From 1fc77a0cacddf7428cfcd9988cede17786f3c766 Mon Sep 17 00:00:00 2001 From: Your Name Date: Mon, 29 Jun 2026 16:59:23 +0800 Subject: [PATCH] fix(cd): keep awoo op readback on controlled profile --- .gitea/workflows/cd.yaml | 6 ++++++ docs/LOGBOOK.md | 14 ++++++++++++++ ops/runner/test_cd_controlled_runtime_profile.py | 12 ++++++++++++ 3 files changed, 32 insertions(+) diff --git a/.gitea/workflows/cd.yaml b/.gitea/workflows/cd.yaml index c85c7c5e..d06e737d 100644 --- a/.gitea/workflows/cd.yaml +++ b/.gitea/workflows/cd.yaml @@ -242,6 +242,8 @@ jobs: ;; apps/api/src/services/ai_agent_autonomous_runtime_control.py) ;; + apps/api/src/services/awooop_ansible_check_mode_service.py) + ;; apps/api/src/services/auto_approve.py) ;; apps/api/src/services/decision_fusion.py) @@ -302,6 +304,8 @@ jobs: ;; apps/api/tests/test_ai_agent_autonomous_runtime_control.py) ;; + apps/api/tests/test_awooop_truth_chain_service.py) + ;; apps/api/tests/test_shadow_auto_approve.py) ;; apps/api/tests/test_destructive_patterns.py) @@ -470,6 +474,7 @@ jobs: src/services/awoooi_production_deploy_readback_blocker.py \ src/services/agent_replay_normalizer.py \ src/services/ai_agent_autonomous_runtime_control.py \ + src/services/awooop_ansible_check_mode_service.py \ src/services/auto_repair_service.py \ src/services/auto_approve.py \ src/services/decision_fusion.py \ @@ -507,6 +512,7 @@ jobs: PYTHONFAULTHANDLER=1 python3.11 -m pytest \ tests/test_agent_replay_normalizer.py \ tests/test_ai_agent_autonomous_runtime_control.py \ + tests/test_awooop_truth_chain_service.py \ tests/test_shadow_auto_approve.py \ tests/test_destructive_patterns.py \ tests/test_approval_pending_visibility.py \ diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index 9c38dc6b..a589ad36 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -1,3 +1,17 @@ +## 2026-06-29 — 17:10 Gitea CD #3925 B5 profile blocker 窄修 + +**完成內容**: +- Production Delivery Workbench 已讀回 P0-005 `credential_escrow` lane:`workplan_id=P0-005`、`blocker_count=5`、`secret_value_collection_allowed=false`、`credential_marker_write_authorized_count=0`。 +- Gitea CD `#3925` 失敗定位為 tests job 落入 full profile 後,B5 DB integration 在 non-110 runner 內無法解析 `pg-test-b5`;此輪未操作 host / Docker / K8s,只修 repo 內 profile 分類。 +- `cd.yaml` controlled-runtime profile 納入 `awooop_ansible_check_mode_service.py` 與 `test_awooop_truth_chain_service.py`,讓 AwoooP controlled executor / truth-chain readback 小修走 focused tests,不再因這類變更誤觸 B5 Docker socket DB path。 +- `ops/runner/test_cd_controlled_runtime_profile.py` 補上回歸測試鎖住此分類。 + +**驗證目標**: +- `python3.11 -m pytest ops/runner/test_cd_controlled_runtime_profile.py apps/api/tests/test_awooop_truth_chain_service.py apps/api/tests/test_ai_agent_autonomous_runtime_control.py -q --tb=short -x -p no:cacheprovider`。 +- `python3.11 ops/runner/guard-gitea-runner-pressure.py --root .`、`node scripts/ci/check-gitea-step-env-secrets.js`、`git diff --check`。 + +**邊界**:未使用 GitHub / `gh` / GitHub API;未 workflow_dispatch;未讀 token / cookie / session / secret / auth / `.env`;未操作 host / Docker / K8s / DB;未修改 B5 嚴格測試本身;未 force push。 + ## 2026-06-29 — AI 自動化 Log taxonomy / Trace ledger 可見性接線 **完成內容**: diff --git a/ops/runner/test_cd_controlled_runtime_profile.py b/ops/runner/test_cd_controlled_runtime_profile.py index c0fec9aa..c70838a3 100644 --- a/ops/runner/test_cd_controlled_runtime_profile.py +++ b/ops/runner/test_cd_controlled_runtime_profile.py @@ -85,6 +85,18 @@ def test_ai_autonomous_runtime_control_stays_on_controlled_runtime_profile() -> assert source in text +def test_awooop_ansible_check_mode_stays_on_controlled_runtime_profile() -> None: + text = _workflow_text() + expected_sources = [ + "apps/api/src/services/awooop_ansible_check_mode_service.py)", + "apps/api/tests/test_awooop_truth_chain_service.py)", + "src/services/awooop_ansible_check_mode_service.py", + "tests/test_awooop_truth_chain_service.py", + ] + for source in expected_sources: + assert source in text + + def test_dr_escrow_checklist_stays_on_controlled_runtime_profile() -> None: text = _workflow_text() expected_sources = [