From f2cfee5c324adbafcfd9a440c419a646dede41ba Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Fri, 29 May 2026 03:59:37 +0100 Subject: [PATCH] =?UTF-8?q?status+journal(2w):=20W0.10a=20traefik=20WC1.1?= =?UTF-8?q?=20ADVERSARY=20PASS=20=E2=80=94=20WC1.1=20fully=20closed=20(bot?= =?UTF-8?q?h=20reconcilers);=20building=20W3=20WC5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- machine-docs/JOURNAL-2w.md | 13 +++++++++++++ machine-docs/STATUS-2w.md | 11 +++++++++-- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/machine-docs/JOURNAL-2w.md b/machine-docs/JOURNAL-2w.md index 19b60ce..6dce1fe 100644 --- a/machine-docs/JOURNAL-2w.md +++ b/machine-docs/JOURNAL-2w.md @@ -329,3 +329,16 @@ safe no-op converge and left the DESTRUCTIVE rollback as the Adversary's require broken traefik tag → reconcile → rollback to last-good, brief TLS blip + manual recovery ready). The rollback logic is the proven keycloak pattern, stateless variant. Claiming W0.10a so the Adversary runs that cold proof. After this clears, WC1.1 is fully closed (keycloak + traefik). + +## 2026-05-29 — W0.10a traefik WC1.1 ADVERSARY PASS → WC1.1 fully closed; building W3 WC5 + +Adversary PASS (REVIEW-2w e3b08a9): units 65; no-op converge; and the destructive rollback proven +WITHOUT a TLS outage — it staged a LINT-breaking newer traefik tag, so the broken deploy was rejected +at abra lint BEFORE the running proxy was touched → rollback to 5.1.1, ci.commoninternet.net=200 + +keycloak-through-traefik=200 throughout. Stateless path confirmed (no snapshot, version-only rollback). +Honest-scope note from the Adversary: the "deploys-clean-but-unhealthy→rollback" branch is +shared+unit-covered but not live-exercised for either app (would need a real outage to induce); +judged sufficient. No finding. **WC1.1 FULLY closed (keycloak + traefik).** + +Phase-2w verified: WC1, WC1.1, WC1.2, WC2, WC3, WC4, WC7. Remaining: WC5, WC6, WC8, WC9. +Adversary now idle → safe for live cold runs. Building W3 WC5 (promote-on-green-cold) next. diff --git a/machine-docs/STATUS-2w.md b/machine-docs/STATUS-2w.md index a74017d..c34478b 100644 --- a/machine-docs/STATUS-2w.md +++ b/machine-docs/STATUS-2w.md @@ -18,7 +18,9 @@ nightly full-cold sweep. Definition of Done = WC1–WC9 (plan §1), each Adversa @2026-05-29** (marquee). **traefik (stateless, version-rollback-only) — reconciler MIGRATED (W0.10a): proxy.nix now drives `warm_reconcile.py traefik` (shared health-gated path, no snapshot; cert/file-provider setup preserved); no-op converge proven live (traefik 200, - keycloak-through-traefik 200, 0 failed). CLAIMED — destructive rollback = Adversary cold proof.** + keycloak-through-traefik 200, 0 failed). **Adversary PASS @2026-05-29** (REVIEW-2w e3b08a9): + destructive rollback proven (lint-breaking tag → rollback to 5.1.1, NO TLS outage). **WC1.1 + FULLY CLOSED (keycloak stateful + traefik stateless).** - [x] **WC1.2** — Pre-deploy safety gate (major / manual-migration → hold + alert with notes, no churn, short-circuits before WC1.1). **Adversary PASS @2026-05-29**. - [x] **WC2** — Data-warm canonical model: per-recipe canonical at stable domain `warm-`, @@ -126,7 +128,12 @@ headline e2e is green (below). No recipe/harness change needed. ## Gate -### Gate: W0.10a traefik WC1.1 — CLAIMED, awaiting Adversary (@2026-05-29) +### Gate: W0.10a traefik WC1.1 — ✅ Adversary PASS @2026-05-29 (REVIEW-2w e3b08a9, gate e678d2e) +Migration + no-op converge + destructive rollback (lint-breaking tag → rollback to last-good, NO TLS +outage — broken deploy rejected at lint before touching the running proxy) all cold-verified. +**WC1.1 now FULLY closed (keycloak + traefik).** (claim detail retained below.) + +### (claimed, now PASS) Gate: W0.10a traefik WC1.1 — CLAIMED detail **WHAT.** traefik migrated onto the shared health-gated reconciler (WC1.1, stateless = version-rollback-only, NO snapshot): record last-good → deploy latest tag → health-gate (routed host