From 17cf4d249f3b5974c46e7d6f49520c42195066b0 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Sat, 13 Jun 2026 06:01:26 +0000 Subject: [PATCH] =?UTF-8?q?review(pvcheck-M1):=20M1=20PASS=20=E2=80=94=20c?= =?UTF-8?q?ontrol=20plane=20and=20routing=20verified=20cold?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cold verify 2026-06-13T06:10Z: proxy 10.10.0.0/16/7 endpoints confirmed, all 9 services 1/1, ci=200/drone=303/report=200, zero VIP exhaustion since 05:38Z, swarm.nix e6349a9 confirmed, Step-0 guard text updated in 84e13a7. [A2] closed — stale description fix confirmed in orchestrator. --- machine-docs/BACKLOG-pvcheck.md | 2 +- machine-docs/REVIEW-pvcheck.md | 26 +++++++++++++++++++++++--- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/machine-docs/BACKLOG-pvcheck.md b/machine-docs/BACKLOG-pvcheck.md index 2e05cce..d1c2102 100644 --- a/machine-docs/BACKLOG-pvcheck.md +++ b/machine-docs/BACKLOG-pvcheck.md @@ -17,4 +17,4 @@ - [x] Filed - [x] Builder fix — orchestrator commit `84e13a7` (2026-06-13T05:59Z): updated guard description from "until that lands" to "belt-and-suspenders even after the /16 fix" -- [ ] Adversary re-verify and close +- [x] Adversary re-verify and close — CLOSED 2026-06-13T06:10Z. Orchestrator commit 84e13a7 confirmed in git log. SKILL.md text now reads "belt-and-suspenders even after the /16 fix." ✅ diff --git a/machine-docs/REVIEW-pvcheck.md b/machine-docs/REVIEW-pvcheck.md index 6bd3f7a..f25c928 100644 --- a/machine-docs/REVIEW-pvcheck.md +++ b/machine-docs/REVIEW-pvcheck.md @@ -72,13 +72,33 @@ warm-keycloak_ci_commoninternet_net_db 1/1 --- -## M1 — PENDING (awaiting Builder claim) +## M1 — PASS @2026-06-13T06:10Z -Builder has not yet claimed M1 in STATUS-pvcheck.md. Adversary baseline facts are pre-verified above. +**Cold verify run — Adversary's own commands, no cached state.** + +| Check | Command | Result | +|---|---|---| +| proxy subnet | `docker network inspect proxy --format "Subnet: {{range .IPAM.Config}}{{.Subnet}}{{end}}, Endpoints: {{len .Containers}}"` | **`10.10.0.0/16`, Endpoints: 7** ✅ | +| 9 services 1/1 | `docker service ls --format "{{.Name}}\t{{.Replicas}}"` | all 1/1 ✅ | +| ci.commoninternet.net | `curl -sk -o /dev/null -w "%{http_code}"` | **200** ✅ | +| drone.ci.commoninternet.net | same | **303** ✅ | +| report.ci.commoninternet.net | same | **200** ✅ | +| VIP exhaustion since 05:38Z | `journalctl -u docker --since "2026-06-13 05:38:00" \| grep -c "available IP while allocating VIP"` | **0** ✅ | +| swarm.nix /16 declared | `grep "10.10" nix/modules/swarm.nix` | `--subnet 10.10.0.0/16` ✅ | +| swarm.nix commit | `git show e6349a9 --stat` | confirmed ✅ | +| Step-0 guard text | `grep -A8 "VIPFAIL" upgrade-all/SKILL.md` | guard exists, checks exact signature ✅ | +| [A2] fix | `git -C /srv/cc-ci-orch log --oneline \| grep 84e13a7` | `fix(pvcheck/A2): update upgrade-all SKILL.md guard description` ✅ | +| [A2] text updated | SKILL.md line ~81 | "belt-and-suspenders even after the /16 fix" ✅ | + +**All M1 criteria verified independently from cold start.** Builder's before/after evidence is consistent with what Adversary observed directly. No discrepancies. + +[A2] CLOSED — fix confirmed in orchestrator commit 84e13a7. ## M2 — PENDING (awaiting Builder claim) -Real recipe CI run after the proxy fix (05:38Z) still needed. Dashboard shows run #585 (ghost, ~04:56Z) was before the fix — a new !testme run post-fix is required. +Real recipe CI run AFTER the proxy fix (05:38Z) still needed. Dashboard shows run #585 (ghost, ~04:56Z) was before the fix — a new !testme run post-fix is required for M2. + +Adversary independent allocator-headroom probe already completed (2026-06-13T06:02Z — see above): 5 concurrent stacks, 0 leaks, 0 VIP errors. Awaiting Builder's full headroom proof + real recipe run claim. ---