ALAI CI/CD Blueprint Standardization 2026-05-08
ALAI CI/CD Blueprint Standardization — 2026-05-08
Master MC: #99881 Owner: John (AI Director) + Petter Graff persona for canonical refresh Status: All 4 phases verified closed. Triple-layer enforcement live. Cost: ~$15-30 LLM tokens
Context
CEO directive 2026-05-08 in single-day push: "Discuss CI/CD pipelines and blueprints" → triple-layer mechanical enforcement live + 7/7 fleet compliance + free-first routing across persona blueprints.
4-phase arc summary
| Faza | MC | Outcome |
|---|---|---|
| 1 — Audit | #99882 | 4 artifacts in ~/system/specs/cicd-audit-2026-05-08/ (gap matrix, deploy-map matrix, canonical self-audit, summary). 1 real bug caught: DropSrbija/BUILD-BLUEPRINT.md line 225 stale "Postgres 5434" comment (actual port 5436). |
| 2 — Canonical refresh | #99886 | UNIVERSAL bumped to v3.0 (§13 6-mandatory files including DEPLOY-MAP, §15 forma-only variant, §16.3 CI gates, ZAKON PI2 invariant). DEPLOY bumped to v2.0 (multi-profile §1A GCP / §1B Azure VM / §1C Cloudflare Pages / §1D Vercel deprecated). blueprint-format.md disambiguation header (YAML agent layer vs MD product layer). alai-cicd-architecture.md staleness notice (sections §5.2 AWS, §9 Phase 3 superseded). |
| 3 — Product migration | #99896 | 7 in-scope products migrated to v2 §1A/§1B/§1C profiles. 6 new mandatory files created (web PIPELINE/RUNBOOK/CHANGELOG, Gotiva RUNBOOK/CHANGELOG, Drop PIPELINE). Drop §1B refactor reached FULL_COMPLIANCE 5/5 schema. Excluded: BasicFakta (MC #99893 Vercel→CF Pages migration), DropSrbija (MC #99883 scope decision), akershus-fylke (forma-only). |
| 4 — Enforcement | #99911 | Triple-layer mechanical enforcement live. |
Triple-layer enforcement (all live, all verified)
1. Linter — ~/system/tools/blueprint-check.js v2
Dual-mode (backward compat with mehanik-commit + pre-dispatch-gate Check 9):
- Rubric mode (default, original): scores BUILD-BLUEPRINT.md 0-100 across 6 checks. Exit 0 if ≥ 60.
- Inventory mode (
--inventory): checks 6 mandatory files per UNIVERSAL v3 §13. Validates DEPLOY-MAP.md schema 5/5 per DEPLOY v2 §4. Respects forma-only flag. Verdict states: FULL_COMPLIANCE / FORMA_ONLY_OK / PARTIAL_SCHEMA / MISSING_FILES.
JSON output reusable by hook + daemon.
2. PostToolUse hook — ~/.claude/hooks/blueprint-schema-validator.sh
Registered in settings.json under Write|Edit|MultiEdit matcher. Triggers on writes to product-root DEPLOY-MAP.md files under ~/business/ALAI-Holding-AS/{products,web,finance}/*/. Blocks with exit 2 + structured BLOCKED message + missing sections + template pointers when schema fails. Override marker: <!-- blueprint-schema-validator: skip -->.
Trace log: ~/system/state/blueprint-schema-validator-trace.log.
3. Nightly daemon — ~/system/daemons/blueprint-fleet-watchdog.js
LaunchAgent com.alai.blueprint-fleet-watchdog schedules daily 06:15. Scans 10 product roots, persists state to ~/system/state/blueprint-fleet-status.json, detects regressions (verdict drop, schema score drop, file removal) with differential alert. Exit 1 on regression.
Free-first routing (CEO directive "ukljuci free modele gdje god mozes")
~/system/config/tier-routing.json updated:
- MLX FORGE tiers added: M2 (gemma-4-26b@11435), M2c (qwen3-coder-30b@11437), M3 (qwen3-32b@11436). All 3 servers verified live via curl before adding to canonical.
- callerRoutes added:
verifier→2cHQ,fix-builder→2c,redzo-reviewer→M2c. - providerFallback chains: verifier (MLX → Ollama ANVIL → Claude secondary), fix-builder (Ollama → Ollama → Claude secondary).
Persona blueprint sweep (MC #99923): 13 yaml files — 9 all-sonnet personas (AgentForge, Axiom, Finverge, FlowForge, Lexicon, Proveo, Resolver, Skybound, Vizu) + 4 CodeCraft yaml (api-backend, codecraft-api, nextjs-app, openapi-sdk-package). 46 phase declarations swept sonnet → local-first (qwen2.5-coder:32b@anvil for general phases, qwen3-coder:latest@forge for code-gen phases). 6 KEPT-sonnet phases with explicit rationale: 3 Lexicon legal phases (Norwegian law / GDPR / PSD2 regulatory precision), 3 Resolver cross-company phases (multi-domain reasoning).
Verifier pattern dokazan
bp-verifier background agent ran ~15 rounds, ~178 atomic claims, 2 stvarna buga uhvaćena:
- DropSrbija/BUILD-BLUEPRINT.md line 225 stale comment "Postgres 5434" (actual port 5436 per docker-compose.yml). Fixed in both audit artifact + product blueprint.
- Drop/DEPLOY-MAP.md schema 3/5 PARTIAL — no formal OPEN RISK / OCD register, no SA distinction. Fixed via §1B-appropriate equivalents (SSH key → Trigger SA equivalent, container USER → Service SA equivalent).
Pattern recommendation: For every multi-phase project, spawn named bp-verifier in BG (Agent({subagent_type: "verifier", name: "bp-verifier", run_in_background: true})), send each artifact via SendMessage for atomic claim validation, fix-loop on FAIL. Cost: $0.10 per round Claude ($0 if MLX primary per new tier-routing).
Fleet compliance final (verified by daemon 2026-05-08)
| Product | Verdict | Files | Schema | Profile |
|---|---|---|---|---|
| Bilko | FULL_COMPLIANCE | 6/6 | 5/5 | §1A GCP |
| Tok | FULL_COMPLIANCE | 6/6 | 5/5 | §1A GCP |
| Drop | FULL_COMPLIANCE | 6/6 | 5/5 | §1B Azure VM |
| Lobby | FULL_COMPLIANCE | 6/6 | 5/5 | §1A GCP (stub) |
| Plock | FULL_COMPLIANCE | 6/6 | 5/5 | §1A GCP (stub) |
| Gotiva | FULL_COMPLIANCE | 6/6 | 5/5 | §1A GCP multi-service |
| web | FULL_COMPLIANCE | 6/6 | 5/5 | §1C CF Pages |
| akershus-fylke | FORMA_ONLY_OK | 1/1 | N/A | non-deployable |
| BasicFakta | MISSING_FILES | 5/6 | 0/5 | §1D Vercel deprecated (MC #99893 migration backlog) |
| DropSrbija | MISSING_FILES | 3/6 | 0/5 | scope decision pending (MC #99883) |
Open follow-ups (parked, not blocking arc closure)
- #99883 DropSrbija scope decision (separate product vs Drop multi-tenant) — needs petter-graff arch memo
- #99893 BasicFakta Vercel→CF Pages migration — 3-4h work + 30d soak
- #99895 Coverage threshold review scheduled 2026-05-22 (after 2-week observability)
- #99955 Securion task/owner schema canonical alignment (L)
Git audit trail
~/systemcommit:a02fd0109— 29 files, +6184/-122 (canonical v3 + audit artifacts + linter v2 + daemon + tier-routing + 13 persona blueprints)~/.claudecommit:bf2ca2d49— hook + settings.json registration
Lessons
- Verifier-in-bg uhvati realne bugove — propagated stale comments + schema gaps. USE THIS PATTERN for every multi-phase project.
- Mehanik enforcement >> ZAKON-only — hook + daemon catch what memo can't. UNIVERSAL §13 / DEPLOY §4 sad mehanički enforced.
- Local-first viable for builder/verifier — qwen2.5-coder + qwen3-coder + MLX qwen3-coder-30b dovoljno za schema validation, code gen, doc draft. Sonnet ostaje za high-stakes synthesis (legal, cross-company).
- Closure-loop discipline — build-verify-mark-done pattern, ne build-verify-stop. CEO uhvatio gap u mid-session closure ("jel sve dokumentovano, merged, zatvoreno po propisima") and triggered this BookStack publish + git commit + memory entry.
References
- Memory project entry:
~/.claude/projects/-Users-makinja/memory/project_cicd_standardization_2026-05-08.md - Audit artifacts:
~/system/specs/cicd-audit-2026-05-08/{blueprint-gap-matrix,deploy-map-gap-matrix,canonical-self-audit,summary}.md - v3 drafts (review trail):
~/system/specs/cicd-canonical-v3-drafts/ - Canonical (production):
~/system/specs/{ALAI-UNIVERSAL-BLUEPRINT,DEPLOY-BLUEPRINT,blueprint-format,alai-cicd-architecture}.md - Pre-promotion backups:
~/system/specs/_backups/20260508-111700/