DEPLOY

DEPLOY

DEPLOY is governed artifact delivery. Build validates, deploy ships, rollback recovers.

PIPELINE

Pipeline

magic validate → 255/255 required (CI gate) build-surfaces → compile GOV to fleet artifacts PRIVATE leak gate → reject if PRIVATE content in output Deploy DESIGN theme → push to DESIGN repo (remote_theme dependency) Deploy fleet sites → push to *.github.io repos build-domains --dns → provision DNS for all governed zones build-domains --deploy → deploy vanity domain Workers Health check → verify fleet sites + vanity domains respond

DEPLOY TARGETS

Deploy Targets

TargetMethodTrigger
DESIGN themegit push to DESIGN repoAny DESIGN change in build
Fleet sitesgit push to *.github.io reposAny scope change in build
Vanity domainsbuild-domains --deploy (Workers from HTTP.md ## Domains)Any Domains change
DNSbuild-domains --dns (records from HTTP.md ## Zones + ## Fleet + ## Domains)Any zone change
Workerwrangler deployManual (TALK/src/worker.js changes)
API containerdocker build + pushManual (bin/api changes)
ROLLBACK

Rollback

rollback <site> [commit] — Reset fleet site to previous commit — Default: HEAD~1 — Safety: confirm prompt, verify target is _generated commit — Push: git push --force-with-lease (safe force push)

CONTAINER

Container

Dockerfile: ~/.canonic/Dockerfile Base: python:3.11-slim Exposed: port 8255 Health: curl -f http://localhost:8255/api/v1/health User: nobody (non-root) Includes: bin/, VAULT/, LEDGER/, SERVICES/, CONFIG/

FREEZE PROTECTION

Freeze Protection

During FROZEN state (governance freeze for release):

  • Deploy blocked unless –override flag passed
  • CI step checks FROZEN flag before push
  • Manual deploys require explicit acknowledgment
*DEPLOY SPEC SERVICES*
TALK AUTO