Skip to content

Migrated from ADR-0031 on 2026-05-02 per ADR-0047. Source file retained with deprecation banner at docs/adr/0031-alienware-workstation-as-code.md.

DEV-0002 — CanEast AI Node Workstation-as-Code

Field Value
Status Accepted
Date 2026-04-13
Author Ben Peries
Sources ADR-0031

Context

The CanEast AI Node (REDACTED, WSL) is the primary developer and orchestration workstation for the Archon Platform (see DEV-0001). At the time of this decision:

  • ~/.claude/CLAUDE.md (global Claude Code context) was not in git
  • ~/.claude/agents/ (20 ccagnt- agents) was not in git
  • ~/.claude/settings.json was not in git
  • No Ansible role managed the workstation post-reset
  • CanEast AI Node was absent from the caneast-it AWX inventory
  • A WSL reset would require full manual reconstruction of the dev environment

This creates a recovery gap inconsistent with the platform's AI Portability principle (DEV-0001): platform state must survive hardware and session resets.

Decision

1. No new repo

Workstation management lives inside archon-platform. No separate repo.

2. CanEast AI Node in caneast-it inventory

Add CanEast AI Node to the caneast-it Ansible inventory as a [dev-nodes] group. Tag: dev/workstation. Excluded from production playbook runs. SSH user: ansible-svc-account (IAM-0003). Credentials via Infisical (IAM-0001).

3. Ansible role roles/alienware-dev/

Create ansible/roles/alienware-dev/ in archon-platform with tasks: - packages — apt: git, curl, jq, unzip, build-essential - docker — Docker CE install and service config - kubectl — install + kubeconfig from caneast-site1-node3 - infisical-cli — install + authenticate - gpu-driver — CUDA + Ollama GPU stack (tagged alienware-gpu, excluded from default run pending security architecture review) - claude-code — install nvm, Node LTS, @anthropic-ai/claude-code

4. Bootstrap script scripts/alienware-setup.sh

WSL bootstrap entry point. Runs on a fresh WSL instance before Ansible is available. Responsibilities: clone archon-platform, install Ansible, run alienware-dev role.

5. Claude Code config in archon-platform/config/claude/

Store Claude Code config in archon-platform/config/claude/ as the canonical source: - config/claude/CLAUDE.md — copy of ~/.claude/CLAUDE.md - config/claude/agents/ — all 20 ccagnt- agent definitions - config/claude/settings.json — sanitized (no tokens, no PATs)

alienware-setup.sh copies config/claude/~/.claude/ during bootstrap. This satisfies AI Portability: Claude Code context survives WSL reset.

config/claude/ must be kept in sync manually after agent or CLAUDE.md changes. Mitigation: sync reminder in session-light agent end-of-session checklist.

6. Pre-commit hook for secret scanning

scripts/git-hooks/pre-commit-secrets scans for PAT|TOKEN|PASSWORD|API_KEY|SECRET patterns before any commit in this path.

.gitignore covers: secrets.yml, *.env, settings.local.json, credential files.

settings.json must be sanitized before commit — tokens stripped, paths generalized.

7. NVM-aware cron wrapper scripts

NVM-aware cron wrapper scripts belong in archon-platform/scripts/ and are sourced via ~/homelab/scripts/ symlink or direct copy on the workstation.

Rationale: Hardcoded NVM paths (e.g., ~/.nvm/versions/node/vX.Y.Z/bin/) in crontab entries break silently on Node version upgrades. All cron jobs invoking Node-based tooling must call a wrapper script that sources nvm.sh at runtime.

Current scripts in scope: - scripts/ccusage-cron.sh — sources nvm.sh then delegates to ccusage(1). Powers two crontab entries on the CanEast AI Node workstation: 

59 23 * * *  ~/homelab/scripts/ccusage-cron.sh export --output ~/homelab/data/claude-usage/
 0  0 * * *  ~/homelab/scripts/ccusage-cron.sh export --days 30 --output ~/homelab/data/claude-usage/
Output directory: ~/homelab/data/claude-usage/

Consequences

Positive: - Full workstation recovery from a single script after WSL reset - Claude Code agents and global CLAUDE.md are version-controlled and ADO-backed - CanEast AI Node managed consistently with other caneast-it nodes - AI Portability principle extended to developer tooling layer

Negative: - config/claude/ requires manual sync after agent or CLAUDE.md changes - settings.json must be sanitized before commit

Neutral: - GPU stack (Ollama, tagged alienware-gpu) excluded from default role run

References

  • DEV-0001 — Developer environment (Claude Code, WSL, MCP strategy)
  • DEV-0003 — Workstation Secret Zero (Infisical bootstrap credential)
  • IAM-0001 — Infisical secrets management
  • IAM-0003 — Ansible service account (ansible-svc-account)
  • ansible/roles/alienware-dev/ — Ansible role
  • scripts/alienware-setup.sh — WSL bootstrap entry point
  • config/claude/ — Canonical Claude Code config source