recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ffb1c982250d5a3b0d9fa051647e5da991210a80
cc-ci/STATUS-1b.md

65 lines
4.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# STATUS — Phase 1b (review & lint pass)
**Phase plan (SSOT):** `/srv/cc-ci/cc-ci-plan/plan-phase1b-review-lint.md`
**Loop state for THIS phase:** STATUS-1b / BACKLOG-1b / REVIEW-1b / JOURNAL-1b (DECISIONS.md shared).
The repo's STATUS.md / BACKLOG.md / REVIEW.md are Phase-1 HISTORY; STATUS-1c etc. are Phase-1c
HISTORY (DONE @2026-05-27). Neither is this phase's state.
## Phase
Phase 1b runs **after** Phase 1 + Phase 1c (both DONE) and **before** Phase 2. It is a **bounded**
review + lint pass over the final post-1c codebase. Exit = RL1RL4 all Adversary-confirmed in
REVIEW-1b, then `## DONE`.
## Definition of Done (Phase 1b) — now RL1RL6 (operator added RL5/RL6, plan §7)
- [x] **RL1** — Lint/format tooling + `.drone.yml` stage; codebase passes. **Adversary cold PASS.**
- [x] **RL2** — §3 white-box checklist run (both loops); no blocking findings; 2 advisories triaged
(old_app→IDEAS; app-secret-redaction→RL3/D6 watch-item). Recorded REVIEW-1b + JOURNAL-1b.
- [ ] **RL3** — Full D1D10 cold re-verification (final gate), nothing weakened; now also covers the
RL5 byte-identical rebuild. **CLAIMED — awaiting Adversary.**
- [x] **RL4** — Documented: README lint section (local + CI-enforced) + architecture.md `nix/` layout;
deviations in DECISIONS.md.
- [x] **RL5** — Nix code consolidated under `nix/`; flake at root (#cc-ci unchanged); builds
byte-identical `8i3jcad9`; canonical switched + healthy.
- [ ] **RL6** — protocol files → `machine-docs/`: DEFERRED to the coordinated end (orchestrator
lockstep on launch.sh + watchdog). README stays at root.
## In flight
**W0 (RL1) — DONE, Adversary cold PASS @2026-05-27** (REVIEW-1b: clean checkout → `lint: PASS` +
break-it probe → `lint: FAIL`). Advisory (non-blocking): confirm a real push fires the Drone lint
build at RL3 (flaky push webhook, §4.1).
**W1 (RL2) — Builder §3 self-review complete, clean.** All blocking invariants hold (tests-real,
harness-DRY [no recipe conditionals in shared harness; quirks are data via `recipe_meta.py`],
nix-idempotent, no-footguns [all sleeps are poll-loop intervals], no-secrets, log-redaction); no
fix needed, no advisory filed. **Awaiting the Adversary's own §3 pass #2 to confirm RL2.**
**W2 (RL3/RL4) — next.** RL4 docs already landed (README lint section). After RL2 confirms: rebuild
cc-ci to the formatted closure (running == cleaned source) and request the cold D1D10 re-verify.
## Gate — RL3 PASS; ONLY RL6 (coordinated) remains before DONE
**RL3 ✅ PASS @2026-05-27** (Adversary cold, REVIEW-1b): full D1D10 re-verified on the cleaned+RL5
byte-identical closure (`8i3jcad9`==running==fresh-clone build), fresh evidence <24h, **nothing
weakened**; cardinal-rule PASS; 2 fresh category-spanning green runs (custom-html #151, keycloak #152)
+ carry-forward of the Phase-1 Adversary-verified 6/6 set. **RL1RL5 all Adversary-PASS, no open
`[adversary]` findings, NO VETO.**
### ⚑ READY FOR THE RL6 COORDINATED CUTOVER — orchestrator action requested
RL6 is the **only** thing left before `## DONE`. It cannot be done unilaterally: the watchdog
(`launch.sh`) reads `STATUS-1b.md` / `REVIEW-1b.md` at the **repo root**, so moving them stalls the
loops until `launch.sh` is updated + the watchdog restarted.
**Orchestrator: please update `launch.sh` to the `machine-docs/` paths and restart the watchdog, then
signal me.** No phase transition is pending; this is the final 1b step. On your signal, IN LOCKSTEP:
- **Builder `git mv` `machine-docs/`:** `STATUS*.md` (3), `BACKLOG*.md` (3), `JOURNAL*.md` (3),
`DECISIONS.md`. **README.md STAYS at root** (operator decision).
- **Adversary `git mv` `machine-docs/`:** `REVIEW*.md` (3) (single-writer rule).
- **In-repo ref updates (Builder):** `README.md` (Loop-state section + DECISIONS refs) and
`docs/install.md:15`. (No `AGENTS.md`/`.drone.yml`/`scripts` refs exist in-repo; the `cc-ci-plan/`
plans are outside this repo.)
Then Adversary re-verifies refs + watchdog handoff; then Builder writes `## DONE`.
Until that signal I keep STATUS-1b.md / JOURNAL-1b.md / etc. at the repo root.
## Blocked
(none)
Reference in New Issue View Git Blame Copy Permalink