Align allod-dev plan with tokenless provisioning #7
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "agent/align-agent-isolation-tokenless-allod-dev"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Closes #6
Related fixes:
profiles/modules/netrc.nixfrom exiting the combined NixOS activation script when/root/.git-credentialsis absent.Problem
The first allod-dev provisioning run failed after agenix activation with:
The root implementation bug was that
netrc.nixusedexit 0for a missing optional root git credential file. In a NixOS activation snippet that does not exit only the local snippet: the snippets are concatenated into one activation script, so it exited before/run/current-systemwas linked. That made the first install appear to complete far enough to write secrets but left the VM unbootable.allod-dev exposed this because it is intentionally tokenless for root HTTPS git credentials. It clones public repos over SSH with the allod-agent key and uses only the raw API token for the Forge CLI. The active agent-isolation plan was stale: it still described
forgejo-https-token-allod-dev.ageas an allod-dev credential and treated bothforgeTokenFileandagentTokenFileas regular token files.Review Classification
The root bug should be graded
[BLOCKER]under the review rubric because following the implementation path made first provisioning/activation leave the VM nonfunctional. The missing acceptance test that would have caught it is a[GAP]: source evaluation and profile builds were not enough because the failure was visible only in the generated activation lifecycle path for an absent optional credential.Previous review passes missed it because they focused on repo boundaries, closure leaks, secret file shape, and source-level Nix evaluation. They did not require reviewers to inspect generated activation scripts or negative paths where optional host state is intentionally absent. The active review prompt also had stale current-state context saying allod-dev and the public template repos did not exist, which made it less useful for post-implementation regression review.
Changes
This PR updates
dev-plans/agent-isolation-dev-plan.mdto:forgeTokenFile = nullthe explicit allod-dev contract;agent-pr-token-allod-devAPI token in the plan;mkDevVmto accepthttpsTokenFileand only declare the root HTTPS token secret when it is non-null;exit 0behavior and verifies the expected skip message and/run/current-systemlifecycle path are present;checks.x86_64-linux;inventory.lib.supportedPlatformsinstead of embedding the platform in consumer checks;lib.supportedPlatforms, while consumers derive them.This PR also updates
review-plans/agent-isolation-dev-plan-review.mdto:[BLOCKER]severity;Validation
The stale-pattern scan above returns no matches. The remaining
x86_64-linuxexamples in the plan are inside inventory snippets, which is the intended source of truth.The positive scan confirms the new tokenless contract, inventory-derived platform guidance, generated activation acceptance test, review severity language, and refreshed prompt context are present.
Read-only review pass after commits
ac36b16and5781418: no BLOCKER, GAP, SIMPLIFY, or QUESTION findings.Checked:
git diff --check origin/master...HEADpasses;checks.x86_64patterns are absent;[BLOCKER]severity.