feat(dx): integrate ctforge into net-tools infra installers

- ./run forge:dns now prefers central net-tools/bin/forge-dns-render (part of net sync) with local fallback. - Updated dispatcher help, INFRA.md steps, and CLOUD_DX_HANDOFF to document that `net sync` (or forge:dns) installs/keeps the ctforge shortcut as part of standard DX infra setup. - Symmetric with mcforge. After this, `net sync` (once net-tools is installed) is the canonical way to converge all hosts/DX shortcuts including the cloud forges.
2026-06-28 10:46:09 -04:00 · 2026-06-28 10:46:09 -04:00 · d899f592cc
commit d899f592cc
parent e095e596c2
4 changed files with 17 additions and 8 deletions
--- a/INFRA.md
+++ b/INFRA.md
@ -428,7 +428,8 @@ echo '<read-write-do-token>' > ~/.vault/do_pat_cocotte && chmod 600 ~/.vault/do_

 # 2. Forge (one-time human push of orphan snapshot to the private forge — agent exfil gate)
 ./run forge:up
-./run forge:dns                 # then http://ctforge:3000
+net sync                        # or ./run forge:dns — installs ctforge (and mcforge) via net-tools DX layer
+# then http://ctforge:3000 (and mcforge) are live; `net sync` keeps them after any future forge:up

 # 3. Golden image (once; rebuild when toolchain or base lock changes)
 export DIGITALOCEAN_TOKEN=$(cat ~/.vault/do_pat_cocotte)
--- a/docs/CLOUD_DX_HANDOFF.md
+++ b/docs/CLOUD_DX_HANDOFF.md
@ -113,7 +113,7 @@ packer build infra/packer/golden-image.pkr.hcl

 **7. Fleet:** `./run dist:up 1 s-8vcpu-16gb-amd` → `./run dist:test` → `./run dist:down`.

-**8. DNS shortcut:** `forge:dns` writes `<ip> ctforge` to `/etc/hosts` (sudo) → browse `http://ctforge:3000`.
+**8. DNS / DX shortcut:** after `forge:up`, `net sync` (or `./run forge:dns` inside the project) installs the managed `ctforge` (and `mcforge`) entry via the net-tools infra installer (forge-dns-render). Browse `http://ctforge:3000`. The shortcuts are adopted into a marked block and survive `net sync` re-runs.

 **9. One-shot bring-up (human-run):** after forge + key registration + golden image, use `scripts/cloud-bringup.sh` (or run the steps by hand). It does packer + dist:up 1 + dist:typecheck + auto teardown on exit. Launch with nohup ... & and review the log.

--- a/2
+++ b/2
@ -46,7 +46,7 @@ usage() {
    echo "  forge                    Show forge:* help (auto key ID lookup)"
    echo "  forge:up                 Bring up (or restore from snapshot) the cocotte-forge droplet; refreshes ~/.vault/cocotte_forge_creds"
    echo "  forge:down               Snapshot + destroy (idle ~$0.30/mo)"
-    echo "  forge:dns [name]         Add/update /etc/hosts entry (default: ctforge)"
+    echo "  forge:dns [name]         Ensure DX /etc/hosts shortcut (ctforge) via net-tools infra (or local); default ctforge"
    echo "  dist                     Show dist:* help"
    echo "  dist:check               Offline terraform fmt/validate/test (mocked, zero cost)"
    echo "  dist:up <N> [size] [region]   Spin N workers from golden image"
--- a/scripts/run/forge.sh
+++ b/scripts/run/forge.sh
@ -73,18 +73,26 @@ Forgejo origin lifecycle (DigitalOcean). Needs ~/.vault/do_pat_cocotte + the coc
  (We just generated ~/.ssh/id_cocotte_fleet + .pub — add the .pub to your DO account as 'cocotte-fleet' if not done.)
  ./run forge:down   stop + snapshot + destroy  (~$6/mo -> ~$0.30/mo idle)
  ./run forge:up     restore from newest snapshot, refresh vault creds (auto-looks up key ID)
-  ./run forge:dns    point the 'ctforge' hostname at the current forge IP (sudo; macOS /etc/hosts)
+  ./run forge:dns    ensure 'ctforge' /etc/hosts shortcut (now via net-tools DX infra + net sync; fallback local)
 EOF
 }

 cmd_forge_dns() {
-  # Map a friendly hostname to the current forge IP in /etc/hosts (macOS).
-  # Re-run after forge:up (the IP changes). Browse the forge at http://ctforge:3000.
+  # Map a friendly hostname (ctforge) to the current forge IP in /etc/hosts.
+  # This is now part of the shared net-tools DX infra installers:
+  #   - `net sync` (or net-tools/bin/forge-dns-render --install) owns the managed block
+  #   - Per-project ./run forge:dns prefers the central renderer when present (fallback below).
+  # Re-run (or `net sync`) after ./run forge:up (the droplet IP rotates).
  local name="${1:-ctforge}" ip
  ip="$(grep -E '^FORGE_IP=' "$_VAULT_CREDS" 2>/dev/null | cut -d= -f2)"
  [ -n "$ip" ] || { echo "no FORGE_IP in $_VAULT_CREDS" >&2; return 1; }
-  sudo sh -c "sed -i '' '/[[:space:]]${name}\$/d' /etc/hosts 2>/dev/null; printf '%s\t%s\n' '$ip' '$name' >> /etc/hosts"
-  echo "/etc/hosts: $name -> $ip   →  http://$name:3000"
+  if command -v forge-dns-render >/dev/null 2>&1; then
+    sudo forge-dns-render --install || echo "(central forge-dns-render had issues; local edit may still have run)" >&2
+  else
+    # Fallback for machines without net-tools DX layer installed yet.
+    sudo sh -c "sed -i '' '/[[:space:]]${name}\$/d' /etc/hosts 2>/dev/null; printf '%s\t%s\n' '$ip' '$name' >> /etc/hosts"
+  fi
+  echo "/etc/hosts: $name -> $ip   →  http://$name:3000  (also via 'net sync')"
 }

 cmd_forge_down() {