Extends MCP to own the full build-push-deploy lifecycle. When deploying,
the CLI checks whether each component's image tag exists in the registry
and builds/pushes automatically if missing and build config is present.
- Add Build, Push, ImageExists to runtime.Runtime interface (podman impl)
- Add mcp build <service>[/<image>] command
- Add [build] section to CLI config (workspace path)
- Add path and [build.images] to service definitions
- Wire auto-build into mcp deploy before agent RPC
- Update ARCHITECTURE.md with runtime interface and deploy auto-build docs
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Drop uses_mcdsl, full image URLs, ports, network, user, restart.
Add route declarations and service-level version. Image names and
most config are now derived from conventions.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Service definitions now include [build] config (path, uses_mcdsl,
images) so MCP owns the full build-push-deploy lifecycle, replacing
mcdeploy.toml. Documents mcp build, mcp sync auto-build, image
versioning policy (explicit tags, never :latest), and workspace
convention.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Purge removes stale registry entries — components that are no longer
in service definitions and have no running container. Designed as an
explicit, safe operation separate from sync: sync is additive (push
desired state), purge is subtractive (remove forgotten entries).
Includes safety rules (refuses to purge running containers), dry-run
mode, agent RPC definition, and rationale for why sync should not be
made destructive.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Incorporates all 14 items from DESIGN_AUDIT.md: node registry in CLI
config, container naming convention (<service>-<component>), active
state semantics, adopt by service prefix, EventInfo service field,
version from image tag, snapshot/backup timer, exec-style alert
commands, overlay-only bind address, RPC audit logging, /srv/ ownership,
rootless podman UID mapping docs.
Three minor fixes from final review: stale adopt syntax in bootstrap
section, explicit container naming in deploy flow, clarify that list/ps
query all registered nodes.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Major design changes from the review:
- Merge agent and watcher into a single smart per-node daemon
- CLI is a thin client with no database; service definition files
are the operator's source of truth for desired state
- Registry database lives on the agent, not the CLI
- Rename containers to components; components are independently
deployable within a service (mcp deploy metacrypt/web)
- active: true/false in service definitions; desired_state values
are running/stopped/ignore
- Server-side TLS + bearer token (not mTLS)
- Dedicated mcp user with rootless podman
- CLI commands: list (registry), ps (live), status (drift+events),
sync (push desired state)
- Agent reports node resources (disk, memory, CPU) for future scheduling
- Agent is gRPC-only (deliberate exception to REST+gRPC parity rule)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Design spec for the Metacircular Control Plane covering master/agent
architecture, service registry with desired/observed state tracking,
container lifecycle management, service definition files, single-file
transfer scoped to /srv/<service>/, and continuous monitoring via
mcp watch with event logging and alerting.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
