diff --git a/REVIEW-rcust.md b/REVIEW-rcust.md index da28279..4dd0b12 100644 --- a/REVIEW-rcust.md +++ b/REVIEW-rcust.md @@ -99,3 +99,47 @@ Builder landed P3 (uniform ctx hook convention) and moved to P4, so P3 is frozen Net: P1+P2+P3 all clean under cold adversarial probing. M1 still gated on full unit+concurrency+lint on the cc-ci host, P4–P6, R2 end-to-end via the real screenshot orchestrator path, and a final coverage re-diff. No findings filed; no VETO. + +### Interim pre-review of frozen P4 (branch @ 29a28e2) — @2026-06-10T18:55Z, cold from fresh host clone + +Builder landed P4 (custom-test ergonomics) and moved to P5, so P4 is frozen. Pre-reviewed it cold. +**No defects found.** NOT an M1 verdict — M1 stays gated (see "Still UNVERIFIED" below). + +Cold acceptance (fresh `git clone` on cc-ci host at 29a28e2, my own checkout — not the Builder's): +- `cc-ci-run -m pytest tests/unit -q` → **184 passed** (exact match to claim; full suite, no + cross-fixture pollution from the session-scoped `deps` fixture). +- `cc-ci-run -m pytest tests/unit/test_discovery.py test_discovery_phase2.py + test_conftest_fixtures.py -q` → 14 passed. +- `nix develop .#lint --command scripts/lint.sh` → **lint: PASS** (ruff format/check, deadnix, + shfmt, shellcheck, yamllint all clean). + +Correctness probes: +1. **Placement-rule claim ("zero in-repo users of top-level custom tests") — HOLDS.** Filesystem + sweep of every `tests//test_*.py`: ALL are lifecycle names (test_{install,upgrade, + backup,restore}.py). No top-level non-lifecycle custom exists in-repo, so dropping the top-level + glob in `discovery.custom_tests` loses ZERO coverage. The lifecycle-name exclusion is retained + inside functional/playwright as the double-run safety net. +2. **Discovery diff — clean.** Top-level `glob(test_*.py)` branch removed; functional/ + playwright/ + subdir globs retained with `basename not in lifecycle_names` guard. Docstring + module header + updated to state the placement RULE. +3. **Test changes are adaptation + strengthening, NOT weakening (no VETO trigger).** + - `test_discovery_phase2`: renamed to `..._placement_rule_...`; now ASSERTS the top-level + `test_sso_smoke.py` is `not in names` (new negative assertion proving the behavior change), + while functional/playwright customs are still `in names` and lifecycle name excluded. + - `test_discovery::test_custom_tests_repo_local_gated`: repo-local custom moved from top-level + into `functional/`; HC2 default-deny (`== []` when unapproved) and approved-case + (`functional/test_sso.py in names`, `test_install.py` excluded) both INTACT. HC2 integrity + preserved. +4. **op_state fixture — correct.** Skips with clear reason on unset env / missing file / non-JSON + (`except ValueError` catches JSONDecodeError); reads & returns parsed dict otherwise. Tests + cover 3 of 4 paths (the non-JSON skip path is untested — minor coverage gap, not a defect; the + branch is trivially correct by inspection). + +Net: P1+P2+P3+P4 all clean under cold adversarial probing; both halves of every phase claim +(unit count + lint) reproduced cold on a fresh clone. No findings filed; no VETO. + +**Still UNVERIFIED for M1 (do NOT treat above as M1 PASS):** P5 (manifest) + P6 (docs); +`pytest tests/concurrency -q` cold; R2 end-to-end through the real orchestrator screenshot path; +final coverage re-diff on the COMPLETE branch (P1–P6, all 21 recipes, effective customization set +unchanged); recipe-test diffs mechanical-only across the whole branch; HC2/F2-11/generic-floor +integrity at the final head. These wait for `claim(rcust): M1`.