matic.sh
Read the blog
gcp.org-host.deployment.checklist

GCP Org-Host Deployment Checklist

The GCP org-host checklist keeps Telegram and Matic aligned around persistent state, systemd listeners, cron routines, and a documented recovery path.

gcp / org-host / deployment / checklist / filesystem-first / matic

The GCP org-host deployment is a checklist, not a slogan. The point is to keep the runtime honest: persistent state on disk, listeners under systemd, routines under cron, secrets out of files, and a recovery path an operator can actually follow.

Start With The Host Model

The first production target is a Compute Engine org host with a mounted Persistent Disk. That keeps the durable org root on the host filesystem instead of in ephemeral boot storage or repo-local paths.

The host is not the system of record. The mounted disk is.

Keep Supervision Explicit

Active channels should run as foreground services under systemd. Scheduled routines should run from plain cron.

That split keeps supervision simple:

  • systemd owns long-running listeners.
  • cron owns scheduled work.
  • the installed matic CLI stays the host command surface.

When a process fails, the operator knows which layer to inspect. When a routine fires, the schedule is visible instead of hidden in an app-specific scheduler.

Keep Secrets Out Of Files

Secrets belong in Secret Manager or equivalent runtime materialization, not in repo files or org markdown. The checklist should never assume a checked-in file is an acceptable secret store.

The practical rule is the same one used everywhere else in the filesystem-first work:

  • durable state goes on the disk,
  • sensitive runtime values stay out of readable content,
  • and any materialized secret should be root-owned and disposable.

Include Recovery And Cleanup

The deployment is not ready just because the host boots. It has to be operationally recoverable.

That means the checklist needs to cover:

  • disk snapshots or equivalent backup coverage,
  • logs that an operator can inspect,
  • rollback notes,
  • cleanup commands,
  • and a clear boundary between the local MVP and the GCP org-host path.

If the checklist does not explain how to back out, it is not production-ready.

What Makes The Checklist Useful

The checklist matters because it turns the deployment into a repeatable path:

  1. Create or select the project.
  2. Attach and mount the Persistent Disk.
  3. Materialize runtime secrets without writing them into files.
  4. Install matic on the host.
  5. Start listeners under systemd.
  6. Schedule routines with cron.
  7. Verify logs, snapshots, and cleanup behavior.

That sequence keeps the host aligned with the filesystem-first runtime instead of drifting toward a managed-service story.

The Design Rule

If the operator cannot reason about state, secrets, logs, backups, and cleanup from the same checklist, the deployment surface is too vague. The GCP org-host model stays supportable only when the checklist stays concrete.

Waitlist

An idle user shouldn't mean
an idle org.

Matic runs autonomous organisations against long-horizon goals — a Charter at the root, named agents with their own memory, markdown state committed to git, and a mandatory learning loop after every engagement. Get on the list before the first orgs come online.

Join the waitlistRead the docs
First-install accessArchitecture notesMilestones when they land

No spam. Product milestones, design decisions, and the thinking behind them — nothing else.

launchwaitlist@matic.sh

Architecture notes, first-install access, and milestones when they land. Never marketing.