LocalAuthority
/
agents.md
1 contributor
# Agent Notes Madagascar Local Authority is the local authority application for the Madagascar network. Start with these documents: - [README.md](README.md) - current repository, deployment model, runtime paths, GitPrep remote. - [.doc/database/](.doc/database/README.md) - SQLite runtime store schema, table docs, seed rules, backup and restore. - [.doc/host-manager.md](.doc/host-manager.md) - application behavior, OTP, Work Orders, local CA, registry rules. - [.doc/local-hosts.md](.doc/local-hosts.md) - local DNS rules, resolver sync, source priority. - [.doc/development-log.md](.doc/development-log.md) - development log index with component logs under `.doc/development-logs/`. Operational rules: - Develop in this checkout: `/Users/bogdan/Documents/Workspaces/Xdev/Madagascar/LocalAuthority`. - Canonical git remote is GitPrep: `git@192.168.2.102:repositories/bogdan/LocalAuthority.git`. - Jumper is the runtime/deployment target, not the primary editing location. - Development work must be committed locally before testing or archiving; do not leave useful changes as forgotten dirty working-tree state. - Push committed code to `jumper-runtime` for live testing on jumper. - Push committed code to `origin`/GitPrep for archival/canonical history. - `scripts/deploy_to_jumper.sh` is available for explicit rsync deploys, but the normal development loop is commit plus push. - Agent work is not complete while there are uncommitted local changes, local commits not pushed to both `jumper-runtime` and `origin`, or a jumper `BUILD` that does not match the intended commit. - Before ending a change task, verify `git status -sb`, `git ls-remote origin refs/heads/main`, `git ls-remote jumper-runtime refs/heads/main`, and `ssh jumper.madagascar.xdev.ro 'cat /usr/local/xdev-host-manager/BUILD'`. - If `git push jumper-runtime HEAD:main` is blocked by dirty tracked files on jumper, inspect and compare the jumper diff before clearing it. Only reset or remove jumper files after confirming the changes are already represented by the commit being pushed or after saving a backup patch under `/usr/local/xdev-host-manager/backups/`. - Do not report success until the same commit is visible locally, in GitPrep, in `jumper-runtime`, and in the served build badge/`BUILD`, unless the user explicitly asks to stop before deploy or archive. - Runtime registry and Work Orders live in `var/host-manager.sqlite` on jumper. - Do not deploy `config/` unless the user explicitly asks to replace seed/snapshot/export files. - Treat `config/hosts.yaml`, `config/local-hosts.tsv`, and `config/work-orders.yaml` as compatibility exports/seeds, not the live source of truth. - Do not install npm, pip, or CPAN packages directly on hosts. Distribution packages are acceptable when needed. - Perl from the distribution and core/distribution modules are allowed. - CPAN modules are allowed only after requesting an audit and RPM packaging for the local audited repository. - Secrets live outside git, mainly under `/etc/xdev/host-manager.env` on jumper. - UI flows that can lead to a save must verify authentication before the user starts editing, before tab/section changes, and again before submit/save. If authentication is missing or expired, return to login without discarding in-progress form data. Before code changes: ```bash git status --short ``` Before deployment: ```bash perl -c scripts/host_manager.pl perl -c scripts/mdns_host_seed.pl ``` Normal live-test deployment after a committed change: ```bash git push jumper-runtime HEAD:main ``` Archive/canonical push: ```bash git push origin main ``` After deployment, verify: ```bash ssh jumper.madagascar.xdev.ro 'systemctl is-active host-manager && curl -fsS http://127.0.0.1:8088/healthz >/dev/null' ```