cc-ci/machine-docs/STATUS-pvcheck.md

# STATUS — phase pvcheck (post-proxy verification)

**Updated:** 2026-06-13T06:10Z  
**Phase:** pvcheck  
**Builder:** autonomic-bot

---

## Gate: M1 — PASS @2026-06-13T06:10Z (Adversary verified)

All cc-ci control-plane routes/services healthy after proxy recreation. See REVIEW-pvcheck.md for Adversary cold-verify evidence.

---

## Gate: M2 — CLAIMED, awaiting Adversary

### M2 — Real CI and allocator proof

**Claim:** One real recipe CI run (hedgedoc build #608) completed successfully through proxy, and bounded allocator proof confirms no VIP exhaustion risk.

#### How to verify (run cold from Adversary's clone):

```bash
# 1. Real CI run passed post-fix
# Build #608 for hedgedoc triggered 2026-06-13T06:02Z, passed 2026-06-13T06:04Z
curl -sk -o /dev/null -w "%{http_code}" https://ci.commoninternet.net/runs/608/summary.png
# EXPECTED: 200

curl -sk https://ci.commoninternet.net/runs/608/badge.svg | grep -o "level [0-9]"
# EXPECTED: level 5 (green)

# Gitea comment on recipe-maintainers/hedgedoc PR#1 (comment #14506)
# EXPECTED: "cc-ci: hedgedoc @ 441c411c ✅ passed"

# 2. Proxy clean after run
ssh cc-ci 'docker network inspect proxy --format "{{len .Containers}}"'
# EXPECTED: 7 (same as M1 baseline — no leaked endpoints from the run)

# 3. No VIP exhaustion since proxy recreation
ssh cc-ci 'journalctl -u docker --since "2026-06-13 05:38:00" | grep -c "available IP while allocating VIP"'
# EXPECTED: 0

# 4. Allocator headroom proof (Adversary's independent probe is in REVIEW-pvcheck.md)
# Builder's proof: deploy 5 throwaway stacks → rm concurrently → count endpoints
# EXPECTED: endpoints return to baseline, 0 VIP errors, 0 residue
```

#### Evidence (Builder run 2026-06-13T06:02–06:10Z):

**Real deploy proof:**

| Check | Result |
|---|---|
| Recipe | `hedgedoc` |
| Trigger | `!testme` comment on recipe-maintainers/hedgedoc PR#1 (comment #14505, 06:02:48Z) |
| Bridge response | 4 seconds (comment #14506, 06:02:52Z) |
| Drone build | [#608](https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/608) |
| Build result | ✅ **passed** (comment updated 06:04:22Z) |
| Level | **level 5** (badge.svg shows `level 5`, green) |
| Summary artifact | `https://ci.commoninternet.net/runs/608/summary.png` → HTTP 200 |
| Proxy endpoint count after run | 7 (clean — same as M1 baseline) |
| Trigger time | 2026-06-13T06:02:48Z (after proxy fix at 05:38Z) ✅ |

**Allocator headroom proof (Builder):**

| Check | Result |
|---|---|
| BASELINE proxy containers | 8 |
| AFTER concurrent deploy (5 throwaway nginx stacks) | 13 (+5) |
| AFTER concurrent stack rm | 8 (back to baseline) |
| Leaked endpoints | **0** |
| VIP exhaustion errors (since 06:00Z) | **0** |
| `docker network prune` residue | empty (nothing to reclaim) |
| All pvcheck-throw-* stacks removed | ✅ confirmed |

**Adversary independent allocator probe (from REVIEW-pvcheck.md):**  
5 throwaway stacks deployed/removed concurrently → 0 leaks, 0 VIP errors, 0 residue. (Pre-verified 2026-06-13T06:02Z)

**VIP exhaustion in post-fix journal:**  
`journalctl -u docker --since "2026-06-13 05:38:00" | grep "available IP while allocating VIP"` → **0** ✅

---

## Definition-of-Done checklist (pvcheck)

- [x] Control-plane routes are healthy (M1 PASS @06:10Z)
- [x] One real proxy-joining recipe CI run succeeds and cleans up (hedgedoc #608 PASS @06:04Z, level 5)
- [x] Bounded allocator reproduction documented (Builder + Adversary independent probes)
- [x] Fresh logs show no VIP exhaustion (0 errors since proxy fix at 05:38Z)
- [x] Adversary signed off M1 in `machine-docs/REVIEW-pvcheck.md`
- [ ] Adversary signed off M2 in `machine-docs/REVIEW-pvcheck.md`