cc-ci/machine-docs/STATUS-porepo.md

STATUS — phase porepo (Builder)

Phase plan: /srv/cc-ci/cc-ci-plan/plan-phase-porepo-project-orchestrator.md Deliverable repo: recipe-maintainers/project-orchestrator on git.autonomic.zone Consumes harness: recipe-maintainers/agent-orchestrator @ tag v0.1.0 (commit 289ef07) as engine/ submodule

---

DONE

All 5 Definition-of-Done items are Adversary-verified with a fresh PASS (@2026-06-13T19:19Z) on deliverable commit 346ed31acbc0d98eeb2881a1b62998ac9544c002. No findings, no VETO — the Adversary cold-cloned recipe-maintainers/project-orchestrator recursively to /tmp (anonymous), confirmed the engine/ submodule pinned at 289ef07 (v0.1.0), and re-ran every acceptance check inside nix develop (Python 3.11.11). Full cold-verification evidence is in REVIEW-porepo.md.

The recipe-maintainers/project-orchestrator repo now exists on git.autonomic.zone: the PO is itself a project using the agent-orchestrator harness (vendored as the engine/ submodule @ v0.1.0), with one persistent fleet-management agent (agents.toml + prompts/), the sole fleet registry (fleet.toml + docs/fleet-registry.md), the create/start/stop/update/list-status capability (scripts/ + docs/manage-projects.md), a Nix devShell (flake.nix/.lock), and the bootstrap doc (docs/bootstrap.md). Knowledge is one-directional: a scaffolded project carries no PO/fleet metadata.

WHERE (verification inputs)

• Deliverable repo (public): https://git.autonomic.zone/recipe-maintainers/project-orchestrator.git
• main HEAD → 346ed31acbc0d98eeb2881a1b62998ac9544c002 (single feat commit)
• engine/ submodule pin → 289ef07df40a8264f3a36b4e91b923d1424c4658 = tag v0.1.0 of recipe-maintainers/agent-orchestrator (also public; anon recursive clone needs no creds)
• .gitmodules URL is the public https://git.autonomic.zone/recipe-maintainers/agent-orchestrator.git (no embedded creds) — so git clone --recurse-submodules works anonymously.
• File map: agents.toml (PO harness config), prompts/{orchestrator,supervise}.md, fleet.toml (registry), docs/{fleet-registry,manage-projects,bootstrap}.md, scripts/{fleet.py, create-project.sh,start-project.sh,stop-project.sh,update-project.sh,_resolve.sh}, flake.nix+flake.lock, README.md, .gitignore.

HOW to cold-verify (fresh /tmp clone, anonymous, exactly as the plan specifies)

cd /tmp && rm -rf porepo-cold
git clone --recurse-submodules https://git.autonomic.zone/recipe-maintainers/project-orchestrator.git porepo-cold
cd porepo-cold
git rev-parse HEAD                          # → 346ed31...
git submodule status                        # → 289ef07... engine (v0.1.0)

# DoD-2: the PO's own config drives the harness
nix develop -c python3 engine/agents.py status

# DoD-3: fleet registry schema + sample entry parse
nix develop -c python3 scripts/fleet.py validate
nix develop -c python3 scripts/fleet.py status

# DoD-5: Nix devShell + tomllib + bootstrap doc
nix develop -c python3 -c 'import tomllib'
test -f docs/bootstrap.md && echo "bootstrap doc present"

# DoD-4: create-a-project flow demonstrated → valid standalone project, no PO/fleet metadata
nix develop -c bash scripts/create-project.sh scratch-verify --dir /tmp/po-scratch --ref v0.1.0
nix develop -c bash -c 'cd /tmp/po-scratch/scratch-verify && python3 engine/agents.py status'
( cd /tmp/po-scratch/scratch-verify && git submodule status )      # engine pinned @ v0.1.0
( cd /tmp/po-scratch/scratch-verify \
    && grep -ril -e 'fleet' -e 'project-orchestrator' -e 'project orchestrator' . \
         --exclude-dir=engine --exclude-dir=.git \
    && echo "BAD: PO/fleet metadata found" || echo "clean: no PO/fleet metadata" )
# cleanup (throwaway; never registered, never touched live cc-ci):
rm -rf /tmp/po-scratch /tmp/porepo-cold

EXPECTED outcomes (from my cold anon run @2026-06-13T19:20Z on 346ed31, /tmp clone, nix develop)

• Clone: git rev-parse HEAD = 346ed31...; git submodule status = 289ef07df40a8264f3a36b4e91b923d1424c4658 engine (v0.1.0); engine/agents.py present (proves the recursive submodule fetch worked anonymously). devShell banner: Python 3.11.11, tmux 3.5a, git version 2.47.2.
• DoD-1 (repo+submodule+main): repo exists & public; main pushed at 346ed31; engine/ pinned at v0.1.0 (289ef07).
• DoD-2 (status): engine/agents.py status prints a table listing the project-orchestrator persistent agent (backend claude, model claude-opus-4-8, watch heal, STATE stopped) and the watchdog service — no error, rc=0.
• DoD-3 (fleet.toml): fleet.py validate → fleet: OK — 1 project(s), schema v1, rc=0; fleet.py status lists the sample example-recipe-ci entry (enabled, agent-orchestrator@v0.1.0)
  • total=1 enabled=1 disabled=0. Schema documented in docs/fleet-registry.md.
• DoD-4 (create flow): create-project.sh scaffolds /tmp/po-scratch/scratch-verify with an engine/ submodule pinned at 289ef07 (v0.1.0) and an init-scaffolded agents.toml; engine/agents.py status in it prints its agent table (rc=0); tracked files are exactly .gitignore .gitmodules agents.toml (no PO/fleet files); the grep prints clean: no PO/fleet metadata. Flow documented in docs/manage-projects.md.
• DoD-5 (Nix+bootstrap): python3 -c 'import tomllib' prints nothing & rc=0 inside the devShell; docs/bootstrap.md present.

(Reasoning / design rationale is in JOURNAL-porepo.md, not here, to preserve anti-anchoring.)

Gate status

DoD item	Status	Verified
D1 repo exists + main pushed + engine/ submodule pinned @ v0.1.0	PASS	2026-06-13T19:19Z
D2 clean recursive /tmp clone: nix develop -c python3 engine/agents.py status works	PASS	2026-06-13T19:19Z
D3 fleet.toml schema present + documented; sample entry parses	PASS	2026-06-13T19:19Z
D4 create-a-project flow documented AND demonstrated (scratch valid, no PO/fleet metadata, status works)	PASS	2026-06-13T19:19Z
D5 Nix works (nix develop -c python3 -c 'import tomllib'); bootstrap doc present	PASS	2026-06-13T19:19Z