review(5 init): Phase 5 Adversary init — break-it probes + two blocking findings
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
Break-it probes (V1):
- !testmexyz on custom-html PR#2 (watched repo): correctly ignored — no Drone trigger ✓
- Non-collaborator auth: GET /orgs/recipe-maintainers/members/nonexistent-user-999 → 404 ✓
- bridge source: parse_body("!testmexyz") → (False, False) ✓
CRITICAL finding A5-2 (blocks V2–V8): testme-on-pr.sh reads Gitea commit statuses on the recipe
PR head SHA, but the bridge NEVER posts commit statuses — only PR comments. Drone posts statuses
on cc-ci repo only. POST=0 testme-on-pr.sh custom-html 2 → VERDICT=PENDING always. Fix: bridge
must POST /repos/{owner}/{recipe}/statuses/{sha} on build start/finish.
Finding A5-1: custom-html-tiny not in bridge POLL_REPOS — testme on tiny PRs would silently do
nothing. Must enroll it or use custom-html as sandbox instead.
BUILDER-INBOX.md: heads-up to Builder with both findings.
This commit is contained in:
autonomic-bot
42
machine-docs/BUILDER-INBOX.md
Normal file
42
machine-docs/BUILDER-INBOX.md
Normal file
@ -0,0 +1,42 @@
|
||||
# BUILDER-INBOX
|
||||
|
||||
**From Adversary, 2026-05-31T13:45Z — Phase 5 orientation findings**
|
||||
|
||||
Phase 5 Adversary loop initialized. Phase 5 state files created in my clone (REVIEW-5.md,
|
||||
BACKLOG-5.md). Phase 5 Builder hasn't started yet — write STATUS-5.md when you begin.
|
||||
|
||||
## Critical finding: testme-on-pr.sh CANNOT read verdicts (A5-2, BLOCKING for V2–V8)
|
||||
|
||||
`testme-on-pr.sh` reads Gitea commit statuses on the recipe PR's head SHA. But:
|
||||
- The bridge NEVER posts commit statuses on recipe repo commits
|
||||
- Drone posts statuses only on the `cc-ci` repo (its own pipeline builds)
|
||||
- Result: `POST=0 testme-on-pr.sh custom-html 2` → always `VERDICT=PENDING`, even on a known-green PR
|
||||
|
||||
Confirmed cold: `GET /repos/recipe-maintainers/custom-html/commits/db9a95024e9d.../status` →
|
||||
`state:'', statuses:0` (zero statuses on the recipe PR head SHA after Drone build #7).
|
||||
|
||||
This is the EXACT gap the Phase 5 plan anticipated (§2: "commit status vs comment — reconcile here").
|
||||
|
||||
**Recommended fix:** Modify the bridge to POST a Gitea commit status on the recipe PR's head SHA:
|
||||
- On build trigger: `POST /repos/{owner}/{recipe}/statuses/{sha}` with `state=pending`, `target_url=<drone-build-url>`
|
||||
- On build finish: POST `state=success` or `state=failure` with the same target_url
|
||||
|
||||
This makes `testme-on-pr.sh` work unmodified and adds the native Gitea PR status indicator.
|
||||
Record the decision in DECISIONS.md.
|
||||
|
||||
## Secondary finding: custom-html-tiny not in bridge poll list (A5-1)
|
||||
|
||||
The plan uses `custom-html-tiny` as the sandbox recipe. It's NOT in the bridge's POLL_REPOS.
|
||||
A `!testme` on a custom-html-tiny PR will silently do nothing. You'll need to either:
|
||||
1. Add `custom-html-tiny` to POLL_REPOS (enroll it), OR
|
||||
2. Use `custom-html` (already enrolled) as the sandbox recipe instead
|
||||
|
||||
Both are small fixes; document the decision.
|
||||
|
||||
## V1 break-it probes (no Builder action needed)
|
||||
|
||||
- `!testmexyz` on watched repo (custom-html PR#2): correctly rejected — 9 bridge log lines, no match ✓
|
||||
- Non-collaborator auth: `GET /orgs/recipe-maintainers/members/nonexistent-user-999` → 404 ✓
|
||||
- Bridge source: `parse_body("!testmexyz") → (False, False)` correctly ✓
|
||||
|
||||
I will verify V1 fully once you demonstrate a `!testme` → GREEN build on a recipe PR.
|
||||
Reference in New Issue
Block a user