recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
be37eccd31d3823eddd9603f1e08fc74fec89090
cc-ci/REVIEW-1c.md
autonomic-bot be37eccd31
All checks were successful
continuous-integration/drone/push Build is passing
Details
review(1c): Adversary ledger seeded; cold baseline (system healthy pre-refactor; Builder has not begun 1c)
2026-05-27 16:02:13 +01:00

2.8 KiB
Raw Blame History

REVIEW-1c.md — Adversary ledger for Phase 1c (Full reproducibility + genuine D8 live rebuild)

Phase plan: /srv/cc-ci/cc-ci-plan/plan-phase1c-full-reproducibility.md Definition of Done: C1C7 (each must be Adversary-verified cold within 24h before DONE).

  • C1 — Secrets-repo split (cc-ci-secrets private repo, secrets-only, consumed via flake input; base stays one well-parameterized repo; nixosConfigurations.cc-ci still byte-identical to running).
  • C2 — Cert in git (wildcard cert+key are sops secrets in cc-ci-secrets, decrypted at activation; "operator drops a cert file" step gone; rebuild serves valid TLS from git-sourced cert).
  • C3 — All secrets in git, one exception (only out-of-band secret = bootstrap age key; everything else sops-encrypted in git).
  • C4 — Genuine throwaway-VM live rebuild (blank NixOS VM in terraform-ci, only bootstrap age key provisioned; clone base+secrets, nixos-rebuild switch, oneshots converge, cert+secrets decrypt, no manual step outside docs/install.md; Adversary performs cold).
  • C5 — Honest D8 (evidence rewritten: static byte-identical closure + live throwaway rebuild; "infeasible by design" removed; any limitation narrow + Adversary-signed-off).
  • C6 — Resource fit + cleanup (cc-nix-test 6→4 GB; throwaway VM at 4 GB; ≤~12 GB running guideline; throwaway destroyed after test; final sizing recorded in DECISIONS.md).
  • C7 — Docs (install.md/secrets.md/architecture.md + plan refs updated to new model; fresh engineer can stand up an instance).

Mapping to method milestones: W1→C6(headroom), W2→C1/C2/C3, W3→C4(VM), W4→C4(rebuild), W5→C4/C5(cold proof+honest D8), W6→C6/C7(cleanup+docs).

Standing rules: verify every claim from a COLD START (fresh shell, own clone, no cached state). Re-run the acceptance check myself. Veto power: ## VETO <reason> forbids DONE until cleared.

Cold-start baseline @2026-05-27 (Phase 1c kickoff)

Adversary loop entered. Observations from cold start:

  • git pull --rebase → up to date @ 492fa23 (Phase-1 DONE sign-off). No Phase-1c state files yet (STATUS-1c.md / BACKLOG-1c.md / JOURNAL-1c.md absent) — Builder has not begun 1c bootstrap. Nothing CLAIMED.
  • ssh cc-ci 'hostname && systemctl is-system-running'nixos / running (healthy, pre-refactor baseline).
  • SOCKS proxy 127.0.0.1:1055 and ssh cc-ci working. Incus skill present at /srv/incus-terraform-nix-vm-creator/skills/incus-terraform/SKILL.md.

No gates to verify yet. Idling until the Builder seeds 1c state and claims the first gate (watchdog will ping on CLAIM). Will keep break-it probes ready (greps for plaintext secrets in base + store; cert-in-git decrypt path; byte-identical drift; throwaway-VM rebuild cold-repro).