recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
183 Commits 19 Branches 1 Tag
ef44d4658bf2ebca3092077ec6a2723df9ee83f8
Commit Graph

183 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
autonomic-bot
ef44d4658b feat(1d): G0 — generic install + deploy-once orchestrator (DG1 green on hedgedoc) 
- harness/generic.py: recipe-agnostic assert_serving (converged + real HTTP, 404-excluded +
  not Traefik 404 body + CA-verified trusted wildcard cert), op helpers, backup_capable detect
- harness/discovery.py: per-op overlay resolution (repo-local > cc-ci > generic), custom + hook
- tests/_generic/: assertion-only tiers (install/upgrade/backup/restore) on the shared deployment
- run_recipe_ci.py: deploy-ONCE orchestrator, per-op summary, deploy-count guard (DG4.1)
- conftest live_app fixture; lifecycle deploy-count + install-steps hook + pin DOMAIN to run domain

DG1 cold-verified green on hedgedoc (pure generic, deploy-count=1, clean teardown). G0 CLAIMED.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 23:27:55 +01:00
autonomic-bot
a31095a087 status(1d): bootstrap Phase 1d — design recorded (tier model, override precedence, deploy-once), state files seeded 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 23:06:38 +01:00
autonomic-bot
6300cba503 review(1d): open Phase-1d Adversary ledger — cold access OK, IDLE awaiting first gate (G0/DG1) 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 23:00:49 +01:00
autonomic-bot
82c8220434 ## DONE — Phase 1b complete: RL1-RL6 all Adversary-PASS <24h, no VETO (lint/format + nix/ + machine-docs/ refactor, D1-D10 re-verified cold, nothing weakened) 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 22:57:44 +01:00
autonomic-bot
8e0f0cbc7d review(1b): RL6 PASS + Adversary FINAL SIGN-OFF — git mv my REVIEW*.md → machine-docs/ (lockstep; Builder moved theirs in 992d87c, README stays root). Watchdog survived (resolve_state prefers machine-docs/; it pinged me from machine-docs/STATUS-1b.md). Refs re-verified (README+install.md updated; no .drone/flake/scripts refs; closure byte-identical 8i3jcad9 unaffected). ALL RL1-RL6 Adversary-PASS, no VETO — Builder cleared to write ## DONE 2026-05-27 22:56:25 +01:00
autonomic-bot
7545bf20b3 status(1b): claim RL6 gate (CLAIMED, awaiting Adversary) so the watchdog pings — REVIEW* move + re-verify 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 22:53:03 +01:00
autonomic-bot
992d87cfcd refactor(1b): RL6 — move Builder protocol files into machine-docs/ (README stays root) 
git mv STATUS*/BACKLOG*/JOURNAL*/DECISIONS.md -> machine-docs/. README.md kept at root (operator
decision). Updated in-repo refs: README (status line + lint section + Loop-state section) and
docs/install.md -> machine-docs/...

Safe to move now: launch.sh already has resolve_state() (prefers machine-docs/ else root) used by
every STATUS/REVIEW read, and the running watchdog (pid 133191) was restarted AFTER that update, so
it is location-agnostic. scripts/lint.sh -> lint: PASS post-move. Adversary moves its own REVIEW*.md.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 22:35:30 +01:00
autonomic-bot
ffb1c98225 status(1b): RL3 FULL D1-D10 PASS (no VETO); flag orchestrator — ready for RL6 coordinated machine-docs/ cutover 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 22:09:29 +01:00
autonomic-bot
53efd54983 review(1b): RL3 PASS — full cold D1-D10 re-verify on the byte-identical cleaned closure, NOTHING weakened. 2 fresh green e2e (custom-html #151 + keycloak #152 SSO/DB, all 3 stages, upgrade ran); D6 leak test clean (8/8 infra + wildcard cert/key + generated keycloak admin pw = 0 in logs/dashboard; white-box secret_generate captured-never-printed); teardown no orphans; byte-identical rebuild=D8. D10 2-fresh + Phase-1 6/6 carry-forward. RL1-RL5 all Adversary-PASS, no VETO — only RL6 (coordinated machine-docs/ move) before DONE; ready for lockstep cutover 2026-05-27 22:07:46 +01:00
autonomic-bot
e58b69d16f docs(1b): record the tests/_template deviation (enroll=copy-existing-recipe) per Adversary RL3/D5 advisory 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 21:43:15 +01:00
autonomic-bot
9bfd6f2ad3 review(1b): RL3 fresh e2e #1 (custom-html #151) — D1(20s trigger)/D2(install+upgrade+backup green, upgrade ACTUALLY RAN)/D3(playwright)/D7(PR comment+dashboard)/D6-infra(0 secret matches) all PASS on the byte-identical cleaned closure. D6 app-secret watch-item RESOLVED white-box (secret_generate output captured, never printed); keycloak e2e #2 in flight for behavioral confirm. D5/D8/D9 PASS; D10 breadth carry-forward + 2 fresh runs; D4 byte-identical carried 2026-05-27 21:42:26 +01:00
autonomic-bot
41c6571895 review(1b): RL3 live !testme e2e in flight — triggered custom-html PR#2 @20:33:16Z (comment 13743, bot=org-member); watching trigger latency (D1) + install/upgrade/backup stages (D2-D4) + run URL (D7) on the byte-identical cleaned closure; D6 leak test to follow on this run's logs/dashboard. Noted: push→Drone webhook flaky (no push build for 1b commits) — RL1 advisory
All checks were successful
continuous-integration/drone Build is passing
Details
2026-05-27 21:34:24 +01:00
autonomic-bot
f033139aca review(1b): RL3 D8+RL5 byte-identical cold rebuild PASS — fresh recursive clone on cc-ci → nixos-rebuild build git+file://...?submodules=1#cc-ci → toplevel 8i3jcad9==running (build==running). Confirms reproducibility survived format+nix/ refactor; secrets genuinely from submodule (no-submodule build fails). RL3 remaining: live !testme e2e + D6 leak test + D5/D9/D10 refresh
All checks were successful
continuous-integration/drone Build is passing
Details
2026-05-27 21:31:38 +01:00
autonomic-bot
aa120d10d0 review(1b): RL2 PASS (no blocking §3 findings) + RL5 structural PASS (nix/ layout, flake at root, #cc-ci unchanged, no dangling refs) + RL3 cardinal-rule PASS (tests NOT weakened — diff 6d2bc3d..HEAD is ruff line-wrapping only, all assertions/operators/values preserved, no skip/xfail added). cc-ci running==8i3jcad9, healthy, 5 stacks. RL3 byte-identical cold rebuild + e2e + leak test next 2026-05-27 21:28:04 +01:00
autonomic-bot
bbfa915925 journal(1b): push-webhook diagnostic — inbound gateway delivery not reaching Drone (operator/gateway, §9); recipe-CI polling unaffected 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 21:25:11 +01:00
autonomic-bot
c4b816683d status(1b): RL2 clean + RL5 done + canonical switched to cleaned closure (build==running 8i3jcad9); claim RL3 gate 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 21:23:16 +01:00
autonomic-bot
433ec9de30 refactor(1b): RL5 — consolidate Nix code under nix/ (modules->nix/modules, hosts->nix/hosts) 
flake.nix/flake.lock STAY at root so the build ref #cc-ci is unchanged; only flake's internal
configuration.nix path updated. Root-relative refs inside moved modules re-based ../X -> ../../X
(secrets/bridge/dashboard); configuration.nix's ../../modules imports unchanged (both dirs under nix/).
Living docs (README, architecture/install/secrets/enroll) + .drone.yml comment updated to nix/...;
append-only history logs left as-is. DECISIONS.md records RL5 + the deferred-coordinated RL6.

Verified on cc-ci: nixos-rebuild build 'path:#cc-ci' -> toplevel 8i3jcad9 (BYTE-IDENTICAL to the
pre-move build — store derivations are content-addressed on file contents, module .nix not in the
runtime closure); scripts/lint.sh -> lint: PASS.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 21:19:09 +01:00
autonomic-bot
5a811e4ae4 review(1b): acknowledge operator RL5+RL6 (plan §7) as new blocking items. RL5 (nix/ folder consolidation) verification folds into RL3 cold byte-identical rebuild; RL6 (machine-docs/ move) is coordinated near-end-of-1b — REVIEW*.md are my files, I keep writing at root until the lockstep watchdog cutover then git mv my own. DoD now RL1–RL6 2026-05-27 21:13:19 +01:00
autonomic-bot
12e1336d2a review(1b): white-box §3 pass #2 (RL2 input) — harness DRY PASS (no harness surgery), architecture-matches-plan PASS (poll-primary §4.1, real traefik recipe §4.2), Nix idempotent/no-sentinels PASS, log-redaction real for infra secrets. No blocking findings; 2 advisories (old_app copy-paste→IDEAS; generated-app-secret redaction→RL3/D6 watch-item) 2026-05-27 21:08:53 +01:00
autonomic-bot
938f312345 review(1b): W0/RL1 PASS logged; W1 Builder §3 self-review — all blocking invariants hold, no fixes; await Adversary RL2 pass #2 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 21:06:57 +01:00
autonomic-bot
1237d29899 review(1b): W0 PASS (RL1) — lint/format tooling verified COLD on cc-ci over pristine archive of 233939a: nix develop .#lint → lint: PASS exit 0 (8 linters clean); stage wired in .drone.yml; break-it probe confirms FAIL exit 1 on injected violations (gate has teeth). Advisory: confirm push→Drone actually fires lint stage at RL3 (webhook flaky per §4.1) 2026-05-27 21:04:40 +01:00
autonomic-bot
8e1b9ee932 docs(1b): README — how to run lint/format locally + that CI enforces it (RL4) 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 21:01:25 +01:00
autonomic-bot
233939a58b docs(1b): record W0 lint decisions (DECISIONS) + claim W0 gate (STATUS/JOURNAL) 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 21:00:31 +01:00
autonomic-bot
4af427c01e ci(1b): add lint stage to .drone.yml push pipeline — enforces format/lint on every commit (RL1)
Some checks failed
continuous-integration/drone Build is failing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 20:53:08 +01:00
autonomic-bot
2cede01ed7 style(1b): auto-format + lint-clean the whole codebase (RL1) 
Mechanical, semantics-preserving cleanup so the codebase passes the new lint stage:
- ruff format: all 32 Python files (wraps long signatures, normalizes quotes/blank lines).
- nixpkgs-fmt: modules/drone-runner.nix.
- shfmt (-i 2 -ci): scripts/*.sh.

Lint fixes (reviewed, behavior-preserving — no test weakened):
- ruff SIM105: try/except-pass -> contextlib.suppress (abra.py app_config rm; lifecycle.py janitor).
- ruff SIM115: open().read() -> with open() (run_recipe_ci.py redaction-values + gitea-token).
- statix: merge repeated sops `secrets.*` keys into one `secrets = { ... }` (comments kept);
  empty fn pattern `{ ... }:` -> `_:` (packages.nix).
- deadnix: drop unused lambda args (flake `self`; configuration.nix `lib`; overlay `final` -> `_`).

Verified on cc-ci: `scripts/lint.sh` -> lint: PASS; nixosConfigurations.cc-ci evaluates;
all Python byte-compiles. The deployed bridge/dashboard/runner source changes hash (reformat),
so cc-ci will be rebuilt to the new closure in W2 before the cold D1-D10 re-verification.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 20:52:05 +01:00
autonomic-bot
a0ea2f0aa9 fix(1b): merge devShells.${system} into one attr (dynamic-attr collision) 2026-05-27 20:43:48 +01:00
autonomic-bot
07952c0383 fix(1b): remove duplicate nixosConfigurations.cc-ci in flake (broke eval) 2026-05-27 20:43:17 +01:00
autonomic-bot
f1438eb8c9 fix(1b): lint.sh excludes the secrets/ submodule (correct path) 2026-05-27 20:42:06 +01:00
autonomic-bot
a74925bf7d review(1b): phase-1b Adversary ledger seeded; white-box §3 prep pass #1 over post-1c baseline — tests real, no sentinels, no committed secrets, sleeps are poll intervals, teardown verified. Awaiting Builder to seed 1b state + claim W0 2026-05-27 20:41:30 +01:00
autonomic-bot
1de0885e2d feat(1b): add lint/format toolchain — lint devshell + scripts/lint.sh + ruff/yamllint config 2026-05-27 20:40:50 +01:00
autonomic-bot
575e0b5f11 chore(1b): seed Phase 1b loop state (STATUS/BACKLOG/JOURNAL/REVIEW) 2026-05-27 20:39:15 +01:00
autonomic-bot
6d2bc3d8e0 review(1c): DONE confirmed — Adversary final sign-off. All C1-C7 + E2E-TESTME PASS <24h, no VETO, no open findings; cc-ci healthy cqym8knj byte-identical, public TLS 200. Phase 1c genuinely DONE; loop terminating 2026-05-27 20:34:22 +01:00
autonomic-bot
6228cc3676 ## DONE — Phase 1c complete: all C1-C7 + E2E-TESTME Adversary-PASS <24h, no VETO 
Fully reproducible from git (cc-ci + cc-ci-secrets submodule + one bootstrap age key -> single
nixos-rebuild switch). D8 honest (static + live throwaway rebuild). Caught+fixed the abra-init race
and the non-deterministic Drone bot token en route.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 20:31:29 +01:00
autonomic-bot
9e0f72ac4b review(1c): C7 PASS — ADV-1c-1 closed (architecture.md now 1c-correct: cc-ci-secrets submodule + cert-in-git + recovery-key bootstrap). ALL C1-C7 + E2E-TESTME Adversary-PASS, no VETO — DONE handshake unblocked 2026-05-27 20:29:26 +01:00
autonomic-bot
2a5affcb30 1c: ADV-1c-1 addressed; only C7 re-verify between here and DONE (C1-C6+E2E PASS, no VETO) 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 20:24:38 +01:00
autonomic-bot
6276bfd3a8 1c/ADV-1c-1: architecture.md was already 1c-updated (b700cd2); expand line 17 for clarity (cert-in-git + recovery-key-on-clone). Pls re-verify HEAD 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 20:24:07 +01:00
autonomic-bot
0556ff5ad9 backlog(1c): file ADV-1c-1 [adversary] — architecture.md still describes pre-1c secrets/cert model; blocks C7 (doc gap, not VETO) 2026-05-27 20:01:41 +01:00
autonomic-bot
b301b031a1 review(1c): E2E-TESTME E1-E6 PASS (independent) + DONE-verification C1-C6 PASS; C7 WITHHELD — architecture.md stale (pre-1c secrets/cert model). No VETO. Filing ADV-1c-1 2026-05-27 20:01:13 +01:00
autonomic-bot
3bfb48b83a 1c: Builder work COMPLETE (C1-C7 + E2E-TESTME); C7 docs done; awaiting Adversary final DONE-verification 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 19:53:58 +01:00
autonomic-bot
b700cd2fda 1c/C7: docs — secrets.md + architecture.md updated to the 1c model (cc-ci-secrets submodule, cert-in-git, bootstrap age key, Drone-token injection, verified D8) 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 19:52:03 +01:00
autonomic-bot
bb09f00a18 1c: config FINAL cqym8knj (byte-identical); C4/C5 PASS, C6 settled (promote rebuilt VM); C7 docs in progress 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 19:49:23 +01:00
autonomic-bot
becd17dfcb 1c/E2E-TESTME: swapped back — public on original cc-ci; rebuilt VM kept (bridge paused); deploying token fix to cc-ci next
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 19:45:12 +01:00
autonomic-bot
3d86e31730 1c/E2E-TESTME: PASS (E1-E6) — clean-room VM serves a real !testme run end-to-end over the public domain
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 19:43:08 +01:00
autonomic-bot
0864673eed 1c/E2E-TESTME: E1-E3 PASS — !testme→bridge→build #4, app externally reachable via public gateway (200, real content, git cert)
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 19:39:33 +01:00
autonomic-bot
1a19a6c4c6 1c/E2E-TESTME: checkpoint — E1 pass, Drone-token fix committed, applying to rebuilt VM next
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 19:28:34 +01:00
autonomic-bot
af46acab6d 1c: record Drone-token clean-room finding+fix in journal
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 19:27:03 +01:00
autonomic-bot
c8bbd35f2a 1c/E2E-TESTME finding+fix: inject bridge_drone_token as Drone bot MACHINE TOKEN (DRONE_USER_CREATE token:)
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Clean-room finding caught by the e2e: DRONE_USER_CREATE had no token: => a fresh-DB rebuild's Drone
auto-generates a random bot token, so the committed (sops) bridge_drone_token gets 401 and the bridge
can't trigger builds. The original cc-ci only matched because its token was captured out-of-band. Now
the bot's machine token == bridge_drone_token deterministically on every rebuild. (Evolves the toplevel
again; re-establish byte-identical on cc-ci after the e2e + Adversary re-verifies C1.)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 19:27:00 +01:00
autonomic-bot
ee585ef6b4 1c/E2E-TESTME: bootstrap-drone-oauth.sh handles OAuth auto-approve (re-auth: no consent form -> follow 302 callback)
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Found during the e2e: when the bot already granted the shared Drone OAuth app, Gitea 302s straight to
the code callback (no consent form), so the consent-form parse yielded empty _csrf/state and set -e
aborted. Now: if authorize returns a Location, use it directly; else POST the consent form.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 19:21:47 +01:00
autonomic-bot
b74a59ea08 1c/E2E-TESTME: swap ACTIVE — public gateway → rebuilt VM (P1/P2 verified); recording reversible state + swap-back steps
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 19:18:49 +01:00
autonomic-bot
7f8a4304fd 1c: Gate W4 PASS (Adversary cold, C1-C5); proceeding to swap + E2E-TESTME
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 19:15:25 +01:00