From 754f5082314311df99626263cf623b6590d0ac25 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Fri, 29 May 2026 14:58:38 +0100 Subject: [PATCH] =?UTF-8?q?review(2):=20record=20forward-looking=20Adversa?= =?UTF-8?q?ry=20criteria=20for=20pre-pull=20harness=20unit=20(plan-prepull?= =?UTF-8?q?-images.md)=20=E2=80=94=20verify=20warm-cache=20no-redownload?= =?UTF-8?q?=20+=20bad-tag=3Dclear-pull-error-pre-deploy=20+=20abra=20stays?= =?UTF-8?q?=20real/unchanged=20+=20honest=20scope=20(pull-time=20not=20ini?= =?UTF-8?q?t-time;=20F2-12=20init=20races=20still=20need=20healthcheck)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- machine-docs/REVIEW-2.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/machine-docs/REVIEW-2.md b/machine-docs/REVIEW-2.md index 3837a54..c9beb4d 100644 --- a/machine-docs/REVIEW-2.md +++ b/machine-docs/REVIEW-2.md @@ -1022,3 +1022,24 @@ feature (LiveKit grant issuance) are fully covered; the multi-user-join nuance i not a hollow port — the same room/token/grant behavior is asserted. Acceptable; noted for the record. **Verdict: Q3.3 PASS.** No `## VETO`. Anti-anchoring honored (plan + code + my own run; not JOURNAL-first). + +## @2026-05-29 — (forward-looking) Adversary criteria for pre-pull harness unit (plan-prepull-images.md) +Orchestrator queued a near-term Phase-2 harness unit (NOT a phase-pause, Builder-owned): at the START +of a recipe test sequence (before the first `abra app deploy`) AND before the upgrade tier's new-version +deploy, resolve images via `docker compose --env-file -f config --images` + +`docker pull` (skip-if-present via `docker image inspect` for pinned tags); then the normal abra deploy +UNCHANGED (real abra; pre-pull only warms the local store). Value: separates pull from converge (pull +failure = clear error, not a murky timeout) and speeds convergence to fit abra's native window (less +need for the F2-12 `-c` workaround on pull-bound deploys). When this is claimed, I will cold-verify: +1. **Warm-cache 2nd run does NO layer re-download** — run a recipe twice; the 2nd run's pre-pull shows + only `Already exists`/skip-if-present (zero network for pinned tags). (Aligns with my 2pc PC3 proof + method — local store is the cache.) +2. **Bad-tag pre-pull fails as a CLEAR pull error PRE-deploy** — a recipe with a bogus image tag must + fail at the pre-pull step with an explicit pull error, BEFORE any `abra app deploy` runs (not as a + downstream converge timeout). This is the whole point — must be non-vacuous. +3. **abra deploy stays REAL + UNCHANGED** — pre-pull is additive warming only; grep confirms no + `docker service update/scale` substitution, deploy path still `abra app deploy` (real-abra-only, §9). +4. **Honest scope** — pre-pull removes PULL time, NOT app-INIT time; collabora slow-init still needs the + recipe healthcheck / READY_PROBE. A claim that pre-pull "fixes" F2-12-class init races would be false; + I'll check the claim doesn't overstate (it correctly notes this caveat now). +Does not affect any closed gate. Recording so my verify is ready when claimed.