Primary bead: asupersync-umelq.18.5
Prevent reliability decay in Browser Edition verification by enforcing:
- deterministic flake detection,
- automated quarantine tracking with SLA ownership,
- release-blocking quality thresholds,
- replay-first incident forensics and reactivation criteria.
- Detect instability with deterministic replay suites.
- Quarantine unstable suites with explicit owner, severity, SLA, and replay pointer.
- Triage using incident-forensics workflow and deterministic trace artifacts.
- Reactivate only after policy-defined stable rerun evidence.
Canonical commands:
scripts/run_semantic_flake_detector.sh --iterations 5 --json
bash scripts/check_semantic_signal_quality.sh \
--report target/semantic-verification/verification_report.json \
--dashboard target/semantic-verification/flake/latest/variance_dashboard.json \
--output target/semantic-verification/signal-quality/signal_quality_report.json
python3 ./scripts/check_wasm_flake_governance.py --policy .github/wasm_flake_governance_policy.json
python3 ./scripts/evaluate_wasm_pilot_cohort.py \
--telemetry-input artifacts/pilot/pilot_observability_events.json \
--telemetry-output artifacts/pilot/pilot_observability_summary.json \
--telemetry-log-output artifacts/pilot/pilot_observability_alerts.ndjsonRelease-blocking thresholds (.github/wasm_flake_governance_policy.json):
max_flake_rate_pct = 0.0max_false_positive_rate_pct = 5.0max_unresolved_high_severity_flakes = 0max_unresolved_critical_severity_flakes = 0max_critical_test_failures = 0
If any threshold is breached, the governance checker exits non-zero.
Pilot operations note:
pilot_observability_summary.jsonmust reportstatus=passandci_parity_ok=true.- alert logs must contain owner routing and replay pointers for every breach.
Manifest path:
artifacts/wasm_flake_quarantine_manifest.json
Manifest schema:
schema_version = wasm-flake-quarantine-v1entries[]required fields:id,suite,severity,status,owner,opened_at_utc,sla_hoursreplay_command,trace_pointer,reactivation_criteria
Allowed status values:
openresolvedreactivated
Severity SLAs (hours):
critical: 24high: 72medium: 168
Open entries exceeding SLA or unresolved high/critical entries block release.
Use deterministic browser-incident drills to investigate and classify failures:
bash ./scripts/run_all_e2e.sh --suite wasm-incident-forensics
TEST_SEED=4242 bash ./scripts/test_wasm_incident_forensics_e2e.sh
python3 ./scripts/check_incident_forensics_playbook.pyFor direct replay bundle triage, use the replay command template from docs/replay-debugging.md with rch offload and preserve artifact pointers in the quarantine entry.
Required forensic linkage per flaky suite:
- deterministic
replay_command - deterministic
trace_pointer - artifact directory root
- incident severity and owner
- resolution or reactivation decision notes
When release-gate failures happen in .github/workflows/publish.yml, operators
must capture rollback-safety and incident-response artifacts before rerunning
promotion:
artifacts/wasm/release/rollback_safety_report.jsonartifacts/wasm/release/incident_response_packet.jsonartifacts/wasm/release/release_traceability.jsonartifacts/wasm/release/rollback_instructions.mdartifacts/npm/rollback_outcome.json(when npm rollback mode is used)
These artifacts provide:
- deterministic reproduction commands for the incident-forensics suite,
- rollback safety-check status and missing gate reports,
- communication protocol expectations (
sev_1,sev_2), - artifact-revocation strategy for npm dist-tag rollback,
- postmortem-required fields for closure review and audit.
Deterministic repro bundle (must be preserved in incident notes):
bash ./scripts/run_all_e2e.sh --suite wasm-incident-forensics
TEST_SEED=4242 bash ./scripts/test_wasm_incident_forensics_e2e.sh
python3 ./scripts/check_incident_forensics_playbook.pyA quarantined suite can be reactivated only when all conditions hold:
- three consecutive deterministic reruns pass with identical replay fingerprints,
- no unstable status transitions across reruns,
- incident forensics artifacts are attached and replayable,
- owner records root-cause and fix reference in manifest notes.
If any condition is missing, status remains open and release stays blocked.