1290 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
autonomic-bot	fed2678200	claim(M1-settings): settings loader + SKIP_CANONICALS_FOR_UPGRADE + release-tag-first fallback implemented + unit-tested (315 pass); awaiting Adversary cold-verify ... Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-17 16:55:59 +00:00
autonomic-bot	cd19c1b172	feat(settings): server settings.toml loader + SKIP_CANONICALS_FOR_UPGRADE + release-tag-first no-canonical fallback ... - harness/settings.py: stdlib tomllib loader, [upgrade].skip_canonicals_for_upgrade (bool, default false), _SCHEMA single-source defaults+validation; graceful on absent/malformed (WARN+defaults), warn-and-ignore unknown keys/tables, TypeError on wrong type. Path $CCCI_SETTINGS / /etc/cc-ci/settings.toml. + tracked settings.toml.example. - resolve_upgrade_base: flag true bypasses the canonical lookup -> no-canonical fallback; canonical-present path (incl. samever step-back) unchanged when false. - _no_canonical_base (always-on, §2.C): newest release tag < head (reuse warm_reconcile.newest_older_version) -> main-tip -> skip; replaces jump-to-main-tip. - unit: full resolution matrix + loader tests; 315 unit pass, ruff clean. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-17 16:55:22 +00:00
autonomic-bot	90228cffc4	chore(settings-adv): init REVIEW-settings.md + baseline orientation (awaiting Builder bootstrap)	2026-06-17 16:46:09 +00:00
autonomic-bot	f68f1c56d9	status(dash): ## DONE — M1+M2 fresh Adversary PASS (3595e80, 4c0b289), no VETO ... Per-recipe history now sources the full run list from local /var/lib/cc-ci-runs artifacts; deployed (image 11ac2a1e6c07, 1/1) + verified live: bluesky-pds 8 in exact host ts order, ghost 24/immich 28/discourse 25, plausible/custom-html capped 30 newest; overview+badges 200; traversal/injection rejected; retention no-trim. DoD plan §5 met. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-17 16:40:29 +00:00
autonomic-bot	7507cf4736	review(M2): PASS — live full per-recipe history verified (image 11ac2a1e6c07 1/1; bluesky-pds 8/ghost 24/immich 28/discourse 25 = host, plausible+custom-html capped 30; exact ts order incl mixed-id trap; cap keeps newest=758; overview+badge 200; live traversal/injection 404, no leak; retention no-trim confirmed). M1+M2 fresh PASS, no VETO.	2026-06-17 16:39:35 +00:00
autonomic-bot	4c0b289881	claim(M2): dashboard redeployed (image 15addbc7bf45 -> 11ac2a1e6c07), live full per-recipe history verified ... bluesky-pds 8 rows in exact host ts order (753 556 435 427 423 ab-* m2rr-* m2r-*), plausible 30 (capped from 33), ghost 24; overview+badges 200; service 1/1. Deploy via path: flake (git-flake drops secrets/ submodule). Retention: no trim job on /var/lib/cc-ci-runs (439 dirs / 17 days) — adequate. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-17 16:37:21 +00:00
autonomic-bot	84ac65f6d2	review(M1): PASS — local-artifact history cold-verified vs host (bluesky-pds=8 exact ts order, mixed-id trap handled, 308 rows, cap keeps newest, malformed dirs skip no-500, security guards intact, stdlib-only, 13/13 unit). No defects.	2026-06-17 16:28:09 +00:00
autonomic-bot	931a2bed89	status(dash): record M2 deploy procedure + expected image tag roll (15addbc7bf45 -> 11ac2a1e6c07)	2026-06-17 16:26:54 +00:00
autonomic-bot	3595e80d08	claim(M1): per-recipe history sourced from local /var/lib/cc-ci-runs artifacts (full history, not Drone 100-build slice) ... history_for() now enumerates run dirs' results.json, groups by recipe, sorts newest-first by finished timestamp (mixed numeric+named ids — timestamp is the only correct key), caps at HISTORY_CAP=30, skips malformed/empty/no-recipe dirs. Overview + badges + /runs + security guards + stdlib-only unchanged. Local verify: 13/13 unit tests; full-fixture vs 308 real results.json → bluesky-pds=8 in exact ts order, plausible capped 30 newest, edge dirs skipped. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-17 16:25:39 +00:00
autonomic-bot	2d5211f401	review(dash): pre-claim independent ground truth baseline — 432 run dirs/308 parseable/124 unparseable, bluesky-pds=8 runs w/ mixed numeric+named ids (timestamp-sort trap), per-recipe counts, break-test plan	2026-06-17 16:20:53 +00:00
autonomic-bot	4f6d73302a	review(canon): CLOSE DEFECT-1/2/3 — all re-verified resolved at M2 PASS (honest labels, faithful-install promote 16 clean, env-parity git-lfs proven in production timer fire)	2026-06-17 16:16:35 +00:00
autonomic-bot	86d61fe662	status(canon): ## DONE — M1+M2 fresh Adversary PASS (8149a2c, no VETO), §5 DoD fully cold-verified ... Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-17 16:16:02 +00:00
autonomic-bot	8149a2cd4a	review(M2): PASS — canonical sweep proven end-to-end, no VETO. 16 canonicals commit==tag (cold re-derived), real non-hollow timer fire (Result=success, single serial, custom-html 1.11→1.13 advance), determinism 2nd sweep 15-skip/5-documented-exception-run (no overlap, launched 14:41 after 14:37 fire end), tagged-gate both ways, samever step-back never fires in-sweep, UPGRADE_BASE_VERSION retired (plausible dynamic base 3.0.1 re-derived), my own --quick warm reattach reuses retained volume + 200, all 6 exceptions in DECISIONS, AI-free. DEFECT-3 CLOSED (parity byte-match + gitea lfs PASS in prod fire). M1+M2 fresh PASS → Builder may write ## DONE	2026-06-17 16:15:28 +00:00
autonomic-bot	a4f1df435b	claim(M2): canonical sweep proven end-to-end — real timer fire promoted 16 canonicals (custom-html 1.11→1.13 live advance), determinism 2nd sweep clean (15 at-latest SKIP, only documented exceptions RUN), tagged-promote/samever-orthogonality/disk-budget/UPGRADE_BASE_VERSION-retirement all proven; 6 exceptions in DECISIONS; AI-free runtime	2026-06-17 16:07:18 +00:00
autonomic-bot	29ca9b92a1	status(canon): stage M2 claim body (all sub-items WHAT/HOW/EXPECTED/WHERE) — finalizing on determinism 2nd sweep completion	2026-06-17 15:59:05 +00:00
autonomic-bot	009bc60dc0	decisions(canon): record M2.7 warm-volume disk budget — 38G free, all-enrolled sustainable, no recipe dropped	2026-06-17 15:57:14 +00:00
autonomic-bot	245c937ed7	chore(canon): consume ADVERSARY-INBOX — clean determinism 2nd sweep heads-up (M2.3 evidence in flight, pid 2248547); staying off-node, will verify SKIP/RUN partition + single-serial at M2 claim	2026-06-17 14:42:52 +00:00
autonomic-bot	5c67543f6d	inbox(canon): heads-up — clean determinism 2nd sweep in flight (M2.3 evidence), single node, ~96m	2026-06-17 14:42:07 +00:00
autonomic-bot	e8822165dd	journal(canon): production re-fire COMPLETE (Result=success, gitea cold-green via lfs PASS under parity PATH) — DEFECT-3 closed; launched clean determinism 2nd sweep (custom-html now at 1.13.0 → all 16 promoted at-latest)	2026-06-17 14:41:45 +00:00
autonomic-bot	cf0659fc1f	review(canon): production-env real timer fire COMPLETED clean (Result=success, single serial) — custom-html promoted 1.11→1.13, 14 SKIP, 6 documented exceptions; DEFECT-3 prod re-validation favorable, closes at M2 claim	2026-06-17 14:39:43 +00:00
autonomic-bot	1fd89dbaa1	review(canon): DEFECT-3 parity REAL (sweep PATH byte-matches Drone, git-lfs present) + live timer re-fire re-validating — gitea lfs PASSED cold-green, custom-html 1.11→1.13 promoted, promoted set SKIPs; favorable but M2 unclaimed, won't close until fire completes	2026-06-17 14:28:34 +00:00
autonomic-bot	1cc14aa98e	journal(canon): resume reconstruction — parity fix deployed, real timer re-fire in flight (custom-html 1.11→1.13 promoted)	2026-06-17 13:20:26 +00:00
autonomic-bot	cd897a1885	review(canon): assess DEFECT-3 env-parity fix (2c61f2f, host PATH=Drone parity) — right fix; DEFECT-3 stays OPEN until nixos-rebuild + real-timer re-fire re-validates promoted set in production env (verify parity real, gitea flips cold-green)	2026-06-17 13:10:14 +00:00
autonomic-bot	2c61f2fadf	fix(canon): sweep runs with host PATH = Drone-runner env parity (DEFECT-3 git-lfs etc.) ... The real timer fire redded gitea at the custom tier (git: 'lfs' is not a git command) — the nightly-sweep writeShellApplication had a clean nix-only PATH, while Drone's recipe-CI runner runs with PATH=/run/current-system/sw/bin:/run/wrappers/bin (where git-lfs + all host tooling live). My manual sweeps used a login PATH that masked this. Prepend the host system PATH so the timer sweep validates recipes in the SAME environment as Drone — one fix for git-lfs/bash/openssl/etc. parity. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-17 13:00:18 +00:00
autonomic-bot	c387ee1dd8	chore(canon): consume BUILDER-INBOX (DEFECT-3 git-lfs/env-parity — fixing sweep PATH, will re-fire as M2.2 evidence)	2026-06-17 12:59:27 +00:00
autonomic-bot	bd0a565680	review+inbox(canon): DEFECT-3 — real timer fire reds gitea on MISSING git-lfs in nightly-sweep.service runtimeInputs (same class as bash gap); manual sweep env (had git-lfs, gitea cold-green) != production timer env → M2.2 promote evidence must be re-validated under the real timer; heads-up sent	2026-06-17 12:57:58 +00:00
autonomic-bot	7f2e256866	review(canon): §2.G strip code-level CONFIRMED complete (no live UPGRADE_BASE_VERSION; only removal comments; KEYS 15->14; plausible dynamic base 3.0.1) — M2.8 favorable, re-run units+plausible at claim; M2.5 bash-fix needs redeploy+fresh fire	2026-06-17 12:35:14 +00:00
autonomic-bot	cebd293c5a	fix(canon): add bash to nightly-sweep runtimeInputs (real timer fire caught missing bash) ... The deployed sweep service (writeShellApplication) sets a clean PATH from runtimeInputs only; mirror_sync shells out via subprocess.run(['bash', recipe-mirror-sync.sh, r]) → FileNotFoundError 'bash' on the real systemd fire (manual ssh runs had bash on PATH and masked it). Add bash. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-17 12:34:03 +00:00
autonomic-bot	83c183d985	feat(canon): §2.G strip UPGRADE_BASE_VERSION entirely (plausible verified dynamic-base green) ... Gate satisfied — live: with the pin removed, plausible's upgrade tier resolves base 3.0.1+v2.0.0 via the same-version step-back (canonical 3.1.0 == head 3.1.0 → newest-older = 3.0.1, NOT the broken 3.0.0) and passes install+upgrade green (level 5/5). The pin is redundant, so removed everywhere: - meta.py KEYS entry (RecipeMeta field auto-drops; 15→14 keys). - run_recipe_ci.resolve_upgrade_base override branch + docstrings. - tests/unit/test_meta.py (count 15→14, dropped None-assert), test_upgrade_base.py (override test). - docs/recipe-customization.md (regenerated table + mentions), docs/testing.md. - tests/plausible/recipe_meta.py (pin removed), tests/bluesky-pds (re-enable note → dynamic base). 294 unit tests pass; lint clean. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-17 12:31:53 +00:00
autonomic-bot	f611dda893	feat(canon): §2.G remove plausible UPGRADE_BASE_VERSION pin (dynamic base resolves 3.0.1 via step-back) ... plausible's canonical is established at 3.1.0+v2.0.0 (latest), so the dynamic resolver no longer needs the explicit pin: a same-version head steps back to newest-older = 3.0.1+v2.0.0 (NOT the broken 3.0.0). Verifying live before stripping the key globally (§2.G gate). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-17 12:26:25 +00:00
autonomic-bot	8e15def15d	review(canon): acceptance bar for gitea-exception (VERIFY custom-html advance really promoted + gitea app.ini-RO is recipe not machinery mount) + M2.3 reframing (accept IFF 2nd sweep: 15 skip / only documented exceptions run; flag as literal-DoD deviation for operator)	2026-06-17 12:22:52 +00:00
autonomic-bot	bdc2ec4773	decisions(canon): gitea 3.6.0 warm-advance exception (app.ini read-only, recipe issue; 3.5.3 valid) + M2.3 determinism framing	2026-06-17 12:19:04 +00:00
autonomic-bot	9ffbba57e3	review(canon): authoritative sweep DONE rc=0 @12:00:03Z (single serial, 11:25:57->12:00:03); determinism preview visible (promoted recipes SKIP); awaiting gitea fix + M2.3/5/6/7/8 proofs before claim	2026-06-17 12:10:44 +00:00
autonomic-bot	930335972a	chore(canon): consume BUILDER-INBOX (gitea 3.6.0 advance — fixing; drone promoted clean)	2026-06-17 12:00:53 +00:00
autonomic-bot	a6c506844a	review+inbox(canon): final-sweep crux — drone PROMOTED CLEAN (residue fix works, DEFECT-2 closing) but gitea 3.6.0 advance FAILED AGAIN (GREEN-BUT-PROMOTE-FAILED, canon kept 3.5.3) → CLAIM-BLOCKER for M2.6 (advance undemonstrated) + M2.3 (green recipe re-runs, not a red); heads-up sent	2026-06-17 11:59:14 +00:00
autonomic-bot	35d629452b	decisions(canon): record 4 recipe RED exceptions (discourse upstream-compose / mattermost+mumble test-red / bluesky warm-routing) — genuine, tests unmodified, left intact	2026-06-17 11:37:33 +00:00
autonomic-bot	31fbed13b6	review(canon): CONFIRMED final authoritative sweep @12acf94 contains both ca89d44+d072d7e (recency criterion MET); list red-diagnosis verifications (discourse/mattermost-lts/mumble/bluesky) — verify genuine+not-weakened+DECISIONS-recorded at claim	2026-06-17 11:35:51 +00:00
autonomic-bot	2ce31b4035	status(canon): FINAL authoritative M2.2 sweep launched (post-fix /etc/cc-ci@12acf94, enrolled=20, serial); red diagnoses recorded	2026-06-17 11:26:19 +00:00
autonomic-bot	12acf94b91	review(canon): pre-fix sweep DONE (15 canonicals); NEW red mumble rc=1 (must fix-or-document); plausible promoted 3.1.0+v2.0.0 not 3.0.1 → §2.8 retirement must re-derive dynamic base vs actual canonical	2026-06-17 11:23:53 +00:00
autonomic-bot	32c9703ffe	review(canon): VERIFIED fresh-seed-teardown × live-keycloak footgun MITIGATED — keycloak de-enrolled (enrolled=20, not in set), live warm-keycloak 200 + 1/1 unharmed by pre-fix sweep; carry: check no other recipe domain collides with a live service	2026-06-17 11:12:25 +00:00
autonomic-bot	618ac1ef6f	status(canon): M2 snapshot — 10 clean promotes incl. lasuite-* (warm dep works); plan for authoritative post-fix sweep	2026-06-17 11:03:00 +00:00
autonomic-bot	3bcc11f7b5	review(canon): note residue fix (ca89d44, likely drone root cause) + keycloak de-enroll (d072d7e, §2.B exception, enrolled=20); set M2-evidence recency criterion — accepted sweep must postdate both fixes, single serial, drone promotes-or-exception	2026-06-17 11:00:24 +00:00
autonomic-bot	d072d7e2c2	fix(canon): de-enroll keycloak (live-warm OIDC provider) — §2.B exception ... keycloak is the always-on shared OIDC dep provider at warm-keycloak.ci..., the SAME stable domain a data-warm canonical would use → the sweep's promote would collide with the live provider that lasuite-*/drone depend on. keycloak is kept current by roll_warm_infra (WC1.1) instead. WARM_CANONICAL=False; exception recorded in DECISIONS. Enrolled set now 20. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-17 10:54:14 +00:00
autonomic-bot	ca89d44c05	fix(canon): promote clears stale warm-stack on a fresh seed (failed-promote secret residue) ... A once-failed promote left swarm secrets (e.g. drone's gitea client_secret_v1) behind; the retry's install_steps 'abra app secret insert' then FATAd 'already exists', so a recipe could never recover its canonical. promote_canonical now teardown_app()s the warm domain when there is NO existing canonical (fresh seed) — clearing leftover secrets/.env/partial volumes — while a re-promote (canonical exists) still reattaches its retained known-good volume untouched. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-17 10:51:01 +00:00
autonomic-bot	d32940d3e1	review(canon): clean-serial sweep obs — drone STILL promote-fails clean (lock fix cured hang, not promote; M2 risk); gitea new-tag 3.5.3->3.6.0 advance = live M2.6 evidence	2026-06-17 10:48:12 +00:00
autonomic-bot	d4a053dfcc	chore(canon): consume ADVERSARY-INBOX (concurrent sweeps killed, drone tainted-canonical discarded, ONE clean serial sweep relaunched pid1741209); carry to claim — verify 7 kept canonicals' ts outside concurrency window	2026-06-17 10:25:01 +00:00
autonomic-bot	1f4aa25a2b	inbox+status(canon): killed concurrent sweeps, cleaned residue, cleared concurrency-tainted drone canonical; ONE clean serial sweep relaunched	2026-06-17 10:24:06 +00:00
autonomic-bot	fb2fe307dc	chore(canon): consume BUILDER-INBOX (concurrent-sweep alert — killing wedged old sweep, will re-run clean serial)	2026-06-17 10:21:42 +00:00
autonomic-bot	4d5b03b485	inbox+review(canon): TWO concurrent sweeps — wedged old sweep (PID1712141, drone deadlock child ~46m) still alive alongside new re-run (PID1736506); violates §4 serial + breaks release_app_locks precondition; M2 evidence from overlapping run not acceptable	2026-06-17 10:20:49 +00:00
autonomic-bot	88293702b2	status(canon): mirror-sync master-detection + cold-dep lock-release fixes deployed; validating drone	2026-06-17 10:05:13 +00:00