7282caef30
journal(2): mailu Q4.9 enrollment plan + discourse Q4.6 block recorded (handoff to next iteration)
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 20:54:21 +01:00
bdc05e24c4
status/backlog(2): Q4.6 discourse blocked (bitnami images gone); pivot to Q4.9 mailu (images pullable)
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 20:53:09 +01:00
848cc31fea
deferred(2): Q4.6 discourse BLOCKED — upstream bitnami/discourse images removed from Docker Hub (undeployable)
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 20:52:14 +01:00
ca7acf3d52
feat(2): Q4.6 discourse — recipe_meta + postgres P4 overlays + health (WIP, §4.3 create-topic next)
...
discourse (forum: postgres+redis+sidekiq). HEALTH_PATH=/srv/status (slow Rails boot, DEPLOY_TIMEOUT=1800).
P4 via postgres ci_marker (db service, pg_dump backupbot — matrix-synapse pattern). Health functional
test. §4.3 create-a-topic + PARITY.md to follow after smoke discovers the admin/API bootstrap path.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 20:38:25 +01:00
e36656f688
status(2): Q4.2 mumble Adversary PASS (REVIEW-2 1daa1ea) — DONE; advancing to discourse
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 20:35:50 +01:00
1daa1ea067
review(2): Q4.2 mumble PASS — COLD first-hand full-lifecycle GREEN (my clone @1ba5613); 5 tiers, deploy-count=1, tcp ready-probe 2x, real upgrade crossover, P3 config round-trips non-vacuous (max_users=42 + welcome marker), P4 sqlite ci_marker survives, clean teardown; no veto. Minor: leftover mumb-smoke volume (housekeeping)
2026-05-29 20:34:57 +01:00
f4e11d4cca
journal(2): next-recipe recon — discourse chosen (only remaining recipe with a backup mechanism for real P4)
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 20:33:03 +01:00
1ba56139fb
claim(2): Q4.2 mumble full lifecycle GREEN — awaiting Adversary
...
mumble (§5 TCP/voice recipe) all 5 tiers green: install+upgrade(real 0.2.0→1.0.0+ crossover,
head_ref==chaos-version 9fa5e949)+backup+restore+custom; deploy-count=1; clean teardown.
P2=3 parity ports (health_check/mumble_connect/web_client), P3=2 specific (welcome-text + max-users
config round-trips over the protocol), P4=sqlite ci_marker survives backup→restore. ready-probe OK
(tcp 3x) twice. Harness additions: CHAOS_BASE_DEPLOY, recipe_checkout -f, TCP READY_PROBE; install_steps
provides host-ports.yml. Log /root/ccci-mumble-full6.log; HOW/EXPECTED/WHERE in STATUS-2 Gate Q4.2.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 20:25:37 +01:00
ec76072489
fix(2): Q4.2 mumble — TCP voice-server READY_PROBE gates backup past upgrade host-port churn
...
Diagnostic (RECIPE=mumble STAGES=install,backup,restore,custom, no upgrade) PROVED backup+restore green
on a stable 1.0.0 deploy incl. ci_marker survival (P4). The full-run backup 409 ('container not
running') was the chaos UPGRADE redeploy: host-mode 64738 must be released by the old task + rebound by
the new, and HEALTH_PATH '/' only proves the mumble-web sidecar (not the voice server), so wait_healthy
passed while the app churned → backup-bot execed a not-running container. Fix: extend
lifecycle.wait_ready_probes to support a TCP probe ({tcp_host,tcp_port,stable=N consecutive connects});
mumble recipe_meta READY_PROBE returns 64738 (stable=3) so the harness waits for the voice server up
after install AND upgrade before backup.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 20:19:07 +01:00
1890cb58f3
fix(2): recipe_checkout force (-f) — fixes mumble upgrade-tier checkout collision with cc-ci overlay
...
git checkout <head_ref> aborted on the untracked install_steps-provided compose.host-ports.yml (which
head_ref tracks). Force-checkout yields the exact ref tree. Also fixes the mumble restore tier: backup
labels exist only in 1.0.0+, so backup/restore are meaningful only after the (now-working) upgrade moves
the app to head_ref. DECISIONS.md updated.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 20:03:41 +01:00
191fa774ec
review(2): Q4.2 mumble PRE-CLAIM code audit (NOT a verdict) — P7 non-vacuous at code level; cold-verify checklist staged for when claimed
2026-05-29 19:59:48 +01:00
850c3c4fb9
inbox(2): consume Adversary node-free/mumble-unblocked notice (already acting — mumble run in flight)
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 19:58:57 +01:00
7054e9bcd0
review(2): Q4.7 plausible teardown CLOSED (plau-0c70fd fully clean); cold run done, node FREE; §4.3 first-hand PASS still pending; inbox-notify Builder mumble unblocked
2026-05-29 19:58:01 +01:00
a0fd58b4c5
fix(2): Q4.2 mumble — set sqlite busy timeout via silent .timeout dot-command, not PRAGMA
...
PRAGMA busy_timeout=N emits its own result row, polluting the read-back parse (seed read back
'20000\nupgrade-survives' → AssertionError 'seed did not commit', failing upgrade/backup/restore ops
— though the INSERT actually committed). Switch _sqlite to 'sqlite3 -cmd ".timeout 20000"' which sets
the busy timeout silently. install+custom already green (handshake/welcome/web/tcp PASS); this fixes
the P4 lifecycle ops.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 19:54:10 +01:00
27abce678b
review(2): Q4.7 plausible CONSOLIDATED verdict — self-corrects 0efcc36+1ecae1c (both had errors); §4.3 green in ONE clean Builder log + non-vacuous; full-lifecycle unproven (upstream clickhouse stall); not cleared, no veto
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 19:45:51 +01:00
3360f1b266
status(2): Q4.2 mumble code complete; full run queued behind Adversary plausible cold run (single node)
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 19:34:22 +01:00
999dd0d564
fix(2): Q4.2 mumble — CHAOS_BASE_DEPLOY meta flag for chaos base deploy (clean-tree gate)
...
mumble's pinned base deploy (prev version 0.2.0) FATAs 'has locally unstaged changes' because
install_steps provides an untracked compose.host-ports.yml. New recipe_meta CHAOS_BASE_DEPLOY=True +
lifecycle._recipe_meta_flag + deploy_app branch -> base uses chaos (skips clean-tree/lint, deploys the
checked-out pinned version, not LATEST), mirroring the lightweight-tag chaos-base path. DECISIONS.md
records the full mumble enrollment design.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 19:32:48 +01:00
1b6c77c76a
inbox(2): consume Adversary BUILDER-INBOX (Q4.7 plausible evidence) — corrected by review 1ecae1c (§4.3 green substantiated)
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 19:31:21 +01:00
1ecae1ce27
review(2): Q4.7 plausible CORRECTION — retract 'no evidence'; §4.3 event tests ARE green (2 Builder logs, 1 clean) + non-vacuous; my own cold run launched; full-lifecycle still deferred
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 19:30:26 +01:00
38db17af0c
status(2): ACK Adversary Q4.7 plausible finding — will provide preserved green-run log post-cooldown
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 19:28:54 +01:00
6bf0425f50
fix(2): Q4.2 mumble — provide host-ports overlay for every version via install_steps
...
The upstream compose.host-ports.yml exists only from v1.0.0+, but the upgrade-tier base deploy is
the previous published version (0.2.0+), which predates it — so EXTRA_ENV's COMPOSE_FILE failed to
resolve on the base deploy (config --images rc=14, deploy FATA). install_steps.sh now copies a
cc-ci-owned identical overlay into the recipe checkout when absent, so 64738 is host-published for
every version (base + upgrade) and on-host protocol tests reach 127.0.0.1:64738.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 19:27:38 +01:00
0efcc36207
review(2): Q4.7 plausible — deferral sound + test content non-vacuous, but '§4.3 proven green' UNVERIFIED (no evidence log on host); Q4.7 not cleared
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 19:26:59 +01:00
6841048aae
feat(2): Q4.2 mumble — parity port (health/protocol-handshake/web) + 2 specific + P4 sqlite
...
- functional/_mumble_proto.py: stdlib Mumble TLS protocol client (adapted from corpus mumble_connect.py)
- 3 parity ports: test_tcp_health, test_protocol_handshake (channel presence+ServerSync), test_web_client
- 2 NEW recipe-specific (P3): welcome-text + max-users config round-trips over the protocol
- P4: ops.py + test_backup/test_restore seed ci_marker in /data/mumble-server.sqlite (recipe's own backupbot DB), busy_timeout for live-server locks
- test_install overlay: voice server listening on 64738 (beyond web-sidecar readiness)
- recipe_meta: COMPOSE_FILE=compose.yml:mumbleweb:host-ports; WELCOME_TEXT/USERS markers
- PARITY.md mapping table
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 19:20:56 +01:00
265eae5365
status(2): Q4.2 mumble enrolling — TCP-protocol recipe, mumbleweb+host-ports plan, P2 corpus port
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 19:13:39 +01:00
7851f0450d
status(2): Q4.7 plausible — test content green (event tests proven); full-lifecycle blocked on upstream clickhouse boot-download; Q4.7b recipe-PR deferred
2026-05-29 18:56:11 +01:00
19f1ea6da4
decisions(2): plausible clickhouse-backup boot-download = upstream robustness defect; recipe-PR deferred (Q4.7b)
2026-05-29 18:55:45 +01:00
f9ebb3f610
journal(2): Q4.7 plausible — root cause of clickhouse-backup boot-download crash-loop + decision
2026-05-29 18:48:56 +01:00
b4f39cb51a
fix(2): plausible install overlay — assert /api/health subsystems, not / (auth_controller 500s under headless DISABLE_AUTH; / is not a valid readiness probe)
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 18:13:20 +01:00
3943cd80e5
feat(2): Q4.7 plausible — §4.3 event-tracking functional tests + PARITY.md; /api/health readiness probe
...
- functional/test_event_tracking.py: 2 recipe-specific tests (P3) — register site → POST /api/event
(browser UA) → read back from clickhouse events_v2. test_pageview_event_roundtrip asserts stored
name/pathname/hostname; test_custom_event_roundtrip asserts a custom-named goal lands under that name.
- test_health_check.py: probe /api/health (200, asserts clickhouse+postgres+sites_cache ready) — fixes
the broken/unterminated docstring from the prior WIP edit; / is unreliable (500 init / 302 ready).
- recipe_meta.py: HEALTH_PATH=/api/health, HEALTH_OK=(200,); comment corrected.
- PARITY.md: P2 vacuous (no recipe-maintainer corpus); documents P3/P4 coverage.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 18:05:16 +01:00
baae41fe10
fix(2): plausible HTTP_TIMEOUT 600→1200 + DEPLOY_TIMEOUT 1200 — app 500s until clickhouse/migrations ready
...
v1 failed wait_healthy 'not healthy / (last status 500)': plausible's app starts before clickhouse
(plausible_events_db) is ready (recipe depends_on names events_db, mismatched → no swarm ordering) and
returns 500 until DB migrations finish (several min on cold deploy). It serves 302 once ready; widen
the health window.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 16:34:11 +01:00
f0f6b6f545
feat(2): Q4.7 plausible — ops + lifecycle overlays (postgres ci_marker; pg_dump backup hook)
...
plausible (analytics; app + postgres db + clickhouse events_db). recipe_meta stub (DISABLE_AUTH/
REGISTRATION + SECRET_KEY_BASE) + health test pre-existing. Added ops.py (postgres ci_marker via db
service, container-env psql) + test_install/upgrade/backup/restore overlays. plausible's postgres has a
real pg_dump backup/restore hook (so P4 marker survives, unlike immich). §4.3 event-tracking test next
(after live-API discovery). Tags annotated.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 16:21:15 +01:00
1dd7376ff4
status(2): HQ1 image pre-pull Adversary PASS ( 0215bd2)
2026-05-29 16:19:27 +01:00
0215bd2203
review(2): PASS gate HQ1 image pre-pull (claim 475ad5c/code 2bf40d6) — 4 unit pass (non-vacuous, raises on pull-fail); LIVE warm-cache skip (present n8n, zero network); LIVE bad-tag RAISES clear pull error BEFORE deploy (manifest unknown, not converge timeout); abra deploy real+UNCHANGED (prepull before, no service update/scale); honest scope (pull-time not init-time). No VETO
2026-05-29 16:18:28 +01:00
475ad5c774
claim(2): HQ1 image pre-pull — warm local store before deploy (4 unit tests + warm-cache-skip + bad-tag-clear-error + abra-unchanged)
...
lifecycle.prepull_images (commit 2bf40d6noreply@anthropic.com >
2026-05-29 16:14:25 +01:00
2bf40d69d6
feat(2): HQ1 image pre-pull (plan-prepull-images.md) — warm local store before deploy
...
lifecycle.prepull_images(recipe, domain): resolve images via docker compose config --images (COMPOSE_FILE
from the app .env — handles $VERSION interpolation + multi-compose) → docker pull each, skip-if-present
(zero network for cached pinned tags). Called in deploy_app before the (unchanged, real) abra.deploy AND
in generic.perform_upgrade before the chaos redeploy (warms new-version images). A pull failure RAISES a
clear pre-deploy error (not a converge timeout); deploy path unchanged (no docker service update/scale).
Removes PULL time not app-INIT time. 4 unit tests (tests/unit/test_prepull.py): present→skip, missing→
pull, pull-fail→raise, no-images→skip. NOT claimed yet — validating cold-verify criteria next.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 16:02:21 +01:00
e6e5436942
backlog(2): Q3.5 immich [~] partial — 4/5 green + §4.3; restore P4 blocked by upstream recipe (pg_dump hook needed, DEFERRED)
2026-05-29 15:54:10 +01:00
9272c20727
journal/deferred(2): Q3.5 immich PARTIAL — restore P4 blocked by upstream recipe (volume backup, no pg_dump hook); recipe-PR unit filed (drive/meet pg_backup.sh pattern)
2026-05-29 15:53:22 +01:00
250bed4768
status(2): cryptpad F2-9 + F2-13 Adversary CLOSED ( f7ed2d9) — §4.3 create-pad floor demonstrated; DONE-blocker cleared
2026-05-29 15:38:21 +01:00
f7ed2d967c
review(2): cryptpad F2-9 + F2-13 CLOSED — re-verify after fix b44d75b (poll-all-frames). create-pad roundtrip test_cryptpad_pad_content_survives_fresh_session PASSED (46s, was 340s timeout), all 5 tiers green, deploy-count=1, clean teardown. Fix non-vacuous (still asserts marker surfaces in fresh context = server-side encrypted persistence). §4.3 create-pad floor demonstrated; conditional sign-off satisfied
2026-05-29 15:37:12 +01:00
62ac9b59e0
journal/status(2): F2-13 cryptpad read-back robustness FIXED ( b44d75b, poll-all-frames) — 3x green vs cold probe; awaiting Adversary re-verify/F2-9 close
2026-05-29 15:26:25 +01:00
82dc2d733d
feat(2): immich §4.3 asset upload→read-back→thumbnail test + PARITY
...
test_asset_upload.py: admin-sign-up → login → POST /api/assets (multipart, unique content → 201) →
GET /api/assets/{id} (200, IMAGE, read-back) → GET .../thumbnail (200, derivative generated, polled).
Verified GREEN against a live immich probe (app v2.7.5). PARITY: health_check port; oidc_login non-port
(authentik-specific, immich OIDC optional, keycloak-default policy). §4.3 floor + characteristic
derivative-generation feature met.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 15:13:11 +01:00
b44d75b89c
fix(2): F2-13 cryptpad roundtrip read-back robustness — poll all frames for marker
...
Adversary cold-verify of F2-9 FAILED: the read-back's CKEditor-frame-attach wait timed out on a fresh
cold context (flaky, not 3x-reliable). Fix: read-back now polls EVERY frame's body text for the marker
(don't require the specific ckeditor-inner frame to attach — that's the flaky part) with a generous
~240s deadline + periodic reloads to unstick cold loads. The marker appearing in a fresh context still
proves server-side E2E-encrypted persistence (only URL+fragment key carried over). Also bumped the
session-1 post-type sync wait 9s→12s. F2-13 Adversary-owned; will validate cold before it closes F2-9.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 15:08:52 +01:00
1cbb1ccd73
review(2): cryptpad F2-9 NOT closed — create-pad roundtrip read-back leg FAILED on cold-verify (CKEditor frame never attached on fresh context, line 133; 1 failed in 340s) → test is flaky not 3x-reliable. Filed F2-13: make read-back robust before F2-9 closes. install/upgrade/backup/restore pass, only the §4.3-floor pad-persist test red; teardown clean. NOT a VETO (F2-9 was conditional/open)
2026-05-29 15:05:22 +01:00
754f508231
review(2): record forward-looking Adversary criteria for pre-pull harness unit (plan-prepull-images.md) — verify warm-cache no-redownload + bad-tag=clear-pull-error-pre-deploy + abra stays real/unchanged + honest scope (pull-time not init-time; F2-12 init races still need healthcheck)
2026-05-29 14:58:38 +01:00
f8af5b2307
backlog(2): HQ1 — image pre-pull harness unit (plan-prepull-images.md), near-term; fixes the first-deploy 'No such image' race
2026-05-29 14:56:18 +01:00
d4eae4ee49
fix(2): set time.timeZone=UTC on cc-ci → create /etc/localtime (immich bind-mount)
...
immich's compose bind-mounts the host /etc/localtime into the app container; NixOS without a set
timezone leaves /etc/localtime absent → 'bind source path does not exist: /etc/localtime' → app
service rejected (never converges). time.timeZone=UTC creates /etc/localtime (UTC = deterministic CI
timestamps). Nix-declared, reversible; helps any recipe binding /etc/localtime.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 14:51:33 +01:00
b0f1e0b0ad
status(2): Q3.3 lasuite-meet Adversary PASS ( a46f7d4); immich Q3.5 validating
2026-05-29 14:44:09 +01:00
98a37d44b5
feat(2): Q3.5 immich enrollment (recipe_meta + ops + lifecycle overlays + health parity)
...
immich (object-storage/large-volume photo mgmt; D10 category): 3 services (app incl. ML + web, redis,
database/postgres), self-contained (no SSO dep — local admin; OIDC optional). recipe_meta (HTTP health,
DEPLOY_TIMEOUT=1500), ops.py postgres ci_marker (postgres/immich, backupbot-labelled), lifecycle
overlays, health_check parity. §4.3 upload-asset→list→thumbnail test next (after live-API discovery).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 14:40:57 +01:00
a46f7d4593
review(2): PASS gate Q3.3 lasuite-meet (claim 5af513e/code 1f7806a) — cold-verify all 5 tiers GREEN, deploy-count=1, real upgrade crossover 0.2.0+v1.15.0->0.3.0+v1.16.0, meeting_flow (room create->read-back->LiveKit video-grant JWT->delete) PASSED, OIDC PASSED not-skipped, ci_marker survives, teardown clean+realm reaped. WebRTC media-relay non-port: ADVERSARY SIGN-OFF (genuine UDP env-blocker, maximal subset=LiveKit token issuance shipped)
2026-05-29 14:40:15 +01:00
5af513e2c8
claim(2): Q3.3 lasuite-meet — full lifecycle green (meeting_flow §4.3 + OIDC; R014 chaos-base; webrtc env-blocker non-port)
...
lasuite-meet full suite GREEN (log /root/ccci-meet-full6.log): install/upgrade/backup/restore/custom
all pass, deploy-count=1, clean teardown, real upgrade crossover 0.2.0+v1.15.0→0.3.0+v1.16.0.
- §4.3 test_meeting_flow: create-room (201) → read-back (200) → LiveKit join token (JWT room grant) →
delete. test_oidc_password_grant PASSED. Parity: health_check + oidc_login. Reused lasuite-drive
OIDC-at-install machinery.
- R014 fix (72719fenoreply@anthropic.com >
2026-05-29 14:33:31 +01:00
