aboutsummaryrefslogtreecommitdiff
path: root/todo.org
Commit message (Collapse)AuthorAgeFilesLines
* docs(todo): file waybar right-cluster module order from roam inboxCraig Jennings27 hours1-0/+3
|
* docs: fold the fourth spec review into the network module specCraig Jennings42 hours1-0/+8
| | | | Dispositioned all nine fourth-review findings (8 accept, 1 modify) and wove them into a new "V2 panel UX" section: a single nav target, Saved/Available-now/Wired connection groups, join-from-row instead of an Add page, the supported-auth join matrix, progressive loading, future-tense verified Forget, a findable redacted diagnostics report, and the Waybar visual contract. The modify kept the full speed test under Performance per the prior decision while accepting an inline latency probe stored in the doctor report. Findings cookie now reads complete.
* docs: bring network module spec current + add diagnostic verbose-captureCraig Jennings43 hours1-0/+11
| | | | | | The spec had drifted behind the code and the redesign. Marked Phases 1-3 shipped, recorded the native captive-login engine and the live-testing portal UX fixes, and folded in the V2 redesign: no terminals, the passwordless sudo-helper, verify-every-action, the Connections/Diagnostics/Performance nav, and the full failure-mode catalog moving to the task. Added the automatic diagnostic verbose-capture feature. On a failing diagnose it elevates the underlying stack (NetworkManager, resolved, wpa_supplicant) to debug, captures the journal and dmesg window, restores with a guaranteed crash-guarded path, and writes a redacted bundle. A manual Debug on/off toggle covers intermittent failures. The redesign task gains a child for it.
* docs(todo): file network panel redesign + full failure-mode catalogCraig Jennings44 hours1-3/+111
|
* docs(todo): record captive-portal live-test fixes and DoT-sudo follow-upCraig Jennings44 hours1-1/+10
|
* docs(todo): file waybar alarm-tooltip bug from roam inboxCraig Jennings46 hours1-0/+3
|
* chore: archive completed tasks and age resolved history to a fileCraig Jennings46 hours1-598/+112
| | | | | Completed work moves from Open Work into Resolved; Resolved entries past the retention window age out to archive/task-archive.org to keep todo.org lean.
* docs(todo): record the captive-portal-login engine core landingCraig Jennings48 hours1-0/+3
| | | | The portal-login repair tier shipped in dotfiles (a7d7559); net doctor / net portal run the real plain-DNS flow now. Note the three remaining items: name the DoT cause in diagnose, a dedicated panel button, and live validation.
* docs: capture captive-portal login learnings + close the ZFS taskCraig Jennings2 days1-2/+8
| | | | File the captive-portal-login design doc from the 2026-06-30 Hyatt saga — the actual mechanism (system DoT + browser DoH both bypass the hotel's redirecting DNS; plain DNS is what works), the working hotel-wifi script, and the plan to make it a first-class net-panel action — plus a [#B] feature task to bake it in. Also close the ZFS pre-pacman snapshot task: the installer step shipped and the ZFS VM install passed 97/0 with the new hook assertion.
* docs: file five waybar/hyprland tasks from capturesCraig Jennings2 days1-0/+15
| | | | Pulled the archsetup-owned captures and filed the five that aren't done yet: extend the red=off convention (just added to the pointer indicator) to the volume / mic / caffeine toggles, a mic-mute keybind, the file-manager swallow pattern, keybind hints in every module's tooltip, and smooth waybar expansion. Two related captures — sysmon and timer real estate — were done live tonight, so they're dropped rather than filed.
* docs: file ZFS pre-pacman snapshot installer step from home handoffCraig Jennings2 days1-0/+5
| | | | The pre-pacman snapshot script accumulated 53 unpruned snapshots on velox since April — nothing prunes them, and Sanoid ignores the non-autosnap_ names. The fix is a self-pruning script (KEEP=10), but the home handoff confirmed the live script isn't archsetup-authored (it's hand-placed on velox), so incorporating it is a net-new ZFS-root installer step rather than a patch to an existing one. Filed as a [#B] feature with the design notes and the script preserved in docs/design, since it still needs the trigger hook file and a ZFS-root VM test before it can land.
* docs: mark network module Phase 3 shipped + refresh manual-test checksCraig Jennings3 days1-17/+40
| | | | | | Record Phase 3 (diagnostics + speed test in the panel) as the dated event-log entry on its task: net speedtest plus the four-section panel. Refresh the manual-test checklist to the final settled bar-click scheme (left = panel, middle = portal, right = net-fix) and add the Phase 3 tab checks, including the speed-test run that confirms the byte-rate unit assumption. The waybar network module is complete through Phase 3; Phase 4 (help/docs) and Phase 5 (VPN) remain as future work.
* feat: install the net panel GTK deps; mark waybar module Phase 2 shippedCraig Jennings3 days1-10/+24
| | | | | | The custom/net connection panel (Phase 2, in the dotfiles repo) needs GTK4 layer-shell, so archsetup's Hyprland step now installs gtk4-layer-shell and python-gobject alongside waybar. NetworkManager, curl, rfkill, and resolvectl — the engine's other needs — are already installed. speedtest-go stays deferred to Phase 3. Record Phase 2 as the dated event-log entry on its task: the engine connection commands, the GTK-free panel model, the GTK layer-shell panel, and the bar interactions settled over live iteration (left = panel, middle = portal, right = notify-or-fix).
* docs: update network module manual-test for the reworked clicksCraig Jennings3 days1-7/+15
| | | | After live use, the Phase-1 clicks changed: airplane moved off a misclickable right-click to Super+Shift+A; left-click notifies the doctor result instead of popping a terminal (diagnose is read-only); right-click forces the captive portal; middle opens nmtui. Update the manual-test checklist to match.
* docs: mark waybar network module Phase 1 shippedCraig Jennings3 days1-19/+36
| | | | | | Phase 1 landed in the dotfiles repo (engine, indicator, cache, diagnose/repair/doctor, portal, event log, recovery make targets, airplane absorption). Record it as the dated event-log entry on the Phase 1 task and raise the spec status to "Phase 1 shipped". One as-built deviation, noted in the spec (decision 12) and the manual-testing checklist: airplane absorption is display-only. The airplane-mode toggle is a low-power mode — radios plus CPU, brightness, and services — not a network concern, so it stays; net shows the state and the toggle moved to custom/net's right-click. Only the redundant display pieces (waybar-airplane, custom/airplane, waybar-netspeed) were removed.
* docs(todo): break the waybar network module into implementation phasesCraig Jennings3 days1-30/+97
| | | | | | The network spec is Ready, so I decomposed it into one parent task with Phase 1-5 children (indicator + console recovery, panel + connection management, diagnostics + speed test, docs + rollout, VPN vNext), each naming its deliverable, tests, and verification. I consolidated the two source tasks into that parent: the wifi-no-internet task is cancelled (folded in, now Phase 1 + Phase 3), and the network-manager task became the parent. I seeded the Phase 1 live checks under Manual testing and validation, since the live network and visual states need real conditions.
* docs: finalize waybar network module spec (reviews incorporated)Craig Jennings3 days1-1/+11
| | | | | | | | Incorporated the review feedback and my inline comments into the network-module spec. It's now implementation-ready, every finding resolved. The reviews reshaped the design in a few ways. Secrets stay in NetworkManager's own store instead of a separate GPG file, dropping that dependency. A net doctor mode plus Makefile targets make recovery work from a bare TTY when the GUI is down. The doctor classifies failures and stops at the right terminal state (needs-user-action, upstream-not-local, deferred-vpn) instead of looping destructive repairs. The module absorbs the airplane indicator, and enterprise WiFi add/edit is vNext (activate-only in v1, since the saved history has no enterprise networks). Added a failure-mode coverage table, exact user-facing strings, the test harness and coverage gate, and the panel UX flow. Also corrected the spec's test framework from pytest to unittest, which is what the repo uses.
* docs: add unified waybar network module design specCraig Jennings3 days1-0/+4
| | | | | | The wifi-no-internet indicator, the nmcli network-manager dropdown, and the captive-portal diagnostics are one feature, so the spec designs them as a single custom/net module instead of three. It splits into three layers: a tested Python net engine wrapping nmcli plus the diagnostics, a thin bar indicator, and a GTK4 layer-shell panel. The captive script becomes the diagnostics engine. It records the locked decisions (panel toolkit, split probe cadence, GPG store supplements NetworkManager, librespeed for speed test) and a four-phase plan, indicator first. I linked it from both todo tasks.
* docs: add waybar timer-module spec and close its taskCraig Jennings3 days1-1/+17
|
* docs(todo): record mod+J/K focus-navigation work as doneCraig Jennings3 days1-0/+7
|
* docs(todo): close focus-follows-mouse bug fixed in dotfilesCraig Jennings3 days1-1/+4
|
* docs: close sysmon-cycle task, reorganize open-work listCraig Jennings4 days1-239/+246
| | | | Closed the sysmon right-click-cycle task: the feature shipped in the dotfiles repo (f7b6896), with the live waybar check filed under manual testing. Reorganized the open-work section: renamed the scrolling task to Scrolling/Carousel, cancelled the foot-to-ghostty migration, and regrouped the lower-priority items.
* chore: reconcile task facts, consolidate CI + security clustersCraig Jennings4 days1-123/+119
| | | | I audited the open-work tasks for factual accuracy. Reconciled stale facts against the code and git state: dropped the "hardcoded repo URLs" item (the dotfiles repo is config-driven now), corrected the commit count to 589, and noted that the 2026-06-28 btrfs/zfs runs reproduce the same residual install warnings. Cancelled the calendar-URL rotation (Craig's call, exposure window recorded) and refiled the dotfiles-audit task to the standalone dotfiles repo. Closed the README as code-complete with the final read filed under manual testing. Grouped 14 scattered CI/test tasks under a "Test + CI infrastructure" parent and 5 security tasks under "Security hardening + audit", each child keeping its prior priority. Fixed two terminology drifts (container to VM, DWM to Hyprland).
* chore: close btrfs-base bug, re-grade CI cluster in task reviewCraig Jennings4 days1-9/+20
| | | | I reviewed the oldest-unreviewed tasks. The btrfs-base VM-unbuildable bug is fixed: archangel's new ISO conditions the AUR list on the filesystem, so the btrfs base rebuilt green (97/0). I re-graded the three CI-automation tasks (scheduled runs, manual trigger, results dashboard) from B to C. They're someday infra with no runner, not this cycle. I tagged the sysmon right-click cycle and the set-wallpaper symlink fix :solo:, since both have a build and test path with no design call left.
* docs: record live-update guard verification on veloxCraig Jennings4 days1-27/+23
| | | | I verified hypr-live-update-guard end-to-end on velox with Hyprland live. Every branch of the script held: block while running, allow when stopped, env override, sentinel. A real pacman firing confirmed the wiring: a same-version mesa reinstall triggered the PreTransaction hook, the guard aborted, and AbortOnFail stopped the transaction with nothing swapped. velox predated the feature, so I placed the guard and its hook by hand. They now ship there permanently.
* docs(todo): close guard + NVRAM-harness tasks, file follow-upsCraig Jennings4 days1-56/+51
| | | | | | | Live-update guard and the per-profile-NVRAM harness fix close to Resolved. Filed the archangel btrfs baked-AUR bug (blocks btrfs base on the old ISO, fixed by the 2026-06-27 ISO) and the guard's live firing test under Manual testing and validation.
* docs(todo): close live-update guard, file the live firing testCraig Jennings4 days1-2/+30
|
* fix(test): give each filesystem profile its own OVMF NVRAM fileCraig Jennings5 days1-0/+33
| | | | | | | | | | | | | init_vm_paths suffixed the disk image per profile but shared one OVMF_VARS.fd across btrfs and zfs. NVRAM holds the UEFI boot entries and lives outside the qcow2, so a disk-snapshot revert can't restore it. A zfs run's ZFSBootMenu entries clobbered the btrfs GRUB entry, and with no removable ESP fallback the btrfs base then booted to "no bootable device" and timed out before archsetup ran. NVRAM now carries the same per-profile suffix as the disk image, so the two profiles keep separate boot state. Validated by a full green zfs run (ArchSetup exit 0, Testinfra 96 passed / 0 failed).
* docs: file collapsible-waybar-sides spec to assets, close taskCraig Jennings5 days1-3/+6
|
* docs(todo): put sysmon metric-cycle on right-click, btop stays leftCraig Jennings5 days1-5/+3
|
* docs(todo): file sysmon left-click metric-cycle featureCraig Jennings5 days1-0/+7
|
* docs(todo): close waybar sysmonitor collapseCraig Jennings5 days1-1/+4
|
* docs(todo): close idle-inhibitor → caffeine renameCraig Jennings5 days1-1/+4
|
* docs: close ZFS-coverage epic in todo, archive archangel repliesCraig Jennings7 days1-93/+91
| | | | Marked the bare-metal-migration + shell-sweep task DONE and archived the resolved subtrees. Imported the scratchpad focus-follows-mouse bug from the roam inbox. Filed archangel's handoff replies (zfs-dkms delivered, heads-up adopted) to the outbox.
* docs(todo): close ZFS-coverage + bare-metal-migration epicCraig Jennings7 days1-1/+8
|
* docs(todo): record P-C green — ZFS VM test coverage landedCraig Jennings7 days1-1/+15
|
* docs(design): plan ZFS VM test coverage + bare-metal runner migrationCraig Jennings7 days1-0/+1
| | | | | | | | Adds a design note for building a ZFS base VM via archangel with a filesystem profile selector (so make test covers the ZFS install path, currently only exercised on bare metal), migrating run-test-baremetal.sh to key auth and the Testinfra sweep, and then deleting the dead shell-sweep functions. Links it from the bare-metal migration follow-up.
* docs(todo): close the Testinfra validation taskCraig Jennings7 days1-1/+4
| | | | | | Final fresh make test passed green (96 passed, 10 skipped) with Testinfra as the authoritative post-install validator. Records the end-state and the three bugs the work surfaced and fixed.
* fix(testing): raise the install monitor timeout to 150 minutesCraig Jennings7 days1-0/+2
| | | | | | | | A full archsetup install with heavy AUR builds (vagrant and its git-cloned installers) can run past the old 90-minute monitor cap on a slow mirror. When that happened the run stopped monitoring mid-install and validated a half-installed system, producing spurious late-step failures. Raise MAX_POLLS from 180 to 300 (90 -> 150 minutes) so a slow-but-healthy install completes.
* test(archsetup): make Testinfra the authoritative validator (P3 cutover)Craig Jennings7 days1-0/+5
| | | | | | | | | | | | | run-test.sh no longer runs the shell run_all_validations sweep; the Testinfra pytest sweep now drives the run's pass/fail. run_testinfra_validation returns pytest's exit code (and treats "could not run" as a failure, not a silent pass), surfaces the pass/skip/fail counts through the shared VALIDATION_* counters, and parses the attribution file so generate_issue_report still buckets failures into archsetup / base_install / unknown. The shell-sweep functions stay in validation.sh for now because run-test-baremetal.sh still calls them; removing them (after migrating the bare-metal runner) is filed as a follow-up.
* test(archsetup): expand validation coverage + fix ParallelDownloads (P4)Craig Jennings7 days1-0/+2
| | | | | | | | | | | | | | | | | | Add post-install checks beyond the original shell sweep, validated against a live VM: test_hardening (sshd prohibit-password, quiet-printk sysctl, emptied /etc/issue, console font, EFI mount perms), test_config_applied (pacman ParallelDownloads/Color/multilib, makepkg flags, NetworkManager drop-ins, fail2ban jail, reflector), and test_backups (the .archsetup.bak files backup_system_file leaves behind — end-to-end proof of that feature). The new tests caught a real bug: ParallelDownloads stayed at Arch's default 5 because the sed only matched a commented "#ParallelDownloads", but current Arch ships it uncommented. Match both (^#?ParallelDownloads) so the intended 10 takes effect. Verified against a kept VM: 95 passed, 10 skipped (the one remaining failure was the pre-fix ParallelDownloads on the already-built VM, which the sed fix resolves on the next fresh install).
* fix(testing): authorize a root key so make test survives sshd hardeningCraig Jennings7 days1-0/+2
| | | | | | The VM test SSHes into the guest as root with a password for the whole run. archsetup hardens sshd to PermitRootLogin prohibit-password and reloads it partway through the install, so every SSH after that step failed with "Permission denied" and the run aborted before any validation — make test had been silently broken since the hardening landed. inject_root_key authorizes a throwaway root key right after the first SSH (before archsetup runs) and the ssh/scp helpers now add -i <key> via SSH_KEY_OPT. prohibit-password still allows root key auth, so the harness survives the very hardening it validates. Password stays as the fallback, so the change is additive.
* test(archsetup): port full shell validation sweep to Testinfra (P2)Craig Jennings7 days1-0/+2
| | | | | | | | | | | | | | | | | | Port all ~26 post-install checks from validation.sh to pytest/Testinfra, reaching parity before the cutover. Adds test_users, test_packages, test_services, test_desktop, test_boot, test_keyring, and test_archsetup (88 tests after parametrizing groups, services, timers, tools, and configs), plus shared conftest fixtures for ZFS/NVMe/compositor/networking gating. The shell sweep's three outcomes map cleanly: hard failures become assertions, advisory warnings and unmet preconditions (headless compositor, slirp networking, optional services, non-ZFS/non-NVMe hosts) become skips. One correctness fix vs the shell sweep: check awww, not swww — archsetup installs awww (swww's successor) and `pacman -Q swww` no longer matches. Verified on the host: py_compile clean, pytest --collect-only green (88 tests). The sweep against a real VM is verified by the make test run that follows.
* test(archsetup): scaffold Testinfra post-install validation (P1)Craig Jennings7 days1-0/+2
| | | | | | | | Stand up the Testinfra/pytest harness alongside the existing shell sweep so the two can be compared for parity before pytest takes over. Adds scripts/testing/tests/ (conftest with failure attribution markers, a report hook, and a target_user fixture, plus three parity checks: user, ufw, dotfiles) and scripts/testing/lib/testinfra.sh, which injects a throwaway SSH key into the VM and runs pytest over SSH. The sweep is advisory here (RUN_TESTINFRA toggle, non-fatal) and does not yet affect pass/fail. Pulls python-pytest and python-pytest-testinfra into make deps. Verified on the host: py_compile clean, pytest --collect-only green, bash -n and shellcheck clean. The sweep running against a real VM is verified by the next make test run.
* docs(design): accept Testinfra post-install validation planCraig Jennings7 days1-1/+3
| | | | | | Plan to port the VM harness's shell validation sweep (validation.sh, ~26 checks) to Testinfra + pytest for more expressive checks and better reporting, then expand coverage to the parts of archsetup that aren't validated today. Records the design: where pytest fits in run-test.sh, the SSH connection model (inject a throwaway test key), preserving the three-way issue attribution via pytest markers, smoke/integration tiering, a parity-then-expand migration, and a Goss comparison.
* feat(archsetup): back up system files before in-place editsCraig Jennings7 days1-1/+4
| | | | | | | | Add a backup_system_file helper that snapshots a pre-existing file to <path>.archsetup.bak before archsetup edits it in place, so a botched edit to fstab, mkinitcpio.conf, or sudoers is recoverable. It is idempotent: it never overwrites an existing backup, so the pristine original survives repeated edits within a run and across re-runs. It uses cp -p to preserve mode and ownership. Only the in-place sed and append edits to pre-existing files route through it (locale.gen, makepkg.conf, pacman.conf, sudoers, wireless-regdom, geoclue.conf, pacman-contrib, fstab, mkinitcpio.conf, vconsole.conf). The brand-new drop-in files archsetup fully owns are skipped: there is no prior state to save, and recovery is just deleting them. Covered by tests/backup-system-file/ (Normal, Boundary, Error cases, including mode preservation and the no-overwrite guarantee).
* docs(todo): close wallpaper login-restore task, file symlink follow-upCraig Jennings8 days1-1/+16
| | | | Mark the waypaper --restore task DONE, add the relogin manual-test under "Manual testing and validation", and file a follow-up: set-wallpaper's mv detaches the waypaper config from its stow symlink.
* docs(todo): restore heading, groom review batch, close bridge taskCraig Jennings8 days1-9/+20
| | | | | | | - Restore the dropped "Collapsible waybar sides" heading. Its drawer and body were orphaned when an earlier edit clobbered the heading line. - Re-stamp the oldest-unreviewed task batch; drop "security education" to [#C]; tag the bridge-font and wallpaper-restore items. - Close the Proton Mail Bridge font task (UI font scaled via QT_FONT_DPI). - Archive two resolved inbox items to assets/outbox/.
* docs(todo): archive the resolved wallpaper taskCraig Jennings8 days1-10/+9
|
* docs(todo): close wallpaper task, archive done, file restore follow-upCraig Jennings8 days1-79/+78
|