Expand description
gtc op env migrate-dev <target> (A4b of plans/next-gen-deployment.md).
Preflight-gated, one-shot migration of a legacy dev environment to the
A4 bootstrap target (typically local). Two verbs:
--check— runs every registeredMigrationScannerand emits aMigrateDevReport.cleanistrueiff no scanner reported aFindingSeverity::Blockingfinding.--apply— first re-runs the check, refuses withOpError::Conflictif not clean, then merges the source env into the target under the target’s transact lock and renames the source directory to a.dev-migrated-<ts>sentinel that’s hidden fromEnvironmentStore::list(the leading dot is rejected byEnvId).
Scope is intentionally narrow:
- Refuses migration of any source env that carries bundles, revisions,
traffic splits, or a
credentials_ref— those require deep ref rewrites (env-scopedSecretRefs,BundleDeployment.env_id, etc.) which A4b’s “presence guarantee” semantic does not promise. - On a “simple” source (only
host_config+ optional pack bindings), the merge preserves user-customized bindings on the target: defaults missing fromtargetget filled fromsource; slots already bound ontargetstay untouched (the A4 #206 lesson — bootstrap is presence, not replacement). - Audit-log scanning (A7) and secrets-store scanning (A4b PR4) ship as
NotYetImplementedplaceholders so the report surface is forward-stable.
Structs§
- Audit
LogScanner - Placeholder for the audit-log scanner. A7 adds an append-only audit log keyed by env; until then we report a single informational finding so operators don’t expect this surface to silently catch missed references.
- Bundle
Hint Scanner - Permanent no-op scanner — bundles carry no embedded env hint in any shipped code (per the A4b inventory), so any future drift would surface as a new scanner rather than a finding here.
- Local
FsStore Scanner - Inspects the configured
LocalFsStoreroot for a<from_env>directory. Classifies any source env as either a “simple” candidate (onlyhost_config+ optional pack bindings) or “complex” (carries bundles, revisions, traffic splits, or acredentials_ref). - Migrate
DevApply Outcome - Outcome of
migrate-dev --apply. Only emitted when the check was clean. - Migrate
DevReport - Report returned by
migrate-dev --check. - Migration
Finding - One observation from a scanner run.
- Runtime
Config Scanner - Reports a finding when
GREENTIC_ENVis set to the legacy value in the process environment running the check. The migration tool can’t fix this from inside the process (the var is set in the caller’s shell), but flagging it informs the operator that their shell will still resolvedevafter the on-disk migration. - Scan
Context - Read-only context handed to every scanner.
- Secrets
Store Scanner - Placeholder for the secrets-store scanner. PR4 of A4b adds the real
helper in
greentic-secrets-broker; until then, no production code-paths enumeratedev-scoped keys, so this scanner reports a no-op informational finding.
Enums§
- Finding
Severity - Severity classification for a single finding.
Constants§
- LEGACY_
ENV_ ID - Legacy env-id this migration moves from. The target env-id is provided
by the caller; defaults to
LOCAL_ENV_IDin the binary clap layer.
Traits§
- Migration
Scanner - Pluggable scanner — each implementation reports zero or more
MigrationFindings for one slice of legacydev-named state.
Functions§
- apply
op env migrate-dev <target> --apply. Re-runs the check, refuses withOpError::Conflictif not clean, then merges the source env into the target under the target’s transact lock and renames the source directory to a hidden.dev-migrated-<ts>sentinel.- check
op env migrate-dev <target> --check. Reports findings without touching state.- classify_
runtime_ env_ var - Pure classification helper for
RuntimeConfigScanner. ReturnsSome(finding)iffvalueequals the legacy env id. Extracted from the scanner so tests can exercise the logic without mutating the process environment — the crate is#![forbid(unsafe_code)]and Rust 2024 requiresunsafeto set/remove env vars. - default_
scanners - Bundle the set of scanners that ship with A4b. Future PRs add to this vector; consumers that want a different set can call the individual scanners directly.
- run_
check - Run every scanner and produce the report.