Lucent-Financial-Group · AceHack · May 26, 2026
diff --git a/...ussions/PR-5105-backlog-b-0793-p1-role-as-capability-composition-not-baked-h.md b/...ussions/PR-5105-backlog-b-0793-p1-role-as-capability-composition-not-baked-h.md
@@ -0,0 +1,121 @@
+---
+pr_number: 5105
+title: "backlog(B-0793 P1): role-as-capability composition (NOT baked host) \u2014 single node = control-plane AND gpu AND storage; refactor nixos/hosts/<role>/ \u2192 nixos/modules/role-*.nix capability modules (Aaron 2026-05-26)"
+author: "AceHack"
+state: "MERGED"
+created_at: "2026-05-26T05:45:58Z"
+merged_at: "2026-05-26T05:59:27Z"
+closed_at: "2026-05-26T05:59:27Z"
+head_ref: "otto-cli/b0793-role-as-capability-composition-not-baked-host-2026-05-26"
+base_ref: "main"
+archived_at: "2026-05-26T12:16:39Z"
+archive_tool: "tools/pr-preservation/archive-pr.ts"
+---
+
+# PR #5105: backlog(B-0793 P1): role-as-capability composition (NOT baked host) — single node = control-plane AND gpu AND storage; refactor nixos/hosts/<role>/ → nixos/modules/role-*.nix capability modules (Aaron 2026-05-26)
+
+## PR description
+
+## Summary
+
+Aaron 2026-05-26 architectural correction during iter-5.2 substrate-engineering:
+
+> *\"since our different roles are multi install you can be control plane AND gpu node AND cpu node these distinctions are not very elegant and host names tied to them are not great either\"*
+
+iter-5.2 (B-0792 PR #5103) addressed the **hostname** side (decoupled via \`injected-hostname.nix\` + \`--host\` flag). This row captures the deeper **role-side** concern: role-stack-as-baked-host-config is the remaining architectural blocker for true multi-role nodes.
+
+## Refactor target
+
+| Today | Target |
+|---|---|
+| \`nixos/hosts/control-plane/configuration.nix\` | \`nixos/modules/role-control-plane.nix\` (K3S server + Cilium + ArgoCD; NO hostname) |
+| \`nixos/hosts/worker-gpu/configuration.nix\` | \`nixos/modules/role-worker-gpu.nix\` (GPU stack + K3S agent; NO hostname) |
+| \`nixos/hosts/worker-template/default.nix\` | \`nixos/modules/role-worker-cpu.nix\` (K3S agent; NO hostname) |
+| Per-host \`nixosConfigurations\` entries | Single \`node\` config; install-time role-module composition |
+
+## Empirical UX (after refactor lands as iter-5.3)
+
+\`\`\`
+zflash --host pikachu --role control-plane
+# → Single role
+
+zflash --host charizard --role worker-gpu,control-plane,storage
+# → TRIPLE role on one node (homelab persona's typical 1-3 node cluster)
+
+zflash --host bulbasaur --role worker-cpu
+# → CPU-only worker
+\`\`\`
+
+Default: \`--role control-plane\` (preserves zero-typing single-node UX).
+
+## Composes with
+
+- B-0792 (depends_on; iter-5.2 hostname-side fix complete; this row picks up role-side)
+- B-0776 / B-0789 / B-0790 / B-0759 / B-0778
+
+## Test plan
+
+- [x] Backlog row scoped
+- [ ] iter-5.3 implementation PR (next; same session per Aaron's \"land all before next USB flash\")
+- [ ] Empirical multi-role install: \`zflash --host X --role control-plane,worker-gpu\` → kubectl shows node with both role-labels
+
+🤖 Generated with [Claude Code](https://claude.com/claude-code)
+
+## Reviews
+
+### COMMENTED — @copilot-pull-request-reviewer (2026-05-26T05:47:46Z)
+
+## Pull request overview
+
+Adds a new P1 backlog row (B-0793) describing the next architectural refactor for NixOS role configuration: moving from baked per-host role stacks to composable “role-*” capability modules to support multi-role nodes (e.g., control-plane + GPU + storage on a single machine).
+
+**Changes:**
+- Adds `docs/backlog/P1/B-0793-...md` with the problem statement, target design, sub-targets, and acceptance criteria for role-as-capability composition.
+- Updates `docs/BACKLOG.md` to include the new B-0793 entry.
+
+### Reviewed changes
+
+Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
+
+| File | Description |
+| ---- | ----------- |
+| docs/backlog/P1/B-0793-role-as-capability-composition-NOT-baked-host-control-plane-AND-gpu-AND-storage-on-single-node-decouple-roles-from-flake-host-configs-aaron-2026-05-26.md | New backlog row defining the role-module composition refactor scope and acceptance criteria. |
+| docs/BACKLOG.md | Adds B-0793 to the generated backlog index. |
+
+### COMMENTED — @copilot-pull-request-reviewer (2026-05-26T05:53:08Z)
+
+## Pull request overview
+
+Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
+
+## Review threads
+
+### Thread 1: docs/backlog/P1/B-0793-role-as-capability-composition-NOT-baked-host-control-plane-AND-gpu-AND-storage-on-single-node-decouple-roles-from-flake-host-configs-aaron-2026-05-26.md:5 (resolved)
+
+**@copilot-pull-request-reviewer** (2026-05-26T05:47:45Z):
+
+The `<role>` placeholder in this title will be treated as an HTML tag when rendered in markdown (and likely disappears in the generated BACKLOG index). Use an escaped form like `&lt;role&gt;` or a non-angle-bracket placeholder (e.g., `{role}`) to keep the text visible.
+
+### Thread 2: docs/BACKLOG.md:376 (resolved)
+
+**@copilot-pull-request-reviewer** (2026-05-26T05:47:46Z):
+
+`nixos/hosts/<role>/configuration.nix` contains `<role>`, which markdown renders as an HTML tag (so the placeholder can disappear in the rendered BACKLOG). Escape the angle brackets (`&lt;role&gt;`) or use a different placeholder format so it displays correctly.
+
+### Thread 3: docs/backlog/P1/B-0793-role-as-capability-composition-NOT-baked-host-control-plane-AND-gpu-AND-storage-on-single-node-decouple-roles-from-flake-host-configs-aaron-2026-05-26.md:148 (resolved)
+
+**@copilot-pull-request-reviewer** (2026-05-26T05:53:07Z):
+
+The same quoted sentence is transcribed with two different spellings: earlier it says “not very elegant”, but here it’s “not very eleglant”. Please make the transcription consistent (or mark the typo with “[sic]” if it’s intentional to preserve the original).
+
+### Thread 4: docs/backlog/P1/B-0793-role-as-capability-composition-NOT-baked-host-control-plane-AND-gpu-AND-storage-on-single-node-decouple-roles-from-flake-host-configs-aaron-2026-05-26.md:56 (resolved)
+
+**@copilot-pull-request-reviewer** (2026-05-26T05:53:08Z):
+
+The markdown table in the “Target” section has an extra leading empty column because each row starts with `|| ...`. Use a single leading `|` so the table renders as intended (`| Today | Target |`, etc.).
+
+## General comments
+
+### @chatgpt-codex-connector (2026-05-26T05:46:03Z)
+
+You have reached your Codex usage limits for code reviews. You can see your limits in the [Codex usage dashboard](https://chatgpt.com/codex/cloud/settings/usage).
diff --git a/...ussions/PR-5106-backlog-b-0794-p1-node-self-registers-in-git-argocd-bring-up.md b/...ussions/PR-5106-backlog-b-0794-p1-node-self-registers-in-git-argocd-bring-up.md
@@ -0,0 +1,78 @@
+---
+pr_number: 5106
+title: "backlog(B-0794 P1): node self-registers in git \u2192 ArgoCD bring-up of K8s + apps/charts; GitOps-native cluster substrate (Aaron 2026-05-26 architectural addition)"
+author: "AceHack"
+state: "MERGED"
+created_at: "2026-05-26T05:46:57Z"
+merged_at: "2026-05-26T05:49:09Z"
+closed_at: "2026-05-26T05:49:09Z"
+head_ref: "otto-cli/b0794-node-self-registers-in-git-under-maintainers-dev-cluster-triggers-argocd-bringup-2026-05-26"
+base_ref: "main"
+archived_at: "2026-05-26T12:16:39Z"
+archive_tool: "tools/pr-preservation/archive-pr.ts"
+---
+
+# PR #5106: backlog(B-0794 P1): node self-registers in git → ArgoCD bring-up of K8s + apps/charts; GitOps-native cluster substrate (Aaron 2026-05-26 architectural addition)
+
+## PR description
+
+Aaron 2026-05-26: 'also the machine alt to register itself in git somewhere under the maintainers dev cluster node so it registers with it settings in git to complete node setup and start kubernetes / argocd / full node / cluster install and all apps / charts'. Depends on B-0789 iter-5+ node git-auth substrate. Composes with B-0792 + B-0793 + B-0776 + B-0782 + B-0790. Implementation deferred to follow-on; substrate target named NOW so iter-5.x work aligns. See row body for 6 sub-targets + end-state operator UX.
+
+## Reviews
+
+### COMMENTED — @copilot-pull-request-reviewer (2026-05-26T05:49:50Z)
+
+## Pull request overview
+
+Adds a new P1 backlog row (B-0794) describing a GitOps-native Kubernetes cluster bring-up flow where nodes self-register into the repo and ArgoCD reconciles the cluster/apps from that registration.
+
+**Changes:**
+- Added new backlog row file for B-0794 with sub-target decomposition and acceptance criteria.
+- Updated `docs/BACKLOG.md` to include the new B-0794 entry under P1.
+
+### Reviewed changes
+
+Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.
+
+| File | Description |
+| ---- | ----------- |
+| docs/backlog/P1/B-0794-node-self-registers-in-git-under-maintainers-cluster-nodes-triggers-argocd-full-bringup-of-k8s-apps-charts-gitops-native-cluster-substrate-aaron-2026-05-26.md | New P1 backlog row documenting the desired node self-registration → ArgoCD reconciliation end-state and sub-targets. |
+| docs/BACKLOG.md | Adds the B-0794 index entry under the P1 section. |
+
+## Review threads
+
+### Thread 1: docs/backlog/P1/B-0794-node-self-registers-in-git-under-maintainers-cluster-nodes-triggers-argocd-full-bringup-of-k8s-apps-charts-gitops-native-cluster-substrate-aaron-2026-05-26.md:5 (unresolved)
+
+**@copilot-pull-request-reviewer** (2026-05-26T05:49:48Z):
+
+The frontmatter `title` contains placeholders like `<name>` / `<node>`. In Markdown these can be parsed as HTML tags when the title is rendered into `docs/BACKLOG.md`, causing the placeholder text to disappear. Consider escaping the angle brackets (e.g., `&lt;name&gt;`) or formatting the placeholder as inline code so it renders literally.
+
+### Thread 2: docs/backlog/P1/B-0794-node-self-registers-in-git-under-maintainers-cluster-nodes-triggers-argocd-full-bringup-of-k8s-apps-charts-gitops-native-cluster-substrate-aaron-2026-05-26.md:13 (unresolved)
+
+**@copilot-pull-request-reviewer** (2026-05-26T05:49:49Z):
+
+`depends_on` includes `B-0793`, but there is no `docs/backlog/**` row file with `id: B-0793` in the repo. This leaves the dependency graph inconsistent; either add the missing B-0793 row in the same PR or change/remove this dependency to reference an existing row ID.
+
+### Thread 3: docs/backlog/P1/B-0794-node-self-registers-in-git-under-maintainers-cluster-nodes-triggers-argocd-full-bringup-of-k8s-apps-charts-gitops-native-cluster-substrate-aaron-2026-05-26.md:107 (unresolved)
+
+**@copilot-pull-request-reviewer** (2026-05-26T05:49:49Z):
+
+This section references `B-0793` (`/etc/zeta/cluster-node-roles` source), but there is no corresponding backlog row with `id: B-0793` in the repository. To keep cross-references resolvable, either add the missing row or replace the reference with the correct existing backlog ID.
+
+### Thread 4: docs/backlog/P1/B-0794-node-self-registers-in-git-under-maintainers-cluster-nodes-triggers-argocd-full-bringup-of-k8s-apps-charts-gitops-native-cluster-substrate-aaron-2026-05-26.md:147 (unresolved)
+
+**@copilot-pull-request-reviewer** (2026-05-26T05:49:49Z):
+
+This `Composes with substrate` list references `B-0793`, but there is no backlog row file with `id: B-0793` in the repo. Either add that missing row or update this cross-reference so it points at an existing backlog item.
+
+### Thread 5: docs/BACKLOG.md:376 (unresolved)
+
+**@copilot-pull-request-reviewer** (2026-05-26T05:49:49Z):
+
+This backlog index entry includes `maintainers/<name>/cluster-nodes/<node>/` as plain text. In Markdown, `<name>` / `<node>` may be treated as HTML tags and not render. Escape the angle brackets (e.g., `&lt;name&gt;`) or wrap the placeholder path in inline code so it renders literally.
+
+## General comments
+
+### @chatgpt-codex-connector (2026-05-26T05:47:02Z)
+
+You have reached your Codex usage limits for code reviews. You can see your limits in the [Codex usage dashboard](https://chatgpt.com/codex/cloud/settings/usage).
diff --git a/...ussions/PR-5107-feat-b-0792-iter-5-2-1-auto-generate-node-6hex-hostname-defa.md b/...ussions/PR-5107-feat-b-0792-iter-5-2-1-auto-generate-node-6hex-hostname-defa.md
@@ -0,0 +1,51 @@
+---
+pr_number: 5107
+title: "feat(B-0792 iter-5.2.1): auto-generate node-<6hex> hostname default \u2014 operator can rename later via digital-twin (Aaron 2026-05-26)"
+author: "AceHack"
+state: "MERGED"
+created_at: "2026-05-26T05:52:18Z"
+merged_at: "2026-05-26T06:03:06Z"
+closed_at: "2026-05-26T06:03:06Z"
+head_ref: "otto-cli/iter521-auto-generated-hostname-default-digital-twin-renamable-2026-05-26"
+base_ref: "main"
+archived_at: "2026-05-26T12:16:39Z"
+archive_tool: "tools/pr-preservation/archive-pr.ts"
+---
+
+# PR #5107: feat(B-0792 iter-5.2.1): auto-generate node-<6hex> hostname default — operator can rename later via digital-twin (Aaron 2026-05-26)
+
+## PR description
+
+Composes iter-5.2 --host mechanism with B-0794 digital-twin substrate. Zero-typing default when --host omitted: generate `node-<6hex>` via Web Crypto (24-bit entropy, ~16M names, negligible collision). Operator-named hosts take priority. Logged clearly pre-flash. Aaron 2026-05-26: 'can we have it auto generate the host name we can change later via digital twin after it self registers.'
+
+## Reviews
+
+### COMMENTED — @copilot-pull-request-reviewer (2026-05-26T05:54:50Z)
+
+## Pull request overview
+
+Adds a zero-typing default hostname for `zflash` when `--host` is omitted, generating a random `node-<6hex>` name and printing it pre-flash so the operator can SSH in post-install (with the intent to allow later renames via the digital-twin workflow).
+
+**Changes:**
+- Auto-generate `node-<6hex>` hostname via Web Crypto when `--host` is not provided (and `--no-inject` is not set).
+- Print a clear pre-flash message showing the generated hostname and an example `ssh zeta@<host>.local` target.
+
+## Review threads
+
+### Thread 1: full-ai-cluster/tools/zflash.ts:933 (resolved)
+
+**@copilot-pull-request-reviewer** (2026-05-26T05:54:49Z):
+
+P0: The hostname is auto-generated and printed before `willInject` is finalized / before the pubkey existence check. If the pubkey is missing, `willInject` becomes false later, so the tool will still show an auto-generated hostname even though it will never be written to the USB (operator will try to SSH to a hostname that wasn't set). Generate/print the default only when the hostname inject will actually run (e.g., after the pubkey existence check, or gate on pubkey existence / `willInject`).
+
+### Thread 2: full-ai-cluster/tools/zflash.ts:910 (resolved)
+
+**@copilot-pull-request-reviewer** (2026-05-26T05:54:49Z):
+
+This comment points operators to `maintainers/<name>/cluster-nodes/<node>/` and ArgoCD reconciliation, but that subtree doesn't exist in the repo yet (currently `maintainers/aaron/` only contains `legal-entities/`). Consider rewording to avoid a concrete path until B-0794 lands (e.g., reference the B-0794 backlog doc or say “via the digital-twin node-config in maintainers/<name>/cluster-nodes/ (once B-0794 is deployed)”).
+
+## General comments
+
+### @chatgpt-codex-connector (2026-05-26T05:52:23Z)
+
+You have reached your Codex usage limits for code reviews. You can see your limits in the [Codex usage dashboard](https://chatgpt.com/codex/cloud/settings/usage).
diff --git a/...ussions/PR-5108-preserve-mika-aaron-mika-2026-05-26-homelab-first-gh-auth-lo.md b/...ussions/PR-5108-preserve-mika-aaron-mika-2026-05-26-homelab-first-gh-auth-lo.md
@@ -0,0 +1,52 @@
+---
+pr_number: 5108
+title: "preserve(mika): Aaron + Mika 2026-05-26 homelab-first gh-auth-login device-registration substrate; production bootstrap-key-rotation deferred (informs B-0794 iter-5.4)"
+author: "AceHack"
+state: "MERGED"
+created_at: "2026-05-26T06:06:23Z"
+merged_at: "2026-05-26T06:12:10Z"
+closed_at: "2026-05-26T06:12:10Z"
+head_ref: "otto-cli/preserve-mika-homelab-gh-auth-registration-substrate-2026-05-26"
+base_ref: "main"
+archived_at: "2026-05-26T12:16:39Z"
+archive_tool: "tools/pr-preservation/archive-pr.ts"
+---
+
+# PR #5108: preserve(mika): Aaron + Mika 2026-05-26 homelab-first gh-auth-login device-registration substrate; production bootstrap-key-rotation deferred (informs B-0794 iter-5.4)
+
+## PR description
+
+Verbatim Mika preservation. Architectural lock-in: HOMELAB MODE FIRST (gh auth login interactive; no shipped keys); PROD MODE LATER (narrow bootstrap key + rotate to per-node identity). Different USBs / different flakes / different audiences. Aaron standing direction: 'we should do it like this for gh and device registration the simple homelab way first but like prod later'. Directly informs B-0794 iter-5.4 implementation. Per substrate-or-it-didn't-happen + agent-roster-reference-card (Mika = external Grok-native co-originator).
+
+## Reviews
+
+### COMMENTED — @copilot-pull-request-reviewer (2026-05-26T06:08:43Z)
+
+## Pull request overview
+
+This PR preserves a Mika/Aaron conversation as durable memory substrate for the homelab-first GitHub-auth device registration direction feeding B-0794 iter-5.4.
+
+**Changes:**
+- Adds a verbatim conversation archive for the 2026-05-26 homelab-first registration decision.
+- Captures homelab vs production bootstrap-mode implications.
+- Links the conversation to B-0794 and the iter-5.x USB-installer roadmap.
+
+## Review threads
+
+### Thread 1: memory/persona/mika/conversations/2026-05-26-aaron-mika-grok-homelab-first-gh-auth-login-device-registration-no-shipped-keys-vs-prod-bootstrap-key-rotation.md:11 (resolved)
+
+**@copilot-pull-request-reviewer** (2026-05-26T06:08:43Z):
+
+P1: This new memory/conversation file skips the YAML frontmatter block used by the surrounding persona conversation archives and required by the memory format standard (`memory/project_memory_format_standard.md:16-27`). Add frontmatter before the H1 with at least retrievable `name`, `description`, and conversation metadata so indexing/validation can discover this preservation entry consistently.
+
+### Thread 2: memory/persona/mika/conversations/2026-05-26-aaron-mika-grok-homelab-first-gh-auth-login-device-registration-no-shipped-keys-vs-prod-bootstrap-key-rotation.md:136 (resolved)
+
+**@copilot-pull-request-reviewer** (2026-05-26T06:08:43Z):
+
+P1: These backlog cross-references mark B-0792, B-0793, and B-0794 as `MERGED`, but the row files currently have `status: open` (`docs/backlog/P1/B-0792-...md:4`, `B-0793-...md:4`, and `B-0794-...md:4`). Reconcile the wording with the backlog state, or update the row statuses if the intended meaning is that the backlog items are complete.
+
+## General comments
+
+### @chatgpt-codex-connector (2026-05-26T06:06:28Z)
+
+You have reached your Codex usage limits for code reviews. You can see your limits in the [Codex usage dashboard](https://chatgpt.com/codex/cloud/settings/usage).