autonomic-bot
5d90cbd576
Before scaling to many recipes: (1) deterministic style/hygiene via linters/formatters (alejandra/statix/deadnix, ruff, shellcheck/shfmt) wired as a .drone.yml stage so commits stay clean; (2) a white-box review checklist with teeth (real tests not health-only/skipped, DRY harness, Nix-declared idempotent bring-up, no footguns/secrets-in-code, architecture matches plan) — blocking fixed, advisory triaged. Bounded pass; never weaken a test for a nit. Phase 2 now follows 1b. Linked in README. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
40 lines
2.9 KiB
Markdown
40 lines
2.9 KiB
Markdown
# cc-ci-plan
|
||
|
||
Self-contained handoff package for building the **cc-ci** Co-op Cloud recipe CI server with two
|
||
autonomous Claude loops (a Builder and an adversarial Reviewer) running over days.
|
||
|
||
## Start here
|
||
|
||
1. Read **`plan.md`** — the full plan and single source of truth (mission, Definition of Done,
|
||
architecture, milestones, the two-agent coordination protocol, loop discipline).
|
||
2. Read **`kickoff.md`** — how to launch and supervise the loops.
|
||
3. Run **`./launch.sh start`** to bring up both loops + the watchdog.
|
||
|
||
## Files
|
||
|
||
| File | Purpose |
|
||
|---|---|
|
||
| `plan.md` | The Phase-1 plan (build the CI server). Agents treat it as their single source of truth. |
|
||
| `plan-phase1b-review-lint.md` | **Phase 1b** (bounded pass at the end of Phase 1): deterministic linting/formatting in CI + a white-box review checklist (real tests, DRY harness, idempotent Nix, no footguns/secrets). |
|
||
| `plan-phase2-recipe-tests.md` | **Phase 2** (after Phase 1b): author comprehensive per-recipe tests — port every recipe-maintainer test + ≥2 recipe-specific tests per app. |
|
||
| `plan-phase2b-test-performance.md` | **Phase 2b** (after Phase 2, before Phase 3): empirically measure where test time goes and reduce it (image cache, readiness tuning, dedup deploys, warm infra, concurrency) — no weakened tests. |
|
||
| `plan-phase3-results-ux.md` | **Phase 3** (after Phase 2b): beautiful YunoHost-style results — per-run **level**, image-forward PR comment (badge + summary card + app screenshot), polished dashboard. |
|
||
| `IDEAS.md` | Deferred/future ideas, parked out of current scope. |
|
||
| `brief.md` | The original one-page brief (context only; `plan.md` supersedes it). |
|
||
| `kickoff.md` | Launch & supervision guide. |
|
||
| `launch.sh` | Starts both loops + a watchdog; restarts dead loops; stops on `## DONE`. |
|
||
| `prompts/builder.md` | Builder loop prompt (fed to `claude` by the script). |
|
||
| `prompts/adversary.md` | Adversary loop prompt. |
|
||
|
||
## Before launching
|
||
|
||
- Set the org in `plan.md` (`git.autonomic.zone/recipe-maintainers/cc-ci`) and lock the six proof recipes (§8).
|
||
- Ensure the launching shell has: SSH+sudo to `cc-ci`, the Gitea token, `git.autonomic.zone` access.
|
||
- Preconfigure test-app DNS + TLS (plan §4.0): point a wildcard `*.ci.commoninternet.net` record at a gateway that TLS-passthroughs to cc-ci, and **pre-issue the wildcard cert** (`*.ci.commoninternet.net` + `ci.commoninternet.net`, via Gandi DNS-01) into `/var/lib/ci-certs/live/` on cc-ci. The agent handles everything else on cc-ci (Traefik file provider → that cert, swarm, routing) and does **no ACME**; renewal (~90 days) is an out-of-band operator task, so the DNS token never goes to the agent.
|
||
- `export CC_CI_REPO=https://git.autonomic.zone/recipe-maintainers/cc-ci.git` so the watchdog can detect `## DONE`.
|
||
|
||
## What "done" means
|
||
|
||
The loops stop only when all of `plan.md` §2 (D1–D10) hold **and** the Adversary has independently
|
||
re-verified each within 24h. The watchdog then tears the loops down automatically.
|