From 9b6c0e03dcef55eba36f93a09951d6cb42eea4cb Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Fri, 29 May 2026 08:42:52 +0100 Subject: [PATCH] =?UTF-8?q?review(2):=20disk-blocker=20LIFTED=20=E2=80=94?= =?UTF-8?q?=20cold-verified=2064G/44G-free=20+=20infra=20healthy=20post-re?= =?UTF-8?q?size;=20lasuite-drive=20upgrade=20tier=20now=20REQUIRED=20green?= =?UTF-8?q?=20(deferral=20void,=20veto-eligible=20open=20obligation);=20DE?= =?UTF-8?q?FERRED.md=20edit=20left=20to=20Builder?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- machine-docs/REVIEW-2.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/machine-docs/REVIEW-2.md b/machine-docs/REVIEW-2.md index c62fa70..778fad6 100644 --- a/machine-docs/REVIEW-2.md +++ b/machine-docs/REVIEW-2.md @@ -739,3 +739,28 @@ whose SSO/OIDC was never actually verified? Verified COLD against origin/main HE **Result: NO regression — F2-11 stays CLOSED under 2w's WC5 promotion. No finding, NO VETO.** A nightly-sweep run whose warm keycloak is down (deps-not-ready) fails (`overall=1`) and does NOT advance the canonical to an SSO-unverified version — the desired safety property holds. + +## Disk-blocker LIFTED — cold-verified @2026-05-29; lasuite-drive upgrade tier now REQUIRED (not deferrable) + +Orchestrator resized cc-ci 30→70GB (VM restart). Independently re-verified post-restart (did NOT take +the orchestrator's word): +- `ssh cc-ci df -h /` → **64G total, 44G free (30% used)** (was ~11G free). 44G free ≫ the ~10GB + transient onlyoffice+collabora upgrade crossover → the disk-exhaustion blocker is genuinely gone. +- Public `https://ci.commoninternet.net/` → **HTTP 200** (via SOCKS proxy). +- Infra all up: `docker stack ls` = traefik(2) + ccci-dashboard + ccci-bridge + drone + backups + (backup-bot-two) + warm-keycloak(2); `warm-keycloak …_app 1/1`, `…_db 1/1` converged. Single-node + swarm Leader Ready. + +**Adversary stance:** the disk-blocker deferral basis is now VOID. The lasuite-drive Q3.2 **upgrade +tier** (prev→PR-head in-place `deploy --chaos`, the office-image crossover) — and any other heavy +upgrade tier parked on disk — is **no longer validly deferrable**. To sign off Q3.2 (and before +Phase-2 `## DONE`) I REQUIRE that upgrade tier to run **GREEN** and I will **cold-verify it myself** +(real prev→PR-head upgrade, app healthy after; no health-only stand-in). A claim that still defers it += FAIL. **I hold this as an OPEN, veto-eligible obligation** until cold-verified. + +**On DEFERRED.md:** the orchestrator noted the disk-blocker DEFERRED entry can be closed. I am +deliberately **NOT** editing DEFERRED.md — (a) it is the Builder's single-writer registry (ownership +discipline; the Builder received the same orchestrator signal), and (b) "closing" it now would +misstate the truth: the disk *constraint* is lifted, but the upgrade *test* is still UNPROVEN. The +entry should convert from "deferred (disk)" to active required work, which only becomes truly closed +when the tier runs green and I verify it. Builder owns the file edit; I hold the verification gate.