78 lines
1.7 KiB
Markdown
78 lines
1.7 KiB
Markdown
# Crabbox Remote Proof
|
|
|
|
Crabbox is the remote execution layer for `teleo-infrastructure`. It is not the production deploy system.
|
|
|
|
## Goals
|
|
|
|
- Run Python tests on a disposable or warm remote Linux box.
|
|
- Run the Phase 1B local proof script remotely.
|
|
- Retain JUnit and machine-readable proof artifacts.
|
|
- Give agents a bounded job list instead of arbitrary cloud shell access.
|
|
|
|
## Non-Goals
|
|
|
|
- No production deploys.
|
|
- No production secrets.
|
|
- No production VPS mutation.
|
|
- No production `decision-engine` PR comments from Crabbox jobs.
|
|
|
|
## Required Local Setup
|
|
|
|
Crabbox CLI 0.22.1 or newer:
|
|
|
|
```bash
|
|
crabbox --version
|
|
```
|
|
|
|
One of:
|
|
|
|
```bash
|
|
crabbox login --url "$CRABBOX_COORDINATOR"
|
|
```
|
|
|
|
or direct Hetzner operator env:
|
|
|
|
```bash
|
|
export HCLOUD_TOKEN="..."
|
|
```
|
|
|
|
Do not commit either value.
|
|
|
|
## Jobs
|
|
|
|
```bash
|
|
crabbox job list
|
|
crabbox job run --dry-run unit
|
|
crabbox job run --dry-run phase1b-local-proof
|
|
crabbox job run unit
|
|
crabbox job run phase1b-local-proof
|
|
```
|
|
|
|
`phase1b-local-proof` writes:
|
|
|
|
- `proof/phase1b-local-e2e-proof.json`
|
|
- `.crabbox-results/phase1b-pytest.xml`
|
|
- `.crabbox-results/phase1b-proof-summary.json`
|
|
|
|
## Secret Boundary
|
|
|
|
Allowed:
|
|
|
|
- `CI`
|
|
- `PYTHONWARNINGS`
|
|
- `PHASE1B_AGENT_ROUTING_ENABLED`
|
|
- broker token in user config
|
|
- direct `HCLOUD_TOKEN` or `HETZNER_TOKEN` in local operator env
|
|
|
|
Not allowed:
|
|
|
|
- production GitHub admin token
|
|
- production Forgejo token
|
|
- production OpenRouter key
|
|
- production SSH keys
|
|
- Bitwarden exports
|
|
- prod `pipeline.db`
|
|
|
|
## Proof Boundary
|
|
|
|
Crabbox remote proof proves repo behavior on a remote Linux lease. It does not prove production parity unless the lease recreates the production runtime paths, systemd services, timers, DB path, and deploy script behavior.
|