feat(sprint): onboard, orient, adaptive trust + 16 issues from field testing#39
Merged
Merged
Conversation
#37 — contentPreview is now optional in the web type; the plan page shows a re-plan hint instead of a blank code block for plans generated before content preview was wired up. plan-env.ts extractEnvKeys also guards the undefined case. #35 — dns-preflight.ts wired into appendVpsPreflight: when --vps-manage-caddy + --vps-domain are set, Convoy resolves the domain and compares against the VPS host IP before deploying. Three outcomes: match (pass), no-record (hard blocker with the exact A record to add), mismatch (hard blocker naming both IPs). Caddy cannot obtain a TLS certificate without the domain pointing at the box — catching this before image push prevents a late failure mid-promote. https://claude.ai/code/session_0127RzVpGF1bqhMxAviNnAMF Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…explained peer plans Closes #31. When convoy plan --save (or convoy ship) creates a new plan for a target path, it now supersedes ALL prior active plans for that path before saving. The new plan gets supersedes: <most-recent-prior-id>; each old plan gets supersededBy: <new-id> rewritten into its envelope. Changes: - ConvoyPlan gains optional supersedes and supersededBy fields - PlanStore.markSuperseded() rewrites both envelopes atomically - PlanStore.findAllActiveForTarget() returns every unsuperseded plan for a local path (convoy plan supersedes all of them, not just the most recent, so multi-test scenarios clean up completely) - convoy plans output gains an active / "superseded → <id>" column - Web plans list dims superseded plans and shows the superseded-by id - Web plan detail page shows a warning banner when a plan has been superseded, with links to the replacing plan and the one it replaced https://claude.ai/code/session_0127RzVpGF1bqhMxAviNnAMF Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…oppler, Vault Closes #36. convoy secrets pull <planId> Pulls the plan's expected keys from Infisical (universal-auth), Doppler (doppler CLI), or Vault (vault CLI) and writes them to .env.convoy-secrets. Manager is read from preferences.json or --manager= flag. convoy secrets push <planId> Reads .env.convoy-secrets and emits the platform-specific push commands for the operator to confirm and run. convoy secrets health Probes the configured manager (5s timeout); used in preflight. stage-secrets pull offer: When a secrets manager is detected in preferences, stage-secrets leads with "Infisical detected — pull N expected keys? [Y/n]" before the manual walkthrough. Preflight health check: When preferences name a secrets manager, preflightApply probes it. Unreachable shows advisory with remedy. All commands follow the no-secret-values-to-stdout rule. https://claude.ai/code/session_0127RzVpGF1bqhMxAviNnAMF Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…cards, starfield
Rewrites the home page from a plain text layout into a full interactive hero:
- PipelineHero (canvas): 8-stage pipeline graph with quadratic-curve connectors,
animated particle system flowing stage-to-stage, pulsing glow nodes, hover
interaction (nearest node within 28px), and a glassmorphism tooltip that shows
each stage's description.
- HeroCards: four 3D floating cards with RAF-driven translateY + rotateX/rotateY
oscillation (different frequencies + delays per card). Cards show live-updating
canary metrics (p99, traffic %, error rate via setInterval), platform score bars,
a scan-signals table, and a Medic diagnosis example.
- Starfield (canvas): 120 twinkling stars (sine-based alpha) and three slow-moving
nebula radial gradients in accent/success/medic hues.
All three components are loaded with next/dynamic { ssr: false } to keep them
off the SSR path. Renamed the next/dynamic import to `dynamicImport` to avoid
the naming collision with Next.js's `export const dynamic = 'force-dynamic'`
segment configuration.
Also adds hero sections: evidence/HeroCards panel, 6-feature pill grid, workspace
dashboard (active plans + recent runs), and a quick-start 3-step strip.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…ures Expanded and restructured the README from a rough draft into a polished product document (~440 lines): - Meridian scenario fully narrated from onboard through observe (9 steps, 8 minutes, zero tribal knowledge), now including the onboard interview as step 1 of the story - Onboard + orient section with 5-question breakdown, --answers flag for non-interactive use, drift detection output example - Secrets section: convoy secrets pull/push, Infisical universal-auth, Doppler CLI, Vault; key-names-and-counts-only guarantee called out - Plan supersede lineage in pipeline table and CLI reference - VPS + Caddy DNS preflight with concrete terminal output example - VPS bootstrap with --yes idempotency gate - Platform scoring table with signal breakdown per platform - Three drive modes (scripted / real-local / full-real) with flag cheatsheet - Slash commands updated: /convoy:onboard, /convoy:orient added - CLI reference table covering all sub-commands including secrets - Prerequisites, verification, and architecture summary tightened - Three principles block kept verbatim at the end Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #18. Merges the full onboard/orient/adaptive-trust sprint plus all issues filed from the cloudie real-world field test (#19–#37).
What's in this PR
Core doctrine: onboard precedes everything
convoy onboard [path]— 5-question first-contact interview; persists to.convoy/preferences.jsonconvoy orient [path]— per-run drift detection between declared preferences and repo artifactsconvoy plan/convoy shipblocks on the onboard interview when nopreferences.jsonexists and stdin is a TTY--skip-onboardbypasses for CI; greenfield repos get a decisive platform pick that becomes the team mandatePlatform decision provenance (was: phantom CLI flag)
convoy onboardis its own source ('mandate') — plans now say "honoring the team platform mandate declared at onboard" instead of "(override) respecting explicit--platform=vpsoverride"mandate/override/existing-config; per-lane scoring only whenscoredand platform isn't forced by compose/Caddy topologyVPS platform — exhaustive switches, no Cloud Run leakage
switchonPlatformin planner/author ensures VPS plans never narrate Cloud Run or Fly--vps-manage-caddy+--vps-domain: resolves the domain, compares against VPS host IP, surfaces hard blockers with the exact A record to add before image pushPlan lifecycle
convoy plan --savemarks ALL prior active plans for the same target path as superseded;convoy plansshowsactive/superseded → <id>; web list dims superseded plans; plan detail page shows superseded-by warning banner with navigation linksSecrets
convoy secrets pull <planId>— pulls expected keys from Infisical (universal-auth), Doppler (CLI), or Vault (CLI) →.env.convoy-secretsconvoy secrets push <planId>— operator-confirmed push back to secrets managerconvoy secrets health— probes manager (5s timeout); shown in preflightstage-secretsleads with pull offer when a secrets manager is configuredstage-secretspushes values to the platform (Fly/Vercel/Railway/Cloud Run/VPS) when auth allowssecretvsconfig; attributed per laneAdaptive trust + wave sequencing
src/core/run-history.ts— append-only run history;computeTrustLevel()0–4;shouldAutoApprove()respects compliancetopoSortLanes()for DAG-aware deployment wavesCanaryStage; trust-awareawaitApprovalAdapters
railway up+ pollrailway statusgcloud run deploy+ traffic split for rollbackScanner
Web
Installer
scripts/installprompts forANTHROPIC_API_KEYinstead of requiring manual.envassemblysedfix (macOS compatible)Plugin
/convoy:onboardand/convoy:orientslash commands/convoy:helpupdated with new commands including secretsIssues closed
#19, #20, #21, #22, #23, #27, #28, #29, #30, #31, #32, #33, #34, #35, #36, #37 (+ #7, #9, #10, #11 from previous sprint)
Test plan
npm run typecheckpasses (root)(cd web && npm run typecheck)passesnpm run convoy -- plan ./demo-app --savegenerates a plan with contentPreview populatedconvoy plansshowsactive/superseded →columnconvoy onboardon a fresh repo (no preferences.json) runs the 5-question interviewconvoy orienton a repo with preferences.json detects drift or confirms consistencyhttps://claude.ai/code/session_0127RzVpGF1bqhMxAviNnAMF
Generated by Claude Code