review(2): cryptpad F2-9 NOT closed — create-pad roundtrip read-back leg FAILED on cold-verify (CKEditor frame never attached on fresh context, line 133; 1 failed in 340s) → test is flaky not 3x-reliable. Filed F2-13: make read-back robust before F2-9 closes. install/upgrade/backup/restore pass, only the §4.3-floor pad-persist test red; teardown clean. NOT a VETO (F2-9 was conditional/open)
This commit is contained in:
@ -593,3 +593,26 @@ Phase plan: `/srv/cc-ci/cc-ci-plan/plan-phase2-recipe-tests.md`
|
||||
GREEN, all 5 tiers pass, deploy-count=1, ready-probe OK(200) twice, clean teardown; `-c`+owned
|
||||
wait proven non-vacuous (5 P7-negative unit tests pass + code-read of services_converged/
|
||||
wait_healthy/wait_ready_probes RAISE on stuck convergence). Verdict: REVIEW-2 "## Q3.2 … PASS".
|
||||
|
||||
- [ ] **F2-13 [adversary] — cryptpad create-pad roundtrip FLAKY: read-back leg fails cold** — blocks
|
||||
closing F2-9. Cold-verify @2026-05-29 (clean env, git==host d4eae4e, log
|
||||
`/root/adv-f29-cryptpad-135552.log`): `RECIPE=cryptpad PR=0 cc-ci-run runner/run_recipe_ci.py` →
|
||||
custom tier **FAIL**. `tests/cryptpad/playwright/test_pad_content_roundtrip.py::
|
||||
test_cryptpad_pad_content_survives_fresh_session` FAILED at line 133:
|
||||
`AssertionError: CKEditor content frame never attached on read-back` (1 failed in 339.98s).
|
||||
- **Session 1 worked** (pad created w/ fragment key, marker typed + confirmed in-editor); the
|
||||
**fresh-context read-back** (the leg proving server-side encrypted persistence — §4.3's point)
|
||||
did not complete: CKEditor frame never attached in `_ckeditor_frame`'s ~90-poll+1-reload window.
|
||||
- Test docstring itself admits this path is "slow/flaky" (fresh ctx re-download + LESS recompile
|
||||
under the hairpin network). Builder saw 3× green; my FIRST independent cold run is RED.
|
||||
- **Repro:** `RECIPE=cryptpad PR=0 cc-ci-run runner/run_recipe_ci.py`; observe custom-tier fail on
|
||||
the roundtrip read-back.
|
||||
- **Close condition (Adversary-owned, = also closes F2-9):** the read-back leg must be reliably
|
||||
green on my cold run — make the fresh-context CKEditor-frame wait robust/deterministic (the
|
||||
DECISIONS path: pin CryptPad version + stable app-launch contract) and/or add a non-browser
|
||||
proof of cross-session server-side persistence (encrypted blob retrievable by channel id). One
|
||||
cold-verified green suffices (operator clarification) — but it must actually be green on my run.
|
||||
- Other cryptpad tests (health, spa_assets, pad_create SPA-render) PASS; the Q3.4 *partial*
|
||||
maximal-subset basis stands. F2-9 was a CONDITIONAL sign-off → stays OPEN; this is not a VETO,
|
||||
not a passed-gate regression. Full detail: REVIEW-2 "## cryptpad F2-9 — NOT CLOSING".
|
||||
- Filed by Adversary @2026-05-29.
|
||||
|
||||
@ -1043,3 +1043,42 @@ need for the F2-12 `-c` workaround on pull-bound deploys). When this is claimed,
|
||||
recipe healthcheck / READY_PROBE. A claim that pre-pull "fixes" F2-12-class init races would be false;
|
||||
I'll check the claim doesn't overstate (it correctly notes this caveat now).
|
||||
Does not affect any closed gate. Recording so my verify is ready when claimed.
|
||||
|
||||
## cryptpad F2-9 — NOT CLOSING (create-pad roundtrip FAILED on cold-verify) @2026-05-29
|
||||
The Builder reported F2-9 RESOLVED ("3/3 green", `ccci-cryptpad-full3.log`) and left it for me to close.
|
||||
Cold-verified from `/root/adv-verify` @ origin/main `d4eae4e` (git==host: Builder /root/builder-clone
|
||||
@ d4eae4e), on a CLEAN environment (waited for the Builder's immich run to finish — no concurrency
|
||||
confound). `RECIPE=cryptpad PR=0 cc-ci-run runner/run_recipe_ci.py` (log `/root/adv-f29-cryptpad-135552.log`).
|
||||
|
||||
**RUN SUMMARY:** deploy-count=1; install/upgrade/backup/restore **pass**; **custom FAIL.**
|
||||
The §4.3 create-pad lifecycle test — the WHOLE POINT of closing F2-9 — **FAILED**:
|
||||
`tests/cryptpad/playwright/test_pad_content_roundtrip.py::test_cryptpad_pad_content_survives_fresh_session
|
||||
FAILED` (1 failed in 339.98s), at **line 133**:
|
||||
```
|
||||
# session 1 SUCCEEDED: pad created (fragment-keyed URL), marker typed + confirmed in-editor.
|
||||
# session 2 (FRESH context) read-back:
|
||||
> assert ck2 is not None, "CKEditor content frame never attached on read-back"
|
||||
E AssertionError: CKEditor content frame never attached on read-back
|
||||
```
|
||||
i.e. the create+type leg worked, but the **fresh-context read-back** — the leg that actually proves
|
||||
server-side encrypted PERSISTENCE (§4.3's distinguishing assertion) — did not complete: the CKEditor
|
||||
frame never attached within `_ckeditor_frame`'s ~90-poll + 1-reload window. The test's own docstring
|
||||
admits this path is "slow/flaky" under the env's hairpin network (fresh context re-downloads + LESS
|
||||
recompile). So the test is **FLAKY**, not reliably green — the Builder saw 3× green; my first
|
||||
independent cold run is RED on the persistence assertion.
|
||||
|
||||
**Verdict: F2-9 stays OPEN (NOT closed).** This is NOT a VETO and NOT a regression of a passed gate —
|
||||
F2-9 was a *CONDITIONAL* sign-off (Q3.4 partial accepted; create-pad lift tracked for Q5). I am simply
|
||||
declining to CLOSE it: the lift test is not reliably green cold, so the create-pad-persists capability
|
||||
is unproven on my run. The other cryptpad tests (health, spa_assets, pad_create SPA-render) PASSED and
|
||||
the maximal-subset basis for the Q3.4 *partial* still stands — but the §4.3 create-and-read-back FLOOR
|
||||
is not yet demonstrated reliably.
|
||||
|
||||
**What the Builder needs for me to close F2-9 (filed as F2-13 below):** make the read-back leg robust
|
||||
(not luck-3×) — the docstring's own remedy (pin version + stable contract) plus a more patient/
|
||||
deterministic fresh-context CKEditor-frame wait, OR a non-browser proof of server-side persistence
|
||||
(e.g. the encrypted blob is retrievable by the pad's channel id across sessions). Per the operator
|
||||
clarification, normal close = ONE cold-verified green — but it must actually be green on my run; a
|
||||
test that fails 1-in-N cold is not a reliable green. **Teardown sacred:** post-run no cryptpad stack,
|
||||
no per-run cryptpad volume; warm canonicals intact.
|
||||
Anti-anchoring honored (verdict from my own run + code; not JOURNAL-first).
|
||||
|
||||
Reference in New Issue
Block a user