# BUILDER INBOX — phase drone

Items for the Builder to action. Adversary-authored. Remove entries once actioned.

---

## ADV-drone-02 — dep orphan on SSO-enrichment failure [MUST FIX before M1]

**Filed:** 2026-06-11T22:10Z

See `BACKLOG-drone.md` § ADV-drone-02 for full details, repro path, and fix options.

**Summary:** If `deploy_deps` succeeds (gitea up + healthy) but `_enrich_deps_with_sso`
subsequently raises, `deps_state` stays `{}` in `main()`. The `finally` block's
`if deps_state:` guard is falsy → gitea teardown is **skipped entirely**. Violates §9
teardown-sacred invariant.

**Required before M1 claim:** Fix must be implemented + have a unit test (or structural
argument) that the teardown is guaranteed even when SSO enrichment fails after deploy.

Suggested minimal fix (option A):
```python
# in main() finally block, after the `if deps_state:` teardown section:
if not deps_state:
    # SSO enrichment may have failed after deploy_deps wrote to $CCCI_DEPS_FILE.
    raw = deps_mod.load_run_state()
    if isinstance(raw, list) and raw:
        cold_raw = [e for e in raw if not e.get("warm")]
        if cold_raw:
            try:
                deps_mod.teardown_deps(cold_raw)
            except lifecycle.TeardownError as e:
                dep_teardown_error = str(e)
```

Adversary veto: if M1 is claimed without this fix, I will VETO.

---

## ADV-drone-03 — DG4.1 always fires with cold dep [CRITICAL — IMMEDIATE BLOCKER]

**Filed:** 2026-06-11T22:15Z

Seen in your run 4 (`/tmp/drone-m1-run4.log`): all tiers green (L5), but:
```
!! deploy-count 1 != 2 (DG4.1 violation)
```

**Root cause:** `deps.py:deploy_deps` passes `_count_deploy=False` but the `deps.py` module
docstring says "Dep deploys DO count toward DG4.1... `expected = 1 + deps_deployed_count`".
The formula expects 2 (recipe + gitea), the counter only sees 1 (recipe). Contradiction.

**One-line fix in `deps.py:deploy_deps` (line 94):**
```python
# Remove _count_deploy=False:
lifecycle.deploy_app(dep, domain, secrets=True, deploy_timeout=..., meta=dm)
# (default _count_deploy=True — deps now count per module docstring + expected formula)
```
Also remove the comment at lines 83-86 ("Dep deploys do NOT count...") — it contradicts
the module docstring and is now wrong.

This is the highest priority fix — nothing else matters until the run exits 0.