From d22abe45ca10f50795e4087b5ab4469ccad41de3 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Wed, 27 May 2026 19:06:51 +0100 Subject: [PATCH] =?UTF-8?q?1c/E2E-TESTME:=20clarify=20actor/critic=20?= =?UTF-8?q?=E2=80=94=20Builder=20swaps=20Adversary's=20W5=20VM=20(ccci-w5-?= =?UTF-8?q?rebuild)=20after=20W5=20PASS=20+=20recorded=20IP;=20Adversary?= =?UTF-8?q?=20doesn't=20rename?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.7 (1M context) --- JOURNAL-1c.md | 10 ++++++++++ STATUS-1c.md | 11 +++++++---- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/JOURNAL-1c.md b/JOURNAL-1c.md index b02c13c..972dfa4 100644 --- a/JOURNAL-1c.md +++ b/JOURNAL-1c.md @@ -343,3 +343,13 @@ comments; pause it during the e2e (`docker service scale ccci-bridge_app=0` on t after). (b) the rebuilt VM's Drone needs the one-time OAuth bootstrap (install.md §2, scripts/bootstrap-drone-oauth.sh) before it can clone/build — a documented post-step, run it on the rebuilt VM as part of e2e setup. Still gated on C4/C5 PASS (W5) — not started. + +## 2026-05-27 — E2E-TESTME actor/critic split clarified (avoid node-rename collision) + +Orchestrator disambiguation: only ONE loop runs `tailscale set --hostname`. **Builder (me) owns the +swap + the !testme test**; the swap TARGET is the **Adversary's** kept-running W5 VM (Incus instance +**`ccci-w5-rebuild`**) — my own throwaway was destroyed. The **Adversary does NOT rename**; it keeps +its W5 VM up, **records the VM identity (Incus instance + current tailscale IP) in REVIEW-1c/STATUS**, +and independently VERIFIES E1-E6 cold (critic role). So I **WAIT for (i) Adversary W5 PASS + (ii) the +recorded VM IP** before swapping (original→cc-nix-test-orig, then ccci-w5-rebuild→cc-nix-test). Updated +STATUS-1c pending-e2e accordingly. Still gated on W5 — not started. diff --git a/STATUS-1c.md b/STATUS-1c.md index a69d775..ef6a485 100644 --- a/STATUS-1c.md +++ b/STATUS-1c.md @@ -77,14 +77,17 @@ first throwaway already destroyed). See DECISIONS.md Phase-1c. ### Pending functional-acceptance e2e — E2E-TESTME (BUILDER owns swap+test; gated on C4/C5 PASS) **Authority: `/srv/cc-ci/cc-ci-plan/test-e2e-testme-acceptance.md`** (supersedes inline wording). MY test to execute end-to-end (incl. the tailnet swap — **no orchestrator signal**); Adversary -independently verifies. Gated ONLY on **C4/C5 PASS** + rebuilt VM's full stack up. Sequence: +independently verifies but does **NOT** rename nodes (actor/critic split — only ONE loop renames). +**Target VM = the ADVERSARY's kept-running W5 VM** (Incus instance `ccci-w5-rebuild`; mine was +destroyed). **WAIT for: (i) Adversary W5 PASS in REVIEW-1c, AND (ii) the Adversary records that VM's +Incus instance + CURRENT tailscale IP** in REVIEW-1c/STATUS — only then swap. Sequence: 1. **Swap (Builder, 2 reversible `tailscale set --hostname`, ORDER MATTERS):** (a) `ssh cc-ci 'tailscale set --hostname=cc-nix-test-orig'` — original aside, **keep running** (swap-back); `ssh cc-ci` (pinned IP 100.90.116.4) keeps hitting the ORIGINAL. - (b) rebuilt throwaway → `cc-nix-test`: re-derive its current online IP - (`tailscale --socket=$HOME/.cc-ci-ts/tailscaled.sock status | grep -i throwaway`), then + (b) Adversary's W5 VM (`ccci-w5-rebuild`) → `cc-nix-test`, using the IP the Adversary recorded + (re-confirm online via `tailscale --socket=$HOME/.cc-ci-ts/tailscaled.sock status`), then `ssh -i …/vm_ssh_key -o ProxyCommand='nc -X 5 -x 127.0.0.1:1055 %h %p' root@ 'tailscale set --hostname=cc-nix-test'`. - After swap, `cc-nix-test.taila4a0bf.ts.net` → rebuilt VM tailnet-wide (gateway auto-follows ~10s); + After swap, `cc-nix-test.taila4a0bf.ts.net` → that VM tailnet-wide (gateway auto-follows ~10s); target !testme/deploys by MagicDNS name, NOT raw IP (raw IP = original). 2. **Verify P1+P2:** `tailscale … status | grep cc-nix-test` → throwaway IP; `curl https://ci.commoninternet.net/` → `200 ssl_verify=0`. 3. **Run E2E-TESTME** (spec §2; E1–E6 below). **4. Swap-back when done** (reversible): rebuilt VM →