docs(migrate): harvest CLI, source-SSH & non-interactive learnings#15
Open
Hermsi1337 wants to merge 3 commits into
Open
docs(migrate): harvest CLI, source-SSH & non-interactive learnings#15Hermsi1337 wants to merge 3 commits into
Hermsi1337 wants to merge 3 commits into
Conversation
Add pitfalls #26–#27 and wire them into the files/mysql playbooks and the surfaces reference, all verified against mw 1.18.0: - #26 `mw app exec COMMAND` is a single positional arg — wrap in `bash -c` - #27 `-o json` (reads) vs `-q` (mutations); `-o` is a file flag on dump Fix the mysql dump/import Rosetta rows in mittwald-surfaces.md (they showed shell redirection instead of the -o/-i file flags). Document `--temporary-user` as working — an operator-reported 404 did not reproduce on mw 1.18.0. The undocumented admin-password policy learning was filed upstream instead (mittwald/cli#1968) rather than baked in as a skill workaround. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
483064a to
3b26a94
Compare
…overload Extends the CLI-learnings harvest with learnings surfaced while driving the skill programmatically (huebscher POC) — all verified against `mw 1.19.0`. - Pitfall #28: reaching the SOURCE over SSH non-interactively — password-only and unknown-host-key prompts stall agent/CI runs. Fix via `sshpass -e`, `StrictHostKeyChecking=accept-new`, or `~/.ssh/config`. Wired into migrate-files.md and migrate-mysql.md source-pull steps. - ssh-modes.md: new "Source-side SSH access" section (the reference was target-only), plus the mw SSH commands' `--ssh-identity-file` / `--ssh-user` and `MITTWALD_SSH_IDENTITY_FILE` / `MITTWALD_SSH_USER` env (verified 1.19.0). - references/non-interactive.md: contract for driving the skill headless (Agent SDK / `claude -p` / CI) — pre-supply decisions, auto-answer gates, secrets via env, keep the confirm-before-mutate discipline. Indexed in SKILL.md. - Pitfall #27: note the `-i` overload too (`--installation-id` on mw app exec vs `--input` on mw database mysql import/dump). - SKILL.md: pitfalls count 25 -> 28. Gates: markdownlint 0 errors, internal links resolve, validate-skills.sh passes. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Follow-up to review feedback: the skill should set a frame, not prescribe specifics the operator supplies. - Pitfall #28 / ssh-modes "Source-side SSH access": drop the "target is always key-based" overclaim and the step-by-step recipe. Source auth is the operator's to state; the only rule is "make it non-interactive for unattended runs", with sshpass / accept-new given as examples, not mandates. - Remove references/non-interactive.md (the headless driving contract) — it dictated how the caller configures their own harness, which is the skill user's domain, not the skill's. - Trim the mw --ssh-identity-file note in surfaces.md to a plain capability fact. Gates: markdownlint 0 errors, internal links resolve, validate-skills.sh passes. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Harvests operator-reported
mittwald-migratelearnings into the skill. Every claim was verified againstmw 1.18.0before writing (per DEVELOPING.md §"Harvesting migration-learnings issues" step 3) — including a live reproduction attempt in a throwaway project for the one bug-shaped claim.New pitfalls (verified)
mw app exec COMMANDis a single positional argument. Pipes/redirects/chaining needbash -cwrapping. Confirmed againstmw app exec --help. Wired intomigrate-files.mdas an alternative to hand-assembling the SSH address.-o jsonon read/list commands,-qon mutations;-oonmw database mysql dumpis the output file, not a format. Route by command kind. Wired intomittwald-surfaces.md.Runbook fix
mittwald-surfaces.mddump/import Rosetta rows showed shell redirection (> dump.sql/< dump.sql); the CLI actually takes-o/-ifile flags (-for std streams),--gzip, and-p=--mysql-password(not project-id). Corrected.Claim that did NOT survive verification
An operator reported
mw database mysql import --temporary-user404ing while fetching the temp user before import. Reproduced live onmw 1.18.0in a throwaway managed MySQL DB — it completed cleanly (temp user created + import + temp user removed; data verified via round-trip dump). Documented--temporary-useras working, with a note that the 404 was version-specific — deliberately not baked in as a standing bug (avoids the documentation-rot trap of Pitfall #21).Filed upstream instead of harvested
The operator also hit an undocumented admin-password complexity policy on
mw app install … --admin-pass. Rather than bake a workaround into the skill, this was filed as a CLI issue: mittwald/cli#1968 (document the policy / return a clearer error / optionally add a password-generator flag).Notes
migration-learningsissue backs this (learning came in directly) — nothing to close.validate-skills.shpasses.🤖 Generated with Claude Code
Follow-up commits — source-SSH guidance &
-ioverloadTwo small additions beyond the CLI-flag learnings, surfaced while driving the skill programmatically (the
huebscherPOC) and verified againstmw 1.19.0:sshpass -efor a password,StrictHostKeyChecking=accept-newon first connect). New "Source-side SSH access" section inssh-modes.md(the reference was target-only), referenced from the source-pull steps ofmigrate-files.md/migrate-mysql.md.mwSSH env vars —MITTWALD_SSH_IDENTITY_FILE/MITTWALD_SSH_USER(and--ssh-identity-file/--ssh-user) select the key/user for the SSH-tunnelling commands; noted inmittwald-surfaces.md.-ioverload added (--installation-idonmw app execvs--inputonmw database mysql import/dump).SKILL.mdpitfalls count 25 → 28.A first pass also added a
non-interactive.md"headless driving contract"; it was removed on review — it prescribed how a caller configures their own harness, which is the skill user's domain, not the skill's. The skill sets a frame; the operator supplies the specifics.Deliberately left out (verification discipline): the native domain-migration API and a classic-mittwald-source discovery path — both need live two-token / classic-platform verification, so no unverified API claims went in.