factory/vibe/PRD/safe-prod-like-environment/STATUS.md

vibe > PRD > Safe, production-like environment > STATUS

STATUS — Safe, production-like environment

Last Updated: 2026-06-23

Legend: ⬜ not started · 🟡 in progress · ✅ done

Important

This file MUST be updated whenever something ships. Every PR that advances a phase crosslinks back here (and the matching checkbox flips), and the PRs table gets a row.

Phase 0 — Isolation guardrails

Must land before any sandbox run.

• ⬜ Sandbox inventory inventory/sandbox/hosts.yml (VM/cloud hosts only)
• ⬜ Prod-IP abort guard (aborts on 192.168.1.201-203 unless i_mean_prod=true)
• ⬜ Sandbox GCS state prefixes (sandbox/...) or gs://arcodange-tf-sandbox
• ⬜ Sandbox Vault unseal-key path (~/.arcodange/sandbox/cluster-keys.json)
• ⬜ Sandbox env profile / plan-only DNS against a throwaway zone

Phase 1 — Tier-1 k3d fast mode

• ⬜ One-command bring-up seeded from GitOps
• ⬜ Parity manifest v1
• ⬜ Canary provisioning-parity test
• ⬜ changed=0 idempotence gate documented

Phase 2 — Tier-1 3-VM cluster

• ⬜ Three arm64 VMs (multipass / Vagrant on the M4)
• ⬜ Same system_k3s; Postgres + Gitea outside k3s on the pi2-equivalent VM
• ⬜ Longhorn across the three VM disks
• ⬜ Chaos drills: node-kill / Vault-seal / DB-drop
• ⬜ First full CLUSTER_RECOVERY dry-run against the sandbox

Phase 3 — Game-day operationalization

• ⬜ Monthly cadence + promotion gate in the PR checklist
• ⬜ Longhorn engine-ID drill
• ⬜ ArgoCD bad-sync rollback runbook
• ⬜ Evidence trail for ≥1 cycle

Phase 4 — out of scope

Not planned: dedicated physical node (4th Pi / mini-PC) and disposable cloud k3s for real public DNS/ACME. See ADR 0001 for the rejected-alternatives rationale.

PRs

PR	Scope	Phase	Merged
#10	Bootstrap the vibe/ tree + ecosystem AGENTS.md (PRD scaffold, not a phase deliverable)	—	🟡 open