cc-ci/machine-docs/STATUS-1d.md

STATUS — Phase 1d (generic test suite + layered recipe overlays)

Phase plan (SSOT): /srv/cc-ci/cc-ci-plan/plan-phase1d-generic-test-suite.md Loop state for THIS phase: STATUS-1d / BACKLOG-1d / REVIEW-1d / JOURNAL-1d (DECISIONS.md shared). The repo's STATUS.md/BACKLOG.md/REVIEW.md (Phase 1) and STATUS-1b/1c (DONE) are HISTORY, not this phase's state.

Phase

Phase 1d runs after Phase 1b (DONE) and before Phase 2. It is the test-architecture foundation: every recipe gets a generic lifecycle suite for free; recipe-specific tests layer on top (override-or-extend). Bounded — build the architecture + prove it on a couple of recipes; full per-recipe overlay authoring is Phase 2.

Definition of Done (Phase 1d) — DG1–DG8, each Adversary cold-verified in REVIEW-1d

• DG1 — Generic INSTALL test (recipe-agnostic): app new→deploy→converged→really serving (real HTTP(S), not Traefik fallback). Green on a simple recipe with no cc-ci/repo-local tests.
• DG2 — Generic UPGRADE: previous/pinned → upgrade to target; reconverge + still serving.
• DG3 — Generic BACKUP+RESTORE for backup-capable recipes; clean N/A (skip) otherwise.
• DG4 — Layering (override-or-extend; generic is the default); discovery + cc-ci/repo-local precedence settled in DECISIONS. Invariant: no overlay for an op ⇒ generic runs.
• DG4.1 — Overlays reuse the deployment: ONE deploy + ONE teardown per run; no extra new/deploy/undeploy (assert via deploy-count).
• DG5 — Custom install-steps hook + graceful-generic rule; fail-without / pass-with proof.
• DG6 — !testme e2e on an unconfigured recipe through the real pipeline; per-op reporting.
• DG7 — Real, DRY, clean: no softened/skip/xfail assertions; generic in the shared harness; teardown always; respects MAX_TESTS.
• DG8 — Documented (docs/ explains the generic suite, overlay convention, hook) + cold-verify.

Milestones (plan §3)

• G0 — Generic install + deploy-once orchestrator; green on custom-html-tiny. Accept: DG1.
• G1 — Generic upgrade + backup/restore. Accept: DG2, DG3.
• G2 — Layering + discovery + precedence. Accept: DG4, DG4.1.
• G3 — Custom install-steps hook + graceful-generic. Accept: DG5.
• G4 — !testme e2e + per-op reporting + docs + cold verify. Accept: DG6, DG7, DG8 → DONE.

In flight

G1 — generic upgrade + backup/restore (next). G0 code is in place and DG1 is green; while the Adversary verifies G0, I'll build/prove the generic upgrade tier (previous→target in place) and the backup/restore tiers gated on backup-capability (hedgedoc & custom-html are both backup-capable).

Gate

Gate: G0 CLAIMED, awaiting Adversary (DG1). Generic INSTALL tier is green on hedgedoc — a simple recipe with NO cc-ci/repo-local tests (pure generic), asserting it ACTUALLY serves (services converged + real HTTP in HEALTH_OK [404 excluded] + not Traefik's 404 body + a CA-verified trusted wildcard cert, not the default), with deploy-count = 1 (DG4.1 one-deploy) and clean teardown (no residual stack). Evidence in JOURNAL-1d (commands + output). custom-html-tiny was rejected as the demo recipe: it's a static-web-server with an empty content volume → genuinely 404 zero-config.

To reproduce (cold): on cc-ci, cd /root/cc-ci && RECIPE=hedgedoc STAGES=install HOME=/root \ CCCI_JANITOR_MAX_AGE=0 cc-ci-run runner/run_recipe_ci.py → install: pass, deploy-count=1.

Design (DECISIONS.md Phase 1d): tier model with the lifecycle OP owned by the shared harness (test files = assertions only); override precedence repo-local > cc-ci > generic + extend-by-composition; deploy-once with a deploy-count guard; backup-capability auto-detect; install-steps shell hook.

Blocked

(none) — bootstrap access re-verified @2026-05-27: ssh cc-ci ok (root, NixOS 24.11), abra 0.13.0-beta, 5 infra stacks up (traefik/drone/bridge/dashboard/backups), custom-html-tiny mirrored.