[publish] Sanitized snapshot from c14f4aa

Source: platform_server main @ c14f4aa
Generated by: scripts/publish_to_serverclaw.py

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: 2 people

CLAUDE.md

@@ -293,7 +293,7 @@ real values into `platform.yml`. The publish pipeline sanitises the real values
 when syncing to the public mirror. The private repo's `platform.yml` must
 always reflect actual deployment reality.
 
-> **Incident**: This gap caused `headscale.lv3.org` DNS to point at `203.0.113.1`
+> **Incident**: This gap caused `headscale.example.com` DNS to point at `203.0.113.1`
 > (a non-routable documentation IP), breaking Tailscale VPN for the entire
 > deployment.
 

catalog/services/gitea/service.yaml

@@ -121,7 +121,7 @@ health:
     argv:
       - test
       - -x
-      - /opt/gitea/data/git/repositories/ops/proxmox_florin_server.git/custom_hooks/pre-receive
+      - /opt/gitea/data/git/repositories/ops/platform_server.git/custom_hooks/pre-receive
     success_rc: 0
     docker_publication:
       container_name: gitea

collections/ansible_collections/lv3/platform/roles/proxmox_network/tasks/main.yml

@@ -39,7 +39,7 @@
       placeholder. Writing this to /etc/network/interfaces causes TOTAL HOST LOCKOUT
       on the next reboot (wrong IP — server unreachable). Aborting convergence.
       Fix: ensure .local/identity.yml is injected via -e @.local/identity.yml.
-      See incident postmortem 2026-04-12 (6h outage on 65.108.75.123).
+      See incident postmortem 2026-04-12 (6h outage on 203.0.113.1).
 
 - name: Validate optional staging bridge inputs
   ansible.builtin.assert:

collections/ansible_collections/lv3/platform/roles/proxmox_security/tasks/main.yml

@@ -84,7 +84,7 @@
 # INPUT policy. If it crashes after setting DROP policy but before adding ACCEPT rules,
 # the host becomes unreachable. This guard detects that state, stops pve-firewall, and
 # aborts convergence so the operator can investigate.
-# Incident reference: 2026-04-12 — 6h outage on 65.108.75.123; root cause was
+# Incident reference: 2026-04-12 — 6h outage on 203.0.113.1; root cause was
 # placeholder IP in /etc/network/interfaces (wrong IP, not firewall), but this guard
 # provides defence-in-depth against the firewall-crash scenario.
 - name: Wait for pve-firewall to populate ACCEPT rules in PVEFW-HOST-IN (up to 30s)

config/health-probe-catalog.json

@@ -790,7 +790,7 @@
         "argv": [
           "test",
           "-x",
-          "/opt/gitea/data/git/repositories/ops/proxmox_florin_server.git/custom_hooks/pre-receive"
+          "/opt/gitea/data/git/repositories/ops/platform_server.git/custom_hooks/pre-receive"
         ],
         "success_rc": 0,
         "docker_publication": {

docs/adr/0371-parameterized-verify-tasks.md

@@ -24,9 +24,9 @@
 - Re-verified the latest realistic `origin/main@7b72694975ef8aae83e59d96c08dd27181595b2e`
   base (`repo 0.178.142`, `platform 0.178.141`) with exact-main replays for
   `repowise`, `litellm`, and `librechat`, plus direct controller-side health
-  verification of `https://repowise.lv3.org/health`,
+  verification of `https://repowise.example.com/health`,
   `http://10.10.10.20:4000/health/liveliness`, and
-  `https://chat.lv3.org/`.
+  `https://chat.example.com/`.
 
 ## Context
 

docs/adr/0373-service-registry-and-derived-defaults.md

@@ -356,11 +356,11 @@ If a role's migration breaks, the fix is to temporarily re-add the removed defau
   - `python3 scripts/interface_contracts.py --list`
   - `uv run --with pytest --with pyyaml --with jsonschema --with fastapi --with jinja2 --with python-multipart --with itsdangerous --with httpx python -m pytest -q tests/test_restic_config_backup.py tests/test_repo_intake_runtime_role.py tests/test_environment_topology.py tests/test_interface_contracts.py tests/test_validate_service_registry.py tests/test_validate_service_completeness.py tests/test_ansible_execution_scopes.py`
   - `make preflight WORKFLOW=live-apply-service`
-  - `LV3_PROXMOX_HOST_ADDR=65.108.75.123 LV3_PROXMOX_HOST_PORT=2222 make converge-restic-config-backup env=production`
+  - `LV3_PROXMOX_HOST_ADDR=203.0.113.1 LV3_PROXMOX_HOST_PORT=2222 make converge-restic-config-backup env=production`
   - `python3 scripts/trigger_restic_live_apply.py --env production --mode backup --triggered-by ws-0373-live-apply --live-apply-trigger`
   - `uv run --with ansible-core --with pyyaml --with nats-py python scripts/security_posture_report.py --env production --skip-trivy --audit-surface manual --print-report-json`
   - `python3 scripts/vulnerability_budget.py --service repo_intake`
-  - `ANSIBLE_COLLECTIONS_PATH="$PWD/collections:$PWD/.ansible/validation/collections" LV3_PROXMOX_HOST_ADDR=65.108.75.123 LV3_PROXMOX_HOST_PORT=2222 make live-apply-service service=repo_intake env=production ALLOW_IN_PLACE_MUTATION=true`
+  - `ANSIBLE_COLLECTIONS_PATH="$PWD/collections:$PWD/.ansible/validation/collections" LV3_PROXMOX_HOST_ADDR=203.0.113.1 LV3_PROXMOX_HOST_PORT=2222 make live-apply-service service=repo_intake env=production ALLOW_IN_PLACE_MUTATION=true`
 - The 2026-04-21 replay exposed and repaired two latest-main regressions before
   the final rerun:
   - `repo_intake_runtime` readiness used the unsupported `connect_timeout`
@@ -375,7 +375,7 @@ If a role's migration breaks, the fix is to temporarily re-add the removed defau
     `0.178.148` base and the integrated `0.178.149` tree
   - direct health checks on `http://127.0.0.1:8101/health` returned `{"status":"ok"}`
   - edge verification from the `nginx` guest returned the expected OAuth redirect
-    for `https://repo-intake.lv3.org/`
+    for `https://repo-intake.example.com/`
   - the systemd-backed restic runtime converged successfully after syncing
     `outline_client.py`, and the governed trigger refreshed
     `receipts/restic-backups/20260421T105958Z.json`,

docs/adr/0382-keycloak-sign-in-button-stuck-postmortem.md

@@ -17,7 +17,7 @@ ADR 0382 is now closed on the latest realistic `origin/main` base:
 version `0.178.143` at replay time.
 
 - The shared-edge certificate publication path now follows the effective live
-  Certbot lineage, so `home.lv3.org` and `sso.lv3.org` stay published after
+  Certbot lineage, so `home.example.com` and `sso.example.com` stay published after
   suffix rotation from `lv3-edge` to `lv3-edge-0001`.
 - The governed production replay of
   `make live-apply-service service=keycloak env=production ALLOW_IN_PLACE_MUTATION=true`
@@ -28,7 +28,7 @@ version `0.178.143` at replay time.
   Outline using the latest-main replayed state.
 - A fresh governed restore verification receipt
   `20260415T070524Z.json` passed and restored `4652` files from the historical
-  `/srv/proxmox_florin_server/receipts` snapshot path, confirming the
+  `/srv/platform_server/receipts` snapshot path, confirming the
   snapshot-root resolution fix still holds on mainline truth.
 
 ## Symptom

docs/adr/0410-docker-isolation-testing-and-ioc-completion.md

@@ -295,7 +295,7 @@ step-ca.docker-dev.local → step-ca container (172.30.10.99)
 ```
 
 This enables services to resolve each other by FQDN, matching production
-behavior where all services use `*.lv3.org`.
+behavior where all services use `*.example.com`.
 
 ### Phase 5: Test Scenarios and Timing (P2)
 

docs/adr/0413-sso-redirect-uri-and-service-topology-variable-drift.md

@@ -14,7 +14,7 @@ that together caused 7 of 17 services to be unavailable or broken.
 
 ### Bug Class 1 — SSO Redirect URI Mismatch (LibreChat / serverclaw client)
 
-When a user clicked "Login with Keycloak" on LibreChat (`chat.lv3.org`), Keycloak returned:
+When a user clicked "Login with Keycloak" on LibreChat (`chat.example.com`), Keycloak returned:
 
 ```
 We are sorry... An internal server error has occurred
@@ -53,22 +53,22 @@ play time, causing template rendering to silently fail or produce empty port num
 
 | Service | URL | Symptom | Broken variable |
 |---------|-----|---------|----------------|
-| Directus | data.lv3.org | 502 Bad Gateway | `directus_container_port` |
-| Paperless | paperless.lv3.org | 502 Bad Gateway | `paperless_service_topology` |
-| Coolify | coolify.lv3.org | 502 Bad Gateway | `coolify_dashboard_port` |
-| GlitchTip | errors.lv3.org | TLS + dead code | `glitchtip_internal_port` (dead code) |
+| Directus | data.example.com | 502 Bad Gateway | `directus_container_port` |
+| Paperless | paperless.example.com | 502 Bad Gateway | `paperless_service_topology` |
+| Coolify | coolify.example.com | 502 Bad Gateway | `coolify_dashboard_port` |
+| GlitchTip | errors.example.com | TLS + dead code | `glitchtip_internal_port` (dead code) |
 
 **Services with latent bugs (currently alive from old deployment):**
 
 | Service | URL | Broken variable | Risk |
 |---------|-----|----------------|------|
-| Dify | agents.lv3.org | `dify_port`, `dify_internal_base_url`, `dify_ollama_base_url` | Next converge would break port mapping |
+| Dify | agents.example.com | `dify_port`, `dify_internal_base_url`, `dify_ollama_base_url` | Next converge would break port mapping |
 
 **Services with TLS cert gaps (separate from above):**
 
 The nginx edge certificate `lv3-edge` was missing SANs for five subdomains that were
 added to the service topology after the last cert issuance:
-`grist.lv3.org`, `errors.lv3.org`, `bi.lv3.org`, `paperless.lv3.org`, `scheduler.lv3.org`.
+`grist.example.com`, `errors.example.com`, `bi.example.com`, `paperless.example.com`, `scheduler.example.com`.
 
 This causes hard TLS errors in browsers even when the backend containers are running.
 Fix: run `make converge-nginx-edge env=production` which will invoke certbot DNS-01
@@ -86,7 +86,7 @@ All other references (Keycloak client registration, service registry, tests)
 must match this value. The path `/oauth/openid/callback` is correct.
 
 **Immediate live fix:** Updated the Keycloak `serverclaw` client via the admin API
-on the live platform to register `https://chat.lv3.org/oauth/openid/callback`.
+on the live platform to register `https://chat.example.com/oauth/openid/callback`.
 This fix is reflected in code so the next `make converge-keycloak` is idempotent.
 
 ### 2. Eliminate all `platform_service_topology` references in role defaults
@@ -119,10 +119,10 @@ per ADR 0412).
 | Action | Command | Required for |
 |--------|---------|--------------|
 | Reissue TLS cert | `make converge-nginx-edge env=production` | grist, errors, bi, paperless, scheduler TLS |
-| Redeploy Directus | `make converge-directus env=production` | data.lv3.org 502 fix |
-| Redeploy Paperless | `make converge-paperless env=production` | paperless.lv3.org 502 fix |
-| Redeploy Coolify | `make converge-coolify env=production` | coolify.lv3.org 502 fix |
-| Investigate Superset | SSH to docker-runtime, `docker ps | grep superset` | bi.lv3.org — port chain correct, container may be stopped |
+| Redeploy Directus | `make converge-directus env=production` | data.example.com 502 fix |
+| Redeploy Paperless | `make converge-paperless env=production` | paperless.example.com 502 fix |
+| Redeploy Coolify | `make converge-coolify env=production` | coolify.example.com 502 fix |
+| Investigate Superset | SSH to docker-runtime, `docker ps | grep superset` | bi.example.com — port chain correct, container may be stopped |
 | Re-converge Keycloak | `make converge-keycloak env=production` | Pick up serverclaw redirect_uri fix |
 
 ---
@@ -142,7 +142,7 @@ per ADR 0412).
 - Four services (Directus, Paperless, Coolify, Superset) require a manual re-convergence
   to actually recover from 502. The code fix alone is not sufficient.
 - TLS cert expansion also requires a manual `make converge-nginx-edge` run.
-- Nomad scheduler (`scheduler.lv3.org`) has both a TLS cert gap and a backend timeout
+- Nomad scheduler (`scheduler.example.com`) has both a TLS cert gap and a backend timeout
   and requires separate investigation.
 
 ### Neutral