Skip to content

Singular Dream DevOps Tooling Manual (The Grimoire)

Philosophy: "Agents Act. Humans Supervise." This manual defines the standard operating procedures for the AI Agent to control our infrastructure.

1. Secrets Management (Google Secret Manager)

  • Role: The Source of Truth for all credentials.
  • Agent Protocol: Cloud Console / gcloud.
  • Execution:
  • Read: View in Google Cloud Console > Security > Secret Manager.
  • Write: Create/Update secrets in Console or via gcloud secrets create.
  • Why: Native integration with Cloud Run. Zero external dependencies.

2. Infrastructure (Google Cloud & Firebase)

  • Role: Backend, Database, Auth, Storage, Compute.
  • Agent Protocol: CLI First (gcloud, firebase).
  • Setup: gcloud auth login.
  • Execution:
  • Deploy Config: gcloud builds submit ... (or git push to trigger).
  • Emulators: npm run emulators:dev.

3. Hosting & DNS (Cloud Run & Namecheap)

  • Role: Application Hosting (Serverless Containers).
  • Agent Protocol: Git Ops (Primary) or gcloud run deploy.
  • DNS Automation:
  • Method: Manual mapping in Cloud Run > Integrations > Custom Domains.
  • Cloud Run Automation:
  • Protocol: Git Push to Branch.
  • Tool: Cloud Build Triggers (defined in .github/workflows).
  • Execution: 
    git push origin tst  # Deploys to Dev/Test
git push origin stg  # Deploys to Staging

4. Remote Execution & AI Orchestration (The Beast)

  • Role: Offloading heavy tasks and managing AI-driven background jobs.
  • Target: sysops-core (Universal Job Processor).
  • Compute: Google Cloud Run.
  • Build Engine: Google Cloud Build.
  • Authentication:
  • Agent uses GCP_SA_KEY (GitHub Secret) for CI/CD.
  • Local Agent uses gcloud auth application-default login.
  • Command: gcloud builds submit triggers the pipeline.

5. Source Control (GitHub)

  • Role: Version Control, CI/CD, Documentation Hosting.
  • Agent Protocol: API/CLI Hybrid.
  • Execution:
  • Secrets: gh secret set (CLI).
  • Workflows: .github/workflows/* (API).
  • Docs: tools/publish-docs.ts (Script).

5. Observability (GCP Monitoring & Error Reporting)

  • Role: Sovereign Health Monitoring, Exception Discovery.
  • Agent Protocol: Native Cloud Reporting.
  • Execution:
  • Logging: Emit structured JSON logs to stdout; Google Cloud Ops Agent handles ingestion automatically.
  • Errors: View https://console.cloud.google.com/errors for automated exception triage.
  • Best Practice: No custom SDK required. Leverage native Cloud Logging/Monitoring for zero-latency observability.

6. Package Management (PNPM & Turbo)

  • Role: Dependency Resolution, Build Orchestration.
  • Agent Protocol: CLI First.
  • Execution:
  • Install: pnpm add -w package (Wait for workspace check).
  • Build: turbo run build.
  • Lint: turbo run lint.

7. Environment Variable Management

  • Role: keeping configuration in sync across environments.
  • Protocol: Cloud Console (Config as Code).
  • Method:
  • Dev/Staging: Edit Variables in Cloud Run Console for auth-stg or platform-stg.
  • Environment Differentiation: maintained via distinct Service revisions.

8. Service Account Lifecycle (GCP)

  • Rotation: Keys should not be stored locally.
  • Protocol:
  • Generate JSON key in GCP Console.
  • Upload to Secret Manager as SYSOPS_SERVICE_ACCOUNT_JSON (or similar).
  • Mount the secret into the Cloud Run service.
  • Delete the local JSON file immediately.
  • Verification: gcloud auth activate-service-account ...

9. Redis & Cache Management (Upstash)

  • Role: Persistent state for SysOps orchestration and platform caching.
  • Client: "Indestructible Proxy" – Auto-self-heals from network jitter.
  • CLI Access: 
    # Test connection via ioredis-cli
npx ioredis-cli -u $UPSTASH_REDIS_URL ping
  • Key Inventory:
  • agent:job:latest_finished: Metadata for the last completed deployment.
  • context:bridge:[jobId]: Temporary state stash for cloud/local sync.

Agent Guidelines for New Tools

When introducing a new tool:

  1. Add Credentials to Secret Manager immediately.
  2. Mount the Secret in the auth or platform Cloud Run service.
  3. Document Here: Add the tool to this Grimoire with its Protocol.

Version History

Version Date Author Change
1.0.0 2026-02-13 Antigravity Major: Removed Vercel/Doppler. Native GCP Tooling.
0.4.0 2026-02-09 Antigravity Added Redis & Cache Management protocols
0.3.0 2026-02-09 Antigravity Added Secret Rotation and Env Sync protocols
0.2.0 2026-02-09 Antigravity Updated Remote Execution loop for Unified Beast (Cloud Run)
0.1.0 2026-01-26 Antigravity Initial Audit & Metadata Injection