readonly remote deploy-state checks need a coily wrapper #58

New issue

Open

opened 2026-05-23 20:54:04 +00:00 by coilysiren · 0 comments

coilysiren commented 2026-05-23 20:54:04 +00:00

Owner

Copy link

Originally filed by @coilysiren on 2026-05-05T02:32:53Z - https://github.com/coilysiren/coily/issues/48

Problem

There's a recurring shape that currently has no good entry point: "has my last push to repo X reached host Y yet, and is the service healthy?"

Concrete instance that surfaced this: sirens-discord-ops deploys via an on-host systemd auto-update timer (5-min poll of origin/main, rebuild + restart on diff). After a git push, the natural follow-up is to poll until the new SHA is live before testing the change. The mechanically obvious way to do that is ssh kai-server 'git rev-parse HEAD && systemctl status ...' - readonly, no state change, allow-listed via Bash(ssh:*) in settings.

But the Claude Code harness treats any ssh <prod-host> invocation as a "production remote shell" action and blocks it above the allow-list. That's the right default - bare SSH is too coarse a hammer to whitelist - but it leaves no path for the readonly polling case other than asking for one-off authorization every time.

Why this belongs in coily

The wrapper-everything principle: every privileged or production-touching op routes through coily so it inherits the audit + gate discipline, and the harness can trust the wrapper's narrower surface instead of the SSH primitive. Readonly remote inspection has been ad-hoc'd via raw SSH because no wrapper exists yet - same gap that coily aws ssm and coily gaming eco filled for their domains.

Recurring shapes that would use this

• Post-push: "is sirens-discord-ops on $SHA yet on kai-server?"
• Post-push: "is the k3s homelab on $SHA yet?" (during upgrades)
• "is service X up on host Y, and what's its last restart time?"
• "tail the last N lines of journalctl for unit Z" (readonly forensics)

All of these are bounded, readonly, and want the same audit trail as a write op - they just don't change anything.

Out of scope (intentionally)

Not prescribing the surface here. The architectural call - subcommand layout, how hosts are declared, whether this fronts SSH directly or goes through Tailscale serve / a sidecar / etc. - is the follow-up.

_Originally filed by @coilysiren on 2026-05-05T02:32:53Z - [https://github.com/coilysiren/coily/issues/48](https://github.com/coilysiren/coily/issues/48)_ ## Problem There's a recurring shape that currently has no good entry point: **"has my last push to repo X reached host Y yet, and is the service healthy?"** Concrete instance that surfaced this: `sirens-discord-ops` deploys via an on-host systemd auto-update timer (5-min poll of `origin/main`, rebuild + restart on diff). After a `git push`, the natural follow-up is to poll until the new SHA is live before testing the change. The mechanically obvious way to do that is `ssh kai-server 'git rev-parse HEAD && systemctl status ...'` - readonly, no state change, allow-listed via `Bash(ssh:*)` in settings. But the Claude Code harness treats any `ssh <prod-host>` invocation as a "production remote shell" action and blocks it above the allow-list. That's the right default - bare SSH is too coarse a hammer to whitelist - but it leaves no path for the readonly polling case other than asking for one-off authorization every time. ## Why this belongs in coily The wrapper-everything principle: every privileged or production-touching op routes through coily so it inherits the audit + gate discipline, and the harness can trust the wrapper's narrower surface instead of the SSH primitive. Readonly remote inspection has been ad-hoc'd via raw SSH because no wrapper exists yet - same gap that `coily aws ssm` and `coily gaming eco` filled for their domains. ## Recurring shapes that would use this - Post-push: "is sirens-discord-ops on $SHA yet on kai-server?" - Post-push: "is the k3s homelab on $SHA yet?" (during upgrades) - "is service X up on host Y, and what's its last restart time?" - "tail the last N lines of journalctl for unit Z" (readonly forensics) All of these are bounded, readonly, and want the same audit trail as a write op - they just don't change anything. ## Out of scope (intentionally) Not prescribing the surface here. The architectural call - subcommand layout, how hosts are declared, whether this fronts SSH directly or goes through Tailscale serve / a sidecar / etc. - is the follow-up.

coilysiren added the

P3

label 2026-05-31 01:52:44 +00:00

coilysiren added

P4

and removed

P3

labels 2026-05-31 06:59:47 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dispatch/issue-306

args-file-mcporter

claude/coily-docker-image-FF2Rw

claude/busy-almeida-0168e4

v2.50.0

v2.49.1

v2.49.0

v2.48.0

v2.47.0

v2.46.0

v2.45.0

v2.44.1

v2.44.0

v2.43.2

v2.43.1

v2.43.0

v2.42.0

v2.41.0

v2.40.2

v2.40.1

v2.40.0

v2.39.0

v2.37.2

v2.38.0

v2.23.0

v2.37.1

v2.37.0

v2.36.0

v2.35.0

v2.34.0

v2.33.0

v2.32.0

v2.31.0

v2.30.0

v2.29.2

v2.29.1

v2.29.0

v2.28.0

v2.27.0

v2.26.0

v2.25.0

v2.24.0

v2.22.0

v2.21.0

v2.20.0

v2.19.0

v2.18.1

v2.18.0

v2.17.0

v2.16.0

v2.15.2

v2.15.1

v2.15.0

v2.14.0

v2.13.1

v2.13.0

v2.12.0

v2.11.2

v2.11.1

v2.11.0

v2.10.0

v2.9.0

v2.8.0

v2.7.1

v2.7.0

v2.6.0

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.1

v2.4.0

v2.3.1

v2.3.0

v2.2.0

v2.1.0

v2.0.1

v2.0.0

v1.16.0

v1.15.2

v1.15.1

v1.15.0

v1.14.0

v1.13.0

v1.12.0

v1.11.0

v1.10.0

v1.9.6

v1.9.5

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.8.8

v1.8.7

v1.8.6

v1.8.5

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.7.8

v1.7.7

v1.7.6

v1.7.5

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.6.0

v1.5.123

v1.5.122

v1.5.121

v1.5.120

v1.5.119

v1.5.118

v1.5.117

v1.5.116

v1.5.115

v1.5.114

v1.5.113

v1.5.112

v1.5.111

v1.5.110

v1.5.109

v1.5.108

v1.5.107

v1.5.106

v1.5.105

v1.5.104

v1.5.103

v1.5.102

v1.5.101

v1.5.100

v1.5.99

v1.5.98

v1.5.97

v1.5.96

v1.5.95

v1.5.94

v1.5.93

v1.5.92

v1.5.91

v1.5.90

v1.5.89

v1.5.88

v1.5.87

v1.5.86

v1.5.85

v1.5.84

v1.5.83

v1.5.82

v1.5.81

v1.5.80

v1.5.79

v1.5.78

v1.5.77

v1.5.76

v1.5.75

v1.5.74

v1.5.73

v1.5.72

v1.5.71

v1.5.70

v1.5.69

v1.5.68

v1.5.67

v1.5.66

v1.5.65

v1.5.64

v1.5.63

v1.5.62

v1.5.61

v1.5.60

v1.5.59

v1.5.58

v1.5.57

v1.5.56

v1.5.55

v1.5.54

v1.5.53

v1.5.52

v1.5.51

v1.5.50

v1.5.49

v1.5.48

v1.5.47

v1.5.46

v1.5.45

v1.5.44

v1.5.43

v1.5.42

v1.5.41

v1.5.40

v1.5.39

v1.5.38

v1.5.37

v1.5.36

v1.5.35

v1.5.34

v1.5.33

v1.5.32

v1.5.31

v1.5.30

v1.5.29

v1.5.28

v1.5.27

v1.5.26

v1.5.25

v1.5.24

v1.5.23

v1.5.22

v1.5.21

v1.5.20

v1.5.19

v1.5.18

v1.5.17

v1.5.16

v1.5.15

v1.5.14

v1.5.13

v1.5.12

v1.5.11

v1.5.10

v1.5.9

v1.5.8

v1.5.7

v1.5.6

v1.5.5

v1.5.4

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.1

v1.4.0

v1.3.0

v1.2.4

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.1

v1.0.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.0

v0.3.2

v0.3.1

v0.3.0

v0.2.0

v0.1.0

v0.0.38

v0.0.37

v0.0.36

v0.0.35

v0.0.34

v0.0.33

v0.0.32

v0.0.31

v0.0.30

v0.0.29

v0.0.28

v0.0.27

v0.0.26

v0.0.25

v0.0.24

v0.0.23

v0.0.22

v0.0.21

v0.0.20

v0.0.19

v0.0.18

v0.0.17

v0.0.16

v0.0.15

v0.0.14

v0.0.13

v0.0.12

v0.0.11

v0.0.10

v0.0.9

v0.0.8

v0.0.7

v0.0.6

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.1

tools-latest

Labels

Clear labels

  

P0

now / blocking / urgent

  

P1

next / important

  

P2

backlog / will do

  

P3

someday / low

  

P4

icebox / frozen / reopen if it becomes real

No labels

P0

P1

P2

P3

P4

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

coilyco-bridge/coily#58

No description provided.