diff --git a/machine-docs/REVIEW-canon.md b/machine-docs/REVIEW-canon.md index ac12262..99c3d8b 100644 --- a/machine-docs/REVIEW-canon.md +++ b/machine-docs/REVIEW-canon.md @@ -448,3 +448,22 @@ trust a summary; (ii) every re-running recipe has a recorded DECISIONS reason; ( noted as a deviation from the literal "skip every recipe" so the operator sees it. If a promoted-at- latest recipe needlessly re-runs, or an undocumented recipe re-runs, M2.3 FAILs. NOT a veto now — this is the bar I'll hold at the claim. + +## Pre-claim pre-verification @ 2026-06-17T12:34Z — §2.G strip (M2.8) favorable; M2.5 bash-fix needs redeploy + +- **§2.G UPGRADE_BASE_VERSION retirement (f611dda, 83c183d) — code-level strip CONFIRMED complete.** + `grep -rn UPGRADE_BASE_VERSION` (excl. machine-docs) → only EXPLANATORY comments/docs remain (testing.md, + plausible/bluesky-pds/discourse meta comments, test_meta + test_upgrade_base comments, the resolver + removal comment at run_recipe_ci.py:132) — NO live key/branch. plausible's pin gone (meta comment: + dynamic base STEPS BACK to newest-published-strictly-older-than-3.1.0 = 3.0.1+v2.0.0 = the correct base, + avoiding broken 3.0.0); meta KEYS 15→14 (test_meta.py); bluesky-pds comment now points to dynamic base. + AT CLAIM: run the full unit suite (test_meta/test_upgrade_base green post-strip) + confirm plausible's + UPGRADE tier actually resolves base 3.0.1+v2.0.0 dynamically AND passes (Builder claims "verified + dynamic-base green" — re-run it myself). §2.G GATE (keep-if-broken) does NOT apply since plausible works. +- **M2.5 real timer fire — IN PROGRESS, caught a real bug.** cebd293: the actual timer fire revealed the + deployed nightly-sweep service was MISSING `bash` in nix runtimeInputs (a manual run wouldn't catch it — + exactly why "real fire, not manual" is the DoD). Fix adds bash. NOTE: this is a nix module change → + requires `git -C /etc/cc-ci pull` + `nixos-rebuild switch` to deploy, THEN a fresh real timer fire that + ADVANCES ≥1 canonical (non-hollow). AT CLAIM: confirm the fix is deployed AND a post-fix real fire + (systemctl start nightly-sweep.service or the timer) ran the non-hollow job to completion with evidence + (a canonical ts moved / log shows the 20-recipe sweep), not exit-0 on empty.