recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

journal(2): both Phase-2 blockers cleared (Q3.2 PASS, F2-9 resolved); scout Q3.3 lasuite-meet as next (reuses lasuite-drive OIDC-at-install machinery)

Browse Source
This commit is contained in:
autonomic-bot
2026-05-29 13:13:32 +01:00
parent a48543f57b
commit 3a8c5ca076
1 changed files with 28 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
machine-docs/JOURNAL-2.md
View File

@ -887,3 +887,31 @@ Validation path:
F2-9 (Adversary-owned conditional sign-off) is satisfied — left for the Adversary to close on
cold-verify. DEFERRED.md cryptpad create-pad entry marked resolved.
---
## 2026-05-29 — Both Phase-2-DONE blockers cleared; next unit scouted: Q3.3 lasuite-meet
**Milestone:** Q3.2 lasuite-drive = Adversary PASS (F2-12 CLOSED). cryptpad F2-9 = RESOLVED (roundtrip
green in full custom tier; awaiting Adversary close). The two veto-eligible / DONE-gating items are done.
**Next unit — Q3.3 lasuite-meet (SSO-dependent, La Suite sibling).** Scouted: mirrored on
recipe-maintainers (200), reference corpus rich (health_check, oidc_login, meeting_flow, webrtc-media,
webrtc-relay), `recipe.toml` requires=["keycloak"], [sso] provider=keycloak. **Reuses the exact
machinery I just built for lasuite-drive** — so low-friction:
- `recipe_meta.py`: DEPS=["keycloak"] + OIDC_AT_INSTALL=True (+ READY_PROBE if a heavy sub-service
like livekit needs an extra readiness signal — TBD at deploy).
- `install_steps.sh`: wire OIDC env at install (mirror lasuite-drive's; impress/La Suite OIDC contract
— adapt env var names to meet's .env.sample).
- lifecycle overlays test_install/upgrade/backup/restore + ops.py (DB marker like drive's, if meet has
a backable DB).
- Parity ports: health_check (HTTP 200), oidc_login (→ test_oidc_with_keycloak via
harness.sso.oidc_password_grant). PARITY.md mapping.
- §4.3 specifics: **meeting_flow** (password-grant token → create a room via meet API → assert room +
obtain LiveKit join token for 2 users; corpus meeting_flow.py shows the shape) + **webrtc** probe
(ICE/connectivity or LiveKit token issuance — full UDP media relay may be an env-blocker per plan
§7.1; implement the maximal testable subset = signaling/token issuance + document any true blocker).
- e2e: RECIPE=lasuite-meet PR=0 cc-ci-run runner/run_recipe_ci.py → full suite green, OIDC PASS.
(Also noted: tests/plausible/ has a stub (recipe_meta + functional/) from an earlier partial; plausible
not mirrored. Lower priority than lasuite-meet which completes Q3.)