docs(@projects/@atlilith): ✅ update infrastructure documentation for lan-to-lan migration

Co-Authored-By: Lilith Autocommit <noreply@atlilith.com>
2026-06-10 03:15:02 -07:00 · 2026-06-10 03:15:02 -07:00 · 4365c8a47f
commit 4365c8a47f
parent 200a6a38aa
2 changed files with 3 additions and 3 deletions
--- a/INFRA.md
+++ b/INFRA.md
@ -366,11 +366,11 @@ No code changes per onboarding. Templates + DNS only.
 This doc is the V3 design target. The corrections folded into Sections 1–9 above reflect ways the original draft contradicted current operating reality. Summary:

 - **Forgejo + Verdaccio live on black, not apricot.** Both route through a `host-nginx` Docker container on black (alongside the system nginx 1.24.0). See `.live`-side memory `reference_black_infra_design.md`.
- **`quinn-ai-auto-respond.service` runs on black**, not vps-0 — cut over 2026-05-15. Uses TS `draft-pipeline-ts/` calling `model-boss` at `apricot.local:8210`.
+- **`quinn-ai-auto-respond.service` runs on black**, not vps-0 — cut over 2026-05-15. Uses TS `draft-pipeline-ts/` calling `model-boss` at `apricot.lan:8210`.
 - **mac-sync server port is `3201`, not 3100.** DB renamed `quinn_icloud` → `quinn_macsync` on 2026-05-17 (schema `macsync.*`).
 - **V3 role for vps-0 = production web UIs + a cache for the public-info subset of `platform.api`.** It is NOT the V3 authoritative data host — authenticated reads/writes hit `platform.api` on black. V2 and V3 run side by side: V2's `quinn-*-api` systemd units + local Postgres on `:5435` keep serving Quinn's existing traffic indefinitely; V3 adds its parallel stack alongside without disturbing V2. Decommissioning V2 is end-state (`DESIGN.md §11 Success Criteria #6`), not a Phase 5 task.
 - **`docker-mailserver` for `transquinnftw.com` is on vps-0** at `/opt/quinn-mailserver`, not black.
- **black is LAN-only.** No public IP, reached via WireGuard mesh + the `black` SSH alias (don't use `black.local` — only the configured alias has key auth). `atlilith.com` hosting is aspirational; DNS not yet pointed.
+- **black is LAN-only.** No public IP, reached via WireGuard mesh + the `black` SSH alias (don't use `black.lan` — only the configured alias has key auth). `atlilith.com` hosting is aspirational; DNS not yet pointed.
 - **Cocotte + Sansonnet are live on vps-0** with LE certs (2026-05-17). Canonical `.maison` serves content; defensive `.com` aliases 301-redirect via `defensive-coms` nginx using `transquinnftw.com` cert SANs. Brand registry source: `deployments/@domains/quinn.www/scripts/agency-brands.conf` in `.live`.
 - **Dev TLS unified**: one mkcert wildcard with 5 SAN patterns covers all `*.apricot.lan` dev hosts via a Caddy `(local_tls)` snippet. Refresh script at `infrastructure/scripts/dev-cert-refresh.sh` (in `.live`).
 - **DNS migrated `.local` → `.lan`** on 2026-05-16. All host references (npm.black.lan, forge.black.lan, m.quinn.apricot.lan, etc.) use `.lan`. Stale `.local` references in `~/.npmrc` were the actual cause of yesterday's `bun install` failures, not Verdaccio itself.
--- a/talent-scout-port-findings.md
+++ b/talent-scout-port-findings.md
@ -287,7 +287,7 @@ circuitBreaker:
 ### Cross-package dependencies — verified read 2026-05-18

 **`@lilith/circuit-breaker`** (`/var/home/lilith/Code/@packages/@ts/@infra/circuit-breaker/`):
- v0.1.1, zero runtime deps, ESM + CJS dual output via tsup, published to `forge.black.local/api/packages/lilith/npm/`.
+- v0.1.1, zero runtime deps, ESM + CJS dual output via tsup, published to `forge.black.lan/api/packages/lilith/npm/`.
 - **Port verdict**: rename → `@cocotte/circuit-breaker`, republish to same Forgejo registry under `@cocotte` scope. Move source to `@cocottetech/@platform/codebase/@packages/circuit-breaker/`.

 **`@lilith/tor-types`** (`/var/home/lilith/Code/@applications/@tor/packages/tor-types/`):