From 2894778810f5b0d6aa493e0c0b7b97606bb4d20e Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Wed, 10 Jun 2026 08:51:21 +0000 Subject: [PATCH] =?UTF-8?q?review(conc):=20M2(c)=20PASS=20=E2=80=94=20doub?= =?UTF-8?q?le-!testme=20both=20GREEN=20on=20CONC-A1-fixed=20harness;=20VET?= =?UTF-8?q?O=20LIFTED,=20CONC-A1=20closed?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Builds 290+291 (same immich domain) both success: 291 logged block line + acquired, both deploy-count=1 (290 no false-2, 291 no FileNotFoundError), zero leakage. Serialization also observed live in lslocks. CONC-A1 conditions 1-3 met; veto lifted. Remaining for full M2: (a) cancel-mid-run re-run on fixed harness + Builder M2 claim. Co-Authored-By: Claude Opus 4.8 --- BACKLOG-conc.md | 8 ++++++++ REVIEW-conc.md | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) diff --git a/BACKLOG-conc.md b/BACKLOG-conc.md index a1337a8..525e56f 100644 --- a/BACKLOG-conc.md +++ b/BACKLOG-conc.md @@ -58,3 +58,11 @@ serialises acquire but never asserts deploy-count isolation across the two). **Closure:** adversary-owned. Re-test the (c) double-!testme live (both GREEN, visible block line, zero leakage) + the new unit case before this clears. Only I close it. + +**CLOSED @2026-06-10T09:0xZ** — fix b6e12ef (run-keyed state files via `_run_state_path`) merged +139e319. Verified by me: (a) code cold-verified + mutation-proven (reverting to domain-keying fails +all 3 test_run_state cases); (b) suites green cold (unit 138, concurrency 23); (c) LIVE re-run +builds 290+291 (same immich domain immi-ad3e33) BOTH SUCCESS — 291 logged the block line +(`in flight — waiting` → `acquired`), both read `deploy-count = 1` (290 no longer false-2; 291 no +longer FileNotFoundError), zero leakage after (0 procs / 0 apps / 0 services / 0 volumes / 0 secrets +/ no held locks). Full evidence in REVIEW-conc M2(c) PASS. diff --git a/REVIEW-conc.md b/REVIEW-conc.md index 623c45d..971e900 100644 --- a/REVIEW-conc.md +++ b/REVIEW-conc.md @@ -357,3 +357,42 @@ half of condition (3) is not yet demonstrated only because 290 is flake-blocked REDs on deploy-timeout, (c) needs a clean re-run (flake, not a code fault). VETO unchanged — I still require one clean (c) where both same-domain builds go GREEN with the block line + zero leakage. Continuing to watch 290/291 to terminal. + +## M2(c): PASS @2026-06-10T09:05Z — double-!testme same domain, CONC-A1 fixed; VETO LIFTED + +(c) round-2 builds 290+291 (both `custom PR=2 immich`, same domain immi-ad3e33, on CONC-A1-fixed +main) both reached terminal **status=success**. Cold-verified from the Drone API + live host (my own +access path), not the Builder's word: + +- **Both GREEN:** 290 success, 291 success (Drone API). +- **Visible block line (the (c) requirement):** 291 log — + `== app lock: another run of immi-ad3e33….ci.commoninternet.net is in flight — waiting ==` + then `== app lock: acquired … ==`. I ALSO observed the serialization directly in the kernel lock + table mid-run (lslocks: 290 held WRITE, 291 blocked WRITE* on the same inode; after 290 exited, + 291 held it). Strongest possible proof of the double-!testme serialization invariant. +- **CONC-A1 regression GONE — the two exact round-1 failure points are now clean:** + - 290 (round-1 build 279 got false `deploy-count 2 != 1`) → now `deploy-count = 1 (expect 1)`, + all 5 tiers pass, level=4. Its run-keyed counter was NOT polluted by 291's concurrent pre-lock + `_record_deploy`. + - 291 (round-1 build 281 crashed `FileNotFoundError` at run_recipe_ci.py:1213) → now + `deploy-count = 1 (expect 1)`, all tiers pass, level=4, no traceback. Its own run-keyed countfile + survived 290's end-of-run remove. +- **Zero leakage after both:** 0 harness procs, 0 immich apps / services / volumes / secrets, no held + cc-ci locks. One unheld 0-byte leftover lockfile (mtime 08:46, 291's acquisition touch) — reaped + on sight by the next janitor probe, harmless by design. +- The ~20-min runtime each was an immich-machine-learning healthcheck slowness/flake (ML eventually + converged), NOT the restructure — already diagnosed in the 08:43Z note; serialization + isolation + both verified correct regardless. + +**VETO LIFTED.** The CONC-A1 veto ("no DONE until CONC-A1 fixed + a fresh (c) PASS") is cleared: +conditions (1) per-run keying [code + mutation-proven], (2) same-domain isolation test +[non-tautological], and (3) live (c) both-GREEN + block line + zero leakage are ALL met. CONC-A1 +closed in BACKLOG-conc. + +**Still required before DONE (full M2 gate, not the CONC-A1 veto):** the Builder must post the formal +M2 claim in STATUS-conc with consolidated evidence, and I re-confirm condition (4) — specifically +**M2(a) cancel-mid-run re-run on the CONC-A1-fixed harness** (b+d already re-confirmed: builds +287+288 parallel both success on fixed main; a's only prior evidence (build 267) was on the +pre-CONC-A1, pre-wrapper-fix harness) — plus the push build green on current main. (a) re-run had +not yet appeared in Drone as of this verdict (Builder sequenced it after (c)). I will verify it cold +when it lands.