From 4dd8bc14ffba864bcc8d2ab46a0e0d573eb89cf8 Mon Sep 17 00:00:00 2001 From: Operator & Codex Date: Sat, 9 May 2026 11:42:55 +0200 Subject: [PATCH] Classify pf as shared platform service (Sam & Codex) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Build: pass | Tests: pass — 2221 passed (656 files) --- infra/tenants.yaml | 1 + src/hostd-authorization.test.ts | 8 ++++++++ src/platform-audit-report.test.ts | 9 +++++---- src/test-fixtures/platform-registry.ts | 2 +- 4 files changed, 15 insertions(+), 5 deletions(-) diff --git a/infra/tenants.yaml b/infra/tenants.yaml index 4fa4dca..f09e64a 100644 --- a/infra/tenants.yaml +++ b/infra/tenants.yaml @@ -25,6 +25,7 @@ platform: shared: services: - postgresql + - pf - cms - web-service - code-service diff --git a/src/hostd-authorization.test.ts b/src/hostd-authorization.test.ts index 9016365..b7de730 100644 --- a/src/hostd-authorization.test.ts +++ b/src/hostd-authorization.test.ts @@ -38,6 +38,14 @@ describe('authorizeHostdOperation', () => { { tenantId: 'alpha', caller: 'tenant-agent', registry }, ), ).toEqual({ allowed: true, owner: 'shared-platform' }); + + expect( + authorizeHostdOperation( + 'service-status', + { name: 'pf' }, + { tenantId: 'alpha', caller: 'tenant-agent', registry }, + ), + ).toEqual({ allowed: true, owner: 'shared-platform' }); }); it('blocks shared jails for tenant agents', () => { diff --git a/src/platform-audit-report.test.ts b/src/platform-audit-report.test.ts index 717fe6a..c324d29 100644 --- a/src/platform-audit-report.test.ts +++ b/src/platform-audit-report.test.ts @@ -12,14 +12,15 @@ describe('platform-audit-report', () => { it('collects observed service, jail, and dataset ownership', async () => { // Service probes run in alphabetical order over the deduped union of // platform.services + shared.services + tenant services: - // clawdie, clawdie_hostd, cms, code-service, alpha, postgresql, web-service. - // Then jails, then datasets. + // alpha, clawdie, clawdie_hostd, cms, code-service, pf, postgresql, + // web-service. Then jails, then datasets. callAuthorizedHostdMock + .mockResolvedValueOnce({ ok: false, error: 'alpha is not running' }) .mockResolvedValueOnce({ ok: false, error: 'clawdie is not running' }) .mockResolvedValueOnce({ ok: false, error: 'clawdie_hostd is not running' }) .mockResolvedValueOnce({ ok: false, error: 'cms is not running' }) .mockResolvedValueOnce({ ok: false, error: 'code-service is not running' }) - .mockResolvedValueOnce({ ok: false, error: 'alpha is not running' }) + .mockResolvedValueOnce({ ok: true, output: 'Status: Enabled' }) .mockResolvedValueOnce({ ok: true, output: 'postgresql is running as pid 1' }) .mockResolvedValueOnce({ ok: false, error: 'web-service is not running' }) .mockResolvedValueOnce({ @@ -38,7 +39,7 @@ describe('platform-audit-report', () => { registry: makePlatformRegistryFixture(), }); - expect(report.observedServices).toHaveLength(7); + expect(report.observedServices).toHaveLength(8); expect(report.observedJails).toEqual({ shared: ['git'], tenants: { alpha: ['alpha_ctrl_worker'] }, diff --git a/src/test-fixtures/platform-registry.ts b/src/test-fixtures/platform-registry.ts index 9f05799..68dc054 100644 --- a/src/test-fixtures/platform-registry.ts +++ b/src/test-fixtures/platform-registry.ts @@ -30,7 +30,7 @@ export function makePlatformRegistryFixture(): PlatformRegistry { reservedHostLabels: ['ai', 'cms', 'git', 'web', 'www', 'mail'], }, shared: { - services: ['postgresql', 'cms', 'code-service', 'web-service'], + services: ['postgresql', 'pf', 'cms', 'code-service', 'web-service'], datasets: ['zroot/clawdie-runtime', 'zroot/home/clawdie'], jails: ['cms', 'git'], },