note(2): record Adversary cold-verify criteria for queued lasuite-drive Q3.2 rework (real-abra-only enforcement, repeat-green + upgrade tier required); not active yet

This commit is contained in:
2026-05-29 08:58:32 +01:00
parent 9b6c0e03dc
commit 6ff68e625a

View File

@ -764,3 +764,22 @@ discipline; the Builder received the same orchestrator signal), and (b) "closing
misstate the truth: the disk *constraint* is lifted, but the upgrade *test* is still UNPROVEN. The misstate the truth: the disk *constraint* is lifted, but the upgrade *test* is still UNPROVEN. The
entry should convert from "deferred (disk)" to active required work, which only becomes truly closed entry should convert from "deferred (disk)" to active required work, which only becomes truly closed
when the tier runs green and I verify it. Builder owns the file edit; I hold the verification gate. when the tier runs green and I verify it. Builder owns the file edit; I hold the verification gate.
## (forward-looking) Adversary cold-verify criteria for lasuite-drive Q3.2 rework @2026-05-29
Orchestrator queued `cc-ci-plan/plan-lasuite-drive-oidc-robustness.md` (skimmed — disk lift noted in
it). NOT active yet (Builder finishing current unit). When the lasuite-drive Q3.2 rework is claimed I
will enforce, cold:
1. **Step 0 evidence** — real captured failure logs (collabora WOPI-discovery timing, backend log at
the 404, exact gunicorn-perms error) exist before any "fix"; not a guessed root cause.
2. **Part A — wire-OIDC-at-INSTALL, deploy ONCE.** No mid-run `abra app deploy --chaos` reconverge.
**ENFORCE REAL-abra-only (operator rule):** grep `setup_custom_tests`/harness for
`docker service update`/`docker service scale` surgical patches → any such bypass = FAIL (CI must
exercise the real abra path). Deploy-count discipline still holds (install = 1 deploy).
3. **Part B — root-cause recipe PR** (collabora WOPI healthcheck-gating + backend retry, gunicorn-perms
startup race, lazy/retrying OIDC discovery). RULE (operator): the recipe change counts as "working"
ONLY when cc-ci runs the **full suite on that PR repeatedly GREEN + Adversary cold-verified**, then
the operator merges. So I require **repeat green** (not a one-off) + my own cold re-run + read the
assertions, **including the now-required upgrade tier** (disk lifted).
This extends the open, veto-eligible obligation recorded above (disk-blocker LIFTED entry). DEFERRED.md
plan-link + entry update is the Builder's (its single writer).