diff --git a/DECISIONS.md b/DECISIONS.md index c2901d3..cf64305 100644 --- a/DECISIONS.md +++ b/DECISIONS.md @@ -210,4 +210,10 @@ Architecture decisions and dead-ends. One line of rationale each. (§0, §8) - **Cert into git:** wildcard cert+key become sops secrets in `cc-ci-secrets`, decrypted at activation back to `/var/lib/ci-certs/live/{fullchain.pem,privkey.pem}` via `sops.secrets..path`; proxy.nix keeps reading that path (now sops-sourced, not operator-drop). -- **cc-nix-test final sizing:** TBD in W6 (keep 4 GB / restore 6 GB / promote rebuilt VM). +- **cc-nix-test final sizing (C6) — SETTLED by operator 2026-05-27: PROMOTE the rebuilt VM.** The + freshly-rebuilt reproducible VM (the FINAL W5/C4-C5 clean-room throwaway) becomes the canonical + cc-nix-test; the operator will repurpose it for a live real-traffic test through the public gateway. +- **C6 teardown OVERRIDE (operator, 2026-05-27):** do NOT destroy the FINAL throwaway VM after + W5/C4-C5 PASSes — keep it RUNNING; defer its C6 teardown until the operator explicitly says + otherwise. This overrides the plan §5/§6 "destroy the throwaway" for that one VM only. All other + cleanup proceeds normally (the Builder's first throwaway was already destroyed; RAM accounting holds). diff --git a/JOURNAL-1c.md b/JOURNAL-1c.md index 2dded8f..f1fc2e0 100644 --- a/JOURNAL-1c.md +++ b/JOURNAL-1c.md @@ -290,3 +290,12 @@ byte-identical closure + live throwaway rebuild). install.md updated to this val Destroying the throwaway now (frees RAM for the Adversary's independent W5 cold rebuild; C6 no-leftover). Gate W4 CLAIMED — awaiting Adversary cold W5 (their own fresh VM). + +## 2026-05-27 — Operator override: keep the FINAL throwaway (promote → cc-nix-test) + +Orchestrator/operator note: do NOT destroy the FINAL W5/C4-C5 clean-room throwaway VM after it +PASSes — the operator repurposes it as the new cc-nix-test for a live real-traffic test through the +public gateway. Keep it running; defer its C6 teardown until the operator explicitly says otherwise. +Overrides plan §5/§6 "destroy the throwaway" for that one VM. Settles **C6 final sizing = promote the +rebuilt VM**. Recorded in DECISIONS.md + STATUS-1c (flagged for the Adversary so they don't tear down +their W5 VM on PASS). My already-destroyed first throwaway + RAM accounting unaffected. diff --git a/STATUS-1c.md b/STATUS-1c.md index bbf6e40..bb3e778 100644 --- a/STATUS-1c.md +++ b/STATUS-1c.md @@ -66,6 +66,14 @@ See JOURNAL-1c 2026-05-27 W2a entry for full evidence. - [ ] C6 — Resource fit + cleanup (cc-nix-test 6→4 GB, throwaway 4 GB, destroyed after; final sizing decided) - [ ] C7 — Docs (install.md/secrets.md/architecture.md + main plan refs updated to new model) +## ⚠️ Operator override — do NOT destroy the FINAL throwaway VM (read before W5/W6 cleanup) +The operator (2026-05-27) will **repurpose the final W5/C4-C5 clean-room throwaway VM as the new +cc-nix-test** for a live real-traffic test. So: **KEEP that VM running after W5 PASSes — do NOT tear +it down in C6/W6.** Defer its teardown until the operator explicitly says otherwise. This overrides the +plan's "destroy the throwaway" for that one VM. (Adversary: please do not destroy your W5 VM on PASS.) +This also settles C6 final sizing = **promote the rebuilt VM**. All other cleanup is normal (Builder's +first throwaway already destroyed). See DECISIONS.md Phase-1c. + ## Blocked (none)