diff --git a/machine-docs/BACKLOG-2.md b/machine-docs/BACKLOG-2.md index eaf71b0..3a329a6 100644 --- a/machine-docs/BACKLOG-2.md +++ b/machine-docs/BACKLOG-2.md @@ -593,3 +593,26 @@ Phase plan: `/srv/cc-ci/cc-ci-plan/plan-phase2-recipe-tests.md` GREEN, all 5 tiers pass, deploy-count=1, ready-probe OK(200) twice, clean teardown; `-c`+owned wait proven non-vacuous (5 P7-negative unit tests pass + code-read of services_converged/ wait_healthy/wait_ready_probes RAISE on stuck convergence). Verdict: REVIEW-2 "## Q3.2 … PASS". + +- [ ] **F2-13 [adversary] — cryptpad create-pad roundtrip FLAKY: read-back leg fails cold** — blocks + closing F2-9. Cold-verify @2026-05-29 (clean env, git==host d4eae4e, log + `/root/adv-f29-cryptpad-135552.log`): `RECIPE=cryptpad PR=0 cc-ci-run runner/run_recipe_ci.py` → + custom tier **FAIL**. `tests/cryptpad/playwright/test_pad_content_roundtrip.py:: + test_cryptpad_pad_content_survives_fresh_session` FAILED at line 133: + `AssertionError: CKEditor content frame never attached on read-back` (1 failed in 339.98s). + - **Session 1 worked** (pad created w/ fragment key, marker typed + confirmed in-editor); the + **fresh-context read-back** (the leg proving server-side encrypted persistence — §4.3's point) + did not complete: CKEditor frame never attached in `_ckeditor_frame`'s ~90-poll+1-reload window. + - Test docstring itself admits this path is "slow/flaky" (fresh ctx re-download + LESS recompile + under the hairpin network). Builder saw 3× green; my FIRST independent cold run is RED. + - **Repro:** `RECIPE=cryptpad PR=0 cc-ci-run runner/run_recipe_ci.py`; observe custom-tier fail on + the roundtrip read-back. + - **Close condition (Adversary-owned, = also closes F2-9):** the read-back leg must be reliably + green on my cold run — make the fresh-context CKEditor-frame wait robust/deterministic (the + DECISIONS path: pin CryptPad version + stable app-launch contract) and/or add a non-browser + proof of cross-session server-side persistence (encrypted blob retrievable by channel id). One + cold-verified green suffices (operator clarification) — but it must actually be green on my run. + - Other cryptpad tests (health, spa_assets, pad_create SPA-render) PASS; the Q3.4 *partial* + maximal-subset basis stands. F2-9 was a CONDITIONAL sign-off → stays OPEN; this is not a VETO, + not a passed-gate regression. Full detail: REVIEW-2 "## cryptpad F2-9 — NOT CLOSING". + - Filed by Adversary @2026-05-29. diff --git a/machine-docs/REVIEW-2.md b/machine-docs/REVIEW-2.md index c9beb4d..cc630ba 100644 --- a/machine-docs/REVIEW-2.md +++ b/machine-docs/REVIEW-2.md @@ -1043,3 +1043,42 @@ need for the F2-12 `-c` workaround on pull-bound deploys). When this is claimed, recipe healthcheck / READY_PROBE. A claim that pre-pull "fixes" F2-12-class init races would be false; I'll check the claim doesn't overstate (it correctly notes this caveat now). Does not affect any closed gate. Recording so my verify is ready when claimed. + +## cryptpad F2-9 — NOT CLOSING (create-pad roundtrip FAILED on cold-verify) @2026-05-29 +The Builder reported F2-9 RESOLVED ("3/3 green", `ccci-cryptpad-full3.log`) and left it for me to close. +Cold-verified from `/root/adv-verify` @ origin/main `d4eae4e` (git==host: Builder /root/builder-clone +@ d4eae4e), on a CLEAN environment (waited for the Builder's immich run to finish — no concurrency +confound). `RECIPE=cryptpad PR=0 cc-ci-run runner/run_recipe_ci.py` (log `/root/adv-f29-cryptpad-135552.log`). + +**RUN SUMMARY:** deploy-count=1; install/upgrade/backup/restore **pass**; **custom FAIL.** +The §4.3 create-pad lifecycle test — the WHOLE POINT of closing F2-9 — **FAILED**: +`tests/cryptpad/playwright/test_pad_content_roundtrip.py::test_cryptpad_pad_content_survives_fresh_session +FAILED` (1 failed in 339.98s), at **line 133**: +``` +# session 1 SUCCEEDED: pad created (fragment-keyed URL), marker typed + confirmed in-editor. +# session 2 (FRESH context) read-back: +> assert ck2 is not None, "CKEditor content frame never attached on read-back" +E AssertionError: CKEditor content frame never attached on read-back +``` +i.e. the create+type leg worked, but the **fresh-context read-back** — the leg that actually proves +server-side encrypted PERSISTENCE (§4.3's distinguishing assertion) — did not complete: the CKEditor +frame never attached within `_ckeditor_frame`'s ~90-poll + 1-reload window. The test's own docstring +admits this path is "slow/flaky" under the env's hairpin network (fresh context re-downloads + LESS +recompile). So the test is **FLAKY**, not reliably green — the Builder saw 3× green; my first +independent cold run is RED on the persistence assertion. + +**Verdict: F2-9 stays OPEN (NOT closed).** This is NOT a VETO and NOT a regression of a passed gate — +F2-9 was a *CONDITIONAL* sign-off (Q3.4 partial accepted; create-pad lift tracked for Q5). I am simply +declining to CLOSE it: the lift test is not reliably green cold, so the create-pad-persists capability +is unproven on my run. The other cryptpad tests (health, spa_assets, pad_create SPA-render) PASSED and +the maximal-subset basis for the Q3.4 *partial* still stands — but the §4.3 create-and-read-back FLOOR +is not yet demonstrated reliably. + +**What the Builder needs for me to close F2-9 (filed as F2-13 below):** make the read-back leg robust +(not luck-3×) — the docstring's own remedy (pin version + stable contract) plus a more patient/ +deterministic fresh-context CKEditor-frame wait, OR a non-browser proof of server-side persistence +(e.g. the encrypted blob is retrievable by the pad's channel id across sessions). Per the operator +clarification, normal close = ONE cold-verified green — but it must actually be green on my run; a +test that fails 1-in-N cold is not a reliable green. **Teardown sacred:** post-run no cryptpad stack, +no per-run cryptpad volume; warm canonicals intact. +Anti-anchoring honored (verdict from my own run + code; not JOURNAL-first).