# BACKLOG — Phase 2pc (sane image-prune policy)

SSOT: `/srv/cc-ci/cc-ci-plan/plan-phase2pc-image-cache.md`.
Scope (post operator correction 2026-05-29): **PC1 prune policy + confirm local-store
retention/auth ONLY.** The registry:2 pull-through cache is **dropped** (deferred to IDEAS /
Phase 2b — revisit only if multi-node OR a measured cold-deploy bottleneck on recreate-surviving
storage).

## Build backlog

- [ ] **PC1 — Conservative prune policy.** Remove `virtualisation.docker.autoPrune` (`--all` evicts
      in-use base images → forced cold re-pull → rate-limit). Replace with a surgical, gated prune:
      dangling + `until=24h` only, NEVER `--all`/`--volumes`; gated on (a) genuine disk pressure
      (`/` ≥ 80%), (b) no run-app stack live, (c) no swarm service converging (mid-pull). Teardown
      already removes only services/volumes/secrets/.env — NOT images (verified) — keep it that way.
- [ ] **PC2 — Confirm local cache retained + authenticated.** Daemon stays PAT-authenticated
      (`docker info` Username=nptest2, sops `dockerhub_auth` → `/root/.docker/config.json`); local
      image store `/var/lib/docker` persists across runs/teardowns/reboots. No code change expected —
      confirm + document.
- [ ] **PC3 — Verify + document.** Deploy → teardown → redeploy reuses local layers (no
      re-download); disk bounded without `-af`. Update `docs/runbook.md` + `docs/` prune note;
      record the policy + the dropped-registry-cache deviation in `DECISIONS.md`.

## Adversary findings

(Adversary owns this section.)