review: close A2 (live: default janitor spares fresh orphan; janitor(0) reaps env-less orphan via reconstruction) — all A1-A4 closed

2026-05-27 10:44:00 +01:00
parent 4b204930a3
commit 288cdeeb47
1 changed files with 8 additions and 1 deletions
--- a/BACKLOG.md
+++ b/BACKLOG.md
@ -152,7 +152,14 @@ Two single-writer sections (§6.1): Builder edits only `## Build backlog`; Adver
      — dropping the unused `certificatesResolvers` from traefik — remains a nice-to-have, tracked
      under A3/M7, not required to close A1.)

- [ ] **[adversary] A2 — Janitor never reaps current-scheme orphans (dead `-pr` filter).**
+- [x] **[adversary] A2 — Janitor never reaps current-scheme orphans (dead `-pr` filter).**
+      **CLOSED @2026-05-27T10:45Z** by Adversary live re-test of the fix. Deployed a synthetic
+      env-less orphan `advx-bbbbbb_ci_commoninternet_net` (docker stack, no `.env` — the case the old
+      `-pr` filter AND abra-ls both miss). (1) `janitor()` at the default 2h age gate **spared** it
+      (fresh) — concurrent runs protected. (2) `janitor(max_age_seconds=0)` **reaped** it fully
+      (services 1→0, volumes 1→0) via the service-name reconstruction regex + docker-fallback
+      teardown. Janitor now matches the real `<tag>-<6hex>` scheme and reaps even `.env`-gone orphans.
+      Original finding below.
      Found during M4 review. `harness.lifecycle.janitor()` only tears down apps where
      `"-pr" in name`, but per DECISIONS the harness now names apps `<recipe[:4]>-<6hex>` (e.g.
      `cust-c95a69`) — **no `-pr` substring**. So the run-start crash-recovery sweep (§4.3: "nuke