diff --git a/BACKLOG-1b.md b/BACKLOG-1b.md index 4e66409..0573752 100644 --- a/BACKLOG-1b.md +++ b/BACKLOG-1b.md @@ -4,19 +4,20 @@ Phase-namespaced backlog. Builder owns `## Build backlog`; Adversary owns `## Ad ## Build backlog -### W0 — Tooling + format (RL1) -- [ ] Add lint tooling to the flake: a `lint` devshell (nixpkgs-fmt, statix, deadnix, ruff, +### W0 — Tooling + format (RL1) — DONE (Adversary PASS @2026-05-27) +- [x] Add lint tooling to the flake: a `lint` devshell (nixpkgs-fmt, statix, deadnix, ruff, shellcheck, shfmt, yamllint) built from the pinned nixpkgs. -- [ ] Add a `lint` entrypoint script (`scripts/lint.sh`) with check + `--fix` modes; tool configs +- [x] Add a `lint` entrypoint script (`scripts/lint.sh`) with check + `--fix` modes; tool configs (ruff, yamllint, etc.). -- [ ] Auto-format the codebase (nix + python + shell); commit the mechanical reformat separately. -- [ ] Fix remaining lint findings (statix/deadnix/ruff-lint/shellcheck) without weakening any test. -- [ ] Wire a `lint` stage into `.drone.yml` (push event) so future commits stay clean; verify green - in CI from a clean checkout. +- [x] Auto-format the codebase (nix + python + shell). +- [x] Fix remaining lint findings (statix/deadnix/ruff-lint/shellcheck) without weakening any test. +- [x] Wire a `lint` stage into `.drone.yml` (push event); verified green from a clean checkout + (Adversary cold PASS + break-it probe). ### W1 — Review checklist + fixes (RL2) -- [ ] Run the §3 white-box checklist over the codebase; classify each finding blocking vs advisory. -- [ ] Fix every blocking finding; triage advisory ones to BACKLOG/IDEAS with a one-line rationale. +- [x] Run the §3 white-box checklist (Builder side): all blocking invariants hold (tests-real, + harness-DRY, nix-idempotent, no-footguns, no-secrets, log-redaction); no fix needed; no advisory + to file. Recorded in JOURNAL-1b. Awaiting Adversary's own §3 pass #2 to confirm RL2. ### W2 — Re-verify + document (RL3/RL4) - [ ] After W0+W1 land, request Adversary cold re-verification of all D1–D10 (RL3). diff --git a/JOURNAL-1b.md b/JOURNAL-1b.md index 641c99b..a67d4a3 100644 --- a/JOURNAL-1b.md +++ b/JOURNAL-1b.md @@ -63,3 +63,36 @@ canonical (100.90.116.4) Drone build lists are identical, so the gateway routes lint stage itself is wired + proven green via the identical command. Claimed W0 gate (RL1) in STATUS-1b. Next: W1 white-box review checklist over the cleaned codebase. + +## 2026-05-27 — W0 PASS (Adversary cold, RL1) + W1 Builder-side §3 self-review + +Adversary logged **W0/RL1 PASS** (REVIEW-1b): cold checkout of my HEAD `233939a` archived to cc-ci, +`nix develop .#lint --command bash scripts/lint.sh` → exit 0 `lint: PASS`, plus a break-it probe +(injected bad .py/.nix → exit 1 `lint: FAIL`) proving the gate has teeth. Advisory only (flaky push +webhook → confirm a real push fires the Drone lint build at RL3); not a finding. + +W1 — ran the §3 white-box checklist myself (Builder side), to fix anything blocking before the +Adversary's RL2 confirmation. Findings over the post-W0 (cleaned) codebase: +- **Tests real (blocking)** — holds. (Adversary pass #1 PASS; my W0 cleanup touched only formatting + + SIM/contextlib rewrites, no assertion changed.) +- **Harness DRY (blocking-ish)** — holds. `grep` for recipe-name conditionals in the SHARED harness + (`runner/harness/*.py`, `run_recipe_ci.py`, `conftest.py`) → NONE. Per-recipe quirks are data: + optional `tests//recipe_meta.py` (HEALTH_PATH/HEALTH_OK/DEPLOY_TIMEOUT/HTTP_TIMEOUT) + + per-recipe test files (e.g. keycloak `kc_admin.py`). Enrolling needs no shared-harness edit (D5). +- **Nix idempotent (blocking)** — holds (no `.bootstrapped` sentinels; reconcile oneshots; Adversary + pass #1 confirmed). +- **No footguns (blocking)** — holds. Every `time.sleep()` (lifecycle.py 160/170/226/252, + bridge.py 304) sits inside a `while time.time() < deadline:` poll/retry loop (verified each), not a + bare readiness wait. `--chaos` appears ONLY in "never pass it" comments (abra.py). No `shell=True`. +- **No secrets in code (blocking)** — holds (Adversary pass #1 grep clean; full leak re-verify is RL3). +- **Log redaction real (blocking)** — holds. `run_recipe_ci.py` `run_stage_redacted()` masks any + >=8-char `/run/secrets/*` value from streamed stage output; no secret-named value is print/logged in + `bridge.py`/`dashboard.py` (grep clean). +- **Architecture matches plan (advisory→blocking on drift)** — holds; settled in Phase 1/1c (poll is + primary in `bridge.py`'s loop; `/hook` optional; traefik is the coop-cloud recipe via `proxy.nix`). + No drift; not reopening settled design (guardrail §5). +- **Readability / docs (advisory)** — fine; nothing worth churning in a bounded pass. + +**No blocking finding; nothing to fix; no advisory item to file.** The Adversary owns the RL2 +confirmation and is running its own §3 pass #2 (harness-DRY / redaction / architecture). Awaiting that; +W2 (rebuild cc-ci to the formatted closure + request cold RL3 D1–D10) follows once RL2 is confirmed. diff --git a/STATUS-1b.md b/STATUS-1b.md index 4f2b8a2..b40768f 100644 --- a/STATUS-1b.md +++ b/STATUS-1b.md @@ -21,19 +21,20 @@ REVIEW-1b, then `## DONE`. deviations in DECISIONS.md. ## In flight -**W0 — tooling + format: BUILT, self-verified.** Added the `lint` devshell + `scripts/lint.sh` + -ruff/yamllint config (built from pinned nixpkgs); auto-formatted + lint-cleaned the whole codebase -(ruff/nixpkgs-fmt/statix/deadnix/shfmt); wired the `lint` stage into the `.drone.yml` push pipeline -(FAIL on unclean). `scripts/lint.sh` → **lint: PASS** on a clean checkout on cc-ci; the -nixosConfiguration still evaluates and all Python byte-compiles. -Note: the Gitea→Drone push webhook is flaky (pre-existing, §4.1) so a push doesn't reliably -auto-create a Drone build; the stage is proven green via the exact `nix develop .#lint` command the -stage runs. Next: claim the W0 gate for the Adversary, start W1 (review checklist). +**W0 (RL1) — DONE, Adversary cold PASS @2026-05-27** (REVIEW-1b: clean checkout → `lint: PASS` + +break-it probe → `lint: FAIL`). Advisory (non-blocking): confirm a real push fires the Drone lint +build at RL3 (flaky push webhook, §4.1). + +**W1 (RL2) — Builder §3 self-review complete, clean.** All blocking invariants hold (tests-real, +harness-DRY [no recipe conditionals in shared harness; quirks are data via `recipe_meta.py`], +nix-idempotent, no-footguns [all sleeps are poll-loop intervals], no-secrets, log-redaction); no +fix needed, no advisory filed. **Awaiting the Adversary's own §3 pass #2 to confirm RL2.** + +**W2 (RL3/RL4) — next.** RL4 docs already landed (README lint section). After RL2 confirms: rebuild +cc-ci to the formatted closure (running == cleaned source) and request the cold D1–D10 re-verify. ## Gate -**W0 CLAIMED, awaiting Adversary** (RL1). Acceptance: from a clean checkout, -`nix develop .#lint --command bash scripts/lint.sh` → `lint: PASS`; the stage is in `.drone.yml`'s -push pipeline. +**W1/RL2 — Builder review done; awaiting Adversary §3 pass #2** (no blocking findings open). ## Blocked (none)