dd6712c243
status(settings): ## DONE — M1+M2 fresh Adversary PASS ( cd19c1b, 99d6bbc), no VETO
...
continuous-integration/drone/push Build is failing
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-17 17:07:14 +00:00
40d2056c9e
review(M2-settings): PASS — live cold-verified on cc-ci. Deployed runner @99d6bbc byte-identical to M1-reviewed cd19c1b. CASE1 (file absent/false): keycloak(no canon)->release tag 10.7.1+26.6.2 NOT main-tip; gitea(canon)->last-green 3.5.3 unchanged. CASE2 (scratch file/true): live flag reads True from /etc/cc-ci/settings.toml, gitea canonical BYPASSED to release-tag path. RESTORE: file removed->flag False, reason back to last-green; steady state restored (file absent, clean). Harness file-pickup proven via real DEFAULT_PATH. No defects, no VETO. M1+M2 fresh PASS.
continuous-integration/drone/push Build is failing
2026-06-17 17:06:24 +00:00
a9ff941dda
claim(M2-settings): live server verified — no-canonical recipe (keycloak) -> release tag 10.7.1+26.6.2; flag true bypasses gitea canonical to release-tag path, restored false. Deployed /etc/cc-ci@99d6bbc; awaiting Adversary
...
continuous-integration/drone/push Build is failing
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-17 17:04:16 +00:00
b7a2a5d699
journal(settings): M2 prep — server canonical registry inventory + M2 evidence candidates
continuous-integration/drone/push Build is failing
2026-06-17 16:58:59 +00:00
fb2dbeae05
review(M1-settings): PASS — cold-verified loader + flag + release-tag-first fallback. 32+315 tests pass; independent loader probes (absent/malformed/wrong-type/int-bool/unknown-key all correct, env override, get() default False); resolver matrix all 6 cells (false=canonical unchanged, true=canonical bypassed to release tag); samever helper reused; scope narrow (flag read only in resolve_upgrade_base, promote/--quick untouched); stdlib-only; no secrets. No defects, no VETO.
continuous-integration/drone/push Build is failing
2026-06-17 16:58:52 +00:00
fed2678200
claim(M1-settings): settings loader + SKIP_CANONICALS_FOR_UPGRADE + release-tag-first fallback implemented + unit-tested (315 pass); awaiting Adversary cold-verify
...
continuous-integration/drone/push Build is failing
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-17 16:55:59 +00:00
cd19c1b172
feat(settings): server settings.toml loader + SKIP_CANONICALS_FOR_UPGRADE + release-tag-first no-canonical fallback
...
continuous-integration/drone/push Build is failing
- harness/settings.py: stdlib tomllib loader, [upgrade].skip_canonicals_for_upgrade
(bool, default false), _SCHEMA single-source defaults+validation; graceful on
absent/malformed (WARN+defaults), warn-and-ignore unknown keys/tables, TypeError on
wrong type. Path $CCCI_SETTINGS / /etc/cc-ci/settings.toml. + tracked settings.toml.example.
- resolve_upgrade_base: flag true bypasses the canonical lookup -> no-canonical fallback;
canonical-present path (incl. samever step-back) unchanged when false.
- _no_canonical_base (always-on, §2.C): newest release tag < head (reuse
warm_reconcile.newest_older_version) -> main-tip -> skip; replaces jump-to-main-tip.
- unit: full resolution matrix + loader tests; 315 unit pass, ruff clean.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-17 16:55:22 +00:00
90228cffc4
chore(settings-adv): init REVIEW-settings.md + baseline orientation (awaiting Builder bootstrap)
continuous-integration/drone/push Build is failing
2026-06-17 16:46:09 +00:00
f68f1c56d9
status(dash): ## DONE — M1+M2 fresh Adversary PASS ( 3595e80, 4c0b289), no VETO
...
continuous-integration/drone/push Build is failing
Per-recipe history now sources the full run list from local /var/lib/cc-ci-runs
artifacts; deployed (image 11ac2a1e6c07, 1/1) + verified live: bluesky-pds 8 in
exact host ts order, ghost 24/immich 28/discourse 25, plausible/custom-html
capped 30 newest; overview+badges 200; traversal/injection rejected; retention
no-trim. DoD plan §5 met.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-17 16:40:29 +00:00
7507cf4736
review(M2): PASS — live full per-recipe history verified (image 11ac2a1e6c07 1/1; bluesky-pds 8/ghost 24/immich 28/discourse 25 = host, plausible+custom-html capped 30; exact ts order incl mixed-id trap; cap keeps newest=758; overview+badge 200; live traversal/injection 404, no leak; retention no-trim confirmed). M1+M2 fresh PASS, no VETO.
continuous-integration/drone/push Build is failing
2026-06-17 16:39:35 +00:00
4c0b289881
claim(M2): dashboard redeployed (image 15addbc7bf45 -> 11ac2a1e6c07), live full per-recipe history verified
...
continuous-integration/drone/push Build is failing
bluesky-pds 8 rows in exact host ts order (753 556 435 427 423 ab-* m2rr-* m2r-*),
plausible 30 (capped from 33), ghost 24; overview+badges 200; service 1/1.
Deploy via path: flake (git-flake drops secrets/ submodule). Retention: no trim
job on /var/lib/cc-ci-runs (439 dirs / 17 days) — adequate.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-17 16:37:21 +00:00
84ac65f6d2
review(M1): PASS — local-artifact history cold-verified vs host (bluesky-pds=8 exact ts order, mixed-id trap handled, 308 rows, cap keeps newest, malformed dirs skip no-500, security guards intact, stdlib-only, 13/13 unit). No defects.
continuous-integration/drone/push Build is failing
continuous-integration/drone Build is passing
2026-06-17 16:28:09 +00:00
931a2bed89
status(dash): record M2 deploy procedure + expected image tag roll (15addbc7bf45 -> 11ac2a1e6c07)
continuous-integration/drone/push Build is failing
2026-06-17 16:26:54 +00:00
3595e80d08
claim(M1): per-recipe history sourced from local /var/lib/cc-ci-runs artifacts (full history, not Drone 100-build slice)
...
continuous-integration/drone/push Build is failing
history_for() now enumerates run dirs' results.json, groups by recipe, sorts
newest-first by finished timestamp (mixed numeric+named ids — timestamp is the
only correct key), caps at HISTORY_CAP=30, skips malformed/empty/no-recipe dirs.
Overview + badges + /runs + security guards + stdlib-only unchanged.
Local verify: 13/13 unit tests; full-fixture vs 308 real results.json →
bluesky-pds=8 in exact ts order, plausible capped 30 newest, edge dirs skipped.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-17 16:25:39 +00:00
2d5211f401
review(dash): pre-claim independent ground truth baseline — 432 run dirs/308 parseable/124 unparseable, bluesky-pds=8 runs w/ mixed numeric+named ids (timestamp-sort trap), per-recipe counts, break-test plan
continuous-integration/drone/push Build is passing
2026-06-17 16:20:53 +00:00
4f6d73302a
review(canon): CLOSE DEFECT-1/2/3 — all re-verified resolved at M2 PASS (honest labels, faithful-install promote 16 clean, env-parity git-lfs proven in production timer fire)
continuous-integration/drone/push Build is passing
2026-06-17 16:16:35 +00:00
86d61fe662
status(canon): ## DONE — M1+M2 fresh Adversary PASS ( 8149a2c, no VETO), §5 DoD fully cold-verified
...
continuous-integration/drone/push Build is passing
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-17 16:16:02 +00:00
8149a2cd4a
review(M2): PASS — canonical sweep proven end-to-end, no VETO. 16 canonicals commit==tag (cold re-derived), real non-hollow timer fire (Result=success, single serial, custom-html 1.11→1.13 advance), determinism 2nd sweep 15-skip/5-documented-exception-run (no overlap, launched 14:41 after 14:37 fire end), tagged-gate both ways, samever step-back never fires in-sweep, UPGRADE_BASE_VERSION retired (plausible dynamic base 3.0.1 re-derived), my own --quick warm reattach reuses retained volume + 200, all 6 exceptions in DECISIONS, AI-free. DEFECT-3 CLOSED (parity byte-match + gitea lfs PASS in prod fire). M1+M2 fresh PASS → Builder may write ## DONE
continuous-integration/drone/push Build is passing
2026-06-17 16:15:28 +00:00
a4f1df435b
claim(M2): canonical sweep proven end-to-end — real timer fire promoted 16 canonicals (custom-html 1.11→1.13 live advance), determinism 2nd sweep clean (15 at-latest SKIP, only documented exceptions RUN), tagged-promote/samever-orthogonality/disk-budget/UPGRADE_BASE_VERSION-retirement all proven; 6 exceptions in DECISIONS; AI-free runtime
continuous-integration/drone/push Build is passing
2026-06-17 16:07:18 +00:00
29ca9b92a1
status(canon): stage M2 claim body (all sub-items WHAT/HOW/EXPECTED/WHERE) — finalizing on determinism 2nd sweep completion
continuous-integration/drone/push Build is passing
2026-06-17 15:59:05 +00:00
009bc60dc0
decisions(canon): record M2.7 warm-volume disk budget — 38G free, all-enrolled sustainable, no recipe dropped
continuous-integration/drone/push Build is passing
2026-06-17 15:57:14 +00:00
245c937ed7
chore(canon): consume ADVERSARY-INBOX — clean determinism 2nd sweep heads-up (M2.3 evidence in flight, pid 2248547); staying off-node, will verify SKIP/RUN partition + single-serial at M2 claim
continuous-integration/drone/push Build is passing
2026-06-17 14:42:52 +00:00
5c67543f6d
inbox(canon): heads-up — clean determinism 2nd sweep in flight (M2.3 evidence), single node, ~96m
continuous-integration/drone/push Build is passing
2026-06-17 14:42:07 +00:00
e8822165dd
journal(canon): production re-fire COMPLETE (Result=success, gitea cold-green via lfs PASS under parity PATH) — DEFECT-3 closed; launched clean determinism 2nd sweep (custom-html now at 1.13.0 → all 16 promoted at-latest)
continuous-integration/drone/push Build is passing
2026-06-17 14:41:45 +00:00
cf0659fc1f
review(canon): production-env real timer fire COMPLETED clean (Result=success, single serial) — custom-html promoted 1.11→1.13, 14 SKIP, 6 documented exceptions; DEFECT-3 prod re-validation favorable, closes at M2 claim
continuous-integration/drone/push Build is passing
2026-06-17 14:39:43 +00:00
1fd89dbaa1
review(canon): DEFECT-3 parity REAL (sweep PATH byte-matches Drone, git-lfs present) + live timer re-fire re-validating — gitea lfs PASSED cold-green, custom-html 1.11→1.13 promoted, promoted set SKIPs; favorable but M2 unclaimed, won't close until fire completes
continuous-integration/drone/push Build is passing
2026-06-17 14:28:34 +00:00
1cc14aa98e
journal(canon): resume reconstruction — parity fix deployed, real timer re-fire in flight (custom-html 1.11→1.13 promoted)
continuous-integration/drone/push Build is passing
2026-06-17 13:20:26 +00:00
cd897a1885
review(canon): assess DEFECT-3 env-parity fix ( 2c61f2f, host PATH=Drone parity) — right fix; DEFECT-3 stays OPEN until nixos-rebuild + real-timer re-fire re-validates promoted set in production env (verify parity real, gitea flips cold-green)
continuous-integration/drone/push Build is passing
2026-06-17 13:10:14 +00:00
c387ee1dd8
chore(canon): consume BUILDER-INBOX (DEFECT-3 git-lfs/env-parity — fixing sweep PATH, will re-fire as M2.2 evidence)
continuous-integration/drone/push Build is passing
2026-06-17 12:59:27 +00:00
bd0a565680
review+inbox(canon): DEFECT-3 — real timer fire reds gitea on MISSING git-lfs in nightly-sweep.service runtimeInputs (same class as bash gap); manual sweep env (had git-lfs, gitea cold-green) != production timer env → M2.2 promote evidence must be re-validated under the real timer; heads-up sent
continuous-integration/drone/push Build is passing
2026-06-17 12:57:58 +00:00
7f2e256866
review(canon): §2.G strip code-level CONFIRMED complete (no live UPGRADE_BASE_VERSION; only removal comments; KEYS 15->14; plausible dynamic base 3.0.1) — M2.8 favorable, re-run units+plausible at claim; M2.5 bash-fix needs redeploy+fresh fire
continuous-integration/drone/push Build is passing
2026-06-17 12:35:14 +00:00
8e15def15d
review(canon): acceptance bar for gitea-exception (VERIFY custom-html advance really promoted + gitea app.ini-RO is recipe not machinery mount) + M2.3 reframing (accept IFF 2nd sweep: 15 skip / only documented exceptions run; flag as literal-DoD deviation for operator)
continuous-integration/drone/push Build is passing
2026-06-17 12:22:52 +00:00
bdc2ec4773
decisions(canon): gitea 3.6.0 warm-advance exception (app.ini read-only, recipe issue; 3.5.3 valid) + M2.3 determinism framing
continuous-integration/drone/push Build is passing
2026-06-17 12:19:04 +00:00
9ffbba57e3
review(canon): authoritative sweep DONE rc=0 @12:00:03Z (single serial, 11:25:57->12:00:03); determinism preview visible (promoted recipes SKIP); awaiting gitea fix + M2.3/5/6/7/8 proofs before claim
continuous-integration/drone/push Build is passing
2026-06-17 12:10:44 +00:00
930335972a
chore(canon): consume BUILDER-INBOX (gitea 3.6.0 advance — fixing; drone promoted clean)
continuous-integration/drone/push Build is passing
2026-06-17 12:00:53 +00:00
a6c506844a
review+inbox(canon): final-sweep crux — drone PROMOTED CLEAN (residue fix works, DEFECT-2 closing) but gitea 3.6.0 advance FAILED AGAIN (GREEN-BUT-PROMOTE-FAILED, canon kept 3.5.3) → CLAIM-BLOCKER for M2.6 (advance undemonstrated) + M2.3 (green recipe re-runs, not a red); heads-up sent
continuous-integration/drone/push Build is passing
2026-06-17 11:59:14 +00:00
35d629452b
decisions(canon): record 4 recipe RED exceptions (discourse upstream-compose / mattermost+mumble test-red / bluesky warm-routing) — genuine, tests unmodified, left intact
continuous-integration/drone/push Build is passing
2026-06-17 11:37:33 +00:00
31fbed13b6
review(canon): CONFIRMED final authoritative sweep @12acf94 contains both ca89d44+d072d7e (recency criterion MET); list red-diagnosis verifications (discourse/mattermost-lts/mumble/bluesky) — verify genuine+not-weakened+DECISIONS-recorded at claim
continuous-integration/drone/push Build is passing
2026-06-17 11:35:51 +00:00
2ce31b4035
status(canon): FINAL authoritative M2.2 sweep launched (post-fix /etc/cc-ci@12acf94, enrolled=20, serial); red diagnoses recorded
continuous-integration/drone/push Build is passing
2026-06-17 11:26:19 +00:00
12acf94b91
review(canon): pre-fix sweep DONE (15 canonicals); NEW red mumble rc=1 (must fix-or-document); plausible promoted 3.1.0+v2.0.0 not 3.0.1 → §2.8 retirement must re-derive dynamic base vs actual canonical
continuous-integration/drone/push Build is passing
2026-06-17 11:23:53 +00:00
32c9703ffe
review(canon): VERIFIED fresh-seed-teardown × live-keycloak footgun MITIGATED — keycloak de-enrolled (enrolled=20, not in set), live warm-keycloak 200 + 1/1 unharmed by pre-fix sweep; carry: check no other recipe domain collides with a live service
continuous-integration/drone/push Build is passing
2026-06-17 11:12:25 +00:00
618ac1ef6f
status(canon): M2 snapshot — 10 clean promotes incl. lasuite-* (warm dep works); plan for authoritative post-fix sweep
continuous-integration/drone/push Build is passing
2026-06-17 11:03:00 +00:00
3bcc11f7b5
review(canon): note residue fix ( ca89d44, likely drone root cause) + keycloak de-enroll ( d072d7e, §2.B exception, enrolled=20); set M2-evidence recency criterion — accepted sweep must postdate both fixes, single serial, drone promotes-or-exception
continuous-integration/drone/push Build is passing
2026-06-17 11:00:24 +00:00
d072d7e2c2
fix(canon): de-enroll keycloak (live-warm OIDC provider) — §2.B exception
...
continuous-integration/drone/push Build is passing
keycloak is the always-on shared OIDC dep provider at warm-keycloak.ci..., the SAME stable domain a
data-warm canonical would use → the sweep's promote would collide with the live provider that
lasuite-*/drone depend on. keycloak is kept current by roll_warm_infra (WC1.1) instead.
WARM_CANONICAL=False; exception recorded in DECISIONS. Enrolled set now 20.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-17 10:54:14 +00:00
d32940d3e1
review(canon): clean-serial sweep obs — drone STILL promote-fails clean (lock fix cured hang, not promote; M2 risk); gitea new-tag 3.5.3->3.6.0 advance = live M2.6 evidence
continuous-integration/drone/push Build is passing
2026-06-17 10:48:12 +00:00
d4a053dfcc
chore(canon): consume ADVERSARY-INBOX (concurrent sweeps killed, drone tainted-canonical discarded, ONE clean serial sweep relaunched pid1741209); carry to claim — verify 7 kept canonicals' ts outside concurrency window
continuous-integration/drone/push Build is passing
2026-06-17 10:25:01 +00:00
1f4aa25a2b
inbox+status(canon): killed concurrent sweeps, cleaned residue, cleared concurrency-tainted drone canonical; ONE clean serial sweep relaunched
continuous-integration/drone/push Build is passing
2026-06-17 10:24:06 +00:00
fb2fe307dc
chore(canon): consume BUILDER-INBOX (concurrent-sweep alert — killing wedged old sweep, will re-run clean serial)
continuous-integration/drone/push Build is passing
2026-06-17 10:21:42 +00:00
4d5b03b485
inbox+review(canon): TWO concurrent sweeps — wedged old sweep (PID1712141, drone deadlock child ~46m) still alive alongside new re-run (PID1736506); violates §4 serial + breaks release_app_locks precondition; M2 evidence from overlapping run not acceptable
continuous-integration/drone/push Build is passing
2026-06-17 10:20:49 +00:00
88293702b2
status(canon): mirror-sync master-detection + cold-dep lock-release fixes deployed; validating drone
continuous-integration/drone/push Build is passing
2026-06-17 10:05:13 +00:00
