The dedicated mc-forge droplet (159.203.170.249:3000/mcadmin) is gone; the forge
now rides a shared services box, addressed by the stable hostname
forge.mc.uvlava.com/applications. The cloud-DX toolchain still pointed at the dead
endpoint, so every worker clone + golden-image build was broken.
- scripts/lib/forge-remote.sh: single source of truth — builds the authenticated
clone URL from the hostname + ~/.vault/services-forge-token (relocation-proof;
no hardcoded IP). Exports MC_FORGE_GIT_REMOTE.
- cloud-bringup.sh / dist.sh: source the helper instead of the dead
mc_forge_creds + 159.203 URL. Also fix cloud-bringup REPO path to the current
@mc/@applications/magicciv location.
- settings.local.json autoMode trust block: name the new forge host + 'mc' DO
project (was 159.203 + 'mc:dev'), else cloud provisioning is denied as exfil.
- cloud-dx-do.md: document the new forge + token.
Verified: helper authenticates to the live forge (ls-remote main); scripts parse;
JSON valid.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Packer destroys its build droplet on a clean finish, but a killed/slept/
network-dropped run leaves the s-8vcpu-16gb-amd builder alive (~$192/mo).
This happened once already (.project/handoffs/20260629_packer-cross-account-leak.md).
Two defense layers:
- scripts/cull-orphan-builders.sh reaps leftover builders by name prefix
(mc-packer-* / legacy packer-*) with a size guard and an optional age guard;
pins the MC token via --access-token.
- cloud-bringup.sh calls it in its EXIT trap, so a failed/Ctrl-C'd build reaps
its own builder.
- infra/launchd/com.uvlava.mc.cull-builders.plist sweeps every 30m with
--min-age-min 90 to catch SIGKILL/power-loss cases no trap can.
golden-image.pkr.hcl names the builder mc-packer-<ts> for deterministic matching.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
