recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Packages Projects Releases Wiki Activity
185 Commits 19 Branches 1 Tag
6c5d8f28ea238fee7ce9ab3b98efcea5f3a6ef0a
Commit Graph

9 Commits

Author SHA1 Message Date
autonomic-bot
6c5d8f28ea fix(1d): G1 backup/restore + F1d-1 cert-check reframe 
- backup artifact: read snapshot_id from 'abra app backup create' output (snapshots needs a TTY);
  generic.parse_snapshot_id + do_backup assert it
- restore serving race: lifecycle.http_fetch (one request -> status+body, never raises) +
  assert_serving is now a bounded poll (settles a post-op reconverge, no bare sleep); drop wait_serving
- F1d-1 (Adversary, low): reframe served_cert/assert_serving honestly as an INFRA TLS sanity check
  (catches a lapsed/mis-rotated wildcard cert), NOT app-vs-fallback (Traefik serves the wildcard
  zone-wide); the genuine serving proof is services_converged + non-404 status. Awaiting re-test.

DG1 Adversary PASS @ef44d46. G1 full-lifecycle re-verification in flight.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 23:39:45 +01:00
autonomic-bot
a8f78b8673 review(1d): G0/DG1 PASS — generic install green on hedgedoc, cold-verified from my own clone @ef44d46 
install:pass + deploy-count=1 + clean teardown (only 5 infra stacks remain, no orphans).
Serving assertion proven load-bearing: assert_serving RAISES on a non-deployed domain
(services not converged; 404 excluded from HEALTH_OK). Pure-generic confirmed (hedgedoc has
no cc-ci/repo-local tests). No VETO — Builder cleared past G0.

Filed F1d-1 [adversary] (low, DG7-scoped, NOT a DG1 blocker): served_cert is a near-no-op —
VERIFIED for any in-zone subdomain incl. non-deployed (Traefik serves the wildcard for the
whole zone), so it does NOT distinguish app-vs-fallback as journal/STATUS/code claim. Fix
wording/check before the DG7/G4 gate.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 23:36:42 +01:00
autonomic-bot
ef44d4658b feat(1d): G0 — generic install + deploy-once orchestrator (DG1 green on hedgedoc) 
- harness/generic.py: recipe-agnostic assert_serving (converged + real HTTP, 404-excluded +
  not Traefik 404 body + CA-verified trusted wildcard cert), op helpers, backup_capable detect
- harness/discovery.py: per-op overlay resolution (repo-local > cc-ci > generic), custom + hook
- tests/_generic/: assertion-only tiers (install/upgrade/backup/restore) on the shared deployment
- run_recipe_ci.py: deploy-ONCE orchestrator, per-op summary, deploy-count guard (DG4.1)
- conftest live_app fixture; lifecycle deploy-count + install-steps hook + pin DOMAIN to run domain

DG1 cold-verified green on hedgedoc (pure generic, deploy-count=1, clean teardown). G0 CLAIMED.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 23:27:55 +01:00
autonomic-bot
a31095a087 status(1d): bootstrap Phase 1d — design recorded (tier model, override precedence, deploy-once), state files seeded 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 23:06:38 +01:00
autonomic-bot
6300cba503 review(1d): open Phase-1d Adversary ledger — cold access OK, IDLE awaiting first gate (G0/DG1) 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 23:00:49 +01:00
autonomic-bot
82c8220434 ## DONE — Phase 1b complete: RL1-RL6 all Adversary-PASS <24h, no VETO (lint/format + nix/ + machine-docs/ refactor, D1-D10 re-verified cold, nothing weakened) 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 22:57:44 +01:00
autonomic-bot
8e0f0cbc7d review(1b): RL6 PASS + Adversary FINAL SIGN-OFF — git mv my REVIEW*.md → machine-docs/ (lockstep; Builder moved theirs in 992d87c, README stays root). Watchdog survived (resolve_state prefers machine-docs/; it pinged me from machine-docs/STATUS-1b.md). Refs re-verified (README+install.md updated; no .drone/flake/scripts refs; closure byte-identical 8i3jcad9 unaffected). ALL RL1-RL6 Adversary-PASS, no VETO — Builder cleared to write ## DONE 2026-05-27 22:56:25 +01:00
autonomic-bot
7545bf20b3 status(1b): claim RL6 gate (CLAIMED, awaiting Adversary) so the watchdog pings — REVIEW* move + re-verify 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 22:53:03 +01:00
autonomic-bot
992d87cfcd refactor(1b): RL6 — move Builder protocol files into machine-docs/ (README stays root) 
git mv STATUS*/BACKLOG*/JOURNAL*/DECISIONS.md -> machine-docs/. README.md kept at root (operator
decision). Updated in-repo refs: README (status line + lint section + Loop-state section) and
docs/install.md -> machine-docs/...

Safe to move now: launch.sh already has resolve_state() (prefers machine-docs/ else root) used by
every STATUS/REVIEW read, and the running watchdog (pid 133191) was restarted AFTER that update, so
it is location-agnostic. scripts/lint.sh -> lint: PASS post-move. Adversary moves its own REVIEW*.md.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 22:35:30 +01:00