This session shipped:
- Approach B end-to-end (commit 4a3d9d7): full rollout to all 7 tenants;
marcelle E2E validated twice (121s + 100s).
- v2.10.2 surgical update applied to 6 remaining tenants.
This commit lands the kickoff for Approach C (template re-render path):
scripts/templates changes:
- docker-compose.yml.hbs.OLD-style-pre-approach-c: preserved old CCP
template (Handlebars-heavy, dynamic container names, secrets rendered
at template-time).
- docker-compose.yml.hbs: REWRITTEN as a near-mirror of canonical
docker-compose.prod.yml. Minimal Handlebars overlay:
- Header comment lists {{name}}, {{slug}}, {{composeProject}}.
- 5 image refs: ${IMAGE_TAG:-latest} -> {{imageTag}}, so CCP can
per-instance override once Phase 1 lands the Instance.imageTag column.
All other variation flows through env-var substitution from tenant's
.env. Container names are now hardcoded (matching prod), feature flags
are deferred to COMPOSE_PROFILES gating (matching prod).
Why a rewrite: the old CCP template and prod compose used fundamentally
different conventions (dynamic vs hardcoded names, render-time vs
substitute-time secrets, Handlebars vs profiles gating). Sync-by-addition
couldn't reconcile them. The rewrite makes Approach C re-render safe for
the install.sh-installed fleet (marcelle, linda, pia and future).
docs/SESSION_HANDOFF_2026-05-21.md: full session handoff covering fleet
state, Approach B rollout, Approach C plan, and where to start next
session. force-added because /docs is gitignored (same precedent as
docs/SESSION_HANDOFF_2026-05-20.md from prior session).
Phase 0 remaining work (next session):
- Audit env.hbs against new compose env-var expectations
- Sync static config files (nginx/, configs/prometheus/, etc.)
- Build api/scripts/render-for-instance.ts harness
- Iterate template until rendered output is per-instance-only diff
against marcelle/linda/pia actual compose.
Then Phases 1-6 per plan in subsequent sessions (~11-14 hours total).
Bunker Admin
