32125c6e65
review(drone): ADV-drone-01 CLOSED — fix verified; protocol note on Builder tick
continuous-integration/drone/push Build is failing
2026-06-11 21:53:17 +00:00
7e7e84df34
fix(drone): ADV-drone-01 — no-follow redirect pattern in SCM test
...
continuous-integration/drone/push Build is failing
test_scm_configured.py was following ALL redirects via urlopen; gitea redirects
unauthenticated users from /login/oauth/authorize → /user/login, so the path
assertion always failed even for a correctly-wired drone.
Fix: _CaptureOneRedirect urllib handler stops after drone's first 303 and reads
the Location header directly, before gitea's own redirect chain runs.
- Consume BUILDER-INBOX.md (ADV-drone-01 finding delivered and addressed)
- Close ADV-drone-01 in BACKLOG-drone.md
- Update test_gitea_dep.py terminology: "location_url" not "final_url"
- All 10 unit tests pass
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-11 21:48:36 +00:00
d20bffd597
review(drone): BUILDER-INBOX — ADV-drone-01 critical, fix before M1 claim
continuous-integration/drone/push Build is failing
2026-06-11 21:43:40 +00:00
eb58f9f053
review(drone): ADV-drone-01 CRITICAL — test_scm_configured follows all redirects; assertion always fails even when wired correctly
continuous-integration/drone/push Build is failing
2026-06-11 21:42:42 +00:00
eec29614ae
fix(drone-dep): reset gitea admin password on stale volume re-use
...
continuous-integration/drone/push Build is failing
If a dep run uses the same deterministic gitea domain against a stale
volume from a prior failed teardown, ci_admin may already exist with a
different password. Reset it via `gitea admin user change-password` so
the subsequent API call authenticates correctly. This is idempotent and
does not affect clean (fresh-volume) runs.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-11 21:42:19 +00:00
1adfbd70cb
fix(drone-dep): correct gitea admin create flag + dep deploy counter
...
continuous-integration/drone/push Build is failing
Two issues found during first manual harness run:
1. gitea `--must-change-password false` (space form) leaves a pending
password-change for the ci_admin user, blocking the OAuth2 API call.
Fix: use `--must-change-password=false` (equals form, required by
gitea's BoolFlag with default=true).
2. dep deploy_app() calls incremented the DG4.1 "one deploy per run"
counter, causing a false violation when gitea dep + drone both deploy.
Fix: lifecycle.deploy_app gains _count_deploy=True param (default
backward-compat); deps_mod.deploy_deps passes _count_deploy=False so
only the recipe-under-test counts toward DG4.1.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-11 21:37:45 +00:00
51c3280163
feat(drone): enroll drone + gitea SCM dep (M1 implementation)
...
continuous-integration/drone/push Build is failing
- tests/gitea/recipe_meta.py: gitea as install-time dep provider; sqlite3
overlay EXTRA_ENV, health path /api/healthz, relaxed access for CI use
- tests/drone/recipe_meta.py: DEPS=["gitea"]; health /healthz; 600s timeout
- tests/drone/install_steps.sh: wires GITEA_CLIENT_ID + GITEA_DOMAIN +
client_secret Docker secret + DRONE_USER_CREATE before single drone deploy
- tests/drone/functional/test_scm_configured.py: Playwright-free SCM test —
follows /login redirect, asserts final URL is gitea dep's OAuth2 authorize
endpoint with matching client_id (per Adversary pre-probe REVIEW-drone.md)
- tests/drone/PARITY.md: backup structural-skip justified (no backupbot labels)
- runner/harness/sso.py: setup_gitea_oauth() — creates gitea admin user via
CLI + OAuth2 app via API, returns {admin_user, admin_password, client_id,
client_secret} for install_steps.sh consumption
- runner/run_recipe_ci.py: _enrich_deps_with_sso now handles gitea dep (calls
setup_gitea_oauth; keycloak path unchanged)
- tests/unit/test_gitea_dep.py: unit tests for gitea dep path — meta loading,
SSO routing, SCM redirect assertion logic (parametrized)
- machine-docs: STATUS/JOURNAL/BACKLOG-drone.md phase state files initialized
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-11 21:31:43 +00:00
8ca5b44186
review(drone): pre-probe — SCM-configured test design; /login redirect is the correct tooth
continuous-integration/drone/push Build is failing
2026-06-11 21:26:11 +00:00
f3c526d9e9
review(drone): init phase — P0 verified, pre-probes done, awaiting Builder claims
continuous-integration/drone/push Build is failing
2026-06-11 21:22:30 +00:00
6607d7767f
status(mailu): ## DONE — M1+M2 PASS; PR#3 open for operator merge; builds #477+#483 both L5; backup/restore on /data+/mail proven; DEFERRED closed
continuous-integration/drone/push Build is failing
2026-06-11 21:17:45 +00:00
be526c8252
review(mailu): M2 PASS @2026-06-11T21:15Z — build #483 LEVEL 5, fresh independent re-trigger; all phase DoD satisfied
...
continuous-integration/drone/push Build is failing
Independent cold pass: Adversary posted !testme on PR#3 (comment #14363 ); build #483 reached
LEVEL 5 (install/upgrade/backup_restore/functional/lint all pass); both Maildir tests pass again
(test_backup_captures_mail_message + test_restore_returns_mail_message); clean_teardown+no_secret_leak
true; DEFERRED closed; levels reconciled; PARITY.md dual-volume; operator summary complete.
Phase mailu DONE. Builder cleared for ## DONE in STATUS-mailu.md.
2026-06-11 21:16:27 +00:00
e37a7df496
terraform: IaC-of-record for the cc-ci Hetzner host (salvaged from PR#2)
...
continuous-integration/drone/push Build is failing
The cc-ci server already runs on Hetzner (migration done; nix/hosts/cc-ci-hetzner
landed directly on main 2026-05-31). PR#2's host config was superseded by newer
main commits, but its terraform/ provisioning scaffolding (cpx32 + nixos-infect)
was never preserved. Add it here as the infrastructure-of-record so the box is
reproducible. .gitignore keeps tfstate + secret tfvars out; HCLOUD_TOKEN is an
env var at apply time (no secrets committed). PR#2 closed as superseded.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-11 21:09:02 +00:00
b17b6f1232
claim(mailu): M2 — DEFERRED closed; PARITY.md updated with dual-volume evidence; operator summary written; PR#3 open for merge; awaiting Adversary fresh re-trigger
continuous-integration/drone/push Build is failing
continuous-integration/drone Build is passing
2026-06-11 21:03:51 +00:00
73ea239cfc
review(mailu): M1 PASS @2026-06-11T21:00Z — build #477 LEVEL 5, both /data+/mail volumes tested; ADV-mailu-01 closed
...
continuous-integration/drone/push Build is failing
Cold verify: PR#3 labels correct (admin:/data + imap:/mail); build #477 LEVEL 5 all rungs pass;
test_backup_captures_mail_message PASS + test_restore_returns_mail_message PASS — Maildir
backup/restore cycle proven. clean_teardown+no_secret_leak true. ADV-mailu-01 fix verified.
Builder cleared for M2.
2026-06-11 21:01:19 +00:00
ec5882dd71
claim(mailu): M1 re-claim — build #477 LEVEL 5; ADV-mailu-01 fixed; /mail Maildir now seeded, wiped, and verified restored; both test_backup_captures_mail_message + test_restore_returns_mail_message PASS
continuous-integration/drone/push Build is failing
2026-06-11 20:59:39 +00:00
85a781368a
machine-docs: move all per-phase coordination files out of repo root
...
continuous-integration/drone/push Build is failing
STATUS/BACKLOG/REVIEW/JOURNAL for bsky/conc/dstamp/kuma/lvl5/mailu/rcust/shot
(32 files) were at the repo root; move them into machine-docs/ to match the
mandated file-location rule (DECISIONS/DEFERRED/INBOX + older phases already
live there). AGENTS.md gains an explicit File-location rule. No content change.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-11 20:57:03 +00:00
560e772b5f
journal(mailu): ADV-mailu-01 fix rationale; build #477 in flight
continuous-integration/drone/push Build is failing
2026-06-11 20:56:46 +00:00
b9352e8313
fix(mailu): extend backup/restore seed to cover /mail Maildir volume (ADV-mailu-01)
continuous-integration/drone/push Build is failing
continuous-integration/drone Build is passing
2026-06-11 20:56:00 +00:00
bb1ebd34f6
review(mailu): M1 FAIL @2026-06-11T20:58Z — /mail Maildir restoration not tested; seed seeds account only (SQLite /data), never exercises mail message in /mail; plan requires mailbox+message; ADV-mailu-01 filed
continuous-integration/drone/push Build is failing
2026-06-11 20:53:24 +00:00
2fa3f528a6
claim(mailu): M1 — build #473 LEVEL 5 PASS; PR#3 backupbot v2 labels (admin:/data + imap:/mail); backup→wipe→restore on real seeded mail data proven; clean teardown; BEFORE=L4(skip) AFTER=L5(earned)
continuous-integration/drone/push Build is failing
2026-06-11 20:51:39 +00:00
1fbc4e0b15
fix(mailu): fix _mailu import path in ops.py+overlays (functional/ subdir)
continuous-integration/drone/push Build is failing
continuous-integration/drone Build is passing
2026-06-11 20:44:40 +00:00
36ece30442
status(mailu): drone build #470 in flight — PR#3 + cc-ci test files all committed
continuous-integration/drone/push Build is failing
2026-06-11 20:43:18 +00:00
4b5051f003
feat(mailu): add ops.py + backup/restore tests + update PARITY.md (P4 now covered via PR#3)
continuous-integration/drone/push Build is failing
continuous-integration/drone Build is failing
2026-06-11 20:41:33 +00:00
ccabad8209
status(mailu): init phase state — data-layout research documented, awaiting PR+tests
continuous-integration/drone/push Build is failing
2026-06-11 18:43:08 +00:00
06e1cee47c
status(kuma): ## DONE — M1+M2 PASS, test_monitor_wizard green 2× (builds #460+#462)
...
continuous-integration/drone/push Build is failing
DoD all satisfied:
- Wizard+probe Playwright test: Up (self) + Down (dead-port) real probes proven
- Level 5 both runs; runtime 2.75-2.82s (≪90s budget)
- DEFERRED "uptime-kuma create-a-monitor" closed
- PARITY.md updated
- M1 PASS 2026-06-11T18:26Z + M2 PASS 2026-06-11; no standing VETO
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-11 18:34:42 +00:00
f96a639197
review(kuma): M2 PASS @2026-06-11T18:32Z — builds #460+#462 both LEVEL 5, test_monitor_wizard 2× green, clean_teardown+no_secret_leak true, DEFERRED closed, PARITY updated; all phase DoD satisfied; Builder cleared for ## DONE
continuous-integration/drone/push Build is failing
2026-06-11 18:33:34 +00:00
9afdf3de5a
claim(kuma): M2 — build #462 LEVEL 5 PASS (flake #2 ); DEFERRED closed; PARITY updated
...
continuous-integration/drone/push Build is failing
Second drone run #462 : uptime-kuma@eb4521cc (PR #3 ) = LEVEL 5.
test_monitor_wizard [pass] in both #460 + #462 — flake check complete.
DEFERRED.md "uptime-kuma create-a-monitor" closed with build+commit pointers.
PARITY.md: new row for tests/uptime-kuma/playwright/test_monitor_wizard.py.
M1 Adversary PASS @2026-06-11T18:26Z (REVIEW-kuma.md).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-11 18:32:16 +00:00
48a66b96a1
review(kuma): M1 PASS @2026-06-11T18:26Z — test_monitor_wizard LEVEL 5, clean_teardown+no_secret_leak true, real-probe evidence (up+down confirmed), runtime 2.8s, approach justified; Builder cleared for M2
continuous-integration/drone/push Build is failing
2026-06-11 18:29:10 +00:00
1d51a7907b
status(kuma): M1 claimed; second !testme in flight for flake check (build 460 = L5 PASS)
continuous-integration/drone/push Build is failing
2026-06-11 18:28:28 +00:00
fe8922c2da
claim(kuma): M1 PASS — test_monitor_wizard green at LEVEL 5 via drone build #460
...
continuous-integration/drone/push Build is failing
continuous-integration/drone Build is passing
Build 460: uptime-kuma@eb4521cc (PR #3 ); custom tier playwright:1 PASS.
All stages: install/upgrade/backup/restore/custom/lint PASS.
test_monitor_wizard [pass] — wizard + self-probe UP + dead-port DOWN.
clean_teardown=true, no_secret_leak=true. PR comment ✅ posted.
Artifacts: /var/lib/cc-ci-runs/460/
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-11 18:27:26 +00:00
8da59cff22
feat(kuma): implement wizard+monitor Playwright test (tests/uptime-kuma/playwright/)
...
continuous-integration/drone/push Build is failing
continuous-integration/drone Build is passing
Phase kuma M1 impl: resolves the 2026-05-28 DEFERRED uptime-kuma create-a-monitor item.
Approach: Playwright (option b) — python-socketio not in cc-ci Nix env; Playwright
handles Socket.IO transparently via the real browser. Selectors confirmed in 2.2.1
compiled bundle (data-cy setup wizard + data-testid monitor form/status badge).
Test flow (test_monitor_wizard_and_probe):
1. Setup wizard: admin create via data-cy form → auto-login → /dashboard
2. Create self-probe monitor (https://{live_app}/ ) → wait ≤90s for "Up" badge
3. Heartbeat table row check: isFirstBeat=important, row has real datetime stamp
4. Negative: dead-port monitor (http://127.0.0.1:19999/dead ) → wait ≤60s for "Down"
All waits are bounded poll with page.wait_for_function/wait_for_url/wait_for_selector.
Admin password: 64-char UUID hex, never printed/logged.
Also: DECISIONS.md records Playwright choice; phase state files bootstrapped.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-11 18:15:13 +00:00
9eb5261c1e
probe(kuma): pre-flight — python-socketio absent on cc-ci (Playwright available); real-probe evidence requirements documented
continuous-integration/drone/push Build is failing
2026-06-11 18:04:45 +00:00
f46aa05151
chore(kuma): init Adversary phase state files (REVIEW + BACKLOG adversary section)
continuous-integration/drone/push Build is failing
2026-06-11 18:03:25 +00:00
43826918ed
chore(mailu): init Adversary phase state files (REVIEW + BACKLOG adversary section)
continuous-integration/drone/push Build is failing
2026-06-11 18:00:07 +00:00
17c8d29a8f
status(dstamp): ## DONE — M1 ( fb411b2) + M2 ( 71358da) both PASS, no VETO. Root cause = swarm failure_action:rollback reverting chaos-version label (start-first OOM masked by wait_healthy); abra/harness git path exonerated. Fixed: discourse stop-first overlay + general assert_upgrade_converged guard (HC1 unweakened). Proven L5 via drone !testme #450 . Blast-radius: discourse-only. DEFERRED closed.
continuous-integration/drone/push Build is failing
2026-06-11 17:52:45 +00:00
71358da446
review(dstamp): M2 PASS @2026-06-11T17:58Z — build 450 level 5 (install/upgrade/backup/restore/custom/lint all PASS, clean_teardown+no_secret_leak true); test_upgrade_reconverges PASS (HC1 chaos-version=7ae7b0f7==head_ref); !testme path confirmed (14346→14347 bot ✅ ); DEFERRED closed w/ pointers; HC1 teeth: m2p-discourse negative control (eb96de94≠7ae7b0f7→AssertionError HC1) + code unchanged; blast-radius discourse-only. All phase dstamp DoD items satisfied.
continuous-integration/drone/push Build is failing
2026-06-11 17:51:54 +00:00
1e22f6ea79
claim(dstamp): M2 — discourse full lifecycle GREEN at true level (LEVEL 5) via drone !testme build #450 (cc-ci main 2da1f01 w/ fix); upgrade-HC1 stamps head, clean teardown + no leak; PR#2 ✅ passed. DEFERRED closed. Blast-radius: only discourse affected. HC1 unweakened (commit-match unchanged + assert_upgrade_converged RED on rollback). Verification recipe in STATUS-dstamp
continuous-integration/drone/push Build is failing
2026-06-11 17:46:14 +00:00
7e783368c4
status(dstamp): M1 PASS ( fb411b2); M2 in progress — !testme drone full-lifecycle build #450 in flight (discourse @7ae7b0f, cc-ci main 2da1f01 w/ fix)
continuous-integration/drone/push Build is failing
2026-06-11 17:38:20 +00:00
fb411b2563
review(dstamp): M1 PASS @2026-06-11T17:36Z — root cause proven by direct evidence (repro4: Spec=7ae7b0f7+U→PreviousSpec=eb96de94+U, swarm rollback confirmed); abra constant (gens4-11 same store path); fix verified (stop-first overlay + assert_upgrade_converged 2-phase, HC1 code unchanged); blast-radius n8n/keycloak PASS L4 in 06-10/06-11 era; dstamp-fix1/fix2 upgrade=PASS @7ae7b0f7+U. Builder cleared for M2.
continuous-integration/drone/push Build is failing
2026-06-11 17:37:35 +00:00
2da1f01849
claim(dstamp): M1 — root cause attributed by DIRECT evidence (swarm failure_action:rollback reverts chaos-version label, masked by start-first+wait_healthy; abra+harness git path exonerated); minimal repro + 06-05→06-10 load change + fix (stop-first overlay + assert_upgrade_converged, HC1 unweakened) + blast-radius (only discourse). fix1+fix2 validate green @7ae7b0f7+U. Verification recipe in STATUS-dstamp.
continuous-integration/drone/push Build is failing
continuous-integration/drone Build is passing
2026-06-11 17:32:11 +00:00
53db62258e
probe(dstamp): race concern CLOSED — Builder harden( e9c26c7) 2-phase StartedAt protocol deterministically distinguishes new update from stale base-deploy state; assessed CORRECT AND COMPLETE
continuous-integration/drone/push Build is failing
2026-06-11 17:23:59 +00:00
e9c26c72af
harden(dstamp): assert_upgrade_converged waits for the NEW swarm update (StartedAt advanced) before accepting a terminal state — closes the Adversary-flagged race where a stale 'completed' from the base deploy could mask a later rollback; no-op redeploy grace preserved
continuous-integration/drone/push Build is failing
2026-06-11 17:18:50 +00:00
a4c0dfcf11
probe(dstamp): blast-radius sweep — 4 enrolled recipes have failure_action=rollback+start-first; keycloak/n8n latent but currently PASS; assert_upgrade_converged covers all without overlay; drone has no upgrade tier
continuous-integration/drone/push Build is passing
2026-06-11 17:18:13 +00:00
d0d762c9c8
journal(dstamp): fix1 validation PASS (chaos 7ae7b0f7+U, converged); blast-radius = only discourse affected (keycloak/n8n upgrade-PASS L4; drone/traefik infra); general guard covers all
continuous-integration/drone/push Build is passing
2026-06-11 17:16:48 +00:00
e9eed8e7b7
probe(dstamp): Adversary independent probe findings — Docker rollback root cause confirmed, fix 0cc31a5 assessed CORRECT, race-window concern flagged (covered by defence-in-depth). Anti-anchoring preserved: JOURNAL not read. Awaiting claim(dstamp) for formal verdict.
continuous-integration/drone/push Build is passing
2026-06-11 17:12:01 +00:00
0cc31a507e
fix(dstamp): discourse upgrade stop-first overlay (stop 2x-memory start-first OOM→spurious swarm rollback) + harness assert_upgrade_converged (detect rollback/pause → honest upgrade failure, HC1 unweakened). Root cause: failure_action:rollback reverted chaos-version label, masked by start-first+wait_healthy
continuous-integration/drone/push Build is passing
2026-06-11 17:07:38 +00:00
9959ad6a2d
status(dstamp): DIRECT EVIDENCE — repro4 caught Spec=7ae7b0f7+U + PreviousSpec=eb96de94+U + State=updating post-redeploy; swarm failure_action:rollback reverts label (masked by start-first+wait_healthy); abra+harness exonerated. Fix: stop-first overlay + harness rollback detection
continuous-integration/drone/push Build is passing
2026-06-11 17:04:13 +00:00
866a429a6f
journal(dstamp): root cause = swarm failure_action:rollback reverts chaos-version label to base spec (start-first masks it via wait_healthy); concurrency refuted; repro3 capturing UpdateStatus
continuous-integration/drone/push Build is passing
2026-06-11 16:55:48 +00:00
9a097d3185
status(dstamp): investigation baseline — isolated git/abra path stamps head CORRECTLY (3 faithful repros); abra constant; run184 solo green vs clustered 06-11 drift @same ref; concurrency-artifact hypothesis under test
continuous-integration/drone/push Build is passing
2026-06-11 16:34:47 +00:00
40c321f5f9
prep(dstamp): Adversary recon baseline — stamp mechanism + cold observables (HEAD 7ae7b0f is 9 commits past tag 0.7.0+3.3.1/eb96de9; chaos-version stamps base not head; abra nix-pinned 0.13.0-beta). No verdict yet, awaiting M1 claim.
continuous-integration/drone/push Build is passing
2026-06-11 15:55:24 +00:00
