# Cycle 2 Step 16 — Deploy Planning Sync (planning-only)

**Date**: 2026-05-12
**Cycle**: 2 (autodev Step 16)
**Outcome**: Planning sync completed; **prod cutover deferred** (see leftovers).
**Decision basis**: user skipped the structured choice; agent defaulted to option B
(planning-only) because option A required unverifiable cross-workspace state and
option C would have lost the planning information.

## What was synced

| Document | Cycle 2 delta captured |
|----------|------------------------|
| `_docs/02_document/deployment/environment_strategy.md` | Section 2: new row for `VITE_GOOGLE_GEOCODE_KEY` (AZ-501, mission-planner) mirroring the OWM-mission-planner row. Section 3: `mission-planner/.env.example` now lists three env vars (OWM pair + tile URL + new Google key). Section 5: mission-planner local-dev bullet updated with the new key + reminder that committed-then-removed literals must still be revoked at the upstream dashboards. |
| `_docs/02_document/deployment/ci_cd_pipeline.md` | Section 2 (Missing steps): `bun audit --severity high` row added with rationale (linked to F-INF-1 from the cycle 2 security audit) and explicit notes against re-introducing the AZ-502 advisories. New §2a "Dependency overrides (AZ-502, cycle 2)": documents the `vite >=6.4.2` and `postcss >=8.5.10` `overrides` block in both `package.json`s, why it exists, and the maintenance rule for removing it safely. |
| `_docs/02_document/deployment/containerization.md` | No changes — Vite 6.4.2 upgrade does not affect the Dockerfile or the runtime image. |
| `_docs/02_document/deployment/observability.md` | No changes — cycle 2 added no client-telemetry surface. |

## What was NOT done (deferred)

Three pieces of work could not complete this cycle. Each is recorded in
`_docs/_process_leftovers/2026-05-12_az-498-deploy-and-key-revocations.md` with a full
replay procedure:

| ID | Item | Reason | Owner |
|----|------|--------|-------|
| L-AZ-498-DEPLOY | UI tile-swap prod cutover | Cross-workspace gate: satellite-provider cookie-auth migration on `GET /tiles/{z}/{x}/{y}` must merge + deploy first. Deploying the UI side alone produces a broken map. | Cross-workspace + user |
| L-AZ-499-OWM-REVOKE | OWM key revocation at owm dashboard | Manual third-party-console action; cannot be automated from CI. AZ-499 AC-7 / AC-42 pending evidence attachment. | User |
| L-AZ-501-GOOGLE-REVOKE | Google Geocode key revocation at Google Cloud Console | Same reason as above. AZ-501 AC-6 / AC-43 pending evidence attachment. | User |

## Verification

- Read-after-write check: each modified deployment doc was re-read in this session;
  the new content is present and the surrounding sections are intact.
- No source-code changes — this is a documentation-only step.
- No pipeline / Docker / nginx changes — those are deferred to the Phase B follow-ups
  F-INF-1..F-INF-5 already tracked in `_docs/05_security/infrastructure_review.md`.

## Auto-chain

→ Step 17 (Retrospective) for cycle 2.