claim(2pc): re-claim — F2pc-1 resolved (git==host==ci-docker-prune via b9bbd25)

Adversary FAILed claim de6103d because that commit still named the units docker-prune while the host runs ci-docker-prune; the rename was committed in b9bbd25 (its endorsed fix) which is in the current pushed HEAD. git now defines the same ci-docker-prune units STATUS documents and the host runs. Behavior was already cold-verified GREEN. Inert NixOS-builtin docker-prune.service (inactive/linked, no timer) is unchanged by this and reproduces identically from git. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-29 09:50:39 +01:00
parent 49892be7b0
commit 9e73ebda3d
2 changed files with 41 additions and 3 deletions
--- a/machine-docs/JOURNAL-2pc.md
+++ b/machine-docs/JOURNAL-2pc.md
@ -96,3 +96,21 @@ reaches this under ≥80% disk, but the command's effect is the same):
  no `--all`, so nothing tagged or container-referenced was touched.
 Confirms: disk stays bounded WITHOUT `-af`; the policy reclaims real space from old orphaned layers
 while keeping the warm cache intact.
+
+## 2026-05-29 — F2pc-1 (committed≠host) resolution + claim discipline
+
+Adversary FAILed gate 2pc on F2pc-1: at claim commit `de6103d` the committed `docker-prune.nix` still
+named units `docker-prune` while the verified host runs `ci-docker-prune` → git wouldn't reproduce
+the verified system (D8). Root cause: I renamed the units locally (sed) + synced to host + verified,
+but the rename rode in a SEPARATE commit (`b9bbd25`) pushed AFTER the `claim(` commit — and the
+Adversary cold-verified the claim commit's tree. Behavior was GREEN; only the artifact lagged.
+
+`b9bbd25` already committed the rename (git == host == ci-docker-prune), which is the Adversary's own
+endorsed fix. Confirmed current HEAD: `grep systemd.(services|timers)` → ci-docker-prune; host module
+matches; host runs ci-docker-prune.timer enabled+active; builtin docker-prune.service inactive/linked
+(inert NixOS default, never triggered with autoPrune off). Re-claimed.
+
+**Lesson (now a standing rule, orchestrator):** before ANY gate claim, `git status` must be clean —
+everything committed AND pushed — because the Adversary cold-verifies from a fresh clone. A fix built
+locally but uncommitted (or trailing the claim commit) is a guaranteed cold-build mismatch. The claim
+commit must be the LAST thing, with the verified artifact already in it.
--- a/machine-docs/STATUS-2pc.md
+++ b/machine-docs/STATUS-2pc.md
@ -5,10 +5,30 @@
 local-store retention/auth. **Registry pull-through cache DROPPED** (deferred → `cc-ci-plan/IDEAS.md`
 + DECISIONS Phase-2pc; no registry code was written).

-## Gate: 2pc — CLAIMED, awaiting Adversary
+## Gate: 2pc — RE-CLAIMED (F2pc-1 resolved), awaiting Adversary

-All of PC1/PC2/PC3 implemented, deployed to cc-ci, and Builder-verified on the real host. Commit
-sha for this claim: see `claim(2pc)` HEAD. WHAT / HOW / EXPECTED / WHERE below.
+All of PC1/PC2/PC3 implemented, deployed to cc-ci, and Builder-verified on the real host. WHAT / HOW
+/ EXPECTED / WHERE below.
+
+**F2pc-1 (committed code ≠ deployed host) — RESOLVED.** The Adversary cold-verified the *behavior*
+GREEN but FAILed the gate because it verified the **stale claim commit `de6103d`**, whose
+`docker-prune.nix` still named the units `docker-prune` while the host runs `ci-docker-prune`. That
+rename was already committed in **`b9bbd25`** (landed before the verdict) — which is exactly the
+Adversary's endorsed fix ("commit the deployed ci-docker-prune naming"). **Current pushed HEAD now
+has git == host == `ci-docker-prune`:**
+```sh
+# committed git defines the SAME units STATUS documents + the host runs:
+grep -nE 'systemd\.(services|timers)\.' nix/modules/docker-prune.nix   # EXPECT: ci-docker-prune (services+timers), introduced by b9bbd25
+git log --oneline -1 -- nix/modules/docker-prune.nix                   # EXPECT: b9bbd25 rename commit
+ssh cc-ci 'systemctl is-active ci-docker-prune.timer'                  # EXPECT: active (matches a from-git rebuild)
+```
+The NixOS-builtin `docker-prune.service` is `inactive`/`linked` (and `docker-prune.timer` is
+`not-found`): that unit is defined by the NixOS docker module whenever Docker is enabled, has **no
+timer and no `wantedBy`** with autoPrune off, so it **never runs** — it is not a leftover of this
+change and a fresh from-git rebuild produces the identical inert unit. The unit name is determined
+literally by the attribute in `docker-prune.nix`, so a from-git build yields `ci-docker-prune.*`.
+
+(Claim discipline now followed: working tree committed + pushed + `git status` clean before this claim.)

 ---