# STATUS — Phase 1d (generic test suite + layered recipe overlays)

**Phase plan (SSOT):** `/srv/cc-ci/cc-ci-plan/plan-phase1d-generic-test-suite.md`
**Loop state for THIS phase:** STATUS-1d / BACKLOG-1d / REVIEW-1d / JOURNAL-1d (DECISIONS.md shared).
The repo's STATUS.md/BACKLOG.md/REVIEW.md (Phase 1) and STATUS-1b/1c (DONE) are HISTORY, not this
phase's state.

## Phase
Phase 1d runs after Phase 1b (DONE) and before Phase 2. It is the **test-architecture foundation**:
every recipe gets a generic lifecycle suite for free; recipe-specific tests layer on top
(override-or-extend). Bounded — build the architecture + prove it on a couple of recipes; full
per-recipe overlay authoring is Phase 2.

## Definition of Done (Phase 1d) — DG1–DG8, each Adversary cold-verified in REVIEW-1d
- [x] **DG1** — Generic INSTALL test (recipe-agnostic): app new→deploy→converged→really serving
      (real HTTP(S), not Traefik fallback). Green on a simple recipe with no cc-ci/repo-local tests.
      **Adversary PASS @2026-05-27** (cold, hedgedoc, deploy-count=1, clean teardown).
- [x] **DG2** — Generic UPGRADE: previous/pinned → upgrade to target; reconverge + still serving.
      **Adversary PASS @2026-05-28** (genuine 1.10.7→1.10.8 move + no-op guard raises; F1d-2 closed).
- [x] **DG3** — Generic BACKUP+RESTORE for backup-capable recipes; clean N/A (skip) otherwise.
      **Adversary PASS @2026-05-28** (backup snapshot_id artifact + healthy restore on hedgedoc).
      N/A-skip run-demo green: custom-html-tiny (non-backup-capable) → backup/restore = skip (G3 Run B).
- [x] **DG4** — Layering (override-or-extend; generic is the default); discovery + cc-ci/repo-local
      precedence settled in DECISIONS. Invariant: no overlay for an op ⇒ generic runs.
      **Adversary PASS @2026-05-28** (override LIVE on custom-html's 4 ops + extend + precedence 5/5).
- [x] **DG4.1** — Overlays reuse the deployment: ONE deploy + ONE teardown per run; no extra
      new/deploy/undeploy (assert via deploy-count). **Adversary PASS @2026-05-28** (deploy-count=1).
- [x] **DG5** — Custom install-steps hook + graceful-generic rule; fail-without / pass-with proof.
      **Adversary PASS @2026-05-28** (custom-html-tiny: fail-without / pass-with the install_steps.sh hook).
- [x] **DG6** — `!testme` e2e on an unconfigured recipe through the real pipeline; per-op reporting.
      **CLAIMED @2026-05-28** — build #153: `!testme` on hedgedoc PR#1 (no overlays) → bridge triggered
      (<60s, REF=PR head) → Drone → all 4 tiers ran tests/_generic → per-op install/upgrade/backup/
      restore=pass, custom=skip, deploy-count=1 → clean teardown (no service/volume/secret/app leaked)
      → PR comment `✅ passed → …/153`. Awaiting Adversary cold-verify.
- [x] **DG7** — Real, DRY, clean: no softened/skip/xfail assertions; generic in the shared harness;
      teardown always; respects MAX_TESTS. **CLAIMED** — afd75a4 migrated the remaining overlays to
      the assertion-only deploy-once contract; build #153 left zero residual. Awaiting Adversary.
- [x] **DG8** — Documented (docs/ explains the generic suite, overlay convention, hook) + cold-verify.
      **CLAIMED** — b756e72 (docs/testing.md + enroll-recipe.md + README). Awaiting Adversary cold-verify.

## Milestones (plan §3)
- **G0** — Generic install + deploy-once orchestrator; green on custom-html-tiny. *Accept: DG1.*
- **G1** — Generic upgrade + backup/restore. *Accept: DG2, DG3.*
- **G2** — Layering + discovery + precedence. *Accept: DG4, DG4.1.*
- **G3** — Custom install-steps hook + graceful-generic. *Accept: DG5.*
- **G4** — `!testme` e2e + per-op reporting + docs + cold verify. *Accept: DG6, DG7, DG8 → DONE.*

## In flight
**G4 — !testme e2e + per-op reporting + docs + migrate remaining recipes.**
- **DG7 (no-regression/DRY) — DONE (afd75a4):** migrated keycloak/cryptpad/matrix-synapse/n8n/
  lasuite-docs overlays to the assertion-only deploy-once contract (lifecycle OP owned by the shared
  harness; test files = assertions only).
- **DG8 (docs) — DONE (b756e72):** docs/testing.md (generic suite + overlay convention names/
  locations/precedence + install-steps hook + add-an-overlay); enroll-recipe.md + README updated.
- **DG6 (!testme e2e on unconfigured recipe) — IN FLIGHT.** hedgedoc (no cc-ci/repo-local overlays)
  enrolled in bridge POLL_REPOS (8262912), deployed to cc-ci (nixos-rebuild switch Result=success;
  live POLL_REPOS now lists hedgedoc). Posted `!testme` on hedgedoc PR #1 (comment 13750,
  autonomic-bot) @01:10:16Z → bridge `[poll] triggered build 153 for hedgedoc@441c411c` (<60s).
  Build #153 running the full generic suite; watching for per-op pass/fail/skip + PR-comment outcome.

After DG6 green → request Adversary cold-verify DG1–DG8, then flip to ## DONE.

F1d-1 + F1d-2 both CLOSED by Adversary @2026-05-28.

## Gate
**G0/DG1 — Adversary PASS @2026-05-27.** Cleared.

**G1 (DG2+DG3) — Adversary PASS @2026-05-28** (re-claim after F1d-2 fix). Verified genuine prev→target
(1.10.7→1.10.8 moves) and the no-op guard raises. F1d-1 + F1d-2 both CLOSED. No VETO.

**G2 (DG4+DG4.1) — Adversary PASS @2026-05-28** (override LIVE on custom-html's 4 ops, extend-by-
composition, data-continuity, deploy-count=1, precedence unit tests 5/5). No VETO.

**G3 (DG5 + DG3 N/A-skip) — Adversary PASS @2026-05-28.** No VETO. DG1–DG5 all Adversary-verified;
F1d-1 + F1d-2 closed.

**G4 (DG6 + DG7 + DG8) — CLAIMED @2026-05-28, awaiting Adversary cold-verify.** Evidence: build #153
(`!testme` on hedgedoc PR#1, the unconfigured recipe) — bridge trigger <60s, REF=PR head, all 4 tiers
ran tests/_generic (no-overlay⇒generic invariant), per-op install/upgrade/backup/restore=pass +
custom=skip, deploy-count=1, clean teardown (zero residual on swarm/abra), PR comment `✅ passed
→ …/153`. DG7 migration afd75a4; DG8 docs b756e72 (docs/testing.md). **Requesting the Adversary
re-run the DG1–DG8 acceptance checks cold (plan §1 / §6.1); on PASS for all, I flip to ## DONE.**
No VETO standing.

Design (DECISIONS.md Phase 1d): tier model with the lifecycle OP owned by the shared harness (test
files = assertions only); override precedence repo-local > cc-ci > generic + extend-by-composition;
deploy-once with a deploy-count guard; backup-capability auto-detect; install-steps shell hook.

## Blocked
(none) — bootstrap access re-verified @2026-05-27: ssh cc-ci ok (root, NixOS 24.11), abra 0.13.0-beta,
5 infra stacks up (traefik/drone/bridge/dashboard/backups), custom-html-tiny mirrored.