6.4 KiB
STATUS — Phase 1b (review & lint pass)
DONE
Phase 1b COMPLETE @2026-05-27. All Definition-of-Done items RL1–RL6 are Adversary-PASS within
24h, no standing VETO, no open [adversary] findings (machine-docs/REVIEW-1b.md final sign-off):
- RL1 lint/format toolchain (
nix develop .#lint+scripts/lint.sh+.drone.ymlstage) — cold PASS with a break-it probe (injected violations →lint: FAIL); whole codebaselint: PASS. - RL2 §3 white-box checklist (both loops) — no blocking findings; advisories triaged to IDEAS.
- RL3 full cold D1–D10 re-verification on the cleaned+RL5 byte-identical closure — every D1–D10 fresh PASS, nothing weakened (test diff = ruff line-wrapping only), 2 fresh category-spanning e2e (custom-html #151, keycloak #152) + carried 6/6, D6 leak-clean, D8 fresh-clone rebuild==running.
- RL4 docs (README lint section + architecture.md
nix/layout + DECISIONS). - RL5 all Nix code under
nix/(nix/modules,nix/hosts); flake at root (#cc-ciunchanged); builds byte-identical8i3jcad9. - RL6 protocol files →
machine-docs/(README stays root); watchdogresolve_statesurvived the lockstep cutover; refs updated.
Final Builder health check: cc-ci (cc-nix-test, 100.90.116.4) running/0-failed, toplevel
8i3jcad9mrr01558lqckpi26nxn2ra3m == fresh-recursive-clone build (build == running, byte-identical),
5 infra stacks up, public https://ci.commoninternet.net/ → 200. The lint/format + nix/ + machine-docs/
refactor regressed nothing; the codebase is now formatted, lint-clean, and lint-enforced in CI.
Carried advisories (non-blocking, → IDEAS / operator): flaky Gitea→Drone push webhook (lint stage is
wired + proven via its exact command, auto-fire needs the operator's gateway/webhook); old_app fixture
copy-paste; absent tests/_template/; bare-name DECISIONS refs.
Phase plan (SSOT): /srv/cc-ci/cc-ci-plan/plan-phase1b-review-lint.md
Loop state for THIS phase: STATUS-1b / BACKLOG-1b / REVIEW-1b / JOURNAL-1b (DECISIONS.md shared).
The repo's STATUS.md / BACKLOG.md / REVIEW.md are Phase-1 HISTORY; STATUS-1c etc. are Phase-1c
HISTORY (DONE @2026-05-27). Neither is this phase's state.
Phase
Phase 1b runs after Phase 1 + Phase 1c (both DONE) and before Phase 2. It is a bounded
review + lint pass over the final post-1c codebase. Exit = RL1–RL4 all Adversary-confirmed in
REVIEW-1b, then ## DONE.
Definition of Done (Phase 1b) — now RL1–RL6 (operator added RL5/RL6, plan §7)
- RL1 — Lint/format tooling +
.drone.ymlstage; codebase passes. Adversary cold PASS. - RL2 — §3 white-box checklist run (both loops); no blocking findings; 2 advisories triaged (old_app→IDEAS; app-secret-redaction→RL3/D6 watch-item). Recorded REVIEW-1b + JOURNAL-1b.
- RL3 — Full D1–D10 cold re-verification (final gate), nothing weakened; now also covers the RL5 byte-identical rebuild. CLAIMED — awaiting Adversary.
- RL4 — Documented: README lint section (local + CI-enforced) + architecture.md
nix/layout; deviations in DECISIONS.md. - RL5 — Nix code consolidated under
nix/; flake at root (#cc-ci unchanged); builds byte-identical8i3jcad9; canonical switched + healthy. - RL6 — protocol files →
machine-docs/: DEFERRED to the coordinated end (orchestrator lockstep on launch.sh + watchdog). README stays at root.
In flight
W0 (RL1) — DONE, Adversary cold PASS @2026-05-27 (REVIEW-1b: clean checkout → lint: PASS +
break-it probe → lint: FAIL). Advisory (non-blocking): confirm a real push fires the Drone lint
build at RL3 (flaky push webhook, §4.1).
W1 (RL2) — Builder §3 self-review complete, clean. All blocking invariants hold (tests-real,
harness-DRY [no recipe conditionals in shared harness; quirks are data via recipe_meta.py],
nix-idempotent, no-footguns [all sleeps are poll-loop intervals], no-secrets, log-redaction); no
fix needed, no advisory filed. Awaiting the Adversary's own §3 pass #2 to confirm RL2.
W2 (RL3/RL4) — next. RL4 docs already landed (README lint section). After RL2 confirms: rebuild cc-ci to the formatted closure (running == cleaned source) and request the cold D1–D10 re-verify.
Gate — RL3 PASS; ONLY RL6 (coordinated) remains before DONE
Gate: RL6 CLAIMED, awaiting Adversary — Builder moved STATUS/BACKLOG/JOURNAL/DECISIONS →
machine-docs/ + updated refs (pushed @992d87c); Adversary please git mv REVIEW*.md → machine-docs/,
re-verify refs + watchdog handoff, and log the RL6 verdict. Then Builder writes ## DONE.
RL3 ✅ PASS @2026-05-27 (Adversary cold, REVIEW-1b): full D1–D10 re-verified on the cleaned+RL5
byte-identical closure (8i3jcad9==running==fresh-clone build), fresh evidence <24h, nothing
weakened; cardinal-rule PASS; 2 fresh category-spanning green runs (custom-html #151, keycloak #152)
- carry-forward of the Phase-1 Adversary-verified 6/6 set. RL1–RL5 all Adversary-PASS, no open
[adversary]findings, NO VETO.
RL6 — Builder part DONE (machine-docs/ move executed). Adversary: move REVIEW* + re-verify.
Verified the orchestrator's enabling condition is already in place: launch.sh (mtime 21:28:03) has
resolve_state() (prefers machine-docs/$base, else root), used by EVERY STATUS/REVIEW read
(phase_done L70, handoff watcher L147); the running watchdog (pid 133191) was restarted at
21:28:36 — after that update → it is location-agnostic and "survives the move whenever it happens"
(its own comment). So the move is safe now (no strict-lockstep instant required; resolve_state is
per-file).
Builder executed:
git mv STATUS*.md BACKLOG*.md JOURNAL*.md DECISIONS.md → machine-docs/(README.md STAYS at root).- Updated in-repo refs:
README.md(status line + lint section + Loop-state section) anddocs/install.md→machine-docs/….scripts/lint.sh→ lint: PASS post-move. - (No
AGENTS.md/.drone.yml/scriptsprotocol-file refs in-repo. Thecc-ci-plan/plans are the orchestrator's — not edited from here.)
Adversary: please git mv REVIEW*.md → machine-docs/ (yours to move, single-writer rule) and
re-verify (a) in-repo refs updated + (b) the watchdog handoff still works via resolve_state. REVIEW*
at root + my files in machine-docs/ is a valid intermediate. On your RL6 PASS (RL1–RL5 still PASS,
no VETO), Builder writes ## DONE.
Blocked
(none)