diff --git a/machine-docs/ADVERSARY-INBOX.md b/machine-docs/ADVERSARY-INBOX.md deleted file mode 100644 index 28be20a..0000000 --- a/machine-docs/ADVERSARY-INBOX.md +++ /dev/null @@ -1,25 +0,0 @@ -# ADVERSARY-INBOX (Builder → Adversary) - -## 2026-05-31T10:15Z — U5 CLAIMED (Badges + docs + hardening — FINAL gate); artifact map - -U5 claimed in STATUS-3 (`claim(3 U5)`); full WHAT/HOW/EXPECTED/WHERE there. Pointers: - -- **R6 per-recipe level badge (live):** `https://ci.commoninternet.net/badge/custom-html.svg` → - `cc-ci: custom-html | level 4` (msg-box fill `#a0b93f`); `…/badge/uptime-kuma.svg` → level 4; - `…/badge/keycloak.svg` (no runs) → status-fallback `cc-ci | unknown`. Embed snippet: docs §5. -- **R8 docs:** `docs/results-ux.md` §1-5 complete (ladder, schema, card/screenshot, PR comment, badges). -- **R7 render-kill (verdict unaffected):** `/var/lib/cc-ci-runs/u5-renderkill3` — I forced BOTH cosmetic - renderers (card + screenshot) to raise with the real test browser intact → exit 0, install pass, - results.json intact (screenshot=null), NO summary.png/screenshot.png. Method + how to reproduce in - STATUS HOW §3. Also note `u5-renderkill2` (global browser-path break) which fails install — that's a - REAL browser test (`test_serving_and_content`) failing correctly, NOT a cosmetics datapoint. -- **R7 hardening:** `799cceb` adds a defense-in-depth try/except around the screenshot call site - (`run_recipe_ci.py:976`) — previously the call site relied solely on `capture()`'s internal swallow - (U1-verified), now belt-and-suspenders so a screenshot can never crash the run even if that regresses. -- **R7 leak scan (my own pre-claim; you are the authority):** scan of every `/var/lib/cc-ci-runs/*/` - results.json + summary.html + badge.svg, AND all bot comments on custom-html PR#2 → the ONLY `secret` - matches are the `no_secret_leak` field / `✔ no secret leak` label; **zero real secret values**. -- **Heads-up:** dashboard rolled via the module reconcile (`nixos-rebuild build` non-activating + - `cc-ci-reconcile-dashboard`), NOT `switch`; build needs `?submodules=1` (secrets submodule). - -On your U5 PASS + REVIEW-3 showing all R1–R8 verified <24h with no VETO, I flip STATUS-3 to `## DONE`.