profit/golangLAKEHOUSE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: Phase G0 kickoff — Kimi K2.6 cross-lineage review pass

Browse Source 
Second-pass review via opencode/kimi-k2.6 (different lineage than
Opus 4.7 used in the first pass) caught 2 BLOCKs that Opus missed —
and that the Opus-pass fixes themselves introduced:

- K1: D0.6 used `go install pkg@latest` to verify cgo, but that
  command requires a main package; duckdb-go/v2 is a library, so
  the verification fails BEFORE exercising cgo and could pass on a
  broken-cgo box. Replaced with a real compile-and-run smoke
  (tmp module + 5-line main.go that imports + calls sql.Open).
- K2: Gateway stubbed /v1/ingest and /v1/sql in D1.10, but ingestd
  serves /ingest and queryd serves /sql. httputil.NewSingleHostReverseProxy
  preserves the inbound path by default — D6.1 now specifies a
  custom Director that strips the /v1 prefix before forwarding.

Demonstrates the cross-lineage rotation value: one model's review
of the original ≠ different model's review of the post-fix version.
Same dynamic the Rust auditor exploits with Kimi/Haiku/Opus.

Disposition table appended below the Opus pass for full audit trail.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Claw 2026-04-28 06:50:54 -05:00
parent ed3ccf7c53
commit a74fdb1204
1 changed files with 42 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
docs/PHASE_G0_KICKOFF.md
View File

@ -24,7 +24,7 @@ Done by an operator with sudo on the dev box. ~15 minutes.
| 0.3 | Install cgo toolchain: `apt install build-essential` | `gcc --version` works |
| 0.4 | Clone repo: `git clone https://git.agentview.dev/profit/golangLAKEHOUSE.git` | `cd golangLAKEHOUSE && go version` from inside |
| 0.5 | Bring up MinIO locally (or point at existing) | `mc ls local/` lists buckets, or whatever the dev S3 is |
| 0.6 | Verify DuckDB cgo path: `go install github.com/duckdb/duckdb-go/v2@latest` against an empty module — succeeds on Linux x86_64/arm64 via static-linked duckdb-go-bindings; on unsupported platforms surface this here, not on Day 5 | install exits 0 |
| 0.6 | Verify DuckDB cgo path with a real compile-and-run smoke (NOT `go install pkg@latest` — that requires a main package and would fail on the duckdb library before exercising cgo). Steps: `mkdir /tmp/duckdb-smoke && cd /tmp/duckdb-smoke && go mod init smoke && go get github.com/duckdb/duckdb-go/v2 && cat > main.go <<<'package main; import (_ "github.com/duckdb/duckdb-go/v2"; "database/sql"); func main(){db,_:=sql.Open("duckdb","");db.Ping();db.Close()}' && go run main.go` — proves cgo linker chain + static-linked duckdb-go-bindings work on this platform | exits 0, no link errors |
**Day 0 acceptance:** `go version` shows 1.23+, `gcc --version` works,
MinIO reachable on `localhost:9000`, the cgo smoke install above
@ -143,7 +143,7 @@ workers_500k WHERE state='IL' GROUP BY role` returns expected rows.
| # | What |
|---|---|
| 6.1 | Promote `cmd/gateway/main.go` `/v1/ingest` + `/v1/sql` from D1.10 stubs (501) to real reverse-proxies via `httputil.NewSingleHostReverseProxy` to ingestd / queryd. Multipart forwarding for `/v1/ingest` is the riskiest hop — verify form parts pass through with the file body intact |
| 6.1 | Promote `cmd/gateway/main.go` `/v1/ingest` + `/v1/sql` from D1.10 stubs (501) to real reverse-proxies. `httputil.NewSingleHostReverseProxy` preserves the inbound path by default, so the proxy must use a custom `Director` (or `Rewrite`) that strips the `/v1` prefix before forwarding — otherwise the call lands on `ingestd:3203/v1/ingest` which doesn't exist (ingestd serves `/ingest`, queryd serves `/sql`). Multipart forwarding for `/v1/ingest` is the riskiest hop — verify form parts pass through with the file body intact |
| 6.2 | Smoke script `scripts/g0_smoke.sh`: spin up MinIO + 5 services, ingest, query, assert row count |
| 6.3 | Run smoke against `workers_500k.csv` end-to-end |
| 6.4 | Capture timing — total ingest + query latency, file size, peak memory |
@ -237,8 +237,47 @@ fixes above were applied. Findings dispositioned below.
| I1 | `go mod tidy` before any imports is a trivial-true verification | **Fixed** — D0.6 re-purposed for the cgo smoke; tidy verification moved to D1 acceptance | D0.6 + D1 acceptance |
| I2 | Filing ADRs *after* the work is done inverts the usual pattern | **Fixed** — D7.3 reframed: ADR stubs go in at the start of D4/D5 so reviewers can object in-flight; D7.3 just finalizes them | D7.3 |
### Net change
### Net change (Opus pass)
7 of 9 findings produced inline plan edits; 2 deferred to post-G0
follow-up issues (W1 orphan GC, W3 shared-server refactor) with the
deferral itself documented. No findings dismissed as confabulation.
---
## Self-review — second pass via Kimi K2.6 (cross-lineage)
Reviewer: `opencode/kimi-k2.6` via the same gateway path. Run on the
post-Opus-fix doc to surface what a different model lineage catches.
Per the Rust-era cross-lineage rotation pattern, Kimi tends to ground
on textual specifics where Opus surfaces architectural shape — both
lenses are useful.
Kimi's output was discursive (pre-format thinking rather than the
requested BLOCK/WARN/INFO bullets), but two concrete catches landed —
both BLOCKs that Opus missed and that the Opus-pass fixes themselves
introduced.
### BLOCK — both real, both fixed inline
| # | Finding | Disposition | Fix location |
|---|---|---|---|
| K1 | Opus's BLOCK B1 fix used `go install github.com/duckdb/duckdb-go/v2@latest` to verify cgo, but `go install pkg@version` requires a `main` package — duckdb-go/v2 is a library, so the command fails with "not a main package" *before* the cgo linker chain is exercised. The verification can pass on a broken-cgo box. | **Fixed** — D0.6 now creates a temporary module + a 5-line `main.go` that imports duckdb-go/v2 and calls `sql.Open("duckdb","")`, then `go run`s it — actually compiles + executes with cgo | D0.6 |
| K2 | Path mismatch: D1.10 stubs `/v1/ingest` and `/v1/sql` on the gateway, but D4 has ingestd serving `/ingest` and D5 has queryd serving `/sql`. D6.1's `httputil.NewSingleHostReverseProxy` preserves the inbound path by default, so the proxy would forward to `ingestd:3203/v1/ingest` which doesn't exist. Smoke would fail on D6 with a 404 on the backend, not the gateway. | **Fixed** — D6.1 now specifies a custom `Director` that strips the `/v1` prefix before forwarding | D6.1 |
### WARN — none extracted (Kimi response truncated at this section)
The remaining response stream considered D2.4 `MaxBytesReader` semantics
and D3 manifest registry concurrency, but cut off before producing
structured findings. A third pass could be run if more lineage
coverage is wanted — for now, two BLOCKs fixed is the cross-lineage
delta.
### Net change (Kimi pass)
2 BLOCKs landed, both fixed inline. Both were *introduced by Opus-pass
fixes* — illustrating exactly why cross-lineage rotation matters: one
model's review of the original is not the same as a different model's
review of the post-fix version. The Rust auditor's Kimi/Haiku/Opus
rotation captures this dynamic; today's two-pass doc review reproduces
it on a much smaller scale.