Skip to content

docs(lore-0051): descope step 3 (remote mTLS apply), apply over loopback admin#46

Merged
karczuRF merged 1 commit into
developfrom
docs/0051_descope-step3-mtls-apply
Jun 18, 2026
Merged

docs(lore-0051): descope step 3 (remote mTLS apply), apply over loopback admin#46
karczuRF merged 1 commit into
developfrom
docs/0051_descope-step3-mtls-apply

Conversation

@karczuRF

@karczuRF karczuRF commented Jun 18, 2026

Copy link
Copy Markdown
Collaborator

What

Reframes task 0051 around applying the prices.* schema over loopback as the box default admin (BE's docker-compose sidecar model) and descopes Step 3's remote mTLS DDL apply path.

Why

Studying BE's infra-hetzner + crates/db-clickhouse:

  • BE's db-clickhouse-init applies schema as a sidecar on the box over the plaintext Docker bridge as default — there is no mTLS in the apply path.
  • BE removed its remote-DDL users (migration_admin/partition_admin, BE task 0241).
  • mTLS in BE is solely the runtime read/write transport for the remote api/indexer Lambdas (mtls::client_from_lambda_env).
  • Task 0063 grants prices-api the same posture — box admin via loopback (clickhouse-client --user=default on the box, 0063 Steps 1+3).

So a remote mTLS DDL connection is unnecessary and re-introduces exactly what BE retired.

Changes (task doc only)

  • Step 3 marked descoped; no mTLS code — the existing plaintext prices-clickhouse-init is the apply tool.
  • Step 4 reframed: run the plaintext init against the box loopback (on box / SSH tunnel) as default admin.
  • Acceptance criteria: dropped the mTLS criterion; live-apply criteria reframed + marked gated on 0063 handover.
  • 0052 dependency dropped from Blocked-on; rationale recorded under Design Decisions → Emerged docs(lore-0003): amm-trades-schema §7 + §11 — four-decoder reality #5.

No code changes. mTLS (0052) remains the runtime transport for 0038/0039/0040.

@karczuRF
docs(lore-0051): descope step 3 (remote mTLS apply), apply over loopb…
93b1810 
…ack admin

BE never applies schema over mTLS: db-clickhouse-init runs as a
docker-compose sidecar on the box over the plaintext Docker bridge as
`default`, and BE removed its remote-DDL users (migration_admin/
partition_admin, BE task 0241). mTLS there is solely the runtime
read/write transport for the remote api/indexer Lambdas. 0063 grants
prices-api the same posture (box admin via loopback), so a remote mTLS
DDL apply path is unnecessary and re-introduces what BE retired.

Reframe 0051 around the loopback-admin apply (the existing plaintext
prices-clickhouse-init is the apply tool — no mTLS code). Drop the 0052
dependency; only the live apply (Step 4) remains, gated on 0063 access
handover. Record under Design Decisions -> Emerged #5.
@karczuRF karczuRF merged commit 1a31da6 into develop Jun 18, 2026
3 checks passed
@karczuRF karczuRF deleted the docs/0051_descope-step3-mtls-apply branch June 18, 2026 10:39
karczuRF added a commit that referenced this pull request Jun 18, 2026
@karczuRF
chore(lore-0051): move to blocked on 0063
1565b21 
Descope merged via PR #46 (1a31da6). Steps 1-2 shipped and Step 3
descoped, so the only remaining work is Step 4 — the live loopback-admin
apply + MV smoke test — which needs 0063 to create the prices database
and hand over box admin access. No code work remains on 0051 itself.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@karczuRF