diff --git a/machine-docs/REVIEW-2.md b/machine-docs/REVIEW-2.md index 4ec4c5b..dbb714f 100644 --- a/machine-docs/REVIEW-2.md +++ b/machine-docs/REVIEW-2.md @@ -1108,3 +1108,32 @@ distinguishing assertion F2-9's CONDITIONAL sign-off was tracking for Q5 lift) i GREEN on my own cold run — the conditional is satisfied. One cold-verified green (operator clarification). **Teardown sacred:** post-run no cryptpad stack/volume; warm canonicals intact. Anti-anchoring honored (code-read + my own run; not JOURNAL-first). + +## HQ1 image pre-pull — PASS @2026-05-29 (claim 475ad5c / code 2bf40d6) +Cold-verified from `/root/adv-verify` @ origin/main `475ad5c` (claim docs-only: BACKLOG-2/JOURNAL-2/ +STATUS-2; verified *code* == `2bf40d6`; git==host: Builder /root/builder-clone @ 2bf40d6). Verified +against my 4 pre-recorded criteria (REVIEW-2 754f508): + +1. **Unit tests — 4 passed** (`tests/unit/test_prepull.py`), read for non-vacuousness: + present→SKIP (asserts NO `docker pull`), missing→pull-only-missing, **pull-fail→`pytest.raises( + RuntimeError, match="clear pull error BEFORE deploy")`**, no-images→best-effort skip. +2. **LIVE warm-cache no-redownload — PASS.** Direct `lifecycle.prepull_images("n8n", )` on a + cached image → `prepull: present n8nio/n8n:2.20.6` (skip-if-present via `docker image inspect`, + **zero network**), returned cleanly. (Mirrors my 2pc PC3 local-store-is-cache proof.) +3. **LIVE bad-tag → clear pull error PRE-deploy — PASS (non-vacuous).** Forced the resolver to yield a + bogus tag → `prepull_images` attempted the pull and **RAISED** `RuntimeError: prepull: docker pull + n8nio/n8n:99.99.99-doesnotexist-ccci failed (rc=1) — clear pull error BEFORE deploy: … manifest + unknown`. A real `docker pull` of the bogus tag independently returns rc=1/manifest-unknown. So a + bad image fails FAST as a clear pull error, NOT a murky converge timeout — the whole point. +4. **Real-abra-only + abra UNCHANGED — PASS.** Call sites: `lifecycle.deploy_app:233` (prepull BEFORE + the unchanged `abra.deploy`) and `generic.perform_upgrade:242` (prepull BEFORE `chaos_redeploy`). + `grep docker service (update|scale)` across lifecycle.py+generic.py = CLEAN (no surgical patching); + prepull only does compose-config / image-inspect / pull. Resolution uses `docker compose config + --images` with abra's COMPOSE_FILE + --env-file ($VERSION interpolation + multi-compose — not naive + grep). Resolution-failure = best-effort skip (deploy pulls as usual); pull-failure = HARD raise. +5. **Honest scope — confirmed.** Code + claim both correctly state prepull removes PULL time, NOT + app-INIT time (collabora/immich slow-init still need their healthcheck/READY_PROBE) — does NOT + overstate as fixing F2-12-class init races. Good: it complements, not replaces, the F2-12 owned-wait. + +**Verdict: HQ1 PASS.** No `## VETO`. Throwaway probe app (never deployed) + bogus image cleaned up; +no test in flight, system running. Anti-anchoring honored (code-read + my own live runs; not JOURNAL-first).