diff options
| -rw-r--r-- | todo.org | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -39,8 +39,8 @@ Unblocked now that panelkit ships. =classify= gains =rival-manager=/=nm-masked=/ On dotfiles main (=d73eba6=, pushed). The clean, unambiguous verdict of the three, done first to prove the panelkit-in-net rails: =classify= reads =control_plane.nm_state=; on =masked= it returns a fixable =unmask-nm= verdict (=remedy_class="privileged"=) ahead of the generic nm-service rule (=nm-restart= can't start a masked unit). New priv verb =unmask-nm= (=systemctl unmask NetworkManager=), =repair_unmask_nm= (unmask → start → verify), narration entry. The doctor resolves a privileged verdict through =panelkit.resolve()= before running: can't-elevate (GUI, no passwordless, no tty) degrades to the manual guide instead of attempting; existing tiers (no remedy_class) run unchanged. The =net= shim + test add =panelkit/src= to sys.path. Design call shipped (flagged for Craig): CLI =net doctor --fix= is the deliberate act satisfying the Confirm floor, so no CLI prompt added; panelkit contributes the run/prompt/guide degradation on the CLI; the GUI arm-press stays its confirm (panel wiring pending). 765 net tests + 65 suites green, review-code clean. Inbox note sent. **** 2026-07-11 Sat @ 05:16:24 -0500 rival-manager + keyfile-perms verdicts shipped On dotfiles main (=c9f8604=, pushed). Craig approved proceeding with the default precedence. =classify= adds =disable-rival= (rival dhcpcd/networkd/iwd active + a failing link) and =chmod-keyfile= (bad-perms keyfile + a failing link), both =remedy_class="privileged"= through the same panelkit gate. PRECEDENCE settled: both gate on a local-link symptom (never nag next to a working link), sit behind rfkill/service (more fundamental) and ahead of the generic reset (naming the cause beats a blind reconnect); tested (rfkill beats rival, rival beats reset). Priv verbs =disable-rival= (three-unit allowlist), =chmod-keyfile=/=chown-keyfile= (paths validated under system-connections, no traversal). Repairs re-derive their target (=active_rivals= / the active connection). =fake-systemctl= gained a state dir so a disable flips the re-check. 782 net tests + 65 suites green, review-code clean. Two coverage edges deferred to the VM: the keyfile fix's root-owned pass (only reproduces under root), and whether disable-rival needs a follow-on reset to restore the link. All three Phase 1 verdicts now fake-complete; VM live-verification is the remaining piece (see the sub-task). -**** TODO Net Phase 1 live verification — the VM/nspawn scenario -The three fixes are software-state repairs (mask NM, start a rival, chmod a keyfile) too dangerous to test on a daily driver, so they want a disposable VM/container. Reuse maint's Layer-3 pattern (=scripts/testing/run-maint-scenarios.sh= + =maint-scenarios/*.sh= break/fix/assert; the lighter =run-maint-nspawn.sh= container variant). Blockers: (1) no base VM image exists yet (=create-base-vm.sh=, a one-time KVM build — likely Craig's hands); (2) the maint base carries pacman/systemd/btrfs, NOT NetworkManager, so a net scenario needs an NM-carrying base or an nspawn rootfs with NM installed; (3) a net-specific runner (=run-net-scenarios.sh=) mirroring maint's. Net scenario files (break/fix/assert for masked/rival/keyfile) are authorable now with no infra. See the "Manual testing and validation" checklist for the by-hand steps if the harness isn't built. +**** TODO Net Phase 1 live verification — run the scenario harness against a VM +The harness is BUILT (archsetup =a364c1e=): =scripts/testing/net-scenarios/{10-nm-masked,20-rival-manager,30-keyfile-perms}.sh= (break/fix/assert + the expected diagnose verdict) and =run-net-scenarios.sh= (rsyncs net+panelkit into a target over ssh, drives the scenarios). Scenario logic reviewed; the ssh transport plumbing is UNEXERCISED (marked first-draft) and wants a shakeout on the first real run. What remains needs Craig: a booted VM (a real kernel + network stack — NM does NOT run reliably in nspawn, so a container only shows the mask-symlink/keyfile-mode half, not "NM active") with NetworkManager + dhcpcd installed, reachable over ssh as root. Then =run-net-scenarios.sh --target root@HOST --profile <saved-profile>=. The two live questions: disable-rival was already chained to a follow-on reset (=be15a81=), so the run confirms whether the reset fires or NM auto-recovers; and the keyfile root-owned pass (only reproduces under root). The by-hand equivalent is the "Manual testing and validation" → "Net doctor privileged fixes" checklist. *** TODO [#C] Phase 2 — sharpened auth verdict Auth-reason classifier reading profile key-mgmt (=manage.py=) + scanned SECURITY (=nmcli.py=): SAE / hidden / enterprise / generic. SAE and hidden become =fixable= profile-modify (Confirm-tier); the rest stay =needs-user-action= with a cause-named message. Pairwise over (reason × profile-state). The classify logic is agent-buildable with fakes; the live profile-modify fix needs a real WPA3/hidden network to verify, so that part is manual. *** TODO [#C] Phase 3 — flip the net spec to IMPLEMENTED |
