autonomic-bot
3036c60251
Code-only commit. The Phase-2 functional tests + PARITY.md are written and locally consistent, but the e2e cold-verify on cc-ci is BLOCKED by abra deploy timing out (900s) on the matrix-synapse stack. The deploy hits the orchestrator's wait_healthy timeout — synapse + postgres-autoupgrade are too slow on this host (28GB disk, 3.5GB RAM, single node). Even after pruning Docker images (freed disk from 90% → 55% used), the deploy still times out. Root cause appears to be CPU/IO-bound startup on this host rather than disk space. What's landed (code-only): - tests/matrix-synapse/PARITY.md: parity table; the 3 recipe-maintainer shell-script tests (compress_state / test_complexity_limit / test_purge) deferred with technical rationale (operational regressions against persistent state — incompatible with the ephemeral per-run model). Phase-2 health_check added (the corpus has no health_check.py). - tests/matrix-synapse/functional/test_health_check.py: GET /_matrix/client/versions → 200 + JSON. - tests/matrix-synapse/functional/test_federation_version.py: GET /_matrix/federation/v1/version → 200, asserts server.name='Synapse' + non-empty server.version (plan §4.3 prescribed). - tests/matrix-synapse/functional/test_register_and_message.py: plan §4.3 prescribed test — registers two users via the public client API (m.login.dummy UIAA flow), logs in, creates a private_chat room, invites + joins user_b, sends an m.room.message with a uuid marker, reads the room's messages, asserts the marker appears in user_b's view. Non-vacuous full client-API roundtrip. - tests/matrix-synapse/recipe_meta.py: EXTRA_ENV adds ENABLE_REGISTRATION=true (lets the test use public client registration; admin endpoints aren't routed publicly by this recipe) and TIMEOUT=900 (overrides the recipe's default 300s abra-deploy convergence timeout). **Cold-verify status: BLOCKED on cc-ci host capacity for matrix-synapse deploys** — needs operator review (more disk / RAM / a heavier-recipe sequencing strategy). Filed in JOURNAL-2 + PushNotification. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
cc-ci — Co-op Cloud recipe CI server
Comment !testme on a PR in an enrolled Co-op Cloud recipe repo and cc-ci deploys the recipe
at that commit onto a real single-node Docker Swarm, runs install / upgrade / backup-restore tests
(Python + Playwright) end-to-end, and reports a live, tail-able run with pass/fail back to the PR.
This repo declares the entire server as a NixOS flake and holds the test harness, the per-recipe test trees, and the docs to enroll a recipe or rebuild the box from scratch.
Status: under active autonomous construction. See
machine-docs/STATUS.mdfor the live phase andplan.md-driven milestones inmachine-docs/BACKLOG.md. Definition of Done is D1–D10 (see the build plan).
Layout
flake.nix NixOS entry point + devshells (stays at root; build ref #cc-ci)
nix/hosts/cc-ci/ the cc-ci machine config
nix/modules/ drone, comment-bridge, swarm, dashboard, secrets (Nix modules)
secrets/ sops-encrypted infra secrets (cc-ci-secrets submodule)
bridge/ !testme webhook listener source
runner/ run_recipe_ci.py + shared pytest harness
dashboard/ results overview generator
tests/<recipe>/ per-recipe install/upgrade/backup tests + playwright/
docs/ install, enroll-recipe, secrets, architecture, runbook, baseline
All .nix code lives under nix/; flake.nix/flake.lock stay at the repo root so the build
reference (nixos-rebuild switch --flake '…#cc-ci') is unchanged.
Docs
docs/install.md— rebuild the server from scratch (D8)docs/testing.md— test architecture: generic lifecycle suite + layered recipe overlays (override/extend, discovery precedence, custom install-steps hook)docs/enroll-recipe.md— add a recipe under CI (D5)docs/secrets.md— secret model + rotation (D6)docs/architecture.md,docs/runbook.md— design + debugging failed runsdocs/baseline.md— bootstrap snapshot / rollback reference
Linting & formatting
The codebase is kept formatted + lint-clean by a single entrypoint, run from the pinned lint
devshell so local and CI use identical tool versions:
nix develop .#lint --command bash scripts/lint.sh # check-only (what CI runs)
nix develop .#lint --command bash scripts/lint.sh --fix # auto-format + apply fixes
Covers Nix (nixpkgs-fmt · statix · deadnix), Python (ruff lint+format), Shell
(shellcheck · shfmt), and YAML (yamllint). Config lives in ruff.toml / .yamllint.yaml;
tool/strictness choices are in machine-docs/DECISIONS.md. CI enforces it: the lint step in the
.drone.yml push pipeline runs the same command and fails the build on any unclean file, so
keep commits clean (--fix before pushing).
Loop state (autonomous build)
The multi-agent loop state lives under machine-docs/: STATUS.md (phase/blockers),
BACKLOG.md (work + adversary findings), REVIEW.md (independent verification), JOURNAL.md
(build log), DECISIONS.md (architecture choices) — plus the phase-namespaced *-1b.md / *-1c.md
variants. See the build plan for the two-loop Builder/Adversary protocol.