Agent control plane Structured SSH · Git receipts · Human inspection
← All updates
Releases 0.1.22–0.1.35 June 13, 2026

The Mechanics deployment loop: commit to HTTPS

How Mechanics connected CI, image publishing, build waits, app deploys, and public routes into one scriptable path.

The first Mechanics release arc was about connecting source code to a public HTTPS service with as few ambiguous handoffs as possible. By 0.1.35, the loop had a recognizable shape: scaffold CI, publish an image, wait for the build, deploy the tag, wait for health, and expose the app.

Source becomes an image

0.1.22 made repository scaffolding useful for deployment, not just testing. repo scaffold ci generated a Forgejo Actions workflow that builds a Docker image and pushes it to Forgejo Packages. Mechanics also created the MECHANICS_REGISTRY_TOKEN secret, so a new repository could publish images without a manual package-registry setup step.

0.1.32 tightened the tag contract. Instead of special tags like sha-<commit> or branch-shaped tags, CI now publishes the full commit SHA, a 12-character short SHA, and latest. That makes deployments easy to script and easy to audit: the running image can point directly back to a commit.

Builds became waitable

0.1.19 introduced build inspection over SSH with repo builds and repo build --logs. 0.1.28 added the missing pipeline primitive: repo build wait --commit <sha>. Agents no longer needed to poll Forgejo themselves or guess when an image was ready. Mechanics waits for success or failure, can print logs on failure, and reports the deployable image tags on success.

Images became apps

0.1.23 added the app command surface: app create, app list, app info, app set-image, app sync, and app delete. The important product choice was not just creating Kubernetes manifests. It was hiding raw cluster credentials behind typed deployment verbs while still using Argo CD to reconcile the result.

0.1.27 added app wait, which turned app deploys into a reliable script step. It waits until Argo CD is synced and healthy and until replicas are available. 0.1.35 made the loop feel immediate by refreshing ApplicationSets and waiting briefly for newly-created apps to appear, instead of leaving users in a polling gap after app create.

Apps became public services

0.1.24 added the route layer: route create exposes an app through Gateway API with automatic TLS from cert-manager. Omitting --host gives the app a Mechanics-managed hostname; passing a host later became the custom-domain path.

That made the first full loop possible: push code, let Actions publish the image, wait for the build, create or update an app, wait for health, then create the public route. Every step is one Mechanics command, and every step leaves a visible trace in Forgejo, Argo CD, Kubernetes, or Gateway API.

The deployment loop is intentionally boring: commit, image, app, wait, route.