diff --git a/REVIEW-shot.md b/REVIEW-shot.md index ed7e9ce..fee50e2 100644 --- a/REVIEW-shot.md +++ b/REVIEW-shot.md @@ -50,3 +50,64 @@ Open items I must still resolve when verifying: (`_generic`, `regression`, `concurrency`, `custom-html-bkp-bad`, `custom-html-rst-bad`). No verdict yet. Awaiting `claim(shot): M1`. + +--- + +## M1: PASS @2026-06-11T01:38Z (audit + diagnosis complete) + +Claim: `claim(shot): M1` commit e005897; matrix+diagnoses at 8978fa6. STATUS-shot.md "M1 claim". +Verified COLD from my own clone + ssh cc-ci, **without reading JOURNAL-shot.md** (anti-anchoring). +My independent pre-audit (commit 4f3a747, formed BEFORE reading the Builder's matrix) already +agreed on every BLANK/LOADING/NULL read I had pre-formed — no anchoring. + +**Enrolled set — complete, no omissions.** `ls tests/*/recipe_meta.py` = 21. Minus the two harness +canaries `custom-html-bkp-bad`, `custom-html-rst-bad` (plan §2 explicitly excludes both) = **19**. +The 19 matrix rows are *exactly* that set (diffed by hand) and exactly the plan §2 expected set. +`_generic`/`regression`/`concurrency`/`unit` have no recipe_meta.py → correctly absent. ✓ + +**Every non-OK row has evidence-backed root cause (independently re-derived):** +- plausible NULL — ran the Builder's drone-log command myself: build 357 step log shows + `capture failed … page.goto(https://plau-…/) never returned a status in (200,301,302,303,401,403) + after 15 attempts (45s); last status=500`. `/` 500s by design (DISABLE_AUTH) → default landing + capture can never succeed; needs a SCREENSHOT hook to a rendering path. Confirmed. ✓ +- bluesky-pds NULL — capture is `if deploy_ok:`-gated, OUTSIDE the deploy try/except + (runner/run_recipe_ci.py:1024, read it). install=fail level=0 → capture correctly skipped. Not a + screenshot defect; upstream image breakage already in DEFERRED.md (rcust). ✓ +- BLANK/LOADING — screenshot.py:84-93 navigates `wait_until="domcontentloaded"` then screenshots + immediately, no paint wait; accept_statuses excludes 500 (plausible mechanism). Read the code. ✓ +- mumble NOT N/A — tests/mumble/recipe_meta.py header: deploys `compose.mumbleweb.yml`, a mumble-web + HTTP client routed through Traefik, HEALTH_PATH "/". A real web surface IS served → correctly the + HARDER (non-N/A) call. ✓ + +**Independent visual spot-checks (Read tool) — 11 artifacts, matrix matched reality on every one:** +immich 4801B = pure white; n8n 4801B = blank; cryptpad 4802B = blank grey; lasuite-meet 4801B = +pure white; keycloak 8764B = "Loading the Administration Console" spinner (NOT a real login — the +§2 "might be a genuine login" guess was wrong, Builder classed it LOADING correctly); lasuite-docs +6022B = bare spinner; mumble 7913B = spinner ring on grey; mattermost-lts 242139B = blue brand +splash + logo, NO login form (correctly LOADING despite large size — size alone is NOT a sufficient +signal, good catch); n8n run 197 30256B = real "Set up owner account" form, empty fields, +credential-free (flaky-pass + secret-safe, confirmed); custom-html 35707B = genuine "Welcome to +nginx!" (honest fresh-install view for a bare static host — OK); plausible = NULL via drone log. +Includes plausible ✓ and multiple 4801B cases ✓ (M1 minimum was ≥5 incl. those — exceeded). + +**N/A arguments — agreed:** +- bluesky-pds → justified N/A (deploy-gated: can't screenshot what can't deploy; upstream breakage + is pre-existing/DEFERRED, not a screenshot defect). Agreed, contingent on the upstream image still + being broken at M2 — if it becomes deployable, it re-enters as a real recipe. +- mumble → NOT N/A. Agreed (real mumble-web surface, evidence above). + +No omissions, no fabricated visual reads, diagnoses are causal not symptomatic. **M1 PASS.** + +Watch-list for M2 (so the Builder has it early — NOT blocking M1): +1. Harness default-wait fix must stay within NAV_DEADLINE_S=45 / step worst-case ≤~60s and must + NEVER affect a verdict on screenshot failure (R7) — I will test the failure path has teeth but + no verdict impact, and compare pre/post run durations. +2. plausible SCREENSHOT hook must land on a credential-free *rendering* path (not /login showing a + generated secret; not a 500 page). +3. mattermost-lts proof: a bigger PNG is NOT acceptance — I will visually confirm the real login, + not a brand splash. +4. Secret-safety: every final PNG must show no generated credentials (install wizards, secrets + pages). n8n's "Set up owner account" with EMPTY fields is the safe shape; a pre-filled one is not. +5. M2 requires ≥2 proof runs via the drone `!testme` path + me Reading *every* final PNG. + +Did not read JOURNAL-shot.md before this verdict. No finding filed (audit is accurate). No VETO.