43 lines
3.1 KiB
Markdown
43 lines
3.1 KiB
Markdown
|
# 9-agent research wave — 2026-05-05
|
|||
|
|
|
|||
|
|
Deep-dive research wave kicked off after v0.5.31 ship to surface every
|
|||
|
|
plausible failure mode + future bug class before the v0.7 public flex.
|
|||
|
|
Each agent took ~15 min, returned a focused report. Findings indexed
|
|||
|
|
here, full reports in this directory.
|
|||
|
|
|
|||
|
|
The findings already inform `docs/ROADMAP.md` (Lessons learned section
|
|||
|
|
+ v0.5.32 / v0.6 / v0.7 reorder) and `docs/THREAT-MODEL.md` (drafted
|
|||
|
|
by Agent 5).
|
|||
|
|
|
|||
|
|
| # | Topic | File | Key finding |
|
|||
|
|
|---|---|---|---|
|
|||
|
|
| 1 | Plymouth + LUKS real-hardware edge cases | [01-plymouth-luks-real-hardware.md](01-plymouth-luks-real-hardware.md) | Initramfs keymap missing breaks non-US users at LUKS prompt |
|
|||
|
|
| 2 | SDDM + first-boot UX failure modes | [02-sddm-firstboot-ux.md](02-sddm-firstboot-ux.md) | `veilor-firstboot.service` `WantedBy=multi-user.target` only — silently doesn't run on real installs (graphical target) |
|
|||
|
|
| 3 | bootc-image-builder spike plan | [03-bootc-spike-plan.md](03-bootc-spike-plan.md) | Full Containerfile draft + 1-week timebox; v0.7 schedule |
|
|||
|
|
| 4 | Hardening tier 2 (AppArmor + nftables + audit + homed) | [04-hardening-tier-2.md](04-hardening-tier-2.md) | nftables + audit log shipping = S effort each, ship in v0.5.32 |
|
|||
|
|
| 5 | Threat model + public launch prep | [05-threat-model-launch.md](05-threat-model-launch.md) | Drafted at `docs/THREAT-MODEL.md`. Honest in/out scope tables |
|
|||
|
|
| 6 | Anaconda log virtio-serial silent fix | [06-anaconda-log-capture.md](06-anaconda-log-capture.md) | virtio-serial requires rsyslog (not in our live ISO). Switch to virtio-9p host-share with EXIT trap copy |
|
|||
|
|
| 7 | KDE theme + DuckSans + /etc/skel branding | [07-kde-skel-branding.md](07-kde-skel-branding.md) | `/etc/skel/` doesn't exist; branding evaporates the moment user opens System Settings |
|
|||
|
|
| 8 | Build-iso CI hardening | [08-ci-hardening.md](08-ci-hardening.md) | Pin actions to SHA, dependabot, SBOM, SLSA L3 attestation — all S effort |
|
|||
|
|
| 9 | Real-hardware failure mode audit | [09-realhw-failure-modes.md](09-realhw-failure-modes.md) | **CRITICAL: `kernel.modules_disabled=1` kills wifi on suspend/resume.** Top blocker for v0.5.32 |
|
|||
|
|
|
|||
|
|
## Top blockers for next ship (v0.5.32)
|
|||
|
|
|
|||
|
|
Cross-referenced by severity × probability:
|
|||
|
|
|
|||
|
|
1. **Suspend/resume wifi death** (Agent 9) — every laptop bricks on lid-close
|
|||
|
|
2. **veilor-firstboot.service WantedBy=graphical.target** (Agent 2) — login broken on real installs
|
|||
|
|
3. **kernel-upgrade grub drift** (Agent 9) — first `dnf upgrade kernel` = unbootable
|
|||
|
|
4. **USBGuard hash-rules problem** (Agent 9, mirrors `feedback_usbguard_dock.md`)
|
|||
|
|
5. **firewalld blocks tailscale0** (Agent 9) — user uses tailscale daily
|
|||
|
|
6. **/etc/skel/ empty → no per-user branding** (Agent 7)
|
|||
|
|
7. **virtio-9p log capture** (Agent 6) — replaces broken virtio-serial path
|
|||
|
|
|
|||
|
|
## Research wave protocol
|
|||
|
|
|
|||
|
|
This wave validated the `wave + verifier` pattern from v0.5.31 fix
|
|||
|
|
(per ROADMAP lessons learned #4). Multi-agent debug only produces
|
|||
|
|
signal when one agent's findings are checked against another's;
|
|||
|
|
9 parallel agents on distinct topics gave independent angles that
|
|||
|
|
converged on the v0.5.32 blocker list above.
|