recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

claim(2w): WC8 + WC9 (FINAL gates) — resource-safety consolidation + stale-warm prune + docs/warm.md + --quick rollback proof

Browse Source 
WC8: canonical.prune_stale (drop de-enrolled warm data + volumes) wired into the
nightly sweep + df log; consolidated evidence (DRONE_RUNNER_CAPACITY=MAX_TESTS
serialize; autoPrune drops --volumes so warm vols survive; cold teardown sacred;
warm excluded from D8 — no nix source ref). +1 unit (72 pass). WC9: docs/warm.md
documents the full warm/quick model; --quick rollback proof already proven live
(W2 FAIL restores exact known-good; WC4 PASS byte-identical snapshot). On PASS,
all WC1-WC9 (incl WC1.1/WC1.2) verified → DONE.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
autonomic-bot
2026-05-29 04:43:34 +01:00
parent b8b698e2f5
commit 40b03a9bf1
6 changed files with 234 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
machine-docs/JOURNAL-2w.md
View File

@ -377,3 +377,20 @@ red; added util-linux (matching cc-ci-run). After both fixes, the live SERVICE s
(known-good stayed 1.10.0 — never lose known-good). W3 (WC5+WC6) essentially closed. Remaining:
WC8 (resource/isolation hardening — mostly already in place) + WC9 (docs + --quick rollback proof,
already shown) → then DONE.
## 2026-05-29 — W4 WC8 + WC9 (final gates) built + claimed; DONE pending their PASS
WC6 ADVERSARY PASS (REVIEW-2w b8b698e). Then built the final two:
- **WC8 resource safety + isolation** — most was already in place; consolidated + added the missing
piece: `canonical.prune_stale()` drops `/var/lib/ci-warm/<recipe>/` + the `warm-<recipe>` volumes
for DE-ENROLLED canonicals (keeps enrolled + reconciler dirs keycloak/traefik + alerts/), wired
into the nightly sweep + a `df` log. +1 unit (72 pass). Verified live: DRONE_RUNNER_CAPACITY=maxTests
(serialize); autoPrune flags drop `--volumes` (warm vols survive); `grep ci-warm nix/` = comment
only (excluded from D8); disk 50%, warm ~318M.
- **WC9 docs** — `docs/warm.md`: the full warm/quick model (live/data-warm/cold, warm-<recipe> scheme,
health-gated reconcilers + WC1.2 safety gate + alerts, canonicals + warmsnap + enroll, --quick,
promote-on-green-cold, nightly sweep, resource safety, operate/debug) + the `--quick` rollback proof
(FAIL restores exact known-good; PASS byte-identical snapshot — proven W2/WC4).
Claimed WC8+WC9 (the final gates). On their PASS, EVERY WC1WC9 (incl WC1.1/WC1.2) is Adversary-verified
→ write `## DONE` to STATUS-2w (handshake: <24h PASS for all + no VETO) watchdog returns to Phase 2.