chore(gtea): init Adversary phase files — baseline orientation done, awaiting Builder M1 claim

machine-docs/BACKLOG-gtea.md

@@ -0,0 +1,10 @@
+# BACKLOG — phase gtea (gitea full-test enrollment)
+
+## Build backlog
+(Builder-owned — read-only to Adversary)
+
+## Adversary findings
+(Adversary-owned — only the Adversary writes this section)
+
+No findings yet. Phase in progress.
+

machine-docs/JOURNAL-gtea.md

@@ -0,0 +1,79 @@
+# JOURNAL — phase gtea (Adversary)
+
+Adversary private log. Append-only.
+
+---
+
+## 2026-06-15T19:33Z — Phase init + orientation
+
+Phase gtea launched. Previous phase (poe2e) is DONE at 3f6d7dc.
+Builder hasn't started; no gtea commits on origin/main (HEAD 3f6d7dc).
+
+### Pre-build baseline established:
+
+**Current tests/gitea/ state:**
+- Only `recipe_meta.py` exists — pure dep-provider stub
+- Header says "NOT a standalone recipe-under-test" (must be updated, not removed)
+- EXTRA_ENV: sqlite3 + relaxed auth (dep path — must survive the recipe-under-test additions)
+
+**Unit tests to preserve (tests/unit/test_gitea_dep.py):**
+- `m.HEALTH_PATH == "/api/healthz"` — must not change
+- `200 in m.HEALTH_OK` — must not change
+- EXTRA_ENV must return `compose.sqlite3.yml` in COMPOSE_FILE, `GITEA_REQUIRE_SIGNIN_VIEW=false`, `GITEA_DISABLE_REGISTRATION=false`
+- `test_drone_recipe_meta_deps`: `"gitea" in m.DEPS` for drone recipe_meta
+- These are hard constraints — any modification to gitea recipe_meta.py that breaks these = FAIL
+
+**gitea recipe on cc-ci (.abra cache):**
+- Latest tag: `3.5.3+1.24.2-rootless` (master HEAD at e6a1cc7)
+- Available releases in abra release dir: 2.0.0, 2.1.2, 2.6.0, 3.0.0 (previous deploys)
+- Image: `gitea/gitea:1.24.2-rootless`
+- Backup: `backupbot.backup=true` label present in compose.yml -> BACKUP_CAPABLE=True
+
+**LFS PR #1 (`lfs-plain-gitea` -> `main`) diff summary:**
+- Adds `compose.lfs.yml` (GITEA_LFS_START_SERVER=true + lfs_jwt_secret)
+- Updates `app.ini.tmpl`: renders LFS_JWT_SECRET if GITEA_LFS_START_SERVER=true (not only forgejo)
+- Bumps `APP_INI_VERSION=v21 -> v22` in abra.sh
+- Bumps recipe version `3.5.3 -> 3.6.0` in compose.yml labels
+- `compose.lfs.yml` absent on `main` -> LFS test MUST skip on main (no overlay = skip)
+- `compose.lfs.yml` present on `lfs-plain-gitea` -> LFS test MUST pass
+
+**Running on cc-ci:**
+- No standalone gitea app running (drone app exists but gitea dep not running currently)
+- /etc/timezone = UTC (plan section 0 prereq satisfied)
+- cc-ci services: backup-bot-two, custom-html, discourse, drone, ghost, keycloak, mattermost-lts, traefik
+
+**Registered meta keys (runner/harness/meta.py):**
+HEALTH_PATH, HEALTH_OK, DEPLOY_TIMEOUT, HTTP_TIMEOUT, BACKUP_CAPABLE, EXPECTED_NA,
+READY_PROBE, UPGRADE_BASE_VERSION, BACKUP_VERIFY, UPGRADE_EXTRA_ENV, EXTRA_ENV, DEPS,
+WARM_CANONICAL, SCREENSHOT — no others allowed without registry update + doc regen
+
+**CRITICAL observation: No upstream recipe tests exist:**
+- `recipe-maintainers/gitea` has NO `tests/` directory on main or lfs-plain-gitea
+- Plan's `recipe-info/gitea/tests/health_check.py` and `git_push.py` are aspirational (do not exist upstream)
+- Builder must document in PARITY.md that these are created-from-scratch (not ported)
+- If Builder claims "parity port" without acknowledging no source exists, that's a PARITY.md accuracy defect
+
+**Adversary verification checklist for M1 (pre-populated):**
+1. Unit tests still pass after recipe_meta.py changes (esp. test_gitea_dep.py)
+2. No new ALL-CAPS meta keys added without registry update + doc regen
+3. EXTRA_ENV dep path unchanged (sqlite3 + relaxed auth) — dep vs recipe split real and documented
+4. Tests have real teeth (not trivially passing with misconfigured gitea)
+5. LFS test skips on main (compose.lfs.yml absent)
+6. Backup/restore mutation genuinely diverges then reverts (not a no-op restore)
+7. Drone still green (gitea dep path unaffected)
+8. PARITY.md honest about absent upstream tests
+
+**Adversary verification checklist for M2 (pre-populated):**
+1. Full lifecycle via real CI (!testme on main), drone still green
+2. Screenshot real + visually verified
+3. LFS round-trip green on lfs-plain-gitea (OID hash check, JWT stability across restart)
+4. Same LFS test skipped on main (not just xfail — structurally absent)
+5. Result posted to PR #1, nothing merged
+6. No secrets in logs/dashboard
+
+**Break-it probes to run (ongoing):**
+- Check EXTRA_ENV doesn't let recipe-under-test keys leak into the dep deploy path
+- Post !testmexyz to a test PR (must NOT trigger)
+- Grep logs/dashboard for secrets after any gitea deploy
+- Verify LFS JWT secret stability: deploy restart, check rendered app.ini LFS_JWT_SECRET unchanged
+

machine-docs/REVIEW-gtea.md

@@ -0,0 +1,22 @@
+# REVIEW — phase gtea (gitea full-test enrollment)
+
+Adversary verdict log. Append-only. Only the Adversary writes here.
+Commit prefix: `review(gtea): ...`
+
+---
+
+## Init @2026-06-15T19:33Z
+
+Phase gtea started. No gates claimed yet by Builder. Baseline orientation run:
+- Builder hasn't started (no STATUS-gtea.md, no gtea commits on origin/main as of 3f6d7dc).
+- Existing `tests/gitea/recipe_meta.py` is the dep-provider stub (header: "NOT a standalone recipe-under-test").
+- Plan SSOT loaded: plan-phase-gtea-gitea-fulltests.md — M1 = suite green locally; M2 = green in real CI + LFS PR verified.
+- Exemplars to check: tests/cryptpad/, tests/keycloak/.
+- Will maintain independent break-it probes while Builder builds.
+
+---
+
+## Pending verdicts
+
+None yet — awaiting M1 CLAIMED gate.
+