Align agent-isolation plan with tokenless allod-dev provisioning #6

Closed
opened 2026-06-27 05:09:07 +01:00 by vnprc-agent · 0 comments
Contributor

The first allod-dev provisioning attempt exposed a mismatch between the reviewed plan and the implementation that landed across the Allod repos.

The implementation intentionally keeps allod-dev without a root HTTPS git credential store: forgeTokenFile = null, httpsTokenFile = null, and public repos are fetched over SSH with the allod-agent key. The active agent-isolation plan still described an allod-dev forgejo-https-token-allod-dev.age credential and did not require review or acceptance tests to inspect the generated NixOS activation script for absent optional credentials.

Fix the plan and review artifacts so future reviews cover:

  • tokenless allod-dev provisioning as an explicit contract;
  • generated activation/provisioning artifacts, not only Nix source evaluation;
  • inventory-owned platform strings with profile checks deriving the target system instead of hardcoding x86_64-linux;
  • first boot, activation, provisioning, rebuild, and rollback lifecycle breakage as blocker-class review findings.
The first allod-dev provisioning attempt exposed a mismatch between the reviewed plan and the implementation that landed across the Allod repos. The implementation intentionally keeps allod-dev without a root HTTPS git credential store: `forgeTokenFile = null`, `httpsTokenFile = null`, and public repos are fetched over SSH with the allod-agent key. The active agent-isolation plan still described an allod-dev `forgejo-https-token-allod-dev.age` credential and did not require review or acceptance tests to inspect the generated NixOS activation script for absent optional credentials. Fix the plan and review artifacts so future reviews cover: - tokenless allod-dev provisioning as an explicit contract; - generated activation/provisioning artifacts, not only Nix source evaluation; - inventory-owned platform strings with profile checks deriving the target system instead of hardcoding `x86_64-linux`; - first boot, activation, provisioning, rebuild, and rollback lifecycle breakage as blocker-class review findings.
vnprc closed this issue 2026-06-27 14:23:35 +01:00
Sign in to join this conversation.
No labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
allod/strategy#6
No description provided.