Skip to content

fix(cloud): temporarily relax PAYMENT_REQUIRE_NATIVE to restore service#255

Merged
Svaag merged 1 commit into
mainfrom
fix/cloud-relax-native-payment-temp
Jun 16, 2026
Merged

fix(cloud): temporarily relax PAYMENT_REQUIRE_NATIVE to restore service#255
Svaag merged 1 commit into
mainfrom
fix/cloud-relax-native-payment-temp

Conversation

@Svaag

@Svaag Svaag commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

Incident

cloud.hyrule.host is down (502). hyrule-cloud's startup guard (PAYMENT_REQUIRE_NATIVE=true requires BTC and XMR ready) refuses to boot because monero-wallet-rpc won't start:

  • view-key secret was missing → fixed by operator (now a real key);
  • but it now fails on invalid wallet password + ringdb permission denied (/home/hyrule/.shared-ringdb).

Not caused by the launch-proof promotiongit diff 270b65d 81e4316 -- hyrule_cloud/app.py is empty; the deploy restart merely exposed a pre-existing Monero bootstrap break.

Change (temporary)

hyrule-cloud.env.ctmpl.j2: PAYMENT_REQUIRE_NATIVE=truefalse, so the app boots without requiring native XMR. BTC + x402 USDC still work; native XMR payment temporarily unavailable. Clearly commented as temporary; revert to true once monero-wallet-rpc is healthy.

Validation

  • scripts/ci/iac-static.sh — pass
  • ansible-playbook playbooks/cloud.yml --syntax-check — pass

Rollout

After merge: apply.yml playbook=cloud limit=api (production gate) → re-renders env + restarts → health check passes → cloud restored.

Follow-up: fix monero-wallet-rpc (wallet password mismatch + ringdb perms), then restore PAYMENT_REQUIRE_NATIVE=true (tracked separately).

INCIDENT: cloud.hyrule.host is down (502). The hyrule-cloud startup guard
(app.py: PAYMENT_REQUIRE_NATIVE=true requires BTC+XMR ready) blocks boot
because monero-wallet-rpc won't start: after fixing the missing view-key
secret, it now fails on an invalid wallet password + ringdb permission denied
(/home/hyrule/.shared-ringdb). Not caused by the launch-proof promotion
(app.py unchanged between SHAs) — the deploy restart merely exposed it.

Set PAYMENT_REQUIRE_NATIVE=false so the app boots without requiring native
XMR. BTC + x402 USDC payment still work; native XMR is temporarily
unavailable. Restore to true once monero-wallet-rpc is healthy.

Local validation: scripts/ci/iac-static.sh; cloud playbook syntax-check.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@Svaag Svaag requested a review from a team as a code owner June 16, 2026 16:37
@Svaag Svaag added bug Something isn't working agentic-isp AS215932/Hyrule agentic ISP operating-loop work labels Jun 16, 2026
@github-actions

Copy link
Copy Markdown
Contributor

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪
🏅 Score: 75
🧪 No relevant tests
🔒 No security concerns identified
⚡ Recommended focus areas for review

Missing Revert Ticket

The comment explicitly describes this as temporary but provides no link to a tracking issue or ticket number. In a high-risk infrastructure-as-code repo, a temporary disable with no tracking mechanism is a common operational footgun — it almost always becomes permanent. Add a reference to the follow-up ticket or create one if none exists before merge.

# TEMPORARY: set to false to restore service while the Monero wallet-rpc
# bootstrap is broken (invalid wallet password + ringdb permission denied on
# /home/hyrule/.shared-ringdb). XMR native payment is unavailable until then;
# BTC + x402 USDC still work. Restore to true once monero-wallet-rpc is healthy.
PAYMENT_REQUIRE_NATIVE=false
No Dry-Run Assertion

Although the PR description mentions static check and syntax-check passing, there is no evidence that the re-rendered template was validated via the deploy pipeline's dry-run gate (e.g., --check --diff on the Vault-agent template render). A rendered env file with a typo or Vault path issue could take the whole cloud service down again on its own, even if the app boots. Add a CI step or manual verification that the template renders correctly with the actual Vault secrets before merge.

# TEMPORARY: set to false to restore service while the Monero wallet-rpc
# bootstrap is broken (invalid wallet password + ringdb permission denied on
# /home/hyrule/.shared-ringdb). XMR native payment is unavailable until then;
# BTC + x402 USDC still work. Restore to true once monero-wallet-rpc is healthy.
PAYMENT_REQUIRE_NATIVE=false
PAYMENT_BTC_XPUB={{ .Data.data.btc_xpub }}

@github-actions

Copy link
Copy Markdown
Contributor

PR Code Suggestions ✨

No code suggestions found for the PR.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5fc8d05a3a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

# bootstrap is broken (invalid wallet password + ringdb permission denied on
# /home/hyrule/.shared-ringdb). XMR native payment is unavailable until then;
# BTC + x402 USDC still work. Restore to true once monero-wallet-rpc is healthy.
PAYMENT_REQUIRE_NATIVE=false

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Disable Monero service startup for the mitigation

With the production api inventory still setting hyrule_cloud_monero_wallet_rpc_enabled: true (ansible/inventory/host_vars/api.yml:5), this env-only relaxation does not remove the apply-time dependency on the failed wallet RPC. The cloud apply imports vault.yml before health.yml, and vault.yml still runs state: started for monero-wallet-rpc.service when that flag is true (ansible/roles/hyrule_cloud/tasks/vault.yml:148-154), so in the exact incident described here (invalid wallet password/ringdb permission causing the service not to start) the production apply can fail before the post-deploy health check rather than completing the restore; also disable/bypass that service or make it non-blocking while PAYMENT_REQUIRE_NATIVE=false.

Useful? React with 👍 / 👎.

@Svaag Svaag merged commit f3e1c12 into main Jun 16, 2026
12 checks passed
Svaag added a commit that referenced this pull request Jul 3, 2026
Conflict resolutions:
- host_vars/api.yml: keep main's hyrule_cloud_monero_wallet_rpc_enabled: true
  (monero-wallet-rpc is active on api today; the branch's June disable is
  superseded by the #268 plan) and main's app SHA pins.
- hyrule_cloud/defaults required_env_keys: keep main's list; deliberately NOT
  adding HYRULE_BGP_INGEST_TOKEN — the render hook requires non-empty values
  and bgp_ingest_token is unconfirmed in Vault. The env line ships with an
  empty default; add to the required list after seeding Vault.
- vault_agent hyrule-cloud.env.ctmpl.j2 + configs/hyrule-cloud.env.j2: take
  the branch's Vault-toggleable PAYMENT_REQUIRE_NATIVE (default false, same
  behavior as main's #255 relax) and keep both appended blocks (branch BGP
  data/ingest + main customer-IPv6 provisioning).
- generated/noc/nftables.conf: keep all three post-base rules (extmon
  webhook, proxy dashboard, loop callback) in host_vars order; verified by
  re-rendering (firewall.yml --tags validate --limit noc → changed=0).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

agentic-isp AS215932/Hyrule agentic ISP operating-loop work bug Something isn't working Review effort 2/5

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant