13. Runtime Operations Manual
Audience: runtime operators. This manual describes production-intent procedures. If a command is marked partial in 11-production-readiness.md, operators must treat it as requiring additional release-owner approval before production use.
Command Form
The runtime binary accepts:
cargo run -p everarcade-runtime -- <command> <runtime-root> <world-id> <package-path>
Examples below use:
export EVERARCADE_ROOT=runtime/operator-node
export EVERARCADE_WORLD=world-001
export EVERARCADE_PACKAGE=runtime/games/2d-arena
Install Runtime
- Obtain release artifacts and manifest from the approved release bundle.
- Verify checksums against
release/SHA256SUMSor the release manifest. - Install the runtime binary, package, configuration, and service files on the target host.
- Create runtime storage directories with operator-only write access.
- Record runtime version, package hash, host identity, and deployment manifest.
Configure Runtime
Required configuration values:
- runtime root;
- world identifier;
- package path;
- runtime version;
- checkpoint directory;
- journal directory;
- backup directory;
- peer configuration when federation is enabled;
- observability endpoints when available.
Configuration changes that affect authority require a checkpoint and release-owner approval.
Start Runtime
cargo run -p everarcade-runtime -- start "$EVERARCADE_ROOT" "$EVERARCADE_WORLD" "$EVERARCADE_PACKAGE"
After start, run status and verify.
Stop Runtime
cargo run -p everarcade-runtime -- stop "$EVERARCADE_ROOT" "$EVERARCADE_WORLD" "$EVERARCADE_PACKAGE"
Confirm no input admission is active before maintenance.
Restart Runtime
cargo run -p everarcade-runtime -- restart "$EVERARCADE_ROOT" "$EVERARCADE_WORLD" "$EVERARCADE_PACKAGE"
Run replay verification after restart.
Create Backup
cargo run -p everarcade-runtime -- backup "$EVERARCADE_ROOT" "$EVERARCADE_WORLD" "$EVERARCADE_PACKAGE"
Store the backup manifest, checkpoint hash, runtime version, package hash, and host identity outside the runtime root.
Restore Backup
Restore is partial and requires release-owner approval before production use.
Procedure:
- stop runtime;
- copy runtime root to quarantine storage;
- verify backup manifest and checkpoint hash;
- restore checkpoint material into the runtime root;
- replay journal entries after the checkpoint;
- run
verify,replay-verify, anddoctor; - resume only after roots match expected values.
Verify Replay
cargo run -p everarcade-runtime -- replay-verify "$EVERARCADE_ROOT" "$EVERARCADE_WORLD" "$EVERARCADE_PACKAGE"
For reporting:
cargo run -p everarcade-runtime -- replay-report "$EVERARCADE_ROOT" "$EVERARCADE_WORLD" "$EVERARCADE_PACKAGE"
For root comparison:
cargo run -p everarcade-runtime -- replay-root "$EVERARCADE_ROOT" "$EVERARCADE_WORLD" "$EVERARCADE_PACKAGE"
Recover Runtime
cargo run -p everarcade-runtime -- recover "$EVERARCADE_ROOT" "$EVERARCADE_WORLD" "$EVERARCADE_PACKAGE"
Recovery must select verified checkpoints or replay material. If recovery reports missing or corrupted artifacts, quarantine the runtime root and escalate.
Upgrade Runtime
- announce maintenance;
- stop input admission;
- create checkpoint;
- create backup;
- verify old runtime replay;
- verify new artifact checksums;
- install new runtime;
- start runtime;
- run
verify,replay-verify,replay-report, anddoctor; - retain rollback artifacts until the release owner accepts post-upgrade validation.
Roll Back Runtime
- stop runtime;
- preserve current failed root for incident analysis;
- restore pre-upgrade runtime binary and package;
- restore pre-upgrade checkpoint if required;
- replay to the last accepted pre-upgrade root;
- run verification commands;
- document incident and approval.
Recover Federation Node
Federation recovery is partial. For any production-like federation incident:
- remove the node from input authority if possible;
- preserve peer manifests, receipt ranges, checkpoints, and logs;
- compare local roots against trusted peers;
- import only verified missing receipts or checkpoints;
- run replay comparison;
- rejoin only after peer policy accepts the node.
Evernode Deployment
- verify Evernode release certification status;
- install provider-specific templates and manifests;
- verify runtime artifact hashes;
- configure storage, networking, identity, and backups;
- start runtime;
- run runtime validation commands;
- archive deployment evidence.
Commercial Evernode hosting remains partial until the release certification document marks all provider gates complete.
Troubleshooting
| Symptom | Immediate Action | Escalation |
|---|---|---|
status fails | Verify runtime root and status file permissions. | Restore from checkpoint if status is corrupt. |
verify fails | Stop runtime and preserve journal. | Run recovery; compare checkpoint hash. |
replay-verify fails | Treat as divergence. | Quarantine artifacts and run root comparison. |
| Backup fails | Confirm checkpoint exists. | Create checkpoint and retry; inspect storage. |
| Recovery fails | Do not resume authority. | Escalate to release owner with preserved artifacts. |
| Peer root mismatch | Remove peer from authority. | Run federation recovery and replay compare. |
| Upgrade fails | Roll back using pre-upgrade checkpoint and artifacts. | File incident report and block release. |
| Evernode deploy fails | Do not activate runtime. | Verify manifests, hashes, storage, and provider logs. |