max / makenotwork
1 file changed,
+43 insertions,
-1 deletion
| @@ -2,7 +2,7 @@ | |||
| 2 | 2 | ||
| 3 | 3 | Plan captured 2026-06-02 after the design-step-back conversation following Phase A landing and the cargo_test/MM diagnosis push. Resolves the tier-B-strategy decision (§6.5 step 6 of `launchplan_final.md`) by going past the (a1)/(a2)/(b) trichotomy to a proper layout redesign. | |
| 4 | 4 | ||
| 5 | - | Status: ready to pick up. Open questions in §F must be answered during Session 1 itself. | |
| 5 | + | Status: **complete 2026-06-02**. See §G "Outcomes" at the bottom for what actually shipped, the bundle that landed, and what changed vs. the plan. | |
| 6 | 6 | ||
| 7 | 7 | ## Background — the trade as it stood | |
| 8 | 8 | ||
| @@ -197,3 +197,45 @@ Folded in here while editing topology code. Schema migration in `sando/daemon/mi | |||
| 197 | 197 | - `MNW/shared/docengine/` — DocEngine crate (investigate in §A.1). | |
| 198 | 198 | - `launchplan_final.md` §6.5 — original tier-B decision context this redesign supersedes. | |
| 199 | 199 | - `MNW/sando/plans/config-artifacts.md` — earlier Phase 3 design doc on config vs binary artifacts; complementary background. | |
| 200 | + | ||
| 201 | + | ## G. Outcomes (2026-06-02) | |
| 202 | + | ||
| 203 | + | Session 1 landed in one focused push. All 10 tasks done, 44/44 sando-daemon tests green, pipeline went `host` green end-to-end against sha `f0970b8` (version 0.9.5) on pop-os. | |
| 204 | + | ||
| 205 | + | ### What shipped (commit `f0970b8` on sando bare + mnw + srht remotes) | |
| 206 | + | ||
| 207 | + | - `release_contents: Vec<ReleaseEntry>` in `Config`, with `ReleaseEntry { src, dst, required }`. Sando code carries no MNW-specific knowledge; the MNW bundle shape lives in `sando-daemon.toml`. | |
| 208 | + | - `build.rs::build_and_run_host` (renamed from `_mm`) iterates `cfg.release_contents`, calling `stage_entry()` per row. `cp -a` semantics; supports the merge-into-existing-dir form so multiple entries can target the same `dst` (used for `docs/` from 3 worktree sources). | |
| 209 | + | - `deploy.rs` rsync gained `--delete` (no stale assets across versions) and swapped `--chmod=F0755` for `--chmod=Du=rwx,Dgo=rx,Fu=rw,Fgo=r,F+X` (binaries 0755, data files 0644). | |
| 210 | + | - `bootstrap-node.sh` writes FHS-style unit: `EnvironmentFile=/etc/mnw/makenotwork.env`, `ReadWritePaths=/var/lib/mnw`, `WorkingDirectory=<release>/current`. Pre-creates `/etc/mnw` (root:service 0750) + `/var/lib/mnw` (service:service 0750). | |
| 211 | + | - Migration `002_rename_mm_to_host.sql` — `PRAGMA defer_foreign_keys = ON` + 5 UPDATEs (tiers, nodes, deploys, gate_runs, tier_state). Preserved all existing state on pop-os (host current=0.9.5 + a current=0.8.12 carried through). | |
| 212 | + | - Post-receive hook now lives in repo at `sando/deploy/post-receive` and sources `/etc/sando/sando.env` — `SANDO_DAEMON` resolves to the tailnet listener instead of the 127.0.0.1 default. `bootstrap-sandod-host.sh` installs it. | |
| 213 | + | ||
| 214 | + | ### Open-question answers from §F | |
| 215 | + | ||
| 216 | + | - **Bundle size:** 154 MB total. 133 MB makenotwork + 25 MB mnw-admin + <1 MB of error-pages/static/docs combined. Non-binary content is rounding error against the binaries; rsync over the LAN+tailnet to testnot/prod will be dominated by binary delta (rsync's algorithm helps here — minor code changes ship as small deltas, not 158 MB). | |
| 217 | + | - **DocEngine build path:** It's a library crate (`MNW/shared/docengine/`), not a binary. No separate build step. Content stays raw markdown at `server/site-docs/` + `server/docs/business/assumptions.toml`. Three `release_contents` rows merge them into one `docs/` dir. | |
| 218 | + | - **DocEngine output format:** N/A — content never compiles. Raw `.md` files; the running server reads them at request time via the env-configured paths. | |
| 219 | + | ||
| 220 | + | ### Surprises / unplanned discoveries | |
| 221 | + | ||
| 222 | + | - **deploy.sh has a CSS minification step** (`npx clean-css-cli`) before rsync. Sando does not. Effect: bundle ships unminified CSS (~3x larger on the wire than deploy.sh-shipped CSS). `server/build.rs` hashes the *unminified* `style.css` for the cache-bust `?v=...`, so correctness is preserved — purely a size issue. Future fix: either eat the size cost (gzip handles most of it), move minification into `server/build.rs`, or add a build-step gate to sando. **Not addressed in Session 1.** | |
| 223 | + | - **mnw-admin invocation surface is bigger than expected.** Live call sites on prod: (1) sudoers `/etc/sudoers.d/*` entry `makenotwork ALL=(git) NOPASSWD: /opt/makenotwork/mnw-admin rebuild-keys` — needs path update in Session 3; (2) `command=` prefixes in `/home/git/.ssh/authorized_keys` that `mnw-admin rebuild-keys` itself generates — auto-update on the first post-migration rebuild-keys run. Session 3 sequence: edit the sudoers file first, then run `mnw-admin rebuild-keys` once. | |
| 224 | + | - **The defensive assert-on-stray-`"mm"`-lookup proposed in the plan was skipped.** Tests catch it: any unrenamed site fails when the DB no longer has a row matching it. After the rename + sync.rs test run + the production restart on pop-os, no "mm" lookups remained. | |
| 225 | + | ||
| 226 | + | ### Carry-over for Session 2 | |
| 227 | + | ||
| 228 | + | The Session 2 starting point shifted slightly because we did Session 1's prep + ran it in one push. State to assume when Session 2 begins: | |
| 229 | + | ||
| 230 | + | - `f0970b8` is the active sha on sando's bare repo and is current on tier host. Tier a is on the stale `0.8.12` from pre-Session-1. | |
| 231 | + | - testnot still has the unit shape from the *pre-Session-1* `bootstrap-node.sh`. It is in a crashloop (MissingDatabaseUrl, no env file). Session 2 reprovisioning will replace its systemd unit with the new FHS shape AND populate `/etc/mnw/makenotwork.env` from scratch. | |
| 232 | + | - `bootstrap-sandod-host.sh` on pop-os is the new version; re-running it is idempotent. | |
| 233 | + | - Sando's pubkey on testnot under the `deploy` user: confirmed working earlier (`sudo -u sando ssh deploy@testnot` returned). No re-auth needed. | |
| 234 | + | - The bundle has not yet been deployed remotely. Tier a's `0.8.12` deploy predates `release_contents`; the testnot release dir contains only binaries. First Session 2 promotion to tier a will be the first remote deploy of the full bundle. | |
| 235 | + | ||
| 236 | + | ### Things Session 2 should re-check before promoting | |
| 237 | + | ||
| 238 | + | - Verify `/etc/mnw/` and `/var/lib/mnw/` get created with the right ownership when `bootstrap-node.sh` runs on testnot (the new code path; never tested on a real box). | |
| 239 | + | - Decide what testnot's env file looks like — full prod-clone (with real Stripe test keys) or minimal (just what `Config::from_env` requires to boot). Minimal is faster and validates the deploy path; prod-clone exercises more code paths. | |
| 240 | + | - Confirm sando's pubkey is in `/home/deploy/.ssh/authorized_keys` on testnot, not just routable via Tailscale SSH. (Tailscale SSH ≠ pubkey auth; sando uses pubkey-only via OpenSSH.) | |
| 241 | + |