stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
e53a282fbea6cfd9aeb10e5909d03fa3a5ccd307
git.stella-ops.org/docs/modules/zastava/prep/2025-11-20-surface-fs-env-prep.md
master d519782a8f
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
prep docs and service updates
2025-11-21 06:56:36 +00:00

1.4 KiB
Raw Blame History

Zastava Wave Prep — PREP-140-D-ZASTAVA-WAVE-WAITING-ON-SURFACE-FS

Status: Ready for implementation (2025-11-20) Owners: Zastava Observer/Webhook Guilds · Surface Guild Scope: Document Surface.FS cache drop plan and Surface.Env helper ownership/unseal steps to unblock Zastava runtime work.

Decisions captured

  • Surface.FS cache drop cadence: daily at 02:00 UTC with retention of last 3 snapshots; manual invalidate via /admin/cache/drop with DSSE auth.
  • Surface.Env helper ownership: Surface Guild maintains helper; Zastava consumers read via sealed secret SURFACE_ENV_CONFIG injected per-tenant.
  • Secrets rotation: quarterly or on incident; DSSE-signed env bundle stored in sealed S3 bucket surface-env-bundles/tenant/{id}.

Deliverables for implementation teams

  • Publish cache drop runbook under docs/modules/zastava/runbooks/surface-fs-cache-drop.md (owner Surface Guild).
  • Publish env helper schema & sample at docs/modules/zastava/surface-env-helper.sample.yaml with hash file.
  • Add checklist to Zastava admission hooks to verify SURFACE_ENV_CONFIG exists and DSSE signature matches Surface root.

Acceptance criteria

  • Written runbook + sample helper schema available at the paths above.
  • Cache drop schedule and manual invalidate command documented with DSSE requirement.
  • Zastava tasks can consume helper without requiring further schema decisions.