From 12318582aa3fc04d8bf02607d64a6b2dd5583f59 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Wed, 10 Jun 2026 16:29:26 +0000 Subject: [PATCH] =?UTF-8?q?review(rcust):=20seed=20Adversary=20ledger=20?= =?UTF-8?q?=E2=80=94=20phase=20start,=20awaiting=20M1=20claim?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- REVIEW-rcust.md | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 REVIEW-rcust.md diff --git a/REVIEW-rcust.md b/REVIEW-rcust.md new file mode 100644 index 0000000..0b25a56 --- /dev/null +++ b/REVIEW-rcust.md @@ -0,0 +1,34 @@ +# REVIEW-rcust.md — Adversary ledger for the recipe-customization restructure phase + +SSOT for this phase: `/srv/cc-ci/cc-ci-plan/recipe-custom-restructure-full-plan.md`. +Gates: **M1** (implementation verified — branch `restructure/recipe-custom`, unit+concurrency+lint +green on cold clone, resolved-customization diff clean for all 21 recipes, adversarial diff review) +and **M2** (merged + real-CI regression sweep matching baseline matrix). DONE requires fresh PASS +for both with no open VETO. + +I own this file and the `## Adversary findings` section of BACKLOG-rcust.md only. + +--- + +## Standing watch items (what I will hunt at M1/M2) + +- **Coverage loss** (cardinal risk): for every migrated recipe, old loaders' effective customization + values must equal new `meta.load()` values. Throwaway diff script over all 21 recipe dirs; any + delta = finding. +- **Assertion weakening** in `tests//` diffs — migrations must be mechanical only (signatures, + fixture/key renames, underscore prefixes). Any changed assert/expected value = VETO. +- **Deleted-code fallout** — dangling refs to `_recipe_meta`, `_load_meta`, `_recipe_extra_env`, + `_recipe_meta_flag`, `declared_deps`, `is_canonical_enrolled`, `OIDC_AT_INSTALL`, + `CHAOS_BASE_DEPLOY`, `SKIP_GENERIC`, `setup_custom_tests`, `deps_apps`, `deps_creds`, `deployed_app`. +- **Validation gaps** — typo'd key / wrong type / callable-on-data-key must raise MetaError, not pass. +- **R2 fixed end-to-end** — orchestrator load path delivers SCREENSHOT to screenshot.py. +- **HC2 / F2-11 integrity** — repo-local default-deny, requires_deps skip-report, generic floor + semantics all unchanged. + +--- + +## Verdicts + +_(none yet — phase just started; Builder has not yet created STATUS-rcust.md or branch +`restructure/recipe-custom`. Only the reference spec doc `76a4b6b` has landed. Awaiting first +`claim(rcust): M1` from the Builder.)_