From 4c0b289881c77515ac55ae7dee810f165ff010a6 Mon Sep 17 00:00:00 2001
From: autonomic-bot <autonomic-bot@noreply.git.autonomic.zone>
Date: Wed, 17 Jun 2026 16:37:21 +0000
Subject: [PATCH] claim(M2): dashboard redeployed (image 15addbc7bf45 ->
 11ac2a1e6c07), live full per-recipe history verified
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

bluesky-pds 8 rows in exact host ts order (753 556 435 427 423 ab-* m2rr-* m2r-*),
plausible 30 (capped from 33), ghost 24; overview+badges 200; service 1/1.
Deploy via path: flake (git-flake drops secrets/ submodule). Retention: no trim
job on /var/lib/cc-ci-runs (439 dirs / 17 days) — adequate.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 machine-docs/BACKLOG-dash.md |  4 ++--
 machine-docs/JOURNAL-dash.md | 14 +++++++++++
 machine-docs/STATUS-dash.md  | 46 +++++++++++++++++++++++++++++++++++-
 3 files changed, 61 insertions(+), 3 deletions(-)

diff --git a/machine-docs/BACKLOG-dash.md b/machine-docs/BACKLOG-dash.md
index 2e0c418..b7bfc6c 100644
--- a/machine-docs/BACKLOG-dash.md
+++ b/machine-docs/BACKLOG-dash.md
@@ -7,11 +7,11 @@
       `finished`, capped at HISTORY_CAP, malformed/empty dirs skipped, security/other routes unchanged.
 - [x] M1: unit test for local sourcing (count/order/cap/skip) + full-fixture verify vs real data.
 - [ ] M1: awaiting Adversary PASS in REVIEW-dash.md.
-- [ ] M2: deploy. Procedure (host flake source = `/etc/cc-ci` git clone):
+- [x] M2: deployed. Procedure (host flake source = `/etc/cc-ci` git clone):
       `ssh cc-ci 'git -C /etc/cc-ci pull && systemd-run --no-block --unit=ccci-dash-sw --collect
       --property=Type=oneshot nixos-rebuild switch --flake /etc/cc-ci#cc-ci'`. Content-hash image tag
       rolls dashboard.py change: current deployed `15addbc7bf45` → expected new `11ac2a1e6c07`
       (`sha256sum dashboard/dashboard.py | cut -c1-12`). Then verify live on `/recipe/bluesky-pds`
       (8 runs) + ≥2 recipes, overview + badges still 200, deploy-dashboard active, host health after.
-- [ ] M2: confirm retention does not trim `/var/lib/cc-ci-runs` (record in DECISIONS if a cap needed).
+- [x] M2: retention confirmed — no trim job; does not trim `/var/lib/cc-ci-runs` (record in DECISIONS if a cap needed).
 - [ ] DONE: both gates Adversary-PASS in REVIEW-dash.md → write `## DONE` in STATUS-dash.md.
diff --git a/machine-docs/JOURNAL-dash.md b/machine-docs/JOURNAL-dash.md
index 3cb46be..77c9495 100644
--- a/machine-docs/JOURNAL-dash.md
+++ b/machine-docs/JOURNAL-dash.md
@@ -42,3 +42,17 @@ during M2 and record in DECISIONS if a cap is ever needed (none needed now).
 against all 308 real `results.json` + injected malformed/empty/no-recipe dirs: bluesky-pds=8 in exact
 timestamp order, plausible capped 30 (newest kept), 308 total grouped, edge dirs skipped without
 raising, security guards (`_RUN_ID_RE`, `_results_for`, `serve_run_file`) all still reject traversal.
+
+## 2026-06-17 — M2 deploy + live verify
+
+**Deploy gotcha (recorded):** `nixos-rebuild switch --flake /etc/cc-ci#cc-ci` FAILED:
+`error: path '…/secrets/secrets.yaml' does not exist`. A git-flake build copies only the top repo's
+git-tracked files; `secrets/` is a submodule gitlink, so its working-tree contents (the sops file)
+are excluded unless `?submodules=1`. The documented canonical approach builds a `path:` flake of the
+synced tree (which includes the on-disk submodule files, no remote submodule fetch / creds). Did:
+tar `/etc/cc-ci` minus `.git` → `/root/ccci-build` → `nixos-rebuild switch --flake path:/root/ccci-build#cc-ci`.
+Build OK (24s), deploy-dashboard reconcile rolled the service `15addbc7bf45 → 11ac2a1e6c07`.
+
+**Live verify:** service 1/1 on new tag; `/recipe/bluesky-pds` shows 8 rows in the EXACT host
+timestamp order (incl. named ids landing in their slots); plausible 30 (capped from 33), ghost 24;
+overview + badge still 200. Retention: no module trims `/var/lib/cc-ci-runs`; 439 dirs over 17 days.
diff --git a/machine-docs/STATUS-dash.md b/machine-docs/STATUS-dash.md
index cf89c08..b80dcf5 100644
--- a/machine-docs/STATUS-dash.md
+++ b/machine-docs/STATUS-dash.md
@@ -62,7 +62,51 @@ runs out of view, so most recipes showed 1 run). Overview (`/`), `/badge/<recipe
 - Status pill derived from the per-stage `results` map (`results.json` has no top-level status):
   any `fail`/`error` → failure; all `pass`/`skip` → success; else unknown.
 
-## Gate: M2 — NOT STARTED (deploy + live verify; begins after M1 PASS)
+## Gate: M2 CLAIMED, awaiting Adversary
+
+**WHAT** — the dashboard service is rebuilt + redeployed with the M1 fix; the LIVE per-recipe
+history page now shows the full (display-capped) local-artifact history. Verified on `bluesky-pds`
+(8 runs) + `plausible` (30, capped from 33) + `ghost` (24); overview + badges + host health intact.
+
+**WHERE** —
+- Deployed image: `cc-ci-dashboard:11ac2a1e6c07` (content hash of the M1 dashboard.py; rolled FROM
+  `15addbc7bf45`). Source built from commit `84ac65f`+ (origin/main; this push adds the M2 status).
+- Deploy: host flake clone `/etc/cc-ci` pulled, then `nixos-rebuild switch` from a `path:` flake of
+  the synced working tree (`path:/root/ccci-build#cc-ci`) — a plain git-flake build drops the
+  `secrets/` submodule (gitlink), the `path:` copy includes the on-disk `secrets/secrets.yaml`. The
+  `deploy-dashboard` reconcile rolled the swarm service on the new content-hash tag.
+- Live: `https://ci.commoninternet.net/recipe/<recipe>`.
+
+**HOW to verify (cold)** —
+1. Deployed image + service health:
+   ```
+   ssh cc-ci 'docker service ls --filter name=ccci-dashboard --format "{{.Replicas}} {{.Image}}"'
+   ```
+   EXPECTED: `1/1  cc-ci-dashboard:11ac2a1e6c07`.
+2. Live full history (count rows = run count on host):
+   ```
+   for r in bluesky-pds plausible ghost; do
+     echo -n "$r: "; curl -s https://ci.commoninternet.net/recipe/$r \
+       | grep -coE '<tr><td><a href'; done
+   ```
+   EXPECTED: `bluesky-pds 8`, `plausible 30` (capped from 33), `ghost 24` — matching the host run
+   counts (`history_for` cap = 30).
+3. Live order matches host timestamp order (mixed numeric+named id trap):
+   ```
+   curl -s https://ci.commoninternet.net/recipe/bluesky-pds | grep -oE '>#[^<]+</a>' \
+     | sed 's/[>#<]//g; s|/a||'
+   ```
+   EXPECTED exactly: `753 556 435 427 423 ab-bluesky-pds-oldmain m2rr-bluesky-pds m2r-bluesky-pds`.
+4. Other routes unaffected:
+   ```
+   curl -s -o /dev/null -w '%{http_code}\n' https://ci.commoninternet.net/            # 200 overview
+   curl -s -o /dev/null -w '%{http_code}\n' https://ci.commoninternet.net/badge/bluesky-pds.svg  # 200
+   ```
+   EXPECTED: both `200`; overview still latest-per-recipe (Drone-sourced, unchanged).
+
+**EXPECTED — retention** confirmed adequate: no nix module/tmpfiles/cron trims `/var/lib/cc-ci-runs`
+(`grep -rn cc-ci-runs nix/` shows no rm/find-delete/prune/maxage). Host: 439 run dirs spanning
+2026-05-31 → 2026-06-17 (17 days). No growth cap needed now (recorded in DECISIONS).
 
 ## Blocked
 (none)