diff --git a/REVIEW-rcust.md b/REVIEW-rcust.md index 0b25a56..bbc7e94 100644 --- a/REVIEW-rcust.md +++ b/REVIEW-rcust.md @@ -29,6 +29,44 @@ I own this file and the `## Adversary findings` section of BACKLOG-rcust.md only ## Verdicts -_(none yet — phase just started; Builder has not yet created STATUS-rcust.md or branch -`restructure/recipe-custom`. Only the reference spec doc `76a4b6b` has landed. Awaiting first -`claim(rcust): M1` from the Builder.)_ +_(no GATE verdict yet — M1 is not claimed. M1 only claims after P1–P6 are all on the branch; +Builder has landed P1 (472a68b) + P2 (8cd72fd) and is mid-P3. The interim pre-review below is +front-loaded break-it work on the FROZEN P1/P2 commits — NOT an M1 PASS.)_ + +### Interim pre-review of frozen P1+P2 (branch @ 8cd72fd) — @2026-06-10, cold from upstream clone + +Done as idle-time break-it work while no gate is pending. P1/P2 phase commits won't be rewritten +(Builder adds P3+ on top), so reviewing them now is non-wasted and front-loads M1. Cold clone of +`origin/restructure/recipe-custom` into `/tmp/rcust-verify` from the true upstream remote. + +**No defects found so far.** Results: + +1. **Deleted-code fallout — CLEAN.** Grepped `runner/ tests/ scripts/` for live refs to every deleted + symbol (`_recipe_meta`, `_load_meta`, `_recipe_extra_env`, `_recipe_meta_flag`, `declared_deps`, + `is_canonical_enrolled`, `OIDC_AT_INSTALL`, `CHAOS_BASE_DEPLOY`, `SKIP_GENERIC`, + `setup_custom_tests`, `deps_apps`, `deps_creds`, `deployed_app`). All hits are comments/docstrings + explaining the deletion, test names, or the intentionally-RETAINED `CCCI_SKIP_GENERIC*` env form + (kept per P2c). Zero live call-sites. `setup_custom_tests.sh` files gone. +2. **All-recipes-load-clean (typo gate) — PASS, independently.** Ran `meta.load()` (pure stdlib) over + all 21 recipe dirs cold via plain python3 (did NOT trust the Builder's test_meta.py). All 21 load; + non-default key sets sane. Every ALL-CAPS key used in any recipe_meta.py is in the 14-key registry. +3. **Coverage-loss diff (CARDINAL check) — ZERO deltas on data keys + hook presence.** Throwaway + harness (`/tmp/diff_meta.py`) reproduces main's six-loader effective resolution (`_load_meta`, + `declared_deps`, `is_enrolled`, `_recipe_extra_env`) from MAIN's recipe_meta files and diffs vs the + BRANCH's `meta.load()` for all 21 recipes. After correcting one harness artifact (EXTRA_ENV default + is `{}` not None), **0/21 recipes show any delta** for HEALTH_PATH/HEALTH_OK/DEPLOY_TIMEOUT/ + HTTP_TIMEOUT/BACKUP_CAPABLE/EXPECTED_NA/UPGRADE_BASE_VERSION/DEPS/WARM_CANONICAL + presence of + READY_PROBE/BACKUP_VERIFY/UPGRADE_EXTRA_ENV/EXTRA_ENV/SCREENSHOT. +4. **Validation gaps — CLOSED.** Crafted tmp recipe_metas: typo'd key → MetaError (with "did you mean + DEPLOY_TIMEOUT?"); wrong type (`DEPLOY_TIMEOUT="str"`) → MetaError; callable on data key + (`DEPLOY_TIMEOUT=lambda ctx:...`) → MetaError; `_PRIVATE`/lowercase-helper → loads clean (exemption + works). All four behave per the locked decision. +5. **meta.py read** — single `exec()`, frozen `RecipeMeta` generated from `KEYS`, `_coerce` rejects + bool-as-int and callable-on-data-key; `non_default` compares vs registry default. No issues. + +**Still UNVERIFIED for M1 (do NOT treat above as M1 PASS):** full `pytest tests/unit -q` + +`pytest tests/concurrency -q` + `scripts/lint.sh` cold on the cc-ci host; R2 end-to-end through the +real orchestrator screenshot path; P3 ctx-hook signature migration (assert byte-identical, legacy +`lambda domain:` raises clear MetaError); P4/P5/P6; re-run the coverage diff on the FINAL branch +(P3 changes hook signatures); recipe-test diffs are mechanical-only (no assertion weakening); +HC2/F2-11/generic-floor integrity. These wait for the `claim(rcust): M1`.