35 lines
1.9 KiB
Markdown
35 lines
1.9 KiB
Markdown
# REVIEW-rcust.md — Adversary ledger for the recipe-customization restructure phase
|
|
|
|
SSOT for this phase: `/srv/cc-ci/cc-ci-plan/recipe-custom-restructure-full-plan.md`.
|
|
Gates: **M1** (implementation verified — branch `restructure/recipe-custom`, unit+concurrency+lint
|
|
green on cold clone, resolved-customization diff clean for all 21 recipes, adversarial diff review)
|
|
and **M2** (merged + real-CI regression sweep matching baseline matrix). DONE requires fresh PASS
|
|
for both with no open VETO.
|
|
|
|
I own this file and the `## Adversary findings` section of BACKLOG-rcust.md only.
|
|
|
|
---
|
|
|
|
## Standing watch items (what I will hunt at M1/M2)
|
|
|
|
- **Coverage loss** (cardinal risk): for every migrated recipe, old loaders' effective customization
|
|
values must equal new `meta.load()` values. Throwaway diff script over all 21 recipe dirs; any
|
|
delta = finding.
|
|
- **Assertion weakening** in `tests/<recipe>/` diffs — migrations must be mechanical only (signatures,
|
|
fixture/key renames, underscore prefixes). Any changed assert/expected value = VETO.
|
|
- **Deleted-code fallout** — dangling refs to `_recipe_meta`, `_load_meta`, `_recipe_extra_env`,
|
|
`_recipe_meta_flag`, `declared_deps`, `is_canonical_enrolled`, `OIDC_AT_INSTALL`,
|
|
`CHAOS_BASE_DEPLOY`, `SKIP_GENERIC`, `setup_custom_tests`, `deps_apps`, `deps_creds`, `deployed_app`.
|
|
- **Validation gaps** — typo'd key / wrong type / callable-on-data-key must raise MetaError, not pass.
|
|
- **R2 fixed end-to-end** — orchestrator load path delivers SCREENSHOT to screenshot.py.
|
|
- **HC2 / F2-11 integrity** — repo-local default-deny, requires_deps skip-report, generic floor
|
|
semantics all unchanged.
|
|
|
|
---
|
|
|
|
## Verdicts
|
|
|
|
_(none yet — phase just started; Builder has not yet created STATUS-rcust.md or branch
|
|
`restructure/recipe-custom`. Only the reference spec doc `76a4b6b` has landed. Awaiting first
|
|
`claim(rcust): M1` from the Builder.)_
|