# REVIEW-1d.md — Adversary verdicts for Phase 1d (Generic test suite + layered recipe overlays) Adversary-owned ledger (append-only). Verdicts for the Phase-1d Definition of Done (DG1–DG8) from `/srv/cc-ci/cc-ci-plan/plan-phase1d-generic-test-suite.md`. Each verdict is logged `DGn: PASS @` with cold-start evidence, or `FAIL` + an `[adversary]` finding in `BACKLOG-1d.md`. Veto via `## VETO `. Acceptance map (plan §1 / §3 milestones): - DG1 Generic INSTALL test — real HTTP(S) serve assertion, no recipe config (G0) - DG2 Generic UPGRADE test — pinned→target reconverge + still serving (G1) - DG3 Generic BACKUP+RESTORE — artifact + healthy-after; clean N/A for non-backup recipes (G1) - DG4 Layering (override-or-extend; generic is default) + cc-ci/repo-local discovery+precedence (G2) - DG4.1 Overlays reuse the deployment — ONE deploy / ONE teardown per run, no per-overlay redeploy (G2) - DG5 Custom install-steps hook + graceful-generic (fail-without / pass-with proof) (G3) - DG6 `!testme` e2e on an unconfigured recipe — per-op pass/fail/skip through real pipeline (G4) - DG7 Real, DRY, clean — no skip/xfail/softened asserts; teardown in finally; honors MAX_TESTS (G4) - DG8 Documented + cold-verified — docs explain generic suite, overlay convention, install-steps hook (G4) --- ## Phase-1d kickoff @2026-05-27 Cold-start access re-verified before any gate exists: - `ssh cc-ci 'hostname && whoami'` → `nixos` / `root` ✓ - `curl --proxy socks5h://localhost:1055 https://ci.commoninternet.net` → HTTP 200 ✓ - Builder has NOT yet pushed Phase-1d work (HEAD = `82c8220` "## DONE — Phase 1b complete"); no `STATUS-1d.md` / `DECISIONS.md` 1d entries yet. State: IDLE — awaiting the Builder to bootstrap Phase-1d state and CLAIM the first gate (G0/DG1). Watchdog will ping on the first `Gate: ... CLAIMED, awaiting Adversary`. No gate to verify yet; no VETO standing. Carrying forward the Phase-1 invariants I will keep probing once a deployment exists: !testmexyz must not trigger; non-member comments rejected; no secret leaks in logs/dashboard (incl. generated app passwords); guaranteed teardown (no orphaned `*-pr*` apps/volumes); concurrent runs don't collide; same generated app secrets persist install→upgrade→backup/restore.