refactor(snd): fold GenesisCeremonyNeeded into GenesisCeremonyComplete; make spec.genesis immutable

[bdchatham]

Summary

Folds GenesisCeremonyNeeded + GenesisCeremonyComplete into a single always-present GenesisCeremonyComplete condition whose state is carried by a stable reason enum. Removes the last sei *Needed (School 2) condition, completing the harmonization to the doctrine codified in #329.

Also makes spec.genesis CEL-immutable once set, so the latched-True semantics can't be defeated by post-bootstrap spec edits — and so operators can't silently mutate fields (chainID, staking amounts, gentx outputs) that are already baked into chain state.

State machine

Status / Reason	Meaning
True / Complete	Ceremony finished — latched, survives spec.genesis edits
False / NotApplicable	spec.genesis is unset (and ceremony never ran)
False / NotStarted	spec.genesis set, ceremony not yet started
False / InProgress	Ceremony executing under an active plan

Latch-check ordering is load-bearing — a completed ceremony's history must not be downgraded to NotApplicable by a later spec clear (doc-commented at the call site).

setGenesisCeremonyCondition is hoisted above any early-return path in Reconcile, so the condition is visible on every reconcile and kubectl describe snd never shows an absent value during initial-reconcile windows.

Spec.genesis immutability

Replaces a field-level +kubebuilder:validation:XValidation:rule="self == oldSelf" (which silently allowed set→nil through, because CEL on an optional pointer field doesn't fire when the field is removed) with a spec-level rule using explicit has() checks:

!has(oldSelf.genesis) || (has(self.genesis) && self.genesis == oldSelf.genesis)

• Creation with or without spec.genesis: allowed
• Adding spec.genesis to an SND that didn't have it (nil → set): allowed
• Mutating any field, list, or map within spec.genesis: rejected
• Clearing spec.genesis: rejected

Planner translation

needsGenesisPlan previously triggered on presence of GenesisCeremonyNeeded; now triggers on absence of GenesisCeremonyComplete=True. Same semantics across all four states (NotApplicable / NotStarted / InProgress / Complete), one fewer condition to maintain.

Operator-visible cleanup

Pre-existing SNDs in etcd carry a stale GenesisCeremonyNeeded entry. The new controller never reads or writes that type, so the entry is harmless — same situation as #330's stale RouteReady. Manual cleanup is a one-shot kubectl patch per SND.

Test plan

• go build ./... clean
• go test ./... — all unit tests pass
• make test-integration — envtest passes (46.2s, no regression)
• New unit cases in TestSetGenesisCeremonyCondition cover NotApplicable, latched-True (twice, including operator-clears-spec-after-completion), InProgress, NotStarted, post-failPlan return-to-NotStarted
• New envtests in genesis_immutable_test.go:
  • TestGenesis_ImmutabilityGate — 6 subtests: clear rejected; chainId / stakingAmount / Accounts / Overrides mutations rejected; same-content update allowed
  • TestGenesis_CreationWithoutGenesisAllowsLaterAddition — confirms the !has(oldSelf.genesis) short-circuit permits nil → set
  • TestGenesis_ConditionSeededOnEveryReconcile — confirms the controller-side hoist ensures GenesisCeremonyComplete is visible after first reconcile

Deferred follow-ups

• End-to-end ceremony envtest that exercises the full NotStarted → InProgress → Complete reason transition driven by a real plan. The current envtest harness focuses on InPlace rollouts; adding a genesis ceremony plan path is its own investment and best landed alongside an explicit "Phase X envtest: genesis ceremony" effort.
• manifests/ mirror — the platform repo's Kustomization consumes config/default, not manifests/. The manifests/ mirror is redundant overhead and a candidate for deletion in a follow-up.

🤖 Generated with Claude Code

[cursor]

PR Summary

Medium Risk
Changes CRD validation and controller/planner condition semantics for genesis ceremonies; could affect existing SeiNodeDeployment status/plan triggering and admission behavior for updates touching spec.genesis. Scoped to SND genesis lifecycle but impacts reconciliation flow and operator UX.

Overview
Refactors SND genesis ceremony signaling by removing GenesisCeremonyNeeded and making ConditionGenesisCeremonyComplete always present, using stable reasons (NotApplicable, NotStarted, InProgress, Complete) and preserving a latched True once completed; the reconciler now seeds this condition before any early-return path.

Strengthens API guarantees by making spec.genesis immutable once set via a spec-level CEL rule (preventing set→nil and any in-place edits) and regenerates CRD manifests accordingly; planner logic now triggers genesis plans based on GenesisCeremonyComplete being non-True rather than condition presence, with updated unit + envtests covering the new state machine and immutability gate.

^{Reviewed by Cursor Bugbot for commit 9939697. Bugbot is set up for automated code reviews on this repo. Configure here.}