The deploy/fleet-overlay templates had drifted from what actually runs in
anton-helm-workloads (verified live + against the emdash-kotkanagrilli
reference). Canonical design co-locates everything in the `kotkan` namespace:
- source.yaml: GitRepository flux-system -> kotkan, so the HelmRelease
chart sourceRef resolves same-namespace (no cross-namespace ref).
- secrets.yaml: deploy-key Secret -> kotkan, defined once in the staging
overlay; dropped the duplicate definition from the production overlay
(production references the shared key by name).
- image-automation.yaml: IUA write-back sourceRef
anton-workloads-image-automation/flux-system -> anton-helm-workloads/kotkan
(the existing read source already has push access).
- README.md / DEPLOYMENT.md: namespace + ownership docs corrected.
Multi-agent arch/UX review pass. Architecture: real HTTP 404 on not-found,
breadcrumb links by slug not lowercased title, CMS pages surface their
plugins, shared status taxonomy (src/lib/statuses.ts) consumed by all three
frontend consumers, data-driven status filter, typed emdash collections
(src/emdash-collections.d.ts), removed unused @astrojs/react + react deps and
dead pnpm block, tsconfig extends Astro strict preset, dev deps pruned from
the runtime image. UI/UX: fixed StatusBadge WCAG-AA contrast, labelled the
search/filter controls, canonical URL + BreadcrumbList JSON-LD + og:type,
human status labels, filtered result count + recoverable empty state,
auto-submit filters, mobile overflow fixes, skip-to-content, :focus-visible.
Commit the npm lockfile so the Dockerfile's `npm ci` path engages.
astro check: 0 errors / 0 warnings / 0 hints.
Fresh clones errored out on `ddev start` because the compose file's
env_file: pointed at app/.env (gitignored). No env vars are actually
required by the code — STATE_DIR is the only one and has a default.
- Switch env_file to the path:+required:false form (Docker Compose
2.24+; bundled with DDEV) so missing app/.env is non-fatal.
- Commit app/.env.example as documentation for contributors who do
need overrides.
Oleks