Large merge: 209 commits, +47k/-5k across 428 files. Five clusters
of work, plus a deliberate behavior change and a known-deferred
backlog spelled out below.
1. IoT walking skeleton — harmony-reconciler-contracts crate,
harmony-fleet-operator (Deployment CRD → NATS KV), harmony-fleet-
agent reconciling PodmanV0Score into containers, K8sBareTopology,
maud+htmx operator frontend, request/reply commands over NATS.
2. NATS auth callout + from-scratch nats/jwt crate (algorithm,
claims, builders, xkey). nats/callout maps Zitadel roles to
NATS permissions; harmony-fleet-auth holds the shared credential
plumbing.
3. Zitadel deepening — setup.rs rewritten (cross-org admin,
persisted admin password, device-code OIDC, OKD-compat values).
New harmony_zitadel_auth crate (axum login flow, JWKS, sessions).
Agent gets a JWT-bearer credential source.
4. Deploy-architecture refactor per ADR-023 — Scores everywhere,
new harmony-fleet-deploy crate, harmony-fleet-e2e harness
covering Pod target plus VM target (aarch64 production +
x86_64 fast iteration). First Score companion lands:
AgentObservation (ADR-023 P7).
5. Device enrollment via Zitadel SSO + aarch64 KVM support (AAVMF
firmware, per-VM NVRAM, TCG perf overrides), IotDeviceSetupScore
/FleetDeviceSetupScore SSH apply, fleet-sso-login example.
Behavior change worth flagging in this merge:
harmony_secret now panics on an unknown SECRET_STORE value
instead of silently defaulting to Infisical. No in-tree caller
hits this; a typo in the env var is now loud rather than
mysterious.
Deferred (not merge blockers — file as issues post-merge):
- CI is red on master because hub.nationtech.io/harmony/
harmony_composer:latest is missing libvirt-dev + pkg-config,
which `cargo check --all-features` requires once harmony's `kvm`
feature is unified. Local `build/check.sh` is green. Fix is a
two-line Dockerfile edit + rebuild of the composer image; top
priority post-merge so master goes green again.
- Smoke-test contract (ADR-023 P4) — the principle is locked but
the trait/struct shape is open. Each Score implements its own
readiness today; harmony-fleet-e2e has `wait_until_ready` as a
per-test stand-in.
- Rust equivalents for smoke-a1.sh / smoke-a4.sh (smoke-a3* are
superseded by the new VM e2e tests).
- Five #[ignore]'d tests in examples/fleet_e2e_demo and nats/
integration-test-callout — waiting on a CI runner with libvirt
+ k3d + podman.
- ADR-024 (capability decomposition) — kept as draft under
docs/adr/drafts/024- pending more conviction.
johnride
27accb399e