feat: dark-orchestrator provisioning foundation + live Yandex Cloud adapter #1
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "feat/provisioning-yc"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Establishes dark-orchestrator's provisioning control plane (hexagonal ports & adapters) and the tenant-VM lifecycle up through credentials init — validated end to end against real Yandex Cloud.
What's in it
CloudProvider,SecretStore,DarkAgent);Orchestratordepends only on them viaArc<dyn …>; adapters at the edges;mainis the only wiring point. Minimal axum API surface holds only a control handle.CloudProviderport + in-memory mock + a real Yandex Cloud REST adapter (YcCloudProvider): IAM-token JWT (PS256), create → poll operation → read address, bounded health wait, idempotent delete. Config from env or akey.json(YC_SA_KEY_FILE); public IP optional (YC_PUBLIC_IP).DarkAgentcredentials port + mock; the control loop runs first-deployinit → claude → export → vaultvs respawnimport → claude.SecretStoreport + mock; secret-bearing types redact underDebug.AGENTS.md+ session hooks, Gitea Actions CI (fmt + clippy pedantic + test),.env/dotenvy,docs/yc-provisioning.md.Verification
cargo fmt --check,cargo clippy --all-targets -- -D warnings -W clippy::pedantic,cargo test(unit).yc_liveintegration test creates and destroys a real YC VM (private-only) — passing.Accepted (sandbox) / follow-ups
vpc.publicAdminrole / tenant network model (#735); image publish to YC (#588); transactional rollback-teardown on provision failure (#767).