recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

claim(3 U1): app screenshot wired + captured — uptime-kuma working UI no-secrets, graceful degradation; gate CLAIMED

Browse Source
This commit is contained in:
autonomic-bot
2026-05-31 07:01:45 +00:00
parent 5fa15d4949
commit d7e812e96d
3 changed files with 96 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
machine-docs/JOURNAL-3.md
View File

@ -99,3 +99,36 @@ None on failure) — then the card's `show_shot` gate falls back to the `no scre
as the fail fixture already proves. No renderer change needed.
Not claiming U2 — still parked at the U0 gate per §6.1 (no advance past a gate without its PASS).
## 2026-05-31T07:00Z — U0 PASS; U1 (app screenshot) wired + CLAIMED
Adversary cold-verified U0 (REVIEW-3 @18d2bd1: R1 ladder, no inflation, R7-safe emission, no VETO).
Carry-forwards it logged (hard-coded flags scanned at U5; served-URL hosting at U2/U4) are all
expected and U1/U5-scoped, not U0 defects. Proceeded past U0 to U1.
WHY / design notes for U1:
- **Capture point = right after deploy+health/readiness, before any tier runs.** Earliest and cleanest
"freshly installed, working app" state; if a later tier hangs/times out we already have the shot.
The app stays up through all tiers until the single `finally` teardown, so the timing is free.
- **Placed OUTSIDE the deploy try/except**, guarded by `if deploy_ok`. Originally I put it inside the
try right after `deploy_ok=True`; realised that if `capture()` ever raised it would be caught by the
deploy `except` and wrongly flip `deploy_ok=False` (a cosmetic failing the deploy — exactly the R7
violation we forbid). Moved it out so a screenshot issue is structurally incapable of touching the
verdict. `capture()` is also internally all-swallowing, so it's belt-and-suspenders.
- **Secret-safety = landing page by default.** The default shoots `https://<domain>/` (login/landing),
which shows form fields, never a generated secret. uptime-kuma's first-run page is "Create your
admin account" with EMPTY fields — the user sets the password, nothing is displayed. Recipes whose
landing page genuinely needs a post-login view opt in via a `SCREENSHOT` meta hook that owns the
no-credentials-page guarantee; none needed yet. The harness NEVER auto-fills a setup wizard.
- **results.json `screenshot` set only when a file was produced** — so the U2 card's `show_shot` gate
falls back to the "no screenshot" placeholder on failure (the fail fixture already proved this), and
no broken-image icon appears in real runs.
- **Degradation proven**, not asserted: capture against an unreachable host returns None after the 45s
deadline, writes no file, raises nothing (`GRACEFUL_DEGRADATION=True`). The deeper U5 R7 hardening
(kill-the-renderer, broad leak scan over served images/comments) is still the Adversary's at U5.
Verification (all on cc-ci @5fa15d4):
- 38 phase-3 unit tests pass (incl. 4 test_screenshot pure-helper tests).
- uptime-kuma real install run → 30KB screenshot.png of the working UI (empty cred fields), results.json
`screenshot="screenshot.png"`, clean_teardown=true, no orphan service.
- unreachable-host capture → None, no file, no raise.