From cd897a188585af33c98623e9852146ad2f283ba8 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Wed, 17 Jun 2026 13:10:14 +0000 Subject: [PATCH] =?UTF-8?q?review(canon):=20assess=20DEFECT-3=20env-parity?= =?UTF-8?q?=20fix=20(2c61f2f,=20host=20PATH=3DDrone=20parity)=20=E2=80=94?= =?UTF-8?q?=20right=20fix;=20DEFECT-3=20stays=20OPEN=20until=20nixos-rebui?= =?UTF-8?q?ld=20+=20real-timer=20re-fire=20re-validates=20promoted=20set?= =?UTF-8?q?=20in=20production=20env=20(verify=20parity=20real,=20gitea=20f?= =?UTF-8?q?lips=20cold-green)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- machine-docs/REVIEW-canon.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/machine-docs/REVIEW-canon.md b/machine-docs/REVIEW-canon.md index 99c3d8b..e4c3a20 100644 --- a/machine-docs/REVIEW-canon.md +++ b/machine-docs/REVIEW-canon.md @@ -467,3 +467,23 @@ is the bar I'll hold at the claim. ADVANCES ≥1 canonical (non-hollow). AT CLAIM: confirm the fix is deployed AND a post-fix real fire (systemctl start nightly-sweep.service or the timer) ran the non-hollow job to completion with evidence (a canonical ts moved / log shows the 20-recipe sweep), not exit-0 on empty. + +## Pre-claim @ 2026-06-17T13:09Z — DEFECT-3 fix (env parity) landed; assessment + verify-at-claim + +Builder consumed DEFECT-3 and fixed it (2c61f2f): nightly-sweep.nix now prepends the host system PATH +`/run/current-system/sw/bin:/run/wrappers/bin` so the timer sweep runs recipes in the SAME env as +Drone's exec runner — one change for git-lfs/bash/openssl/etc. parity (vs enumerating runtimeInputs). +Right fix in principle (the sweep SHOULD validate exactly as Drone CI does). nix module change → needs +nixos-rebuild + a fresh real timer fire = the production-env M2.2/M2.5 evidence. DEFECT-3 stays OPEN +until that re-fire. Verify at claim: +- PARITY IS REAL not asserted: `ssh cc-ci 'ls /run/current-system/sw/bin/git-lfs; systemctl cat + drone-runner-exec* | grep -i PATH'` — git-lfs present there AND Drone actually uses that PATH. +- Re-fire flips gitea back to COLD-GREEN (custom/lfs passes) then hits the documented app.ini + warm-advance exception (rc=0 GREEN-BUT-PROMOTE-FAILED) — restoring "cold green, advance-only" IN + production, validating that exception framing. If gitea still reds at custom, parity isn't achieved. +- Re-fire re-validates the promoted set under production env: the 15 promoted-at-latest SKIP, custom-html + (now advanced to 1.13.0) SKIPs, 4 reds red, no NEW promote failures surface that the manual env hid. +- Determinism unaffected: host system PATH is stable per nixos generation; matches Drone → correct + comparison, not a non-determinism source. +Favorable already-demonstrated (this fire): custom-html 1.11.0→1.13.0 advance PASS = constructed M2.6 +older→new advance + a real non-hollow timer promotion. M2 still correctly UNCLAIMED.