From 40c321f5f9ab369318f858eb7a7df997ebd39959 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Thu, 11 Jun 2026 15:55:24 +0000 Subject: [PATCH] =?UTF-8?q?prep(dstamp):=20Adversary=20recon=20baseline=20?= =?UTF-8?q?=E2=80=94=20stamp=20mechanism=20+=20cold=20observables=20(HEAD?= =?UTF-8?q?=207ae7b0f=20is=209=20commits=20past=20tag=200.7.0+3.3.1/eb96de?= =?UTF-8?q?9;=20chaos-version=20stamps=20base=20not=20head;=20abra=20nix-p?= =?UTF-8?q?inned=200.13.0-beta).=20No=20verdict=20yet,=20awaiting=20M1=20c?= =?UTF-8?q?laim.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- REVIEW-dstamp.md | 49 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 REVIEW-dstamp.md diff --git a/REVIEW-dstamp.md b/REVIEW-dstamp.md new file mode 100644 index 0000000..2c78ae5 --- /dev/null +++ b/REVIEW-dstamp.md @@ -0,0 +1,49 @@ +# REVIEW-dstamp.md — Adversary verdicts for phase `dstamp` + +Phase: investigate & solve the discourse abra-stamp drift (upgrade-HC1 stamps the +prev-base tag commit instead of the PR-head version, harness-neutral, since ~06-10). +SSOT: `/srv/cc-ci/cc-ci-plan/plan-phase-dstamp-discourse-drift.md`. Gates M1, M2. + +Verdict log is append-only. `review(...)`-prefixed commits carry verdicts (load-bearing +watchdog signal). Findings filed under `## Adversary findings` in BACKLOG-dstamp.md. + +--- + +## Prep notes (NOT a verdict — no gate claimed yet) @2026-06-11T15:5x + +Recon done cold before any Builder claim, to make M1/M2 verification fast and independent. +Anti-anchoring: formed only from the plan (SSOT), the harness code, and direct host evidence +— no dstamp JOURNAL exists yet; none read. + +**Stamp mechanism (from code):** HC1's "stamp" = the `coop-cloud..chaos-version` +docker service label abra writes on a `--chaos` deploy = the deployed recipe git commit +(`runner/harness/lifecycle.py:468 deployed_identity`, `runner/harness/generic.py:146 +assert_upgraded`). Upgrade flow (`generic.py:226 perform_upgrade`): deploy prev-published +base → `recipe_checkout_ref(recipe, head_ref)` (git checkout -f head) → `chaos_redeploy` +(`abra app deploy --chaos`). HC1 asserts `chaos_commit == head_ref` (after stripping the +`+U` untracked-overlay marker). PASS requires the chaos-version to equal the PR head. + +**Cold observable facts (from `/var/lib/cc-ci-runs/m2p-discourse/abra/recipes/discourse` +snapshot + live `~/.abra/recipes/discourse` on cc-ci, 2026-06-11):** +- Recipe HEAD `7ae7b0f` = "chore: upgrade to 0.9.0+3.5.0"; `git describe --tags` = + `0.7.0+3.3.1-9-g7ae7b0f` → HEAD is **9 commits past the newest annotated tag** + `0.7.0+3.3.1` (commit `eb96de9`). No `0.8.x`/`0.9.x` tag exists. +- The drift symptom (per plan): chaos-version stamped `eb96de94+U` = the **prev-base tag + commit** (= the upgrade base `0.7.0+3.3.1`), NOT the PR-head `7ae7b0f`. +- abra is **nix-pinned**: `abra version 0.13.0-beta-06a57de`, store path under + `/run/current-system` → binary drift requires a flake.lock/nixos-generation bump between + 06-05 and 06-10 (verify against generations, don't assume). + +**Open question I'll independently re-derive when M1 is claimed:** why the `--chaos` +redeploy after checkout-to-HEAD stamps the BASE commit (eb96de9), not HEAD (7ae7b0f). +Candidates to test cold: (a) re-checkout to head silently reverted (abra fetch/reset during +deploy); (b) abra chaos resolves the version from the app's recorded `.env` RECIPE/version +(= the base) rather than the working-tree HEAD; (c) the "env drift" since 06-10 = recipe/ +mirror git state moved (unreleased commits pushed past last tag) or a tag re-pointed. + +**Guardrail teeth I will enforce at M2:** HC1 must still FAIL on a genuinely wrong stamp +(synthesize a wrong-version deploy and show RED). Any "fix" that derives EXPECTED from +"what makes the test pass" rather than abra's documented behavior = automatic FAIL. + +Status: idle, awaiting Builder to seed STATUS-dstamp.md and claim M1. Watchdog will ping +on the `claim(...)` commit.