feat: add HWLAB test account sync
This commit is contained in:
@@ -73,6 +73,12 @@ The domain CLI resolves the target from YAML, calls shared helpers and prints st
|
||||
|
||||
Runtime mutation goes through UniDesk CLI and `trans` route execution. Direct `kubectl`, raw SSH, hand-written Caddy edits, direct GitHub API calls or ad hoc shell scripts may be diagnostic or emergency recovery tools only. Repeated operational writes must be promoted into a controlled CLI command that reads YAML and reports redacted structured output.
|
||||
|
||||
## Cross-Repository Operational Truth
|
||||
|
||||
When UniDesk prepares or supervises runtime data for another repository, the owning YAML still belongs in UniDesk if the data is part of node/lane operations rather than that repository's application source. Examples include HWLAB test/admin account inventories, operator-only API key source references, runtime DB sync inputs, public exposure targets and cross-node workbench preparation. The service repository may contain application code and app-native migrations, but it must not become a second desired-state truth for UniDesk-operated accounts, credentials, nodes, lanes, namespaces or sourceRef bindings.
|
||||
|
||||
Cross-repository YAML must name the target repository/runtime explicitly and must route all writes through a UniDesk CLI entrypoint that prints only sourceRef, targetKey, presence, byte counts, fingerprints, object ids and mutation summaries. The CLI may read owner-only local source files or declared platform DB exports; it must not backfill those files from runtime Secrets, pod env, logs or database rows.
|
||||
|
||||
## Common Block Rules
|
||||
|
||||
Reusable blocks must describe operations in data, not in service-specific code branches.
|
||||
|
||||
Reference in New Issue
Block a user