91a8e8d64c
review: M2 live-trigger probe (expect Drone build #4 green)
continuous-integration/drone/push Build is passing
2026-05-26 23:27:14 +01:00
1c81279fda
M3 start: comment-bridge source (stdlib) + bridge secrets in sops
...
continuous-integration/drone/push Build is passing
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-26 23:17:30 +01:00
e251a1177c
M2 GATE: green build via push (Drone + exec runner); OAuth bootstrap script + docs
...
continuous-integration/drone/push Build is passing
Build #1 success (clone+hello on exec runner). Drone<->Gitea OAuth scripted as
one-time bootstrap-drone-oauth.sh. M2 claimed.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-26 23:08:38 +01:00
0d89e2882a
M2: hello-world .drone.yml (exec) for cc-ci self-test
...
continuous-integration/drone/push Build is passing
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-26 23:05:56 +01:00
a385148af9
M2: Drone server + exec runner up; infra as idempotent-reconcile oneshots
...
Convert proxy+drone bring-up to writeShellApplication systemd oneshots that
reconcile every activation (orchestrator steer). pkgs.abra overlay. Runner
connected via RPC (polling, capacity=2). install.md = clone + nixos-rebuild switch.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-26 22:59:59 +01:00
62b23e3a41
STATUS: acknowledge adversary finding A1 (no-ACME enforcement in harness)
...
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-26 22:41:56 +01:00
4d09b1e41e
M2 start: Drone CI decision; Gitea OAuth app + Drone secrets (sops)
...
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-26 22:41:14 +01:00
352f624ce6
review: M1 PASS (cold E2E: wildcard HTTPS via abra+traefik, clean teardown); file [adversary] A1 ACME-hazard
2026-05-26 22:38:26 +01:00
12f86fd3fb
M1: proxy via real coop-cloud/traefik (abra, wildcard/no-ACME); recipe deploy+teardown; M1 CLAIMED
...
Orchestrator decision: deploy canonical coop-cloud traefik via abra instead of a
hand-rolled module. abra packaged in Nix (pinned). custom-html deployed over HTTPS
(200) via the gateway and torn down clean. docs/install.md seeded.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-26 22:21:12 +01:00
c006083967
review: M0 PASS — cold rebuild + sops decrypt + no plaintext-secret leak
2026-05-26 21:57:52 +01:00
51b18841bc
M1: Traefik swarm stack (wildcard cert via file provider); HTTPS path proven E2E
...
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-26 21:55:08 +01:00
ab839ae61d
M1: Docker + single-node swarm via Nix (swarm-init + proxy overlay)
...
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-26 21:47:42 +01:00
b0ce69029b
chore: stop tracking .claude/ harness artifacts
...
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-26 21:41:56 +01:00
deb4a0fbed
M0 complete: sops-nix wiring + decrypt-a-test-secret; M0 gate CLAIMED
...
Host decrypts /run/secrets/test_secret via its ssh host key (age identity);
off-box master recovery recipient. sops-nix pinned to a buildGoModule-era rev
for nixpkgs 24.11 compat.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-26 21:41:45 +01:00
9bffb55b28
M0: flake + base NixOS config, rebuilt from repo on cc-ci
...
Pins nixpkgs to the rev cc-ci already ran (no-op-then-base); deploy via
switch --flake on-host. System healthy (gen 3) post-switch.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-26 21:25:48 +01:00
c21cce51b9
chore: bootstrap cc-ci loop state
...
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-26 21:07:31 +01:00
