From 96a8cf3ad5bbbc41e2292231947dfc88abb6d909 Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Tue, 12 May 2026 23:36:51 +0800
Subject: [PATCH] docs(awooop): record t1 truth-chain smoke

---
 docs/LOGBOOK.md                               | 59 +++++++++++++++++++
 ...-04-15-MASTER-ai-autonomous-flywheel-v2.md |  7 ++-
 2 files changed, 65 insertions(+), 1 deletion(-)

diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md
index 600b8e1d..6d63b46c 100644
--- a/docs/LOGBOOK.md
+++ b/docs/LOGBOOK.md
@@ -6335,3 +6335,62 @@ apps/api/migrations/awooop_phase7_outbound_truth_chain_columns_2026-05-12_down.s
 - 推 Gitea main，讓 API image 部署 T1 程式碼。
 - 部署後用 rollback transaction smoke 驗證新 outbound mirror 會寫入 redacted full content + source envelope，不污染 production DB。
 - 再更新本 LOGBOOK 的 production smoke 結果。
+
+**production deploy / smoke 追加（完成）**：
+
+```text
+Gitea:
+1912 CD Pipeline 24b15f4a -> success
+1913 Code Review 24b15f4a -> success
+1914 run-migration 24b15f4a -> failure
+  RCA: audit SQL 使用 psql -c + :'commit_sha'，且誤套 _down.sql。
+1916 Code Review f318fd3a -> success
+  修正 run-migration workflow；workflow-only 變更不觸發 runtime CD。
+
+K8s image:
+awoooi-api    192.168.0.110:5000/awoooi/api:24b15f4ad2b0898820f8ba723c64ca928b48d471
+awoooi-worker 192.168.0.110:5000/awoooi/api:24b15f4ad2b0898820f8ba723c64ca928b48d471
+awoooi-web    192.168.0.110:5000/awoooi/web:24b15f4ad2b0898820f8ba723c64ca928b48d471
+
+rollout:
+deployment "awoooi-api" successfully rolled out
+
+health:
+http://192.168.0.125:32334/api/v1/health -> 200 healthy
+pod-local http://127.0.0.1:8000/api/v1/health -> 200 healthy
+```
+
+**T1 outbound mirror 實證**：
+
+```text
+Rollback transaction smoke:
+insert_visible=true
+redaction_version=audit_sink_v1
+has_content_redacted=True
+preview_matches_prefix=True
+token_redacted=True
+internal_ip_redacted=True
+envelope_schema=outbound_source_envelope_v1
+envelope_adapter=codex_smoke
+envelope_token_blocked=True
+envelope_has_content_sha=True
+rollback_triggered=true
+persisted_after_rollback=0
+
+Production live rows:
+project_context=awoooi total=318 redacted_total=2 envelope_total=2
+latest real rows:
+message_type=final send_status=sent redaction=audit_sink_v1
+adapter=legacy_telegram_gateway payload_sha=True content_sha=True
+
+Truth-chain API:
+GET /api/v1/platform/truth-chain/5c659c44-9275-5d50-bb40-76f2f00b2d16?project_id=awoooi
+status=200 found=True source_type=run outbound_visible=1
+has_content_redacted=True redaction_version=audit_sink_v1
+envelope_adapter=legacy_telegram_gateway envelope_has_payload_sha=True envelope_has_content_sha=True
+```
+
+**進度校準**：
+
+- T1 Channel Event hardening：已完成 deploy + production smoke。
+- 仍不能宣稱完整 AI 自動修復閉環已完成；T2 MCP Gateway mandatory audit、T3 Ansible executor、T4 Drift fingerprint FSM、T5 Incident status reconciliation 仍待推進。
diff --git a/docs/superpowers/specs/2026-04-15-MASTER-ai-autonomous-flywheel-v2.md b/docs/superpowers/specs/2026-04-15-MASTER-ai-autonomous-flywheel-v2.md
index 0bed9947..ae019f46 100644
--- a/docs/superpowers/specs/2026-04-15-MASTER-ai-autonomous-flywheel-v2.md
+++ b/docs/superpowers/specs/2026-04-15-MASTER-ai-autonomous-flywheel-v2.md
@@ -372,6 +372,8 @@ source_event_received
 
 **T1 first implementation（2026-05-12 23:20 台北）**：開始補 `awooop_outbound_message` 的真相鏈欄位：`content_redacted`、`redaction_version`、`source_envelope`。設計邊界是只保存 redacted rendered card 與 source metadata 摘要；raw Telegram payload、完整 callback data、未遮蔽 token 不入庫。production DB migration 已預套用，API app role 在 `app.project_id=awoooi` 下可讀 outbound rows（`total=312`），代表 T1 的 RLS visibility 紅燈已先驗證可見；新欄位需等 T1 API image 上線後才會產生非空資料。
 
+**T1 production verified（2026-05-12 23:35 台北）**：API / worker / web 已部署 image `24b15f4a`，CD run `1912` success，health 200。rollback transaction smoke 證明 `record_outbound_message()` 會寫入 `content_redacted`、`redaction_version=audit_sink_v1`、`source_envelope.schema_version=outbound_source_envelope_v1`，且 token / internal IP 會 redacted，transaction rollback 後 `persisted_after_rollback=0`。live production rows 已出現 `redacted_total=2` / `envelope_total=2`，truth-chain API 查 run `5c659c44-9275-5d50-bb40-76f2f00b2d16` 回傳 `has_content_redacted=True` 與 legacy Telegram envelope hash。T1 退出條件中的「RLS 可見性」與「全文 / hash / envelope 可查」已達成。
+
 ---
 
 ## §3 6 大設計維度全展開
@@ -1855,8 +1857,11 @@ Phase 6 完成後
 - truth-chain / router / operator auth / Telegram envelope 測試共 12 passed。
 - production DB migration 已預套用；`app.project_id=awoooi` 下 `awooop_outbound_message total=312` 可見，舊資料 `redacted_total=0` 合理。
 
+**production 追加**：
+- T1 API image 已部署並完成 production smoke；`awooop_outbound_message` 在 `app.project_id=awoooi` 下可見，且新出站 rows 已有 redacted full content 與 source envelope。
+- `run-migration.yml` 在 24b15f4a 暴露兩個 CI 問題：`psql -c` 不展開 `:'commit_sha'`，且誤套 `_down.sql`。已於 `f318fd3a` 修正為跳過 rollback/down migration，audit SQL 改 heredoc。
+
 **仍未宣稱完成**：
-- T1 API image 尚需部署後 smoke，確認新 outbound mirror 實際寫入 `content_redacted` 與 `source_envelope`。
 - T2 MCP Gateway mandatory audit 未完成，因此不能宣稱所有 MCP / 自建 MCP 都已經過 AwoooP Gateway。
 
 ---