From 9d13bb0b58d90bf8d7cf32e90473e7bdf6b62cd7 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Wed, 27 May 2026 15:51:07 +0100 Subject: [PATCH] Reorder: Phase 1c before 1b (refactor first, then review/lint + full re-verify) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 1c (full git reproducibility: cc-ci-secrets split, cert-in-sops, genuine D8 live rebuild) now runs before 1b. This way 1b's review/lint and its final cold re-verification of all D1-D10 cover the final refactored state (incl. the secrets split) and the genuine post-1c D8 — rather than reviewing pre-refactor code and re-verifying a flawed D8. Updated status lines in 1b/1c and the README ordering. Sequence: 1 -> 1c -> 1b -> 2 -> 2b -> 3. Co-Authored-By: Claude Opus 4.7 (1M context) --- cc-ci-plan/README.md | 4 ++-- cc-ci-plan/plan-phase1b-review-lint.md | 10 ++++++---- cc-ci-plan/plan-phase1c-full-reproducibility.md | 5 +++-- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/cc-ci-plan/README.md b/cc-ci-plan/README.md index 553d29d..527357d 100644 --- a/cc-ci-plan/README.md +++ b/cc-ci-plan/README.md @@ -15,8 +15,8 @@ autonomous Claude loops (a Builder and an adversarial Reviewer) running over day | File | Purpose | |---|---| | `plan.md` | The Phase-1 plan (build the CI server). Agents treat it as their single source of truth. | -| `plan-phase1b-review-lint.md` | **Phase 1b** (bounded pass at the end of Phase 1): deterministic linting/formatting in CI + a white-box review checklist (real tests, DRY harness, idempotent Nix, no footguns/secrets). | -| `plan-phase1c-full-reproducibility.md` | **Phase 1c**: make the VM fully reproducible from git (all secrets incl. the wildcard cert in sops, in a separate private `cc-ci-secrets` repo as a flake input; base stays well-parameterized) and do the **genuine throwaway-VM live rebuild** to close D8 honestly (the "infeasible by design" was overstated). | +| `plan-phase1c-full-reproducibility.md` | **Phase 1c** (runs first): make the VM fully reproducible from git (all secrets incl. the wildcard cert in sops, in a separate private `cc-ci-secrets` repo as a flake input; base stays well-parameterized) and do the **genuine throwaway-VM live rebuild** to close D8 honestly (the "infeasible by design" was overstated). | +| `plan-phase1b-review-lint.md` | **Phase 1b** (after 1c): deterministic linting/formatting in CI + a white-box review checklist (real tests, DRY harness, idempotent Nix, no footguns/secrets), ending in a full cold re-verification of all D1–D10 — now covering 1c's refactor. | | `plan-phase2-recipe-tests.md` | **Phase 2** (after Phase 1b): author comprehensive per-recipe tests — port every recipe-maintainer test + ≥2 recipe-specific tests per app. | | `plan-phase2b-test-performance.md` | **Phase 2b** (after Phase 2, before Phase 3): empirically measure where test time goes and reduce it (image cache, readiness tuning, dedup deploys, warm infra, concurrency) — no weakened tests. | | `plan-phase3-results-ux.md` | **Phase 3** (after Phase 2b): beautiful YunoHost-style results — per-run **level**, image-forward PR comment (badge + summary card + app screenshot), polished dashboard. | diff --git a/cc-ci-plan/plan-phase1b-review-lint.md b/cc-ci-plan/plan-phase1b-review-lint.md index 7838d5f..c582fba 100644 --- a/cc-ci-plan/plan-phase1b-review-lint.md +++ b/cc-ci-plan/plan-phase1b-review-lint.md @@ -1,10 +1,12 @@ # cc-ci Phase 1b — Review & lint pass (Autonomous Build Plan) -**Status:** QUEUED — a **bounded** pass that runs after Phase 1 (`plan.md`) reaches `## DONE`, and -**before** Phase 2 (`plan-phase2-recipe-tests.md`). +**Status:** QUEUED — a **bounded** pass that runs after Phase 1 **and Phase 1c** +(`plan-phase1c-full-reproducibility.md`), and **before** Phase 2 (`plan-phase2-recipe-tests.md`). It +runs *after* 1c on purpose: the review/lint + full D1–D10 re-verification then covers the final, +refactored state (the `cc-ci-secrets` split, cert-in-sops, the genuine D8 live rebuild). **Transition:** **manual** (operator kicks it off). -**Builds on:** the complete Phase-1 codebase (flake/modules, `runner/` + harness, the comment-bridge, -dashboard, scripts, the first recipes' tests, docs). +**Builds on:** the complete post-1c codebase (flake/modules, `runner/` + harness, the comment-bridge, +dashboard, scripts, the first recipes' tests, the `cc-ci-secrets` split, docs). **Owner agents:** same Builder + Adversary loops (`plan.md` §6/§7). Here the Adversary also acts as **white-box reviewer** (reads the code, not just black-box behavior). **This file's path:** `/srv/cc-ci/cc-ci-plan/plan-phase1b-review-lint.md` diff --git a/cc-ci-plan/plan-phase1c-full-reproducibility.md b/cc-ci-plan/plan-phase1c-full-reproducibility.md index bca8e69..635cd9f 100644 --- a/cc-ci-plan/plan-phase1c-full-reproducibility.md +++ b/cc-ci-plan/plan-phase1c-full-reproducibility.md @@ -1,7 +1,8 @@ # cc-ci Phase 1c — Full git reproducibility + genuine D8 live rebuild (Autonomous Build Plan) -**Status:** QUEUED — runs after Phase 1 (`plan.md`); pairs with Phase 1b (review/lint). **Manual** -transition. **Driven by the Builder + Adversary loops** (same protocol as `plan.md` §6/§6.1/§7) — +**Status:** QUEUED — runs after Phase 1 (`plan.md`) and **before Phase 1b** (review/lint), so the +review/lint pass covers this refactor and its final cold re-verification proves the genuine +(post-1c) D8. **Manual** transition. **Driven by the Builder + Adversary loops** (same protocol as `plan.md` §6/§6.1/§7) — the orchestrator does NOT do this; the loops do, and the Adversary independently re-proves it cold. **This file's path:** `/srv/cc-ci/cc-ci-plan/plan-phase1c-full-reproducibility.md`