prep docs and service updates
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
This commit is contained in:
master
21
docs/modules/zastava/prep/2025-11-20-surface-fs-env-prep.md
Normal file
21
docs/modules/zastava/prep/2025-11-20-surface-fs-env-prep.md
Normal file
@@ -0,0 +1,21 @@
|
||||
# Zastava Wave Prep — PREP-140-D-ZASTAVA-WAVE-WAITING-ON-SURFACE-FS
|
||||
|
||||
Status: **Ready for implementation** (2025-11-20)
|
||||
Owners: Zastava Observer/Webhook Guilds · Surface Guild
|
||||
Scope: Document Surface.FS cache drop plan and Surface.Env helper ownership/unseal steps to unblock Zastava runtime work.
|
||||
|
||||
## Decisions captured
|
||||
- Surface.FS cache drop cadence: daily at 02:00 UTC with retention of last 3 snapshots; manual invalidate via `/admin/cache/drop` with DSSE auth.
|
||||
- Surface.Env helper ownership: Surface Guild maintains helper; Zastava consumers read via sealed secret `SURFACE_ENV_CONFIG` injected per-tenant.
|
||||
- Secrets rotation: quarterly or on incident; DSSE-signed env bundle stored in sealed S3 bucket `surface-env-bundles/tenant/{id}`.
|
||||
|
||||
## Deliverables for implementation teams
|
||||
- Publish cache drop runbook under `docs/modules/zastava/runbooks/surface-fs-cache-drop.md` (owner Surface Guild).
|
||||
- Publish env helper schema & sample at `docs/modules/zastava/surface-env-helper.sample.yaml` with hash file.
|
||||
- Add checklist to Zastava admission hooks to verify `SURFACE_ENV_CONFIG` exists and DSSE signature matches Surface root.
|
||||
|
||||
## Acceptance criteria
|
||||
- Written runbook + sample helper schema available at the paths above.
|
||||
- Cache drop schedule and manual invalidate command documented with DSSE requirement.
|
||||
- Zastava tasks can consume helper without requiring further schema decisions.
|
||||
|
||||
Reference in New Issue
Block a user