bd daemon sync: 2026-01-16 11:58:58

.beads/issues.jsonl

@@ -161,7 +161,7 @@
 {"id":"ops-jrz1-vix","title":"Evaluate home-manager for per-user config","description":"Evaluate whether home-manager adds value for our setup.\n\n## What home-manager could manage\n- Shell config (.bashrc, .zshrc)\n- Git config (.gitconfig)\n- Tool configs (~/.config/*)\n- direnv integration\n\n## Questions\n- Do we need declarative per-user dotfiles?\n- Is the complexity worth it for a small team?\n- Can we start without it and add later?\n\n## Recommendation from consensus\n\"Optional but recommended\" - good for pushing default configs to all devs.\nStart without it, add if pain point emerges.","status":"open","priority":3,"issue_type":"task","created_at":"2026-01-02T16:36:04.849881753-08:00","created_by":"dan","updated_at":"2026-01-02T16:36:04.849881753-08:00"}
 {"id":"ops-jrz1-vw4","title":"Create watchdog-scripts package (writeShellApplication)","description":"Package killswitch, cpu-watchdog, egress-watchdog using writeShellApplication. Include runtimeInputs for procps, gawk, systemd, etc. These scripts are NOT added to PATH - only referenced directly by systemd services.","status":"closed","priority":2,"issue_type":"task","created_at":"2026-01-03T08:39:53.745385806-08:00","created_by":"dan","updated_at":"2026-01-03T09:20:08.62999227-08:00","closed_at":"2026-01-03T09:20:08.62999227-08:00","close_reason":"Implemented watchdog-scripts (killswitch, cpu-watchdog, egress-watchdog) using writeShellApplication with proper runtimeInputs"}
 {"id":"ops-jrz1-w1ll","title":"Document and test disaster recovery restore procedure","description":"Goal: Be able to restore user data from B2 backups in case of disaster, misconfiguration, or user error.\n\n## Scope\n- Document step-by-step restore procedure for each backup type:\n  - PostgreSQL databases (forgejo, mautrix_slack)\n  - Forgejo repos and state\n  - Matrix homeserver (RocksDB)\n  - Maubot plugins/state\n- Test restore to a fresh system or /tmp\n- Document partial restore (single database, single user's repos)\n- Quarterly restore drill schedule\n\n## Acceptance\n- Written runbook in docs/\n- At least one successful test restore\n- Restore time estimate documented","status":"open","priority":2,"issue_type":"task","created_at":"2026-01-10T13:53:16.948489834-08:00","created_by":"dan","updated_at":"2026-01-10T13:53:16.948489834-08:00","dependencies":[{"issue_id":"ops-jrz1-w1ll","depends_on_id":"ops-jrz1-r177","type":"blocks","created_at":"2026-01-10T14:02:01.261838782-08:00","created_by":"dan"},{"issue_id":"ops-jrz1-w1ll","depends_on_id":"ops-jrz1-y8le","type":"blocks","created_at":"2026-01-10T14:02:01.297605462-08:00","created_by":"dan"}]}
-{"id":"ops-jrz1-w1mb","title":"Bug: VS Code Claude extension loses auth on restart","description":"## Symptom\nClaude Code VS Code extension may lose API key authentication after VS Code restart.\n\n## To investigate\n1. Check if issue occurs with local VS Code or Remote-SSH or both\n2. Determine where credentials are stored (settings.json, keychain, etc.)\n3. Check extension logs for auth errors on startup\n4. Test persistence across: restart, reload window, reconnect\n\n## Impact\nBreaks dev workflow - need to re-auth frequently.","status":"in_progress","priority":3,"issue_type":"bug","owner":"dleink@gmail.com","created_at":"2026-01-15T21:55:03.276834742-08:00","created_by":"Dan","updated_at":"2026-01-15T21:55:44.565930126-08:00"}
+{"id":"ops-jrz1-w1mb","title":"Bug: VS Code Claude extension loses auth on restart","description":"## Symptom\nClaude Code VS Code extension loses API key authentication after VS Code restart.\n\n## Root Cause Found\nhome-manager symlinks ~/.config/Code/User/settings.json to read-only Nix store.\nVS Code extensions cannot persist settings/auth state.\n\n## Workaround\nLogin via CLI first: claude /login\nExtension reads shared credentials from ~/.claude/.credentials.json\n\n## Fix\nFiled dotfiles-j06 to address home-manager VS Code config.\n\n## References\n- GitHub anthropics/claude-code#12204","status":"closed","priority":3,"issue_type":"bug","owner":"dleink@gmail.com","created_at":"2026-01-15T21:55:03.276834742-08:00","created_by":"Dan","updated_at":"2026-01-16T11:58:58.256452631-08:00","closed_at":"2026-01-16T11:58:58.256452631-08:00","close_reason":"Root cause identified: home-manager read-only symlink. Filed dotfiles-j06 for fix."}
 {"id":"ops-jrz1-w68","title":"Remote dev environment security and setup research","description":"Research and test security/setup questions for learner remote dev environments.\n\n## Context\nTwo dev paths identified:\n1. **Server-first**: SSH in, run agentic coders on server\n2. **Local VS Code**: Remote-SSH extension, code on server\n\nBoth have open questions around sandboxing, system packages, deployment access, and security boundaries.\n\n## Scope\n- System package management for learners\n- User isolation and sandboxing options\n- Agentic coder security (what can Claude do?)\n- Deployment pipeline security\n- VS Code extension behavior testing\n- Resource limits and quotas\n\n## Deliverables\n- Answers to open questions (documented)\n- Security recommendations\n- Implementation plan for chosen approach","status":"open","priority":2,"issue_type":"epic","created_at":"2026-01-02T12:26:48.104374079-08:00","created_by":"dan","updated_at":"2026-01-02T12:26:48.104374079-08:00","dependencies":[{"issue_id":"ops-jrz1-w68","depends_on_id":"ops-jrz1-9pe","type":"blocks","created_at":"2026-01-02T12:27:59.277687811-08:00","created_by":"dan"},{"issue_id":"ops-jrz1-w68","depends_on_id":"ops-jrz1-ghd","type":"blocks","created_at":"2026-01-02T12:27:59.32841874-08:00","created_by":"dan"},{"issue_id":"ops-jrz1-w68","depends_on_id":"ops-jrz1-3b1","type":"blocks","created_at":"2026-01-02T12:27:59.375858081-08:00","created_by":"dan"},{"issue_id":"ops-jrz1-w68","depends_on_id":"ops-jrz1-3au","type":"blocks","created_at":"2026-01-02T12:27:59.428509997-08:00","created_by":"dan"},{"issue_id":"ops-jrz1-w68","depends_on_id":"ops-jrz1-3jo","type":"blocks","created_at":"2026-01-02T12:27:59.473581774-08:00","created_by":"dan"},{"issue_id":"ops-jrz1-w68","depends_on_id":"ops-jrz1-bbn","type":"blocks","created_at":"2026-01-02T12:27:59.523975339-08:00","created_by":"dan"}]}
 {"id":"ops-jrz1-wj2","title":"Design API key provisioning strategy","description":"opencode needs API keys (OpenAI, Anthropic). Options: 1) Shared key with proxy + rate limiting, 2) Per-user keys in sops-nix. Need to prevent key exposure and enable usage tracking.","status":"closed","priority":1,"issue_type":"task","created_at":"2025-12-05T15:32:19.526073243-08:00","updated_at":"2025-12-05T17:25:10.534718515-08:00","closed_at":"2025-12-05T17:25:10.534718515-08:00","dependencies":[{"issue_id":"ops-jrz1-wj2","depends_on_id":"ops-jrz1-3so","type":"parent-child","created_at":"2025-12-05T17:05:47.103332379-08:00","created_by":"daemon","metadata":"{}"}]}
 {"id":"ops-jrz1-xoad","title":"Create release cycle and changelog process","description":"Need a way to communicate changes to users - changelog, release notes, or similar","status":"open","priority":3,"issue_type":"task","created_at":"2026-01-10T13:49:46.492349303-08:00","created_by":"dan","updated_at":"2026-01-10T13:49:46.492349303-08:00"}