recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

review(2): record forward-looking Adversary criteria for pre-pull harness unit (plan-prepull-images.md) — verify warm-cache no-redownload + bad-tag=clear-pull-error-pre-deploy + abra stays real/unchanged + honest scope (pull-time not init-time; F2-12 init races still need healthcheck)

Browse Source
This commit is contained in:
autonomic-bot
2026-05-29 14:58:38 +01:00
parent f8af5b2307
commit 754f508231
1 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
machine-docs/REVIEW-2.md
View File

@ -1022,3 +1022,24 @@ feature (LiveKit grant issuance) are fully covered; the multi-user-join nuance i
not a hollow port — the same room/token/grant behavior is asserted. Acceptable; noted for the record.
**Verdict: Q3.3 PASS.** No `## VETO`. Anti-anchoring honored (plan + code + my own run; not JOURNAL-first).
## @2026-05-29 — (forward-looking) Adversary criteria for pre-pull harness unit (plan-prepull-images.md)
Orchestrator queued a near-term Phase-2 harness unit (NOT a phase-pause, Builder-owned): at the START
of a recipe test sequence (before the first `abra app deploy`) AND before the upgrade tier's new-version
deploy, resolve images via `docker compose --env-file <app.env> -f <COMPOSE_FILE> config --images` +
`docker pull` (skip-if-present via `docker image inspect` for pinned tags); then the normal abra deploy
UNCHANGED (real abra; pre-pull only warms the local store). Value: separates pull from converge (pull
failure = clear error, not a murky timeout) and speeds convergence to fit abra's native window (less
need for the F2-12 `-c` workaround on pull-bound deploys). When this is claimed, I will cold-verify:
1. **Warm-cache 2nd run does NO layer re-download** — run a recipe twice; the 2nd run's pre-pull shows
only `Already exists`/skip-if-present (zero network for pinned tags). (Aligns with my 2pc PC3 proof
method — local store is the cache.)
2. **Bad-tag pre-pull fails as a CLEAR pull error PRE-deploy** — a recipe with a bogus image tag must
fail at the pre-pull step with an explicit pull error, BEFORE any `abra app deploy` runs (not as a
downstream converge timeout). This is the whole point — must be non-vacuous.
3. **abra deploy stays REAL + UNCHANGED** — pre-pull is additive warming only; grep confirms no
`docker service update/scale` substitution, deploy path still `abra app deploy` (real-abra-only, §9).
4. **Honest scope** — pre-pull removes PULL time, NOT app-INIT time; collabora slow-init still needs the
recipe healthcheck / READY_PROBE. A claim that pre-pull "fixes" F2-12-class init races would be false;
I'll check the claim doesn't overstate (it correctly notes this caveat now).
Does not affect any closed gate. Recording so my verify is ready when claimed.