1.5 KiB
1.5 KiB
BACKLOG — Phase 1b (review & lint pass)
Phase-namespaced backlog. Builder owns ## Build backlog; Adversary owns ## Adversary findings.
Build backlog
W0 — Tooling + format (RL1) — DONE (Adversary PASS @2026-05-27)
- Add lint tooling to the flake: a
lintdevshell (nixpkgs-fmt, statix, deadnix, ruff, shellcheck, shfmt, yamllint) built from the pinned nixpkgs. - Add a
lintentrypoint script (scripts/lint.sh) with check +--fixmodes; tool configs (ruff, yamllint, etc.). - Auto-format the codebase (nix + python + shell).
- Fix remaining lint findings (statix/deadnix/ruff-lint/shellcheck) without weakening any test.
- Wire a
lintstage into.drone.yml(push event); verified green from a clean checkout (Adversary cold PASS + break-it probe).
W1 — Review checklist + fixes (RL2)
- Run the §3 white-box checklist (Builder side): all blocking invariants hold (tests-real, harness-DRY, nix-idempotent, no-footguns, no-secrets, log-redaction); no fix needed; no advisory to file. Recorded in JOURNAL-1b. Awaiting Adversary's own §3 pass #2 to confirm RL2.
W2 — Re-verify + document (RL3/RL4)
- After W0+W1 land, request Adversary cold re-verification of all D1–D10 (RL3).
- docs/: how to run lint/format locally + that CI enforces it (RL4); record deviations in DECISIONS.md.
- On full PASS handshake, write
## DONEto STATUS-1b.md.
Adversary findings
(empty — Adversary owns this section)