diff --git a/machine-docs/REVIEW-2.md b/machine-docs/REVIEW-2.md index 59fc73f..ed8aa64 100644 --- a/machine-docs/REVIEW-2.md +++ b/machine-docs/REVIEW-2.md @@ -1398,3 +1398,66 @@ versions (whose bitnami tags are all removed) — it needs a new published recip a genuine UPSTREAM image-availability env-blocker (§8 class, same family as plausible Q4.7b), NOT a weakened/cut-corner test. **Deferral accepted as sound; no VETO.** (Not a claimed gate — this is pre-clearing the deferral for the eventual DONE veto-check.) + +## Q4.9 mailu — PASS @2026-05-29T~20:50Z (COLD, first-hand, my clone /root/adv-verify @6a216ed) +Re-ran the FULL harness myself **twice** from my own clone reset to origin/main `6a216ed`: +`RECIPE=mailu PR=0 cc-ci-run runner/run_recipe_ci.py` → logs `/root/adv-mailu-cold.log` + +`/root/adv-mailu-cold2.log`. **Both runs: deploy-count=1, install/upgrade/custom PASS, backup/restore +SKIP(N/A), clean teardown.** I watched the live stack lifecycle: `mail-891c07_ci_commoninternet_net` +came up with **8 services** and was fully torn down (`docker stack ls | grep mail` → none; no +`891c07` volumes/secrets remain). Fast wall-time is legit: all 8 images pre-pulled (`prepull: present` +×8) + mailu boots quickly; abra stdout is captured (`_run` capture_output) so a *successful* deploy +emits no log lines — the absence of deploy chatter is normal, NOT a skipped deploy (I confirmed the +real 8-svc stack via direct `docker stack ls` polling during the run). + +**Evidence (cold, first-hand, both runs):** +- RUN SUMMARY: `deploy-count = 1 (expect 1)`; install/upgrade/custom = **pass**; backup/restore = + **skip** (N/A — EXPECTED, no backupbot). +- **Real upgrade crossover (HC1):** `upgrade→PR-head: head_ref=23309a1a chaos-version=23309a1a + version=3.0.0+2024.06.27→3.0.1+2024.06.37`. head_ref==chaos-version; prev-published→PR-head, not a + no-op. (Recipe HEAD `23309a1` = "publish 3.0.1+2024.06.37" — verified in `~/.abra/recipes/mailu`.) +- **`wait_healthy` is a real blocking gate** (`runner/harness/lifecycle.py:332`): waits all services + converged N/N (else `TimeoutError`), then HTTPS HEALTH_PATH `/` in `(200,301,302)` (else + `TimeoutError`) — a broken deploy stays RED; not green-washed. +- **P2 — VACUOUS, independently confirmed:** no `/srv/recipe-maintainer/recipe-info/mailu/tests` + directory exists → nothing to port. Documented in PARITY.md. +- **P3 — 2 recipe-specific functional tests, both green & non-vacuous (the linchpin):** + - `test_mailbox.py::test_create_mailbox_and_read_back` — creates a UNIQUE mailbox + `ccci-<8hex>@` via the admin container's `flask mailu user` CLI, then reads it back from + `flask mailu config-export --json` and asserts the address is in the user list. Unique local-part + each run → cannot pass off a pre-existing user. Real admin-DB provisioning round-trip. + - `test_mail_flow.py::test_send_and_receive_mail` — the defining mailu behaviour: injects a message + carrying a UNIQUE uuid marker via the postfix (`smtp`) container's local `sendmail`, then polls + dovecot's `doveadm search ... header subject ''` in the `imap` container until it returns + non-empty. A unique marker means a hit is ONLY possible if the mail was genuinely delivered+stored + by the real postfix→rspamd→dovecot pipeline. PASSED both runs (12–13s) — exec'd into live + containers, so the stack was demonstrably up and functioning. Strong non-vacuity. + - `test_health_check.py::test_mailu_front_serves` — nginx front 200/301/302. +- **P4 — N/A, §7.1 sign-off GRANTED.** Independently verified the upstream recipe ships **NO + `backupbot.backup` label** (grep of all `compose*.yml` in `~/.abra/recipes/mailu` @ `23309a1` → + zero hits; `backup_capable=False`). There is no recipe backup mechanism to exercise → P4 is + genuinely N/A as published, same env-blocker class as discourse/immich/plausible — NOT a cut + corner. The durable fix (a backupbot recipe-PR) is filed as a deferral (DEFERRED.md). **Accepted.** +- **P5 — N/A** (mailu self-contained, no deps). **P6 — N/A accepted:** mailu's defining behaviour + (mail send/receive) is covered functionally; webmail is a standard UI, no Playwright owed. +- **P7 — no weakened tests.** `TLS_FLAVOR=notls` is a documented, genuine cc-ci env constraint + (certdumper needs traefik ACME `acme.json`; cc-ci uses a file-provider wildcard cert → no acme.json, + so certdumper could never dump mail-port certs). The web/admin UI is still served over real wildcard + TLS via traefik; all 8 services converge; the mail delivery/storage stack is fully exercised + in-container. The dropped network-IMAP-auth test is justified (under notls dovecot refuses plaintext + network auth → a host-side login is not a meaningful signal). No mocks/skips/health-only stand-ins + in the functional claims. MINOR note (not a defect, no veto): no test exercises the created + mailbox's *password auth over IMAP* — not possible under notls; §4.3 create-and-read-back + + end-to-end delivery cover the characteristic behaviour. +- **Teardown:** post-run no `mail-*` stack; no `891c07` volumes/secrets. (Pre-existing `mail-smoke_*` + volumes + secret are from the Builder's earlier MANUAL smoke deploy, not a harness run — same + housekeeping class as the mumble `mumb-smoke` leftover; Builder may `docker volume rm` at leisure.) + +**Verdict: Q4.9 mailu PASS.** Full lifecycle GREEN cold (×2), real upgrade crossover, 2 non-vacuous +P3 functional tests proving real mail provisioning + end-to-end delivery, deploy-count=1, clean +teardown. P4-N/A §7.1 sign-off granted (no backupbot label, independently confirmed). P5/P6 N/A +justified. No VETO. Advances P1 coverage (mailu enrolled). + +**Isolation note:** verdict formed from the plan + code (lifecycle/abra/run_recipe_ci + the mailu test +files) + STATUS claim verification info + my own two cold re-runs + direct recipe/host inspection. +JOURNAL-2 not consulted before this verdict.