claim(mirror): Ph4 deploy complete + Ph5 !testme posted on ghost/immich/plausible

machine-docs/BACKLOG-mirror.md

@@ -23,13 +23,15 @@
 - [x] Confirm each has tests/<recipe>/ in repo (all 9 already present — Adversary-confirmed)
 - [x] Commit + push cc-ci repo
 
-### Phase 4 — Deploy (OPERATOR GATE)
-- [ ] CLAIM gate — exact command + confirm /root/cc-ci at committed head + Phases 1-3 complete
-- [ ] Wait for operator to run `nixos-rebuild switch --flake .#cc-ci` on cc-ci
+### Phase 4 — Deploy ✓
+- [x] Sync /root/builder-clone to HEAD (git rebase origin/main → 19747bf)
+- [x] Run `nixos-rebuild switch --flake path:/root/builder-clone#cc-ci` (exit 0, deploy-bridge reran)
+- [x] Verify: POLL_REPOS=20, bridge watching all 20 repos, system healthy
 
-### Phase 5 — Verify !testme triggerability (post-deploy)
-- [ ] Post !testme on 2-3 newly-enrolled recipe PRs; confirm Drone build starts within 60s
-- [ ] Spot-check bridge poll log shows all 19 repos (not 11)
+### Phase 5 — Verify !testme triggerability (in progress)
+- [x] Spot-check bridge poll log: 20 repos (all 19 recipes + cc-ci) ✓
+- [x] Posted !testme on ghost PR#2, immich PR#1, plausible PR#1
+- [ ] Confirm Drone builds triggered + complete (polling)
 
 ### Phase 6 — Resume per-recipe debugging (post-enrollment)
 - [ ] matrix-synapse upgrade re-run failure

machine-docs/JOURNAL-mirror.md

@@ -75,6 +75,49 @@ Edited nix/modules/bridge.nix POLL_REPOS:
 
 All 9 newly enrolled recipes confirmed to have tests/<recipe>/ (Adversary-confirmed).
 
+## 2026-06-02 — Phase 4: nixos-rebuild switch (deploy expanded POLL_REPOS)
+
+Operator removed the Phase 4 gate (plan commit ad2ade8) — Builder deploys autonomously.
+
+Pre-deploy check:
+- /root/cc-ci does not exist on host; using /root/builder-clone (the live host checkout)
+- builder-clone was at 51ba205 (old); synced via `git fetch + git rebase origin/main` → 19747bf
+
+Rebuild command:
+```
+ssh cc-ci 'systemd-run --unit=nixos-rebuild-mirror --collect \
+  nixos-rebuild switch --flake "path:/root/builder-clone#cc-ci"'
+→ Running as unit: nixos-rebuild-mirror.service
+→ Exit: 0
+```
+
+Journal output (deploy-bridge.service):
+```
+Jun 02 00:47:16 nixos systemd[1]: Stopped Reconcile the cc-ci comment-bridge (!testme webhook) swarm service.
+Jun 02 00:47:17 nixos systemd[1]: Starting Reconcile the cc-ci comment-bridge...
+Jun 02 00:47:18 nixos cc-ci-reconcile-bridge: Loaded image: cc-ci-bridge:3761c4221042
+Jun 02 00:47:18 nixos cc-ci-reconcile-bridge: Updating service ccci-bridge_app (id: m8wbajq34lwrhn7m3x9cml4pn)
+Jun 02 00:47:19 nixos systemd[1]: Finished Reconcile the cc-ci comment-bridge.
+```
+
+Post-deploy verification:
+```
+ssh cc-ci 'systemctl is-system-running' → running ✓
+ssh cc-ci 'nixos-version' → 24.11.20250630.50ab793 ✓
+docker service inspect: POLL_REPOS count = 20 ✓
+bridge log: poller watching [...20 repos...] every 30s ✓
+No rollback needed.
+```
+
+## 2026-06-02 — Phase 5: !testme triggerability on 3 newly-enrolled recipes
+
+Posted !testme via Gitea API on:
+- ghost PR#2 (7b488a33): "chore: upgrade to 1.3.0+6.42.0-alpine" → HTTP 201 ✓
+- immich PR#1 (a846cf38): "fix(backup): back up the postgres database..." → HTTP 201 ✓
+- plausible PR#1 (bd8bd93d): "fix(clickhouse): resilient clickhouse-backup fetch..." → HTTP 201 ✓
+
+All posted at ~2026-06-02T00:50Z. Bridge polls every 30s; builds should appear within 60s.
+
 ## 2026-06-02 — A-mirror-1 resolution: hedgedoc !testme post-authoring
 
 Adversary filed A-mirror-1: hedgedoc tests authored but no post-authoring !testme run existed.

machine-docs/STATUS-mirror.md

@@ -38,27 +38,33 @@
 - Adversary verified: cc-ci/testme state=success; clean_teardown=true; no_secret_leak=true
 - A-mirror-1 closed in BACKLOG-mirror.md by Adversary @00:50Z
 
-### Phase 4 — Deploy — OPERATOR GATE CLAIMED (awaiting Adversary + operator)
+### Phase 4 — Deploy ✓ COMPLETE @2026-06-02T00:47Z
+- Synced /root/builder-clone to HEAD (git rebase origin/main → 19747bf)
+- Ran: `systemd-run --unit=nixos-rebuild-mirror nixos-rebuild switch --flake path:/root/builder-clone#cc-ci`
+- nixos-rebuild built 6 derivations: bridge-stack.yml, reconcile-bridge, deploy-bridge.service, system-units, etc, nixos-system
+- deploy-bridge.service ran at 00:47:17Z, updated bridge swarm service: `Updating service ccci-bridge_app`
+- Live POLL_REPOS verified: 20 entries (docker service inspect confirms all 19 recipes + cc-ci)
+- Bridge log: `poller (primary) watching [...all 20 repos...] every 30s` ✓
+- System healthy: `systemctl is-system-running` → `running`, NixOS 24.11.20250630.50ab793 ✓
+- `ssh cc-ci` reachable ✓ ; no rollback needed
 
-**Gate: Ph4 CLAIMED — Adversary PASS @00:50Z; awaiting operator deploy**
+### Phase 5 — Verify !testme triggerability — IN PROGRESS
+- Posted !testme on: ghost PR#2 (7b488a33), immich PR#1 (a846cf38), plausible PR#1 (bd8bd93d)
+- All 3 at 2026-06-02T00:50Z — awaiting Drone builds to start and complete
 
-**WHAT:** Phases 1-3 complete. Bridge config updated with 20 POLL_REPOS. Mirrors for
-lasuite-drive, mailu, mumble created + synced. hedgedoc tests authored. Adversary must verify
-Ph1 mirrors + Ph3 POLL_REPOS change before operator deploys.
+**Gate: Ph5 CLAIMED — awaiting Adversary verification once 2-3 builds PASS**
+
+**WHAT:** Phase 4 deployed; bridge watching 20 repos. Phase 5: !testme posted on 3 newly-enrolled
+recipes. Builds must start within 60s of post and complete.
 
 **HOW to verify (Adversary):**
-- Ph1 mirrors: `curl -s -u <bot> https://git.autonomic.zone/api/v1/repos/recipe-maintainers/<r>` for lasuite-drive, mailu, mumble → HTTP 200 + empty=false + default_branch=main
-- Ph2 tests: `ls tests/hedgedoc/` → recipe_meta.py, PARITY.md, functional/ present; `ls tests/hedgedoc/functional/` → test_health_check.py, test_branding.py present
-- Ph3 POLL_REPOS: `grep POLL_REPOS nix/modules/bridge.nix` → contains all 20 repos (cc-ci + 19 recipes including the 9 new ones)
-- Repro: `git clone https://git.autonomic.zone/recipe-maintainers/cc-ci && grep POLL_REPOS nix/modules/bridge.nix`
+- Bridge log: `ssh cc-ci 'docker service logs ccci-bridge_app --since 10m 2>&1' | grep "triggered build"` → should show ghost/immich/plausible triggers
+- Drone builds: check https://drone.ci.commoninternet.net for recent recipe-ci builds with RECIPE=ghost/immich/plausible
+- POLL_REPOS count: `ssh cc-ci 'docker service inspect ccci-bridge_app | jq -r ".[0].Spec.TaskTemplate.ContainerSpec.Env[]"' | grep POLL_REPOS | tr "," "\n" | wc -l` → 20
 
-**EXPECTED:** Adversary verifies all 3 checks PASS. Then operator runs:
-```
-ssh cc-ci 'cd /root/cc-ci && git pull --rebase && nixos-rebuild switch --flake .#cc-ci'
-```
-(or via the repo's nixos-rebuild switch --flake path:/root/builder-clone#cc-ci path once synced)
+**EXPECTED:** 3 Drone builds triggered (status running or complete); bridge log shows trigger lines for all 3 recipes.
 
-**WHERE:** commit containing this STATUS update (git log --oneline -1 on main)
+**WHERE:** This commit + bridge log on cc-ci host
 
 ## Blocked
 - (none)