Compare commits

..

188 Commits

Author SHA1 Message Date
custodian-sync
11e5af26f3 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-07:
  - update .custodian-brief.md for the-custodian
2026-07-07 23:06:33 +00:00
codex
582bbfd8ab Sync CUST-WP-0054 hub bindings after stale ID repair
Apply fix-consistency writeback: new workstream 5ceff9dd and task IDs.
2026-07-08 01:04:38 +02:00
custodian-sync
2410d8dbc0 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-08:
  - update .custodian-brief.md for the-custodian
2026-07-08 01:01:47 +02:00
codex
51b6c756ad fix(workplans): resolve duplicate CUST-WP-0010 id collision
Renumber the later domain-and-repo-goals plan to CUST-WP-0010b, following
the established 0000b suffix pattern. Lifecycle documentation keeps the
original CUST-WP-0010 id and filename.
2026-07-08 01:01:28 +02:00
custodian-sync
3f5aef8368 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-08:
  - update .custodian-brief.md for the-custodian
2026-07-08 01:01:13 +02:00
codex
19c825f143 Fix CUST-WP-0054 stale hub bindings; finish CUST-WP-0025 T24-T26
Remove orphaned state_hub workstream/task IDs from CUST-WP-0054 so
fix-consistency can recreate bindings. Mark CUST-WP-0025 finished with
fin-hub cost tracking, cross-hub coupling, and RaaS packaging complete.
2026-07-08 00:59:39 +02:00
custodian-sync
275c3c6f6c chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-08:
  - update .custodian-brief.md for the-custodian
2026-07-08 00:53:54 +02:00
codex
a272f5fcda Advance CUST-WP-0025: close T16/T17, add canon and fin-hub bootstrap
- Mark T16/T17 done with cutover evidence and decision coupling doc
- Add business-model-canvas and bootstrap-protocol canon (T20/T21)
- Record Core Hub readiness-summary evidence stubs
- Refresh fos-hub-bootstrap-sequence-status and core-hub-replacement-evidence
2026-07-08 00:52:17 +02:00
custodian-sync
72fe10e076 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-07:
  - update .custodian-brief.md for the-custodian
2026-07-07 22:50:29 +00:00
custodian-sync
f353c039af chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-08:
  - update .custodian-brief.md for the-custodian
2026-07-08 00:42:06 +02:00
codex
a23768044f Finish CUST-WP-0014: mark all tasks done and archive workplan
Implementation lives in state-hub; close the tracking workplan with all six
tasks marked done and move it to archived/260708.
2026-07-08 00:39:50 +02:00
custodian-sync
ff4ec782c8 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-07:
  - update .custodian-brief.md for the-custodian
2026-07-07 22:38:31 +00:00
custodian-sync
d9bf050f55 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-08:
  - update .custodian-brief.md for the-custodian
2026-07-08 00:31:34 +02:00
codex
3ea0291f54 Record T02 cutover Option A and close design decision set
Staged per-repo promotion as primary plan; freeze-all emergency fallback only.
All WP-0005 T02 production choices are now decided.
2026-07-07 17:00:05 +02:00
codex
89300bd5fc Record T02 backup decision: Option A (Nextcloud + age)
Daily forgejo dump and pg_dump, age-encrypted upload to Nextcloud WebDAV,
balanced retention (14 daily + 4 weekly), RPO 24h / RTO 4h.
2026-07-07 16:55:13 +02:00
codex
56943efbf7 Record T02 package scope: Option C (OCI, npm, generic)
Operator decided multi-ecosystem registry with npm as a launch requirement;
additional types follow inventory evidence. Update SMTP row to T06-done state.
2026-07-07 16:47:15 +02:00
codex
5aacf8770f Record IONOS SMTP decision and Forgejo mailer deployment
Document forgejo@coulomb.social on IONOS smtp.ionos.com:587; mailer live on
railiance01 via railiance-apps Helm. T06 password-reset test remains open.
2026-07-07 11:08:14 +02:00
custodian-sync
4c82daea96 chore(working-memory): sync daily-triage notes from activity-core [auto 2026-07-07] 2026-07-07 05:34:30 +00:00
codex
b8412994b7 docs: record state-hub Forgejo CI promotion main-0ca9c27 (Helm rev 8)
Update Phase 5 cutover evidence and CUST-WP-0054 T05 notes after
image.yaml #31 build and railiance01 deploy with working-memory sweep.
2026-07-07 01:14:11 +02:00
custodian-sync
26a3dca511 chore(working-memory): sync daily-triage notes from activity-core [auto 2026-07-06] 2026-07-06 23:07:04 +00:00
codex
ac0886a409 feat(T06): complete sink path decoupling and working-memory sweep sync
hostPath working-memory on railiance01, migration tool, sweep commits
daily-triage notes; T06 marked done in workplan.
2026-07-07 01:01:26 +02:00
codex
8baa2d10ff feat: schedule Phase 5 checks; start T06 path decoupling
Add phase5 daily/closeout ActivityDefinitions, document schedules in Phase 5
evidence, and migrate daily triage sinks to custodian:// runtime URIs.
2026-07-07 00:48:36 +02:00
codex
03dc2070a3 docs: Phase 5 day-1 stabilization check — all gates green
Records phase5-stabilization-check.sh snapshot after CI image promotion;
T05 remains in progress until 72h window closes 2026-07-09.
2026-07-07 00:37:02 +02:00
codex
872266cb57 docs: record state-hub CI image promotion to main-375961c
Forgejo image.yaml #26 built and Helm rev 7 deployed on railiance01;
post-upgrade consistency sweep exit_code=0.
2026-07-06 20:22:23 +02:00
codex
40670dcc55 docs(CUST-WP-0054-T05): record post-cutover daily triage success
Manual activity-core trigger completed with daily_triage progress event
a99e644e and working-memory report daily-triage-2026-07-06-67685f1c.md.
2026-07-06 19:51:04 +02:00
codex
d470fccece Draft capability entry (reuse-surface REUSE-WP-0017-T04, cohort 3)
Honest first-pass maturity vector grounded in README/docs/tests present
in this repo; no invented evidence. Flagged for human review before
publish. See reuse-surface history/2026-07-06-coverage-classification.md.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
2026-07-06 19:50:54 +02:00
codex
104c66763e docs(CUST-WP-0054-T05): open Phase 5 stabilization window
Record kickoff baseline checks, 72h monitoring gates, and a reusable
phase5-stabilization-check.sh script for daily health snapshots.
2026-07-06 19:41:42 +02:00
codex
c9764ba73c docs(CUST-WP-0054-T05): Phase 4 sweep checkout migration evidence
Record railiance01 clone tree, host_paths registration, and tooling for
bulk clone and path registration. Update T05 workplan with Phase 4 completion.
2026-07-06 19:24:28 +02:00
codex
0bebad0bae docs(CUST-WP-0054): update Phase 1 evidence with Forgejo image fix notes
Record main-d1a4fcf CI fix and DinD root cause after image rebuild.
2026-07-06 18:59:04 +02:00
codex
5d3b0120f1 docs(CUST-WP-0054): record Phase 3 access rewire to railiance01
state-hub-primary tunnel, activity-core in-cluster URL, fleet-state-hub
coulombcore retired. Production :8000 now serves railiance01 hub.
2026-07-06 18:57:43 +02:00
codex
5961e74bfc docs(CUST-WP-0054): record Phase 2 data migration evidence
coulombcore frozen; pg_restore to railiance01 with exact-count gate pass.
Phase 3 access rewire still pending.
2026-07-06 18:51:59 +02:00
codex
149afb104d docs(CUST-WP-0054): record Phase 1 empty stack evidence on railiance01
Phase 1 deploy complete: CNPG state-hub-db, Alembic at head, empty hub
healthy on ClusterIP 10.43.68.154. Documents gitea image workaround and
Forgejo rebuild prerequisite before Phase 2.
2026-07-06 18:38:35 +02:00
codex
284d11c735 docs(CUST-WP-0054): record Phase 1 empty stack evidence on railiance01
Phase 1 deploy complete: CNPG state-hub-db, Alembic at head, empty hub
healthy on ClusterIP 10.43.68.154. Documents gitea image workaround and
Forgejo rebuild prerequisite before Phase 2.
2026-07-06 18:28:27 +02:00
codex
5b51f90a9f CUST-WP-0054-T05 Phase 0 preflight evidence (baseline counts, dry-runs, image pull) 2026-07-06 18:08:02 +02:00
codex
959db458a8 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-06:
  - update .custodian-brief.md for the-custodian
2026-07-06 17:27:09 +02:00
codex
fa715c29d5 CUST-WP-0054-T05: State Hub railiance01 cutover plan and task progress 2026-07-06 17:25:09 +02:00
codex
0d890a7155 Document activity-core tier-3 promotion; production set complete (CUST-WP-0054-T04) 2026-07-06 17:14:13 +02:00
codex
9f2606596c Document core-hub tier-3 Forgejo promotion (CUST-WP-0054-T04) 2026-07-06 15:56:53 +02:00
codex
df3198adfb Document issue-core tier-3 Forgejo promotion (CUST-WP-0054-T04) 2026-07-06 14:41:06 +02:00
codex
331ab9c099 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-06:
  - update .custodian-brief.md for the-custodian
2026-07-06 12:58:33 +02:00
codex
abac583b99 Document state-hub tier-3 Forgejo promotion (CUST-WP-0054-T04) 2026-07-06 12:56:34 +02:00
codex
5c63c2f354 Add Forgejo tier-3 remote_url and sweep playbook
Document State Hub PATCH procedure, sweep implications, railiance01 host_paths,
state-hub image specifics, and rollback. Include batch patch helper; applied
tier-2.5 remote_url updates in hub DB.
2026-07-04 13:21:40 +02:00
codex
dd0ee14f50 Document Forgejo tier 2.5: operator SSH, templates, railiance stack promotion
Record tegwick SSH identity, enablement workflow templates, and five railiance
repos on Forgejo with ci-smoke. Update state-hub gate checklist.
2026-07-04 12:51:05 +02:00
codex
5d3270e564 Document tier-2 key-cape Forgejo image pilot (T10 complete)
Adds archive-checkout image workflow evidence and k3s pull verification;
tiers 0-2 satisfied before state-hub cutover.
2026-07-04 10:26:28 +02:00
codex
1745c37f2c Cross-link Forgejo pilot to adapted RAIL-HO-WP-0005 migration ladder
Aligns CUST-WP-0054-T04 with staged tier 0-3 sequencing from railiance-infra.
2026-07-04 01:02:42 +02:00
codex
a912679675 Document glas-harness Forgejo migration pilot routing
Records what works (SSH forgejo-remote, CI smoke, HTTPS mirror) and what is
still blocked before state-hub cutover. Updates CUST-WP-0054-T04 progress.
2026-07-04 00:59:53 +02:00
codex
ea6ee564bd chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-04:
  - update .custodian-brief.md for the-custodian
2026-07-04 00:48:30 +02:00
codex
f18d56b706 CUST-WP-0054-T04: record image-build CI proof on railiance01 runner
Documents successful forgejo-actions-probe image-build workflow (static
docker-cli + DinD, org registry secrets) and notes remaining repo migration
work before workstation-off release.
2026-07-04 00:47:17 +02:00
codex
cf4be716e1 CUST-WP-0054 T01-T03: fleet architecture, de-hub runbook, drain plan
Documents the three-machine role model, fleet mesh topology, coulombcore
freeze policy, and ordered drain sequence. Adds railiance01 systemd tunnel
install assets and refreshes ops service inventory to reflect 2026-07-03
production placement (cluster State Hub, fleet mesh, draining coulombcore).
2026-07-04 00:29:55 +02:00
codex
0a77483861 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-03:
  - update .custodian-brief.md for the-custodian
2026-07-03 22:31:56 +02:00
codex
e8a7f49bde Record ADR-004 in-cluster Forgejo runner decision for T04
Updates forgejo-production-decisions and CUST-WP-0054-T04 partial progress.
2026-07-03 22:29:28 +02:00
codex
4084c849f5 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-03:
  - update .custodian-brief.md for the-custodian
2026-07-03 20:37:52 +02:00
codex
763df547d7 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-03:
  - update .custodian-brief.md for the-custodian
2026-07-03 20:05:58 +02:00
codex
6cc568a84d chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-03:
  - update .custodian-brief.md for the-custodian
2026-07-03 19:30:48 +02:00
codex
65f0605bcc chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-03:
  - update .custodian-brief.md for the-custodian
2026-07-03 18:25:12 +02:00
codex
1d6c72ef2c chore(consistency): renormalize lifecycle state [auto]
Updated by fix-consistency on 2026-07-03:
  - workplan status: proposed → active
2026-07-03 18:24:57 +02:00
codex
a2b41e7d0a CUST-WP-0054 (proposed): workstation independence and fleet role realignment
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-03 13:25:26 +02:00
codex
eaf0e604b0 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-03:
  - update .custodian-brief.md for the-custodian
2026-07-03 11:33:49 +02:00
codex
c4b0712144 CUST-WP-0051 FINISHED: all eight metaplan tasks terminal after Core Hub + State Hub cutovers
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-03 11:30:21 +02:00
codex
aca22a12fb chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-03:
  - update .custodian-brief.md for the-custodian
2026-07-03 11:29:40 +02:00
codex
6f34d47ab9 CUST-WP-0047/0049: legacy Inter-Hub tasks superseded by Core Hub production cutover
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-03 11:26:33 +02:00
codex
35b0a75af8 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-02:
  - update .custodian-brief.md for the-custodian
2026-07-02 20:39:00 +02:00
codex
40948b8226 CUST-WP-0051: T04/T05 done; end-of-day checkpoint refresh (9 workplans finished)
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 20:36:34 +02:00
codex
0a52cdd858 CUST-WP-0025-T16 done: deployed Core Hub API + activity-core sink smokes both proven
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 18:13:49 +02:00
codex
440154802f chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-07-02:
  - CUST-WP-0025-T16: progress → wait
2026-07-02 16:41:43 +02:00
codex
67ef857460 CUST-WP-0025-T16 progress + CUST-WP-0051: Core Hub staging deployed with full smoke evidence
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 16:40:37 +02:00
codex
916808eac2 Checkpoint: all five approval gates closed; Core Hub staging decision set is the open item
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 14:56:19 +02:00
e778ffd2d2 CUST-WP-0051: railiance01 deploy executed — RAIL-BS-WP-0008/0009 + ACTIVITY-WP-0016 finished
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 11:56:19 +02:00
4cc4bf038e CUST-WP-0051: artifact-store MinIO/STS lane finished (T05 progress)
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 11:27:51 +02:00
3377c70c08 CUST-WP-0051: 2026-07-02 execution pass — deploy prep, operator pickup list
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 11:04:07 +02:00
560f676fb6 CUST-WP-0051: 2026-07-02 review refresh — new credential and deploy lanes
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 10:39:49 +02:00
a5fb9d72f1 Sync CUST-WP-0053 task metadata 2026-07-02 02:24:14 +02:00
d097510444 CUST-WP-0053: add T05 workplan_id alias completion task
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 01:48:14 +02:00
495a4fa7fb Regenerate agent instructions: workstream -> workplan terminology
Registration guidance now prescribes file-first + fix-consistency (C-06)
instead of manual create_workplan/create_workstream calls; progress-event
examples use workplan_id; legacy field names annotated.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 01:47:46 +02:00
491f50162d chore(consistency): commit workplan task-id writeback
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 00:26:45 +02:00
0122198254 Add CUST-WP-0053 coordination hygiene workplan
Unblock sweep for blocked workplans vs inbox, inbox triage discipline
(thread_id + unread-age alerts), workplan ID prefix lint with cross-repo
collision detection, SCOPE Current State freshness. Findings from the
2026-07-01 railiance-cluster review (RAILIANCE-WP-0014 sat blocked 13 days
after the unblocking inbox message arrived).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 00:14:34 +02:00
1f9ef92a66 Clarify core hub staging credential route 2026-06-30 10:20:23 +02:00
cb7fd7b19d Record daily triage clean streak checkpoint 2026-06-30 10:07:28 +02:00
3ef57f63c1 Record policy gate support closeouts 2026-06-30 09:49:04 +02:00
a6e987bc23 Close Core Hub operator UI gate 2026-06-28 00:27:12 +02:00
56f3a3ce14 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-28:
  - update .custodian-brief.md for the-custodian
2026-06-28 00:26:32 +02:00
4158f05cff Close IAM Profile integration gate 2026-06-28 00:20:05 +02:00
7d823bd12f chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-28:
  - update .custodian-brief.md for the-custodian
2026-06-28 00:18:17 +02:00
46e2012160 Close Core Hub ops evidence contract gate 2026-06-27 23:57:22 +02:00
b39f3cc6cc chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 23:55:02 +02:00
46fff69fc0 Record artifact-store MinIO lane progress 2026-06-27 23:38:36 +02:00
225f3a7834 Refresh stabilization checkpoint after Core Hub reset 2026-06-27 23:06:15 +02:00
d03ddcd9fb Close Core Hub FOS reset workplan 2026-06-27 22:36:18 +02:00
a7635c65c9 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 22:34:55 +02:00
cac6302a0a Align Core Hub build lane with Helixforge 2026-06-27 22:29:35 +02:00
5f1aad927c chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 22:28:28 +02:00
befb35c056 Rewrite FOS ops hub phase for Core Hub 2026-06-27 21:59:20 +02:00
8c4d9b952b chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 21:57:50 +02:00
12600c5565 Record Core Hub replacement evidence handoff 2026-06-27 21:45:06 +02:00
7cf821de59 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 21:43:23 +02:00
0fb894eaa5 Link Core Hub continuation workplan 2026-06-27 19:56:34 +02:00
2fbfa81fdf chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 19:51:06 +02:00
f490d18423 Add Core Hub FOS reset workplan 2026-06-27 19:31:09 +02:00
acbe4976af chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 19:29:43 +02:00
b0d7d09594 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 19:24:46 +02:00
4a66ebfbb6 Refine security blocker posture review 2026-06-27 18:22:06 +02:00
da0735a05a Update stabilization checkpoint after staged promotion finish 2026-06-27 17:08:48 +02:00
4f49f6f23f Update stabilization checkpoint after deploy observe tooling 2026-06-27 16:53:55 +02:00
5128ab8830 Update stabilization checkpoint after canary template 2026-06-27 16:41:42 +02:00
629f4c1f53 Update stabilization checkpoint after run command 2026-06-27 16:28:28 +02:00
cbf583f76c Update stabilization checkpoint after overlay scaffold 2026-06-27 15:55:40 +02:00
eae31bab6e Update stabilization checkpoint after app contract 2026-06-27 15:35:00 +02:00
aa81d712e1 Add infrastructure stabilization checkpoint 2026-06-27 09:58:52 +02:00
1aec581919 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 09:32:25 +02:00
b73cd28e06 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 09:21:45 +02:00
58fc1134af chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 09:06:58 +02:00
2cf7135ab6 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 08:59:59 +02:00
28702cd4ae chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 08:03:33 +02:00
e4e9e220b6 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 07:50:32 +02:00
988a996d7c chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 01:31:46 +02:00
38c52b2962 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 01:25:12 +02:00
a61a6c7dfc chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 01:21:25 +02:00
a8e655e4b8 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 01:17:49 +02:00
c9321b53f7 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-27:
  - update .custodian-brief.md for the-custodian
2026-06-27 01:11:21 +02:00
5b5dc7604f feat: remote-build shim via sand-boxer (SAND-WP-0012)
Delegate make remote-build to sandboxer create when CLI is available;
retain legacy rsync path with deprecation notice. Add verify script.
2026-06-24 12:56:32 +02:00
7e1cfa005b SAND-WP-0004: delegate make e2e to validate run
Replace e2e_framework monolith with wise-validator + sand-boxer shim.
Makefile invokes validate run; legacy python -m e2e_framework delegates
via shim.py with deprecation notice. Add verify-e2e-shim.sh.
2026-06-23 21:43:53 +02:00
8bdefcd6ba Normalize agent instructions and workplan frontmatter (STATE-WP-0067)
- Align agent files with on-disk workplan prefixes (infer from workplan ids)
- Set workplan domain to registered domain_slug; add topic_slug where applicable
- Repair frontmatter delimiter formatting; migrate legacy task status literals
- Regenerate AGENTS.md, CLAUDE.md, and .claude/rules from State Hub templates
2026-06-22 23:16:28 +02:00
d30e71fb43 Mark CUST-WP-0025 T09–T12 done after dev-hub MCP rename
Phase 2 hub extraction and dev-hub rename gate complete: MCP identifier
migration, config script, domain repo rule regeneration, and test suite.
2026-06-22 21:24:35 +02:00
c3c97bba83 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-22:
  - update .custodian-brief.md for the-custodian
2026-06-22 21:05:40 +02:00
2c8083e8e3 Close CUST-WP-0048 hub-core import refactor (T05-T08)
Mark capability write and MCP composition tasks done, record 426-test
regression, finish child workplan, and complete CUST-WP-0025-T08.
2026-06-22 20:34:02 +02:00
604c598814 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-22:
  - update .custodian-brief.md for the-custodian
2026-06-22 20:33:42 +02:00
f94120105f docs(hub-core): record HUB-WP-0002 write router and MCP composition seams 2026-06-22 19:52:22 +02:00
24494f3eee chore: backfill state_hub_workstream_id on CUST-WP-0045 cutover runbook
Sync runbook frontmatter with State Hub workstream linkage from fix-consistency.
2026-06-22 19:47:23 +02:00
db88a34b3e CUST-WP-0050 follow-up: human review, push tooling, SSH inventory
Add human-review script for 13 high-blast-radius repos, bulk-push helper,
and SSH-based Gitea inventory probe. Update exclusion list with SSH-verified
absent slugs; marki-docx now classified and registered.
2026-06-22 17:59:55 +02:00
61fe8e0309 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-22:
  - update .custodian-brief.md for the-custodian
2026-06-22 17:53:06 +02:00
f9837e3703 Complete CUST-WP-0050 T11: classify and register remaining portfolio repos
Add exclusion list and batch classification author for post-cutover inventory.
Mark workplan finished after registering 7 new repos and reclassifying 43
migration rows via state-hub register-from-classification tooling.
2026-06-22 17:50:26 +02:00
96a4c7bea9 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-22:
  - update .custodian-brief.md for the-custodian
2026-06-22 12:43:10 +02:00
06feb41588 CUST-WP-0050: backfill T11 state_hub_task_id [consistency]
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 11:57:58 +02:00
a0b79cd09e chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-22:
  - update .custodian-brief.md for the-custodian
2026-06-22 11:56:33 +02:00
4099179374 CUST-WP-0050: drop T03, re-home T04-T10 to STATE-WP-0065, add T11
Per 2026-06-22 review: T03 dropped (registering unregistered repos under the
old model = legacy to clean up). Implementation re-homed to state-hub-local
STATE-WP-0065; T04/T05/T10 merged into one spine migration (P1). CUST-WP-0050
stays the coordination driver. T11 (post-cutover inventory) replaces T03.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 11:52:55 +02:00
9456b3812e chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-22:
  - update .custodian-brief.md for the-custodian
2026-06-22 11:41:53 +02:00
c4c61f4550 CUST-WP-0050 T02: human review complete; close T02
Bernd confirmed kaizen-agentic and llm-connect stay agents-primary
(infotech secondary). All 11 custodian-repo .repo-classification.yaml
flipped to classified_by: human and re-validated clean against T01.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 11:31:39 +02:00
27b7e3f08a Add 'tooling' category to Repo Classification Standard
Insert a 'tooling' category between project and product (reusable internal
tooling/infrastructure: libraries, CLIs, services, ops components used across
the ecosystem rather than offered to external customers). Update §5 definition,
§11 decision procedure, §16 agent prompt, the machine-readable allowed-values,
and the CUST-WP-0050 T02 progress note. Nine custodian tooling repos
reclassified to it; the-custodian and inter-hub remain research.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 03:08:20 +02:00
40cc73f22e CUST-WP-0050 T02: classify remaining 10 custodian repos
All 11 custodian-domain repos now carry a committed, validated
.repo-classification.yaml (first-pass classified_by: agent). T02 remains
in_progress pending the human-review step.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 02:47:43 +02:00
46e3566793 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-22:
  - update .custodian-brief.md for the-custodian
2026-06-22 02:02:48 +02:00
044d088109 Start CUST-WP-0050: T01 allowed-values + validator; classify the-custodian
Activate the workplan and complete T01: add the machine-readable controlled
vocabulary canon/standards/repo-classification.allowed.yaml (categories,
domains, business_stake, business_mechanics, capability families, guidance),
reference it from the standard §12, and add tools/validate_repo_classification.py
(stdlib + PyYAML, --self-test PASS).

Begin T02: author the-custodian/.repo-classification.yaml (research · infotech ·
agents), which validates clean. classified_by: agent, pending human review.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 02:02:01 +02:00
a74f42de06 Fix D1 reference in CUST-WP-0050 (D1 -> D1/D1a)
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 01:47:54 +02:00
50f4564561 Resolve CUST-WP-0050 D1: repo-anchored model + ADR-005
Adopt the repo as the primary workplan anchor: repo_id becomes required,
market-domain is derived from each repo's classification, and the
domain/topic spine is demoted/retired (RepoGoal becomes the goal primitive).
Add task T10 for the re-anchor plus the workstream -> workplan rename across
schema/API/MCP.

Add ADR-005 (Cross-Repo Workplans Live in Dedicated Project Repos): complex
cross-repo efforts get their own project repo (category: project) as the
anchor, retired to archive on completion with results living on in the
modified product repos. Rewrite D1 as resolved and add D1a for the
project-repo naming/archival convention.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 01:36:31 +02:00
0ba909263b Add CUST-WP-0050: repo classification & registration redesign
Proposed workplan to adopt the Repo Classification Standard ecosystem-wide:
per-repo .repo-classification.yaml as source of truth, State Hub domain model
replaced by the standard's 14 market domains, auto-registration tooling, and
reclassification of the 57 existing registrations. Folds in the 2026-06-21
discrepancy findings as reconciliation targets. Blocking design question D1
(topic vs market-domain) flagged for resolution before schema work.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 01:19:38 +02:00
2c27ac6d2e Promote Repo Classification Standard into custodian canon
Move specs/RepoClassificationStandard.md to
canon/standards/repo-classification-standard_v1.0.md with provenance
frontmatter (id: canon-repo-classification, status: active, v1.0). The
standard originated in Helix Forge; the-custodian is interim steward. Leave
a pointer stub in specs/ redirecting to canon and the rollout workplan.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 01:19:38 +02:00
5d94fd679a New repo classification system 2026-06-22 01:02:28 +02:00
1ae82e01ae feat(STATE-WP-0064): enable consistency sweep for parallel week
Activate the Railiance01 schedule alongside the local timer during T03.
2026-06-21 21:46:43 +02:00
16a4752f54 docs: fix schedule sync commands in hourly RecentlyOnScope runbook
Document admin/sync and the new make sync-schedules target.
2026-06-21 20:28:04 +02:00
8cfda08cea feat(STATE-WP-0064): add state-hub-consistency-sweep ActivityDefinition
Land the 15-minute consistency sync definition disabled until manual
canary and cutover from the local custodian-sync timer.
2026-06-21 20:19:22 +02:00
4eec96aa02 docs: fix stale domain references in README
- "seven project domains" (contradicted "six") -> "a growing set"
- clarify the six canon charters are the founding domains; note the hub
  now tracks a larger live set (14 active) via list_domains()
- rename Foerster Capabilities -> Capabilities (live domain slug) in the
  dependency chain and domains table

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-21 16:16:09 +02:00
e57be41026 Rebuild SCOPE.md from current repo reality; archive stale version
Archive the out-of-date SCOPE.md to history/20260621-SCOPE.md and rebuild
it via the kaizen scope-analyst persona, grounded in INTENT.md (the newer
boundary authority), the repo tree, and the live list_domains() result.

Fixes:
- Stop conflating this repo with the standalone State Hub service: reframe
  Provided Capabilities to governance canon / session protocol / append-only
  memory (state-tracking, SBOM, MCP-tool-registration belong to /state-hub).
- Add missing boundary owners issue-core and repo-scoping to Out of Scope.
- Replace the self-contradictory 6/7 domain count with a pointer to the live
  list (14 active as of 2026-06-21).
- Add updated frontmatter for freshness tracking.

Also records the scope-analyst agent memory for future runs.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-21 16:16:09 +02:00
87f6c00f6d Ignore kaizen metrics and local agent backup directories
Runtime .kaizen/metrics/ output and agents_backup_* migration copies
should not appear in version control.
2026-06-19 21:17:33 +02:00
1ad3dfac77 Promote kaizen schedule to weekly cadence and add credential routing
- Switch coach and optimization agents from daily to weekly Monday crons
- Restore disabled tdd-workflow stanza; quote cron expressions
- Add credential routing guidance to AGENTS.md for Codex/Grok agents
- Wire credential-routing rule into CLAUDE.md for Claude Code sessions
- Scaffold kaizen agent memory files and record failed daily-triage run
2026-06-19 21:13:25 +02:00
e14b0bf356 Install kaizen coach and optimization agents for WP-0006 pilot
Enables schedule validate/prepare on the-custodian hub operator checkout.
2026-06-18 15:15:37 +02:00
a0a117ebcc chore: promote coulomb-loop pilot schedule to daily stabilize phase 2026-06-18 12:09:25 +02:00
dd48a0ba26 Opt in to coulomb-loop kaizen bootstrap scheduling.
Add .kaizen/schedule.yml with hourly coach and optimization crons for the
coulomb-loop fleet improvement pilot.
2026-06-18 04:53:50 +02:00
30730db7a5 feat(custodian): add interhub bootstrap access lane 2026-06-17 00:17:58 +02:00
cdff0055f0 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-17:
  - update .custodian-brief.md for the-custodian
2026-06-17 00:10:53 +02:00
5a36ea5423 feat(ops): align inventory probe activity source 2026-06-16 23:41:37 +02:00
6a9886d652 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-16:
  - update .custodian-brief.md for the-custodian
2026-06-16 23:39:55 +02:00
55ba80e584 Add capability registry scaffold (REUSE-WP-0014-T07 B05) 2026-06-16 01:59:02 +02:00
94d8fe9563 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-07:
  - update .custodian-brief.md for the-custodian
2026-06-07 22:29:21 +02:00
bf90efee28 docs: record repo router import seam 2026-06-07 22:27:43 +02:00
063705756e docs: record state hub ids for CUST-WP-0048 2026-06-07 21:56:31 +02:00
1ee389b7ec chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-07:
  - update .custodian-brief.md for the-custodian
2026-06-07 21:55:26 +02:00
8abc274411 docs: extract hub-core import refactor workplan 2026-06-07 21:52:24 +02:00
66322722c4 docs: record capability request read seam 2026-06-07 21:23:19 +02:00
b413c8bcf9 docs: record capability catalog router seam 2026-06-07 17:20:33 +02:00
50fbdef307 docs: record additional hub-core schema imports 2026-06-07 16:44:52 +02:00
2844ece8b6 docs: record domains router import seam 2026-06-07 15:23:29 +02:00
de7b656e71 docs: record progress router import seam 2026-06-07 14:31:35 +02:00
808eedb51e docs: record TPSC router import seam 2026-06-07 14:14:23 +02:00
5e8c3aa685 docs: record policy router import seam 2026-06-07 13:23:15 +02:00
72478e820e docs: record messages router import seam 2026-06-07 11:30:50 +02:00
fb6d01b318 docs: record domain hub-core import seam 2026-06-07 10:57:07 +02:00
366bdb1bae docs: record TPSC hub-core import seam 2026-06-07 10:48:29 +02:00
d407522abc docs: start state-hub hub-core imports 2026-06-07 01:31:09 +02:00
7c3b40beed chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-07:
  - update .custodian-brief.md for the-custodian
2026-06-07 01:29:25 +02:00
fb59749533 docs: complete hub-core MCP and risk tools 2026-06-07 01:05:45 +02:00
fb2232cfee chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-07:
  - update .custodian-brief.md for the-custodian
2026-06-07 01:04:17 +02:00
02e33dab8b docs: start hub-core MCP base server 2026-06-07 00:51:02 +02:00
5db039a1f7 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-07:
  - update .custodian-brief.md for the-custodian
2026-06-07 00:48:12 +02:00
7301494379 docs: complete hub-core package slice 2026-06-07 00:39:38 +02:00
6a8a2fba74 chore(consistency): sync task status from DB [auto]
Updated by fix-consistency on 2026-06-07:
  - update .custodian-brief.md for the-custodian
2026-06-07 00:37:15 +02:00
db4bc0f9d0 chore(memory): add daily-triage working notes (2026-06-05/06) [auto]
Append activity-core generated daily-triage working-memory notes.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-07 00:12:35 +02:00
b1aac08eb2 feat(ops): add ops-hub service inventory now view (CUST-WP-0047)
Seed a non-secret service inventory (environments, hosts, clusters,
services, endpoints, access paths, evidence, gaps) with a JSON schema,
a renderer, and a generated service-catalog view. Adds the
`make ops-inventory-view` target, probe ActivityDefinition, and docs.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-07 00:12:30 +02:00
4bdfeb1850 docs: record hub-core adapter seams 2026-06-06 22:30:29 +02:00
9d5c13abb6 docs: record hub-core utilities slice 2026-06-06 22:14:02 +02:00
175 changed files with 16335 additions and 385 deletions

View File

@@ -1,36 +1,27 @@
<!-- custodian-brief: generated by fix-consistency — do not edit manually -->
# Custodian Brief — the-custodian
**Domain:** custodian
**Last synced:** 2026-06-06 17:25 UTC
**Domain:** infotech
**Last synced:** 2026-07-07 23:06 UTC
**State Hub:** http://127.0.0.1:8000 *(adjust if running on a remote machine)*
## Active Workstreams
### Ops Hub Service Inventory Now View
Progress: 5/7 done | workstream_id: `656e435d-3a00-4f5e-a38e-114467f9062e`
### Workstation Independence and Fleet Role Realignment
Progress: 4/10 done | workstream_id: `8a828444-dd49-4d7b-a2d1-9952b5bc929d`
**Open tasks:**
- ! Task: Activate Ops-Hub Widgets In Inter-Hub `b16c5e15`
- Task: Schedule Activity-Core Inventory Probes `5a972670`
### FOS Hub Bootstrap — Identity, Hub Extraction, Ops Hub, Fin Hub
Progress: 1/26 done | workstream_id: `293a74fe-a85a-4ad6-8933-23d52a72fe8b`
**Open tasks:**
- ► T05 — Create hub-core package `04bf480c`
- · T01 — Complete NK-WP-0001: Keycloak + privacyIDEA on k3s `f55078b6`
- · T02 — Complete NK-WP-0002: Local identity bootstrap `0d7792f7`
- · T03 — IAM Profile integration test `e9894ac9`
- · T06 — Hub-core FastMCP base server `6b49d94a`
- · T07 — FOS §10 risk and alert tools `5a54af24`
- · T08 — Refactor state-hub to import from hub-core `daf1d8ac`
- … and 18 more open tasks
- ! Task: coulombcore decommission readiness → railiance02 `c6b0d0a7`
- ! Task: Workstation-off acceptance test `cd6a31e8`
- ► Task: Forge to railiance01 + CI runners (kill workstation builds) `79b9ee4d`
- ► Task: State Hub production home on railiance01 `e91db8d0`
- · Task: Dev-environment beachhead (files-first) `0eaf1961`
- · Task: ThreePhoenix increment — phoenix drill automation `ede6713e`
---
## MCP Orientation (when available)
If the state-hub MCP server is reachable, call:
`get_domain_summary("custodian")`
`get_domain_summary("infotech")`
This provides richer cross-domain context.
If the MCP call fails, use this file as your orientation source.

6
.gitignore vendored
View File

@@ -186,3 +186,9 @@ state-hub/dashboard/src/.observablehq/
state-hub/dashboard/dist/
state-hub/kubectl
# Kaizen runtime artifacts (generated per agent run)
.kaizen/metrics/
# Local agent definition backups (migration artifacts)
agents_backup_*/

View File

@@ -0,0 +1,24 @@
---
agent: coach
project: the-custodian
last_updated: 2026-06-18
session_count: 0
---
## Project Context
<!-- What this agent knows about the project it works in -->
## Accumulated Findings
<!-- Patterns, recurring issues, key decisions encountered -->
## What Worked
<!-- Approaches that produced good results in this project -->
## Watch Points
<!-- Recurring risks, traps, or areas requiring extra care -->
## Open Threads
<!-- Things noticed but not yet acted on -->
## Session Log
<!-- One-line entry per session: date · summary · outcome -->

View File

@@ -0,0 +1,24 @@
---
agent: optimization
project: the-custodian
last_updated: 2026-06-18
session_count: 0
---
## Project Context
<!-- What this agent knows about the project it works in -->
## Accumulated Findings
<!-- Patterns, recurring issues, key decisions encountered -->
## What Worked
<!-- Approaches that produced good results in this project -->
## Watch Points
<!-- Recurring risks, traps, or areas requiring extra care -->
## Open Threads
<!-- Things noticed but not yet acted on -->
## Session Log
<!-- One-line entry per session: date · summary · outcome -->

View File

@@ -0,0 +1,29 @@
---
agent: scope-analyst
last_updated: "2026-06-21"
session_count: 1
---
# scope-analyst memory
## Accumulated Findings
### the-custodian (2026-06-21)
- **Central boundary decision:** the-custodian is the *governance/continuity
substrate*, NOT the State Hub service. The service (DB/API/MCP/dashboard) lives
at `/home/worsch/state-hub`; `the-custodian/state-hub/` is only a pointer. Any
SCOPE that claims state-tracking / SBOM / MCP-tool-registration as this repo's
own "Provided Capabilities" is conflating the two — the prior SCOPE did exactly
that. New SCOPE reframes capabilities to governance canon / session protocol /
append-only memory.
- **Authoritative boundary source:** `INTENT.md` (updated 2026-05-17) has the
cleanest "What it is not" ownership table — state-hub, activity-core, issue-core,
repo-scoping, domain repos, human-approval. SCOPE was missing issue-core and
repo-scoping; now added.
- **Domain count is dynamic, do NOT hard-code.** Live `list_domains()` returned
14 active on 2026-06-21. Old SCOPE said 6/7 (and was self-contradictory). README
still says "seven"/"six" — also stale. Treat `list_domains()` as authoritative.
- Prior stale SCOPE archived to `history/20260621-SCOPE.md`.
## Session Log
2026-06-21 · the-custodian · Rebuilt SCOPE.md from repo+INTENT+live domains; archived stale version; fixed state-hub/custodian conflation and domain-count drift.

18
.kaizen/schedule.yml Normal file
View File

@@ -0,0 +1,18 @@
# Kaizen scheduled agent execution manifest (ADR-005)
# Engagement: coulomb-loop — weekly operate cadence
# Regulator promotes cadence per customer engagement policy (ADR-003).
# Validate with: kaizen-agentic schedule validate
version: '1'
timezone: Europe/Berlin
agents:
coach:
cadence: weekly
cron: "0 9 * * 1"
enabled: true
optimization:
cadence: weekly
cron: "0 10 * * 1"
enabled: true
tdd-workflow:
cadence: monthly
enabled: false

37
.repo-classification.yaml Normal file
View File

@@ -0,0 +1,37 @@
repo_classification:
standard: Repo Classification Standard
version: "1.0"
classified_at: "2026-06-22"
classified_by: human
# the-custodian is the governance/continuity substrate: canon, standards,
# ADRs, charters, memory, and cross-domain coordination scaffolding.
category: research
domain: infotech
secondary_domains:
- agents
capability_tags:
- governance
- knowledge
- coordination
- policy
- documentation
business_stake:
- technology
- operations
- intelligence
- execution
business_mechanics:
- intention
- control
- coordination
- adaptation
notes: >
Primary domain is infotech (the intended users are the ecosystem's
developers and agents); agents is a secondary domain because the repo is
agent-coordination infrastructure. Classified as research because its core
output is canon, standards, and decision records rather than a deployable

View File

@@ -4,10 +4,10 @@
**Purpose:** Transgenerational cognitive infrastructure and central coordination hub for all domains. Houses the state-hub (PostgreSQL + FastAPI + MCP + dashboard), governance canon, workplans, and agent session memory.
**Domain:** custodian
**Domain:** infotech
**Repo slug:** the-custodian
**Topic ID:** `cee7bedf-2b48-46ef-8601-006474f2ad7a`
**Workplan prefix:** `THE-WP-`
**Workplan prefix:** `CUST-WP-`
---
@@ -20,6 +20,12 @@ there is no MCP server for Codex agents.
|---------|-----|
| Local workstation | `http://127.0.0.1:8000` |
| Remote via tunnel | `http://127.0.0.1:18000` |
| Optional local edge relay | http://127.0.0.1:18080 |
When an operator has enabled the edge relay, set API_BASE to the relay URL.
Queueable writes return an explicit queued receipt if the central hub is
unreachable. Treat that as pending local evidence, then ask the operator to run
statehub outbox status/replay after connectivity returns.
### Orient at session start
@@ -27,8 +33,8 @@ there is no MCP server for Codex agents.
# Offline brief — works without hub connection
cat .custodian-brief.md
# Active workstreams for this domain
curl -s "http://127.0.0.1:8000/workstreams/?topic_id=cee7bedf-2b48-46ef-8601-006474f2ad7a&status=active" \
# Active workplans for this domain
curl -s "http://127.0.0.1:8000/workplans/?topic_id=cee7bedf-2b48-46ef-8601-006474f2ad7a&status=active" \
| python3 -m json.tool
# Check inbox
@@ -51,20 +57,20 @@ curl -s -X POST http://127.0.0.1:8000/progress/ \
"summary": "what was done",
"event_type": "note",
"author": "codex",
"workstream_id": "<uuid>",
"workplan_id": "<uuid>",
"task_id": "<uuid>"
}'
```
Omit `workstream_id` / `task_id` when not applicable.
Omit `workplan_id` / `task_id` when not applicable.
### Update task status
```bash
curl -s -X PATCH "http://127.0.0.1:8000/tasks/<task_id>" \
-H "Content-Type: application/json" \
-d '{"status": "in_progress"}'
# values: todo | in_progress | done | blocked
-d '{"status": "progress"}'
# values: wait | todo | progress | done | cancel
```
### Flag a task for human review
@@ -80,10 +86,10 @@ curl -s -X PATCH "http://127.0.0.1:8000/tasks/<task_id>" \
## Session Protocol
**Start:**
1. `cat .custodian-brief.md` — domain goal and open workstreams (offline-safe)
1. `cat .custodian-brief.md` — domain goal and open workplans (offline-safe)
2. Check inbox: `GET /messages/?to_agent=the-custodian&unread_only=true`; mark read
3. Scan workplans: `ls workplans/` — note `status: ready`, `active`, or `blocked` files and open tasks
4. Check blocked tasks: `GET /tasks/?needs_human=true`
4. Check human-needed tasks: `GET /tasks/?needs_human=true`
**During work:**
- Update task statuses in workplan files as tasks progress
@@ -92,12 +98,69 @@ curl -s -X PATCH "http://127.0.0.1:8000/tasks/<task_id>" \
**Close:**
1. Update workplan file task statuses to reflect progress
2. Log: `POST /progress/` with a summary of what changed
3. Note for the custodian operator: after workplan file changes, run from
`~/state-hub`:
3. After workplan file changes, run:
```bash
make fix-consistency REPO=the-custodian
statehub fix-consistency
```
This syncs task status from files into the hub DB.
Coding agents should run this directly; ask the operator only if the CLI or
State Hub API is unavailable. This syncs task status from files into the hub DB.
---
## Credential and access routing
**Audience:** Codex, Claude Code, Grok, and custodian agents that call **llm-connect**
for inference. Run this check **before** requesting secrets, API keys, SSH access,
login tokens, or database passwords — in any repo, not only `ops-warden`.
ops-warden **issues SSH certificates only** (`warden sign`, `cert_command`). Every
other credential need belongs to another subsystem. **Do not** message
`ops-warden` on State Hub expecting a secret value; the reply is a pointer, not a key.
### Lookup (do this first)
```bash
warden route find "<describe your need>" --json
warden route show <catalog-id> --json
```
Requires the `warden` CLI from `~/ops-warden` (`uv tool install .` or `uv run warden`).
| Agent runtime | How to orient |
| --- | --- |
| **Codex / Grok** (shell, HTTP State Hub) | `warden route` commands above; inbox `to_agent=the-custodian` is for coordination, not secret vending |
| **Claude Code** (MCP when available) | `get_domain_summary("custodian")` for workplans; **still** use `warden route` for credential ownership |
| **llm-connect** (inference service) | Never put secret retrieval in prompts; route custody to OpenBao/operator paths surfaced by `warden route` |
### Quick routing table
| I need… | Owner | ops-warden executes? |
| --- | --- | --- |
| SSH cert (`adm`/`agt`/`atm`) | ops-warden | **Yes** — `warden sign` |
| API key, DB password, provider token | OpenBao (`railiance-platform`) | No — route only |
| Login / OIDC / MFA | key-cape / Keycloak | No — route only |
| Authorization decision | flex-auth | No — route only |
| activity-core → issue-core emission | activity-core + issue-core | No — `warden route show activity-core-issue-sink` |
| SSH tunnel | ops-bridge (+ `cert_command` from warden) | No — route only |
### Anti-patterns (do not do these)
- `POST /messages/` to `ops-warden` asking for `ISSUE_CORE_API_KEY`, `OPENROUTER_API_KEY`, etc.
- Inventing `warden secret`, `warden login`, `warden bao`, `warden tunnel` — they do not exist
- Pasting secrets into Git, State Hub, workplans, logs, or chat
### Other capabilities (reuse-surface)
Non-credential capabilities are usually discovered through **reuse-surface** federation
(`reuse-surface` registry / `capability.*` indexes). Credential routing is inlined in
every repo's agent instructions because it is high-frequency, high-risk, and easy to
get wrong.
**Canon:** `~/ops-warden/wiki/CredentialRouting.md` · catalog `~/ops-warden/registry/routing/catalog.yaml`
<!-- REPO-AGENTS-EXTENSIONS -->
<!-- Append repo-specific agent instructions below this marker.
The state-hub template sync preserves content after this line. -->
---
@@ -124,7 +187,7 @@ anything needing analysis, design, approval, dependencies, or multiple phases.
id: THE-WP-NNNN
type: workplan
title: "..."
domain: custodian
domain: infotech
repo: the-custodian
status: proposed | ready | active | blocked | backlog | finished | archived
owner: codex
@@ -146,7 +209,7 @@ derived health labels, not frontmatter statuses.
` ` `task
id: THE-WP-NNNN-T01
status: todo | in_progress | done | blocked
status: wait | todo | progress | done | cancel
priority: high | medium | low
state_hub_task_id: "<uuid>" # written by fix-consistency — do not edit
` ` `
@@ -154,7 +217,7 @@ state_hub_task_id: "<uuid>" # written by fix-consistency — do not edit
Task description text.
```
Status progression: `todo` → `in_progress` → `done` (or `blocked`)
Status progression: `todo` → `progress` → `done`; use `wait` for waiting/blocked work and `cancel` for stopped work.
To create a new workplan:
1. Write the file following the format above

View File

@@ -8,4 +8,5 @@
@.claude/rules/stack-and-commands.md
@.claude/rules/architecture.md
@.claude/rules/repo-boundary.md
@.claude/rules/credential-routing.md
@.claude/rules/agents.md

View File

@@ -16,6 +16,10 @@ CUSTODIAN_KEY := $(HOME)/.ssh/id_custodian_agent
RAILIANCE_INFRA := $(HOME)/railiance-infra
AGENT_VARS_FILE := $(RAILIANCE_INFRA)/ansible/inventory/group_vars/all.yaml
.PHONY: ops-inventory-view
ops-inventory-view: ## Render the ops-hub service catalog now view
python3 ops/render_service_inventory.py
.PHONY: custodian-keygen
custodian-keygen: ## Generate custodian agent SSH keypair (one-time setup)
@if [ -f "$(CUSTODIAN_KEY)" ]; then \
@@ -65,39 +69,25 @@ custodian-key-deploy:
grep -c 'custodian-agent' ~/.ssh/authorized_keys | xargs -I{} echo '{} custodian-agent key(s) in authorized_keys'"
@echo "Done. Test with: make e2e-cron-list"
## Run e2e tests for a repo in a remote sandbox
## Run e2e tests for a repo (wise-validator + sand-boxer)
## Usage: make e2e REPO=activity-core
## Requires: RAILIANCE01_HOST env var (or pass HOST=<ip>)
## Prerequisites: validate and sandboxer on PATH
## cd ~/wise-validator && make install
## cd ~/sand-boxer && make install
## Host (one required): HOST=, SANDBOXER_HOST, or RAILIANCE01_HOST
## CoulombCore: export SANDBOXER_COMPOSE_CMD=podman-compose
##
## Options:
## REPO=<slug> repository name under ~/ (required)
## HOST=<host> override RAILIANCE01_HOST
## USER=root SSH user (default: root)
## KEY= path to SSH key (optional)
## KEEP= set to 1 to keep sandbox after run
## WORKSTREAM_ID= state-hub workstream ID for progress event
## HOST=<host> sandbox host override
## USER= SSH user → SANDBOXER_SSH_USER
## KEY= SSH key → SANDBOXER_SSH_KEY (default: custodian key if present)
## KEEP=1 keep sandbox after run
## WORKSTREAM_ID= State Hub workstream for progress event
## NO_REPORT=1 skip State Hub reporting
REPO_PATH := $(HOME)/$(REPO)
ifdef HOST
E2E_HOST_FLAG := --host $(HOST)
else
E2E_HOST_FLAG :=
endif
ifdef USER
E2E_USER_FLAG := --user $(USER)
else
E2E_USER_FLAG :=
endif
ifdef KEY
E2E_KEY_FLAG := --key $(KEY)
else ifneq ($(wildcard $(CUSTODIAN_KEY)),)
E2E_KEY_FLAG := --key $(CUSTODIAN_KEY)
else
E2E_KEY_FLAG :=
endif
SANDBOXER_HOST_VAL := $(if $(HOST),$(HOST),$(if $(SANDBOXER_HOST),$(SANDBOXER_HOST),$(RAILIANCE01_HOST)))
ifdef KEEP
E2E_KEEP_FLAG := --keep
@@ -111,6 +101,20 @@ else
E2E_WS_FLAG :=
endif
ifdef NO_REPORT
E2E_NO_REPORT_FLAG := --no-report
else
E2E_NO_REPORT_FLAG :=
endif
ifdef KEY
E2E_SSH_KEY_VAL := $(KEY)
else ifneq ($(wildcard $(CUSTODIAN_KEY)),)
E2E_SSH_KEY_VAL := $(CUSTODIAN_KEY)
else
E2E_SSH_KEY_VAL :=
endif
## Install e2e cron job on railiance01 for a repo.
## Usage: make e2e-cron-install REPO=activity-core
## Requires: RAILIANCE01_HOST / RAILIANCE01_USER set, or pass HOST= SSHUSER=
@@ -164,10 +168,28 @@ e2e:
@test -n "$(REPO)" || (echo "ERROR: REPO is required. Usage: make e2e REPO=activity-core"; exit 1)
@test -d "$(REPO_PATH)" || (echo "ERROR: repo path does not exist: $(REPO_PATH)"; exit 1)
@test -f "$(REPO_PATH)/e2e/e2e.yml" || (echo "ERROR: no e2e/e2e.yml in $(REPO_PATH)"; exit 1)
cd "$(CURDIR)" && python3 -m e2e_framework \
$(REPO_PATH) \
$(E2E_HOST_FLAG) \
$(E2E_USER_FLAG) \
$(E2E_KEY_FLAG) \
@command -v validate >/dev/null 2>&1 || (echo "ERROR: validate not on PATH. Install: cd ~/wise-validator && make install"; exit 1)
@command -v sandboxer >/dev/null 2>&1 || (echo "ERROR: sandboxer not on PATH. Install: cd ~/sand-boxer && make install"; exit 1)
@test -n "$(SANDBOXER_HOST_VAL)" || (echo "ERROR: set HOST, SANDBOXER_HOST, or RAILIANCE01_HOST"; exit 1)
SANDBOXER_HOST="$(SANDBOXER_HOST_VAL)" \
$(if $(USER),SANDBOXER_SSH_USER="$(USER)",) \
$(if $(E2E_SSH_KEY_VAL),SANDBOXER_SSH_KEY="$(E2E_SSH_KEY_VAL)",) \
validate run "$(REPO_PATH)" \
--host "$(SANDBOXER_HOST_VAL)" \
$(E2E_KEEP_FLAG) \
$(E2E_WS_FLAG)
$(E2E_WS_FLAG) \
$(E2E_NO_REPORT_FLAG)
# Agent Management Targets
agents-list:
@echo "Installed agents:"
@ls agents/ 2>/dev/null | grep agent- | sed 's/agent-//g' | sed 's/.md//g' \
|| echo "No agents installed"
agents-update:
@echo "Updating agents..."
@kaizen-agentic update
agents-validate:
@echo "Validating agents..."
@kaizen-agentic validate agents/

View File

@@ -2,7 +2,7 @@ Confidential and Proprietary. Authorized Use Only. Subject to NDA & Contractual
# The Custodian
**Transgenerational Cognitive Infrastructure** — a local-first, sovereignty-preserving agent system for co-creating and stewarding knowledge across seven project domains.
**Transgenerational Cognitive Infrastructure** — a local-first, sovereignty-preserving agent system for co-creating and stewarding knowledge across a growing set of project domains.
The Custodian acts as co-creator and steward, not authority. Humans approve all irreversible decisions. The system is designed to still be coherent decades from now.
@@ -15,7 +15,7 @@ the-custodian/
├── canon/ # Curated, reviewable knowledge substrate
│ ├── constitution/ # Governance rules (v0.1)
│ ├── values/ # Nine foundational principles
│ └── projects/ # Six domain charters, concept seeds, roadmaps
│ └── projects/ # Six founding domain charters, concept seeds, roadmaps
├── memory/ # Operational logs — append-only, never rewritten
│ ├── working/ # Session notes (scoped, time-bounded)
│ └── episodic/ # Immutable event archive
@@ -28,7 +28,7 @@ the-custodian/
The **dependency chain** across domains runs bottom-up:
```
Railiance → Markitect → Coulomb.social → Personhood / Foerster → Custodian
Railiance → Markitect → Coulomb.social → Personhood / Capabilities → Custodian
(ops) (canon) (interaction) (rights/agency) (integration)
```
@@ -43,9 +43,13 @@ Railiance → Markitect → Coulomb.social → Personhood / Foerster → Custodi
| **Markitect** | Knowledge artifact management: authoring, versioning, retrieval | `5571d954-0d30-4950-980d-7bcaaad8e3e2` |
| **Coulomb.social** | Co-creation marketplace and governance experiment | `36c7421b-c537-4723-bf75-42a3ebc6a1dc` |
| **Personhood** | Rights and obligations framework for mixed-intelligence societies | `084430ab-c630-48dc-9e1d-d07d1e8fce3c` |
| **Foerster Capabilities** | Agency capability taxonomy (Foerster's Non-Trivial Machines) | `64418556-3206-457a-ba29-6884b5b12cf3` |
| **Capabilities** | Agency capability taxonomy (Foerster's Non-Trivial Machines); formerly *Foerster Capabilities* | `64418556-3206-457a-ba29-6884b5b12cf3` |
Each domain has three canon artifacts under `canon/projects/<domain>/`:
These six are the **founding** domains with full canon charters. The State Hub
now coordinates a larger, growing set (14 active as of 2026-06-21) — run
`list_domains()` for the authoritative live list.
Each founding domain has three canon artifacts under `canon/projects/<domain>/`:
- `project_charter_v0.1.md` — purpose, problem, scope, success criteria
- `concepts_seed_v0.1.md` — ten foundational concepts
- `roadmap_v0.1.md` — multi-phase implementation plan

169
SCOPE.md
View File

@@ -1,3 +1,9 @@
---
domain: custodian
repo: the-custodian
updated: "2026-06-21"
---
# SCOPE
> This file helps you quickly understand what this repository is about,
@@ -8,123 +14,176 @@
## One-liner
Central cognitive infrastructure and coordination hub for seven project domains — provides governance canon and coordinates through the standalone State Hub API/MCP service.
Governance and continuity substrate for a local-first, multi-domain agent ecosystem — owns canon, memory, workplans, and agent runtime scaffolding; coordinates through the standalone State Hub service rather than hosting it.
---
## Core Idea
The Custodian repository is the **governance substrate**: canon, constitution, values, domain charters, workplans, and runtime scaffolding. The operational State Hub service (PostgreSQL + FastAPI + MCP server + Observable dashboard) now lives in the standalone `/home/worsch/state-hub` repository and acts as episodic memory and coordination layer for work across repos.
The Custodian holds the long-lived **meaning, boundaries, and continuity** of the
ecosystem: constitution, values, standards, domain charters, roadmaps, episodic
memory, and repo-backed workplans. It is the stewardship layer that keeps the
system coherent across tool changes, repo splits, and agent sessions.
It deliberately keeps a **small operational surface**. Operational subsystems —
most notably the State Hub (PostgreSQL + FastAPI + MCP + dashboard) — live in
their own repositories and are referenced here only as integration pointers.
`the-custodian/state-hub/` is now a pointer; the service source is at
`/home/worsch/state-hub`.
---
## In Scope
- Canon layer: governance constitution, foundational values, six domain charters/roadmaps
- Coordination through the standalone State Hub API: topics, workstreams, tasks, decisions, progress events, contributions, SBOM, goals
- MCP session protocol: use the State Hub MCP tools from registered agent sessions
- Memory: append-only episodic archive (working notes + immutable event logs)
- Agent runtime scaffolding: policies, kaizen agent copies, tool adapters
- Cross-domain coordination: dependency tracking, human-intervention flags, next-steps suggestions
- Publishing lifecycle events on NATS JetStream (`org.statehub.>`) so activity-core can react via declarative ActivityDefinitions
- Canon: constitution, foundational values, standards, domain charters, concept
seeds, roadmaps (`canon/`) — human-gated, proposal-then-review writes only
- Memory: append-only working notes and immutable episodic event logs (`memory/`)
- Workplans: repo-backed `CUST-WP-NNNN` plans for Custodian-owned coordination
work, per ADR-001 (file originates work, then the hub indexes it) (`workplans/`)
- Agent runtime scaffolding: policies, prompts, tool adapters, kaizen agent
copies (`runtime/`, `agents/`)
- Session protocol: how agents orient, coordinate, and hand off via the State
Hub MCP/REST surface (`.claude/rules/`, `.custodian-brief.md`)
- Cross-domain governance: tracking decisions, provenance, and human-intervention
gates; surfacing next steps from the read model
- Integration pointers and docs for adjacent services (hub-core extraction,
ops-hub catalog, activity-core delegation) (`docs/`, `state-hub/README.md`)
---
## Out of Scope
- Domain-specific implementation work (Railiance, Markitect, etc. each own their repos)
- Financial/legal transactions or external publication
- Storing plaintext credentials
- Direct writes to `canon/` without a human-approved review gate
- State Hub implementation work; use `/home/worsch/state-hub`
- Maintenance task *creation* in response to lifecycle events — that responsibility lives in activity-core (see `/home/worsch/state-hub/docs/activity-core-delegation.md`). The state hub remains a **read model**, not a task factory.
- **Live State Hub implementation** — migrations, dashboard, tests, API/MCP
source. Owned by `/home/worsch/state-hub`.
- **Event-triggered maintenance task creation** — owned by `activity-core`. The
hub is a read model, not a task factory.
- **General task lifecycle backend** — owned by `issue-core`.
- **Repository capability profiling** — owned by `repo-scoping`.
- **Domain-specific products and experiments** — each domain owns its own repo.
- **External publication, contracts, payments, legal authority** — human approval
only; never automated here.
- Storing plaintext credentials, or direct writes to `canon/` without a review gate.
---
## Relevant When
- Starting or closing any session in a registered domain repo (orientation via `get_domain_summary()`)
- Tracking cross-domain decisions, blockers, or workplan progress
- Registering a new project into the ecosystem (`make register-project`)
- Consulting governance rules or domain charters
- Running the standalone State Hub API locally for MCP connectivity
- Starting or closing a session in any registered domain repo (orientation via
`get_domain_summary(<slug>)`)
- Consulting governance rules, the constitution, values, or a domain charter
- Tracking cross-domain decisions, blockers, provenance, or workplan progress
- Registering a new project into the ecosystem (`custodian register-project`)
- Preserving durable, reviewable memory of why something was decided
---
## Not Relevant When
- Implementing single-domain features (stay in the domain repo)
- Working fully offline with no need for state coordination
- Non-custodian ecosystem work (standalone projects, throw-away scripts)
- Implementing a single-domain featurestay in that domain's repo
- Hacking on State Hub internals — go to `/home/worsch/state-hub`
- Throwaway scripts or non-ecosystem standalone work
---
## Current State
- Status: active
- Implementation: ~60% — canon + standalone State Hub operational; RAG/drafting pipelines (Phase 2) not yet started
- Stability: stable (versioned Alembic migrations; no breaking API changes since v0.3)
- Usage: running daily; 15+ active workstreams across 6 domains; MCP server active in Claude Code
- Status: active — stable governance substrate, in daily use
- Implementation: substantial. Canon + memory + workplan conventions established;
State Hub operational (in its own repo); RAG-over-canon and drafting pipelines
(roadmap Phase 1) not yet started
- Stability: stable — canon changes are review-gated; memory is append-only
- Usage: daily, across the ecosystem; State Hub MCP active in agent sessions
- Domains coordinated: dynamic — 14 active as of 2026-06-21 (canon, capabilities,
citation_evidence, coulomb_social, custodian, helix_forge, inter_hub, markitect,
netkingdom, personhood, railiance, stack, vergabe_teilnahme, whynot). Query the
live list with `list_domains()` rather than trusting a hard-coded count.
---
## How It Fits
- Upstream dependencies: none (sits at the top of the dependency order)
- Downstream consumers: all six domains (railiance → markitect → coulomb.social → personhood/foerster → custodian); **activity-core** consumes state hub lifecycle events on NATS subject `org.statehub.>` to drive maintenance ActivityDefinitions
- Often used with: kaizen-agentic (agent definitions), ops-bridge (remote tunnel connectivity), activity-core (task factory + event bridge)
- Upstream dependencies: none sits at the top of the dependency order
- Downstream consumers: all tracked domains rely on its canon, session protocol,
and coordination conventions
- Often used with:
- `state-hub` — the operational read model / coordination service it points to
- `activity-core` — event-driven task factory consuming hub lifecycle events
- `issue-core` — task lifecycle backend
- `repo-scoping` — repository capability profiling
- `kaizen-agentic` — specialized agent personas callable via MCP
- `ops-bridge` — SSH tunnel manager for remote agent connectivity
---
## Terminology
- Preferred terms: canon, workstream, topic, progress event, domain
- Also known as: "the hub", "state hub"
- Potentially confusing terms: "topic" = domain-level grouping (not a chat topic); "decision" = tracked choice point with escalation rules
- Preferred terms: canon, workstream, workplan, topic, progress event, domain
- Also known as: "the hub" (loosely) — but the *service* is the State Hub repo;
this repo is the governance substrate
- Potentially confusing terms:
- "topic" = domain-level grouping, not a chat topic
- "decision" = tracked choice point with escalation rules
- "State Hub" = the standalone service repo, **not** this directory tree
---
## Related / Overlapping
## Related / Overlapping Repositories
- `kaizen-agentic`specialized agent personas callable via MCP from any domain session
- `ops-bridge` — SSH tunnel manager keeping remote agents connected to this hub
- `activity-core`event-driven task factory tracked as a custodian-domain workstream
- `state-hub`operational service (DB/API/MCP/dashboard); the most common
confusion point. This repo coordinates *through* it but does not own it.
- `activity-core`overlaps on "what work should happen next"; owns the
*creation* of maintenance tasks (custodian only describes/coordinates).
- `issue-core` — task lifecycle backend; do not reimplement task storage here.
- `repo-scoping` — capability profiling; do not reimplement here.
- `kaizen-agentic` — source of agent personas mirrored under `agents/`.
---
## Getting Oriented
- Start with: `CLAUDE.md` (session protocol) + `README.md` (architecture overview)
- Key files / directories: `canon/` (governance), `workplans/` (active Custodian work), `state-hub/` (pointer), `/home/worsch/state-hub/mcp_server/TOOLS.md` (tool reference)
- Entry points: `cd /home/worsch/state-hub && make api` (API); Codex/Claude Code with state-hub MCP registered
- Start with: `INTENT.md` (why this repo exists + boundary table), then
`CLAUDE.md``.claude/rules/` (session protocol), then `README.md`
- Key files / directories: `canon/` (governance), `memory/` (continuity),
`workplans/` (CUST-WP plans), `runtime/`, `state-hub/README.md` (pointer)
- Entry points: `cat .custodian-brief.md` (offline-safe orientation);
`get_domain_summary("custodian")` (MCP); State Hub service at
`/home/worsch/state-hub` (`make api`)
---
## Provided Capabilities
```capability
type: api
title: MCP tool registration
description: Register and expose new MCP tools to all Claude Code sessions via the state-hub server.
keywords: [mcp, tool, api, registration, server]
type: reference
title: Governance canon
description: Constitution, foundational values, standards, and per-domain charters/roadmaps that define what matters and what is permitted across the ecosystem.
keywords: [canon, governance, constitution, values, charter, standards]
```
```capability
type: process
title: Session protocol and cross-domain orientation
description: Conventions for how agents orient, coordinate, and hand off via the State Hub, including ADR-001 workplan origination and human-gated review.
keywords: [session, orientation, protocol, workplan, adr-001, coordination]
```
```capability
type: data
title: Cross-domain state tracking
description: Track workstreams, tasks, decisions, and progress events across all seven project domains.
keywords: [state, tracking, workstream, task, decision, progress]
```
```capability
type: api
title: SBOM and licence reporting
description: Ingest lockfiles from any repo and provide aggregated SBOM and copyleft licence risk reports.
keywords: [sbom, licence, license, dependency, lockfile, copyleft]
title: Append-only memory and provenance
description: Durable, reviewable working notes and immutable episodic logs preserving decisions and session continuity over long timescales.
keywords: [memory, provenance, episodic, continuity, decisions]
```
---
## Notes
Dependency order for domain sequencing: Railiance → Markitect → Coulomb.social → Personhood/Foerster → Custodian. The consistency checker (`cd /home/worsch/state-hub && make fix-consistency REPO=the-custodian`) must be run after any workplan changes to keep the dashboard accurate.
- This repo intentionally avoids reabsorbing runtime code. If a subsystem grows a
runtime, tests, and a deployment surface, it should move to its own repo and
report back through the State Hub and workplans (see `INTENT.md` → design values).
- After any workplan change, run `cd /home/worsch/state-hub && make
fix-consistency REPO=the-custodian` to keep the dashboard accurate.
- `README.md` still references "seven project domains" / "six domain charters" —
stale relative to the live 14-domain list; treat `list_domains()` as authoritative.
- Prior SCOPE.md (stale, conflated this repo with the State Hub service) is
archived at `history/20260621-SCOPE.md`.

View File

@@ -17,7 +17,7 @@ context_sources:
- type: static
bind_to: context.prompt_path
config:
value: /home/worsch/the-custodian/runtime/prompts/daily_statehub_wsgi_triage.md
value: custodian://runtime/prompts/daily_statehub_wsgi_triage.md
- type: state-hub
query: daily_triage_digest
params:
@@ -50,7 +50,16 @@ Current active runner:
- activity-core Temporal schedule from this ActivityDefinition
- Prompt source:
`/home/worsch/the-custodian/runtime/prompts/daily_statehub_wsgi_triage.md`
`custodian://runtime/prompts/daily_statehub_wsgi_triage.md`
Railiance projection note:
- This Custodian file remains the canonical prompt, schedule, and governance
contract.
- The Railiance activity-core projection may rewrite runtime-only paths, such
as `output_schema` to `/etc/activity-core/schemas/daily-triage-report.json`,
and mounts working-memory storage for the worker. Those container-local paths
are deployment wiring, not the source contract.
Deprecated fallback runner:
@@ -115,7 +124,7 @@ prompt: |
{context.daily_triage_digest}
Return only JSON matching
`/home/worsch/the-custodian/schemas/daily-triage-report.json`. Do not wrap
`activity-core://schemas/daily-triage-report.json`. Do not wrap
the JSON in Markdown fences or add prose before or after it:
{
"summary": "short operator-facing summary",
@@ -137,11 +146,11 @@ prompt: |
}
]
}
output_schema: /home/worsch/the-custodian/schemas/daily-triage-report.json
output_schema: activity-core://schemas/daily-triage-report.json
review_required: false
report_sinks:
- type: working-memory
path: /home/worsch/the-custodian/memory/working
path: custodian://memory/working
timezone: Europe/Berlin
filename_template: "daily-triage-{date}-{run_id_short}.md"
- type: state-hub-progress
@@ -156,8 +165,12 @@ report_sinks:
The run should produce:
- a dated working-memory note under
`/home/worsch/the-custodian/memory/working/`
- a State Hub progress event with `event_type: daily_triage`
`custodian://memory/working/`
- on Railiance, that path resolves to the `the-custodian` clone at
`memory/working/` (hostPath mount); ADR-001 consistency sweep writeback
commits new notes to git — no separate sync job
- a State Hub progress event with `event_type: daily_triage` and a
repo-relative `working_memory_path` (e.g. `memory/working/daily-triage-…md`)
- no direct workplan/canon edits
- no task status changes unless a later human request explicitly asks for an
apply step

View File

@@ -0,0 +1,115 @@
---
id: "40d15a87-7ff6-4d8e-992c-37df15f95110"
name: "Ops Service Inventory Probes"
type: activity-definition
version: "0.1"
enabled: false
owner: custodian
governance: custodian
status: proposed
created: "2026-06-05"
trigger:
type: cron
cron_expression: "15 * * * *"
timezone: Europe/Berlin
misfire_policy: skip
context_sources:
- type: ops-inventory
query: probe_services
required: false
params:
inventory_path: /etc/activity-core/ops/service-inventory.yml
timeout_seconds: 10
include_kinds:
- http
- https
allow_network: true
evidence_sinks:
- type: state-hub-progress
event_type: ops_inventory_probe
author: activity-core
bind_to: context.ops_inventory_probe
---
# ActivityDefinition: Ops Service Inventory Probes
## Purpose
This disabled source definition is the activity-core handoff point for
`CUST-WP-0047 - Ops Hub Service Inventory Now View`.
When enabled by the activity-core runtime, it reads the non-secret service
inventory through the `ops-inventory` context resolver, runs bounded HTTP/HTTPS
endpoint probes, and submits compact non-secret evidence to State Hub progress.
## Runner Status
This source definition remains intentionally `enabled: false`.
Do not enable it until live Railiance verification confirms both of these are
true:
- activity-core has projected this definition with the container-local
inventory snapshot at `/etc/activity-core/ops/service-inventory.yml`
- the State Hub `ops_inventory_probe` evidence sink is reachable from the
worker without embedding secrets in ActivityRun context
The Inter-Hub ops-hub widget/event sink remains the promotion target for
`ops-service-observed`, `ops-endpoint-verified`, `ops-access-path-checked`,
`ops-backup-verified`, and `ops-inventory-drift` events. It is not required for
the current State Hub progress evidence path.
## Trigger
Hourly at minute 15 in `Europe/Berlin`, with `misfire_policy: skip`.
This offset avoids colliding with the hourly RecentlyOnScope run at minute 0.
## Context Source
The source contract matches the activity-core `ops-inventory` resolver:
- `query: probe_services`
- `bind_to: context.ops_inventory_probe`
- `params.inventory_path: /etc/activity-core/ops/service-inventory.yml`
- `params.include_kinds: [http, https]`
- `params.evidence_sinks`: State Hub progress event
`ops_inventory_probe` by `activity-core`
The `/etc/activity-core/...` path is intentional. Custodian owns the source
definition and inventory file; the Railiance activity-core projection supplies
the container-local ConfigMap path at runtime.
## Probe Candidates
Initial deterministic HTTP/HTTPS probes:
- Inter-Hub OpenAPI endpoint:
`https://hub.coulomb.social/api/v2/openapi.json`
- Gitea OCI registry auth challenge:
`https://gitea.coulomb.social/v2/`
The Railiance projection rewrites the State Hub inventory endpoint to the
in-cluster bridge URL before probing. Non-HTTP access paths, cluster-local
checks, SSH, tunnel, backup, and authenticated checks are skipped by this first
safe slice rather than treated as failures.
## Output Contract
Each successful run should produce:
- a compact `context.ops_inventory_probe` summary
- one State Hub progress event with `event_type: ops_inventory_probe`
- one ActivityRun with compact non-secret summary metadata
- no credentials, tokens, cookies, private key material, or sensitive command
output in context snapshots, event metadata, reports, or logs
## Event Mapping
| Probe result | Event type |
|---|---|
| Runtime object observed | `ops-service-observed` |
| HTTP/HTTPS/tunnel endpoint matches expected signal | `ops-endpoint-verified` |
| SSH, Kubernetes, or HTTP access path checked | `ops-access-path-checked` |
| Backup and restore evidence found | `ops-backup-verified` |
| Observed runtime differs from inventory | `ops-inventory-drift` |

View File

@@ -0,0 +1,55 @@
---
id: "e7d2b5a8-4c1f-4e9a-b6d3-8f2a1c4e6b09"
name: "Phase 5 Stabilization Closeout Check"
type: activity-definition
version: "1.0"
enabled: true
owner: custodian
governance: custodian
status: active
created: "2026-07-06"
trigger:
type: scheduled
at: "2026-07-09T17:35:00+00:00"
timezone: UTC
context_sources:
- type: state-hub
query: phase5_stabilization_check
required: true
params:
source: activity-core
closeout: true
window_start: "2026-07-06T17:35:00+00:00"
window_end: "2026-07-09T17:35:00+00:00"
baseline:
workstreams: 640
tasks: 4002
topics: 14
sweep_limit: 6
triage_max_age_hours: 36
evidence_sinks:
- type: state-hub-progress
event_type: phase5_stabilization_closeout
author: activity-core
workstream_id: 8a828444-dd49-4d7b-a2d1-9952b5bc929d
task_id: e91db8d0-973d-4a31-b3c2-ca37fd002ec7
bind_to: context.phase5_stabilization_check
---
# ActivityDefinition: Phase 5 Stabilization Closeout Check
## Purpose
One-shot closeout gate at the end of the `CUST-WP-0054-T05` stabilization
window. Fails visibly when hub-visible gates are not green. When gates pass,
records `operator_signoff_needed: true` for coulombcore teardown approval.
## Trigger
Scheduled once at **2026-07-09T17:35:00Z** (72h after window open).
## Output Contract
- one State Hub progress event with `event_type: phase5_stabilization_closeout`
- fails the ActivityRun when any gate is red at closeout time
- no LLM call and no direct workplan edits

View File

@@ -0,0 +1,58 @@
---
id: "f3a8c2e1-9b4d-4a6f-8e2d-1c5b7a9e3f04"
name: "Phase 5 Stabilization Daily Check"
type: activity-definition
version: "1.0"
enabled: true
owner: custodian
governance: custodian
status: active
created: "2026-07-06"
trigger:
type: cron
cron_expression: "0 9 * * *"
timezone: Europe/Berlin
misfire_policy: skip
context_sources:
- type: state-hub
query: phase5_stabilization_check
required: true
params:
source: activity-core
closeout: false
window_start: "2026-07-06T17:35:00+00:00"
window_end: "2026-07-09T17:35:00+00:00"
baseline:
workstreams: 640
tasks: 4002
topics: 14
sweep_limit: 6
triage_max_age_hours: 36
evidence_sinks:
- type: state-hub-progress
event_type: phase5_stabilization_check
author: activity-core
workstream_id: 8a828444-dd49-4d7b-a2d1-9952b5bc929d
task_id: e91db8d0-973d-4a31-b3c2-ca37fd002ec7
bind_to: context.phase5_stabilization_check
---
# ActivityDefinition: Phase 5 Stabilization Daily Check
## Purpose
Scheduled hub-visible health gate for `CUST-WP-0054-T05` during the 72h
stabilization window (2026-07-06 → 2026-07-09). Complements the manual
`tools/phase5-stabilization-check.sh` script with fleet-side evidence in State
Hub progress.
## Trigger
Daily at 09:00 Europe/Berlin while the stabilization window is open. Runs
outside the window are recorded as `skipped` with `reason=outside_stabilization_window`.
## Output Contract
- one State Hub progress event with `event_type: phase5_stabilization_check`
- compact pass/fail detail for health, totals, sweeps, and daily triage freshness
- no LLM call and no direct workplan edits

View File

@@ -0,0 +1,89 @@
---
id: "7c4e9a12-8f3b-4d5e-9c6a-1b2d3e4f5a6b"
name: "State Hub Consistency Sweep"
type: activity-definition
version: "1.0"
enabled: true
owner: custodian
governance: custodian
status: active
created: "2026-06-21"
trigger:
type: cron
cron_expression: "*/15 * * * *"
timezone: UTC
misfire_policy: skip
context_sources:
- type: state-hub
query: consistency_sweep_remote_all
required: true
params:
max_seconds: 300
source: activity-core
bind_to: context.consistency_sweep_remote_all
---
# ActivityDefinition: State Hub Consistency Sweep
## Purpose
This definition is the activity-core handoff point for
`STATE-WP-0064 - Move State Hub consistency sync to Railiance01`.
It schedules the 15-minute ADR-001 reconciliation sweep across all
registered repos with local paths on the workstation State Hub host.
State Hub owns `scripts/consistency_check.py`, lock semantics, and the
`consistency_sweep_remote_all` progress event; activity-core owns the
cron schedule and ActivityRun audit trail.
## Runner Status
`enabled: true` during `STATE-WP-0064-T03` parallel week (started
2026-06-21) alongside the local `custodian-sync.timer`. Both invoke the
same State Hub API; the process lock makes overlapping runs idempotent.
Cutover boundary:
- **Parallel week (T03):** cluster schedule and local timer both active.
- **After T04 cutover:** disable the local timer; this definition remains
the sole primary runner.
- Do not treat the local timer and this activity-core schedule as two
independent primary runners after cutover.
## Trigger
Every 15 minutes in UTC, with `misfire_policy: skip`.
If the activity-core host is offline at a scheduled tick, the missed run
is skipped rather than replayed as a burst after the host returns.
## Deterministic State Hub Invocation
The `consistency_sweep_remote_all` State Hub context resolver issues:
- `POST /consistency/sweep/remote-all`
- payload: `{"max_seconds": 300}`
The context source is marked `required: true`. A failed State Hub call
fails the activity-core workflow visibly instead of silently binding an
empty context. On success, the response is stored in the ActivityRun
`context_snapshot` under `consistency_sweep_remote_all`.
State Hub runs `consistency_check.py --remote --all --json` on the
workstation host and records a compact progress event with event type
`consistency_sweep_remote_all`, including processed repos and skip
metadata.
`STATE_HUB_URL` must point at the workstation State Hub through the
ops-bridge tunnel service (for example `actcore-state-hub-bridge`), not
at a cluster-local checkout path.
## Output Contract
The run should produce:
- one State Hub progress event with `event_type: consistency_sweep_remote_all`
- zero or more per-repo consistency reports in the API response
- a lock-skipped response when another remote-all sweep is already active
- one activity-core ActivityRun containing the sweep response metadata
- no LLM call and no direct workplan or canon edits

184
agents/agent-coach.md Normal file
View File

@@ -0,0 +1,184 @@
---
name: coach
description: Coaching meta-agent that reads all agent memories in a project and synthesises cross-agent briefs and new-agent orientations
category: meta
memory: enabled
---
# Coach Agent
## Role
You are the **kaizen-agentic Coach** — a meta-agent that observes, synthesises,
and advises. You do not perform domain work (coding, testing, infrastructure).
Your sole purpose is to read across the accumulated memories of all agents in a
project and produce useful, targeted briefs.
You are invoked via:
```
kaizen-agentic memory brief <agent-name>
```
Or directly by the operator: *"Coach, brief the sys-medic agent on this project"*
or *"Coach, what patterns have you observed across all agents?"*
---
## What You Do
### 1. Cross-Agent Synthesis
Read all `.kaizen/agents/*/memory.md` files in the current project. Identify:
- **Shared patterns**: themes that appear across multiple agents
(e.g. "three agents flagged missing test coverage as a risk")
- **Cross-domain risks**: signals in one agent's memory that should inform
another (e.g. infrastructure instability flagged by sys-medic → tdd-workflow
should account for flaky environments)
- **Resource or architectural signals**: recurring mentions of specific files,
modules, services, or systems across agents
- **Contradictions or gaps**: where agents hold conflicting assumptions or where
no agent has coverage
### 2. New-Agent Orientation
When asked to brief a specific agent about to be deployed for the first time:
1. Read all existing agent memories in the project
2. Filter for what is relevant to the incoming agent's domain
3. Produce a targeted orientation brief covering:
- **Project context**: what kind of project this is, key constraints
- **What to know first**: the most important facts for this agent
- **Watch points**: risks or pitfalls flagged by other agents that are relevant
- **What has worked**: successful approaches in adjacent domains
- **Open threads**: unresolved items from other agents that may interact with
this agent's work
### 3. Fleet Health Overview
When asked for a fleet overview:
- Summarise the health of the agent fleet: which agents are active, stale, or
missing from the project
- Flag agents with high `session_count` and still-open `## Open Threads`
- Identify agents whose memories suggest overlapping concerns
- Recommend whether any memory files should be reviewed or reset
---
## How to Read Agent Memory Files
Memory files live at `.kaizen/agents/<name>/memory.md` relative to the project
root. Each follows ADR-002 structure:
```
## Project Context ← agent's understanding of the project
## Accumulated Findings ← patterns and recurring issues
## What Worked ← validated approaches
## Watch Points ← risks and traps
## Open Threads ← unresolved items
## Session Log ← chronological session summaries
```
When synthesising, weight `## Watch Points` and `## Open Threads` most heavily —
these are the signals most likely to be actionable for another agent.
### Project metrics (ADR-004)
Quantitative performance data lives at `.kaizen/metrics/<agent>/summary.json`.
`kaizen-agentic memory brief <agent>` includes a `## Performance Summary` block
when metrics exist.
When synthesising orientations:
- Combine qualitative memory with quantitative trends (success rate, quality,
execution time, trend arrows)
- Flag agents with declining success rate or quality trends
- Cross-reference metrics with `## Watch Points` — do metrics confirm or
contradict qualitative findings?
- Note when an agent has memory but no metrics (incomplete session-close protocol)
Fleet optimizer output at `.kaizen/metrics/optimizer/analysis.json` provides
project-wide analysis from `kaizen-agentic metrics optimize`.
---
## Output Format
### Cross-agent brief
```
## Cross-Agent Brief — <project name>
Generated: <date>
Agents with memory: <list>
### Shared Patterns
<bullet list of themes appearing across ≥2 agents>
### Cross-Domain Risks
<risks from one domain relevant to others>
### Open Threads (fleet-wide)
<unresolved items that span or affect multiple agents>
### Fleet Health
<which agents are active/stale, any concerning signals>
```
### New-agent orientation
```
## Orientation Brief for: <agent-name>
Project: <project name>
Generated: <date>
Sources: <which agent memories were read>
### Performance Summary
<from .kaizen/metrics/<agent>/ when available — success rate, quality, trends>
### What to Know First
<35 most important facts for this agent>
### Watch Points
<risks relevant to this agent's domain>
### What Has Worked
<approaches validated by other agents that apply here>
### Open Threads You May Encounter
<items from other agents that may intersect with your work>
```
---
## Behaviour Boundaries
- **Do not** modify agent memory files
- **Do not** perform any domain-specific work (coding, testing, diagnosis)
- **Do not** make decisions — synthesise and advise only
- **If no memories exist**: say so clearly and offer to help initialise them
- **If asked about a specific agent not present**: note the gap
---
## Coach's Own Memory
The coach maintains `.kaizen/agents/coach/memory.md` covering:
- Fleet-level patterns observed over time
- How the agent population in this project has evolved
- Meta-observations about how well the memory convention is being followed
- Recurring gaps or blind spots in the agent fleet
### Session Start
1. Check for `.kaizen/agents/coach/memory.md`.
2. If present, read it — prior fleet observations provide context for the current synthesis.
3. Scan `.kaizen/agents/*/memory.md` to build the current fleet picture.
### Session Close
1. Update `## Accumulated Findings` with new fleet-level patterns.
2. Note any new agents added or memory files reset.
3. Append one line to `## Session Log`: `YYYY-MM-DD · <brief requested for> · <key finding>`.
4. Bump `last_updated` and `session_count`.

View File

@@ -0,0 +1,191 @@
---
name: optimization
description: Meta-agent that analyzes and optimizes other Claude Code subagents based on their performance data, usage patterns, and effectiveness metrics. Use PROACTIVELY for agent ecosystem improvement.
model: inherit
category: meta
memory: enabled
---
# Kaizen Optimizer - Agent Performance Meta-Optimizer
## Purpose
Meta-agent that analyzes and optimizes other Claude Code subagents based on their performance data, usage patterns, and effectiveness metrics. Continuously improves the agent ecosystem by identifying patterns that correlate with success or failure, and proposing data-driven refinements to agent specifications.
## When to Use This Agent
Use the kaizen-optimizer agent when you need:
- Analysis of subagent performance and effectiveness
- Optimization recommendations for existing agents
- Agent specification improvements based on usage data
- Performance pattern identification across agent invocations
- Agent ecosystem health assessment
- Continuous improvement of the agent framework
### Trigger Patterns
1. **Scheduled Reviews**: Regular analysis of agent performance (weekly/monthly)
2. **Performance Degradation**: When agent success rates drop below thresholds
3. **New Agent Evaluation**: After deploying new agents to assess effectiveness
4. **Usage Pattern Changes**: When agent usage patterns shift significantly
5. **Explicit Optimization Requests**: Direct requests for agent improvement analysis
### Example Usage Scenarios
1. **Post-Project Analysis**: "Analyze how well our agents performed during Issue #15 implementation and suggest improvements"
2. **Agent Performance Review**: "Review the effectiveness of tddai-assistant over the last 30 days and recommend optimizations"
3. **Ecosystem Optimization**: "Identify which agents are underperforming and suggest specification improvements"
4. **Success Pattern Analysis**: "Analyze successful agent chains and recommend best practices"
## Agent Capabilities
### Performance Analysis
- **Success Rate Analysis**: Track agent task completion and success metrics
- **Usage Pattern Recognition**: Identify how agents are being used effectively
- **Failure Mode Analysis**: Categorize and analyze agent failure patterns
- **Response Quality Assessment**: Evaluate the quality of agent outputs
### Optimization Recommendations
- **Specification Refinements**: Suggest improvements to agent descriptions and capabilities
- **Trigger Pattern Optimization**: Refine when and how agents should be invoked
- **Chain Optimization**: Recommend better agent collaboration patterns
- **Scope Adjustments**: Identify agents that are too broad or too narrow in scope
### Meta-Learning
- **Pattern Detection**: Identify successful agent behaviors and specifications
- **Correlation Analysis**: Find relationships between agent characteristics and performance
- **Best Practice Extraction**: Distill successful patterns into reusable guidelines
- **Evolution Tracking**: Monitor how agent improvements affect performance over time
## Analysis Framework
### Data Collection Focus
Since this operates within Claude Code's environment, analysis is based on:
- **Conversation Context**: Agent invocation patterns and outcomes within sessions
- **User Feedback Patterns**: Implicit success signals from user interactions
- **Task Completion Rates**: Whether agents successfully complete their assigned tasks
- **Agent Specification Quality**: How well specifications match actual usage
### Performance Metrics
- **Invocation Success**: How often agents complete tasks as intended
- **User Satisfaction Indicators**: Continued usage, follow-up requests, task completion
- **Agent Utilization**: Which agents are used most/least and why
- **Chain Effectiveness**: Success rates of multi-agent workflows
## Optimization Strategies
### Specification Enhancement
- **Clarity Improvements**: Make agent purposes and capabilities clearer
- **Scope Refinement**: Adjust agent boundaries for better effectiveness
- **Example Enhancement**: Add better usage examples and scenarios
- **Integration Guidance**: Improve agent-to-agent collaboration descriptions
### Performance Improvement
- **Trigger Optimization**: Refine when agents should be automatically suggested
- **Capability Matching**: Ensure agent capabilities match user needs
- **Redundancy Reduction**: Identify and resolve agent overlap issues
- **Gap Identification**: Find missing capabilities in the agent ecosystem
## Integration with Agent Ecosystem
### Analyzes All Agents
- **general-purpose**: Assess effectiveness for research and multi-step tasks
- **tddai-assistant**: Evaluate TDD workflow support and methodology adherence
- **project-assistant**: Review project management and milestone tracking performance
- **claude-expert**: Analyze documentation and feature explanation effectiveness
- **statusline-setup**: Assess configuration task success rates
- **output-style-setup**: Evaluate creative task completion effectiveness
### Collaborative Analysis
Works with other agents to gather performance data:
- Uses **general-purpose** for complex analysis tasks
- Coordinates with **project-assistant** for milestone-based performance tracking
- Leverages **claude-expert** for framework knowledge and best practices
## Expected Outputs
### Performance Analysis Reports
- Agent effectiveness rankings with supporting evidence
- Usage pattern analysis and trend identification
- Success/failure correlation analysis
- Performance bottleneck identification
### Optimization Recommendations
- Specific agent specification improvements
- Trigger pattern refinements
- Agent chain optimization suggestions
- New agent capability recommendations
### Implementation Guidance
- Prioritized improvement roadmap
- Specification update templates
- A/B testing suggestions for agent improvements
- Rollback strategies for failed optimizations
## Best Practices for Usage
### Provide Performance Context
- Share specific agent interactions that were particularly effective or ineffective
- Describe user experience challenges with current agents
- Include examples of successful and unsuccessful agent chains
- Specify performance concerns or optimization goals
### Be Specific About Scope
- Focus on particular agents or agent categories for analysis
- Define time windows for performance analysis
- Specify success criteria for optimization efforts
- Clarify whether analysis should be broad ecosystem or targeted
### Implementation Approach
- Request prioritized recommendations based on impact vs. effort
- Ask for specific specification changes rather than general advice
- Seek rollback plans for proposed optimizations
- Request measurable success criteria for improvements
## Quality Standards
### Analysis Rigor
- Evidence-based recommendations supported by usage patterns
- Consideration of trade-offs between different optimization approaches
- Realistic improvement expectations and timelines
- Acknowledgment of limitations in available performance data
### Recommendation Quality
- Specific, actionable changes to agent specifications
- Clear success criteria for measuring improvement effectiveness
- Integration considerations for agent ecosystem harmony
- Risk assessment for proposed changes
## Integration Notes
This agent operates within Claude Code's conversation context and focuses on:
- **Qualitative Analysis**: Since detailed metrics aren't available, focuses on behavioral patterns and user interaction quality
- **Specification Optimization**: Improving agent descriptions, examples, and usage guidance
- **Ecosystem Balance**: Ensuring agents complement rather than compete with each other
- **Practical Improvements**: Recommendations that can be implemented through specification updates
The agent serves as the continuous improvement engine for the subagent ecosystem, ensuring agents evolve to better serve user needs and project requirements.
## Session Start
1. Check for `.kaizen/agents/optimization/memory.md` in the project root.
2. If present, read it before beginning analysis.
3. Review `.kaizen/metrics/optimizer/analysis.json` if it exists for the latest fleet report.
## Session Close
1. When analysis completes, note key findings in `## Accumulated Findings`.
2. Append one line to `## Session Log`: `YYYY-MM-DD · <agents reviewed> · <outcome>`.
3. Bump `last_updated` and increment `session_count`.
4. Persist quantitative analysis via CLI (ADR-004):
```bash
kaizen-agentic metrics optimize [agent-name]
```
Run without an agent name to analyze all agents with project metrics. Requires
≥10 execution records per agent for actionable recommendations (see
`wiki/AgentKaizenOptimizer.md`).

View File

@@ -0,0 +1,113 @@
---
id: ADR-005
type: architecture-decision-record
title: "Cross-Repo Workplans Live in Dedicated Project Repos"
status: accepted
decided_by: Bernd Worsch
date: "2026-06-22"
tags: ["architecture", "state-hub", "workplans", "cross-repo", "project-repo", "source-of-truth", "lifecycle"]
---
# ADR-005: Cross-Repo Workplans Live in Dedicated Project Repos
## Status
Accepted.
## Context
ADR-001 established that workplans and work items originate as files in the
repository that owns them, so the State Hub can rebuild its coordination state
from repo-owned files alone. The repo-classification redesign (`CUST-WP-0050`)
takes the next step: it makes the **repo the primary anchor** for a workplan
(`workstreams.repo_id` becomes required) and **derives** the market-domain from
the repo's `.repo-classification.yaml` rather than maintaining a separate
`topic`/`domain` spine. Repos are the most stable, git-managed entities in the
ecosystem; binding to them is the most durable anchor available.
This raises an unavoidable question: **what anchors a genuinely cross-repo
workplan?** Some efforts coordinate change across many repositories — ecosystem
migrations, the FOS hub bootstrap (`CUST-WP-0025`), or `CUST-WP-0050` itself,
which touches ~70 repos. If every workplan must bind to exactly one repo:
- binding it to one arbitrary product repo misrepresents the work and pollutes
that repo's history with coordination it does not own;
- leaving it unbound reintroduces the hub-only orphan that ADR-001 forbids;
- modelling it as an array of `repo_id`s breaks the "one stable anchor, clear
ownership, clean lifecycle" property and complicates the rebuild principle.
## Decision
**A complex cross-repo workplan gets its own dedicated *project repo*.**
- The project repo is a real, git-managed repository. It owns the coordination
workplan, its tasks, its decisions, and any cross-cutting artefacts. It is the
required `repo` anchor for that workplan, satisfying the repo-primary-anchor
rule without distorting any single product repo.
- The project repo is classified under the Repo Classification Standard, normally
`category: project`. Its `domain`/tags describe the effort, not any one product.
- **Implementation still happens in the product repos.** Changes land via
per-repo workplans and PRs in the repos being modified. The project repo
*coordinates and references* that work (via dependency edges / links); it does
not own product code.
- **On completion, the project repo is retired to archive — not deleted.** Its
durable results live on in the product repos it modified (the merged changes
are the outcome). The archived project repo remains as an immutable provenance
record of the coordination, consistent with the append-only-memory value.
The project repo's completion record MUST list the product repos it modified and
link to the merged PRs/commits, so the trail survives archival.
## Lifecycle
```
draft → active → completed → archived
```
- **active** — work in progress; workplan `status: active`; repo live in Gitea
and registered in the Hub.
- **completed** — all tasks done; completion record written (modified repos +
links).
- **archived** — repo archived in Gitea and `status: archived` in the Hub. The
workplan moves to `workplans/archived/` per the workplan convention. Results
persist in the product repos; the project repo is read-only history.
## Naming
Project repos SHOULD be identifiable as such (e.g. a `proj-<slug>` prefix or a
dedicated grouping). Exact convention is deferred to `CUST-WP-0050` rollout
(tracked as an open question there), but the lifecycle and ownership rules above
are fixed by this ADR.
## Consequences
- **Pro:** every workplan — including cross-repo ones — has a stable,
git-managed anchor; no hub-only orphans; the rebuild principle (ADR-001) holds.
- **Pro:** the classification standard applies uniformly; project repos are just
repos with `category: project`.
- **Pro:** clean, explicit lifecycle; results are never lost on retirement
because they live in the modified product repos.
- **Con:** proliferation of short-lived repos; requires discipline around the
naming and archival convention.
- **Con:** cross-references between the project repo and the product repos it
modified must be recorded deliberately, or the provenance trail degrades after
archival.
- **Con:** judgement is required on *when* an effort is "complex enough" to merit
a project repo versus a single-repo workplan; small cross-cutting changes
should not spawn a repo.
## Alternatives Considered
- **Bind to a "lead" product repo.** Rejected: distorts that repo's history and
creates ambiguous ownership.
- **Keep an optional hub-only topic for cross-repo coordination.** Rejected:
reintroduces the soft, non-git-managed spine that `CUST-WP-0050` removes and
ADR-001 discourages.
- **Multi-anchor workplan (array of repo_ids, no primary).** Rejected: breaks
single-anchor simplicity, ownership clarity, and lifecycle modelling.
## Related
- ADR-001 — Workplans and Work Items Are Repository Artefacts
- `CUST-WP-0050` — Repo Classification & State Hub Registration Redesign (D1)
- `canon/standards/repo-classification-standard_v1.0.md`

View File

@@ -0,0 +1,150 @@
---
id: CUST-BSP-2026-000001
type: procedure
title: "Bootstrap Protocol v0.1"
status: draft
owners: ["Bernd", "Custodian"]
created: "2026-07-08"
updated: "2026-07-08"
scope:
domains: ["Custodian", "Railiance"]
sensitivity: internal
tags: ["bootstrap", "capital", "roles", "fos", "mvp"]
---
# Bootstrap Protocol v0.1
Addresses FOS blindspot #2: **bootstrapping and initial capital**. Neither FOS
nor OAS defines how the first €10k is funded, what MVP must exist before the
first customer, or which roles are mandatory at formation.
This protocol applies to the Railiance/Custodian ecosystem until a formal GmbH
and multi-stakeholder governance structure supersedes it.
## 1. Seed Funding Strategy
### Minimum Viable Budget (12-month bootstrap)
| Category | Estimate (EUR) | Notes |
| --- | --- | --- |
| Infrastructure (HostEurope, domains) | 3,0005,000 | Existing fleet partially covers this |
| LLM/API tokens | 1,5003,000 | Tracked via fin-hub; burn alerts at 80% budget |
| Legal/GmbH formation | 2,0004,000 | Deferred until first revenue signal |
| Tooling/licenses | 5001,000 | Prefer OSS; EU-hostable |
| Contingency | 2,000 | Restore drills, hardware failure |
| **Total** | **€9,00015,000** | Founder-funded in v0.1 |
### Funding Sources (v0.1)
1. **Founder capital** — primary source until first paying customer.
2. **Consulting revenue** — Railiance architecture reviews (pre-GmbH: freelance
invoice under existing legal entity or transitional structure).
3. **Grants** — EU digital sovereignty programs (exploratory, not blocking).
No external investment required for MVP. External capital triggers formal
Financial Allocator role and updated constitution clauses.
## 2. MVP Scope Definition
The bootstrap MVP is **not** a full FOS Level 5 federation. It is the minimum
viable stack that proves:
1. Reproducible deploy + restore for the Custodian/Railiance substrate.
2. Multi-hub separation at Level 3 boundary (dev, ops, fin conceptually distinct).
3. Identity integration via IAM Profile v0.2.
4. Ops evidence on Core Hub production surface.
5. Cost visibility sufficient to compute runway.
### Must Exist Before First Customer
| # | Capability | Status (2026-07-08) |
| --- | --- | --- |
| 1 | dev-hub (State Hub) workplan coordination | done |
| 2 | hub-core extracted package | done |
| 3 | Core Hub ops evidence (production) | done |
| 4 | IAM Profile integration template | done |
| 5 | fin-hub with runway calculator | in progress (T22T24) |
| 6 | Restore drill evidence (Railiance) | partial |
| 7 | RaaS onboarding runbook | draft (business-model-canvas) |
| 8 | Legal/GmbH review | not started (T26) |
### Explicitly Out of MVP
- Full Keycloak enterprise federation (`NK-WP-0011` lane)
- Autonomous agent scheduling
- Multi-customer tenancy
- NATS cross-hub transport
- Haskell Inter-Hub retirement (gated on stabilization sign-off)
## 3. First Three Mandated Roles
Per FOS §12 and the Big Picture Guidance blindspot analysis, three roles are
mandatory at bootstrap — they may be held by the same human initially but must
remain **explicitly separable**:
### Constitutional Steward (System 5)
- Owns canon, values, constitution, and non-delegable policies.
- Approves canon promotions and escalation when agent actions affect legal,
financial, or reputational posture.
- Cannot be silently merged with Technical Operator authority.
**v0.1 holder:** Bernd (founder).
### Technical Operator (System 3 / Ops)
- Owns infrastructure substrate, deployment, restore drills, and Core Hub
production surface.
- Executes cutover, rollback, and stabilization decisions.
- Routes credentials through approved custody paths only.
**v0.1 holder:** Bernd (founder), with agent assistance under tool-boundary policy.
### Financial Allocator (System 3* / Fin)
- Owns budget, burn rate, runway projection, and spend approval thresholds.
- Surfaces resource pressure signals to dev-hub and viability alerts to canon.
- Escalates when runway drops below alert threshold.
**v0.1 holder:** Bernd (founder) until fin-hub automation exists; then
fin-hub surfaces data, human retains approval for transactions.
## 4. Revenue Threshold for Role Formalization
| Milestone | Trigger | Action |
| --- | --- | --- |
| **Role separation** | First €5,000 external revenue OR first non-founder contributor | Split Technical Operator and Financial Allocator if same person; document in constitution amendment. |
| **GmbH formation** | First €10,000 annual revenue or first managed-tier customer | Engage legal counsel; update liability, SLA, and invoicing structure. |
| **Board/advisory** | €50,000 annual revenue or 3+ paying customers | Add Constitutional Steward separation if not already independent. |
Until thresholds are met, founder-held multiple roles are acceptable provided
authority boundaries are documented and audited.
## 5. Escalation and Human Override
Bootstrap operations inherit `custodian_constitution_v0.1.md`:
- Financial transactions, legal commitments, and external representations require
explicit human approval.
- Agent actions must be auditable and reversible within 5 minutes where they
affect production infrastructure.
- Runway below 3 months triggers mandatory Financial Allocator review and
dev-hub workstream deprioritization signal (fin→dev coupling, T25).
## 6. Success Criteria for Bootstrap Exit
Bootstrap phase ends when:
1. FOS maturity Level 3 is operational (dev, ops, fin hubs distinct).
2. First external customer onboarded OR €10k consulting revenue recorded.
3. GmbH or equivalent legal entity formed.
4. Runway calculator shows ≥6 months at current burn.
5. Restore drill evidence exists for production Railiance cluster.
## References
- `wiki/BigPictureGuidance.md` — blindspot #2 origin
- `canon/constitution/custodian_constitution_v0.1.md`
- `canon/standards/federated-organization-standard_v1.0.md` — §12 roles, §14 maturity
- `canon/projects/railiance/business-model-canvas_v0.1.md`
- `workplans/CUST-WP-0025-fos-hub-bootstrap.md`

View File

@@ -0,0 +1,152 @@
---
id: CUST-BMC-RAIL-2026-000001
type: business_model
title: "Railiance-as-a-Service — Business Model Canvas v0.1"
status: draft
owners: ["Bernd", "Custodian"]
created: "2026-07-08"
updated: "2026-07-08"
scope:
domains: ["Railiance"]
sensitivity: internal
tags: ["business-model", "railiance", "saas", "sovereignty"]
---
# Railiance-as-a-Service — Business Model Canvas v0.1
## Offering
**Railiance-as-a-Service (RaaS)** packages the OAS-aligned operational substrate
as a managed or consultatively operated service for EU SMEs that need sovereign,
GDPR-compliant DevOps without vendor lock-in.
Core deliverable:
- managed k3s cluster (or customer-owned cluster under Railiance runbooks)
- observability stack (metrics, logs, traces)
- GitOps deployment lane (ArgoCD or equivalent)
- encrypted backup + documented restore drills
- governance overlay using FOS hub pattern (dev, ops, fin separation)
Differentiator: **VSM-based organizational architecture**, not just
infrastructure. Customers receive operational reliability *and* a coordination
model that scales from founder-led ops to multi-domain federation.
## Customer Segments
| Segment | Profile | Primary pain |
| --- | --- | --- |
| **EU SME — regulated** | 10200 staff, DSGVO/AI Act exposure | Cannot depend on US hyperscaler control planes |
| **EU SME — technical** | Has developers, weak ops | Founder ops does not survive absence |
| **Internal ventures** | Bernd ecosystem repos | Need reproducible substrate before external sale |
Initial focus: internal dogfooding through the Custodian/Railiance stack until
restore drills and cost attribution are proven.
## Value Proposition
1. **Sovereign ops** — EU-hostable, provider-independent, auditable.
2. **Reproducible deployments** — same inputs produce the same system.
3. **Operational minimalism** — boring primitives, explicit runbooks.
4. **Federation-ready** — customers can grow from single-hub to multi-hub without rewrite.
5. **Agent-safe governance** — tool-boundary policy, immutable audit, human override.
## Channels
| Phase | Channel |
| --- | --- |
| v0.1 (now) | Internal use, direct founder network |
| v0.2 | Consultative engagements (architecture review + managed cutover) |
| v0.3 | Productized tiers with self-serve onboarding docs |
## Customer Relationships
- **Self-hosted tier**: community/docs support, customer operates stack.
- **Managed tier**: Railiance operates cluster; customer owns data plane.
- **Fully operated tier**: Railiance operates cluster + incident response + change management.
All tiers include documented restore drills and evidence exports for compliance.
## Revenue Streams
| Tier | Model | Indicative pricing (draft) |
| --- | --- | --- |
| **Open / self-hosted** | €0 + optional support hours | OSS templates + paid support blocks |
| **Managed** | Monthly per cluster + per-node | €4001,200/mo base + €50150/node |
| **Fully operated** | Monthly retainer + incident SLA | €1,5004,000/mo depending on SLA |
Revenue recognition waits on GmbH formation and first paying customer (see
`bootstrap-protocol_v0.1.md`).
## Key Resources
- Railiance k3s fleet (railiance01, Forgejo, OpenBao, activity-core)
- Core Hub ops evidence surface (production since 2026-07-03)
- hub-core / dev-hub coordination stack
- Canon standards (FOS, OAS, IAM Profile v0.2)
- Operator runbooks and restore-drill evidence
## Key Activities
- Cluster provisioning and GitOps baseline
- Backup/restore drill execution and evidence capture
- Observability and cost attribution (OpenCost path)
- Customer onboarding and hub registration
- Compliance documentation (DSGVO posture, subprocessors)
## Key Partners
- HostEurope / EU hosting for bare metal or VPS substrate
- Forgejo/Gitea for sovereign source control
- OpenBao for secret custody
- EU legal counsel for GmbH, SLA, and liability framework (T26)
## Cost Structure
| Category | Examples |
| --- | --- |
| **Infrastructure** | HostEurope servers, storage, egress |
| **LLM / API** | Anthropic, OpenRouter token spend (tracked via fin-hub T24) |
| **Labor** | Technical Operator time (founder-heavy in v0.1) |
| **Compliance** | Legal review, insurance, audit tooling |
Runway and burn-rate tracking are fin-hub responsibilities (`CUST-WP-0025-T23``T25`).
## Pricing Tiers (Feature Matrix — Draft)
| Feature | Self-hosted | Managed | Fully operated |
| --- | --- | --- | --- |
| k3s cluster templates | ✓ | ✓ | ✓ |
| GitOps baseline | ✓ | ✓ | ✓ |
| Observability stack | docs | ✓ | ✓ |
| Backup + restore drills | customer-run | quarterly evidence | monthly evidence |
| Incident response | — | business hours | 24×7 option |
| FOS hub coordination | docs | dev+ops hubs | full federation setup |
| Cost/runway dashboard | — | optional | ✓ |
| SLA | — | 99.5% target | contractual |
## MVP Scope (Before First External Customer)
Must exist:
1. One production Railiance cluster with documented restore drill pass.
2. Core Hub ops evidence lane live (done 2026-07-03).
3. IAM Profile v0.2 integration template (done).
4. fin-hub runway calculator with manual cost import (T24).
5. Onboarding runbook: customer → provisioned cluster + monitoring.
6. Legal review of GmbH implications and liability cap (T26).
## Risks and Open Questions
- GmbH formation timing vs. pre-revenue consulting
- Liability scope for managed tier incident response
- Whether RaaS leads with consultancy or productized tiers
- OpenCost integration vs. manual CSV for v0.1 cost ingestion
## References
- `canon/projects/railiance/project_charter_v0.1.md`
- `canon/projects/railiance/roadmap_v0.1.md`
- `canon/standards/orthogonal-architecture_v1.0.md`
- `canon/standards/federated-organization-standard_v1.0.md`
- `docs/core-hub-cutover-decision-coupling.md`

View File

@@ -0,0 +1,118 @@
---
id: canon-coulombcore-production-freeze
type: standard
title: "CoulombCore Production Freeze v0.1"
domain: custodian
status: active
version: "0.1"
created: "2026-07-03"
decided_by: custodian
tags: ["infrastructure", "coulombcore", "railiance01", "production", "freeze", "drain"]
related_workplans:
- CUST-WP-0054
- RAIL-HO-WP-0005
---
# CoulombCore Production Freeze v0.1
## Status
**Active from 2026-07-03.** CoulombCore (`92.205.130.254`) is frozen for new
production workloads.
## Context
Under the fleet role model (`CUST-WP-0054`, `docs/workstation-independence-fleet-architecture.md`):
| Machine | Role |
| --- | --- |
| **railiance01** | Production home — growing Railiance fleet |
| **coulombcore** | Legacy/experimental only; drain then phoenix to **railiance02** |
| **workstation** | Temporary dev environment |
Despite the role model, coulombcore still hosts production-critical workloads
(State Hub cluster primary, Core Hub, issue-core, Gitea, OpenBao, identity
stack, GitOps control plane). This freeze stops the problem from growing while
the drain sequence in `docs/coulombcore-drain-placement-plan.md` executes.
## Policy
### Frozen (blocked without exception)
No **new** production workloads may be introduced on coulombcore after
2026-07-03:
- New Helm releases, ArgoCD Applications, or CNPG clusters intended as
long-lived production
- New public DNS names under `*.coulomb.social` for production services
- New credential lanes whose **primary** runtime home is coulombcore
- New CI/CD publish targets that make coulombcore the canonical registry or
forge (canonical target is railiance01 Forgejo per `RAIL-HO-WP-0005`)
- New automation schedules that **require** coulombcore as the sole runtime
host (activity-core production is already on railiance01)
### Grandfathered (existing production may run)
Workloads already in production on coulombcore before 2026-07-03 may continue
until their drain step completes. They are **not** newly promoted production —
they are legacy carry-over on a condemned host.
### Allowed on coulombcore during drain
| Category | Examples |
| --- | --- |
| Drain migrations | Staged-promotion overlays targeting railiance01; cutover drills in isolated namespaces |
| Read-only mirrors | Gitea read-only rollback mirror after Forgejo cutover |
| Short-lived probes | Disposable Forgejo/restore namespaces per `RAIL-HO-WP-0005` probe strategy |
| Experimental / non-prod | Staging profiles, smoke namespaces, operator-attended bootstrap |
| Fleet mesh transit | Forward tunnels from railiance01 to coulombcore cluster services until those services move (T02 interim) |
### Promotion gate
A workload counts as **production on railiance01** only after passing the
staged-promotion contract (`RAIL-BS-WP-0006`). Coulombcore deployments do not
satisfy this gate after 2026-07-03.
## Enforcement
1. **Workplan review** — new workplans proposing coulombcore production require
an explicit exception row in the drain plan with rollback evidence.
2. **ArgoCD / GitOps** — new Applications with production intent must target
`railiance01-k3s`, not `coulombcore-k3s`, unless tagged `drain-migration`
or `experimental`.
3. **Agent instructions** — coding agents must not deploy new production
services to coulombcore; route to railiance01 overlays or file an exception
request via State Hub `needs_human`.
4. **Inventory drift**`ops/service-inventory.yml` rows for coulombcore
production services carry `lifecycle_state: draining` after their drain
wave starts.
## Exceptions
Document each exception in `docs/coulombcore-drain-placement-plan.md` under
**Documented exceptions** with:
- workload id
- reason the drain sequence cannot absorb it yet
- target host and target date
- rollback method
- approving workplan or operator decision id
## Exit criteria (lift freeze)
The freeze lifts for coulombcore as a **host** when:
1. All drain waves in the placement plan reach `retired` or `migrated`
2. Identity + OpenBao (last wave) run on railiance01
3. `CUST-WP-0054-T09` phoenix begins — coulombcore is wiped and rebuilt as
railiance02, not returned to production
After phoenix, the machine identity is **railiance02**; the coulombcore freeze
standard applies only to the historical drain period.
## Related documents
- Drain sequence: `docs/coulombcore-drain-placement-plan.md`
- Architecture: `docs/workstation-independence-fleet-architecture.md`
- Forgejo migration: `RAIL-HO-WP-0005` in `railiance-infra`
- Staged promotion: `RAIL-BS-WP-0006` (finished)

File diff suppressed because it is too large Load Diff

View File

@@ -0,0 +1,117 @@
# Machine-readable allowed-values for the Repo Classification Standard.
#
# Single source of truth for the standard's controlled vocabularies, derived
# from canon/standards/repo-classification-standard_v1.0.md. Consumed by:
# - the per-repo .repo-classification.yaml linter (tools/validate_repo_classification.py)
# - the State Hub registration validator (CUST-WP-0050 T04)
#
# When the standard's vocabularies change, update this file and bump `version`
# to match the standard version. CUST-WP-0050 T01.
standard: "Repo Classification Standard"
version: "1.0"
canon_id: "canon-repo-classification"
# category — exactly 1 required (§5)
categories:
- experimental
- research
- project
- tooling
- product
- business
# domain / secondary_domains — primary exactly 1; secondaries 0..n (§6)
domains:
- infotech
- financials
- communication
- consumer
- health
- industrials
- energy
- utilities
- materials
- realestate
- crypto
- agents
- space
- government
# business_stake — 0..n; 2..6 recommended (§8)
business_stake:
- execution
- intelligence
- finance
- legal
- sales
- experience
- technology
- operations
- product
- people
- procurement
- sustainability
- automation
# business_mechanics — 0..n, optional (§9)
business_mechanics:
- intention
- control
- coordination
- operation
- adaptation
# capability_tags are intentionally OPEN-ENDED (§7): lowercase kebab-case, not
# restricted to this set. The families below are the standard's recommended
# canonical tags — used to warn on likely synonyms/typos, never to reject.
capability_families:
identity_and_access:
- identity
- authentication
- authorization
- access-control
- user-management
- tenancy
knowledge_and_evidence:
- knowledge
- citations
- evidence
- source-management
- traceability
- documentation
- decision-support
platform_and_operations:
- platform
- deployment
- operations
- observability
- feature-control
- configuration
- orchestration
market_and_coordination:
- marketplace
- pricing
- monetization
- reputation
- challenges
- bounties
- collaboration
- coordination
product_and_lifecycle:
- product-development
- lifecycle
governance_and_control:
- governance
- policy
- compliance
- risk
- audit
- control
# Validation guidance (advisory bounds the linter applies as warnings)
guidance:
secondary_domains_max: 3
business_stake_recommended_min: 2
business_stake_recommended_max: 6
capability_tag_pattern: "^[a-z0-9]+(-[a-z0-9]+)*$"

View File

@@ -0,0 +1,69 @@
# Repo Classification exclusion list (CUST-WP-0050 T11 / D3).
# Repos listed here are intentionally out of scope for classification and
# State Hub registration under the portfolio taxonomy.
#
# Validate additions against canon/standards/repo-classification-standard_v1.0.md.
version: "1.1"
updated: "2026-06-22"
exclusions:
# Forks and personal repos — not ecosystem inventory.
- slug: tegwick/the-custodian
gitea_path: tegwick/the-custodian
reason: fork path not found on Gitea (SSH verified 2026-06-22)
- slug: python-snake
gitea_path: lando_worsch/python-snake
reason: personal / non-ecosystem repo (exists on Gitea; excluded by policy)
# Archived or collapsed hub registrations — superseded by another slug.
- slug: markitect-project
reason: archived; workstreams relinked to markitect-main (ADR-005 disposition)
- slug: railiance-bootstrap
reason: archived phantom registration; no Gitea repo
- slug: railiance-hosts
reason: archived phantom registration; no Gitea repo
- slug: vergabe_teilnahme
reason: archived duplicate; collapsed into vergabe-teilnahme
- slug: test_domain_v2
reason: archived test domain; not present on Gitea coulomb org (SSH verified)
# Local-only templates / sandboxes — not product inventory.
- slug: hub-core-seed
reason: hub-core bootstrap seed copy; not a standalone service
- slug: sand-boxer
reason: agentic coding sandbox; throwaway experimentation surface
- slug: .nvm
reason: Node version manager checkout; not a coulomb project repo
# Portfolio-review slugs with no matching coulomb/* repo on Gitea (SSH verified 2026-06-22).
- slug: binect-chrome
reason: not present on Gitea coulomb org; likely renamed or removed
- slug: binect-js
reason: not present on Gitea coulomb org; likely renamed or removed
- slug: direkt-vermittlung-de
reason: not present on Gitea coulomb org; likely renamed or removed
- slug: polycode-sim
reason: not present on Gitea coulomb org; likely renamed or removed
- slug: ralph-workplan
reason: not present on Gitea coulomb org; likely renamed or removed
- slug: tele-mcp
reason: not present on Gitea coulomb org; likely renamed or removed
- slug: testdrive-jsui
reason: not present on Gitea coulomb org; likely renamed or removed
- slug: timeline-svg
reason: not present on Gitea coulomb org; likely renamed or removed

View File

@@ -0,0 +1,104 @@
# Core Hub Cutover Decision Coupling
Date: 2026-07-08
Related workplans: `CUST-WP-0025-T17`, `CORE-WP-0005`, `CORE-WP-0007`,
`CUST-WP-0047`, `CUST-WP-0049`.
## Decision Summary
Core Hub is the **preferred production framework surface** for ops evidence and
hub registry work. Haskell Inter-Hub remains available as **rollback-only**
fallback through the stabilization window and until `CORE-WP-0007` operator
sign-off retires it.
| Question | Decision |
| --- | --- |
| Is legacy Inter-Hub still required for normal operation? | **No** — production ingress at `hub.coulomb.social` serves Core Hub since 2026-07-03. |
| Is Inter-Hub fallback still required? | **Yes, rollback-only** until stabilization closes and `CORE-WP-0007-T02` is approved. |
| Are the three cutover gates satisfied? | **Yes** — deployed API smoke, staging import, and activity-core sink evidence all pass. |
| Can Phase 4 fin-hub work begin? | **Yes** — multi-hub pattern is proven at Level 2→3 boundary; fin models remain separate implementation. |
## Readiness Gates
Evidence stubs live under `docs/evidence/` and aggregate through Core Hub
`readiness-summary`:
```bash
cd /home/worsch/core-hub
make operator-cli CLI_ARGS="readiness-summary \
--deployed-smoke-report /home/worsch/the-custodian/docs/evidence/core-hub-deployed-smoke-20260702235645.json \
--migration-report /home/worsch/the-custodian/docs/evidence/core-hub-migration-import-20260703.json \
--activity-core-report /home/worsch/the-custodian/docs/evidence/core-hub-activity-core-sink-20260702.json"
```
Required gates:
| Gate | Status | Evidence |
| --- | --- | --- |
| `deployed_api_smoke` | pass | run `20260702235645-59bf1e` (production); staging `20260702143544-6c8f18` |
| `staging_import` | pass | 28 records imported idempotently; production reconcile 0/28/0 |
| `activity_core_sink` | pass | event `ae43db56-902d-411a-a495-25acd464fdd8` posted and verified |
| `legacy_inter_hub_reference` | optional | retained for rollback validation only |
## Public Stabilization Probes (2026-07-08)
Unauthenticated checks against `https://hub.coulomb.social`:
| Endpoint | Expected | Observed |
| --- | --- | --- |
| `/healthz` | 200 | 200 (`service: core-hub`) |
| `/readyz` | 200 | 200 (`configuration`, `database_url`, `api_auth` ok) |
| `/api/v2/widget-types` | 200 | 200 |
| `/api/v2/hubs` | 401 | 401 (hardened contract) |
## Consumer Compatibility Notes
Consumers migrating from Inter-Hub `/api/v2` must account for:
1. **Auth hardening**`/api/v2/hubs` is protected on Core Hub. Anonymous
listing consumers must obtain a token. Audit found no production dependency
on anonymous 200 responses.
2. **Catalog shape** — Core Hub catalogs use `{name, slug, description}`; Inter-Hub
used `{name, label, description, ownerHubId, status}`. Parsers must accept
`slug` as the stable identifier.
3. **Health endpoints** — Core Hub adds `/healthz` and `/readyz`; Inter-Hub
returned 404 on these paths.
4. **Ops vocabulary** — all 7 orphaned `ops-*` widget types and matching event
types are seeded in Core Hub before cutover; migrated widgets are referentially
complete.
## Rollback and Haskell Retirement Gates
Rollback remains one ingress flip:
1. Delete Core Hub ingress (`30-ingress.yaml`)
2. Apply `rollback-inter-hub-ingress.yaml`
3. Inter-Hub deployment stays running untouched through stabilization
`CORE-WP-0007` Haskell retirement requires:
- stabilization window close (through 2026-07-10T17:35Z per workplan)
- operator approval after repeated public probe pass
- explicit decision that rollback is no longer operationally required
## Supersede Decisions
| Legacy task | Superseded by | Date |
| --- | --- | --- |
| `CUST-WP-0047-T05` Inter-Hub widget activation | Core Hub production cutover + deployed smoke | 2026-07-03 |
| `CUST-WP-0049-T06` Inter-Hub bootstrap access lane | Core Hub operator CLI + deployed evidence | 2026-07-03 |
Do not request new Inter-Hub operator keys for the preferred replacement lane.
## Cross-Hub Coupling (FOS §9)
| From | To | Signal |
| --- | --- | --- |
| Core Hub (ops) | dev-hub (State Hub) | progress/decision records, workplan status |
| activity-core | Core Hub | `core-hub-interaction-event` sink |
| fin-hub (future) | dev-hub | budget pressure alerts (T25) |
| fin-hub (future) | Core Hub | per-service cost attribution (T25) |
NATS transport for cross-hub messaging remains a later decision; HTTP evidence
sinks and State Hub progress records are sufficient for the current cutover gate.

View File

@@ -0,0 +1,139 @@
# Core Hub Helixforge Build Alignment
Date: 2026-06-27
Related workplans: `CUST-WP-0052`, `CUST-WP-0025`, `CORE-WP-0008`,
`CORE-WP-0005`, `CORE-WP-0007`.
## Sources Reviewed
- `/home/worsch/helix-forge/SCOPE.md`
- `/home/worsch/helix-forge/workplans/HF-WP-0001-establish-ops-hub-first-extension.md`
- `/home/worsch/helix-forge/wiki/OpsHubBootstrapRunbook.md`
- `/home/worsch/railiance-forge/Makefile`
- `/home/worsch/railiance-forge/docs/initial-operating-contracts.md`
- `/home/worsch/railiance-forge/docs/ci-runner-actions-gitops-ownership.md`
- `/home/worsch/railiance-forge/docs/gitea-actions-runner-substrate.md`
- `/home/worsch/railiance-forge/docs/observability-operating-evidence.md`
- `/home/worsch/railiance-forge/docs/gitea-container-registry.md`
- `/home/worsch/core-hub/Makefile`
- `/home/worsch/core-hub/docs/deployment/staging-profile.md`
- `/home/worsch/core-hub/docs/deployment/operator-cli.md`
- `/home/worsch/core-hub/docs/specs/testing-release-and-migration.md`
## Takeaways
HelixForge is currently a capability-first product/architecture and workplan
home, not a deployable runtime. Its older ops-hub Inter-Hub bootstrap material
is useful as vocabulary and historical evidence, but Core Hub now owns the
replacement implementation lane.
Railiance Forge is the concrete build and artifact practice source. The useful
patterns for Core Hub are:
- repo-local Make targets are the operator entry point;
- separate read-only checks from deploy/apply actions;
- print evidence docs and runbooks through Make targets where useful;
- source repos own build scripts and image/package metadata;
- `railiance-forge` owns registry endpoints, runner labels, runner health, and
artifact evidence contracts;
- `railiance-apps` should eventually own S5 deployment checks and app release
values;
- runner labels describe capability and trust level, not hostnames;
- privileged labels such as `registry-publish`, `cluster-dry-run`, and
`s5-release-check` require named credential paths and reviewed purpose;
- artifact tags for release evidence should be immutable commit-SHA tags;
- mutable tags such as `latest` must never be the only production reference;
- evidence should capture source repo, commit SHA, artifact identity,
version/tag/digest, runner identity when relevant, smoke result, and consuming
deployment value change;
- docs may reference SOPS/OpenBao/Kubernetes Secret names, but must not contain
decrypted values, tokens, kubeconfigs, SSH keys, or tokenized URLs.
## Core Hub Current Fit
Core Hub already has a compatible service-repo surface:
- `make lint`
- `make test`
- `make openapi`
- `make migrate-validate`
- `make staging-profile-check`
- `make container-build`
- `make deployed-smoke`
- `make operator-cli`
- `make visual-check`
The current image repository default,
`gitea.coulomb.social/coulomb/core-hub`, matches the Railiance Forge registry
contract. Core Hub staging docs already prefer commit-SHA image tags and note
that production/shared staging deploys must not depend on `latest`.
The current Core Hub staging profile is acceptable as a near-term service-repo
profile. It should later be promoted into a Railiance app release path once the
API contract and staging evidence are stable.
## Environment Posture
Use three distinct postures so build/release work does not overfit to the local
workstation:
| Posture | Purpose | Core Hub behavior |
|---|---|---|
| Local/dev | Fast contract work and disposable smoke proof. | `uv`, SQLite/disposable DBs, `CORE_HUB_AUTO_CREATE_TABLES=1` only for local smoke/test bootstraps, no live cluster dependency. |
| Staging | Production-like proof without cutover. | Postgres, Alembic migrations only, Kubernetes `core-hub-staging`, commit-SHA images, OpenBao/operator-owned secret references, deployed API and activity-core smokes. |
| Production/cutover | Replacement of Haskell Inter-Hub. | Requires staging import, dual-run or shadow smokes, rollback notes, non-secret readiness summary, and explicit operator approval. |
Do not let missing runner automation block API contract work. It should block
only publish/deploy automation that actually needs forge runner labels or
cluster credentials.
## Recommended Core Hub Build Lane
Keep the existing Core Hub Make targets and add future targets only when they
remove manual release ambiguity:
1. Local contract gate:
`make lint`, `make test`, `make openapi`, `make staging-profile-check`,
and `git diff --check`.
2. Image build:
`IMAGE_REPOSITORY=gitea.coulomb.social/coulomb/core-hub IMAGE_TAG=<commit> make container-build`.
3. Registry publication:
publish immutable `<commit>` tags through an attended operator path first;
move to forge runner automation only after `registry-publish` runner evidence
is available for the repo/workflow purpose.
4. Staging deploy:
keep `k8s/railiance-staging/` as the service-repo profile until
`railiance-apps` owns explicit Core Hub dry-run/status/deploy targets.
5. Evidence gate:
run `make deployed-smoke`, activity-core Core Hub sink smoke, migration
import, and `make operator-cli CLI_ARGS="readiness-summary ..."` with
reports under ignored `.local/` paths.
6. Cutover:
require non-secret evidence reports, rollback notes, and operator approval
before `CORE-WP-0007` Haskell retirement can move.
## Required Follow-Ups
No HelixForge repo change is required for the Core Hub reset. HelixForge remains
the capability/modeling context, while Core Hub owns the replacement runtime.
Core Hub follow-ups:
- Add a future release evidence note or Make target when a real staging image is
published to `gitea.coulomb.social/coulomb/core-hub:<commit>`.
- Keep `CORE-WP-0005` staging import and cutover evidence tied to immutable
image tags and non-secret reports.
- Add runner workflow files only after `railiance-forge` has runner label and
registry-publish evidence suitable for Core Hub.
Railiance follow-ups:
- `railiance-apps` should eventually own Core Hub app release values and
dry-run/status/deploy targets once the service leaves the temporary
service-repo staging profile.
- `railiance-forge` should be cited for registry, runner, and artifact evidence;
it should not own Core Hub API behavior or cutover decisions.
- Any need for cluster-dry-run or deploy-capable runner labels should be posted
as a State Hub requirement before adding workflow dependencies.

View File

@@ -0,0 +1,120 @@
# Core Hub Replacement Evidence Handoff
Date: 2026-06-30
Related workplans: `CUST-WP-0052`, `CUST-WP-0025`, `CUST-WP-0047`,
`CUST-WP-0049`, `CORE-WP-0008`, `CORE-WP-0004`, `CORE-WP-0005`,
`CORE-WP-0007`.
## Current Evidence
Core Hub now has the API-first replacement lane needed to stop expanding the
old Inter-Hub-first ops-hub path:
- `CORE-WP-0008-T02`: repeatable deployed-smoke harness exists through
`make deployed-smoke`. It probes health/readiness, OpenAPI compatibility,
public catalogs, protected-route `401` behavior, operator auth, ops-hub
bootstrap-equivalent creation, widget/event write, key-prefix evidence, and
hub-registry visibility. It was verified against a disposable local HTTP Core
Hub runtime, not a live staging endpoint.
- `CORE-WP-0008-T03`: activity-core has a direct Core Hub
`core-hub-interaction-event` sink, verified locally against a disposable Core
Hub runtime. Deployed execution still needs `CORE_HUB_BASE_URL`, runtime key,
and widget mapping from approved custody.
- `CORE-WP-0008-T04`: staging deployment profile, Kubernetes manifests,
migration job shape, secret references, health/readiness probes, rollback
notes, and container build checks are documented.
- `CORE-WP-0008-T05`: `make operator-cli` wraps the same API behavior for
deployed smoke, ops-hub bootstrap status, migration validate/import, and
cutover readiness summaries.
- `CORE-WP-0006`: protected `/console` prototype exists with readiness,
registry, migration/cutover, action-required, access metadata, and evidence
stream sections. `make visual-check` passed on 2026-06-27 with desktop/mobile,
no-overlap, horizontal-overflow, protected-route, PNG, and non-secret checks.
- `CORE-WP-0008-T06`: the web UI is gated behind API/CLI readiness and has a
compact whynot-aligned first-screen backlog. The UI should not start by
recreating every old Inter-Hub screen.
**2026-07-02/03 update:** Deployed evidence now exists. Staging smoke
`20260702143544-6c8f18`, production smoke `20260702235645-59bf1e`, activity-core
sink event `ae43db56-902d-411a-a495-25acd464fdd8`, and migration import (28
records, idempotent) are documented in `docs/evidence/` and aggregated via
`readiness-summary` (`readyForCutover: true` on 2026-07-08).
## 0047 And 0049 Decision
**Superseded 2026-07-03:** `CUST-WP-0047-T05` and `CUST-WP-0049-T06` are
cancelled in their workplans. Core Hub production cutover plus deployed smoke
evidence replaced the legacy Inter-Hub widget activation and bootstrap access
lane. Inter-Hub remains rollback-only through `CORE-WP-0007` stabilization.
See `docs/core-hub-cutover-decision-coupling.md` for the full decision record.
## CUST-WP-0025 Phase 3 Reset Recommendation
`CUST-WP-0025-T13` through `T19` should be rewritten before execution:
- T13: replace "create standalone ops-hub repo" with Core Hub-owned API-first
ops evidence and registry work. Defer any standalone ops-hub repo until after
Core Hub cutover proves the boundary still needs a separate service.
- T14: replace standalone ops-specific models with Core Hub resources and
migration/read-model gaps, preserving `CUST-WP-0047` service inventory as
input evidence.
- T15: replace MCP-first ops tools with API and CLI parity first. Any MCP layer
should consume the proven Core Hub API later.
- T16: route infrastructure evidence through activity-core probes and Core Hub
interaction/deployment evidence, with credential ownership resolved through
approved custody routes rather than chat or workplans.
- T17: reframe cross-hub coupling around Core Hub events, State Hub progress,
and activity-core evidence sinks. Keep NATS as a later transport decision.
- T18: replace the old dashboard task with the whynot-aligned Core Hub operator
UI backlog from `CORE-WP-0008-T06`.
- T19: cancel or defer ops-hub MCP server registration until post-cutover
demand proves it is needed.
2026-06-27 follow-up: `CUST-WP-0025-T13` through `T19` have now been
rewritten around this recommendation. The rewrite is enough to stop the obsolete
standalone ops-hub scaffold sequence, but not enough to declare Core Hub
production cutover complete.
2026-06-27 T14 closeout: Core Hub now has
`docs/specs/ops-evidence-contract.md`, which defines the ops evidence API
resources, event vocabulary, non-secret access metadata rules, service inventory
mapping, readiness-summary inputs, and read-model gaps. This closes the T14
definition gate while leaving deployed evidence, cutover coupling, and UI work
for T16/T17/T18.
2026-06-27 T03 closeout: Core Hub now has a reusable IAM Profile verifier and
FastAPI dependency plus `tests/test_iam_profile.py`, which proves OIDC
discovery, JWKS signature validation, authorization-code + PKCE token issuance,
protected endpoint access, required IAM Profile claims, missing-token rejection,
wrong-audience rejection, and production rejection of local-development issuers.
This closes the identity integration template while leaving production issuer
wiring for the deployed Core Hub gates.
2026-06-27 T18 closeout: Core Hub `CORE-WP-0006` is finished and local
`make visual-check` passed for `/console`. The first UI surface is intentionally
compact and protected; broader UI implementation remains gated by deployed API
and CLI evidence through the rebuild backlog.
## Remaining Gates
2026-06-30 route refinement: `warden route find` for the Core Hub
staging smoke token need matched the OpenBao-owned `openbao-api-key`
lane for operator/runtime credentials, with `key-cape-oidc-login`
available for interactive auth and `ops-bridge-tunnel` for private
endpoint access when needed. ops-warden can route or assist eligible lanes,
but it does not own, mint, or store Core Hub token values.
- Run `make deployed-smoke` or `make operator-cli CLI_ARGS="deployed-smoke ..."`
against a real Core Hub staging URL with an approved operator token.
- Import the approved Inter-Hub export bundle into a staging Core Hub database
and keep dry-run reports visibly open until a reviewed non-dry-run import
succeeds.
- Run the deployed activity-core Core Hub sink smoke with approved runtime
token and widget mapping.
- Build a `readiness-summary` evidence report from deployed smoke, migration,
activity-core, and optional legacy Inter-Hub reference evidence.
- Keep `CORE-WP-0007` Haskell retirement blocked until staging import, dual-run
smokes, cutover, rollback notes, and operator approval are complete.

View File

@@ -0,0 +1,200 @@
# CoulombCore Drain and Production Placement Plan
Date: 2026-07-03
Workplan: `CUST-WP-0054-T03`
Freeze policy: `canon/standards/coulombcore-production-freeze_v0.1.md`
Architecture: `docs/workstation-independence-fleet-architecture.md`
## Purpose
Ordered drain sequence for every production workload on coulombcore
(`92.205.130.254`, `coulombcore-k3s`). Each row names current placement,
target placement, migration method, owner workplan, and prerequisites.
**Coupling rule:** forge and State Hub move early; identity + OpenBao move
last because everything authenticates through them.
## Wave overview
```
Wave 0 Freeze policy (this document + canon) — effective 2026-07-03
Wave 1 Source forge + CI runners ─────────── RAIL-HO-WP-0005 / CUST-WP-0054-T04
Wave 2 State Hub primary + sweep checkouts ── CUST-WP-0054-T05 / CUST-WP-0011
Wave 3 Core Hub production ────────────────── CORE-WP-0005
Wave 4 issue-core ─────────────────────────── ISSUE-WP-0003 + overlay
Wave 5 GitOps control plane (ESO, ArgoCD) ─── railiance-cluster overlays
Wave 6 Application stragglers ─────────────── per-app overlays
Wave 7 OpenBao + identity stack ───────────── NET-WP-0020 + key-cape (LAST)
Wave 8 coulombcore phoenix → railiance02 ─── CUST-WP-0054-T09
```
## Placement register
| # | Workload | Current (2026-07-03) | Target | Method | Owner | Wave | Status |
| --- | --- | --- | --- | --- | --- | --- | --- |
| 1 | **Gitea + OCI registry** | coulombcore-k3s `default`; `gitea.coulomb.social` | railiance01 **`forgejo.coulomb.social`** | Staged-promotion S5 overlay; `RAIL-HO-WP-0005` probe → production; Gitea → read-only mirror | `RAIL-HO-WP-0005`, `CUST-WP-0054-T04` | 1 | grandfathered |
| 2 | **Forgejo Actions / CI runners** | none (workstation manual build) | railiance01 | New S5 overlay; image build on tag push | `CUST-WP-0054-T04` | 1 | planned |
| 3 | **Gitea DB + PVC** | coulombcore `databases` / `gitea-shared-storage` | railiance01 CNPG + PVC | Migrate with Forgejo; backup/restore drill required | `RAIL-HO-WP-0005` | 1 | grandfathered |
| 4 | **State Hub API (primary)** | coulombcore CNPG `state-hub-db`; cluster Svc `10.43.170.94:8000` | railiance01 CNPG + Deployment | `CUST-WP-0011-T07` playbook: freeze → exact-count restore → rewire; staged-promotion overlay | `CUST-WP-0054-T05`, `CUST-WP-0011` | 2 | grandfathered |
| 5 | **State Hub sweep checkouts** | workstation `/home/worsch/*` (74 repos) | railiance01 clone tree from forge | Relocate `host_paths` / `local_path`; no workstation writeback | `CUST-WP-0054-T05`, `STATE-WP-0064` | 2 | planned |
| 6 | **WSL2 State Hub fallback** | workstation WSL2 | retired | Stop after railiance01 primary stabilizes | `CUST-WP-0011-T08/T09`, `CUST-WP-0054-T10` | 2 | grandfathered |
| 7 | **Core Hub** | coulombcore `core-hub-staging`; public `hub.coulomb.social` | railiance01 | Staged-promotion overlay; dual-run prerequisite (`CORE-WP-0005-T04`) | `CORE-WP-0005` | 3 | grandfathered |
| 8 | **Inter-Hub (Haskell)** | coulombcore external | retired | Rollback-only after Core Hub cutover | `CORE-WP-0007` | 3 | grandfathered |
| 9 | **issue-core** | coulombcore `issue-core` ns; ClusterIP `10.43.103.154:8765` | railiance01 | Staged-promotion overlay; shorten fleet tunnel to local svc | `ISSUE-WP-0003`, `CUST-WP-0054-T03` | 4 | grandfathered |
| 10 | **issue-core CNPG** | coulombcore | railiance01 | Migrate with issue-core workload | `railiance-platform` | 4 | grandfathered |
| 11 | **External Secrets Operator** | coulombcore | railiance01 | GitOps follows forge; ESO stores point at railiance01 OpenBao post-Wave 7 or interim coulombcore path documented | `railiance-platform` | 5 | grandfathered |
| 12 | **ArgoCD** | coulombcore (boundary: should be S4) | railiance01 | Staged-promotion; repoint repo URLs to Forgejo | `railiance-cluster` | 5 | grandfathered |
| 13 | **llm-connect** | railiance01 `activity-core` ns (partial) | railiance01 | Already on target machine; complete in-cluster profile | `CCR-2026-0003` lane | 6 | observed |
| 14 | **activity-core** | railiance01 `activity-core` ns | railiance01 (retain) | No move; update sinks (T06) and hub URL post-Wave 2 | — | — | **on target** |
| 15 | **Temporal / NATS** | railiance01 | railiance01 (retain) | Co-located with activity-core | — | — | **on target** |
| 16 | **ops-hub evidence / widgets** | files + Core Hub path | railiance01 via Core Hub | Follows Core Hub; not coulombcore-blocking | `CUST-WP-0025`, `CUST-WP-0049` | 6 | planned |
| 17 | **artifact-store / MinIO lane** | assessment only | railiance01 or compatible endpoint | Compatibility-profile per `ARTIFACT-STORE-WP-0007` | `ARTIFACT-STORE-WP-0007` | 6 | planned |
| 18 | **OpenBao** | coulombcore | railiance01 | **Last infrastructure wave**; `NET-WP-0020` unseal automation; CNPG + seal migration | `NET-WP-0020`, `railiance-platform` | 7 | grandfathered |
| 19 | **KeyCape** | coulombcore | railiance01 | Follows OpenBao; OIDC/MFA paths | `key-cape` | 7 | grandfathered |
| 20 | **Authelia** | coulombcore | railiance01 | Identity front door | `key-cape` / `railiance-platform` | 7 | grandfathered |
| 21 | **privacyIDEA** | coulombcore | railiance01 | MFA backend | `key-cape` | 7 | grandfathered |
| 22 | **lldap** | coulombcore | railiance01 | LDAP directory | `key-cape` / `railiance-platform` | 7 | grandfathered |
| 23 | **flex-auth** | coulombcore | railiance01 | Policy registry follows identity | `flex-auth` | 7 | grandfathered |
| 24 | **Fleet mesh transit tunnels** | railiance01 systemd → coulombcore ClusterIPs | railiance01-local services | Retire when Waves 2+4 complete (hub + issue-core local) | `CUST-WP-0054-T02` | 24 | **interim active** |
| 25 | **CNPG operator** | coulombcore (boundary note) | railiance01 | Platform operator moves with Wave 2+ workloads | `railiance-platform` | 27 | grandfathered |
| 26 | **coulombcore host identity** | coulombcore | railiance02 | Machine phoenix after Wave 7 | `CUST-WP-0054-T09`, `CUST-WP-0054-T08` | 8 | wait |
## Per-wave detail
### Wave 1 — Source forge + CI (unblocks repos and images)
**Goal:** All repos and container images publish from railiance01; coulombcore
Gitea becomes read-only mirror.
| Step | Action | Done when |
| --- | --- | --- |
| 1.1 | Resolve `RAIL-HO-WP-0005-T02` production decisions (hostname **decided:** `forgejo.coulomb.social`; SMTP, runners, backup still open) | `docs/forgejo-production-decisions.md` |
| 1.2 | Disposable Forgejo probe namespace + restore drill | Backup/restore evidence id recorded |
| 1.3 | Production Forgejo cutover | All 74 repo remotes point at Forgejo; push/pull verified |
| 1.4 | Actions runners for `state-hub`, `core-hub`, `activity-core`, `issue-core` | Tag-triggered image lands in forge OCI |
| 1.5 | Gitea → read-only mirror on coulombcore | Rollback window documented; no new writes |
**Blocks:** Wave 2 sweep checkouts (needs forge clones on railiance01).
### Wave 2 — State Hub home on railiance01
**Goal:** Automation loop machine-local; consistency sweeps write back to
railiance01 checkouts, not workstation paths.
| Step | Action | Done when |
| --- | --- | --- |
| 2.1 | CNPG + storage review on railiance01 | Platform sign-off |
| 2.2 | `CUST-WP-0011-T07` cutover to railiance01 primary | Row counts match; `127.0.0.1:8000` serves railiance01 hub |
| 2.3 | Clone/register 74 repos on railiance01 from Forgejo | `fix-consistency` writebacks use railiance01 paths |
| 2.4 | Retire fleet tunnel `fleet-state-hub-coulombcore` | activity-core reaches hub without coulombcore hop |
| 2.5 | WSL2 fallback retirement (optional, after stabilization) | `CUST-WP-0011-T08/T09` |
**Prereq:** Wave 1 forge (clone source).
### Wave 3 — Core Hub production
**Goal:** `hub.coulomb.social` served from railiance01 Core Hub.
| Step | Action | Done when |
| --- | --- | --- |
| 3.1 | Close `CORE-WP-0005-T04` prerequisites (widget types, auth posture) | Catalog gap resolved |
| 3.2 | Operator-approved cutover with rollback plan | Deployed smoke + activity-core sink green |
| 3.3 | Inter-Hub marked rollback-only | `CORE-WP-0007` unblocks |
**Prereq:** Wave 1 (images via forge CI).
### Wave 4 — issue-core
**Goal:** Emission path is railiance01-local; no coulombcore ClusterIP in path.
| Step | Action | Done when |
| --- | --- | --- |
| 4.1 | Staged-promotion overlay on railiance01 | ArgoCD sync healthy |
| 4.2 | Migrate CNPG + secrets | ExternalSecret Ready |
| 4.3 | Point `ISSUE_CORE_URL` at in-cluster svc | Retire `fleet-issue-core-coulombcore` tunnel |
| 4.4 | Safe emission smoke | HTTP 201 + Gitea/Forgejo issue created |
**Prereq:** Wave 1 (image + gitops); credential lane `CCR-2026-0002` active.
### Wave 5 — GitOps control plane
**Goal:** ArgoCD and ESO run on railiance01 and track Forgejo repos.
| Step | Action | Done when |
| --- | --- | --- |
| 5.1 | ArgoCD overlay on railiance01 | Sync from Forgejo remotes |
| 5.2 | ESO → SecretStore paths updated | Workloads on railiance01 pull secrets |
| 5.3 | Decommission coulombcore ArgoCD Applications | No new syncs to coulombcore-k3s |
**Prereq:** Waves 12 (forge URLs, hub coordination).
### Wave 6 — Application stragglers
Low-coupling apps and evidence lanes that do not block earlier waves:
- llm-connect production profile completion
- ops-hub widget evidence via Core Hub
- artifact-store compatibility endpoint (if approved)
Each uses staged-promotion unless listed under **Documented exceptions**.
### Wave 7 — OpenBao + identity (LAST)
**Goal:** Authentication and secret custody off coulombcore.
| Step | Action | Done when |
| --- | --- | --- |
| 7.1 | OpenBao staged-promotion to railiance01 | Unseal automation (`NET-WP-0020`) proven |
| 7.2 | KeyCape / Authelia / privacyIDEA / lldap migration | OIDC login smoke on railiance01 |
| 7.3 | flex-auth registry points at new identity endpoints | Credential lanes re-pointed |
| 7.4 | CCR/applier paths verified | No production secret reads from coulombcore OpenBao |
**Gate:** `CUST-WP-0054-T09` cannot start until Wave 7 completes.
### Wave 8 — Phoenix to railiance02
Execute `CUST-WP-0054-T09` via T08 automation: wipe coulombcore, rebuild as
railiance02, join fleet. DNS/cert plan for remaining `*.coulomb.social` names.
## Documented exceptions
| Workload | Reason | Target date | Rollback | Approval |
| --- | --- | --- | --- | --- |
| Fleet mesh systemd tunnels | Wave 2/4 not complete; railiance01 reaches coulombcore ClusterIPs | Until Waves 2+4 done | Re-enable workstation reverse tunnels per `docs/fleet-mesh-dehub-runbook.md` | `CUST-WP-0054-T02` cutover 2026-07-03 |
| Core Hub staging on coulombcore | Pre-cutover smoke environment | Until Wave 3 cutover | Keep staging namespace | `CORE-WP-0005` |
| Static `id_ops` SSH key on railiance01 fleet units | `atm-fleet-mesh` cert_command blocked on VAULT_TOKEN | Until warden sign available | ops-bridge or rotated key | `CUST-WP-0054-T02` interim |
No other exceptions as of 2026-07-03. New exceptions require a State Hub
decision or workplan amendment.
## Staged-promotion method (default)
Per `RAIL-BS-WP-0006` (finished):
1. `railiance/<app>/app.toml` + overlay in owning repo
2. Stage 1 deploy → observe → promote with evidence
3. Backup/restore drill before production promotion
4. Rollback revision documented
Apps without overlays yet must get an overlay scaffold before Wave execution.
## Inventory sync
`ops/service-inventory.yml` updated 2026-07-03 for:
- coulombcore `lifecycle_state: draining` on grandfathered production services
- State Hub primary on coulombcore cluster (not workstation)
- railiance01 fleet-mesh and activity-core placement
- ops-bridge on railiance01 via systemd (not workstation hub)
Regenerate catalog view: `make ops-inventory-view`
## Human gates (not agent-executable)
| Gate | Owner | Blocks |
| --- | --- | --- |
| Forgejo T02 production decisions | operator | Wave 1 |
| State Hub railiance01 cutover approval | operator; `CUST-WP-0011-T07` | Wave 2 |
| Core Hub production cutover | operator; `CORE-WP-0005-T04` | Wave 3 |
| OpenBao/identity migration approval | operator + custody | Wave 7 |
| coulombcore phoenix approval | operator | Wave 8 |

View File

@@ -0,0 +1,99 @@
# Credential Custody Unblock Board
Created: 2026-06-27
Updated: 2026-06-30
Owner: the-custodian coordination; credential owners remain with their owning repos.
## Purpose
This board collects the live credential and operator-access gates that block the
infrastructure stabilization plan. It records routes and non-secret evidence
only. It is not a secret store, approval record, or substitute for the owning
repo runbooks.
## Rules
- Do not put secrets in Git, State Hub, workplans, shell history, or chat.
- Use the current ops-warden source CLI for routing if the installed `warden`
lacks `route` commands: `cd /home/worsch/ops-warden && uv run warden route ...`.
- `ops-warden` directly issues SSH certificates. For non-SSH needs it may
route, advise, or proxy an `exec_capable` lane through `warden access` as the
caller, but it does not own custody, mint values, or store secrets.
- Classify credential blockers by environment posture and workload maturity:
dev/test work should use synthetic contract doubles; production real-value
work needs owner custody, policy gates where required, and non-secret evidence.
- OpenBao/API credentials route to `railiance-platform`; interactive identity
routes to `key-cape`; tunnels route to `ops-bridge`; host principal and
force-command deployment routes to `railiance-infra`.
- Evidence may include ids, prefixes, counts, decision ids, HTTP status, and
smoke pass/fail. It must not include credential values.
## Route Records
| Route id | Owner | Scope | ops-warden role | Reference |
| --- | --- | --- | --- | --- |
| `openbao-api-key` | `railiance-platform` | API keys, DB credentials, provider tokens, OpenBao KV/dynamic leases | Assist: route; proxy only as caller when `exec_capable`; custody stays OpenBao | `wiki/CredentialRouting.md#routing-table` |
| `inter-hub-bootstrap-ssh` | `ops-warden` + `railiance-infra` | Inter-Hub bootstrap SSH envelope and force-command pattern | Assist envelope; issue SSH cert only if remote host reachability is used | `wiki/InterHubBootstrapAccessLane.md#worker-checklist` |
| `ssh-cert-host-access` | `ops-warden` | Short-lived SSH cert signing for host reachability | Issue SSH certs directly | `wiki/AccessRouting.md#issue-vs-route` |
| `railiance-infra-principals` | `railiance-infra` | Host SSH principal files and force-command deployment | Route only | `wiki/CredentialRouting.md#routing-table` |
| `key-cape-oidc-login` | `key-cape` | Interactive login, OIDC, MFA, JWT/authentication | Assist login lane when `exec_capable`; identity stays key-cape | `wiki/CredentialRouting.md#quick-decision-tree` |
| `ops-bridge-tunnel` | `ops-bridge` | SSH tunnels and port forwards | Route; supply `cert_command` pattern when needed | `wiki/playbooks/ops-bridge-tunnel-cert.md#migration-checklist` |
## Security-Stage and Maturity Triage
Use ops-warden `wiki/WorkloadSecurityPosture.md` to split vague IT-security
blockers into concrete outcomes.
| Classifier | CUST-WP-0051 interpretation |
| --- | --- |
| Dev/test posture only | Not blocked on production secrets. Use synthetic contract doubles or generated test values. |
| Prod posture with real values | Owner custody and policy gates are required. Record only route id, path/version, decision id, populated-key count, or smoke id. |
| Workload maturity below secret requirement | Real blocker until the workload matures, the secret is reclassified, or the design avoids that secret. |
| Route exists and lane is `exec_capable` | `warden access --fetch/--exec` may remove manual copy/paste as a blocker by proxying the owning tool as the caller. |
| Unseal, break-glass, issuer custody unresolved | Operator ceremony/design blocker; do not bypass with Codex-visible values. |
Current read:
| Gate family | Posture/maturity read |
| --- | --- |
| Inter-Hub / ops-hub runtime keys | Legacy/fallback production real-value gate; implementation can proceed with route evidence, but live smoke waits on OpenBao/operator custody. |
| Core Hub deployed smoke/runtime token | Preferred replacement gate: `CORE_HUB_BASE_URL` is endpoint routing, operator/runtime token custody routes to `openbao-api-key`, and activity-core widget mapping belongs to Core Hub/activity-core. ops-warden does not mint or store this token. |
| activity-core to issue-core | Production service credential gate; the blocker is `ISSUE_CORE_API_KEY` injection/evidence, not repo-side contract work. |
| OpenBao unseal / issuer profile | M3-style operator ceremony. The narrow `warden-sign` lane is verified/banked; broader issuer/profile work remains separate. |
| ops-warden policy gate / warden-sign | Verified and banked: `SECRETS-WP-0004` and `FLEX-WP-0007` are finished, with `decision:032b096c433ad80c`, `ttl_out_of_bounds`, backend `vault`, and no secret material recorded. |
| Forgejo SMTP/package/runner migration | Production credential and recovery-readiness gate; use OpenBao/key-cape/ops-bridge routes, then record non-secret drill evidence. |
## Live Gates
| Gate | Blocking work | Owner and route | Expected execution host | Non-secret evidence | Fallback decision | Next action | Status |
| --- | --- | --- | --- | --- | --- | --- | --- |
| Core Hub deployed evidence and activity-core sink | `CUST-WP-0025-T16`, `CORE-WP-0004-T03/T04`, feeds `CUST-WP-0025-T17` | `openbao-api-key` for operator/runtime token custody; `ops-bridge-tunnel` if the staging URL is private; Core Hub/activity-core for widget mapping | Core Hub staging runtime, operator workstation, or trusted cluster job | deployed-smoke run id, hub/manifest/API-consumer ids, key prefix only, widget/event ids, counts, readiness and containment booleans | Keep Inter-Hub as legacy/fallback until Core Hub evidence exists or explicit supersede decision. | Provide `CORE_HUB_BASE_URL`, approved token custody, activity-core widget id/mapping, then run deployed smoke plus sink smoke. | Waiting on staging/custody handoff |
| Inter-Hub ops-hub bootstrap | `CUST-WP-0049-T06`, unblocks `CUST-WP-0047-T05` | `inter-hub-bootstrap-ssh` for the envelope; `openbao-api-key` for operator/runtime key custody; `ssh-cert-host-access` only for cert signing if remote execution is used | Local workstation with `IHUB_OPERATOR_KEY_FILE`, or trusted host with railiance-infra force-command wrapper | Hub id, manifest id, widget count, runtime key prefix only, bootstrap smoke result, State Hub progress id | Prefer API helper. Use deployment-side migration/bootstrap only by explicit operator approval. Manual SQL remains last-resort and must be recorded as an exception. | Operator materializes Inter-Hub operator key through approved custody, runs the ops-hub helper, stores generated runtime key outside Git, removes temp files. | Ready for operator handoff |
| Ops-hub runtime evidence key | `IHUB-WP-0022-T04`, then `IHUB-WP-0022-T07` | `openbao-api-key` owned by `railiance-platform` / OpenBao | Operator workstation, OpenBao UI/CLI session, or trusted cluster job; not a Codex-visible shell with printed values | OpenBao path/version or populated key count only, token exchange HTTP status, evidence submission smoke id | Attended one-time key file is acceptable only long enough to store in OpenBao and remove; no chat or State Hub transfer. | Store/provide `OPS_HUB_KEY` via OpenBao path, then run Inter-Hub submission smoke. | Waiting on operator custody |
| OpenBao unseal and token automation | `NET-WP-0020`, related OpenBao token-grant and policy-gate blockers | `openbao-api-key` for OpenBao issuer/token paths; `railiance-infra-principals` for host policy; `ssh-cert-host-access` for cert signing; `key-cape-oidc-login` for login/MFA | OpenBao operator terminal, cluster-admin context, or trusted railiance-infra deployment path | Policy names, role names, token accessor only, decision ids, allow/deny smoke result | Keep attended ceremony path until auto-unseal/profile is explicitly approved. Do not invent `warden secret` or paste `VAULT_TOKEN`. | Broader custody profile remains open; do not treat the completed `warden-sign` lane as a general OpenBao credential helper. | Needs operator design/approval |
| ops-warden policy gate / warden-sign lane | `SECRETS-WP-0004`, `FLEX-WP-0007` | secrets-engine owned the OpenBao lane; flex-auth owned the policy decision runtime; ops-warden ran the smoke | CoulombCore via deployed flex-auth runtime `127.0.0.1:18090` and production OpenBao | `decision:032b096c433ad80c`, `ttl_out_of_bounds`, backend `vault`, no token/role/secret/accessor values | Keep `policy.enabled` off until testing/production maturity; live enforcement is an ops-warden operator posture decision. | No CUST action. Bank the verified gate and avoid reopening it as a generic credential blocker. | Verified/banked |
| Forgejo production migration | `RAIL-HO-WP-0005` T02/T06/T11/T12 | `openbao-api-key` for SMTP/package/provider credentials; `key-cape-oidc-login` for login/MFA; `ops-bridge-tunnel` or `ssh-cert-host-access` only for host reachability | Forgejo admin/browser session, railiance01 trusted host, or approved GitOps/deployment path | Decision record id, hostname/exposure choice, SMTP sender/domain alignment, password-reset smoke, backup/restore drill id, package pull smoke, cutover approval id | Keep Gitea as read-only rollback until stabilization passes; do not retire legacy Gitea without explicit approval. | Resolve production choices, store SMTP credentials through OpenBao, run recovery and migration drills, then request cutover approval. | Needs human production decisions |
## Route Lookup Commands
```bash
cd /home/worsch/ops-warden
uv run warden route show openbao-api-key --json
uv run warden route show inter-hub-bootstrap-ssh --json
uv run warden route show ssh-cert-host-access --json
uv run warden route show railiance-infra-principals --json
uv run warden route show key-cape-oidc-login --json
uv run warden route show ops-bridge-tunnel --json
```
## Pickup Order
1. Core Hub deployed evidence and activity-core sink smoke, because this is
the preferred replacement proof for ops-hub evidence and can supersede
legacy Inter-Hub waits once real staging evidence exists.
2. Keep Inter-Hub ops-hub bootstrap and runtime keys as legacy/fallback only
unless the operator explicitly chooses rollback or compatibility proof.
3. OpenBao custody profile, because several credential-helper and policy-gate
blockers collapse once a narrow issuer path exists.
4. Forgejo production decisions, because those require human design approval
before execution can be responsibly automated.

View File

@@ -0,0 +1,86 @@
# Daily-Triage Stabilization Status
Updated: 2026-06-30
## Purpose
Track the current daily-triage blocker chain for `CUST-WP-0051-T04` without
duplicating the source activity-core workplans.
## Current Evidence
State Hub `daily_triage` progress shows the scheduled activity-core runner is
alive and can write both State Hub progress and working-memory notes.
Recent scheduled run evidence:
| Date | State Hub event | Result |
| --- | --- | --- |
| 2026-06-24 | `8b4c16ee-ac47-4581-b3ee-a23fc1f682e6` | schema-valid daily triage, working memory written |
| 2026-06-25 | `cbba6bc0-14cb-492b-ab23-74b9349326c8` | schema-valid daily triage, working memory written |
| 2026-06-26 | `97fd20a0-eee0-45ea-8290-6d91874e1515` | validation failed at char 5268, working memory written |
| 2026-06-27 | `c5ab50a8-404b-4e30-849f-841b059ace65` | validation failed at char 5246, working memory written |
| 2026-06-28 | `f0d8477e-1db9-4c07-bb8c-d28cbb868abc` | schema-valid daily triage, working memory written; still emitted 10 recommendations |
| 2026-06-29 | `176d2ea7-f0e3-48cd-999b-4ab6055c6a55` | schema-valid daily triage, working memory written; still emitted 10 recommendations |
| 2026-06-30 | `27d695b2-a537-481b-ada6-ca84ec24cd96` | schema-valid daily triage, working memory written; still emitted 10 recommendations |
The 2026-06-26 and 2026-06-27 failures are both overlong malformed JSON
responses from `daily-triage-report`. They are not missed schedules and they are
not silent sink failures. The 2026-06-28 through 2026-06-30 events restore a
three-run schema-valid streak, but they do not prove the bounded WP-0016
contract because the reports still emit 10 recommendations instead of the
targeted top-N framing.
## Current Blocker
The old `ACTIVITY-WP-0010` State Hub bridge note is partially superseded by the
newer evidence: scheduled runs are reaching State Hub and the working-memory
sink. The current primary blocker is that the live activity-core runtime still
uses an output path that can discard the whole report when the model emits a
malformed tail.
`ACTIVITY-WP-0016` has the repo-side mitigation:
- strict bounded report schema;
- item-granular recovery and quarantine;
- producer guardrails and ADR-004;
- regression tests for the 2026-06-26 failure shape.
The remaining gate is the live contract/smoke path:
1. Deploy the WP-0016 code and schema together.
2. Update the Railiance runtime prompt bundle with bounded top-N instructions,
per-item framing, value vocabularies, and sufficient `max_tokens` headroom.
3. Run a live daily-triage smoke on railiance01 and confirm malformed-tail
output degrades to partial valid output with quarantined items.
4. Record the 2026-06-28 / 2026-06-29 / 2026-06-30 three-clean-run
calibration result with the caveat that top-N contract adoption is still
pending.
## Hygiene Note
The State Hub task index currently shows stale duplicate tasks for
`ACTIVITY-WP-0016` in addition to the source-file task records. Before relying
on activity-core task counts for triage ranking, run activity-core consistency
sync and prune or reconcile any stale generated task rows that are no longer
linked from the workplan file.
2026-06-27 status-normalization: ACTIVITY-WP-0016 source task blocks now
match the progress notes for T04 (done) and T05 (progress). Remaining hygiene is
to remove or reconcile stale duplicate task rows from the State Hub index.
2026-06-27 gate cleanup: ACTIVITY-WP-0010-T02 is now done because scheduled
runner evidence proves the State Hub sink and working-memory path are reachable.
The live human-needed notes now sit on the post-deployment smoke, WP-0016 live
proof, and three-clean-run calibration tasks.
2026-06-30 recheck: State Hub now has schema-valid scheduled `daily_triage`
events for 2026-06-28 (`f0d8477e-1db9-4c07-bb8c-d28cbb868abc`), 2026-06-29
(`176d2ea7-f0e3-48cd-999b-4ab6055c6a55`), and 2026-06-30
(`27d695b2-a537-481b-ada6-ca84ec24cd96`), all with working-memory notes. This
is enough to bank the scheduling/sink/schema-validity streak for calibration,
but not enough to close the WP-0016 live-proof gate: the reports still contain
10 recommendations rather than the bounded top-N contract, and the local
activity-core worktree already has separate in-flight diagnostic/status changes
that should be committed by their owner before Custodian treats them as source
truth.

View File

@@ -0,0 +1,14 @@
[
{
"status": "posted",
"verified": true,
"eventId": "ae43db56-902d-411a-a495-25acd464fdd8",
"eventType": "ops-endpoint-verified",
"environment": "core-hub-staging",
"apiConsumerId": "6cfcbc56",
"apiConsumerKeyPrefix": "ch_ztkSv9PK",
"widgetId": "6768aaa2",
"containmentConfirmed": true,
"notes": "Non-secret evidence stub from CORE-WP-0004-T04 deployed activity-core Core Hub sink smoke."
}
]

View File

@@ -0,0 +1,27 @@
{
"ok": true,
"runId": "20260702235645-59bf1e",
"baseUrl": "https://hub.coulomb.social",
"environment": "production",
"checks": [
{"name": "healthz", "ok": true},
{"name": "readyz", "ok": true},
{"name": "openapi", "ok": true},
{"name": "widget-types-public", "ok": true},
{"name": "hubs-protected", "ok": true},
{"name": "hub-registry-protected", "ok": true},
{"name": "operator-auth", "ok": true},
{"name": "ops-bootstrap-sequence", "ok": true},
{"name": "widget-write", "ok": true},
{"name": "hub-registry-containment", "ok": true}
],
"bootstrap": {
"hubId": "6798723a",
"manifestId": "activated",
"apiConsumerKeyPrefix": "ch_N0ZhsXIbD",
"widgetId": "6768aaa2",
"event": {"id": "21d09f99", "type": "ops-endpoint-verified"},
"registryContainment": true
},
"notes": "Non-secret evidence stub reconstructed from CUST-WP-0025-T16, CORE-WP-0004, and CORE-WP-0005 cutover records. Staging run 20260702143544-6c8f18 preceded this production smoke."
}

View File

@@ -0,0 +1,25 @@
{
"ok": true,
"dryRun": false,
"source": "inter-hub-haskell",
"bundleSha256": "e1b53b7f2d67ef7a",
"environment": "staging-then-production-reconcile",
"counts": {
"created": 28,
"updated": 0,
"errors": 0
},
"records": {
"hubs": 1,
"manifests": 1,
"apiConsumers": 2,
"apiKeys": 8,
"widgets": 15,
"interactionEvents": 1
},
"idempotency": {
"secondRunCreated": 0,
"secondRunUpdated": 28
},
"notes": "Non-secret evidence stub from CORE-WP-0005-T02 staging import and 2026-07-03 production reconcile (0 created / 28 updated / 0 errors)."
}

View File

@@ -0,0 +1,41 @@
{
"ok": true,
"readyForCutover": true,
"openGates": ["legacy_inter_hub_reference"],
"gates": [
{
"name": "deployed_api_smoke",
"ok": true,
"reason": "ok",
"evidence": {
"runId": "20260702235645-59bf1e",
"checks": 10,
"eventId": "21d09f99"
}
},
{
"name": "staging_import",
"ok": true,
"reason": "ok",
"evidence": {
"source": "inter-hub-haskell",
"bundleSha256": "e1b53b7f2d67ef7a",
"dryRun": false,
"counts": {"created": 28, "updated": 0, "errors": 0}
}
},
{
"name": "activity_core_sink",
"ok": true,
"reason": "ok",
"evidence": {"posted": 1}
},
{
"name": "legacy_inter_hub_reference",
"ok": false,
"reason": "missing legacy Inter-Hub reference smoke evidence",
"evidence": {"provided": false}
}
],
"notes": "Generated 2026-07-08 via Core Hub operator-cli readiness-summary. Legacy Inter-Hub gate is optional rollback evidence only."
}

View File

@@ -0,0 +1,147 @@
# Fleet Mesh De-Hub Runbook (CUST-WP-0054-T02)
Date: 2026-07-03
Workplan: `CUST-WP-0054-T02`
Architecture: `docs/workstation-independence-fleet-architecture.md`
## Goal
Remove the workstation from production data paths between railiance01
(activity-core) and coulombcore (State Hub cluster, issue-core). Workstation
tunnels become interactive dev access only.
## Before (workstation hub)
```
railiance01:18000 ──reverse──► workstation:8000 ──forward──► coulombcore cluster State Hub
railiance01:18765 ──reverse──► workstation:18765 ──forward──► coulombcore cluster issue-core
```
## After (fleet-owned)
```
railiance01:18000 ──forward via SSH to coulombcore──► 10.43.170.94:8000 (State Hub)
railiance01:18765 ──forward via SSH to coulombcore──► 10.43.103.154:8765 (issue-core)
```
activity-core `actcore-state-hub-bridge` and `actcore-issue-core-bridge` keep
proxying to `127.0.0.1:18000` and `127.0.0.1:18765` on the railiance01 node.
## Prerequisites
| Item | Check |
| --- | --- |
| ops-bridge installed on railiance01 | `which bridge` |
| SSH key authorized on coulombcore | `ssh -i ~/.ssh/id_ops tegwick@92.205.130.254 true` from railiance01 |
| ClusterIPs current | `state-hub-primary` and `issue-core-coulombcore` workstation tunnels |
| warden `atm-fleet-mesh` (target) | `cert_command` migration after static-key smoke passes |
Reference config: `infra/fleet-mesh/railiance01-tunnels.yaml`
## Install (railiance01)
railiance01 ships the kernel `bridge` utility (`iproute2`), not ops-bridge. Use the
systemd user units in `infra/fleet-mesh/systemd/` (or the installer script).
```bash
# From the-custodian repo on the workstation
bash infra/fleet-mesh/install-railiance01.sh railiance01
```
The installer copies:
- `infra/fleet-mesh/systemd/*.service``~/.config/systemd/user/`
- `infra/fleet-mesh/railiance01-tunnels.yaml``~/.config/bridge/tunnels.yaml` (reference for future ops-bridge install)
- `~/.ssh/id_ops` → railiance01 (static key interim; migrate to `atm-fleet-mesh` + `cert_command`)
Enable lingering so user units survive logout/reboot:
```bash
ssh railiance01 'sudo loginctl enable-linger tegwick'
```
## Cutover
```bash
# 1. Stop workstation reverse tunnels (one at a time — ops-bridge CLI)
bridge down state-hub-railiance01
bridge down issue-core-railiance01
# 2. Start fleet-owned forward tunnels on railiance01 (systemd)
ssh railiance01 'systemctl --user enable --now fleet-state-hub-coulombcore fleet-issue-core-coulombcore'
# 3. Smoke from railiance01 node
ssh railiance01 'curl -sf http://127.0.0.1:18000/state/health && curl -sf http://127.0.0.1:18765/healthz'
```
**Cutover evidence (2026-07-03):** workstation reverse tunnels stopped;
railiance01 systemd forwards healthy; `actcore-*-bridge` pods 1/1; progress
write through fleet path succeeded (event `647b70c0`).
## Verify production (partial T10 rehearsal)
With workstation reverse tunnels **down**, confirm:
```bash
# Bridge pods healthy
ssh railiance01 'kubectl -n activity-core get pods -l app.kubernetes.io/part-of=activity-core | grep bridge'
# Consistency sweep API (from railiance01 cluster network)
ssh railiance01 'kubectl -n activity-core exec deploy/actcore-api -- python -c "
import urllib.request
print(urllib.request.urlopen(\"http://actcore-state-hub-bridge:8000/state/health\").read().decode())
"'
# Issue-core bridge
ssh railiance01 'kubectl -n activity-core exec deploy/actcore-api -- python -c "
import urllib.request
print(urllib.request.urlopen(\"http://actcore-issue-core-bridge:8765/healthz\").read().decode())
"'
```
Optional emission smoke (safe label only): trigger a known-safe activity-core
run or use the issue-core REST sink checklist from
`near-term-production-service-lanes-status.md`.
## Persist across reboot
Systemd user units are enabled via `install-railiance01.sh`. Confirm:
```bash
ssh railiance01 'loginctl show-user tegwick -p Linger; systemctl --user is-enabled fleet-state-hub-coulombcore fleet-issue-core-coulombcore'
```
When ops-bridge is installed on railiance01, `railiance01-tunnels.yaml` is the
drop-in config; until then systemd units are the production implementation.
## Rollback
```bash
ssh railiance01 'bridge down fleet-state-hub-coulombcore fleet-issue-core-coulombcore'
bridge up state-hub-railiance01 issue-core-railiance01
```
## Workstation tunnel policy after cutover
| Keep (interactive dev) | Retire from production dependency |
| --- | --- |
| `state-hub-primary` (MCP/agents) | `state-hub-railiance01` |
| `k3s-api-*` | `issue-core-railiance01` |
| `state-hub-mcp-*` | — |
| `issue-core-coulombcore` (workstation dev only) | — |
Production on railiance01 must not depend on any workstation tunnel.
## WireGuard evaluation
Current fleet mesh uses two forward tunnels (~2 units). WireGuard successor is
deferred until persistent unit count exceeds ~5 per workplan T02.
## cert_command migration (follow-on)
Replace static `id_ops` with `atm-fleet-mesh` + `cert_command`:
1. Register `atm-fleet-mesh` in warden inventory and CoulombCore `ssh_principals.yaml`
2. Generate dedicated keypair on railiance01
3. Set `cert_command: "warden sign atm-fleet-mesh --pubkey ..."` per
`ops-warden/wiki/playbooks/ops-bridge-tunnel-cert.md`

View File

@@ -0,0 +1,212 @@
# Forgejo Production Decisions (Wave 1)
Date: 2026-07-03
Workplans: `RAIL-HO-WP-0005-T02`, `CUST-WP-0054-T04`
Operator input: 2026-07-03
## Decision log
| # | Topic | Decision | Status | Evidence (2026-07-03) |
| --- | --- | --- | --- | --- |
| 1 | **Production hostname** | `forgejo.coulomb.social` | **decided** | DNS A → `92.205.62.239` (railiance01); HTTPS reaches Traefik on railiance01 |
| 2 | Exposure model | Private HTTPS via railiance01 Traefik ingress + cert-manager `letsencrypt-prod` | **decided** | Same pattern as Gitea (`manifests/forgejo-ingress.yaml` in `railiance-apps`) |
| 2b | Deployment pattern | `gitea-charts/gitea` **12.5.0** Helm + Forgejo image; CNPG `forgejo-db` in `railiance-platform`; Makefile in `railiance-apps` | **decided** | Chart 12.6+ requires Gitea 1.26 `config edit-ini` (incompatible with Forgejo 11); see `railiance-apps/docs/forgejo-on-railiance01.md` |
| 2c | Live deploy | Forgejo pod + ingress + TLS on railiance01 | **done** (2026-07-03) | `make forgejo-smoke` → HTTP 200 + OCI `/v2/` 401 challenge; cert `forgejo-tls` Ready |
| 3 | Gitea during transition | `gitea.coulomb.social` on coulombcore remains canonical **until** Forgejo restore/migration drills pass; then read-only mirror | unchanged | Per `RAIL-HO-WP-0005` safety contract |
| 4 | SMTP / password reset | **IONOS** SMTP; sender `forgejo@coulomb.social`; OpenBao/ESO mailer on railiance01 | **done** (2026-07-08) | `smtp.ionos.de:587` + `smtp+starttls`; T06 verified |
| 5 | Package registry scope | **Multi-ecosystem (Option C):** OCI + **npm** + generic; PyPI/Go/Maven/Helm as inventory proves need | **decided** (2026-07-08) | OCI live; npm is launch requirement — see § Package scope |
| 6 | Actions runner model | **In-cluster** on railiance01: `forgejo-runner` Deployment + DinD (`railiance01-build-01`) | **done** (2026-07-03) | Runner 2/2 Ready; coulombcore host runner disabled; `image-build` probe pushed OCI image via org secrets |
| 7 | Backup target + retention | **Option A:** age-encrypted `forgejo dump` + `pg_dump`**Nextcloud** WebDAV | **decided** (2026-07-09) | See § Backup; T04/T09 implementation |
| 8 | Cutover mode | **Option A:** staged per-repo promotion (no org-wide freeze) | **decided** (2026-07-09) | See § Cutover; tiers 02.5 + partial tier-3 proven |
## Hostname decision detail
**Chosen hostname:** `https://forgejo.coulomb.social`
| Field | Value |
| --- | --- |
| DNS | `forgejo.coulomb.social``92.205.62.239` (railiance01) |
| Edge | railiance01 k3s Traefik (`kube-system/traefik` LoadBalancer) |
| Target machine | railiance01 (production home per `CUST-WP-0054`) |
| Canonical git remote (post-cutover) | `https://forgejo.coulomb.social/coulomb/<repo>.git` |
| OCI registry (post-cutover) | `forgejo.coulomb.social/coulomb/<image>` |
### Live probe (2026-07-03, post-deploy)
```bash
getent hosts forgejo.coulomb.social # 92.205.62.239
curl -fsS -o /dev/null -w '%{http_code}\n' https://forgejo.coulomb.social/ # 200
curl -sSI -X GET https://forgejo.coulomb.social/v2/ | grep -i docker-distribution # registry/2.0
KUBECONFIG=~/.kube/config-hosteurope kubectl get pods,ingress,certificate -n forgejo
```
Forgejo is serving HTTPS with a valid Let's Encrypt cert. Gitea on coulombcore
remains canonical for git remotes until migration drills pass.
### Implications for CUST-WP-0054
- Wave 1 can proceed with a fixed hostname for overlays, ingress manifests, and
CI `IMAGE_REPOSITORY` variables.
- State Hub / sweep checkouts on railiance01 (T05) should clone from
`forgejo.coulomb.social` once cutover completes.
- Runners and image-build CI are proven; first repo migration pilot
(`glas-harness`) documents git/SSH/CI routing in
`docs/forgejo-repo-migration-pilot-glas-harness.md`.
- Remaining blockers for production cutover: **scheduled backup automation**
(T04/T09 per Option A), npm/package hardening (T07), and staged per-repo
migration execution (`RAIL-HO-WP-0005-T10` / `T11`).
## SMTP decision (IONOS) — 2026-07-07
**Provider:** IONOS mail for `coulomb.social` and subdomains (operator owns DNS zone
via IONOS; mailboxes provisioned in IONOS control panel).
**Recommended Forgejo mailer settings** (non-secret; password in
`railiance-apps/helm/forgejo-secrets.sops.yaml`):
| Field | Value |
| --- | --- |
| `MAILER_TYPE` | `smtp` |
| `HOST` | `smtp.ionos.com:587` (EU accounts may use `smtp.ionos.de:587`) |
| `IS_TLS_ENABLED` | `true` (STARTTLS on 587) |
| `FROM` | `forgejo@coulomb.social` (or dedicated `noreply@…` mailbox) |
| `USER` | full mailbox address (same as `FROM` unless using a shared relay mailbox) |
| `PASSWD` | IONOS mailbox password — SOPS only, never Git plaintext |
**Operator setup checklist:**
1. Create mailbox in IONOS (e.g. `forgejo@coulomb.social`).
2. Confirm SPF includes IONOS (`include:_spf-eu.ionos.com` or current IONOS
guidance for the zone).
3. Enable DKIM in IONOS for `coulomb.social` if offered.
4. Store mailbox password in `helm/forgejo-secrets.sops.yaml` under
`gitea.config.mailer.PASSWD`; redeploy Forgejo.
5. T06 gate: trigger password reset for a controlled non-admin test account;
confirm delivery and link works.
**Implementation:** `railiance-apps/docs/forgejo-on-railiance01.md` (SMTP section).
Password in OpenBao `platform/workloads/forgejo/forgejo-mailer` (field `PASSWD`).
## Package scope decision (Option C) — 2026-07-08
**Operator choice:** Multi-ecosystem registry — not OCI-only at launch.
| Phase | Package types | Status |
| --- | --- | --- |
| **Now (proven)** | OCI container images | Live — tier 03 CI (`container-build-push` templates) |
| **Launch requirement** | **npm** | Decide → implement in T07 (auth, publish/pull docs, CI template) |
| **In scope** | Generic (release tarballs/binaries) | Enable with retention policy |
| **As needed** | PyPI, Go, Maven, Helm | Add per repo only after T01 inventory shows Gitea package data or an explicit consumer need |
**Rationale:** Railiance needs npm publishing; other ecosystems follow evidence, not
a big-bang enable-everything default.
**Implications:**
- T07 expands beyond OCI smoke: npm publish/pull runbook, org/repo token policy,
retention/cleanup for non-OCI blobs.
- T09 backups must include **all enabled package types** under `/data/packages`.
- T01 authenticated Gitea inventory should classify existing npm (and other) package
data before cutover waves.
**Forgejo endpoints (post-cutover):**
| Type | URL pattern |
| --- | --- |
| OCI | `forgejo.coulomb.social/coulomb/<image>` |
| npm | `https://forgejo.coulomb.social/api/packages/coulomb/npm/` (configure scope in T07) |
| Generic | per-repo generic package API |
## Backup decision (Option A) — 2026-07-09
**Operator choice:** Extend the existing **Railiance platform backup lane**
age-encrypted artifacts uploaded to **Nextcloud WebDAV** (same pattern as
`railiance-platform` `make backup` / coulombcore `railiance-backup`).
| Component | Method | Schedule |
| --- | --- | --- |
| **Forgejo blob state** | `forgejo dump` zip (repos, packages incl. OCI/npm/generic, attachments, LFS, avatars) | Daily |
| **PostgreSQL** | `pg_dump` from CNPG `forgejo-db` (logical; no WAL/PITR in Phase 1) | Daily |
| **Encryption** | age (platform backup public key) before upload | per artifact |
| **Destination** | Nextcloud WebDAV file drop (off-node) | upload after each run |
| **Restore proof** | Re-run `tools/forgejo-restore-drill.sh` from automated backup quarterly | manual gate |
**Retention (balanced profile):**
| Artifact | Keep |
| --- | --- |
| Daily dumps | 14 rotations |
| Weekly dumps | 4 rotations (promote Sunday daily or explicit weekly job) |
| Local cache (if any) | 7 copies per type (match existing `railiance-backup` prune) |
**RPO / RTO targets:**
| Metric | Target |
| --- | --- |
| **RPO** | 24 hours (daily schedule) |
| **RTO** | 4 hours (operator response + restore drill path + validation) |
**Implementation owners:**
- `railiance-platform``make forgejo-backup` (or extend `make backup`): cron
schedule, age encrypt, Nextcloud upload, retention prune.
- `railiance-infra` — restore runbook + quarterly drill evidence (`T09`).
- `railiance-apps` — no backup secrets in Git; dump runs against live pod.
**Explicitly not in scope (Phase 1):** CNPG WAL archiving to S3/MinIO; on-node-only
backups without Nextcloud upload. Revisit if dump size or RPO requirements outgrow
daily logical backup.
**Promotion gate:** No further tier-3 repo cutovers until automated daily backups
have succeeded **7 consecutive days** and one restore drill uses a Nextcloud
artifact (not workstation `/tmp`).
## Cutover decision (Option A) — 2026-07-09
**Operator choice:** **Staged per-repo** promotion — continue the proven migration
ladder; **no** org-wide freeze-all window.
**Per-repo sequence (T11):**
1. Gitea backup snapshot before promotion.
2. Mirror/sync git to Forgejo if not already present.
3. Verify Forgejo Actions and packages (OCI/npm per repo).
4. Switch workstation `origin``forgejo-remote`; retain `gitea` legacy remote.
5. Update State Hub `remote_url` and railiance01 sweep checkouts when promoted.
6. Mark **that** Gitea repo read-only; do not delete (safety contract).
7. Stabilization window before the next repo (operator judgment; `state-hub` used 7d).
**Explicitly rejected for primary plan:** org-wide freeze-all cutover (Option B).
Freeze-all remains documented only as an **emergency fallback** if staged drift
becomes unacceptable — not the default path.
**Rollback (per repo):** Re-point `origin` to `gitea-remote`; Forgejo copy becomes
stale mirror. No Gitea repo deletes for ≥90 days after promotion. Gitea Helm stays
until T12 explicit approval.
**Gates before each tier-3 promotion:**
- T09 automated daily backups: 7 consecutive successes (Option A).
- T01 inventory classification for that repo (issues/wiki/LFS/packages).
- Operator explicit approval for Wave-1 production repos (`CUST-WP-0054`).
**Evidence:** tiers 02.5 complete; `glas-harness` pilot;
`state-hub` cutover under `CUST-WP-0054-T05`.
## T02 decision set — complete (2026-07-09)
All Wave-1 production design choices for Forgejo are decided:
| # | Topic | Option |
| --- | --- | --- |
| Hostname / exposure / deploy | decided 2026-07-03 |
| SMTP | IONOS + OpenBao/ESO (T06 done) |
| Package scope | Option C (OCI + npm + generic) |
| Actions runner | In-cluster ADR-004 |
| Backup | Option A (Nextcloud + age) |
| Cutover | **Option A (staged per-repo)** |
## Open decisions (need operator input)
_All T02 items decided as of 2026-07-09._ Implementation tracks: T04/T09 backup
automation, T07 npm hardening, T10/T11 staged migration waves.

View File

@@ -0,0 +1,194 @@
# Forgejo Repo Migration Pilots (tier 12)
Date: 2026-07-03 (tier 1), 2026-07-04 (tier 2)
Workplan: `CUST-WP-0054-T04`, `RAIL-HO-WP-0005-T10`
Pilots: `glas-harness` (tier 1), `key-cape` (tier 2)
---
## Tier 1 — glas-harness
Pilot repo: `coulomb/glas-harness` (non-production tooling; safe routing drill)
## Why this repo
| Criterion | glas-harness |
| --- | --- |
| Production dependency | None — harness meta-framework, not deployed |
| Size / complexity | 3 commits, no container image, no submodules |
| Blast radius | Low — wrong remote or CI failure does not break triage, State Hub, or emission |
| State Hub registration | Not in active production sweep set |
Use lessons here before migrating `state-hub` (high value, high risk).
## Pilot outcome (2026-07-03)
| Step | Result | Notes |
| --- | --- | --- |
| Create repo on Forgejo | **pass** | `POST /api/v1/orgs/coulomb/repos` |
| Mirror git history (HTTPS) | **pass** | `main` @ `e35e287` pushed with admin token |
| SSH `forgejo-remote` push | **pass** | After adding `id_gitea.pub` to `forgejo_admin`; NodePort `92.205.62.239:30022` |
| `origin` → Forgejo, `gitea` legacy remote | **pass** | `origin=forgejo-remote:…`, `gitea=gitea-remote:…` |
| Actions `ci-smoke` (host + container) | **pass** | `host-smoke` (`self-hosted`) + `container-smoke` (`ubuntu-latest`) both `success` |
| Gitea left intact | **pass** | No delete; Gitea still at `e35e287` until mirror sync policy defined |
## Routing that works
### Git remotes (workstation)
Add to `~/.ssh/config` (see `FORGEJO-REMOTE` block):
```ssh
Host forgejo-remote
HostName 92.205.62.239
Port 30022
User git
IdentityFile ~/.ssh/id_gitea
StrictHostKeyChecking accept-new
```
Per-repo layout after cutover:
```bash
git remote rename origin gitea # if still on Gitea
git remote add origin forgejo-remote:coulomb/<repo>.git
git push -u origin main
```
Canonical URL: `https://forgejo.coulomb.social/coulomb/<repo>.git`
### HTTPS fallback (automation / first push)
Admin or user token with `write:repository`:
```bash
git push "https://<user>:<token>@forgejo.coulomb.social/coulomb/<repo>.git" main
```
### CI runner labels (railiance01-build-01)
| Label | Works for | Evidence |
| --- | --- | --- |
| `self-hosted` | Host runner smoke | glas-harness `host-smoke` |
| `ubuntu-latest` | Container step jobs | glas-harness `container-smoke` |
| `container-build` | Docker build/push jobs | forgejo-actions-probe `image-build` |
### Registry / image CI (from prior probe)
- Org secrets `REGISTRY_USER` / `REGISTRY_TOKEN` via `PUT /api/v1/orgs/coulomb/actions/secrets/{name}` with plaintext `data` (HTTPS API).
- Host runner has **no** `docker` CLI and **cannot** `apk add` (non-root). Use **static docker binary** in the job step.
- `actions/checkout@v4` **fails** on host runner — use `git clone` in the job until resolved.
## Routing that does not work yet
| Gap | Impact | Mitigation for next repos |
| --- | --- | --- |
| ~~`tegwick` not on Forgejo~~ | **Resolved 2026-07-04**`tegwick` admin user + `workstation-automation` SSH key; `forgejo-remote` greets `Hi there, tegwick!` | Add other operator keys before team cutover |
| No automated Gitea→Forgejo mirror | Gitea copy drifts after Forgejo becomes canonical | Staged cutover: freeze Gitea pushes, one-way mirror, or retire Gitea remote after verification |
| `actions/checkout@v4` on host runner | Breaks multi-step workflows that depend on checkout | `git clone` in `run:` step (see image-build probe) |
| Issues/wiki/releases/LFS | Not exercised in pilot | Classify per repo in migration inventory before production repos |
| State Hub `remote_url` field | Still points at `gitea-remote:…` for most repos | Update registration when repo is promoted (separate step; not done for glas-harness) |
## Repeatable procedure (non-production repo)
1. Confirm repo is **not** in a production drain wave or has explicit operator approval.
2. Create empty repo on Forgejo (`auto_init: false` if mirroring existing history).
3. Push all branches/tags from workstation clone (HTTPS or SSH).
4. Add `forgejo-remote` remote; rename Gitea remote to `gitea`; set `origin` to Forgejo.
5. Add `.forgejo/workflows/` smoke (and image workflow if applicable).
6. Verify Actions green on Forgejo runner.
7. Leave Gitea repo read-only; do not delete (safety contract).
8. Record results in this doc or a per-repo row in the migration inventory.
## Tier 2 — key-cape (2026-07-04)
Pilot repo: `coulomb/key-cape` — non-production identity tooling with a real
multi-stage `Dockerfile` (Go build + distroless).
| Step | Result | Notes |
| --- | --- | --- |
| Mirror git to Forgejo | **pass** | `main` mirrored; `origin=forgejo-remote` |
| Port `.gitea/workflows/image.yaml``.forgejo/workflows/image.yaml` | **pass** | Archive checkout + static docker-cli; no `actions/checkout` |
| Build and push on `container-build` | **pass** | `build-and-push` workflow `success` @ `ec706da` |
| k3s pull on railiance01 | **pass** | `sudo crictl pull forgejo.coulomb.social/coulomb/key-cape:latest` |
Workflow pattern (tier 2+):
```yaml
# Checkout: repo archive (no git binary required on non-root runner)
wget -qO /tmp/repo.tar.gz "https://forgejo.coulomb.social/${GITHUB_REPOSITORY}/archive/${GITHUB_SHA}.tar.gz"
tar xzf /tmp/repo.tar.gz -C buildctx --strip-components=1
# Build: static docker-cli + DOCKER_HOST=tcp://127.0.0.1:2375
```
Image: `forgejo.coulomb.social/coulomb/key-cape:latest`
## Tier 2.5 — railiance stack (2026-07-04)
Infra/platform repos promoted before tier-3 production set. Canonical remote is
Forgejo; Gitea `gitea` remote retained for rollback mirror.
| Repo | Forgejo | `origin` | CI workflow | Notes |
| --- | --- | --- | --- | --- |
| `railiance-enablement` | yes | `forgejo-remote` | `ci-smoke` + templates in `workflows/` | S4 canonical templates |
| `railiance-infra` | yes | `forgejo-remote` | `ci-smoke` | |
| `railiance-apps` | yes | `forgejo-remote` | `ci-smoke` | |
| `railiance-platform` | yes | `forgejo-remote` | `ci-smoke` | Local uncommitted `Makefile`/helm edits not in promotion |
| `railiance-cluster` | yes | `forgejo-remote` | `ci-smoke` | |
Promotion helper: `railiance-enablement/tools/promote-repo-to-forgejo.sh`
Template docs: `railiance-enablement/docs/forgejo-actions-workflow-templates.md`
Operator SSH (2026-07-04): user `tegwick` on Forgejo (admin, `coulomb` Owners
team); workstation key moved from `forgejo_admin` to `tegwick`.
## Tier 3 — state-hub + hub-core (2026-07-06)
Production repos promoted with operator approval for tier-3 start.
| Repo | Forgejo | `origin` | CI | Hub `remote_url` | Notes |
| --- | --- | --- | --- | --- | --- |
| `hub-core` | yes | `forgejo-remote` | `ci-smoke` green | `forgejo-remote:coulomb/hub-core.git` | Dependency for state-hub image |
| `state-hub` | yes | `forgejo-remote` | `ci-smoke` + `build-and-push` green @ `f9f0091` | `forgejo-remote:coulomb/state-hub.git` | Multi-repo image vendors `hub-core` into `Dockerfile.ci` at build time (runner has no buildx) |
Workflow lessons (state-hub `image.yaml`):
- Forgejo `/archive/{full_sha}.tar.gz` can hang — use **short SHA** for primary repo.
- Extra repos (`hub-core`) must fetch from **`main`**, not the primary commit SHA.
- `container-build` runner DinD is **legacy docker** — no `--build-context`; vendor
`hub-core` into `buildctx/_hub_core_src/` and `sed``Dockerfile.ci`.
### Tier 3 — issue-core (2026-07-06)
| Repo | Forgejo | `origin` | CI | Hub `remote_url` | Notes |
| --- | --- | --- | --- | --- | --- |
| `issue-core` | yes | `forgejo-remote` | `ci-smoke` + `build-and-push` green @ `6718618` | `forgejo-remote:coulomb/issue-core.git` | Single-repo image; short-SHA archive checkout |
### Tier 3 — core-hub (2026-07-06)
| Repo | Forgejo | `origin` | CI | Hub `remote_url` | Notes |
| --- | --- | --- | --- | --- | --- |
| `core-hub` | yes | `forgejo-remote` | `ci-smoke` + `build-and-push` green @ `df6ed8a` | `forgejo-remote:coulomb/core-hub.git` | `uv sync --frozen` multi-stage image |
### Tier 3 — activity-core (2026-07-06)
| Repo | Forgejo | `origin` | CI | Hub `remote_url` | Notes |
| --- | --- | --- | --- | --- | --- |
| `activity-core` | yes | `forgejo-remote` | `ci-smoke` + `build-and-push` green @ `34c6492` | `forgejo-remote:coulomb/activity-core.git` | Production automation host; already on railiance01 |
**Tier 3 production set complete** (`state-hub`, `hub-core`, `issue-core`, `core-hub`, `activity-core`).
Remaining before T04 close:
- [ ] Gitea read-only mirror or push-disable policy for repos after cutover
- [ ] Scheduled Forgejo backups (disaster-control track; restore drill passed)
- [ ] Bulk-promote remaining registered repos (74 total; non-production can follow incrementally)
## References
- `docs/forgejo-production-decisions.md`
- `railiance-forge/docs/forgejo-actions-runner-substrate.md`
- `railiance-apps/docs/forgejo-on-railiance01.md`
- Tier 1: https://forgejo.coulomb.social/coulomb/glas-harness
- Tier 2: https://forgejo.coulomb.social/coulomb/key-cape

View File

@@ -0,0 +1,238 @@
# Forgejo Tier 3 — State Hub `remote_url` and Sweep Playbook
Date: 2026-07-04
Workplans: `RAIL-HO-WP-0005-T10`, `RAIL-HO-WP-0005-T11`, `CUST-WP-0054-T04`, `CUST-WP-0054-T05`
`no_secret_material_recorded: true`
## Purpose
Operational playbook for promoting a **registered** State Hub repo from Gitea
(`gitea-remote`) to Forgejo (`forgejo-remote`) without breaking the consistency
sweep, DoI checks, or agent attribution.
Applies to:
- **Tier 2.5** (done on Forgejo, hub `remote_url` may still say Gitea) — run
§4 after git promotion.
- **Tier 3** (`state-hub`, `issue-core`, production wave) — full §3§8 with
operator approval.
Does **not** perform cutover by itself. Gitea remains canonical until tier gates
and explicit approval per `RAIL-HO-WP-0005` safety contract.
## Preconditions (gates)
| Gate | Tier 2.5 | Tier 3 (`state-hub`) |
| --- | --- | --- |
| Forgejo repo exists + history mirrored | required | required |
| Workstation `origin=forgejo-remote`, `gitea` legacy remote | required | required |
| Operator SSH on Forgejo (`tegwick` or team keys) | required | required |
| CI smoke green on Forgejo (`.forgejo/workflows/ci-smoke.yaml`) | required | required |
| Image workflow if applicable | optional | required for `state-hub` |
| Restore drill passed | recommended | required |
| Scheduled backups automated | optional | required (disaster-control) |
| Operator approval recorded | not required | **required** |
| `CUST-WP-0011-T07` freeze/restore for hub primary | n/a | required before hub production |
## Canonical remote conventions
State Hub stores the **SSH remote name form** used on the operator workstation,
not the HTTPS URL. This matches existing registrations
(`gitea-remote:coulomb/<slug>.git`).
| Role | Remote name | Example |
| --- | --- | --- |
| Canonical (post-promotion) | `origin``forgejo-remote` | `forgejo-remote:coulomb/state-hub.git` |
| Rollback mirror | `gitea``gitea-remote` | `gitea-remote:coulomb/state-hub.git` |
| Hub `remote_url` field | same as `origin` | `forgejo-remote:coulomb/state-hub.git` |
HTTPS canonical URL for humans and archive CI:
`https://forgejo.coulomb.social/coulomb/<slug>.git`
SSH config block (workstation `~/.ssh/config`):
```ssh
Host forgejo-remote
HostName 92.205.62.239
Port 30022
User git
IdentityFile ~/.ssh/id_gitea
StrictHostKeyChecking accept-new
```
## Per-repo promotion procedure
### 1. Git forge (workstation)
Use `railiance-enablement/tools/promote-repo-to-forgejo.sh` or manually:
```bash
cd ~/REPO_SLUG
# Create empty repo on Forgejo if needed (org coulomb)
git push forgejo-remote:coulomb/REPO_SLUG.git main # first mirror
git remote rename origin gitea
git remote add origin forgejo-remote:coulomb/REPO_SLUG.git
git push -u origin main
# Optional: keep Gitea mirror current
git push gitea main
```
Add `.forgejo/workflows/ci-smoke.yaml` from
`railiance-enablement/workflows/ci-smoke.yaml`. For images, use
`container-build-push.yaml` or `container-build-push-multirepo.yaml` (state-hub +
hub-core).
### 2. Verify git + SSH
```bash
git remote -v
# origin forgejo-remote:coulomb/REPO_SLUG.git (fetch/push)
# gitea gitea-remote:coulomb/REPO_SLUG.git (fetch/push)
ssh forgejo-remote # expect: Hi there, tegwick!
git ls-remote origin # reachable
```
### 3. Patch State Hub registration
```bash
API=http://127.0.0.1:8000
SLUG=REPO_SLUG
NEW_URL="forgejo-remote:coulomb/${SLUG}.git"
curl -s -X PATCH "${API}/repos/${SLUG}" \
-H "Content-Type: application/json" \
-d "{\"remote_url\": \"${NEW_URL}\"}" | python3 -m json.tool
# Confirm
curl -s "${API}/repos/${SLUG}" | python3 -c \
"import json,sys; r=json.load(sys.stdin); print(r['slug'], r['remote_url'])"
```
Batch helper for tier-2.5 stack (skips slugs not registered in State Hub):
```bash
~/the-custodian/tools/patch-forgejo-remote-urls.sh --tier-25
```
Applied 2026-07-04 for registered tier-2.5 repos + `key-cape`. `glas-harness` is
not in State Hub registration — patch when/if registered.
### 4. Consistency sweep / fix-consistency
The sweep (`POST /consistency/sweep/remote-all` or `statehub fix-consistency`)
resolves repos by `host_paths[hostname]` or `local_path`, then `git pull
--ff-only` from the checkout's **tracking branch** (now Forgejo `origin`).
After `remote_url` patch:
```bash
cd ~/REPO_SLUG
git fetch origin
statehub fix-consistency --repo REPO_SLUG
# or from state-hub checkout:
cd ~/state-hub && make fix-consistency REPO=REPO_SLUG
```
**Attribution:** `consistency_check.py` matches repos by git fingerprint and
`remote_url` string. Stale `gitea-remote` in the hub causes mis-attribution when
multiple checkouts exist — patch hub **before** relying on sweep writebacks.
### 5. DoI verification
```bash
curl -s "http://127.0.0.1:8000/repos/REPO_SLUG/doi" | python3 -m json.tool
# C4 Remote URL set → pass
# C4 reachability → git ls-remote origin succeeds
```
## Railiance01 sweep checkout paths (`CUST-WP-0054-T05`)
Today sweeps write back from **workstation** `host_paths` (`bnt-lap001`). Wave 2
moves primary checkouts to **railiance01** so triage survives workstation loss.
When railiance01 clone tree exists (e.g. `/home/tegwick/<slug>` or agreed path):
```bash
API=http://127.0.0.1:8000
SLUG=REPO_SLUG
HOST=railiance01 # must match socket.gethostname() on that machine
PATH_ON_HOST=/home/tegwick/REPO_SLUG
curl -s -X POST "${API}/repos/${SLUG}/paths" \
-H "Content-Type: application/json" \
-d "{\"host\": \"${HOST}\", \"path\": \"${PATH_ON_HOST}\"}" | python3 -m json.tool
```
Clone on railiance01 **from Forgejo**:
```bash
git clone forgejo-remote:coulomb/REPO_SLUG.git /home/tegwick/REPO_SLUG
# or HTTPS with deploy key / token
```
Sweep on railiance01 then uses `host_paths[railiance01]`; workstation path
remains in map for dev but is no longer the production writeback source.
## Tier 3 — `state-hub` specifics
Before promoting `state-hub`:
1. **Multi-repo image workflow** — copy
`railiance-enablement/workflows/container-build-push-multirepo.yaml` to
`state-hub/.forgejo/workflows/image.yaml`; set `IMAGE_NAME=coulomb/state-hub`,
`EXTRA_REPOS="coulomb/hub-core@hub_core_src"`.
2. **Prove image pull** on railiance01 (`crictl pull` or deployment dry-run).
3. **Hub primary cutover** — follow `CUST-WP-0011-T07` (freeze → restore →
rewire); independent of forge remote but same maintenance window may apply.
4. **ArgoCD / GitOps** — repoint repository URLs to Forgejo (Wave 5 in
`docs/coulombcore-drain-placement-plan.md`).
5. **Record approval**`POST /decisions/` or workplan note with operator id.
`state-hub` promotion order:
```
mirror git → Forgejo remotes → CI image workflow green → PATCH remote_url →
fix-consistency → (later) railiance01 host_paths → CUST-WP-0011-T07 cutover
```
## Gitea read-only policy (post-cutover per repo)
After Forgejo is canonical **for that repo** and hub `remote_url` is patched:
1. Do **not** delete the Gitea repo (safety contract).
2. Org/repo setting: disable push for non-admin users, or maintenance flag.
3. Workstation: stop pushing to `gitea` except intentional rollback mirror.
4. Document rollback: `git push gitea main` from last known-good Forgejo SHA.
Org-wide Gitea read-only is an operator action (T11); per-repo is enough for
staged ladder.
## Rollback
| Step | Action |
| --- | --- |
| Git canonical | `git remote rename origin forgejo; git remote rename gitea origin` |
| Hub | `PATCH /repos/{slug}``gitea-remote:coulomb/<slug>.git` |
| Sweep | `statehub fix-consistency` on reverted checkout |
| Gitea | Re-enable push if read-only was set |
## Verification checklist
- [ ] `GET /repos/{slug}``remote_url` is `forgejo-remote:coulomb/<slug>.git`
- [ ] Workstation `git remote -v``origin` is Forgejo
- [ ] `ssh forgejo-remote` → operator user (not only `forgejo_admin`)
- [ ] `statehub fix-consistency --repo <slug>` → PASS
- [ ] Forgejo Actions `ci-smoke` → success (tier 1+)
- [ ] Gitea copy exists and matches SHA (optional `git push gitea` mirror)
- [ ] Tier 3 only: image workflow + pull smoke + operator approval on record
## References
- `docs/forgejo-repo-migration-pilot-glas-harness.md` (tiers 12.5)
- `railiance-enablement/docs/forgejo-actions-workflow-templates.md`
- `railiance-enablement/tools/promote-repo-to-forgejo.sh`
- `state-hub/docs/consistency-sweep-runbook.md`
- `state-hub/policies/repo-doi.md` (C4 remote URL)
- `docs/coulombcore-drain-placement-plan.md` (Wave 12)
- `disaster-control/history/2026-07-04-forgejo-backup-strategy-assessment.md`

View File

@@ -0,0 +1,45 @@
# FOS Hub Bootstrap Sequence Status
Updated: 2026-07-08
## Purpose
Track `CUST-WP-0051-T07` and `CUST-WP-0052`: sequence `CUST-WP-0025` so FOS Hub bootstrap can resume from current repo reality rather than the older mega-hub/Keycloak/Inter-Hub assumptions.
## Current Decision
Do not restart FOS bootstrap at the old `NK-WP-0001` Keycloak path. That workplan is archived and superseded. The active identity baseline is:
- `NK-WP-0002` local identity: complete; usable for bootstrap/dev OIDC.
- `NK-WP-0012` IAM Profile v0.2: finished; canonical NetKingdom-owned profile and conformance suite.
- KeyCape/Authelia/LLDAP stack from the superseding NetKingdom path: current lightweight identity mode.
- `NK-WP-0011` expanded-mode Keycloak: proposed enterprise federation lane, not a blocker for ops-hub bootstrap.
## Sequence Board
| Area | Current state | Pickup action |
| --- | --- | --- |
| Identity | T01 cancelled; T02T04 done; IAM Profile integration template in core-hub. | No further identity gates unless production issuer wiring is needed. |
| Hub extraction/dev-hub | T05T12 done: hub-core exists, State Hub imports hub-core, MCP naming is dev-hub. | Phase 2 complete. |
| Ops hub / Core Hub | T13T18 done; T16 deployed evidence and T17 cutover coupling closed 2026-07-08. Production serves Core Hub at `hub.coulomb.social` since 2026-07-03. | Monitor `CORE-WP-0007` stabilization window; Haskell retirement is operator-gated rollback cleanup only. |
| Legacy Inter-Hub | `CUST-WP-0047-T05` and `CUST-WP-0049-T06` superseded 2026-07-03. | Rollback-only; do not request new Inter-Hub operator keys. |
| Fin hub/business | T20T23 done (canon + fin-hub scaffold + models). T24T26 remain open. | Implement cost ingestion, runway calculator, cross-hub coupling, and pricing/legal packaging. |
## Stable Pickup Order
1. ~~Close identity drift~~ — done.
2. ~~Core Hub deployed evidence and cutover coupling~~ — done (`docs/core-hub-cutover-decision-coupling.md`).
3. ~~Supersede legacy Inter-Hub waits~~ — done 2026-07-03.
4. Execute fin-hub implementation: T24 (cost tracking + runway), T25 (cross-hub coupling), T26 (pricing/legal).
5. Close `CORE-WP-0007` Haskell retirement after stabilization sign-off (operator gate).
## Progress Summary (2026-07-08)
`CUST-WP-0025` is **22/26 tasks done**. Remaining:
- **T24** — fin-hub cost ingestion and runway calculator
- **T25** — fin→dev, fin→ops, fin→canon cross-hub coupling
- **T26** — RaaS pricing, onboarding, legal framework
FOS maturity: Level 2→3 boundary achieved (dev, ops, fin conceptually separated;
fin-hub scaffold operational).

View File

@@ -21,7 +21,13 @@ schedule exists:
```bash
cd ~/activity-core
ACTIVITY_DEFINITION_DIRS=/home/worsch/the-custodian make sync-activity-definitions
make sync-schedules
```
Reconcile Temporal schedules (pick one):
```bash
curl -s -X POST 'http://localhost:8010/admin/sync?definitions=true&schedules=true'
# or: make sync-schedules
```
Expected definition:

View File

@@ -1,6 +1,6 @@
# Hub-Core Extraction Boundary
Last reviewed: 2026-06-06
Last reviewed: 2026-06-07
## Purpose
@@ -34,12 +34,17 @@ hub_core/
domain.py
managed_repo.py
agent_message.py
capability_catalog.py
capability_request.py
progress_event.py
tpsc.py
schemas/
__init__.py
domain.py
managed_repo.py
agent_message.py
capability.py
progress_event.py
tpsc.py
routers/
__init__.py
@@ -63,6 +68,78 @@ Current implementation status:
- 2026-06-06: router factory functions were added for domains, repos, messages,
TPSC, and policy lookup. These factories accept host-supplied dependencies
instead of importing State Hub globals.
- 2026-06-06: shared utilities and migration scaffold were added: slug
normalization, pagination, repo path resolution, trailing-slash path
normalization, Alembic templates, and an initial core-schema migration.
- 2026-06-06: progress event and capability request adapter seams were added.
Hub-core uses generic JSON context fields where State Hub currently has
dev-specific workstream/task/topic/decision foreign keys.
- 2026-06-07: progress and capability REST router factories were added. T05 now
has the package-side models, schemas, routers, migration scaffold, and shared
utilities needed before T06/T08.
- 2026-06-07: `HubCoreMCPServer` was added as the first T06 slice. It wraps the
generic REST endpoints with FastMCP tools and keeps the MCP layer stateless.
- 2026-06-07: T06/T07 completed in hub-core with orientation and DoI MCP tools,
canonical FOS §10 risk/alert event types, `/progress/risks` and
`/progress/alerts` REST views, and matching MCP read tools.
- 2026-06-07: T08 started in State Hub. `hub-core` is now an editable
dependency, and State Hub re-exports message and DoI response schemas from
`hub_core.schemas` with full pytest coverage passing.
- 2026-06-07: T08 schema imports expanded. Hub-core's TPSC schema/report
contract now matches State Hub, and State Hub re-exports `api.schemas.tpsc`
from `hub_core.schemas.tpsc`.
- 2026-06-07: T08 domain schema imports started. State Hub now imports base
domain schemas from `hub_core.schemas.domain` while keeping dev-hub-specific
domain detail and summary schemas local.
- 2026-06-07: T08 router imports started. State Hub now mounts the hub-core
messages router factory with State Hub's own `AgentMessage` model injected,
proving the router seam can avoid cross-metadata SQLAlchemy model imports.
- 2026-06-07: T08 policy router import completed. State Hub now mounts the
hub-core policy router factory with local path validation plus read/write
callbacks, proving non-DB routers can move behind callback seams.
- 2026-06-07: T08 TPSC router import completed. State Hub now mounts the
hub-core TPSC router factory with State Hub's own repo and TPSC models
injected, extending the host-model seam to a multi-model router.
- 2026-06-07: T08 progress router import completed. State Hub now mounts the
hub-core progress router factory with State Hub's own progress model and
schemas injected, preserving topic/workstream/task filters while gaining the
shared risk and alert progress views.
- 2026-06-07: T08 domains router import completed. State Hub now mounts the
hub-core domains router factory with State Hub's own domain/repo models and
schemas injected, plus callbacks for dev-hub detail counts and archive
validation.
- 2026-06-07: T08 additional schema imports completed. State Hub now imports
generic capability catalog/status/dispute schemas and the repo path-register
schema from hub-core, and State Hub repo create/read schemas extend the
hub-core contracts while adding dev-hub fields.
- 2026-06-07: T08 capability catalog router import completed. State Hub now
mounts the hub-core capability catalog router factory with State Hub's own
domain, repo, and catalog models injected, while keeping capability request
workflow routes local.
- 2026-06-07: T08 capability request read router import completed. State Hub now
mounts the hub-core request list/detail router factory with State Hub's own
domain and request models injected, while keeping request creation, status
transitions, acceptance, patching, dispute, and reroute workflow routes local.
- 2026-06-07: CUST-WP-0048 T04 repos router boundary resolved. State Hub now
mounts the hub-core repo registry factory for collection, lookup, detail,
update, and host-path routes with State Hub's own models and schemas injected,
while keeping onboarding, DoI, scope-health, dispatch, archive, and
consistency-sync routes local.
- 2026-06-22: HUB-WP-0002 completed. Added
`create_capability_request_write_router` with host callbacks for routing,
model construction, flow transitions, notifications, task-unblock, patch,
dispute, and reroute side effects. State Hub mounts write routes from the
factory while keeping dev-hub columns (`requesting_workplan_id`,
`blocking_task_id`, `fulfilling_workplan_id`) on its extended model.
- 2026-06-22: `HubCoreMCPServer.attach_to()` registers generic MCP tools on a
host server with `exclude` for dev-hub overrides. State Hub now composes
hub-core messaging, capability read lifecycle, TPSC list/DoI, and FOS §10
tools while keeping enriched orientation, repo registration, capability
request creation, TPSC ingest, and service registration tools local.
- 2026-06-22: **CUST-WP-0048 closed.** Full regression: hub-core 27/27, State
Hub 426/426. Health probe uses injected `get_session` (fixes asyncpg pool
flake). Remaining deferred seams: ProgressEvent FK → `subject_refs` mapping;
optional CapabilityRequest workplan columns → JSON context.
## Extract Now
@@ -81,6 +158,8 @@ rewriting and small router seams:
| `api/schemas/agent_message.py` | Generic message schemas. |
| `api/schemas/tpsc.py` | Generic TPSC schemas. |
| `api/routers/messages.py` | Mostly self-contained generic router. |
| `api/routers/progress.py` | Generic progress-event router once dev-hub foreign keys move behind `subject_refs` or extension mapping. |
| `api/routers/capability_requests.py` | Generic capability catalog/request router once dev-hub flow side effects and task unblocking stay in dev-hub. |
| `api/routers/tpsc.py` | Generic catalog and GDPR report router. |
| `api/routers/policy.py` | Generic policy document router if policy roots become configurable. |
@@ -95,6 +174,33 @@ app.include_router(create_domains_router(get_session))
That shape lets each hub keep its own database session configuration and mount
only the generic routers it wants.
## Shared Utilities
The initial utility set is intentionally small and dependency-light:
| Module | Purpose |
| --- | --- |
| `hub_core.utils.slugs` | Convert user-facing names into stable lowercase slugs. |
| `hub_core.utils.pagination` | Shared limit/offset bounds and SQLAlchemy pagination. |
| `hub_core.utils.paths` | Resolve repo paths from `host_paths` before falling back to `local_path`. |
| `hub_core.utils.routing` | Normalize a path or URL path component while preserving query strings and fragments. |
## Migration Scaffold
`/home/worsch/hub-core` now carries Alembic template files under
`hub_core/migrations/` plus `versions/0001_core_schema.py`. The first migration
covers only the currently extracted core tables:
- `domains`
- `managed_repos`
- `agent_messages`
- `capability_catalog`
- `capability_requests`
- `progress_events`
- `tpsc_catalog`
- `tpsc_snapshots`
- `tpsc_entries`
## Needs An Adapter Seam
These are still part of the target architecture, but the current State Hub
@@ -102,11 +208,18 @@ implementation is coupled to dev-hub concepts:
| Surface | Coupling to resolve |
| --- | --- |
| `Domain` and `domains.py` detail views | Counts topics, workstreams, extension points, and technical debt. Hub-core should expose a domain summary hook that dev-hub can implement. |
| `ManagedRepo` | Contains `topic_id`, SBOM fields, and state-sync timestamps. Keep minimal repo identity in core, then add dev-hub extensions. |
| `CapabilityRequest` | Points at workstreams and tasks. Hub-core needs generic context fields or optional extension references before extraction. |
| `ProgressEvent` | Points at topics, workstreams, tasks, and decisions. Hub-core should define event identity, type, summary, detail, author, and timestamps, with hub-specific subject references added by each hub. |
| MCP tools in `mcp_server/server.py` | Generic tools are mixed into a single dev-hub server module. T06 should create a base registration class that receives API client/config dependencies and lets dev-hub add its own tools. |
| `Domain` and `domains.py` detail views | Detail counts now use a dev-hub callback behind the hub-core router factory. Domain relationships still need a later model split if State Hub stops carrying topics/goals on the core table. |
| `ManagedRepo` | State Hub create/read schemas now extend hub-core contracts, with `topic_id`, SBOM fields, and state-sync timestamps kept as dev-hub extensions. Generic repo registry collection, lookup, detail, update, and host-path routes now mount from the hub-core factory; State Hub keeps onboarding, DoI, scope-health, dispatch, archive, and consistency-sync behavior locally. |
| `CapabilityRequest` | Write routes now mount from `create_capability_request_write_router` with host callbacks. State Hub keeps workplan/task columns on its model; generic hubs use `request_context` / `fulfillment_context` JSON. Optional future step: map State Hub columns into JSON and drop duplicate fields. |
| `ProgressEvent` | Adapter seam implemented with generic `subject_refs`; State Hub still needs a later refactor to map topic/workstream/task/decision foreign keys into that field or a dev-hub extension table. |
| MCP tools in `mcp_server/server.py` | Generic tools register via `HubCoreMCPServer.attach_to(mcp, exclude=...)`. Remaining local tools: dev-hub orientation (`get_state_summary`, `get_domain_summary`), extended repo/capability/TPSC contracts, and all workstream/task/decision tooling. |
The first two adapter seams are now implemented in hub-core:
- `ProgressEvent.subject_refs`: generic JSON references for hub-local subjects.
- `CapabilityRequest.request_context` and `fulfillment_context`: generic JSON
context for hub-local workstreams, tasks, incidents, services, budgets, or
other future hub entities.
## Keep In Dev-Hub
@@ -134,7 +247,9 @@ to import it:
## Next Step
Create the `/home/worsch/hub-core` package with only the first package slice,
commit that seed independently, then return to `/home/worsch/state-hub` for the
first import-based refactor. Do not rename State Hub to dev-hub until T05-T08
prove the shared package boundary.
**CUST-WP-0048** is finished; **CUST-WP-0025-T08** is done. Proceed to Phase 2
dev-hub rename (**CUST-WP-0025-T09+**): MCP server name, config migration, and
integration-point renames. Optional follow-up extractions (not blocking rename):
- map State Hub `ProgressEvent` foreign keys into `subject_refs`
- map CapabilityRequest workplan/task columns into JSON context fields

View File

@@ -0,0 +1,242 @@
# Infrastructure Stabilization Pickup Checkpoint
Updated: 2026-07-03 — **METAPLAN FINISHED.** Core Hub serves
hub.coulomb.social (Inter-Hub is rollback-only); the cluster State Hub is
primary behind 127.0.0.1:8000 (WSL2 fallback retained for the CUST-WP-0011-T08
stabilization window). Remaining follow-ons live in CORE-WP-0005/0007,
CUST-WP-0011-T08/T09, ops-warden confirmations, and ACTIVITY-WP-0006.
Coordinator workplan: `CUST-WP-0051`
## End-of-Day Checkpoint (2026-07-02 evening)
Nine workplans finished today and the Core Hub replacement lane was driven
from no deployed evidence to real data migrated with cutover blockers named.
**Finished this session:** ARTIFACT-STORE-WP-0007, RAIL-BS-WP-0008,
RAIL-BS-WP-0009, ACTIVITY-WP-0016, RAILIANCE-WP-0008, ISSUE-WP-0003,
CORE-WP-0004 (+ CUST-WP-0053 earlier). RAILIANCE-WP-0009/0010 are done bar
ops-warden catalog confirmation; NET-WP-0020-T02 is wired (needs a greenfield
slate for live proof).
**Live infrastructure now running (was blocked at session start):**
- Daily-triage robustness deployed on railiance01; bounded top-7 proven
(State Hub event `24d2d321`). Three scheduled runs (Jul 35) close
ACTIVITY-WP-0006 calibration by themselves.
- Credential lanes active: issue-core (`CCR-2026-0002`) and llm-connect
OpenRouter (`CCR-2026-0003`), applied via the constrained prod-applier,
both ExternalSecrets syncing. Lifecycle runbook at
`railiance-platform/docs/credential-lane-lifecycle-runbook.md`.
- issue-core REST emission live end-to-end (Gitea issue `176`) over a new
cross-machine ops-bridge lane (`remote_host` feature added to ops-bridge).
- Core Hub staging deployed on CoulombCore (`core-hub-staging`, image
`gitea.coulomb.social/coulomb/core-hub:3ed8531`): deployed API smoke +
activity-core sink smoke both green; full Inter-Hub data (28 records)
migrated idempotently.
**Open items requiring a decision (not agent-executable):**
1. **Core Hub cutover prerequisites (core-hub owner).** T03 dual-run found (a)
a blocking catalog gap — migrated widgets reference 7 `ops-*` widget types
absent from Core Hub's seeded registries because the migration bundle
omits the type registries; design choice: extend the bundle schema vs.
seed the vocabularies; (b) `/api/v2/hubs` auth-posture break (public →
protected). Both on `CORE-WP-0005-T04`; flagged via hub message `4b859f9b`.
2. **Core Hub production cutover** (`CORE-WP-0005-T04`): operator approval +
rollback plan, after prerequisite 1. Then `CORE-WP-0007` Haskell
retirement unblocks.
3. **State Hub pragmatic cutover** (`CUST-WP-0011-T07`): still the standing
operator freeze/restore/redirect approval (unchanged from prior board).
4. **ops-warden confirmations** close `RAILIANCE-WP-0009-T06` /
`RAILIANCE-WP-0010-T06` (no custodian action).
5. **NET-WP-0020-T02** greenfield live proof needs a rebuild slate.
Prior morning decision set (Core Hub staging cluster/secrets/image) is
resolved: CoulombCore + generated Secrets + Gitea registry, all executed.
## Original morning list (2026-07-02, all closed)
Every remaining execution lane converged on operator gates in the 2026-07-02
session (agent policy correctly blocks unattended production writes/reads on
railiance01, credential-bootstrap script edits, and OIDC/MFA logins). Each item
below is prepared to one command or one decision:
1. **Daily-triage robustness deploy** (`RAIL-BS-WP-0008`): image
`activity-core:railiance01-prod` is rebuilt locally from activity-core
`7612112` (T02 prompt contract included and gate-checked). Operator: run the
save/scp/import block from `activity-core/k8s/railiance/README.md`, sync the
repo *with `.git`* to `railiance01:~/activity-core` (the copy there has no
git metadata and the revision gate needs it), then
`cd ~/railiance-cluster && make deploy-activity-core-triage-robustness`.
Afterwards `make admin-sync-smoke` closes `RAIL-BS-WP-0009`.
2. **CCR approvals** (`RAILIANCE-WP-0009`/`0010`): `CCR-2026-0002`
(issue-core ingestion) and `CCR-2026-0003` (llm-connect OpenRouter) are
reviewed and binding-confirmed but still `proposed`. Approve, then
`make credential-change-applier-apply` per CCR; the issue-core
ExternalSecret already syncs, so verification is mostly confirm-not-create.
3. **Broker live evidence** (`RAILIANCE-WP-0005-T09`): needs one
KeyCape-OIDC-authenticated session to collect OpenBao audit-log references
and response-wrap unwrap-once evidence.
4. **Non-prod applier proof** (`RAILIANCE-WP-0008-T03`): mint one token from
`auth/token/roles/credential-change-nonprod-applier` and record apply +
denial probes.
5. **OpenBao unseal automation** (`NET-WP-0020-T02`, advanced 2026-07-02):
`make -C ~/net-kingdom openbao-init-unseal` exists with custody-model gate
and non-secret evidence; operator review still needed to wire it as a phase
inside `creds-bootstrap-agent.sh`, and greenfield live proof needs a rebuild
slate.
## Purpose
This checkpoint is the restart surface for the infrastructure stabilization
metaplan. It consolidates the workplan review, unblock boards, current State
Hub registration state, and the next strategic picks.
Use this file first when resuming the lane. Then open the source workplan named
in the relevant row and continue from its task state.
## Registration State
State Hub active workstreams queried on 2026-06-27:
| Workstream | Current pickup meaning |
| --- | --- |
| `artifact-store-wp-0007` | Start D7.1/D7.2 assessment and compatibility harness; D7.3 STS vending may route to NetKingdom. |
| `ihub-wp-0022` | Ops-hub evidence intake contract is aligned to live vocabulary; runtime key custody, protected widget lookup, and smoke remain. |
| `cust-wp-0047` | Now-view waits on the ops-hub Inter-Hub evidence lane, not on service inventory collection. |
| `cust-wp-0049` | Bootstrap access helper/runbook is ready; authenticated execution is operator-gated. |
| `cust-wp-0051` | This metaplan is the coordination layer for remaining cross-workplan gates. |
| `activity-wp-0016-llm-output-robustness-trust-boundary` | Repo-side output robustness bundle is prepared; live deploy/smoke proof remains. |
| `three-phoenix-ha-cluster` | HA substrate remains future critical-workload work, not the current State Hub cutover blocker. |
| `rail-ho-wp-0005` | Forgejo production migration is parked behind explicit design, SMTP, backup, runner, and cutover decisions. |
| `net-wp-0020` | OpenBao unseal/token custody remains an operator design and smoke gate. |
| `issue-wp-0003` | issue-core service is healthy; activity-core REST emission wiring remains. |
| `activity-wp-0006` | Calibration waits on the post-WP-0016 live daily-triage smoke and three clean scheduled runs. |
| `cust-wp-0038` | Full State Hub HA migration is deferred until the pragmatic railiance01 path stabilizes. |
| `cust-wp-0025` | FOS bootstrap resumes from identity integration and ops-hub evidence, not the old mega-hub scaffold. |
| `cust-wp-0011` | Active State Hub migration path; next gate is explicit cutover approval. |
Hygiene status:
- `CUST-WP-0045-cutover-runbook` is no longer active; it is a finished runbook
record, not an empty active workstream.
- `CUST-WP-0014` is reopened as `backlog`; it is no longer a done workplan with
todo task blocks.
- Completed or cancelled tasks no longer carry the stale human-needed flags
cleared during this stabilization session.
- `make fix-consistency REPO=the-custodian` still reports pre-existing C-12
orphan-row warnings, but the relevant workplan lifecycle and task states sync.
- `RAIL-BS-WP-0006-staged-promotion-lifecycle` is finished: all seven tasks
are done, the workstream is finished in State Hub, and the file frontmatter
is `status: finished`.
## Blocker Board
No live credential, access, or approval gate is unowned. Do not ask
`ops-warden` for secret values; use the route catalog, the `warden access`
assist/proxy surface where the catalog lane allows it, and the owning subsystem.
For credential-related blockers, classify the environment posture and workload
maturity first. Dev/test work can use synthetic contract doubles; production
real-value work needs owner custody, policy gates where applicable, and
non-secret evidence. See `docs/ops-warden-secret-posture-review.md`.
Do not implement ops-warden changes from this Custodian lane. New ops-warden
needs should be posted through State Hub as requirements or suggestions for the
separate ops-warden worker.
| Gate | Owner/route | Non-secret evidence to collect | Next action |
| --- | --- | --- | --- |
| State Hub pragmatic cutover | Custodian operator approval; `CUST-WP-0011-T07` | Final dump id/time, row-count comparison, chosen private endpoint, stabilization notes | Approve freeze/final restore and make railiance01 State Hub primary, or leave WSL2 primary explicitly. |
| State Hub fallback retirement | Custodian/operator approval; `CUST-WP-0038-T08` | HA failover drill id, restore drill id, stabilization pass | Keep deferred until after HA drills; do not retire WSL2 fallback early. |
| Inter-Hub ops-hub bootstrap | `inter-hub-bootstrap-ssh`, `openbao-api-key`, `ssh-cert-host-access` as needed | Hub id, manifest id, widget count, runtime key prefix only, smoke result | Legacy/fallback only. Prefer Core Hub deployed smoke; run attended Inter-Hub bootstrap only by explicit operator supersede/rollback decision. |
| Ops-hub runtime evidence key | `openbao-api-key` / OpenBao custody | OpenBao path/version or populated key count, event smoke id | Do not materialize legacy `OPS_HUB_KEY` until a deployed Core Hub smoke or explicit legacy Inter-Hub smoke is ready to use it. |
| Daily-triage live proof | activity-core deploy/runtime operator | State Hub `daily_triage` id, output-valid or partial/quarantine status, working-memory path | Bank the 2026-06-28 / 2026-06-29 / 2026-06-30 clean streak, then have the activity-core owner land/sync the in-flight WP-0016 diagnostics and prove bounded top-N plus graceful-degradation smoke. |
| activity-core to issue-core | route `activity-core-issue-sink` | `actcore-runtime-secret` has key, activity-core points to issue-core port `8765`, HTTP 201, Gitea issue id | Inject `ISSUE_CORE_API_KEY` through approved custody, set REST sink env, restart/sync, run safe emission. |
| Forgejo production design | Forgejo/operator decisions plus OpenBao/KeyCape/ops-bridge routes as needed | Decision id, SMTP smoke, backup/restore drill, package/action smoke, cutover approval id | Resolve T02 production choices before any production cutover work. |
| OpenBao unseal and credential helper | `openbao-api-key`, `railiance-infra-principals`, `ssh-cert-host-access`, `key-cape-oidc-login` | Policy names, role names, token accessor only, allow/deny smoke | `warden-sign` lane is verified/banked; broader custody profile and issuer automation remain separate operator-design gates. |
| ops-warden policy gate / warden-sign lane | `SECRETS-WP-0004` + `FLEX-WP-0007` finished; ops-warden operator posture | `decision:032b096c433ad80c`, `ttl_out_of_bounds`, backend `vault`; no token/role/secret/accessor values | No Custodian action. Keep `policy.enabled` off until testing/production maturity. |
## Daily Automation Evidence
The scheduled daily-triage runner is alive and writing State Hub plus working
memory evidence. The current blocker is bounded output-contract adoption and
live graceful-degradation proof, not scheduling or sink reachability.
Latest clean scheduled streak:
- 2026-06-28: event `f0d8477e-1db9-4c07-bb8c-d28cbb868abc`, schema-valid daily
triage, working memory written.
- 2026-06-29: event `176d2ea7-f0e3-48cd-999b-4ab6055c6a55`, schema-valid daily
triage, working memory written.
- 2026-06-30: event `27d695b2-a537-481b-ada6-ca84ec24cd96`, schema-valid daily
triage, working memory written.
Latest failed scheduled runs before the clean streak:
- 2026-06-26: event `97fd20a0-eee0-45ea-8290-6d91874e1515`, validation failed
at char 5268, working memory written.
- 2026-06-27: event `c5ab50a8-404b-4e30-849f-841b059ace65`, validation failed
at char 5246, working memory written.
Bank the three-run calibration streak, but keep the WP-0016 live-proof gate open
until the bounded top-N contract and graceful-degradation smoke are proven. The
activity-core worktree currently has in-flight uncommitted ACTIVITY-WP-0016
and ACTIVITY-WP-0018/0019 changes, so Custodian should wait for that owner to
commit/sync or explicitly hand off before treating those files as source truth.
Use activity-core repo-native automation status surface once it lands; do not
use assistant-provided scheduling as operational evidence.
## Production Service Summary
| Surface | Stable fact | Remaining gate |
| --- | --- | --- |
| State Hub | Pragmatic railiance01 path has image, manifests, empty deploy, migrations, restored WSL2 data, row-count comparison, and healthy API through `CUST-WP-0011-T06`. | `CUST-WP-0011-T07` cutover approval, then stabilization; HA path stays deferred. |
| Inter-Hub / Core Hub | Public `https://hub.coulomb.social/api/v2/hubs` exposes `ops-hub`; `CORE-WP-0008` finished the Core Hub API smoke harness, activity-core sink, staging profile, CLI wrappers, UI backlog, and Custodian handoff. | Run deployed Core Hub smoke, staging import, activity-core sink smoke, and readiness summary; keep Haskell Inter-Hub only for migration/rollback proof. |
| ops-hub evidence | `CUST-WP-0025-T14` is done with the Core Hub ops evidence contract spec. `CUST-WP-0025-T13` through `T19` now use Core Hub API/CLI/UI gates; `CUST-WP-0047` and `CUST-WP-0049` remain legacy/fallback records. | Execute `CUST-WP-0025-T16`, `T17`, and `T18`; close legacy Inter-Hub waits only through deployed Core Hub evidence or explicit supersede decision. |
| issue-core | ArgoCD service is healthy on port `8765`; image `0.2.1`; ExternalSecret Ready; authenticated smoke created Gitea issue `175`. | activity-core still needs `ISSUE_CORE_API_KEY`, URL port `8765`, `ISSUE_SINK_TYPE=rest`, and a safe emission smoke. |
| Forgejo | Migration inventory/design lane is active but pre-cutover. | Production design decisions, SMTP/email recovery, package registry, Actions, backup/restore, migration drill, cutover approval. |
| artifact-store | D7.1 is done; D7.2 has an opt-in live MinIO compatibility harness and manual smoke docs. No live secret handoff is recorded. | Run D7.2 against an approved MinIO-compatible endpoint, then route D7.3 STS vending through identity/platform custody before changing credential behavior. |
| secrets-engine | `SECRETS-WP-0004` is finished: the scoped `warden-sign` lane supported the vault-backed policy-gate smoke without exposing token material. `SECRETS-WP-0003` remains active for the real whynot-design npm publish pilot. | Finish or park `SECRETS-WP-0003` behind Gitea bot/package-token provisioning, OpenBao custody, ops-warden route confirmation, and real package publish evidence. |
| FOS hub | Old NK-WP-0001 Keycloak prerequisite is cancelled; NK-WP-0002 local identity, IAM Profile v0.2, the Core Hub FastAPI IAM Profile integration test, and Core Hub operator UI first screens are done; hub-core extraction/dev-hub work is done; CUST-WP-0025 Phase 3 has been rewritten for Core Hub. | Execute the remaining Core Hub deployed evidence and cutover gates: `CUST-WP-0025-T16` and `T17`. |
## Next-Pick List
1. Execute the remaining rewritten `CUST-WP-0025` Core Hub gates: deployed
smoke and activity-core proof (`T16`) and cutover decision coupling (`T17`).
T03, T14, and T18 are complete as the identity integration template, ops
evidence/read-model contract, and operator UI first-screen gates.
2. Keep `CUST-WP-0047` and `CUST-WP-0049` as legacy evidence/fallback until
Core Hub deployed smoke evidence or an explicit supersede decision closes
them.
3. Bank the 2026-06-28 / 2026-06-29 / 2026-06-30 clean daily-triage
streak for calibration, then have the activity-core owner land/sync the
in-flight WP-0016 diagnostics/status work and prove the bounded top-N plus
graceful-degradation smoke.
4. Complete the issue-core handoff by wiring activity-core to port `8765` with
`ISSUE_SINK_TYPE=rest` and one known-safe emission smoke.
5. Request explicit State Hub cutover approval for `CUST-WP-0011-T07`, or
record that WSL2 remains primary for the next operating period.
6. Run artifact-store D7.2 live MinIO-compatible evidence; Forgejo and storage
work can now inherit the finished staged-promotion gates.
7. Keep `SECRETS-WP-0003` parked until Gitea bot/package-token provisioning,
OpenBao custody, route confirmation, and a coordinated whynot-design version
bump are available.
8. Keep Forgejo cutover and State Hub HA work parked until their human decision
and drill gates are satisfied.
## Resume Commands
```bash
cd /home/worsch/the-custodian
sed -n '1,260p' workplans/CUST-WP-0051-infrastructure-stabilization-metaplan.md
sed -n '1,260p' docs/infrastructure-stabilization-pickup-checkpoint.md
sed -n '1,260p' docs/credential-custody-unblock-board.md
```
After workplan edits, sync from State Hub:
```bash
cd /home/worsch/state-hub
make fix-consistency REPO=the-custodian
```

View File

@@ -0,0 +1,52 @@
# Near-Term Production Service Lanes Status
Updated: 2026-06-30
## Purpose
Track `CUST-WP-0051-T05`: finish or park near-term production service lanes
before starting larger migrations.
## Lane Board
| Lane | Current state | Next action |
| --- | --- | --- |
| `issue-wp-0003` | issue-core is live through ArgoCD; image `0.2.1`, Service port `8765`, ExternalSecret Ready, authenticated smoke created Gitea issue `175`. | Do not flip activity-core blindly. First inject `ISSUE_CORE_API_KEY` into `actcore-runtime-secret` through route `activity-core-issue-sink`; then set activity-core `ISSUE_CORE_URL` to port `8765`, set `ISSUE_SINK_TYPE=rest`, restart/sync, and run one safe emission smoke. |
| `rail-ho-wp-0005` | Forgejo migration remains pre-implementation. Inventory is in progress; production decisions, SMTP/email recovery, cutover, and legacy retirement are human-gated. | Resolve T02 production decisions first, then build the disposable Forgejo probe. Do not start production cutover before promotion lifecycle, email recovery, package registry, Actions, backup/restore, and migration drill pass. |
| `artifact-store-wp-0007` | D7.1 is done. The dated MinIO/fork/object-store landscape assessment chose a compatibility-profile lane rather than a direct MaxIO fork. D7.2 is in progress with an opt-in live MinIO pytest harness and manual smoke docs; no secret value was read or recorded. | Run the D7.2 harness against an approved MinIO-compatible endpoint and capture health/round-trip/multipart evidence. Route D7.3 STS credential vending through identity/platform custody before changing artifact-store credential behavior. |
| `secrets-wp-0003` | Active. The whynot-design real npm publish pilot has a canonical decision and source-side runbook, but real publication still waits on Gitea bot/package-token provisioning, OpenBao custody, ops-warden route confirmation, and a coordinated whynot-design version bump. | Keep parked until the operator/Gitea/OpenBao gates are ready; do not request or record token values. The next safe non-secret action is route-confirmation evidence from ops-warden. |
| `staged-promotion-lifecycle` | Finished. Lifecycle spec, app contract, overlay scaffold, Stage 1 runner, canary template, deploy/observe tooling, promote/rollback tooling, and onboarding guide are done. | Use the finished promotion gates as prerequisites for Forgejo/source-forge and storage production work. |
## Credential And Operator Routing
`activity-core -> issue-core` REST emission uses route catalog id
`activity-core-issue-sink`.
Route lookup on 2026-06-27:
- owner: `activity-core + issue-core`
- ops-warden executes: no
- status: active
- next action: follow `ops-warden/wiki/playbooks/activity-core-issue-sink.md#worker-checklist`
No secret value was read or written. The required non-secret evidence is:
- `actcore-runtime-secret` has an `ISSUE_CORE_API_KEY` data key;
- activity-core worker consumes `ISSUE_CORE_URL=http://issue-core.issue-core.svc.cluster.local:8765`;
- `ISSUE_SINK_TYPE=rest`;
- one known-safe activity-core emission returns issue-core HTTP 201 and creates
a Gitea issue.
## Pickup Order
1. Close the issue-core handoff gate because the service is already healthy and
only activity-core live emission remains.
2. Treat staged-promotion as complete; use it as the gate model before
Forgejo cutover work accelerates.
3. Run artifact-store D7.2 live evidence against an approved MinIO-compatible
endpoint, with D7.3 routed to identity/platform custody if STS vending is
not artifact-store-owned.
4. Keep `secrets-wp-0003` parked behind Gitea bot/token, OpenBao custody,
ops-warden route confirmation, and coordinated whynot-design version bump.
5. Keep Forgejo production cutover parked behind explicit T02 decisions and the
staged-promotion/backup/email/package/action gates.

View File

@@ -0,0 +1,120 @@
# Ops Hub Inter-Hub Evidence Lane Status
Date: 2026-06-27
Workplan: `CUST-WP-0051-T03`
Related tasks: `CUST-WP-0047-T05`, `CUST-WP-0049-T06`, `IHUB-WP-0022-T03/T04/T07`
## Summary
The evidence lane is partially live but not ready to close.
Production Inter-Hub already exposes the public ops-hub bootstrap surface and
has an `ops-hub` row plus the ops-hub seed vocabulary. The remaining blockers
are:
1. authenticated bootstrap/runtime-key execution is still operator-gated;
2. protected widget and hub-registry reads cannot be verified without the
ops-hub runtime key;
3. the older `IHUB-WP-0022` activity-core mapping contract does not match the
currently live ops-hub seed vocabulary.
No secret values were requested, read, printed, or stored during this probe.
## Public Probe Evidence
Base URL: `https://hub.coulomb.social`
| Probe | Result |
| --- | --- |
| `GET /api/v2/hubs` | HTTP `200`; contains `ops-hub` |
| `GET /api/v2/openapi.json` | HTTP `200`; includes `/hubs`, `/hub-capability-manifests`, `/api-consumers`, `/policy-scopes` |
| `GET /api/v2/widgets` | HTTP `401`, protected as expected |
| `GET /api/v2/hub-registry` | HTTP `401`, protected as expected |
| `GET /api/v2/widget-types` | HTTP `200`; 14 ops widget types visible |
| `GET /api/v2/event-types` | HTTP `200`; 15 ops event types visible |
| `GET /api/v2/annotation-categories` | HTTP `200`; 10 ops annotation categories visible |
| `GET /api/v2/policy-scopes` | HTTP `200`; 7 ops policy scopes visible |
| `GET /api/v2/hub-capability-manifests?hubId=<ops-hub-id>` | HTTP `401`, protected as expected |
Observed public ops-hub id: `4f6e4cf7-6a96-4ff2-8a37-08c9f9e405d2`.
The existing `ops-hub/scripts/interhub-gate-probe.py` exits nonzero because it
still expects unauthenticated `/api/v2/hubs` to return `401`. The live contract
returns `200` for public hub discovery and `401` for protected surfaces such as
`/api/v2/widgets` and `/api/v2/hub-registry`.
## Live Ops Vocabulary
The live public registry matches `ops-hub/seeds/ops-hub-manifest.draft.json`:
- widget types: `ops-environment`, `ops-host`, `ops-cluster`, `ops-service`,
`ops-service-catalog`, `ops-endpoint`, `ops-release`, `ops-backup-set`,
`ops-secret-set`, `ops-runbook`, `ops-incident`, `ops-readiness-gate`,
`ops-migration-wave`, `ops-risk`;
- event types: `ops-inventory-registered`, `ops-inventory-updated`,
`ops-service-discovered`, `ops-health-checked`, `ops-release-observed`,
`ops-endpoint-verified`, `ops-backup-verified`, `ops-restore-tested`,
`ops-runbook-executed`, `ops-drift-detected`, `ops-risk-raised`,
`ops-risk-accepted`, `ops-readiness-gate-updated`,
`ops-migration-gate-passed`, `ops-migration-gate-failed`;
- policy scopes: `ops-local`, `ops-transitional-prod`, `ops-production`,
`ops-threephoenix`, `ops-registry`, `ops-secrets`,
`ops-backup-retention`.
## Contract Mismatch
`inter-hub/docs/contracts/ops-hub-activity-core-mapping.md` and
`ops-hub-activity-core-event-payloads.md` still describe the early
activity-core proposal:
| Contract name | Live seed status | Recommended action |
| --- | --- | --- |
| `ops-service-observed` | Not in live event registry | Rename to `ops-service-discovered`, or add an explicit alias event in the ops-hub manifest. |
| `ops-endpoint-verified` | Live | Keep. |
| `ops-access-path-checked` | Not in live event registry; no `ops-access-path` widget type in seed | Either add access-path vocabulary/widgets, or defer access-path submissions and keep State Hub fallback. |
| `ops-backup-verified` | Live | Keep, but map to `ops-backup-set` widget type. |
| `ops-inventory-drift` | Not in live event registry | Rename to `ops-drift-detected`, or add an explicit alias event. |
| `ops-evidence` policy scope | Not in live policy scopes | Use an existing ops scope or add `ops-evidence` to the manifest and activate it. |
| aggregate refs such as `ops:service:aggregate` | Not in `ops-hub/seeds/ops-hub-widgets.seed.json` | Seed aggregate intake widgets or change mapping to the existing entity/readiness widgets. |
| widget types such as `ops-service-card` | Not in live widget types | Use live widget types like `ops-service`, `ops-endpoint`, `ops-backup-set`, and `ops-readiness-gate`. |
## 2026-06-27 Contract Alignment
The Inter-Hub contract docs were revised in `/home/worsch/inter-hub` to target
the live ops-hub seed vocabulary:
- `ops-service-observed` is now a transition alias for
`ops-service-discovered`.
- `ops-inventory-drift` is now a transition alias for `ops-drift-detected`.
- `ops-access-path-checked` is explicitly deferred to State Hub fallback until
ops-hub adds access-path vocabulary or a readiness/risk mapping decision.
- The old `ops-evidence` policy scope is replaced by declared live scopes such
as `ops-production`, `ops-registry`, and `ops-backup-retention`.
- Payload examples now post only live manifest event types.
This removes the known contract-drift blocker before the attended bootstrap.
The remaining gate is authenticated widget lookup, any missing backup/risk seed
widget, runtime key custody, and protected event submission smoke.
## Current Closure State
`CUST-WP-0049-T06` remains `wait`: the helper and runbook are ready, but an
approved authenticated execution lane is still required.
`CUST-WP-0047-T05` remains `wait`: the ops-hub row and vocabulary are visible,
but seeded widgets and event acceptance cannot be proven without the protected
runtime path.
`IHUB-WP-0022-T03/T04/T07` remain gated: before an end-to-end smoke, reconcile
the activity-core mapping contract to the live ops-hub seed vocabulary or add
the missing aliases/aggregate widgets to the manifest.
## Next Pick
1. Use the aligned live-vocabulary contract for the attended
`CUST-WP-0049-T06` bootstrap.
2. Confirm protected widget ids and seed any missing backup/risk target widgets
required by the mapping.
3. Store or confirm `OPS_HUB_KEY` through OpenBao, then run the protected
widget/hub-registry/event smoke.

View File

@@ -0,0 +1,94 @@
# Ops Hub Service Catalog Now View
<!-- generated by ops/render_service_inventory.py; edit ops/service-inventory.yml instead -->
Source: `ops/service-inventory.yml`
Inventory last reviewed: `2026-07-03`
This is the repo-native first view for `CUST-WP-0047`. It exists so an
operator can answer what is running where before the full standalone
`ops-hub` application is available.
## Summary
| Metric | Count |
|---|---:|
| Environments | 4 |
| Hosts | 3 |
| Clusters | 3 |
| Services | 11 |
| Services: observed_ok | 6 |
| Services: unknown | 5 |
## Service Catalog
| Service | Where | Owner | Endpoint | Health | Data | Access | Top Gap |
|---|---|---|---|---|---|---|---|
| Gitea (gitea) | CoulombCore<br>type: k3s; cluster: coulombcore-k3s; namespace: default | railiance-apps | https://gitea.coulomb.social/v2/<br>Expected: status 401, OCI registry auth challenge | unknown<br>2026-05-16: Inventory draft records Helm release gitea, namespace default, app version 1.25.4, NodePort 32166, and registry auth challenge. | database:gitea-db<br>pvc:default/gitea-shared-storage | k8s: unknown (coulombcore-k3s/default) | Package token and push/pull verification need current evidence. |
| Gitea Database (gitea-database) | CoulombCore<br>type: k3s; cluster: coulombcore-k3s; namespace: databases | railiance-platform | - | unknown<br>2026-05-16: /home/worsch/helix-forge/wiki/OpsHubInventory.md | - | k8s: unknown (coulombcore-k3s/databases) | Backup and restore evidence not recorded in ops inventory. |
| Gitea Shared Storage (gitea-shared-storage) | CoulombCore<br>type: k3s; cluster: coulombcore-k3s; namespace: default | railiance-platform<br>railiance-apps | - | unknown<br>2026-05-16: /home/worsch/helix-forge/wiki/OpsHubInventory.md | - | k8s: unknown (coulombcore-k3s/default/pvc/gitea-shared-storage) | Package blob backup and restore evidence not confirmed. |
| State Hub (state-hub) | CoulombCore<br>type: k3s; cluster: coulombcore-k3s; namespace: state-hub | state-hub<br>the-custodian | http://127.0.0.1:8000/state/health<br>Expected: status 200, health response | observed_ok<br>2026-07-03: Cluster hub healthy; railiance01 reaches via fleet forward tunnel. | postgresql:state-hub-db | http: observed_ok (workstation tunnel state-hub-primary → cluster)<br>tunnel: observed_ok (railiance01 systemd fleet-state-hub-coulombcore → cluster) | Primary home must move to railiance01 per CUST-WP-0054-T05. |
| issue-core (issue-core) | CoulombCore<br>type: k3s; cluster: coulombcore-k3s; namespace: issue-core | issue-core | http://127.0.0.1:8765/healthz<br>Expected: status 200, version response | observed_ok<br>2026-07-02: REST emission live via cross-machine fleet path. | postgresql:issue-core | tunnel: observed_ok (railiance01 fleet-issue-core-coulombcore → cluster) | Target railiance01 overlay per CUST-WP-0054 drain Wave 4. |
| Core Hub (core-hub) | CoulombCore<br>type: k3s; cluster: coulombcore-k3s; namespace: core-hub-staging | core-hub | https://hub.coulomb.social/api/v2/hubs<br>Expected: status 200, hub list when authenticated | observed_ok<br>2026-07-02: Staging deployed; production cutover gated on CORE-WP-0005-T04. | postgresql:core-hub | k8s: observed_ok (coulombcore-k3s/core-hub-staging) | Production cutover to railiance01 pending operator approval. |
| Fleet Mesh (railiance01) (fleet-mesh-railiance01) | Railiance01<br>type: systemd; host: railiance01 | the-custodian<br>ops-bridge | http://127.0.0.1:18000/state/health<br>Expected: status 200 | observed_ok<br>2026-07-03: Workstation reverse tunnels stopped; systemd forwards healthy. | - | ssh-tunnel: observed_ok (railiance01 → coulombcore ClusterIPs) | Migrate to atm-fleet-mesh cert_command when VAULT_TOKEN available. |
| Inter-Hub (inter-hub) | ThreePhoenix Production<br>type: external; public_endpoint: https://hub.coulomb.social | inter-hub | https://hub.coulomb.social/api/v2/openapi.json<br>Expected: status 200, OpenAPI document | unknown<br>2026-05-16: /home/worsch/helix-forge/wiki/OpsHubInventory.md | - | https: unknown (https://hub.coulomb.social) | ops-hub bootstrap requires authenticated UI flow or deployment-side migration. |
| activity-core (activity-core) | Railiance01<br>type: k3s; cluster: railiance01-k3s; namespace: activity-core | activity-core<br>the-custodian | activity-core API health endpoint<br>Expected: status 200, healthy DB and Temporal status | observed_ok<br>2026-05-23: API health, worker rollout, Temporal CLI schedule listing, and State Hub bridge were verified. | postgresql:activity-core<br>temporal:activity-core<br>nats:railiance01 | k8s: observed_ok (railiance01-k3s/activity-core) | Add explicit ops inventory probes and evidence events. |
| Ops Bridge (ops-bridge) | Local Workstation<br>type: bridge; host: local-workstation | ops-bridge | - | observed_ok<br>2026-07-03: state-hub-railiance01 and issue-core-railiance01 stopped; not production-critical. | - | ssh-tunnel: observed_ok (interactive dev tunnels only (k3s-api, state-hub-primary)) | Install ops-bridge on railiance01 or keep systemd fleet-mesh units. |
| Haskell Build Agent (haskell-build-agent) | Local Workstation<br>type: systemd; host: haskell-build-vm | the-custodian | http://127.0.0.1:18000<br>Expected: VM can reach State Hub through SSH forward | unknown<br>undated: Build agent is a systemd service and registers with State Hub on boot. | - | ssh: unknown (local workstation reverse tunnel port 12222) | Current tunnel and capability registration need live evidence in ops-hub. |
## Open Operating Gaps
### Gitea (`gitea`)
- Package token and push/pull verification need current evidence.
- Backup and restore evidence for database and shared storage not recorded in ops inventory.
### Gitea Database (`gitea-database`)
- Backup and restore evidence not recorded in ops inventory.
### Gitea Shared Storage (`gitea-shared-storage`)
- Package blob backup and restore evidence not confirmed.
### State Hub (`state-hub`)
- Primary home must move to railiance01 per CUST-WP-0054-T05.
- Consistency sweep writebacks still target workstation paths.
### issue-core (`issue-core`)
- Target railiance01 overlay per CUST-WP-0054 drain Wave 4.
### Core Hub (`core-hub`)
- Production cutover to railiance01 pending operator approval.
### Fleet Mesh (railiance01) (`fleet-mesh-railiance01`)
- Migrate to atm-fleet-mesh cert_command when VAULT_TOKEN available.
- Retire when State Hub and issue-core move to railiance01.
### Inter-Hub (`inter-hub`)
- ops-hub bootstrap requires authenticated UI flow or deployment-side migration.
### activity-core (`activity-core`)
- Add explicit ops inventory probes and evidence events.
### Ops Bridge (`ops-bridge`)
- Install ops-bridge on railiance01 or keep systemd fleet-mesh units.
### Haskell Build Agent (`haskell-build-agent`)
- Current tunnel and capability registration need live evidence in ops-hub.
## Next Evidence Events
- `ops-service-observed` for each runtime object confirmed by a probe.
- `ops-endpoint-verified` for HTTP, HTTPS, tunnel, or cluster endpoints.
- `ops-access-path-checked` for non-secret access path checks.
- `ops-backup-verified` where backup and restore evidence exists.
- `ops-inventory-drift` when observed state differs from this inventory.

View File

@@ -0,0 +1,94 @@
# Ops Hub Service Inventory
Date: 2026-06-05
## Purpose
The first ops-hub "now view" should answer one practical question:
> What service is running where, who owns it, how is it reached, and what
> evidence says it is alive?
The lowest-effort path is a small read model, not a full new application. The
read model starts as `ops/service-inventory.yml`, can be surfaced through
Inter-Hub ops widgets, and can later be ingested by the standalone `ops-hub`
repo planned in `CUST-WP-0025`.
## Operating Model
- Git owns the declared inventory.
- Inter-Hub widgets expose the visible ops entities.
- Interaction events provide timestamped operational evidence.
- activity-core runs repeatable probes and writes evidence.
- State Hub continues to own workstreams, tasks, decisions, and progress. It is
not the service catalog.
## Minimal Record Shape
Each service record should include:
- `id`: stable lowercase service id, for example `state-hub`.
- `name`: human-readable name.
- `lifecycle_state`: `observed`, `planned`, `target`, or `retired`.
- `health_status`: `unknown`, `observed_ok`, `degraded`, `down`, or `planned`.
- `environment`: environment id where the service currently belongs.
- `owner_repos`: repos that own desired state, runtime code, or runbooks.
- `runtime`: runtime kind and location details, such as `local-process`,
`k3s`, `systemd`, `external`, or `bridge`.
- `endpoints`: public, local, cluster, or tunnel endpoints with expected
non-secret checks.
- `backing_stores`: databases, PVCs, object stores, or external stores that
must be backed up with the service.
- `access_paths`: non-secret descriptions of SSH, Kubernetes, HTTP, or tunnel
paths.
- `evidence`: links to docs, progress events, probe results, or workplans.
- `gaps`: missing evidence or operating controls.
The schema lives at `schemas/ops-service-inventory.schema.json`.
## First View
The initial ops-hub view can be a dense table:
| Column | Meaning |
|---|---|
| Service | `name` plus `id` |
| Where | environment, host, cluster, namespace |
| Owner | owner repo and desired state source |
| Endpoint | primary endpoint and expected check |
| Health | latest health status and last evidence timestamp |
| Data | backing stores and backup gap summary |
| Access | access path status |
| Gaps | highest-priority missing operating evidence |
This is enough to make scattered operational reality visible without waiting
for a full incident system, runbook executor, or custom database.
The repo-native version is rendered to `docs/ops-hub-service-catalog.md`:
```bash
make ops-inventory-view
```
## Evidence Events
Use a small event vocabulary first:
- `ops-service-observed`: service/runtime object was observed.
- `ops-endpoint-verified`: endpoint responded as expected.
- `ops-access-path-checked`: access path was checked without storing secrets.
- `ops-backup-verified`: backup and restore evidence exists.
- `ops-inventory-drift`: observed state differs from declared inventory.
Event metadata should reference the stable inventory id and include non-secret
probe output only.
## Promotion Path
1. Keep `ops/service-inventory.yml` as the source artifact.
2. Seed or update Inter-Hub widgets from the inventory ids.
3. Let activity-core run probes and submit evidence events.
4. Build the first ops-hub view from inventory plus latest evidence.
5. When the standalone `ops-hub` repo exists, ingest the same inventory and
evidence events into the proper Service, AccessPath, Runbook, and Incident
models from `CUST-WP-0025`.

View File

@@ -0,0 +1,42 @@
# ops-warden Secret Posture Review
Date: 2026-06-27
Owner: the-custodian coordination; ops-warden owns the source standard.
## Review Outcome
ops-warden is moving from a simple "SSH certs plus route pointers" surface to a
more useful access and conformance steward:
- it still directly issues only the SSH certificate lane;
- it routes other credential needs to their owning subsystem;
- `warden access` may advise or proxy `exec_capable` lanes as the caller, without
storing values or becoming a secret broker;
- WARDEN-WP-0015 adds workload security posture: `dev/test/prod` environment
posture plus `M0-M3` workload maturity and a secret-flow lattice.
This helps CUST-WP-0051 because a security blocker can now be classified instead
of left as a generic "credentials needed" stop.
## Blocker Refinement Rules
| Situation | CUST-WP-0051 action |
| --- | --- |
| Dev/test implementation needs a credential-shaped dependency | Use synthetic contract doubles; do not wait for production secrets. |
| Production smoke needs a real value | Route to the owner, collect non-secret evidence, and keep the value out of Codex-visible surfaces. |
| Route is `exec_capable` | Prefer `warden access --fetch/--exec` as the caller over copy/paste handling. |
| Workload maturity is below the secret requirement | Keep the blocker; resolve by maturity advancement, policy/design change, or avoiding the secret. |
| OpenBao unseal, break-glass, or issuer custody is unresolved | Keep as operator ceremony/design blocker. |
## Current CUST-WP-0051 Read
| Gate | Refined blocker |
| --- | --- |
| Ops-hub runtime `OPS_HUB_KEY` | Production real-value custody gate; implementation is not blocked, live smoke is. |
| Inter-Hub ops-hub bootstrap | Access/custody gate with an attended execution path; no need to request secret values from ops-warden. |
| activity-core -> issue-core | Production API key injection/evidence gate; route is known through `activity-core-issue-sink`. |
| OpenBao unseal/helper | M3-style ceremony gate; operator design remains required. |
| Forgejo production migration | Production readiness gate spanning credentials, recovery drills, and cutover approval. |
Evidence stays non-secret: route id, owner, posture, maturity, policy decision id,
OpenBao path/version, populated-key count, smoke id, token accessor, or drill id.

View File

@@ -0,0 +1,34 @@
# State Hub Migration Strategy Status
Updated: 2026-06-27
## Decision
Use `CUST-WP-0011` as the active State Hub stabilization path.
Keep `CUST-WP-0038` and `RAIL-BS-WP-0007` as deferred HA/ThreePhoenix follow-up lanes.
Rationale: the pragmatic railiance01 deployment has already completed image
publish, cluster manifests, empty deploy, migrations, WSL2 data restore, row-count
comparison, and cluster API health checks. The remaining work is cutover and
stabilization, not initial buildout.
## Current State
| Path | State | Next action |
| --- | --- | --- |
| `CUST-WP-0011` pragmatic railiance01 | T01-T06 done. Cluster State Hub has verified restored WSL2 data and healthy API. | T07: get explicit approval to freeze WSL2 writes, restore final dump, compare again, and redirect private access/MCP to the cluster endpoint. |
| `CUST-WP-0038` full HA State Hub | Entry criteria depend on completing or superseding CUST-WP-0011 and passing stabilization. All implementation tasks are still todo. | Defer until cluster-hosted State Hub proves stable and ThreePhoenix storage/database strategy is current. |
| `RAIL-BS-WP-0007` ThreePhoenix HA cluster | All phases are todo. | Treat as substrate work for future critical workloads and HA State Hub, not as a blocker for pragmatic cutover. |
## Human Gates
- `CUST-WP-0011-T07`: explicit approval required before freezing WSL2 writes and making the cluster State Hub primary.
- `CUST-WP-0038-T08`: explicit approval required before retiring WSL2 fallback after HA failover and restore drills.
## Stable Pickup Path
1. Reconfirm current WSL2 backup and take final pre-cutover dump.
2. Restore final dump into railiance01 State Hub and compare counts again.
3. Redirect the active private access path: either keep local `127.0.0.1:8000` and move it to an ops-bridge/SSH tunnel, or set MCP `API_BASE` to the private cluster endpoint.
4. Run stabilization with WSL2 retained as fallback.
5. Document the operating model and leave final retirement to a later explicit decision or HA workplan.

View File

@@ -0,0 +1,89 @@
# T05 Phase 1 Evidence — Empty Stack on railiance01 (2026-07-06)
Workplan: `CUST-WP-0054-T05`
Parent runbook: `docs/state-hub-railiance01-cutover-plan.md`
`no_secret_material_recorded: true`
## Checklist
| Step | Action | Result | Evidence |
| --- | --- | --- | --- |
| 1.1 | Create `state-hub` namespace | **pass** | `kubectl get ns state-hub` |
| 1.2 | Deploy `state-hub-db` CNPG | **pass** | Cluster `databases/state-hub-db` healthy, 1 instance |
| 1.3 | Apply DB NetworkPolicies | **pass** | Applied from `deploy/railiance/platform/` |
| 1.4 | Create `state-hub-env` Secret | **pass** | `DATABASE_URL``state-hub-db-rw.databases.svc.cluster.local` |
| 1.5 | Helm image pin (Forgejo target) | **deferred** | Values updated; deploy uses gitea workaround (see § Image) |
| 1.6 | Alembic init Job | **pass** | `state-hub-alembic-init` Completed; head `f0a1b2c3d4e5` |
| 1.7 | Helm install + `/state/health` | **pass** | Pod Running; health `ok`, db `connected` |
**Phase 1 status: complete** (empty hub healthy; no production data). Phase 2 blocked on operator approval (Phase 0.6).
## Deployed resources (railiance01-k3s)
| Resource | Namespace | Status |
| --- | --- | --- |
| Secret `state-hub-db-credentials` | `databases` | present |
| CNPG Cluster `state-hub-db` | `databases` | healthy |
| Secret `state-hub-env` | `state-hub` | present |
| Helm release `state-hub` (rev 2) | `state-hub` | deployed |
| Job `state-hub-alembic-init` | `state-hub` | Completed |
| Deployment `state-hub` | `state-hub` | Running 1/1 |
| Service `state-hub` | `state-hub` | ClusterIP `10.43.68.154:8000` |
Kubeconfig: `KUBECONFIG=~/.kube/config-hosteurope` (workstation WSL).
## API verification (port-forward `18080:8000`)
```bash
curl -s http://127.0.0.1:18080/state/health
# {"status":"ok","db":"connected"}
curl -s http://127.0.0.1:18080/state/summary
# totals: topics=0, workstreams=0, tasks=0, decisions=0
```
Captured: 2026-07-06T16:24:19Z.
## Database verification (empty schema)
Alembic at head `f0a1b2c3d4e5`. Baseline gate tables — all **zero rows**:
| Table | Count |
| --- | ---: |
| `workplans` | 0 |
| `tasks` | 0 |
| `topics` | 0 |
| `progress_events` | 0 |
| `token_events` | 0 |
| `managed_repos` | 0 |
| `decisions` | 0 |
Queried via `kubectl exec` on `databases/state-hub-db-1` as `postgres`.
Post-Phase-2 restore must match coulombcore preflight counts exactly (see
`docs/state-hub-railiance01-cutover-preflight-2026-07-06.md`).
## Image workaround
| Image | Status | Notes |
| --- | --- | --- |
| `forgejo.coulomb.social/coulomb/state-hub:main-f9f0091` | **broken** | Empty venv (DinD `/tmp` + cache defect) |
| `forgejo.coulomb.social/coulomb/state-hub:main-d1a4fcf` | **fixed** | CI green @ `d1a4fcf`; `asyncpg` 0.31.0, 246-byte requirements |
| `gitea.coulomb.social/coulomb/state-hub:f2e042a` | **deployed** | Phase 1 Helm override; swap to Forgejo tag before Phase 2 |
**Root cause:** DinD legacy builder did not persist `/tmp` across RUN steps and
reused stale COPY layers; CI reported success at `f9f0091` with empty venv.
Fixed in `state-hub` @ `d1a4fcf` (single-RUN deps install under `/app`).
## Phase 2 prerequisites
- [ ] Operator approval for freeze/final restore (Phase 0.6)
- [x] Fix and republish Forgejo `state-hub` image (`main-d1a4fcf`)
- [ ] Helm upgrade railiance01 deploy to Forgejo image before Phase 2
- [ ] Fresh `pg_dump` from coulombcore per CUST-WP-0011-T07 playbook
## References
- `state-hub/deploy/railiance/apps/helm/state-hub-values.yaml` — Forgejo image pin
- `docs/state-hub-railiance01-cutover-plan.md` — Phase 25 sequence
- ClusterIP `10.43.68.154` — capture for Phase 3 tunnel rewire

View File

@@ -0,0 +1,62 @@
# T05 Phase 2 Evidence — Data Migration to railiance01 (2026-07-06)
Workplan: `CUST-WP-0054-T05`
Parent runbook: `docs/state-hub-railiance01-cutover-plan.md`
`no_secret_material_recorded: true`
## Checklist
| Step | Action | Result | Evidence |
| --- | --- | --- | --- |
| 2.1 | Pre-freeze `pg_dump` (coulombcore) | **pass** | `/tmp/state-hub-prefreeze-20260706T165001Z.dump` (3.0 MiB) |
| 2.2 | Freeze coulombcore writer | **pass** | `deployment/state-hub` scaled to 0 |
| 2.3 | Final `pg_dump` after freeze | **pass** | `/tmp/state-hub-final-20260706T165019Z.dump` (3.0 MiB) |
| 2.4 | Restore into railiance01 `state-hub-db` | **pass** | DROP/CREATE `state_hub` + `pg_restore --role=state_hub` |
| 2.5 | Exact-count comparison | **pass** | All 7 baseline tables match ±0 |
| 2.6 | Scale railiance01 API + verify | **pass** | Forgejo `main-d1a4fcf`; `/state/health` ok |
**Phase 2 status: complete.** Phase 3 (rewire access paths) not started.
## Baseline counts (pre-freeze gate)
Captured from coulombcore `state-hub-db-1` @ 2026-07-06T16:50Z:
| Table | Count |
| --- | ---: |
| `workplans` | 640 |
| `tasks` | 4002 |
| `topics` | 14 |
| `progress_events` | 8723 |
| `token_events` | 1936 |
| `managed_repos` | 74 |
| `decisions` | 79 |
Post-restore counts on railiance01 matched exactly.
## Production state after Phase 2
| Cluster | API | DB writer |
| --- | --- | --- |
| **railiance01** | Running 1/1 (`forgejo…:main-d1a4fcf`) | **primary** (restored data) |
| **coulombcore** | Scaled to **0** (frozen, rollback-capable) | Unchanged CNPG (source dump retained) |
Workstation `http://127.0.0.1:8000` still tunnels to coulombcore — **unreachable until Phase 3**.
## API verification (port-forward `18081:8000`)
```json
{"status":"ok","db":"connected"}
```
`GET /state/summary` totals: topics=14, workstreams=640, tasks=4002, decisions=79.
## Rollback
- coulombcore dump files retained under `/tmp/state-hub-*-20260706T*.dump` on workstation
- Scale coulombcore `state-hub` back to 1; do **not** delete railiance01 data until Phase 5 stabilizes
## Next: Phase 3
- Repoint `state-hub-primary` tunnel → railiance01 ClusterIP `10.43.68.154:8000`
- activity-core in-cluster URL; retire `fleet-state-hub-coulombcore`
- Smoke `POST /progress/` through production path

View File

@@ -0,0 +1,77 @@
# T05 Phase 3 Evidence — Access Path Rewire (2026-07-06)
Workplan: `CUST-WP-0054-T05`
Parent runbook: `docs/state-hub-railiance01-cutover-plan.md`
`no_secret_material_recorded: true`
## Checklist
| Step | Action | Result | Evidence |
| --- | --- | --- | --- |
| 3.1 | activity-core in-cluster URL | **pass** | `STATE_HUB_URL=http://state-hub.state-hub.svc.cluster.local:8000` |
| 3.2 | Retire `fleet-state-hub-coulombcore` | **pass** | systemd stopped + disabled on railiance01 |
| 3.3 | Workstation `state-hub-primary` | **pass** | `92.205.62.239``10.43.68.154:8000` |
| 3.4 | Agents `127.0.0.1:8000` | **pass** | `/state/health` ok via tunnel |
| 3.5 | Smoke write | **pass** | progress event `659fabf6` via `:8000` |
**Phase 3 status: complete.**
## Changes applied
### activity-core (railiance01-k3s)
- ConfigMap `actcore-runtime-config`: `STATE_HUB_URL` → in-cluster service
- `actcore-state-hub-bridge` Deployment scaled to **0**
- Rollout restart: `actcore-worker`, `actcore-api`, `actcore-event-router`
- Source: `activity-core/k8s/railiance/20-runtime.yaml`
Verified from `actcore-api` pod:
```text
url http://state-hub.state-hub.svc.cluster.local:8000
{"status":"ok","db":"connected"}
```
### railiance01 host
```bash
systemctl --user stop fleet-state-hub-coulombcore
systemctl --user disable fleet-state-hub-coulombcore
```
`:18000` no longer serves State Hub (expected).
### Workstation ops-bridge
`~/.config/bridge/tunnels.yaml``state-hub-primary`:
| Field | Before | After |
| --- | --- | --- |
| `host` | `92.205.130.254` (coulombcore) | `92.205.62.239` (railiance01) |
| `remote_host` | `10.43.170.94` | `10.43.68.154` |
| `actor` | `agt-claude-coulombcore` | `agt-claude-railiance01` |
Stale `state-hub-coulombcore` tunnel on `:8000` cleared before primary restart.
## Verification
```bash
curl -s http://127.0.0.1:8000/state/health
# {"status":"ok","db":"connected"}
curl -s http://127.0.0.1:8000/state/summary
# workstreams 640, tasks 4002
```
## Production topology after Phase 3
```
workstation :8000 ──state-hub-primary──► railiance01 SSH ──► 10.43.68.154:8000 (state-hub)
activity-core pods ──in-cluster DNS──► state-hub.state-hub.svc.cluster.local:8000
coulombcore state-hub Deployment: scaled 0 (rollback only)
```
## Next: Phase 45
- Phase 4: sweep checkout migration to `/home/tegwick/<slug>`
- Phase 5: 4872h stabilization before coulombcore teardown

View File

@@ -0,0 +1,83 @@
# T05 Phase 4 Evidence — Sweep Checkout Migration (2026-07-06)
Workplan: `CUST-WP-0054-T05`
Parent runbook: `docs/state-hub-railiance01-cutover-plan.md`
`no_secret_material_recorded: true`
## Checklist
| Step | Action | Result | Evidence |
| --- | --- | --- | --- |
| 4.1 | Clone root `/home/tegwick/<slug>` | **pass** | 74 host_paths registered; 73 new clones + 4 retried |
| 4.2 | Bulk clone from git remotes | **pass** | `railiance01-bulk-clone-repos.sh` on railiance01 |
| 4.3 | Register `host_paths` | **pass** | host=`239.62.205.92.host.secureserver.net` × 74 |
| 4.4 | Sweep on railiance01 | **pass** | `POST /consistency/sweep/remote-all` exit_code=0 |
| 4.5 | Writeback on railiance01 | **pass** | `the-custodian` fix: `push: pushed` from `/home/tegwick/` |
**Phase 4 status: complete.**
## Infrastructure changes
### state-hub image (`main-phase4-sweep`)
Imported to railiance01 k3s (local build; promote via Forgejo CI next):
- Dockerfile: `git`, `openssh-client`
- `STATE_HUB_SWEEP_HOSTNAME` env (Kubernetes pod hostname cannot contain dots)
- `api/classification.py`: railiance01 path fallback for allowed-values YAML
- `scripts/consistency_check.py`: `_sweep_hostname()` for `host_paths` resolution
### Helm (`deploy/railiance/apps/helm/state-hub-values.yaml`)
```yaml
sweep:
enabled: true
hostname: 239.62.205.92.host.secureserver.net
hostPath: /home/tegwick
sshHostPath: /home/tegwick/.ssh
```
Deployment mounts host clone tree + SSH config; `postStart` sets
`git config --global safe.directory '*'` (root in pod, tegwick-owned repos).
### railiance01 host
- SSH: `~/.ssh/config` with `forgejo-remote` + `gitea-remote` (workstation `id_gitea` copied)
- Clone tree: `/home/tegwick/<slug>` (77 entries incl. tooling dirs)
- Failed-then-fixed slugs: `ihp-railiance-probe`, `llm-connect`, `markitect-project` (from `markitect_project`), `vergabe_teilnahme` (from `vergabe-teilnahme`)
## Tooling added (the-custodian)
- `tools/railiance01-bulk-clone-repos.sh`
- `tools/railiance01-register-host-paths.sh`
## Verification
```bash
# Single-repo fix inside pod — railiance01 path, push succeeds
kubectl -n state-hub exec deploy/state-hub -- \
python3 /app/scripts/consistency_check.py --repo the-custodian --fix \
--api-base http://127.0.0.1:8000
# → repo_path: /home/tegwick/the-custodian, push: pushed
# Full sweep canary
curl -s -X POST http://127.0.0.1:8000/consistency/sweep/remote-all \
-H "Content-Type: application/json" \
-d '{"max_seconds":300,"source":"phase4-canary"}'
# → exit_code: 0, 8 repos processed (budget-limited first pass), skipped_missing: 0
```
`.custodian-brief.md` on railiance01 (`17:08 UTC`) is newer than workstation (`15:27 UTC`).
Workstation `host_paths[bnt-lap001]` retained for dev; production sweep resolves
`host_paths[239.62.205.92.host.secureserver.net]`.
## Follow-ups (Phase 5)
- Promote `main-phase4-sweep` image via Forgejo CI (replace hand-imported tag)
- Allow longer first-pass sweep budget or multiple cron cycles to reconcile all 74 repos
- activity-core scheduled sweeps should recover (were failing with exit_code=1 pre-Phase-4)
## Next: Phase 5
4872h stabilization before coulombcore hub teardown.

View File

@@ -0,0 +1,109 @@
# T05 Phase 5 Evidence — Stabilization Window (2026-07-06)
Workplan: `CUST-WP-0054-T05`
Parent runbook: `docs/state-hub-railiance01-cutover-plan.md`
`no_secret_material_recorded: true`
## Window
| Field | Value |
| --- | --- |
| Started | 2026-07-06 ~17:35 UTC |
| Target close | 2026-07-09 17:35 UTC (72h) |
| Owner | custodian |
| Rollback | coulombcore `state-hub` Deployment + dumps retained ≥7 days |
**Phase 5 status: in progress.**
## Kickoff baseline (2026-07-06T17:41Z)
| Check | Result | Evidence |
| --- | --- | --- |
| Hub `/state/health` | **pass** | `{"status":"ok","db":"connected"}` via `state-hub-primary` |
| Row-count gate | **pass** | workstreams **640**, tasks **4002**, topics **14** (matches Phase 2 gate) |
| railiance01 pod | **pass** | `state-hub-76fdffdc9d-dtvpb` Running, **0** restarts (rev 7 @ `main-375961c`) |
| CNPG `state-hub-db` | **pass** | `Cluster in healthy state`, 1/1 |
| coulombcore rollback | **pass** | `state-hub` replicas=**0** (not deleted) |
| activity-core hub path | **pass** | in-cluster `http://state-hub.state-hub.svc.cluster.local:8000`; bridge **0** |
| Consistency sweeps | **pass** | 6/6 recent events `exit_code=0`, `skipped_missing=0` (post-17:15 UTC) |
| Sweep writeback host | **pass** | repos resolve `/home/tegwick/*` (Phase 4) |
| Workstation tunnel | **pass** | `state-hub-primary` connected + LIVE → railiance01 |
| Daily triage (post-cutover) | **pass** | manual trigger 2026-07-06T17:50Z; event `a99e644e`, report `daily-triage-2026-07-06-67685f1c.md` |
| issue-core emission | **unchanged** | `issue-core-coulombcore` tunnel connected; null-sink audit mode (Wave 4) |
Kickoff sweep (`source=phase5-kickoff`): **exit_code=0**, 10 repos processed, 0 missing.
## Day-1 check (2026-07-06T22:35Z)
`tools/phase5-stabilization-check.sh` — all green:
| Check | Result |
| --- | --- |
| `/state/health` + totals | **pass** — 640 workstreams / 4002 tasks / 14 topics |
| railiance01 pod | **pass**`state-hub-76fdffdc9d-dtvpb`, 0 restarts, age ~4h |
| CNPG | **pass** — healthy 1/1 |
| coulombcore rollback | **pass** — replicas=0 |
| activity-core | **pass** — in-cluster URL; bridge replicas=0 |
| Sweeps (last 6) | **pass** — exit_code=0, proc=11, missing=0 |
| Daily triage | **pass** — last run 2026-07-06T17:50Z |
| Tunnels | **pass**`state-hub-primary` connected + LIVE |
Window closes **2026-07-09 ~17:35 UTC** (~65h remaining at check time).
## Scheduled checks (activity-core)
| Definition | Schedule | Event type |
| --- | --- | --- |
| `phase5-stabilization-daily` (`f3a8c2e1…`) | `0 9 * * *` Europe/Berlin | `phase5_stabilization_check` |
| `phase5-stabilization-closeout` (`e7d2b5a8…`) | once `2026-07-09T17:35Z` | `phase5_stabilization_closeout` |
Hub-visible gates: health, totals (640/4002/14), last 6 sweeps, daily triage
freshness ≤36h. Closeout fails visibly when any gate is red; passes record
`operator_signoff_needed` for coulombcore teardown approval.
## Monitoring
Run daily (or after incidents):
```bash
~/the-custodian/tools/phase5-stabilization-check.sh
```
Sweep history (24h):
```bash
cd ~/state-hub
uv run python scripts/compare_consistency_sweep_parallel.py --since-hours 24
```
## Exit gates (T05 done)
From `docs/state-hub-railiance01-cutover-plan.md` verification checklist:
- [x] `/state/summary` totals match pre-cutover (±0)
- [x] activity-core **daily triage** succeeds once post-cutover (manual 2026-07-06T17:50Z)
- [x] activity-core **consistency sweeps** succeed without `fleet-state-hub-coulombcore`
- [x] Workstation `:8000` serves railiance01 hub
- [x] Writeback lands on railiance01 clone path
- [x] coulombcore hub scaled to 0
- [x] Cutover progress notes recorded (Phases 05)
**Close Phase 5 / mark T05 done when:** 72h window passes with no data-loss signals,
sweeps stay `exit_code=0` (lock_skipped acceptable), one post-cutover daily triage
succeeds, and operator approves coulombcore hub teardown window.
## Known watch items
1. **Sweep budget** — 300s processes ~810 dirty repos per tick; expect gradual
reconciliation across 15m cron cycles (not a blocker).
2. ~~**Image tag**~~**resolved 2026-07-07T01:10Z**: Forgejo CI `image.yaml #31`
published `main-0ca9c27` (working-memory sweep commit support); Helm rev 8
deployed; `/state/health` ok. Prior `main-375961c` (rev 7) superseded.
3. **Stale tunnel**`state-hub-coulombcore` shows `[STALE]`; safe to retire after
stabilization if unused.
4. **issue-core** — still coulombcore-chained; tracked under Wave 4 / T06, not T05.
## References
- Phase 4: `docs/state-hub-railiance01-cutover-phase4-2026-07-06.md`
- Sweep runbook: `state-hub/docs/consistency-sweep-runbook.md`

View File

@@ -0,0 +1,233 @@
# State Hub railiance01 Cutover Plan (CUST-WP-0054-T05)
Date: 2026-07-06
Workplans: `CUST-WP-0054-T05`, `CUST-WP-0011-T07` (playbook), Wave 2 in `docs/coulombcore-drain-placement-plan.md`
`no_secret_material_recorded: true`
## Purpose
Move the **production State Hub primary** from **coulombcore-k3s** to **railiance01-k3s**
so the automation loop (activity-core, Temporal, daily triage, consistency sweeps)
is machine-local and survives coulombcore or workstation outages.
This is a **second cutover** in the pragmatic migration arc:
| Cutover | Date | From | To |
| --- | --- | --- | --- |
| CUST-WP-0011-T07 | 2026-07-03 | WSL2 | coulombcore cluster |
| **CUST-WP-0054-T05** | planned | coulombcore cluster | railiance01 cluster |
## Current state (2026-07-06 inventory)
### Production writer
| Item | Value |
| --- | --- |
| API workload | coulombcore-k3s, namespace `state-hub` |
| Database | CNPG `state-hub-db`, namespace `databases` on coulombcore |
| Image (deployed) | `gitea.coulomb.social/coulomb/state-hub:f2e042a` (Helm handoff pin) |
| Image (Forgejo CI) | `forgejo.coulomb.social/coulomb/state-hub:f9f0091` — ready for cutover |
| Hub totals | 637 workstreams, 3983 tasks, 14 topics (`GET /state/summary`) |
### Access paths
| Consumer | Path today | Serves |
| --- | --- | --- |
| Workstation agents | `http://127.0.0.1:8000` | ops-bridge `state-hub-primary` → coulombcore cluster Svc |
| activity-core (railiance01) | `actcore-state-hub-bridge``127.0.0.1:18000` | systemd `fleet-state-hub-coulombcore` → coulombcore ClusterIP `10.43.170.94:8000` |
| WSL2 fallback | `make api` (local compose) | Retained; not normal writer |
### railiance01 cluster (target)
| Item | Status |
| --- | --- |
| CNPG operator | Healthy (`forgejo-db`, `net-kingdom-pg` in `databases`) |
| Namespace `state-hub` | **Does not exist** |
| CNPG `state-hub-db` on railiance01 | **Not deployed** |
| Hostname for `host_paths` | `239.62.205.92.host.secureserver.net` (not `railiance01`) |
| Clone tree | Partial (`activity-core`, `llm-connect`, … under `/home/tegwick/`) |
| Forgejo | Canonical (`forgejo.coulomb.social`) — Wave 1 complete |
### Prerequisites satisfied
- [x] T04 tier-3 production repos on Forgejo (images build in CI)
- [x] Fleet mesh de-hub (T02) — production does not chain through workstation
- [x] CUST-WP-0011 deploy handoff (`state-hub/deploy/railiance/`)
- [x] **Phase 0 preflight** (2026-07-06) — `docs/state-hub-railiance01-cutover-preflight-2026-07-06.md`
- [x] CNPG + storage sign-off (Wave 2.1) — `local-path`, 75G free, operator healthy
- [ ] **Operator approval** for freeze/final restore (constitution gate)
## Target end state
```
railiance01-k3s
databases/state-hub-db (CNPG, 1 instance)
state-hub/state-hub Deployment + ClusterIP :8000
├── activity-core: in-cluster http://state-hub.state-hub.svc:8000
│ (retire actcore-state-hub-bridge + fleet-state-hub-coulombcore)
├── consistency sweep: host_paths[239.62.205.92.host.secureserver.net]
│ → /home/tegwick/<repo> (Forgejo clones)
└── workstation (dev): ops-bridge tunnel → railiance01 cluster Svc
coulombcore: state-hub scaled to 0 / read-only rollback copy (not writer)
WSL2: fallback only (CUST-WP-0011-T08/T09 retirement folds into T10)
```
## Safety contract (from CUST-WP-0011)
- coulombcore remains rollback-capable until stabilization passes.
- No cutover without **exact-count** row comparison after final restore.
- Failed railiance01 deploy must not destroy coulombcore data.
- Explicit human approval before freezing the production writer.
## Cutover phases
### Phase 0 — Preflight and baseline (no production impact)
**Owner:** platform + custodian
**Done when:** checklist green, baseline row counts recorded.
| # | Action | Command / artifact |
| --- | --- | --- |
| 0.1 | Record baseline totals | `curl -s http://127.0.0.1:8000/state/summary` |
| 0.2 | Record per-table counts | `pg_dump --schema-only` + `SELECT count(*)` on coulombcore CNPG (via port-forward) |
| 0.3 | Confirm Forgejo image pull | `crictl pull forgejo.coulomb.social/coulomb/state-hub:f9f0091` on railiance01 |
| 0.4 | Dry-run manifests | `cd ~/state-hub && KUBECONFIG=~/.kube/config-hosteurope make railiance-state-hub-server-dry-run` |
| 0.5 | Storage review | Confirm `local-path` (or chosen class) has ≥10Gi for `state-hub-db` PVC |
| 0.6 | Operator approval | `POST /decisions/` or workplan note with approval id |
**Recorded 2026-07-06 (Phase 0 complete):** see
`docs/state-hub-railiance01-cutover-preflight-2026-07-06.md`.
```text
workplans: 637 tasks: 3983 topics: 14
progress_events: 8717 token_events: 1936 managed_repos: 74
decisions: 79
```
Post-restore counts on railiance01 must match exactly.
### Phase 1 — Deploy empty stack on railiance01
**Owner:** `railiance-platform` + `railiance-apps` promotion from `state-hub/deploy/railiance/`
**Done when:** empty hub healthy on railiance01, Alembic at head, **no production data yet**.
| # | Action | Notes |
| --- | --- | --- |
| 1.1 | Create `state-hub` namespace | `apps/manifests/state-hub-namespace.yaml` |
| 1.2 | Deploy `state-hub-db` CNPG | `platform/state-hub-db-cluster.yaml` + credentials Secret |
| 1.3 | Apply DB NetworkPolicies | `platform/state-hub-db-networkpolicies.yaml` |
| 1.4 | Create `state-hub-env` Secret | `DATABASE_URL``state-hub-db-rw.databases.svc.cluster.local` |
| 1.5 | Update image to Forgejo | `forgejo.coulomb.social/coulomb/state-hub:f9f0091` in values |
| 1.6 | Run Alembic Job | Same pattern as CUST-WP-0011-T05 |
| 1.7 | Helm install `state-hub` | `namespace.create=false`; verify `/state/health` via port-forward |
Promotion path: copy handoff assets into `railiance-platform` / `railiance-apps` repos
(GitOps) or apply from `state-hub/deploy/railiance/` with operator approval.
### Phase 2 — Data migration (CUST-WP-0011-T07 playbook)
**Owner:** custodian operator
**Done when:** railiance01 DB is exact copy; coulombcore API still available for rollback.
| # | Action | Notes |
| --- | --- | --- |
| 2.1 | Fresh `pg_dump` from coulombcore `state_hub` | Custom format (`-Fc`); timestamp recorded |
| 2.2 | **Freeze** coulombcore writer | Scale `state-hub` Deployment to 0 on coulombcore |
| 2.3 | Final `pg_dump` | Immediately after freeze |
| 2.4 | Restore into railiance01 `state-hub-db` | `pg_restore` with `SET ROLE state_hub`; scale railiance01 API to 0 during restore |
| 2.5 | Exact-count comparison | All public tables; mismatch → abort, restore coulombcore |
| 2.6 | Scale railiance01 API to 1 | Verify `/state/health` + `/state/summary` via port-forward |
### Phase 3 — Rewire access paths
**Owner:** ops-bridge + activity-core
**Done when:** all production consumers reach railiance01 hub without coulombcore hop.
| # | Consumer | Before | After |
| --- | --- | --- | --- |
| 3.1 | activity-core | bridge → `:18000` → fleet tunnel → coulombcore | In-cluster `http://state-hub.state-hub.svc.cluster.local:8000` (retire bridge Deployment) |
| 3.2 | railiance01 systemd | `fleet-state-hub-coulombcore` active | **Disable/stop** unit |
| 3.3 | Workstation | `state-hub-primary` → coulombcore | Repoint tunnel to railiance01 cluster Svc ClusterIP |
| 3.4 | MCP / agents | `API_BASE=http://127.0.0.1:8000` | Unchanged URL; tunnel backend moves |
| 3.5 | Smoke write | `POST /progress/` from activity-core | Record event id as cutover proof |
ClusterIP for railiance01 `state-hub` Service must be captured at deploy time for
tunnel `remote_host` if using SSH local-forward pattern from T02.
### Phase 4 — Sweep checkout migration (Wave 2.3)
**Owner:** custodian + STATE-WP-0064
**Done when:** production writebacks use railiance01 paths, not workstation.
| # | Action | Notes |
| --- | --- | --- |
| 4.1 | Define clone root | `/home/tegwick/<slug>` (existing partial tree) |
| 4.2 | Bulk clone from Forgejo | Script over registered repos (`GET /repos/`) |
| 4.3 | Register `host_paths` | `POST /repos/{slug}/paths` with host=`239.62.205.92.host.secureserver.net` |
| 4.4 | Run sweep on railiance01 | `POST /consistency/sweep/remote-all` or activity-core cron |
| 4.5 | Verify git writeback | fix-consistency mutates railiance01 clone, not `/home/worsch/*` |
Workstation `host_paths` entries may remain for dev; production sweep host becomes
the railiance01 FQDN.
### Phase 5 — Stabilization (4872h)
**Owner:** custodian
**Done when:** no data loss, triage + sweeps + emission green without coulombcore.
Monitor:
- State Hub pod restarts (railiance01)
- CNPG `state-hub-db` health
- Daily triage ActivityRun success
- Consistency sweep `exit_code: 0` every 15m
- issue-core emission (still via coulombcore tunnel until Wave 4)
coulombcore state-hub remains **stopped, not deleted** until stabilization passes.
## Rollback
| Trigger | Action |
| --- | --- |
| Row-count mismatch | Do not rewire; scale coulombcore API back to 1 |
| railiance01 API unhealthy post-rewire | Re-enable `fleet-state-hub-coulombcore`; repoint workstation tunnel to coulombcore |
| Data corruption suspected | Restore coulombcore from pre-cutover dump; freeze railiance01 |
Rollback window: keep coulombcore dump and Deployment manifests for ≥7 days.
## Verification checklist (T05 done)
- [ ] `GET /state/summary` on railiance01 matches pre-cutover totals (±0 rows)
- [ ] activity-core triage + sweep ActivityRuns succeed without `fleet-state-hub-coulombcore`
- [ ] Workstation `127.0.0.1:8000/state/health` serves railiance01 hub
- [ ] `fix-consistency` writeback lands on railiance01 clone path
- [ ] coulombcore hub Deployment scaled to 0 (not deleted)
- [ ] Progress event recorded with cutover summary + operator approval ref
## Sequencing with other CUST-WP-0054 tasks
| Task | Relationship |
| --- | --- |
| T04 | **Prerequisite met** — Forgejo is clone/image source |
| T06 | Can proceed in parallel; sink paths still reference workstation until T06 |
| T07 | Dev beachhead independent |
| T10 | WSL2 fallback retirement + 24h workstation-off proof after T05 stabilizes |
## Open decisions (need operator input before Phase 2)
1. **Maintenance window** — suggested low-traffic window; freeze blocks hub writes ~1530 min.
2. **GitOps vs manual apply** — promote `deploy/railiance/` into `railiance-platform`/`railiance-apps` first, or operator apply for speed?
3. **Sweep clone scope** — all 74 registered repos at cutover, or phased (state-hub + the-custodian + activity-core first)?
4. **coulombcore rollback retention** — how long to keep stopped Deployment + dump?
## References
- `state-hub/workplans/archived/260706-CUST-WP-0011-state-hub-threephoenix-migration.md` (T07 sequence)
- `state-hub/docs/cluster-operating-model.md` (current coulombcore reality — update post-cutover)
- `state-hub/deploy/railiance/README.md`
- `docs/fleet-mesh-dehub-runbook.md`
- `docs/forgejo-tier3-remote-url-sweep-playbook.md` (§ Railiance01 sweep paths)
- `docs/coulombcore-drain-placement-plan.md` (Wave 2)
- `infra/fleet-mesh/railiance01-tunnels.yaml`

View File

@@ -0,0 +1,109 @@
# T05 Phase 0 Preflight Evidence — 2026-07-06
Workplan: `CUST-WP-0054-T05`
Parent runbook: `docs/state-hub-railiance01-cutover-plan.md`
`no_secret_material_recorded: true`
## Checklist
| Step | Action | Result | Evidence |
| --- | --- | --- | --- |
| 0.1 | Baseline API totals | **pass** | See § API summary below |
| 0.2 | Per-table PG counts (coulombcore) | **pass** | See § Table counts below |
| 0.3 | Forgejo image pull (railiance01) | **pass** | `main-f9f0091` + `latest` @ `sha256:0b62f2d530cf7` |
| 0.4 | Manifest dry-run (railiance01) | **pass** | Server + client dry-run exit 0 |
| 0.5 | Storage / CNPG review | **pass** | `local-path` default; 75G free on `/`; CNPG healthy |
| 0.6 | Operator approval | **pending** | Required before Phase 2 freeze |
## API summary (`GET /state/summary` @ 2026-07-06T16:06:15Z)
```json
{
"topics": { "total": 14 },
"workstreams": { "total": 637, "active": 11, "finished": 582 },
"tasks": { "total": 3983, "todo": 88, "progress": 4, "done": 3696 },
"decisions": { "total": 79, "open": 1, "resolved": 76 }
}
```
Full artifact: captured at preflight run from `http://127.0.0.1:8000/state/summary`.
## Table counts — coulombcore `state-hub-db` (production writer)
Queried via `kubectl exec` on `databases/state-hub-db-1` as `postgres`:
| Table | Count | CUST-WP-0011-T07 reference |
| --- | ---: | --- |
| `workplans` | 637 | was 633 at 2026-07-03 cutover |
| `tasks` | 3983 | was 3964 |
| `progress_events` | 8717 | was 8192 |
| `topics` | 14 | was 14 |
| `token_events` | 1936 | was 1933 |
| `managed_repos` | 74 | — |
| `decisions` | 79 | — |
**Cutover gate:** post-restore counts on railiance01 must match this table exactly.
## Production deployment (coulombcore, source of dump)
| Item | Value |
| --- | --- |
| API image | `gitea.coulomb.social/coulomb/state-hub:f2e042a` |
| API pod | `state-hub/state-hub-7d565cddf4-jnpfw` Running |
| CNPG cluster | `databases/state-hub-db` — healthy, 11d |
| ClusterIP | `10.43.170.94:8000` |
| Workstation access | ops-bridge `state-hub-primary` → above Svc |
## Target image (railiance01 deploy)
| Tag | Digest | Notes |
| --- | --- | --- |
| `forgejo.coulomb.social/coulomb/state-hub:main-f9f0091` | `sha256:0b62f2d530cf7` | CI build from tier-3 promotion |
| `forgejo.coulomb.social/coulomb/state-hub:latest` | same | Alias |
| `:f9f0091` | **not found** | Use `main-f9f0091` or `latest` in Helm values |
## railiance01 platform readiness
| Check | Status |
| --- | --- |
| CNPG operator (`cnpg-system`) | Running |
| Existing CNPG clusters | `forgejo-db`, `net-kingdom-pg` healthy |
| `state-hub` namespace | Does not exist (expected — Phase 1 creates) |
| `state-hub-db` on railiance01 | Not deployed (expected) |
| StorageClass | `local-path` (default) |
| Node disk | 75G available on `/` (96G volume, 23% used) |
| Sweep hostname | `239.62.205.92.host.secureserver.net` |
| Partial clone tree | `/home/tegwick/activity-core`, `llm-connect`, … |
## Dry-run output summary
```bash
cd ~/state-hub
KUBECONFIG=~/.kube/config-hosteurope make railiance-state-hub-server-dry-run # exit 0
KUBECONFIG=~/.kube/config-hosteurope make railiance-state-hub-client-dry-run # exit 0
```
Server dry-run created (dry-run): `state-hub-db-credentials`, `state-hub-db` Cluster,
DB NetworkPolicies, `state-hub` Namespace, `state-hub-env`, ConfigMap, Service, Deployment.
## Phase 1 readiness
Phase 0 is **complete except operator approval (0.6)**. Phase 1 may proceed without
approval (empty stack deploy). Phase 2 freeze/restore **requires** explicit approval.
### Recommended Helm image pin for Phase 1
```yaml
image:
repository: forgejo.coulomb.social/coulomb/state-hub
tag: "main-f9f0091"
```
Update `state-hub/deploy/railiance/apps/helm/state-hub-values.yaml` and promote
to `railiance-apps` before or during Phase 1.
## Open items carried to Phase 1
1. Create SOPS-backed `state-hub-db-credentials` on railiance01 (platform)
2. Create `state-hub-env` Secret with `DATABASE_URL` pointing at railiance01 CNPG rw svc
3. Confirm image pull secret if Forgejo registry requires auth from cluster (currently pulls anonymously)

View File

@@ -0,0 +1,298 @@
# Workstation Independence and Fleet Role Architecture
Date: 2026-07-03
Status: draft (canon-adjacent; promote to `canon/architecture/` after review)
Workplan: `CUST-WP-0054` T01
Related: `ADR-001`, `ADR-004`, `RAIL-BS-WP-0006`, `RAIL-HO-WP-0005`, `CUST-WP-0011`
## Purpose
Fix the three-machine role model, the fleet mesh topology, the promotion gate
for "production", and the phoenix path `coulombcore → railiance02`. Provide a
dependency register so every workload, tunnel, repo remote, sink path, and
build pipeline has a **current host**, **target host**, and **migration owner**.
The acceptance proof for the whole plan is `CUST-WP-0054-T10`: production runs
24h+ with the workstation fully offline.
## Machine Roles
| Machine | IP / identity | Current role (2026-07-03) | Target role |
| --- | --- | --- | --- |
| **railiance01** | `92.205.62.239` | First ThreePhoenix foundation node; hosts activity-core production, partial State Hub cluster footprint, automation schedules | **Production home** — first node of the growing Railiance fleet; hosts State Hub primary, forge, CI runners, and the automation loop |
| **coulombcore** | `92.205.130.254` | De-facto production host: State Hub cluster primary, Core Hub (`hub.coulomb.social`), issue-core, OpenBao, identity stack, ESO/ArgoCD, Gitea/registry | **Frozen legacy** — no new production; drain workload-by-workload; eventually wiped and **reborn as railiance02** |
| **workstation** | `bnt-lap001` / WSL2 | Production network hub (all 16 ops-bridge tunnels), State Hub client endpoint (`127.0.0.1:8000`), consistency-sweep writebacks, image build/publish, dev checkouts for 74 registered repos | **Temporary dev environment** — clone repos, run `make dev-hub`, push when connected; nothing in the production loop may depend on it being on |
### Role invariants
1. Production workloads authenticate, schedule, emit, and reconcile without the
workstation.
2. `coulombcore` is frozen for new production immediately (policy; see T03).
3. A workload counts as "production on railiance01" only after passing the
staged-promotion gate (see below).
4. Files remain authoritative per ADR-001; fleet databases are disposable caches.
## Fleet Mesh Topology
### Current topology (workstation as hub)
All ops-bridge tunnels originate on the workstation. Two production data paths
**chain through** it:
```
railiance01 workstation coulombcore
─────────── ─────────── ───────────
activity-core ──(state-hub-railiance01 reverse)──► :18000 ──(state-hub-primary forward)──► State Hub cluster
activity-core ──(issue-core-railiance01 reverse)──► :local ──(issue-core-coulombcore forward)──► issue-core
```
Live tunnel inventory (2026-07-03, `bridge status`):
| Tunnel | Direction | Actor | Production-critical? |
| --- | --- | --- | --- |
| `state-hub-primary` | workstation → coulombcore cluster | `agt-claude-coulombcore` | **yes** — MCP/agents reach cluster hub via `127.0.0.1:8000` |
| `state-hub-cluster-coulombcore` | workstation → coulombcore | `agt-claude-coulombcore` | dev/ops access |
| `state-hub-railiance01` | railiance01 → workstation (reverse) | `agt-claude-railiance01` | **yes** — activity-core reaches hub |
| `state-hub-mcp-railiance01` | railiance01 → workstation (reverse) | `agt-claude-railiance01` | dev MCP |
| `issue-core-railiance01` | railiance01 → workstation (reverse) | `agt-claude-railiance01` | **yes** — emission lane |
| `issue-core-coulombcore` | workstation → coulombcore | `agt-claude-coulombcore` | **yes** — completes emission chain |
| `state-hub-coulombcore` | workstation → coulombcore | `agt-claude-coulombcore` | legacy/dev |
| `state-hub-mcp-coulombcore` | workstation → coulombcore | `agt-claude-coulombcore` | dev MCP |
| `k3s-api-coulombcore` | workstation → coulombcore | `agt-claude-coulombcore` | operator dev |
| `k3s-api-haskelseed` | workstation → haskelseed | `agt-claude-haskelseed` | experimental |
| `flex-auth-coulombcore` | workstation → coulombcore | `agt-claude-coulombcore` | identity dev |
| `core-hub-staging-coulombcore` | workstation → coulombcore | `agt-claude-coulombcore` | staging |
| `inter-hub-coulombcore` | workstation → coulombcore | `agt-claude-coulombcore` | legacy Inter-Hub |
| `state-hub-haskelseed` | haskelseed → workstation | `agt-claude-haskelseed` | experimental |
| `state-hub-mcp-haskelseed` | haskelseed → workstation | `agt-claude-haskelseed` | experimental |
| `nix-daemon-haskelseed` | haskelseed → workstation | `agt-claude-haskelseed` | build dev |
A workstation reboot breaks daily triage evidence, consistency sweeps, and
issue emission until tunnels recover.
### Target topology (fleet-owned mesh)
```
railiance01 ◄────────────────────────────────────► coulombcore (draining)
│ direct atm- tunnels (ops-bridge on-host) │
│ State Hub API │ legacy until drain complete
│ issue-core REST │
└─ activity-core, Temporal, sweep checkouts └─ identity, OpenBao (last to move)
workstation (optional client)
│ interactive-only: k3s API, hub read, dev-hub
└─ may disconnect without production impact
```
Implementation owner: `CUST-WP-0054-T02`.
Key changes:
- ops-bridge (or systemd ssh units) runs **on railiance01** with `atm-` actor
certs for cross-machine lanes.
- `actcore-state-hub-bridge` and `actcore-issue-core-bridge` point at
machine-local tunnel ports, not workstation forwards.
- Workstation tunnels remain for interactive dev only.
- Evaluate WireGuard mesh when persistent unit count exceeds ~5.
This posture extends ADR-004 (connectivity-first) from "workstation connects
everything" to "fleet machines connect each other; workstation is a client."
## Production Promotion Gate
A workload is **production on railiance01** only when it conforms to the
finished staged-promotion contract (`RAIL-BS-WP-0006`):
| Gate | Requirement |
| --- | --- |
| Overlay repo | `railiance/<app>/` with `app.toml` and stage manifests |
| Stage commands | `stage deploy`, `stage observe`, `stage promote`, `stage rollback` proven |
| Evidence | Backup/restore drill, canary observation, operator approval recorded |
| Registry | Image in forge OCI registry with immutable tag |
**Exceptions** must be documented in the placement plan (T03) with explicit
rollback. No exception bypasses backup evidence for stateful workloads.
`coulombcore` workloads still running in production today are **grandfathered
legacy** until their drain task completes — not newly promoted production.
## Phoenix Path: coulombcore → railiance02
Machine-scale phoenix rotation reuses the same automation intended for future
3-node weekly rotations (`RAIL-BS-WP-0007`, `CUST-WP-0038` deferred until
railiance02 exists).
### Preconditions (drain complete)
All production dependencies moved off coulombcore per T03 ordering:
1. Forge + CI (T04) — repos and images no longer depend on `gitea.coulomb.social`
2. State Hub primary (T05) — cluster DB and sweep checkouts on railiance01
3. Core Hub, issue-core, Inter-Hub legacy — per T03 sequence
4. Identity + OpenBao — **last** (everything authenticates through them)
### Phoenix execution
Owner: `CUST-WP-0054-T09`, automation: `CUST-WP-0054-T08`.
| Phase | Action | Tooling |
| --- | --- | --- |
| S0 | Final inventory sweep, DNS/cert plan for `*.coulomb.social`, data archival | T09 |
| S1 | Wipe and greenfield rebuild | `NET-WP-0020` unseal + bootstrap chain |
| S2 | Join as `railiance02` | `railiance-cluster` overlay, `atm-` certs |
| S3 | Prove join-ready | Phoenix drill on disposable target first (T08) |
Longhorn distributed storage and PG streaming HA unlock once railiance01 +
railiance02 are both fleet nodes.
## Dev Environment (Files-First Beachhead)
Strategy A from the workplan; owner: `CUST-WP-0054-T07`.
```
git clone → make dev-hub → local ephemeral hub (compose)
├─ C-06 registration rebuilds workplan/task state from files
├─ offline write buffer (STATE-WP-0068) for progress/task events
└─ reconnect relay upstream; files reconcile, databases do not replicate
```
MCP config gains explicit `dev` / `fleet` profile switch. The workstation is
genuinely temporary: no fleet DB sync required for orientation.
## Dependency Register
### Workloads
| Workload | Current host | Target host | Migration owner | Method / notes |
| --- | --- | --- | --- | --- |
| State Hub API (primary) | coulombcore CNPG cluster via workstation tunnel `state-hub-primary``127.0.0.1:8000` | railiance01 | `CUST-WP-0054-T05` | `CUST-WP-0011-T07` playbook: freeze → exact-count restore → rewire |
| State Hub API (WSL2 fallback) | workstation WSL2 | retired | `CUST-WP-0011-T08/T09` → absorbed by `CUST-WP-0054-T10` | Stabilization window; not part of target architecture |
| activity-core | railiance01 k3s (`activity-core` ns) | railiance01 (retain) | — | Already on target machine; fix bridges in T02 |
| issue-core | coulombcore k3s | railiance01 | `CUST-WP-0054-T03` drain seq. | `ISSUE-WP-0003` live; emission chain fixed in T02 |
| Core Hub | coulombcore (`hub.coulomb.social`) | railiance01 | `CORE-WP-0005` + `CUST-WP-0054-T03` | Staging on coulombcore; production cutover human-gated |
| Inter-Hub (legacy Haskell) | coulombcore external | retired | `CORE-WP-0007` | Rollback-only after Core Hub cutover |
| Gitea + OCI registry | coulombcore k3s | railiance01 Forgejo | `RAIL-HO-WP-0005` / `CUST-WP-0054-T04` | Read-only mirror on coulombcore until decommission |
| OpenBao | coulombcore | railiance01 | `CUST-WP-0054-T03` (last) | NET-WP-0020 unseal automation |
| Identity stack (KeyCape, Authelia, privacyIDEA, lldap) | coulombcore | railiance01 | `CUST-WP-0054-T03` (last) | Coupled to OpenBao |
| ESO + ArgoCD control plane | coulombcore | railiance01 | `CUST-WP-0054-T03` | GitOps follows forge move |
| CNPG databases (per workload) | coulombcore / railiance01 | railiance01 per workload | `CUST-WP-0054-T03`, `CUST-WP-0054-T05` | CNPG pattern proven; migrate with workload |
| llm-connect | TBD cluster | railiance01 | near-term lanes board | `CCR-2026-0003` credential lane active |
| ops-hub (widget/evidence) | files + Inter-Hub widgets | railiance01 via Core Hub | `CUST-WP-0025`, `CUST-WP-0049` | Not blocking workstation independence |
| Temporal (activity-core) | railiance01 | railiance01 (retain) | — | Co-locate with activity-core |
| NATS (activity-core) | railiance01 | railiance01 (retain) | — | Co-locate with activity-core |
### Network tunnels (production-critical)
| Lane | Current path | Target path | Owner |
| --- | --- | --- | --- |
| activity-core → State Hub | railiance01 reverse → workstation → `state-hub-primary` → coulombcore | railiance01 `atm-` forward → railiance01 State Hub (local or short hop) | `CUST-WP-0054-T02` |
| Agents/MCP → State Hub | workstation `127.0.0.1:8000``state-hub-primary` → coulombcore | workstation `127.0.0.1:8000` → tunnel to railiance01 hub (dev client) or fleet endpoint | `CUST-WP-0054-T05` + T07 profiles |
| railiance01 automations → State Hub | `:18000` chain via workstation | railiance01-local bridge port | `CUST-WP-0054-T02` |
| activity-core → issue-core | railiance01 reverse → workstation → `issue-core-coulombcore` | railiance01 `atm-` forward → issue-core (on railiance01 post-drain) | `CUST-WP-0054-T02`, then T03 |
| Operator k3s access | workstation forwards (`k3s-api-*`) | workstation interactive (non-critical) | — |
### Repo remotes
All checked 2026-07-03; pattern is uniform:
| Repo (sample) | Current remote | Target remote | Owner |
| --- | --- | --- | --- |
| the-custodian | `gitea.coulomb.social/coulomb/the-custodian.git` | `forgejo.coulomb.social/coulomb/the-custodian.git` | `CUST-WP-0054-T04` |
| state-hub | `gitea.coulomb.social/coulomb/state-hub.git` | `forgejo.coulomb.social/coulomb/state-hub.git` | `CUST-WP-0054-T04` |
| activity-core | `gitea.coulomb.social/coulomb/activity-core.git` | `forgejo.coulomb.social/coulomb/activity-core.git` | `CUST-WP-0054-T04` |
| issue-core | `gitea.coulomb.social/coulomb/issue-core.git` | `forgejo.coulomb.social/coulomb/issue-core.git` | `CUST-WP-0054-T04` |
| ops-bridge | `gitea.coulomb.social/coulomb/ops-bridge.git` | `forgejo.coulomb.social/coulomb/ops-bridge.git` | `CUST-WP-0054-T04` |
| ops-warden | `gitea.coulomb.social/coulomb/ops-warden.git` | `forgejo.coulomb.social/coulomb/ops-warden.git` | `CUST-WP-0054-T04` |
| core-hub | `gitea.coulomb.social/coulomb/core-hub.git` | `forgejo.coulomb.social/coulomb/core-hub.git` | `CUST-WP-0054-T04` |
| *(all 74 registered repos)* | `gitea.coulomb.social/coulomb/<slug>.git` | `forgejo.coulomb.social/coulomb/<slug>.git` | `CUST-WP-0054-T04` |
### State Hub repo checkout paths
| Concern | Current | Target | Owner |
| --- | --- | --- | --- |
| `local_path` for 74 repos | `/home/worsch/<repo>` on workstation | railiance01 clone tree (e.g. `/home/tegwick/<repo>` or gitops-managed path) | `CUST-WP-0054-T05` |
| Consistency sweep writeback host | workstation (`consistency_check.py --remote` via API) | railiance01 checkouts from forge | `CUST-WP-0054-T05`, `STATE-WP-0064` |
| COULOMBCORE `host_paths` | `/home/tegwick/<repo>` (11 repos, `CUST-WP-0021`) | retired with coulombcore drain | `CUST-WP-0054-T09` |
| Multi-host path resolution | `host_paths` map per hostname | fleet-primary host only + dev-hub local | `CUST-WP-0054-T07` |
### Sink and prompt paths
| Sink / path | Current | Target | Owner |
| --- | --- | --- | --- |
| Daily triage working-memory | `/home/worsch/the-custodian/memory/working` (ActivityDefinition + PVC mount) | repo-relative or PVC-native path + sweep sync-to-repo | `CUST-WP-0054-T06` |
| Daily triage State Hub progress | cluster hub via workstation tunnel | railiance01 hub direct | `CUST-WP-0054-T02`, `T05` |
| Consistency sweep progress event | via workstation-hosted sweep | railiance01-hosted sweep | `CUST-WP-0054-T05`, `STATE-WP-0064` |
| Agent session traces (`runtime/agent.py`) | `memory/working/agent-session-*.md` on workstation | dev-hub local buffer; commit on reconnect | `CUST-WP-0054-T07` |
| `output_schema` in ActivityDefinitions | absolute paths under `/home/worsch/the-custodian/` | repo-relative resolution in activity-core | `CUST-WP-0054-T06` |
### Build and publish pipelines
| Image / artifact | Current build host | Current registry | Target build | Target registry | Owner |
| --- | --- | --- | --- | --- | --- |
| state-hub | workstation `docker build` | `gitea.coulomb.social/coulomb/state-hub` | Forgejo Actions runner on railiance01 | railiance01 forge OCI | `CUST-WP-0054-T04` |
| core-hub | workstation / railiance-forge docs | `gitea.coulomb.social/coulomb/core-hub` | CI runner | railiance01 forge OCI | `CUST-WP-0054-T04` |
| activity-core | workstation manual rebuild + scp | railiance01 k3s import / Gitea | CI on tag push | railiance01 forge OCI | `CUST-WP-0054-T04` |
| issue-core | workstation / manual | `gitea.coulomb.social/coulomb/issue-core` | CI runner | railiance01 forge OCI | `CUST-WP-0054-T04` |
| Haskell build agent | workstation VM (`haskell-build-vm`) | n/a | retired (`CORE-WP-0007`) | n/a | `CORE-WP-0007` |
Done criterion for T01: every row above has a target and migration owner. ✓
## Drain Sequence
Detailed plan: `docs/coulombcore-drain-placement-plan.md`
Freeze policy: `canon/standards/coulombcore-production-freeze_v0.1.md`
```
Wave 1 Forge + CI (T04)
Wave 2 State Hub primary (T05)
Wave 3 Core Hub (CORE-WP-0005)
Wave 4 issue-core
Wave 5 ESO / ArgoCD
Wave 6 Supporting apps
Wave 7 OpenBao + identity (LAST)
Wave 8 coulombcore phoenix → railiance02 (T09)
```
## Sequencing Map
```
T01 (this document) ✓
├─ T02 de-hub network ✓
├─ T03 placement plan / freeze ✓
│ ├─ T04 forge + CI
│ └─ T05 State Hub home on railiance01
├─ T06 sink decoupling
├─ T07 dev beachhead
└─ T08 phoenix drill
└─ T09 coulombcore → railiance02
└─ T10 workstation-off acceptance
```
## Evidence and Inventory Sources
- Live tunnel state: `bridge status` (2026-07-03)
- State Hub health: `http://127.0.0.1:8000/state/health` (cluster primary via tunnel)
- Registered repos: `GET /repos/` — 74 repos, all `local_path` under `/home/worsch/`
- `ops/service-inventory.yml` (2026-06-05; predates cluster cutover — refresh in T03)
- `docs/infrastructure-stabilization-pickup-checkpoint.md` (2026-07-03 metaplan closeout)
- Activity definitions: `activity-definitions/daily-statehub-wsjf-triage.md`,
`activity-definitions/state-hub-consistency-sweep.md`
## Open Gaps (not T01 blockers)
| Gap | Follow-on |
| --- | --- |
| Forgejo production hostname / SMTP / exposure decisions | `RAIL-HO-WP-0005-T02` (human) |
| `ops/service-inventory.yml` stale environment labels | Refresh during T03 |
| Core Hub widget-type registry prerequisite | `CORE-WP-0005-T04` |
| HA Postgres / Longhorn across 2+ nodes | `RAIL-BS-WP-0007`, `CUST-WP-0038` after railiance02 |
## Promotion to Canon
After operator review:
1. Move to `canon/architecture/adr-006-workstation-independence-fleet-roles.md`
(or equivalent ADR number).
2. Update `ops/service-inventory.yml` environment and service rows to match.
3. Link from `SCOPE.md` and `.custodian-brief.md` generation inputs.

View File

@@ -1,97 +1,82 @@
# E2E Sandbox Framework — Runbook
> **Migrated (2026-06-23):** `make e2e REPO=` and `python -m e2e_framework` now
> delegate to **wise-validator** (`validate run`) + **sand-boxer** (`sandboxer
> create`). The modules in this directory are **deprecated** and will be removed
> after one release cycle.
>
> **Canonical runbooks:**
> - [wise-validator: validate-compose-e2e](~/wise-validator/docs/runbooks/validate-compose-e2e.md)
> - [sand-boxer: profile-compose-e2e](~/sand-boxer/docs/runbooks/profile-compose-e2e.md)
---
## Prerequisites
**Workstation:**
- `ssh` + `rsync` available
- `python3` + `pyyaml` available (or `uv run`)
- State-hub running on `:8000` (for result reporting)
**Sandbox host (railiance01):**
- `validate` on PATH (`cd ~/wise-validator && make install`)
- `sandboxer` on PATH (`cd ~/sand-boxer && make install`)
- `ssh` available (BatchMode; respects `~/.ssh/config`)
- State Hub on `:8000` (optional, for result reporting)
**Sandbox host (CoulombCore / sandboxer01):**
- SSH key access
- Docker + docker compose plugin installed
- `podman-compose` or `docker compose` (`SANDBOXER_COMPOSE_CMD` on CoulombCore)
- Sufficient disk for images (~4 GB for activity-core stack)
## First run
```bash
# Set sandbox host (once, or add to ~/.bashrc / .env)
export RAILIANCE01_HOST=<ip-or-alias> # e.g. 92.205.130.254
export RAILIANCE01_USER=root # optional, default=root
export RAILIANCE01_KEY=~/.ssh/id_rsa # optional, uses ssh default otherwise
export SANDBOXER_HOST=92.205.130.254 # CoulombCore; or RAILIANCE01_HOST (legacy)
export SANDBOXER_COMPOSE_CMD=podman-compose
# From the-custodian:
make e2e REPO=activity-core
```
Output will show each step: rsync → compose up → health wait → tests → compose down.
Exit code is 0 (all passed) or 1 (any failure).
Output: sandbox create → health wait → tests → destroy. Exit 0 = pass, 1 = fail.
## Options
```bash
# Keep sandbox alive after run (for debugging)
make e2e REPO=activity-core KEEP=1
# Override host without env var
make e2e REPO=activity-core HOST=192.168.1.50
# Attach result to a specific state-hub workstream
make e2e REPO=activity-core HOST=92.205.130.254
make e2e REPO=activity-core WORKSTREAM_ID=<uuid>
make e2e REPO=activity-core NO_REPORT=1
# Skip posting to state-hub
cd the-custodian && python3 -m e2e_framework ~/activity-core --no-report
# Legacy entry (prints deprecation, delegates to validate run):
python3 -m e2e_framework ~/activity-core --host $SANDBOXER_HOST
```
## Adding a new repo
1. Create `<repo>/e2e/e2e.yml`:
```yaml
name: <repo-slug>
compose_file: docker-compose.dev.yml # or e2e/compose.yml
health_checks:
- name: <service>
url: http://localhost:<port>
timeout: 120
test_command: uv run python -m pytest e2e/tests/ -v
timeout: 300
cleanup: always
```
1. Create `<repo>/e2e/e2e.yml` (see wise-validator runbook for schema).
2. Add tests under `<repo>/e2e/tests/` or inline `test_command`.
3. Run: `make e2e REPO=<repo>` or `validate run ~/<repo>`.
2. Add `<repo>/e2e/tests/test_*.py` — test scripts that exit 0 on success.
## Verification
3. Run: `make e2e REPO=<repo>`
```bash
./scripts/verify-e2e-shim.sh
```
## Troubleshooting
**Sandbox not cleaned up:**
```bash
ssh root@$RAILIANCE01_HOST 'ls /tmp/custodian-e2e/'
ssh root@$RAILIANCE01_HOST 'docker compose ls'
# Manually clean:
ssh root@$RAILIANCE01_HOST 'docker compose -p e2e-activity-core-<id> down -v; rm -rf /tmp/custodian-e2e/<id>'
**`validate` / `sandboxer` not found:** Install wise-validator and sand-boxer CLIs.
**CoulombCore compose failures:** Set `SANDBOXER_COMPOSE_CMD=podman-compose`; use
fully qualified image names in compose files.
**Stale sandboxes:** `sandboxer inspect stale` / `sandboxer reap-stale --apply`
## Architecture (current)
```
make e2e REPO= → validate run → sandboxer create (sand-boxer)
→ health + test (wise-validator)
→ sandboxer destroy
```
**Temporal startup slow (>2 min):**
Elasticsearch takes 6090 seconds. The health check waits up to 180s.
If it times out, check:
```bash
ssh root@$RAILIANCE01_HOST 'docker logs temporal-elasticsearch | tail -20'
```
**Worker fails to start:**
Check that `uv` is installed on the sandbox host:
```bash
ssh root@$RAILIANCE01_HOST 'which uv || curl -LsSf https://astral.sh/uv/install.sh | sh'
```
**rsync excluded paths:**
`.git`, `__pycache__`, `*.pyc`, `.venv`, `node_modules` are excluded.
This means `uv sync` runs on the remote after rsync (handled by `uv run`).
## Architecture notes
- Sandbox isolation: docker compose project name `e2e-{repo}-{sandbox_id}`
- Sandbox dir: `/tmp/custodian-e2e/{sandbox_id}/`
- No port conflicts: each sandbox uses its own docker network
- Parallel runs of the same repo are safe (different sandbox_id)
Legacy `e2e-framework/sandbox.py` provision path is **not** used by `make e2e`.

View File

@@ -1,11 +1,8 @@
"""
Entry point: python -m e2e_framework <repo-path> [options]
Usage:
python -m e2e_framework ~/activity-core
python -m e2e_framework ~/activity-core --host 92.205.130.254
python -m e2e_framework ~/activity-core --host railiance01 --keep
make e2e REPO=activity-core (from the-custodian/)
DEPRECATED — delegates to `validate run` (wise-validator + sand-boxer).
Prefer: make e2e REPO=<slug> (from the-custodian/)
"""
from __future__ import annotations
@@ -14,64 +11,59 @@ import os
import sys
from pathlib import Path
from .runner import run_e2e
from .reporter import report
from .shim import run_via_validate
def main() -> None:
parser = argparse.ArgumentParser(description="Run e2e tests in a remote sandbox")
parser = argparse.ArgumentParser(
description="[DEPRECATED] Run e2e tests — delegates to validate run"
)
parser.add_argument("repo_path", help="Path to the repo containing e2e/e2e.yml")
parser.add_argument(
"--host",
default=os.environ.get("RAILIANCE01_HOST", ""),
help="Sandbox host (SSH alias or IP). Env: RAILIANCE01_HOST",
help="Sandbox host. Env: RAILIANCE01_HOST or SANDBOXER_HOST",
)
parser.add_argument(
"--user",
default=os.environ.get("RAILIANCE01_USER", "root"),
help="SSH user (default: root). Env: RAILIANCE01_USER",
help="SSH user. Env: RAILIANCE01_USER → SANDBOXER_SSH_USER",
)
parser.add_argument(
"--key",
default=os.environ.get("RAILIANCE01_KEY"),
help="Path to SSH private key. Env: RAILIANCE01_KEY",
help="SSH private key. Env: RAILIANCE01_KEY → SANDBOXER_SSH_KEY",
)
parser.add_argument(
"--keep",
action="store_true",
help="Keep sandbox after run (skip compose down + dir removal)",
help="Keep sandbox after run",
)
parser.add_argument(
"--workstream-id",
default=None,
help="State-hub workstream ID to attach the progress event to",
help="State Hub workstream ID for progress event",
)
parser.add_argument(
"--no-report",
action="store_true",
help="Skip posting results to state-hub",
help="Skip posting results to State Hub",
)
args = parser.parse_args()
if not args.host:
print("ERROR: sandbox host required. Set RAILIANCE01_HOST or pass --host.")
sys.exit(1)
repo_path = Path(args.repo_path).expanduser().resolve()
if not repo_path.exists():
print(f"ERROR: repo path does not exist: {repo_path}")
print(f"ERROR: repo path does not exist: {repo_path}", file=sys.stderr)
sys.exit(1)
result = run_e2e(
repo_path=repo_path,
host=args.host,
ssh_user=args.user,
ssh_key=args.key,
exit_code = run_via_validate(
repo_path,
host=args.host or None,
keep=args.keep,
workstream_id=args.workstream_id,
no_report=args.no_report,
ssh_user=args.user if args.user != "root" else os.environ.get("RAILIANCE01_USER"),
ssh_key=args.key,
)
if not args.no_report:
report(result, workstream_id=args.workstream_id)
sys.exit(0 if result.passed else 1)
sys.exit(exit_code)

View File

@@ -1,4 +1,10 @@
"""
DEPRECATED — provision/teardown is owned by sand-boxer (`sandboxer create`).
This module remains for one release cycle only. Do not call `Sandbox.provision()`
from new code; use sand-boxer `ext.compose-ssh` via `validate run` or
`sandboxer create --profile profile.compose-e2e`.
SSH-based sandbox: provision an isolated directory on the remote host,
rsync the repo into it, and run arbitrary commands there.
"""

80
e2e-framework/shim.py Normal file
View File

@@ -0,0 +1,80 @@
"""Delegate e2e runs to wise-validator (sand-boxer + validate run)."""
from __future__ import annotations
import os
import shutil
import subprocess
import sys
from pathlib import Path
DEPRECATION_MSG = (
"[e2e_framework] DEPRECATED: use `validate run <repo>` (wise-validator) or "
"`make e2e REPO=` from the-custodian. Provision is sand-boxer; validation is "
"wise-validator. This module will be removed after one release cycle."
)
def _resolve_host(host: str | None) -> str:
for candidate in (host, os.environ.get("SANDBOXER_HOST"), os.environ.get("RAILIANCE01_HOST")):
if candidate:
return candidate
return ""
def run_via_validate(
repo_path: Path,
*,
host: str | None = None,
keep: bool = False,
workstream_id: str | None = None,
no_report: bool = False,
ssh_user: str | None = None,
ssh_key: str | None = None,
) -> int:
"""Invoke `validate run` and return its exit code."""
print(DEPRECATION_MSG, file=sys.stderr)
validate_bin = os.environ.get("VALIDATE_BIN", "validate")
if not shutil.which(validate_bin):
print(
f"ERROR: {validate_bin} not found on PATH. "
"Install wise-validator: cd ~/wise-validator && make install",
file=sys.stderr,
)
return 1
sandboxer_bin = os.environ.get("SANDBOXER_BIN", "sandboxer")
if not shutil.which(sandboxer_bin):
print(
f"ERROR: {sandboxer_bin} not found on PATH. "
"Install sand-boxer: cd ~/sand-boxer && make install",
file=sys.stderr,
)
return 1
resolved_host = _resolve_host(host)
if not resolved_host:
print(
"ERROR: sandbox host required. Set SANDBOXER_HOST, RAILIANCE01_HOST, or --host.",
file=sys.stderr,
)
return 1
env = os.environ.copy()
env["SANDBOXER_HOST"] = resolved_host
if ssh_user:
env["SANDBOXER_SSH_USER"] = ssh_user
if ssh_key:
env["SANDBOXER_SSH_KEY"] = ssh_key
cmd = [validate_bin, "run", str(repo_path), "--host", resolved_host]
if keep:
cmd.append("--keep")
if workstream_id:
cmd.extend(["--workstream-id", workstream_id])
if no_report:
cmd.append("--no-report")
result = subprocess.run(cmd, env=env)
return result.returncode

130
history/20260621-SCOPE.md Normal file
View File

@@ -0,0 +1,130 @@
# SCOPE
> This file helps you quickly understand what this repository is about,
> when it is relevant, and when it is not.
> It is intentionally lightweight and may be incomplete.
---
## One-liner
Central cognitive infrastructure and coordination hub for seven project domains — provides governance canon and coordinates through the standalone State Hub API/MCP service.
---
## Core Idea
The Custodian repository is the **governance substrate**: canon, constitution, values, domain charters, workplans, and runtime scaffolding. The operational State Hub service (PostgreSQL + FastAPI + MCP server + Observable dashboard) now lives in the standalone `/home/worsch/state-hub` repository and acts as episodic memory and coordination layer for work across repos.
---
## In Scope
- Canon layer: governance constitution, foundational values, six domain charters/roadmaps
- Coordination through the standalone State Hub API: topics, workstreams, tasks, decisions, progress events, contributions, SBOM, goals
- MCP session protocol: use the State Hub MCP tools from registered agent sessions
- Memory: append-only episodic archive (working notes + immutable event logs)
- Agent runtime scaffolding: policies, kaizen agent copies, tool adapters
- Cross-domain coordination: dependency tracking, human-intervention flags, next-steps suggestions
- Publishing lifecycle events on NATS JetStream (`org.statehub.>`) so activity-core can react via declarative ActivityDefinitions
---
## Out of Scope
- Domain-specific implementation work (Railiance, Markitect, etc. each own their repos)
- Financial/legal transactions or external publication
- Storing plaintext credentials
- Direct writes to `canon/` without a human-approved review gate
- State Hub implementation work; use `/home/worsch/state-hub`
- Maintenance task *creation* in response to lifecycle events — that responsibility lives in activity-core (see `/home/worsch/state-hub/docs/activity-core-delegation.md`). The state hub remains a **read model**, not a task factory.
---
## Relevant When
- Starting or closing any session in a registered domain repo (orientation via `get_domain_summary()`)
- Tracking cross-domain decisions, blockers, or workplan progress
- Registering a new project into the ecosystem (`make register-project`)
- Consulting governance rules or domain charters
- Running the standalone State Hub API locally for MCP connectivity
---
## Not Relevant When
- Implementing single-domain features (stay in the domain repo)
- Working fully offline with no need for state coordination
- Non-custodian ecosystem work (standalone projects, throw-away scripts)
---
## Current State
- Status: active
- Implementation: ~60% — canon + standalone State Hub operational; RAG/drafting pipelines (Phase 2) not yet started
- Stability: stable (versioned Alembic migrations; no breaking API changes since v0.3)
- Usage: running daily; 15+ active workstreams across 6 domains; MCP server active in Claude Code
---
## How It Fits
- Upstream dependencies: none (sits at the top of the dependency order)
- Downstream consumers: all six domains (railiance → markitect → coulomb.social → personhood/foerster → custodian); **activity-core** consumes state hub lifecycle events on NATS subject `org.statehub.>` to drive maintenance ActivityDefinitions
- Often used with: kaizen-agentic (agent definitions), ops-bridge (remote tunnel connectivity), activity-core (task factory + event bridge)
---
## Terminology
- Preferred terms: canon, workstream, topic, progress event, domain
- Also known as: "the hub", "state hub"
- Potentially confusing terms: "topic" = domain-level grouping (not a chat topic); "decision" = tracked choice point with escalation rules
---
## Related / Overlapping
- `kaizen-agentic` — specialized agent personas callable via MCP from any domain session
- `ops-bridge` — SSH tunnel manager keeping remote agents connected to this hub
- `activity-core` — event-driven task factory tracked as a custodian-domain workstream
---
## Getting Oriented
- Start with: `CLAUDE.md` (session protocol) + `README.md` (architecture overview)
- Key files / directories: `canon/` (governance), `workplans/` (active Custodian work), `state-hub/` (pointer), `/home/worsch/state-hub/mcp_server/TOOLS.md` (tool reference)
- Entry points: `cd /home/worsch/state-hub && make api` (API); Codex/Claude Code with state-hub MCP registered
---
## Provided Capabilities
```capability
type: api
title: MCP tool registration
description: Register and expose new MCP tools to all Claude Code sessions via the state-hub server.
keywords: [mcp, tool, api, registration, server]
```
```capability
type: data
title: Cross-domain state tracking
description: Track workstreams, tasks, decisions, and progress events across all seven project domains.
keywords: [state, tracking, workstream, task, decision, progress]
```
```capability
type: api
title: SBOM and licence reporting
description: Ingest lockfiles from any repo and provide aggregated SBOM and copyleft licence risk reports.
keywords: [sbom, licence, license, dependency, lockfile, copyleft]
```
---
## Notes
Dependency order for domain sequencing: Railiance → Markitect → Coulomb.social → Personhood/Foerster → Custodian. The consistency checker (`cd /home/worsch/state-hub && make fix-consistency REPO=the-custodian`) must be run after any workplan changes to keep the dashboard accurate.

View File

@@ -15,11 +15,37 @@ sync:
--exclude='*.o' --exclude='*.hi' \
$(PROJECT)/ $(VM):$(RDIR)/
# Run cabal build on VM after sync
# Run cabal build on VM — prefers sand-boxer workspace (SAND-WP-0012 shim)
.PHONY: remote-build
remote-build: sync
remote-build:
@if command -v sandboxer >/dev/null 2>&1; then \
$(MAKE) remote-build-sandboxer; \
else \
echo "WARN: sandboxer not on PATH — using legacy rsync-only path" >&2; \
$(MAKE) remote-build-legacy; \
fi
# Legacy rsync + ssh (deprecated — install sand-boxer for isolated workspaces)
.PHONY: remote-build-legacy
remote-build-legacy: sync
ssh $(VM) "cd $(RDIR) && source ~/.ghcup/env && cabal build all 2>&1"
.PHONY: remote-build-sandboxer
remote-build-sandboxer:
@set -euo pipefail; \
STATUS=$$(sandboxer create \
--profile profile.vm-haskell-build \
--input vm=$(VM) \
--input repo=$(PROJECT) \
--actor agt \
--project the-custodian \
--host localhost); \
ID=$$(echo "$$STATUS" | python3 -c "import sys,json; print(json.load(sys.stdin)['sandbox_id'])"); \
RDIR=$$(echo "$$STATUS" | python3 -c "import sys,json; r=json.load(sys.stdin).get('reachability') or {}; print(r.get('remote_dir',''))"); \
test -n "$$RDIR"; \
ssh $(VM) "cd $$RDIR && source ~/.ghcup/env && cabal build all 2>&1"; \
sandboxer destroy "$$ID"
# Run tests on VM
.PHONY: remote-test
remote-test: sync

View File

@@ -75,7 +75,7 @@ ssh haskell-build # should connect via tunnel
## Using the VM
```bash
# Build a Haskell project remotely
# Build a Haskell project remotely (prefers sand-boxer workspace when installed)
make remote-build PROJECT=~/projects/my-app
# Run tests

View File

@@ -0,0 +1,26 @@
#!/usr/bin/env bash
# Install fleet-mesh systemd user units on railiance01 (CUST-WP-0054-T02).
set -euo pipefail
REMOTE="${1:-railiance01}"
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
ssh "$REMOTE" 'mkdir -p ~/.config/bridge ~/.config/systemd/user ~/.ssh'
scp "$SCRIPT_DIR/railiance01-tunnels.yaml" "$REMOTE:~/.config/bridge/tunnels.yaml"
scp "$SCRIPT_DIR/systemd/"*.service "$REMOTE:~/.config/systemd/user/"
scp "${HOME}/.ssh/id_ops" "${HOME}/.ssh/id_ops.pub" "$REMOTE:~/.ssh/"
ssh "$REMOTE" 'chmod 600 ~/.ssh/id_ops ~/.config/bridge/tunnels.yaml'
ssh "$REMOTE" 'sudo loginctl enable-linger tegwick 2>/dev/null || true'
ssh "$REMOTE" bash -s <<'EOF'
set -euo pipefail
systemctl --user daemon-reload
systemctl --user enable --now fleet-state-hub-coulombcore.service
systemctl --user enable --now fleet-issue-core-coulombcore.service
sleep 2
curl -sf http://127.0.0.1:18000/state/health
curl -sf http://127.0.0.1:18765/healthz
systemctl --user --no-pager status fleet-state-hub-coulombcore.service fleet-issue-core-coulombcore.service
EOF
echo "Fleet mesh tunnels active on $REMOTE"

View File

@@ -0,0 +1,50 @@
# Fleet-owned production tunnels on railiance01 (CUST-WP-0054-T02).
# Install to: ~/.config/bridge/tunnels.yaml on railiance01
#
# Replaces workstation reverse tunnels state-hub-railiance01 and
# issue-core-railiance01 with machine-local forward tunnels through coulombcore.
#
# activity-core (2026-07-06 Phase 3): STATE_HUB_URL is in-cluster; fleet-state-hub
# coulombcore retired. issue-core bridge still uses :18765 below.
tunnels:
fleet-state-hub-coulombcore:
host: 92.205.130.254
remote_port: 8000
local_port: 18000
direction: local
remote_host: 10.43.170.94
ssh_user: tegwick
ssh_key: ~/.ssh/id_ops
actor: atm-fleet-mesh
health_check:
url: http://127.0.0.1:18000/state/health
interval_seconds: 30
timeout_seconds: 5
reconnect:
max_attempts: 0
backoff_initial: 5
backoff_max: 60
fleet-issue-core-coulombcore:
host: 92.205.130.254
remote_port: 8765
local_port: 18765
direction: local
remote_host: 10.43.103.154
ssh_user: tegwick
ssh_key: ~/.ssh/id_ops
actor: atm-fleet-mesh
health_check:
url: http://127.0.0.1:18765/healthz
interval_seconds: 30
timeout_seconds: 5
reconnect:
max_attempts: 0
backoff_initial: 5
backoff_max: 60
actors:
atm-fleet-mesh:
class: atm
description: Railiance01 fleet mesh — direct production lanes to coulombcore cluster services

View File

@@ -0,0 +1,21 @@
[Unit]
Description=Fleet mesh issue-core forward tunnel (railiance01 to coulombcore cluster)
After=network-online.target
Wants=network-online.target
StartLimitIntervalSec=0
[Service]
Type=simple
ExecStart=/usr/bin/ssh -N \
-L 127.0.0.1:18765:10.43.103.154:8765 \
-i /home/tegwick/.ssh/id_ops \
-o ServerAliveInterval=10 \
-o ServerAliveCountMax=3 \
-o ExitOnForwardFailure=yes \
-o StrictHostKeyChecking=accept-new \
tegwick@92.205.130.254
Restart=always
RestartSec=5
[Install]
WantedBy=default.target

View File

@@ -0,0 +1,21 @@
[Unit]
Description=Fleet mesh State Hub forward tunnel (railiance01 to coulombcore cluster)
After=network-online.target
Wants=network-online.target
StartLimitIntervalSec=0
[Service]
Type=simple
ExecStart=/usr/bin/ssh -N \
-L 127.0.0.1:18000:10.43.170.94:8000 \
-i /home/tegwick/.ssh/id_ops \
-o ServerAliveInterval=10 \
-o ServerAliveCountMax=3 \
-o ExitOnForwardFailure=yes \
-o StrictHostKeyChecking=accept-new \
tegwick@92.205.130.254
Restart=always
RestartSec=5
[Install]
WantedBy=default.target

View File

@@ -0,0 +1,175 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 99d67d71-8729-5036-b067-ca05ccf41751
instruction_id: daily-triage-report
scheduled_for: 2026-06-05T17:23:04.606642+00:00
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: f0a4fa2d81d08391bf07ca73a6df8916c07c9baf270e33040c989cea7523d725
created: 2026-06-05T17:23:29.040451+00:00
---
# Daily State Hub WSJF Triage - 2026-06-05
High-priority ops-hub establishment blocked on human decisions; multiple infrastructure migrations ready for automation; recommend focusing on unblocking foundational systems first
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "hf-wp-0001",
"confidence": "high",
"rank": 1,
"why": "Critical ops-hub establishment blocked with 5 human-needed tasks in wait status",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 5,
"risk_reduction": 4,
"score": 9.5,
"strategic_value": 5,
"time_criticality": 5
}
},
{
"action": "work-next",
"candidate": "cust-wp-0011",
"confidence": "high",
"rank": 2,
"why": "State Hub migration in progress with clear next steps, no blockers",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 7.6,
"strategic_value": 4,
"time_criticality": 5
}
},
{
"action": "work-next",
"candidate": "ihub-wp-0018",
"confidence": "high",
"rank": 3,
"why": "Railiance01 deployment has actionable todo tasks ready for automation",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 6.8,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "medium",
"rank": 4,
"why": "Forgejo migration has high-priority human decisions needed for T02",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 5.0,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "split",
"candidate": "cust-wp-0025",
"confidence": "medium",
"rank": 5,
"why": "FOS Hub Bootstrap has 25 todo tasks - too large, should be decomposed",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 3.8,
"strategic_value": 4,
"time_criticality": 2
}
},
{
"action": "park",
"candidate": "cust-wp-0038",
"confidence": "high",
"rank": 6,
"why": "HA migration should wait until basic State Hub migration completes",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 3.2,
"strategic_value": 3,
"time_criticality": 1
}
},
{
"action": "needs-cross-agent",
"candidate": "railiance-wp-0004",
"confidence": "medium",
"rank": 7,
"why": "Package registry publication depends on Gitea/Forgejo infrastructure decisions",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 2,
"score": 3.0,
"strategic_value": 2,
"time_criticality": 2
}
},
{
"action": "needs-consistency-sync",
"candidate": "issue-wp-0002",
"confidence": "medium",
"rank": 8,
"why": "Blocked status conflicts with railiance-wp-0004 dependency chain",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 2,
"score": 2.7,
"strategic_value": 2,
"time_criticality": 2
}
},
{
"action": "revisit",
"candidate": "activity-wp-0006",
"confidence": "low",
"rank": 9,
"why": "Single wait task with medium priority - check if conditions met",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 2,
"score": 2.5,
"strategic_value": 2,
"time_criticality": 1
}
},
{
"action": "revisit",
"candidate": "rail-fab-wp-0023",
"confidence": "low",
"rank": 10,
"why": "Single wait task for UI improvement - verify completion conditions",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 1,
"risk_reduction": 1,
"score": 2.0,
"strategic_value": 1,
"time_criticality": 1
}
}
],
"summary": "High-priority ops-hub establishment blocked on human decisions; multiple infrastructure migrations ready for automation; recommend focusing on unblocking foundational systems first"
}
```

View File

@@ -0,0 +1,175 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 1e00affe-5389-5f94-875e-dc84e432f4b8
instruction_id: daily-triage-report
scheduled_for: 2026-06-06T13:07:50.393977+00:00
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 99621c25747a03cebd27b5c9540d9012d473ec7772df7f8e5143904abdedc32b
created: 2026-06-06T13:08:25.268978+00:00
---
# Daily State Hub WSJF Triage - 2026-06-06
11 active workstreams with critical ops-hub establishment blocked on human decisions. High-priority infrastructure migrations ready for execution while foundational systems await manual intervention.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "hf-wp-0001",
"confidence": "high",
"rank": 1,
"why": "5 high-priority tasks waiting for human decisions to establish ops-hub foundation",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 5,
"risk_reduction": 5,
"score": 10.0,
"strategic_value": 5,
"time_criticality": 5
}
},
{
"action": "work-next",
"candidate": "cust-wp-0011",
"confidence": "high",
"rank": 2,
"why": "State Hub migration in progress with clear next steps and no blockers",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 5,
"risk_reduction": 5,
"score": 9.5,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "high",
"rank": 3,
"why": "Forgejo migration requires human decisions on production design",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 7.7,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-cross-agent",
"candidate": "cust-wp-0047",
"confidence": "medium",
"rank": 4,
"why": "Ops Hub widgets waiting on Inter-Hub activation coordination",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 7.5,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-cross-agent",
"candidate": "ihub-wp-0018",
"confidence": "medium",
"rank": 5,
"why": "Railiance01 deployment has dependencies across multiple systems",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 6.7,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "agentic-wp-0001",
"confidence": "high",
"rank": 6,
"why": "Ready status with clear todo tasks for State Hub integration",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 6.0,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "park",
"candidate": "cust-wp-0038",
"confidence": "high",
"rank": 7,
"why": "HA migration should wait until basic State Hub migration completes",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 5.0,
"strategic_value": 4,
"time_criticality": 2
}
},
{
"action": "park",
"candidate": "cust-wp-0025",
"confidence": "medium",
"rank": 8,
"why": "25 todo tasks indicate scope too large, should be split after core systems stable",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 3.6,
"strategic_value": 3,
"time_criticality": 2
}
},
{
"action": "revisit",
"candidate": "activity-wp-0006",
"confidence": "low",
"rank": 9,
"why": "Single waiting task needs status check for operational hardening",
"wsjf": {
"job_size": 1,
"opportunity_enablement": 3,
"risk_reduction": 2,
"score": 3.0,
"strategic_value": 2,
"time_criticality": 2
}
},
{
"action": "close-out",
"candidate": "ihub-wp-0010",
"confidence": "high",
"rank": 10,
"why": "No open tasks remaining, appears complete",
"wsjf": {
"job_size": 1,
"opportunity_enablement": 1,
"risk_reduction": 1,
"score": 2.0,
"strategic_value": 1,
"time_criticality": 1
}
}
],
"summary": "11 active workstreams with critical ops-hub establishment blocked on human decisions. High-priority infrastructure migrations ready for execution while foundational systems await manual intervention."
}
```

View File

@@ -0,0 +1,30 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: a7447a71-6a82-5207-b4f5-d823f226ef91
instruction_id: daily-triage-report
scheduled_for: None
output_validated: false
review_required: true
model: custodian-triage-balanced
prompt_hash: d7f3116370cb01ff29e5dc68152ee087388f0a1d0656bf90ad8c809abc4293d5
created: 2026-06-06T07:12:09.570973+00:00
---
# Daily State Hub WSJF Triage - 2026-06-06
Instruction daily-triage-report produced output that failed validation; partial output was preserved for operator review.
Validation error:
`Expecting value: line 1 column 1 (char 0)`
```json
{
"raw_output_preview": "```json\n{\n \"summary\": \"11 active workstreams with 74 open tasks. High-priority ops-hub establishment blocked on human decisions. Infrastructure migrations progressing but need coordination.\",\n \"recommendations\": [\n {\n \"rank\": 1,\n \"candidate\": \"hf-wp-0001\",\n \"action\": \"needs-human\",\n \"why\": \"5 high-priority tasks waiting for human decisions to establish ops-hub foundation\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 9.5,\n \"strategic_value\": 5,\n \"time_criticality\": 5,\n \"risk_reduction\": 4,\n \"opportunity_enablement\": 5,\n \"job_size\": 2\n }\n },\n {\n \"rank\": 2,\n \"candidate\": \"cust-wp-0047\",\n \"action\": \"work-next\",\n \"why\": \"High-priority ops-hub service inventory with minimal blockers\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 9.0,\n \"strategic_value\": 4,\n \"time_criticality\": 4,\n \"risk_reduction\": 4,\n \"opportunity_enablement\": 6,\n \"job_size\": 2\n }\n },\n {\n \"rank\": 3,\n \"candidate\": \"rail-ho-wp-0005\",\n \"action\": \"needs-human\",\n \"why\": \"4 tasks need human decisions for Forgejo production migration\",\n \"confidence\": \"medium\",\n \"wsjf\": {\n \"score\": 6.0,\n \"strategic_value\": 4,\n \"time_criticality\": 3,\n \"risk_reduction\": 5,\n \"opportunity_enablement\": 3,\n \"job_size\": 3\n }\n },\n {\n \"rank\": 4,\n \"candidate\": \"cust-wp-0011\",\n \"action\": \"work-next\",\n \"why\": \"State Hub migration in progress with clear next steps\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 5.7,\n \"strategic_value\": 4,\n \"time_criticality\": 4,\n \"risk_reduction\": 4,\n \"opportunity_enablement\": 5,\n \"job_size\": 3\n }\n },\n {\n \"rank\": 5,\n \"candidate\": \"ihub-wp-0018\",\n \"action\": \"needs-cross-agent\",\n \"why\": \"Railiance01 deployment has dependencies across multiple domains\",\n \"confidence\": \"medium\",\n \"wsjf\": {\n \"score\": 5.3,\n \"strategic_value\": 4,\n \"time_criticality\": 3,\n \"risk_reduction\": 4,\n \"opportunity_enablement\": 5,\n \"job_size\": 3\n }\n },\n {\n \"rank\": 6,\n \"candidate\": \"agentic-wp-0001\",\n \"action\": \"work-next\",\n \"why\": \"Ready status with clear todo tasks for State Hub integration\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 5.0,\n \"strategic_value\": 3,\n \"time_criticality\": 2,\n \"risk_reduction\": 3,\n \"opportunity_enablement\": 4,\n \"job_size\": 2\n }\n },\n {\n \"rank\": 7,\n \"candidate\": \"cust-wp-0025\",\n \"action\": \"split\",\n \"why\": \"25 todo tasks suggest workplan is too large for effective management\",\n \"confidence\": \"medium\",\n \"wsjf\": {\n \"score\": 3.6,\n \"strategic_value\": 4,\n \"time_criticality\": 2,\n \"risk_reduction\": 3,\n \"opportunity_enablement\": 4,\n \"job_size\": 5\n }\n },\n {\n \"rank\": 8,\n \"candidate\": \"cust-wp-0038\",\n \"action\": \"park\",\n \"why\": \"HA migration should wait until basic State Hub migration completes\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 3.2,\n \"strategic_value\": 3,\n \"time_criticality\": 1,\n \"risk_reduction\": 4,\n \"opportunity_enablement\": 3,\n \"job_size\": 4\n }\n },\n {\n \"rank\": 9,\n \"candidate\": \"activity-wp-0006\",\n \"action\": \"revisit\",\n \"why\": \"Single waiting task needs status check for operational hardening\",\n \"confidence\": \"low\",\n \"wsjf\": {\n \"score\": 3.0,\n \"strategic_value\": 2,\n \"time_criticality\": 1,\n \"risk_reduction\": 3,\n \"opportunity_enablement\": 3,\n \"job_size\": 1\n }\n },\n {\n \"rank\": 10,\n \"candidate\": \"ihub-wp-0010\",\n \"action\": \"close-out\",\n \"why\": \"No open tasks remaining in external API workplan\",\n \"confidence\": \"high\",\n ",
"status": "validation_failed",
"summary": "Instruction daily-triage-report produced output that failed validation; partial output was preserved for operator review.",
"validation_error": "Expecting value: line 1 column 1 (char 0)"
}
```

View File

@@ -0,0 +1,175 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: c2db32e5-3874-522f-ae1f-9b2cdf307fd2
instruction_id: daily-triage-report
scheduled_for: 2026-06-06T13:23:30.903196+00:00
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 5785bba76a223965cdcda27c9eff0c70a6dfe358b51989455fbb47e1ccd94dc0
created: 2026-06-06T13:23:49.608650+00:00
---
# Daily State Hub WSJF Triage - 2026-06-06
High-priority ops-hub establishment blocked on human decisions; infrastructure migrations progressing; recommend focusing on unblocking wait states and completing foundational deployments
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "hf-wp-0001",
"confidence": "high",
"rank": 1,
"why": "Critical ops-hub establishment blocked with 5 human-needed tasks in wait state",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 3,
"risk_reduction": 5,
"score": 9.0,
"strategic_value": 5,
"time_criticality": 5
}
},
{
"action": "work-next",
"candidate": "cust-wp-0011",
"confidence": "high",
"rank": 2,
"why": "State Hub migration in progress with clear next steps, foundational for other workstreams",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 6.0,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "high",
"rank": 3,
"why": "Forgejo migration has 4 human-needed tasks, critical for development infrastructure",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 5.7,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "ihub-wp-0018",
"confidence": "medium",
"rank": 4,
"why": "Railiance01 deployment progressing with actionable todo tasks",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 5.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "needs-cross-agent",
"candidate": "cust-wp-0047",
"confidence": "medium",
"rank": 5,
"why": "Ops Hub widgets blocked on Inter-Hub activation, needs coordination",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 4,
"risk_reduction": 2,
"score": 4.5,
"strategic_value": 3,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "agentic-wp-0001",
"confidence": "medium",
"rank": 6,
"why": "Ready status with clear todo tasks for State Hub integration",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 5,
"risk_reduction": 3,
"score": 4.3,
"strategic_value": 3,
"time_criticality": 2
}
},
{
"action": "split",
"candidate": "cust-wp-0025",
"confidence": "high",
"rank": 7,
"why": "Large workstream with 25 todo tasks, should be broken into smaller chunks",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 3.6,
"strategic_value": 4,
"time_criticality": 2
}
},
{
"action": "park",
"candidate": "cust-wp-0038",
"confidence": "medium",
"rank": 8,
"why": "HA migration should wait until basic State Hub migration completes",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 2.6,
"strategic_value": 2,
"time_criticality": 1
}
},
{
"action": "revisit",
"candidate": "activity-wp-0006",
"confidence": "low",
"rank": 9,
"why": "Single wait task for calibration feedback, check if conditions are met",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 2,
"risk_reduction": 1,
"score": 2.5,
"strategic_value": 2,
"time_criticality": 2
}
},
{
"action": "close-out",
"candidate": "ihub-wp-0010",
"confidence": "high",
"rank": 10,
"why": "No open tasks remaining, appears complete",
"wsjf": {
"job_size": 1,
"opportunity_enablement": 1,
"risk_reduction": 1,
"score": 2.0,
"strategic_value": 1,
"time_criticality": 1
}
}
],
"summary": "High-priority ops-hub establishment blocked on human decisions; infrastructure migrations progressing; recommend focusing on unblocking wait states and completing foundational deployments"
}
```

View File

@@ -0,0 +1,29 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 7d8036ee-b0c1-5e94-b07e-1a23cf1c83f7
instruction_id: daily-triage-report
scheduled_for: None
output_validated: false
review_required: true
model: custodian-triage-balanced
prompt_hash:
created: 2026-06-16T05:20:10.402106+00:00
---
# Daily State Hub WSJF Triage - 2026-06-16
Instruction daily-triage-report could not run; operator review is required.
Validation error:
`LLM_CONNECT_URL is not configured`
```json
{
"status": "execution_failed",
"summary": "Instruction daily-triage-report could not run; operator review is required.",
"validation_error": "LLM_CONNECT_URL is not configured"
}
```

View File

@@ -0,0 +1,29 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: d28fe4bf-37f0-5b4d-b8fa-2a6f32ae28f5
instruction_id: daily-triage-report
scheduled_for: None
output_validated: false
review_required: true
model: custodian-triage-balanced
prompt_hash:
created: 2026-06-17T05:20:08.544302+00:00
---
# Daily State Hub WSJF Triage - 2026-06-17
Instruction daily-triage-report could not run; operator review is required.
Validation error:
`LLM_CONNECT_URL is not configured`
```json
{
"status": "execution_failed",
"summary": "Instruction daily-triage-report could not run; operator review is required.",
"validation_error": "LLM_CONNECT_URL is not configured"
}
```

View File

@@ -0,0 +1,29 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 32fc1286-a3b7-5248-9b14-476a1ab3ae0d
instruction_id: daily-triage-report
scheduled_for: None
output_validated: false
review_required: true
model: custodian-triage-balanced
prompt_hash:
created: 2026-06-18T05:20:08.220681+00:00
---
# Daily State Hub WSJF Triage - 2026-06-18
Instruction daily-triage-report could not run; operator review is required.
Validation error:
`LLM_CONNECT_URL is not configured`
```json
{
"status": "execution_failed",
"summary": "Instruction daily-triage-report could not run; operator review is required.",
"validation_error": "LLM_CONNECT_URL is not configured"
}
```

View File

@@ -0,0 +1,29 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 96919365-c608-55c1-8aeb-d165d71c342d
instruction_id: daily-triage-report
scheduled_for: None
output_validated: false
review_required: true
model: custodian-triage-balanced
prompt_hash:
created: 2026-06-18T06:07:49.563454+00:00
---
# Daily State Hub WSJF Triage - 2026-06-18
Instruction daily-triage-report could not run; operator review is required.
Validation error:
`LLM_CONNECT_URL is not configured`
```json
{
"status": "execution_failed",
"summary": "Instruction daily-triage-report could not run; operator review is required.",
"validation_error": "LLM_CONNECT_URL is not configured"
}
```

View File

@@ -0,0 +1,40 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 04e7f289-53cb-55f5-9048-dc52ac0f4e1e
instruction_id: daily-triage-report
scheduled_for: 2026-06-19T12:00:50.354196+00:00
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 269e2e2093cc4703fe57bf7d33bb699471b13a1438ef6ceb1209525d9421cfab
created: 2026-06-19T12:00:56.799338+00:00
---
# Daily State Hub WSJF Triage - 2026-06-19
No active workstreams or inbox items to triage. The system is currently idle.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "system_idle_check",
"confidence": "high",
"rank": 1,
"why": "The digest indicates no active workstreams, inbox items, or next steps. This suggests the system is idle or there might be an issue with data ingestion. A human review is needed to confirm the operational status and identify potential missing data sources or processing issues.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 5.0,
"strategic_value": 4,
"time_criticality": 3
}
}
],
"summary": "No active workstreams or inbox items to triage. The system is currently idle."
}
```

View File

@@ -0,0 +1,175 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 67329161-90de-563b-b28e-f890a777f124
instruction_id: daily-triage-report
scheduled_for: 2026-06-19T13:35:33.177300+00:00
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 1147e4ad7b383004ea398ad91fdb51212ce2e03b1b27bd7a1d1d83ed792085c2
created: 2026-06-19T13:35:45.735439+00:00
---
# Daily State Hub WSJF Triage - 2026-06-19
Triage report focusing on high-priority workstreams with human dependencies and critical infrastructure migrations.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "hf-wp-0001",
"confidence": "high",
"rank": 1,
"why": "This workstream is critical for establishing ops-hub as the first VSM Inter-Hub Extension and has two high-priority tasks waiting on human input for API consumer creation and hardening.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 5,
"risk_reduction": 4,
"score": 5.0,
"strategic_value": 5,
"time_criticality": 5
}
},
{
"action": "needs-human",
"candidate": "ihub-wp-0022",
"confidence": "high",
"rank": 2,
"why": "This workstream is essential for Ops Hub Evidence Intake and has a high-priority task waiting on human input to provision the runtime API key.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 5,
"risk_reduction": 4,
"score": 4.8,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0049",
"confidence": "high",
"rank": 3,
"why": "This workstream is crucial for Inter-Hub Bootstrap Access Lane and has a high-priority task waiting on human input to execute the live Ops-Hub Bootstrap.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 5,
"risk_reduction": 4,
"score": 4.8,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "hf-wp-0002",
"confidence": "high",
"rank": 4,
"why": "This workstream aims to expose the OpenBao Browser UI and has a high-priority task waiting on human input to add the UI Redirect URI.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 5,
"risk_reduction": 4,
"score": 4.5,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "adhoc-2026-06-15",
"confidence": "high",
"rank": 5,
"why": "This ad-hoc workstream addresses production fixes for Inter-Hub and has a high-priority task waiting on human input to fix COUNT decode failures.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 1,
"risk_reduction": 5,
"score": 4.5,
"strategic_value": 5,
"time_criticality": 5
}
},
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "medium",
"rank": 6,
"why": "The Forgejo Production Migration has multiple human-dependent tasks, including resolving design decisions, which are critical for this infrastructure migration.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 4.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "activity-wp-0006",
"confidence": "medium",
"rank": 7,
"why": "The 'Post-triage operational hardening' workstream has a task awaiting human feedback for calibration, which is important for system stability.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 2,
"risk_reduction": 5,
"score": 3.7,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0047",
"confidence": "high",
"rank": 8,
"why": "This workstream is ready to activate Ops-Hub Widgets in Inter-Hub, which is a key step for the 'Ops Hub Service Inventory Now View'.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 3.5,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0011",
"confidence": "high",
"rank": 9,
"why": "The Pragmatic State Hub Migration to railiance01 is in progress with tasks to build and push the container image, and deploy to the cluster. This is a critical infrastructure migration.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 2,
"risk_reduction": 4,
"score": 3.5,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "cust-wp-0025",
"confidence": "medium",
"rank": 10,
"why": "The FOS Hub Bootstrap is a large, strategic initiative with many tasks, including refactoring state-hub. Progress on this is important for future hub extraction.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 3.0,
"strategic_value": 5,
"time_criticality": 3
}
}
],
"summary": "Triage report focusing on high-priority workstreams with human dependencies and critical infrastructure migrations."
}
```

View File

@@ -0,0 +1,40 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 955c9bb2-bb86-5e5a-8c86-849ee947e783
instruction_id: daily-triage-report
scheduled_for: 2026-06-19T12:00:49.968164+00:00
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 269e2e2093cc4703fe57bf7d33bb699471b13a1438ef6ceb1209525d9421cfab
created: 2026-06-19T12:00:52.563488+00:00
---
# Daily State Hub WSJF Triage - 2026-06-19
No immediate actionable items identified from the digest. The system is operating as expected with no unread inbox items or open workstreams.
```json
{
"recommendations": [
{
"action": "revisit",
"candidate": "system_monitoring",
"confidence": "high",
"rank": 1,
"why": "The digest indicates no immediate issues or pending tasks. Revisit system monitoring to ensure continued stability and to catch any emerging patterns not yet flagged.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 4,
"score": 4.0,
"strategic_value": 3,
"time_criticality": 3
}
}
],
"summary": "No immediate actionable items identified from the digest. The system is operating as expected with no unread inbox items or open workstreams."
}
```

View File

@@ -0,0 +1,29 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: ffa9f633-5f1d-5737-819d-bcb83454a9a6
instruction_id: daily-triage-report
scheduled_for: None
output_validated: false
review_required: true
model: custodian-triage-balanced
prompt_hash:
created: 2026-06-19T05:20:08.459343+00:00
---
# Daily State Hub WSJF Triage - 2026-06-19
Instruction daily-triage-report could not run; operator review is required.
Validation error:
`LLM_CONNECT_URL is not configured`
```json
{
"status": "execution_failed",
"summary": "Instruction daily-triage-report could not run; operator review is required.",
"validation_error": "LLM_CONNECT_URL is not configured"
}
```

View File

@@ -0,0 +1,85 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 6f635297-e253-5f1f-ac6a-3b1f68b68ff7
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 269e2e2093cc4703fe57bf7d33bb699471b13a1438ef6ceb1209525d9421cfab
created: 2026-06-20T05:20:04.034187+00:00
---
# Daily State Hub WSJF Triage - 2026-06-20
No immediate actionable items identified from the digest. The system indicates a future mode for high-gain, high-effort candidates, suggesting a need for more data or a shift in operational focus.
```json
{
"recommendations": [
{
"action": "revisit",
"candidate": "future_mode:code_score_high_gain_high_effort_candidates",
"confidence": "medium",
"rank": 1,
"why": "The system is configured for a 'future mode' focusing on high-gain, high-effort candidates. This suggests a strategic shift or a need for more data to identify such candidates. Revisit to understand the implications and next steps for this mode.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 4.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "inbox",
"confidence": "high",
"rank": 2,
"why": "The inbox shows 0 unread items and no samples. While this might indicate a clean slate, it's unusual for an active system. A human review is needed to confirm if this is expected or if there's an issue with data ingestion or display.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 4,
"score": 3.0,
"strategic_value": 2,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "open_workstreams",
"confidence": "high",
"rank": 3,
"why": "The 'open_workstreams' field is empty. This could mean there are no active workstreams, or there's a data collection issue. A human needs to verify the expected state of open workstreams.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 2.7,
"strategic_value": 2,
"time_criticality": 2
}
},
{
"action": "needs-human",
"candidate": "next_steps",
"confidence": "high",
"rank": 4,
"why": "The 'next_steps' field is empty. This could indicate a lack of defined actions or a data collection issue. A human needs to verify if there should be any pending next steps.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 2.7,
"strategic_value": 2,
"time_criticality": 2
}
}
],
"summary": "No immediate actionable items identified from the digest. The system indicates a future mode for high-gain, high-effort candidates, suggesting a need for more data or a shift in operational focus."
}
```

View File

@@ -0,0 +1,175 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 3700a339-9e06-5dfc-9fdc-ef2293fbe331
instruction_id: daily-triage-report
scheduled_for: 2026-06-21T15:58:14.460564+00:00
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 79ec9692595f29451c293eb66a41a01a844e8d3314c1fe5d1e7914c33841bff0
created: 2026-06-21T15:58:36.880459+00:00
---
# Daily State Hub WSJF Triage - 2026-06-21
Triage report for Daily State Hub WSJF, focusing on high-priority workstreams with human intervention or critical dependencies.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "IHUB-WP-0022",
"confidence": "high",
"rank": 1,
"why": "This workstream has a high planning priority and a critical task ('Provision the runtime API key outside Git') that requires human intervention to unblock. It's a key dependency for Ops Hub Evidence Intake.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 5,
"risk_reduction": 4,
"score": 4.5,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "CUST-WP-0049",
"confidence": "high",
"rank": 2,
"why": "This workstream is high priority and has a single, critical 'wait' task requiring human execution ('Execute Live Ops-Hub Bootstrap'). Unblocking this will enable Inter-Hub functionality.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 2,
"risk_reduction": 4,
"score": 4.0,
"strategic_value": 5,
"time_criticality": 5
}
},
{
"action": "needs-human",
"candidate": "RAIL-HO-WP-0005",
"confidence": "high",
"rank": 3,
"why": "This workstream has 4 tasks requiring human intervention, including resolving Forgejo production design decisions. This is a critical migration for the railiance infrastructure.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 2,
"risk_reduction": 5,
"score": 3.8,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "ACTIVITY-WP-0006",
"confidence": "medium",
"rank": 4,
"why": "This workstream has a 'wait' task ('Three-Run Calibration Feedback') requiring human input, which is important for operational hardening post-triage.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 5,
"score": 3.7,
"strategic_value": 3,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "CUST-WP-0047",
"confidence": "high",
"rank": 5,
"why": "This high-priority workstream has a single 'wait' task ('Activate Ops-Hub Widgets In Inter-Hub') that can be actioned to progress the Ops Hub Service Inventory.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 3.5,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "ACTIVITY-WP-0012",
"confidence": "medium",
"rank": 6,
"why": "This workstream has a 'wait' task ('Live No-Restart Smoke') that can be executed to validate the Definition and Schedule Hot Reload functionality.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 3.0,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "revisit",
"candidate": "CUST-WP-0025",
"confidence": "medium",
"rank": 7,
"why": "This workstream has a large number of 'todo' tasks and dependencies on other workstreams (NK-WP-0001, NK-WP-0002). It's a large bootstrap effort that needs to be regularly checked for unblocking.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 4,
"risk_reduction": 2,
"score": 2.8,
"strategic_value": 5,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "CUST-WP-0011",
"confidence": "high",
"rank": 8,
"why": "This workstream is actively migrating State Hub to railiance01. The next steps involve building and pushing the container image, then deploying and migrating data.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 2.8,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "ISSUE-WP-0003",
"confidence": "medium",
"rank": 9,
"why": "This workstream is deploying issue-core to railiance01. The next steps involve setting up ArgoCD bootstrap and Kubernetes manifests, with a dependency on OpenBao for secrets.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 2.8,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "revisit",
"candidate": "WARDEN-WP-0009",
"confidence": "high",
"rank": 10,
"why": "This workstream is blocked and has a low planning priority. It should be revisited periodically to see if the blocking condition has been resolved or if its priority has changed.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 2.0,
"strategic_value": 2,
"time_criticality": 1
}
}
],
"summary": "Triage report for Daily State Hub WSJF, focusing on high-priority workstreams with human intervention or critical dependencies."
}
```

View File

@@ -0,0 +1,175 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 53460e63-8a04-5209-83ac-c360b44f162f
instruction_id: daily-triage-report
scheduled_for: 2026-06-21T17:45:22.695777+00:00
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 09bb667360681458904de55dc29307a33cf3497177147eb3f28c7756af2772d3
created: 2026-06-21T17:45:46.036481+00:00
---
# Daily State Hub WSJF Triage - 2026-06-21
Daily State Hub WSJF triage report based on current workstream status and task counts.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "ihub-wp-0022",
"confidence": "high",
"rank": 1,
"why": "This workstream has a high planning priority and a human-needed task (T04 - Provision the runtime API key outside Git) that is currently waiting, blocking further progress. Addressing this human dependency is critical for unblocking the inter-hub integration.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 8.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0049",
"confidence": "high",
"rank": 2,
"why": "This workstream is high priority and has a critical human-needed task (Task: Execute Live Ops-Hub Bootstrap) that is currently waiting. This is a direct blocker for establishing the Inter-Hub Bootstrap Access Lane.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 8.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "high",
"rank": 3,
"why": "This workstream has a high number of open tasks (12) and 4 tasks requiring human intervention, with 'T02 - Resolve Forgejo production design decisions' being a high-priority todo. Addressing these human dependencies is crucial for the Forgejo Production Migration.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 6.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "artifact-store-wp-0007",
"confidence": "high",
"rank": 4,
"why": "This high-priority workstream has 5 todo tasks and no human dependencies, making it a good candidate for immediate progress. The tasks involve critical assessments for MinIO compatibility and STS credential vending.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 5.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0047",
"confidence": "high",
"rank": 5,
"why": "This high-priority workstream has a single waiting task ('Activate Ops-Hub Widgets In Inter-Hub') with no human dependencies. It's ready for immediate action to enable the Ops Hub Service Inventory Now View.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 5.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "activity-wp-0006",
"confidence": "medium",
"rank": 6,
"why": "This workstream has a human-needed task ('Three-Run Calibration Feedback') that is currently waiting. Addressing this feedback is important for the 'Post-triage operational hardening' efforts.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 4.0,
"strategic_value": 3,
"time_criticality": 2
}
},
{
"action": "work-next",
"candidate": "issue-wp-0003",
"confidence": "high",
"rank": 7,
"why": "This workstream is actively deploying issue-core and has several high-priority tasks in todo and progress, including setting up Kubernetes manifests and OpenBao secrets. Continued work is needed to complete the deployment.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 2,
"score": 3.7,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0011",
"confidence": "medium",
"rank": 8,
"why": "This workstream is in progress with 6 todo tasks for the pragmatic State Hub migration. Continued work is needed to build, deploy, and migrate data to the new cluster.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 2,
"score": 3.7,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0025",
"confidence": "medium",
"rank": 9,
"why": "This workstream has a large number of todo tasks (21) for the FOS Hub Bootstrap. While it has a progress task, there's significant work remaining, including completing other workplans and refactoring state-hub.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 3,
"risk_reduction": 2,
"score": 3.0,
"strategic_value": 5,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "activity-wp-0012",
"confidence": "medium",
"rank": 10,
"why": "This workstream has a single waiting task ('Live No-Restart Smoke') with no human dependencies. It's ready for immediate action to validate the Definition And Schedule Hot Reload functionality.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 2,
"score": 3.0,
"strategic_value": 3,
"time_criticality": 2
}
}
],
"summary": "Daily State Hub WSJF triage report based on current workstream status and task counts."
}
```

View File

@@ -0,0 +1,70 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: f884fae1-2dd3-56c1-bc1e-f9335b40d03d
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 269e2e2093cc4703fe57bf7d33bb699471b13a1438ef6ceb1209525d9421cfab
created: 2026-06-21T05:20:03.992784+00:00
---
# Daily State Hub WSJF Triage - 2026-06-21
No immediate actionable items identified from the digest. The system indicates a future mode for high-gain, high-effort candidates, suggesting a need for more data or a shift in operational focus.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "system_operational_mode",
"confidence": "high",
"rank": 1,
"why": "The digest indicates a 'future_mode' for 'code_score_high_gain_high_effort_candidates' but provides no current candidates or open workstreams. A human review is needed to understand if this is an expected state, if there's a backlog of high-gain candidates not yet processed, or if the system is awaiting further input to identify such candidates.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 4.5,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "revisit",
"candidate": "data_ingestion_and_processing",
"confidence": "medium",
"rank": 2,
"why": "The digest shows empty 'samples', 'next_steps', 'open_workstreams', and 'totals', with an 'unread_count' of 0. This suggests either a very clean state or a potential issue with data ingestion or processing. Revisit to ensure data pipelines are functioning as expected and that no relevant information is being missed.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 3.8,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "needs-consistency-sync",
"candidate": "deterministic_scoring_configuration",
"confidence": "medium",
"rank": 3,
"why": "The 'deterministic_scoring' section specifies 'candidate_fields' and a 'future_mode'. While this is a configuration, the lack of actual scored candidates implies a potential mismatch between configuration and current operational data. A consistency sync might be needed to ensure the scoring mechanism is correctly applied or to understand why no candidates are being generated.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 3.0,
"strategic_value": 3,
"time_criticality": 2
}
}
],
"summary": "No immediate actionable items identified from the digest. The system indicates a future mode for high-gain, high-effort candidates, suggesting a need for more data or a shift in operational focus."
}
```

View File

@@ -0,0 +1,70 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: a3f73bdd-1a0a-533f-80a3-1eb58787c499
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 269e2e2093cc4703fe57bf7d33bb699471b13a1438ef6ceb1209525d9421cfab
created: 2026-06-22T05:20:03.559598+00:00
---
# Daily State Hub WSJF Triage - 2026-06-22
The digest indicates no immediate actionable items or open workstreams. The deterministic scoring is set to 'code_score_high_gain_high_effort_candidates' for future mode, suggesting a focus on identifying significant but potentially complex work.
```json
{
"recommendations": [
{
"action": "revisit",
"candidate": "deterministic_scoring_future_mode_review",
"confidence": "high",
"rank": 1,
"why": "The 'future_mode' for deterministic scoring is set to 'code_score_high_gain_high_effort_candidates'. This setting implies a strategic shift towards identifying complex, high-impact work. It's important to revisit this to ensure alignment with current operational goals and to prepare for potential changes in work prioritization.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 4.5,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "revisit",
"candidate": "inbox_monitoring",
"confidence": "medium",
"rank": 2,
"why": "The inbox shows 0 unread count and no samples. While this is good, it's crucial to ensure the inbox monitoring system is functioning correctly and that no critical communications are being missed. A periodic check of the underlying system health is warranted.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 4,
"score": 3.0,
"strategic_value": 2,
"time_criticality": 2
}
},
{
"action": "revisit",
"candidate": "digest_generation_status",
"confidence": "medium",
"rank": 3,
"why": "The 'generated_at' field is null, which could indicate an issue with the digest generation process or simply that it hasn't been generated recently. This should be checked to ensure the system is producing up-to-date information.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 2.7,
"strategic_value": 2,
"time_criticality": 3
}
}
],
"summary": "The digest indicates no immediate actionable items or open workstreams. The deterministic scoring is set to 'code_score_high_gain_high_effort_candidates' for future mode, suggesting a focus on identifying significant but potentially complex work."
}
```

View File

@@ -0,0 +1,55 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 30458b8a-75a6-59aa-ab48-7401b3dcacd3
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 269e2e2093cc4703fe57bf7d33bb699471b13a1438ef6ceb1209525d9421cfab
created: 2026-06-23T05:20:03.225320+00:00
---
# Daily State Hub WSJF Triage - 2026-06-23
The digest indicates no immediate high-priority items or open workstreams. The deterministic scoring is set to identify high-gain, high-effort candidates, but no specific candidates were provided in this digest. The inbox is empty, suggesting no new urgent communications.
```json
{
"recommendations": [
{
"action": "revisit",
"candidate": "future_mode: code_score_high_gain_high_effort_candidates",
"confidence": "medium",
"rank": 1,
"why": "The system is configured to identify high-gain, high-effort candidates, but no such candidates were presented in this digest. Revisit to ensure this mode is actively generating and presenting relevant work.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 2,
"score": 3.0,
"strategic_value": 3,
"time_criticality": 2
}
},
{
"action": "close-out",
"candidate": "inbox",
"confidence": "high",
"rank": 2,
"why": "The inbox is empty, indicating no unread messages or pending communications. This item can be closed out for this cycle.",
"wsjf": {
"job_size": 1,
"opportunity_enablement": 1,
"risk_reduction": 1,
"score": 4.0,
"strategic_value": 1,
"time_criticality": 1
}
}
],
"summary": "The digest indicates no immediate high-priority items or open workstreams. The deterministic scoring is set to identify high-gain, high-effort candidates, but no specific candidates were provided in this digest. The inbox is empty, suggesting no new urgent communications."
}
```

View File

@@ -0,0 +1,175 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: a443277f-774a-5903-bd88-0144e3466ad2
instruction_id: daily-triage-report
scheduled_for: 2026-06-23T17:49:02.292251+00:00
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: bc97b129553d412e6b6d3f8d42b42db588840f3258ef17f57d4023e6e85050ea
created: 2026-06-23T17:50:56.020702+00:00
---
# Daily State Hub WSJF Triage - 2026-06-23
Triage report focusing on high-priority workstreams with human dependencies or critical infrastructure migrations.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "cust-wp-0049",
"confidence": "high",
"rank": 1,
"why": "This workstream has a high-priority task requiring human intervention ('Execute Live Ops-Hub Bootstrap') and is critical for Inter-Hub functionality. Addressing this human dependency is key to unblocking progress.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 5.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "ihub-wp-0022",
"confidence": "high",
"rank": 2,
"why": "This workstream has a high-priority task ('Provision the runtime API key outside Git') that requires human input. Resolving this will unblock further progress on Ops Hub Evidence Intake.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 4.7,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "high",
"rank": 3,
"why": "This workstream has a high-priority task ('Resolve Forgejo production design decisions') requiring human input. This is a critical migration with significant strategic value.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 4.3,
"strategic_value": 5,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0011",
"confidence": "high",
"rank": 4,
"why": "This workstream is actively migrating State Hub to railiance01, with a task in progress and several high-priority todo items. Continuing this migration is strategically important.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 4.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "issue-wp-0003",
"confidence": "high",
"rank": 5,
"why": "This workstream is actively deploying issue-core with tasks in progress and waiting. The resolved decision for ArgoCD bootstrap indicates readiness for continued execution.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 4.0,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "artifact-store-wp-0007",
"confidence": "medium",
"rank": 6,
"why": "This workstream has several high-priority todo tasks related to MinIO/MaxIO assessment and STS credential vending, which are critical for artifact storage infrastructure.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 3.8,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "net-wp-0020",
"confidence": "medium",
"rank": 7,
"why": "This workstream has high-priority todo tasks for OpenBao unseal automation, which is important for security and operational efficiency.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 4,
"score": 3.7,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0047",
"confidence": "medium",
"rank": 8,
"why": "This workstream has a high-priority waiting task to activate Ops-Hub Widgets, which will enable visibility into service inventory.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 2,
"score": 3.3,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "activity-wp-0006",
"confidence": "medium",
"rank": 9,
"why": "This workstream has a medium-priority task ('Three-Run Calibration Feedback') requiring human input for operational hardening.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 3.0,
"strategic_value": 3,
"time_criticality": 2
}
},
{
"action": "revisit",
"candidate": "warden-wp-0009",
"confidence": "high",
"rank": 10,
"why": "This workstream is blocked and has a low planning priority. It should be revisited once higher priority items are addressed or dependencies are resolved.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 1,
"risk_reduction": 2,
"score": 2.0,
"strategic_value": 2,
"time_criticality": 1
}
}
],
"summary": "Triage report focusing on high-priority workstreams with human dependencies or critical infrastructure migrations."
}
```

View File

@@ -0,0 +1,175 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: fa6fd13d-47ec-5017-adf2-b3f9d2d57d18
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 065a6ae1993c2d5d26260dfe91a8db05f1c5a77716a6a3c9be4a09b3c9d2d972
created: 2026-06-24T05:20:54.824889+00:00
---
# Daily State Hub WSJF Triage - 2026-06-24
Triage report for Daily State Hub WSJF, focusing on high-priority workstreams with human dependencies and critical infrastructure migrations.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "ihub-wp-0022",
"confidence": "high",
"rank": 1,
"why": "This workstream has a high planning priority and a critical 'needs_human' task ('T04 - Provision the runtime API key outside Git') that is blocking progress. Addressing this human dependency is crucial for unblocking the entire 'Ops Hub Evidence Intake' process.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 5.0,
"strategic_value": 5,
"time_criticality": 5
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0049",
"confidence": "high",
"rank": 2,
"why": "This workstream is high priority and has a single 'needs_human' task ('Task: Execute Live Ops-Hub Bootstrap') which is the only open task. Resolving this human dependency will complete the workstream and enable Inter-Hub bootstrap access.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 5,
"risk_reduction": 4,
"score": 5.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "high",
"rank": 3,
"why": "The Forgejo Production Migration has 4 'needs_human' tasks, including 'T02 \u2014 Resolve Forgejo production design decisions', which is likely a critical blocker for the entire migration. Resolving these human dependencies is essential for a smooth and timely migration.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 4,
"risk_reduction": 5,
"score": 4.5,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "cust-wp-0011",
"confidence": "high",
"rank": 4,
"why": "This workstream is actively migrating State Hub to ThreePhoenix, with a task in progress ('T03 \u2014 Build and push State Hub container image') and high-priority 'todo' tasks remaining. Continued focus is needed to complete this critical infrastructure migration.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 4.3,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "issue-wp-0003",
"confidence": "high",
"rank": 5,
"why": "This workstream is deploying 'issue-core' as a service, with tasks in progress and critical 'wait' tasks like 'ArgoCD bootstrap' and 'OpenBao secret'. Continued progress is needed to get 'issue-core' operational.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 4.0,
"strategic_value": 4,
"time_criticality": 5
}
},
{
"action": "work-next",
"candidate": "cust-wp-0047",
"confidence": "medium",
"rank": 6,
"why": "This high-priority workstream has one remaining 'wait' task ('Task: Activate Ops-Hub Widgets In Inter-Hub'). This task is likely dependent on other completed work, and its completion will enable the 'Ops Hub Service Inventory Now View'.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 5,
"risk_reduction": 3,
"score": 4.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "artifact-store-wp-0007",
"confidence": "medium",
"rank": 7,
"why": "This high-priority workstream has several 'todo' tasks related to MinIO/MaxIO assessment and STS credential vending. These are foundational tasks for artifact storage and security, requiring active development.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 3.8,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "net-wp-0020",
"confidence": "medium",
"rank": 8,
"why": "This workstream focuses on OpenBao Unseal Custody and SSH Automation, with 'todo' and 'wait' tasks. This is critical for security and operational efficiency, requiring continued attention.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 2,
"risk_reduction": 5,
"score": 3.7,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "activity-wp-0006",
"confidence": "medium",
"rank": 9,
"why": "This workstream has a 'needs_human' task ('Three-Run Calibration Feedback') which is currently in a 'wait' state. Addressing this human input is necessary to unblock the 'Post-triage operational hardening'.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 3.0,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0025",
"confidence": "low",
"rank": 10,
"why": "The FOS Hub Bootstrap has many 'todo' tasks, including dependencies on other workstreams (NK-WP-0001, NK-WP-0002). While not immediately blocked by human input, it represents a significant body of work that needs to be actively progressed.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 5,
"risk_reduction": 3,
"score": 2.8,
"strategic_value": 4,
"time_criticality": 2
}
}
],
"summary": "Triage report for Daily State Hub WSJF, focusing on high-priority workstreams with human dependencies and critical infrastructure migrations."
}
```

View File

@@ -0,0 +1,175 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 7c915653-b7b6-5957-a9ee-56512cf53de3
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 37b881fcb93f5576290c675d26a268746c93d2ca8d1cdbb6593d1eab27be48a0
created: 2026-06-25T05:20:45.352426+00:00
---
# Daily State Hub WSJF Triage - 2026-06-25
Triage report for Daily State Hub WSJF, focusing on high-priority workstreams with pending human intervention or critical dependencies.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "ihub-wp-0022",
"confidence": "high",
"rank": 1,
"why": "This workstream has a high planning priority and a critical task (T04 - Provision the runtime API key outside Git) that requires human intervention to unblock. It is a key component for Ops Hub Evidence Intake.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 5,
"risk_reduction": 4,
"score": 4.5,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0049",
"confidence": "high",
"rank": 2,
"why": "This workstream is high priority and has a single, critical task (Execute Live Ops-Hub Bootstrap) awaiting human action. It's essential for establishing the Inter-Hub access lane.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 4.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "high",
"rank": 3,
"why": "This workstream has multiple tasks requiring human input, specifically 'Resolve Forgejo production design decisions', which is a high-priority blocker for the Forgejo Production Migration.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 3.8,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "activity-wp-0006",
"confidence": "medium",
"rank": 4,
"why": "The 'Three-Run Calibration Feedback' task is waiting for human input, which is crucial for the Post-triage operational hardening of Activity Core.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 3.3,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "railiance-platform-railiance-wp-0005",
"confidence": "high",
"rank": 5,
"why": "This workstream is marked 'ready' and has a cleared dependency. It's high priority and has 10 todo tasks, making it ripe for immediate action to define credential grants and configure OpenBao roles.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 3.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "artifact-store-wp-0007",
"confidence": "high",
"rank": 6,
"why": "This high-priority workstream has 5 'todo' tasks, including critical assessments for MinIO/MaxIO and STS Credential Vending, which are important for artifact storage and security.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 3.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0047",
"confidence": "high",
"rank": 7,
"why": "This high-priority workstream has one 'wait' task to activate Ops-Hub Widgets in Inter-Hub. Given its high priority and single blocking task, it should be addressed next.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 2.8,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "revisit",
"candidate": "issue-wp-0003",
"confidence": "medium",
"rank": 8,
"why": "This workstream has a resolved decision for ArgoCD bootstrap but still has two 'wait' tasks. Revisit to ensure the resolved decision has unblocked these tasks and to identify the next actionable step.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 2,
"score": 2.5,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0011",
"confidence": "medium",
"rank": 9,
"why": "This workstream is actively migrating State Hub and has high-priority 'todo' tasks for deployment and data migration. Progress on these tasks is critical for the migration.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 2,
"score": 2.5,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "revisit",
"candidate": "cust-wp-0025",
"confidence": "medium",
"rank": 10,
"why": "This workstream has many 'todo' tasks but depends on other workstreams (NK-WP-0001, NK-WP-0002). Revisit to check the status of these dependencies before proceeding with its own tasks.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 2,
"risk_reduction": 2,
"score": 2.0,
"strategic_value": 3,
"time_criticality": 2
}
}
],
"summary": "Triage report for Daily State Hub WSJF, focusing on high-priority workstreams with pending human intervention or critical dependencies."
}
```

View File

@@ -0,0 +1,30 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: c7370f9c-6ce7-5e21-a573-d58fc3edc325
instruction_id: daily-triage-report
scheduled_for: None
output_validated: false
review_required: true
model: custodian-triage-balanced
prompt_hash: cc24616f088cde74e0ca1edcf7f9d864a6f0f63da6c54b9302be4779741f1e5a
created: 2026-06-26T05:20:56.151627+00:00
---
# Daily State Hub WSJF Triage - 2026-06-26
Instruction daily-triage-report produced output that failed validation; partial output was preserved for operator review.
Validation error:
`Expecting ',' delimiter: line 136 column 22 (char 5268)`
```json
{
"raw_output_preview": "{\n \"summary\": \"Triage report focusing on high-priority workstreams with pending human intervention or critical dependencies, and addressing recently cleared dependencies to unblock progress.\",\n \"recommendations\": [\n {\n \"rank\": 1,\n \"candidate\": \"2731fece-6c49-45b8-ab8a-4ea6c04ac603\",\n \"action\": \"work-next\",\n \"why\": \"A critical dependency (T03 - Configure bounded OpenBao token roles and policies) for this workstream has been cleared, unblocking significant progress on credential management. This workstream has 8 todo tasks and no waits, indicating it's ready for immediate action.\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 5.0,\n \"strategic_value\": 5,\n \"time_criticality\": 5,\n \"risk_reduction\": 4,\n \"opportunity_enablement\": 5,\n \"job_size\": 4\n }\n },\n {\n \"rank\": 2,\n \"candidate\": \"bd086c41-287d-4a4e-8ac5-9ab270f14d72\",\n \"action\": \"needs-human\",\n \"why\": \"This high-priority workstream has a 'needs_human' task (T04 - Provision the runtime API key outside Git) and is currently blocked by 3 'wait' tasks. Human intervention is required to unblock progress.\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 4.7,\n \"strategic_value\": 5,\n \"time_criticality\": 4,\n \"risk_reduction\": 5,\n \"opportunity_enablement\": 4,\n \"job_size\": 3\n }\n },\n {\n \"rank\": 3,\n \"candidate\": \"9b56414a-c71f-4e72-9b2b-d2166aaf50d0\",\n \"action\": \"needs-human\",\n \"why\": \"This high-priority workstream has a 'needs_human' task (Task: Execute Live Ops-Hub Bootstrap) and is currently blocked by a 'wait' task. Human intervention is required to proceed with the bootstrap.\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 4.7,\n \"strategic_value\": 5,\n \"time_criticality\": 4,\n \"risk_reduction\": 5,\n \"opportunity_enablement\": 4,\n \"job_size\": 3\n }\n },\n {\n \"rank\": 4,\n \"candidate\": \"84e17675-0d15-4268-a8bd-540124d37018\",\n \"action\": \"needs-human\",\n \"why\": \"This workstream has 4 'needs_human' tasks, including 'T02 \u2014 Resolve Forgejo production design decisions', indicating significant human input is required to move forward with the migration.\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 4.0,\n \"strategic_value\": 4,\n \"time_criticality\": 4,\n \"risk_reduction\": 4,\n \"opportunity_enablement\": 4,\n \"job_size\": 4\n }\n },\n {\n \"rank\": 5,\n \"candidate\": \"5646e13a-13af-4724-bca6-3c0d86f96733\",\n \"action\": \"needs-human\",\n \"why\": \"This workstream has a 'needs_human' task ('Three-Run Calibration Feedback') and is currently in a 'wait' state. Human feedback is crucial for operational hardening.\",\n \"confidence\": \"medium\",\n \"wsjf\": {\n \"score\": 3.7,\n \"strategic_value\": 4,\n \"time_criticality\": 3,\n \"risk_reduction\": 4,\n \"opportunity_enablement\": 4,\n \"job_size\": 4\n }\n },\n {\n \"rank\": 6,\n \"candidate\": \"896ace77-21b3-450b-8fb7-254aefc8c570\",\n \"action\": \"close-out\",\n \"why\": \"The task 'Wire activity-core to the live service' has been resolved, and the workstream shows 2 progress tasks with 0 todo/wait tasks. This indicates the deployment is likely complete or nearing completion and ready for close-out after verification.\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 3.7,\n \"strategic_value\": 4,\n \"time_criticality\": 3,\n \"risk_reduction\": 4,\n \"opportunity_enablement\": 4,\n \"job_size\": 4\n }\n },\n {\n \"rank\": 7,\n \"candidate\": \"656e435d-3a00-4f5e-a38e-114467f9062e\",\n \"action\": \"work-next\",\n \"why\": \"This high-priority workstream has a single 'wait' task ('Task: Activate Ops-Hub Widgets In Inter-Hub') and no 'needs_human' tasks. It appears ready for the next step to activate the widgets.\",\n \"confidence\": \"medium\",\n \"wsjf",
"status": "validation_failed",
"summary": "Instruction daily-triage-report produced output that failed validation; partial output was preserved for operator review.",
"validation_error": "Expecting ',' delimiter: line 136 column 22 (char 5268)"
}
```

View File

@@ -0,0 +1,30 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: ebec6e41-2d94-5a9b-8a5a-4e4d9734751c
instruction_id: daily-triage-report
scheduled_for: None
output_validated: false
review_required: true
model: custodian-triage-balanced
prompt_hash: 0bf0a3305908a822d6cf18e94681a37c8757e659c5d20b029e2444976a719d36
created: 2026-06-27T05:20:55.643385+00:00
---
# Daily State Hub WSJF Triage - 2026-06-27
Instruction daily-triage-report produced output that failed validation; partial output was preserved for operator review.
Validation error:
`Unterminated string starting at: line 143 column 14 (char 5246)`
```json
{
"raw_output_preview": "{\n \"summary\": \"Triage report for Daily State Hub WSJF, focusing on high-priority workstreams with human intervention needs or critical dependencies.\",\n \"recommendations\": [\n {\n \"rank\": 1,\n \"candidate\": \"bd086c41-287d-4a4e-8ac5-9ab270f14d72\",\n \"action\": \"needs-human\",\n \"why\": \"This workstream has a high planning priority and a 'needs_human' task that is currently waiting. Addressing this human dependency is critical to unblock progress on Ops Hub Evidence Intake.\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 4.5,\n \"strategic_value\": 5,\n \"time_criticality\": 4,\n \"risk_reduction\": 4,\n \"opportunity_enablement\": 5,\n \"job_size\": 4\n }\n },\n {\n \"rank\": 2,\n \"candidate\": \"9b56414a-c71f-4e72-9b2b-d2166aaf50d0\",\n \"action\": \"needs-human\",\n \"why\": \"This workstream is high priority and has a 'needs_human' task that is waiting. Unblocking the 'Execute Live Ops-Hub Bootstrap' task is crucial for the Inter-Hub Bootstrap Access Lane.\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 4.5,\n \"strategic_value\": 5,\n \"time_criticality\": 4,\n \"risk_reduction\": 4,\n \"opportunity_enablement\": 5,\n \"job_size\": 4\n }\n },\n {\n \"rank\": 3,\n \"candidate\": \"2731fece-6c49-45b8-ab8a-4ea6c04ac603\",\n \"action\": \"needs-human\",\n \"why\": \"This workstream is blocked and has multiple 'needs_human' tasks. Addressing these human dependencies is essential to unblock the Credential Request and Lease Broker, which is a high-priority financial domain item.\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 4.0,\n \"strategic_value\": 5,\n \"time_criticality\": 5,\n \"risk_reduction\": 5,\n \"opportunity_enablement\": 5,\n \"job_size\": 5\n }\n },\n {\n \"rank\": 4,\n \"candidate\": \"84e17675-0d15-4268-a8bd-540124d37018\",\n \"action\": \"needs-human\",\n \"why\": \"The Forgejo Production Migration has a 'needs_human' task to 'Resolve Forgejo production design decisions'. This is a critical step for a high-priority migration.\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 4.0,\n \"strategic_value\": 4,\n \"time_criticality\": 4,\n \"risk_reduction\": 4,\n \"opportunity_enablement\": 4,\n \"job_size\": 4\n }\n },\n {\n \"rank\": 5,\n \"candidate\": \"5646e13a-13af-4724-bca6-3c0d86f96733\",\n \"action\": \"needs-human\",\n \"why\": \"The 'Post-triage operational hardening' workstream has a 'needs_human' task for 'Three-Run Calibration Feedback'. This feedback is important for improving operational robustness.\",\n \"confidence\": \"medium\",\n \"wsjf\": {\n \"score\": 3.7,\n \"strategic_value\": 4,\n \"time_criticality\": 3,\n \"risk_reduction\": 4,\n \"opportunity_enablement\": 4,\n \"job_size\": 4\n }\n },\n {\n \"rank\": 6,\n \"candidate\": \"656e435d-3a00-4f5e-a38e-114467f9062e\",\n \"action\": \"work-next\",\n \"why\": \"This high-priority workstream has a single waiting task 'Activate Ops-Hub Widgets In Inter-Hub' with no human dependency. This seems ready for immediate execution.\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 3.7,\n \"strategic_value\": 4,\n \"time_criticality\": 4,\n \"risk_reduction\": 3,\n \"opportunity_enablement\": 4,\n \"job_size\": 4\n }\n },\n {\n \"rank\": 7,\n \"candidate\": \"21cabc98-3f80-4d00-b3b7-06e2ac2af88f\",\n \"action\": \"work-next\",\n \"why\": \"The 'Infrastructure Stabilization Metaplan' has several high-priority 'todo' tasks, including closing the Ops-Hub Inter-Hub Evidence Lane and stabilizing Daily-Triage Automation. These are critical for overall system health.\",\n \"confidence\": \"high\",\n \"wsjf\": {\n \"score\": 3.7,\n \"strategic_value\": 5,\n \"time_criticality\": 4,\n \"risk_reduction\": 5,\n \"opportunity_enablement\": 3,\n \"job_size\": 5\n }\n ",
"status": "validation_failed",
"summary": "Instruction daily-triage-report produced output that failed validation; partial output was preserved for operator review.",
"validation_error": "Unterminated string starting at: line 143 column 14 (char 5246)"
}
```

View File

@@ -0,0 +1,175 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 6a44d6dd-3f02-53f2-a5d8-d42b76b0ef98
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 7190932904452d95ff0d20eaeaac290d7310fbd3cbb6ef1c9b1dc84896e81fcb
created: 2026-06-28T05:20:49.315172+00:00
---
# Daily State Hub WSJF Triage - 2026-06-28
The Daily State Hub triage report highlights several high-priority workstreams, with a focus on resolving human-in-the-loop tasks and unblocking critical financial and infotech initiatives. Key areas include Inter-Hub integration, OpenBao automation, and LLM output robustness.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "RAILIANCE-WP-0005-credential-request-and-lease-broker",
"confidence": "high",
"rank": 1,
"why": "This workstream is blocked with 7 open tasks, all requiring human intervention. Resolving these human-dependent tasks is critical to unblock a core financial capability.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 5,
"risk_reduction": 4,
"score": 10.0,
"strategic_value": 5,
"time_criticality": 5
}
},
{
"action": "needs-human",
"candidate": "RAILIANCE-WP-0006-workload-kv-access-lanes",
"confidence": "high",
"rank": 2,
"why": "This workstream is blocked with 4 open tasks, all requiring human intervention. Unblocking this is crucial for secure workload KV access.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 4,
"risk_reduction": 5,
"score": 9.0,
"strategic_value": 4,
"time_criticality": 5
}
},
{
"action": "needs-human",
"candidate": "IHUB-WP-0022-ops-hub-evidence-intake",
"confidence": "high",
"rank": 3,
"why": "This high-priority workstream has 1 task requiring human input and 3 tasks waiting. Addressing the human task will likely unblock the waiting tasks and progress critical Inter-Hub integration.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 8.0,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "CUST-WP-0049-interhub-bootstrap-access-lane",
"confidence": "high",
"rank": 4,
"why": "This high-priority workstream has a single open task that requires human execution. Resolving this will enable the Inter-Hub bootstrap.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 8.0,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "RAIL-HO-WP-0005-forgejo-production-migration",
"confidence": "medium",
"rank": 5,
"why": "This workstream has 4 tasks requiring human input, including resolving Forgejo production design decisions. Addressing these will unblock significant progress on a critical migration.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 7.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "ACTIVITY-WP-0016-llm-output-robustness-trust-boundary",
"confidence": "medium",
"rank": 6,
"why": "This workstream has 1 task requiring human input and 1 task waiting. Resolving the human task could unblock further progress on LLM output robustness, which is a high-priority item.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 6.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "RAILIANCE-WP-0008-openbao-approved-automation-delegation",
"confidence": "high",
"rank": 7,
"why": "This high-priority workstream has 4 'todo' tasks and 1 'wait' task. Progressing the 'todo' tasks will advance critical OpenBao automation capabilities.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 5.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "RAILIANCE-WP-0007-credential-change-approval-workflow",
"confidence": "high",
"rank": 8,
"why": "This high-priority workstream has 3 'todo' tasks and 3 'progress' tasks. Continuing to work on the 'todo' items will complete the credential change approval workflow.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 4.7,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "CUST-WP-0047-ops-hub-service-inventory-now-view",
"confidence": "medium",
"rank": 9,
"why": "This high-priority workstream has a single 'wait' task. Investigating and resolving the wait condition will enable the activation of Ops-Hub widgets.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 4,
"risk_reduction": 2,
"score": 4.0,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "ARTIFACT-STORE-WP-0007-minio-maxio-sts-vending",
"confidence": "medium",
"rank": 10,
"why": "This workstream has 3 'todo' tasks and 1 'progress' task. Continuing to work on these tasks will advance artifact store capabilities and STS credential vending.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 3.7,
"strategic_value": 3,
"time_criticality": 2
}
}
],
"summary": "The Daily State Hub triage report highlights several high-priority workstreams, with a focus on resolving human-in-the-loop tasks and unblocking critical financial and infotech initiatives. Key areas include Inter-Hub integration, OpenBao automation, and LLM output robustness."
}
```

View File

@@ -0,0 +1,175 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 1dfb47c9-07bf-551b-b778-1d21a40bd95c
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 758448d990c7835ded94fb68cbfa94a76772d93bda1c4b2182a873d7b155864a
created: 2026-06-29T05:20:48.288104+00:00
---
# Daily State Hub WSJF Triage - 2026-06-29
Triage report focusing on high-priority workstreams with human dependencies and critical infrastructure tasks. Several workstreams are blocked or waiting on human input, indicating a need for coordination.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "railiance-platform-railiance-wp-0006",
"confidence": "high",
"rank": 1,
"why": "This high-priority workstream has 4 tasks awaiting human input, including coordinating catalog activation, which is a critical next step.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 5,
"risk_reduction": 4,
"score": 4.5,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "railiance-platform-railiance-wp-0005",
"confidence": "high",
"rank": 2,
"why": "This workstream is blocked with 7 tasks waiting on human input, including configuring OpenBao token roles and building a credential helper MVP. Unblocking this is critical for credential management.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 2,
"risk_reduction": 4,
"score": 4.0,
"strategic_value": 5,
"time_criticality": 5
}
},
{
"action": "needs-human",
"candidate": "ihub-wp-0022",
"confidence": "high",
"rank": 3,
"why": "This high-priority workstream has 1 task awaiting human input and 3 tasks in a 'wait' status, including provisioning an API key. Human intervention is needed to progress.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 3.7,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "high",
"rank": 4,
"why": "The Forgejo Production Migration has 4 tasks needing human input, including resolving design decisions, which is a critical blocker for this migration.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 5,
"score": 3.7,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0049",
"confidence": "high",
"rank": 5,
"why": "This workstream has a single task awaiting human input: 'Execute Live Ops-Hub Bootstrap'. This is a direct dependency for Inter-Hub functionality.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 3.5,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "activity-wp-0016-llm-output-robustness-trust-boundary",
"confidence": "high",
"rank": 6,
"why": "This workstream has high-priority tasks related to LLM output robustness, including root-causing a validation failure and schema redesign, which are critical for system reliability.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 1,
"risk_reduction": 5,
"score": 3.3,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "work-next",
"candidate": "railiance-platform-railiance-wp-0008",
"confidence": "medium",
"rank": 7,
"why": "This workstream has multiple high-priority 'todo' tasks for OpenBao automation delegation, including specifying policy boundaries and implementing a dry-run, which are important for security and efficiency.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 2,
"risk_reduction": 4,
"score": 3.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0051",
"confidence": "medium",
"rank": 8,
"why": "The Infrastructure Stabilization Metaplan has tasks in progress, including stabilizing Daily-Triage Automation and deciding the State Hub Migration Strategy, which are foundational for system health.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 2,
"risk_reduction": 4,
"score": 2.8,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "railiance-platform-railiance-wp-0007",
"confidence": "medium",
"rank": 9,
"why": "This workstream has tasks in progress and 'todo' for the Credential Change Proposal Review Workflow, including generating OpenBao apply plans and building an interactive runbook, which are important for operational processes.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 2.8,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0047",
"confidence": "medium",
"rank": 10,
"why": "This workstream has a single task in 'wait' status: 'Activate Ops-Hub Widgets In Inter-Hub'. This is a direct next step for providing visibility into service inventory.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 2,
"score": 2.5,
"strategic_value": 3,
"time_criticality": 2
}
}
],
"summary": "Triage report focusing on high-priority workstreams with human dependencies and critical infrastructure tasks. Several workstreams are blocked or waiting on human input, indicating a need for coordination."
}
```

View File

@@ -0,0 +1,175 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: ac3d71a0-2f8f-50df-b3ce-7c60c2abb5c5
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 22f34b3ef4c6891f2a7f38298dd60f77e01657fa344e11658c5b9ea471d9df7f
created: 2026-06-30T05:20:49.176218+00:00
---
# Daily State Hub WSJF Triage - 2026-06-30
Triage report for Daily State Hub, focusing on high-priority workstreams with human intervention needs or critical dependencies.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "railiance-platform-railiance-wp-0005",
"confidence": "high",
"rank": 1,
"why": "This workstream is blocked and has 7 tasks awaiting human intervention, indicating a critical bottleneck that requires immediate attention to unblock progress.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 8.0,
"strategic_value": 5,
"time_criticality": 5
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0049",
"confidence": "high",
"rank": 2,
"why": "This workstream has a high-priority task awaiting human execution, which is crucial for bootstrapping Inter-Hub access. Unblocking this will enable further progress.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 6.0,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "ihub-wp-0022",
"confidence": "high",
"rank": 3,
"why": "This workstream has a high-priority task requiring human provisioning of an API key outside Git, which is a security-sensitive operation and a blocker for subsequent tasks.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 4,
"score": 5.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "medium",
"rank": 4,
"why": "The Forgejo Production Migration has 4 tasks requiring human input, including resolving design decisions, which is critical for a successful migration.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 4.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "activity-wp-0006",
"confidence": "medium",
"rank": 5,
"why": "The 'Post-triage operational hardening' workstream has a task awaiting 'Three-Run Calibration Feedback' from a human, which is important for validating the hardening process.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 1,
"risk_reduction": 3,
"score": 3.0,
"strategic_value": 3,
"time_criticality": 2
}
},
{
"action": "work-next",
"candidate": "railiance-platform-railiance-wp-0009",
"confidence": "high",
"rank": 6,
"why": "This workstream is critical for Issue-Core Runtime Ingestion Credential Lane and has 5 waiting tasks. Progressing these tasks will unblock the deployment of issue-core as a service.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 1,
"risk_reduction": 2,
"score": 2.5,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "railiance-platform-railiance-wp-0010",
"confidence": "medium",
"rank": 7,
"why": "This workstream is for LLM-Connect OpenRouter Provider Key Lane and has 5 waiting tasks. Progressing these tasks is important for enabling LLM connectivity.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 3,
"risk_reduction": 2,
"score": 2.0,
"strategic_value": 3,
"time_criticality": 2
}
},
{
"action": "work-next",
"candidate": "cust-wp-0047",
"confidence": "high",
"rank": 8,
"why": "This workstream has a single waiting task to activate Ops-Hub Widgets in Inter-Hub, which is a direct step towards improving visibility and operational awareness.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 1,
"risk_reduction": 2,
"score": 2.0,
"strategic_value": 3,
"time_criticality": 2
}
},
{
"action": "work-next",
"candidate": "railiance-platform-railiance-wp-0007",
"confidence": "medium",
"rank": 9,
"why": "This workstream has two 'todo' tasks, including building an interactive runbook, which is important for improving the efficiency and reliability of credential change approvals.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 1,
"risk_reduction": 3,
"score": 1.8,
"strategic_value": 3,
"time_criticality": 2
}
},
{
"action": "work-next",
"candidate": "artifact-store-wp-0007",
"confidence": "medium",
"rank": 10,
"why": "This workstream has three 'todo' tasks related to STS credential vending and MinIO compatibility, which are important for artifact storage and security.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 1,
"risk_reduction": 3,
"score": 1.8,
"strategic_value": 3,
"time_criticality": 2
}
}
],
"summary": "Triage report for Daily State Hub, focusing on high-priority workstreams with human intervention needs or critical dependencies."
}
```

View File

@@ -0,0 +1,40 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 38ffd00b-6c8b-5868-8fc2-df530c32f38e
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 269e2e2093cc4703fe57bf7d33bb699471b13a1438ef6ceb1209525d9421cfab
created: 2026-07-01T05:20:02.219732+00:00
---
# Daily State Hub WSJF Triage - 2026-07-01
No immediate actionable items identified from the digest. The system indicates a future mode for high-gain, high-effort candidates, suggesting a strategic shift in focus.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "future_mode: code_score_high_gain_high_effort_candidates",
"confidence": "high",
"rank": 1,
"why": "The digest indicates a 'future_mode' for 'code_score_high_gain_high_effort_candidates'. This suggests a strategic shift or an area requiring human interpretation and planning to define what these candidates are and how to proceed.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 5,
"risk_reduction": 4,
"score": 5.0,
"strategic_value": 5,
"time_criticality": 3
}
}
],
"summary": "No immediate actionable items identified from the digest. The system indicates a future mode for high-gain, high-effort candidates, suggesting a strategic shift in focus."
}
```

View File

@@ -0,0 +1,175 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 70cb39cb-9e8f-5a1d-a429-173994816eb6
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: cfc9e8c31e1ff38f6de8bcf21ac715124ac97ae658f7f3f0d0fda733ff16b704
created: 2026-07-02T05:20:49.920340+00:00
---
# Daily State Hub WSJF Triage - 2026-07-02
Triage report for Daily State Hub WSJF, focusing on high-priority workstreams with human dependencies or critical next steps.
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "railiance-platform-railiance-wp-0005",
"confidence": "high",
"rank": 1,
"why": "This workstream has 6 open tasks requiring human intervention, including verification, audit, and rollout. Addressing these will unblock significant progress.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 5,
"risk_reduction": 4,
"score": 4.5,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "secrets-wp-0003",
"confidence": "high",
"rank": 2,
"why": "The pilot closeout for npm publish has 3 tasks waiting on human action, which are critical for completing the pilot and validating the secrets engine.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 4.0,
"strategic_value": 4,
"time_criticality": 5
}
},
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "high",
"rank": 3,
"why": "Forgejo production migration has 4 tasks requiring human input, including design decisions, which are blocking the migration.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 3.8,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "ihub-wp-0022",
"confidence": "high",
"rank": 4,
"why": "Ops Hub Evidence Intake has a critical task to provision the runtime API key outside Git, which requires human action and is blocking further progress.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 3.7,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0049",
"confidence": "high",
"rank": 5,
"why": "The Inter-Hub Bootstrap Access Lane has a single critical task requiring human execution to proceed.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 3.7,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "revisit",
"candidate": "activity-wp-0016-llm-output-robustness-trust-boundary",
"confidence": "medium",
"rank": 6,
"why": "The 'Reproduce & Root-Cause The Failure' task was recently resolved, but the workstream still has a 'Tests + Calibration Re-Entry' task that needs human attention. Revisit to ensure the resolution is holding and to progress the next human task.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 2,
"risk_reduction": 4,
"score": 3.0,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "railiance-platform-railiance-wp-0009",
"confidence": "medium",
"rank": 7,
"why": "This workstream has 5 open tasks, all in 'wait' status and no human dependencies, suggesting it's ready for automated or non-human dependent work to proceed.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 5,
"risk_reduction": 3,
"score": 2.8,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "railiance-platform-railiance-wp-0010",
"confidence": "medium",
"rank": 8,
"why": "This workstream has 6 open tasks, mostly in 'wait' status with one in progress and no human dependencies, indicating it's ready for further automated work.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 5,
"risk_reduction": 3,
"score": 2.8,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "artifact-store-wp-0007",
"confidence": "medium",
"rank": 9,
"why": "This workstream has 4 open tasks, with one in progress and three in 'todo' status, and no human dependencies, suggesting it's ready for further automated work.",
"wsjf": {
"job_size": 5,
"opportunity_enablement": 5,
"risk_reduction": 3,
"score": 2.8,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "close-out",
"candidate": "cust-wp-0051",
"confidence": "high",
"rank": 10,
"why": "All 5 tasks in this workstream are in progress, indicating it's nearing completion. Focus on closing out these tasks to finalize infrastructure stabilization.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 3,
"risk_reduction": 3,
"score": 2.5,
"strategic_value": 3,
"time_criticality": 3
}
}
],
"summary": "Triage report for Daily State Hub WSJF, focusing on high-priority workstreams with human dependencies or critical next steps."
}
```

View File

@@ -0,0 +1,144 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 75344105-206e-5946-9d79-8a915c5b1a06
instruction_id: daily-triage-report
scheduled_for: 2026-07-02T09:45:24.521994+00:00
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: bd25f4cfecabb92c313a34cacea1f10e12f69d5ed55278fa1e8ea11298c5ada3
created: 2026-07-02T09:50:44.525685+00:00
---
# Daily State Hub WSJF Triage - 2026-07-02
Triage report for Daily State Hub WSJF, focusing on high-priority workstreams with human intervention needs or critical next steps.
LLM response metadata:
```json
{
"finish_reason": "stop",
"model": "google/gemini-2.5-flash",
"usage": {
"completion_tokens": 1255,
"prompt_tokens": 4839,
"total_tokens": 6094
}
}
```
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "railiance-platform-railiance-wp-0005",
"confidence": "high",
"rank": 1,
"why": "This workstream has the highest number of 'needs_human' tasks (6) among all active workstreams, indicating a significant bottleneck requiring immediate human attention to unblock progress.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 8.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "ihub-wp-0022",
"confidence": "high",
"rank": 2,
"why": "This workstream has 1 'needs_human' task and 3 'wait' tasks, suggesting that human intervention is required to unblock the waiting tasks and progress the 'Ops Hub Evidence Intake' which is critical for Inter-Hub functionality.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 6.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0049",
"confidence": "high",
"rank": 3,
"why": "This workstream has a single 'needs_human' task which is 'Execute Live Ops-Hub Bootstrap'. This is a critical step for Inter-Hub access and requires immediate human action.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 6.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "secrets-wp-0003",
"confidence": "medium",
"rank": 4,
"why": "This workstream has 3 'needs_human' tasks and 3 'wait' tasks, indicating that human intervention is needed to close out the 'whynot-design npm publish pilot', which likely has dependencies on these human actions.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 5.0,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "revisit",
"candidate": "activity-wp-0016-llm-output-robustness-trust-boundary",
"confidence": "medium",
"rank": 5,
"why": "The workstream has a 'resolved_decision' for 'Reproduce & Root-Cause The Failure' but still has 1 'needs_human' task and 1 'wait' task. Revisit to ensure the resolution is effective and to unblock the remaining tasks.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 4.5,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "medium",
"rank": 6,
"why": "This workstream has 4 'needs_human' tasks and 11 'todo' tasks, indicating a significant amount of work that requires human input to initiate or progress the Forgejo Production Migration.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 2,
"risk_reduction": 2,
"score": 4.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0011",
"confidence": "medium",
"rank": 7,
"why": "This workstream has 1 'needs_human' task and 3 'todo' tasks, specifically 'T07 \u2014 Cutover: redirect MCP config to cluster', which is a critical step for the State Hub Migration and requires human action.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 2,
"risk_reduction": 2,
"score": 3.5,
"strategic_value": 3,
"time_criticality": 2
}
}
],
"summary": "Triage report for Daily State Hub WSJF, focusing on high-priority workstreams with human intervention needs or critical next steps."
}
```

View File

@@ -0,0 +1,144 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: c2102a9b-5243-5871-b96c-0f05e2fc1d5d
instruction_id: daily-triage-report
scheduled_for: 2026-07-02T09:43:24.818500+00:00
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 21b7993298eb61182e69f7f6ade6963d9621df6be8512a948eba1515b1774ae6
created: 2026-07-02T09:50:25.239170+00:00
---
# Daily State Hub WSJF Triage - 2026-07-02
Prioritize workstreams with high human dependency and critical infrastructure migrations, focusing on unblocking progress and reducing risk.
LLM response metadata:
```json
{
"finish_reason": "stop",
"model": "google/gemini-2.5-flash",
"usage": {
"completion_tokens": 1188,
"prompt_tokens": 4938,
"total_tokens": 6126
}
}
```
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "railiance-platform-railiance-wp-0005",
"confidence": "high",
"rank": 1,
"why": "This workstream has 6 open tasks requiring human intervention, making it a significant bottleneck for credential management and leasing. Unblocking these tasks is critical for financial operations.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 8.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "high",
"rank": 2,
"why": "The Forgejo Production Migration has 4 tasks requiring human input, including resolving design decisions, which is a critical path item for infrastructure stability and future development.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 3,
"risk_reduction": 4,
"score": 7.0,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "secrets-wp-0003",
"confidence": "high",
"rank": 3,
"why": "The npm publish pilot closeout has 3 tasks awaiting human action, which is blocking the finalization of a critical secrets management process. This needs to be resolved to secure publishing workflows.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 2,
"risk_reduction": 4,
"score": 6.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "ihub-wp-0022",
"confidence": "medium",
"rank": 4,
"why": "Ops Hub Evidence Intake has 1 task requiring human input, which is currently waiting. Addressing this will unblock the intake process for activity core, which is important for operational visibility.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 5.0,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0049",
"confidence": "medium",
"rank": 5,
"why": "The Inter-Hub Bootstrap Access Lane has a single human-dependent task that is currently waiting. This is a critical step for establishing inter-hub communication and should be addressed.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 5.0,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "revisit",
"candidate": "activity-wp-0016-llm-output-robustness-trust-boundary",
"confidence": "medium",
"rank": 6,
"why": "The 'Reproduce & Root-Cause The Failure' task has been resolved, but there's still a 'Tests + Calibration Re-Entry' task requiring human input. Revisit to ensure the fix is validated and fully implemented.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 2,
"risk_reduction": 3,
"score": 4.5,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0011",
"confidence": "medium",
"rank": 7,
"why": "The pragmatic State Hub Migration has a human-dependent task 'Cutover: redirect MCP config to cluster' which is critical for the migration. This needs to be addressed to progress the migration.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 1,
"risk_reduction": 2,
"score": 4.0,
"strategic_value": 4,
"time_criticality": 3
}
}
],
"summary": "Prioritize workstreams with high human dependency and critical infrastructure migrations, focusing on unblocking progress and reducing risk."
}
```

View File

@@ -0,0 +1,144 @@
---
type: working-memory
source: activity-core
activity_id: 6fca51fa-387a-4fd0-bc4e-d62c29eb859a
activity_core_run_id: 3efc80f9-7783-5acd-8e7b-d08049f3394a
instruction_id: daily-triage-report
scheduled_for: None
output_validated: true
review_required: false
model: custodian-triage-balanced
prompt_hash: 23082ff99987a9cf51cf43e78478b7fc83e47f43420594664f7ce49b880527f4
created: 2026-07-03T05:20:45.075502+00:00
---
# Daily State Hub WSJF Triage - 2026-07-03
Prioritize Forgejo migration and Inter-Hub bootstrap tasks with high strategic value and time criticality. Address pending human actions in critical workstreams.
LLM response metadata:
```json
{
"finish_reason": "stop",
"model": "google/gemini-2.5-flash",
"usage": {
"completion_tokens": 1140,
"prompt_tokens": 4892,
"total_tokens": 6032
}
}
```
```json
{
"recommendations": [
{
"action": "needs-human",
"candidate": "rail-ho-wp-0005",
"confidence": "high",
"rank": 1,
"why": "Forgejo Production Migration has 4 pending human tasks, including resolving production design decisions, which is critical for progress.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 8.0,
"strategic_value": 5,
"time_criticality": 5
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0049",
"confidence": "high",
"rank": 2,
"why": "The Inter-Hub Bootstrap Access Lane has a high-priority human task to execute Live Ops-Hub Bootstrap, which is a critical dependency for Inter-Hub functionality.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 7.0,
"strategic_value": 5,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "ihub-wp-0022",
"confidence": "high",
"rank": 3,
"why": "Ops Hub Evidence Intake has a high-priority human task to provision the runtime API key outside Git, which is essential for secure operation.",
"wsjf": {
"job_size": 2,
"opportunity_enablement": 5,
"risk_reduction": 4,
"score": 7.0,
"strategic_value": 4,
"time_criticality": 5
}
},
{
"action": "needs-human",
"candidate": "secrets-wp-0003",
"confidence": "high",
"rank": 4,
"why": "Close out the whynot-design npm publish pilot has 3 pending human tasks, including provisioning the real npm token and standing up a dedicated Gitea bot account, which are critical for pilot completion and security.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 3,
"risk_reduction": 5,
"score": 6.0,
"strategic_value": 4,
"time_criticality": 4
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0011",
"confidence": "medium",
"rank": 5,
"why": "Pragmatic State Hub Migration to railiance01 has a pending human task to cutover and redirect MCP config to the cluster, which is a key step in the migration.",
"wsjf": {
"job_size": 3,
"opportunity_enablement": 5,
"risk_reduction": 3,
"score": 5.0,
"strategic_value": 4,
"time_criticality": 3
}
},
{
"action": "needs-human",
"candidate": "cust-wp-0038",
"confidence": "medium",
"rank": 6,
"why": "State Hub Full ThreePhoenix HA Migration has a pending human task to confirm ThreePhoenix cluster readiness, which is a prerequisite for further HA implementation.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 4,
"risk_reduction": 4,
"score": 4.0,
"strategic_value": 3,
"time_criticality": 3
}
},
{
"action": "work-next",
"candidate": "cust-wp-0047",
"confidence": "medium",
"rank": 7,
"why": "Ops Hub Service Inventory Now View has a high-priority task to activate Ops-Hub Widgets in Inter-Hub, which will enable visibility and functionality.",
"wsjf": {
"job_size": 4,
"opportunity_enablement": 4,
"risk_reduction": 3,
"score": 4.0,
"strategic_value": 4,
"time_criticality": 3
}
}
],
"summary": "Prioritize Forgejo migration and Inter-Hub bootstrap tasks with high strategic value and time criticality. Address pending human actions in critical workstreams."
}
```

Some files were not shown because too many files have changed in this diff Show More