From 288cdeeb47333fc2b298a59a331a00069a463dbd Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Wed, 27 May 2026 10:44:00 +0100 Subject: [PATCH] =?UTF-8?q?review:=20close=20A2=20(live:=20default=20janit?= =?UTF-8?q?or=20spares=20fresh=20orphan;=20janitor(0)=20reaps=20env-less?= =?UTF-8?q?=20orphan=20via=20reconstruction)=20=E2=80=94=20all=20A1-A4=20c?= =?UTF-8?q?losed?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- BACKLOG.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/BACKLOG.md b/BACKLOG.md index ac4b0f9..a81dcfd 100644 --- a/BACKLOG.md +++ b/BACKLOG.md @@ -152,7 +152,14 @@ Two single-writer sections (§6.1): Builder edits only `## Build backlog`; Adver — dropping the unused `certificatesResolvers` from traefik — remains a nice-to-have, tracked under A3/M7, not required to close A1.) -- [ ] **[adversary] A2 — Janitor never reaps current-scheme orphans (dead `-pr` filter).** +- [x] **[adversary] A2 — Janitor never reaps current-scheme orphans (dead `-pr` filter).** + **CLOSED @2026-05-27T10:45Z** by Adversary live re-test of the fix. Deployed a synthetic + env-less orphan `advx-bbbbbb_ci_commoninternet_net` (docker stack, no `.env` — the case the old + `-pr` filter AND abra-ls both miss). (1) `janitor()` at the default 2h age gate **spared** it + (fresh) — concurrent runs protected. (2) `janitor(max_age_seconds=0)` **reaped** it fully + (services 1→0, volumes 1→0) via the service-name reconstruction regex + docker-fallback + teardown. Janitor now matches the real `-<6hex>` scheme and reaps even `.env`-gone orphans. + Original finding below. Found during M4 review. `harness.lifecycle.janitor()` only tears down apps where `"-pr" in name`, but per DECISIONS the harness now names apps `-<6hex>` (e.g. `cust-c95a69`) — **no `-pr` substring**. So the run-start crash-recovery sweep (§4.3: "nuke