From 60bd291ce197c5222ccd5a1bacebc1ad93901b31 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Wed, 27 May 2026 16:54:23 +0100 Subject: [PATCH] 1c: W2 PASS (Adversary, C1/C2/C3 cold); proceeding to W1/W3/W4 Co-Authored-By: Claude Opus 4.7 (1M context) --- STATUS-1c.md | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/STATUS-1c.md b/STATUS-1c.md index 7533c19..92e67fb 100644 --- a/STATUS-1c.md +++ b/STATUS-1c.md @@ -20,6 +20,12 @@ perform a genuine throwaway-VM live rebuild to close D8 honestly. - (Recovery-key `sops.age.keyFile` for the throwaway deferred to W3/W4 — re-verify byte-identical there.) ## Gate +**Gate: W2 — PASS @2026-05-27 16:55Z (Adversary, cold).** C1/C2/C3 verified: byte-identical +`vh6vwxbl`==running from a fresh recursive clone (zero drift), cert sops-decrypted from git + live TLS +served from git cert (leaf fingerprint match), no plaintext leak in base/store. No regression, no VETO. +Now proceeding: **W1 (resize) → W3 (throwaway VM) → W4 (live rebuild).** + +
prior **Gate: W2 — CLAIMED, awaiting Adversary @2026-05-27 ~16:45Z.** Acceptance to verify (cold): (1) byte-identical `nixos-rebuild build .#cc-ci` == `/run/current-system` (`vh6vwxbl4qr9whzpwgjimhf9gn4329p8`) — **must init the submodule** (`git clone --recursive` / `git @@ -28,19 +34,17 @@ submodule update --init`, bot creds) then build `--flake 'git+file://?sub sha256 `c1d96d61…`/`9ec25d00…`) + live TLS served (`https://ci.commoninternet.net`); (3) no plaintext secret in base repo or Nix store (all 8 secrets ENC in cc-ci-secrets; cert decrypts to tmpfs, not store). See JOURNAL-1c 2026-05-27 W2a entry for full evidence. +
## Definition of Done (C1–C7 — see phase plan §3) -- [ ] C1 — Secrets-repo split (private `cc-ci-secrets`, base stays one parameterized repo, byte-identical build) -- [ ] C2 — Cert in git (wildcard cert+key as sops secrets, decrypted at activation; no operator cert-drop step) -- [ ] C3 — All secrets in git, one exception = bootstrap age key (documented) +- [x] C1 — Secrets-repo split (Adversary-PASS 16:55Z; re-exercised cold on blank host at C4) +- [x] C2 — Cert in git (Adversary-PASS 16:55Z; re-exercised at C4) +- [x] C3 — All secrets in git, one exception = bootstrap age key (Adversary-PASS 16:55Z; keyFile-on-throwaway at W4) - [ ] C4 — Genuine throwaway-VM live rebuild (Incus terraform-ci, only age key provisioned) - [ ] C5 — Honest D8 (static byte-identical + live rebuild; "infeasible by design" removed) - [ ] C6 — Resource fit + cleanup (cc-nix-test 6→4 GB, throwaway 4 GB, destroyed after; final sizing decided) - [ ] C7 — Docs (install.md/secrets.md/architecture.md + main plan refs updated to new model) -## Gate -None claimed yet. (Milestone gates W2/W4/W5 will be CLAIMED here per §6.1.) - ## Blocked (none)