chore: remove deprecated files and update Copilot instructions for clarity

Author: wax911

.claude/settings.json

@@ -1,86 +1,22 @@
 ---
-applyTo: **
-description: Copilot instructions for Local-Stack repository
+applyTo: "**"
+description: Minimal Copilot shim for Local-Stack; AGENTS.md is canonical.
 ---
 
-## Copilot instructions for Local-Stack repository
+## Local-Stack Copilot Shim
 
-Goal: help an automated coding agent become productive quickly by describing the architecture, common developer workflows, repository conventions, and where to make safe, minimal changes.
+Primary instructions live in [AGENTS.md](../../AGENTS.md). Use that file as the canonical agent guide.
 
-1) Big-picture architecture
-- Historically, this repo used multiple Docker Compose files per service. We are migrating to modular Docker Swarm stacks to deploy the environment declaratively across local and remote hosts.
-- Service folders remain the source of truth for per-service configs: `traefik/`, `apisix/`, `observability/`, `postgres/`, `mongo/`, `redis/`, `growthbook/`, `portainer/`, `anitrend/`, and `on-the-edge/`.
-- Traefik is the edge router/TLS terminator; routing and middleware live in `traefik/config` and service-level labels.
-- Observability lives under `observability/` (`grafana/`, `prometheus/`, `loki/`, `tempo/`, `otel/`).
-- Target stack split (Swarm):
-  - Infrastructure: Traefik, Portainer, APISIX (gateway + etcd + dashboard), Postgres, Mongo, Redis.
-  - Observability: Prometheus, Grafana, Loki, Tempo, OTel Collector.
-  - Platform: GrowthBook (dashboard + proxy), AniTrend apps/services, and other application-facing components.
+## Critical Guardrails
 
-2) Key files and conventions (referenced in tasks)
-- Compose files: search for `**/docker-compose*.yml` or `**/docker-compose*.yaml`. Each service folder usually contains a compose file and an accompanying `.env.example`.
-- Environment files: the repo expects service-specific `.env` files created from `.env.example` (e.g., `traefik/.env.example`). CI jobs often copy `.env.example` -> `.env` for validation.
-- Traefik config: `traefik/config/traefik.yml` and `traefik/config/dynamic.yml` are authoritative for routing. When changing hostnames or ports update these files.
-- Observability provisioning: `observability/grafana/config/provisioning/` contains dashboards and datasources that should be updated together with any metric source changes.
-- Swarm stacks: new modular Swarm stack files will live under a `stacks/` directory (planned names: `infrastructure.yml`, `observability.yml`, `platform.yml`). The legacy root-level `swarm.*.yml` files are deprecated—do not edit or use them.
+- Do not edit generated rendered stack outputs.
+- Do not use or modify deprecated root-level `swarm.*.yml` files.
+- Prefer service-local source changes (`docker-compose*.yml`, `swarm.fragment.yml`, `.env.example`) and then regenerate/sync stacks.
+- Keep exposed services on `traefik-public` with correct Traefik labels.
+- Keep secrets out of source; use environment variables and follow [docs/Managing Secrets.md](../../docs/Managing%20Secrets.md).
 
-3) Developer workflows and commands (explicit)
-- Preferred (Swarm, modular):
-  - Initialize Swarm (once per host): `docker swarm init`.
-  - Create shared overlay network (once): `docker network create --driver=overlay --attachable traefik-public`.
-  - Deploy stacks:
-    - `docker stack deploy -c stacks/infrastructure.yml infrastructure`
-    - `docker stack deploy -c stacks/observability.yml observability`
-    - `docker stack deploy -c stacks/platform.yml platform`
-  - Verify: `docker stack services <stack>` and Portainer UI. Tear down with `docker stack rm <stack>`.
-- Legacy local-only (Compose): still available per service for iterative work until migration completes.
-  - Example: `cd traefik && cp .env.example .env && docker compose up -d`
-  - Observability (legacy): `cd observability && for d in grafana prometheus loki tempo otel; do cp $d/.env.example $d/.env; done && docker compose up -d`
-- Validation (CI/dev):
-  - Compose syntax: `docker compose -f <path> config`.
-  - YAML linting: `yamllint <file>`.
-  - YAML parsing validation: `yq e '.' <file> >/dev/null` (prefer this in scripts/workflows for fast syntax checks).
-  - Dockerfile linting: `hadolint` via container.
+## Canonical References
 
-4) What to change and where (safe-scoped edits)
-- Service-scoped config: edit the service folder (`docker-compose.yml`, `.env.example`, and config files) as before. These feed into both Compose and Swarm stacks.
-- Swarm stacks (preferred for deployment): add/update files under `stacks/` to include or configure services. Keep stacks modular by function: infrastructure, observability, platform.
-- Cross-cutting routing or hostnames: update `traefik/config/dynamic.yml` and service labels (`traefik.http.routers.*`).
-- Do NOT edit or use root-level `swarm.*.yml`—they are deprecated remnants of an initial attempt.
-
-5) Integration points and external dependencies
-- Networks: Under Swarm, all exposed services attach to a shared external overlay network named `traefik-public` (create once). Compose continues to create local bridge networks for ad-hoc local runs.
-- Routing: Traefik discovers services via Docker metadata and labels on the shared network.
-- External dependencies: none hard-coded; some components expect valid certificates in `traefik/certs` and secrets via `.env`.
-
-6) Common pitfalls and agent guidance
-- Ensure the external overlay network `traefik-public` exists before deploying stacks.
-- Avoid Compose-only keys in Swarm stacks: no `container_name`, no `restart` (use `deploy.restart_policy`), and no `build` (images must be pre-built/pulled).
-- Prefer `deploy` settings in Swarm: `mode` (global/replicated), `placement.constraints` (e.g., `node.role == manager`), resource limits, and optional `restart_policy`.
-- Use `env_file` to load per-service `.env`; consider Docker secrets/config for sensitive values in future iterations.
-- `depends_on` in Swarm affects start order only; add healthchecks for critical readiness if needed.
-- Do not assume `.env` files exist; if adding new variables, update `.env.example` and docs.
-- When updating observability dashboards or Prometheus scrape configs, update provisioning under `observability/*/config` and Grafana datasources.
-
-7) Code and content patterns to preserve
-- Service-level folder structure; keep related config colocated.
-- Volume mounts and named volumes for persistence.
-- Traefik labels on services for routing; keep consistent naming and middleware reuse.
-
-8) Where to run tests/builds
-- There are no application unit tests in this repo; validation is through Compose validation and scanning workflows (`.github/workflows/docker-lint.yml` and `.github/workflows/docker-scan.yml`).
-- For Swarm changes, perform a dry deploy on a local single-node swarm and verify `docker stack services` shows healthy tasks; prefer incremental stack updates.
-
-9) If you are unsure
-- Prefer small, reversible edits: add/update `stacks/<module>.yml` rather than touching many service configs at once. Keep Compose changes minimal and documented.
-- Open a PR with CI results and a brief manual verification plan (Swarm deploy steps and expected endpoints).
-
-10) Acceptance criteria for the Swarm migration (initial phase)
-- Single-node Swarm deploys of `infrastructure`, `observability`, and `platform` stacks succeed.
-- All exposed services are reachable via Traefik on the shared `traefik-public` network.
-- No Swarm stack uses `container_name`, `restart`, or `build` keys.
-- Critical data volumes (e.g., Traefik certs, Portainer data, databases) are persisted via named volumes (external where reusing existing data).
-
-Deprecated: root-level `swarm.*.yml` files. Do not use or update; they will be archived once new `stacks/*.yml` files are introduced.
-
-If anything above is unclear or you want examples added (e.g., exact `docker compose config` output handling), tell me which area to expand and I'll iterate.
+- [AGENTS.md](../../AGENTS.md)
+- [README.md](../../README.md)
+- [stacks/README.md](../../stacks/README.md)

.claude/skills/debug-issue.md

@@ -1,38 +1,30 @@
-<!-- code-review-graph MCP tools -->
-## MCP Tools: code-review-graph
-
-**IMPORTANT: This project has a knowledge graph. ALWAYS use the
-code-review-graph MCP tools BEFORE using Grep/Glob/Read to explore
-the codebase.** The graph is faster, cheaper (fewer tokens), and gives
-you structural context (callers, dependents, test coverage) that file
-scanning cannot.
-
-### When to use graph tools FIRST
-
-- **Exploring code**: `semantic_search_nodes` or `query_graph` instead of Grep
-- **Understanding impact**: `get_impact_radius` instead of manually tracing imports
-- **Code review**: `detect_changes` + `get_review_context` instead of reading entire files
-- **Finding relationships**: `query_graph` with callers_of/callees_of/imports_of/tests_for
-- **Architecture questions**: `get_architecture_overview` + `list_communities`
-
-Fall back to Grep/Glob/Read **only** when the graph doesn't cover what you need.
-
-### Key Tools
-
-| Tool | Use when |
-|------|----------|
-| `detect_changes` | Reviewing code changes — gives risk-scored analysis |
-| `get_review_context` | Need source snippets for review — token-efficient |
-| `get_impact_radius` | Understanding blast radius of a change |
-| `get_affected_flows` | Finding which execution paths are impacted |
-| `query_graph` | Tracing callers, callees, imports, tests, dependencies |
-| `semantic_search_nodes` | Finding functions/classes by name or keyword |
-| `get_architecture_overview` | Understanding high-level codebase structure |
-| `refactor_tool` | Planning renames, finding dead code |
-
-### Workflow
-
-1. The graph auto-updates on file changes (via hooks).
-2. Use `detect_changes` for code review.
-3. Use `get_affected_flows` to understand impact.
-4. Use `query_graph` pattern="tests_for" to check coverage.
+# Local-Stack Agent Guide
+
+Local-Stack is migrating from per-service Compose to modular Docker Swarm stacks. Keep agent guidance short, link to the canonical docs, and prefer editing the owning service or stack source instead of duplicating context here.
+
+## Source Of Truth
+
+- Service folders are the source of truth for config: `traefik/`, `apisix/`, `observability/`, `postgres/`, `mongo/`, `redis/`, `growthbook/`, `portainer/`, `anitrend/`, `on-the-edge/`, `edge-graphql/`, `website/`, and `beszel/`.
+- Generated Swarm stacks live in `stacks/`. Do not edit the rendered stack output directly; regenerate with `./stackctl.sh generate` or sync with `./stackctl.sh sync`. See [stacks/README.md](stacks/README.md).
+- Deprecated root-level `swarm.*.yml` files are not used for deployment.
+
+## How To Work
+
+- For full-environment deploys and validation, follow [stacks/README.md](stacks/README.md) and the `./stackctl.sh` workflow.
+- For service-local changes, update the service folder’s `docker-compose.yml`, `swarm.fragment.yml`, and `.env.example` together when needed.
+- Keep exposed services attached to the shared `traefik-public` network and route them with Traefik labels and [traefik/config/dynamic.yml](traefik/config/dynamic.yml).
+- Update Grafana provisioning under [observability/grafana/config/provisioning/](observability/grafana/config/provisioning/) when dashboards or datasources change.
+
+## Change Rules
+
+- Prefer pinned GHCR tags; avoid `latest`.
+- Do not assume `.env` files exist. If a new variable is needed, update the matching `.env.example`.
+- For edge-facing apps, include Traefik router/service labels and a healthcheck that matches the exposed endpoint.
+- Keep secrets out of source; prefer environment variables and the guidance in [docs/Managing Secrets.md](docs/Managing%20Secrets.md).
+
+## Good Starting Docs
+
+- [README.md](README.md)
+- [stacks/README.md](stacks/README.md)
+- [docs/Managing Secrets.md](docs/Managing%20Secrets.md)
+- [docs/Migrating Compose Files to a Modular Docker Swarm  2738a21416308060a700fda5cdcc3b2d.md](docs/Migrating%20Compose%20Files%20to%20a%20Modular%20Docker%20Swarm%20%202738a21416308060a700fda5cdcc3b2d.md)