1cc14aa98e
journal(canon): resume reconstruction — parity fix deployed, real timer re-fire in flight (custom-html 1.11→1.13 promoted)
continuous-integration/drone/push Build is passing
2026-06-17 13:20:26 +00:00
cd897a1885
review(canon): assess DEFECT-3 env-parity fix ( 2c61f2f, host PATH=Drone parity) — right fix; DEFECT-3 stays OPEN until nixos-rebuild + real-timer re-fire re-validates promoted set in production env (verify parity real, gitea flips cold-green)
continuous-integration/drone/push Build is passing
2026-06-17 13:10:14 +00:00
2c61f2fadf
fix(canon): sweep runs with host PATH = Drone-runner env parity (DEFECT-3 git-lfs etc.)
...
continuous-integration/drone/push Build is passing
The real timer fire redded gitea at the custom tier (git: 'lfs' is not a git command) — the
nightly-sweep writeShellApplication had a clean nix-only PATH, while Drone's recipe-CI runner runs
with PATH=/run/current-system/sw/bin:/run/wrappers/bin (where git-lfs + all host tooling live). My
manual sweeps used a login PATH that masked this. Prepend the host system PATH so the timer sweep
validates recipes in the SAME environment as Drone — one fix for git-lfs/bash/openssl/etc. parity.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-17 13:00:18 +00:00
c387ee1dd8
chore(canon): consume BUILDER-INBOX (DEFECT-3 git-lfs/env-parity — fixing sweep PATH, will re-fire as M2.2 evidence)
continuous-integration/drone/push Build is passing
2026-06-17 12:59:27 +00:00
bd0a565680
review+inbox(canon): DEFECT-3 — real timer fire reds gitea on MISSING git-lfs in nightly-sweep.service runtimeInputs (same class as bash gap); manual sweep env (had git-lfs, gitea cold-green) != production timer env → M2.2 promote evidence must be re-validated under the real timer; heads-up sent
continuous-integration/drone/push Build is passing
2026-06-17 12:57:58 +00:00
7f2e256866
review(canon): §2.G strip code-level CONFIRMED complete (no live UPGRADE_BASE_VERSION; only removal comments; KEYS 15->14; plausible dynamic base 3.0.1) — M2.8 favorable, re-run units+plausible at claim; M2.5 bash-fix needs redeploy+fresh fire
continuous-integration/drone/push Build is passing
2026-06-17 12:35:14 +00:00
cebd293c5a
fix(canon): add bash to nightly-sweep runtimeInputs (real timer fire caught missing bash)
...
continuous-integration/drone/push Build is passing
The deployed sweep service (writeShellApplication) sets a clean PATH from runtimeInputs only;
mirror_sync shells out via subprocess.run(['bash', recipe-mirror-sync.sh, r]) → FileNotFoundError
'bash' on the real systemd fire (manual ssh runs had bash on PATH and masked it). Add bash.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-17 12:34:03 +00:00
83c183d985
feat(canon): §2.G strip UPGRADE_BASE_VERSION entirely (plausible verified dynamic-base green)
...
continuous-integration/drone/push Build is passing
Gate satisfied — live: with the pin removed, plausible's upgrade tier resolves base 3.0.1+v2.0.0 via
the same-version step-back (canonical 3.1.0 == head 3.1.0 → newest-older = 3.0.1, NOT the broken
3.0.0) and passes install+upgrade green (level 5/5). The pin is redundant, so removed everywhere:
- meta.py KEYS entry (RecipeMeta field auto-drops; 15→14 keys).
- run_recipe_ci.resolve_upgrade_base override branch + docstrings.
- tests/unit/test_meta.py (count 15→14, dropped None-assert), test_upgrade_base.py (override test).
- docs/recipe-customization.md (regenerated table + mentions), docs/testing.md.
- tests/plausible/recipe_meta.py (pin removed), tests/bluesky-pds (re-enable note → dynamic base).
294 unit tests pass; lint clean.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-17 12:31:53 +00:00
f611dda893
feat(canon): §2.G remove plausible UPGRADE_BASE_VERSION pin (dynamic base resolves 3.0.1 via step-back)
...
continuous-integration/drone/push Build is passing
plausible's canonical is established at 3.1.0+v2.0.0 (latest), so the dynamic resolver no longer
needs the explicit pin: a same-version head steps back to newest-older = 3.0.1+v2.0.0 (NOT the
broken 3.0.0). Verifying live before stripping the key globally (§2.G gate).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-17 12:26:25 +00:00
8e15def15d
review(canon): acceptance bar for gitea-exception (VERIFY custom-html advance really promoted + gitea app.ini-RO is recipe not machinery mount) + M2.3 reframing (accept IFF 2nd sweep: 15 skip / only documented exceptions run; flag as literal-DoD deviation for operator)
continuous-integration/drone/push Build is passing
2026-06-17 12:22:52 +00:00
bdc2ec4773
decisions(canon): gitea 3.6.0 warm-advance exception (app.ini read-only, recipe issue; 3.5.3 valid) + M2.3 determinism framing
continuous-integration/drone/push Build is passing
2026-06-17 12:19:04 +00:00
9ffbba57e3
review(canon): authoritative sweep DONE rc=0 @12:00:03Z (single serial, 11:25:57->12:00:03); determinism preview visible (promoted recipes SKIP); awaiting gitea fix + M2.3/5/6/7/8 proofs before claim
continuous-integration/drone/push Build is passing
2026-06-17 12:10:44 +00:00
930335972a
chore(canon): consume BUILDER-INBOX (gitea 3.6.0 advance — fixing; drone promoted clean)
continuous-integration/drone/push Build is passing
2026-06-17 12:00:53 +00:00
a6c506844a
review+inbox(canon): final-sweep crux — drone PROMOTED CLEAN (residue fix works, DEFECT-2 closing) but gitea 3.6.0 advance FAILED AGAIN (GREEN-BUT-PROMOTE-FAILED, canon kept 3.5.3) → CLAIM-BLOCKER for M2.6 (advance undemonstrated) + M2.3 (green recipe re-runs, not a red); heads-up sent
continuous-integration/drone/push Build is passing
2026-06-17 11:59:14 +00:00
35d629452b
decisions(canon): record 4 recipe RED exceptions (discourse upstream-compose / mattermost+mumble test-red / bluesky warm-routing) — genuine, tests unmodified, left intact
continuous-integration/drone/push Build is passing
2026-06-17 11:37:33 +00:00
31fbed13b6
review(canon): CONFIRMED final authoritative sweep @12acf94 contains both ca89d44+d072d7e (recency criterion MET); list red-diagnosis verifications (discourse/mattermost-lts/mumble/bluesky) — verify genuine+not-weakened+DECISIONS-recorded at claim
continuous-integration/drone/push Build is passing
2026-06-17 11:35:51 +00:00
2ce31b4035
status(canon): FINAL authoritative M2.2 sweep launched (post-fix /etc/cc-ci@12acf94, enrolled=20, serial); red diagnoses recorded
continuous-integration/drone/push Build is passing
2026-06-17 11:26:19 +00:00
12acf94b91
review(canon): pre-fix sweep DONE (15 canonicals); NEW red mumble rc=1 (must fix-or-document); plausible promoted 3.1.0+v2.0.0 not 3.0.1 → §2.8 retirement must re-derive dynamic base vs actual canonical
continuous-integration/drone/push Build is passing
2026-06-17 11:23:53 +00:00
32c9703ffe
review(canon): VERIFIED fresh-seed-teardown × live-keycloak footgun MITIGATED — keycloak de-enrolled (enrolled=20, not in set), live warm-keycloak 200 + 1/1 unharmed by pre-fix sweep; carry: check no other recipe domain collides with a live service
continuous-integration/drone/push Build is passing
2026-06-17 11:12:25 +00:00
618ac1ef6f
status(canon): M2 snapshot — 10 clean promotes incl. lasuite-* (warm dep works); plan for authoritative post-fix sweep
continuous-integration/drone/push Build is passing
2026-06-17 11:03:00 +00:00
3bcc11f7b5
review(canon): note residue fix ( ca89d44, likely drone root cause) + keycloak de-enroll ( d072d7e, §2.B exception, enrolled=20); set M2-evidence recency criterion — accepted sweep must postdate both fixes, single serial, drone promotes-or-exception
continuous-integration/drone/push Build is passing
2026-06-17 11:00:24 +00:00
d072d7e2c2
fix(canon): de-enroll keycloak (live-warm OIDC provider) — §2.B exception
...
continuous-integration/drone/push Build is passing
keycloak is the always-on shared OIDC dep provider at warm-keycloak.ci..., the SAME stable domain a
data-warm canonical would use → the sweep's promote would collide with the live provider that
lasuite-*/drone depend on. keycloak is kept current by roll_warm_infra (WC1.1) instead.
WARM_CANONICAL=False; exception recorded in DECISIONS. Enrolled set now 20.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-17 10:54:14 +00:00
ca89d44c05
fix(canon): promote clears stale warm-stack on a fresh seed (failed-promote secret residue)
...
continuous-integration/drone/push Build is passing
A once-failed promote left swarm secrets (e.g. drone's gitea client_secret_v1) behind; the retry's
install_steps 'abra app secret insert' then FATAd 'already exists', so a recipe could never recover
its canonical. promote_canonical now teardown_app()s the warm domain when there is NO existing
canonical (fresh seed) — clearing leftover secrets/.env/partial volumes — while a re-promote
(canonical exists) still reattaches its retained known-good volume untouched.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-17 10:51:01 +00:00
d32940d3e1
review(canon): clean-serial sweep obs — drone STILL promote-fails clean (lock fix cured hang, not promote; M2 risk); gitea new-tag 3.5.3->3.6.0 advance = live M2.6 evidence
continuous-integration/drone/push Build is passing
2026-06-17 10:48:12 +00:00
d4a053dfcc
chore(canon): consume ADVERSARY-INBOX (concurrent sweeps killed, drone tainted-canonical discarded, ONE clean serial sweep relaunched pid1741209); carry to claim — verify 7 kept canonicals' ts outside concurrency window
continuous-integration/drone/push Build is passing
2026-06-17 10:25:01 +00:00
1f4aa25a2b
inbox+status(canon): killed concurrent sweeps, cleaned residue, cleared concurrency-tainted drone canonical; ONE clean serial sweep relaunched
continuous-integration/drone/push Build is passing
2026-06-17 10:24:06 +00:00
fb2fe307dc
chore(canon): consume BUILDER-INBOX (concurrent-sweep alert — killing wedged old sweep, will re-run clean serial)
continuous-integration/drone/push Build is passing
2026-06-17 10:21:42 +00:00
4d5b03b485
inbox+review(canon): TWO concurrent sweeps — wedged old sweep (PID1712141, drone deadlock child ~46m) still alive alongside new re-run (PID1736506); violates §4 serial + breaks release_app_locks precondition; M2 evidence from overlapping run not acceptable
continuous-integration/drone/push Build is passing
2026-06-17 10:20:49 +00:00
88293702b2
status(canon): mirror-sync master-detection + cold-dep lock-release fixes deployed; validating drone
continuous-integration/drone/push Build is passing
2026-06-17 10:05:13 +00:00
655a9998be
fix(canon): release cold-run app/dep locks before promote (cold-dep self-deadlock)
...
continuous-integration/drone/push Build is passing
drone (DEPS=[gitea], a COLD dep) deadlocked in promote: the cold test holds the gitea dep's
app-lock for the whole process lifetime, and promote's _provision_deps re-acquires the same lock
in the same process → blocks forever. By promote time the cold test + its deps are torn down
(dep teardown runs in the run finally, before promote), so the locks are stale. New
lifecycle.release_app_locks() frees them at promote start; the serial sweep guarantees no
concurrent run relies on them. lasuite-* (warm keycloak dep) were unaffected (no cold deploy).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-17 10:04:14 +00:00
24579383f4
fix(canon): mirror-sync detects upstream default branch (master vs main)
...
continuous-integration/drone/push Build is passing
Adversary-flagged: drone/gitea mirror-sync hit rc=128 ('couldn't find remote ref main') —
coopcloud/coop-cloud/{drone,gitea} use `master`, not `main`. The script hardcoded
`git fetch upstream main` → sync skipped (non-fatal) so the mirror wasn't reconciled (the trigger
still used correct upstream tags from the local abra-fetch clone, so the version tested was right;
only the mirror push was missed). Now resolves the upstream HEAD symref and fetches that branch,
force-pushing it to the mirror's `main`. Consumes BUILDER-INBOX.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-17 09:37:24 +00:00
d9987a0fbf
inbox(canon): heads-up to Builder before M2 claim — (1) drone mirror-sync rc=128 swallowed (clarify §2.C); (2) determinism run-twice-skip-all vs red/promote-failed recipes (reconcile in claim evidence)
continuous-integration/drone/push Build is passing
2026-06-17 09:35:35 +00:00
4accd22d50
review(canon): pre-claim observations — DEFECT-1 label fix live/honest; NEW mirror-sync drone rc=128 swallowed (scrutinise §2.C); determinism M2.3 run-twice-skip-all at risk for red/promote-failed recipes
continuous-integration/drone/push Build is passing
2026-06-17 09:35:11 +00:00
df26041307
chore(canon): consume ADVERSARY-INBOX (fix f94de22 validated, M2 re-run in flight); pre-claim note — scrutinise bluesky 'documented RED' as possible warm-domain routing machinery defect at claim
continuous-integration/drone/push Build is passing
2026-06-17 09:12:01 +00:00
0eca8b5089
status+inbox(canon): promote fix validated (custom-html-tiny+ghost promote); bluesky warm-routing red; full re-run in flight
continuous-integration/drone/push Build is passing
2026-06-17 09:11:07 +00:00
3393dba11e
review(M2.2): file DEFECT-1 (untrustworthy PASS label) + DEFECT-2 (promote path failing broadly) as OPEN adversary findings; close only after re-verify of fix f94de22
continuous-integration/drone/push Build is passing
2026-06-17 08:55:31 +00:00
2126747e2e
status(canon): M2.2 run-1 surfaced+fixed promote bug; validating faithful-install fix
continuous-integration/drone/push Build is passing
2026-06-17 08:51:49 +00:00
f94de22234
fix(canon): promote does a FAITHFUL warm install (clean tree + deps + install_steps)
...
continuous-integration/drone/push Build is passing
M2 finding (Adversary-flagged): promote_canonical did a bare `abra app deploy` that lacked the
cold install's wiring, so recipes that passed the cold test still failed to promote:
- ghost: `abra app new` FATA 'locally unstaged changes' — the CCCI_SKIP_FETCH per-run tree was
left dirty by the tier suite. Fix: force re-checkout the tag + `git clean -fd` before deploy.
- bluesky-pds: missing pds_plc_rotation_key (install_steps inserts it, #generate=false).
- custom-html-tiny: 404 (install_steps seeds index.html). Fix: run install_steps_hook in promote.
- OIDC recipes would miss their realm. Fix: provision DEPS in promote like the cold install.
promote_canonical now: clean tree → provision deps → deploy_app with install_steps_hook + overlay +
ready-probes, then snapshot. Also: sweep result label now derives from whether the canonical was
actually written (promote is non-fatal; rc==0 did not imply promoted) — fixes the misleading
'PASS (promoted)'.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-17 08:50:59 +00:00
4cf1b32f4c
chore(canon): consume BUILDER-INBOX (promote failing ~4/5 + misleading PASS label — diagnosing)
continuous-integration/drone/push Build is passing
2026-06-17 08:41:28 +00:00
d933585e92
note(canon): pre-claim finding — sweep PASS-label vs actual promote failures (4/5), determinism risk; evidence captured for M2 verification
continuous-integration/drone/push Build is passing
2026-06-17 08:40:41 +00:00
ba28a8897a
inbox(canon): heads-up — sweep logs PASS(promoted) but 4/5 promotes FAILED (only cryptpad wrote a canonical); label derives from rc not record; determinism M2.3 at risk
continuous-integration/drone/push Build is passing
2026-06-17 08:40:16 +00:00
0f2f57b5ca
chore(canon): consume BUILDER-INBOX (discourse wedge heads-up; will time out → RED → sweep continues)
continuous-integration/drone/push Build is passing
2026-06-17 08:17:27 +00:00
7ca77f95ca
inbox(canon): heads-up — M2.2 sweep stuck on discourse ~51m (abra deploy hung, 0 containers, ~08:24Z timeout); canonical count 2
continuous-integration/drone/push Build is passing
2026-06-17 08:15:59 +00:00
38f9c8a30a
note(canon): pre-claim — M2.1 deploy verified live read-only (/etc/cc-ci pulled to 3bdd5d1, weekly timer deployed, sweep runs non-hollow path); M2 not yet claimed
continuous-integration/drone/push Build is passing
2026-06-17 07:20:47 +00:00
7a08f05d59
chore(canon): consume ADVERSARY-INBOX (M1 PASS ack'd; Builder starting M2.2 long sweep)
continuous-integration/drone/push Build is passing
2026-06-17 07:20:07 +00:00
b619e8168f
inbox(canon): heads-up — M2.1 deployed; starting long M2.2 full sweep
continuous-integration/drone/push Build is passing
2026-06-17 07:19:20 +00:00
3bdd5d143b
review(M1): PASS — tagged-gate + trigger + mirror-sync + all-21-enrolled + weekly timer cold-verified; live canonical records tag commit df2e273; 295 unit pass from fresh clone. No VETO
continuous-integration/drone/push Build is passing
2026-06-17 07:11:34 +00:00
8a52c16abb
journal(canon): M2-prep recon — 20 recipes will seed, runtime/disk risks noted
continuous-integration/drone/push Build is passing
2026-06-17 07:08:50 +00:00
626badd333
claim(M1): canonical sweep machinery built + live-proven on custom-html
...
continuous-integration/drone/push Build is passing
M1 (machinery works locally, each piece proven) — code HEAD d4cc9e4#2 , left PR #5 );
nightly_sweep rewritten (mirror_sync -> trigger -> run_on_tag). Live SKIP demo on custom-html.
- M1.3 all 21 used-recipes enrolled. M1.4 hollow-sweep fix (CCCI_REPO=/etc/cc-ci). M1.5 weekly timer.
- M1(A) reattach: live proof-B --quick reused the retained volume green; known-good unchanged.
Evidence + verify recipes in STATUS-canon.md; reasoning in JOURNAL-canon.md; DECISIONS appended.
Gate: M1 CLAIMED, awaiting Adversary.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-17 07:07:44 +00:00
69f59fdcc5
status(canon): M1 code complete + unit-tested; live M1(A) proofs in flight
continuous-integration/drone/push Build is passing
2026-06-17 06:49:53 +00:00
