final docs + cleanup sync for meta-flake era
claude.md flips 'in flight' → 'just landed' for the meta overhaul + extends the file map with meta.rs and migrate.rs. docs/approvals.md replaces the in-flight callout with a proper 'Meta flake' section (two-phase deploy walkthrough, sync_agents semantics, single-phase variants), updates the two-repo box diagram to include the /var/lib/hyperhive/meta/ tree and tracks flake.nix in applied, rewrites the container --flake reference to meta#<name>, replaces the 'Manager view of applied' section with a unified '/agents + /applied + /meta' inventory listing every useful git incantation, and explains the in-place no-state-loss migration that now runs on hive-c0re startup. docs/persistence.md grows entries for the meta repo + the .meta-migration-done marker. readme box diagram picks up the /meta RO bind; approval-flow paragraph rewritten end to end to describe the meta lock dance. lifecycle::flake_base deleted — the meta render hardcodes the manager vs agent-base choice as nix expression.
This commit is contained in:
müde
parent
2f6ecc4dc0
commit
14aa7c7acc
5 changed files with 213 additions and 132 deletions
44
README.md
44
README.md
|
|
@ -26,8 +26,9 @@ host (NixOS, runs hive-c0re.service)
|
|||
└── nixos-containers (each bind-mounts its socket dir → /run/hive,
|
||||
│ credentials dir → /root/.claude,
|
||||
│ durable notes dir → /state;
|
||||
│ manager additionally gets /agents RW
|
||||
│ + /applied RO for the deployed-tag mirror)
|
||||
│ manager additionally gets /agents RW,
|
||||
│ /applied RO (deployed-tag mirror),
|
||||
│ /meta RO (swarm-wide deploy flake))
|
||||
│
|
||||
├── hm1nd hive-m1nd serve : claude turn loop +
|
||||
│ MCP (send / recv / request_spawn / kill / start /
|
||||
|
|
@ -54,21 +55,30 @@ load; collapsible inbox + collapsible journald viewer + collapsible
|
|||
`agent.nix` viewer per agent on the dashboard.
|
||||
|
||||
Config changes flow the other way: manager edits files under
|
||||
`/agents/<name>/config/` (`agent.nix` is the entry point, but arbitrary
|
||||
sibling files in the commit are preserved) → commits → submits the sha
|
||||
via `request_apply_commit`. Hive-c0re immediately fetches that commit
|
||||
from the proposed repo into the applied repo and pins it as
|
||||
`proposal/<id>` — from this moment the proposal is immutable from the
|
||||
manager's side. Operator clicks ◆ APPR0VE on the dashboard → hive-c0re
|
||||
moves the working tree to the proposal, runs `nixos-container update`,
|
||||
and either fast-forwards `applied/main` (tagging `deployed/<id>`) or
|
||||
annotates `failed/<id>` with the build error and rolls back to the
|
||||
previous deployed tree. Denials leave a `denied/<id>` annotated tag
|
||||
carrying the operator's note. The manager sees everything that
|
||||
shipped (or didn't) via a read-only `/applied/<n>/.git` mirror inside
|
||||
its container; `git show applied/deployed/<id>` etc. is the audit
|
||||
trail. See [`docs/approvals.md`](docs/approvals.md) for the full tag
|
||||
state machine.
|
||||
`/agents/<name>/config/` — `agent.nix` is a plain NixOS module function
|
||||
`{ config, pkgs, lib, ... }: { ... }`, and arbitrary sibling files in
|
||||
the commit are preserved → commits → submits the sha via
|
||||
`request_apply_commit`. Hive-c0re immediately fetches that commit from
|
||||
the proposed repo into the applied repo and pins it as `proposal/<id>`
|
||||
— immutable from the manager's side from then on. Operator clicks
|
||||
◆ APPR0VE → hive-c0re fast-forwards `applied/<n>/main` to the proposal,
|
||||
runs `nix flake lock --update-input agent-<n>` against the host-wide
|
||||
meta flake at `/var/lib/hyperhive/meta/`, builds via
|
||||
`nixos-container update <c> --flake meta#<name>`, and either commits
|
||||
the lock + tags `deployed/<id>` on success or `git restore`s the lock +
|
||||
annotates `failed/<id>` with the build error + rolls back
|
||||
`applied/<n>/main` on failure. Denials leave a `denied/<id>` annotated
|
||||
tag carrying the operator's note.
|
||||
|
||||
Meta's git log is the swarm-wide deploy audit trail (one commit per
|
||||
successful deploy). Per-agent applied repos carry the tag-rich state
|
||||
machine for inside-baseball decisions. The manager sees both — proposed
|
||||
repos ship with an `applied` remote pre-wired, and `/meta/` is RO-bound
|
||||
inside the container — so `git fetch applied`,
|
||||
`git show applied/refs/tags/deployed/<id>`, `git log /meta`,
|
||||
`cat /meta/flake.lock` all just work without constructing paths by
|
||||
hand. See [`docs/approvals.md`](docs/approvals.md) for the full state
|
||||
machine + lock-flow walkthrough.
|
||||
For decisions the manager needs human signal on, `ask_operator(question,
|
||||
options?, multi?)` queues a free-text/checkbox/radio form on the
|
||||
dashboard; the answer arrives later as a `HelperEvent::OperatorAnswered`
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue