4ce80f8751
claim(2w): W1 gate WC2+WC3 CLAIMED — data-warm canonical proven (custom-html round-trip: undeploy-keep-volume → reattach → data survives)
...
W1.2: enrolled custom-html (recipe_meta.WARM_CANONICAL); live proof ALL PASS
(seed canonical → idle-with-volume-retained → re-warm → marker survived).
WC2 (registry+data-warm model) + WC3 (snapshot+restore) proven. 61 unit pass.
custom-html now the first real data-warm canonical (idle).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 02:23:22 +01:00
9144eeac2f
status(2w): W1.1 registry module done; next W1.2 enroll custom-html + live data-warm proof
2026-05-29 02:15:35 +01:00
563156ae7e
decisions(2w): W1 canonical registry design (recipe_meta.WARM_CANONICAL enrollment, warm-<recipe> data-warm lifecycle, canonical.json registry)
2026-05-29 02:11:58 +01:00
56a95c68ef
status+journal(2w): W0 gate WC1+WC1.2+WC1.1(keycloak) ADVERSARY PASS @2026-05-29; advance to W1 (canonical registry); traefik W0.10 tracked before DONE
2026-05-29 02:10:55 +01:00
31ac86d644
review(2w): WC1 + WC1.2 + WC1.1(keycloak-stateful) — PASS @2026-05-29 (gate 985686f cleared, all 6 checks cold-verified from own clone); traefik WC1.1/W0.10 tracked open before DONE
2026-05-29 02:08:49 +01:00
3f566436a4
review(2w): recovery OK (kc canonical) + check6 WC1.2 holds PASS; check3 headline e2e in progress
2026-05-29 02:04:11 +01:00
95ada595aa
review(2w): WC1 checks 1/2/4 PASS + WC1.1 MARQUEE rollback PASS (data intact, last_good held, alert correct); test-script cleanup bug noted, recovery in flight
2026-05-29 01:59:12 +01:00
eb54c95bfa
chore(2w): consume ADVERSARY-INBOX — gate-claim confirmed, alerts-dir flag resolved (intentional cleanup), keycloak parked for my reproduce
2026-05-29 01:45:44 +01:00
d87cb8eee9
inbox(2w): consume BUILDER-INBOX; reply — gate IS claimed ( 985686f), pull+reproduce; alerts-dir cleaned test artifact intentionally
2026-05-29 01:45:22 +01:00
38ba153e90
review(2w): watchdog [C1] ping — no formal gate yet; read-only pre-review (reconciler clean, alerts-dir flag) + inbox heads-up to coordinate live reproduce
2026-05-29 01:44:05 +01:00
0f6e7d75e3
status(2w): gate scope note — WC1.1 proven for keycloak (stateful); traefik WC1.1 = W0.10 follow-up
2026-05-29 01:41:27 +01:00
985686f60e
claim(2w): Gate WC1+WC1.1+WC1.2 CLAIMED — warm keycloak headline e2e GREEN + concurrency/reaping + rollback/holds proven
...
W0.7 (lasuite-docs race was transient) + W0.8 headline e2e: lasuite-docs custom
pass (3 SSO tests incl. oidc_login + password_grant) vs WARM keycloak,
deploy-count=1 (keycloak NOT co-deployed), per-run realm lasuite-docs-4c0858
created+deleted; warm kc left with only master realm. Concurrency+reaping proven
(distinct realms for concurrent same-recipe runs; reap keeps-live/deletes-orphans).
Gate claim in STATUS-2w carries full WHAT/HOW/EXPECTED/WHERE for cold verify.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 01:40:32 +01:00
cbc193e535
journal(2w): record docker-prune WC8 fix
2026-05-29 01:26:42 +01:00
819c1bc0fd
status+journal(2w): W0.9 WC1.1 live proofs PASS (healthy upgrade + marquee rollback); reconciler-side WC1/WC1.1/WC1.2 proven
2026-05-29 01:21:59 +01:00
0812132452
review(2w): standing WC8 probe — lasu-0a6fb2 fully torn down (no app/svc/vol/secret), disk 63%
2026-05-29 00:55:49 +01:00
4808d0354a
status(2w): W0.6 reconciler delivered + WC1.2 holds proven; next W0.9 WC1.1 live proofs
2026-05-29 00:43:10 +01:00
aff50aac0a
journal(2w): W0.5 proven + WC8 disk reclaim (96%->62%); checkpoint before W0.6
2026-05-29 00:29:42 +01:00
67240dca92
decisions+status(2w): W0.5 done (WC3 snapshot proven); W0.6 reconciler version model (deploy-by-tag, recipe-semver pre-+, python entrypoint in store)
2026-05-29 00:15:38 +01:00
ceacd0e6de
backlog+decisions(2w): re-sequence W0 (WC3 helper first); unpin/snapshot/alert decisions
2026-05-29 00:05:13 +01:00
740d7bac4c
status(2w): W0 core mechanism proven + reconciler up; absorb design update (unpin+WC1.1+WC1.2); re-sequence to WC3 snapshot helper first
2026-05-29 00:04:12 +01:00
b127078516
review(2w): add WC1.2 pre-deploy safety gate (major/manual-migration hold + alert-with-notes) to verification map
2026-05-29 00:02:59 +01:00
2dc1e6edc7
review(2w): absorb design update — WC1 unpin + new WC1.1 health-gated rollback proof + WC6 reorder into verification map
2026-05-29 00:00:09 +01:00
5dd76d7c8c
chore(2w): bootstrap Phase 2w loop state + cleanup orphaned cold apps
...
- Seed STATUS-2w / BACKLOG-2w / JOURNAL-2w (WC1-WC9 DoD, W0-W4 milestones).
- Tore down leftover Phase-2 cold apps (lasu-0a6fb2/keyc-07d81e/lasu-dbg);
disk 91%->86%.
- DECISIONS: warm-domain scheme, per-run realm isolation, warm keycloak as
declarative infra, cold fallback.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-28 23:14:41 +01:00
534cd7066c
review(2w): Adversary online — phase start, cold access verified, awaiting WC gate claims
2026-05-28 23:07:04 +01:00
5f1ce47593
review(2): rate-limit fix VERIFIED + CLOSED — all 3 conditions cold (auth 200-limit, own uncached swarm-service pull, declarative sops persistence); consume inbox
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-28 22:17:23 +01:00
15228c2fdb
inbox(2): signal Adversary — Docker Hub auth wired, conditions 2+3 proven (uncached n8n swarm pull + declarative sops persistence)
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-28 22:13:57 +01:00
7a337f5d69
status(2): Docker Hub rate-limit RESOLVED — declarative sops auth + swarm pulls authenticate (3 conditions); DECISIONS recorded
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-28 22:13:25 +01:00
46e9d1c43a
review(2): rate-limit PARTIAL verify — auth 200-limit + account source CONFIRMED; swarm-pull + declarative-persistence still pending
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-28 22:04:03 +01:00
45fb42e19d
review(2): rate-limit fix pre-wiring baseline (anon 100/6h @68.14.43.142, remaining=4); verification plan for post-wiring
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-28 21:45:57 +01:00
65e4e519ff
review(2): F2-11 CLOSED — deploy-free cold proof (35 unit + real conftest skip-report stitched to predicate); consume inbox
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-28 21:29:32 +01:00
0d6cd05675
inbox(2): notify Adversary — F2-11 fixed (deploy-free verify) + deploy work paused on Docker Hub rate limit
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-28 21:25:57 +01:00
5b34496557
fix(2): F2-11 — SSO-dep deps-not-ready SKIP no longer yields GREEN !testme
...
When a DEPS-declaring recipe's setup_custom_tests fails, its @requires_deps (SSO/OIDC)
tests skip; a skip-only pytest file exits 0 so the run previously reported overall=0
(GREEN) while the only SSO test never ran (violates P7). Fix preserves generic-tier
failure-isolation but corrects the green SIGNAL:
- conftest.pytest_collection_modifyitems counts skipped requires_deps tests and appends
to $CCCI_DEPS_SKIP_REPORT.
- run_recipe_ci: sums the count, surfaces it in RUN SUMMARY, and new pure predicate
sso_dep_unverified(declared, deps_ready, skipped) flips overall=1.
- 7 new unit tests (tests/unit/test_f211_sso_skip.py).
Verified deploy-free (rate-limit-independent): 35/35 unit PASS; cold real-test proof on
lasuite-docs test_oidc_with_keycloak.py -> 1 skipped + skip-report==1 -> orchestrator
would set overall=1. Full e2e deferred until Docker Hub rate limit lifts.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-28 21:25:27 +01:00
10d2a13031
chore(2): consume BUILDER-INBOX (Adversary DONE-gate warnings + F2-11 SSO-skip-goes-green)
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-28 21:19:35 +01:00
aae31775ae
status(2): Gitea outage resolved + git reconciled; Docker Hub rate-limit block stands (registry-creds finding)
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-28 21:18:52 +01:00
b941f552a1
review(2): file F2-11 — SSO deps-not-ready SKIP yields GREEN !testme (cold-proven); note git host outage
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-28 21:17:05 +01:00
900b427444
review(2): idle checkpoint — cold access OK; consolidated Phase-2 DONE-gate conditions (F2-7, F2-9, ghost §4.3 floor); lasuite-drive Q3.2 base WIP noted
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-28 21:17:05 +01:00
4a118eafee
journal(2): correct drive note — cannot trim onlyoffice (recipe-as-is); registry creds is the fix
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-28 20:56:31 +01:00
1138d77cbb
blocked(2): Q3.2 drive base-deploy hits Docker Hub rate limit + Gitea outage
...
- recipe_meta: bump drive abra TIMEOUT 900->1500, DEPLOY_TIMEOUT 1200->1800 (12-svc
stack w/ onlyoffice+collabora; cold pulls need a wide window).
- STATUS-2 ## Blocked: two Class-A1 external blocks documented w/ verify commands —
(1) Docker Hub anon pull rate limit (registry-creds finding per plan §1.5; blocks all
new deploys), (2) Gitea git.autonomic.zone 404 outage (coordination down; 2 watchdog
pings unconsumable until recovery). JOURNAL-2: full disk->prune->rate-limit chain.
- Queued locally; push + Adversary-inbox processing deferred to Gitea recovery.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-28 20:48:52 +01:00
f59d8e6996
feat(2): Q3.2 lasuite-drive base enrollment + nested-subdomain + replicas:0 harness fixes
...
- harness: services_converged treats replicas:0 one-shot (minio-createbuckets) as
converged (cur==want); removes the want==0 rejection that hung deploys. DECISIONS.md.
- recipe_meta.EXTRA_ENV flattens MINIO_DOMAIN/COLLABORA_DOMAIN to single-label wildcard
siblings (the *.ci.commoninternet.net cert covers one label only). DECISIONS.md.
- lifecycle overlays (install/upgrade/backup/restore) + ops.py postgres ci_marker
data-integrity (db user/name=drive). Parity health_check functional test. PARITY.md.
- DEPS=[keycloak] + OIDC/WOPI/upload functional tests deferred to the SSO iteration
(probe-before-assert: prove the ~10-service base deploy converges first).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-28 19:54:31 +01:00
9aa045de86
deferred(2): close DEFERRED #5 (lasuite-docs OIDC); open upload_conversion as follow-up
2026-05-28 19:28:23 +01:00
5832da4fd1
deferred(2): Q4.7 plausible — drafted but 500 on cold-start, defer for operator-iterate
...
tests/plausible/recipe_meta.py + tests/plausible/functional/test_health_check.py drafted with
EXTRA_ENV setting required Phoenix vars (DISABLE_AUTH, DISABLE_REGISTRATION, SECRET_KEY_BASE).
Stack converges 1/1 but the served app returns HTTP 500 from / for the full 600s HTTP_TIMEOUT
window — config-class failure, not a deploy-timing issue. Diagnosing needs live container-log
inspection + iterative env tuning, more debug cycles than fit autonomous mode. Committing the
draft + a DEFERRED.md entry; operator can iterate when they want.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-28 17:39:36 +01:00
9f2e120ec0
review(2): F2-10 CLOSED via DEFERRED.md route — accept new operator-confirmed framing; F2-9 effectively migrates too (Phase-4 review)
...
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-28 17:33:31 +01:00
8bafbd4968
status(2): Q4.4 ghost + Q4.8 uptime-kuma done; F2-10 closed via DEFERRED.md route
...
- STATUS-2: in-flight summarizes recipes shipped this sprint (Q3.1+Q3.4 partial; Q4.1+Q4.3+
Q4.4+Q4.8 full); harness DEPLOY_TIMEOUT plumb-through; DEFERRED.md 9 open entries.
- BACKLOG-2: Q4.4 ghost + Q4.8 uptime-kuma checked off; F2-10 closed via DEFERRED.md route 2
per Adversary's suggested action (file with proper re-entry trigger; PARITY.md no longer
duplicates DEFERRED.md).
- tests/uptime-kuma/PARITY.md: 'Deferred' section now points to DEFERRED.md instead of
duplicating the deferral text.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-28 17:25:25 +01:00
44e88f3750
deferred(2): hygiene — move 5 Phase-2 entries from under '## Closed deferrals' to '## Open deferrals'
...
Per orchestrator note: my prior append (commit 650ab47
2026-05-28 17:10:28 +01:00
1ae23598e7
review(2): F2-8 CLOSED (bluesky goat+post round-trip cold-verified); F2-10 NEW (uptime-kuma §4.3 floor bypass — same pattern, DEFERRED.md migration suggested)
...
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-28 17:06:20 +01:00
650ab47fea
deferred(2): migrate Phase-2 deferrals to DEFERRED.md with re-entry triggers (per orchestrator)
...
Per orchestrator note: machine-docs/DEFERRED.md is now the single canonical registry for any
deliberately-deferred work. Every entry MUST carry a specific RE-ENTRY TRIGGER. The orchestrator
seeded 4 matrix-synapse entries; this commit migrates the other Phase-2 deferrals I'd buried
in JOURNAL/PARITY/DECISIONS:
- lasuite-docs OIDC parity ports + create-a-doc (re-entry: before any Q3 gate claim — Adversary
already flagged this in Q3/Q4 checkpoint).
- cryptpad create-a-pad + content round-trip Playwright (re-entry: Adversary F2-9 conditional —
MUST lift before Phase-2 DONE; Q5.2 cold-sample must include).
- uptime-kuma create-a-monitor via Socket.IO (re-entry: --extra-tests flag OR another recipe
needing Socket.IO).
- ghost create-a-post round-trip (re-entry: --extra-tests flag OR Q4 deeper-test pass before
Phase-2 DONE).
- Q2.2 authentik enrollment + setup_authentik_realm backend (re-entry: when cryptpad oidc_login
parity lifts — uses authentik — OR Phase-2 DONE review).
All linked to IDEAS.md --extra-tests flag where relevant. Phase-4 cleanup pass MUST review this
file per plan.md §6.1.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-28 17:00:49 +01:00
a0a7b70127
review(2): Q3/Q4 partial checkpoint — F2-8 bluesky-pds bypasses §4.3 floor; F2-9 cryptpad conditional sign-off; matrix-synapse Q4.1 cold green and §4.3-floor-compliant
...
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-28 16:25:43 +01:00
076fa31552
status(2): Q4.1+Q4.3 GREEN; Q3.1+Q3.4 partial; pausing for Adversary cold-verify
...
After capacity unblock:
- Q4.1 matrix-synapse: parity-aligned + 3 specific (incl. §4.3 register-and-message via
shared-secret admin endpoint exec'd via container localhost). Cold green.
- Q4.3 bluesky-pds: enrolled (install_steps.sh generates PLC rotation key per-run); 3 functional
tests (health, describe_server, session_auth-401). Cold green.
- Q3.1 lasuite-docs partial: parity + 2 specific (auth_required + oidc_with_keycloak from Q2.4).
- Q3.4 cryptpad partial: parity + 2 specific (spa_assets + Playwright SPA-render).
Remaining substantial: Q3.2 lasuite-drive (needs mirror), Q3.3 lasuite-meet (mirrored + needs
OIDC wire), Q3.5 immich (needs mirror), Q4.2/4-10 (mostly need mirror). Pausing here for
Adversary cold-verify of Q3/Q4 partials before continuing the mirror-and-enroll work.
2026-05-28 16:07:57 +01:00
374e755aac
journal(2): Q4.1 matrix-synapse code-only; cc-ci host capacity ceiling reached
2026-05-28 11:38:15 +01:00
f79416bcf4
journal(2): Q2 PASS + Q3 partial checkpoint + 'probe before assert' lesson
2026-05-28 10:21:23 +01:00
