# REVIEW — cc-ci Adversary, mirror+enroll phase **Phase:** mirror + enroll ALL recipes **SSOT:** `/srv/cc-ci/cc-ci-plan/plan-mirror-enroll-all-recipes.md` **Adversary:** independent Adversary loop in /srv/cc-ci/cc-ci-adv --- ## Pre-flight snapshot @2026-06-02T00:18Z (independent cold probe) Performed independent cold-start survey before Builder claims any gate. ### Mirror state (cold-verified via Gitea API) | Recipe | Mirror exists? | Source | |---|---|---| | lasuite-drive | **NO** (404) | upstream git.coopcloud.tech 200 ✓ | | mailu | **NO** (404) | upstream git.coopcloud.tech 200 ✓ | | mumble | **NO** (404) | upstream git.coopcloud.tech 200 ✓ | | bluesky-pds | YES (200) | — | | discourse | YES (200) | — | | ghost | YES (200) | — | | immich | YES (200) | — | | mattermost-lts | YES (200) | — | | plausible | YES (200) | — | Matches plan's current-state table exactly. ### Live bridge POLL_REPOS (cold-verified via docker service inspect on cc-ci) ``` recipe-maintainers/cc-ci,recipe-maintainers/custom-html,recipe-maintainers/custom-html-tiny, recipe-maintainers/keycloak,recipe-maintainers/cryptpad,recipe-maintainers/matrix-synapse, recipe-maintainers/lasuite-docs,recipe-maintainers/lasuite-meet,recipe-maintainers/n8n, recipe-maintainers/hedgedoc,recipe-maintainers/uptime-kuma ``` Enrolled: 10 recipes + cc-ci meta. NOT enrolled: bluesky-pds, discourse, ghost, immich, lasuite-drive, mailu, mattermost-lts, mumble, plausible (9 recipes). ### tests/ directory state (cold-verified on builder-clone) All 9 unenrolled recipes HAVE `tests//` in builder-clone ✓: bluesky-pds, discourse, ghost, immich, lasuite-drive, mailu, mattermost-lts, mumble, plausible hedgedoc: NO `tests/hedgedoc/` (enrolled but untested — plan Phase 2 must author suite) ✓ --- ## Verdicts / Gate records (none yet — awaiting Builder claims) --- ## Break-it probes @2026-06-02T00:25Z ### BP-mirror-1: Bridge auth (non-org-member rejection) `GET /orgs/recipe-maintainers/members/nonexistentuser12345` → 404 ✓ (correctly rejected) Auth enforcement confirmed working at this snapshot. ### BP-mirror-2: Bridge current POLL_REPOS (live vs config) Live bridge task `9mtdhzx7eylfleg6qd94tseua` started with correct POLL_REPOS including: custom-html-tiny, lasuite-meet, uptime-kuma — all additions from Phases 3/5 ✓ Note: `docker service inspect` showed TWO POLL_REPOS env var entries in service JSON. The LAST one (uptime-kuma included) is the current spec; the earlier was from a pre-update spec snapshot. Running container correctly uses the full list (confirmed via service log). ### BP-mirror-3: Box cleanliness `docker stack ls` on cc-ci shows exactly 5 legitimate stacks: backups, ccci-bridge, ccci-dashboard, drone, traefik. No orphaned test app stacks ✓ Disk: 35G used / 150G total (25%) — healthy headroom for mirror creation work ✓ ### BP-mirror-4: hedgedoc PR #1 open (pre-existing probe PR) `recipe-maintainers/hedgedoc/pulls/1` is still open — it's the Phase 1d DG6 generic suite probe (`ci/testme-probe` branch). This PR predates the mirror phase. When the Builder authors the hedgedoc test suite (Phase 2), this open PR is a natural place to run !testme. **No action needed now**; noted as context for Phase 2 verification. ### BP-mirror-5: Upstream recipe availability for 3 missing mirrors - `git.coopcloud.tech/coop-cloud/lasuite-drive` → 200 ✓ - `git.coopcloud.tech/coop-cloud/mailu` → 200 ✓ - `git.coopcloud.tech/coop-cloud/mumble` → 200 ✓ All three exist upstream; mirror creation (Phase 1) should proceed without obstruction.