Skip to content

v4.5: operationalize the agnostic core (runtime hardening — DO NOT MERGE until validated)#55

Draft
fruwe wants to merge 17 commits into
mainfrom
v4.5
Draft

v4.5: operationalize the agnostic core (runtime hardening — DO NOT MERGE until validated)#55
fruwe wants to merge 17 commits into
mainfrom
v4.5

Conversation

@fruwe

@fruwe fruwe commented Jun 27, 2026

Copy link
Copy Markdown
Member

v4.5 — make milestone 4 actually run

v4.4 merged the plugin-agnostic refactor but its §9/§14 moves (terramate stacks + OS assets externalized out of core) left the terraform runtime broken, and it was never VM-validated. This milestone fixes the runtime regressions and proves milestone 4 works end-to-end via minimalistic real usage (Vultr + QEMU provisioning, TUI).

Do not merge until every bug surfaced during minimalistic usage is fixed and the code is reviewed. Tracking in docs/v4.5-roadmap.md.

Landed so far

  • tf-stage read path: status/ip/start/stop/password ran terramate without staging the externalized provider stacks, so on a fresh tree they reported "not created" / captured a terramate error box as the IP. Added a shared core helper (scripts/tf-stage, stage_provider_stacks) invoked from eve_load_profile_env (gated on the terraform engine); prepare_provider_stacks is now idempotent (no churn on status polls). Companion change: v4.5: stage terraform stacks on the read path (DO NOT MERGE until validated) eve-providers#10.

Coupled merge

eve first (so scripts/tf-stage exists), then eve-providers.

The write path (tf-init/plan/apply/destroy) vendors the externalized provider
terramate stacks and runs `terramate generate` before invoking terramate. The
read/power commands (status, ip, start, stop, password across aws/gcp/truenas/
vultr) never run tf-init, so on a fresh checkout — or any tree where `up` hasn't
run — terramate can't discover the stacks: status reports "not created" and ip
emits a terramate error box that gets captured verbatim as the IP value. It
only worked because an `up` happened to leave the stacks vendored.

Add a shared core helper the read path uses:

- `stage_provider_stacks` / `scripts/tf-stage <provider>`: vendor the stacks and
  run `terramate generate` only when staging changed something or no generated
  backend file exists yet.
- `prepare_provider_stacks` is now idempotent: it short-circuits when the staged
  copy already matches the source (a read-only content compare that ignores
  generated, destination-only files), returning whether anything was re-staged.
  This keeps frequent callers (status polls) from churning the filesystem and
  clobbering generated z_backend.tf on every call. State is unaffected — the
  local backend lives under .terraform-cache-dir/, outside the staged tree.

The provider commands invoke this via `eve_load_profile_env` (gated on the
terraform engine) in the companion eve-providers change.
fruwe added 16 commits June 27, 2026 14:19
TUI plugin-sources screen now manages local-folder sources without env vars:
- Type column (folder/remote) distinguishes local paths from git URLs
- EditSourceScreen: edit id/url/ref/folder/auth of an existing source
- Default action on configured entries opens Edit (not Remove); recommended
  entries keep add behavior
- is_local_folder() helper + configured_row() + update_source() in plugins.py
- AddSourceScreen placeholder now mentions local paths
- 'e' keybind for Edit; Edit button added to controls row
- Tests: is_local_folder, configured_row with local flag, update_source
  round-trip, TUI smoke test updated for new button label
Remove junk state files (--instance.json, --.json, schtasks directory,
dozens of stale .json/.lock from old testing). Root cause was pre-v3 scripts
that passed raw argv; current argparse-based instance-state doesn't reproduce.
…treaming windows scope, local-folder branch UI) + demo-instance task
…n (v4.5 K)

Bundles are now first-class kind:bundle plugins, not implied by package
bundles: declarations.

Core changes (eve):
- kind enum: provider | package | os | bundle
- New 'members' field: a bundle plugin lists its member package ids
- Removed 'bundles' from schema + validator (packages no longer declare bundles)
- 'supports' moved from global required to provider/package conditionals
- catalog.py: aggregates bundles from kind:bundle plugins (reads 'members')
- catalog_view.py: computes bundle installable_os_families from member packages
- plugin_test.py: bundle/os kinds skip the SSH-readiness boundary check
- Hermetic fixtures: mock-app/mock-win-app bundles: removed; mock-dev/mock-gaming
  bundle plugins created; test golden updated

Package repos (v4.5):
- eve-packages-linux: 9 bundle plugins created under bundles/; bundles: removed
  from 9 package manifests
- eve-packages-windows: gaming-streaming bundle plugin [steam, sunshine, rustdesk]

Tests updated: catalog aggregator tests use kind:bundle; manifest contract
tests check bundle validation; relocation test reads bundle plugins.
…4.5 G, H, J)

Wizard (Bug G): incompatible bundles and packages are now rendered dim
in the new-instance wizard. The support_reason/conflict checks already
prevented selection; now they're visually differentiated too.

Dialog convention (Bug H): plugin-sources screen reordered — Edit is
leftmost, primary-colored, and the default action (Enter/Space). The
Remove toggle button is warning-colored and no longer flips.

Edit label (Bug J): the EditSourceScreen ref field is now labeled
'Branch / ref (snapshot — re-pull to refresh)' making it explicit that
uncommitted changes aren't picked up.
….5 Bug M)

The status probe ran each provider's connectivity command with a bare
environment, so a provider whose 'configured' gate is a secret (Vultr's
VULTR_API_KEY, which lives only in the secrets file) reported unconfigured even
though dispatch could create instances with it; AWS meanwhile reported
'configured' off ambient ~/.aws, bypassing eve's config entirely. The probe now
resolves the same ConfigEnv.environment() + _inject_secrets the dispatch path
uses, so status and dispatch see identical config/secrets.

Also records the v4.5 architecture workstream (Bugs M-R): one shared config/
secret resolution, a central FSM platform with settings as machine context,
XDG config layout, TUI-over-CLI parity, and streaming<->non-streaming parity.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant