Validate FreeBSD base rollback workflow

docs/PROGRESS.md

@@ -3538,3 +3538,89 @@ Current assessment:
 - Phase 15.1 is complete
 - Fruix now models the FreeBSD base as an explicit declarative system input instead of leaving it implicit in the builder host alone
 - the next step is to use that new declaration to prove side-by-side base versions and rollback-friendly rebuild/redeploy behavior
+
+## 2026-04-03 — Phase 15.2: validated side-by-side base versions and rollback-friendly redeploy
+
+Completed work:
+
+- wrote the Phase 15.2 report:
+  - `docs/reports/phase15-base-upgrades-freebsd.md`
+- added validation harnesses:
+  - `tests/system/run-phase15-base-coexistence.sh`
+  - `tests/system/run-phase15-base-rollback-qemu.sh`
+  - `tests/system/run-phase15-base-rollback-xcpng.sh`
+- used two explicit declarative base identities against the current validated native Phase 14 package split:
+  - current base:
+    - `name=stable-default`
+    - `version-label=15.0-STABLE`
+    - `release=15.0-STABLE`
+    - `branch=stable/15`
+  - candidate base:
+    - `name=stable-canary`
+    - `version-label=15.0-STABLE-p1`
+    - `release=15.0-STABLE`
+    - `branch=stable/15`
+- both declarations still use the same local `/usr/src`, but now produce distinct declared base/store/deployment identities
+
+Validation:
+
+- side-by-side base-coexistence harness passes:
+  - `tests/system/run-phase15-base-coexistence.sh`
+  - workdir: `/tmp/phase15-2-coexist-1775202833`
+  - result: `PASS phase15-base-coexistence`
+  - confirmed:
+    - `current_closure=/frx/store/9f57ecc6481e271811ceb53ac21a3b2aef4ef329f82b7d4788622315db1f0e43-fruix-system-fruix-freebsd`
+    - `candidate_closure=/frx/store/dc40b1b7a76084e140d0457f3b7f6c5d4acc185f0d6cee0b161c9775d5fb3bec-fruix-system-fruix-freebsd`
+    - `current_base_version_label=15.0-STABLE`
+    - `candidate_base_version_label=15.0-STABLE-p1`
+    - `side_by_side_base_versions=ok`
+    - `rollback_rebuild_path=ok`
+  - this also confirmed that:
+    - both closures exist side by side in `/frx/store`
+    - rebuilding the current declaration returns the exact original current closure path
+    - current native base stores remain separate from candidate native base stores
+- local QEMU rollback harness passes:
+  - `tests/system/run-phase15-base-rollback-qemu.sh`
+  - workdir: `/tmp/phase15-2-qemu2-1775204321`
+  - result: `PASS phase15-base-rollback-qemu`
+  - validation sequence:
+    1. boot current base
+    2. boot candidate base
+    3. boot current base again
+  - confirmed:
+    - `current_first_closure=/frx/store/9f57ecc6481e271811ceb53ac21a3b2aef4ef329f82b7d4788622315db1f0e43-fruix-system-fruix-freebsd`
+    - `candidate_closure=/frx/store/dc40b1b7a76084e140d0457f3b7f6c5d4acc185f0d6cee0b161c9775d5fb3bec-fruix-system-fruix-freebsd`
+    - `rollback_closure=/frx/store/9f57ecc6481e271811ceb53ac21a3b2aef4ef329f82b7d4788622315db1f0e43-fruix-system-fruix-freebsd`
+    - `current_base_version_label=15.0-STABLE`
+    - `candidate_base_version_label=15.0-STABLE-p1`
+    - `rollback_base_version_label=15.0-STABLE`
+    - `base_rollforward_and_rollback=ok`
+- real XCP-ng rollback harness passes:
+  - `tests/system/run-phase15-base-rollback-xcpng.sh`
+  - workdir: `/tmp/phase15-2-xcpng-1775204839`
+  - result: `PASS phase15-base-rollback-xcpng`
+  - validation sequence:
+    1. boot candidate base on the approved VM/VDI
+    2. boot current base again on the same approved VM/VDI
+  - confirmed:
+    - `candidate_closure=/frx/store/dc40b1b7a76084e140d0457f3b7f6c5d4acc185f0d6cee0b161c9775d5fb3bec-fruix-system-fruix-freebsd`
+    - `rollback_closure=/frx/store/9f57ecc6481e271811ceb53ac21a3b2aef4ef329f82b7d4788622315db1f0e43-fruix-system-fruix-freebsd`
+    - `candidate_base_version_label=15.0-STABLE-p1`
+    - `rollback_base_version_label=15.0-STABLE`
+    - `vm_id=90490f2e-e8fc-4b7a-388e-5c26f0157289`
+    - `vdi_id=0f1f90d3-48ca-4fa2-91d8-fc6339b95743`
+    - `base_rollforward_and_rollback=ok`
+  - guest invariants stayed intact for both boots:
+    - `shepherd_pid=1`
+    - `sshd_status=running`
+    - `compat_prefix_shims=absent`
+    - `guile_module_smoke=ok`
+
+Current assessment:
+
+- Phase 15.2 is complete
+- Fruix now supports a real upgrade-style FreeBSD base workflow at the store/deployment level:
+  - explicit current vs. candidate base declarations
+  - side-by-side native base outputs in `/frx/store`
+  - rollback to the earlier closure without mutating it in place
+- the remaining Phase 15 work is to document the evidence-based decision on whether self-hosted base builds should be the next step, or whether host-built native base artifacts should remain the near-term path while reproducibility/source acquisition improve