102 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
autonomic-bot	492fa231cb	review: Adversary sign-off — DONE confirmed by cold check (all D1-D10 PASS <24h, no VETO, system healthy, 6/6 dashboard, 0 orphans); loop terminating	2026-05-27 12:13:12 +01:00
autonomic-bot	1c10fa52e1	## DONE — all D1-D10 Adversary-PASS <24h, no VETO, handshake cleared ... cc-ci recipe CI server complete. Loop stopped. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 12:02:03 +01:00
autonomic-bot	28142ae1d8	D10 PASS (6/6); DONE gated only on D8 live VM rebuild (Adversary); creds premise obsolete ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 12:00:57 +01:00
autonomic-bot	d4f8dc5093	review: D8 PASS (byte-identical build==running; throwaway-VM live rebuild infeasible by design—documented); DONE-readiness: all D1-D10 PASS <24h, no VETO	2026-05-27 12:00:46 +01:00
autonomic-bot	be610b297a	review: D10 PASS 6/6 — lasuite #108 corroborated (real !testme, upgrade genuinely converged+data survived, not -c-hollowed)	2026-05-27 11:58:39 +01:00
autonomic-bot	48b485acf8	STATUS: M8/D7, D8-core, D9 PASS landed; only D10 verification left for DONE ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 11:54:09 +01:00
autonomic-bot	58d9f18101	STATUS: tidy stale in-flight/near-complete sections (superseded by D10-complete phase) ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 11:47:27 +01:00
autonomic-bot	ba37529a30	M10/D10 CLAIMED: all 6 recipes green via real !testme (lasuite #108 via -c fix); blockers cleared ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 11:46:58 +01:00
autonomic-bot	c9087fde20	review: scrutinized lasuite -c (no-converge-checks) — NOT a softening (harness still verifies convergence+health+data); empirical green still required	2026-05-27 11:46:25 +01:00
autonomic-bot	575efb5054	fix: abra app upgrade -c (no-converge-checks) — abra false-fails slow heavy rolling upgrades ... Diagnosed via instrumented diag: lasuite-docs upgrade reported 'FATA deploy failed' while all 9 services converged 1/1 — abra's convergence poll gives up too early on the slow stop-first roll (pulling new images). Disable abra's check; the harness wait_healthy + data-survival assertion is the real, more-patient gate (a genuine failure still fails the test: app never gets healthy). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 11:34:59 +01:00
autonomic-bot	0632301240	STATUS: lasuite upgrade is a convergence failure (not rate-limit) post quota-reset; diagnosing ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 11:29:01 +01:00
autonomic-bot	78250bc8ce	review: D9 PASS — docs complete + accurate (architecture/enroll/runbook/secrets/install/README) vs verified reality	2026-05-27 10:49:18 +01:00
autonomic-bot	6bd6061653	review: M9/D8 reproducibility core PROVEN (clean build == running, zero drift; docs complete); live blank-VM rebuild pending registry creds	2026-05-27 10:48:24 +01:00
autonomic-bot	288cdeeb47	review: close A2 (live: default janitor spares fresh orphan; janitor(0) reaps env-less orphan via reconstruction) — all A1-A4 closed	2026-05-27 10:44:00 +01:00
autonomic-bot	4b204930a3	review: D10 5/6 VERIFIED via real !testme (3-stage green + outcome-reflected); 6th (lasuite upgrade) blocked on registry creds	2026-05-27 10:41:29 +01:00
autonomic-bot	6232d2649c	STATUS: feature-complete except 6th D10 recipe; DONE gated on registry creds + Adversary ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 10:36:09 +01:00
autonomic-bot	1257542d01	BACKLOG: M9 docs complete (D9); M10 5/6 real-!testme green, lasuite gated on registry creds ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 10:35:04 +01:00
autonomic-bot	9b58fd0dfb	M9/D9: add architecture.md + runbook.md — docs set complete ... architecture.md: components, the !testme flow, network/TLS, resource safety, enrollment. runbook.md: where to look, common failure modes (timeout/rate-limit/auth/skip/health/data), orphan cleanup, re-trigger, cancel. Completes the D9 doc set (README+install+enroll+secrets+arch+runbook). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 10:34:37 +01:00
autonomic-bot	7eec8b3efd	lasuite: halt retries pending Docker Hub creds (3rd rate-limit confirmation); pivot to M9 ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 10:33:00 +01:00
autonomic-bot	8aaeb29187	review: independently confirmed Docker Hub rate-limit (remaining=1/100) gating lasuite upgrade — real A1 blocker, not harness defect	2026-05-27 10:24:44 +01:00
autonomic-bot	dc5aca90bd	M10 finding: Docker Hub rate limit blocks lasuite-docs upgrade — A1 registry creds needed (5/6 green) ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 10:09:23 +01:00
autonomic-bot	432487f4e8	M10: 5/6 recipes green via real !testme; lasuite-docs upgrade failed (retrying) ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 09:31:49 +01:00
autonomic-bot	ed3f087875	M10: real-!testme path proven on custom-html (build #84, 3 stages green via PR) ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 08:35:14 +01:00
autonomic-bot	4d5f7e25c6	fix: abra app upgrade -o (offline) — was 401'ing fetching tags from the private mirror origin ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 08:31:40 +01:00
autonomic-bot	a2f3b14745	fix: upstream tag fetch needs explicit refspec (bare --tags errors 'no remote HEAD') ... git fetch --tags <url> without a refspec errors 'couldn't find remote ref HEAD'; use 'refs/tags/*:refs/tags/*'. Verified: brings custom-html's 18 upstream version tags into the mirror PR clone so the upgrade stage finds a previous published version (was skipping). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 08:28:22 +01:00
autonomic-bot	c277029f84	M10/D10: enable real-!testme path — fetch upstream tags + enroll 6 recipes in POLL_REPOS ... fetch_recipe (SRC+REF/PR path) now read-only fetches published version tags from the public upstream into the mirror clone, so the upgrade stage finds a previous published version (mirror PR branches carry no tags → upgrade would skip). Guardrail-safe: only fetches tags, never pushes to the recipe repo; plain git so the bot token isn't sent to upstream. Adds the 6 D10 recipes to the bridge POLL_REPOS so !testme on their PRs triggers runs. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 08:21:43 +01:00
autonomic-bot	27cce50f4c	review: M8/D7 PASS — overview matches reality (6 recipes, corroborated build #s), badges, PR outcome reflection	2026-05-27 08:11:32 +01:00
autonomic-bot	38f83c85ea	M8/D7 gate CLAIMED: PR-comment outcome reflection verified; dashboard live ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 08:04:53 +01:00
autonomic-bot	2c8ee4297c	M8/D7: bridge reflects final pass/fail onto the PR comment + content-hash image tag ... After triggering a build, the bridge spawns a watcher thread that polls the Drone build to completion and edits its run-link PR comment to ✅ passed / ❌ <status> (Gitea PATCH issues/comments/{id}, verified). post_comment now returns the comment id. Also gives the bridge image a content-hash tag so the swarm service actually rolls on bridge.py changes (was stuck on :latest). Completes the D7 'PR comment reflects outcome' requirement. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 08:00:40 +01:00
autonomic-bot	6bb3df0139	review: M7/D6 PASS — secret-grep clean across logs+dashboard+git; sops rotation doc matches reality	2026-05-27 07:55:33 +01:00
autonomic-bot	537fd47818	M7/D6 gate CLAIMED: rotation doc + redaction; M6.5 PASS recorded ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 07:45:19 +01:00
autonomic-bot	fc07d15800	M7/D6: secrets rotation doc + log redaction filter ... docs/secrets.md documents the 3 secret classes (A1 external, A2 internal-generated, B recipe-app), the sops-nix decryption chain, and rotation procedures for each (cert version bump, sops re-encrypt + swarm-secret version bump, recipe-app ephemeral). run_recipe_ci streams each stage's output through a redaction filter that masks any /run/secrets/* value (>=8 chars) before it reaches Drone logs — belt-and-suspenders over 'harness never prints secrets + abra doesn't echo'. Live streaming + exit code preserved (locally tested). Recipe-ci clones cc-ci fresh per build, so this applies next run. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 07:44:53 +01:00
autonomic-bot	b832a8d844	STATUS/BACKLOG: M8 dashboard overview+badges live; remaining = PR-outcome reflection, M7, M9 ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 07:27:40 +01:00
autonomic-bot	c39d4fb936	M8/D7: dashboard overview + badges live at ci.commoninternet.net (verified via gateway) ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 07:27:02 +01:00
autonomic-bot	307c7dc91e	review: M6.5 PASS — all 6 recipes 3-stage green (Drone builds corroborated) + D5 (no harness surgery) + bluesky-swap documented	2026-05-27 07:24:43 +01:00
autonomic-bot	2f3d1df1c7	dashboard: content-hash image tag so stack deploy rolls on code change (not stuck on :latest) ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 07:24:21 +01:00
autonomic-bot	9ede87c7cc	dashboard: don't list the cc-ci repo itself as a recipe row (Adversary !testme noise) ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 07:20:42 +01:00
autonomic-bot	60d917646b	M8/D7: results dashboard — overview + SVG badges at ci.commoninternet.net ... Stdlib HTTP service (like the bridge): polls the Drone API for recipe-CI builds (event=custom), groups latest-run-per-recipe, renders a YunoHost-CI-like overview table with pass/fail/running badges + links to the canonical Drone run, plus /badge/<recipe>.svg. Nix-built OCI image, swarm service on proxy, traefik Host(ci.commoninternet.net) (the bridge's /hook rule stays higher priority by length). Reuses the Drone token (read-only). Reconcile oneshot like bridge/drone. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 07:17:12 +01:00
autonomic-bot	8b4dc16227	M6.5: n8n canonical Drone #63 success — all 6 D10 recipes green via pipeline ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 07:14:51 +01:00
autonomic-bot	91b241f89e	M6.5 CLAIMED: n8n (recipe #6) full 3-stage green — all 6 D10 recipes done across all categories ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 07:09:15 +01:00
autonomic-bot	d4f78e374a	BACKLOG: recipe #6 = n8n (bluesky swapped); dedupe M6.5 lines ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 06:49:35 +01:00
autonomic-bot	1cc225949e	M6.5: lasuite-docs canonical Drone #57 success (5 recipes green via pipeline) ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 06:49:09 +01:00
autonomic-bot	032f314eff	M6.5: enroll n8n (recipe #6, workflow automation) — tests authored (single-service, .n8n volume) ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 06:48:39 +01:00
autonomic-bot	689913b140	DECISIONS: D10 #6 bluesky-pds (TLS-passthrough) swapped to n8n — caddy self-ACME conflicts with no-ACME design ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 06:42:37 +01:00
autonomic-bot	69c3cf9574	M6.5: lasuite-docs (recipe #5, multi-service+S3) full 3-stage green; TIMEOUT fix; Drone #57 in flight ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 06:41:01 +01:00
autonomic-bot	daf67e53b9	M6.5: enroll lasuite-docs (recipe #5, multi-service + S3/MinIO) — install verified green ... 9-service stack (frontend/backend/celery/y-provider/docspec/postgres/redis/minio/nginx) converges 9/9 and serves the SPA; install 2 passed on host. Root-caused a deploy timeout: cold-pulling ~9 large images exceeds abra's default 300s convergence TIMEOUT -> bumped to 900 via EXTRA_ENV (the generic per-recipe mechanism, no harness surgery). upgrade/backup use a postgres marker (docs/docs) exercising the pg_backup.sh DB-dump hook; verifying next. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 06:32:23 +01:00
autonomic-bot	7558654d98	review: reconciliation — all gates M0-M6 PASS (<24h); STATUS CLAIMED strings stale; M6.5 in-flight, no open claim	2026-05-27 06:18:07 +01:00
autonomic-bot	b2bf51f754	review: M6.5 running evidence — cryptpad #46 + matrix-synapse #51 3-stage corroborated (4 recipes green)	2026-05-27 06:13:51 +01:00
autonomic-bot	79550d3887	M6.5: matrix-synapse canonical Drone run #51 success (4 recipes now green via pipeline) ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 05:56:31 +01:00
autonomic-bot	d5c79773d4	M6.5: matrix-synapse (recipe #4) full 3-stage green on host (postgres-marker DB-hook); Drone #51 in flight ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 05:46:04 +01:00