pdurlej/platform

Fork 0

fix(tests): reconcile platform contract expectations #841

Merged

pdurlej merged 2 commits from codex/810-contract-expectations into main

2026-06-26 14:44:38 +02:00

codex commented

2026-06-26 14:15:09 +02:00

Collaborator

Canary status: missing — fire canary 3+3 manually before merge

Canary Context Pack

Product story

Contract tests should defend current platform intent, not stale paths or stale ADR numbers. This keeps future agents from mistrusting correct repo state because old expectations fail.

What changed

Updated deploy-control test expectations to match current compose/apps/compose.yaml legacy-import runtime paths.
Updated Iskra Things contract test to read canonical ADR 0026-wloczykij-gold-vault-and-iskra-promotion-boundary.md after renumbering.

Why it changed

Issue #810 identified two stale test expectations from the Antigravity/Gemini audit.

Files touched

tests/test_deploy_control_cutoff_contract.py
tests/test_iskra_things_sync_contract.py

Relevant context

compose/apps/compose.yaml
decisions/0026-wloczykij-gold-vault-and-iskra-promotion-boundary.md

Runtime evidence

None. Test-only reconciliation; no runtime mutation.

Known constraints

This PR does not change compose paths or ADR content. It only updates tests to match the current canonical sources.

Explicit out-of-scope

Compose/runtime path changes.
ADR renumbering or ADR content edits.
Iskra sync implementation behavior.

Requested decision

Approve merge if CI matches local focused verification.

Merge blockers

If current compose path is wrong, this PR should not merge; open a runtime/design issue instead.
If ADR 0026 is not canonical, this PR should not merge.

Spec sources read

compose/apps/compose.yaml
tests/test_deploy_control_cutoff_contract.py
tests/test_iskra_things_sync_contract.py
decisions/0026-wloczykij-gold-vault-and-iskra-promotion-boundary.md

Verification

python3 -m pytest tests/test_deploy_control_cutoff_contract.py tests/test_iskra_things_sync_contract.py — 47 passed.

Closes #810

Canary status: missing — fire canary 3+3 manually before merge ## Canary Context Pack ### Product story Contract tests should defend current platform intent, not stale paths or stale ADR numbers. This keeps future agents from mistrusting correct repo state because old expectations fail. ### What changed - Updated deploy-control test expectations to match current `compose/apps/compose.yaml` legacy-import runtime paths. - Updated Iskra Things contract test to read canonical ADR `0026-wloczykij-gold-vault-and-iskra-promotion-boundary.md` after renumbering. ### Why it changed Issue #810 identified two stale test expectations from the Antigravity/Gemini audit. ### Files touched - `tests/test_deploy_control_cutoff_contract.py` - `tests/test_iskra_things_sync_contract.py` ### Relevant context - `compose/apps/compose.yaml` - `decisions/0026-wloczykij-gold-vault-and-iskra-promotion-boundary.md` ### Runtime evidence None. Test-only reconciliation; no runtime mutation. ### Known constraints This PR does not change compose paths or ADR content. It only updates tests to match the current canonical sources. ### Explicit out-of-scope - Compose/runtime path changes. - ADR renumbering or ADR content edits. - Iskra sync implementation behavior. ### Requested decision Approve merge if CI matches local focused verification. ### Merge blockers - If current compose path is wrong, this PR should not merge; open a runtime/design issue instead. - If ADR 0026 is not canonical, this PR should not merge. ## Spec sources read - `compose/apps/compose.yaml` - `tests/test_deploy_control_cutoff_contract.py` - `tests/test_iskra_things_sync_contract.py` - `decisions/0026-wloczykij-gold-vault-and-iskra-promotion-boundary.md` ## Verification - `python3 -m pytest tests/test_deploy_control_cutoff_contract.py tests/test_iskra_things_sync_contract.py` — 47 passed. Closes #810

codex added 1 commit

2026-06-26 14:15:09 +02:00

fix(tests): reconcile platform contract expectations

python-ci / Python 3.12 (pull_request) Successful in 42s

Details

canary-required / canary (pull_request) Successful in 17s

Details

base-is-main / guard (pull_request) Successful in 1s

Details

canary-required / collect-diff (pull_request) Successful in 4s

Details

patchwarden-client-dry-run / collect-diff (pull_request) Successful in 4s

Details

patchwarden-pr-sanity / collect-diff (pull_request) Successful in 4s

Details

python-ci / Python 3.11 (pull_request) Successful in 40s

Details

python-ci / Python 3.13 (pull_request) Successful in 43s

Details

patchwarden-client-dry-run / dry-run (pull_request) Successful in 17s

Details

patchwarden-pr-sanity / sanity (pull_request) Successful in 1m27s

Details

cdf8ee7cee

patchwarden commented

2026-06-26 14:19:32 +02:00

First-time contributor

Patchwarden PR sanity

Operator signal: 🛑 STOP - reviewer finding(s) must be addressed or explicitly accepted.

Automerge signal: ❌ NOT READY - no unattended merge or APPROVED review should be published.

Verdict: 🛑 STOP - a model reviewer reported actionable findings.

Next step: Address the reviewer finding(s), or leave a human decision explaining why the risk is accepted.

PR: 841
Commit: 99288e979db551c1b72065ceac749a0339c8fb07
Status: advisory_findings
Reviewer health: findings
Security-sensitive label: missing
Authority: Patchwarden policy signal; branch protection and automerge controller remain merge authority.
Model mix: glm-5.2:cloud, deepseek-v4-pro:cloud, kimi-k2.7-code:cloud

What I checked

Changed files: 2
Deterministic blocker scan: clean
External Forgejo gates: not_reported
Model reviewer lanes: 3
Comment contract: this comment is updated in place via a hidden Patchwarden marker.

Approval Handoff

State: not_ready_reviewer_findings
Action: address reviewer finding(s) or leave a human decision before any unattended approval.
Boundary: branch protection and the automerge controller remain merge authority.

Signal Board

Legend: ✅ evidence is sufficient; 🟡 controller still has work; ⚠️ automation retries first; 🛑/❌ do not approve or merge.

Lane	Signal	Meaning
🧪 Deterministic sanity	✅ `clean`	No deterministic blockers found.
🧩 External Forgejo gates	🟡 `not reported`	No external gate snapshot was included in this report.
🧠 Model reviewers	❌ `findings`	Address reviewer finding(s) before approval.
🛡️ Patchwarden approval	❌ `not_ready_reviewer_findings`	No unattended APPROVED review should be published.
🚦 Unattended automerge	❌ `ineligible`	Outside the narrow safe-docs/status unattended lane.
🙋 Owner attention	🔁 `automation first`	Retry, repair, or inspect automation before asking the owner.

Scope blocker: non-doc/status path(s): tests/test_deploy_control_cutoff_contract.py, tests/test_iskra_things_sync_contract.py
🧭 Merge authority: branch protection and automerge controller remain authoritative.

Required Fixes

No deterministic blockers.

Reviewer Details

Model reviewer lanes

`global-glm` / `glm-5.2:cloud`

Status: ok
Verdict: OK
medium Test expectations now hardcode user-specific runtime path 'pdurlej-platform'
- Evidence: tests/test_deploy_control_cutoff_contract.py: default for PLATFORM_RUNTIME_INTEGRATIONS_DATA_DIR and PLATFORM_RUNTIME_ENV_DIR changed from '/opt/vps-home-platform-infra/...' to '/opt/pdurlej-platform/runtime/legacy-import/...'. Embedding a
- Next: Confirm via compose/apps/compose.yaml that the literal default '/opt/pdurlej-platform/runtime/legacy-import/...' is the canonical default in the source of truth, not a per-developer override. If compose.yaml uses a parameterized/default value, mirror that exactly rather than a resolved personal path
low ADR renumbering from 0023 to 0026 may orphan the original ADR file
- Evidence: tests/test_iskra_things_sync_contract.py: ADR_0023 renamed to ADR_0026 pointing at 'decisions/0026-wloczykij-gold-vault-and-iskra-promotion-boundary.md'. Diff does not show deletion or redirect of the 0023 file.
- Next: Verify decisions/0023-* no longer exists or has been superseded per repo ADR governance; otherwise other references (docs, scripts) may still point at 0023 and silently break.

`global-deepseek` / `deepseek-v4-pro:cloud`

Status: ok
Verdict: OK
Findings: none

`redteam` / `kimi-k2.7-code:cloud`

Status: ok
Verdict: NOT_OK
high Contract test does not enforce absence of whole legacy root mount
- Evidence: tests/test_deploy_control_cutoff_contract.py function test_deploy_control_no_longer_mounts_whole_legacy_root only asserts presence of the two updated subdir volume strings (${PLATFORM_RUNTIME_INTEGRATIONS_DATA_DIR:-/opt/pdurlej-platform/run
- Next: Add a negative assertion that parses each volume entry's source path (before the first ':') and rejects any source equal to the legacy root directory, so only the expected data/integrations and env subdirectories are mounted.

Policy notes

Patchwarden PR sanity is the first merge-lane signal for this PR.
Models produce findings; Patchwarden/policy produces decisions.
Model findings alone do not fail the status check; they require human or agent disposition.
Formal approval is separate from this comment and requires clean reviewer health.
Automerge remains delegated to branch protection and the automerge pilot.

# Patchwarden PR sanity **Operator signal:** 🛑 STOP - reviewer finding(s) must be addressed or explicitly accepted. **Automerge signal:** ❌ NOT READY - no unattended merge or APPROVED review should be published. **Verdict:** 🛑 STOP - a model reviewer reported actionable findings. **Next step:** Address the reviewer finding(s), or leave a human decision explaining why the risk is accepted. - PR: `841` - Commit: `99288e979db551c1b72065ceac749a0339c8fb07` - Status: `advisory_findings` - Reviewer health: `findings` - Security-sensitive label: `missing` - Authority: Patchwarden policy signal; branch protection and automerge controller remain merge authority. - Model mix: `glm-5.2:cloud`, `deepseek-v4-pro:cloud`, `kimi-k2.7-code:cloud` ## What I checked - Changed files: `2` - Deterministic blocker scan: `clean` - External Forgejo gates: `not_reported` - Model reviewer lanes: `3` - Comment contract: this comment is updated in place via a hidden Patchwarden marker. ## Approval Handoff - State: `not_ready_reviewer_findings` - Action: address reviewer finding(s) or leave a human decision before any unattended approval. - Boundary: branch protection and the automerge controller remain merge authority. ## Signal Board - Legend: ✅ evidence is sufficient; 🟡 controller still has work; ⚠️ automation retries first; 🛑/❌ do not approve or merge. | Lane | Signal | Meaning | | --- | --- | --- | | 🧪 Deterministic sanity | ✅ `clean` | No deterministic blockers found. | | 🧩 External Forgejo gates | 🟡 `not reported` | No external gate snapshot was included in this report. | | 🧠 Model reviewers | ❌ `findings` | Address reviewer finding(s) before approval. | | 🛡️ Patchwarden approval | ❌ `not_ready_reviewer_findings` | No unattended APPROVED review should be published. | | 🚦 Unattended automerge | ❌ `ineligible` | Outside the narrow safe-docs/status unattended lane. | | 🙋 Owner attention | 🔁 `automation first` | Retry, repair, or inspect automation before asking the owner. | - Scope blocker: non-doc/status path(s): `tests/test_deploy_control_cutoff_contract.py`, `tests/test_iskra_things_sync_contract.py` 🧭 Merge authority: branch protection and automerge controller remain authoritative. ## Required Fixes No deterministic blockers. ## Reviewer Details <details> <summary>Model reviewer lanes</summary> ### `global-glm` / `glm-5.2:cloud` - Status: `ok` - Verdict: `OK` - **`medium`** Test expectations now hardcode user-specific runtime path 'pdurlej-platform' - Evidence: `tests/test_deploy_control_cutoff_contract.py: default for PLATFORM_RUNTIME_INTEGRATIONS_DATA_DIR and PLATFORM_RUNTIME_ENV_DIR changed from '/opt/vps-home-platform-infra/...' to '/opt/pdurlej-platform/runtime/legacy-import/...'. Embedding a ` - Next: Confirm via compose/apps/compose.yaml that the literal default '/opt/pdurlej-platform/runtime/legacy-import/...' is the canonical default in the source of truth, not a per-developer override. If compose.yaml uses a parameterized/default value, mirror that exactly rather than a resolved personal path - **`low`** ADR renumbering from 0023 to 0026 may orphan the original ADR file - Evidence: `tests/test_iskra_things_sync_contract.py: ADR_0023 renamed to ADR_0026 pointing at 'decisions/0026-wloczykij-gold-vault-and-iskra-promotion-boundary.md'. Diff does not show deletion or redirect of the 0023 file.` - Next: Verify decisions/0023-* no longer exists or has been superseded per repo ADR governance; otherwise other references (docs, scripts) may still point at 0023 and silently break. ### `global-deepseek` / `deepseek-v4-pro:cloud` - Status: `ok` - Verdict: `OK` - Findings: none ### `redteam` / `kimi-k2.7-code:cloud` - Status: `ok` - Verdict: `NOT_OK` - **`high`** Contract test does not enforce absence of whole legacy root mount - Evidence: `tests/test_deploy_control_cutoff_contract.py function test_deploy_control_no_longer_mounts_whole_legacy_root only asserts presence of the two updated subdir volume strings (${PLATFORM_RUNTIME_INTEGRATIONS_DATA_DIR:-/opt/pdurlej-platform/run` - Next: Add a negative assertion that parses each volume entry's source path (before the first ':') and rejects any source equal to the legacy root directory, so only the expected data/integrations and env subdirectories are mounted. </details> ## Policy notes - Patchwarden PR sanity is the first merge-lane signal for this PR. - Models produce findings; Patchwarden/policy produces decisions. - Model findings alone do not fail the status check; they require human or agent disposition. - Formal approval is separate from this comment and requires clean reviewer health. - Automerge remains delegated to branch protection and the automerge pilot.