From 71399f65d1f2a5b58e859c41b73e2a7833ee3412 Mon Sep 17 00:00:00 2001
From: autonomic-bot <autonomic-bot@git.autonomic.zone>
Date: Wed, 17 Jun 2026 01:40:19 +0000
Subject: [PATCH] =?UTF-8?q?claim(prevb):=20M2=20=E2=80=94=20discourse=20PR?=
 =?UTF-8?q?#4=20!testme=20GREEN=20in=20real=20CI=20(Drone=20717,=20all=205?=
 =?UTF-8?q?=20tiers,=20head=3Dofficial=203.5.3);=203=20spot-checks=20green?=
 =?UTF-8?q?=20under=20dynamic=20base?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 machine-docs/BACKLOG-prevb.md |  9 ++++---
 machine-docs/JOURNAL-prevb.md | 17 +++++++++++++
 machine-docs/STATUS-prevb.md  | 47 ++++++++++++++++++++++++++++++++---
 3 files changed, 65 insertions(+), 8 deletions(-)

diff --git a/machine-docs/BACKLOG-prevb.md b/machine-docs/BACKLOG-prevb.md
index 2adbb4d..93269a6 100644
--- a/machine-docs/BACKLOG-prevb.md
+++ b/machine-docs/BACKLOG-prevb.md
@@ -23,10 +23,11 @@ SSOT: `/srv/cc-ci/cc-ci-plan/plan-phase-prevb-previous-dynamic-base.md`.
       (head = official discourse/discourse:3.5.3, sidekiq dropped, migration exercised). Custom green via
       the image-agnostic mint_admin fix (b66abc4). Clean teardown. Found+fixed under prevb: mint_admin
       hardcoded bitnamilegacy path (broke once the head genuinely ran official — the prevb consequence).
-- [~] B8. Spot-check ≥3 upgrade-tier recipes under dynamic base. cryptpad #5 GREEN, keycloak #3 GREEN
-      (both local, main-tip). Running hedgedoc #1 as the 3rd. (warm-canonical e2e N/A — none exist;
-      last-green path unit-tested.) Reconcile levels/records.
-- [ ] B9. CLAIM M2 → `## DONE` after fresh Adversary PASS on M1+M2.
+- [x] B8. Spot-check 3 upgrade-tier recipes GREEN under dynamic base (all main-tip kind=ref, no regression):
+      cryptpad #5 (data-continuity), keycloak #3 (origin/master fallback + realm-continuity, SSO/DEPS),
+      hedgedoc #1 (simple). + discourse PR#4 real CI = 4 recipes. (warm-canonical last-green e2e N/A — none
+      exist on host; that path is unit-tested.) Records reconciled: 717 artifacts durable, PR#4 "✅ passed".
+- [x] B9. CLAIM M2 (clean tree + STATUS WHAT/HOW/EXPECTED/WHERE) — awaiting Adversary, then `## DONE`.
 
 ## Adversary findings
 (Adversary-owned section — Builder does not edit below.)
diff --git a/machine-docs/JOURNAL-prevb.md b/machine-docs/JOURNAL-prevb.md
index a17236c..fe891f8 100644
--- a/machine-docs/JOURNAL-prevb.md
+++ b/machine-docs/JOURNAL-prevb.md
@@ -132,3 +132,20 @@ test_head_runs_official_image_not_bitnamilegacy + test_sidekiq_service_dropped_b
 teardown (no discourse stacks). This is the M2 headline: the migration is REALLY tested in real CI.
 
 Launching hedgedoc #1 as the 3rd spot-check (cryptpad #5 + keycloak #3 already green). Then reconcile + claim M2.
+
+## 2026-06-17T01:40Z — hedgedoc spot-check green; CLAIMING M2
+
+hedgedoc #1 (3rd spot-check): kind=ref main-tip 09bf4d54; install:pass upgrade:pass; clean teardown.
+3 spot-checks now green under dynamic base (cryptpad/keycloak/hedgedoc), all main-tip — no regression.
+
+discourse 717 results.json level=4/5. The 5th level is capped by the discourse *recipe* lint rung (R011)
+— a rung not a gate, and a recipe-level nit on the PR head (not cc-ci/prevb). The run is GREEN (bridge
+"✅ passed", all 5 functional tiers junit 0-fail). Not fixing the recipe's R011 here (recipe defect → not
+our test to weaken; out of prevb scope).
+
+Records reconciliation: 717's artifacts (results.json/junit/badge/summary/screenshot) are durable at
+/var/lib/cc-ci-runs/717/ (host-shared, Adversary-readable); the bridge mirrored the outcome to PR#4.
+No warm canonicals to reconcile (none exist). Pre-existing warm-keycloak orphan left untouched (not prevb).
+
+Claiming M2. Adversary cold-verifies (re-read 717 junit / re-trigger !testme / re-run a spot-check); then
+I write ## DONE once REVIEW-prevb shows fresh M1+M2 PASS with no VETO.
diff --git a/machine-docs/STATUS-prevb.md b/machine-docs/STATUS-prevb.md
index 4e17800..76abb84 100644
--- a/machine-docs/STATUS-prevb.md
+++ b/machine-docs/STATUS-prevb.md
@@ -7,10 +7,49 @@ State files: this + BACKLOG-prevb.md, REVIEW-prevb.md (Adversary), JOURNAL-prevb
 Started 2026-06-17. Gates: **M1** (implemented + green locally), **M2** (proven in real CI + spot-check).
 
 ## Now
-- **M1: PASS** @2026-06-17T01:03Z (REVIEW-prevb, dbc7a3b) — all 8 DoD items cold-verified incl. teeth
-  (broken head → upgrade RED), no VETO.
-- **In flight: M2** — B7 discourse PR#4 `!testme` GREEN in real CI (Drone) + spot-checks + reconcile.
-  (Local spot-checks already green under dynamic base: cryptpad #5, keycloak #3 — see JOURNAL.)
+- **M1: PASS** @2026-06-17T01:03Z (dbc7a3b), no VETO.
+- **Gate: M2 CLAIMED, awaiting Adversary** (claim commit below).
+
+## Gate: M2 — CLAIMED @2026-06-17T01:40Z (HEAD = this commit)
+
+**WHAT (DoD §4 M2):** discourse PR #4 `!testme` GREEN in real CI with evidence the head genuinely ran
+`discourse/discourse:3.5.3` (migration exercised); a representative spot-check (≥3 other upgrade-tier
+recipes) still green under dynamic base; levels/records reconciled. (M1 already PASS.)
+
+**WHERE / evidence (durable, host-shared — Adversary can cold-read):**
+- **discourse PR #4 real-CI run = Drone build 717** (triggered by my `!testme` comment 14597 → bridge
+  reply 717 → bridge final comment "🌻 cc-ci — discourse @ ae5a8180 ✅ **passed**"). Artifacts at
+  `/var/lib/cc-ci-runs/717/`: `results.json` (**level 4/5**), `junit/` (10 suites), badge/summary/screenshot.
+- Spot-check run logs (Builder clone): `/root/prevb-deploy/run-prevb-{cryptpad,keycloak,hedgedoc}.log`.
+- Code under test = cc-ci@main (Drone builds main; prevb code through HEAD).
+
+**HOW to verify (cold):**
+1. Re-read 717 junit cold: every suite `failures="0" errors="0"` —
+   `for f in /var/lib/cc-ci-runs/717/junit/*.xml; do grep -o 'failures="[0-9]*" errors="[0-9]*"' $f; done`
+   (10 suites: install / upgrade generic+cc-ci / backup generic+cc-ci / restore generic+cc-ci /
+   custom create_topic+health_check+site_basic).
+2. Head-image proof in `upgrade__cc-ci__test_upgrade.xml`: `test_head_runs_official_image_not_bitnamilegacy`
+   + `test_sidekiq_service_dropped_by_head` both present, no `<failure>`.
+3. (Optional, strongest) re-trigger: comment `!testme` on discourse PR #4 → a fresh Drone build → ✅ passed.
+4. Spot-check generality: from a clean clone, `RECIPE=cryptpad SRC=recipe-maintainers/cryptpad REF=<pr5 head> PR=5 STAGES=install,upgrade cc-ci-run runner/run_recipe_ci.py`
+   (and keycloak PR#3 base=master, hedgedoc PR#1) → each `upgrade base: kind=ref … main tip`, install:pass upgrade:pass, clean teardown.
+
+**EXPECTED:**
+- 717: all 10 junit suites 0-fail; `install/upgrade/backup/restore/custom` all pass; level 4/5
+  (the 5th level is capped by the discourse *recipe* `lint` rung R011 — a rung, NOT a gate, and a
+  recipe-level nit on the head, not a cc-ci/prevb failure; the run is GREEN and the bridge marked PR#4
+  "✅ passed"). Head app image = official `discourse/discourse:3.5.3` (not bitnamilegacy); no `sidekiq`.
+- Spot-checks: cryptpad #5 (kind=ref main-tip 36ee3451; `test_upgrade_preserves_data` pass),
+  keycloak #3 (kind=ref main-tip 12ac6db8 via origin/master fallback; `test_upgrade_preserves_realm` pass;
+  `prune-orphans` safe-skip when compose unresolvable), hedgedoc #1 (kind=ref main-tip 09bf4d54). All
+  install:pass upgrade:pass deploy-count=1, clean teardown.
+- **A NEW discourse custom-tier fix was required by prevb** (not a regression): once the head genuinely
+  runs the official image, `tests/discourse/custom/_discourse.py::mint_admin` (hardcoded the bitnamilegacy
+  path) had to become image-agnostic (b66abc4) — `/var/www/discourse` + DB-password re-export from the
+  secret. Verified green in 717's custom tier. No test weakened.
+
+**SCOPE (next phase, not M2):** full all-recipe regression = phase `regall`. Pre-existing host orphan
+`warm-keycloak` stack (a warm-* domain, not created by any PR run) predates prevb — left untouched.
 
 ## Gate: M1 — CLAIMED @2026-06-17T00:40Z (HEAD e1b32ea)