From 0fe12188f25488a1fad94207cecdc828410a809f Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Thu, 28 May 2026 04:26:42 +0100 Subject: [PATCH] =?UTF-8?q?DONE(1e):=20Phase=201e=20complete=20=E2=80=94?= =?UTF-8?q?=20HC1-HC4=20all=20Adversary=20cold-verified=20PASS,=20NO=20VET?= =?UTF-8?q?O?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit build #155 (own !testme on custom-html PR#2): head_ref=db9a9502 == chaos-version=db9a9502 (1.10.0→1.13.0), additive generic+overlay both ran (8 assertions PASS), HC2 default-deny held under load, deploy-count=1, teardown sacred, D6 secret-leak grep 0/58. F1e-1 CLOSED. F1e-2 pre-existing (not a 1e regression). The generic-harness corrections are landed; foundation ready for Phase 2. Co-Authored-By: Claude Opus 4.7 (1M context) --- machine-docs/JOURNAL-1e.md | 17 +++++++++++++ machine-docs/STATUS-1e.md | 50 +++++++++++++++++++++++++++++--------- 2 files changed, 55 insertions(+), 12 deletions(-) diff --git a/machine-docs/JOURNAL-1e.md b/machine-docs/JOURNAL-1e.md index 2e65161..55009d3 100644 --- a/machine-docs/JOURNAL-1e.md +++ b/machine-docs/JOURNAL-1e.md @@ -154,3 +154,20 @@ Next: confirm opt-out result, claim E1/HC3 gate, then E2 (HC1 chaos-to-PR-head). evolutions documented in DECISIONS. F1e-2 (concurrent recipe-fetch race) is pre-existing in 1d (Adversary's own framing: "not blocking E1"; Drone MAX_TESTS=1 bounds practical impact) — not a 1e regression, tracked for future. Awaiting Adversary cold-verify of HC4 to write ## DONE. + +## 2026-05-28 — ## DONE (HC4 PASS, NO VETO; all four HC items cold-verified within 24 h) +- Adversary cold-verified HC4 (REVIEW-1e "Final E1/HC3 verdict ... PASS. NO VETO") via build **#155** + — own `!testme` on `recipe-maintainers/custom-html` PR#2, full production chain + bridge→Drone→runner. Highlights: + - D1 latency: 9 s comment→build trigger; dedup + auth clean; PR comment reflection ✅. + - HC1 live: `upgrade→PR-head: head_ref=db9a9502 chaos-version=db9a9502 version=1.10.0+1.28.0 + →1.13.0+1.31.1`. Full-sha match — `$REF` flowed bridge→Drone→runner→re-checkout→chaos correctly. + - HC3 additive in production: every tier ran BOTH generic + cc-ci overlay; 8 assertions PASSED. + - HC2 default-deny under load: custom-html not on allowlist → cc-ci+generic only. + - DG4.1: deploy-count=1; teardown sacred (no leftover stack/volume). + - D6 secret-leak grep over the full build #155 log: 0/58 matches. + - F1e-1 fix verified under real load: `test_backup_captures_state PASSED`. + - F1e-2 confirmed pre-existing, not a 1e regression; bounded by `MAX_TESTS=1`; tracked for future. +- All four HC items Adversary cold-verified PASS within 24 h: + HC1 ✓ (7472561 + build #155) · HC2 ✓ (c7ae296) · HC3 ✓ (e75ec1b/6eabfdc) · HC4 ✓ (6397cd5 + #155). +- Wrote `## DONE` to STATUS-1e.md. Builder loop stops; next is Phase 2. diff --git a/machine-docs/STATUS-1e.md b/machine-docs/STATUS-1e.md index da70861..dd1e602 100644 --- a/machine-docs/STATUS-1e.md +++ b/machine-docs/STATUS-1e.md @@ -1,5 +1,33 @@ # STATUS — Phase 1e (generic-harness corrections HC1–HC4) +## DONE +**Phase 1e COMPLETE @2026-05-28.** All HC1–HC4 Adversary cold-verified PASS within 24 h, NO VETO +(REVIEW-1e final summary). The Adversary explicitly cleared `## DONE` ("Builder may write `## DONE`"). + +- **HC1 ✓** (E2, commit 7472561): upgrade tier upgrades to PR-HEAD via `abra app deploy --chaos`; + `assert_upgraded` requires `chaos-version == head_ref` (non-vacuous). Adversary cold-verified on + custom-html + a monkey-patch probe; production build **#155** (own `!testme` on custom-html PR#2) + showed `head_ref=db9a9502 == chaos-version=db9a9502`, version `1.10.0+1.28.0→1.13.0+1.31.1`, + deploy-count=1. `$REF` flows bridge→Drone→runner→re-checkout→chaos correctly. +- **HC2 ✓** (E0, commit c7ae296): repo-local default-deny via `tests/repo-local-approved.txt`; + Adversary hostile-code probe + production build #155 (custom-html not on allowlist → cc-ci+generic + only, no repo-local consulted under load). +- **HC3 ✓** (E1 re-claim e75ec1b; F1e-1 fix 6eabfdc): generic runs additively alongside overlays; + opt-out via `CCCI_SKIP_GENERIC[_OP]` / `recipe_meta.SKIP_GENERIC`; op runs ONCE; deploy-count=1. + Production build #155: every tier ran BOTH `assert (generic)` and `assert (cc-ci)` (8 assertions + PASSED across install/upgrade/backup/restore). **F1e-1 CLOSED** (Adversary fix-verified the + `exec_in_app` poll+raise hardening on commit 6eabfdc). +- **HC4 ✓** (E3, commit 6397cd5 + Adversary build #155): no regression — D1 trigger 9 s latency, D6 + secret-leak grep clean (0/58 patterns), DG4.1 deploy-count=1, teardown sacred (no leftover + stack/volume), DG1–DG8 surface preserved or per DECISIONS-documented evolution. **F1e-2** + (pre-existing concurrent `abra recipe fetch` race) confirmed not a 1e regression; tracked in + BACKLOG-1e for breadth-ramp; not blocking DONE (Drone caps `MAX_TESTS=1`). + +**The generic-harness corrections are landed and the foundation is ready for Phase 2.** Builder loop +stops; next is Phase 2 (recipe-test authoring on top of this corrected harness). + +--- + **Phase plan (SSOT):** `/srv/cc-ci/cc-ci-plan/plan-phase1e-harness-corrections.md` **Loop state for THIS phase:** STATUS-1e / BACKLOG-1e / REVIEW-1e / JOURNAL-1e (DECISIONS.md shared). Phase-1/1b/1c/1d STATUS/BACKLOG/REVIEW files are HISTORY (1d DONE) — not this phase's state. @@ -27,15 +55,11 @@ Three corrections, each Adversary cold-verified, no test weakened: - [x] **HC3** — generic runs alongside an overlay by default; skipped only with the opt-out set. Adversary PASS @2026-05-28 (re-claim commit e75ec1b; F1e-1 fix commit 6eabfdc; opt-out + default cold-verified, deploy-count=1, no assertion weakened). -- [ ] **HC4** — no regression cold-verified; deploy-once + teardown still sacred. - Builder CLAIM @2026-05-28: deploy-once + teardown explicitly preserved/exercised by EVERY HC1 - and HC3 Adversary run (deploy-count=1 + clean teardown in both Adversary's and Builder's e2e); - no assertion weakened (preserved in code + Adversary-verified per HC3 PASS); bridge/Drone/ - orchestrator-trigger path UNCHANGED from Phase 1d (DG6 PASS still holds); D1–D10 / DG1–DG8 - either preserved verbatim or intentionally evolved per the three HC corrections (HC2 default- - denies repo-local execution per DECISIONS — documented behaviour change, not regression; HC3 - makes layering additive, HC1 makes upgrade chaos-to-PR-head — both per DECISIONS). Awaiting - Adversary cold-verify (likely a `!testme` on a real PR + the secret-leak grep). +- [x] **HC4** — no regression cold-verified; deploy-once + teardown still sacred. + Adversary PASS @2026-05-28 (build #155, own `!testme` on custom-html PR#2): D1 trigger 9 s, HC1 + live (`head_ref=db9a9502 == chaos-version=db9a9502`), HC3 additive in production (both generic + and overlay tiers ran, 8 assertions PASSED), HC2 default-deny under load, deploy-count=1, + teardown sacred, D6 secret-leak grep clean (0/58). F1e-2 not a 1e regression. ## Milestones (plan §3) - **E0** — HC2 trust gate (allowlist, default-deny). *Accept: repo-local ignored unless approved.* @@ -44,11 +68,13 @@ Three corrections, each Adversary cold-verified, no test weakened: - **E3** — HC4 cold re-verification + docs → DONE. ## In flight -(none) — E3 docs done in 7472561; gates HC1/HC2/HC3 all Adversary-PASS; HC4 CLAIMED. Awaiting -Adversary cold-verify of HC4 → on PASS the Builder writes `## DONE`. +(none) — **Phase 1e DONE.** See top. ## Gate -**Gate: E3/HC4 — CLAIMED, awaiting Adversary @2026-05-28.** All three HC corrections are +**Gate: E3/HC4 — Adversary PASS @2026-05-28** (build #155, custom-html PR#2; full Adversary +production-pipeline verification — see REVIEW-1e "Final summary"). NO VETO. + +**Gate: E3/HC4 — CLAIMED, awaiting Adversary @2026-05-28** (cleared by the PASS above). All three HC corrections are Adversary-PASS; no regression introduced (rationale per HC4 line in Definition-of-Done above): deploy-once + clean teardown demonstrated in every HC1 and HC3 cold run (deploy-count=1; no leftover stack/volume); no assertion weakened (already verified per HC3 PASS — overlays migrated to