pdurlej/platform

Fork 0

meta(roadmap): execute post-soak legacy cleanup flight #387

New issue

Closed

opened 2026-05-19 08:54:44 +02:00 by codex · 10 comments

codex commented

2026-05-19 08:54:44 +02:00

Collaborator

Scope

Execute ADR-0020 and state/cutover/rs2000-post-soak-legacy-cleanup.md after the operator opens the cleanup flight.

Spec sources

decisions/0020-post-soak-legacy-cleanup-and-platform-modularization.md
state/cutover/rs2000-post-soak-legacy-cleanup.md
state/cutover/rs2000-control-plane-cutoff.md
state/roadmap/current-platform-roadmap.md

Acceptance criteria

Refresh legacy path inventory metadata-only.
Move live bind-mounted data/config as-is before any deletion.
Verify zero legacy bind mounts before Class A/B/D cleanup.
Post checkpoints with sizes, paths, smokes, and rollback state.
Update state/STATUS_NOW.md after the cleanup flight closes.

Out of scope

Broad module upgrades.
Vault sunset.
DR drill execution unless operator makes it a prerequisite.
Any destructive action without a fresh operator gate.

## Scope Execute ADR-0020 and `state/cutover/rs2000-post-soak-legacy-cleanup.md` after the operator opens the cleanup flight. ## Spec sources - `decisions/0020-post-soak-legacy-cleanup-and-platform-modularization.md` - `state/cutover/rs2000-post-soak-legacy-cleanup.md` - `state/cutover/rs2000-control-plane-cutoff.md` - `state/roadmap/current-platform-roadmap.md` ## Acceptance criteria - Refresh legacy path inventory metadata-only. - Move live bind-mounted data/config as-is before any deletion. - Verify zero legacy bind mounts before Class A/B/D cleanup. - Post checkpoints with sizes, paths, smokes, and rollback state. - Update `state/STATUS_NOW.md` after the cleanup flight closes. ## Out of scope - Broad module upgrades. - Vault sunset. - DR drill execution unless operator makes it a prerequisite. - Any destructive action without a fresh operator gate.

codex added this to the 01 - RS2000 closeout and legacy cleanup milestone

2026-05-19 08:54:44 +02:00

codex added the

proposed

Codex Wave 1 M01 checkpoint — stale blockers reconciled

Role: executor
Status: M01 cleanup carrier remains open

Wave 1 started after Wave 0 PR backlog cleanup. I reconciled the stale/resolved M01 blockers:

#310 minio-init: resolved; read-only runtime evidence shows home-platform-minio-init-1 exited 0, MinIO is healthy, and expected buckets were bootstrapped.
#271 F3 backup-before design gate: superseded by completed F3/F3-final-boss migration and current roadmap.
#47 legacy salvage branch blocker: superseded by the RS2000 control-plane cutoff boundary; legacy tree classification belongs here.

Next action for this issue is still Phase 0 evidence refresh from state/cutover/rs2000-post-soak-legacy-cleanup.md: inventory legacy path sizes, bind mounts, tool cruft age, smoke/health state, and rollback references. No destructive cleanup should run without a fresh operator gate.

## Codex Wave 1 M01 checkpoint — stale blockers reconciled **Role:** executor **Status:** M01 cleanup carrier remains open Wave 1 started after Wave 0 PR backlog cleanup. I reconciled the stale/resolved M01 blockers: - #310 `minio-init`: resolved; read-only runtime evidence shows `home-platform-minio-init-1` exited `0`, MinIO is healthy, and expected buckets were bootstrapped. - #271 F3 backup-before design gate: superseded by completed F3/F3-final-boss migration and current roadmap. - #47 legacy salvage branch blocker: superseded by the RS2000 control-plane cutoff boundary; legacy tree classification belongs here. Next action for this issue is still Phase 0 evidence refresh from `state/cutover/rs2000-post-soak-legacy-cleanup.md`: inventory legacy path sizes, bind mounts, tool cruft age, smoke/health state, and rollback references. No destructive cleanup should run without a fresh operator gate.

codex commented

2026-05-24 08:28:36 +02:00

Author

Collaborator

Codex Wave 1 / #387 Phase 0 inventory refresh — 2026-05-24 08:26 CEST

Role: executor
Mode: read-only inventory; no delete, move, prune, restart, or compose change

Platform health snapshot

Release root: /opt/pdurlej-platform/current -> releases/c6928decfb42e12756ca4cd638fa66c704ba9498
Containers: 65 running, 0 unhealthy
forgejo-deploy-runner.service: active
forgejo-deploy-runner-watchdog.timer: active
Watchdog positive restarts since 2026-05-19 00:00: 0
Deploy-runner service starts since 2026-05-19 00:00: 0
platformctl-auto-apply.yml since 2026-05-19: 19 runs, pickup min 0s, max 2s, avg 0.84s, stuck waiting 0
Latest platform-smoke.yml: UI #1650, DB id 2116, status 1, created 2026-05-24 07:17:02+02, stopped 07:17:08+02

Legacy tree size inventory

/opt/vps-home-platform-infra total: 195G.

Largest classes:

Class	Path family	Size / signal	Phase 0 decision
A	`backups`	`194G`	Delete candidate only after cleanup gate, smokes/log review, and green window.
B	`state`	`1.4G`	Delete candidate only after cleanup gate and verification.
C	`data`	`63M`	Live bind-mounted data/config class; move as-is before delete.
C	`config`	`532K`	Live bind-mounted config class; move as-is before delete.
C	`env`	`356K`	Live runtime/bootstrap material; move/rehome carefully.
C	`products/openclaw-mail-infra/config`	under `products` total `824K`	Live OpenClaw mail config; move/rehome carefully.
D	`.git`, `compose`, `scripts`, `docs`, `runbooks`, `contracts`, `tests`, `systemd`, `.github`, `templates`	small compared with backups	Retired control-plane material; delete only after rollback references are no longer executable dependency.
E	`.venv-zeroclaw-tools`, `_bmad-output`, `output`, `patches`, `policy`	`.venv` is `71M`; others small	Tool cruft candidates; age/use needs a focused decision before delete.

Current legacy bind mounts

Containers with legacy bind mounts: 28
Unique legacy source paths: 33
Source family counts: data=22, config=16, env=3, products=2
Important blocker: home-platform-deploy-control-1 mounts the whole legacy root: /opt/vps-home-platform-infra -> /repo

That root mount means Phase 1 cannot just move data/config; first cleanup PR should remove or replace the deploy-control root dependency, otherwise zero-legacy-bind-mount verification will never pass.

Recommended next action

Start #387 Phase 1 as a non-destructive compose/runtime-root migration design:

Replace deploy-control root mount with the minimal needed mount(s), ideally current control-plane root plus explicit runtime state path.
Prepare a first PR for bind-mount rehoming plan, not deletion.
Move live data/config/env/products as-is only after operator gate and smoke plan.
Keep Class A/B/D deletion blocked until zero legacy bind mounts and a fresh destructive-action approval.

No raw secrets or private content were inspected or recorded; this is path/size/status metadata only.

## Codex Wave 1 / #387 Phase 0 inventory refresh — 2026-05-24 08:26 CEST **Role:** executor **Mode:** read-only inventory; no delete, move, prune, restart, or compose change ### Platform health snapshot - Release root: `/opt/pdurlej-platform/current -> releases/c6928decfb42e12756ca4cd638fa66c704ba9498` - Containers: `65` running, `0` unhealthy - `forgejo-deploy-runner.service`: active - `forgejo-deploy-runner-watchdog.timer`: active - Watchdog positive restarts since `2026-05-19 00:00`: `0` - Deploy-runner service starts since `2026-05-19 00:00`: `0` - `platformctl-auto-apply.yml` since `2026-05-19`: `19` runs, pickup min `0s`, max `2s`, avg `0.84s`, stuck waiting `0` - Latest `platform-smoke.yml`: UI `#1650`, DB id `2116`, status `1`, created `2026-05-24 07:17:02+02`, stopped `07:17:08+02` ### Legacy tree size inventory `/opt/vps-home-platform-infra` total: `195G`. Largest classes: | Class | Path family | Size / signal | Phase 0 decision | |---|---|---:|---| | A | `backups` | `194G` | Delete candidate only after cleanup gate, smokes/log review, and green window. | | B | `state` | `1.4G` | Delete candidate only after cleanup gate and verification. | | C | `data` | `63M` | Live bind-mounted data/config class; move as-is before delete. | | C | `config` | `532K` | Live bind-mounted config class; move as-is before delete. | | C | `env` | `356K` | Live runtime/bootstrap material; move/rehome carefully. | | C | `products/openclaw-mail-infra/config` | under `products` total `824K` | Live OpenClaw mail config; move/rehome carefully. | | D | `.git`, `compose`, `scripts`, `docs`, `runbooks`, `contracts`, `tests`, `systemd`, `.github`, `templates` | small compared with backups | Retired control-plane material; delete only after rollback references are no longer executable dependency. | | E | `.venv-zeroclaw-tools`, `_bmad-output`, `output`, `patches`, `policy` | `.venv` is `71M`; others small | Tool cruft candidates; age/use needs a focused decision before delete. | ### Current legacy bind mounts - Containers with legacy bind mounts: `28` - Unique legacy source paths: `33` - Source family counts: `data=22`, `config=16`, `env=3`, `products=2` - Important blocker: `home-platform-deploy-control-1` mounts the whole legacy root: `/opt/vps-home-platform-infra -> /repo` That root mount means Phase 1 cannot just move `data/config`; first cleanup PR should remove or replace the `deploy-control` root dependency, otherwise zero-legacy-bind-mount verification will never pass. ### Recommended next action Start #387 Phase 1 as a non-destructive compose/runtime-root migration design: 1. Replace `deploy-control` root mount with the minimal needed mount(s), ideally current control-plane root plus explicit runtime state path. 2. Prepare a first PR for bind-mount rehoming plan, not deletion. 3. Move live `data/config/env/products` as-is only after operator gate and smoke plan. 4. Keep Class A/B/D deletion blocked until zero legacy bind mounts and a fresh destructive-action approval. No raw secrets or private content were inspected or recorded; this is path/size/status metadata only.

codex referenced this issue

2026-05-24 08:48:42 +02:00

docs(roadmap): record wave0 triage and wave map #407

codex referenced this issue

2026-05-24 08:58:25 +02:00

fix(cutover): remove deploy-control legacy root mount #408

codex commented

2026-05-24 08:59:07 +02:00

Author

Collaborator

Role: executor
Intent: checkpoint
Needs owner: no

Phase 1 prep PRs opened:

#407 docs(roadmap): record wave0 triage and wave map — records W0 triage output, ADR status normalization, and W↔M wave map.
#408 fix(cutover): remove deploy-control legacy root mount — removes the whole legacy-root /repo bind from deploy-control and removes the missing repo-local build context. Merge is not production mutation; runtime apply remains F3/operator-gated with fresh backup ref.

Runtime note from read-only audit: deploy-control source exists only in legacy /opt/vps-home-platform-infra/scripts/deploy-control; current release-root lacks it, while live image home-platform-deploy-control:1.0.0 exists. The code path is safe for this narrow change because SIGNAL_DEPLOY_ENABLED=false returns before touching /repo.

Next: operator reviews/merges #407 then #408; after #408 merge, run backup-before for deploy-control, then dispatch the stateful F3 apply/smoke with BACKUP_DONE_F3 and the backup path.

**Role:** executor **Intent:** checkpoint **Needs owner:** no Phase 1 prep PRs opened: - #407 `docs(roadmap): record wave0 triage and wave map` — records W0 triage output, ADR status normalization, and W↔M wave map. - #408 `fix(cutover): remove deploy-control legacy root mount` — removes the whole legacy-root `/repo` bind from deploy-control and removes the missing repo-local build context. Merge is not production mutation; runtime apply remains F3/operator-gated with fresh backup ref. Runtime note from read-only audit: `deploy-control` source exists only in legacy `/opt/vps-home-platform-infra/scripts/deploy-control`; current release-root lacks it, while live image `home-platform-deploy-control:1.0.0` exists. The code path is safe for this narrow change because `SIGNAL_DEPLOY_ENABLED=false` returns before touching `/repo`. **Next:** operator reviews/merges #407 then #408; after #408 merge, run backup-before for `deploy-control`, then dispatch the stateful F3 apply/smoke with `BACKUP_DONE_F3` and the backup path.

codex referenced this issue

2026-05-24 09:16:45 +02:00

fix(platformctl): force compose up for backup-gated F3 #409

codex commented

2026-05-24 09:17:17 +02:00

Author

Collaborator

Role: executor
Intent: checkpoint
Needs owner: yes

#408 merge was not enough to change live deploy-control: manual F3 run #2156 succeeded but produced apply.status=noop, because platformctl plan currently sees image/status in-sync and does not detect compose bind-mount drift. Runtime evidence still shows /opt/vps-home-platform-infra => /repo.

Opened #409 to keep the fix inside the trusted workflow instead of doing ad-hoc SSH mutation. It adds explicit force_compose_up for backup-gated manual F3 dispatches only.

Next: merge #409, then rerun platformctl-auto-apply.yml for deploy-control with the existing backup ref /opt/pdurlej-platform/backups/deploy-control-20260524T070134Z.tar.gz, allow_stateful=true, stateful_confirm=BACKUP_DONE_F3, and force_compose_up=true.

**Role:** executor **Intent:** checkpoint **Needs owner:** yes #408 merge was not enough to change live `deploy-control`: manual F3 run #2156 succeeded but produced `apply.status=noop`, because `platformctl plan` currently sees image/status in-sync and does not detect compose bind-mount drift. Runtime evidence still shows `/opt/vps-home-platform-infra => /repo`. Opened #409 to keep the fix inside the trusted workflow instead of doing ad-hoc SSH mutation. It adds explicit `force_compose_up` for backup-gated manual F3 dispatches only. **Next:** merge #409, then rerun `platformctl-auto-apply.yml` for `deploy-control` with the existing backup ref `/opt/pdurlej-platform/backups/deploy-control-20260524T070134Z.tar.gz`, `allow_stateful=true`, `stateful_confirm=BACKUP_DONE_F3`, and `force_compose_up=true`.

codex referenced this issue from a pull request that will close it,

2026-05-24 09:38:44 +02:00

fix(host-agent): allow Things compose env file #411

codex commented

2026-05-24 09:43:32 +02:00

Author

Collaborator

Role: executor
Intent: checkpoint
Needs owner: yes

Codex checkpoint — deploy-control legacy root mount apply blocked at host-agent allowlist

Status: stopped before deploy-control mutation; PR #411 is ready for operator merge.

Evidence:

Backup before apply exists: /opt/pdurlej-platform/backups/deploy-control-20260524T070134Z.tar.gz, size 932080592, sha256 2e3bb0f9f2ca8e971a7f07b976ce9a9b31d7e660e0d1f694e1065bc93dfd2dc1.
Run #1703 / API 2170: force_compose_up=true, failed in preflight because canonical compose required THINGS_USERNAME; no mutation.
Runtime bridge stabilized: /opt/pdurlej-platform/runtime/things-compose.env, mode 0640 root:platform-host-agent; values not printed; deploy-runner env list updated and runner restarted while runner_id=5 had 0 active tasks.
Run #1712 / API 2180: reached new env-file list but platform-host-agent-wrapper denied /opt/pdurlej-platform/runtime/things-compose.env; no mutation.
Current home-platform-deploy-control-1 remains healthy and still has legacy /repo mount; target apply still pending.

PR ready:

#411 fix(host-agent): allow Things compose env file
Local test: python3 -m pytest tests/test_platform_host_agent_wrapper.py → 13 passed
Forgejo PR checks visible green: base-is-main, canary-required, patchwarden-pr-sanity, python-ci.

Next after #411 merge:

install /usr/local/sbin/platform-host-agent-wrapper from trusted main/release-root;
verify platform-host-agent preflight accepts the full env-file list;
rerun platformctl-auto-apply.yml for deploy-control with the same backup ref and force_compose_up=true;
verify /opt/vps-home-platform-infra => /repo is gone from home-platform-deploy-control-1.

Next: operator merge #411, then Codex continues F3 deploy-control apply.

**Role:** executor **Intent:** checkpoint **Needs owner:** yes ## Codex checkpoint — deploy-control legacy root mount apply blocked at host-agent allowlist Status: stopped before deploy-control mutation; PR #411 is ready for operator merge. Evidence: - Backup before apply exists: `/opt/pdurlej-platform/backups/deploy-control-20260524T070134Z.tar.gz`, size `932080592`, sha256 `2e3bb0f9f2ca8e971a7f07b976ce9a9b31d7e660e0d1f694e1065bc93dfd2dc1`. - Run #1703 / API 2170: `force_compose_up=true`, failed in preflight because canonical compose required `THINGS_USERNAME`; no mutation. - Runtime bridge stabilized: `/opt/pdurlej-platform/runtime/things-compose.env`, mode `0640 root:platform-host-agent`; values not printed; deploy-runner env list updated and runner restarted while `runner_id=5` had 0 active tasks. - Run #1712 / API 2180: reached new env-file list but `platform-host-agent-wrapper` denied `/opt/pdurlej-platform/runtime/things-compose.env`; no mutation. - Current `home-platform-deploy-control-1` remains healthy and still has legacy `/repo` mount; target apply still pending. PR ready: - #411 `fix(host-agent): allow Things compose env file` - Local test: `python3 -m pytest tests/test_platform_host_agent_wrapper.py` → `13 passed` - Forgejo PR checks visible green: base-is-main, canary-required, patchwarden-pr-sanity, python-ci. Next after #411 merge: 1. install `/usr/local/sbin/platform-host-agent-wrapper` from trusted main/release-root; 2. verify `platform-host-agent` preflight accepts the full env-file list; 3. rerun `platformctl-auto-apply.yml` for `deploy-control` with the same backup ref and `force_compose_up=true`; 4. verify `/opt/vps-home-platform-infra => /repo` is gone from `home-platform-deploy-control-1`. **Next:** operator merge #411, then Codex continues F3 deploy-control apply.

pdurlej closed this issue

2026-05-24 09:44:40 +02:00

codex commented

2026-05-24 09:51:31 +02:00

Author

Collaborator

Role: executor
Intent: checkpoint
Needs owner: no

Codex checkpoint — deploy-control legacy `/repo` mount removed

Status: GREEN.

Evidence:

Release-root promoted: /opt/pdurlej-platform/current -> releases/5982e2eca04f3dfd3de99072ce4aebb5035dbf8f.
Runtime wrapper installed from trusted release-root; /usr/local/sbin/platform-host-agent-wrapper now allows /opt/pdurlej-platform/runtime/things-compose.env.
Wrapper preflight as platform-host-agent: full canonical env-file list + docker compose config --quiet returned 0.
Backup used: /opt/pdurlej-platform/backups/deploy-control-20260524T070134Z.tar.gz, sha256 2e3bb0f9f2ca8e971a7f07b976ce9a9b31d7e660e0d1f694e1065bc93dfd2dc1.
F3 apply: run #1721 / API 2189 success.
Artifact deploy-control.apply.stdout.json: force_compose_up=true, preflight.returncode=0, remote.returncode=0, status=applied.
Artifact deploy-control.health.json: status=OK, exitCode=0.
Runtime container: home-platform-deploy-control-1 running + healthy, started 2026-05-24T07:49:23Z.
Runtime env: DEPLOY_REPO_ROOT=/repo-disabled, SIGNAL_DEPLOY_ENABLED=false.
Runtime mounts now exclude legacy root /opt/vps-home-platform-infra => /repo; remaining mounts are /state, /env, and Docker socket.
Host sanity: 0 unhealthy containers; forgejo-deploy-runner.service active; watchdog timer active; recent watchdog logs show no stuck trusted-main auto-apply jobs.

Notes:

Earlier failed runs #1703 and #1712 performed no mutation and produced useful guardrail evidence: first missing Things env, then wrapper allowlist. Both are now addressed.
Compose still warns about missing Mirotalk admin variables during full-file interpolation, but it is warning-only and did not block preflight or apply.

Next: continue Wave 1 closeout / legacy cleanup planning; deploy-control no longer keeps the whole legacy tree mounted as active control-plane state.

**Role:** executor **Intent:** checkpoint **Needs owner:** no ## Codex checkpoint — deploy-control legacy `/repo` mount removed Status: GREEN. Evidence: - Release-root promoted: `/opt/pdurlej-platform/current -> releases/5982e2eca04f3dfd3de99072ce4aebb5035dbf8f`. - Runtime wrapper installed from trusted release-root; `/usr/local/sbin/platform-host-agent-wrapper` now allows `/opt/pdurlej-platform/runtime/things-compose.env`. - Wrapper preflight as `platform-host-agent`: full canonical env-file list + `docker compose config --quiet` returned `0`. - Backup used: `/opt/pdurlej-platform/backups/deploy-control-20260524T070134Z.tar.gz`, sha256 `2e3bb0f9f2ca8e971a7f07b976ce9a9b31d7e660e0d1f694e1065bc93dfd2dc1`. - F3 apply: run #1721 / API 2189 success. - Artifact `deploy-control.apply.stdout.json`: `force_compose_up=true`, `preflight.returncode=0`, `remote.returncode=0`, `status=applied`. - Artifact `deploy-control.health.json`: `status=OK`, `exitCode=0`. - Runtime container: `home-platform-deploy-control-1` running + healthy, started `2026-05-24T07:49:23Z`. - Runtime env: `DEPLOY_REPO_ROOT=/repo-disabled`, `SIGNAL_DEPLOY_ENABLED=false`. - Runtime mounts now exclude legacy root `/opt/vps-home-platform-infra => /repo`; remaining mounts are `/state`, `/env`, and Docker socket. - Host sanity: 0 unhealthy containers; `forgejo-deploy-runner.service` active; watchdog timer active; recent watchdog logs show `no stuck trusted-main auto-apply jobs`. Notes: - Earlier failed runs #1703 and #1712 performed no mutation and produced useful guardrail evidence: first missing Things env, then wrapper allowlist. Both are now addressed. - Compose still warns about missing Mirotalk admin variables during full-file interpolation, but it is warning-only and did not block preflight or apply. **Next:** continue Wave 1 closeout / legacy cleanup planning; deploy-control no longer keeps the whole legacy tree mounted as active control-plane state.

codex referenced this issue

2026-05-24 10:05:12 +02:00

docs(cutover): plan live data config migration #412

codex referenced this issue

2026-05-24 11:09:27 +02:00

docs(cutover): record LD0 legacy bind-mount inventory #415

codex commented

2026-05-24 11:10:14 +02:00

Author

Collaborator

Codex LD0 legacy bind-mount inventory — 2026-05-24 11:15 CEST

Status: read-only complete
PR: #415

Evidence summary

Running containers inspected: 65
Legacy bind mounts found: 43
Unique legacy source paths: 32
Classes: env=3, product-runtime=2, service-config=16, service-data=22
Runtime spot check: release root fdc36093a953ecb446d8ff97fcc61b7d37b6ad47, unhealthy containers 0, deploy runner/watchdog active

Key finding

deploy-control is not an isolated first remount. It shares legacy env and data/integrations roots with other live services, so LD1 should start with shared bundle work rather than a single-service move.

Recommended next order

LD1a env normalization.
LD1b integrations bundle: config/integrations + data/integrations.
LD2 product runtime: products/openclaw-mail-infra/config.
LD3/LD4/LD5 after that, with heavier gates for stateful data and edge/TLS.

No production mutation, no secrets/private content, no delete/copy/remount/restart was performed.

## Codex LD0 legacy bind-mount inventory — 2026-05-24 11:15 CEST **Status:** read-only complete **PR:** https://git.pdurlej.com/pdurlej/platform/pulls/415 ### Evidence summary - Running containers inspected: `65` - Legacy bind mounts found: `43` - Unique legacy source paths: `32` - Classes: `env=3`, `product-runtime=2`, `service-config=16`, `service-data=22` - Runtime spot check: release root `fdc36093a953ecb446d8ff97fcc61b7d37b6ad47`, unhealthy containers `0`, deploy runner/watchdog active ### Key finding `deploy-control` is not an isolated first remount. It shares legacy `env` and `data/integrations` roots with other live services, so LD1 should start with shared bundle work rather than a single-service move. ### Recommended next order 1. LD1a `env` normalization. 2. LD1b integrations bundle: `config/integrations` + `data/integrations`. 3. LD2 product runtime: `products/openclaw-mail-infra/config`. 4. LD3/LD4/LD5 after that, with heavier gates for stateful data and edge/TLS. No production mutation, no secrets/private content, no delete/copy/remount/restart was performed.

codex referenced this issue

2026-05-24 12:07:40 +02:00

feat(cutover): make env bind mounts runtime-rooted #417

codex commented

2026-05-24 12:11:59 +02:00

Author

Collaborator

Codex LD1a — env-root normalization prep complete — 2026-05-24 12:11 CEST

Status: complete / merged to main

Deliverable

PR #417: feat(cutover): make env bind mounts runtime-rooted
Commit on main: 0f33636664d6f1d3cff5aee320cae2acd3625510
Release root promoted: /opt/pdurlej-platform/current -> releases/0f33636664d6f1d3cff5aee320cae2acd3625510

What changed

${PROJECT_ROOT}/env bind mounts now use ${PLATFORM_RUNTIME_ENV_DIR:-/opt/vps-home-platform-infra/env}.
Added metadata-only LD1a report: state/reports/rs2000-ld1a-env-inventory-2026-05-24/.
Captured only file metadata and variable names; no env values or private content stored.

Verification

PR checks: success.
Modified Compose config preflight on RS2000 from /tmp: docker compose config --quiet exit 0.
RS2000 after merge: 0 unhealthy containers.
forgejo-deploy-runner.service: active.
forgejo-deploy-runner-watchdog.timer: active.
Watchdog since merge window: only no stuck trusted-main auto-apply jobs.

LD1b can perform the operator-gated runtime env copy/remount plan: copy legacy env to /opt/pdurlej-platform/runtime/legacy-import/env, set PLATFORM_RUNTIME_ENV_DIR, run compose config, and smoke affected services one by one.

## Codex LD1a — env-root normalization prep complete — 2026-05-24 12:11 CEST **Status:** complete / merged to `main` ### Deliverable - PR #417: `feat(cutover): make env bind mounts runtime-rooted` - Commit on main: `0f33636664d6f1d3cff5aee320cae2acd3625510` - Release root promoted: `/opt/pdurlej-platform/current -> releases/0f33636664d6f1d3cff5aee320cae2acd3625510` ### What changed - `${PROJECT_ROOT}/env` bind mounts now use `${PLATFORM_RUNTIME_ENV_DIR:-/opt/vps-home-platform-infra/env}`. - Added metadata-only LD1a report: `state/reports/rs2000-ld1a-env-inventory-2026-05-24/`. - Captured only file metadata and variable names; no env values or private content stored. ### Verification - PR checks: success. - Modified Compose config preflight on RS2000 from `/tmp`: `docker compose config --quiet` exit 0. - RS2000 after merge: 0 unhealthy containers. - `forgejo-deploy-runner.service`: active. - `forgejo-deploy-runner-watchdog.timer`: active. - Watchdog since merge window: only `no stuck trusted-main auto-apply jobs`. ### Next LD1b can perform the operator-gated runtime env copy/remount plan: copy legacy env to `/opt/pdurlej-platform/runtime/legacy-import/env`, set `PLATFORM_RUNTIME_ENV_DIR`, run compose config, and smoke affected services one by one.

codex referenced this issue

2026-05-24 12:29:45 +02:00

fix(cutover): root integrations config and data mounts #418

codex referenced this issue

2026-05-24 12:45:22 +02:00

docs(status): record ld1 runtime remount completion #421

codex commented

2026-05-24 12:55:06 +02:00

Author

Collaborator

Codex LD1 — env + integrations runtime roots complete — 2026-05-24 12:51 CEST

Status: green / complete

Repo changes

#417: env bind mounts now use PLATFORM_RUNTIME_ENV_DIR.
#418: integrations config/data mounts now use explicit runtime root variables.
#421: STATUS_NOW.md updated with LD1 completion evidence.

Runtime changes

Copied /opt/vps-home-platform-infra/env to /opt/pdurlej-platform/runtime/legacy-import/env.
Copied /opt/vps-home-platform-infra/config/integrations to /opt/pdurlej-platform/runtime/legacy-import/config/integrations.
Copied /opt/vps-home-platform-infra/data/integrations to /opt/pdurlej-platform/runtime/legacy-import/data/integrations.
Updated /opt/pdurlej-platform/runtime/compose.env with PLATFORM_RUNTIME_ENV_DIR, INFISICAL_BOOTSTRAP_ENV_FILE, PLATFORM_RUNTIME_INTEGRATIONS_CONFIG_DIR, and PLATFORM_RUNTIME_INTEGRATIONS_DATA_DIR.

Evidence

Release root: /opt/pdurlej-platform/current -> releases/e458511253c9a047cd7c5226fe84f42aba673de2.
Remounted and healthy: gmail-triage-mcp, gmail-private-mcp, storage-ro-mcp, git-mirror, deploy-control, safe-session-api.
tests/smoke.sh passed for all six modules.
Unhealthy containers: 0.
forgejo-deploy-runner.service: active.
forgejo-deploy-runner-watchdog.timer: active.
Watchdog during LD1: only no stuck trusted-main auto-apply jobs.

Notes

No legacy deletion/prune was performed.
Legacy source paths stay as rollback material for the 48h gate.
A temporary storage-ro-mcp unhealthy state exposed the missing config/data root coupling; it was fixed by #418 and the final remount is healthy.

Continue Milestone 01 with the next LD0 bind-mount batch: product runtime or lower-risk config, not destructive cleanup.

## Codex LD1 — env + integrations runtime roots complete — 2026-05-24 12:51 CEST **Status:** green / complete ### Repo changes - #417: env bind mounts now use `PLATFORM_RUNTIME_ENV_DIR`. - #418: integrations config/data mounts now use explicit runtime root variables. - #421: `STATUS_NOW.md` updated with LD1 completion evidence. ### Runtime changes - Copied `/opt/vps-home-platform-infra/env` to `/opt/pdurlej-platform/runtime/legacy-import/env`. - Copied `/opt/vps-home-platform-infra/config/integrations` to `/opt/pdurlej-platform/runtime/legacy-import/config/integrations`. - Copied `/opt/vps-home-platform-infra/data/integrations` to `/opt/pdurlej-platform/runtime/legacy-import/data/integrations`. - Updated `/opt/pdurlej-platform/runtime/compose.env` with `PLATFORM_RUNTIME_ENV_DIR`, `INFISICAL_BOOTSTRAP_ENV_FILE`, `PLATFORM_RUNTIME_INTEGRATIONS_CONFIG_DIR`, and `PLATFORM_RUNTIME_INTEGRATIONS_DATA_DIR`. ### Evidence - Release root: `/opt/pdurlej-platform/current -> releases/e458511253c9a047cd7c5226fe84f42aba673de2`. - Remounted and healthy: `gmail-triage-mcp`, `gmail-private-mcp`, `storage-ro-mcp`, `git-mirror`, `deploy-control`, `safe-session-api`. - `tests/smoke.sh` passed for all six modules. - Unhealthy containers: `0`. - `forgejo-deploy-runner.service`: active. - `forgejo-deploy-runner-watchdog.timer`: active. - Watchdog during LD1: only `no stuck trusted-main auto-apply jobs`. ### Notes - No legacy deletion/prune was performed. - Legacy source paths stay as rollback material for the 48h gate. - A temporary `storage-ro-mcp` unhealthy state exposed the missing config/data root coupling; it was fixed by #418 and the final remount is healthy. ### Next Continue Milestone 01 with the next LD0 bind-mount batch: product runtime or lower-risk config, not destructive cleanup.

codex commented

2026-05-24 12:56:10 +02:00

Author

Collaborator

LD1 addendum — 2026-05-24 12:56 CEST: status-only #421 was also promoted so STATUS_NOW.md in the release root matches main. Current release root is now /opt/pdurlej-platform/current -> releases/eccd17cbd430a3be2d6f27009a658dd1e163417c; runtime service evidence from the LD1 checkpoint remains unchanged and green.

LD1 addendum — 2026-05-24 12:56 CEST: status-only #421 was also promoted so `STATUS_NOW.md` in the release root matches main. Current release root is now `/opt/pdurlej-platform/current -> releases/eccd17cbd430a3be2d6f27009a658dd1e163417c`; runtime service evidence from the LD1 checkpoint remains unchanged and green.

codex referenced this issue

2026-05-24 16:06:54 +02:00

docs(waves): formally close W0 W1 W2 #429