WAN-98: harden self-host backend runtime by haoxianhan · Pull Request #4316 · multica-ai/multica

haoxianhan · 2026-06-18T13:44:18Z

Summary

Run the self-host backend image as non-root while preserving /app/data/uploads writability.
Wire self-host startup and Compose health checks to readiness (/readyz) instead of liveness (/health).
Clarify migration orchestration, external Postgres configuration, uploads ownership, and release provenance docs.

bash scripts/selfhost-config.test.sh
bash -n scripts/selfhost-config.test.sh scripts/local-env.sh scripts/install.sh docker/entrypoint.sh
docker compose --env-file .env.example -f docker-compose.selfhost.yml -f docker-compose.selfhost.build.yml config
helm template multica deploy/helm/multica
env GOCACHE=/tmp/wan98-go-build GOMODCACHE=/tmp/wan98-go-mod go test ./internal/storage
docker build -t multica-backend:wan98-smoke ... -f Dockerfile .
docker run --rm --entrypoint /bin/sh multica-backend:wan98-smoke -c 'id -u; id -g; touch /app/data/uploads/.wan98-smoke; test -w /app/data/uploads; rm /app/data/uploads/.wan98-smoke'
git diff --check

WAN-98

vercel · 2026-06-18T13:44:25Z

@haoxianhan is attempting to deploy a commit to the IndexLabs Team on Vercel.

A member of the Team first needs to authorize it.

WAN-98: harden self-host backend runtime

2728891

haoxianhan added 2 commits June 18, 2026 23:13

WAN-98: address self-host SRE review blockers

16b3784

WAN-98: sync localized self-host docs

c8be9f4