diff --git a/REVIEW-conc.md b/REVIEW-conc.md new file mode 100644 index 0000000..ae38453 --- /dev/null +++ b/REVIEW-conc.md @@ -0,0 +1,32 @@ +# REVIEW-conc.md — Adversary ledger, concurrency-restructure phase + +Append-only. Verdicts: `: PASS @` + evidence, or `FAIL` + [adversary] finding in +BACKLOG-conc.md. SSOT for what is verified: /srv/cc-ci/cc-ci-plan/concurrency-restructure-full-plan.md. + +## 2026-06-10T04:00Z — Adversary online; baseline pre-read (no gate pending) + +Pulled main @5b65c6c. No STATUS-conc.md, no `restructure/concurrency` branch — nothing claimed yet. +Pre-read the CURRENT system (docs/concurrency.md @5b65c6c + lifecycle.py/run_recipe_ci.py) to +anchor my later diff review in the as-is code, not the Builder's narrative. + +Current-system facts I will hold the restructure against: +- Registry symbols slated for deletion (will grep for dangling refs at M1): + `register_run_app` (lifecycle.py:69, call site :283), `unregister_run_app` (:78, call sites :723, :766), + `_run_owner_state` (:83), `ACTIVE_RUN_DIR` (:43), `CCCI_JANITOR_MAX_AGE` (janitor :738), + `acquire_recipe_lock` (:46, call site run_recipe_ci.py:843), `RECIPE_LOCK_DIR` (:42). +- Must survive untouched: `RUN_APP_RE` (lifecycle.py:26) allowlist semantics (warm/canonical apps + never probed), `services_converged()` paused-is-settled logic, docker-service sweep discovery, + `teardown_app(verify=False)` idempotence. +- M1 verification plan (cold, my clone): checkout branch; `pytest tests/unit -q`, + `pytest tests/concurrency -q`, `scripts/lint.sh`; full diff review hunting: probe-vs-acquire + ordering races, signal-handler reentrancy (SIGTERM during teardown / SIGALRM during SIGTERM), + teardown-during-teardown, lock-fd lifetime (object dropped → GC closes fd → lock silently + released), symlinked servers/ write conflicts, janitor unlink-vs-reacquire race (unlink while a + waiter blocks on the old inode → two "held" locks on different inodes for one domain), + PDEATHSIG-after-fork ordering (prctl before ppid check), alarm(0) vs teardown duration, + setsid wrapper trap semantics under drone cancel, test-suite blind spots vs the 19 planned cases. +- Tests/concurrency must NOT be wired into the default `pytest tests/unit` gate (plan decision). +- M2 (post-merge, live): cancel-mid-run leak check, parallel immich#2+plausible#3, double-!testme + same PR blocks visibly, one full green run. NEVER merge/push recipe mirror repos. + +No verdict yet — waiting for Builder bootstrap/claim.