Authoritative plan for the last mile before fleet ships to a real
customer. Picks up where v0_2_plan.md left the chapter structure.
Twelve chapters, organized in execution order:
1. Dashboard role enforcement (security gap, do right now)
2. Operator restart + aggregator recovery (more critical than smoke)
3. Application log forwarding companion (dashboard utility)
4. Agent self-upgrade, NATS-coordinated, systemd-resident
5. Graceful deployment upgrade (roll-forward only — customer ask)
6. Init containers in PodmanV0Score
7. System upgrade, rollback deferred to v0.4
8. Secrets via Zitadel + OpenBao (blocked on harmony_secret work)
9. Agent time-drift verification
10. Phase 1 smoke wiring
11. CI yaml minimization (longer-term)
12. NATS callout CI hardening (minimal)
Customer constraints baked in: deployments are roll-forward only
(no auto-rollback on Deployment failure); system rollback half of
the upgrade ADR is deferred to v0.4 (snapshot is created but not
used for revert in v0.3); secrets must go through Zitadel + OpenBao
(no plaintext shortcut).
Includes:
- feature checklist as a status table (14 items),
- sequencing table with ordering rationale,
- per-chapter goal / current state with file:line citations /
plan / open questions / "done when",
- out-of-scope table with target version + reason,
- cross-cutting open questions Q1–Q5.
Format follows the user's "tables over prose" preference: every
multi-item section is either a table or bold-led bullets with
nested supporting detail. Scannable at three depths (30-second
scroll for bold leads, 2-minute read for nested detail, deep read
with code where it matters).
