141 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
autonomic-bot	3d86e31730	1c/E2E-TESTME: PASS (E1-E6) — clean-room VM serves a real !testme run end-to-end over the public domain ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 19:43:08 +01:00
autonomic-bot	0864673eed	1c/E2E-TESTME: E1-E3 PASS — !testme→bridge→build #4, app externally reachable via public gateway (200, real content, git cert) ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 19:39:33 +01:00
autonomic-bot	1a19a6c4c6	1c/E2E-TESTME: checkpoint — E1 pass, Drone-token fix committed, applying to rebuilt VM next ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 19:28:34 +01:00
autonomic-bot	af46acab6d	1c: record Drone-token clean-room finding+fix in journal ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 19:27:03 +01:00
autonomic-bot	c8bbd35f2a	1c/E2E-TESTME finding+fix: inject bridge_drone_token as Drone bot MACHINE TOKEN (DRONE_USER_CREATE token:) ... Clean-room finding caught by the e2e: DRONE_USER_CREATE had no token: => a fresh-DB rebuild's Drone auto-generates a random bot token, so the committed (sops) bridge_drone_token gets 401 and the bridge can't trigger builds. The original cc-ci only matched because its token was captured out-of-band. Now the bot's machine token == bridge_drone_token deterministically on every rebuild. (Evolves the toplevel again; re-establish byte-identical on cc-ci after the e2e + Adversary re-verifies C1.) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 19:27:00 +01:00
autonomic-bot	ee585ef6b4	1c/E2E-TESTME: bootstrap-drone-oauth.sh handles OAuth auto-approve (re-auth: no consent form -> follow 302 callback) ... Found during the e2e: when the bot already granted the shared Drone OAuth app, Gitea 302s straight to the code callback (no consent form), so the consent-form parse yielded empty _csrf/state and set -e aborted. Now: if authorize returns a Location, use it directly; else POST the consent form. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 19:21:47 +01:00
autonomic-bot	b74a59ea08	1c/E2E-TESTME: swap ACTIVE — public gateway → rebuilt VM (P1/P2 verified); recording reversible state + swap-back steps ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 19:18:49 +01:00
autonomic-bot	7f8a4304fd	1c: Gate W4 PASS (Adversary cold, C1-C5); proceeding to swap + E2E-TESTME ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 19:15:25 +01:00
autonomic-bot	40c50545f1	review(1c): heads-up for Builder e2e — dual-bridge double-trigger risk in swap window; recommend pausing original's bridge during E1-E6	2026-05-27 19:13:52 +01:00
autonomic-bot	446f326a1e	review(1c): W4/C4/C5 PASS COLD — independent throwaway rebuild: blank VM+2 repos+1 age key -> single switch -> ld19aj2 byte-identical, 0 failed, 6/6 stacks, cert+TLS from git (leaf 57:8D:67). VM ccci-w5-rebuild@100.97.167.73 recorded for Builder swap. D8 honest (Phase-1 'infeasible' superseded)	2026-05-27 19:12:47 +01:00
autonomic-bot	d22abe45ca	1c/E2E-TESTME: clarify actor/critic — Builder swaps Adversary's W5 VM (ccci-w5-rebuild) after W5 PASS + recorded IP; Adversary doesn't rename ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 19:06:51 +01:00
autonomic-bot	f02a2b255c	1c/E2E-TESTME: Builder owns the tailnet swap end-to-end (no signal); record swap steps + execution watch-outs ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 18:58:24 +01:00
autonomic-bot	b54ea6de54	1c/W5.5: point to authoritative E2E-TESTME spec (E1-E6); orchestrator-signal-gated ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 18:48:26 +01:00
autonomic-bot	ffd4565e73	1c: add operator-gated functional-acceptance e2e (W5.5) — real !testme via public gateway after VM promotion ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 18:46:50 +01:00
autonomic-bot	232b35e32b	1c/C6: operator override — keep FINAL W5 throwaway (promote -> cc-nix-test); defer teardown ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 18:40:47 +01:00
autonomic-bot	70f108d2fa	1c/W4 DONE: genuine throwaway-VM live rebuild (single switch, 0 failed, byte-identical, TLS leaf==git cert); Gate W4 CLAIMED + install.md updated ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 18:37:02 +01:00
autonomic-bot	a7600346b1	1c/W4: status — cc-ci on ld19aj2 (final); fresh throwaway booting for single-switch C4 proof ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 18:09:38 +01:00
autonomic-bot	d8aa7578d4	1c/W4: cc-ci on ld19aj2 (byte-identical); throwaway TLS leaf-match == git cert (C4 cert proof) ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 18:06:28 +01:00
autonomic-bot	5cb0bccdfc	1c/W4: throwaway reproduces cc-ci byte-identical + recovery-key decrypt; abra race found+fixed (serialized reconcilers) ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 17:59:39 +01:00
autonomic-bot	7563d47228	1c/W4: serialize abra reconcilers (proxy->drone->bridge->dashboard->backupbot) ... On a FRESH host the reconcile oneshots ran abra concurrently against an uninitialised ~/.abra and raced on catalogue/recipe init, leaving deploy-proxy/deploy-drone failed after a blank-VM rebuild (observed on the W4 throwaway). Ordering-only `after` chain serializes them so a single nixos-rebuild switch converges. Logically correct too (all need the proxy/abra state first). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 17:57:25 +01:00
autonomic-bot	b73307908d	review(1c): C1 refresh — byte-identical against new keyFile config (izsmiajw==running, zero drift); supersedes vh6vwxbl	2026-05-27 17:57:18 +01:00
autonomic-bot	24fe11a98e	1c/W4: Step A done (cc-ci on keyFile config, izsmiajw byte-identical); Step B throwaway rebuild in flight ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 17:36:27 +01:00
autonomic-bot	dd710a6f56	review(1c): set C4/W5 TLS verification standard — domain=ci.commoninternet.net (not ci2), SNI+--resolve on fresh VM, leaf fingerprint must match git cert	2026-05-27 17:30:08 +01:00
autonomic-bot	195cc30ead	1c/W4: record orchestrator C4 TLS-verification approach (local --resolve on throwaway) ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 17:29:00 +01:00
autonomic-bot	9cc678853b	1c/W4: add sops.age.keyFile for bootstrap age key (recovery key on clones; host-derived on cc-ci) ... cc-ci /var/lib/sops-nix/key.txt provisioned = host-derived age key (pub == &host recipient), so adding keyFile is safe (sops-install-secrets aborts if a configured keyFile is missing). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 17:24:39 +01:00
autonomic-bot	228b930a96	review(1c): corroboration — sops cert re-decrypts byte-identically at boot after W1 resize-reboot (strengthens C2)	2026-05-27 17:24:00 +01:00
autonomic-bot	8b410dcce1	1c/W3 DONE: throwaway reachable (100.126.124.86); keyFile-missing-aborts finding -> W4 design locked ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 17:21:21 +01:00
autonomic-bot	dc81c16b9d	1c/W3: throwaway VM created (booting); W4 design notes (keyFile/recovery-key, tailnet, bridge) ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 17:06:23 +01:00
autonomic-bot	6c03a27b16	1c/W1 DONE: cc-nix-test resized 6->4GB, healthy after reboot (cert survives via sops, TLS ok) ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 16:59:49 +01:00
autonomic-bot	60bd291ce1	1c: W2 PASS (Adversary, C1/C2/C3 cold); proceeding to W1/W3/W4 ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 16:54:23 +01:00
autonomic-bot	95ac37c7bd	review(1c): W2 PASS cold — byte-identical build==running (vh6vwxbl), cert sops-from-git + live TLS leaf-match, no plaintext leak; C1/C2/C3 Adversary-PASS	2026-05-27 16:52:14 +01:00
autonomic-bot	0633aa7e7f	1c: W3 recon (incus/b1 RAM facts) while parked at Gate W2 ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 16:48:39 +01:00
autonomic-bot	faa3709084	1c/W2a DONE: secrets-split + cert-in-git deployed to live cc-ci; Gate W2 CLAIMED ... Submodule mount, cert sops-decrypted to /var/lib/ci-certs/live (sha256 verified), byte-identical build==running (vh6vwxbl), git-clone+?submodules=1 reproduces it, live TLS valid. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 16:47:16 +01:00
autonomic-bot	f79e542149	1c/W2a: mount cc-ci-secrets as submodule at secrets/; cert+key now sops-decrypted to /var/lib/ci-certs/live ... - secrets/ is now the private cc-ci-secrets repo (submodule). defaultSopsFile path unchanged. - secrets.nix: add wildcard_cert/wildcard_key sops secrets -> path=/var/lib/ci-certs/live/*. - proxy.nix: cert is sops-from-git, not an operator file drop (reframed; FATAL guard kept as decrypt-path check). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 16:32:10 +01:00
autonomic-bot	c36052021c	review(1c): interim probe — cc-ci-secrets private + all 8 secrets ENC (cert+key in sops, 0 plaintext); byte-identical/TLS pending W2 gate	2026-05-27 16:23:17 +01:00
autonomic-bot	e746f37676	review(1c): pre-W2 cold baselines (running-system toplevel, cert hashes, clean-base grep); W2 scrutiny checklist	2026-05-27 16:22:08 +01:00
autonomic-bot	f972bc1dc4	1c/W2: cc-ci-secrets repo created + populated (cert+infra in sops, verified) ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 16:16:58 +01:00
autonomic-bot	8e2357e5bf	1c: bootstrap Phase 1c loop state (STATUS/BACKLOG/JOURNAL-1c) + decisions (submodule linkage, recovery-key bootstrap) ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 16:06:26 +01:00
autonomic-bot	be37eccd31	review(1c): Adversary ledger seeded; cold baseline (system healthy pre-refactor; Builder has not begun 1c)	2026-05-27 16:02:13 +01:00
autonomic-bot	492fa231cb	review: Adversary sign-off — DONE confirmed by cold check (all D1-D10 PASS <24h, no VETO, system healthy, 6/6 dashboard, 0 orphans); loop terminating	2026-05-27 12:13:12 +01:00
autonomic-bot	1c10fa52e1	## DONE — all D1-D10 Adversary-PASS <24h, no VETO, handshake cleared ... cc-ci recipe CI server complete. Loop stopped. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 12:02:03 +01:00
autonomic-bot	28142ae1d8	D10 PASS (6/6); DONE gated only on D8 live VM rebuild (Adversary); creds premise obsolete ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 12:00:57 +01:00
autonomic-bot	d4f8dc5093	review: D8 PASS (byte-identical build==running; throwaway-VM live rebuild infeasible by design—documented); DONE-readiness: all D1-D10 PASS <24h, no VETO	2026-05-27 12:00:46 +01:00
autonomic-bot	be610b297a	review: D10 PASS 6/6 — lasuite #108 corroborated (real !testme, upgrade genuinely converged+data survived, not -c-hollowed)	2026-05-27 11:58:39 +01:00
autonomic-bot	48b485acf8	STATUS: M8/D7, D8-core, D9 PASS landed; only D10 verification left for DONE ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 11:54:09 +01:00
autonomic-bot	58d9f18101	STATUS: tidy stale in-flight/near-complete sections (superseded by D10-complete phase) ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 11:47:27 +01:00
autonomic-bot	ba37529a30	M10/D10 CLAIMED: all 6 recipes green via real !testme (lasuite #108 via -c fix); blockers cleared ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 11:46:58 +01:00
autonomic-bot	c9087fde20	review: scrutinized lasuite -c (no-converge-checks) — NOT a softening (harness still verifies convergence+health+data); empirical green still required	2026-05-27 11:46:25 +01:00
autonomic-bot	575efb5054	fix: abra app upgrade -c (no-converge-checks) — abra false-fails slow heavy rolling upgrades ... Diagnosed via instrumented diag: lasuite-docs upgrade reported 'FATA deploy failed' while all 9 services converged 1/1 — abra's convergence poll gives up too early on the slow stop-first roll (pulling new images). Disable abra's check; the harness wait_healthy + data-survival assertion is the real, more-patient gate (a genuine failure still fails the test: app never gets healthy). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 11:34:59 +01:00
autonomic-bot	0632301240	STATUS: lasuite upgrade is a convergence failure (not rate-limit) post quota-reset; diagnosing ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 11:29:01 +01:00