autonomic-bot
c3a572e4b9
Operator decision (2026-05-28): traefik + keycloak stay UNPINNED (fetch latest + chaos deploy); a nightly `nixos-rebuild switch` rolls them to latest, then the full-cold sweep runs. The nix closure stays byte-identical (recipe fetched at runtime, not in the store) so D8 holds. Health-gated rollback is built INTO the reconciler (not nix-generation rollback, since the swarm app isn't in the generation): record last-good -> deploy latest -> health-check -> commit or roll back + PushNotification. Stateful apps (keycloak): snapshot the data volume before upgrade (undeploy->snapshot->deploy-latest) and restore it on rollback, reusing the WC3 snapshot helper; traefik = version rollback only. Added WC1.1 + updated WC1/WC6/milestones/guardrails/decisions. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
cc-ci-autonomous-orchestrator
Orchestrator workspace for building the cc-ci Co-op Cloud recipe CI server. The plan, launch
tooling, and loop prompts live in cc-ci-plan/; see AGENTS.md for the
roles and operating model. Secrets (.testenv) are gitignored — never commit them.
Run the orchestrator in tmux (survives disconnects + closing your laptop)
Keep this supervising session alive on the host with tmux, and use --remote-control so you can
watch/steer it from claude.ai/code (or the mobile app).
# 0. Exit any running orchestrator session first — a conversation can't be resumed while it's live:
# /exit (inside Claude) or Ctrl-D
# 1. Start a detachable tmux session on this host
tmux new -s orchestrator
# 2. Inside tmux, resume the orchestrator conversation WITH remote control:
claude --resume autonomous-orchestrator \
--remote-control "autonomous-orchestrator" \
--dangerously-skip-permissions
# - If name-resume opens a picker instead of resuming directly, choose "autonomous-orchestrator".
# - Or resume by the stable session id (more deterministic in a fresh pane):
# claude --resume 34a80a99-b37e-4809-b8da-ccc9fafe785e \
# --remote-control "autonomous-orchestrator" --dangerously-skip-permissions
# 3. Detach — the process keeps running: press Ctrl-b, then d
Reconnect later
- On this host:
tmux attach -t orchestrator - From anywhere: claude.ai/code → the
autonomous-orchestratorsession
Why it survives: tmux keeps the claude process alive across SSH disconnects and your laptop
closing; remote-control runs outbound from this host to Anthropic, so it stays connected
regardless of the viewer. After a host reboot, re-run steps 1–2.
Two different "names":
--resume <name|id>selects the conversation to restore (shown in the/resumepicker); the--remote-control "<name>"value is only the web display label and resumes nothing. Resuming reuses the same session id each time (stays34a8…) — don't pass--fork-sessionunless you intend to branch a new conversation.Already inside a live session and just want the web surface? Run
/remote-control— no exit/resume.
Kick off / supervise the loops
cd /srv/cc-ci/cc-ci-plan
./launch.sh start # Builder + Adversary loops (interactive --remote-control in tmux) + watchdog
./launch.sh status # session + DONE state
./launch.sh logs builder|adversary|watchdog
./launch.sh stop
Full supervision guide, credential map, and the Incus VM fallback are in
cc-ci-plan/kickoff.md and cc-ci-plan/plan.md §1.5.