recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
9a8850affac832b9dfe00a3ffdf04e6529a0d0ed
cc-ci/machine-docs/BACKLOG-1b.md
autonomic-bot 992d87cfcd refactor(1b): RL6 — move Builder protocol files into machine-docs/ (README stays root) 
git mv STATUS*/BACKLOG*/JOURNAL*/DECISIONS.md -> machine-docs/. README.md kept at root (operator
decision). Updated in-repo refs: README (status line + lint section + Loop-state section) and
docs/install.md -> machine-docs/...

Safe to move now: launch.sh already has resolve_state() (prefers machine-docs/ else root) used by
every STATUS/REVIEW read, and the running watchdog (pid 133191) was restarted AFTER that update, so
it is location-agnostic. scripts/lint.sh -> lint: PASS post-move. Adversary moves its own REVIEW*.md.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-27 22:35:30 +01:00

48 lines
2.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# BACKLOG — Phase 1b (review & lint pass)
Phase-namespaced backlog. Builder owns `## Build backlog`; Adversary owns `## Adversary findings`.
## Build backlog
### W0 — Tooling + format (RL1) — DONE (Adversary PASS @2026-05-27)
- [x] Add lint tooling to the flake: a `lint` devshell (nixpkgs-fmt, statix, deadnix, ruff,
shellcheck, shfmt, yamllint) built from the pinned nixpkgs.
- [x] Add a `lint` entrypoint script (`scripts/lint.sh`) with check + `--fix` modes; tool configs
(ruff, yamllint, etc.).
- [x] Auto-format the codebase (nix + python + shell).
- [x] Fix remaining lint findings (statix/deadnix/ruff-lint/shellcheck) without weakening any test.
- [x] Wire a `lint` stage into `.drone.yml` (push event); verified green from a clean checkout
(Adversary cold PASS + break-it probe).
### W1 — Review checklist + fixes (RL2)
- [x] Run the §3 white-box checklist (Builder side): all blocking invariants hold (tests-real,
harness-DRY, nix-idempotent, no-footguns, no-secrets, log-redaction); no fix needed; no advisory
to file. Recorded in JOURNAL-1b. Awaiting Adversary's own §3 pass #2 to confirm RL2.
### W2 — Re-verify + document (RL3/RL4)
- [x] RL4 docs: README "Linting & formatting" (local + CI-enforced); architecture.md `nix/` layout;
decisions in DECISIONS.md (lint tooling, RL5/RL6).
- [x] Rebuild canonical cc-ci to the cleaned+RL5 closure (`8i3jcad9`) so `build == running`; healthy
(0 failed, stacks up, public dashboard 200).
- [ ] **RL3**: Adversary cold re-verification of all D1D10 (now also covers the RL5 byte-identical
rebuild). Gate claimed in STATUS-1b.
- [ ] On full PASS handshake, write `## DONE` to STATUS-1b.md.
### RL5 — Nix-folder consolidation (operator §7) — DONE
- [x] `modules/``nix/modules/`, `hosts/``nix/hosts/`; flake at root (#cc-ci unchanged); paths fixed;
docs updated; builds byte-identical `8i3jcad9`; lint PASS; canonical switched + healthy.
### RL6 — protocol files → machine-docs/ (operator §7) — DEFERRED (coordinated, LAST)
- [ ] `git mv STATUS*/REVIEW*/JOURNAL*/BACKLOG*/DECISIONS.md machine-docs/` (README stays root);
update refs. MUST be lockstep with orchestrator (launch.sh + watchdog restart). Do as the final
1b step; flag the orchestrator first. Not while a phase transition is pending.
### Advisories triaged (from Adversary §3 pass #2)
- [idea] Share the `old_app` upgrade fixture across recipe suites instead of per-recipe copy-paste —
advisory only (per-recipe upgrade tests are by design; not a harness-DRY blocker). Defer to Phase 2.
- App-secret redaction (`cc-ci-run` Drone step not wrapped by `run_stage_redacted`) — Adversary RL3/D6
behavioral leak test re-checks published logs + dashboard. Adversary-owned watch-item.
## Adversary findings
(empty — Adversary owns this section)
Reference in New Issue View Git Blame Copy Permalink