docs(awooop): record t1 truth-chain smoke
This commit is contained in:
Your Name
@@ -6335,3 +6335,62 @@ apps/api/migrations/awooop_phase7_outbound_truth_chain_columns_2026-05-12_down.s
|
||||
- 推 Gitea main,讓 API image 部署 T1 程式碼。
|
||||
- 部署後用 rollback transaction smoke 驗證新 outbound mirror 會寫入 redacted full content + source envelope,不污染 production DB。
|
||||
- 再更新本 LOGBOOK 的 production smoke 結果。
|
||||
|
||||
**production deploy / smoke 追加(完成)**:
|
||||
|
||||
```text
|
||||
Gitea:
|
||||
1912 CD Pipeline 24b15f4a -> success
|
||||
1913 Code Review 24b15f4a -> success
|
||||
1914 run-migration 24b15f4a -> failure
|
||||
RCA: audit SQL 使用 psql -c + :'commit_sha',且誤套 _down.sql。
|
||||
1916 Code Review f318fd3a -> success
|
||||
修正 run-migration workflow;workflow-only 變更不觸發 runtime CD。
|
||||
|
||||
K8s image:
|
||||
awoooi-api 192.168.0.110:5000/awoooi/api:24b15f4ad2b0898820f8ba723c64ca928b48d471
|
||||
awoooi-worker 192.168.0.110:5000/awoooi/api:24b15f4ad2b0898820f8ba723c64ca928b48d471
|
||||
awoooi-web 192.168.0.110:5000/awoooi/web:24b15f4ad2b0898820f8ba723c64ca928b48d471
|
||||
|
||||
rollout:
|
||||
deployment "awoooi-api" successfully rolled out
|
||||
|
||||
health:
|
||||
http://192.168.0.125:32334/api/v1/health -> 200 healthy
|
||||
pod-local http://127.0.0.1:8000/api/v1/health -> 200 healthy
|
||||
```
|
||||
|
||||
**T1 outbound mirror 實證**:
|
||||
|
||||
```text
|
||||
Rollback transaction smoke:
|
||||
insert_visible=true
|
||||
redaction_version=audit_sink_v1
|
||||
has_content_redacted=True
|
||||
preview_matches_prefix=True
|
||||
token_redacted=True
|
||||
internal_ip_redacted=True
|
||||
envelope_schema=outbound_source_envelope_v1
|
||||
envelope_adapter=codex_smoke
|
||||
envelope_token_blocked=True
|
||||
envelope_has_content_sha=True
|
||||
rollback_triggered=true
|
||||
persisted_after_rollback=0
|
||||
|
||||
Production live rows:
|
||||
project_context=awoooi total=318 redacted_total=2 envelope_total=2
|
||||
latest real rows:
|
||||
message_type=final send_status=sent redaction=audit_sink_v1
|
||||
adapter=legacy_telegram_gateway payload_sha=True content_sha=True
|
||||
|
||||
Truth-chain API:
|
||||
GET /api/v1/platform/truth-chain/5c659c44-9275-5d50-bb40-76f2f00b2d16?project_id=awoooi
|
||||
status=200 found=True source_type=run outbound_visible=1
|
||||
has_content_redacted=True redaction_version=audit_sink_v1
|
||||
envelope_adapter=legacy_telegram_gateway envelope_has_payload_sha=True envelope_has_content_sha=True
|
||||
```
|
||||
|
||||
**進度校準**:
|
||||
|
||||
- T1 Channel Event hardening:已完成 deploy + production smoke。
|
||||
- 仍不能宣稱完整 AI 自動修復閉環已完成;T2 MCP Gateway mandatory audit、T3 Ansible executor、T4 Drift fingerprint FSM、T5 Incident status reconciliation 仍待推進。
|
||||
|
||||
@@ -372,6 +372,8 @@ source_event_received
|
||||
|
||||
**T1 first implementation(2026-05-12 23:20 台北)**:開始補 `awooop_outbound_message` 的真相鏈欄位:`content_redacted`、`redaction_version`、`source_envelope`。設計邊界是只保存 redacted rendered card 與 source metadata 摘要;raw Telegram payload、完整 callback data、未遮蔽 token 不入庫。production DB migration 已預套用,API app role 在 `app.project_id=awoooi` 下可讀 outbound rows(`total=312`),代表 T1 的 RLS visibility 紅燈已先驗證可見;新欄位需等 T1 API image 上線後才會產生非空資料。
|
||||
|
||||
**T1 production verified(2026-05-12 23:35 台北)**:API / worker / web 已部署 image `24b15f4a`,CD run `1912` success,health 200。rollback transaction smoke 證明 `record_outbound_message()` 會寫入 `content_redacted`、`redaction_version=audit_sink_v1`、`source_envelope.schema_version=outbound_source_envelope_v1`,且 token / internal IP 會 redacted,transaction rollback 後 `persisted_after_rollback=0`。live production rows 已出現 `redacted_total=2` / `envelope_total=2`,truth-chain API 查 run `5c659c44-9275-5d50-bb40-76f2f00b2d16` 回傳 `has_content_redacted=True` 與 legacy Telegram envelope hash。T1 退出條件中的「RLS 可見性」與「全文 / hash / envelope 可查」已達成。
|
||||
|
||||
---
|
||||
|
||||
## §3 6 大設計維度全展開
|
||||
@@ -1855,8 +1857,11 @@ Phase 6 完成後
|
||||
- truth-chain / router / operator auth / Telegram envelope 測試共 12 passed。
|
||||
- production DB migration 已預套用;`app.project_id=awoooi` 下 `awooop_outbound_message total=312` 可見,舊資料 `redacted_total=0` 合理。
|
||||
|
||||
**production 追加**:
|
||||
- T1 API image 已部署並完成 production smoke;`awooop_outbound_message` 在 `app.project_id=awoooi` 下可見,且新出站 rows 已有 redacted full content 與 source envelope。
|
||||
- `run-migration.yml` 在 24b15f4a 暴露兩個 CI 問題:`psql -c` 不展開 `:'commit_sha'`,且誤套 `_down.sql`。已於 `f318fd3a` 修正為跳過 rollback/down migration,audit SQL 改 heredoc。
|
||||
|
||||
**仍未宣稱完成**:
|
||||
- T1 API image 尚需部署後 smoke,確認新 outbound mirror 實際寫入 `content_redacted` 與 `source_envelope`。
|
||||
- T2 MCP Gateway mandatory audit 未完成,因此不能宣稱所有 MCP / 自建 MCP 都已經過 AwoooP Gateway。
|
||||
|
||||
---
|
||||
|
||||
Reference in New Issue
Block a user