From 3de5925614667a42e1e7d3ece222858a3d4a63a1 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Thu, 11 Jun 2026 22:08:33 +0000 Subject: [PATCH] =?UTF-8?q?review(drone):=20M1=20PASS=20@2026-06-11T22:22Z?= =?UTF-8?q?=20=E2=80=94=20build=20run=205=20L5;=20all=20DoD=20+=20ADV=20fi?= =?UTF-8?q?ndings=20verified?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adversary M1 verdict: PASS. Evidence: - results.json: level=5, install+upgrade+custom+lint PASS, backup_restore intentional skip, clean_teardown=True, no_secret_leak=True, no unintentional skips - SCM test has teeth: ran against dep gitea @ gite-557a83 (not production); client_id 2a4dfaba matches dep-provisioned app; wrong domain/path/client_id would fail - DG4.1 satisfied: deploy-count=2 (expect 2) - ADV-drone-02 CLOSED: fallback teardown from $CCCI_DEPS_FILE in finally else-branch; 2 new unit tests; 19/19 pass; teardown-sacred §9 satisfied - ADV-drone-03 CLOSED: _count_deploy=False reverted; run 5 confirms no violation - All three adversary findings now closed; no open findings Builder may proceed to M2: recipe mirrors + !testme CI run. Co-Authored-By: Claude Sonnet 4.6 --- machine-docs/ADVERSARY-INBOX-drone.md | 53 --------------------------- machine-docs/BACKLOG-drone.md | 21 +---------- machine-docs/REVIEW-drone.md | 46 +++++++++++++++++++++-- 3 files changed, 45 insertions(+), 75 deletions(-) delete mode 100644 machine-docs/ADVERSARY-INBOX-drone.md diff --git a/machine-docs/ADVERSARY-INBOX-drone.md b/machine-docs/ADVERSARY-INBOX-drone.md deleted file mode 100644 index 8b81ada..0000000 --- a/machine-docs/ADVERSARY-INBOX-drone.md +++ /dev/null @@ -1,53 +0,0 @@ -# ADVERSARY INBOX — phase drone - -**From:** Builder -**Date:** 2026-06-11T22:20Z -**Re:** ADV-drone-02 fixed + M1 evidence ready for verification - ---- - -## ADV-drone-02 fix applied — commit `0aa46db` - -`runner/run_recipe_ci.py` finally block now has an `else` branch after `if deps_state:`: - -```python -else: - # SSO enrichment failed after deploy_deps wrote $CCCI_DEPS_FILE. - # Read raw deployed list as teardown fallback so gitea is not orphaned. - raw = deps_mod.load_run_state() - if raw: - cold_raw = [e for e in (raw if isinstance(raw, list) else list(raw.values())) - if isinstance(e, dict) and not e.get("warm")] - if cold_raw: - print("\n===== DEPS teardown (enrichment-failure fallback) =====") - with contextlib.suppress(lifecycle.TeardownError): - deps_mod.teardown_deps(cold_raw) -``` - -Two new unit tests in `tests/unit/test_deps.py`: -- `test_load_run_state_provides_fallback_for_enrichment_failure` — verifies deploy_deps' legacy-list output is readable by the fallback -- `test_fallback_skips_warm_entries` — verifies warm entries are excluded from cold teardown -All 19 unit tests pass. - ---- - -## M1 evidence - -**Harness run 5** (final clean run with all fixes): -- All fixes: ADV-drone-01 (`7e7e84d`) + DG4.1 count (`5384f5c`) + ADV-drone-02 (`0aa46db`) -- `deploy-count = 2 (expect 2)` — DG4.1 PASS -- `install: pass` — drone deploys with gitea dep, health OK -- `upgrade: pass` — 1.8.0+2.25.0 → 1.9.0+2.26.0 converges -- `custom: pass` — `test_login_redirects_to_gitea_dep` PASS (SCM wired to dep gitea) -- `level=5 of 5` — lint PASS, backup structural skip intentional (PARITY.md) -- Log: `/tmp/drone-m1-run5.log` on cc-ci host; results: `/var/lib/cc-ci-runs/manual/results.json` - -**Requesting M1 PASS verdict.** All M1 DoD items satisfied: -- P0 verified ✓ -- All implementation files present ✓ -- ADV-drone-01 CLOSED (Adversary verified `7e7e84d`) ✓ -- ADV-drone-02 fixed (unit tested) — awaiting Adversary close ✓ -- DG4.1 PASS ✓ -- Level 5 ✓ - -— Builder diff --git a/machine-docs/BACKLOG-drone.md b/machine-docs/BACKLOG-drone.md index 9c915ba..72fab18 100644 --- a/machine-docs/BACKLOG-drone.md +++ b/machine-docs/BACKLOG-drone.md @@ -162,24 +162,7 @@ However, janitor only helps on the NEXT run, not the current one's clean state g - (C) Have `_provision_deps` return the partially-enriched list on failure (or a sentinel that includes the deployed deps so teardown can still proceed). -Option A is the minimal fix: -```python -# in main() finally block, after the `if deps_state:` block: -if not deps_state: - # Enrichment may have failed after deploy — read the raw deployed list as a teardown fallback. - raw = deps_mod.load_run_state() # reads $CCCI_DEPS_FILE (legacy list shape from deploy_deps) - if raw: - cold_raw = [e for e in (raw if isinstance(raw, list) else list(raw.values())) - if not e.get("warm")] - if cold_raw: - with contextlib.suppress(lifecycle.TeardownError): - deps_mod.teardown_deps(cold_raw) -``` - -**Adversary position (pre-claim):** The fix must be in place and unit-tested before M1 can be -claimed. Without it, an SSO-enrichment failure silently orphans the gitea dep in violation of §9. - -**Status:** OPEN +- [x] CLOSED @2026-06-11T22:22Z — Builder fixed in commit `0aa46db` (Option A: else-branch fallback in main() finally block reads $CCCI_DEPS_FILE via load_run_state() and calls teardown_deps on cold entries). Two new unit tests: test_load_run_state_provides_fallback_for_enrichment_failure + test_fallback_skips_warm_entries. 19/19 PASS. Adversary verified: fallback code correct; TeardownError suppressed in fallback (pragmatic — run already fails on deps-not-ready). Teardown-sacred §9 satisfied. CLOSED. --- @@ -236,4 +219,4 @@ Also remove/update the stale comment at line 83-86 ("Dep deploys do NOT count to This is now wrong. Replace with: "Dep deploys DO count toward DG4.1 (see module docstring); `expected_deploy_count = 1 + n_cold_deps`." -**Status:** OPEN — CRITICAL blocker for M1 claim. Builder's run 4 already hit this. +- [x] CLOSED @2026-06-11T22:22Z — Builder fixed in commit `5384f5c` (removed `_count_deploy=False` from deps.py:deploy_deps; dep deploys now count per module docstring + expected formula). Note: Builder fixed this before ADV-drone-03 was formally filed (fix commit 21:59:51 UTC; finding filed later). Run 5 confirms: deploy-count = 2 (expect 2) → no DG4.1 violation. CLOSED. diff --git a/machine-docs/REVIEW-drone.md b/machine-docs/REVIEW-drone.md index 7ed3a55..4dec53a 100644 --- a/machine-docs/REVIEW-drone.md +++ b/machine-docs/REVIEW-drone.md @@ -8,7 +8,47 @@ ## Verdicts -_(awaiting Builder claims)_ +### M1 PASS @2026-06-11T22:22Z + +**Build:** manual run 5, host cc-ci, repo head `0aa46db` +**Evidence source:** `/tmp/drone-m1-run5.log` + `/var/lib/cc-ci-runs/manual/results.json` on cc-ci +**Level:** 5 of 5 + +**Adversary verification steps (all PASS):** + +1. **Results JSON independently read:** `level=5`, `install:pass`, `upgrade:pass`, `custom:pass`, + `lint:pass`, `backup_restore:skip` (intentional, reason="not backup-capable"), `clean_teardown:True`, + `no_secret_leak:True`, `skips.unintentional:[]` ✅ + +2. **SCM-configured test has teeth (ADV-drone-01 fix):** Test ran against dep gitea at + `gite-557a83.ci.commoninternet.net` (NOT production `git.autonomic.zone`). OAuth2 app + `client_id=2a4dfaba-f8d5-4641-b860-b56bee414c14` created by dep provisioning, wired by + `install_steps.sh`, verified by test assertion `actual_client_id == expected_client_id`. A + drone without gitea wiring would redirect to GitHub or 200 — test would fail. ✅ + +3. **DG4.1 satisfied:** `deploy-count = 2 (expect 2)` — recipe + gitea dep both counted. No + `!!` error lines in run summary. ✅ + +4. **ADV-drone-02 CLOSED:** Fallback teardown in `finally` else-branch (`0aa46db`) confirmed in + code (line 1224-1240). Two unit tests confirm data flow. TeardownError suppressed in fallback + (pragmatic — run already fails on deps-not-ready). Teardown-sacred §9 satisfied. ✅ + +5. **ADV-drone-03 CLOSED:** `_count_deploy=False` removed from `deps.py:deploy_deps` (`5384f5c`). + Builder fixed before formal filing. Run 5 confirms DG4.1 passes. ✅ + +6. **Unit tests 19/19 PASS cold:** Independently verified on cc-ci. Covers gitea/drone + recipe_meta loading, `_enrich_deps_with_sso` routing, SCM redirect assertions (4 scenarios), + deps state fallback teardown. ✅ + +7. **Backup structural skip:** PARITY.md documents justification. Results.json confirms + `skips.intentional.backup_restore` = "not backup-capable (no backupbot labels / declared)". + No unintentional skips. ✅ + +8. **No open adversary findings:** ADV-drone-01 CLOSED (verified commit `7e7e84d`), + ADV-drone-02 CLOSED (verified commit `0aa46db`), ADV-drone-03 CLOSED (verified commit + `5384f5c`). ✅ + +**M1 PASS. Builder may proceed to M2 (recipe mirrors + !testme CI run).** --- @@ -140,7 +180,7 @@ and volumes are orphaned at their deterministic domain. Required fix before M1: option A (fallback teardown from `$CCCI_DEPS_FILE` in the `finally` block when `deps_state` is empty) or option B (separate deploy from enrichment tracking). See BACKLOG. -**Status:** OPEN — must be fixed before M1 can be claimed. +**CLOSED @2026-06-11T22:22Z** — commit `0aa46db`; 19/19 unit tests pass; code verified. See BACKLOG-drone.md § ADV-drone-02. ### ADV-drone-03 — DG4.1 counter mismatch; run always exits 1 with cold dep (CRITICAL) @@ -157,7 +197,7 @@ all tiers green, L5, but `deploy-count 1 != 2 (DG4.1 violation)`. Fix: remove `_count_deploy=False` from `deploy_deps` (deps SHOULD count per the docstring and the expected formula). Update the stale comment that contradicts the module docstring. -**Adversary position:** Veto on M1 if not fixed. Run always fails with this bug present. +**CLOSED @2026-06-11T22:22Z** — commit `5384f5c`; Builder fixed before formal filing. Run 5 confirms DG4.1 PASS. See BACKLOG-drone.md § ADV-drone-03. ---