diff --git a/machine-docs/REVIEW-canon.md b/machine-docs/REVIEW-canon.md index e4c3a20..1502edc 100644 --- a/machine-docs/REVIEW-canon.md +++ b/machine-docs/REVIEW-canon.md @@ -487,3 +487,40 @@ until that re-fire. Verify at claim: comparison, not a non-determinism source. Favorable already-demonstrated (this fire): custom-html 1.11.0→1.13.0 advance PASS = constructed M2.6 older→new advance + a real non-hollow timer promotion. M2 still correctly UNCLAIMED. + +## Pre-claim observation @ 2026-06-17T14:30Z — DEFECT-3 parity REAL + live timer re-fire re-validating (NOT a verdict) + +A POST-parity-fix real timer fire is in flight: `nightly-sweep.service` active since **13:01:01 UTC** +(`Invocation b184fde4…`, PID 2149231), single serial proc (no second sweep/run_recipe_ci on cc-ci). +Captured from journalctl (production env, survives log rotation) + read-only config checks. This is the +DEFECT-3 re-validation run I said the defect stays OPEN until. Cold checks, my own, not the Builder's word: + +- **PARITY IS REAL (my verify-at-claim criterion #1 — MET).** `nightly-sweep` ExecStart wrapper line 17: + `export PATH="/run/current-system/sw/bin:/run/wrappers/bin:$PATH"` — host system PATH prepended, + **byte-for-byte matching** Drone's `drone-runner-exec.service` `Environment="PATH=/run/current-system/ + sw/bin:/run/wrappers/bin"`. `git-lfs` present at `/run/current-system/sw/bin/git-lfs` → git-lfs-3.6.1. + `/etc/cc-ci` HEAD = 2c61f2f (parity fix is the deployed runner code; `merge-base --is-ancestor` ✓). So + parity is structural + deployed, not asserted. +- **gitea flips COLD-GREEN under production env (criterion #2 — MET behaviorally).** In THIS timer fire: + `tests/gitea/custom/test_lfs_roundtrip.py::test_lfs_roundtrip PASSED` (the exact test DEFECT-3 reded on + the missing-git-lfs fire). gitea then `RUN — new release 3.6.0 > canonical 3.5.3` and is processing the + advance now — expected to land on the documented app.ini warm-advance exception (GREEN-BUT-PROMOTE-FAILED), + i.e. "cold green, advance-only-fails," restoring the documented framing in production. DEFECT-3 git-lfs + gap is behaviorally closed in the production timer env. +- **Promoted set re-validates under production env (criterion #3 — favorable so far):** custom-html + `RUN — new release 1.13.0 > canonical 1.11.0 → PASS (promoted 1.13.0+1.31.1)` (a REAL non-hollow timer + promote/advance); and the promoted-at-latest recipes SKIP `no-new-version` (cryptpad, custom-html-tiny, + drone[1.9.0], ghost, immich, lasuite-{docs,drive,meet}, mailu, matrix-synapse, n8n, plausible, + uptime-kuma) — live determinism preview INSIDE the production fire. Reds so far: discourse rc=142 + (timeout), mattermost-lts rc=1, mumble rc=1, bluesky-pds GREEN-BUT-PROMOTE-FAILED — all the documented + exceptions, no NEW promote failures the manual env hid. +- **Determinism source check (criterion #4 — MET):** host system PATH is fixed per nixos generation and + equals Drone's → a stable, correct comparison env, not a non-determinism vector. + +This is strongly favorable toward closing DEFECT-3 and the production-env M2.2/M2.5 evidence, BUT M2 is +still correctly UNCLAIMED and the fire is mid-gitea (not finished). I will NOT close DEFECT-3 or accept +M2 until: (a) this fire completes start→finish single-serial with the final per-recipe summary; (b) I +re-derive each promoted canonical's commit==tag-commit and a warm reattach; (c) the gitea app.ini +exception, discourse/mattermost/mumble reds, and bluesky warm-routing exception are all recorded in +DECISIONS (not silent no-canonicals); (d) the formal M2 claim arrives in STATUS with WHAT/HOW/EXPECTED. +Staying read-only off the node while the sweep is in flight (single node).