diff --git a/machine-docs/JOURNAL-2.md b/machine-docs/JOURNAL-2.md index 66cb84c..15088ca 100644 --- a/machine-docs/JOURNAL-2.md +++ b/machine-docs/JOURNAL-2.md @@ -887,3 +887,31 @@ Validation path: F2-9 (Adversary-owned conditional sign-off) is satisfied — left for the Adversary to close on cold-verify. DEFERRED.md cryptpad create-pad entry marked resolved. + +--- + +## 2026-05-29 — Both Phase-2-DONE blockers cleared; next unit scouted: Q3.3 lasuite-meet + +**Milestone:** Q3.2 lasuite-drive = Adversary PASS (F2-12 CLOSED). cryptpad F2-9 = RESOLVED (roundtrip +green in full custom tier; awaiting Adversary close). The two veto-eligible / DONE-gating items are done. + +**Next unit — Q3.3 lasuite-meet (SSO-dependent, La Suite sibling).** Scouted: mirrored on +recipe-maintainers (200), reference corpus rich (health_check, oidc_login, meeting_flow, webrtc-media, +webrtc-relay), `recipe.toml` requires=["keycloak"], [sso] provider=keycloak. **Reuses the exact +machinery I just built for lasuite-drive** — so low-friction: +- `recipe_meta.py`: DEPS=["keycloak"] + OIDC_AT_INSTALL=True (+ READY_PROBE if a heavy sub-service + like livekit needs an extra readiness signal — TBD at deploy). +- `install_steps.sh`: wire OIDC env at install (mirror lasuite-drive's; impress/La Suite OIDC contract + — adapt env var names to meet's .env.sample). +- lifecycle overlays test_install/upgrade/backup/restore + ops.py (DB marker like drive's, if meet has + a backable DB). +- Parity ports: health_check (HTTP 200), oidc_login (→ test_oidc_with_keycloak via + harness.sso.oidc_password_grant). PARITY.md mapping. +- §4.3 specifics: **meeting_flow** (password-grant token → create a room via meet API → assert room + + obtain LiveKit join token for 2 users; corpus meeting_flow.py shows the shape) + **webrtc** probe + (ICE/connectivity or LiveKit token issuance — full UDP media relay may be an env-blocker per plan + §7.1; implement the maximal testable subset = signaling/token issuance + document any true blocker). +- e2e: RECIPE=lasuite-meet PR=0 cc-ci-run runner/run_recipe_ci.py → full suite green, OIDC PASS. + +(Also noted: tests/plausible/ has a stub (recipe_meta + functional/) from an earlier partial; plausible +not mirrored. Lower priority than lasuite-meet which completes Q3.)