Plan and Apply

NDploy splits rollout into two explicit phases. This is not just a UX choice: it is the mechanism that enables review, reproducibility, and safer execution in environments with mutable state.

Plan Phase: What It Produces

ndeploy plan <project> creates plan artifacts inside the project.

• plan.json: full plan with metadata and ordered actions.
• reports/plan_summary.json: compact summary for fast operator review.
• Metadata: source/target instances, root workflow id, generation timestamp.
• Action list for credentials, data tables, and workflows.
• Dependencies for topological ordering.
• Workflow payload snapshots and DEV freshness checksums.

Credentials are handled separately via ndeploy credentials fetch <project>, ndeploy credentials compare <project>, and ndeploy credentials merge-missing <project>, which prepares credentials_manifest.json. Use ndeploy credentials validate <project> --side manifest --strict before apply.

Action Semantics

Apply Phase: Runtime Source of Truth

ndeploy apply <project> validates and executes. Runtime state may differ from plan-generation state, so apply re-checks what must be true before writing.

1. Validate plan schema.
2. Validate root action existence.
3. Validate DEV freshness for workflow payloads.
4. Load reviewed credential manifest values from credentials_manifest.json.
5. Execute actions in dependency-safe order.
6. Patch references with resolved ID mappings before workflow writes.
7. Write reports/deploy_result.json and reports/deploy_summary.json in the project.

If execution fails mid-run, NDploy still writes partial deploy result files to support incident analysis.

Update Skip Logic

For workflow updates, NDploy compares normalized desired vs normalized current PROD payload. If equivalent, update is skipped (unless --force-update is set).