b8b698e2f5
review(2w): WC6 nightly full-cold sweep — PASS @2026-05-29 (declarative timer Persistent + orchestration + live systemd-service run: infra roll health-gated → serial cold sweep → canonical advanced, infra healthy, no leftovers)
2026-05-29 04:38:51 +01:00
465e1059b0
claim(2w): WC6 nightly full-cold sweep — timer+service roll warm/infra (health-gated) then serial cold sweep promoting canonicals (WC5); proven live
...
canonical.enrolled_recipes; runner/nightly_sweep.py (roll keycloak+traefik →
serial full-cold over enrolled on latest → green promotes; skip if test active;
operate against CCCI_REPO checkout for tests/); nix/modules/nightly-sweep.nix
(timer 03:00 Persistent + oneshot service) wired in. 2 bugs fixed via live
service run (repo-relative enrolled scan; util-linux for backup PTY). Live
SERVICE sweep: enrolled=['custom-html'] → all tiers green → canonical advanced
1.10.0→1.11.0; red-run correctly does NOT promote. 71 unit pass.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 04:33:08 +01:00
1e40a460ba
status(2w): WC5 ADVERSARY PASS @2026-05-29 (8 WC items verified); building WC6 nightly sweep
2026-05-29 04:14:16 +01:00
5bbc47cb02
review(2w): WC5 promote-on-green-cold — PASS @2026-05-29 (gate predicate anti-poison verified + live advancement 1.10.0→1.11.0 cold-only; --quick/PR-head/red/unenrolled excluded)
2026-05-29 04:13:17 +01:00
125453df20
claim(2w): WC5 promote-on-green-cold proven — green cold run advances canonical (1.10.0→1.11.0); --quick never promotes; only cold advances
...
should_promote_canonical (enrolled+green+cold+latest) + promote_canonical
(re-seed canonical at green-verified latest, snapshot+registry, old known-good
replaced only on green). +5 unit (70 pass). Live: custom-html canonical advanced
1.10.0+1.28.0 → 1.11.0+1.29.0 via a full green cold run; snapshot refreshed; idle;
per-run app torn down. WC6 nightly sweep next.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 04:08:14 +01:00
cf5999cdda
decisions(2w): W3 WC5 promote-on-green-cold mechanism (re-seed canonical from fresh green-latest deploy; never lose known-good; gate=enrolled+green+cold+latest)
2026-05-29 04:01:59 +01:00
f2cfee5c32
status+journal(2w): W0.10a traefik WC1.1 ADVERSARY PASS — WC1.1 fully closed (both reconcilers); building W3 WC5
2026-05-29 03:59:37 +01:00
e3b08a9bdf
review(2w): traefik WC1.1 (W0.10a) — PASS @2026-05-29 (stateless rollback proven, no TLS outage); CLOSES W0.10 tracked-open → WC1.1 fully verified both reconcilers
2026-05-29 03:58:33 +01:00
e678d2e006
claim(2w): W0.10a traefik WC1.1 migrated onto shared health-gated reconciler — no-op converge proven; destructive rollback = Adversary cold proof
...
warm_reconcile.py: per-spec setup hook + health_domain; SPECS[traefik]
(stateful=False, version-rollback-only, _traefik_setup preserves wildcard-cert/
file-provider config, health on routed dashboard host). keycloak path unchanged.
proxy.nix: deploy-proxy.service now execs warm_reconcile.py traefik. ZERO-disruption
migration (traefik already at latest 5.1.1+v3.6.15; pre-seeded TYPE+last_good →
clean no-op converge; traefik 200 + keycloak-through-traefik 200 + 0 failed).
65 unit pass. Per operator out: code+converge delivered; destructive rollback
(brief TLS blip) = Adversary's required cold proof. Closes the W0.10a tracked-open.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 03:50:32 +01:00
aec6911c68
status+journal(2w): W2 gate WC4+WC7 ADVERSARY PASS @2026-05-29; advance to W3 (WC5/WC6) + traefik W0.10a quiet window
2026-05-29 03:34:29 +01:00
31f0e426c4
review(2w): WC4 + WC7 — PASS @2026-05-29 (gate 3ff2bf6; --quick never-promote + FAIL-rollback-to-exact-known-good + no-canonical→cold fallback, all cold-verified; live-bridge trigger battery)
2026-05-29 03:31:57 +01:00
3ff2bf6c48
claim(2w): Gate WC4+WC7 CLAIMED — --quick fast lane proven live (PASS keeps known-good, FAIL restores) + bridge !testme --quick deployed
...
WC4 run_quick: reattach canonical → upgrade-to-PR-head → assert → PASS
undeploy-keep-volume (known-good UNCHANGED, never promote) / FAIL restore
last-known-good snapshot + undeploy. Live PASS+FAIL proof on custom-html: ALL
PASS (canonical left clean idle@1.11 .0+1.29.0). WC7: bridge parse_trigger
(!testme / !testme --quick / reject !testmexyz) → CCCI_QUICK param, deployed +
live-verified; default !testme stays cold; never gates merge; mode-labeled;
no-canonical fallback to cold. 64 unit pass. Full HOW/EXPECTED/WHERE in STATUS-2w.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 03:17:29 +01:00
307269b5c6
status+journal(2w): W1 gate WC2+WC3 ADVERSARY PASS @2026-05-29; advance to W2 (--quick mode)
2026-05-29 02:35:55 +01:00
0246296370
review(2w): WC2 + WC3 — PASS @2026-05-29 (gate 4ce80f8; data-warm round-trip + restore round-trip cold-verified from own clone, canonical left idle+clean)
2026-05-29 02:33:35 +01:00
62f03191ed
chore(2w): consume ADVERSARY-INBOX — WC2+WC3 formally claimed ( 4ce80f8); running cold reproduce
2026-05-29 02:26:03 +01:00
99d1a64ac2
inbox(2w): notify Adversary — WC2+WC3 gate IS claimed ( 4ce80f8); W1.2 data-warm proof done; custom-html canonical idle for cold reproduce
2026-05-29 02:25:27 +01:00
b56a15403c
review(2w): watchdog [C2 C3] premature — no formal WC2/WC3 claim (W1.2 live data-warm proof pending); read-only glance at canonical.py, await formal claim
2026-05-29 02:24:41 +01:00
4ce80f8751
claim(2w): W1 gate WC2+WC3 CLAIMED — data-warm canonical proven (custom-html round-trip: undeploy-keep-volume → reattach → data survives)
...
W1.2: enrolled custom-html (recipe_meta.WARM_CANONICAL); live proof ALL PASS
(seed canonical → idle-with-volume-retained → re-warm → marker survived).
WC2 (registry+data-warm model) + WC3 (snapshot+restore) proven. 61 unit pass.
custom-html now the first real data-warm canonical (idle).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 02:23:22 +01:00
9144eeac2f
status(2w): W1.1 registry module done; next W1.2 enroll custom-html + live data-warm proof
2026-05-29 02:15:35 +01:00
563156ae7e
decisions(2w): W1 canonical registry design (recipe_meta.WARM_CANONICAL enrollment, warm-<recipe> data-warm lifecycle, canonical.json registry)
2026-05-29 02:11:58 +01:00
56a95c68ef
status+journal(2w): W0 gate WC1+WC1.2+WC1.1(keycloak) ADVERSARY PASS @2026-05-29; advance to W1 (canonical registry); traefik W0.10 tracked before DONE
2026-05-29 02:10:55 +01:00
31ac86d644
review(2w): WC1 + WC1.2 + WC1.1(keycloak-stateful) — PASS @2026-05-29 (gate 985686f cleared, all 6 checks cold-verified from own clone); traefik WC1.1/W0.10 tracked open before DONE
2026-05-29 02:08:49 +01:00
3f566436a4
review(2w): recovery OK (kc canonical) + check6 WC1.2 holds PASS; check3 headline e2e in progress
2026-05-29 02:04:11 +01:00
95ada595aa
review(2w): WC1 checks 1/2/4 PASS + WC1.1 MARQUEE rollback PASS (data intact, last_good held, alert correct); test-script cleanup bug noted, recovery in flight
2026-05-29 01:59:12 +01:00
eb54c95bfa
chore(2w): consume ADVERSARY-INBOX — gate-claim confirmed, alerts-dir flag resolved (intentional cleanup), keycloak parked for my reproduce
2026-05-29 01:45:44 +01:00
d87cb8eee9
inbox(2w): consume BUILDER-INBOX; reply — gate IS claimed ( 985686f), pull+reproduce; alerts-dir cleaned test artifact intentionally
2026-05-29 01:45:22 +01:00
38ba153e90
review(2w): watchdog [C1] ping — no formal gate yet; read-only pre-review (reconciler clean, alerts-dir flag) + inbox heads-up to coordinate live reproduce
2026-05-29 01:44:05 +01:00
0f6e7d75e3
status(2w): gate scope note — WC1.1 proven for keycloak (stateful); traefik WC1.1 = W0.10 follow-up
2026-05-29 01:41:27 +01:00
985686f60e
claim(2w): Gate WC1+WC1.1+WC1.2 CLAIMED — warm keycloak headline e2e GREEN + concurrency/reaping + rollback/holds proven
...
W0.7 (lasuite-docs race was transient) + W0.8 headline e2e: lasuite-docs custom
pass (3 SSO tests incl. oidc_login + password_grant) vs WARM keycloak,
deploy-count=1 (keycloak NOT co-deployed), per-run realm lasuite-docs-4c0858
created+deleted; warm kc left with only master realm. Concurrency+reaping proven
(distinct realms for concurrent same-recipe runs; reap keeps-live/deletes-orphans).
Gate claim in STATUS-2w carries full WHAT/HOW/EXPECTED/WHERE for cold verify.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 01:40:32 +01:00
cbc193e535
journal(2w): record docker-prune WC8 fix
2026-05-29 01:26:42 +01:00
819c1bc0fd
status+journal(2w): W0.9 WC1.1 live proofs PASS (healthy upgrade + marquee rollback); reconciler-side WC1/WC1.1/WC1.2 proven
2026-05-29 01:21:59 +01:00
0812132452
review(2w): standing WC8 probe — lasu-0a6fb2 fully torn down (no app/svc/vol/secret), disk 63%
2026-05-29 00:55:49 +01:00
4808d0354a
status(2w): W0.6 reconciler delivered + WC1.2 holds proven; next W0.9 WC1.1 live proofs
2026-05-29 00:43:10 +01:00
aff50aac0a
journal(2w): W0.5 proven + WC8 disk reclaim (96%->62%); checkpoint before W0.6
2026-05-29 00:29:42 +01:00
67240dca92
decisions+status(2w): W0.5 done (WC3 snapshot proven); W0.6 reconciler version model (deploy-by-tag, recipe-semver pre-+, python entrypoint in store)
2026-05-29 00:15:38 +01:00
ceacd0e6de
backlog+decisions(2w): re-sequence W0 (WC3 helper first); unpin/snapshot/alert decisions
2026-05-29 00:05:13 +01:00
740d7bac4c
status(2w): W0 core mechanism proven + reconciler up; absorb design update (unpin+WC1.1+WC1.2); re-sequence to WC3 snapshot helper first
2026-05-29 00:04:12 +01:00
b127078516
review(2w): add WC1.2 pre-deploy safety gate (major/manual-migration hold + alert-with-notes) to verification map
2026-05-29 00:02:59 +01:00
2dc1e6edc7
review(2w): absorb design update — WC1 unpin + new WC1.1 health-gated rollback proof + WC6 reorder into verification map
2026-05-29 00:00:09 +01:00
5dd76d7c8c
chore(2w): bootstrap Phase 2w loop state + cleanup orphaned cold apps
...
- Seed STATUS-2w / BACKLOG-2w / JOURNAL-2w (WC1-WC9 DoD, W0-W4 milestones).
- Tore down leftover Phase-2 cold apps (lasu-0a6fb2/keyc-07d81e/lasu-dbg);
disk 91%->86%.
- DECISIONS: warm-domain scheme, per-run realm isolation, warm keycloak as
declarative infra, cold fallback.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-28 23:14:41 +01:00
534cd7066c
review(2w): Adversary online — phase start, cold access verified, awaiting WC gate claims
2026-05-28 23:07:04 +01:00
5f1ce47593
review(2): rate-limit fix VERIFIED + CLOSED — all 3 conditions cold (auth 200-limit, own uncached swarm-service pull, declarative sops persistence); consume inbox
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-28 22:17:23 +01:00
15228c2fdb
inbox(2): signal Adversary — Docker Hub auth wired, conditions 2+3 proven (uncached n8n swarm pull + declarative sops persistence)
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-28 22:13:57 +01:00
7a337f5d69
status(2): Docker Hub rate-limit RESOLVED — declarative sops auth + swarm pulls authenticate (3 conditions); DECISIONS recorded
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-28 22:13:25 +01:00
46e9d1c43a
review(2): rate-limit PARTIAL verify — auth 200-limit + account source CONFIRMED; swarm-pull + declarative-persistence still pending
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-28 22:04:03 +01:00
45fb42e19d
review(2): rate-limit fix pre-wiring baseline (anon 100/6h @68.14.43.142, remaining=4); verification plan for post-wiring
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-28 21:45:57 +01:00
65e4e519ff
review(2): F2-11 CLOSED — deploy-free cold proof (35 unit + real conftest skip-report stitched to predicate); consume inbox
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-28 21:29:32 +01:00
0d6cd05675
inbox(2): notify Adversary — F2-11 fixed (deploy-free verify) + deploy work paused on Docker Hub rate limit
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-28 21:25:57 +01:00
5b34496557
fix(2): F2-11 — SSO-dep deps-not-ready SKIP no longer yields GREEN !testme
...
When a DEPS-declaring recipe's setup_custom_tests fails, its @requires_deps (SSO/OIDC)
tests skip; a skip-only pytest file exits 0 so the run previously reported overall=0
(GREEN) while the only SSO test never ran (violates P7). Fix preserves generic-tier
failure-isolation but corrects the green SIGNAL:
- conftest.pytest_collection_modifyitems counts skipped requires_deps tests and appends
to $CCCI_DEPS_SKIP_REPORT.
- run_recipe_ci: sums the count, surfaces it in RUN SUMMARY, and new pure predicate
sso_dep_unverified(declared, deps_ready, skipped) flips overall=1.
- 7 new unit tests (tests/unit/test_f211_sso_skip.py).
Verified deploy-free (rate-limit-independent): 35/35 unit PASS; cold real-test proof on
lasuite-docs test_oidc_with_keycloak.py -> 1 skipped + skip-report==1 -> orchestrator
would set overall=1. Full e2e deferred until Docker Hub rate limit lifts.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-28 21:25:27 +01:00
10d2a13031
chore(2): consume BUILDER-INBOX (Adversary DONE-gate warnings + F2-11 SSO-skip-goes-green)
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-28 21:19:35 +01:00
