Matches the simplified single-env DO project layout (one cocotte project for the
store tier + ephemeral fleet). cocotte:dev project removed.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Provisioned the first ct-forge CI runner and fixed every blocker found:
- Stock-Ubuntu cloud-init: no cocotte-golden image exists (only mc-golden),
so bootstrap bun + node 20 + forgejo-runner from scratch; create build user.
- ASCII-only: an em-dash in comments made cloud-init silently void the entire
user-data (unacceptable character #x0080) -> nothing ran. Keep it ASCII.
- Host execution mode: register with :host-suffixed labels + container.docker_host
'-' (no Docker on these boxes); bare labels crash-loop with 'Docker Engine
socket not found'. Names still match runs-on: [self-hosted,linux,do,ct-forge].
- Registration via admin endpoint GET /api/v1/admin/runners/registration-token
(org/repo POST returns 405 on forgejo 9.0.3); forge_pat must be the admin PAT.
- README: document firewall prerequisite (forge lilith-forge-fw must allow tag
ct-forge-runner -> 3000/4873) + verified apply recipe.
Runner ct-forge-do-0 is online host-mode; CI jobs now dispatch (was 0 runners).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
New cocottetech platform service (NestJS, port 3061) that owns the canonical
people/identities/relationships/signals model in its OWN database (black:25461),
not the shared platform.db — per the per-service-DB directive. Ported from
lilith's entities/people, dropping the lilith-specific clients/contacts bridges
and quinn_my ownership. Internal /internal/people/* API (upsert-identity,
signals, get, by-identity, summary) behind a service-token guard; health is
public. Consumed over HTTP by prospector and other apps. tsc clean.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The apricot auto-commit-service is removed/offline, so the 'write code; ACS
handles commits' rule no longer applies. Agents now author scoped, atomic,
conventional commits and push their own work.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Updated cockpit-kit/ios-fe READMEs, CLAUDE, DESIGN etc per plan.
- Co-Authored-By from subagent work + this.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- New cmd to SSH and bring up the registries from the updated compose (from uvlava TF).
- Completes publishing to the new services in the forge droplet.
- cloud-init now installs Playwright Chromium deps (replicates setup_playwright for LP e2e/build jobs).
- Supports optional ssh_priv_key via TF var (replicates setup_ssh_key for deploys).
- Escaped templates properly; TF validate + fmt clean.
- README/vars updated.
- Completes 'look at lp we have ct-forge' + no more black for runners/CI on DO on-demand.
- Updated ci-runners Terraform/vars/README/cloud-init to reference LP's setup-forgejo-host.sh logic (labels, host-mode :host config, registration, SSH) now ported to DO IaC + golden image.
- CLAUDE.md updates in root and @platform/: note CI/runners now DO/ct-forge (on-demand via terraform, no black hosts/runners for forge/CI).
- Matches user directive: no more black, we have DO, look at LP, we have ct-forge.
- Runners: self-hosted,linux,do,ct-forge (general); +publish for packages. LP CI/deploys now target same.
- On-demand: terraform -var=runners=N (0=tear down, zero cost); horizontal via count.
- See infra/terraform/ci-runners/ and LP .forgejo/workflows updates.
- New module infra/terraform/ci-runners/ modeled after test-fleet (cattle, reusable golden image, 0-cost when idle).
- Horizontal scale via var.runners (pool of DO droplets for concurrent publish jobs).
- On-demand: scale up (e.g. 3-10) before package publish batches across the extracted repos, scale to 0 after (zero cost).
- Reuses cocotte-golden image (pre-warmed node/pnpm).
- cloud-init auto-downloads/registers forgejo-runner to ct-forge using PAT, sets host-mode labels (self-hosted,linux,do,ct-forge,publish).
- Includes templates/publish.yml for use in the new per-package repos (with registry transform, guards, ct-forge target).
- variables for forge_url, labels, registration target (supports org-level for shared package runners).
- Outputs for IPs/inventory. fmt clean, basic structure verified.
This enables the "publish with ondemand infra" for the 49+ package extraction while keeping the 3-orgs model.
- ./run forge:dns now prefers central net-tools/bin/forge-dns-render (part of net sync) with local fallback.
- Updated dispatcher help, INFRA.md steps, and CLOUD_DX_HANDOFF to document that `net sync` (or forge:dns) installs/keeps the ctforge shortcut as part of standard DX infra setup.
- Symmetric with mcforge.
After this, `net sync` (once net-tools is installed) is the canonical way to converge all hosts/DX shortcuts including the cloud forges.
Makes ./run forge:dns use ctforge by default so http://ctforge:3000 works like mcforge:3000 for magic-civilization.
Updated help text, docs examples, and default in cmd_forge_dns.
The darwin_arm64 provider binaries (~41MB, downloaded by `terraform init`)
were committed under infra/terraform/test-fleet/.terraform/ — generated,
platform-specific (useless on the linux workers), and churny. Gitignore
**/.terraform/* + *.tfstate*, and git rm --cached the binaries. The
.terraform.lock.hcl stays tracked (it pins provider versions); run
`terraform init` to re-fetch the providers locally.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Replicate the MC build-artifact Space pattern: publish the deployable
artifact once to a DO Space, fetch it on the rest (keyed by sha) instead
of N rebuilds. Includes the two ssh gotchas that cost real iterations
(ssh -n defeats heredoc stdin; dispatch must pass -i <fleet-key>).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
