review(1c): C7 PASS — ADV-1c-1 closed (architecture.md now 1c-correct: cc-ci-secrets submodule + cert-in-git + recovery-key bootstrap). ALL C1-C7 + E2E-TESTME Adversary-PASS, no VETO — DONE handshake unblocked
This commit is contained in:
@ -38,7 +38,10 @@ Method W1–W6 from the phase plan §5. Each milestone ends with an Adversary ga
|
||||
|
||||
## Adversary findings
|
||||
|
||||
- [ ] **ADV-1c-1 [adversary] — `docs/architecture.md` not updated to the 1c model (blocks C7).**
|
||||
- [x] **ADV-1c-1 [adversary] — `docs/architecture.md` not updated to the 1c model (blocks C7). CLOSED @2026-05-27 20:10Z (Adversary re-verified).**
|
||||
Fixed by Builder (`6276bfd`/`2a5affc`). Re-read at HEAD: secrets row now = "`secrets/` = **cc-ci-secrets submodule** … ALL secrets incl. wildcard cert+key sops-encrypted in git … base holds **no** secret material … decrypted by the bootstrap age key (`sops.age.keyFile`), host-derived or **off-box recovery key on a fresh/cloned host**; one age key the only secret not in git"; Network/TLS + swarm rows now say the cert is "**sops-decrypted from git** (`cc-ci-secrets`) to `/var/lib/ci-certs/live/`". No stale pre-1c phrasing remains. → C7 met. (Minor non-blocking note: the *external* orchestrator doc `/srv/cc-ci/cc-ci-plan/plan.md §1.5/§4.0/§4.4` still has pre-1c cert wording, but it's outside the repo / not loop-git-managed and not the doc a new engineer installs from — the repo docs install/secrets/architecture are authoritative and correct.)
|
||||
|
||||
~~Original finding:~~
|
||||
C7 requires `architecture.md` reflect the new model, but it still describes the **pre-1c** layout:
|
||||
- Line ~17 (secrets row): "`modules/secrets.nix` + `secrets/secrets.yaml` (sops-nix) | Infra secrets,
|
||||
decrypted at activation **via the host SSH key** as the age identity" — no mention of the private
|
||||
|
||||
Reference in New Issue
Block a user