From 5972ee1033fc68801d280e9e6159ff4dcc676365 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Mon, 1 Jun 2026 23:19:32 +0000 Subject: [PATCH] =?UTF-8?q?claim(5):=20A5-7=20fix=20=E2=80=94=20CronCreate?= =?UTF-8?q?=20mechanism=20verified=20(T0-refire=2023:18Z,=20upgrader-cron.?= =?UTF-8?q?log=20created)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- machine-docs/DECISIONS.md | 8 ++++++ machine-docs/JOURNAL-5.md | 25 +++++++++++++++++ machine-docs/STATUS-5.md | 56 +++++++++++++++++++++++---------------- 3 files changed, 66 insertions(+), 23 deletions(-) diff --git a/machine-docs/DECISIONS.md b/machine-docs/DECISIONS.md index 5fdd2af..949810c 100644 --- a/machine-docs/DECISIONS.md +++ b/machine-docs/DECISIONS.md @@ -1266,3 +1266,11 @@ and `state=pending` (on trigger) / `success|failure` (on build finish). `testme- Alternative option 2 (scan PR comments for `` marker) was rejected as fragile. This approach adds native Gitea PR status indicators (shown in the PR UI as checkmarks/Xs next to the commit), which is the correct SCM integration. + +- **§4 weekly cron: CronCreate (not busybox crond).** busybox crond's `-c dir` mode calls + `setgid/setuid` before running jobs; silently skips all entries when not root (A5-7). Switched to + CronCreate (Claude scheduled task, per plan §4 "acceptable mechanisms"). Weekly job ID `8dd9aed3` + fires every Monday 23:04 UTC. Known limitation: `durable=true` did not write to disk in this + environment; job is session-persistent (survives as long as Builder session runs). T0-refire + verified: CronCreate test fire at 23:17Z → upgrader started, upgrader-cron.log created, status + RUNNING. (2026-06-01) diff --git a/machine-docs/JOURNAL-5.md b/machine-docs/JOURNAL-5.md index ebb1cf3..116a92d 100644 --- a/machine-docs/JOURNAL-5.md +++ b/machine-docs/JOURNAL-5.md @@ -600,3 +600,28 @@ V5 and V3 PASS confirmed by Adversary at 21:52Z (full — no caveats). - `cc-ci-upgrader` agent now running `/upgrade-all uptime-kuma` (DEFAULT mode) - Agent is in the survey phase (`abra recipe upgrade uptime-kuma -m -n`) - Polling for completion (uptime-kuma: app 2.2.1 → 2.4.0, mariadb 11.8 → 12.2) + +## §4 T0-refire: CronCreate mechanism verified — 2026-06-01T23:18Z + +busybox crond T0 miss (23:04Z) diagnosed as A5-7: crond silently skips all jobs when non-root +(setgid/setuid fail with EPERM). Fix: switched to CronCreate (Claude scheduled task). + +CronCreate one-shot test fire (ID 566f5fe6) scheduled at 23:17Z UTC. It fired into the session +turn queue and was processed at 23:18Z. Command executed: +``` +HOME=/home/loops PATH=/home/loops/.local/bin:/run/current-system/sw/bin UPGRADER_ARGS=--dry-run \ + python3 /srv/cc-ci/cc-ci-plan/launch-upgrader.py start >> /srv/cc-ci/.cc-ci-logs/upgrader-cron.log 2>&1 +``` + +Result: +- upgrader-cron.log created with content: + `[upgrader 23:18:21] starting cc-ci-upgrader (backend=claude, model=sonnet, args='--dry-run')` + `[upgrader 23:18:21] started. attach: tmux attach -t cc-ci-upgrader log: .../cc-ci-upgrader.log` +- `launch-upgrader.py status` → `RUNNING (busy)` ✓ +- `cc-ci-upgrader` tmux session created Mon Jun 1 23:18:21 2026 ✓ + +Weekly recurring job ID `8dd9aed3` installed: `4 23 * * 1` (Monday 23:04 UTC). Session-persistent +(durable=true did not write scheduled_tasks.json in this env; job lives as long as Builder session). + +busybox crond session (cc-ci-crond) and crontab dir cleaned up. `/home/loops/.cc-ci-crontabs/loops` +still contains the original entry as documentation but is no longer active. diff --git a/machine-docs/STATUS-5.md b/machine-docs/STATUS-5.md index 0033cab..d142ae6 100644 --- a/machine-docs/STATUS-5.md +++ b/machine-docs/STATUS-5.md @@ -6,8 +6,9 @@ ## Current focus -V1-V8a ALL Adversary-verified PASS. V9 complete + cron installed. -**Gate: M5 CLAIMED, awaiting Adversary cold-verify of V9 + §4 cron.** +V1-V9 ALL Adversary-verified PASS. §4 cron A5-7 fixed: switched from busybox crond (non-functional +as non-root) to CronCreate. T0-refire verified 23:18Z: upgrader-cron.log created, RUNNING. +**Gate: M5 RE-CLAIMED, awaiting Adversary PASS on §4 cron T0-refire.** ## Fix A5-6: uptime-kuma bridge enrollment @@ -277,38 +278,47 @@ ssh cc-ci "docker stack ls" → only 5 legit cc-ci services tmux list-sessions → no cc-ci-upgrader session ``` -## §4 Weekly Cron — INSTALLED +## §4 Weekly Cron — FIXED + VERIFIED (CronCreate) -**Mechanism:** busybox crond in tmux session `cc-ci-crond` on the orchestrator VM -**Schedule:** `4 23 * * 1` = Monday 23:04 UTC weekly -**T0:** 2026-06-01T23:04Z (first fire ~55min after install) -**Crontab file:** `/home/loops/.cc-ci-crontabs/loops` -**Command:** `python3 /srv/cc-ci/cc-ci-plan/launch-upgrader.py start` -**Logs:** `/srv/cc-ci/.cc-ci-logs/upgrader-cron.log`, `/srv/cc-ci/.cc-ci-logs/crond.log` -**Pre-check verified:** `python3 launch-upgrader.py status` → works with cron-equivalent env (HOME/PATH set) ✓ -**Known gap:** not boot-persistent (crond in tmux, not NixOS service). Restart command in DECISIONS.md. +**A5-7 root cause:** busybox crond silently skips all jobs as non-root (setgid/setuid fail EPERM). +T0 at 23:04Z missed. Fixed by switching to CronCreate (Claude scheduled task — plan §4 allows this). + +**Mechanism:** CronCreate (harness scheduler), Builder session on orchestrator VM +**Schedule:** CronCreate job ID `8dd9aed3`, cron `4 23 * * 1` = Monday 23:04 UTC weekly +**Command:** `HOME=/home/loops PATH=... python3 /srv/cc-ci/cc-ci-plan/launch-upgrader.py start >> /srv/cc-ci/.cc-ci-logs/upgrader-cron.log 2>&1` +**Known limitation:** `durable=true` did not write scheduled_tasks.json in this env; job is +session-persistent (lives as long as Builder session; re-create if session is killed+restarted). + +**T0-refire verification (23:17Z test fire):** +- CronCreate one-shot (ID `566f5fe6`) fired at 23:17Z → processed at 23:18Z +- Command ran: `UPGRADER_ARGS=--dry-run python3 launch-upgrader.py start >> upgrader-cron.log 2>&1` +- Exit code: 0 ✓ +- `upgrader-cron.log` created with content (first two lines): + ``` + [upgrader 23:18:21] starting cc-ci-upgrader (backend=claude, model=sonnet, args='--dry-run') + [upgrader 23:18:21] started. attach: tmux attach -t cc-ci-upgrader + ``` +- `launch-upgrader.py status` → `RUNNING (busy)` immediately after ✓ +- `cc-ci-upgrader` tmux session active ✓ **How to verify:** ``` -# Crond running -tmux list-sessions | grep cc-ci-crond → running -cat /home/loops/.cc-ci-crontabs/loops → shows weekly cron at 4 23 * * 1 -# T0 fire verification (pending until 23:04Z) -cat /srv/cc-ci/.cc-ci-logs/upgrader-cron.log → new lines after 23:04Z -python3 /srv/cc-ci/cc-ci-plan/launch-upgrader.py status → RUNNING after 23:04Z +# Cron log created by T0-refire +cat /srv/cc-ci/.cc-ci-logs/upgrader-cron.log +→ [upgrader 23:18:21] starting cc-ci-upgrader (backend=claude, model=sonnet, args='--dry-run') +→ [upgrader 23:18:21] started. attach: tmux attach -t cc-ci-upgrader ... + +# CronCreate weekly job still registered (session-persistent) +# (verify by observing CronList in Builder session or checking job ID 8dd9aed3 is active) ``` ## Phase 5 gates -Gate: M5 CLAIMED, awaiting Adversary cold-verify of V9 + §4 cron. +Gate: M5 RE-CLAIMED (A5-7 fix: CronCreate mechanism verified), awaiting Adversary §4 cron PASS. ## Verification next step -Awaiting Adversary PASS on V9 to write ## DONE. - -## Phase 5 gates - -(None claimed yet.) +Awaiting Adversary PASS on §4 cron T0-refire to write ## DONE. V9 already PASS. ## Blocked