docs: tag-driven config-apply plan + migration story
scratchpad in claude.md marks this as in-flight; docs/approvals.md gets the new tag state machine (proposal/approved/building/deployed/ failed/denied) and the manager applied.git read-only mount. todo picks up the unprivileged-containers git-identity caveat and a web ui for config repos as a downstream follow-up.
This commit is contained in:
müde
parent
75e7faff0c
commit
497cd15137
3 changed files with 118 additions and 28 deletions
27
CLAUDE.md
27
CLAUDE.md
|
|
@ -114,14 +114,25 @@ read them à la carte.
|
|||
In-flight or recent context that hasn't earned a section yet.
|
||||
Prune freely.
|
||||
|
||||
- **Imminent:** overhaul the git management of agent configs.
|
||||
Current shape: per-agent `proposed/` repo the manager edits
|
||||
+ `applied/` repo hive-c0re owns, with `request_apply_commit`
|
||||
shuttling commits between them. Pre-compact note: keep an eye
|
||||
on whether the two-repo split is still the right shape, or if
|
||||
a single repo with `proposed/` and `applied/` branches (or a
|
||||
shared bare repo per agent with refs/proposed and refs/applied)
|
||||
would simplify the diff / approve / apply path.
|
||||
- **In flight:** tag-driven config-apply overhaul. Keep the
|
||||
two-repo split (proposed = manager RW, applied = core-only)
|
||||
for safety — agent can rm -rf its own repo but never reaches
|
||||
applied. New flow: at `request_apply_commit` time hive-c0re
|
||||
fetches the manager's commit into applied and tags it
|
||||
`proposal/<id>`; the manager's repo is then dead to core for
|
||||
that approval. Approve/deny/build are encoded as more tags
|
||||
(`approved/`, `building/`, `deployed/`, `failed/`, `denied/`)
|
||||
on the same commit; `applied/main` only fast-forwards on
|
||||
`deployed/`. Failure tags are annotated with the build error;
|
||||
deny tags with the operator note. Manager gets `applied/.git`
|
||||
bind-mounted RO at `/agents/<n>/applied.git` so it can `git
|
||||
show` deployed/failed/denied trees and diff against its own
|
||||
working tree. agent.nix stays the entry point but arbitrary
|
||||
files in the manager's commit are now preserved; `flake.nix`
|
||||
becomes hive-c0re-generated, gitignored, regenerated only on
|
||||
spawn/rebuild. Migration: no in-place. Each existing agent
|
||||
needs `destroy --purge` + re-spawn; tombstones lose their
|
||||
history. See `docs/approvals.md` for the tag state machine.
|
||||
- **Recent (since last compaction):** inline +/- diffs on
|
||||
Write/Edit, send full body via collapsed details, operator
|
||||
cancel + ttl on questions, deny-with-reason, dashboard
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue