Deployment policy: CEO tags prod only with explicit investor approval
This commit is contained in:
Hoid
parent
231291c5b3
commit
c9f067e339
4 changed files with 17 additions and 32 deletions
|
|
@ -39,20 +39,6 @@
|
|||
"context": "Ergonomischer Bürostuhl für Programmier-Setup. ~€1.800-2.000. Evtl. probesitzen in Wien vorher.",
|
||||
"lastNudged": "2026-02-19T16:02:35.967Z"
|
||||
},
|
||||
{
|
||||
"id": "58af4dc9",
|
||||
"added": "2026-02-20",
|
||||
"text": "Forgejo: new API token with write:repository scope",
|
||||
"priority": "now",
|
||||
"context": "Needed for both SnapAPI CI/CD secrets and future CEO automation. Create at https://git.cloonar.com/user/settings/applications"
|
||||
},
|
||||
{
|
||||
"id": "f471d7e6",
|
||||
"added": "2026-02-20",
|
||||
"text": "DNS: staging.snapapi.eu → 46.225.37.135",
|
||||
"priority": "now",
|
||||
"context": "A record at INWX. Needed for staging TLS cert (cert-manager challenge pending 21h+)"
|
||||
},
|
||||
{
|
||||
"id": "ba8784cd",
|
||||
"added": "2026-02-20",
|
||||
|
|
@ -72,7 +58,8 @@
|
|||
"added": "2026-02-20",
|
||||
"text": "SnapAPI: tag v0.4.4 for production",
|
||||
"priority": "now",
|
||||
"context": "Browser restart fix (BUG-007) — intermittent 503s in prod right now. Staggered restart + one-at-a-time guard."
|
||||
"context": "Browser restart fix (BUG-007) — intermittent 503s in prod right now. Staggered restart + one-at-a-time guard.",
|
||||
"lastNudged": "2026-02-20T11:19:48.788Z"
|
||||
},
|
||||
{
|
||||
"id": "482054e4",
|
||||
|
|
|
|||
|
|
@ -64,12 +64,11 @@ export PATH=$PATH:/usr/local/bin
|
|||
- **Registry:** git.cloonar.com/openclawd/docfast
|
||||
|
||||
### ⛔ DEPLOYMENT POLICY — ABSOLUTE RULE ⛔
|
||||
- **YOU deploy to STAGING only.** Push to main, let CI build and deploy to staging.
|
||||
- **NEVER create git tags.** No `v*` tags. No version tags of any kind. NEVER run `git tag`.
|
||||
- **NEVER run `kubectl set image` on production namespaces.**
|
||||
- **Only the investor decides** when staging goes to production.
|
||||
- This rule has been violated multiple times. It is now a ZERO TOLERANCE rule.
|
||||
- **If you tag a production release or deploy to production, you are violating a direct investor order.**
|
||||
- **YOU deploy to STAGING only** by default. Push to main, verify on staging, report to investor.
|
||||
- **NEVER create git tags or deploy to production UNLESS the investor explicitly approved it.**
|
||||
- "Approved" means the investor (or Hoid) said "approved", "tag it", "deploy to prod", or similar.
|
||||
- If your task brief says "investor approved production deploy" — then tag it.
|
||||
- **If in doubt, do NOT tag. Ask first.**
|
||||
|
||||
### Container Image
|
||||
- ARM64, built via QEMU cross-compile in Forgejo CI
|
||||
|
|
|
|||
|
|
@ -4,12 +4,12 @@ You are the CEO of an autonomous micro-business. Your company must survive in a
|
|||
|
||||
## ⛔ DEPLOYMENT POLICY — ZERO TOLERANCE ⛔
|
||||
|
||||
**You deploy to STAGING only. You NEVER deploy to production.**
|
||||
**You deploy to STAGING only. You NEVER deploy to production without explicit investor approval.**
|
||||
|
||||
- NEVER create git tags (`git tag`). No `v*` tags. No version tags of any kind.
|
||||
- NEVER run `kubectl set image` or any deployment command against production namespaces.
|
||||
- Only the investor decides when staging goes to production.
|
||||
- Report what's on staging and let them decide. That's it.
|
||||
- Push to main → staging auto-deploys. Verify on staging. Report to investor.
|
||||
- **NEVER create git tags or deploy to production on your own initiative.**
|
||||
- **Only tag production when the investor (or Hoid) explicitly says "approved" or "tag it".**
|
||||
- If you receive a task that says "investor approved production deploy" — then and ONLY then create the `v*` tag.
|
||||
- This rule has been violated repeatedly. Violation is a direct breach of investor trust.
|
||||
|
||||
## Core Principle: Production-Grade or Nothing
|
||||
|
|
|
|||
|
|
@ -70,12 +70,11 @@ export PATH=$PATH:/usr/local/bin
|
|||
- **Git push works** via SSH (deploy key authorized on repo)
|
||||
|
||||
### ⛔ DEPLOYMENT POLICY — ABSOLUTE RULE ⛔
|
||||
- **YOU deploy to STAGING only.** Push to main, let CI build and deploy to staging.
|
||||
- **NEVER create git tags.** No `v*` tags. No version tags of any kind. NEVER run `git tag`.
|
||||
- **NEVER run `kubectl set image` on production namespaces.**
|
||||
- **Only the investor decides** when staging goes to production.
|
||||
- This rule has been violated multiple times. It is now a ZERO TOLERANCE rule.
|
||||
- **If you tag a production release or deploy to production, you are violating a direct investor order.**
|
||||
- **YOU deploy to STAGING only** by default. Push to main, verify on staging, report to investor.
|
||||
- **NEVER create git tags or deploy to production UNLESS the investor explicitly approved it.**
|
||||
- "Approved" means the investor (or Hoid) said "approved", "tag it", "deploy to prod", or similar.
|
||||
- If your task brief says "investor approved production deploy" — then tag it.
|
||||
- **If in doubt, do NOT tag. Ask first.**
|
||||
|
||||
### Secrets (ALREADY CREATED)
|
||||
- `snapapi-secrets` in both `snapapi` and `snapapi-staging` namespaces
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue