Files
pikasTech-unidesk/docs/reference/nc01.md
T
Codex 01ff35d0f8
Pipelines as Code CI / hwlab-web-probe-sentinel-nc01- Success
Pipelines as Code CI / unidesk-host- Success
docs: define worktree-independent local state
2026-07-10 04:32:41 +02:00

4.3 KiB

NC01 Reference

NC01 is the current host registered as a UniDesk provider-gateway node. Host maintenance uses trans NC01 ...; Kubernetes maintenance uses trans NC01:k3s ....

Source Of Truth

  • Host k8s/provider config: config/unidesk-host-k8s.yaml.
  • Host proxy config: config/platform-infra/host-proxy.yaml#targets.NC01; NC01 host-proxy uses /root/vpn-server as the VPN server source.
  • HWLAB node/lane config: config/hwlab-node-lanes.yaml#lanes.v03.targets.NC01.
  • HWLAB control-plane config: config/hwlab-node-control-plane.yaml#nodes.NC01.
  • AgentRun config: config/agentrun.yaml, lane nc01-v02.
  • NC01 host PostgreSQL config: config/platform-db/postgres-nc01.yaml.

Fixed Repos

  • HWLAB v0.3 fixed repo: /root/hwlab, branch v0.3.
  • AgentRun v0.2 fixed repo: /root/agentrun, branch v0.2.
  • UniDesk source/config authority remains /root/unidesk.

Database Boundary

NC01 databases run on host-native PostgreSQL, not Docker or Kubernetes. Kubernetes workloads that need PostgreSQL must use YAML-declared external PostgreSQL bridge objects and Secrets.

For HWLAB v0.3, the Kubernetes Service nc01-host-postgres in namespace hwlab-v03 points to host PostgreSQL at 10.42.0.1:5432. Runtime database Secrets are sourced from .state/secrets/hwlab/* via YAML sourceRef and must only be reported as present/fingerprint metadata, never as full values.

Decision Center

Decision Center production runs on NC01 k8s in namespace unidesk, not on a bare Docker/Compose runtime and not on the old D601 Decision Center path. Runtime objects are deployment/decision-center and service/decision-center; GitHub storage credentials are distributed through the decision-center-github-ssh Secret and must only be reported as object/key presence or fingerprint metadata.

The durable store is the GitHub repo pikasTech/decision-center-data on branch main, with base path data. PostgreSQL is the service index/cache, not the durable source of truth. After data migration or repair, validate both layers:

  • service health shows storage.primary=github-repo, recordCount and diaryEntryCount;
  • /api/storage/verify reports cache and repo index counts with zero deltas;
  • the repo worktree HEAD and git ls-remote origin refs/heads/main match;
  • bun scripts/cli.ts decision health, decision list and decision diary list succeed through the NC01 k8s entrypoint.

When exporting legacy PostgreSQL data, do not stream Markdown bodies as plain JSONL through terminal output. Use a single-line-safe encoding such as hex-encoded JSON per row, write a manifest with row counts and SHA-256, transfer the bundle through trans download/upload, then compare canonical source and target hashes before claiming migration complete.

GitHub Token

The local GitHub token source is /root/.unidesk/.env/gh_token.txt. It must be stored as a bare token and consumed through controlled YAML/sourceRef or temporary non-printing credential helpers. Do not place the token in command argv, logs, committed files, or rendered manifests. NC01 follows the canonical owner-level state and compatibility-symlink contract in Worktree-Independent Local State; worktrees consume /root/.unidesk/.env and /root/.unidesk/.state through fixed absolute paths instead of copied local trees.

Public Exposure

NC01 HWLAB v0.3 does not require publicExposure unless YAML explicitly declares it and a real FRP token source is available. When publicExposure is absent, control-plane public probe is skipped and must not block runtime readiness.

Web-probe sentinel deployments that need public ingress must declare their own YAML publicExposure and Secret sourceRef. Do not create placeholder FRP tokens; a missing platform-infra/pk01-frp.env token source is a deployment blocker for FRP-backed public exposure.

Validation Entrypoints

  • Provider/trans: scripts/trans NC01 argv true.
  • NC01 k8s route: scripts/trans NC01:k3s kubectl get nodes -o wide.
  • Decision Center: bun scripts/cli.ts decision health; drill-down storage verification can be run inside the NC01 decision-center Pod against /api/storage/verify.
  • HWLAB v0.3: bun scripts/cli.ts hwlab nodes control-plane status --node NC01 --lane v03 --full.
  • AgentRun v0.2: bun scripts/cli.ts agentrun control-plane status --node NC01 --lane nc01-v02.