Welcome to Nebula Aurora! This checklist will get you fully set up to start contributing.
flowchart LR
subgraph "Week 1"
A[Admin Setup] --> B[Communication]
B --> C[Platform Access]
Dylan Fitzgerald arubis
arubis
/ setup-fix.patch
Last active
January 19, 2026 17:53
Fix for task a7f4ca61: Use docker pull instead of containerd export to avoid fuse-overlayfs whiteout corruption
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- setup.sh.orig 2026-01-19 | |
| +++ setup.sh 2026-01-19 | |
| @@ -433,12 +433,41 @@ tag_existing_image_as_v1() { | |
| } | |
| build_image() { | |
| echo "=== Building Docker image with bug ===" | |
| cd /tmp/repo | |
| - ctr --address /run/k3s/containerd/containerd.sock -n k8s.io image export pythonslim.tar docker.io/library/python:3.11-slim |
arubis
/ velero-task-fixes.patch
Created
January 15, 2026 17:33
Velero task fixes - missing images + broken JSON patch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- a/Dockerfile | |
| +++ b/Dockerfile | |
| @@ -10,6 +10,8 @@ | |
| RUN crane pull quay.io/minio/mc:latest /workdir/minio-mc.tar | |
| +RUN crane pull quay.io/minio/minio:RELEASE.2025-04-22T22-12-26Z /workdir/minio-server.tar | |
| + | |
| RUN crane pull velero/velero:v1.13.2 /workdir/velero.tar | |
| --- a/setup.sh |
arubis
/ velero-task-fix.patch
Last active
January 14, 2026 22:12
Velero task fix: air-gap compatible solution.sh (solution.sh changes only, no setup.sh changes needed)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- tasks/velero-backup-restore-minio/solution.sh 2026-01-14 12:47:37.901786653 -0700 | |
| +++ tasks/velero-backup-restore-minio-revised/solution.sh 2026-01-14 15:12:33.053285209 -0700 | |
| @@ -70,6 +70,7 @@ | |
| containers: | |
| - name: minio | |
| image: quay.io/minio/minio:RELEASE.2023-07-21T03-20-08Z | |
| + imagePullPolicy: IfNotPresent | |
| args: ["server", "/data"] | |
| env: | |
| - name: MINIO_ROOT_USER |
arubis
/ disaster-recovery-fixes.diff
Last active
January 13, 2026 16:55
disaster-recovery-and-backup task fixes - monitoring infrastructure and k3s PVC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/Dockerfile b/Dockerfile | |
| index 9e0d59a..ff08060 100644 | |
| --- a/Dockerfile | |
| +++ b/Dockerfile | |
| @@ -1 +1,2 @@ | |
| FROM nebula-devops | |
| +ENV ALLOWED_NAMESPACES="monitoring" | |
| diff --git a/setup.sh b/setup.sh | |
| index c8ffe86..1f5ed56 100755 | |
| --- a/setup.sh |
arubis
/ contractor-onboarding-draft.md
Last active
January 20, 2026 13:19
Contractor Onboarding Checklist - Nebula Aurora (Updated Jan 2026)
arubis
/ iam-deployment-solution-fix.patch
Created
January 12, 2026 17:28
Fix for iam-deployment task: Use internal cluster URL (port 8080) for Gitea-to-Keycloak OIDC discovery
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- a/solution.sh | |
| +++ b/solution.sh | |
| @@ -283,18 +283,32 @@ update_keycloak_client "$KC_TOKEN" "kong" \ | |
| echo ">>> Configuring Gitea SSO..." | |
| -# Check if auth source already exists | |
| -GITEA_AUTH_EXISTS=$(kubectl exec -n gitea deployment/gitea -- su git -c 'gitea admin auth list' 2>/dev/null | grep -i keycloak || true) | |
| +# Wait for Keycloak to be reachable from within the Gitea pod | |
| +# Note: Inside the cluster, use port 8080 (service port), not port 80 (ingress) | |
| +echo " Waiting for Keycloak to be reachable from Gitea pod..." |
arubis
/ apex-workflows-integration-options.md
Created
January 12, 2026 16:54
Options for integrating apex-workflows with Nebula when Nebula needs its own .claude directory
arubis
/ fix-minio-setup-explanation.md
Created
January 7, 2026 00:56
Fix for end-to-end-security-hardening task setup.sh (MinIO deployment conflict)
The task's setup.sh fails during bootstrap with:
The Deployment "bleater-minio" is invalid:
* spec.template.spec.containers[0].env[0].valueFrom: Invalid value: "": may not be specified when `value` is not empty
* spec.template.spec.containers[0].env[1].valueFrom: Invalid value: "": may not be specified when `value` is not empty
arubis
/ rollout7-permission-workaround-analysis.md
Created
January 6, 2026 20:49
Agent container escape analysis - automated-backup-recovery-v2 rollout 7
Task: automated-backup-recovery-v2
Rollout: 7 (the only passing run out of 10)
Apex UI: https://apex-ui-v2-319533213591.us-central1.run.app/tasks/3d71a6b7-e1eb-4112-822c-29619909cc8a?tab=rollouts
The task requires the agent to create restore scripts in /tmp/restore/ on the host filesystem. However, this directory was created by root during setup with 755 permissions, meaning the ubuntu user (which the agent runs as) cannot write to it.
arubis
/ autogrep-rfc003-evaluation.md
Last active
January 2, 2026 21:02
Claude Code Memory Frameworks: Strategic Analysis for RSOLV (v2.0 - Revised)
Date: 2026-01-02 Purpose: Evaluate AutoGrep as an accelerator for RFC-003 (Learning Security System)
AutoGrep is an open-source tool (Apache 2.0) that automates Semgrep rule generation from vulnerability patches using LLMs. It directly addresses the core challenge of RFC-003: converting security fixes into reusable detection rules.
NewerOlder