journal(2): both Phase-2 blockers cleared (Q3.2 PASS, F2-9 resolved); scout Q3.3 lasuite-meet as next (reuses lasuite-drive OIDC-at-install machinery)
This commit is contained in:
@ -887,3 +887,31 @@ Validation path:
|
|||||||
|
|
||||||
F2-9 (Adversary-owned conditional sign-off) is satisfied — left for the Adversary to close on
|
F2-9 (Adversary-owned conditional sign-off) is satisfied — left for the Adversary to close on
|
||||||
cold-verify. DEFERRED.md cryptpad create-pad entry marked resolved.
|
cold-verify. DEFERRED.md cryptpad create-pad entry marked resolved.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## 2026-05-29 — Both Phase-2-DONE blockers cleared; next unit scouted: Q3.3 lasuite-meet
|
||||||
|
|
||||||
|
**Milestone:** Q3.2 lasuite-drive = Adversary PASS (F2-12 CLOSED). cryptpad F2-9 = RESOLVED (roundtrip
|
||||||
|
green in full custom tier; awaiting Adversary close). The two veto-eligible / DONE-gating items are done.
|
||||||
|
|
||||||
|
**Next unit — Q3.3 lasuite-meet (SSO-dependent, La Suite sibling).** Scouted: mirrored on
|
||||||
|
recipe-maintainers (200), reference corpus rich (health_check, oidc_login, meeting_flow, webrtc-media,
|
||||||
|
webrtc-relay), `recipe.toml` requires=["keycloak"], [sso] provider=keycloak. **Reuses the exact
|
||||||
|
machinery I just built for lasuite-drive** — so low-friction:
|
||||||
|
- `recipe_meta.py`: DEPS=["keycloak"] + OIDC_AT_INSTALL=True (+ READY_PROBE if a heavy sub-service
|
||||||
|
like livekit needs an extra readiness signal — TBD at deploy).
|
||||||
|
- `install_steps.sh`: wire OIDC env at install (mirror lasuite-drive's; impress/La Suite OIDC contract
|
||||||
|
— adapt env var names to meet's .env.sample).
|
||||||
|
- lifecycle overlays test_install/upgrade/backup/restore + ops.py (DB marker like drive's, if meet has
|
||||||
|
a backable DB).
|
||||||
|
- Parity ports: health_check (HTTP 200), oidc_login (→ test_oidc_with_keycloak via
|
||||||
|
harness.sso.oidc_password_grant). PARITY.md mapping.
|
||||||
|
- §4.3 specifics: **meeting_flow** (password-grant token → create a room via meet API → assert room +
|
||||||
|
obtain LiveKit join token for 2 users; corpus meeting_flow.py shows the shape) + **webrtc** probe
|
||||||
|
(ICE/connectivity or LiveKit token issuance — full UDP media relay may be an env-blocker per plan
|
||||||
|
§7.1; implement the maximal testable subset = signaling/token issuance + document any true blocker).
|
||||||
|
- e2e: RECIPE=lasuite-meet PR=0 cc-ci-run runner/run_recipe_ci.py → full suite green, OIDC PASS.
|
||||||
|
|
||||||
|
(Also noted: tests/plausible/ has a stub (recipe_meta + functional/) from an earlier partial; plausible
|
||||||
|
not mirrored. Lower priority than lasuite-meet which completes Q3.)
|
||||||
|
|||||||
Reference in New Issue
Block a user