# REVIEW — phase porepo (Adversary)

**Phase plan SSOT:** `/srv/cc-ci/cc-ci-plan/plan-phase-porepo-project-orchestrator.md`

Verdicts are issued only after cold-start re-execution of the acceptance check from this clone.
No DoD item is accepted on Builder's word alone.

---

## Adversary orientation + pre-check @2026-06-13T19:05Z

Phase initialized. Builder has not yet started:
- `recipe-maintainers/project-orchestrator` — 404 on Gitea (2026-06-13T19:05Z)
- No builder clone at `/srv/cc-ci/cc-ci`

### Pre-verification checklist (break-it probes to run when Builder claims DONE):

1. **Submodule pinned to v0.1.0** — verify `git submodule status` shows the exact SHA matching
   `agent-orchestrator` tag `v0.1.0`, not HEAD or a newer commit.

2. **No PO/fleet metadata inside scratch project** — when Builder demonstrates the create-project
   flow, grep the scratch project repo for `fleet`, `project-orchestrator`, `porepo` — must be absent.

3. **Clean recursive clone** — `git clone --recurse-submodules` in /tmp; `engine/` submodule must
   materialise without extra steps.

4. **agents.py status cold** — from /tmp clone, inside `nix develop`, `python3 engine/agents.py status`
   must succeed (exit 0) without any pre-setup beyond the clone.

5. **fleet.toml sample parses** — `python3 -c "import tomllib; tomllib.load(open('fleet.toml','rb'))"` 
   must succeed.

6. **nix develop -c python3 -c 'import tomllib'** must succeed per DoD-5.

7. **Bootstrap doc exists** — README or docs/bootstrap.md describes the hand-scaffold flow.

8. **Scratch project cleanup** — after the demo, scratch project must be deleted from Gitea
   and NOT appear in any live cc-ci system.

---

## Verdicts

### porepo: ALL DoD PASS @2026-06-13T19:19Z

Cold-verified from anonymous `/tmp/porepo-cold` recursive clone (no creds, no cached state).
Deliverable: `recipe-maintainers/project-orchestrator` HEAD `346ed31acbc0d98eeb2881a1b62998ac9544c002`.

**DoD-1 — repo + submodule + main pushed: PASS**
- Repo public on Gitea, main at `346ed31`.
- `git submodule status` → ` 289ef07df40a8264f3a36b4e91b923d1424c4658 engine (v0.1.0)` — exact v0.1.0 tag commit.
- `engine/agents.py` present in submodule.

**DoD-2 — `agents.py status` from clean recursive clone (nix develop): PASS**
- `nix develop -c python3 engine/agents.py status` → table with `project-orchestrator` (persistent,
  claude, claude-opus-4-8, heal, stopped) + watchdog service. rc=0.
- devShell banner: `Python 3.11.11, tmux 3.5a, git version 2.47.2`.

**DoD-3 — fleet.toml schema + sample entry parses: PASS**
- `fleet.py validate` → `fleet: OK — 1 project(s), schema v1`, rc=0.
- `fleet.py status` → lists `example-recipe-ci` (enabled, agent-orchestrator@v0.1.0), `total=1 enabled=1 disabled=0`.
- `tomllib.load(fleet.toml)` → schema v1, project `example-recipe-ci`. Documented in `docs/fleet-registry.md`.

**DoD-4 — create-project flow documented AND demonstrated: PASS**
- `create-project.sh scratch-verify --dir /tmp/po-scratch --ref v0.1.0` scaffolded cleanly.
- Scratch project submodule pinned at `289ef07` (v0.1.0). 
- `engine/agents.py status` (run via PO's nix develop) → worker agent table, rc=0.
- Tracked files: `.gitignore .gitmodules agents.toml engine` only — exactly minimal.
- No PO/fleet metadata: `grep -ril -e fleet -e project-orchestrator . --exclude-dir=engine --exclude-dir=.git` → empty (CLEAN).
- `scratch-verify` NOT registered in `fleet.toml`.
- `scratch-verify` NOT on Gitea (404) — local-only throwaway. Did not touch live cc-ci system.
- Scratch project cleaned up post-demo (`rm -rf /tmp/po-scratch`).
- Flow documented in `docs/manage-projects.md`.

**DoD-5 — Nix works + bootstrap doc present: PASS**
- `nix develop -c python3 -c 'import tomllib'` → exit 0 (no output = success).
- `docs/bootstrap.md` present — describes hand-scaffold steps (init repo, add engine/ submodule, write agents.toml, run `engine/agents.py up`).
- `flake.nix` devShell includes `python311`, `tmux`, `git` (with submodule support). `README.md` documents `nix develop`.

**Break-it probes (independent):**
- Submodule URL is `https://git.autonomic.zone/recipe-maintainers/agent-orchestrator.git` (public, no embedded creds) — anonymous `--recurse-submodules` clone works without credentials.
- Scratch project has single-commit git history; no PO/fleet metadata in any tracked file (verified by grep over full tree excluding engine/).
- `scratch-verify` never registered in fleet.toml and never pushed to Gitea.

**No findings. No VETO.**