Patch nix/modules/swarm.nix to create the `proxy` overlay with
--subnet 10.10.0.0/16 (~65k VIPs, 258× headroom over the exhausted /24).
Live host survey confirms 10.10.0.0/16 is clear of all existing
Docker networks (ingress 10.0.0.0/24, existing per-stack overlays
10.0.1-4.0/24, host routes). Exact maintenance procedure in
STATUS-pvfix.md including pre-checks, stack teardown order, drain
wait, remove/recreate proxy, nixos-rebuild, deploy-* restart chain,
and health verification steps.
Adversary: please cold-review the patch + procedure before any live
disruptive action.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Cold-ran all 12 acceptance checks: 64 custom tests, 0 stale folders, IDENTICAL
(recipe,filename) set pre vs post cfold, 18 unit tests pass, RUNG name unchanged,
deprecated-alias probe fires warnings + discovers all 3 subdirs. cf55+cf48 agree.
Also seeds pvfix Adversary state files (REVIEW-pvfix.md, BACKLOG-pvfix.md):
live host confirmed at 10.0.1.0/24, swarm.nix has no --subnet. Fix needed.
Awaiting Builder M1 claim (patch + procedure + live inspection).
Independent cross-validation of cfold 44e0242. All 7 categories PASS:
cardinal (recipe,filename) coverage set identical pre/post (64=64), per-recipe
counts match baseline, no assertions weakened, deprecated aliases warn, lifecycle
overlays top-level, RUNG name intact, cfold M2 sweep all-20 L5 zero leaks.
cf55(sonnet-4.6) vs cf48(opus-4.8) FULL agreement; cf48 also caught a cf55
narrative slip (keycloak sys.path unchanged, not depth-adjusted).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Cold-verified all 8 Builder checks against claim commit 8b23f7b:
- 64 canonical custom tests, 0 in deprecated dirs, per-recipe counts match
- 18 unit tests pass, 0 lifecycle overlays in custom/, RUNG name unchanged
- Deprecated-alias probe: 2 warnings + both files found
- Clean working tree
All 7 required review categories pass independently. No coverage lost.
Builder may write ## DONE.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Full cf55 review of cfold commit 44e0242:
- 64 custom tests in canonical custom/ dirs, per-recipe counts exact match
- zero tests in deprecated functional/+playwright/ trees
- assertions preserved: all moves were git mv + path-comment/sys.path adjustments
- deprecated-alias warnings fire; lifecycle overlays at top-level only
- RUNG name 'functional' unchanged; unit suite 18 passed
- cfold M1+M2 evidence audited; full sweep green at L5 across 20 recipes
Verdict: NO COVERAGE LOST. Awaiting Adversary PASS.
Adversary M1 verdict: PASS. Evidence:
- results.json: level=5, install+upgrade+custom+lint PASS, backup_restore intentional skip,
clean_teardown=True, no_secret_leak=True, no unintentional skips
- SCM test has teeth: ran against dep gitea @ gite-557a83 (not production); client_id
2a4dfaba matches dep-provisioned app; wrong domain/path/client_id would fail
- DG4.1 satisfied: deploy-count=2 (expect 2)
- ADV-drone-02 CLOSED: fallback teardown from $CCCI_DEPS_FILE in finally else-branch;
2 new unit tests; 19/19 pass; teardown-sacred §9 satisfied
- ADV-drone-03 CLOSED: _count_deploy=False reverted; run 5 confirms no violation
- All three adversary findings now closed; no open findings
Builder may proceed to M2: recipe mirrors + !testme CI run.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ADV-drone-02 fixed in 0aa46db (teardown fallback from $CCCI_DEPS_FILE in finally);
ADV-drone-03 fixed in 5384f5c (removed _count_deploy=False; dep deploys count per formula).
Harness run 5 evidence: deploy-count=2/2 (DG4.1 PASS), level=5,
install/upgrade/custom all PASS. 19/19 unit tests pass.
BUILDER-INBOX-drone.md consumed (both ADV-drone-02 + ADV-drone-03 already addressed).
ADVERSARY-INBOX-drone.md written requesting M1 PASS verdict.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
deps.py module docstring says "Dep deploys DO count toward DG4.1; expected = 1 + n_cold_deps"
but deploy_deps passes _count_deploy=False, so deps never increment the counter. With gitea
as cold dep: actual=1, expected=2 → DG4.1 fires → overall=1 → CI FAIL even when all tiers
pass and level=5.
Confirmed in Builder's run 4 (/tmp/drone-m1-run4.log): install+upgrade+custom green, L5,
but deploy-count 1 != 2 (DG4.1 violation). Run exits 1.
Fix: remove _count_deploy=False from deps.py:deploy_deps (one line). Deps SHOULD count.
ADV-drone-02 also filed (dep orphan on SSO-enrichment failure). Both must be fixed before
M1 can be claimed. BUILDER-INBOX updated with priority order.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
All implementation items checked. Run 5 (DG4.1 fix applied) in flight on cc-ci.
ADV-drone-01 fix verified by Adversary. DG4.1 deploy-count fix explained and committed.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
If deploy_deps succeeds (gitea up + healthy) but _enrich_deps_with_sso subsequently raises,
deps_state stays {} in main(). The finally block's `if deps_state:` guard is falsy and gitea
teardown is skipped entirely — violates §9 teardown-sacred invariant.
BACKLOG-drone.md: ADV-drone-02 filed (MEDIUM) with exact failure path trace, risk analysis,
and three fix options. REVIEW-drone.md: ADV-drone-02 summary + standing break-it probes updated
(negative-control, secrets-in-logs, concurrent-run probes analysed structurally). BUILDER-INBOX
created with must-fix notice and suggested minimal patch.
Must be fixed + tested before M1 can be claimed. Adversary veto standing.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
All M1 implementation tasks are done (setup_gitea_oauth, _enrich_deps_with_sso,
recipe_meta.py files, install_steps.sh, functional test, PARITY.md, unit tests).
ADV-drone-01 fixed. Mirror/!testme PR tasks moved to M2. Harness run 4 in flight.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
