recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
4eae6eb20867cfca55899ffedc1afa8b25ffae9b
cc-ci/machine-docs/STATUS-1b.md

97 lines
6.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# STATUS — Phase 1b (review & lint pass)
## DONE
**Phase 1b COMPLETE @2026-05-27.** All Definition-of-Done items **RL1RL6** are Adversary-PASS within
24h, **no standing VETO, no open `[adversary]` findings** (machine-docs/REVIEW-1b.md final sign-off):
- **RL1** lint/format toolchain (`nix develop .#lint` + `scripts/lint.sh` + `.drone.yml` stage) — cold
PASS with a break-it probe (injected violations → `lint: FAIL`); whole codebase `lint: PASS`.
- **RL2** §3 white-box checklist (both loops) — no blocking findings; advisories triaged to IDEAS.
- **RL3** full cold D1D10 re-verification on the cleaned+RL5 byte-identical closure — every D1D10
fresh PASS, **nothing weakened** (test diff = ruff line-wrapping only), 2 fresh category-spanning
e2e (custom-html #151, keycloak #152) + carried 6/6, D6 leak-clean, D8 fresh-clone rebuild==running.
- **RL4** docs (README lint section + architecture.md `nix/` layout + DECISIONS).
- **RL5** all Nix code under `nix/` (`nix/modules`, `nix/hosts`); flake at root (`#cc-ci` unchanged);
builds **byte-identical `8i3jcad9`**.
- **RL6** protocol files → `machine-docs/` (README stays root); watchdog `resolve_state` survived the
lockstep cutover; refs updated.
Final Builder health check: cc-ci (`cc-nix-test`, 100.90.116.4) `running`/0-failed, toplevel
`8i3jcad9mrr01558lqckpi26nxn2ra3m` == fresh-recursive-clone build (`build == running`, byte-identical),
5 infra stacks up, public `https://ci.commoninternet.net/` → 200. The lint/format + `nix/` + `machine-docs/`
refactor regressed nothing; the codebase is now formatted, lint-clean, and lint-enforced in CI.
Carried advisories (non-blocking, → IDEAS / operator): flaky Gitea→Drone *push* webhook (lint stage is
wired + proven via its exact command, auto-fire needs the operator's gateway/webhook); `old_app` fixture
copy-paste; absent `tests/_template/`; bare-name DECISIONS refs.
**Phase plan (SSOT):** `/srv/cc-ci/cc-ci-plan/plan-phase1b-review-lint.md`
**Loop state for THIS phase:** STATUS-1b / BACKLOG-1b / REVIEW-1b / JOURNAL-1b (DECISIONS.md shared).
The repo's STATUS.md / BACKLOG.md / REVIEW.md are Phase-1 HISTORY; STATUS-1c etc. are Phase-1c
HISTORY (DONE @2026-05-27). Neither is this phase's state.
## Phase
Phase 1b runs **after** Phase 1 + Phase 1c (both DONE) and **before** Phase 2. It is a **bounded**
review + lint pass over the final post-1c codebase. Exit = RL1RL4 all Adversary-confirmed in
REVIEW-1b, then `## DONE`.
## Definition of Done (Phase 1b) — now RL1RL6 (operator added RL5/RL6, plan §7)
- [x] **RL1** — Lint/format tooling + `.drone.yml` stage; codebase passes. **Adversary cold PASS.**
- [x] **RL2** — §3 white-box checklist run (both loops); no blocking findings; 2 advisories triaged
(old_app→IDEAS; app-secret-redaction→RL3/D6 watch-item). Recorded REVIEW-1b + JOURNAL-1b.
- [ ] **RL3** — Full D1D10 cold re-verification (final gate), nothing weakened; now also covers the
RL5 byte-identical rebuild. **CLAIMED — awaiting Adversary.**
- [x] **RL4** — Documented: README lint section (local + CI-enforced) + architecture.md `nix/` layout;
deviations in DECISIONS.md.
- [x] **RL5** — Nix code consolidated under `nix/`; flake at root (#cc-ci unchanged); builds
byte-identical `8i3jcad9`; canonical switched + healthy.
- [ ] **RL6** — protocol files → `machine-docs/`: DEFERRED to the coordinated end (orchestrator
lockstep on launch.sh + watchdog). README stays at root.
## In flight
**W0 (RL1) — DONE, Adversary cold PASS @2026-05-27** (REVIEW-1b: clean checkout → `lint: PASS` +
break-it probe → `lint: FAIL`). Advisory (non-blocking): confirm a real push fires the Drone lint
build at RL3 (flaky push webhook, §4.1).
**W1 (RL2) — Builder §3 self-review complete, clean.** All blocking invariants hold (tests-real,
harness-DRY [no recipe conditionals in shared harness; quirks are data via `recipe_meta.py`],
nix-idempotent, no-footguns [all sleeps are poll-loop intervals], no-secrets, log-redaction); no
fix needed, no advisory filed. **Awaiting the Adversary's own §3 pass #2 to confirm RL2.**
**W2 (RL3/RL4) — next.** RL4 docs already landed (README lint section). After RL2 confirms: rebuild
cc-ci to the formatted closure (running == cleaned source) and request the cold D1D10 re-verify.
## Gate — RL3 PASS; ONLY RL6 (coordinated) remains before DONE
**Gate: RL6 CLAIMED, awaiting Adversary** — Builder moved STATUS/BACKLOG/JOURNAL/DECISIONS →
`machine-docs/` + updated refs (pushed @992d87c); Adversary please `git mv REVIEW*.md → machine-docs/`,
re-verify refs + watchdog handoff, and log the RL6 verdict. Then Builder writes `## DONE`.
**RL3 ✅ PASS @2026-05-27** (Adversary cold, REVIEW-1b): full D1D10 re-verified on the cleaned+RL5
byte-identical closure (`8i3jcad9`==running==fresh-clone build), fresh evidence <24h, **nothing
weakened**; cardinal-rule PASS; 2 fresh category-spanning green runs (custom-html #151, keycloak #152)
+ carry-forward of the Phase-1 Adversary-verified 6/6 set. **RL1RL5 all Adversary-PASS, no open
`[adversary]` findings, NO VETO.**
### RL6 — Builder part DONE (machine-docs/ move executed). Adversary: move REVIEW* + re-verify.
Verified the orchestrator's enabling condition is already in place: `launch.sh` (mtime 21:28:03) has
`resolve_state()` (prefers `machine-docs/$base`, else root), used by EVERY STATUS/REVIEW read
(`phase_done` L70, handoff watcher L147); the **running watchdog (pid 133191) was restarted at
21:28:36 after that update** it is location-agnostic and "survives the move whenever it happens"
(its own comment). So the move is safe now (no strict-lockstep instant required; `resolve_state` is
per-file).
Builder executed:
- `git mv STATUS*.md BACKLOG*.md JOURNAL*.md DECISIONS.md → machine-docs/` (README.md STAYS at root).
- Updated in-repo refs: `README.md` (status line + lint section + Loop-state section) and
`docs/install.md` `machine-docs/…`. `scripts/lint.sh` **lint: PASS** post-move.
- (No `AGENTS.md`/`.drone.yml`/`scripts` protocol-file refs in-repo. The `cc-ci-plan/` plans are the
orchestrator's not edited from here.)
**Adversary:** please `git mv REVIEW*.md → machine-docs/` (yours to move, single-writer rule) and
re-verify (a) in-repo refs updated + (b) the watchdog handoff still works via `resolve_state`. REVIEW*
at root + my files in `machine-docs/` is a valid intermediate. On your RL6 PASS (RL1RL5 still PASS,
no VETO), Builder writes `## DONE`.
## Blocked
(none)
Reference in New Issue View Git Blame Copy Permalink