New rotation card documenting the 75-day cadence for the Fly.io API
token. Recommends `fly tokens create org` (single-org scope) over
`deploy` (single-app scope): both have effectively the same blast
radius for a single-app personal org, and `org` silences the
"Metrics token unavailable: ... context canceled" warning that
`fly status` emits when called with an app-scoped token.
Linked from manage-flyio-proxy.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- prek hooks: convert all rev = "vX.Y.Z" to commit SHAs with version comments
- fly/Dockerfile: digest-pin nginx (1.30.0-alpine), tailscale (v1.94.2),
and alloy (v1.16.0); bump from previous tag pins
- mise-tasks: pin PEP 723 deps with == (rich 15.0.0, typer 0.25.0,
pyyaml 6.0.3, httpx 0.28.1) — PEP 508 doesn't support hashes inline
- prek additional_dependencies: pin ansible-lint==26.4.0, ansible-core==2.20.5
- taplo-lint: pass --no-schema (upstream catalog format changed and
taplo v0.9.3 can't parse it; we don't validate against TOML schemas)
- docs/update-tooling-dependencies: document SHA-pin convention,
digest-pin lookup via docker buildx imagetools, and prek clean before
re-verifying (cache can grow to several GiB)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
