Skip to content

docs(smoke): v1.0.29 final-cut smoke matrix #20

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bilbospocketses merged 1 commit into from
May 31, 2026
Merged

docs(smoke): v1.0.29 final-cut smoke matrix #20

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
138 changes: 138 additions & 0 deletions docs/superpowers/smoke/2026-05-31-v1.0.29-final-cut-smoke.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,138 @@
# v1.0.29 final-cut smoke matrix

Manual ISO build + install smoke for the **v1.0.29** final cut. Fill in `Status` / `Date` / `Notes` as you go.

**Derived from:**
- `docs/superpowers/smoke/2026-05-14-v1.0.3-catalog-and-logging-smoke.md` (P1–P9 + additive A13 / A11-I3)
- `docs/superpowers/smoke/2026-05-12-post-boot-cleanup-smoke.md` (v1.0.1 P1–P9 baseline)

**What v1.0.29 added:** WIM-integrity gate + `Dismount-WindowsImage -Save` retry + synthetic-WIM E2E harness (PR #17). The **WIM-integrity gate itself is covered by the automated `Synthetic`-tagged Pester harness** (`tests/Tiny11.Wim.Synthetic.Tests.ps1`, real DISM, runs in CI) — **no new manual smoke case is needed for it.** This matrix is the existing ISO build/install regression coverage, which is what validates a *final cut*.

**Run context:**
- All `verify-*.ps1` scripts run **elevated** on the target VM (or dev host for `-static`).
- VMs are Hyper-V Gen2, fresh install from a Win11 25H2 source ISO unless "reuse" noted.
- Build via the GUI wizard, or headless: `tiny11options.exe -Source <Win11.iso> -Edition "Windows 11 Pro" -OutputIso <out.iso> [-Config <profile.json>] [-NoPostBootCleanup] [-Core] [-FastBuild]`. (The historical `run-p*.ps1` launcher wrappers were never tracked — they lived in `C:\Temp`.)
- Keep-list profile (tracked): `config/examples/keep-edge-and-clipchamp.json`.

**Source ISO used for this cut:** `__________________________` (e.g. `Win11_25H2_English_x64.iso`)
**Launcher build under test:** v1.0.29 (`tiny11options-win-Setup.exe` from the GitHub Release, or local `launcher/bin/Release/.../tiny11options.exe`)

---

## Status overview

### Regression: P1–P9 (+ P9-static)

| Case | Build mode | Verifies | Helper script + args | VM | Status | Date |
|------|-----------|----------|----------------------|-----|--------|------|
| P1 | Worker, FastBuild, defaults (cleanup **ON**) | Cleanup task registered; first-boot immediate run; idempotency | *(manual — see P1 below)* | Fresh #1 | ⬜ | |
| P2 | (reuse P1 VM) | `tiny11-cleanup.log` 3-trigger narrative (SetupComplete + BootTrigger PT10M + on-demand) | *(manual log inspection)* | reuse P1 | ⬜ | |
| P3 | Worker, FastBuild, **`-NoPostBootCleanup`** | No task/scripts; offline writes still land; appx re-stage proof | `tests/smoke/verify-p3-v103-opportunistic.ps1` | Fresh #2 | ⬜ | |
| P4 | **Core**, FastBuild, defaults (cleanup **ON**) | Both tasks (Keep-WU-Disabled + Cleanup); offline writes; pattern-zero on real CDM IDs | `tests/smoke/verify-p4-v103-core.ps1` | Fresh #3 | ⬜ | |
| P5 | **Core**, FastBuild, **`-NoPostBootCleanup`** | Only Keep-WU-Disabled; offline writes survive; no bg task | `tests/smoke/verify-p5-v103-core-nocleanup.ps1` | Fresh #4 | ⬜ | |
| P6 | (reuse P1 VM) | 52 provisioned-appx clean sweep (install-time CU race) | `tests/smoke/verify-p6.ps1` | reuse P1 | ⬜ | |
| P7 | (reuse P1 VM, + create User2 live) | Per-user fan-out + new-user inheritance (`AdvertisingInfo!Enabled=0` ×3 hives) | *(manual — see P7 below)* | reuse P1 | ⬜ | |
| P8 | Worker, FastBuild, **keep-list** | 4 non-appx action types (filesystem, takeown-and-remove, registry, scheduled-task) | `tests/smoke/verify-p8.ps1` + `-KeptPaths` (see P8 below) | Fresh #5 | ⬜ | |
| P9 | (reuse P8 VM + ISO) | Keep-list contract — runtime arm (1 kept appx + 4 paths + 2 reg keys present; 51/52 absent) | `tests/smoke/verify-p9.ps1` | reuse P8 | ⬜ | |
| P9-static | host-side (P8 ISO) | Keep-list contract — generator scoping (0 forbidden + 5 control patterns in baked script) | `tests/smoke/verify-p9-static.ps1 -IsoPath <P8 ISO>` | dev host | ⬜ | |

### Additive: logging + pattern-zero surfaces

| Case | Surface | Verifies | Status | Date |
|------|---------|----------|--------|------|
| A13-S1 | GUI logging (default) | `<scratch>\tiny11build.log` created with header / `[phase] N% step` markers / success footer | ⬜ | |
| A13-S2 | GUI append | Second build appends (two headers+footers; first run not truncated) | ⬜ | |
| A13-S3 | Headless `--log <path>` | Log created with started-header / phase markers / `finished (exit 0)` footer; console tee'd | ⬜ | |
| A13-S4 | Headless `--log --append` | Second run file ≥ first; two start/finish pairs; first not truncated | ⬜ | |
| A11-I3-S1 | Pattern-zero offline | 🟡 N/A on 25H2 (no source `SubscribedContent-*Enabled` values) — indirect-verified by S2 + build success | ⬜ | |
| A11-I3-S2 | Pattern-zero runtime | Plant `SubscribedContent-FAKE99Enabled=1`, run cleanup task, confirm zeroed to `0x0` | ⬜ | |

**Legend:** ⬜ not run · ✅ PASS · ❌ FAIL · 🟡 N/A (with rationale)

**VM tally:** 5 fresh Gen2 installs (P1, P3, P4, P5, P8) + 2 reuses (P6/P7 on P1; P9 on P8) + 1 host-side static check.

---

## Case detail

### P1 — Worker fresh install, task registered (manual)
- **Build:** Worker, FastBuild, defaults (cleanup ON). ISO: `____________`
- **Checks (elevated, on the VM):**
- `Get-ScheduledTask -TaskPath '\tiny11options\'` → one row `Post-Boot Cleanup`, State `Ready`.
- `Get-ScheduledTaskInfo` on it → `LastTaskResult = 0` (from the SetupComplete immediate run); `NextRunTime` = next daily 03:00.
- **Result:** ⬜ **Notes:**

### P2 — Worker log inspection (manual, reuse P1 VM)
- `Get-Content C:\Windows\Logs\tiny11-cleanup.log -Tail 100` shows SetupComplete immediate run + (later) BootTrigger PT10M + on-demand `Start-ScheduledTask` run; per-item lines report `already` after the first pass (idempotency).
- **Result:** ⬜ **Notes:**

### P3 — Worker `-NoPostBootCleanup`
- **Build:** Worker, FastBuild, `-NoPostBootCleanup`. ISO: `____________`
- **Run:** `tests/smoke/verify-p3-v103-opportunistic.ps1` (negative-evidence: no task, no `tiny11-cleanup.ps1/.xml`, no `SetupComplete.cmd`; positive: 4 new catalog reg writes present, BingNews re-staged, Edge removal permanent, FAKE99 survives 30s).
- **Result:** ⬜ **Notes:**

### P4 — Core defaults (cleanup ON)
- **Build:** Core, FastBuild, defaults. ISO: `____________`
- **Run:** `tests/smoke/verify-p4-v103-core.ps1` (Tests 1–8; Test 7 = pattern-zero zeros a planted FAKE99 on the live SID — if the tail-grep misses it, use the Finding-3 deep-diagnostic recipe: snapshot line count → plant → trigger → 30s → grep across `.log` + `.log.1`).
- **Result:** ⬜ **Notes:**

### P5 — Core `-NoPostBootCleanup`
- **Build:** Core, FastBuild, `-NoPostBootCleanup`. ISO: `____________`
- **Run:** `tests/smoke/verify-p5-v103-core-nocleanup.ps1` (7 tests; Test 5 = the 4 new catalog entries present at first boot proves offline writes survive cleanup-OFF).
- **Result:** ⬜ **Notes:**

### P6 — Install-time CU appx sweep (reuse P1 VM)
- **Run:** `tests/smoke/verify-p6.ps1` → 0 of 52 catalog provisioned-appx present in `Get-AppxPackage -AllUsers` AND `Get-AppxProvisionedPackage -Online`.
- **Result:** ⬜ **Notes:**

### P7 — Per-user fan-out (manual, reuse P1 VM)
- **Setup:** `New-LocalUser User2 -NoPassword` + `Add-LocalGroupMember Users User2`; sign User2 in once to provision, sign out.
- **Trigger:** `Start-ScheduledTask -TaskPath '\tiny11options\' -TaskName 'Post-Boot Cleanup'`; wait 30s.
- **Checks:** `AdvertisingInfo!Enabled = 0` in all three — User1 live HKU, User2 offline `NTUSER.DAT`, `C:\Users\Default\NTUSER.DAT`. Bonus: `Select-String '_Classes' C:\Windows\Logs\tiny11-cleanup.log` → 0 hits.
- **Result:** ⬜ **Notes:**

### P8 — Non-appx action types (keep-list build)
- **Build:** Worker, FastBuild, `-Config config/examples/keep-edge-and-clipchamp.json` (Edge + Clipchamp KEPT). ISO: `____________`
- **Run (elevated, on VM):**
```powershell
tests/smoke/verify-p8.ps1 `
-KeptPaths @('C:\Program Files (x86)\Microsoft\Edge','C:\Program Files (x86)\Microsoft\EdgeUpdate','C:\Program Files (x86)\Microsoft\EdgeCore','C:\Windows\System32\Microsoft-Edge-Webview') `
-KeptScheduledTaskItems @()
```
Expect: OneDriveSetup absent; 3 Edge paths + WebView reframed KEEP (present); 5/5 HKLM registry spot-checks OK; 5/5 scheduled-task removals absent.
- **Result:** ⬜ **Notes:**

### P9 — Keep-list runtime arm (reuse P8 VM)
- **Run:** `tests/smoke/verify-p9.ps1` → 1 kept appx (Clipchamp) + 4 kept paths + 2 kept reg keys PRESENT; 51/51 non-kept catalog appx ABSENT in both installed + provisioned.
- **Result:** ⬜ **Notes:**

### P9-static — Keep-list generator scoping (dev host)
- **Run:** `tests/smoke/verify-p9-static.ps1 -IsoPath <P8 ISO>` → 6 forbidden (kept-item) patterns = 0 matches; 5 control patterns present; `Unregister-ScheduledTask` present (scheduled-task fix baked in).
- **Result:** ⬜ **Notes:**

### A13-S1..S4 — build logging
- **S1 (GUI default):** build with "Log build output" ON → `<scratch>\tiny11build.log` has header + `[phase] N% step` + success footer. ⬜
- **S2 (GUI append):** second build, Append ON → two headers+footers, first not truncated, file grew. ⬜
- **S3 (headless `--log`):** `tiny11options.exe ... --log C:\Temp\headless.log` → started-header, phase markers, `finished (exit 0)` footer, console tee'd. ⬜
- **S4 (headless `--log --append`):** rerun with `--append` → file ≥ S3, two start/finish pairs, first not truncated. ⬜

### A11-I3-S2 — pattern-zero runtime (the load-bearing dynamic-coverage proof)
- On a cleanup-ON VM, pre-trigger: `reg add 'HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' /v SubscribedContent-FAKE99Enabled /t REG_DWORD /d 1 /f`.
- Trigger the cleanup task; then `reg query ... /v SubscribedContent-FAKE99Enabled` → `0x0`, and the cleanup log shows `...SubscribedContent-FAKE99Enabled CORRECTED: '1' -> '0'`.
- **Result:** ⬜ **Notes:**

---

## Expected benign findings (not defects — don't fail the cut on these)
- **Finding 1:** pattern-zero reports `no values matching 'SubscribedContent-*Enabled'` on a fresh 25H2 install — expected (Microsoft no longer pre-populates them). A11-I3-S2's planted FAKE99 is the real proof the enumerator works.
- **Finding 4:** two `Access is denied` stderr lines on `…System32\LogFiles\WMI\RtBackup\*` + `…System32\WebThreatDefSvc\*` during offline catalog apply — SYSTEM-DACL-protected; build exits 0. (Tracked separately as the gated broad-recursion exam.)

## Findings (append `### Finding N — <desc>` as smoke surfaces anything; one `fix(...)` commit per finding)

---

## v1.0.29 sign-off
- [ ] All P1–P9 (+ P9-static) ✅ or 🟡-with-rationale
- [ ] Additive A13-S1..S4 + A11-I3-S2 ✅
- [ ] No unexplained ❌
- **Verdict:** ____________ **Date:** ____________