Skip to content

Add standalone hosted canary runtime#132

Merged
SoundBlaster merged 2 commits into
mainfrom
codex/n100-vm-hosted-canary
Jul 12, 2026
Merged

Add standalone hosted canary runtime#132
SoundBlaster merged 2 commits into
mainfrom
codex/n100-vm-hosted-canary

Conversation

@SoundBlaster

Copy link
Copy Markdown
Member

Summary

  • Add a hardened three-service hosted runtime for PostgreSQL, the managed-operation HTTP service, and one worker.
  • Add portable GitHub review-status evidence so a hosted worker does not depend on developer-machine worktree paths.
  • Link related issue/task: N100 VM hosted canary rehearsal.

Motivation

  • Validate the hosted execution architecture on one small VM before production deployment.
  • Remove the cross-host dependency on Mac-local open-review reports and candidate worktrees.

Goals

  • Provide a reproducible single-node runtime, fail-closed deployment contract, reboot/recovery procedure, and portable read-only canary path.
  • Out of scope: production deployment, public ingress, PR merge, and read-model publication.

Changes

  • Add Dockerfile.hosted-managed, standalone Compose, secret/mount hardening, contract validator, CI image build, and runbook.
  • Add --review-url to graph review status and validated product execution-report fallback with branch/PR identity checks.

Validation

  • Tests added/updated for changed behavior
  • Local checks passed

Commands run:

make python-quality
make hosted-managed-runtime-compose-contract
python -m unittest tests.test_platform_cli -v
git diff --check

Results:

  • make python-quality: 332 passed, 6 skipped.
  • Platform CLI suite: 216 passed.
  • Portable review focused tests: 4 passed.
  • ARM64 VM image build and runtime contract passed.
  • Real canary passed through HTTP service -> PostgreSQL -> worker -> PR #683 review status.
  • Full VM restart restored all services and reports; strict recovery was policy-safe; replay reused attempt 1.

Risks / Notes

  • Backward compatibility impact: existing open-review-report flow remains supported; portable mode is used only when validated embedded Git review evidence is available.
  • Migration/config changes required: standalone deployments must provision four secret files and an explicit operation allowlist.
  • Known limitations: the service is loopback-only and needs TLS/private ingress before remote production use; this is not production sign-off.

Checklist

  • PR title clearly describes the change
  • Scope is focused and minimal
  • Documentation updated (or N/A)
  • Workflow/artifact changes distinguish artifact presence from readiness/status
  • Temporary or intermediate paths are scoped to the current run/task where relevant
  • No secrets or sensitive data added

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 73bf0d47da

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread scripts/validate_hosted_managed_runtime_compose.py Outdated
Comment thread docs/hosted-managed-operations.md
@SoundBlaster SoundBlaster merged commit 97eb4b1 into main Jul 12, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant