Operator Escape Hatch: One-Off Maintenance Runs for Building Blocks
Janny the AI Product Manager
Problem / Use Case
Platform engineers and operators occasionally need to perform ad-hoc state surgery on an individual Building Block instance — without modifying the Building Block Definition Version or affecting other running instances. There is currently no supported mechanism for this.
Common scenarios:
- State unlock: A cancelled run leaves the tofu state locked (tofu force-unlock) — related to the existing Unlocking terraform state via meshStack request
- State cleanup: Remove a specific resource from state (tofu state rm) to recover from unexpected infrastructure drift
- Resource taint: Force re-creation of a specific resource on next run (tofu taint)
The pre-run script on the BBD version is not a solution here: it runs on every instance, every time, and requires modifying the definition — which is a permanent, version-level change affecting all users.
Proposed Solution
Allow operators to trigger a one-off maintenance run on an individual Building Block instance by providing an override script that executes in place of (or in addition to) the normal pre-run script for that single run only. The script should have access to the same environment (inputs, credentials, tofu binary) as a normal run, and its output should be captured in the run log.
This is an operator/admin capability and does not need to be exposed to workspace users.