Skip to content

RFC 0017 (code slice): /_api/export + /_api/import + recover_all import-bootstrap #57

Description

@amiller

Loop-doable code slice of rfcs/0017-state-durability-recovery.md, split from parent tracking #21.

Build (RFC 0017 §1,2,4 — code only):

  • GET /_api/export (authed): JSON bundle of every project's manifest + pins (source/ref/commit_sha/tree_hash/image/image_digest/runtime/entry/port/mode/volumes) + audit refs. Raw env secrets EXCLUDED (continuity is the credential broker's job, RFC 0018).
  • POST /_api/import (authed): redeploy each manifest PINNED — git clone at commit_sha, recompute tree_hash, ERROR+skip on mismatch (no re-clone-latest fallback); image projects pull by image_digest.
  • recover_all() in proxy/runtimes.py: if the registry is empty on boot but an import bundle is present, restore from it before starting runtimes.
  • Files: proxy/ingress.py, proxy/projects.py, proxy/runtimes.py.

OUT OF SCOPE (stays human in #21): the operational requirement that daemon_data/audit/tunnel/data be EXTERNAL named volumes outliving a CVM (§3 — compose/deploy change); the sealed-dataDir snapshot (§5 — separate follow-up).

Why: this is the brokered, no-SSH way to migrate project state between CVMs — done manually via a privileged sidecar during the prod7 oauth3 move; belongs as a daemon endpoint.

Metadata

Metadata

Assignees

No one assigned

    Labels

    p2Medium priority

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions