aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* docs(todo): close the four waybar quick-win tasksCraig Jennings32 hours1-4/+16
|
* docs(todo): file waybar right-cluster module order from roam inboxCraig Jennings32 hours1-0/+3
|
* docs: fold the fourth spec review into the network module specCraig Jennings48 hours2-4/+271
| | | | Dispositioned all nine fourth-review findings (8 accept, 1 modify) and wove them into a new "V2 panel UX" section: a single nav target, Saved/Available-now/Wired connection groups, join-from-row instead of an Add page, the supported-auth join matrix, progressive loading, future-tense verified Forget, a findable redacted diagnostics report, and the Waybar visual contract. The modify kept the full speed test under Performance per the prior decision while accepting an inline latency probe stored in the doctor report. Findings cookie now reads complete.
* docs: bring network module spec current + add diagnostic verbose-captureCraig Jennings2 days2-44/+233
| | | | | | The spec had drifted behind the code and the redesign. Marked Phases 1-3 shipped, recorded the native captive-login engine and the live-testing portal UX fixes, and folded in the V2 redesign: no terminals, the passwordless sudo-helper, verify-every-action, the Connections/Diagnostics/Performance nav, and the full failure-mode catalog moving to the task. Added the automatic diagnostic verbose-capture feature. On a failing diagnose it elevates the underlying stack (NetworkManager, resolved, wpa_supplicant) to debug, captures the journal and dmesg window, restores with a guaranteed crash-guarded path, and writes a redacted bundle. A manual Debug on/off toggle covers intermittent failures. The redesign task gains a child for it.
* docs(todo): file network panel redesign + full failure-mode catalogCraig Jennings2 days1-3/+111
|
* docs(todo): record captive-portal live-test fixes and DoT-sudo follow-upCraig Jennings2 days1-1/+10
|
* docs(todo): file waybar alarm-tooltip bug from roam inboxCraig Jennings2 days1-0/+3
|
* chore: archive completed tasks and age resolved history to a fileCraig Jennings2 days2-598/+574
| | | | | Completed work moves from Open Work into Resolved; Resolved entries past the retention window age out to archive/task-archive.org to keep todo.org lean.
* docs(todo): record the captive-portal-login engine core landingCraig Jennings2 days1-0/+3
| | | | The portal-login repair tier shipped in dotfiles (a7d7559); net doctor / net portal run the real plain-DNS flow now. Note the three remaining items: name the DoT cause in diagnose, a dedicated panel button, and live validation.
* docs: capture captive-portal login learnings + close the ZFS taskCraig Jennings2 days2-2/+97
| | | | File the captive-portal-login design doc from the 2026-06-30 Hyatt saga — the actual mechanism (system DoT + browser DoH both bypass the hotel's redirecting DNS; plain DNS is what works), the working hotel-wifi script, and the plan to make it a first-class net-panel action — plus a [#B] feature task to bake it in. Also close the ZFS pre-pacman snapshot task: the installer step shipped and the ZFS VM install passed 97/0 with the new hook assertion.
* feat: install pre-pacman ZFS snapshot hook on ZFS-root systemsCraig Jennings2 days7-7/+250
| | | | | | archsetup took sanoid from install-archzfs but never ported the pre-pacman snapshot hook, so a ZFS-root install had no transaction-triggered rollback point — the working setup only existed as a hand-placed script on velox, lost on reinstall. Add configure_pre_pacman_snapshots(): a PreTransaction pacman hook plus a self-pruning script that keeps the 10 most recent pre-pacman snapshots (sanoid ignores them — they aren't autosnap_ names). It's gated to ZFS-root and runs late in boot_ux, so the hook doesn't fire during the install's own package operations and the first snapshot is the fresh system. The script ships as scripts/zfs-pre-snapshot, made ZFS_PRE_* env-overridable so the pruning logic is unit-testable. Unit tests drive it against a fake zfs (creates a snapshot, prunes the oldest past KEEP, ignores non-pre-pacman snapshots, honors the lockfile interval, warns on failure); a Testinfra test asserts the hook and script land on a ZFS install; the orchestrator test pins the new boot_ux substep.
* docs: file five waybar/hyprland tasks from capturesCraig Jennings3 days1-0/+15
| | | | Pulled the archsetup-owned captures and filed the five that aren't done yet: extend the red=off convention (just added to the pointer indicator) to the volume / mic / caffeine toggles, a mic-mute keybind, the file-manager swallow pattern, keybind hints in every module's tooltip, and smooth waybar expansion. Two related captures — sysmon and timer real estate — were done live tonight, so they're dropped rather than filed.
* docs: file ZFS pre-pacman snapshot installer step from home handoffCraig Jennings3 days2-0/+92
| | | | The pre-pacman snapshot script accumulated 53 unpruned snapshots on velox since April — nothing prunes them, and Sanoid ignores the non-autosnap_ names. The fix is a self-pruning script (KEEP=10), but the home handoff confirmed the live script isn't archsetup-authored (it's hand-placed on velox), so incorporating it is a net-new ZFS-root installer step rather than a patch to an existing one. Filed as a [#B] feature with the design notes and the script preserved in docs/design, since it still needs the trigger hook file and a ZFS-root VM test before it can land.
* docs: mark network module Phase 3 shipped + refresh manual-test checksCraig Jennings3 days1-17/+40
| | | | | | Record Phase 3 (diagnostics + speed test in the panel) as the dated event-log entry on its task: net speedtest plus the four-section panel. Refresh the manual-test checklist to the final settled bar-click scheme (left = panel, middle = portal, right = net-fix) and add the Phase 3 tab checks, including the speed-test run that confirms the byte-rate unit assumption. The waybar network module is complete through Phase 3; Phase 4 (help/docs) and Phase 5 (VPN) remain as future work.
* feat: install speedtest-go for the net panel speed testCraig Jennings3 days1-0/+1
| | | | The net panel's Speed test section shells out to speedtest-go, so archsetup's Hyprland step adds speedtest-go-bin to the AUR installs alongside the GTK panel deps.
* feat: install the net panel GTK deps; mark waybar module Phase 2 shippedCraig Jennings3 days2-10/+26
| | | | | | The custom/net connection panel (Phase 2, in the dotfiles repo) needs GTK4 layer-shell, so archsetup's Hyprland step now installs gtk4-layer-shell and python-gobject alongside waybar. NetworkManager, curl, rfkill, and resolvectl — the engine's other needs — are already installed. speedtest-go stays deferred to Phase 3. Record Phase 2 as the dated event-log entry on its task: the engine connection commands, the GTK-free panel model, the GTK layer-shell panel, and the bar interactions settled over live iteration (left = panel, middle = portal, right = notify-or-fix).
* docs: update network module manual-test for the reworked clicksCraig Jennings3 days1-7/+15
| | | | After live use, the Phase-1 clicks changed: airplane moved off a misclickable right-click to Super+Shift+A; left-click notifies the doctor result instead of popping a terminal (diagnose is read-only); right-click forces the captive portal; middle opens nmtui. Update the manual-test checklist to match.
* docs: mark waybar network module Phase 1 shippedCraig Jennings3 days2-21/+54
| | | | | | Phase 1 landed in the dotfiles repo (engine, indicator, cache, diagnose/repair/doctor, portal, event log, recovery make targets, airplane absorption). Record it as the dated event-log entry on the Phase 1 task and raise the spec status to "Phase 1 shipped". One as-built deviation, noted in the spec (decision 12) and the manual-testing checklist: airplane absorption is display-only. The airplane-mode toggle is a low-power mode — radios plus CPU, brightness, and services — not a network concern, so it stays; net shows the state and the toggle moved to custom/net's right-click. Only the redundant display pieces (waybar-airplane, custom/airplane, waybar-netspeed) were removed.
* docs(todo): break the waybar network module into implementation phasesCraig Jennings3 days1-30/+97
| | | | | | The network spec is Ready, so I decomposed it into one parent task with Phase 1-5 children (indicator + console recovery, panel + connection management, diagnostics + speed test, docs + rollout, VPN vNext), each naming its deliverable, tests, and verification. I consolidated the two source tasks into that parent: the wifi-no-internet task is cancelled (folded in, now Phase 1 + Phase 3), and the network-manager task became the parent. I seeded the Phase 1 live checks under Manual testing and validation, since the live network and visual states need real conditions.
* docs: finalize waybar network module spec (reviews incorporated)Craig Jennings3 days2-136/+1433
| | | | | | | | Incorporated the review feedback and my inline comments into the network-module spec. It's now implementation-ready, every finding resolved. The reviews reshaped the design in a few ways. Secrets stay in NetworkManager's own store instead of a separate GPG file, dropping that dependency. A net doctor mode plus Makefile targets make recovery work from a bare TTY when the GUI is down. The doctor classifies failures and stops at the right terminal state (needs-user-action, upstream-not-local, deferred-vpn) instead of looping destructive repairs. The module absorbs the airplane indicator, and enterprise WiFi add/edit is vNext (activate-only in v1, since the saved history has no enterprise networks). Added a failure-mode coverage table, exact user-facing strings, the test harness and coverage gate, and the panel UX flow. Also corrected the spec's test framework from pytest to unittest, which is what the repo uses.
* docs: add unified waybar network module design specCraig Jennings3 days2-0/+302
| | | | | | The wifi-no-internet indicator, the nmcli network-manager dropdown, and the captive-portal diagnostics are one feature, so the spec designs them as a single custom/net module instead of three. It splits into three layers: a tested Python net engine wrapping nmcli plus the diagnostics, a thin bar indicator, and a GTK4 layer-shell panel. The captive script becomes the diagnostics engine. It records the locked decisions (panel toolkit, split probe cadence, GPG store supplements NetworkManager, librespeed for speed test) and a four-phase plan, indicator first. I linked it from both todo tasks.
* docs: add waybar timer-module spec and close its taskCraig Jennings4 days2-1/+234
|
* docs(todo): record mod+J/K focus-navigation work as doneCraig Jennings4 days1-0/+7
|
* docs(todo): close focus-follows-mouse bug fixed in dotfilesCraig Jennings4 days1-1/+4
|
* docs: close sysmon-cycle task, reorganize open-work listCraig Jennings4 days1-239/+246
| | | | Closed the sysmon right-click-cycle task: the feature shipped in the dotfiles repo (f7b6896), with the live waybar check filed under manual testing. Reorganized the open-work section: renamed the scrolling task to Scrolling/Carousel, cancelled the foot-to-ghostty migration, and regrouped the lower-priority items.
* chore: reconcile task facts, consolidate CI + security clustersCraig Jennings4 days1-123/+119
| | | | I audited the open-work tasks for factual accuracy. Reconciled stale facts against the code and git state: dropped the "hardcoded repo URLs" item (the dotfiles repo is config-driven now), corrected the commit count to 589, and noted that the 2026-06-28 btrfs/zfs runs reproduce the same residual install warnings. Cancelled the calendar-URL rotation (Craig's call, exposure window recorded) and refiled the dotfiles-audit task to the standalone dotfiles repo. Closed the README as code-complete with the final read filed under manual testing. Grouped 14 scattered CI/test tasks under a "Test + CI infrastructure" parent and 5 security tasks under "Security hardening + audit", each child keeping its prior priority. Fixed two terminology drifts (container to VM, DWM to Hyprland).
* chore: close btrfs-base bug, re-grade CI cluster in task reviewCraig Jennings4 days1-9/+20
| | | | I reviewed the oldest-unreviewed tasks. The btrfs-base VM-unbuildable bug is fixed: archangel's new ISO conditions the AUR list on the filesystem, so the btrfs base rebuilt green (97/0). I re-graded the three CI-automation tasks (scheduled runs, manual trigger, results dashboard) from B to C. They're someday infra with no runner, not this cycle. I tagged the sysmon right-click cycle and the set-wallpaper symlink fix :solo:, since both have a build and test path with no design call left.
* docs: record live-update guard verification on veloxCraig Jennings4 days2-27/+25
| | | | I verified hypr-live-update-guard end-to-end on velox with Hyprland live. Every branch of the script held: block while running, allow when stopped, env override, sentinel. A real pacman firing confirmed the wiring: a same-version mesa reinstall triggered the PreTransaction hook, the guard aborted, and AbortOnFail stopped the transaction with nothing swapped. velox predated the feature, so I placed the guard and its hook by hand. They now ship there permanently.
* docs(todo): close guard + NVRAM-harness tasks, file follow-upsCraig Jennings5 days1-56/+51
| | | | | | | Live-update guard and the per-profile-NVRAM harness fix close to Resolved. Filed the archangel btrfs baked-AUR bug (blocks btrfs base on the old ISO, fixed by the 2026-06-27 ISO) and the guard's live firing test under Manual testing and validation.
* docs: codify VM-test and refactoring insights from the install-refactor sessionCraig Jennings5 days1-0/+4
|
* test(vm): assert the live-update guard + hook are installedCraig Jennings5 days1-0/+13
|
* docs(todo): close live-update guard, file the live firing testCraig Jennings5 days1-2/+30
|
* feat(hyprland): guard against live GPU/compositor library upgradesCraig Jennings5 days3-0/+207
| | | | | | | | | | | | | | | | | | | | | | A pacman -Syu that swaps mesa/hyprland/wayland runtime libs out from under a running Hyprland session crashes the compositor: the next GPU-lib call hits a now-"(deleted)" library and SIGABRTs, taking the Wayland clients with it (hit ratio 2026-06-07, mesa + hyprland upgraded live). It's a likely driver of ratio's high unsafe-shutdown ratio. I added a pacman PreTransaction hook (hypr-live-update-guard) on the GPU/compositor runtime set. When such an upgrade is pending and Hyprland is running, it aborts before any package is swapped and tells the user to re-run from a TTY with the session stopped. Aborting at PreTransaction is safe: nothing is replaced yet, so the live session is untouched. With no Hyprland running (the from-a-TTY path) the guard stays quiet and the upgrade proceeds. Override with HYPR_ALLOW_LIVE_UPDATE=1 or by touching the sentinel file named in the abort message. archsetup installs the guard and hook in the hyprland path. The decision logic is covered by tests/hypr-live-update-guard (running/not, override, multi-package, empty-target). The hook firing against a real pacman transaction needs a live Hyprland session, filed as a manual test.
* chore: file processed archangel bug-fix handoffs to outboxCraig Jennings5 days2-0/+20
|
* fix(test): bump default VM RAM to 8 GiB to stop AUR-build OOM killsCraig Jennings5 days1-1/+3
| | | | | | | | The zfs green run OOM-killed cc1plus three times during AUR C++ builds: makepkg runs -j$VM_CPUS (4), and parallel compiles at ~700 MB each overran the 4 GiB default. The install still passed (yay retries), but the kills showed up as attributed issues. 8 GiB gives the four jobs headroom. Overridable via VM_RAM as before.
* fix(test): give each filesystem profile its own OVMF NVRAM fileCraig Jennings5 days2-1/+38
| | | | | | | | | | | | | init_vm_paths suffixed the disk image per profile but shared one OVMF_VARS.fd across btrfs and zfs. NVRAM holds the UEFI boot entries and lives outside the qcow2, so a disk-snapshot revert can't restore it. A zfs run's ZFSBootMenu entries clobbered the btrfs GRUB entry, and with no removable ESP fallback the btrfs base then booted to "no bootable device" and timed out before archsetup ran. NVRAM now carries the same per-profile suffix as the disk image, so the two profiles keep separate boot state. Validated by a full green zfs run (ArchSetup exit 0, Testinfra 96 passed / 0 failed).
* fix: log the granting-permissions step on sudoers write failureCraig Jennings5 days1-1/+1
| | | | | | | | | create_user announced "granting permissions" with a bare display call that never set $action, so a failed sudoers write fell back to error_warn "$action" and logged the stale "creating user and home directory" from an earlier step. I set action at that step so a failure names the operation that actually failed. It was the only stale-$action site in the script (the rest set action adjacently before their error_warn).
* test: pin installer orchestrator call sequencesCraig Jennings5 days1-0/+117
| | | | | | | | The decomposition left each big step function as a thin list of sub-step calls with no runtime coverage. These tests sed-extract each orchestrator, stub its sub-functions as recorders, and assert the exact call order, so a dropped or reordered step fails the suite. configure_snapshots also gets a per-filesystem dispatch check (zfs / btrfs / other).
* refactor: decompose installer step functions into named sub-stepsCraig Jennings5 days1-5/+149
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The big step functions mixed many concerns in one body, with essential_services the worst at 442 lines spanning randomness, networking, SSH, firewall, service discovery, scheduling, and a 177-line filesystem- branched snapshot block. I split five of them into thin orchestrators that call named sub-functions, one per concern: - essential_services into 11 sub-steps; the snapshot block further splits into configure_zfs_snapshots / configure_btrfs_snapshots behind a dispatcher. - prerequisites into bootstrap_pacman_keyring, install_required_software, configure_build_environment, configure_package_mirrors. - developer_workstation into per-category installers. - boot_ux into one function per hardware-conditional concern (efi perms, nvme module, initramfs hook, encrypted autologin, TLP, firmware trim, GRUB). - user_customizations into clone, stow, waybar prune, desktop caches, dconf, finalize, directory creation. Each sub-function body is a verbatim slice of the original (no re-indentation, so heredoc bodies stay byte-identical). I verified each extraction by asserting the slices, concatenated in call order, reproduce the original body exactly, so no line is lost or reordered. bash -n is clean, the unit suite stays green, and shellcheck gains no real findings. The SC2329 "never invoked" notes on the new functions are the same indirect-dispatch false positive every step function already carries. The flat installers (desktop_environment, supplemental_software) and the linear preflight_checks are left whole: their length is a sequence of independent installs or checks, not mixed concerns, so splitting would scatter a linear read behind indirection.
* refactor: collapse describe-run-warn idiom into run_task helperCraig Jennings5 days2-70/+230
| | | | | | | | | | | | | | | | | | | The installer announced, ran, and warned on each operation with a hand-written two-line pair, repeated ~35 times: action="enabling rngd service" && display "task" "$action" systemctl enable rngd >> "$logfile" 2>&1 || error_warn "$action" "$?" I added a run_task "desc" cmd... helper that does this in one line, plus an enable_service wrapper for the canonical "enabling <unit> service" case. The 35 single-command sites now call run_task. The three exact-wording service enables (rngd, upower, fail2ban) use enable_service. Multi-line sites (heredocs, subshells, intervening logic) keep the explicit form. Behavior is unchanged: same descriptions, same commands, same logfile redirection, same non-fatal warning on the real exit code. tests/run-task covers the helper across Normal/Boundary/Error including exit-code propagation, and the full unit suite stays green.
* docs: file collapsible-waybar-sides spec to assets, close taskCraig Jennings5 days3-3/+6
|
* docs(todo): put sysmon metric-cycle on right-click, btop stays leftCraig Jennings5 days1-5/+3
|
* docs(todo): file sysmon left-click metric-cycle featureCraig Jennings5 days1-0/+7
|
* docs(todo): close waybar sysmonitor collapseCraig Jennings5 days1-1/+4
|
* docs(todo): close idle-inhibitor → caffeine renameCraig Jennings5 days1-1/+4
|
* docs: close ZFS-coverage epic in todo, archive archangel repliesCraig Jennings7 days4-93/+106
| | | | Marked the bare-metal-migration + shell-sweep task DONE and archived the resolved subtrees. Imported the scratchpad focus-follows-mouse bug from the roam inbox. Filed archangel's handoff replies (zfs-dkms delivered, heads-up adopted) to the outbox.
* docs(todo): close ZFS-coverage + bare-metal-migration epicCraig Jennings7 days1-1/+8
|
* refactor(testing): delete the dead validation.sh shell sweepCraig Jennings7 days1-842/+0
| | | | | | Both runners now validate through run_testinfra_validation, so the shell sweep validation.sh ran is dead. Delete run_all_validations, validate_all_services, run_full_validation, the ~35 validate_* checks, and validation_pass/fail/warn/skip (called only by those checks). Keep the live helpers the runners and testinfra.sh still use: ssh_cmd, attribute_issue, capture_pre/post_install_state, analyze_log_diff, categorize_errors, generate_issue_report, and the VALIDATION_* counters plus issue arrays. The file drops from 1156 lines to 314. Closes the P5 follow-up from the Testinfra cutover.
* fix(testing): keep the bare-metal runner past a failing Testinfra sweepCraig Jennings7 days1-4/+7
| | | | run-test-baremetal.sh runs under set -e, and the P-D migration left run_testinfra_validation called bare. It returns pytest's rc, so a failing sweep aborted the script before it wrote the report or the TEST FAILED summary. The old run_all_validations returned 0 and never tripped set -e. Mirror the VM runner: set +e around the call, capture the rc, and derive TEST_PASSED from it so the report and summary always run.
* test(archsetup): migrate bare-metal runner to key auth + TestinfraCraig Jennings7 days2-16/+40
| | | | | | | | | | run-test-baremetal.sh SSHed to the target as root by password throughout, which archsetup's sshd hardening (PermitRootLogin prohibit-password) kills mid-install, the same break the VM runner already fixed. It also still called the validation.sh shell sweep (run_all_validations, validate_all_services, validate_zfs_services), the last caller keeping those functions alive. It now mirrors the VM runner. After the first SSH, and after any genesis rollback so the key survives it, inject_root_key authorizes a throwaway root key, and every later ssh_cmd plus the raw scp transfers and log-copies thread SSH_KEY_OPT to survive the hardening. The shell sweep is replaced with run_testinfra_validation, now the authoritative validator on both runners. A --port option, threaded through every SSH and scp, lets the runner target a test VM on 2222 instead of only real hardware on 22. inject_root_key now authorizes root@$VM_IP instead of root@localhost, so one helper serves both runners (the VM runner sets VM_IP=localhost). Validated against the ZFS VM (--validate-only, localhost:2222): connectivity, the ZFS check, key authorization, and the Testinfra sweep all connect and run over the key-based ssh-config. A green bare-metal install still needs real ZFS hardware.