feat: ORCH-123-bug-staging-runner-assumes-doc #143

The ORCH-115 deterministic staging-runner ran `docker exec` FROM INSIDE the prod
`orchestrator` container, which ships only `openssh-client git curl` — no `docker`
CLI (Dockerfile:11). `Popen(["docker", ...])` hit FileNotFoundError -> a PERMANENT
environment defect that was mis-routed as a code-fail rollback
`deploy-staging -> development` (burning developer-retries). Incident ORCH-116:
every self-hosting task reaching deploy-staging was doomed to a false rollback.

Fix (adr-0049, additive, flag-gated, never-raise, self-hosting scope; the gate /
artifact contract / STAGE_TRANSITIONS / DB schema are byte-for-byte unchanged):

- D1: build_staging_command() wraps the SAME `docker exec ... staging_check.py
  ... --mode stub` in `ssh <user@host> '<...>'` so it runs HOST-SIDE over the
  existing trusted ssh channel (mirror self_deploy / image_freshness). New flag
  staging_runner_exec_host_side (default True). No docker CLI/SDK added to the
  image, docker.sock not used in-container (D2 security).
- D3: three-way classify_staging_outcome (suite-ran / permanent-env /
  transient-infra), disambiguating the exit=1 collision by scanning stderr.
- D4: invariant "infra != code-fail" — permanent-env / exhausted transient-infra
  end in an infra-HOLD (no rollback, no developer-retry), NOT a false FAILED
  rollback (supersedes ORCH-115 D5). A really-executed failing suite still rolls
  back (anti-over-tolerance). R-2 verified: a held deploy-staging task is not
  rolled back by the reconciler.
- D5: prod-like preflight() of the host-side channel at startup (main.lifespan,
  best-effort, never blocks).
- D8: snapshot adds permanent_env / exec_host_side / preflight.

Docs (golden source, same PR): INFRA.md execution-boundary section,
architecture/README.md, CLAUDE.md, CHANGELOG.md, .env.example.

Tests: tests/test_orch123_staging_runner_exec.py (TC-01 mandatory regression
red->green; TC-02..TC-14 + R-2). ORCH-115 anti-drift green (3 tests updated for
the D1/D4/D8 supersession). Full suite: 2131 passed.

Refs: ORCH-123

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

admin added 1 commit 2026-06-16 08:52:24 +03:00

reviewer(ET): auto-commit from reviewer run_id=751

CI / test (push) Successful in 1m14s

Details

CI / test (pull_request) Successful in 1m12s

Details

820e534e77

admin added 1 commit 2026-06-16 08:55:09 +03:00

tester(ET): auto-commit from tester run_id=752

CI / test (push) Successful in 1m7s

Details

CI / test (pull_request) Successful in 1m8s

Details

2b71f3887f

admin added 1 commit 2026-06-16 08:57:50 +03:00

docs(ORCH-123): staging gate log — staging_status SUCCESS (8/10, C9a/C9b infra-waived)

CI / test (push) Successful in 1m15s

Details

CI / test (pull_request) Successful in 1m14s

Details

12e3a9e4f3

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

admin merged commit 9c88fdd85e into main

2026-06-16 09:03:31 +03:00

admin referenced this issue from a commit

2026-06-16 09:03:32 +03:00

Merge pull request 'feat: ORCH-123-bug-staging-runner-assumes-doc' (#143) from feature/ORCH-123-bug-staging-runner-assumes-doc into main

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: admin/orchestrator#143