diff --git a/BACKLOG-1b.md b/BACKLOG-1b.md index 0573752..0154084 100644 --- a/BACKLOG-1b.md +++ b/BACKLOG-1b.md @@ -20,10 +20,28 @@ Phase-namespaced backlog. Builder owns `## Build backlog`; Adversary owns `## Ad to file. Recorded in JOURNAL-1b. Awaiting Adversary's own §3 pass #2 to confirm RL2. ### W2 — Re-verify + document (RL3/RL4) -- [ ] After W0+W1 land, request Adversary cold re-verification of all D1–D10 (RL3). -- [ ] docs/: how to run lint/format locally + that CI enforces it (RL4); record deviations in - DECISIONS.md. +- [x] RL4 docs: README "Linting & formatting" (local + CI-enforced); architecture.md `nix/` layout; + decisions in DECISIONS.md (lint tooling, RL5/RL6). +- [x] Rebuild canonical cc-ci to the cleaned+RL5 closure (`8i3jcad9`) so `build == running`; healthy + (0 failed, stacks up, public dashboard 200). +- [ ] **RL3**: Adversary cold re-verification of all D1–D10 (now also covers the RL5 byte-identical + rebuild). Gate claimed in STATUS-1b. - [ ] On full PASS handshake, write `## DONE` to STATUS-1b.md. +### RL5 — Nix-folder consolidation (operator §7) — DONE +- [x] `modules/`→`nix/modules/`, `hosts/`→`nix/hosts/`; flake at root (#cc-ci unchanged); paths fixed; + docs updated; builds byte-identical `8i3jcad9`; lint PASS; canonical switched + healthy. + +### RL6 — protocol files → machine-docs/ (operator §7) — DEFERRED (coordinated, LAST) +- [ ] `git mv STATUS*/REVIEW*/JOURNAL*/BACKLOG*/DECISIONS.md machine-docs/` (README stays root); + update refs. MUST be lockstep with orchestrator (launch.sh + watchdog restart). Do as the final + 1b step; flag the orchestrator first. Not while a phase transition is pending. + +### Advisories triaged (from Adversary §3 pass #2) +- [idea] Share the `old_app` upgrade fixture across recipe suites instead of per-recipe copy-paste — + advisory only (per-recipe upgrade tests are by design; not a harness-DRY blocker). Defer to Phase 2. +- App-secret redaction (`cc-ci-run` Drone step not wrapped by `run_stage_redacted`) — Adversary RL3/D6 + behavioral leak test re-checks published logs + dashboard. Adversary-owned watch-item. + ## Adversary findings (empty — Adversary owns this section) diff --git a/JOURNAL-1b.md b/JOURNAL-1b.md index a67d4a3..4d3e988 100644 --- a/JOURNAL-1b.md +++ b/JOURNAL-1b.md @@ -96,3 +96,40 @@ Adversary's RL2 confirmation. Findings over the post-W0 (cleaned) codebase: **No blocking finding; nothing to fix; no advisory item to file.** The Adversary owns the RL2 confirmation and is running its own §3 pass #2 (harness-DRY / redaction / architecture). Awaiting that; W2 (rebuild cc-ci to the formatted closure + request cold RL3 D1–D10) follows once RL2 is confirmed. + +## 2026-05-27 — RL2 clean + RL5 (nix/ consolidation) + W2 switch to cleaned closure + +**RL2 (Adversary §3 pass #2):** no blocking findings; 2 advisories — (a) `old_app` upgrade-fixture +copy-paste across recipes → triaged to IDEAS (per-recipe upgrade tests are by design; sharing is a +nicety, not a DRY-blocker); (b) app-secret redaction: the `cc-ci-run` Drone step path isn't wrapped by +`run_stage_redacted`, so the Adversary will re-run the behavioral D6 leak test at RL3 (grep published +Drone logs + dashboard for a known generated app password). My Builder §3 self-review agreed (no +blockers). W1 is light/clean. + +**RL5 — consolidate Nix code under `nix/`** (operator item, plan §7). `git mv modules nix/modules`, +`git mv hosts nix/hosts`; flake.nix/flake.lock stay at root (`#cc-ci` unchanged); only flake's +internal configuration.nix path + the moved modules' root-relative refs changed (`../X`→`../../X`). +Built on cc-ci → toplevel `8i3jcad9…` **byte-identical to the pre-move build** (content-addressed; +module .nix not in the runtime closure). Living docs + `.drone.yml` comment updated to `nix/…`. + +**W2 — switched canonical cc-ci to the cleaned+RL5 closure** so `build == running` (required before +RL3: a fresh clone builds `8i3jcad9`; running had to match or the byte-identical-to-running check +would fail). Re-synced `/root/cc-ci` to HEAD, `nixos-rebuild switch --flake 'path:/root/cc-ci#cc-ci'`: +``` +stopping units: deploy-bridge.service, deploy-dashboard.service +sops-install-secrets: Imported …ssh_host_ed25519_key as age key (age1h90utdz…) +starting units: deploy-bridge.service, deploy-dashboard.service +``` +Post-switch health (all green): +- `readlink /run/current-system` → `8i3jcad9mrr01558lqckpi26nxn2ra3m-…` (== fresh-clone build; was + `cqym8knjg7…` pre-format). +- `systemctl is-system-running` → `running`, **0 failed**. deploy-bridge/deploy-dashboard `active`. +- 5 stacks up (backups, ccci-bridge, ccci-dashboard, drone, traefik); `ccci-bridge_app` + + `ccci-dashboard_app` 1/1 with NEW content-hash image tags (reformatted source redeployed). +- Public via SOCKS proxy → gateway → cc-ci: `https://ci.commoninternet.net/` → **200** + (`cc-ci — Co-op Cloud recipe CI`); `/badge/custom-html.svg` → **200**. + +Net: RL1 PASS, RL2 clean, RL4 docs landed (README lint section + architecture.md `nix/` layout), +RL5 done + healthy, running==build==`8i3jcad9`. Remaining for DONE: **RL3** (Adversary cold D1–D10 +re-verify, now also covering the RL5 byte-identical rebuild) and **RL6** (coordinated machine-docs/ +move — LAST, with orchestrator lockstep). Claiming the RL3 gate. diff --git a/STATUS-1b.md b/STATUS-1b.md index b40768f..1de5cce 100644 --- a/STATUS-1b.md +++ b/STATUS-1b.md @@ -10,15 +10,18 @@ Phase 1b runs **after** Phase 1 + Phase 1c (both DONE) and **before** Phase 2. I review + lint pass over the final post-1c codebase. Exit = RL1–RL4 all Adversary-confirmed in REVIEW-1b, then `## DONE`. -## Definition of Done (Phase 1b) -- [ ] **RL1** — Lint/format tooling added (`lint` entrypoint + Nix devshell) + wired as a `.drone.yml` - stage; whole Phase-1 codebase passes. -- [ ] **RL2** — White-box review checklist (§3) run; blocking findings fixed; advisory triaged to - BACKLOG/IDEAS. Findings + resolutions in REVIEW-1b. -- [ ] **RL3** — Full Phase-1 D1–D10 re-verification from cold start (the final gate), nothing - weakened. Adversary logs fresh PASS + evidence in REVIEW-1b within 24h. -- [ ] **RL4** — Documented: docs/ note how to run lint/format locally + that CI enforces it; accepted +## Definition of Done (Phase 1b) — now RL1–RL6 (operator added RL5/RL6, plan §7) +- [x] **RL1** — Lint/format tooling + `.drone.yml` stage; codebase passes. **Adversary cold PASS.** +- [x] **RL2** — §3 white-box checklist run (both loops); no blocking findings; 2 advisories triaged + (old_app→IDEAS; app-secret-redaction→RL3/D6 watch-item). Recorded REVIEW-1b + JOURNAL-1b. +- [ ] **RL3** — Full D1–D10 cold re-verification (final gate), nothing weakened; now also covers the + RL5 byte-identical rebuild. **CLAIMED — awaiting Adversary.** +- [x] **RL4** — Documented: README lint section (local + CI-enforced) + architecture.md `nix/` layout; deviations in DECISIONS.md. +- [x] **RL5** — Nix code consolidated under `nix/`; flake at root (#cc-ci unchanged); builds + byte-identical `8i3jcad9`; canonical switched + healthy. +- [ ] **RL6** — protocol files → `machine-docs/`: DEFERRED to the coordinated end (orchestrator + lockstep on launch.sh + watchdog). README stays at root. ## In flight **W0 (RL1) — DONE, Adversary cold PASS @2026-05-27** (REVIEW-1b: clean checkout → `lint: PASS` + @@ -34,7 +37,16 @@ fix needed, no advisory filed. **Awaiting the Adversary's own §3 pass #2 to con cc-ci to the formatted closure (running == cleaned source) and request the cold D1–D10 re-verify. ## Gate -**W1/RL2 — Builder review done; awaiting Adversary §3 pass #2** (no blocking findings open). +**RL3 CLAIMED, awaiting Adversary.** Canonical cc-ci is switched to the cleaned+RL5 closure: +`readlink /run/current-system` == `8i3jcad9mrr01558lqckpi26nxn2ra3m-…` == a fresh recursive clone's +build (`build == running`, byte-identical), `running`/0-failed, 5 stacks up, public +`https://ci.commoninternet.net/` → 200. Request: cold re-verify **all D1–D10** to the same bar as +Phase-1 DONE (fresh PASS + evidence + timestamps in REVIEW-1b within 24h), confirming the +lint/format + RL5 cleanup softened/skipped/regressed nothing, and the byte-identical rebuild. +After RL3 PASS: do RL6 (coordinated with orchestrator), then `## DONE`. + +RL6 reminder: I will flag the orchestrator to update `launch.sh` + restart the watchdog in lockstep +with the `git mv` to `machine-docs/` — done as the final step, not while RL3 is pending. ## Blocked (none)