# ALAI CI/CD Blueprint Standardization 2026-05-08

# ALAI CI/CD Blueprint Standardization — 2026-05-08

**Master MC:** #99881
**Owner:** John (AI Director) + Petter Graff persona for canonical refresh
**Status:** All 4 phases verified closed. Triple-layer enforcement live.
**Cost:** ~$15-30 LLM tokens

## Context

CEO directive 2026-05-08 in single-day push: "Discuss CI/CD pipelines and blueprints" → triple-layer mechanical enforcement live + 7/7 fleet compliance + free-first routing across persona blueprints.

## 4-phase arc summary

| Faza | MC | Outcome |
|---|---|---|
| 1 — Audit | #99882 | 4 artifacts in `~/system/specs/cicd-audit-2026-05-08/` (gap matrix, deploy-map matrix, canonical self-audit, summary). 1 real bug caught: DropSrbija/BUILD-BLUEPRINT.md line 225 stale "Postgres 5434" comment (actual port 5436). |
| 2 — Canonical refresh | #99886 | UNIVERSAL bumped to v3.0 (§13 6-mandatory files including DEPLOY-MAP, §15 forma-only variant, §16.3 CI gates, ZAKON PI2 invariant). DEPLOY bumped to v2.0 (multi-profile §1A GCP / §1B Azure VM / §1C Cloudflare Pages / §1D Vercel deprecated). blueprint-format.md disambiguation header (YAML agent layer vs MD product layer). alai-cicd-architecture.md staleness notice (sections §5.2 AWS, §9 Phase 3 superseded). |
| 3 — Product migration | #99896 | 7 in-scope products migrated to v2 §1A/§1B/§1C profiles. 6 new mandatory files created (web PIPELINE/RUNBOOK/CHANGELOG, Gotiva RUNBOOK/CHANGELOG, Drop PIPELINE). Drop §1B refactor reached FULL_COMPLIANCE 5/5 schema. Excluded: BasicFakta (MC #99893 Vercel→CF Pages migration), DropSrbija (MC #99883 scope decision), akershus-fylke (forma-only). |
| 4 — Enforcement | #99911 | Triple-layer mechanical enforcement live. |

## Triple-layer enforcement (all live, all verified)

### 1. Linter — `~/system/tools/blueprint-check.js` v2

Dual-mode (backward compat with mehanik-commit + pre-dispatch-gate Check 9):
- **Rubric mode** (default, original): scores BUILD-BLUEPRINT.md 0-100 across 6 checks. Exit 0 if ≥ 60.
- **Inventory mode** (`--inventory`): checks 6 mandatory files per UNIVERSAL v3 §13. Validates DEPLOY-MAP.md schema 5/5 per DEPLOY v2 §4. Respects forma-only flag. Verdict states: FULL_COMPLIANCE / FORMA_ONLY_OK / PARTIAL_SCHEMA / MISSING_FILES.

JSON output reusable by hook + daemon.

### 2. PostToolUse hook — `~/.claude/hooks/blueprint-schema-validator.sh`

Registered in settings.json under `Write|Edit|MultiEdit` matcher. Triggers on writes to product-root DEPLOY-MAP.md files under `~/business/ALAI-Holding-AS/{products,web,finance}/*/`. Blocks with exit 2 + structured BLOCKED message + missing sections + template pointers when schema fails. Override marker: `<!-- blueprint-schema-validator: skip -->`.

Trace log: `~/system/state/blueprint-schema-validator-trace.log`.

### 3. Nightly daemon — `~/system/daemons/blueprint-fleet-watchdog.js`

LaunchAgent `com.alai.blueprint-fleet-watchdog` schedules daily 06:15. Scans 10 product roots, persists state to `~/system/state/blueprint-fleet-status.json`, detects regressions (verdict drop, schema score drop, file removal) with differential alert. Exit 1 on regression.

## Free-first routing (CEO directive "ukljuci free modele gdje god mozes")

`~/system/config/tier-routing.json` updated:
- **MLX FORGE tiers added**: M2 (gemma-4-26b@11435), M2c (qwen3-coder-30b@11437), M3 (qwen3-32b@11436). All 3 servers verified live via curl before adding to canonical.
- **callerRoutes added**: `verifier→2cHQ`, `fix-builder→2c`, `redzo-reviewer→M2c`.
- **providerFallback chains**: verifier (MLX → Ollama ANVIL → Claude secondary), fix-builder (Ollama → Ollama → Claude secondary).

**Persona blueprint sweep** (MC #99923): 13 yaml files — 9 all-sonnet personas (AgentForge, Axiom, Finverge, FlowForge, Lexicon, Proveo, Resolver, Skybound, Vizu) + 4 CodeCraft yaml (api-backend, codecraft-api, nextjs-app, openapi-sdk-package). 46 phase declarations swept sonnet → local-first (qwen2.5-coder:32b@anvil for general phases, qwen3-coder:latest@forge for code-gen phases). 6 KEPT-sonnet phases with explicit rationale: 3 Lexicon legal phases (Norwegian law / GDPR / PSD2 regulatory precision), 3 Resolver cross-company phases (multi-domain reasoning).

## Verifier pattern dokazan

`bp-verifier` background agent ran ~15 rounds, ~178 atomic claims, **2 stvarna buga uhvaćena**:
1. DropSrbija/BUILD-BLUEPRINT.md line 225 stale comment "Postgres 5434" (actual port 5436 per docker-compose.yml). Fixed in both audit artifact + product blueprint.
2. Drop/DEPLOY-MAP.md schema 3/5 PARTIAL — no formal OPEN RISK / OCD register, no SA distinction. Fixed via §1B-appropriate equivalents (SSH key → Trigger SA equivalent, container USER → Service SA equivalent).

**Pattern recommendation**: For every multi-phase project, spawn named bp-verifier in BG (`Agent({subagent_type: "verifier", name: "bp-verifier", run_in_background: true})`), send each artifact via SendMessage for atomic claim validation, fix-loop on FAIL. Cost: ~$0.10 per round Claude (~$0 if MLX primary per new tier-routing).

## Fleet compliance final (verified by daemon 2026-05-08)

| Product | Verdict | Files | Schema | Profile |
|---|---|---|---|---|
| Bilko | FULL_COMPLIANCE | 6/6 | 5/5 | §1A GCP |
| Tok | FULL_COMPLIANCE | 6/6 | 5/5 | §1A GCP |
| Drop | FULL_COMPLIANCE | 6/6 | 5/5 | §1B Azure VM |
| Lobby | FULL_COMPLIANCE | 6/6 | 5/5 | §1A GCP (stub) |
| Plock | FULL_COMPLIANCE | 6/6 | 5/5 | §1A GCP (stub) |
| Gotiva | FULL_COMPLIANCE | 6/6 | 5/5 | §1A GCP multi-service |
| web | FULL_COMPLIANCE | 6/6 | 5/5 | §1C CF Pages |
| akershus-fylke | FORMA_ONLY_OK | 1/1 | N/A | non-deployable |
| BasicFakta | MISSING_FILES | 5/6 | 0/5 | §1D Vercel deprecated (MC #99893 migration backlog) |
| DropSrbija | MISSING_FILES | 3/6 | 0/5 | scope decision pending (MC #99883) |

## Open follow-ups (parked, not blocking arc closure)

- **#99883** DropSrbija scope decision (separate product vs Drop multi-tenant) — needs petter-graff arch memo
- **#99893** BasicFakta Vercel→CF Pages migration — 3-4h work + 30d soak
- **#99895** Coverage threshold review scheduled 2026-05-22 (after 2-week observability)
- **#99955** Securion task/owner schema canonical alignment (L)

## Git audit trail

- `~/system` commit: `a02fd0109` — 29 files, +6184/-122 (canonical v3 + audit artifacts + linter v2 + daemon + tier-routing + 13 persona blueprints)
- `~/.claude` commit: `bf2ca2d49` — hook + settings.json registration

## Lessons

1. **Verifier-in-bg uhvati realne bugove** — propagated stale comments + schema gaps. USE THIS PATTERN for every multi-phase project.
2. **Mehanik enforcement >> ZAKON-only** — hook + daemon catch what memo can't. UNIVERSAL §13 / DEPLOY §4 sad mehanički enforced.
3. **Local-first viable for builder/verifier** — qwen2.5-coder + qwen3-coder + MLX qwen3-coder-30b dovoljno za schema validation, code gen, doc draft. Sonnet ostaje za high-stakes synthesis (legal, cross-company).
4. **Closure-loop discipline** — build-verify-mark-done pattern, ne build-verify-stop. CEO uhvatio gap u mid-session closure ("jel sve dokumentovano, merged, zatvoreno po propisima") and triggered this BookStack publish + git commit + memory entry.

## References

- Memory project entry: `~/.claude/projects/-Users-makinja/memory/project_cicd_standardization_2026-05-08.md`
- Audit artifacts: `~/system/specs/cicd-audit-2026-05-08/{blueprint-gap-matrix,deploy-map-gap-matrix,canonical-self-audit,summary}.md`
- v3 drafts (review trail): `~/system/specs/cicd-canonical-v3-drafts/`
- Canonical (production): `~/system/specs/{ALAI-UNIVERSAL-BLUEPRINT,DEPLOY-BLUEPRINT,blueprint-format,alai-cicd-architecture}.md`
- Pre-promotion backups: `~/system/specs/_backups/20260508-111700/`