cc-ci/machine-docs/STATUS-1d.md

# STATUS — Phase 1d (generic test suite + layered recipe overlays)

**Phase plan (SSOT):** `/srv/cc-ci/cc-ci-plan/plan-phase1d-generic-test-suite.md`
**Loop state for THIS phase:** STATUS-1d / BACKLOG-1d / REVIEW-1d / JOURNAL-1d (DECISIONS.md shared).
The repo's STATUS.md/BACKLOG.md/REVIEW.md (Phase 1) and STATUS-1b/1c (DONE) are HISTORY, not this
phase's state.

## Phase
Phase 1d runs after Phase 1b (DONE) and before Phase 2. It is the **test-architecture foundation**:
every recipe gets a generic lifecycle suite for free; recipe-specific tests layer on top
(override-or-extend). Bounded — build the architecture + prove it on a couple of recipes; full
per-recipe overlay authoring is Phase 2.

## Definition of Done (Phase 1d) — DG1–DG8, each Adversary cold-verified in REVIEW-1d
- [ ] **DG1** — Generic INSTALL test (recipe-agnostic): app new→deploy→converged→really serving
      (real HTTP(S), not Traefik fallback). Green on a simple recipe with no cc-ci/repo-local tests.
- [ ] **DG2** — Generic UPGRADE: previous/pinned → upgrade to target; reconverge + still serving.
- [ ] **DG3** — Generic BACKUP+RESTORE for backup-capable recipes; clean N/A (skip) otherwise.
- [ ] **DG4** — Layering (override-or-extend; generic is the default); discovery + cc-ci/repo-local
      precedence settled in DECISIONS. Invariant: no overlay for an op ⇒ generic runs.
- [ ] **DG4.1** — Overlays reuse the deployment: ONE deploy + ONE teardown per run; no extra
      new/deploy/undeploy (assert via deploy-count).
- [ ] **DG5** — Custom install-steps hook + graceful-generic rule; fail-without / pass-with proof.
- [ ] **DG6** — `!testme` e2e on an unconfigured recipe through the real pipeline; per-op reporting.
- [ ] **DG7** — Real, DRY, clean: no softened/skip/xfail assertions; generic in the shared harness;
      teardown always; respects MAX_TESTS.
- [ ] **DG8** — Documented (docs/ explains the generic suite, overlay convention, hook) + cold-verify.

## Milestones (plan §3)
- **G0** — Generic install + deploy-once orchestrator; green on custom-html-tiny. *Accept: DG1.*
- **G1** — Generic upgrade + backup/restore. *Accept: DG2, DG3.*
- **G2** — Layering + discovery + precedence. *Accept: DG4, DG4.1.*
- **G3** — Custom install-steps hook + graceful-generic. *Accept: DG5.*
- **G4** — `!testme` e2e + per-op reporting + docs + cold verify. *Accept: DG6, DG7, DG8 → DONE.*

## In flight
**G1 — generic upgrade + backup/restore (next).** G0 code is in place and DG1 is green; while the
Adversary verifies G0, I'll build/prove the generic upgrade tier (previous→target in place) and the
backup/restore tiers gated on backup-capability (hedgedoc & custom-html are both backup-capable).

## Gate
**Gate: G0 CLAIMED, awaiting Adversary (DG1).** Generic INSTALL tier is green on **hedgedoc** —
a simple recipe with NO cc-ci/repo-local tests (pure generic), asserting it ACTUALLY serves (services
converged + real HTTP in HEALTH_OK [404 excluded] + not Traefik's 404 body + a CA-verified trusted
wildcard cert, not the default), with **deploy-count = 1** (DG4.1 one-deploy) and clean teardown
(no residual stack). Evidence in JOURNAL-1d (commands + output). custom-html-tiny was rejected as the
demo recipe: it's a static-web-server with an empty content volume → genuinely 404 zero-config.

To reproduce (cold): on cc-ci, `cd /root/cc-ci && RECIPE=hedgedoc STAGES=install HOME=/root \
CCCI_JANITOR_MAX_AGE=0 cc-ci-run runner/run_recipe_ci.py` → install: pass, deploy-count=1.

Design (DECISIONS.md Phase 1d): tier model with the lifecycle OP owned by the shared harness (test
files = assertions only); override precedence repo-local > cc-ci > generic + extend-by-composition;
deploy-once with a deploy-count guard; backup-capability auto-detect; install-steps shell hook.

## Blocked
(none) — bootstrap access re-verified @2026-05-27: ssh cc-ci ok (root, NixOS 24.11), abra 0.13.0-beta,
5 infra stacks up (traefik/drone/bridge/dashboard/backups), custom-html-tiny mirrored.