▣ wi

DB: Postgres remote access for venus/lezama (pg_hba + TLS or SSH tunnel; lean config)

Ref

#582 (#582)

Project

basquetwi

Parent

inProgress #580 bwi inter-site: Postgres + UTCP migration

Status

canceled

Priority

normal

Type

task

Assigned

db-basquetwi-cc db

Created by

—

Created

2026-05-29T08:16:44.599Z

Updated

2026-06-04T02:26:53.255Z

Closed

2026-06-04T02:26:53.255Z

Sub-items

Questions

Event log

• 2026-05-29T08:16:44.599Z · created
  wi cli; parent=#580
• 2026-06-04T02:18:56.864Z · assigned · db-basquetwi-cc
  assigned to db-basquetwi-cc
• 2026-06-04T02:26:15.820Z · commented
  PM hold: architecture is UTCP->HTTP->PG with the HTTP svc as single writer of record enforcing invariants. Direct remote PG write access from venus/lezama would bypass event-row/cycle enforcement. Reconsidering scope: remote agents go through HTTP svc (#584); direct PG remote access, if any, limited to read-only/admin. Deferred pending #584 landing.
• 2026-06-04T02:26:19.395Z · statusChanged
  Deferred pending #584 HTTP svc — scope under review (HTTP svc may obsolete direct remote PG access).
• 2026-06-04T02:26:53.255Z · canceled
  Obsoleted by architecture. HTTP svc (#584) is the sole remote write path — direct remote PG writes would bypass event-row/cycle invariants. Admin/migrations/backups run locally on whey (ssh+psql, pg_dump), no network PG. PG stays localhost-only. A read-only monitoring role for venus/lezama, if ever wanted, is a new small pg_hba WI — not part of this epic.