recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

review(lvl5): M2 PASS @a521d43 — proven in real CI from cold clone of main. 247 unit tests + PR-path regression green, repo lint PASS. Genuine L5 (398/406/407/413 all 5 rungs pass, build success); lint-blocked L4 VERDICT-NEUTRAL (405 lint=fail R011, level=4, all tiers pass, drone build SUCCESS + reflected success to PR); N/A-skip de-cap climb (399 custom-html-tiny backup=intentional-skip+reason, level=5 was L2); drone !testme ×3 GENUINE per bridge poll logs (405/406/407 comments 14332-14334 on real PRs); canaries red at re-derived designed L1 (415/416 build FAILURE by tier-fail not lint, upgrade-skip+backup-fail-blocks); unver-blocks synthesized (level=2 backup unver in skips.unintentional, mission ex#3); durations flat (immich 199s/plausible 164s vs shot baseline 198-199/166, lint ~0.7s); old schema-1 artifacts render 200 no relabel; lint.txt served real abra table at exact ref; badges number+colour ONLY no cap language; P3 19/19 lint pass; before/after table every shift rule-explained no regression; no secret leak (independent sweep incl new lint.txt surface). §6 DoD satisfied. No VETO — Builder cleared to write ## DONE.
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
autonomic-bot
2026-06-11 11:28:19 +00:00
parent a521d43a17
commit 13cad1f985
1 changed files with 79 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
REVIEW-lvl5.md
View File

@ -67,3 +67,82 @@ abra output and the unit surface. M2 must still prove, on real CI end-to-end:
≥1 lint-blocked L4, ≥1 N/A-skip climb, drone `!testme` ×2, canaries at designed levels under the
NEW formula, old artifacts rendering live, durations not inflated (lint ≤~60s; observed ~0.7s),
the before/after level table for ALL enrolled recipes, and card/dashboard/badge visually (PNG/SVG).
---
## M2 — Proven in real CI: **PASS** @ 2026-06-11T11:27Z
Main @ `a521d43` (impl merged 08e6cc8 + PR-path fix 68c3486). Cold-verified from a **fresh clone
of main** on the cc-ci host (`/tmp/adv-m2`), drone API (token from /run/secrets), live HTTPS
artifacts, and Read PNGs. JOURNAL not consulted before this verdict.
**Acceptance per plan §4 M2 + §6 DoD — all satisfied:**
1. **Unit suite + lint (fresh clone main).** `cc-ci-run -m pytest tests/unit/ -q` → **247 passed**;
`scripts/lint.sh` → PASS. The new PR-path regression test
`test_run_lint_detached_pr_tree_lints_exact_ref` passes (covers fix 68c3486: abra lint checks
out the repo DEFAULT BRANCH, so a detached scratch clone would FATA or silently lint a stale
branch; fix forces local main AT the tested ref + repoints origin to scratch → lints the PR
head content). My M1 smoke only exercised the HEAD path; this closes that gap.
2. **Genuine L5 (full clean climb).** Runs 398 hedgedoc / 406 immich / 407 plausible / 413 mumble:
results.json schema=2, level=5, all 5 rungs pass, no cap keys, drone build status=success.
3. **Lint-blocked L4, verdict-neutral — the central claim.** Run 405 custom-html PR4:
results.json level=4, lint=fail rules_failed=[R011], all five TIERS pass
(install/upgrade/backup/restore/custom), **drone build 405 status=SUCCESS**, and the bridge
`reflected outcome build 405 (custom-html PR #4): success` to the PR. A lint failure caps the
level at 4 but does NOT flip the run verdict. Card PNG shows lint ✗ FAIL red, "level 4 of 5",
badge #a0b93f. Neutrality proven BOTH directions (415/416 red with lint=pass — see #6).
4. **N/A-skip climb (the de-cap).** Run 399 custom-html-tiny: backup_restore=skip with declared
reason in skips.intentional ("stateless static file server … no backupbot.backup label"),
other rungs pass, **level=5** (was L2 @ #205). Card PNG shows backup/restore "⊘ INTENTIONAL
SKIP" + reason, level 5 of 5. A formerly-capped non-backup-capable recipe now climbs.
5. **Drone !testme path ×3, GENUINE (not manual API).** ccci-bridge poll logs:
`[poll] triggered build 405 for custom-html@36b362aa (PR #4, comment 14332)`,
`406 immich@107d7220 (PR #2, comment 14333)`, `407 plausible@13458fac (PR #3, comment 14334)`,
each followed by `reflected outcome … success`. Build params confirm RECIPE/PR/REF match the
real PR heads. ≥2 required; 3 delivered, all on real PRs showing the lint rung.
6. **Canaries at re-derived designed level + backup-fail still blocks.** 415 (bkp-bad) / 416
(rst-bad): drone build status=**failure** (red), results.json level=1, rungs {install pass,
upgrade skip(structural — no version tags on SRC+REF mirror), backup_restore FAIL, functional
unver, lint pass}. New-formula trace: install(1) → upgrade skip(climb) → backup_restore
fail(BLOCK) → L1. RED is caused by the failing backup/restore TIER (verdict logic untouched),
NOT by lint (lint=pass). Re-derivation is sound; matches OLD-rule level too (old: upgrade N/A
caps at L1) — no regression, same designed level, red either way.
7. **Unverified-blocks (mission example #3), synthesized.** host run
`/var/lib/cc-ci-runs/lvl5-unver-demo/results.json`: schema=2, level=2, rungs {install pass,
upgrade pass, backup_restore UNVER, functional pass, lint pass}, skips.unintentional=
[backup_restore]. backup unver blocks at L2 even though functional+lint pass above it. ✓
8. **Durations not inflated.** drone build wall-times: 398=100s, 399=45s, 405=61s, 406 immich=199s
(shot baseline 198-199s), 407 plausible=164s (shot baseline 166s), 413=80s. lint adds ~0.7s;
the two cross-phase baselines are flat (407 slightly faster). No duration regression.
9. **Old artifacts render, no relabel.** /runs/370 (schema=1, level=4, level_cap_reason present)
serves 200 (results.json + summary.png); dashboard `/` + `/recipe/immich` 200 with mixed
schema-1/schema-2 rows; unit history-compat tests green.
10. **lint.txt served.** /runs/398/lint.txt 200 — full real abra table (HEAVY-box), cmd + rc=0 +
status=pass header, ref=09bf4d54 (hedgedoc's EXACT tested ref).
11. **Badges number+colour only.** hedgedoc badge ">level 5<" #3fb950; custom-html ">level 4<"
#a0b93f; grep finds NO cap/skip/na/reason language in badge SVGs. Matches operator spec.
12. **P3 matrix 19/19 lint PASS** (BACKLOG-lvl5.md) via documented scratch-clone method; no mirror
PRs / DEFERRED needed; warn-severity misses only (don't fail the rung). lasuite-meet R014 now
passes genuinely (tag annotated upstream — not suppressed). **Before/after table: every level
shift is explained by the rule change** — L4→L5 (+lint, baseline from real artifacts + P3
sweep), de-cap L2→L5 (custom-html-tiny proven #399; mailu same mechanism), L4 lintdemo (#405),
canary L1, bluesky N/A consistent. **No unexplained shift / no downward regression.** "Analytic
5" cells are derivation-checkable from two evidenced inputs (real baseline tiers + proven lint).
13. **No secret leak.** Independent sweep: no /run/secrets infra-secret VALUES and no generated
app-credential patterns appear in any published run artifact (the new lint.txt surface incl.).
results.json flags no_secret_leak=true + clean_teardown=true across runs.
**§6 Definition of Done satisfied:** new level system live on main and visible end-to-end
(results.json→card→dashboard→badge); L5 = abra recipe lint on the tested ref; capping fully
removed (no cap/cap_reason/capped); all 19 enrolled recipes linted + dispositioned with an
adversary-checked before/after table; ≥1 real L5 + ≥1 lint-blocked L4 + ≥1 N/A-skip climb through
real CI incl. the drone path ×3; old artifacts unharmed; M1 (cfc87fd) + M2 fresh Adversary
PASSes; no verdict or duration regressions.
**No VETO. Builder is cleared to write `## DONE` to STATUS-lvl5.md.**
Out-of-scope note (Builder's STATUS query): the WC5 promote-on-green-cold observation (a
STAGES-filtered hand-run promoted custom-html's canonical) is pre-existing and orthogonal to the
level system — NOT a lvl5 finding/regression and not a DONE blocker. If the Builder wants it
tracked, DEFERRED.md/IDEAS.md is the right home; I'm not filing it as an [adversary] finding.