DEPLOY

DEPLOY is governed artifact delivery. Build validates, deploy ships, rollback recovers.

Open DEPLOY

PIPELINE

Pipeline

magic validate → 255/255 required (CI gate) build-surfaces → compile GOV to fleet artifacts PRIVATE leak gate → reject if PRIVATE content in output Deploy DESIGN theme → push to DESIGN repo (remote_theme dependency) Deploy fleet sites → push to *.github.io repos build-domains --dns → provision DNS for all governed zones build-domains --deploy → deploy vanity domain Workers Health check → verify fleet sites + vanity domains respond

DEPLOY TARGETS

Deploy Targets

Target	Method	Trigger
DESIGN theme	git push to DESIGN repo	Any DESIGN change in build
Fleet sites	git push to *.github.io repos	Any scope change in build
Vanity domains	build-domains --deploy (Workers from HTTP.md ## Domains)	Any Domains change
DNS	build-domains --dns (records from HTTP.md ## Zones + ## Fleet + ## Domains)	Any zone change
Worker	wrangler deploy	Manual (TALK/src/worker.js changes)
API container	docker build + push	Manual (bin/api changes)

ROLLBACK

Rollback

rollback <site> [commit] — Reset fleet site to previous commit — Default: HEAD~1 — Safety: confirm prompt, verify target is _generated commit — Push: git push --force-with-lease (safe force push)

CONTAINER

Container

Dockerfile: ~/.canonic/Dockerfile Base: python:3.11-slim Exposed: port 8255 Health: curl -f http://localhost:8255/api/v1/health User: nobody (non-root) Includes: bin/, VAULT/, LEDGER/, SERVICES/, CONFIG/

FREEZE PROTECTION

Freeze Protection

During FROZEN state (governance freeze for release):

Deploy blocked unless –override flag passed
CI step checks FROZEN flag before push
Manual deploys require explicit acknowledgment

*DEPLOY

SPEC

SERVICES*

TALK AUTO