diff --git a/DECISIONS.md b/DECISIONS.md index cf64305..04df421 100644 --- a/DECISIONS.md +++ b/DECISIONS.md @@ -217,3 +217,27 @@ Architecture decisions and dead-ends. One line of rationale each. (§0, §8) W5/C4-C5 PASSes — keep it RUNNING; defer its C6 teardown until the operator explicitly says otherwise. This overrides the plan §5/§6 "destroy the throwaway" for that one VM only. All other cleanup proceeds normally (the Builder's first throwaway was already destroyed; RAM accounting holds). + +## Phase 1b — lint/format tooling (open decisions §6, settled W0) +- **Formatters/linters (RL1):** Nix = `nixpkgs-fmt` (format) + `statix` (lints) + `deadnix` (dead + code); Python = `ruff` (lint + format); Shell = `shellcheck` + `shfmt -i 2 -ci`; YAML = `yamllint`. + Kept `nixpkgs-fmt` over `alejandra` because it was already the repo `formatter` and devshell tool + (no extra churn / restyle of every .nix). All built from the already-pinned nixpkgs via a flake + `lint` devshell (`nix develop .#lint`) so CI and local use byte-identical tool versions. +- **Lint entrypoint:** `scripts/lint.sh` (check-only by default; `--fix` auto-applies). The + `.drone.yml` push pipeline runs it via `nix develop .#lint --command bash scripts/lint.sh`. +- **ruff strictness:** `select = [E,F,W,I,UP,B,C4,SIM]`, `ignore = [E501]` (line length is the + formatter's job; only un-splittable strings would trip it). `line-length=100`, `target=py311`. +- **Drone lint stage = FAIL (not warn).** The codebase is green now, so enforce from here on — an + unclean commit fails the `lint` step. (Resolves the §6 open question.) +- **Python type-checking (mypy/pyright): DEFERRED to IDEAS**, not added in 1b. The harness is small + and dynamically typed around `abra`/subprocess JSON; gradual typing is a larger effort than this + bounded pass warrants. Revisit if Phase 2's 18-recipe ramp shows type bugs. +- **blocking vs advisory split (§3):** treated as in the phase plan — tests-real, Nix-idempotent, + no-footguns, no-secrets, log-redaction, harness-DRY = blocking; readability/docs/arch-drift = + advisory unless a real plan deviation. Recorded per-finding in REVIEW-1b / BACKLOG-1b. +- **cc-ci self-CI push trigger:** the lint stage lives in the `event: push` pipeline. The Gitea→Drone + push webhook on this instance is flaky (`last_status: None`; documented §4.1) and predates 1b — + recipe CI uses polling as primary, but cc-ci's *own* self-test/lint relies on the push webhook. + The lint stage is correctly wired and proven green via the identical `nix develop .#lint` command; + reliably auto-firing it on every push is tracked as a (pre-existing) infra item, not a 1b lint gap. diff --git a/JOURNAL-1b.md b/JOURNAL-1b.md index d644852..641c99b 100644 --- a/JOURNAL-1b.md +++ b/JOURNAL-1b.md @@ -22,3 +22,44 @@ Lint-target inventory: 14 `.nix`, 32 `.py`, 1 `.sh` (`scripts/bootstrap-drone-oa Next: W0 — add the `lint` devshell + entrypoint + tool configs to the flake; auto-format; fix findings; wire the `.drone.yml` lint stage. + +## 2026-05-27 — W0 built: lint toolchain + format + drone stage + +Added (commits 2cede01 format/fixes, 4af427c drone stage, + tooling commits): +- `flake.nix`: `lint` devshell (`nix develop .#lint`) = nixpkgs-fmt, statix, deadnix, ruff, + shellcheck, shfmt, yamllint, built from the already-pinned nixpkgs (no registry/network surprise — + `nix build #ruff` resolves from cache.nixos.org). Default devshell also gets them. +- `scripts/lint.sh` (check / `--fix`), `ruff.toml`, `.yamllint.yaml`. +- `.drone.yml`: a `lint` step in the `event: push` pipeline running + `nix develop .#lint --command bash scripts/lint.sh` (FAILs the build on any unclean file). + +Format/lint cleanup (semantics-preserving): ruff format on all 32 .py; nixpkgs-fmt drone-runner.nix; +shfmt scripts; ruff SIM105/SIM115 (contextlib.suppress / `with open`); statix (merge sops +`secrets.*`, empty-pattern → `_`); deadnix (drop unused `self`/`lib`/overlay `final`). + +Verification (on cc-ci, clean tar'd checkout /tmp/ccci-lint): +``` +$ nix develop .#lint --command bash scripts/lint.sh +=== Nix — nixpkgs-fmt === 0 / 14 would have been reformatted +=== Nix — statix === (clean) +=== Nix — deadnix === (clean) +=== Python — ruff format === 32 files already formatted +=== Python — ruff check === All checks passed! +=== Shell — shfmt/shellcheck === (clean) +=== YAML — yamllint === (clean) +lint: PASS +``` +nix eval `.#nixosConfigurations.cc-ci.config.system.build.toplevel` → a derivation (evals OK; the +networkd/dhcp warning is pre-existing). Built toplevel `8i3jcad9…` differs from running +`cqym8knjg7…` — EXPECTED: bridge.py/dashboard.py (and runner) are `cp`'d into the store, so the +reformat changes their hash. cc-ci will be rebuilt to the formatted closure in W2 before RL3. +All Python byte-compiles (store python 3.12.8). + +Drone CI note: triggered build #150 via API but that's `event=custom` (→ recipe-ci pipeline, not the +push lint pipeline) — cancelled it. The Gitea→Drone push webhook (hook 211) shows `last_status: None` +and Drone logs show no inbound hook deliveries → the documented flaky webhook (§4.1). Public and +canonical (100.90.116.4) Drone build lists are identical, so the gateway routes to canonical cc-ci +(no rebuild-VM split). Recorded the flaky-webhook as a pre-existing infra item in DECISIONS.md; the +lint stage itself is wired + proven green via the identical command. + +Claimed W0 gate (RL1) in STATUS-1b. Next: W1 white-box review checklist over the cleaned codebase. diff --git a/STATUS-1b.md b/STATUS-1b.md index 978576b..4f2b8a2 100644 --- a/STATUS-1b.md +++ b/STATUS-1b.md @@ -21,11 +21,19 @@ REVIEW-1b, then `## DONE`. deviations in DECISIONS.md. ## In flight -**W0 — tooling + format.** Starting: add formatters/linters + `lint` entrypoint + devshell; format -codebase; wire `.drone.yml` lint stage. +**W0 — tooling + format: BUILT, self-verified.** Added the `lint` devshell + `scripts/lint.sh` + +ruff/yamllint config (built from pinned nixpkgs); auto-formatted + lint-cleaned the whole codebase +(ruff/nixpkgs-fmt/statix/deadnix/shfmt); wired the `lint` stage into the `.drone.yml` push pipeline +(FAIL on unclean). `scripts/lint.sh` → **lint: PASS** on a clean checkout on cc-ci; the +nixosConfiguration still evaluates and all Python byte-compiles. +Note: the Gitea→Drone push webhook is flaky (pre-existing, §4.1) so a push doesn't reliably +auto-create a Drone build; the stage is proven green via the exact `nix develop .#lint` command the +stage runs. Next: claim the W0 gate for the Adversary, start W1 (review checklist). ## Gate -(none yet) +**W0 CLAIMED, awaiting Adversary** (RL1). Acceptance: from a clean checkout, +`nix develop .#lint --command bash scripts/lint.sh` → `lint: PASS`; the stage is in `.drone.yml`'s +push pipeline. ## Blocked (none)