Skip to content

Cycle 005: preflight-first hosted evidence workflow#2

Open
junhengz wants to merge 13 commits intonicepkg:mainfrom
junhengz:cycle-006-cycle-005-hosted-evidence-workflow
Open

Cycle 005: preflight-first hosted evidence workflow#2
junhengz wants to merge 13 commits intonicepkg:mainfrom
junhengz:cycle-006-cycle-005-hosted-evidence-workflow

Conversation

@junhengz
Copy link

@junhengz junhengz commented Feb 14, 2026
edited
Loading

This PR hardens the Cycle 005 hosted persistence evidence workflow and operator UX.

Key changes:

  • Safer manual dispatch: preflight_only defaults to true; evidence PR requires preflight_only=false
  • Schedule trigger gated behind repo var CYCLE_005_AUTORUN_ENABLED=true (prevents PR spam)
  • Optional workflow_dispatch persistence of HOSTED_WORKFLOW_BASE_URL_CANDIDATES
  • /api/workflow/env-health now returns safe deploy metadata (provider + commit/branch/url when present)
  • Operator CLI wrapper supports preflight-only and safe autorun enable-after-preflight
  • Runbooks/checklists/templates/acceptance updated accordingly

Maintainer checklist: docs/operations/cycle-005-hosted-persistence-evidence-maintainer-checklist.md

@junhengz
chore: sync repository snapshot
5092a81
@junhengz
docs: translate project docs, skills, and agent profiles to English
090cdee
@junhengz
feat: migrate runtime from claude CLI to codex CLI
aa682d7
@junhengz
Cycle 015: harden Cycle 005 hosted persistence evidence runner
e26960a
@junhengz
Repo hygiene: track docs/projects; update team skill
a21439d
@junhengz
Cycle 005: hosted runtime env sync + evidence workflow
1b4b2d1 
Add GitHub Actions workflows and supporting scripts/runbooks to sync NEXT_PUBLIC_SUPABASE_URL + SUPABASE_SERVICE_ROLE_KEY into hosted runtime (Vercel/Cloudflare Pages), trigger redeploy, then run Cycle 005 hosted persistence evidence collection.
@junhengz
Cycle 005: hosted runtime env sync + provider automation
de8bbe8
@junhengz
docs: add cycle 005 hosted env sync redeploy runbook
6de00ae
@junhengz
Cycle 005: preflight-first hosted evidence workflow
d9130bd 
- Make manual dispatch default to preflight-only (safer), add schedule gate + candidate persistence
- Improve env-health deploy metadata for BASE_URL/debug
- Expand operator wrapper script + update runbooks/checklists/acceptance docs
@junhengz
Cycle 005: enforce safe preflight inputs
8ab4928
@junhengz
Docs: clarify preflight-only vs evidence prerequisites
fbbda87
@junhengz
Ops: Cycle 006 unblock note for Cycle 005 evidence
f6af37d
@junhengz
Docs: add autorun + SQL apply notes to operator runbook
697e47d
@junhengz
Copy link
Author

junhengz commented Feb 14, 2026

Maintainer unblock request (Cycle 005 hosted persistence evidence)

This PR is ready to merge; the only remaining blocker is that we still do not have the authoritative deployed workflow runtime BASE_URL.

As of 2026-02-14, from this workspace:

  • GitHub Deployments metadata is empty: gh api /repos/nicepkg/auto-company/deployments?per_page=5 returns [].
  • Common guessed Vercel domains return 404 DEPLOYMENT_NOT_FOUND (examples):
    • https://security-questionnaire-autopilot-hosted.vercel.app/api/workflow/env-health
    • https://security-questionnaire-autopilot.vercel.app/api/workflow/env-health
    • https://auto-company.vercel.app/api/workflow/env-health
  • https://auto-company.pages.dev/api/workflow/env-health returns 200 text/html (not JSON), so it is not the workflow runtime.
  • Full probe matrix: docs/qa-bach/cycle-005-base-url-probe-2026-02-13-v2.txt.

What I need from a maintainer (one-time):

  1. Merge this PR.
  2. In nicepkg/auto-company, set repo variable:
  • HOSTED_WORKFLOW_BASE_URL_CANDIDATES = 2-4 deployed origins (space/comma/newline separated) for the Next.js app that serves /api/workflow/*.

How to get the correct candidates (authoritative):

  • Vercel: open the Vercel Project for the workflow app, copy Production domain(s) from Settings -> Domains (and/or the *.vercel.app domain for the production deployment).
  • Cloudflare Pages: open the Pages project for the workflow app, copy the *.pages.dev production domain and any custom domains.

Hard validation command (must be JSON):

BASE_URL="https://<candidate-origin>"
curl -sS "$BASE_URL/api/workflow/env-health" | jq .

Pass criteria (Cycle 005 evidence gate):

  • .ok == true
  • .env.NEXT_PUBLIC_SUPABASE_URL == true
  • .env.SUPABASE_SERVICE_ROLE_KEY == true

Then run (canonical repo Actions):

  1. cycle-005-hosted-persistence-evidence with preflight_only=true (default) to validate BASE_URL + hosted env.
  2. Re-run with preflight_only=false to produce the evidence PR.

If env-health is JSON but env booleans are false, the fix is on the hosting provider (not GitHub): set NEXT_PUBLIC_SUPABASE_URL + SUPABASE_SERVICE_ROLE_KEY and redeploy.

Reference unblock note: docs/operations/cycle-007-hosted-base-url-blocker.md.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@junhengz