Skip to content

Deploy Knowledge Loop on loop pinned to knowledge#18#305

Closed
Svaag wants to merge 1 commit into
mainfrom
deploy/knowledge-loop-version-pin
Closed

Deploy Knowledge Loop on loop pinned to knowledge#18#305
Svaag wants to merge 1 commit into
mainfrom
deploy/knowledge-loop-version-pin

Conversation

@Svaag

@Svaag Svaag commented Jun 27, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Pin knowledge_loop_version on the loop VM to 0b414ae — the merged Knowledge revision (Add Knowledge Loop agent knowledge#18) that first ships hyrule-knowledge loop --once.
  • Keep knowledge_loop_timer_enabled: false so applying only provisions the runtime (dedicated user, pinned checkout, dependency sync, disabled service/timer). No producer cycle runs yet.
  • Live OpenRouter enrichment budget stays at the role default 0.

Dependency / ordering

Safety

  • Timer disabled by default; this PR does not start the loop.
  • Runtime credential scope is separate from Engineering Loop and CI/CD PR-Agent (per Add Knowledge Loop runtime scaffold #302's knowledge-loop Vault policy/AppRole).
  • No fleet SSH, Docker socket, wallet, app runtime, or broad Vault access.

Follow-up (not in this PR)

  • A separate reviewed canary PR flips knowledge_loop_timer_enabled: true and adds the passive run-status / timer monitoring checks, after a manual one-shot smoke run.

🤖 Generated with Claude Code

Pin the governed Knowledge Loop producer agent on the dedicated loop VM to the
merged Knowledge revision 0b414ae (AS215932/knowledge#18), which is the first
commit shipping `hyrule-knowledge loop --once`.

The systemd timer stays disabled (knowledge_loop_timer_enabled: false): applying
only provisions the runtime — dedicated user, pinned checkout, dependency sync,
and the disabled service/timer. No cycle runs until a separate reviewed canary
flips the timer on. Live OpenRouter enrichment budget remains the role default 0.

Depends on the knowledge_loop role from #302; merge and deploy that first.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@github-actions

Copy link
Copy Markdown
Contributor

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

🎫 Ticket compliance analysis ❌

18 - Not compliant

Non-compliant requirements:

  • None of the requirements are addressed by this PR (pinning a version for a separate agent, not touching rtr NAT64 infrastructure)

Requires further human verification:

  • The PR description claims to pin the knowledge loop to the merged revision of this ticket, but the ticket content is about a NAT64/rtr ARP issue, not about a hyrule-knowledge loop --once command. This discrepancy requires human verification.

302 - Not compliant

Non-compliant requirements:

  • This PR does not add any of the role, systemd units, Vault integration, or workflow changes. It only sets two host variables that depend on those items existing.
⏱️ Estimated effort to review: 1 🔵⚪⚪⚪⚪
🏅 Score: 75
🧪 No relevant tests
🔒 No security concerns identified
⚡ Recommended focus areas for review

Missing Dependency Gate

The host_vars reference knowledge_loop_version which expects the knowledge_loop Ansible role (defined in ticket

knowledge_loop_version: "0b414aea6777ab067ae69c4fd82f715e847cc58e"
knowledge_loop_timer_enabled: false
Unvalidated Commit Hash

The pinned commit 0b414aea6777ab067ae69c4fd82f715e847cc58e is provided without a repository prefix. If this hash does not exist in the expected Git repository (or if the variable resolves to a different repo than intended), the deployment will silently fail or check out the wrong code. No CI step validates that the hash is reachable.

knowledge_loop_version: "0b414aea6777ab067ae69c4fd82f715e847cc58e"

@github-actions

Copy link
Copy Markdown
Contributor

PR Code Suggestions ✨

Explore these optional code suggestions:

CategorySuggestion                                                                                                                                    Impact
General
Use variable for commit hash

The commit hash 0b414aea6777ab067ae69c4fd82f715e847cc58e is hardcoded. Consider
using a variable or tag reference to make future updates easier and avoid manual
hash lookups.

ansible/inventory/host_vars/loop.yml [32-33]

-knowledge_loop_version: "0b414aea6777ab067ae69c4fd82f715e847cc58e"
+knowledge_loop_version: "{{ knowledge_loop_commit_hash | default('0b414aea6777ab067ae69c4fd82f715e847cc58e') }}"
 knowledge_loop_timer_enabled: false
Suggestion importance[1-10]: 4

__

Why: The suggestion is valid but offers a minor improvement in maintainability. The hardcoded commit hash is intentional per the PR comments (pinned to a specific revision), and introducing a variable adds unnecessary indirection for a value that is explicitly pinned and rarely changed.

Low

@Svaag

Svaag commented Jun 27, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #302. Per Codex review, the knowledge_loop_version pin on loop is folded directly into the scaffold PR #302 (commit b48083d) so the role, workflow enablement, and version pin land together and the first apply is reproducible. Closing this standalone deploy PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant