Merge remote-tracking branch 'gitea/main' into codex/github-backup-missing-targets-20260627

apps/api/src/services/ai_agent_autonomous_runtime_control.py

@@ -23,6 +23,7 @@ from src.services.report_generation_service import (
 
 _SCHEMA_VERSION = "ai_agent_autonomous_runtime_control_v1"
 _RUNTIME_AUTHORITY = "current_owner_directive_controlled_ai_automation"
+_DEPLOY_READBACK_MARKER = "p2_416_d1n_autonomous_runtime_control_prod_readback_v1"
 
 
 def _allowed_risk_levels() -> list[str]:
@@ -137,8 +138,9 @@ def build_ai_agent_autonomous_runtime_control() -> dict[str, Any]:
             "current_task_id": "P2-416-D1N",
             "status": "current_directive_control_plane_active",
             "runtime_authority": _RUNTIME_AUTHORITY,
+            "deploy_readback_marker": _DEPLOY_READBACK_MARKER,
             "legacy_no_send_no_live_rules_overridden": True,
-            "implementation_completion_percent": 82,
+            "implementation_completion_percent": 88,
             "status_note": (
                 "目前有效規則：low / medium / high 風險由 AI Agent 在 allowlist、"
                 "Ansible check-mode、verifier、rollback、KM 與 Telegram receipt 下受控自動處理。"
@@ -246,6 +248,8 @@ def _validate_payload(payload: dict[str, Any]) -> None:
     status = payload.get("program_status") or {}
     if status.get("runtime_authority") != _RUNTIME_AUTHORITY:
         raise ValueError(f"runtime_authority must be {_RUNTIME_AUTHORITY}")
+    if status.get("deploy_readback_marker") != _DEPLOY_READBACK_MARKER:
+        raise ValueError(f"deploy_readback_marker must be {_DEPLOY_READBACK_MARKER}")
     policy = payload.get("current_policy") or {}
     for key in (
         "low_risk_controlled_apply_allowed",