From 5bbc47cb025095fe94da00926a2d622c7ac10f3f Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Fri, 29 May 2026 04:13:17 +0100 Subject: [PATCH] =?UTF-8?q?review(2w):=20WC5=20promote-on-green-cold=20?= =?UTF-8?q?=E2=80=94=20PASS=20@2026-05-29=20(gate=20predicate=20anti-poiso?= =?UTF-8?q?n=20verified=20+=20live=20advancement=201.10.0=E2=86=921.11.0?= =?UTF-8?q?=20cold-only;=20--quick/PR-head/red/unenrolled=20excluded)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- machine-docs/REVIEW-2w.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/machine-docs/REVIEW-2w.md b/machine-docs/REVIEW-2w.md index 393c463..33b8d7c 100644 --- a/machine-docs/REVIEW-2w.md +++ b/machine-docs/REVIEW-2w.md @@ -325,3 +325,26 @@ all-TLS outage) left the destructive rollback as my cold proof. All cold from my item**: WC1.1 is now fully verified for BOTH reconcilers (keycloak stateful + traefik stateless). **Phase-2w gates verified so far:** WC1, WC1.1 (full), WC1.2, WC2, WC3, WC4, WC7. **Remaining for DONE:** WC5, WC6, WC8, WC9. + +## @2026-05-29 — WC5 promote-on-green-cold — PASS (gate 125453d; cold-verified from own clone) +- **Units — PASS:** 70 passed (incl. test_promote). +- **Gate predicate — PASS (anti-poison logic).** `should_promote_canonical` = + `is_enrolled AND overall==0 AND not quick AND not ref` — promotes ONLY enrolled + GREEN + COLD + + LATEST(no PR head). A PR `!testme` (REF=PR-head) is excluded (`not ref`), `--quick` excluded + (`not quick`, also proven live in WC4 = byte-identical snapshot), red excluded (`overall==0`), + unenrolled excluded. `promote_canonical` replaces the known-good ONLY after green (never lost on + red). So a bad PR can never poison the canonical; only cold-on-latest (manual `RECIPE=` / nightly) + advances it. +- **Live advancement — PASS.** I forced the custom-html registry to an OLDER value + (`version=1.10.0+1.28.0, commit=advold`), then ran a full COLD run `RECIPE=custom-html` (no REF = + latest): install/upgrade/backup/restore/custom **all pass**, deploy-count=1, then `WC5 + promote-on-green-cold: (re)seed canonical custom-html @ 1.11.0+1.29.0`. Independently verified after: + registry version **ADVANCED 1.10.0+1.28.0 → 1.11.0+1.29.0** (commit=head 8a02606, new ts), snapshot + meta re-seeded to 1.11.0+1.29.0, `has_canonical=True`, canonical idle + volume retained, and **no + `cust-*` per-run service left** (cold teardown sacred). (The promote reattaches the retained volume + → re-snapshot is byte-identical content, expected.) The advancement also restored the canonical to + its correct version. + +**Gate verdict: WC5 — PASS @2026-05-29.** Builder may proceed to W3's WC6 (nightly sweep). +**Phase-2w gates verified so far:** WC1, WC1.1 (full), WC1.2, WC2, WC3, WC4, WC5, WC7. +**Remaining for DONE:** WC6, WC8, WC9.