Skip to content

Deprecated — Migrated to DEV-0002 on 2026-05-02 per ADR-0047. This source file is retained as a reference; the canonical content is in DEV-0002.

ADR-0031 — CanEast AI Node Workstation-as-Code

Date: 2026-04-13 Status: Accepted Area: Platform Deciders: Ben Peries

Context

The CanEast AI Node (REDACTED, WSL) is the primary developer and orchestration workstation for the Archon Platform. Currently:

  • ~/.claude/CLAUDE.md (global Claude Code context) is not in git
  • ~/.claude/agents/ (20 ccagnt- agents) is not in git
  • ~/.claude/settings.json is not in git
  • No Ansible role manages the workstation post-reset
  • CanEast AI Node is absent from the caneast-it AWX inventory
  • A WSL reset would require full manual reconstruction of the dev environment

This creates a recovery gap inconsistent with the platform's AI Portability principle (ADR-0026): platform state must survive hardware and session resets.

Decision

  1. No new repo. Workstation management lives inside archon-platform.

  2. Add CanEast AI Node to caneast-it Ansible inventory as a [dev-nodes] group. Tag: dev/workstation. Excluded from production playbook runs. SSH user: ansible-svc-account (ADR-0014). Credentials via Infisical (ADR-0002).

  3. Create Ansible role roles/alienware-dev/ in archon-platform with tasks:

  4. packages (apt: git, curl, jq, unzip, build-essential)
  5. docker (Docker CE install and service config)
  6. kubectl (install + kubeconfig from caneast-site1-node3)
  7. infisical-cli (install + authenticate)
  8. gpu-driver (CUDA + Ollama GPU stack, tagged alienware-gpu)

  9. claude-code (install nvm, Node LTS, @anthropic-ai/claude-code)

  10. Create scripts/alienware-setup.sh as the WSL bootstrap entry point. Runs on a fresh WSL instance before Ansible is available. Responsibilities: clone archon-platform, install Ansible, run alienware-dev role.

  11. Store Claude Code config in archon-platform/config/claude/ as canonical source:

  12. config/claude/CLAUDE.md (copy of ~/.claude/CLAUDE.md)
  13. config/claude/agents/ (all 20 ccagnt- agent definitions)

  14. config/claude/settings.json (sanitized -- no tokens, no PATs) alienware-setup.sh copies config/claude/ → ~/.claude/ during bootstrap. This satisfies AI Portability: Claude Code context survives WSL reset.

  15. Pre-commit hook at scripts/git-hooks/pre-commit-secrets scans for PAT|TOKEN|PASSWORD|API_KEY|SECRET patterns before any commit in this path. .gitignore covers: secrets.yml, *.env, settings.local.json, credential files.

  16. NVM-aware cron wrapper scripts belong in archon-platform/scripts/ and are sourced via ~/homelab/scripts/ symlink or direct copy on the workstation. Rationale: hardcoded NVM paths (e.g., ~/.nvm/versions/node/vX.Y.Z/bin/) in crontab entries break silently on Node version upgrades. All cron jobs that invoke Node-based tooling (ccusage, claude, etc.) must call a wrapper script that sources nvm.sh at runtime rather than embedding a versioned path.

Current scripts in scope: - scripts/ccusage-cron.sh — sources nvm.sh then delegates to ccusage(1). Powers two crontab entries on the CanEast AI Node workstation: 59 23 * * * ~/homelab/scripts/ccusage-cron.sh export --output ~/homelab/data/claude-usage/ 0 0 * * * ~/homelab/scripts/ccusage-cron.sh export --days 30 --output ~/homelab/data/claude-usage/ Output directory: ~/homelab/data/claude-usage/

Consequences

Positive: - Full workstation recovery from a single script after WSL reset - Claude Code agents and global CLAUDE.md are version-controlled and ADO-backed - CanEast AI Node managed consistently with other caneast-it nodes - AI Portability principle extended to developer tooling layer

Negative: - config/claude/ must be kept in sync manually after agent or CLAUDE.md changes (mitigation: add sync reminder to session-light agent end-of-session checklist) - settings.json must be sanitized before commit -- tokens stripped, paths generalized

Neutral: - GPU stack (Ollama) tagged alienware-gpu and excluded from default role run pending security architecture review (existing backlog item)

ADR Hygiene

Before creating a new ADR, verify no number conflict exists:

ls docs/adr/ | grep -oP '^\d+' | sort | uniq -d

Any output indicates a duplicate ADR number. Resolve before merging. AI agents and humans both create ADRs — run this check in every archon-docs PR that touches docs/adr/. Known unresolved conflict as of 2026-04-20: ADR-0032 has two files (0032-k3s-cp-migration-caneast-site1-node4.md and ADR-0032-workstation-secret-zero.md); tracked in WI-263 for follow-up.

References

  • ADR-0002: Secrets Management (Infisical)
  • ADR-0012: Node baseline Ansible roles
  • ADR-0014: Ansible service account (ansible-svc-account)
  • ADR-0021: AWX as Ansible control plane
  • ADR-0026: AI Portability principle