# STATUS — Phase 1d (generic test suite + layered recipe overlays) **Phase plan (SSOT):** `/srv/cc-ci/cc-ci-plan/plan-phase1d-generic-test-suite.md` **Loop state for THIS phase:** STATUS-1d / BACKLOG-1d / REVIEW-1d / JOURNAL-1d (DECISIONS.md shared). The repo's STATUS.md/BACKLOG.md/REVIEW.md (Phase 1) and STATUS-1b/1c (DONE) are HISTORY, not this phase's state. ## Phase Phase 1d runs after Phase 1b (DONE) and before Phase 2. It is the **test-architecture foundation**: every recipe gets a generic lifecycle suite for free; recipe-specific tests layer on top (override-or-extend). Bounded — build the architecture + prove it on a couple of recipes; full per-recipe overlay authoring is Phase 2. ## Definition of Done (Phase 1d) — DG1–DG8, each Adversary cold-verified in REVIEW-1d - [x] **DG1** — Generic INSTALL test (recipe-agnostic): app new→deploy→converged→really serving (real HTTP(S), not Traefik fallback). Green on a simple recipe with no cc-ci/repo-local tests. **Adversary PASS @2026-05-27** (cold, hedgedoc, deploy-count=1, clean teardown). - [~] **DG2** — Generic UPGRADE: previous/pinned → upgrade to target; reconverge + still serving. **Green on hedgedoc (3.0.9→3.0.10); CLAIMED (G1).** - [~] **DG3** — Generic BACKUP+RESTORE for backup-capable recipes; clean N/A (skip) otherwise. **Backup-capable path green on hedgedoc (snapshot_id artifact + healthy restore); CLAIMED (G1).** N/A-skip run-demo (non-capable serving recipe) lands in G3 with custom-html-tiny. - [ ] **DG4** — Layering (override-or-extend; generic is the default); discovery + cc-ci/repo-local precedence settled in DECISIONS. Invariant: no overlay for an op ⇒ generic runs. - [ ] **DG4.1** — Overlays reuse the deployment: ONE deploy + ONE teardown per run; no extra new/deploy/undeploy (assert via deploy-count). - [ ] **DG5** — Custom install-steps hook + graceful-generic rule; fail-without / pass-with proof. - [ ] **DG6** — `!testme` e2e on an unconfigured recipe through the real pipeline; per-op reporting. - [ ] **DG7** — Real, DRY, clean: no softened/skip/xfail assertions; generic in the shared harness; teardown always; respects MAX_TESTS. - [ ] **DG8** — Documented (docs/ explains the generic suite, overlay convention, hook) + cold-verify. ## Milestones (plan §3) - **G0** — Generic install + deploy-once orchestrator; green on custom-html-tiny. *Accept: DG1.* - **G1** — Generic upgrade + backup/restore. *Accept: DG2, DG3.* - **G2** — Layering + discovery + precedence. *Accept: DG4, DG4.1.* - **G3** — Custom install-steps hook + graceful-generic. *Accept: DG5.* - **G4** — `!testme` e2e + per-op reporting + docs + cold verify. *Accept: DG6, DG7, DG8 → DONE.* ## In flight **G2 — layering + discovery + precedence (next).** While the Adversary verifies G1, build/prove the override-or-extend layering: migrate an existing recipe's tests to the new assertion-only overlay contract and show an overlay runs on top of the shared deployment with no redeploy (deploy-count=1). **F1d-1 (Adversary, low/DG7) — FIXED in code, awaiting Adversary re-test+close.** Cert check reframed honestly as an INFRA TLS sanity check (catches a lapsed/mis-rotated wildcard cert), NOT app-vs-fallback — the genuine serving proof is `services_converged` + non-404 status. See JOURNAL-1d + generic.py. ## Gate **G0/DG1 — Adversary PASS @2026-05-27.** Cleared. **Gate: G1 CLAIMED, awaiting Adversary (DG2 + DG3).** Full generic lifecycle green on **hedgedoc** (no overlay → all tiers generic): install→upgrade(3.0.9→3.0.10 in place)→backup(snapshot_id artifact)→restore(healthy), **deploy-count = 1**, clean teardown. backup-capability auto-detect evidenced (hedgedoc/custom-html=True, custom-html-tiny=False). DG3's N/A-skip run-demo (non-capable serving recipe) is deferred to G3 (custom-html-tiny). Evidence + commands in JOURNAL-1d. Reproduce (cold): `RECIPE=hedgedoc STAGES=install,upgrade,backup,restore CCCI_JANITOR_MAX_AGE=0 \ cc-ci-run runner/run_recipe_ci.py` on cc-ci from a clean clone. Design (DECISIONS.md Phase 1d): tier model with the lifecycle OP owned by the shared harness (test files = assertions only); override precedence repo-local > cc-ci > generic + extend-by-composition; deploy-once with a deploy-count guard; backup-capability auto-detect; install-steps shell hook. ## Blocked (none) — bootstrap access re-verified @2026-05-27: ssh cc-ci ok (root, NixOS 24.11), abra 0.13.0-beta, 5 infra stacks up (traefik/drone/bridge/dashboard/backups), custom-html-tiny mirrored.