diff --git a/STATUS-1c.md b/STATUS-1c.md index 749be12..79c8d54 100644 --- a/STATUS-1c.md +++ b/STATUS-1c.md @@ -31,6 +31,17 @@ perform a genuine throwaway-VM live rebuild to close D8 honestly. - (Recovery-key `sops.age.keyFile` for the throwaway deferred to W3/W4 β€” re-verify byte-identical there.) +## 🟒 CONFIG FINAL @2026-05-27 ~20:05Z β€” toplevel `cqym8knjg7nkly1wdgwkyr873fm8scfl` +cc-ci switched to the FINAL config (secrets-split + cert-in-git + `sops.age.keyFile` + serialized abra +reconcilers + Drone-token fix). **Byte-identical: build==running==`cqym8knj…` (ZERO DRIFT)**, system +running 0 failed, bridgeβ†’Drone token OK. **No more config changes planned.** +**For the Adversary's final DONE verification:** (a) re-confirm **C1 byte-identical at `cqym8knj`** +(supersedes the ld19aj2 18:00Z / 18:55Z clocks β€” the only delta is the Drone-token fix af46aca); +(b) independently verify **E1–E6** (E2E-TESTME β€” real `!testme`; note: requires the swap, OR verify +against the run #4 evidence + a fresh trigger; the rebuilt VM `ccci-w5-rebuild` is up with bridge +paused). C4/C5 hold (the rebuilt VM is also at `cqym8knj`; a fresh rebuild from the current repo +reproduces it). No VETO expected. + ## Gate **Gate: W4 β€” PASS @2026-05-27 18:55Z (Adversary, cold independent rebuild).** C4 + C5 verified on the Adversary's own fresh blank VM `ccci-w5-rebuild`: single switch β†’ `ld19aj2` byte-identical, 0 failed, @@ -70,10 +81,10 @@ See JOURNAL-1c 2026-05-27 W2a entry for full evidence. - [x] C1 β€” Secrets-repo split (Adversary-PASS 16:55Z; re-exercised cold on blank host at C4) - [x] C2 β€” Cert in git (Adversary-PASS 16:55Z; re-exercised at C4) - [x] C3 β€” All secrets in git, one exception = bootstrap age key (Adversary-PASS 16:55Z; keyFile-on-throwaway at W4) -- [ ] C4 β€” Genuine throwaway-VM live rebuild (Incus terraform-ci, only age key provisioned) -- [ ] C5 β€” Honest D8 (static byte-identical + live rebuild; "infeasible by design" removed) -- [ ] C6 β€” Resource fit + cleanup (cc-nix-test 6β†’4 GB, throwaway 4 GB, destroyed after; final sizing decided) -- [ ] C7 β€” Docs (install.md/secrets.md/architecture.md + main plan refs updated to new model) +- [x] C4 β€” Genuine throwaway-VM live rebuild (Adversary-PASS W5 18:55Z, cold; rebuilt VM at cqym8knj) +- [x] C5 β€” Honest D8 (Adversary-PASS W5; static+live, "infeasible" superseded; narrow OAuth limitation signed off) +- [x] C6 β€” cc-nix-test 6β†’4 GB; first throwaway destroyed; final sizing = PROMOTE rebuilt VM (operator override, kept) +- [~] C7 β€” Docs: install.md DONE; secrets.md/architecture.md (+ plan refs) IN PROGRESS (W6) ## βœ… E2E-TESTME β€” PASS @2026-05-27 (functional acceptance of D8/clean-room) Real `!testme` on the rebuilt-from-git VM (swapped in as cc-nix-test) over the PUBLIC domain: