recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
692e6d2108eebdbaefe3799a501c9abebb6057da
cc-ci/machine-docs/REVIEW-cfold.md
autonomic-bot eedecf4d19
Some checks failed
continuous-integration/drone/push Build is failing
Details
review(cfold): M2 PASS full sweep green
2026-06-13 04:06:40 +00:00

22 KiB
Raw Blame History

REVIEW — Adversary — phase cfold

Adversary-only. Append-only. All verdicts here are cold-verified from a fresh shell + own clone. SSOT for what is being verified: /srv/cc-ci/cc-ci-plan/plan-phase-cfold-custom-folder.md

2026-06-11T22:54Z — Adversary initialized; awaiting Builder M1 claim

Baseline recorded in BACKLOG-cfold.md (pre-migration inventory). No claims pending. Will verify M1 and M2 on Builder claim.

Key break-it probes planned:

  1. Grep codebase for any remaining functional/ or playwright/ folder-name string literals after M1.
  2. Run discovery cold to confirm no test was dropped (count must equal 64 custom test files).
  3. Verify deprecated-alias warning fires when a test is in old folder (per plan §2.1 recommendation).
  4. Confirm from playwright.sync_api references NOT touched (they reference the package, not a folder).
  5. Verify unit tests are updated (test_discovery_phase2.py, test_manifest.py) and still pass.
  6. Confirm manifest.py custom_counts changes correctly (sub will be "custom" not "functional"/"playwright").
  7. Confirm RUNG name "functional" (L4) is NOT renamed — only the folder name changes.
  8. M2: real Drone !testme sweep across all enrolled recipes — same level, same tests, zero leaks.

2026-06-12T00:00Z — No cfold gate claim visible; phase STATUS file missing

  • Cold pull in /srv/cc-ci/cc-ci-adv: git pull --rebase -> Already up to date.
  • machine-docs/STATUS-cfold.md is absent in the shared repo state, so there is no canonical cfold gate claim / WHAT+HOW+EXPECTED+WHERE payload to verify per plan.md §6.1 and the phase kickoff.
  • No ADVERSARY-INBOX.md present. No formal cfold claim pending.
  • Action: notified Builder via machine-docs/BUILDER-INBOX.md to create/populate STATUS-cfold.md before claiming M1 or M2.

2026-06-12T16:00Z — Cold audit: still no cfold claim; repo remains pre-migration

  • Cold rebase in /srv/cc-ci/cc-ci-adv: git pull --rebase -> Already up to date.
  • machine-docs/STATUS-cfold.md is still absent on origin/main; no formal M1/M2 WHAT+HOW+EXPECTED+WHERE payload exists to verify.
  • git log --all --grep='cfold' --grep='custom/' --grep='functional/' --grep='playwright/' shows no Builder-side cfold implementation/claim commits yet; only the Adversary bootstrap/notice commits are present for this phase.
  • Cold tree audit still matches the pre-migration shape: custom tests remain under tests/<recipe>/functional/ and tests/<recipe>/playwright/, and docs/discovery/unit-test literals still reference those folder names.
  • Verdict: no gate claim pending; nothing to PASS/FAIL yet. Waiting for Builder to publish STATUS-cfold.md and a formal M1 or M2 claim.

2026-06-12T16:20Z — M1 PASS

Cold verification from /srv/cc-ci/cc-ci-adv against Builder inputs in machine-docs/STATUS-cfold.md and implementation commit 44e0242:

  • git ls-files "tests/*/custom/test_*.py" | wc -l -> 64
  • git ls-files "tests/*/functional/*" "tests/*/playwright/*" -> no output
  • Per-recipe canonical counts match the phase baseline exactly: bluesky-pds 4, cryptpad 4, custom-html 4, custom-html-tiny 1, discourse 3, drone 1, ghost 4, hedgedoc 2, immich 3, keycloak 3, lasuite-docs 5, lasuite-drive 3, lasuite-meet 3, mailu 3, matrix-synapse 3, mattermost-lts 3, mumble 5, n8n 4, plausible 2, uptime-kuma 4
  • Focused unit suite: nix shell nixpkgs#python311Packages.pytest -c pytest tests/unit/test_discovery.py tests/unit/test_discovery_phase2.py tests/unit/test_manifest.py -q -> 18 passed in 0.11s
  • Deprecated-alias safety probe: a synthetic recipe with legacy functional/ + playwright/ trees still discovers both tests and emits one-line warnings for each deprecated folder.
  • Stale-consumer audit: remaining functional/ / playwright/ literals are only the intentional deprecated-alias docs/tests/discovery references. No live cc-ci test tree remains under those dirs.
  • No test weakening found in the moved custom-test files reviewed at line level. The non-100% rename similarities were docstring/path-comment updates only; assertions and test bodies remained intact.
  • Coverage-preservation proof: normalized (recipe, filename) custom-test set before migration (87928a9, old functional/ + playwright/) exactly matches after migration (44e0242, new custom/): before 64, after 64, missing [], extra [].

Verdict: M1 PASS. The canonical custom/ migration preserves coverage, keeps deprecated aliases loud rather than silent, and updates the expected docs/discovery/manifest/unit-test surfaces.

2026-06-12T22:05:50Z — Idle audit; no M2 claim yet

  • Cold rebase in /srv/cc-ci/cc-ci-adv: git pull --rebase -> Already up to date.
  • machine-docs/STATUS-cfold.md still shows M2 — IN PROGRESS; there is no Gate: M2 — CLAIMED, awaiting Adversary payload to verify yet.
  • No machine-docs/ADVERSARY-INBOX.md is present.
  • Focused stale-consumer audit: remaining functional/ / playwright/ literals are confined to expected phase ledgers plus the intentional deprecated-alias docs/tests/discovery surfaces. No live repo custom-test tree has reappeared under deprecated folders.
  • Recent cfold coordination history is consistent with the ledger: 44e0242 implementation, e1d623a M1 claim, 4b4d665 M1 PASS, 39e53d7 status update into M2 work.

Verdict: no new finding and no gate pending. Waiting for a formal M2 claim or a Builder inbox message.

2026-06-13T03:13:34Z — Idle audit; teardown still clean, no formal M2 claim

  • Cold rebase in /srv/cc-ci/cc-ci-adv completed at wake; shared repo state remains unchanged for cfold.
  • machine-docs/STATUS-cfold.md still shows ## M2 — IN PROGRESS; there is still no Gate: M2 — CLAIMED, awaiting Adversary WHAT/HOW/EXPECTED/WHERE payload to verify.
  • No inbox side-channel files are present for Adversary consumption; specifically, machine-docs/ADVERSARY-INBOX.md is absent.
  • Independent cold live-host teardown check remains clean:
    • ssh cc-ci 'printf "live_pr_apps="; docker stack ls --format "{{.Name}}" | grep -c -- "-pr" || true' -> live_pr_apps=0

Verdict: no new finding and no gate pending. Waiting for a formal M2 claim or a Builder inbox message.

2026-06-13T03:54:03Z — Idle audit; teardown still clean, no formal M2 claim

  • Cold rebase in /srv/cc-ci/cc-ci-adv completed before this audit; current shared state still shows ## M2 — IN PROGRESS in machine-docs/STATUS-cfold.md and no Gate: M2 — CLAIMED, awaiting Adversary WHAT/HOW/EXPECTED/WHERE payload to verify.
  • No inbox side-channel files are present for Adversary consumption; specifically, machine-docs/ADVERSARY-INBOX.md is absent.
  • Independent cold live-host teardown check remains clean:
    • ssh cc-ci 'printf "live_pr_apps="; docker stack ls --format "{{.Name}}" | grep -c -- "-pr" || true' -> live_pr_apps=0

Verdict: no new finding and no gate pending. Waiting for a formal M2 claim or a Builder inbox message.

2026-06-13T03:33:37Z — Idle audit; teardown still clean, no formal M2 claim

  • Cold rebase in /srv/cc-ci/cc-ci-adv: git pull --rebase -> Already up to date.
  • machine-docs/STATUS-cfold.md still shows ## M2 — IN PROGRESS; there is still no Gate: M2 — CLAIMED, awaiting Adversary WHAT/HOW/EXPECTED/WHERE payload to verify.
  • No inbox side-channel files are present for Adversary consumption; specifically, machine-docs/ADVERSARY-INBOX.md is absent.
  • Independent cold live-host teardown check remains clean:
    • ssh cc-ci 'printf "live_pr_apps="; docker stack ls --format "{{.Name}}" | grep -c -- "-pr" || true' -> live_pr_apps=0

Verdict: no new finding and no gate pending. Waiting for a formal M2 claim or a Builder inbox message.

2026-06-13T04:11:00Z — M2 PASS

Cold verification from /srv/cc-ci/cc-ci-adv against Builder inputs in machine-docs/STATUS-cfold.md and claim commit abe5e33:

  • Drone build metadata check:
    • ssh cc-ci 'tok=$(cat /run/secrets/bridge_drone_token); curl -fsS -H "Authorization: Bearer $tok" https://drone.ci.commoninternet.net/api/repos/recipe-maintainers/cc-ci/builds/585 | jq -r "[.number,.status,.after,.params.RECIPE,.params.PR,.params.REF] | @tsv"'
    • -> 585 success d44f799de945d0775933aad58726d46509154a64 ghost 5 d42d0f7c7cf9946077a583ffa3f7c96abfe94a77
  • Ghost real-CI run artifact check:
    • ssh cc-ci 'jq -r "{level,recipe,ref,results,stages:(.stages|map({name,status}))}" /var/lib/cc-ci-runs/585/results.json'
    • -> level: 5, recipe: ghost, ref: d42d0f7c7cf9, results.install=pass, results.upgrade=pass, results.backup=pass, results.restore=pass, results.custom=pass; stages install, upgrade, backup, restore, custom, lint all pass
  • Ghost junit counts match the expected custom coverage and upgrade execution:
    • ssh cc-ci 'printf "ghost custom junit="; ls /var/lib/cc-ci-runs/585/junit/custom__cc-ci__*.xml | wc -l; printf " ghost upgrade junit="; ls /var/lib/cc-ci-runs/585/junit/upgrade*.xml | wc -l'
    • -> ghost custom junit=4, ghost upgrade junit=2
  • Focused same-code-path repro after the fix is green:
    • ssh cc-ci 'jq -r ".results, .stages" /var/lib/cc-ci-runs/ghost-repro-cfold-3/results.json'
    • -> install: pass, upgrade: pass; the upgrade stage contains both the generic reconvergence test and tests.ghost.test_upgrade::test_upgrade_preserves_state
  • Full sweep matrix audit remains green at the expected level/custom counts for all 20 enrolled recipes:
    • ssh cc-ci 'for spec in ...; do ...; done'
    • -> bluesky-pds 556 level=5/5 custom=4/4, cryptpad 554 5/5 4/4, custom-html 541 5/5 4/4, custom-html-tiny 510 5/5 1/1, discourse 521 5/5 3/3, drone 506 5/5 1/1, ghost 585 5/5 4/4, hedgedoc 555 5/5 2/2, immich 522 5/5 3/3, keycloak 553 5/5 3/3, lasuite-docs 523 5/5 5/5, lasuite-drive 524 5/5 3/3, lasuite-meet 525 5/5 3/3, mailu 526 5/5 3/3, matrix-synapse 527 5/5 3/3, mattermost-lts 529 5/5 3/3, mumble 558 5/5 5/5, n8n 528 5/5 4/4, plausible 530 5/5 2/2, uptime-kuma 531 5/5 4/4
  • Teardown remains clean after the sweep:
    • ssh cc-ci 'printf "live_pr_apps="; docker stack ls --format "{{.Name}}" | grep -c -- "-pr" || true'
    • -> live_pr_apps=0
  • Focused source audit of the final Ghost fix:
    • git diff ee6b613..d44f799 -- tests/ghost/compose.ccci.yml
    • shows the app-side race mitigation changed from a restart delay to a tiny DB-ready TCP wait wrapped around the existing /abra-entrypoint.sh node current/index.js boot path, with the pre-existing 15m app/db healthcheck grace preserved.

Verdict: M2 PASS. The cfold phase now has a green full real-CI !testme sweep with unchanged L5 outcomes and expected canonical custom-test coverage across all enrolled recipes, plus zero leaked live -pr stacks. Fresh M1 and M2 PASSes are both present within 24h.

2026-06-12T22:25:33Z — Idle break-it audit; still no M2 claim

  • Cold rebase in /srv/cc-ci/cc-ci-adv: git pull --rebase -> Already up to date.
  • machine-docs/STATUS-cfold.md still shows ## M2 — IN PROGRESS; there is still no Gate: M2 — CLAIMED, awaiting Adversary WHAT/HOW/EXPECTED/WHERE handoff to verify.
  • No machine-docs/ADVERSARY-INBOX.md is present.
  • Recent cfold history is consistent and unchanged since the last audit: 44e0242 implementation, e1d623a M1 claim, 4b4d665 M1 PASS, 39e53d7 M2-in-progress status, 93f56ae prior idle audit.
  • Focused stale-consumer/break-it audit: no live cc-ci recipe custom-test tree has reappeared under deprecated functional/ or playwright/ dirs; remaining matches are confined to intentional alias references in docs/unit tests/discovery and the phase ledgers recording the migration history.

Verdict: no new finding and no gate pending. Waiting for a formal M2 claim or a Builder inbox message.

2026-06-12T22:41:00Z — Cold artifact audit after Builder M2 sweep snapshot; still no M2 claim

  • Cold rebase in /srv/cc-ci/cc-ci-adv: git pull --rebase -> fast-forward to d24bb8f (status(cfold): record M2 sweep snapshot).
  • machine-docs/STATUS-cfold.md still shows ## M2 — IN PROGRESS; there is still no Gate: M2 — CLAIMED, awaiting Adversary WHAT/HOW/EXPECTED/WHERE handoff to verify, so no M2 PASS/FAIL verdict is available yet.
  • Independent cold check of the blocking ghost deviation on the live cc-ci host is consistent with the Builder's status note and points away from cfold itself:
    • ssh cc-ci "jq '{level, recipe, stages: (.stages | map({name, status}))}' /var/lib/cc-ci-runs/557/results.json" -> level: 1, recipe: ghost, stages present and passing for install, backup, restore, custom, lint.
    • ssh cc-ci "jq '{level, recipe, stages: (.stages | map({name, status}))}' /var/lib/cc-ci-runs/559/results.json" -> same shape: level: 1, recipe: ghost, same five passing stages.
    • ssh cc-ci "grep -R -n 'd88f5801' /var/lib/cc-ci-runs/557/abra/recipes/ghost/.git" shows build 557 checked out Ghost head d88f580188c145b04484074079ddf6f37662d3a1.
    • ssh cc-ci "grep -R -n 'd42d0f7c' /var/lib/cc-ci-runs/559/abra/recipes/ghost/.git" shows build 559 checked out the probe ref d42d0f7c7cf9946077a583ffa3f7c96abfe94a77.
    • ssh cc-ci "printf 'build557 custom junit count='; ls /var/lib/cc-ci-runs/557/junit/custom__cc-ci__*.xml | wc -l; printf 'build557 upgrade junit count='; ls /var/lib/cc-ci-runs/557/junit/upgrade*.xml 2>/dev/null | wc -l" -> build557 custom junit count=4, build557 upgrade junit count=0.
    • ssh cc-ci "printf 'build559 custom junit count='; ls /var/lib/cc-ci-runs/559/junit/custom__cc-ci__*.xml | wc -l; printf 'build559 upgrade junit count='; ls /var/lib/cc-ci-runs/559/junit/upgrade*.xml 2>/dev/null | wc -l" -> build559 custom junit count=4, build559 upgrade junit count=0.
  • Interpretation: both fresh Ghost runs executed the canonical tests/ghost/custom/test_*.py set (4 junit files) and failed before any upgrade-tier junit artifact was produced. That supports the Builder's current statement that Ghost is an upgrade-path regression, not a custom-folder coverage loss.

Verdict: no new finding from this cold audit, but M2 is not passable yet. The phase still lacks both the formal claim(cfold): M2 ... handoff and the required all-green full sweep (ghost remains non-green).

2026-06-12T23:00:00Z — Idle audit; still no formal M2 claim

  • Cold rebase in /srv/cc-ci/cc-ci-adv: git pull --rebase -> Already up to date.
  • machine-docs/STATUS-cfold.md still shows ## M2 — IN PROGRESS; there is still no Gate: M2 — CLAIMED, awaiting Adversary WHAT/HOW/EXPECTED/WHERE payload to verify.
  • No machine-docs/ADVERSARY-INBOX.md is present.
  • Current ledger still points to the same blocker for a future M2 claim: ghost remains the lone non-green recipe in the full sweep, and the latest recorded evidence continues to indicate a cfold-neutral upgrade-path failure rather than custom-test discovery loss.

Verdict: no new finding and no gate pending. Waiting for a formal M2 claim or a Builder inbox message.

2026-06-12T23:45:11Z — Cold Ghost follow-up audit; still no formal M2 claim

  • Cold rebase in /srv/cc-ci/cc-ci-adv: git pull --rebase -> Already up to date.
  • machine-docs/STATUS-cfold.md still shows ## M2 — IN PROGRESS; there is still no Gate: M2 — CLAIMED, awaiting Adversary WHAT/HOW/EXPECTED/WHERE payload to verify.
  • Independent cold artifact check on cc-ci continues to support the Builder's current framing of the lone remaining ghost deviation as cfold-neutral rather than a custom-tier discovery drop:
    • ssh cc-ci "jq '{level, recipe, stages: (.stages | map({name, status}))}' /var/lib/cc-ci-runs/557/results.json" -> level: 1, recipe: ghost, passing stages only for install, backup, restore, custom, lint.
    • ssh cc-ci "jq '{level, recipe, stages: (.stages | map({name, status}))}' /var/lib/cc-ci-runs/559/results.json" -> same shape: level: 1, recipe: ghost, same five passing stages.
    • ssh cc-ci "printf '557 custom='; ls /var/lib/cc-ci-runs/557/junit/custom__cc-ci__*.xml | wc -l; printf ' 557 upgrade='; ls /var/lib/cc-ci-runs/557/junit/upgrade*.xml 2>/dev/null | wc -l; printf ' 559 custom='; ls /var/lib/cc-ci-runs/559/junit/custom__cc-ci__*.xml | wc -l; printf ' 559 upgrade='; ls /var/lib/cc-ci-runs/559/junit/upgrade*.xml 2>/dev/null | wc -l; printf ' 185 custom='; ls /var/lib/cc-ci-runs/185/junit/custom__cc-ci__*.xml | wc -l; printf ' 185 upgrade='; ls /var/lib/cc-ci-runs/185/junit/upgrade*.xml 2>/dev/null | wc -l" -> 557 custom=4 557 upgrade=0 559 custom=4 559 upgrade=0 185 custom=4 185 upgrade=2.
    • ssh cc-ci "printf '557 ref='; grep -R -n 'd88f5801' /var/lib/cc-ci-runs/557/abra/recipes/ghost/.git | wc -l; printf ' 559 ref='; grep -R -n 'd42d0f7c' /var/lib/cc-ci-runs/559/abra/recipes/ghost/.git | wc -l" -> both runs confirm the expected checked-out Ghost refs are present in the run artifacts.
  • Interpretation: fresh runs 557 and 559 still execute the canonical four-file tests/ghost/custom/ set, but fail before producing any upgrade-tier junit files. Historical run 185 has both the same four custom junit files and two upgrade junit files, reinforcing that the regression remains in the Ghost upgrade path rather than in cfold's custom-folder migration.

Verdict: no new finding and no gate pending. M2 still cannot PASS until the sweep is formally claimed and all recipes are green.

2026-06-13T00:23:55Z — Cold M2 artifact/teardown audit; still no formal M2 claim

  • Cold rebase in /srv/cc-ci/cc-ci-adv: git pull --rebase -> fast-forward to fb8762a.
  • machine-docs/STATUS-cfold.md still shows ## M2 — IN PROGRESS; there is still no Gate: M2 — CLAIMED, awaiting Adversary WHAT/HOW/EXPECTED/WHERE payload to verify.
  • Independent cold audit on cc-ci of the sweep builds listed in the current M2 baseline matrix: ssh cc-ci 'for spec in ...; do ...; done' confirms every listed build still has the expected canonical custom-test junit count for its recipe.
  • The same audit confirms recipe levels remain 5/5 for every listed recipe except ghost, which is still 1/5 on build 557 while retaining the full expected custom junit count 4/4.
  • Teardown state is currently clean: ssh cc-ci 'docker stack ls --format "{{.Name}}" | grep -c -- "-pr" || true' -> live_pr_apps=0.

Verdict: no new finding from this cold audit, but M2 is still not claimable/passable. The sweep evidence continues to support coverage preservation across all recipes while ghost remains the lone non-green, apparently cfold-neutral blocker, and there are no leaked live -pr stacks at present.

2026-06-13T00:40:00Z — Cold bridge replay-fix audit; still no formal M2 claim

  • Cold rebase in /srv/cc-ci/cc-ci-adv: git pull --rebase -> fast-forward to 07cce4e.
  • machine-docs/STATUS-cfold.md still shows ## M2 — IN PROGRESS; there is still no Gate: M2 — CLAIMED, awaiting Adversary WHAT/HOW/EXPECTED/WHERE payload to verify.
  • No machine-docs/ADVERSARY-INBOX.md is present.
  • Independent cold source audit of the newly pulled bridge replay fix:
    • bridge/bridge.py now guards the poller with _is_preexisting_comment() so a reopened PR cannot replay historical !testme comments created before the current bridge process started.
    • poll_loop() marks such comments seen via _claim(cid) instead of triggering them.
  • Focused unit verification from the adversary clone:
    • nix shell nixpkgs#python311Packages.pytest -c pytest tests/unit/test_bridge_trigger.py -q -> 10 passed in 0.04s
    • The unit coverage includes both sides of the new timestamp guard: test_preexisting_comment_from_before_bridge_start_is_ignored and test_comment_after_bridge_start_is_not_treated_as_preexisting.

Verdict: no new finding from this cold audit. The replay-guard fix appears consistent with the Ghost triple-trigger root cause described in STATUS-cfold.md, but M2 is still not claimable/passable because there is no formal claim and the Ghost recipe remains non-green.

2026-06-13T02:12:23Z — Idle audit; still no formal M2 claim

  • Cold rebase in /srv/cc-ci/cc-ci-adv: git pull --rebase -> Already up to date.
  • machine-docs/STATUS-cfold.md still shows ## M2 — IN PROGRESS; there is still no Gate: M2 — CLAIMED, awaiting Adversary WHAT/HOW/EXPECTED/WHERE payload to verify.
  • No inbox side-channel files are present in machine-docs/; specifically, no machine-docs/ADVERSARY-INBOX.md message is waiting.
  • Independent repo-side gate search also finds no fresh awaiting Adversary marker for cfold.

Verdict: no new finding and no gate pending. Waiting for a formal M2 claim or a Builder inbox message.

2026-06-13T02:31:55Z — Idle audit; teardown still clean, no formal M2 claim

  • Cold rebase in /srv/cc-ci/cc-ci-adv completed before this audit; current shared state still shows ## M2 — IN PROGRESS in machine-docs/STATUS-cfold.md and no Gate: M2 — CLAIMED, awaiting Adversary WHAT/HOW/EXPECTED/WHERE payload to verify.
  • No inbox side-channel files are present in machine-docs/; specifically, no machine-docs/ADVERSARY-INBOX.md message is waiting.
  • Independent cold live-host teardown check remains clean:
    • ssh cc-ci 'printf "live_pr_apps="; docker stack ls --format "{{.Name}}" | grep -c -- "-pr" || true' -> live_pr_apps=0

Verdict: no new finding and no gate pending. Waiting for a formal M2 claim or a Builder inbox message.

2026-06-13T02:52:34Z — Idle audit; teardown still clean, no formal M2 claim

  • Cold rebase in /srv/cc-ci/cc-ci-adv: git pull --rebase -> Already up to date.
  • machine-docs/STATUS-cfold.md still shows ## M2 — IN PROGRESS; there is still no Gate: M2 — CLAIMED, awaiting Adversary WHAT/HOW/EXPECTED/WHERE payload to verify.
  • No inbox side-channel files are present for Adversary consumption; specifically, machine-docs/ADVERSARY-INBOX.md is absent.
  • Independent cold live-host teardown check remains clean:
    • ssh cc-ci 'printf "live_pr_apps="; docker stack ls --format "{{.Name}}" | grep -c -- "-pr" || true' -> live_pr_apps=0

Verdict: no new finding and no gate pending. Waiting for a formal M2 claim or a Builder inbox message.