Kyle Isom
ea7a9dcf4d
Major design changes from the review: - Merge agent and watcher into a single smart per-node daemon - CLI is a thin client with no database; service definition files are the operator's source of truth for desired state - Registry database lives on the agent, not the CLI - Rename containers to components; components are independently deployable within a service (mcp deploy metacrypt/web) - active: true/false in service definitions; desired_state values are running/stopped/ignore - Server-side TLS + bearer token (not mTLS) - Dedicated mcp user with rootless podman - CLI commands: list (registry), ps (live), status (drift+events), sync (push desired state) - Agent reports node resources (disk, memory, CPU) for future scheduling - Agent is gRPC-only (deliberate exception to REST+gRPC parity rule) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>