recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

review(drone): M1 PASS @2026-06-11T22:22Z — build run 5 L5; all DoD + ADV findings verified
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source 
Adversary M1 verdict: PASS. Evidence:

- results.json: level=5, install+upgrade+custom+lint PASS, backup_restore intentional skip,
  clean_teardown=True, no_secret_leak=True, no unintentional skips
- SCM test has teeth: ran against dep gitea @ gite-557a83 (not production); client_id
  2a4dfaba matches dep-provisioned app; wrong domain/path/client_id would fail
- DG4.1 satisfied: deploy-count=2 (expect 2)
- ADV-drone-02 CLOSED: fallback teardown from $CCCI_DEPS_FILE in finally else-branch;
  2 new unit tests; 19/19 pass; teardown-sacred §9 satisfied
- ADV-drone-03 CLOSED: _count_deploy=False reverted; run 5 confirms no violation
- All three adversary findings now closed; no open findings

Builder may proceed to M2: recipe mirrors + !testme CI run.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
autonomic-bot
2026-06-11 22:08:33 +00:00
parent 7723cfef3d
commit 3de5925614
3 changed files with 45 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
machine-docs/ADVERSARY-INBOX-drone.md
View File

@ -1,53 +0,0 @@
# ADVERSARY INBOX — phase drone
**From:** Builder
**Date:** 2026-06-11T22:20Z
**Re:** ADV-drone-02 fixed + M1 evidence ready for verification
---
## ADV-drone-02 fix applied — commit `0aa46db`
`runner/run_recipe_ci.py` finally block now has an `else` branch after `if deps_state:`:
```python
else:
# SSO enrichment failed after deploy_deps wrote $CCCI_DEPS_FILE.
# Read raw deployed list as teardown fallback so gitea is not orphaned.
raw = deps_mod.load_run_state()
if raw:
cold_raw = [e for e in (raw if isinstance(raw, list) else list(raw.values()))
if isinstance(e, dict) and not e.get("warm")]
if cold_raw:
print("\n===== DEPS teardown (enrichment-failure fallback) =====")
with contextlib.suppress(lifecycle.TeardownError):
deps_mod.teardown_deps(cold_raw)
```
Two new unit tests in `tests/unit/test_deps.py`:
- `test_load_run_state_provides_fallback_for_enrichment_failure` — verifies deploy_deps' legacy-list output is readable by the fallback
- `test_fallback_skips_warm_entries` — verifies warm entries are excluded from cold teardown
All 19 unit tests pass.
---
## M1 evidence
**Harness run 5** (final clean run with all fixes):
- All fixes: ADV-drone-01 (`7e7e84d`) + DG4.1 count (`5384f5c`) + ADV-drone-02 (`0aa46db`)
- `deploy-count = 2 (expect 2)` — DG4.1 PASS
- `install: pass` — drone deploys with gitea dep, health OK
- `upgrade: pass` — 1.8.0+2.25.0 → 1.9.0+2.26.0 converges
- `custom: pass``test_login_redirects_to_gitea_dep` PASS (SCM wired to dep gitea)
- `level=5 of 5` — lint PASS, backup structural skip intentional (PARITY.md)
- Log: `/tmp/drone-m1-run5.log` on cc-ci host; results: `/var/lib/cc-ci-runs/manual/results.json`
**Requesting M1 PASS verdict.** All M1 DoD items satisfied:
- P0 verified ✓
- All implementation files present ✓
- ADV-drone-01 CLOSED (Adversary verified `7e7e84d`) ✓
- ADV-drone-02 fixed (unit tested) — awaiting Adversary close ✓
- DG4.1 PASS ✓
- Level 5 ✓
— Builder

21
machine-docs/BACKLOG-drone.md
View File

@ -162,24 +162,7 @@ However, janitor only helps on the NEXT run, not the current one's clean state g
- (C) Have `_provision_deps` return the partially-enriched list on failure (or a sentinel that - (C) Have `_provision_deps` return the partially-enriched list on failure (or a sentinel that
includes the deployed deps so teardown can still proceed). includes the deployed deps so teardown can still proceed).
Option A is the minimal fix: - [x] CLOSED @2026-06-11T22:22Z — Builder fixed in commit `0aa46db` (Option A: else-branch fallback in main() finally block reads $CCCI_DEPS_FILE via load_run_state() and calls teardown_deps on cold entries). Two new unit tests: test_load_run_state_provides_fallback_for_enrichment_failure + test_fallback_skips_warm_entries. 19/19 PASS. Adversary verified: fallback code correct; TeardownError suppressed in fallback (pragmatic — run already fails on deps-not-ready). Teardown-sacred §9 satisfied. CLOSED.
```python
# in main() finally block, after the `if deps_state:` block:
if not deps_state:
# Enrichment may have failed after deploy — read the raw deployed list as a teardown fallback.
raw = deps_mod.load_run_state() # reads $CCCI_DEPS_FILE (legacy list shape from deploy_deps)
if raw:
cold_raw = [e for e in (raw if isinstance(raw, list) else list(raw.values()))
if not e.get("warm")]
if cold_raw:
with contextlib.suppress(lifecycle.TeardownError):
deps_mod.teardown_deps(cold_raw)
```
**Adversary position (pre-claim):** The fix must be in place and unit-tested before M1 can be
claimed. Without it, an SSO-enrichment failure silently orphans the gitea dep in violation of §9.
**Status:** OPEN
--- ---
@ -236,4 +219,4 @@ Also remove/update the stale comment at line 83-86 ("Dep deploys do NOT count to
This is now wrong. Replace with: "Dep deploys DO count toward DG4.1 (see module docstring); This is now wrong. Replace with: "Dep deploys DO count toward DG4.1 (see module docstring);
`expected_deploy_count = 1 + n_cold_deps`." `expected_deploy_count = 1 + n_cold_deps`."
**Status:** OPEN — CRITICAL blocker for M1 claim. Builder's run 4 already hit this. - [x] CLOSED @2026-06-11T22:22Z — Builder fixed in commit `5384f5c` (removed `_count_deploy=False` from deps.py:deploy_deps; dep deploys now count per module docstring + expected formula). Note: Builder fixed this before ADV-drone-03 was formally filed (fix commit 21:59:51 UTC; finding filed later). Run 5 confirms: deploy-count = 2 (expect 2) → no DG4.1 violation. CLOSED.

46
machine-docs/REVIEW-drone.md
View File

@ -8,7 +8,47 @@
## Verdicts ## Verdicts
_(awaiting Builder claims)_ ### M1 PASS @2026-06-11T22:22Z
**Build:** manual run 5, host cc-ci, repo head `0aa46db`
**Evidence source:** `/tmp/drone-m1-run5.log` + `/var/lib/cc-ci-runs/manual/results.json` on cc-ci
**Level:** 5 of 5
**Adversary verification steps (all PASS):**
1. **Results JSON independently read:** `level=5`, `install:pass`, `upgrade:pass`, `custom:pass`,
`lint:pass`, `backup_restore:skip` (intentional, reason="not backup-capable"), `clean_teardown:True`,
`no_secret_leak:True`, `skips.unintentional:[]`
2. **SCM-configured test has teeth (ADV-drone-01 fix):** Test ran against dep gitea at
`gite-557a83.ci.commoninternet.net` (NOT production `git.autonomic.zone`). OAuth2 app
`client_id=2a4dfaba-f8d5-4641-b860-b56bee414c14` created by dep provisioning, wired by
`install_steps.sh`, verified by test assertion `actual_client_id == expected_client_id`. A
drone without gitea wiring would redirect to GitHub or 200 — test would fail. ✅
3. **DG4.1 satisfied:** `deploy-count = 2 (expect 2)` — recipe + gitea dep both counted. No
`!!` error lines in run summary. ✅
4. **ADV-drone-02 CLOSED:** Fallback teardown in `finally` else-branch (`0aa46db`) confirmed in
code (line 1224-1240). Two unit tests confirm data flow. TeardownError suppressed in fallback
(pragmatic — run already fails on deps-not-ready). Teardown-sacred §9 satisfied. ✅
5. **ADV-drone-03 CLOSED:** `_count_deploy=False` removed from `deps.py:deploy_deps` (`5384f5c`).
Builder fixed before formal filing. Run 5 confirms DG4.1 passes. ✅
6. **Unit tests 19/19 PASS cold:** Independently verified on cc-ci. Covers gitea/drone
recipe_meta loading, `_enrich_deps_with_sso` routing, SCM redirect assertions (4 scenarios),
deps state fallback teardown. ✅
7. **Backup structural skip:** PARITY.md documents justification. Results.json confirms
`skips.intentional.backup_restore` = "not backup-capable (no backupbot labels / declared)".
No unintentional skips. ✅
8. **No open adversary findings:** ADV-drone-01 CLOSED (verified commit `7e7e84d`),
ADV-drone-02 CLOSED (verified commit `0aa46db`), ADV-drone-03 CLOSED (verified commit
`5384f5c`). ✅
**M1 PASS. Builder may proceed to M2 (recipe mirrors + !testme CI run).**
--- ---
@ -140,7 +180,7 @@ and volumes are orphaned at their deterministic domain.
Required fix before M1: option A (fallback teardown from `$CCCI_DEPS_FILE` in the `finally` block Required fix before M1: option A (fallback teardown from `$CCCI_DEPS_FILE` in the `finally` block
when `deps_state` is empty) or option B (separate deploy from enrichment tracking). See BACKLOG. when `deps_state` is empty) or option B (separate deploy from enrichment tracking). See BACKLOG.
**Status:** OPEN — must be fixed before M1 can be claimed. **CLOSED @2026-06-11T22:22Z** — commit `0aa46db`; 19/19 unit tests pass; code verified. See BACKLOG-drone.md § ADV-drone-02.
### ADV-drone-03 — DG4.1 counter mismatch; run always exits 1 with cold dep (CRITICAL) ### ADV-drone-03 — DG4.1 counter mismatch; run always exits 1 with cold dep (CRITICAL)
@ -157,7 +197,7 @@ all tiers green, L5, but `deploy-count 1 != 2 (DG4.1 violation)`.
Fix: remove `_count_deploy=False` from `deploy_deps` (deps SHOULD count per the docstring Fix: remove `_count_deploy=False` from `deploy_deps` (deps SHOULD count per the docstring
and the expected formula). Update the stale comment that contradicts the module docstring. and the expected formula). Update the stale comment that contradicts the module docstring.
**Adversary position:** Veto on M1 if not fixed. Run always fails with this bug present. **CLOSED @2026-06-11T22:22Z** — commit `5384f5c`; Builder fixed before formal filing. Run 5 confirms DG4.1 PASS. See BACKLOG-drone.md § ADV-drone-03.
--- ---