# FlowerCore.WorldBuilder

ArgoCD-managed manifest for FlowerCore.WorldBuilder.Web — comic / storyboard
authoring service that drives ComfyUI for panel image generation and
QuestPDF for letter / A4 export.

Source: `D:\git\FlowerCore\FlowerCore.WorldBuilder` (master)

## Deployment order

1. **DNS preflight** — `worldbuilder.iamworkin.lan -> 10.0.56.200` MUST exist
   in pfSense Unbound before this manifest is applied, or cert-manager
   HTTP-01 silently exponential-backs-off ~2h.
   Memory: `feedback_pfsense_dns_required_for_acme`.
2. **Image import to ALL RKE2 nodes** — pod can schedule to any of
   `rke2-server` (10.0.56.11), `rke2-agent1` (10.0.56.12),
   `rke2-agent2` (10.0.56.13). Build with:
   ```bash
   bash deploy/build.sh   # in FlowerCore.WorldBuilder repo
   podman save localhost/fc-worldbuilder:v<TAG> -o /tmp/fc-worldbuilder-v<TAG>.tar
   for h in 10.0.56.11 10.0.56.12 10.0.56.13; do
     scp /tmp/fc-worldbuilder-v<TAG>.tar fcadmin@$h:/tmp/
     ssh fcadmin@$h \
       "sudo /var/lib/rancher/rke2/bin/ctr -a /run/k3s/containerd/containerd.sock \
         -n k8s.io images import /tmp/fc-worldbuilder-v<TAG>.tar"
   done
   ```
   Memory: `feedback_rke2_image_import_per_node_scp`.
3. **Bump image tag** in `worldbuilder.yaml` and git push.
   ArgoCD ApplicationSet picks up within ~3 minutes.
4. **First production render** — open
   `https://worldbuilder.iamworkin.lan/studio/c32e0000-0000-4000-8000-000000000004`
   and confirm the Cyberpunk Blue Jay demo prompt loads with five seeded fake
   generated images. This Sprint 32 visitor-safe profile uses
   `ClientMode=fake`; switch the image-generation env vars back to ComfyUI only
   for an operator-owned GPU render lane.

## Health probes

- `startupProbe` + `readinessProbe`: `httpGet /healthz` (registered explicitly
  in Program.cs — anonymous, no DB or OpenAPI dependency).
- `livenessProbe`: `tcpSocket` as a cheap fallback.
  Memory: `feedback_k8s_probes_must_not_hit_openapi`,
  `feedback_k8s_probes_behind_auth_middleware`.

## Storage

- Longhorn RWO PVC `worldbuilder-data` (5Gi) mounted at `/data`. SQLite DB
  lives at `/data/worldbuilder.db`, generated images under `/data/gallery/`,
  PDF/PNG exports under `/data/exports/`.
- DataProtection keys persist to the same SQLite via
  `AddFlowerCoreDataProtection<WorldBuilderDbContext>` — explicit migration
  `20260429133417_Initial` already creates `fc_dp_keys`.
  Memory: `feedback_dataprotection_keys_persist_to_app_dbcontext`,
  `feedback_intranet_dataprotection_table_must_have_explicit_migration`.

## Image generation backend

Sprint 32 pins the Kubernetes profile to
`FlowerCore:WorldBuilder:ImageGeneration:ClientMode=fake` with
`BaseUrl=http://127.0.0.1:1`. That keeps the public/internal visitor demo
deterministic, avoids GPU exposure, and still exercises the studio/gallery
surface with persisted generated-image metadata.

The previous ComfyUI backend target was `http://10.0.56.20:8188` on
BLUEJAY-WS (R9700 / gfx1201 / ROCm 7.2.1). Re-enable it only in an
operator-owned follow-up that also verifies workstation reachability and image
import freshness.