recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
main
cc-ci/machine-docs/BACKLOG-1b.md
autonomic-bot 992d87cfcd refactor(1b): RL6 — move Builder protocol files into machine-docs/ (README stays root) 
git mv STATUS*/BACKLOG*/JOURNAL*/DECISIONS.md -> machine-docs/. README.md kept at root (operator
decision). Updated in-repo refs: README (status line + lint section + Loop-state section) and
docs/install.md -> machine-docs/...

Safe to move now: launch.sh already has resolve_state() (prefers machine-docs/ else root) used by
every STATUS/REVIEW read, and the running watchdog (pid 133191) was restarted AFTER that update, so
it is location-agnostic. scripts/lint.sh -> lint: PASS post-move. Adversary moves its own REVIEW*.md.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-27 22:35:30 +01:00

2.8 KiB
Raw Permalink Blame History

BACKLOG — Phase 1b (review & lint pass)

Phase-namespaced backlog. Builder owns ## Build backlog; Adversary owns ## Adversary findings.

Build backlog

W0 — Tooling + format (RL1) — DONE (Adversary PASS @2026-05-27)

  • Add lint tooling to the flake: a lint devshell (nixpkgs-fmt, statix, deadnix, ruff, shellcheck, shfmt, yamllint) built from the pinned nixpkgs.
  • Add a lint entrypoint script (scripts/lint.sh) with check + --fix modes; tool configs (ruff, yamllint, etc.).
  • Auto-format the codebase (nix + python + shell).
  • Fix remaining lint findings (statix/deadnix/ruff-lint/shellcheck) without weakening any test.
  • Wire a lint stage into .drone.yml (push event); verified green from a clean checkout (Adversary cold PASS + break-it probe).

W1 — Review checklist + fixes (RL2)

  • Run the §3 white-box checklist (Builder side): all blocking invariants hold (tests-real, harness-DRY, nix-idempotent, no-footguns, no-secrets, log-redaction); no fix needed; no advisory to file. Recorded in JOURNAL-1b. Awaiting Adversary's own §3 pass #2 to confirm RL2.

W2 — Re-verify + document (RL3/RL4)

  • RL4 docs: README "Linting & formatting" (local + CI-enforced); architecture.md nix/ layout; decisions in DECISIONS.md (lint tooling, RL5/RL6).
  • Rebuild canonical cc-ci to the cleaned+RL5 closure (8i3jcad9) so build == running; healthy (0 failed, stacks up, public dashboard 200).
  • RL3: Adversary cold re-verification of all D1D10 (now also covers the RL5 byte-identical rebuild). Gate claimed in STATUS-1b.
  • On full PASS handshake, write ## DONE to STATUS-1b.md.

RL5 — Nix-folder consolidation (operator §7) — DONE

  • modules/nix/modules/, hosts/nix/hosts/; flake at root (#cc-ci unchanged); paths fixed; docs updated; builds byte-identical 8i3jcad9; lint PASS; canonical switched + healthy.

RL6 — protocol files → machine-docs/ (operator §7) — DEFERRED (coordinated, LAST)

  • git mv STATUS*/REVIEW*/JOURNAL*/BACKLOG*/DECISIONS.md machine-docs/ (README stays root); update refs. MUST be lockstep with orchestrator (launch.sh + watchdog restart). Do as the final 1b step; flag the orchestrator first. Not while a phase transition is pending.

Advisories triaged (from Adversary §3 pass #2)

  • [idea] Share the old_app upgrade fixture across recipe suites instead of per-recipe copy-paste — advisory only (per-recipe upgrade tests are by design; not a harness-DRY blocker). Defer to Phase 2.
  • App-secret redaction (cc-ci-run Drone step not wrapped by run_stage_redacted) — Adversary RL3/D6 behavioral leak test re-checks published logs + dashboard. Adversary-owned watch-item.

Adversary findings

(empty — Adversary owns this section)