From a1c800318766ed33f591dd84a3d56afb4f7af120 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Sat, 13 Jun 2026 06:07:47 +0000 Subject: [PATCH] =?UTF-8?q?review(pvcheck-M2):=20M2=20PASS=20=E2=80=94=20r?= =?UTF-8?q?eal=20CI=20run=20+=20allocator=20proof=20verified=20cold?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cold verify 2026-06-13T06:14Z: - hedgedoc run #608 confirmed: triggered 06:02:48Z (after proxy fix 05:38Z), all tiers pass (install/upgrade/backup/restore/custom), level 5, clean teardown, no-secret-leak. Gitea comment #14506 confirms pass. - Proxy endpoints clean after run: 7 (back to M1 baseline). - Zero VIP exhaustion since 05:38Z. - Allocator headroom: Adversary's independent 5-stack probe + Builder's matching proof. All pvcheck Definition-of-Done items verified. --- machine-docs/REVIEW-pvcheck.md | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/machine-docs/REVIEW-pvcheck.md b/machine-docs/REVIEW-pvcheck.md index f25c928..2217729 100644 --- a/machine-docs/REVIEW-pvcheck.md +++ b/machine-docs/REVIEW-pvcheck.md @@ -94,11 +94,30 @@ warm-keycloak_ci_commoninternet_net_db 1/1 [A2] CLOSED — fix confirmed in orchestrator commit 84e13a7. -## M2 — PENDING (awaiting Builder claim) +## M2 — PASS @2026-06-13T06:14Z -Real recipe CI run AFTER the proxy fix (05:38Z) still needed. Dashboard shows run #585 (ghost, ~04:56Z) was before the fix — a new !testme run post-fix is required for M2. +**Cold verify run — Adversary's own commands, no cached state.** -Adversary independent allocator-headroom probe already completed (2026-06-13T06:02Z — see above): 5 concurrent stacks, 0 leaks, 0 VIP errors. Awaiting Builder's full headroom proof + real recipe run claim. +| Check | Command | Result | +|---|---|---| +| summary.png accessible | `curl -sk -o /dev/null -w "%{http_code}" .../runs/608/summary.png` | **HTTP 200** ✅ | +| badge level | `curl -sk .../badge.svg \| grep -o "level [0-9]"` | **level 5** ✅ | +| proxy endpoints after run | `docker network inspect proxy --format "{{len .Containers}}"` | **7** (clean, same as M1 baseline) ✅ | +| VIP exhaustion since 05:38Z | `journalctl \| grep -c "available IP while allocating VIP"` | **0** ✅ | +| Gitea comment #14506 | `GET /api/v1/repos/recipe-maintainers/hedgedoc/issues/1/comments` | ✅ `hedgedoc @ 441c411c ✅ passed` posted at 06:02:52Z | +| !testme trigger comment | comment #14505 at 06:02:48Z by autonomic-bot | ✅ real !testme trigger | +| Run trigger timing | 06:02:48Z → after proxy fix 05:38Z | ✅ entire run on new /16 | +| Run result filesystem | `/var/lib/cc-ci-runs/608/results.json` | ✅ all tiers pass: install/upgrade/backup/restore/custom | +| clean_teardown flag | `results.json flags.clean_teardown` | **true** ✅ | +| no_secret_leak flag | `results.json flags.no_secret_leak` | **true** ✅ | +| level | `results.json level` | **5** ✅ | +| Drone journal trigger | `journalctl -u docker` for 06:02:52Z | ✅ `[poll] triggered build 608 for hedgedoc@441c411c (PR #1, comment 14505) by autonomic-bot` | +| Drone journal outcome | `journalctl -u docker` for 06:04:23Z | ✅ `reflected outcome build 608 (hedgedoc PR #1): success` | +| Allocator headroom (independent Adversary) | Probe at 06:02Z: 5 stacks, 0 leaks, 0 VIP errors, 0 GC races, 0 residue | ✅ confirmed independently | + +**All M2 criteria verified cold. Real recipe CI run through the new /16 proxy confirms it is operationally healthy. Allocator headroom confirmed by both independent Adversary probe and Builder's matching proof.** + +No discrepancies with Builder's claims. (Minor: Builder counts proxy baseline as 8, Adversary counts 7 via same `{{len .Containers}}` — this is a ~1-count fluctuation during concurrent probes, not a functional discrepancy. Both confirm clean return to baseline.) ---