cc-ci-orchestrator/cc-ci-plan/plan-mirror-enroll-all-recipes.md

# Plan — mirror + enroll ALL recipes (then resume per-recipe debugging)

**Status:** ACTIVE — loops implementing (phase `mirror`). Live-host deploy is autonomous (gate removed 2026-06-02).
**Owner:** Builder + Adversary loops.
**Created:** 2026-06-02. **Author:** Claude Sonnet 4.6 orchestrator session.

## Goal & rationale

Get **every** recipe mirrored in `recipe-maintainers/<recipe>` AND enrolled in the `!testme` bridge,
so all of them are CI-triggerable, **before** resuming debugging of individual recipes (matrix-synapse
re-run failure, ghost backup PR, etc.). Operator directive: "make sure all recipes are mirrored and
enrolled before we continue debugging particular recipes."

Target end-state: **19 recipes** — the 18 with `tests/` coverage today, **plus hedgedoc** (operator
chose "add a test suite" for it) — each mirrored, enrolled in `POLL_REPOS`, and test-covered.

## Current state (surveyed 2026-06-02)

Canonical set = recipes with a `tests/<recipe>/` dir = **18**:
`bluesky-pds, cryptpad, custom-html, custom-html-tiny, discourse, ghost, immich, keycloak,
lasuite-docs, lasuite-drive, lasuite-meet, mailu, matrix-synapse, mattermost-lts, mumble, n8n,
plausible, uptime-kuma`. (+ hedgedoc, enrolled but no tests — see Phase 2.)

| Dimension | State |
|---|---|
| **Enrolled** in bridge `POLL_REPOS` (9) | custom-html, custom-html-tiny, keycloak, cryptpad, matrix-synapse, lasuite-docs, lasuite-meet, n8n, uptime-kuma (+ hedgedoc, + cc-ci) |
| **NOT enrolled** (9) | bluesky-pds, discourse, ghost, immich, lasuite-drive, mailu, mattermost-lts, mumble, plausible |
| **Mirror missing** (3) | lasuite-drive, mailu, mumble (all real recipes — verified) |
| **Enrolled but untested** | hedgedoc (mirror+enrollment exist, no `tests/hedgedoc/`) |

Where things live:
- Bridge enrollment: `recipe-maintainers/cc-ci` → `nix/modules/bridge.nix`, the `POLL_REPOS=` CSV (~line 43).
- Tests: `recipe-maintainers/cc-ci` → `tests/<recipe>/` (template: `recipe_meta.py`, `functional/test_*.py`, `PARITY.md`).
- Mirror create + main-sync logic: `recipe-upgrade/open-recipe-pr.sh` (create at lines 53-70, force-sync at 75-77).
- Live deploy target: `nixos-rebuild switch --flake .#cc-ci` on the cc-ci host (now safe — `be4f451` mapped `#cc-ci` → the Hetzner host config).

## Phases

### Phase 0 — pre-flight (no writes)
- Confirm each of `lasuite-drive, mailu, mumble` resolves via `abra recipe fetch <recipe>` on the cc-ci
  host (upstream exists). All three have `tests/` so they were exercised in phase 2; expected to pass.
- Snapshot current `POLL_REPOS` and the live bridge unit state for rollback reference.

### Phase 1 — create the 3 missing mirrors
For each of `lasuite-drive, mailu, mumble`: create `recipe-maintainers/<recipe>` (Gitea API) and
force-sync its `main` to true upstream `main`. Reuse the create+sync path in `open-recipe-pr.sh`
(run on the cc-ci host with bot creds), or `--reconcile-only` after the repo exists. **No PRs opened.**

### Phase 2 — author the hedgedoc test suite
hedgedoc is enrolled+mirrored but has no `tests/hedgedoc/`. Author one mirroring a simple recipe
(template = `tests/uptime-kuma/`): `recipe_meta.py`, `functional/test_*.py` (health-check + a
content/branding probe at minimum), `PARITY.md`. Open a cc-ci PR for the new suite; verify it green
via `!testme` before relying on it. (This is the larger sub-task; can be delegated to a Builder session.)

### Phase 3 — enroll the 9 unenrolled recipes
Edit `nix/modules/bridge.nix` `POLL_REPOS` to add: `bluesky-pds, discourse, ghost, immich,
lasuite-drive, mailu, mattermost-lts, mumble, plausible`. Confirm each has a `tests/<recipe>/` (all 9
do). Commit to the cc-ci product repo. Final `POLL_REPOS` = cc-ci + all 19 recipes.

### Phase 4 — deploy to the live cc-ci host
`cd /root/cc-ci && nixos-rebuild switch --flake .#cc-ci` on the cc-ci host to restart the bridge with
the new poll set. **The loops deploy this themselves** — it's their normal operation, and `#cc-ci` →
the correct Hetzner host config since `be4f451`, so the prior wrong-target footgun (the emergency-mode
incident) is gone. Procedure: sync `/root/cc-ci` to the committed head first, rebuild, then verify the
rebuild succeeded (`ssh cc-ci` reachable, bridge active, poll set = all 19 recipes). **Roll back**
(`nixos-rebuild switch --rollback`) and record a finding if anything regresses. Note: `/root/cc-ci` is
operator-synced — if for some reason the host repo can't be synced to head, claim + flag it rather than
deploy a stale tree.

### Phase 5 — verify `!testme` triggerability
For 2-3 newly-enrolled recipes, post `!testme` on an open PR (or a scratch PR) and confirm a Drone
build starts and reports back. Spot-check the bridge poll log shows all 19 repos.

### Phase 6 — resume per-recipe debugging (was blocked on the above)
Only after Phases 1-5: pick up the deferred per-recipe work — matrix-synapse upgrade re-run failure,
ghost backup PRs (#1 reopened, #2 upgrade), discourse bitnamilegacy re-pin, immich/mattermost/plausible
backup fixes, etc. (See `DEFERRED.md` + the build-audit summary.)

## Risks & rollback
- **Live-host rebuild (Phase 4):** the highest-impact step, but the wrong-target footgun is fixed
  (`#cc-ci` → Hetzner config, `be4f451`) and deploying cc-ci is the loops' normal operation, so it runs
  autonomously. Safety net: verify after rebuild and `nixos-rebuild switch --rollback` on any regression.
- **Bridge poll widening:** more repos polled = more API calls; negligible at 19 repos. A bad recipe
  enrollment can't break others (per-recipe runs are isolated).
- **hedgedoc tests (Phase 2):** authoring risk only; gated by its own `!testme`-green PR before trust.

## Open items / decisions
- hedgedoc: **author tests** (operator-chosen). Scope it as its own PR.
- `bluesky-pds #1` open PR looks like a `recipe-create-pr` smoke-test artifact — close separately
  (flagged to @notplants).
- Host self-service rebuild path for cc-ci is still a gap (Phase 4 depends on an operator-synced
  `/root/cc-ci`); worth a durable fix later.