You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@claude — this is the DECLARATIVE version of the earlier provisioning asks (please dedupe them into this). The hand-off is now a manifest, not prose.
What changed upstream (FuzeSDLC L0)
izzywdev/FuzeSDLC#37 adds two declarative blocks to repo-manifest.schema.json (.fuze/manifest.json):
dataTier[]: { store, database, role, privileges, authSource } — the exact DB a role must be granted on.
egress[]: { host, port, reason } — external hosts the product's pods need outbound HTTPS to.
And rewrites shared-cluster-deploy.md §5: datastores + egress are declared, not requested; FuzeInfra reconciles from each consuming repo's manifest; provisioning MUST grant the role on the declared DB and verify it can read/write (a role that can auth but not access its db is a FAILURE), and open namespace egress allow-rules per declared host.
Apply MendysRobotics' declared manifest now (izzywdev/MendysRobotics .fuze/manifest.json, merged):
dataTier: grant role mendysreadWrite on database robot_catalog in mongo (authSource admin) and postgres. This unblocks keywords (currently not authorized on robot_catalog, code 13 → empty reads / failed writes).
egress: allow mendys-prod pods → api.openai.com:443, api.anthropic.com:443, google.serper.dev:443. This unblocks AI keyword generation (LLM API error: Connection error) and Serper discovery.
If your convention is a service-named DB rather than robot_catalog, tell me the canonical name and I'll set MONGODB_DATABASE to match — but the manifest's declared name is robot_catalog.
Done-criteria
POST /keywords/generate → 200, /generate/batch persists, GET /keywords/ returns non-empty in mendys-prod; backend logs free of code 13 and Connection error. Open the PR(s), reply DONE:/BLOCKED:.
@claude — this is the DECLARATIVE version of the earlier provisioning asks (please dedupe them into this). The hand-off is now a manifest, not prose.
What changed upstream (FuzeSDLC L0)
izzywdev/FuzeSDLC#37 adds two declarative blocks to
repo-manifest.schema.json(.fuze/manifest.json):dataTier[]:{ store, database, role, privileges, authSource }— the exact DB a role must be granted on.egress[]:{ host, port, reason }— external hosts the product's pods need outbound HTTPS to.And rewrites
shared-cluster-deploy.md§5: datastores + egress are declared, not requested; FuzeInfra reconciles from each consuming repo's manifest; provisioning MUST grant the role on the declared DB and verify it can read/write (a role that can auth but not access its db is a FAILURE), and open namespace egress allow-rules per declared host.Ask
.fuze/manifest.jsondataTier[]+egress[]and reconcile — create/ensure the role, GRANT the declared privileges on the declared database (Postgres/Mongo/Neo4j), run a post-provision verify (role can read+write its db; fail loudly otherwise), and apply a NetworkPolicy/egress allow-rule per declared host. Make this the standard path so any new repo is just 'declare + reconcile'..fuze/manifest.json, merged):mendysreadWriteon databaserobot_catalogin mongo (authSource admin) and postgres. This unblocks keywords (currentlynot authorized on robot_catalog, code 13 → empty reads / failed writes).mendys-prodpods →api.openai.com:443,api.anthropic.com:443,google.serper.dev:443. This unblocks AI keyword generation (LLM API error: Connection error) and Serper discovery.If your convention is a service-named DB rather than
robot_catalog, tell me the canonical name and I'll set MONGODB_DATABASE to match — but the manifest's declared name isrobot_catalog.Done-criteria
POST /keywords/generate→ 200,/generate/batchpersists,GET /keywords/returns non-empty in mendys-prod; backend logs free ofcode 13andConnection error. Open the PR(s), reply DONE:/BLOCKED:.