status(1e): HC1 PASS; E3/HC4 CLAIMED — no-regression rationale + docs done
All checks were successful
continuous-integration/drone Build is passing
All checks were successful
continuous-integration/drone Build is passing
HC1 ✓ HC2 ✓ HC3 ✓ all Adversary cold-verified. F1e-2 (pre-existing 1d concurrent fetch race) not a 1e regression; tracked separately. Awaiting Adversary HC4 verdict → ## DONE. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@ -12,7 +12,7 @@ Phase-namespaced backlog. Builder edits `## Build backlog`; Adversary edits `##
|
||||
optional `tests/<recipe>/ops.py`. Migrate generic + overlays to assertion-only. Keep count==1.
|
||||
- [x] **E2 / HC1** — upgrade to PR head via `abra app deploy --chaos`: deploy prev, re-checkout PR
|
||||
head, chaos redeploy in place; adapt moved-assertion (chaos label proof); reconcile deploy-count.
|
||||
- [ ] **E3 / HC4** — docs (docs/testing.md, enroll-recipe.md) + DECISIONS; claim gates; await Adversary
|
||||
- [x] **E3 / HC4** — docs (docs/testing.md, enroll-recipe.md) + DECISIONS; claim gates; await Adversary
|
||||
cold-verify of HC1–HC4; flip STATUS-1e → ## DONE on full PASS.
|
||||
|
||||
## Adversary findings
|
||||
|
||||
@ -141,3 +141,16 @@ Next: confirm opt-out result, claim E1/HC3 gate, then E2 (HC1 chaos-to-PR-head).
|
||||
piled up (saw 14 stuck loops). pkill'd them and switched to log-grep polling
|
||||
(`for i; do grep -q "RUN SUMMARY" log && break; sleep 5; done`) which is self-match-free. Won't
|
||||
repeat the pgrep -f anti-pattern.
|
||||
|
||||
## 2026-05-28 — E2/HC1 Adversary PASS; E3/HC4 CLAIMED (no-regression rationale)
|
||||
- Adversary PASS on HC1 (REVIEW-1e): own custom-html cold-verify showed
|
||||
`head_ref=8a026066 == chaos-version=8a026066`, version 1.10.0→1.11.0, deploy-count=1, additive
|
||||
generic+overlay both ran post-op, clean teardown. Plus an adversarial monkey-patch probe that
|
||||
swapped chaos-version against a fake head_ref proved `assert_upgraded` fails loudly — strictly
|
||||
non-vacuous. No new finding. **HC1 ✓ HC2 ✓ HC3 ✓.**
|
||||
- Claimed E3/HC4 with no-regression rationale: deploy-once + clean teardown exercised in every HC1
|
||||
and HC3 Adversary run (deploy-count=1, no leftover); no assertion weakened (verified at HC3 PASS);
|
||||
bridge/Drone/`!testme` trigger path unchanged from 1d (DG6 PASS holds); intentional behaviour
|
||||
evolutions documented in DECISIONS. F1e-2 (concurrent recipe-fetch race) is pre-existing in 1d
|
||||
(Adversary's own framing: "not blocking E1"; Drone MAX_TESTS=1 bounds practical impact) — not a 1e
|
||||
regression, tracked for future. Awaiting Adversary cold-verify of HC4 to write ## DONE.
|
||||
|
||||
@ -17,15 +17,25 @@ Three corrections, each Adversary cold-verified, no test weakened:
|
||||
- **HC4** — Adversary cold re-verifies no regression (D1–D10/DG1–DG8) + the three new behaviors.
|
||||
|
||||
## Definition of Done (Phase 1e) — HC1–HC4, each Adversary cold-verified in REVIEW-1e
|
||||
- [ ] **HC1** — PR-head upgrade proven to deploy PR-head; deploy-count guard reconciled (==1).
|
||||
Builder CLAIM @2026-05-28 (commit 7472561): hedgedoc `head_ref=09bf4d54 == chaos-version=09bf4d54`,
|
||||
version 3.0.9→3.0.10, deploy-count=1, clean. Awaiting Adversary cold-verify.
|
||||
- [x] **HC1** — PR-head upgrade proven to deploy PR-head; deploy-count guard reconciled (==1).
|
||||
Adversary PASS @2026-05-28 (commit 7472561): own custom-html cold-verify
|
||||
`head_ref=8a026066 == chaos-version=8a026066`, version 1.10.0→1.11.0, deploy-count=1, additive
|
||||
generic+overlay both ran post-op, clean teardown; plus an adversarial monkey-patch probe proved
|
||||
`assert_upgraded` fails loudly on a wrong PR-head — strictly non-vacuous.
|
||||
- [x] **HC2** — repo-local ignored for a non-approved recipe, run for an approved one.
|
||||
Adversary PASS @2026-05-28 (hostile-code probe, no finding; commit c7ae296).
|
||||
- [x] **HC3** — generic runs alongside an overlay by default; skipped only with the opt-out set.
|
||||
Adversary PASS @2026-05-28 (re-claim commit e75ec1b; F1e-1 fix commit 6eabfdc; opt-out + default
|
||||
cold-verified, deploy-count=1, no assertion weakened).
|
||||
- [ ] **HC4** — no regression cold-verified; deploy-once + teardown still sacred.
|
||||
Builder CLAIM @2026-05-28: deploy-once + teardown explicitly preserved/exercised by EVERY HC1
|
||||
and HC3 Adversary run (deploy-count=1 + clean teardown in both Adversary's and Builder's e2e);
|
||||
no assertion weakened (preserved in code + Adversary-verified per HC3 PASS); bridge/Drone/
|
||||
orchestrator-trigger path UNCHANGED from Phase 1d (DG6 PASS still holds); D1–D10 / DG1–DG8
|
||||
either preserved verbatim or intentionally evolved per the three HC corrections (HC2 default-
|
||||
denies repo-local execution per DECISIONS — documented behaviour change, not regression; HC3
|
||||
makes layering additive, HC1 makes upgrade chaos-to-PR-head — both per DECISIONS). Awaiting
|
||||
Adversary cold-verify (likely a `!testme` on a real PR + the secret-leak grep).
|
||||
|
||||
## Milestones (plan §3)
|
||||
- **E0** — HC2 trust gate (allowlist, default-deny). *Accept: repo-local ignored unless approved.*
|
||||
@ -34,12 +44,25 @@ Three corrections, each Adversary cold-verified, no test weakened:
|
||||
- **E3** — HC4 cold re-verification + docs → DONE.
|
||||
|
||||
## In flight
|
||||
E3 (HC4) — docs (DONE: docs/testing.md + docs/enroll-recipe.md updated for HC1/HC2/HC3 +
|
||||
ops.py/allowlist/opt-out/chaos-PR-head); DECISIONS settled at phase start; awaiting Adversary
|
||||
cold-verify of HC1–HC4 to flip STATUS-1e → ## DONE.
|
||||
(none) — E3 docs done in 7472561; gates HC1/HC2/HC3 all Adversary-PASS; HC4 CLAIMED. Awaiting
|
||||
Adversary cold-verify of HC4 → on PASS the Builder writes `## DONE`.
|
||||
|
||||
## Gate
|
||||
**Gate: E2/HC1 — CLAIMED, awaiting Adversary @2026-05-28 (commit 7472561).** The upgrade tier now
|
||||
**Gate: E3/HC4 — CLAIMED, awaiting Adversary @2026-05-28.** All three HC corrections are
|
||||
Adversary-PASS; no regression introduced (rationale per HC4 line in Definition-of-Done above):
|
||||
deploy-once + clean teardown demonstrated in every HC1 and HC3 cold run (deploy-count=1; no leftover
|
||||
stack/volume); no assertion weakened (already verified per HC3 PASS — overlays migrated to
|
||||
assertion-only, all data-survival/return checks kept); the comment-bridge / Drone / `!testme` trigger
|
||||
path is unchanged from Phase 1d (DG6 still holds); intentional behaviour evolutions are documented in
|
||||
DECISIONS (HC2 default-denies repo-local, HC3 makes layering additive, HC1 upgrades to PR-head via
|
||||
chaos). **F1e-2** (concurrent same-recipe `fetch_recipe` race) is pre-existing in Phase 1d, filed by
|
||||
the Adversary for HC4 visibility but explicitly "not blocking E1" (Drone caps `MAX_TESTS=1`); not a
|
||||
1e regression — tracked for a future phase (per plan §1 HC4 scope: "no test weakened, deploy-once
|
||||
still holds, teardown sacred, three new behaviors demonstrated" — all met).
|
||||
|
||||
**Gate: E2/HC1 — Adversary PASS @2026-05-28** (commit 7472561; own custom-html cold-verify
|
||||
`head_ref==chaos-version`, deploy-count=1, additive, clean; monkey-patch probe confirmed
|
||||
non-vacuous). The upgrade tier now
|
||||
upgrades to the PR-HEAD code under test via `abra app deploy --chaos`, not a published tag. After
|
||||
`fetch_recipe` the orchestrator captures `head_ref` (preferring `$REF` — the PR head sha; falls back
|
||||
to the recipe checkout HEAD for non-PR `!testme`). On the upgrade tier: re-checkout the recipe to
|
||||
|
||||
Reference in New Issue
Block a user