://127.0.0.1:18765/healthz
interval_seconds: 30
timeout_seconds: 5
reconnect:
max_attempts: 0
backoff_initial: 5
backoff_max: 60
actors:
atm-fleet-mesh:
class: atm
description: Railiance01 fleet mesh — direct production lanes to coulombcore cluster services

View File

@@ -0,0 +1,21 @@
[Unit]
Description=Fleet mesh issue-core forward tunnel (railiance01 to coulombcore cluster)
After=network-online.target
Wants=network-online.target
StartLimitIntervalSec=0
[Service]
Type=simple
ExecStart=/usr/bin/ssh -N \
-L 127.0.0.1:18765:10.43.103.154:8765 \
-i /home/tegwick/.ssh/id_ops \
-o ServerAliveInterval=10 \
-o ServerAliveCountMax=3 \
-o ExitOnForwardFailure=yes \
-o StrictHostKeyChecking=accept-new \
tegwick@92.205.130.254
Restart=always
RestartSec=5
[Install]
WantedBy=default.target

View File

@@ -0,0 +1,21 @@
[Unit]
Description=Fleet mesh State Hub forward tunnel (railiance01 to coulombcore cluster)
After=network-online.target
Wants=network-online.target
StartLimitIntervalSec=0
[Service]
Type=simple
ExecStart=/usr/bin/ssh -N \
-L 127.0.0.1:18000:10.43.170.94:8000 \
-i /home/tegwick/.ssh/id_ops \
-o ServerAliveInterval=10 \
-o ServerAliveCountMax=3 \
-o ExitOnForwardFailure=yes \
-o StrictHostKeyChecking=accept-new \
tegwick@92.205.130.254
Restart=always
RestartSec=5
[Install]
WantedBy=default.target

View File

@@ -0,0 +1,29 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 7d8036ee-b0c1-5e94-b07e-1a23cf1c83f7
instruction_id: daily-triage-report
scheduled_for: None
output_validated: false
review_required: true
model: custodian-triage-balanced
prompt_hash:
created: 2026-06-16T05:20:10.402106+00:00
---
# Daily State Hub WSJF Triage - 2026-06-16
Instruction daily-triage-report could not run; operator review is required.
Validation error:
`LLM_CONNECT_URL is not configured`
```json
{
"status": "execution_failed",
"summary": "Instruction daily-triage-report could not run; operator review is required.",
"validation_error": "LLM_CONNECT_URL is not configured"
}
```

View File

@@ -0,0 +1,29 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: d28fe4bf-37f0-5b4d-b8fa-2a6f32ae28f5
instruction_id: daily-triage-report
scheduled_for: None
output_validated: false
review_required: true
model: custodian-triage-balanced
prompt_hash:
created: 2026-06-17T05:20:08.544302+00:00
---
# Daily State Hub WSJF Triage - 2026-06-17
Instruction daily-triage-report could not run; operator review is required.
Validation error:
`LLM_CONNECT_URL is not configured`
```json
{
"status": "execution_failed",
"summary": "Instruction daily-triage-report could not run; operator review is required.",
"validation_error": "LLM_CONNECT_URL is not configured"
}
```

View File

@@ -0,0 +1,29 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 32fc1286-a3b7-5248-9b14-476a1ab3ae0d
instruction_id: daily-triage-report
scheduled_for: None
output_validated: false
review_required: true
model: custodian-triage-balanced
prompt_hash:
created: 2026-06-18T05:20:08.220681+00:00
---
# Daily State Hub WSJF Triage - 2026-06-18
Instruction daily-triage-report could not run; operator review is required.
Validation error:
`LLM_CONNECT_URL is not configured`
```json
{
"status": "execution_failed",
"summary": "Instruction daily-triage-report could not run; operator review is required.",
"validation_error": "LLM_CONNECT_URL is not configured"
}
```

View File

@@ -0,0 +1,40 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 04e7f289-53cb-55f5-9048-dc52ac0f4e1e
instruction_id: daily-triage-report
scheduled_for: 2026-06-19T12:00:50.354196+00:00
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 269e2e2093cc4703fe57bf7d33bb699471b13a1438ef6ceb1209525d9421cfab
created: 2026-06-19T12:00:56.799338+00:00
---
# Daily State Hub WSJF Triage - 2026-06-19
No active workstreams or inbox items to triage. The system is currently idle.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "system_idle_check",
"confidence": "high",
"rank": 1,
"why": "The digest indicates no active workstreams, inbox items, or next steps. This suggests the system is idle or there might be an issue with data ingestion. A human review is needed to confirm the operational status and identify potential missing data sources or processing issues.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 5.0,
"strategic_value": 4,
"time_criticality": 3
}
}
],
"summary": "No active workstreams or inbox items to triage. The system is currently idle."
}
```

View File

@@ -0,0 +1,175 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 67329161-90de-563b-b28e-f890a777f124
instruction_id: daily-triage-report
scheduled_for: 2026-06-19T13:35:33.177300+00:00
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 1147e4ad7b383004ea398ad91fdb51212ce2e03b1b27bd7a1d1d83ed792085c2
created: 2026-06-19T13:35:45.735439+00:00
---
# Daily State Hub WSJF Triage - 2026-06-19
Triage report focusing on high-priority workstreams with human dependencies and critical infrastructure migrations.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "hf-wp-0001",
"confidence": "high",
"rank": 1,
"why": "This workstream is critical for establishing ops-hub as the first VSM Inter-Hub Extension and has two high-priority tasks waiting on human input for API consumer creation and hardening.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 5,
"risk_reduction": 4,
"score": 5.0,
"strategic_value": 5,
"time_criticality": 5
}
},
{
"action": "needs-human",
"candidate": "ihub-wp-0022",
"confidence": "high",
"rank": 2,
"why": "This workstream is essential for Ops Hub Evidence Intake and has a high-priority task waiting on human input to provision the runtime API key.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 5,
"risk_reduction": 4,
"score": 4.8,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0049",
"confidence": "high",
"rank": 3,
"why": "This workstream is crucial for Inter-Hub Bootstrap Access Lane and has a high-priority task waiting on human input to execute the live Ops-Hub Bootstrap.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 5,
"risk_reduction": 4,
"score": 4.8,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "hf-wp-0002",
"confidence": "high",
"rank": 4,
"why": "This workstream aims to expose the OpenBao Browser UI and has a high-priority task waiting on human input to add the UI Redirect URI.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 5,
"risk_reduction": 4,
"score": 4.5,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "adhoc-2026-06-15",
"confidence": "high",
"rank": 5,
"why": "This ad-hoc workstream addresses production fixes for Inter-Hub and has a high-priority task waiting on human input to fix COUNT decode failures.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 1,
"risk_reduction": 5,
"score": 4.5,
"strategic_value": 5,
"time_criticality": 5
}
},
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "medium",
"rank": 6,
"why": "The Forgejo Production Migration has multiple human-dependent tasks, including resolving design decisions, which are critical for this infrastructure migration.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 4.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "activity-wp-0006",
"confidence": "medium",
"rank": 7,
"why": "The 'Post-triage operational hardening' workstream has a task awaiting human feedback for calibration, which is important for system stability.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 2,
"risk_reduction": 5,
"score": 3.7,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0047",
"confidence": "high",
"rank": 8,
"why": "This workstream is ready to activate Ops-Hub Widgets in Inter-Hub, which is a key step for the 'Ops Hub Service Inventory Now View'.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 3.5,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0011",
"confidence": "high",
"rank": 9,
"why": "The Pragmatic State Hub Migration to railiance01 is in progress with tasks to build and push the container image, and deploy to the cluster. This is a critical infrastructure migration.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 2,
"risk_reduction": 4,
"score": 3.5,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "cust-wp-0025",
"confidence": "medium",
"rank": 10,
"why": "The FOS Hub Bootstrap is a large, strategic initiative with many tasks, including refactoring state-hub. Progress on this is important for future hub extraction.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 3.0,
"strategic_value": 5,
"time_criticality": 3
}
}
],
"summary": "Triage report focusing on high-priority workstreams with human dependencies and critical infrastructure migrations."
}
```

View File

@@ -0,0 +1,40 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 955c9bb2-bb86-5e5a-8c86-849ee947e783
instruction_id: daily-triage-report
scheduled_for: 2026-06-19T12:00:49.968164+00:00
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 269e2e2093cc4703fe57bf7d33bb699471b13a1438ef6ceb1209525d9421cfab
created: 2026-06-19T12:00:52.563488+00:00
---
# Daily State Hub WSJF Triage - 2026-06-19
No immediate actionable items identified from the digest. The system is operating as expected with no unread inbox items or open workstreams.
```json
{
"recommendations": [
{
"action": "revisit",
"candidate": "system_monitoring",
"confidence": "high",
"rank": 1,
"why": "The digest indicates no immediate issues or pending tasks. Revisit system monitoring to ensure continued stability and to catch any emerging patterns not yet flagged.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 4,
"score": 4.0,
"strategic_value": 3,
"time_criticality": 3
}
}
],
"summary": "No immediate actionable items identified from the digest. The system is operating as expected with no unread inbox items or open workstreams."
}
```

View File

@@ -0,0 +1,29 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: ffa9f633-5f1d-5737-819d-bcb83454a9a6
instruction_id: daily-triage-report
scheduled_for: None
output_validated: false
review_required: true
model: custodian-triage-balanced
prompt_hash:
created: 2026-06-19T05:20:08.459343+00:00
---
# Daily State Hub WSJF Triage - 2026-06-19
Instruction daily-triage-report could not run; operator review is required.
Validation error:
`LLM_CONNECT_URL is not configured`
```json
{
"status": "execution_failed",
"summary": "Instruction daily-triage-report could not run; operator review is required.",
"validation_error": "LLM_CONNECT_URL is not configured"
}
```

View File

@@ -0,0 +1,85 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 6f635297-e253-5f1f-ac6a-3b1f68b68ff7
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 269e2e2093cc4703fe57bf7d33bb699471b13a1438ef6ceb1209525d9421cfab
created: 2026-06-20T05:20:04.034187+00:00
---
# Daily State Hub WSJF Triage - 2026-06-20
No immediate actionable items identified from the digest. The system indicates a future mode for high-gain, high-effort candidates, suggesting a need for more data or a shift in operational focus.
```json
{
"recommendations": [
{
"action": "revisit",
"candidate": "future_mode:code_score_high_gain_high_effort_candidates",
"confidence": "medium",
"rank": 1,
"why": "The system is configured for a 'future mode' focusing on high-gain, high-effort candidates. This suggests a strategic shift or a need for more data to identify such candidates. Revisit to understand the implications and next steps for this mode.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 4.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "inbox",
"confidence": "high",
"rank": 2,
"why": "The inbox shows 0 unread items and no samples. While this might indicate a clean slate, it's unusual for an active system. A human review is needed to confirm if this is expected or if there's an issue with data ingestion or display.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 4,
"score": 3.0,
"strategic_value": 2,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "open_workstreams",
"confidence": "high",
"rank": 3,
"why": "The 'open_workstreams' field is empty. This could mean there are no active workstreams, or there's a data collection issue. A human needs to verify the expected state of open workstreams.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 2.7,
"strategic_value": 2,
"time_criticality": 2
}
},
{
"action": "needs-human",
"candidate": "next_steps",
"confidence": "high",
"rank": 4,
"why": "The 'next_steps' field is empty. This could indicate a lack of defined actions or a data collection issue. A human needs to verify if there should be any pending next steps.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 2.7,
"strategic_value": 2,
"time_criticality": 2
}
}
],
"summary": "No immediate actionable items identified from the digest. The system indicates a future mode for high-gain, high-effort candidates, suggesting a need for more data or a shift in operational focus."
}
```

View File

@@ -0,0 +1,175 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 3700a339-9e06-5dfc-9fdc-ef2293fbe331
instruction_id: daily-triage-report
scheduled_for: 2026-06-21T15:58:14.460564+00:00
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 79ec9692595f29451c293eb66a41a01a844e8d3314c1fe5d1e7914c33841bff0
created: 2026-06-21T15:58:36.880459+00:00
---
# Daily State Hub WSJF Triage - 2026-06-21
Triage report for Daily State Hub WSJF, focusing on high-priority workstreams with human intervention or critical dependencies.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "IHUB-WP-0022",
"confidence": "high",
"rank": 1,
"why": "This workstream has a high planning priority and a critical task ('Provision the runtime API key outside Git') that requires human intervention to unblock. It's a key dependency for Ops Hub Evidence Intake.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 5,
"risk_reduction": 4,
"score": 4.5,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "CUST-WP-0049",
"confidence": "high",
"rank": 2,
"why": "This workstream is high priority and has a single, critical 'wait' task requiring human execution ('Execute Live Ops-Hub Bootstrap'). Unblocking this will enable Inter-Hub functionality.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 2,
"risk_reduction": 4,
"score": 4.0,
"strategic_value": 5,
"time_criticality": 5
}
},
{
"action": "needs-human",
"candidate": "RAIL-HO-WP-0005",
"confidence": "high",
"rank": 3,
"why": "This workstream has 4 tasks requiring human intervention, including resolving Forgejo production design decisions. This is a critical migration for the railiance infrastructure.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 2,
"risk_reduction": 5,
"score": 3.8,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "ACTIVITY-WP-0006",
"confidence": "medium",
"rank": 4,
"why": "This workstream has a 'wait' task ('Three-Run Calibration Feedback') requiring human input, which is important for operational hardening post-triage.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 5,
"score": 3.7,
"strategic_value": 3,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "CUST-WP-0047",
"confidence": "high",
"rank": 5,
"why": "This high-priority workstream has a single 'wait' task ('Activate Ops-Hub Widgets In Inter-Hub') that can be actioned to progress the Ops Hub Service Inventory.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 3.5,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "ACTIVITY-WP-0012",
"confidence": "medium",
"rank": 6,
"why": "This workstream has a 'wait' task ('Live No-Restart Smoke') that can be executed to validate the Definition and Schedule Hot Reload functionality.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 3.0,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "revisit",
"candidate": "CUST-WP-0025",
"confidence": "medium",
"rank": 7,
"why": "This workstream has a large number of 'todo' tasks and dependencies on other workstreams (NK-WP-0001, NK-WP-0002). It's a large bootstrap effort that needs to be regularly checked for unblocking.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 4,
"risk_reduction": 2,
"score": 2.8,
"strategic_value": 5,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "CUST-WP-0011",
"confidence": "high",
"rank": 8,
"why": "This workstream is actively migrating State Hub to railiance01. The next steps involve building and pushing the container image, then deploying and migrating data.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 2.8,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "ISSUE-WP-0003",
"confidence": "medium",
"rank": 9,
"why": "This workstream is deploying issue-core to railiance01. The next steps involve setting up ArgoCD bootstrap and Kubernetes manifests, with a dependency on OpenBao for secrets.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 2.8,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "revisit",
"candidate": "WARDEN-WP-0009",
"confidence": "high",
"rank": 10,
"why": "This workstream is blocked and has a low planning priority. It should be revisited periodically to see if the blocking condition has been resolved or if its priority has changed.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 2.0,
"strategic_value": 2,
"time_criticality": 1
}
}
],
"summary": "Triage report for Daily State Hub WSJF, focusing on high-priority workstreams with human intervention or critical dependencies."
}
```

View File

@@ -0,0 +1,175 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 53460e63-8a04-5209-83ac-c360b44f162f
instruction_id: daily-triage-report
scheduled_for: 2026-06-21T17:45:22.695777+00:00
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 09bb667360681458904de55dc29307a33cf3497177147eb3f28c7756af2772d3
created: 2026-06-21T17:45:46.036481+00:00
---
# Daily State Hub WSJF Triage - 2026-06-21
Daily State Hub WSJF triage report based on current workstream status and task counts.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "ihub-wp-0022",
"confidence": "high",
"rank": 1,
"why": "This workstream has a high planning priority and a human-needed task (T04 - Provision the runtime API key outside Git) that is currently waiting, blocking further progress. Addressing this human dependency is critical for unblocking the inter-hub integration.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 8.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0049",
"confidence": "high",
"rank": 2,
"why": "This workstream is high priority and has a critical human-needed task (Task: Execute Live Ops-Hub Bootstrap) that is currently waiting. This is a direct blocker for establishing the Inter-Hub Bootstrap Access Lane.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 8.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "high",
"rank": 3,
"why": "This workstream has a high number of open tasks (12) and 4 tasks requiring human intervention, with 'T02 - Resolve Forgejo production design decisions' being a high-priority todo. Addressing these human dependencies is crucial for the Forgejo Production Migration.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 6.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "artifact-store-wp-0007",
"confidence": "high",
"rank": 4,
"why": "This high-priority workstream has 5 todo tasks and no human dependencies, making it a good candidate for immediate progress. The tasks involve critical assessments for MinIO compatibility and STS credential vending.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 5.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0047",
"confidence": "high",
"rank": 5,
"why": "This high-priority workstream has a single waiting task ('Activate Ops-Hub Widgets In Inter-Hub') with no human dependencies. It's ready for immediate action to enable the Ops Hub Service Inventory Now View.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 5.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "activity-wp-0006",
"confidence": "medium",
"rank": 6,
"why": "This workstream has a human-needed task ('Three-Run Calibration Feedback') that is currently waiting. Addressing this feedback is important for the 'Post-triage operational hardening' efforts.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 4.0,
"strategic_value": 3,
"time_criticality": 2
}
},
{
"action": "work-next",
"candidate": "issue-wp-0003",
"confidence": "high",
"rank": 7,
"why": "This workstream is actively deploying issue-core and has several high-priority tasks in todo and progress, including setting up Kubernetes manifests and OpenBao secrets. Continued work is needed to complete the deployment.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 2,
"score": 3.7,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0011",
"confidence": "medium",
"rank": 8,
"why": "This workstream is in progress with 6 todo tasks for the pragmatic State Hub migration. Continued work is needed to build, deploy, and migrate data to the new cluster.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 2,
"score": 3.7,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0025",
"confidence": "medium",
"rank": 9,
"why": "This workstream has a large number of todo tasks (21) for the FOS Hub Bootstrap. While it has a progress task, there's significant work remaining, including completing other workplans and refactoring state-hub.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 3,
"risk_reduction": 2,
"score": 3.0,
"strategic_value": 5,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "activity-wp-0012",
"confidence": "medium",
"rank": 10,
"why": "This workstream has a single waiting task ('Live No-Restart Smoke') with no human dependencies. It's ready for immediate action to validate the Definition And Schedule Hot Reload functionality.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 2,
"score": 3.0,
"strategic_value": 3,
"time_criticality": 2
}
}
],
"summary": "Daily State Hub WSJF triage report based on current workstream status and task counts."
}
```

View File

@@ -0,0 +1,70 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: f884fae1-2dd3-56c1-bc1e-f9335b40d03d
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 269e2e2093cc4703fe57bf7d33bb699471b13a1438ef6ceb1209525d9421cfab
created: 2026-06-21T05:20:03.992784+00:00
---
# Daily State Hub WSJF Triage - 2026-06-21
No immediate actionable items identified from the digest. The system indicates a future mode for high-gain, high-effort candidates, suggesting a need for more data or a shift in operational focus.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "system_operational_mode",
"confidence": "high",
"rank": 1,
"why": "The digest indicates a 'future_mode' for 'code_score_high_gain_high_effort_candidates' but provides no current candidates or open workstreams. A human review is needed to understand if this is an expected state, if there's a backlog of high-gain candidates not yet processed, or if the system is awaiting further input to identify such candidates.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 4.5,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "revisit",
"candidate": "data_ingestion_and_processing",
"confidence": "medium",
"rank": 2,
"why": "The digest shows empty 'samples', 'next_steps', 'open_workstreams', and 'totals', with an 'unread_count' of 0. This suggests either a very clean state or a potential issue with data ingestion or processing. Revisit to ensure data pipelines are functioning as expected and that no relevant information is being missed.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 3.8,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "needs-consistency-sync",
"candidate": "deterministic_scoring_configuration",
"confidence": "medium",
"rank": 3,
"why": "The 'deterministic_scoring' section specifies 'candidate_fields' and a 'future_mode'. While this is a configuration, the lack of actual scored candidates implies a potential mismatch between configuration and current operational data. A consistency sync might be needed to ensure the scoring mechanism is correctly applied or to understand why no candidates are being generated.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 3.0,
"strategic_value": 3,
"time_criticality": 2
}
}
],
"summary": "No immediate actionable items identified from the digest. The system indicates a future mode for high-gain, high-effort candidates, suggesting a need for more data or a shift in operational focus."
}
```

View File

@@ -0,0 +1,70 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: a3f73bdd-1a0a-533f-80a3-1eb58787c499
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 269e2e2093cc4703fe57bf7d33bb699471b13a1438ef6ceb1209525d9421cfab
created: 2026-06-22T05:20:03.559598+00:00
---
# Daily State Hub WSJF Triage - 2026-06-22
The digest indicates no immediate actionable items or open workstreams. The deterministic scoring is set to 'code_score_high_gain_high_effort_candidates' for future mode, suggesting a focus on identifying significant but potentially complex work.
```json
{
"recommendations": [
{
"action": "revisit",
"candidate": "deterministic_scoring_future_mode_review",
"confidence": "high",
"rank": 1,
"why": "The 'future_mode' for deterministic scoring is set to 'code_score_high_gain_high_effort_candidates'. This setting implies a strategic shift towards identifying complex, high-impact work. It's important to revisit this to ensure alignment with current operational goals and to prepare for potential changes in work prioritization.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 4.5,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "revisit",
"candidate": "inbox_monitoring",
"confidence": "medium",
"rank": 2,
"why": "The inbox shows 0 unread count and no samples. While this is good, it's crucial to ensure the inbox monitoring system is functioning correctly and that no critical communications are being missed. A periodic check of the underlying system health is warranted.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 4,
"score": 3.0,
"strategic_value": 2,
"time_criticality": 2
}
},
{
"action": "revisit",
"candidate": "digest_generation_status",
"confidence": "medium",
"rank": 3,
"why": "The 'generated_at' field is null, which could indicate an issue with the digest generation process or simply that it hasn't been generated recently. This should be checked to ensure the system is producing up-to-date information.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 2.7,
"strategic_value": 2,
"time_criticality": 3
}
}
],
"summary": "The digest indicates no immediate actionable items or open workstreams. The deterministic scoring is set to 'code_score_high_gain_high_effort_candidates' for future mode, suggesting a focus on identifying significant but potentially complex work."
}
```

View File

@@ -0,0 +1,55 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 30458b8a-75a6-59aa-ab48-7401b3dcacd3
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 269e2e2093cc4703fe57bf7d33bb699471b13a1438ef6ceb1209525d9421cfab
created: 2026-06-23T05:20:03.225320+00:00
---
# Daily State Hub WSJF Triage - 2026-06-23
The digest indicates no immediate high-priority items or open workstreams. The deterministic scoring is set to identify high-gain, high-effort candidates, but no specific candidates were provided in this digest. The inbox is empty, suggesting no new urgent communications.
```json
{
"recommendations": [
{
"action": "revisit",
"candidate": "future_mode: code_score_high_gain_high_effort_candidates",
"confidence": "medium",
"rank": 1,
"why": "The system is configured to identify high-gain, high-effort candidates, but no such candidates were presented in this digest. Revisit to ensure this mode is actively generating and presenting relevant work.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 2,
"score": 3.0,
"strategic_value": 3,
"time_criticality": 2
}
},
{
"action": "close-out",
"candidate": "inbox",
"confidence": "high",
"rank": 2,
"why": "The inbox is empty, indicating no unread messages or pending communications. This item can be closed out for this cycle.",
"wsjf": {
"job_size": 1,
"opportunity_enablement": 1,
"risk_reduction": 1,
"score": 4.0,
"strategic_value": 1,
"time_criticality": 1
}
}
],
"summary": "The digest indicates no immediate high-priority items or open workstreams. The deterministic scoring is set to identify high-gain, high-effort candidates, but no specific candidates were provided in this digest. The inbox is empty, suggesting no new urgent communications."
}
```

View File

@@ -0,0 +1,175 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: a443277f-774a-5903-bd88-0144e3466ad2
instruction_id: daily-triage-report
scheduled_for: 2026-06-23T17:49:02.292251+00:00
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: bc97b129553d412e6b6d3f8d42b42db588840f3258ef17f57d4023e6e85050ea
created: 2026-06-23T17:50:56.020702+00:00
---
# Daily State Hub WSJF Triage - 2026-06-23
Triage report focusing on high-priority workstreams with human dependencies or critical infrastructure migrations.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "cust-wp-0049",
"confidence": "high",
"rank": 1,
"why": "This workstream has a high-priority task requiring human intervention ('Execute Live Ops-Hub Bootstrap') and is critical for Inter-Hub functionality. Addressing this human dependency is key to unblocking progress.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 5.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "ihub-wp-0022",
"confidence": "high",
"rank": 2,
"why": "This workstream has a high-priority task ('Provision the runtime API key outside Git') that requires human input. Resolving this will unblock further progress on Ops Hub Evidence Intake.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 4.7,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "high",
"rank": 3,
"why": "This workstream has a high-priority task ('Resolve Forgejo production design decisions') requiring human input. This is a critical migration with significant strategic value.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 4.3,
"strategic_value": 5,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0011",
"confidence": "high",
"rank": 4,
"why": "This workstream is actively migrating State Hub to railiance01, with a task in progress and several high-priority todo items. Continuing this migration is strategically important.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 4.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "issue-wp-0003",
"confidence": "high",
"rank": 5,
"why": "This workstream is actively deploying issue-core with tasks in progress and waiting. The resolved decision for ArgoCD bootstrap indicates readiness for continued execution.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 4.0,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "artifact-store-wp-0007",
"confidence": "medium",
"rank": 6,
"why": "This workstream has several high-priority todo tasks related to MinIO/MaxIO assessment and STS credential vending, which are critical for artifact storage infrastructure.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 3.8,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "net-wp-0020",
"confidence": "medium",
"rank": 7,
"why": "This workstream has high-priority todo tasks for OpenBao unseal automation, which is important for security and operational efficiency.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 4,
"score": 3.7,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0047",
"confidence": "medium",
"rank": 8,
"why": "This workstream has a high-priority waiting task to activate Ops-Hub Widgets, which will enable visibility into service inventory.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 2,
"score": 3.3,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "activity-wp-0006",
"confidence": "medium",
"rank": 9,
"why": "This workstream has a medium-priority task ('Three-Run Calibration Feedback') requiring human input for operational hardening.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 3.0,
"strategic_value": 3,
"time_criticality": 2
}
},
{
"action": "revisit",
"candidate": "warden-wp-0009",
"confidence": "high",
"rank": 10,
"why": "This workstream is blocked and has a low planning priority. It should be revisited once higher priority items are addressed or dependencies are resolved.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 1,
"risk_reduction": 2,
"score": 2.0,
"strategic_value": 2,
"time_criticality": 1
}
}
],
"summary": "Triage report focusing on high-priority workstreams with human dependencies or critical infrastructure migrations."
}
```

View File

@@ -0,0 +1,175 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: fa6fd13d-47ec-5017-adf2-b3f9d2d57d18
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 065a6ae1993c2d5d26260dfe91a8db05f1c5a77716a6a3c9be4a09b3c9d2d972
created: 2026-06-24T05:20:54.824889+00:00
---
# Daily State Hub WSJF Triage - 2026-06-24
Triage report for Daily State Hub WSJF, focusing on high-priority workstreams with human dependencies and critical infrastructure migrations.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "ihub-wp-0022",
"confidence": "high",
"rank": 1,
"why": "This workstream has a high planning priority and a critical 'needs_human' task ('T04 - Provision the runtime API key outside Git') that is blocking progress. Addressing this human dependency is crucial for unblocking the entire 'Ops Hub Evidence Intake' process.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 5.0,
"strategic_value": 5,
"time_criticality": 5
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0049",
"confidence": "high",
"rank": 2,
"why": "This workstream is high priority and has a single 'needs_human' task ('Task: Execute Live Ops-Hub Bootstrap') which is the only open task. Resolving this human dependency will complete the workstream and enable Inter-Hub bootstrap access.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 5,
"risk_reduction": 4,
"score": 5.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "high",
"rank": 3,
"why": "The Forgejo Production Migration has 4 'needs_human' tasks, including 'T02 \u2014 Resolve Forgejo production design decisions', which is likely a critical blocker for the entire migration. Resolving these human dependencies is essential for a smooth and timely migration.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 4,
"risk_reduction": 5,
"score": 4.5,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "cust-wp-0011",
"confidence": "high",
"rank": 4,
"why": "This workstream is actively migrating State Hub to ThreePhoenix, with a task in progress ('T03 \u2014 Build and push State Hub container image') and high-priority 'todo' tasks remaining. Continued focus is needed to complete this critical infrastructure migration.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 4.3,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "issue-wp-0003",
"confidence": "high",
"rank": 5,
"why": "This workstream is deploying 'issue-core' as a service, with tasks in progress and critical 'wait' tasks like 'ArgoCD bootstrap' and 'OpenBao secret'. Continued progress is needed to get 'issue-core' operational.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 4.0,
"strategic_value": 4,
"time_criticality": 5
}
},
{
"action": "work-next",
"candidate": "cust-wp-0047",
"confidence": "medium",
"rank": 6,
"why": "This high-priority workstream has one remaining 'wait' task ('Task: Activate Ops-Hub Widgets In Inter-Hub'). This task is likely dependent on other completed work, and its completion will enable the 'Ops Hub Service Inventory Now View'.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 5,
"risk_reduction": 3,
"score": 4.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "artifact-store-wp-0007",
"confidence": "medium",
"rank": 7,
"why": "This high-priority workstream has several 'todo' tasks related to MinIO/MaxIO assessment and STS credential vending. These are foundational tasks for artifact storage and security, requiring active development.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 3.8,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "net-wp-0020",
"confidence": "medium",
"rank": 8,
"why": "This workstream focuses on OpenBao Unseal Custody and SSH Automation, with 'todo' and 'wait' tasks. This is critical for security and operational efficiency, requiring continued attention.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 2,
"risk_reduction": 5,
"score": 3.7,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "activity-wp-0006",
"confidence": "medium",
"rank": 9,
"why": "This workstream has a 'needs_human' task ('Three-Run Calibration Feedback') which is currently in a 'wait' state. Addressing this human input is necessary to unblock the 'Post-triage operational hardening'.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 3.0,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0025",
"confidence": "low",
"rank": 10,
"why": "The FOS Hub Bootstrap has many 'todo' tasks, including dependencies on other workstreams (NK-WP-0001, NK-WP-0002). While not immediately blocked by human input, it represents a significant body of work that needs to be actively progressed.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 5,
"risk_reduction": 3,
"score": 2.8,
"strategic_value": 4,
"time_criticality": 2
}
}
],
"summary": "Triage report for Daily State Hub WSJF, focusing on high-priority workstreams with human dependencies and critical infrastructure migrations."
}
```

View File

@@ -0,0 +1,175 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 7c915653-b7b6-5957-a9ee-56512cf53de3
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 37b881fcb93f5576290c675d26a268746c93d2ca8d1cdbb6593d1eab27be48a0
created: 2026-06-25T05:20:45.352426+00:00
---
# Daily State Hub WSJF Triage - 2026-06-25
Triage report for Daily State Hub WSJF, focusing on high-priority workstreams with pending human intervention or critical dependencies.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "ihub-wp-0022",
"confidence": "high",
"rank": 1,
"why": "This workstream has a high planning priority and a critical task (T04 - Provision the runtime API key outside Git) that requires human intervention to unblock. It is a key component for Ops Hub Evidence Intake.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 5,
"risk_reduction": 4,
"score": 4.5,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0049",
"confidence": "high",
"rank": 2,
"why": "This workstream is high priority and has a single, critical task (Execute Live Ops-Hub Bootstrap) awaiting human action. It's essential for establishing the Inter-Hub access lane.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 4.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "high",
"rank": 3,
"why": "This workstream has multiple tasks requiring human input, specifically 'Resolve Forgejo production design decisions', which is a high-priority blocker for the Forgejo Production Migration.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 3.8,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "activity-wp-0006",
"confidence": "medium",
"rank": 4,
"why": "The 'Three-Run Calibration Feedback' task is waiting for human input, which is crucial for the Post-triage operational hardening of Activity Core.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 3.3,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "railiance-platform-railiance-wp-0005",
"confidence": "high",
"rank": 5,
"why": "This workstream is marked 'ready' and has a cleared dependency. It's high priority and has 10 todo tasks, making it ripe for immediate action to define credential grants and configure OpenBao roles.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 3.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "artifact-store-wp-0007",
"confidence": "high",
"rank": 6,
"why": "This high-priority workstream has 5 'todo' tasks, including critical assessments for MinIO/MaxIO and STS Credential Vending, which are important for artifact storage and security.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 3.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0047",
"confidence": "high",
"rank": 7,
"why": "This high-priority workstream has one 'wait' task to activate Ops-Hub Widgets in Inter-Hub. Given its high priority and single blocking task, it should be addressed next.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 2.8,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "revisit",
"candidate": "issue-wp-0003",
"confidence": "medium",
"rank": 8,
"why": "This workstream has a resolved decision for ArgoCD bootstrap but still has two 'wait' tasks. Revisit to ensure the resolved decision has unblocked these tasks and to identify the next actionable step.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 2,
"score": 2.5,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0011",
"confidence": "medium",
"rank": 9,
"why": "This workstream is actively migrating State Hub and has high-priority 'todo' tasks for deployment and data migration. Progress on these tasks is critical for the migration.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 2,
"score": 2.5,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "revisit",
"candidate": "cust-wp-0025",
"confidence": "medium",
"rank": 10,
"why": "This workstream has many 'todo' tasks but depends on other workstreams (NK-WP-0001, NK-WP-0002). Revisit to check the status of these dependencies before proceeding with its own tasks.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 2,
"risk_reduction": 2,
"score": 2.0,
"strategic_value": 3,
"time_criticality": 2
}
}
],
"summary": "Triage report for Daily State Hub WSJF, focusing on high-priority workstreams with pending human intervention or critical dependencies."
}
```

View File

@@ -0,0 +1,30 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: c7370f9c-6ce7-5e21-a573-d58fc3edc325
instruction_id: daily-triage-report
scheduled_for: None
output_validated: false
review_required: true
model: custodian-triage-balanced
prompt_hash: cc24616f088cde74e0ca1edcf7f9d864a6f0f63da6c54b9302be4779741f1e5a
created: 2026-06-26T05:20:56.151627+00:00
---
# Daily State Hub WSJF Triage - 2026-06-26
Instruction daily-triage-report produced output that failed validation; partial output was preserved for operator review.
Validation error:
`Expecting ',' delimiter: line 136 column 22 (char 5268)`
```json
{
"raw_output_preview": "{\n \"summary\": \"Triage report focusing on high-priority workstreams with pending human intervention or critical dependencies, and addressing recently cleared dependencies to unblock progress.\",\n \"recommendations\": [\n {\n \"rank\": 1,\n \"candidate\": \"2731fece-6c49-45b8-ab8a-4ea6c04ac603\",\n \"action\": \"work-next\",\n \"why\": \"A critical dependency (T03 - Configure bounded OpenBao token roles and policies) for this workstream has been cleared, unblocking significant progress on credential management. This workstream has 8 todo tasks and no waits, indicating it's ready for immediate action.\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 5.0,\n \"strategic_value\": 5,\n \"time_criticality\": 5,\n \"risk_reduction\": 4,\n \"opportunity_enablement\": 5,\n \"job_size\": 4\n }\n },\n {\n \"rank\": 2,\n \"candidate\": \"bd086c41-287d-4a4e-8ac5-9ab270f14d72\",\n \"action\": \"needs-human\",\n \"why\": \"This high-priority workstream has a 'needs_human' task (T04 - Provision the runtime API key outside Git) and is currently blocked by 3 'wait' tasks. Human intervention is required to unblock progress.\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 4.7,\n \"strategic_value\": 5,\n \"time_criticality\": 4,\n \"risk_reduction\": 5,\n \"opportunity_enablement\": 4,\n \"job_size\": 3\n }\n },\n {\n \"rank\": 3,\n \"candidate\": \"9b56414a-c71f-4e72-9b2b-d2166aaf50d0\",\n \"action\": \"needs-human\",\n \"why\": \"This high-priority workstream has a 'needs_human' task (Task: Execute Live Ops-Hub Bootstrap) and is currently blocked by a 'wait' task. Human intervention is required to proceed with the bootstrap.\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 4.7,\n \"strategic_value\": 5,\n \"time_criticality\": 4,\n \"risk_reduction\": 5,\n \"opportunity_enablement\": 4,\n \"job_size\": 3\n }\n },\n {\n \"rank\": 4,\n \"candidate\": \"84e17675-0d15-4268-a8bd-540124d37018\",\n \"action\": \"needs-human\",\n \"why\": \"This workstream has 4 'needs_human' tasks, including 'T02 \u2014 Resolve Forgejo production design decisions', indicating significant human input is required to move forward with the migration.\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 4.0,\n \"strategic_value\": 4,\n \"time_criticality\": 4,\n \"risk_reduction\": 4,\n \"opportunity_enablement\": 4,\n \"job_size\": 4\n }\n },\n {\n \"rank\": 5,\n \"candidate\": \"5646e13a-13af-4724-bca6-3c0d86f96733\",\n \"action\": \"needs-human\",\n \"why\": \"This workstream has a 'needs_human' task ('Three-Run Calibration Feedback') and is currently in a 'wait' state. Human feedback is crucial for operational hardening.\",\n \"confidence\": \"medium\",\n \"wsjf\": {\n \"score\": 3.7,\n \"strategic_value\": 4,\n \"time_criticality\": 3,\n \"risk_reduction\": 4,\n \"opportunity_enablement\": 4,\n \"job_size\": 4\n }\n },\n {\n \"rank\": 6,\n \"candidate\": \"896ace77-21b3-450b-8fb7-254aefc8c570\",\n \"action\": \"close-out\",\n \"why\": \"The task 'Wire activity-core to the live service' has been resolved, and the workstream shows 2 progress tasks with 0 todo/wait tasks. This indicates the deployment is likely complete or nearing completion and ready for close-out after verification.\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 3.7,\n \"strategic_value\": 4,\n \"time_criticality\": 3,\n \"risk_reduction\": 4,\n \"opportunity_enablement\": 4,\n \"job_size\": 4\n }\n },\n {\n \"rank\": 7,\n \"candidate\": \"656e435d-3a00-4f5e-a38e-114467f9062e\",\n \"action\": \"work-next\",\n \"why\": \"This high-priority workstream has a single 'wait' task ('Task: Activate Ops-Hub Widgets In Inter-Hub') and no 'needs_human' tasks. It appears ready for the next step to activate the widgets.\",\n \"confidence\": \"medium\",\n \"wsjf",
"status": "validation_failed",
"summary": "Instruction daily-triage-report produced output that failed validation; partial output was preserved for operator review.",
"validation_error": "Expecting ',' delimiter: line 136 column 22 (char 5268)"
}
```

View File

@@ -0,0 +1,30 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: ebec6e41-2d94-5a9b-8a5a-4e4d9734751c
instruction_id: daily-triage-report
scheduled_for: None
output_validated: false
review_required: true
model: custodian-triage-balanced
prompt_hash: 0bf0a3305908a822d6cf18e94681a37c8757e659c5d20b029e2444976a719d36
created: 2026-06-27T05:20:55.643385+00:00
---
# Daily State Hub WSJF Triage - 2026-06-27
Instruction daily-triage-report produced output that failed validation; partial output was preserved for operator review.
Validation error:
`Unterminated string starting at: line 143 column 14 (char 5246)`
```json
{
"raw_output_preview": "{\n \"summary\": \"Triage report for Daily State Hub WSJF, focusing on high-priority workstreams with human intervention needs or critical dependencies.\",\n \"recommendations\": [\n {\n \"rank\": 1,\n \"candidate\": \"bd086c41-287d-4a4e-8ac5-9ab270f14d72\",\n \"action\": \"needs-human\",\n \"why\": \"This workstream has a high planning priority and a 'needs_human' task that is currently waiting. Addressing this human dependency is critical to unblock progress on Ops Hub Evidence Intake.\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 4.5,\n \"strategic_value\": 5,\n \"time_criticality\": 4,\n \"risk_reduction\": 4,\n \"opportunity_enablement\": 5,\n \"job_size\": 4\n }\n },\n {\n \"rank\": 2,\n \"candidate\": \"9b56414a-c71f-4e72-9b2b-d2166aaf50d0\",\n \"action\": \"needs-human\",\n \"why\": \"This workstream is high priority and has a 'needs_human' task that is waiting. Unblocking the 'Execute Live Ops-Hub Bootstrap' task is crucial for the Inter-Hub Bootstrap Access Lane.\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 4.5,\n \"strategic_value\": 5,\n \"time_criticality\": 4,\n \"risk_reduction\": 4,\n \"opportunity_enablement\": 5,\n \"job_size\": 4\n }\n },\n {\n \"rank\": 3,\n \"candidate\": \"2731fece-6c49-45b8-ab8a-4ea6c04ac603\",\n \"action\": \"needs-human\",\n \"why\": \"This workstream is blocked and has multiple 'needs_human' tasks. Addressing these human dependencies is essential to unblock the Credential Request and Lease Broker, which is a high-priority financial domain item.\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 4.0,\n \"strategic_value\": 5,\n \"time_criticality\": 5,\n \"risk_reduction\": 5,\n \"opportunity_enablement\": 5,\n \"job_size\": 5\n }\n },\n {\n \"rank\": 4,\n \"candidate\": \"84e17675-0d15-4268-a8bd-540124d37018\",\n \"action\": \"needs-human\",\n \"why\": \"The Forgejo Production Migration has a 'needs_human' task to 'Resolve Forgejo production design decisions'. This is a critical step for a high-priority migration.\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 4.0,\n \"strategic_value\": 4,\n \"time_criticality\": 4,\n \"risk_reduction\": 4,\n \"opportunity_enablement\": 4,\n \"job_size\": 4\n }\n },\n {\n \"rank\": 5,\n \"candidate\": \"5646e13a-13af-4724-bca6-3c0d86f96733\",\n \"action\": \"needs-human\",\n \"why\": \"The 'Post-triage operational hardening' workstream has a 'needs_human' task for 'Three-Run Calibration Feedback'. This feedback is important for improving operational robustness.\",\n \"confidence\": \"medium\",\n \"wsjf\": {\n \"score\": 3.7,\n \"strategic_value\": 4,\n \"time_criticality\": 3,\n \"risk_reduction\": 4,\n \"opportunity_enablement\": 4,\n \"job_size\": 4\n }\n },\n {\n \"rank\": 6,\n \"candidate\": \"656e435d-3a00-4f5e-a38e-114467f9062e\",\n \"action\": \"work-next\",\n \"why\": \"This high-priority workstream has a single waiting task 'Activate Ops-Hub Widgets In Inter-Hub' with no human dependency. This seems ready for immediate execution.\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 3.7,\n \"strategic_value\": 4,\n \"time_criticality\": 4,\n \"risk_reduction\": 3,\n \"opportunity_enablement\": 4,\n \"job_size\": 4\n }\n },\n {\n \"rank\": 7,\n \"candidate\": \"21cabc98-3f80-4d00-b3b7-06e2ac2af88f\",\n \"action\": \"work-next\",\n \"why\": \"The 'Infrastructure Stabilization Metaplan' has several high-priority 'todo' tasks, including closing the Ops-Hub Inter-Hub Evidence Lane and stabilizing Daily-Triage Automation. These are critical for overall system health.\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 3.7,\n \"strategic_value\": 5,\n \"time_criticality\": 4,\n \"risk_reduction\": 5,\n \"opportunity_enablement\": 3,\n \"job_size\": 5\n }\n ",
"status": "validation_failed",
"summary": "Instruction daily-triage-report produced output that failed validation; partial output was preserved for operator review.",
"validation_error": "Unterminated string starting at: line 143 column 14 (char 5246)"
}
```

View File

@@ -0,0 +1,175 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 6a44d6dd-3f02-53f2-a5d8-d42b76b0ef98
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 7190932904452d95ff0d20eaeaac290d7310fbd3cbb6ef1c9b1dc84896e81fcb
created: 2026-06-28T05:20:49.315172+00:00
---
# Daily State Hub WSJF Triage - 2026-06-28
The Daily State Hub triage report highlights several high-priority workstreams, with a focus on resolving human-in-the-loop tasks and unblocking critical financial and infotech initiatives. Key areas include Inter-Hub integration, OpenBao automation, and LLM output robustness.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "RAILIANCE-WP-0005-credential-request-and-lease-broker",
"confidence": "high",
"rank": 1,
"why": "This workstream is blocked with 7 open tasks, all requiring human intervention. Resolving these human-dependent tasks is critical to unblock a core financial capability.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 5,
"risk_reduction": 4,
"score": 10.0,
"strategic_value": 5,
"time_criticality": 5
}
},
{
"action": "needs-human",
"candidate": "RAILIANCE-WP-0006-workload-kv-access-lanes",
"confidence": "high",
"rank": 2,
"why": "This workstream is blocked with 4 open tasks, all requiring human intervention. Unblocking this is crucial for secure workload KV access.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 4,
"risk_reduction": 5,
"score": 9.0,
"strategic_value": 4,
"time_criticality": 5
}
},
{
"action": "needs-human",
"candidate": "IHUB-WP-0022-ops-hub-evidence-intake",
"confidence": "high",
"rank": 3,
"why": "This high-priority workstream has 1 task requiring human input and 3 tasks waiting. Addressing the human task will likely unblock the waiting tasks and progress critical Inter-Hub integration.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 8.0,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "CUST-WP-0049-interhub-bootstrap-access-lane",
"confidence": "high",
"rank": 4,
"why": "This high-priority workstream has a single open task that requires human execution. Resolving this will enable the Inter-Hub bootstrap.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 8.0,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "RAIL-HO-WP-0005-forgejo-production-migration",
"confidence": "medium",
"rank": 5,
"why": "This workstream has 4 tasks requiring human input, including resolving Forgejo production design decisions. Addressing these will unblock significant progress on a critical migration.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 7.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "ACTIVITY-WP-0016-llm-output-robustness-trust-boundary",
"confidence": "medium",
"rank": 6,
"why": "This workstream has 1 task requiring human input and 1 task waiting. Resolving the human task could unblock further progress on LLM output robustness, which is a high-priority item.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 6.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "RAILIANCE-WP-0008-openbao-approved-automation-delegation",
"confidence": "high",
"rank": 7,
"why": "This high-priority workstream has 4 'todo' tasks and 1 'wait' task. Progressing the 'todo' tasks will advance critical OpenBao automation capabilities.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 5.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "RAILIANCE-WP-0007-credential-change-approval-workflow",
"confidence": "high",
"rank": 8,
"why": "This high-priority workstream has 3 'todo' tasks and 3 'progress' tasks. Continuing to work on the 'todo' items will complete the credential change approval workflow.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 4.7,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "CUST-WP-0047-ops-hub-service-inventory-now-view",
"confidence": "medium",
"rank": 9,
"why": "This high-priority workstream has a single 'wait' task. Investigating and resolving the wait condition will enable the activation of Ops-Hub widgets.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 4,
"risk_reduction": 2,
"score": 4.0,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "ARTIFACT-STORE-WP-0007-minio-maxio-sts-vending",
"confidence": "medium",
"rank": 10,
"why": "This workstream has 3 'todo' tasks and 1 'progress' task. Continuing to work on these tasks will advance artifact store capabilities and STS credential vending.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 3.7,
"strategic_value": 3,
"time_criticality": 2
}
}
],
"summary": "The Daily State Hub triage report highlights several high-priority workstreams, with a focus on resolving human-in-the-loop tasks and unblocking critical financial and infotech initiatives. Key areas include Inter-Hub integration, OpenBao automation, and LLM output robustness."
}
```

View File

@@ -0,0 +1,175 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 1dfb47c9-07bf-551b-b778-1d21a40bd95c
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 758448d990c7835ded94fb68cbfa94a76772d93bda1c4b2182a873d7b155864a
created: 2026-06-29T05:20:48.288104+00:00
---
# Daily State Hub WSJF Triage - 2026-06-29
Triage report focusing on high-priority workstreams with human dependencies and critical infrastructure tasks. Several workstreams are blocked or waiting on human input, indicating a need for coordination.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "railiance-platform-railiance-wp-0006",
"confidence": "high",
"rank": 1,
"why": "This high-priority workstream has 4 tasks awaiting human input, including coordinating catalog activation, which is a critical next step.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 5,
"risk_reduction": 4,
"score": 4.5,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "railiance-platform-railiance-wp-0005",
"confidence": "high",
"rank": 2,
"why": "This workstream is blocked with 7 tasks waiting on human input, including configuring OpenBao token roles and building a credential helper MVP. Unblocking this is critical for credential management.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 2,
"risk_reduction": 4,
"score": 4.0,
"strategic_value": 5,
"time_criticality": 5
}
},
{
"action": "needs-human",
"candidate": "ihub-wp-0022",
"confidence": "high",
"rank": 3,
"why": "This high-priority workstream has 1 task awaiting human input and 3 tasks in a 'wait' status, including provisioning an API key. Human intervention is needed to progress.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 3.7,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "high",
"rank": 4,
"why": "The Forgejo Production Migration has 4 tasks needing human input, including resolving design decisions, which is a critical blocker for this migration.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 5,
"score": 3.7,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0049",
"confidence": "high",
"rank": 5,
"why": "This workstream has a single task awaiting human input: 'Execute Live Ops-Hub Bootstrap'. This is a direct dependency for Inter-Hub functionality.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 3.5,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "activity-wp-0016-llm-output-robustness-trust-boundary",
"confidence": "high",
"rank": 6,
"why": "This workstream has high-priority tasks related to LLM output robustness, including root-causing a validation failure and schema redesign, which are critical for system reliability.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 1,
"risk_reduction": 5,
"score": 3.3,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "railiance-platform-railiance-wp-0008",
"confidence": "medium",
"rank": 7,
"why": "This workstream has multiple high-priority 'todo' tasks for OpenBao automation delegation, including specifying policy boundaries and implementing a dry-run, which are important for security and efficiency.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 2,
"risk_reduction": 4,
"score": 3.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0051",
"confidence": "medium",
"rank": 8,
"why": "The Infrastructure Stabilization Metaplan has tasks in progress, including stabilizing Daily-Triage Automation and deciding the State Hub Migration Strategy, which are foundational for system health.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 2,
"risk_reduction": 4,
"score": 2.8,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "railiance-platform-railiance-wp-0007",
"confidence": "medium",
"rank": 9,
"why": "This workstream has tasks in progress and 'todo' for the Credential Change Proposal Review Workflow, including generating OpenBao apply plans and building an interactive runbook, which are important for operational processes.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 2.8,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0047",
"confidence": "medium",
"rank": 10,
"why": "This workstream has a single task in 'wait' status: 'Activate Ops-Hub Widgets In Inter-Hub'. This is a direct next step for providing visibility into service inventory.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 2,
"score": 2.5,
"strategic_value": 3,
"time_criticality": 2
}
}
],
"summary": "Triage report focusing on high-priority workstreams with human dependencies and critical infrastructure tasks. Several workstreams are blocked or waiting on human input, indicating a need for coordination."
}
```

View File

@@ -0,0 +1,175 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: ac3d71a0-2f8f-50df-b3ce-7c60c2abb5c5
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 22f34b3ef4c6891f2a7f38298dd60f77e01657fa344e11658c5b9ea471d9df7f
created: 2026-06-30T05:20:49.176218+00:00
---
# Daily State Hub WSJF Triage - 2026-06-30
Triage report for Daily State Hub, focusing on high-priority workstreams with human intervention needs or critical dependencies.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "railiance-platform-railiance-wp-0005",
"confidence": "high",
"rank": 1,
"why": "This workstream is blocked and has 7 tasks awaiting human intervention, indicating a critical bottleneck that requires immediate attention to unblock progress.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 8.0,
"strategic_value": 5,
"time_criticality": 5
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0049",
"confidence": "high",
"rank": 2,
"why": "This workstream has a high-priority task awaiting human execution, which is crucial for bootstrapping Inter-Hub access. Unblocking this will enable further progress.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 6.0,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "ihub-wp-0022",
"confidence": "high",
"rank": 3,
"why": "This workstream has a high-priority task requiring human provisioning of an API key outside Git, which is a security-sensitive operation and a blocker for subsequent tasks.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 4,
"score": 5.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "medium",
"rank": 4,
"why": "The Forgejo Production Migration has 4 tasks requiring human input, including resolving design decisions, which is critical for a successful migration.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 4.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "activity-wp-0006",
"confidence": "medium",
"rank": 5,
"why": "The 'Post-triage operational hardening' workstream has a task awaiting 'Three-Run Calibration Feedback' from a human, which is important for validating the hardening process.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 1,
"risk_reduction": 3,
"score": 3.0,
"strategic_value": 3,
"time_criticality": 2
}
},
{
"action": "work-next",
"candidate": "railiance-platform-railiance-wp-0009",
"confidence": "high",
"rank": 6,
"why": "This workstream is critical for Issue-Core Runtime Ingestion Credential Lane and has 5 waiting tasks. Progressing these tasks will unblock the deployment of issue-core as a service.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 1,
"risk_reduction": 2,
"score": 2.5,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "railiance-platform-railiance-wp-0010",
"confidence": "medium",
"rank": 7,
"why": "This workstream is for LLM-Connect OpenRouter Provider Key Lane and has 5 waiting tasks. Progressing these tasks is important for enabling LLM connectivity.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 3,
"risk_reduction": 2,
"score": 2.0,
"strategic_value": 3,
"time_criticality": 2
}
},
{
"action": "work-next",
"candidate": "cust-wp-0047",
"confidence": "high",
"rank": 8,
"why": "This workstream has a single waiting task to activate Ops-Hub Widgets in Inter-Hub, which is a direct step towards improving visibility and operational awareness.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 1,
"risk_reduction": 2,
"score": 2.0,
"strategic_value": 3,
"time_criticality": 2
}
},
{
"action": "work-next",
"candidate": "railiance-platform-railiance-wp-0007",
"confidence": "medium",
"rank": 9,
"why": "This workstream has two 'todo' tasks, including building an interactive runbook, which is important for improving the efficiency and reliability of credential change approvals.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 1,
"risk_reduction": 3,
"score": 1.8,
"strategic_value": 3,
"time_criticality": 2
}
},
{
"action": "work-next",
"candidate": "artifact-store-wp-0007",
"confidence": "medium",
"rank": 10,
"why": "This workstream has three 'todo' tasks related to STS credential vending and MinIO compatibility, which are important for artifact storage and security.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 1,
"risk_reduction": 3,
"score": 1.8,
"strategic_value": 3,
"time_criticality": 2
}
}
],
"summary": "Triage report for Daily State Hub, focusing on high-priority workstreams with human intervention needs or critical dependencies."
}
```

View File

@@ -0,0 +1,40 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 38ffd00b-6c8b-5868-8fc2-df530c32f38e
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 269e2e2093cc4703fe57bf7d33bb699471b13a1438ef6ceb1209525d9421cfab
created: 2026-07-01T05:20:02.219732+00:00
---
# Daily State Hub WSJF Triage - 2026-07-01
No immediate actionable items identified from the digest. The system indicates a future mode for high-gain, high-effort candidates, suggesting a strategic shift in focus.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "future_mode: code_score_high_gain_high_effort_candidates",
"confidence": "high",
"rank": 1,
"why": "The digest indicates a 'future_mode' for 'code_score_high_gain_high_effort_candidates'. This suggests a strategic shift or an area requiring human interpretation and planning to define what these candidates are and how to proceed.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 5,
"risk_reduction": 4,
"score": 5.0,
"strategic_value": 5,
"time_criticality": 3
}
}
],
"summary": "No immediate actionable items identified from the digest. The system indicates a future mode for high-gain, high-effort candidates, suggesting a strategic shift in focus."
}
```

View File

@@ -0,0 +1,175 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 70cb39cb-9e8f-5a1d-a429-173994816eb6
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: cfc9e8c31e1ff38f6de8bcf21ac715124ac97ae658f7f3f0d0fda733ff16b704
created: 2026-07-02T05:20:49.920340+00:00
---
# Daily State Hub WSJF Triage - 2026-07-02
Triage report for Daily State Hub WSJF, focusing on high-priority workstreams with human dependencies or critical next steps.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "railiance-platform-railiance-wp-0005",
"confidence": "high",
"rank": 1,
"why": "This workstream has 6 open tasks requiring human intervention, including verification, audit, and rollout. Addressing these will unblock significant progress.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 5,
"risk_reduction": 4,
"score": 4.5,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "secrets-wp-0003",
"confidence": "high",
"rank": 2,
"why": "The pilot closeout for npm publish has 3 tasks waiting on human action, which are critical for completing the pilot and validating the secrets engine.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 4.0,
"strategic_value": 4,
"time_criticality": 5
}
},
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "high",
"rank": 3,
"why": "Forgejo production migration has 4 tasks requiring human input, including design decisions, which are blocking the migration.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 3.8,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "ihub-wp-0022",
"confidence": "high",
"rank": 4,
"why": "Ops Hub Evidence Intake has a critical task to provision the runtime API key outside Git, which requires human action and is blocking further progress.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 3.7,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0049",
"confidence": "high",
"rank": 5,
"why": "The Inter-Hub Bootstrap Access Lane has a single critical task requiring human execution to proceed.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 3.7,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "revisit",
"candidate": "activity-wp-0016-llm-output-robustness-trust-boundary",
"confidence": "medium",
"rank": 6,
"why": "The 'Reproduce & Root-Cause The Failure' task was recently resolved, but the workstream still has a 'Tests + Calibration Re-Entry' task that needs human attention. Revisit to ensure the resolution is holding and to progress the next human task.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 2,
"risk_reduction": 4,
"score": 3.0,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "railiance-platform-railiance-wp-0009",
"confidence": "medium",
"rank": 7,
"why": "This workstream has 5 open tasks, all in 'wait' status and no human dependencies, suggesting it's ready for automated or non-human dependent work to proceed.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 5,
"risk_reduction": 3,
"score": 2.8,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "railiance-platform-railiance-wp-0010",
"confidence": "medium",
"rank": 8,
"why": "This workstream has 6 open tasks, mostly in 'wait' status with one in progress and no human dependencies, indicating it's ready for further automated work.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 5,
"risk_reduction": 3,
"score": 2.8,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "artifact-store-wp-0007",
"confidence": "medium",
"rank": 9,
"why": "This workstream has 4 open tasks, with one in progress and three in 'todo' status, and no human dependencies, suggesting it's ready for further automated work.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 5,
"risk_reduction": 3,
"score": 2.8,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "close-out",
"candidate": "cust-wp-0051",
"confidence": "high",
"rank": 10,
"why": "All 5 tasks in this workstream are in progress, indicating it's nearing completion. Focus on closing out these tasks to finalize infrastructure stabilization.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 2.5,
"strategic_value": 3,
"time_criticality": 3
}
}
],
"summary": "Triage report for Daily State Hub WSJF, focusing on high-priority workstreams with human dependencies or critical next steps."
}
```

View File

@@ -0,0 +1,144 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 75344105-206e-5946-9d79-8a915c5b1a06
instruction_id: daily-triage-report
scheduled_for: 2026-07-02T09:45:24.521994+00:00
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: bd25f4cfecabb92c313a34cacea1f10e12f69d5ed55278fa1e8ea11298c5ada3
created: 2026-07-02T09:50:44.525685+00:00
---
# Daily State Hub WSJF Triage - 2026-07-02
Triage report for Daily State Hub WSJF, focusing on high-priority workstreams with human intervention needs or critical next steps.
LLM response metadata:
```json
{
"finish_reason": "stop",
"model": "google/gemini-2.5-flash",
"usage": {
"completion_tokens": 1255,
"prompt_tokens": 4839,
"total_tokens": 6094
}
}
```
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "railiance-platform-railiance-wp-0005",
"confidence": "high",
"rank": 1,
"why": "This workstream has the highest number of 'needs_human' tasks (6) among all active workstreams, indicating a significant bottleneck requiring immediate human attention to unblock progress.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 8.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "ihub-wp-0022",
"confidence": "high",
"rank": 2,
"why": "This workstream has 1 'needs_human' task and 3 'wait' tasks, suggesting that human intervention is required to unblock the waiting tasks and progress the 'Ops Hub Evidence Intake' which is critical for Inter-Hub functionality.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 6.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0049",
"confidence": "high",
"rank": 3,
"why": "This workstream has a single 'needs_human' task which is 'Execute Live Ops-Hub Bootstrap'. This is a critical step for Inter-Hub access and requires immediate human action.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 6.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "secrets-wp-0003",
"confidence": "medium",
"rank": 4,
"why": "This workstream has 3 'needs_human' tasks and 3 'wait' tasks, indicating that human intervention is needed to close out the 'whynot-design npm publish pilot', which likely has dependencies on these human actions.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 5.0,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "revisit",
"candidate": "activity-wp-0016-llm-output-robustness-trust-boundary",
"confidence": "medium",
"rank": 5,
"why": "The workstream has a 'resolved_decision' for 'Reproduce & Root-Cause The Failure' but still has 1 'needs_human' task and 1 'wait' task. Revisit to ensure the resolution is effective and to unblock the remaining tasks.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 4.5,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "medium",
"rank": 6,
"why": "This workstream has 4 'needs_human' tasks and 11 'todo' tasks, indicating a significant amount of work that requires human input to initiate or progress the Forgejo Production Migration.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 2,
"score": 4.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0011",
"confidence": "medium",
"rank": 7,
"why": "This workstream has 1 'needs_human' task and 3 'todo' tasks, specifically 'T07 \u2014 Cutover: redirect MCP config to cluster', which is a critical step for the State Hub Migration and requires human action.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 2,
"risk_reduction": 2,
"score": 3.5,
"strategic_value": 3,
"time_criticality": 2
}
}
],
"summary": "Triage report for Daily State Hub WSJF, focusing on high-priority workstreams with human intervention needs or critical next steps."
}
```

View File

@@ -0,0 +1,144 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: c2102a9b-5243-5871-b96c-0f05e2fc1d5d
instruction_id: daily-triage-report
scheduled_for: 2026-07-02T09:43:24.818500+00:00
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 21b7993298eb61182e69f7f6ade6963d9621df6be8512a948eba1515b1774ae6
created: 2026-07-02T09:50:25.239170+00:00
---
# Daily State Hub WSJF Triage - 2026-07-02
Prioritize workstreams with high human dependency and critical infrastructure migrations, focusing on unblocking progress and reducing risk.
LLM response metadata:
```json
{
"finish_reason": "stop",
"model": "google/gemini-2.5-flash",
"usage": {
"completion_tokens": 1188,
"prompt_tokens": 4938,
"total_tokens": 6126
}
}
```
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "railiance-platform-railiance-wp-0005",
"confidence": "high",
"rank": 1,
"why": "This workstream has 6 open tasks requiring human intervention, making it a significant bottleneck for credential management and leasing. Unblocking these tasks is critical for financial operations.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 8.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "high",
"rank": 2,
"why": "The Forgejo Production Migration has 4 tasks requiring human input, including resolving design decisions, which is a critical path item for infrastructure stability and future development.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 7.0,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "secrets-wp-0003",
"confidence": "high",
"rank": 3,
"why": "The npm publish pilot closeout has 3 tasks awaiting human action, which is blocking the finalization of a critical secrets management process. This needs to be resolved to secure publishing workflows.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 2,
"risk_reduction": 4,
"score": 6.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "ihub-wp-0022",
"confidence": "medium",
"rank": 4,
"why": "Ops Hub Evidence Intake has 1 task requiring human input, which is currently waiting. Addressing this will unblock the intake process for activity core, which is important for operational visibility.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 5.0,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0049",
"confidence": "medium",
"rank": 5,
"why": "The Inter-Hub Bootstrap Access Lane has a single human-dependent task that is currently waiting. This is a critical step for establishing inter-hub communication and should be addressed.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 5.0,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "revisit",
"candidate": "activity-wp-0016-llm-output-robustness-trust-boundary",
"confidence": "medium",
"rank": 6,
"why": "The 'Reproduce & Root-Cause The Failure' task has been resolved, but there's still a 'Tests + Calibration Re-Entry' task requiring human input. Revisit to ensure the fix is validated and fully implemented.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 4.5,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0011",
"confidence": "medium",
"rank": 7,
"why": "The pragmatic State Hub Migration has a human-dependent task 'Cutover: redirect MCP config to cluster' which is critical for the migration. This needs to be addressed to progress the migration.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 1,
"risk_reduction": 2,
"score": 4.0,
"strategic_value": 4,
"time_criticality": 3
}
}
],
"summary": "Prioritize workstreams with high human dependency and critical infrastructure migrations, focusing on unblocking progress and reducing risk."
}
```

View File

@@ -0,0 +1,144 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 3efc80f9-7783-5acd-8e7b-d08049f3394a
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 23082ff99987a9cf51cf43e78478b7fc83e47f43420594664f7ce49b880527f4
created: 2026-07-03T05:20:45.075502+00:00
---
# Daily State Hub WSJF Triage - 2026-07-03
Prioritize Forgejo migration and Inter-Hub bootstrap tasks with high strategic value and time criticality. Address pending human actions in critical workstreams.
LLM response metadata:
```json
{
"finish_reason": "stop",
"model": "google/gemini-2.5-flash",
"usage": {
"completion_tokens": 1140,
"prompt_tokens": 4892,
"total_tokens": 6032
}
}
```
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "high",
"rank": 1,
"why": "Forgejo Production Migration has 4 pending human tasks, including resolving production design decisions, which is critical for progress.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 8.0,
"strategic_value": 5,
"time_criticality": 5
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0049",
"confidence": "high",
"rank": 2,
"why": "The Inter-Hub Bootstrap Access Lane has a high-priority human task to execute Live Ops-Hub Bootstrap, which is a critical dependency for Inter-Hub functionality.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 7.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "ihub-wp-0022",
"confidence": "high",
"rank": 3,
"why": "Ops Hub Evidence Intake has a high-priority human task to provision the runtime API key outside Git, which is essential for secure operation.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 5,
"risk_reduction": 4,
"score": 7.0,
"strategic_value": 4,
"time_criticality": 5
}
},
{
"action": "needs-human",
"candidate": "secrets-wp-0003",
"confidence": "high",
"rank": 4,
"why": "Close out the whynot-design npm publish pilot has 3 pending human tasks, including provisioning the real npm token and standing up a dedicated Gitea bot account, which are critical for pilot completion and security.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 5,
"score": 6.0,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0011",
"confidence": "medium",
"rank": 5,
"why": "Pragmatic State Hub Migration to railiance01 has a pending human task to cutover and redirect MCP config to the cluster, which is a key step in the migration.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 5,
"risk_reduction": 3,
"score": 5.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0038",
"confidence": "medium",
"rank": 6,
"why": "State Hub Full ThreePhoenix HA Migration has a pending human task to confirm ThreePhoenix cluster readiness, which is a prerequisite for further HA implementation.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 4.0,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0047",
"confidence": "medium",
"rank": 7,
"why": "Ops Hub Service Inventory Now View has a high-priority task to activate Ops-Hub Widgets in Inter-Hub, which will enable visibility and functionality.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 4.0,
"strategic_value": 4,
"time_criticality": 3
}
}
],
"summary": "Prioritize Forgejo migration and Inter-Hub bootstrap tasks with high strategic value and time criticality. Address pending human actions in critical workstreams."
}
```

View File

@@ -0,0 +1,129 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 1c1a5fdf-8ae0-520a-91b2-6f2d3e5995df
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 430dbc4d6a3f018fa403dd79cb83342782b21bf57e3c885566a012e7afe14bf5
created: 2026-07-04T05:20:31.945912+00:00
---
# Daily State Hub WSJF Triage - 2026-07-04
Triage report for Daily State Hub WSJF, focusing on high-priority workstreams and tasks with human intervention needs.
LLM response metadata:
```json
{
"finish_reason": "stop",
"model": "google/gemini-2.5-flash",
"usage": {
"completion_tokens": 1055,
"prompt_tokens": 4350,
"total_tokens": 5405
}
}
```
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "high",
"rank": 1,
"why": "This workstream has 4 tasks requiring human intervention, indicating a bottleneck that needs to be addressed to unblock progress on the Forgejo Production Migration.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 5.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "cust-wp-0054",
"confidence": "high",
"rank": 2,
"why": "This workplan is high priority, has 7 open tasks, and no human-needed tasks, making it a good candidate for immediate progress. The task 'Forge to railiance01 + CI runners (kill workstation builds)' is in progress and critical for workstation independence.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 4.5,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "three-phoenix-ha-cluster",
"confidence": "high",
"rank": 3,
"why": "This workstream is critical for establishing a robust infrastructure foundation (K3s HA, Longhorn, PostgreSQL HA) which will enable other high-value workstreams. It has 7 open tasks, all 'todo', indicating readiness for execution.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 4.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "cust-wp-0038",
"confidence": "medium",
"rank": 4,
"why": "This workstream focuses on State Hub Full ThreePhoenix HA Migration, which is a critical step for system resilience. It has 8 'todo' tasks, indicating it's ready for execution.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 5,
"score": 3.8,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0011",
"confidence": "medium",
"rank": 5,
"why": "This workstream is about the Pragmatic State Hub Migration to railiance01, with tasks like 'Stabilisation period' and 'Retire WSL2 instance'. It has 2 'todo' tasks, suggesting it's ready for the next steps in migration.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 3.0,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "activity-wp-0009",
"confidence": "medium",
"rank": 6,
"why": "This workstream has 1 task in 'wait' status and 1 task needing human intervention, suggesting a potential blocker that needs to be addressed to promote issue-core task emission.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 2,
"score": 2.5,
"strategic_value": 3,
"time_criticality": 2
}
}
],
"summary": "Triage report for Daily State Hub WSJF, focusing on high-priority workstreams and tasks with human intervention needs."
}
```

View File

@@ -0,0 +1,144 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 34eb4d34-ec15-52a1-9ebb-feed525c8f3f
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 13b0cc86725a3beb3cbada3c03f4ca85ec0638655d76f8d634d7a5fa109f006b
created: 2026-07-05T05:20:21.034185+00:00
---
# Daily State Hub WSJF Triage - 2026-07-05
Prioritize State Hub migration and HA efforts, addressing human-in-the-loop tasks and critical infrastructure dependencies.
LLM response metadata:
```json
{
"finish_reason": "stop",
"model": "google/gemini-2.5-flash",
"usage": {
"completion_tokens": 1376,
"prompt_tokens": 4350,
"total_tokens": 5726
}
}
```
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "84e17675-0d15-4268-a8bd-540124d37018",
"confidence": "high",
"rank": 1,
"why": "This workstream has 4 tasks requiring human intervention, including resolving Forgejo production design decisions, which is a critical dependency for the Forgejo Production Migration. Addressing these will unblock further progress.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 5,
"risk_reduction": 4,
"score": 10.0,
"strategic_value": 5,
"time_criticality": 5
}
},
{
"action": "work-next",
"candidate": "9e208376-23f1-40c7-9813-fac1f7d6ad3b",
"confidence": "high",
"rank": 2,
"why": "The ThreePhoenix HA Cluster Implementation is a foundational dependency for State Hub HA and other critical services. Progressing on this will enable multiple downstream workstreams.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 8.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "8d0c1b5d-44da-4b91-8357-e6526d3e0a85",
"confidence": "high",
"rank": 3,
"why": "This workstream aims to provide High Availability for State Hub, which is crucial for reliability and resilience. It has 8 todo tasks, indicating significant work ahead that should be started once the underlying ThreePhoenix cluster is ready.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 2,
"risk_reduction": 5,
"score": 7.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "8a828444-dd49-4d7b-a2d1-9952b5bc929d",
"confidence": "high",
"rank": 4,
"why": "This workstream is high priority and has 7 open tasks, including critical items like 'Forge to railiance01 + CI runners' and 'State Hub production home on railiance01'. Progress here directly supports core infrastructure and State Hub deployment.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 6.0,
"strategic_value": 5,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "967baafb-d92d-405a-ba0b-0d00d37c4940",
"confidence": "medium",
"rank": 5,
"why": "This workstream is for the pragmatic migration of State Hub to railiance01. While it has fewer open tasks, completing the migration and stabilization period is important for transitioning to the new infrastructure.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 5.0,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "bbc07f9e-9323-4b2b-b556-c33b37d0b228",
"confidence": "medium",
"rank": 6,
"why": "Adopting the State Hub Beachhead Endpoint is a dependency for other systems to utilize the new State Hub infrastructure. It has two 'wait' tasks, suggesting it's ready to proceed once the beachhead is stable.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 4,
"risk_reduction": 2,
"score": 4.5,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "bea9126c-2f58-41d4-90d1-af4d096f4a10",
"confidence": "medium",
"rank": 7,
"why": "Bootstrapping ops-hub as an Inter-Hub Operations extension is important for operational visibility and control. It has two 'wait' tasks, indicating readiness to proceed.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 4.0,
"strategic_value": 3,
"time_criticality": 2
}
}
],
"summary": "Prioritize State Hub migration and HA efforts, addressing human-in-the-loop tasks and critical infrastructure dependencies."
}
```

View File

@@ -0,0 +1,144 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 67685f1c-f6db-5193-aeae-c72067f4b6fd
instruction_id: daily-triage-report
scheduled_for: 2026-07-06T17:48:40.265851+00:00
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 3e6848c85d8d372c71b944bf837abb90a669042294f9fecf1bde769969cbfb6b
created: 2026-07-06T17:50:36.568500+00:00
---
# Daily State Hub WSJF Triage - 2026-07-06
Triage report focusing on high-priority workstreams, particularly those with human dependencies or critical infrastructure migrations.
LLM response metadata:
```json
{
"finish_reason": "stop",
"model": "google/gemini-2.5-flash",
"usage": {
"completion_tokens": 1130,
"prompt_tokens": 4977,
"total_tokens": 6107
}
}
```
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "high",
"rank": 1,
"why": "This workstream has 4 tasks requiring human intervention, including resolving Forgejo production design decisions, which is a critical blocker for the migration.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 8.0,
"strategic_value": 5,
"time_criticality": 5
}
},
{
"action": "work-next",
"candidate": "cust-wp-0054",
"confidence": "high",
"rank": 2,
"why": "High priority workstream with active progress on critical infrastructure tasks like Forge to railiance01 and State Hub production home. Continued focus is needed to maintain momentum.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 6.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "cust-wp-0038",
"confidence": "high",
"rank": 3,
"why": "This workstream is critical for State Hub's high availability, with 8 tasks in 'todo' status. Starting on these tasks is important for infrastructure resilience.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 5,
"score": 5.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "reuse-wp-0019",
"confidence": "medium",
"rank": 4,
"why": "This workstream focuses on Forgejo-native federation automation, which is important for future reuse and efficiency, with high priority tasks in 'todo' status.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 4.3,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "reuse-wp-0018",
"confidence": "medium",
"rank": 5,
"why": "The 'plan-check' workstream is crucial for closing the consumption loop for capability reuse, with high priority tasks in 'todo' status.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 4.3,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "revisit",
"candidate": "activity-wp-0009",
"confidence": "medium",
"rank": 6,
"why": "This workstream has a single task in 'wait' status and needs human attention to promote Issue-Core Task Emission Safely. Revisit to unblock.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 3.7,
"strategic_value": 3,
"time_criticality": 4
}
},
{
"action": "revisit",
"candidate": "core-wp-0007",
"confidence": "medium",
"rank": 7,
"why": "This workstream aims to retire Haskell/IHP infrastructure, which is important for reducing technical debt. It has tasks in 'wait' and 'todo' status that need attention.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 4,
"score": 3.0,
"strategic_value": 3,
"time_criticality": 2
}
}
],
"summary": "Triage report focusing on high-priority workstreams, particularly those with human dependencies or critical infrastructure migrations."
}
```

View File

@@ -0,0 +1,144 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 9490f851-a2ac-5cb6-bcea-1a0307a42a89
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 05324dfd6a52de92e60e625e02116d34d9d7c9b6ec7db0433fcfb9a6fcc8753c
created: 2026-07-06T05:20:17.678467+00:00
---
# Daily State Hub WSJF Triage - 2026-07-06
Focus on critical infrastructure migration and HA for State Hub and Forgejo, addressing human-in-the-loop tasks and cross-agent dependencies.
LLM response metadata:
```json
{
"finish_reason": "stop",
"model": "google/gemini-2.5-flash",
"usage": {
"completion_tokens": 1275,
"prompt_tokens": 4350,
"total_tokens": 5625
}
}
```
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "84e17675-0d15-4268-a8bd-540124d37018",
"confidence": "high",
"rank": 1,
"why": "Forgejo Production Migration has 4 tasks awaiting human input, blocking progress on a critical infrastructure component.",
"wsjf": {
"job_size": 1,
"opportunity_enablement": 5,
"risk_reduction": 5,
"score": 13.0,
"strategic_value": 5,
"time_criticality": 5
}
},
{
"action": "work-next",
"candidate": "9e208376-23f1-40c7-9813-fac1f7d6ad3b",
"confidence": "high",
"rank": 2,
"why": "ThreePhoenix HA Cluster Implementation is a foundational dependency for State Hub HA and Forgejo migration, with high strategic value and no human blockers.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 8.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "8d0c1b5d-44da-4b91-8357-e6526d3e0a85",
"confidence": "high",
"rank": 3,
"why": "State Hub Full ThreePhoenix HA Migration is critical for reliability and scalability, dependent on ThreePhoenix cluster readiness.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 1,
"risk_reduction": 5,
"score": 7.0,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "8a828444-dd49-4d7b-a2d1-9952b5bc929d",
"confidence": "high",
"rank": 4,
"why": "Workstation Independence and Fleet Role Realignment is a high-priority workstream with active progress, directly impacting development efficiency and infrastructure consolidation.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 6.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "967baafb-d92d-405a-ba0b-0d00d37c4940",
"confidence": "medium",
"rank": 5,
"why": "Pragmatic State Hub Migration to railiance01 has a human-in-the-loop task, which should be addressed to unblock the migration.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 2,
"risk_reduction": 2,
"score": 5.0,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "d64cfbba-6da7-4737-afb9-866afa0e9cda",
"confidence": "medium",
"rank": 6,
"why": "Intent gap closure has a human-in-the-loop task and is currently waiting, indicating a potential blocker that needs attention.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 1,
"risk_reduction": 2,
"score": 4.0,
"strategic_value": 3,
"time_criticality": 2
}
},
{
"action": "needs-cross-agent",
"candidate": "bbc07f9e-9323-4b2b-b556-c33b37d0b228",
"confidence": "medium",
"rank": 7,
"why": "Adopt State Hub Beachhead Endpoint is waiting on external dependencies ('wait' status), suggesting a need for coordination with other agents.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 2,
"score": 3.0,
"strategic_value": 2,
"time_criticality": 2
}
}
],
"summary": "Focus on critical infrastructure migration and HA for State Hub and Forgejo, addressing human-in-the-loop tasks and cross-agent dependencies."
}
```

View File

@@ -0,0 +1,144 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: c860155d-712f-5ee0-84eb-a8eeeffdc341
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 911f53aaf5baa7acfcb4427fce8d7fa2f677790d9dea9bee4124627e8cf88f21
created: 2026-07-07T05:20:27.988134+00:00
---
# Daily State Hub WSJF Triage - 2026-07-07
Prioritize Forgejo migration and State Hub HA, addressing human-in-the-loop tasks and critical infrastructure dependencies.
LLM response metadata:
```json
{
"finish_reason": "stop",
"model": "google/gemini-2.5-flash",
"usage": {
"completion_tokens": 1127,
"prompt_tokens": 5629,
"total_tokens": 6756
}
}
```
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "high",
"rank": 1,
"why": "This workstream has 4 tasks requiring human input, blocking progress on a critical infrastructure migration. Resolving these decisions is paramount.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 4.5,
"strategic_value": 5,
"time_criticality": 5
}
},
{
"action": "work-next",
"candidate": "cust-wp-0038",
"confidence": "high",
"rank": 2,
"why": "State Hub HA migration is critical for reliability and has 8 open tasks, including confirming cluster readiness and establishing replication strategy. Starting these tasks is high priority.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 5,
"score": 4.3,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "cust-wp-0054",
"confidence": "high",
"rank": 3,
"why": "Workstation Independence and Fleet Role Realignment is a high-priority workstream with 6 open tasks, including moving Forge to railiance01 and establishing State Hub production home. This is foundational for future development.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 4.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "reuse-wp-0019",
"confidence": "medium",
"rank": 4,
"why": "Forgejo-native federation automation and reuse telemetry is important for improving development workflows and data collection, with 4 todo tasks including host abstraction and webhook setup.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 5,
"risk_reduction": 3,
"score": 3.7,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "revisit",
"candidate": "activity-wp-0009",
"confidence": "medium",
"rank": 5,
"why": "Intent gap closure has a single task in 'wait' status, 'Promote Issue-Core Task Emission Safely'. Revisit to unblock or determine next steps.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 3.0,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "revisit",
"candidate": "core-wp-0007",
"confidence": "medium",
"rank": 6,
"why": "Retire Haskell/IHP infrastructure has 3 tasks in 'wait' status. Revisit to identify dependencies or unblock progress.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 2,
"risk_reduction": 4,
"score": 2.8,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "activity-core-issue-sink",
"confidence": "medium",
"rank": 7,
"why": "The 'Activity-core issue sink consumer key custody' suggestion is a relevant security and operational improvement that should be addressed.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 1,
"risk_reduction": 4,
"score": 2.0,
"strategic_value": 3,
"time_criticality": 2
}
}
],
"summary": "Prioritize Forgejo migration and State Hub HA, addressing human-in-the-loop tasks and critical infrastructure dependencies."
}
```

View File

@@ -0,0 +1,144 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 1591be02-a81f-5ebc-b58f-30ee94cded97
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 76375db10496eb8e05cb3371ed54c64805ba6debf9f1b58dfaf6e99a722f2c19
created: 2026-07-08T05:26:46.551674+00:00
---
# Daily State Hub WSJF Triage - 2026-07-08
Prioritize Forgejo migration and workstation independence, address human-in-the-loop tasks, and review waiting workstreams.
LLM response metadata:
```json
{
"finish_reason": "stop",
"model": "google/gemini-2.5-flash",
"usage": {
"completion_tokens": 1074,
"prompt_tokens": 4342,
"total_tokens": 5416
}
}
```
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "high",
"rank": 1,
"why": "Forgejo Production Migration has 4 open tasks requiring human intervention, blocking progress on a critical infrastructure upgrade.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 4.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "cust-wp-0054",
"confidence": "high",
"rank": 2,
"why": "Workstation Independence is a high-priority workstream with active progress and critical next steps, including a resolved decision for Forgejo integration.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 3.7,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "three-phoenix-ha-cluster",
"confidence": "high",
"rank": 3,
"why": "This workstream has 7 high-priority todo tasks for HA cluster implementation, which is foundational infrastructure.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 3.7,
"strategic_value": 5,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "activity-core-issue-sink",
"confidence": "medium",
"rank": 4,
"why": "This open suggestion for 'Activity-core issue sink consumer key custody' has a high WSJF score, indicating significant value.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 2.3,
"strategic_value": 3,
"time_criticality": 2
}
},
{
"action": "work-next",
"candidate": "host-principal-deploy",
"confidence": "medium",
"rank": 5,
"why": "The 'auth_principals sync for host principal deploy' suggestion has a high WSJF score, indicating significant value.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 2.3,
"strategic_value": 3,
"time_criticality": 2
}
},
{
"action": "work-next",
"candidate": "flex-auth-resource-check",
"confidence": "medium",
"rank": 6,
"why": "The 'flex-auth policy decision before sensitive action' suggestion has a high WSJF score, indicating significant value.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 2.3,
"strategic_value": 3,
"time_criticality": 2
}
},
{
"action": "work-next",
"candidate": "human-oidc-login",
"confidence": "medium",
"rank": 7,
"why": "The 'Human OIDC login via key-cape / Keycloak' suggestion has a high WSJF score, indicating significant value.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 2.3,
"strategic_value": 3,
"time_criticality": 2
}
}
],
"summary": "Prioritize Forgejo migration and workstation independence, address human-in-the-loop tasks, and review waiting workstreams."
}
```

View File

@@ -1,5 +1,5 @@
version: 1 version: 1
last_reviewed: "2026-06-05" last_reviewed: "2026-07-03"
policy: policy:
non_secret_inventory: true non_secret_inventory: true
secrets_rule: "Do not store credentials, tokens, private addresses that are not already operationally documented, or command output containing secrets." secrets_rule: "Do not store credentials, tokens, private addresses that are not already operationally documented, or command output containing secrets."
@@ -20,11 +20,11 @@ environments:
lifecycle_state: observed lifecycle_state: observed
- id: coulombcore - id: coulombcore
name: "CoulombCore" name: "CoulombCore"
role: "Transitional production-like runtime" role: "Legacy production host — frozen for new workloads; draining per CUST-WP-0054-T03"
lifecycle_state: observed lifecycle_state: draining
- id: railiance01 - id: railiance01
name: "Railiance01" name: "Railiance01"
role: "First ThreePhoenix foundation node" role: "Production home — activity-core, fleet mesh, target for drain waves"
lifecycle_state: observed lifecycle_state: observed
- id: threephoenix-prod - id: threephoenix-prod
name: "ThreePhoenix Production" name: "ThreePhoenix Production"
@@ -77,7 +77,7 @@ services:
- id: gitea - id: gitea
name: "Gitea" name: "Gitea"
kind: application kind: application
lifecycle_state: observed lifecycle_state: draining
health_status: unknown health_status: unknown
environment: coulombcore environment: coulombcore
owner_repos: owner_repos:
@@ -173,9 +173,9 @@ services:
- id: state-hub - id: state-hub
name: "State Hub" name: "State Hub"
kind: coordination-service kind: coordination-service
lifecycle_state: observed lifecycle_state: draining
health_status: observed_ok health_status: observed_ok
environment: local environment: coulombcore
owner_repos: owner_repos:
- state-hub - state-hub
- the-custodian - the-custodian
@@ -183,29 +183,146 @@ services:
- "/home/worsch/state-hub" - "/home/worsch/state-hub"
- "/home/worsch/the-custodian/state-hub/README.md" - "/home/worsch/the-custodian/state-hub/README.md"
runtime: runtime:
type: local-process type: k3s
host: local-workstation cluster: coulombcore-k3s
ports: namespace: state-hub
- 8000 workload_refs:
- "cnpg:state-hub-db"
- "svc:10.43.170.94:8000"
endpoints: endpoints:
- id: state-hub-local-api - id: state-hub-cluster-api
type: http type: http
url: "http://127.0.0.1:8000/state/health" url: "http://127.0.0.1:8000/state/health"
expected_status: 200 expected_status: 200
expected_signal: "health response" expected_signal: "health response"
- id: state-hub-railiance01-fleet
type: tunnel
url: "http://127.0.0.1:18000/state/health"
expected_status: 200
expected_signal: "reachable from railiance01 fleet mesh"
backing_stores: backing_stores:
- "postgresql:state-hub" - "postgresql:state-hub-db"
access_paths: access_paths:
- type: http - type: http
target: "http://127.0.0.1:8000" target: "workstation tunnel state-hub-primary → cluster"
status: observed_ok
- type: tunnel
target: "railiance01 systemd fleet-state-hub-coulombcore → cluster"
status: observed_ok status: observed_ok
evidence: evidence:
- type: session-probe - type: session-probe
observed_at: "2026-06-05" observed_at: "2026-07-03"
source: "Codex session curl to local State Hub" source: "CUST-WP-0054-T02 fleet mesh + cluster primary"
summary: "State Hub accepted inbox, task, and progress API calls." summary: "Cluster hub healthy; railiance01 reaches via fleet forward tunnel."
gaps: gaps:
- "Future cluster deployment readiness still needs ops evidence." - "Primary home must move to railiance01 per CUST-WP-0054-T05."
- "Consistency sweep writebacks still target workstation paths."
- id: issue-core
name: "issue-core"
kind: application
lifecycle_state: draining
health_status: observed_ok
environment: coulombcore
owner_repos:
- issue-core
runtime:
type: k3s
cluster: coulombcore-k3s
namespace: issue-core
workload_refs:
- "svc:10.43.103.154:8765"
endpoints:
- id: issue-core-api
type: http
url: "http://127.0.0.1:8765/healthz"
expected_status: 200
expected_signal: "version response"
backing_stores:
- "postgresql:issue-core"
access_paths:
- type: tunnel
target: "railiance01 fleet-issue-core-coulombcore → cluster"
status: observed_ok
evidence:
- type: workplan-note
observed_at: "2026-07-02"
source: "ISSUE-WP-0003 completion — Gitea issue 176 emission"
summary: "REST emission live via cross-machine fleet path."
gaps:
- "Target railiance01 overlay per CUST-WP-0054 drain Wave 4."
- id: core-hub
name: "Core Hub"
kind: governance-service
lifecycle_state: draining
health_status: observed_ok
environment: coulombcore
owner_repos:
- core-hub
runtime:
type: k3s
cluster: coulombcore-k3s
namespace: core-hub-staging
endpoints:
- id: core-hub-public
type: https
url: "https://hub.coulomb.social/api/v2/hubs"
expected_status: 200
expected_signal: "hub list when authenticated"
backing_stores:
- "postgresql:core-hub"
access_paths:
- type: k8s
target: "coulombcore-k3s/core-hub-staging"
status: observed_ok
evidence:
- type: workplan-note
observed_at: "2026-07-02"
source: "CUST-WP-0051 metaplan closeout"
summary: "Staging deployed; production cutover gated on CORE-WP-0005-T04."
gaps:
- "Production cutover to railiance01 pending operator approval."
- id: fleet-mesh-railiance01
name: "Fleet Mesh (railiance01)"
kind: connectivity-service
lifecycle_state: observed
health_status: observed_ok
environment: railiance01
owner_repos:
- the-custodian
- ops-bridge
desired_state_sources:
- "/home/worsch/the-custodian/infra/fleet-mesh/"
runtime:
type: systemd
host: railiance01
workload_refs:
- "fleet-state-hub-coulombcore.service"
- "fleet-issue-core-coulombcore.service"
endpoints:
- id: fleet-state-hub-local
type: http
url: "http://127.0.0.1:18000/state/health"
expected_status: 200
- id: fleet-issue-core-local
type: http
url: "http://127.0.0.1:18765/healthz"
expected_status: 200
backing_stores: []
access_paths:
- type: ssh-tunnel
target: "railiance01 → coulombcore ClusterIPs"
status: observed_ok
evidence:
- type: session-probe
observed_at: "2026-07-03"
source: "CUST-WP-0054-T02 cutover"
summary: "Workstation reverse tunnels stopped; systemd forwards healthy."
gaps:
- "Migrate to atm-fleet-mesh cert_command when VAULT_TOKEN available."
- "Retire when State Hub and issue-core move to railiance01."
- id: inter-hub - id: inter-hub
name: "Inter-Hub" name: "Inter-Hub"
@@ -287,7 +404,7 @@ services:
name: "Ops Bridge" name: "Ops Bridge"
kind: connectivity-service kind: connectivity-service
lifecycle_state: observed lifecycle_state: observed
health_status: unknown health_status: observed_ok
environment: local environment: local
owner_repos: owner_repos:
- ops-bridge - ops-bridge
@@ -298,15 +415,15 @@ services:
backing_stores: [] backing_stores: []
access_paths: access_paths:
- type: ssh-tunnel - type: ssh-tunnel
target: "connected remote servers" target: "interactive dev tunnels only (k3s-api, state-hub-primary)"
status: unknown status: observed_ok
evidence: evidence:
- type: document - type: session-probe
observed_at: "2026-05-16" observed_at: "2026-07-03"
source: "/home/worsch/helix-forge/wiki/OpsHubInventory.md" source: "CUST-WP-0054-T02 — production reverse tunnels retired"
summary: "Bridge is useful for connected-server visibility but is not itself the service catalog." summary: "state-hub-railiance01 and issue-core-railiance01 stopped; not production-critical."
gaps: gaps:
- "Emit reachability evidence into ops-hub instead of relying on bridge state as inventory." - "Install ops-bridge on railiance01 or keep systemd fleet-mesh units."
- id: haskell-build-agent - id: haskell-build-agent
name: "Haskell Build Agent" name: "Haskell Build Agent"

View File

@@ -0,0 +1,131 @@
---
id: capability.agents.custodian-runtime-tooling
name: Custodian Runtime And Repo-Classification Tooling
summary: 'Generic tooling from The Custodian''s runtime and ecosystem-management surface: an agent runtime
framework (context, actions, tool adapters, policies) and repo-classification batch tooling used across
the workstation''s 61 repos.'
owner: the-custodian
status: draft
domain: custodian
tags:
- agents
- runtime
- classification
maturity:
discovery:
current: D2
target: D4
confidence: medium
rationale: This repo's README and canon content are marked confidential/proprietary; this entry deliberately
scopes to the generic, non-proprietary tooling surface only (runtime/ agent framework, tools/ classification
scripts), which is separately reusable and does not disclose canon/memory contents.
availability:
current: A1
target: A2
confidence: medium
rationale: '`runtime/agent.py` plus context/actions/tool_adapters/policies modules form a real Python
package (own pyproject, tests, README) under `runtime/`; `tools/` holds standalone scripts (batch_author_repo_classifications.py,
human_review_classifications.py, validate_repo_classification.py, push_repo_classifications.sh,
patch-forgejo-remote-urls.sh) used for ecosystem-wide repo classification and the Gitea-to-Forgejo
remote URL migration.'
external_evidence:
completeness:
level: C1
confidence: low
basis: scope_vs_intent_and_consumer_expectations
satisfied_expectations:
- standalone agent-runtime package under runtime/ with its own tests
- repo-classification batch/review/validate/push scripts used across the workstation roster
- a patch-forgejo-remote-urls.sh script directly relevant to REUSE-WP-0019
broken_expectations: []
out_of_scope_expectations: []
reliability:
level: R0
confidence: low
basis: consumer_quality_signals
known_reliability_risks:
- repo root is confidential/proprietary (NDA); this entry's scope is deliberately narrow and must
not be widened to canon/memory contents without explicit review
discovery:
intent: Expose only the generic, non-confidential tooling that emerged from The Custodian's ecosystem-management
work — an agent runtime framework and repo-classification batch tooling — as reusable, without describing
canon or memory content.
includes:
- runtime/ agent framework (context, actions, tool adapters, policies)
- repo-classification batch/review/validate/push scripts
- patch-forgejo-remote-urls.sh
excludes:
- canon/ (curated knowledge substrate) and memory/ (operational logs) — confidential, out of registry
scope entirely
- governance/constitution content
assumptions: []
use_cases: []
research_memos: []
availability:
current_level: A1
target_level: A2
current_artifacts:
- '`runtime/` Python package'
- '`tools/*.py` and `tools/*.sh` classification scripts'
target_artifacts: []
consumption_modes:
- library import (runtime/)
- cli (tools/ scripts)
relations:
depends_on: []
supports: []
related_to: []
evidence:
documentation:
- runtime/README.md
tests:
- runtime/tests/
consumer_feedback: []
bug_reports: []
incidents: []
consumer_guidance:
recommended_for:
- ecosystem-management tooling reuse (repo classification batching, Forgejo remote-URL migration) —
not for canon/governance content, which is out of scope
not_recommended_for:
- any attempt to reuse or reference canon/memory contents (confidential, NDA-protected, explicitly excluded
from this entry)
known_limitations:
- registry entry intentionally narrow; confidentiality boundary must be respected in any future promotion
promotion_history: []
---
# Custodian Runtime And Repo-Classification Tooling
## Overview
The Custodian's repository root is confidential and proprietary. This capability entry deliberately scopes only to its generic, non-confidential tooling surface: the `runtime/` agent framework (context, actions, tool adapters, policies) and the `tools/` repo-classification batch/review/validate/push scripts — including `patch-forgejo-remote-urls.sh`, directly relevant to the ecosystem's Gitea-to-Forgejo transition. Canon and memory content are explicitly excluded from this entry.
## Assessment notes
### Discovery
This repo's README and canon content are marked confidential/proprietary; this entry deliberately scopes to the generic, non-proprietary tooling surface only (runtime/ agent framework, tools/ classification scripts), which is separately reusable and does not disclose canon/memory contents.
### Availability
`runtime/agent.py` plus context/actions/tool_adapters/policies modules form a real Python package (own pyproject, tests, README) under `runtime/`; `tools/` holds standalone scripts (batch_author_repo_classifications.py, human_review_classifications.py, validate_repo_classification.py, push_repo_classifications.sh, patch-forgejo-remote-urls.sh) used for ecosystem-wide repo classification and the Gitea-to-Forgejo remote URL migration.
### Completeness
First-pass honest assessment from the REUSE-WP-0017 coverage campaign
(reuse-surface). No external consumer feedback exists yet; levels reflect
scope-vs-intent documentation quality, not internal code quality.
### Reliability
No production consumer telemetry exists yet; reliability level is
intentionally conservative pending REUSE-WP-0019 reuse-telemetry evidence.
## Promotion checklist
- [x] ID follows `capability.<domain>.<name>` pattern
- [x] Maturity enums match `specs/CapabilityMaturityStandard.md`
- [x] `external_evidence` is populated separately from `maturity`
- [ ] Relations reference valid capability IDs (none yet)
- [x] Index entry added in `registry/indexes/capabilities.yaml`

View File

@@ -1,4 +1,21 @@
version: 1 version: 1
updated: '2026-06-16' updated: '2026-07-06'
domain: helix_forge domain: helix_forge
capabilities: [] capabilities:
- id: capability.agents.custodian-runtime-tooling
name: Custodian Runtime And Repo-Classification Tooling
summary: 'Generic tooling from The Custodian''s runtime and ecosystem-management surface: an agent runtime
framework (context, actions, tool adapters, policies) and repo-classification batch tooling used across
the workstation''s 61 repos.'
vector: D2 / A1 / C1 / R0
domain: custodian
status: draft
owner: the-custodian
path: registry/capabilities/capability.agents.custodian-runtime-tooling.md
tags:
- agents
- runtime
- classification
consumption_modes:
- library import (runtime/)
- cli (tools/ scripts)

55
scripts/verify-e2e-shim.sh Executable file
View File

@@ -0,0 +1,55 @@
#!/usr/bin/env bash
# Verify e2e shim prerequisites (SAND-WP-0004-T04).
set -euo pipefail
ERR=0
check_cmd() {
if command -v "$1" >/dev/null 2>&1; then
echo "OK $1$(command -v "$1")"
else
echo "FAIL $1 not on PATH" >&2
ERR=1
fi
}
echo "==> CLI prerequisites"
check_cmd validate
check_cmd sandboxer
echo "==> Host env (one required for make e2e)"
if [[ -n "${SANDBOXER_HOST:-}" || -n "${RAILIANCE01_HOST:-}" ]]; then
echo "OK host env: SANDBOXER_HOST=${SANDBOXER_HOST:-} RAILIANCE01_HOST=${RAILIANCE01_HOST:-}"
else
echo "WARN no SANDBOXER_HOST or RAILIANCE01_HOST (set before remote run)" >&2
fi
if [[ -n "${SANDBOXER_COMPOSE_CMD:-}" ]]; then
echo "OK SANDBOXER_COMPOSE_CMD=${SANDBOXER_COMPOSE_CMD}"
else
echo "WARN SANDBOXER_COMPOSE_CMD unset (use podman-compose on CoulombCore)" >&2
fi
REPO="${VERIFY_REPO:-sand-boxer}"
REPO_PATH="${HOME}/${REPO}"
if [[ -f "${REPO_PATH}/e2e/e2e.yml" ]]; then
echo "OK fixture repo: ${REPO_PATH}/e2e/e2e.yml"
else
echo "WARN ${REPO_PATH}/e2e/e2e.yml missing (set VERIFY_REPO)" >&2
fi
echo "==> Optional remote run (VERIFY_E2E_RUN=1)"
if [[ "${VERIFY_E2E_RUN:-}" == "1" ]]; then
test -n "${SANDBOXER_HOST:-${RAILIANCE01_HOST:-}}" || {
echo "FAIL SANDBOXER_HOST required for VERIFY_E2E_RUN" >&2
exit 1
}
cd "$(dirname "$0")/.."
make e2e "REPO=${REPO}" NO_REPORT=1
echo "OK make e2e REPO=${REPO}"
fi
if [[ "$ERR" -ne 0 ]]; then
exit 1
fi
echo "==> PASS prerequisites"

View File

@@ -0,0 +1,53 @@
#!/usr/bin/env bash
# Verify remote-build shim prerequisites (SAND-WP-0012-T04).
set -euo pipefail
ERR=0
check_cmd() {
if command -v "$1" >/dev/null 2>&1; then
echo "OK $1$(command -v "$1")"
else
echo "FAIL $1 not on PATH" >&2
ERR=1
fi
}
echo "==> CLI prerequisites"
check_cmd sandboxer
echo "==> Build-machines Makefile shim"
MAKEFILE="${HOME}/the-custodian/infra/build-machines/Makefile"
if grep -q 'remote-build-sandboxer' "$MAKEFILE" 2>/dev/null; then
echo "OK remote-build-sandboxer target present"
else
echo "FAIL remote-build-sandboxer not in $MAKEFILE" >&2
ERR=1
fi
echo "==> VM tunnel (optional for live run)"
if [[ -n "${SANDBOXER_VM_TUNNEL_PORT:-}" ]]; then
echo "OK SANDBOXER_VM_TUNNEL_PORT=${SANDBOXER_VM_TUNNEL_PORT}"
else
echo "WARN SANDBOXER_VM_TUNNEL_PORT unset (set before live remote-build)" >&2
fi
VM="${VERIFY_VM:-haskell-build}"
if ssh -q -o ConnectTimeout=2 "$VM" "echo ok" 2>/dev/null; then
echo "OK ssh $VM reachable"
else
echo "WARN ssh $VM not reachable (expected when tunnel down)" >&2
fi
echo "==> Optional live run (VERIFY_REMOTE_BUILD_RUN=1)"
if [[ "${VERIFY_REMOTE_BUILD_RUN:-}" == "1" ]]; then
PROJECT="${VERIFY_PROJECT:-${HOME}/sand-boxer}"
cd "${HOME}/the-custodian/infra/build-machines"
make remote-build "PROJECT=${PROJECT}" "VM=${VM}"
echo "OK make remote-build PROJECT=${PROJECT}"
fi
if [[ "$ERR" -ne 0 ]]; then
exit 1
fi
echo "==> PASS prerequisites"

View File

@@ -0,0 +1,383 @@
#!/usr/bin/env python3
"""First-pass .repo-classification.yaml author for CUST-WP-0050 T11.
Writes agent-classified files for local git checkouts, validates against
canon/standards/repo-classification.allowed.yaml, and optionally commits.
Skips repos that already carry human-reviewed classifications and slugs on the
exclusion list.
"""
from __future__ import annotations
import argparse
import json
import subprocess
import sys
import urllib.request
from datetime import date
from pathlib import Path
import yaml
REPO_ROOT = Path(__file__).resolve().parent.parent
ALLOWED_PATH = REPO_ROOT / "canon" / "standards" / "repo-classification.allowed.yaml"
EXCLUSIONS_PATH = REPO_ROOT / "canon" / "standards" / "repo-classification.exclusions.yaml"
VALIDATOR = REPO_ROOT / "tools" / "validate_repo_classification.py"
HOME = Path.home()
API_BASE = "http://127.0.0.1:8000"
CLASSIFIED_AT = date.today().isoformat()
# Curated overrides — standard §13 examples and T11 first-pass judgments.
OVERRIDES: dict[str, dict] = {
"helix-forge": {
"category": "product",
"domain": "infotech",
"secondary_domains": ["agents"],
"capability_tags": [
"platform",
"capability-registry",
"coordination",
"knowledge",
"product-development",
],
"business_stake": ["product", "technology", "execution", "automation", "intelligence"],
"business_mechanics": ["intention", "coordination", "operation", "adaptation"],
"notes": "Capability development platform; standard §13.1 example.",
},
"identity-canon": {
"category": "research",
"domain": "infotech",
"secondary_domains": ["government"],
"capability_tags": ["identity", "access-control", "terminology", "canon", "governance"],
"business_stake": ["technology", "legal", "operations", "intelligence"],
"business_mechanics": ["intention", "control", "adaptation"],
"notes": "Identity terminology and canon; standard §13.3 example.",
},
"net-kingdom": {
"category": "product",
"domain": "infotech",
"secondary_domains": [],
"capability_tags": ["security", "identity", "platform", "operations", "access-control"],
"business_stake": ["technology", "operations", "legal", "automation"],
"business_mechanics": ["control", "operation", "adaptation"],
"notes": "NetKingdom security/identity platform; standard §13.4 example.",
},
"citation-evidence": {
"category": "product",
"domain": "infotech",
"secondary_domains": ["communication", "government"],
"capability_tags": ["citations", "evidence", "knowledge", "traceability", "source-management"],
"business_stake": ["intelligence", "legal", "product", "technology"],
"business_mechanics": ["control", "coordination", "adaptation"],
"notes": "Citation and evidence product; standard §13.5 example.",
},
"adaptive-pricing": {
"category": "product",
"domain": "financials",
"secondary_domains": ["infotech", "agents"],
"capability_tags": ["pricing", "monetization", "lifecycle", "decision-support", "product-development"],
"business_stake": ["finance", "product", "sales", "intelligence", "automation"],
"business_mechanics": ["intention", "control", "adaptation"],
"notes": "Adaptive pricing product; standard §13.6 example.",
},
"reuse-surface": {
"category": "product",
"domain": "infotech",
"secondary_domains": ["agents"],
"capability_tags": ["capability-registry", "discovery", "reuse", "maturity", "evidence"],
"business_stake": ["technology", "product", "intelligence", "automation"],
"business_mechanics": ["intention", "control", "adaptation"],
"notes": "Reuse discovery surface; standard §13.7 example.",
},
"audit-core": {
"category": "tooling",
"domain": "infotech",
"secondary_domains": [],
"capability_tags": ["audit", "traceability", "security", "governance", "operations"],
"business_stake": ["technology", "operations", "legal", "automation"],
"business_mechanics": ["control", "operation"],
"notes": "Multi-tenant audit emit capability for platform bootstrap wiring.",
},
"whynot-design": {
"category": "product",
"domain": "consumer",
"secondary_domains": ["communication"],
"capability_tags": ["design-system", "documentation", "product-development", "experience"],
"business_stake": ["product", "experience", "technology"],
"business_mechanics": ["intention", "coordination", "adaptation"],
"notes": "whynot visual language — tokens, CSS, and web components for prototype artefacts.",
},
"coordination-engine": {
"category": "product",
"domain": "communication",
"secondary_domains": ["infotech", "agents"],
"capability_tags": ["coordination", "workflow", "orchestration", "evidence", "platform"],
"business_stake": ["product", "technology", "operations", "automation"],
"business_mechanics": ["coordination", "operation", "adaptation"],
"notes": "Goal-driven digital coordination framework and adapter runtime.",
},
"human-resources": {
"category": "research",
"domain": "consumer",
"secondary_domains": ["health"],
"capability_tags": ["knowledge", "documentation", "product-development"],
"business_stake": ["people", "product", "experience"],
"business_mechanics": ["intention", "adaptation"],
"notes": "Research toward optimal human performance.",
},
"repo-seed": {
"category": "tooling",
"domain": "infotech",
"secondary_domains": [],
"capability_tags": ["platform", "configuration", "documentation"],
"business_stake": ["technology", "execution"],
"business_mechanics": ["operation"],
"notes": "Git template for bootstrapping coulomb projects.",
},
"tegwick-control": {
"category": "research",
"domain": "consumer",
"secondary_domains": ["infotech"],
"capability_tags": ["coordination", "governance", "documentation", "knowledge"],
"business_stake": ["people", "operations", "intelligence"],
"business_mechanics": ["intention", "coordination", "adaptation"],
"notes": "Personal control repository for life/projects landscape.",
},
"whynot-control": {
"category": "research",
"domain": "consumer",
"secondary_domains": ["communication"],
"capability_tags": ["product-development", "knowledge", "coordination", "documentation"],
"business_stake": ["product", "experience", "intelligence"],
"business_mechanics": ["intention", "coordination", "adaptation"],
"notes": "whynot prototype and market-signal control repository.",
},
"markitect-main": {
"category": "product",
"domain": "communication",
"secondary_domains": ["infotech", "agents"],
"capability_tags": ["knowledge", "documentation", "product-development", "platform"],
"business_stake": ["product", "technology", "execution"],
"business_mechanics": ["intention", "coordination", "operation", "adaptation"],
"notes": "Markitect main product repo; successor to archived markitect-project.",
},
"vantage-point": {
"category": "research",
"domain": "infotech",
"secondary_domains": [],
"capability_tags": ["knowledge", "analytics", "platform", "documentation"],
"business_stake": ["technology", "intelligence", "product"],
"business_mechanics": ["intention", "adaptation"],
"notes": "Network-based graph model exploration and dependency reasoning framework.",
},
}
DOMAIN_DEFAULT_STAKE: dict[str, list[str]] = {
"infotech": ["technology", "product", "operations"],
"financials": ["finance", "technology", "operations"],
"communication": ["product", "experience", "technology"],
"consumer": ["product", "experience"],
"agents": ["technology", "automation", "product"],
"government": ["legal", "operations", "technology"],
"health": ["product", "experience", "operations"],
"realestate": ["finance", "operations"],
}
SLUG_TAG_HINTS: dict[str, list[str]] = {
"citation": ["citations", "evidence", "knowledge"],
"evidence": ["evidence", "traceability", "source-management"],
"railiance": ["platform", "operations"],
"markitect": ["knowledge", "documentation"],
"marki": ["knowledge", "documentation"],
"ops-": ["operations", "platform"],
"canon": ["canon", "knowledge", "governance"],
"flex-auth": ["identity", "access-control", "policy"],
"key-cape": ["identity", "access-control", "security"],
"shard-wiki": ["knowledge", "documentation"],
"vergabe": ["procurement", "governance"],
"agentic": ["automation", "orchestration"],
"repo-scoping": ["governance", "policy", "coordination"],
}
def load_excluded_slugs() -> set[str]:
with EXCLUSIONS_PATH.open() as fh:
doc = yaml.safe_load(fh)
return {entry["slug"].split("/")[-1] for entry in doc.get("exclusions", [])}
def fetch_hub_repos() -> dict[str, dict]:
with urllib.request.urlopen(f"{API_BASE}/repos/", timeout=30) as resp:
repos = json.load(resp)
return {r["slug"]: r for r in repos}
def local_git_repos() -> dict[str, Path]:
found: dict[str, Path] = {}
for child in HOME.iterdir():
if child.name.startswith(".") or not child.is_dir():
continue
if (child / ".git").is_dir():
found[child.name] = child
return found
def _tag_hints(slug: str) -> list[str]:
tags: list[str] = []
for needle, hint_tags in SLUG_TAG_HINTS.items():
if needle in slug:
for tag in hint_tags:
if tag not in tags:
tags.append(tag)
return tags
def _enrich_from_hub(slug: str, hub: dict | None) -> dict:
if hub:
category = hub.get("category") or "project"
domain = hub.get("domain_slug") or "infotech"
secondary = hub.get("secondary_domains") or []
tags = list(hub.get("capability_tags") or [])
stake = list(hub.get("business_stake") or [])
mechanics = list(hub.get("business_mechanics") or [])
else:
category = "project"
domain = "infotech"
secondary = []
tags = []
stake = []
mechanics = []
for tag in _tag_hints(slug):
if tag not in tags:
tags.append(tag)
if not stake:
stake = list(DOMAIN_DEFAULT_STAKE.get(domain, ["technology", "product"]))
if not mechanics:
mechanics = ["coordination", "operation"]
return {
"category": category,
"domain": domain,
"secondary_domains": secondary,
"capability_tags": tags,
"business_stake": stake,
"business_mechanics": mechanics,
"notes": f"First-pass agent classification (CUST-WP-0050 T11); derived from hub migration row.",
}
def build_classification(slug: str, hub: dict | None) -> dict:
if slug in OVERRIDES:
data = dict(OVERRIDES[slug])
else:
data = _enrich_from_hub(slug, hub)
data.pop("notes", None)
block = {
"repo_classification": {
"standard": "Repo Classification Standard",
"version": "1.0",
"classified_at": CLASSIFIED_AT,
"classified_by": "agent",
**{k: v for k, v in data.items() if k != "notes"},
}
}
if "notes" in OVERRIDES.get(slug, {}) or "notes" in data:
note = OVERRIDES.get(slug, {}).get("notes") or data.get("notes")
if note:
block["repo_classification"]["notes"] = note
return block
def render_yaml(block: dict) -> str:
return yaml.dump(block, sort_keys=False, allow_unicode=True, default_flow_style=False)
def validate_file(path: Path) -> bool:
proc = subprocess.run(
[sys.executable, str(VALIDATOR), str(path)],
capture_output=True,
text=True,
)
if proc.returncode != 0:
print(proc.stdout)
print(proc.stderr, file=sys.stderr)
return proc.returncode == 0
def maybe_commit(repo_path: Path, dry_run: bool) -> None:
if dry_run:
return
subprocess.run(["git", "add", ".repo-classification.yaml"], cwd=repo_path, check=True)
status = subprocess.run(
["git", "diff", "--cached", "--quiet"],
cwd=repo_path,
)
if status.returncode != 0:
subprocess.run(
[
"git",
"commit",
"-m",
"Add .repo-classification.yaml (CUST-WP-0050 T11 agent first-pass)",
],
cwd=repo_path,
check=True,
)
def main() -> int:
parser = argparse.ArgumentParser(description=__doc__)
parser.add_argument("--dry-run", action="store_true", help="Print actions only")
parser.add_argument("--no-commit", action="store_true", help="Write files but skip git commit")
args = parser.parse_args()
excluded = load_excluded_slugs()
hub_repos = fetch_hub_repos()
local_repos = local_git_repos()
targets = sorted(set(local_repos) - excluded)
written: list[str] = []
skipped_human: list[str] = []
failed: list[str] = []
for slug in targets:
repo_path = local_repos[slug]
target = repo_path / ".repo-classification.yaml"
if target.exists():
with target.open() as fh:
existing = yaml.safe_load(fh) or {}
if existing.get("repo_classification", {}).get("classified_by") == "human":
skipped_human.append(slug)
continue
block = build_classification(slug, hub_repos.get(slug))
content = render_yaml(block)
if args.dry_run:
print(f"[dry-run] would write {target}")
continue
target.write_text(content)
if not validate_file(target):
failed.append(slug)
continue
if not args.no_commit:
maybe_commit(repo_path, dry_run=False)
written.append(slug)
print(f"Written: {len(written)}")
for slug in written:
print(f" + {slug}")
print(f"Skipped (human-reviewed): {len(skipped_human)}")
for slug in skipped_human:
print(f" = {slug}")
if failed:
print(f"Failed validation: {len(failed)}", file=sys.stderr)
for slug in failed:
print(f" ! {slug}", file=sys.stderr)
return 1
return 0
if __name__ == "__main__":
raise SystemExit(main())

View File

@@ -0,0 +1,33 @@
#!/usr/bin/env bash
# Cancel duplicate CUST-WP-0054 hub tasks created during 2026-07-07 workstream recreation.
set -euo pipefail
API_BASE="${API_BASE:-http://127.0.0.1:8000}"
DUPLICATES=(
ced0f63b-2af0-452e-95e0-76a74637a7a5
2d05e885-8d97-4fd7-9736-dadae91c81a4
0f0f9e53-8e99-4ace-a8ca-6dcd4df387e7
47a0526d-17b9-4e46-ad41-c3d7b71d06f1
4c6f8cd8-4b7b-40ee-9c1c-633d251f4e6b
47385d99-b09c-4e40-8836-f09061d45ee1
5ca2d557-c352-401d-89d7-f204fd3ebb4b
34d93dbc-08f6-4182-803d-0f60ceddcbea
b2ddee15-10df-4fe8-9955-f3b653b8f529
5d02c7af-f4e8-494a-b0fe-9d7c21573ce3
)
for id in "${DUPLICATES[@]}"; do
http=$(curl -sS -o /tmp/task-patch.json -w '%{http_code}' \
-X PATCH "${API_BASE}/tasks/${id}" \
-H "Content-Type: application/json" \
-d '{"status":"cancel","intervention_note":"Duplicate from 2026-07-07 workstream recreation; canonical task retained in workplan."}')
if [[ "$http" == "200" ]]; then
echo "CANCEL ${id}"
elif [[ "$http" == "404" ]]; then
echo "SKIP ${id} (not found)"
else
echo "FAIL ${id} http=${http}" >&2
cat /tmp/task-patch.json >&2
fi
done

View File

@@ -0,0 +1,58 @@
#!/usr/bin/env python3
"""Compare State Hub registered repos against Gitea SSH reachability (no HTTP token)."""
from __future__ import annotations
import json
import subprocess
import sys
import urllib.request
API_BASE = "http://127.0.0.1:8000"
GITEA_REMOTE = "gitea-remote"
def hub_repos() -> list[dict]:
with urllib.request.urlopen(f"{API_BASE}/repos/", timeout=30) as resp:
return json.load(resp)
def gitea_exists(path: str) -> bool:
proc = subprocess.run(
[
"git",
"ls-remote",
f"{GITEA_REMOTE}:{path}.git",
"HEAD",
],
capture_output=True,
text=True,
env={**__import__("os").environ, "GIT_SSH_COMMAND": "ssh -o ConnectTimeout=8 -o BatchMode=yes"},
)
return proc.returncode == 0 and any(line.strip() for line in proc.stdout.splitlines())
def main() -> int:
repos = hub_repos()
active = [r for r in repos if r.get("status") == "active"]
matched: list[str] = []
missing: list[str] = []
for repo in sorted(active, key=lambda r: r["slug"]):
slug = repo["slug"]
if gitea_exists(f"coulomb/{slug}"):
matched.append(slug)
else:
missing.append(slug)
print(f"State Hub active repos: {len(active)}")
print(f"Gitea SSH reachable (coulomb/<slug>): {len(matched)}")
print(f"Hub-only (no coulomb/<slug> on Gitea SSH): {len(missing)}")
if missing:
print("\nMissing on Gitea:")
for slug in missing:
print(f" - {slug}")
return 0
if __name__ == "__main__":
raise SystemExit(main())

View File

@@ -0,0 +1,194 @@
#!/usr/bin/env python3
"""Apply human-reviewed classification corrections (CUST-WP-0050 follow-up)."""
from __future__ import annotations
import subprocess
import sys
from pathlib import Path
import yaml
REPO_ROOT = Path(__file__).resolve().parent.parent
VALIDATOR = REPO_ROOT / "tools" / "validate_repo_classification.py"
HOME = Path.home()
# Curated human-reviewed classifications for high-blast-radius portfolio anchors.
HUMAN_REVIEWS: dict[str, dict] = {
"helix-forge": {
"category": "product",
"domain": "infotech",
"secondary_domains": ["agents"],
"capability_tags": [
"platform",
"capability-registry",
"coordination",
"knowledge",
"product-development",
],
"business_stake": ["product", "technology", "execution", "automation", "intelligence"],
"business_mechanics": ["intention", "coordination", "operation", "adaptation"],
"notes": "Capability development platform; standard §13.1 — human confirmed.",
},
"reuse-surface": {
"category": "product",
"domain": "infotech",
"secondary_domains": ["agents"],
"capability_tags": ["capability-registry", "discovery", "reuse", "maturity", "evidence"],
"business_stake": ["technology", "product", "intelligence", "automation"],
"business_mechanics": ["intention", "control", "adaptation"],
"notes": "Reuse discovery surface; standard §13.7 — human confirmed.",
},
"coordination-engine": {
"category": "product",
"domain": "communication",
"secondary_domains": ["infotech", "agents"],
"capability_tags": ["coordination", "workflow", "orchestration", "evidence", "platform"],
"business_stake": ["product", "technology", "operations", "automation"],
"business_mechanics": ["coordination", "operation", "adaptation"],
"notes": "Goal-driven coordination framework; human confirmed.",
},
"markitect-main": {
"category": "product",
"domain": "communication",
"secondary_domains": ["infotech", "agents"],
"capability_tags": ["knowledge", "documentation", "product-development", "platform"],
"business_stake": ["product", "technology", "execution"],
"business_mechanics": ["intention", "coordination", "operation", "adaptation"],
"notes": "Markitect successor to archived markitect-project; human confirmed.",
},
"citation-evidence": {
"category": "product",
"domain": "infotech",
"secondary_domains": ["communication", "government"],
"capability_tags": ["citations", "evidence", "knowledge", "traceability", "source-management"],
"business_stake": ["intelligence", "legal", "product", "technology"],
"business_mechanics": ["control", "coordination", "adaptation"],
"notes": "Citation/evidence product; standard §13.5 — human confirmed.",
},
"adaptive-pricing": {
"category": "product",
"domain": "financials",
"secondary_domains": ["infotech", "agents"],
"capability_tags": ["pricing", "monetization", "lifecycle", "decision-support", "product-development"],
"business_stake": ["finance", "product", "sales", "intelligence", "automation"],
"business_mechanics": ["intention", "control", "adaptation"],
"notes": "Adaptive pricing product; standard §13.6 — human confirmed.",
},
"identity-canon": {
"category": "research",
"domain": "infotech",
"secondary_domains": ["government"],
"capability_tags": ["identity", "access-control", "terminology", "canon", "governance"],
"business_stake": ["technology", "legal", "operations", "intelligence"],
"business_mechanics": ["intention", "control", "adaptation"],
"notes": "Identity canon; standard §13.3 — human confirmed.",
},
"net-kingdom": {
"category": "product",
"domain": "infotech",
"secondary_domains": [],
"capability_tags": ["security", "identity", "platform", "operations", "access-control"],
"business_stake": ["technology", "operations", "legal", "automation"],
"business_mechanics": ["control", "operation", "adaptation"],
"notes": "NetKingdom security/identity platform; standard §13.4 — human confirmed.",
},
"audit-core": {
"category": "tooling",
"domain": "infotech",
"secondary_domains": [],
"capability_tags": ["audit", "traceability", "security", "governance", "operations"],
"business_stake": ["technology", "operations", "legal", "automation"],
"business_mechanics": ["control", "operation"],
"notes": "Multi-tenant audit emit capability; human confirmed.",
},
"key-cape": {
"category": "product",
"domain": "infotech",
"secondary_domains": ["communication"],
"capability_tags": ["identity", "access-control", "security", "platform", "operations"],
"business_stake": ["technology", "operations", "legal", "product"],
"business_mechanics": ["control", "operation", "adaptation"],
"notes": "NetKingdom IAM Profile lightweight mode (Authelia/LLDAP/privacyIDEA); human corrected domain from communication→infotech.",
},
"flex-auth": {
"category": "product",
"domain": "infotech",
"secondary_domains": ["government"],
"capability_tags": ["identity", "access-control", "policy", "governance", "audit"],
"business_stake": ["technology", "legal", "operations", "product"],
"business_mechanics": ["control", "coordination", "adaptation"],
"notes": "Policy-as-code authorization registry; human corrected domain from communication→infotech.",
},
"ops-hub": {
"category": "tooling",
"domain": "infotech",
"secondary_domains": [],
"capability_tags": ["operations", "platform", "observability", "coordination", "governance"],
"business_stake": ["operations", "technology", "automation"],
"business_mechanics": ["coordination", "operation", "control"],
"notes": "Inter-Hub operations extension (environments, incidents, runbooks); human corrected category project→tooling.",
},
"railiance-platform": {
"category": "tooling",
"domain": "financials",
"secondary_domains": ["infotech"],
"capability_tags": ["platform", "operations", "configuration", "governance"],
"business_stake": ["finance", "technology", "operations"],
"business_mechanics": ["control", "operation", "coordination"],
"notes": "Railiance platform substrate; human corrected category project→tooling.",
},
}
def build_block(slug: str, data: dict) -> dict:
notes = data.pop("notes", None)
block = {
"repo_classification": {
"standard": "Repo Classification Standard",
"version": "1.0",
"classified_at": "2026-06-22",
"classified_by": "human",
**data,
}
}
if notes:
block["repo_classification"]["notes"] = notes
return block
def main() -> int:
updated: list[str] = []
for slug, data in HUMAN_REVIEWS.items():
repo_path = HOME / slug
target = repo_path / ".repo-classification.yaml"
if not repo_path.is_dir():
print(f"skip {slug}: no checkout", file=sys.stderr)
continue
payload = build_block(slug, dict(data))
target.write_text(yaml.dump(payload, sort_keys=False, allow_unicode=True))
proc = subprocess.run([sys.executable, str(VALIDATOR), str(target)], capture_output=True, text=True)
if proc.returncode != 0:
print(proc.stdout, proc.stderr, file=sys.stderr)
return 1
subprocess.run(["git", "add", ".repo-classification.yaml"], cwd=repo_path, check=True)
diff = subprocess.run(["git", "diff", "--cached", "--quiet"], cwd=repo_path)
if diff.returncode != 0:
subprocess.run(
[
"git",
"commit",
"-m",
"Human-review .repo-classification.yaml (CUST-WP-0050 follow-up)",
],
cwd=repo_path,
check=True,
)
updated.append(slug)
print(f"Human-reviewed: {len(updated)}")
for slug in updated:
print(f"{slug}")
return 0
if __name__ == "__main__":
raise SystemExit(main())

View File

@@ -0,0 +1,24 @@
#!/usr/bin/env bash
# One-time migration: copy activity-core PVC daily-triage notes into the
# railiance01 the-custodian clone so consistency sweep can commit them.
set -euo pipefail
KUBECONFIG="${KUBECONFIG:-$HOME/.kube/config-hosteurope}"
CLONE_DIR="${CLONE_DIR:-/home/tegwick/the-custodian/memory/working}"
NAMESPACE="${NAMESPACE:-activity-core}"
echo "=== Source: actcore-worker PVC mount (legacy) ==="
KUBECONFIG="${KUBECONFIG}" kubectl -n "${NAMESPACE}" exec deploy/actcore-worker -- \
sh -c 'ls -1 /var/custodian/memory/working/daily-triage-*.md 2>/dev/null | wc -l' || echo "0"
echo "=== Copying daily-triage notes to ${CLONE_DIR} ==="
KUBECONFIG="${KUBECONFIG}" kubectl -n "${NAMESPACE}" exec deploy/actcore-worker -- \
tar czf - -C /var/custodian/memory/working . 2>/dev/null \
| ssh -i "${OPS_SSH_KEY:-$HOME/.ssh/id_ops}" tegwick@92.205.62.239 \
"mkdir -p '${CLONE_DIR}' && tar xzf - -C '${CLONE_DIR}'"
echo "=== Destination file count ==="
ssh -i "${OPS_SSH_KEY:-$HOME/.ssh/id_ops}" tegwick@92.205.62.239 \
"ls -1 '${CLONE_DIR}'/daily-triage-*.md 2>/dev/null | wc -l"
echo "Done. Run consistency sweep on the-custodian to commit migrated notes."

View File

@@ -0,0 +1,64 @@
#!/usr/bin/env bash
# Patch State Hub managed_repos.remote_url from gitea-remote to forgejo-remote.
# Usage: patch-forgejo-remote-urls.sh slug [slug ...]
# patch-forgejo-remote-urls.sh --tier-25
set -euo pipefail
API_BASE="${API_BASE:-http://127.0.0.1:8000}"
ORG="${FORGEJO_ORG:-coulomb}"
TIER_25=(
railiance-enablement
railiance-infra
railiance-apps
railiance-platform
railiance-cluster
glas-harness
key-cape
)
if [[ "${1:-}" == "--tier-25" ]]; then
set -- "${TIER_25[@]}"
fi
if [[ "${1:-}" == "--all-gitea" ]]; then
mapfile -t SLUGS < <(curl -fsS "${API_BASE}/repos/" | python3 -c "
import json,sys
for r in json.load(sys.stdin):
url = r.get('remote_url') or ''
if 'gitea-remote' in url or 'gitea.coulomb.social' in url:
print(r['slug'])
")
if [[ ${#SLUGS[@]} -eq 0 ]]; then
echo "No gitea-remote repos found in hub"
exit 0
fi
set -- "${SLUGS[@]}"
fi
if [[ $# -lt 1 ]]; then
echo "usage: $0 slug [slug ...] | --tier-25 | --all-gitea" >&2
exit 1
fi
for slug in "$@"; do
new_url="forgejo-remote:${ORG}/${slug}.git"
http=$(curl -sS -o /tmp/repo-get.json -w '%{http_code}' "${API_BASE}/repos/${slug}")
if [[ "${http}" == "404" ]]; then
echo "SKIP ${slug} (not registered in State Hub)"
continue
fi
if [[ "${http}" != "200" ]]; then
echo "FAIL ${slug} GET http=${http}" >&2
exit 1
fi
current=$(python3 -c "import json; print(json.load(open('/tmp/repo-get.json')).get('remote_url') or '')")
if [[ "${current}" == "${new_url}" ]]; then
echo "OK ${slug} (unchanged)"
continue
fi
curl -fsS -X PATCH "${API_BASE}/repos/${slug}" \
-H "Content-Type: application/json" \
-d "{\"remote_url\": \"${new_url}\"}" >/dev/null
echo "PATCH ${slug}: ${current:-<empty>} -> ${new_url}"
done

View File

@@ -0,0 +1,60 @@
#!/usr/bin/env bash
# Phase 5 stabilization health snapshot for CUST-WP-0054-T05.
# Usage: phase5-stabilization-check.sh
set -euo pipefail
API_BASE="${API_BASE:-http://127.0.0.1:8000}"
KUBECONFIG_RAILIANCE="${KUBECONFIG_RAILIANCE:-$HOME/.kube/config-hosteurope}"
KUBECONFIG_COULOMB="${KUBECONFIG_COULOMB:-$HOME/.kube/config}"
echo "=== State Hub API (${API_BASE}) ==="
curl -fsS "${API_BASE}/state/health" | python3 -m json.tool
python3 -c "
import json, urllib.request
s = json.load(urllib.request.urlopen('${API_BASE}/state/summary'))
t = s['totals']
print('totals: workstreams', t['workstreams']['total'], 'tasks', t['tasks']['total'], 'topics', t['topics']['total'])
"
echo
echo "=== railiance01 state-hub + CNPG ==="
KUBECONFIG="${KUBECONFIG_RAILIANCE}" kubectl -n state-hub get pods -l app.kubernetes.io/name=state-hub 2>/dev/null \
| awk 'NR==1 || /state-hub-/ {print}'
KUBECONFIG="${KUBECONFIG_RAILIANCE}" kubectl -n databases get cluster state-hub-db \
-o jsonpath='phase={.status.phase} ready={.status.readyInstances}/{.spec.instances}{"\n"}' 2>/dev/null
echo
echo "=== coulombcore rollback copy ==="
KUBECONFIG="${KUBECONFIG_COULOMB}" kubectl -n state-hub get deploy state-hub \
-o jsonpath='replicas={.spec.replicas}{"\n"}' 2>/dev/null || echo "coulombcore unreachable"
echo
echo "=== activity-core STATE_HUB_URL ==="
KUBECONFIG="${KUBECONFIG_RAILIANCE}" kubectl -n activity-core get configmap actcore-runtime-config \
-o jsonpath='{.data.STATE_HUB_URL}{"\n"}' 2>/dev/null
KUBECONFIG="${KUBECONFIG_RAILIANCE}" kubectl -n activity-core get deploy actcore-state-hub-bridge \
-o jsonpath='bridge_replicas={.spec.replicas}{"\n"}' 2>/dev/null
echo
echo "=== last 6 consistency sweeps ==="
curl -fsS "${API_BASE}/progress/?event_type=consistency_sweep_remote_all&limit=6" | python3 -c "
import json,sys
for e in json.load(sys.stdin):
d=e.get('detail') or {}
print(e['created_at'][:19], 'src='+str(d.get('source','?')),
'exit='+str(d.get('exit_code')), 'err='+str(d.get('automation_error')),
'proc='+str(len(d.get('repos_processed') or [])),
'missing='+str(len(d.get('skipped_missing') or [])))
"
echo
echo "=== last daily_triage ==="
curl -fsS "${API_BASE}/progress/?event_type=daily_triage&limit=1" | python3 -c "
import json,sys
ev=json.load(sys.stdin)
print(ev[0]['created_at'][:19] if ev else 'none', (ev[0].get('summary') or '')[:60] if ev else '')
" 2>/dev/null || echo "no daily_triage events"
echo
echo "=== ops-bridge primary tunnel ==="
bridge status 2>/dev/null | grep -E 'state-hub-primary|issue-core-coulombcore' || echo "bridge status unavailable"

Some files were not shown because too many files have changed in this diff Show More