de6103d41d
claim(2pc): PC1 conservative prune deployed+verified; PC2/PC3 local-store cache confirmed
...
ci-docker-prune (gated surgical prune) live on cc-ci: old autoPrune --all gone, new timer
enabled (daily), no-ops below 80% disk keeping the local image cache, never --all/--volumes.
Daemon stays PAT-authenticated (nptest2); /var/lib/docker retained across rebuild. PC3 proof:
redis:7-alpine deploy->teardown(service rm, image retained)->redeploy = "Image is up to date",
no layer re-download (cold 5303ms -> warm 674ms). Docs: runbook "Image cache & prune policy",
warm.md, DECISIONS Phase-2pc, IDEAS (registry pull-through cache deferred + revisit trigger).
Gate 2pc CLAIMED, awaiting Adversary cold-verify.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 09:42:36 +01:00
16d177e73a
feat(2pc): PC1 conservative prune — drop autoPrune --all, add gated surgical docker-prune
...
Removes virtualisation.docker.autoPrune (daily `docker system prune --all` evicted in-use base
images → cold re-pull → Hub rate-limit churn, JOURNAL-2). Adds modules/docker-prune.nix: daily
timer + oneshot that prunes only dangling+until=24h, gated on disk pressure (>=80%) AND no run-app
live AND no swarm service converging; never --all, never --volumes. Teardown unchanged (never
removes images). Registry pull-through cache dropped per operator scope correction.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 09:30:07 +01:00
e42753c17c
note(2pc): realign REVIEW-2pc to narrowed scope — registry pull-through cache DROPPED per operator; 2pc is now prune-policy only (PC1 surgical prune + teardown must NOT remove images, PC2 confirm PAT-auth+local-store retention, PC3 deploy/teardown/redeploy reuses local layers). Break-it checklist updated.
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 09:25:55 +01:00
863bbac4de
note(2pc): init REVIEW-2pc — AWAITING CLAIM; baseline recon of current prune (swarm.nix --all until=24h) + confirm no pull-through cache exists yet; break-it checklist staged
...
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 09:22:11 +01:00
78cf95aad3
status(2): Q3.2 truthful update — disk-blocker RESOLVED (cc-ci 64G); upgrade tier now REQUIRED green (not deferrable), runs via Q3.2a rework; F2-7 closed out-of-scope per SSO policy
2026-05-29 09:10:55 +01:00
139e8b9797
review(2): close F2-7 out-of-scope per operator SSO policy (keycloak default; Phase-2 DONE not gated on authentik; re-entry only if a recipe REQUIRES authentik); Builder owns DECISIONS/DEFERRED#9/cryptpad-keycloak edits
2026-05-29 09:10:00 +01:00
1537a928d5
decisions(2): record operator SSO-provider policy — keycloak DEFAULT for all recipe OIDC; authentik NOT a Phase-2 DONE gate (enroll only if a recipe REQUIRES it); cryptpad OIDC under keycloak; narrow DEFERRED #9 authentik re-entry trigger
2026-05-29 09:09:38 +01:00
779fb8917c
status(2): link plan-lasuite-drive-oidc-robustness.md into Q3.2a (Step 0 logs → Part A install-time OIDC vs warm keycloak [deploy once, no reconverge, real-abra-only] → Part B recipe PR; 3x-green + cold-verified before Q3.2 claim)
2026-05-29 09:06:43 +01:00
542028a6a4
status(2): Q4.5 mattermost-lts DONE — full lifecycle green (install+upgrade+backup+restore+custom, deploy-count=1, clean teardown); P1+P3 met; P4 ops → Q5 sweep
2026-05-29 09:05:55 +01:00
200d599c06
status(2): Q4.5 mattermost-lts ENROLLED + install+custom GREEN (create-message §4.3 round-trip validated live); full lifecycle in flight for P1
2026-05-29 08:59:57 +01:00
6ff68e625a
note(2): record Adversary cold-verify criteria for queued lasuite-drive Q3.2 rework (real-abra-only enforcement, repeat-green + upgrade tier required); not active yet
2026-05-29 08:58:32 +01:00
9b6c0e03dc
review(2): disk-blocker LIFTED — cold-verified 64G/44G-free + infra healthy post-resize; lasuite-drive upgrade tier now REQUIRED green (deferral void, veto-eligible open obligation); DEFERRED.md edit left to Builder
2026-05-29 08:42:52 +01:00
6df4757f85
status(2): CLOSE disk-blocker DEFERRED — cc-ci resized to 64G (44G free); heavy-recipe upgrade tiers runnable; lasuite-drive full-lifecycle Q3.2 now active backlog
2026-05-29 08:42:24 +01:00
aca1fd5185
inbox(2): consume Adversary BUILDER-INBOX — disk-blocker deferral VOID post-resize; Q3.2 now requires the FULL lasuite-drive lifecycle incl. a GREEN upgrade tier (cold-verified). Aligns with my plan: re-run full after cc-ci healthy, claim only when upgrade green.
2026-05-29 08:37:10 +01:00
4eae6eb208
inbox(2): disk resize 30→70GB in progress — deferral VOID; lasuite-drive upgrade tier now REQUIRED green for Q3.2 sign-off (no longer deferrable); pausing host verify during restart
2026-05-29 08:36:32 +01:00
dd137f9683
status(2): disk resize 30->70GB in progress (orchestrator) — disk-blocker LIFTING; deploys paused; plan to re-run lasuite-drive FULL lifecycle + mattermost after cc-ci healthy
2026-05-29 08:36:17 +01:00
9df900d1cc
journal(2): mumble scope correction — non-HTTP health = high-blast-radius core-harness feature (wait_healthy/canonical/generic), deserves dedicated effort; re-pick next unit = mattermost-lts (HTTP-native, no core changes)
2026-05-29 08:06:03 +01:00
7997b98935
journal(2): scouted mumble (Q4.2) — first non-HTTP recipe; design = python sidecar probe on app overlay network for the TLS protocol test; enrollment plan recorded for next tick
2026-05-29 07:47:42 +01:00
426a953c2b
status(2): lasuite-drive Q3.2 NOT claimed — OIDC setup redeploy flaky (collabora reconverge); --detach fix validated; test assertions proven correct (run 1); Q3.2a robustness item added; prune-during-deploy lesson recorded
2026-05-29 07:27:50 +01:00
75ae226c0d
status(2): Q3.2 lasuite-drive maximal subset GREEN (install+backup+restore+custom: health+MinIO roundtrip+OIDC JWT); upgrade tier deferred pending disk resize; clean re-run w/ --detach fix in flight before claim
2026-05-29 06:28:03 +01:00
d1aae43c7e
inbox(2): consume Adversary BUILDER-INBOX — conditional/deferred sign-off model for lasuite-drive upgrade tier (deferred pending disk resize, NOT waived; veto-eligible open item until cold-verified green). Q3.2 claim will frame accordingly.
2026-05-29 05:54:49 +01:00
ccc42699ff
chore(2): consume ADVERSARY-INBOX (Q3.2 lasuite-drive heads-up); reply via BUILDER-INBOX — disk blocker is operator-removable, will grant CONDITIONAL/deferred sign-off only, upgrade tier still blocks Phase-2 DONE
2026-05-29 05:53:51 +01:00
b78d708c49
decisions/deferred(2): lasuite-drive upgrade tier = disk env-blocker (28GB host, dual multi-GB office image crossover); maximal subset in flight; operator disk-resize escalation; adversary heads-up
2026-05-29 05:51:31 +01:00
2c245c83c7
journal(2): Phase 2 RESUMED post-2w — foundation re-confirmed (72 unit + custom-html full e2e green), reference-corpus mapping, lasuite-drive e2e in flight
2026-05-29 05:03:46 +01:00
7b5ed9c350
review(2): break-it probe @2026-05-29 — 2w WC5 promotion × F2-11 SSO-skip: NO regression (overall-gated, no alt promote path, 72 unit pass cold)
2026-05-29 04:54:02 +01:00
aebb28d774
done(2w): Phase 2w COMPLETE — WC1-WC9 (incl WC1.1/WC1.2) all Adversary-verified, NO VETO
...
## DONE written to STATUS-2w. Adversary authorized (REVIEW-2w 2822d60idle@1.11 .0+1.29.0, nightly-sweep timer active, system
running 0 failed, disk 50%. Watchdog auto-returns to Phase 2 (resume recipe
authoring; STATUS-2/BACKLOG-2 intact).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 04:48:02 +01:00
2822d60474
review(2w): WC8 + WC9 (FINAL) — PASS @2026-05-29; ALL WC1-WC9 (incl WC1.1/WC1.2) Adversary cold-verified, NO VETO — DONE authorized
2026-05-29 04:46:30 +01:00
40b03a9bf1
claim(2w): WC8 + WC9 (FINAL gates) — resource-safety consolidation + stale-warm prune + docs/warm.md + --quick rollback proof
...
WC8: canonical.prune_stale (drop de-enrolled warm data + volumes) wired into the
nightly sweep + df log; consolidated evidence (DRONE_RUNNER_CAPACITY=MAX_TESTS
serialize; autoPrune drops --volumes so warm vols survive; cold teardown sacred;
warm excluded from D8 — no nix source ref). +1 unit (72 pass). WC9: docs/warm.md
documents the full warm/quick model; --quick rollback proof already proven live
(W2 FAIL restores exact known-good; WC4 PASS byte-identical snapshot). On PASS,
all WC1-WC9 (incl WC1.1/WC1.2) verified → DONE.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 04:43:34 +01:00
b8b698e2f5
review(2w): WC6 nightly full-cold sweep — PASS @2026-05-29 (declarative timer Persistent + orchestration + live systemd-service run: infra roll health-gated → serial cold sweep → canonical advanced, infra healthy, no leftovers)
2026-05-29 04:38:51 +01:00
465e1059b0
claim(2w): WC6 nightly full-cold sweep — timer+service roll warm/infra (health-gated) then serial cold sweep promoting canonicals (WC5); proven live
...
canonical.enrolled_recipes; runner/nightly_sweep.py (roll keycloak+traefik →
serial full-cold over enrolled on latest → green promotes; skip if test active;
operate against CCCI_REPO checkout for tests/); nix/modules/nightly-sweep.nix
(timer 03:00 Persistent + oneshot service) wired in. 2 bugs fixed via live
service run (repo-relative enrolled scan; util-linux for backup PTY). Live
SERVICE sweep: enrolled=['custom-html'] → all tiers green → canonical advanced
1.10.0→1.11.0; red-run correctly does NOT promote. 71 unit pass.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 04:33:08 +01:00
1e40a460ba
status(2w): WC5 ADVERSARY PASS @2026-05-29 (8 WC items verified); building WC6 nightly sweep
2026-05-29 04:14:16 +01:00
5bbc47cb02
review(2w): WC5 promote-on-green-cold — PASS @2026-05-29 (gate predicate anti-poison verified + live advancement 1.10.0→1.11.0 cold-only; --quick/PR-head/red/unenrolled excluded)
2026-05-29 04:13:17 +01:00
125453df20
claim(2w): WC5 promote-on-green-cold proven — green cold run advances canonical (1.10.0→1.11.0); --quick never promotes; only cold advances
...
should_promote_canonical (enrolled+green+cold+latest) + promote_canonical
(re-seed canonical at green-verified latest, snapshot+registry, old known-good
replaced only on green). +5 unit (70 pass). Live: custom-html canonical advanced
1.10.0+1.28.0 → 1.11.0+1.29.0 via a full green cold run; snapshot refreshed; idle;
per-run app torn down. WC6 nightly sweep next.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 04:08:14 +01:00
cf5999cdda
decisions(2w): W3 WC5 promote-on-green-cold mechanism (re-seed canonical from fresh green-latest deploy; never lose known-good; gate=enrolled+green+cold+latest)
2026-05-29 04:01:59 +01:00
f2cfee5c32
status+journal(2w): W0.10a traefik WC1.1 ADVERSARY PASS — WC1.1 fully closed (both reconcilers); building W3 WC5
2026-05-29 03:59:37 +01:00
e3b08a9bdf
review(2w): traefik WC1.1 (W0.10a) — PASS @2026-05-29 (stateless rollback proven, no TLS outage); CLOSES W0.10 tracked-open → WC1.1 fully verified both reconcilers
2026-05-29 03:58:33 +01:00
e678d2e006
claim(2w): W0.10a traefik WC1.1 migrated onto shared health-gated reconciler — no-op converge proven; destructive rollback = Adversary cold proof
...
warm_reconcile.py: per-spec setup hook + health_domain; SPECS[traefik]
(stateful=False, version-rollback-only, _traefik_setup preserves wildcard-cert/
file-provider config, health on routed dashboard host). keycloak path unchanged.
proxy.nix: deploy-proxy.service now execs warm_reconcile.py traefik. ZERO-disruption
migration (traefik already at latest 5.1.1+v3.6.15; pre-seeded TYPE+last_good →
clean no-op converge; traefik 200 + keycloak-through-traefik 200 + 0 failed).
65 unit pass. Per operator out: code+converge delivered; destructive rollback
(brief TLS blip) = Adversary's required cold proof. Closes the W0.10a tracked-open.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 03:50:32 +01:00
aec6911c68
status+journal(2w): W2 gate WC4+WC7 ADVERSARY PASS @2026-05-29; advance to W3 (WC5/WC6) + traefik W0.10a quiet window
2026-05-29 03:34:29 +01:00
31f0e426c4
review(2w): WC4 + WC7 — PASS @2026-05-29 (gate 3ff2bf6; --quick never-promote + FAIL-rollback-to-exact-known-good + no-canonical→cold fallback, all cold-verified; live-bridge trigger battery)
2026-05-29 03:31:57 +01:00
3ff2bf6c48
claim(2w): Gate WC4+WC7 CLAIMED — --quick fast lane proven live (PASS keeps known-good, FAIL restores) + bridge !testme --quick deployed
...
WC4 run_quick: reattach canonical → upgrade-to-PR-head → assert → PASS
undeploy-keep-volume (known-good UNCHANGED, never promote) / FAIL restore
last-known-good snapshot + undeploy. Live PASS+FAIL proof on custom-html: ALL
PASS (canonical left clean idle@1.11 .0+1.29.0). WC7: bridge parse_trigger
(!testme / !testme --quick / reject !testmexyz) → CCCI_QUICK param, deployed +
live-verified; default !testme stays cold; never gates merge; mode-labeled;
no-canonical fallback to cold. 64 unit pass. Full HOW/EXPECTED/WHERE in STATUS-2w.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 03:17:29 +01:00
307269b5c6
status+journal(2w): W1 gate WC2+WC3 ADVERSARY PASS @2026-05-29; advance to W2 (--quick mode)
2026-05-29 02:35:55 +01:00
0246296370
review(2w): WC2 + WC3 — PASS @2026-05-29 (gate 4ce80f8; data-warm round-trip + restore round-trip cold-verified from own clone, canonical left idle+clean)
2026-05-29 02:33:35 +01:00
62f03191ed
chore(2w): consume ADVERSARY-INBOX — WC2+WC3 formally claimed ( 4ce80f8); running cold reproduce
2026-05-29 02:26:03 +01:00
99d1a64ac2
inbox(2w): notify Adversary — WC2+WC3 gate IS claimed ( 4ce80f8); W1.2 data-warm proof done; custom-html canonical idle for cold reproduce
2026-05-29 02:25:27 +01:00
b56a15403c
review(2w): watchdog [C2 C3] premature — no formal WC2/WC3 claim (W1.2 live data-warm proof pending); read-only glance at canonical.py, await formal claim
2026-05-29 02:24:41 +01:00
4ce80f8751
claim(2w): W1 gate WC2+WC3 CLAIMED — data-warm canonical proven (custom-html round-trip: undeploy-keep-volume → reattach → data survives)
...
W1.2: enrolled custom-html (recipe_meta.WARM_CANONICAL); live proof ALL PASS
(seed canonical → idle-with-volume-retained → re-warm → marker survived).
WC2 (registry+data-warm model) + WC3 (snapshot+restore) proven. 61 unit pass.
custom-html now the first real data-warm canonical (idle).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com >
2026-05-29 02:23:22 +01:00
9144eeac2f
status(2w): W1.1 registry module done; next W1.2 enroll custom-html + live data-warm proof
2026-05-29 02:15:35 +01:00
563156ae7e
decisions(2w): W1 canonical registry design (recipe_meta.WARM_CANONICAL enrollment, warm-<recipe> data-warm lifecycle, canonical.json registry)
2026-05-29 02:11:58 +01:00
56a95c68ef
status+journal(2w): W0 gate WC1+WC1.2+WC1.1(keycloak) ADVERSARY PASS @2026-05-29; advance to W1 (canonical registry); traefik W0.10 tracked before DONE
2026-05-29 02:10:55 +01:00
31ac86d644
review(2w): WC1 + WC1.2 + WC1.1(keycloak-stateful) — PASS @2026-05-29 (gate 985686f cleared, all 6 checks cold-verified from own clone); traefik WC1.1/W0.10 tracked open before DONE
2026-05-29 02:08:49 +01:00
