todo: tag retention, flake.nix tamper-check, sync_agents nix call
three things surfaced by the meta-flake overhaul + the nix CLI deprecation we just fixed worth tracking explicitly. extend the web-UI-for-config-repos entry to also cover the /meta deploy log now that meta's git history is the swarm-wide audit trail.
This commit is contained in:
müde
parent
d202f3785c
commit
65bdde898e
1 changed files with 35 additions and 6 deletions
41
TODO.md
41
TODO.md
|
|
@ -62,6 +62,33 @@ Pick anything from here when relevant. Cross-cutting design notes live in
|
|||
derived from the same config so the operator stays in control of
|
||||
what's exposed.
|
||||
|
||||
## Operational hygiene (post-meta-flake)
|
||||
|
||||
- **Tag retention.** Every approval mints up to 5 tags in
|
||||
`applied/<n>/.git` (`proposal/`, `approved/`, `building/`,
|
||||
`deployed/`, plus `failed/` or `denied/`). Every successful
|
||||
deploy adds one commit to `/var/lib/hyperhive/meta/.git`.
|
||||
Both grow unbounded. A retention policy — keep all
|
||||
`deployed/*` indefinitely, age-out `failed/` + `denied/`
|
||||
after N days, drop `proposal/` + `approved/` + `building/`
|
||||
once a terminal sibling lands — would keep the audit
|
||||
trails browsable without forever-growth.
|
||||
|
||||
- **Reject proposals that touch `flake.nix`.** The manager's
|
||||
prompt says don't edit it, but nothing on the host side
|
||||
enforces. Add a check in
|
||||
`manager_server::submit_apply_commit`: after fetching the
|
||||
proposal sha into applied, `git diff-tree <sha> -- flake.nix`
|
||||
— non-empty diff → refuse + clear error message. Cheap
|
||||
belt-and-suspenders.
|
||||
|
||||
- **Inert `nix flake lock` no-args call in `meta::sync_agents`.**
|
||||
Still valid in current nix (resolves missing inputs without
|
||||
bumping existing ones) but parallel to the deprecated
|
||||
`--update-input` we just had to migrate. Worth keeping an
|
||||
eye on; if it gets renamed too, sync_agents stops being
|
||||
able to seed a fresh meta repo.
|
||||
|
||||
## Bugs
|
||||
|
||||
- **Pending question doesn't always appear on the dashboard.**
|
||||
|
|
@ -84,12 +111,14 @@ Pick anything from here when relevant. Cross-cutting design notes live in
|
|||
|
||||
## UI / UX
|
||||
|
||||
- **Web UI for config repos.** Browse history, diffs, tags
|
||||
(proposed + approval/* + applied/*) per agent, all from the
|
||||
dashboard. Something lighter than a full forge — read-only
|
||||
log + diff + raw-file view is enough. Pairs naturally with
|
||||
the upcoming config-repo overhaul (tags become the audit
|
||||
trail; UI surfaces them).
|
||||
- **Web UI for config repos + meta deploy log.** Browse
|
||||
per-agent proposed / applied tags
|
||||
(`proposal/* / approved/* / building/* / deployed/* /
|
||||
failed/* / denied/*`) plus the swarm-wide meta repo's git
|
||||
log on the dashboard. Read-only log + diff + raw-file view
|
||||
is enough — something lighter than a full forge. The meta
|
||||
log already answers "what's deployed where + when"; this
|
||||
surfaces it without an ssh-to-host detour.
|
||||
|
||||
- **xterm.js terminal** embedded per-agent, attached to a PTY exposed by
|
||||
the harness. Pairs well with the unprivileged-container work — would let
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue