Skip to content

roadmap(selfhost): production hardening and first release readiness #1819

Description

@JSONbored

Context

The self-hosted Gittensory review stack is now running from the Git-backed Docker deployment path and has the core review engine, AI provider support, private repo config, observability profiles, dashboards, and release-image workflow pieces in place.

The remaining work before treating this as an official community-ready self-hosted product is production hardening, operational safety, documentation accuracy, release packaging, and cleanup of cloud-era migration surfaces.

REES runtime hardening is intentionally out of scope here because it is tracked separately under the REES analyzer/runtime roadmap.

Goals

  • Make the stack safe to operate without overwriting private configs, rules, auth, data, or secrets during updates.
  • Verify backup and restore paths before encouraging real maintainers to rely on the service.
  • Prepare the first official self-host image/release path with clear tags, rollback, source maps, and support expectations.
  • Expand observability and Sentry context so failures are actionable without exposing sensitive review data.
  • Verify Orb broker/relay/outcome telemetry end to end for brokered self-host deployments.
  • Inventory hosted/cloud-era resources and migrate or retire them deliberately, with no destructive cleanup until approved.
  • Reduce self-host runner pressure and CI queue stalls without weakening fork security.
  • Keep website documentation aligned to runtime truth and avoid loose or stale docs.

Requirements

  • Preserve all operator-owned .env, mounted repo config, auth volumes, database volumes, Grafana data, dashboards, and local compose overrides.
  • Keep Sentry, OTEL, dashboards, and backup integrations optional for other self-hosters.
  • Sentry must remain off by default for community self-hosters unless they set their own DSN.
  • No official image may include secrets, private configs, local auth material, source maps, local data volumes, or deployment-specific overrides.
  • Fork PRs must never run untrusted code on secret-bearing self-hosted runners.
  • Cloudflare/D1/KV/R2/Worker cleanup must be inventory-first and explicitly approved before deletion.
  • Documentation work belongs in the website docs surface, not loose repo docs, unless a root runbook is intentionally part of the operator package.

Child work

Related work

Definition of done

  • A clean operator can install, configure, back up, update, roll back, observe, and troubleshoot the self-host stack from official docs and released artifacts.
  • The maintainer deployment can update from main or a released image without custom one-off steps and without overwriting private configuration or secrets.
  • The first official image release has a repeatable checklist, smoke tests, source-map/release validation, and rollback instructions.
  • Operational failure classes create actionable, scrubbed Sentry/log/dashboard signals.
  • Hosted-era resources have a reviewed keep/migrate/retire plan before any destructive action.

Ownership

Maintainer-only. Assigned to JSONbored. No gittensor:* labels.

Metadata

Metadata

Assignees

Labels

maintainer-onlyOwner-only work — yields no Gittensor points.roadmapOn the Wave-2 agent-layer roadmap board (project 9)

Projects

Status
Todo

Relationships

None yet

Development

No branches or pull requests

Issue actions