diff --git a/docs/PRODUCTION-MASTER-PLAN.md b/docs/PRODUCTION-MASTER-PLAN.md index e6d2f351..bf506558 100644 --- a/docs/PRODUCTION-MASTER-PLAN.md +++ b/docs/PRODUCTION-MASTER-PLAN.md @@ -150,6 +150,14 @@ phases 2–6 (`dual-ecash-design.md`). ## 8b. SESSION STATE + RESUME (2026-06-21, live) **Landed + committed on main this session (newest first):** +- `955c54b7` hook capability (#20) **phase 2** — `container::hooks::run_post_install` + executor (podman exec + copy_from_host w/ allowlist canonicalise + symlink-escape + prefix check; best-effort/idempotent) wired into `install_fresh` after container + is up (fresh-container-only). 5 unit tests; `cargo test -p archipelago` green. +- `4c1a4e59` hook capability (#20) **phase 1** — `LifecycleHooks`/`HookStep`/`HostCopy` + schema + validate() + re-exports + 3 schema tests; also fixed 3 pre-existing + `ContainerConfig` test literals missing `generated_secrets` (container crate now + compiles; `cargo test -p archipelago-container` green, 53 pass). - `f0c6b79d` immich containers named underscore (immich_server/_postgres/_redis) to match runtime lifecycle code — fixes package.stop/start/restart. **immich fully migrated + verified on .228** (manifest-driven stack via orchestrator). @@ -161,19 +169,14 @@ phases 2–6 (`dual-ecash-design.md`). - `192238cb` docs consolidation 56→28 + CLAUDE.md. - `03a4ee1b` generated-secrets system + companion/quadlet fixes. -**IN FLIGHT — hook capability (#20), phase 1 (schema):** building controlled -post-install hooks so indeedhub/netbird can migrate. Design: `docs/manifest-hooks-design.md`. -- DONE: `LifecycleHooks`/`HookStep`/`HostCopy` types + `hooks` field on AppDefinition - + validate() + re-exports + 3 schema tests (manifest.rs). -- **BLOCKING COMPILE FIX NEEDED:** `cargo test -p archipelago-container` fails — - 3 pre-existing test `ContainerConfig {…}` literals (manifest.rs ~1658/1711/1752) - are missing the `generated_secrets` field (added in 03a4ee1b but the container - crate's own tests were never run since). Add `generated_secrets: vec![],` to each. -- THEN: implement executor `core/archipelago/src/container/hooks.rs` - (run_post_install: podman exec + copy_from_host with allowlist canonicalisation), - wire into orchestrator install (post-create, install-only), tests, commit. +**DONE — hook capability (#20), phases 1+2 (schema + executor + wiring):** +controlled post-install hooks so indeedhub/netbird can migrate. Design: +`docs/manifest-hooks-design.md`. Schema, validate(), executor, and install-path +wiring all landed + green (commits `4c1a4e59`/`955c54b7` above). Remaining #20 +phases: 3 = indeedhub migration (NEXT, below); 4 = netbird; 5 = `pre_start` hooks +(type exists, NOT yet executed — wire into `prepare_for_start` if/when needed). -**NEXT (after #20):** indeedhub migration — author 7 member manifests +**NEXT — #20 phase 3, indeedhub migration:** author 7 member manifests (postgres/redis/minio/relay/api/ffmpeg + frontend) on archy-net with container-name hostnames; frontend carries the `post_install` hook (strip X-Frame-Options, copy nostr-provider.js, inject script, nginx reload — see `patch_indeedhub_nostr_provider` diff --git a/docs/manifest-hooks-design.md b/docs/manifest-hooks-design.md index 6a6cc9c2..a324f467 100644 --- a/docs/manifest-hooks-design.md +++ b/docs/manifest-hooks-design.md @@ -94,10 +94,14 @@ the `post_install` hook above. `install_indeedhub_stack` becomes orchestrator-fi ## 6. Phases -1. **Schema + executor + validation + unit tests** (this design) — `exec` + - `copy_from_host`, allowlist-enforced. -2. **Wire into orchestrator install** (post-create, install-only). -3. **indeedhub**: author member manifests + frontend `post_install` hook; wire +1. ✅ **Schema + validation + unit tests** — `LifecycleHooks`/`HookStep`/`HostCopy` + in `archipelago-container::manifest`, allowlist-enforced at `validate()`. + (commit `4c1a4e59`) +2. ✅ **Executor + wire into orchestrator install** — `container::hooks::run_post_install` + (`exec` + `copy_from_host`, canonicalise + symlink-escape prefix check, best-effort); + called from `install_fresh` after the container is up, fresh-container-only. + (commit `955c54b7`) +3. ⏳ **indeedhub**: author member manifests + frontend `post_install` hook; wire `install_indeedhub_stack` orchestrator-first; live-migrate + verify on .228. -4. **netbird**: assess its setup steps; migrate with hooks. -5. `pre_start` hooks (repair/ownership) if needed. +4. ⏳ **netbird**: assess its setup steps; migrate with hooks. +5. ⏳ `pre_start` hooks (repair/ownership) — type exists; executor not yet wired.