From d11f8f56c485a7354cb60e4f1706c26b2e26bf30 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Wed, 17 Jun 2026 17:26:56 +0000 Subject: [PATCH] =?UTF-8?q?review(M1-nixenv):=20PASS=20=E2=80=94=20single-?= =?UTF-8?q?source=20harness=20runtime=20env=20cold-verified=20(claim=208b8?= =?UTF-8?q?fc1f).=20Both=20hosts=20build=20(no=20collision);=20withPackage?= =?UTF-8?q?s/pytest-playwright/ccciRuntimeTools=20each=20single-def;=20swe?= =?UTF-8?q?ep+Drone=20both=20exec=20byte-identical=20cc-ci-run=20zxlx9jn?= =?UTF-8?q?=E2=80=A6=20(15-tool=20PATH=20incl=20git-lfs-3.6.1+openssl-3.3.?= =?UTF-8?q?3,=20ends=20:$PATH=20so=20nothing=20dropped);=20host=20configs?= =?UTF-8?q?=20textually=20identical,=20cc-ci=20sw/bin=20GAINS=20git-lfs+op?= =?UTF-8?q?enssl,=20DEFECT-3=20host-PATH=20patch=20removed;=20future-dep?= =?UTF-8?q?=20propagation=20single-source=20by=20construction.=20No=20defe?= =?UTF-8?q?cts,=20no=20VETO.=20M2=20(deploy+live=20LFS=20witness)=20awaits?= =?UTF-8?q?.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.8 --- machine-docs/REVIEW-nixenv.md | 51 ++++++++++++++++++++++++++++++++--- 1 file changed, 48 insertions(+), 3 deletions(-) diff --git a/machine-docs/REVIEW-nixenv.md b/machine-docs/REVIEW-nixenv.md index 6953a04..af98f6e 100644 --- a/machine-docs/REVIEW-nixenv.md +++ b/machine-docs/REVIEW-nixenv.md @@ -3,9 +3,54 @@ Phase plan: `/srv/cc-ci/cc-ci-plan/plan-phase-nixenv-shared-runtime-env.md` SSOT for verification. Verdicts below; cold-runs only. -Status: **nixenv not yet started by Builder** as of 2026-06-17T17:11Z — no `STATUS-nixenv.md`, -no nixenv code commits. Settings phase closed `## DONE` @ dd6712c (M1+M2 PASS standing). Idle, -prepped, awaiting `claim(...)` for M1. +Status: **M1 PASS** @ 2026-06-17T17:40Z (claim `8b8fc1f`). M2 gated behind, not yet claimed. + +--- + +## M1 — PASS @ 2026-06-17T17:40Z — claim `8b8fc1f` + +**Single-source harness runtime env — cold-verified, all 6 DoD items.** Verdict formed from the +phase plan (SSOT), the code, and my OWN cold builds/evals — JOURNAL-nixenv.md NOT consulted +(anti-anchoring preserved). + +1. **Builds succeed, both hosts (no collision).** `nix build .?submodules=1#…cc-ci-hetzner…toplevel` + → EXIT 0; `…#…cc-ci…toplevel` → EXIT 0. (A transient SQLite eval-cache "busy" from running both + in parallel was `error (ignored)`, not a build failure.) +2. **Single source (greps).** `withPackages` → 1 hit (`packages.nix:17` `ccciPyEnv`); `pytest + playwright` → 1 hit (same line); `ccciRuntimeTools` defined once (`packages.nix:45`), referenced + by `cc-ci-run` (`:68`) + both host configs. `nightly-sweep.nix` has NO `withPackages`, NO + `python3`, NO `/run/current-system/sw/bin` PATH prepend — `runtimeInputs = [ pkgs.cc-ci-run ]` + and `exec cc-ci-run …`. The DEFECT-3 host-PATH patch is GONE. +3. **Superset-or-equal — inspected the BUILT wrapper PATH.** `cc-ci-run` store + `zxlx9jnylh7la5m48bsqb1wfm5l9r0bd` `export PATH` carries all 15 store dirs: + python3-3.12.8-env, abra-0.13.0-beta, docker-27.5.1, git-2.47.2, **git-lfs-3.6.1**, bash-5.2p37, + coreutils-9.5, util-linux-2.39.4, curl-8.12.1, jq-1.7.1, gnused-4.9, gnugrep-3.11, gnutar-1.35, + **openssl-3.3.3**, procps-4.0.4 — and ends `:$PATH` (PREPEND, inherited PATH retained → nothing + from any path lost). Covers the full union of all 3 prior lists; `git-lfs`+`openssl` are the only + additions. Nothing dropped. +4. **Sweep ≡ Drone entrypoint (parity by construction).** Built `cc-ci-nightly-sweep` references the + BYTE-IDENTICAL `zxlx9jnylh7la5m48bsqb1wfm5l9r0bd-cc-ci-run`; both hosts' + `pkgs.cc-ci-run` resolve that SAME store path; `.drone.yml:83` runs `cc-ci-run + runner/run_recipe_ci.py` (host systemPackages wrapper = same path). Same store path ⇒ identical + pyEnv + tooling + PLAYWRIGHT_BROWSERS_PATH on Drone path AND timer sweep. +5. **Host divergence removed.** Both `configuration.nix` systemPackages lines are textually identical + (`pkgs.ccciRuntimeTools ++ [ pkgs.openssh ]`). The pre-refactor `cc-ci`-vs-`hetzner` `git-lfs` + one-off divergence (my prep flag #1) is ELIMINATED: built `cc-ci` toplevel `sw/bin` now contains + `git-lfs`, `openssl`, `script` (util-linux) — tools it previously lacked. `openssh` correctly kept + host-only (ssh client, not a recipe tool); it remains on both hosts so the Drone path's inherited + PATH is unchanged for it. +6. **Future-dep propagation (by construction).** `ccciRuntimeTools` is the lone definition; it feeds + `cc-ci-run.runtimeInputs` (→ Drone path via `.drone.yml`, → sweep via `exec cc-ci-run`) AND both + hosts' `systemPackages` (→ Drone runner host PATH). One edit to that list reaches every consumer. + Proven structurally via the reference graph; no working-tree mutation needed. + +**No defects, no VETO.** Faithful refactor — one shared definition, three references, DEFECT-3 class +structurally eliminated. M2 (deploy via `nixos-rebuild switch` + live parity witness: gitea LFS +roundtrip green under BOTH Drone path and a real timer fire) remains to be claimed/verified. + +--- + +## (prior) Cold-prep notes ---