recipe-maintainers/cc-ci-orchestrator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

plan: adapt concurrency restructure to builder/adversary loop protocol (gates M1/M2, phase-namespaced state)

Browse Source
This commit is contained in:
autonomic-bot
2026-06-10 03:54:31 +00:00
parent 520fb18461
commit a1b4943da1
1 changed files with 35 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
cc-ci-plan/concurrency-restructure-full-plan.md
View File

@ -151,29 +151,46 @@ ABRA_DIR isolation:
Each test must clean up helper processes in `finally`/fixtures (no leaked children in the test VM).
## Roles & flow
## Roles, gates & Definition of Done (loop protocol — plan.md §6.1 applies)
1. **Builder** (fable — main-loop model, no override): implements P1→P5 + test suite on branch
`restructure/concurrency` in a fresh clone; one commit per phase; runs
`pytest tests/unit -q`, `pytest tests/concurrency -q`, `scripts/lint.sh` before each commit;
pushes the branch (never main). Commit author `autonomic-bot <autonomic-bot@noreply.git.autonomic.zone>`.
2. **Adversary** (opus): adversarial review of the full branch diff — hunts races (probe vs
acquire ordering, signal-handler reentrancy, teardown-during-teardown), deleted-code fallout
(grep for dangling references to registry symbols), gate integrity (recipe tests/`RUN_APP_RE`/
warm apps untouched), and test-suite blind spots. Produces findings list; default-skeptical.
3. Builder addresses findings; adversary re-checks. Orchestrator merges to main only when:
adversary pass + both test suites green + lint green + branch push build green.
4. **Live verification** (orchestrator, post-merge):
a. trigger an immich !testme, cancel mid-run via drone API → assert harness pid dies (no leak),
lock released, next janitor reaps the app;
b. two parallel !testme runs (immich + plausible) → both green, zero leakage;
c. double-!testme same PR → second blocks on app lock, then runs;
d. confirm a full green run end-to-end (the standing regression canary).
This phase runs as Builder/Adversary loops with phase-namespaced state files
(STATUS-conc.md, REVIEW-conc.md, BACKLOG-conc.md, JOURNAL-conc.md).
**Builder**: implements P1→P5 + the tests/concurrency suite on branch `restructure/concurrency`
in YOUR clone; one commit per phase; before each commit ALL of:
`pytest tests/unit -q`, `pytest tests/concurrency -q` (once it exists), `scripts/lint.sh`
green. Push the branch (NOT main — main merge is gated below). Claim gates via `claim(conc): ...`
commits + STATUS-conc.md per protocol.
**Adversary**: cold-verify from your own clone. For M1: check out the branch, run both suites +
lint yourself, then adversarially review the full diff — hunt races (probe vs acquire ordering,
signal-handler reentrancy, teardown-during-teardown), deleted-code fallout (grep for dangling
references to registry symbols: register_run_app, unregister_run_app, _run_owner_state,
ACTIVE_RUN_DIR, CCCI_JANITOR_MAX_AGE, acquire_recipe_lock), gate integrity (recipe tests /
RUN_APP_RE / warm apps untouched), and test-suite blind spots vs the 19 cases above.
Default-skeptical; findings to REVIEW-conc.md.
**Gates:**
- **M1 — implementation verified.** Branch complete (P1P5 + tests), both suites + lint green
on the Adversary's cold clone, adversarial diff review PASS in REVIEW-conc.md.
- **M2 — merged + live-verified.** After M1 PASS only, Builder merges the branch to main
(merge commit, never force) and confirms the push build green. Then live verification on the
real CI host (evidence in STATUS-conc.md, Adversary re-checks):
a. trigger an immich !testme, cancel mid-run via drone API → harness pid dies (no leaked
python), lock released, next janitor reaps the app — zero leakage;
b. two parallel !testme runs (immich PR#2 + plausible PR#3) → both green, zero leakage;
c. double-!testme same PR → second blocks on the app lock (visible in its drone log), then runs;
d. one full green run end-to-end.
**## DONE in STATUS-conc.md** only when M1 and M2 both show a fresh Adversary PASS in
REVIEW-conc.md. NOTE for both loops: recipe-mirror PRs (immich#2, plausible#3) are used as
!testme targets only — NEVER merge or push to recipe mirror repos.
## Guardrails (builder + adversary MUST honor)
- NEVER weaken recipe-test gates or touch `tests/<recipe>/` content.
- NEVER push cc-ci main; branch only. Never force-push.
- cc-ci main is touched ONLY by the M2 merge after M1 PASS; all other work stays on the branch.
Never force-push. NEVER merge/push recipe mirror repos.
- No secrets in commits; reference `.testenv` / `/run/secrets` locations only.
- Don't touch `services_converged()` / paused-is-settled logic except where the plan says.
- Match repo commit style (`feat(...)`/`fix(harness)`/`test(...)`/`docs:`).