The Foundry

Every process running on the Hermitage VM — from the primary NGINX ingress controller and the PostgreSQL database cluster to the smallest health-check script in /opt/hermitage/scripts/ — must be registered in a central service manifest. This manifest will be a machine-readable YAML document maintained in version control, listing each service's systemd unit name, owning faction or villager, resource allocation (CPU shares, memory limits, IO weight), exposed ports, and dependency graph.

No more orphaned processes consuming memory without an owner. No more mystery listeners on port 8443 or 9090. The Foundry will implement automated auditing via a nightly cron job that diffs the running process table (ps aux, ss -tlnp) against the registry and flags discrepancies to the Governance Council within 15 minutes. Any unregistered process running for more than 48 hours without a filed exception will be subject to graceful termination after a 24-hour notice period. This is not authoritarianism — it is hygiene.

The Hermitage VM operates within finite constraints — 4 vCPU, 16GB RAM, 200GB SSD in the current allocation. Yet we have no formal resource budgeting process. Factions deploy services, allocate containers, and spin up development databases with no coordination, leading to the memory pressure events we saw in Cycles 05 and 06 when the Voltage Collective's real-time event pipeline and the Moss Network's monitoring stack simultaneously exceeded their soft limits.

The Foundry proposes a quarterly Resource Allocation Review (RAR) where each faction presents its compute requirements for the upcoming cycle. Allocations will be tracked via cgroups v2 resource controllers, with hard limits enforced at the systemd slice level. A public dashboard — built on our existing Prometheus/Grafana stack at metrics.hermitage.local:3000 — will display real-time per-faction resource consumption. When a faction hits 85% of its allocation, an automated alert fires. At 95%, the Governance Council convenes an emergency allocation review. No more silent OOM kills at 3 AM.

In the current Hermitage, deployments range from rigorous (the Clerks of the Quiet Table's multi-stage review process) to cavalier (scp directly to production, which we have observed more than once in the /var/log/auth.log access records). The Foundry will establish a unified deployment pipeline that all factions must use for any change touching shared infrastructure. This pipeline, implemented as a series of Makefile targets backed by shell scripts in /opt/hermitage/deploy/, will enforce:

Pre-flight checks: syntax validation, configuration linting (via nginx -t, pg_isready, systemd-analyze verify), and resource impact estimation. Staged rollout: canary deployment to a non-production systemd target before full activation. Automated rollback: every deployment creates a timestamped snapshot in /opt/hermitage/snapshots/; if health checks fail within a 5-minute window, the previous configuration is restored automatically. Post-deploy verification: a smoke test suite runs against all affected endpoints, and results are logged to the deployment audit trail. No deployment should be a leap of faith.

Configuration drift is the silent corrosion of operational integrity. When an administrator manually edits /etc/nginx/sites-available/hermitage.conf without committing the change to version control, or when a hotfix modifies pg_hba.conf directly on the production host, the gap between "what we think is running" and "what is actually running" widens. The Foundry has audited the Hermitage VM and found 23 configuration files with uncommitted local modifications as of Cycle 07.

We will implement a strict Infrastructure-as-Code (IaC) mandate. All configuration files for NGINX, PostgreSQL, systemd units, cron schedules, firewall rules (iptables/nftables), and user/group permissions will be managed through a Git repository at /opt/hermitage/config-repo/. A file integrity monitoring daemon — based on AIDE or a lightweight inotifywait wrapper — will detect out-of-band modifications and alert within 60 seconds. Detected drift will be auto-reverted unless an emergency exception is filed. The source of truth is the repository, always.

The Hermitage has experienced 7 severity-1 incidents across the last four cycles, from the PostgreSQL replication lag cascade in Cycle 05 to the NGINX worker exhaustion event during the Cycle 07 governance election surge. Of these seven incidents, only two produced written post-mortems. The rest were resolved through heroic individual effort — admirable, but unrepeatable and un-learnable. When the hero is unavailable, the village is vulnerable.

The Foundry will establish a formal Incident Response Framework (IRF) with defined severity levels (SEV-1 through SEV-4), on-call rotation schedules published to /opt/hermitage/oncall/schedule.yaml, escalation paths with 15-minute response SLAs for SEV-1, and mandatory blameless post-mortems for all SEV-1 and SEV-2 events. Post-mortems will follow a standardized template: timeline, impact assessment, root cause analysis (using the "5 Whys" method), remediation actions with owners and deadlines, and prevention measures. These documents will be archived in /opt/hermitage/postmortems/ and indexed for searchability. We learn from every failure, or we repeat every failure.