From a922a72b664800e804d9d6fb831c93568fe61020 Mon Sep 17 00:00:00 2001 From: Antigravity Agent Date: Sat, 23 May 2026 20:06:05 +0000 Subject: [PATCH] docs: align GitOps covenant with Hostname-First Protocol --- GITOPS_COVENANT.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/GITOPS_COVENANT.md b/GITOPS_COVENANT.md index b0f10fd..0697f58 100644 --- a/GITOPS_COVENANT.md +++ b/GITOPS_COVENANT.md @@ -4,12 +4,12 @@ This document establishes the binding, high-priority system directive governing --- -## The Four Core Primitives +## The Five Core Primitives ### 1. Git-First Version Control (Volatile Isolation Prohibited) * **Zero Untracked Edits**: No file in the application workspace (`/home/antigravity/fieldprint-portal/`, `/home/antigravity/intellecton-portal/`, etc.) shall be modified or introduced without immediate staging in the local Git directory. * **Semantic Commits**: All updates must be packaged under high-precision, descriptive commit messages specifying the exact features modified (e.g., `feat:`, `fix:`, `refactor:`, `docs:`). -* **Continuous Synchronization**: Pushes to the sovereign Gitea remote instance at `http://172.16.0.113:3001` must be triggered immediately after local validation, ensuring off-host permanence. +* **Continuous Synchronization**: Pushes to the sovereign Gitea remote instance at `http://forgejo:3001` must be triggered immediately after local validation, ensuring off-host permanence. ### 2. Declarative Infrastructure (GitOps) * **Code-Driven Deployments**: Kubernetes deployments, Traefik ingress routing tables, and database configurations must be declared in YAML manifests under `/home/antigravity/master-fieldprint/` rather than via manual terminal commands. @@ -25,11 +25,17 @@ This document establishes the binding, high-priority system directive governing * **Transparency for Peers**: The ledger must be written with maximum academic clarity, ensuring other agents or human researchers can instantly step through our developmental reasoning. ### 4. Continuous Integration & Verification (CI/CD) -* **Pre-Deployment Audits**: Before any image is tagged, pushed to the Tailscale NodePort registry (`100.110.108.11:30500`), or rolled out to the Atlanta K3s cluster, it must undergo automated validation: +* **Pre-Deployment Audits**: Before any image is tagged, pushed to the Tailscale NodePort registry (`k8s-01.tailscale:30500`), or rolled out to the Atlanta K3s cluster, it must undergo automated validation: * Static builds (`npm run build`) must compile with **zero linter errors** or prerender exceptions. * Docker compilations must utilize cache-efficient standalone layering. * **Zero-Downtime Rollouts**: Deployments inside the cluster must utilize Traefik ingress configurations and rolling updates to enable smooth, zero-downtime transition states and immediate rollback targets in the event of anomalies. +### 5. Hostname-First Protocol (Semantic Network Referencing) +* **Mandated Hostname Usage**: All system configurations, playbooks, remote Git URL endpoints, and registry targets must utilize semantic hostnames (`forgejo`, `k8s-01.tailscale`) instead of raw IP addresses. +* **Self-Referential Clarity**: Hostnames preserve cognitive context and reinforce recursive self-referential patterns. IP usage is restricted to low-level DNS bootstrap files. + > [!NOTE] + > Due to containerd insecure-registry validation limits on the host k3s nodes, image pulls inside the cluster deployment manifests use the internal service ClusterIP CIDR mapping (10.43.4.37:5000) mapped to registries.yaml mirrors. All external pushes, git syncs, and system playbooks utilize the semantic k8s-01.tailscale and forgejo hostnames. + --- ## Enforcement & Inheritance