docs(awooop): record t3 decision audit deployment
This commit is contained in:
Your Name
@@ -1,3 +1,60 @@
|
||||
## 2026-05-13 | T3 Ansible decision candidate audit 已推版
|
||||
|
||||
**背景**:T3 第一段只讓 truth-chain 看得到 Ansible audit contract 與 repo playbook catalog;但 AI decision path 還不會留下「曾考慮 Ansible、但尚未進 check-mode/apply」的 first-class record。這會讓 Telegram / Operator Console 仍看不出 Ansible 是否真的被 AI 修復鏈評估過。
|
||||
|
||||
**修正**:
|
||||
- `awooop_ansible_audit_service.py` 新增 decision candidate audit payload / writer。
|
||||
- `decision_manager` 在 auto-execute / manual-approval 分支排程 best-effort `ansible_candidate_matched` audit write。
|
||||
- Audit row 明確是 dry-run / audit-only:
|
||||
- `status=dry_run`
|
||||
- `input.executor=ansible`
|
||||
- `input.check_mode=true`
|
||||
- `input.apply_enabled=false`
|
||||
- `input.approval_required=true`
|
||||
- `output.decision_effect=audit_only`
|
||||
- Docker/container 類 incident 也會命中 188 / 110 Ansible catalog hints;未來新 decision 可在 truth-chain 顯示「有候選、尚未執行 check-mode」。
|
||||
|
||||
**驗證與推版**:
|
||||
- Local:
|
||||
- `py_compile`:pass。
|
||||
- `ruff --select F,E9`:pass。
|
||||
- `pytest apps/api/tests/test_awooop_truth_chain_service.py apps/api/tests/test_platform_router_order.py apps/api/tests/test_awooop_operator_auth.py -q`:14 passed。
|
||||
- Tier 3 adjacent tests:133 passed, 1 existing RuntimeWarning。
|
||||
- `git diff --check`:pass。
|
||||
- Gitea:
|
||||
- `3799e0db feat(awooop): audit ansible decision candidates` 已推 `gitea main`。
|
||||
- Code Review run `1936`:success。
|
||||
- CD run `1935`:success。
|
||||
- Deploy marker:`90b9ddb7 chore(cd): deploy 3799e0d [skip ci]`。
|
||||
- Production:
|
||||
- API/Web/Worker image 均為 `192.168.0.110:5000/awoooi/*:3799e0db0d30f29fdc251197634d2fca4c2c67fd`。
|
||||
- K3s rollout status:API/Web/Worker success。
|
||||
- `/api/v1/health`:healthy,mock_mode=false。
|
||||
- Pure function smoke(API pod):DockerContainerUnhealthy 事件可產生 `ansible_candidate_matched` payload,`candidate_count=2`,`check_mode_executed=false`。
|
||||
- Truth-chain smoke `INC-20260512-B6C589`:
|
||||
- `source_type=incident`
|
||||
- `current_stage=manual_required`
|
||||
- `stage_status=blocked`
|
||||
- `needs_human=true`
|
||||
- `execution.ansible.audit_contract.schema_version=ansible_executor_audit_v1`
|
||||
- `ansible_candidates=2`
|
||||
- `mcp_gateway_total=8`
|
||||
- Truth-chain smoke `7f858956`:
|
||||
- `source_type=drift_report`
|
||||
- `current_stage=dedup_or_repeat_updated`
|
||||
- `stage_status=pending`
|
||||
- `needs_human=true`
|
||||
- `repeat_12h=12`
|
||||
- `outbound_visible=2`
|
||||
|
||||
**整體進度**:
|
||||
- Wave 0:MOMO PostgreSQL backup → AwoooP 失敗通知接線完成並已推版。
|
||||
- T0:Truth-chain read-only API 完成、部署、production smoke 完成。
|
||||
- T1:Channel Event hardening 完成、部署、production smoke 完成。
|
||||
- T2:legacy MCP audit bridge / backfill / truth-chain visibility 完成、部署、production smoke 完成;first-class Gateway enforced path 仍待後續 wave。
|
||||
- T3:Ansible audit contract + decision candidate dry-run audit 完成、部署、production smoke 完成。
|
||||
- 仍未完成:Ansible 真正 check-mode executor、diff artifact、apply / rollback audit、T4 drift fingerprint FSM、T5 incident / approval / execution reconciliation、first-class MCP Gateway enforcement。
|
||||
|
||||
## 2026-05-12 | T3 Ansible audit surface 第一段
|
||||
|
||||
**背景**:Telegram / truth-chain live audit 顯示 Ansible 目前仍只是 repo/主機部署工具,沒有出現在 AI 自動化修復鏈路的 first-class audit record;Operator 無法知道「是否被考慮、是否 dry-run、為何沒用」。
|
||||
|
||||
@@ -1935,6 +1935,16 @@ Phase 6 完成後
|
||||
- 這仍不是 Ansible 執行器;它只讓 truth-chain 能看到 AI decision path 曾考慮 Ansible candidate,以及為何未進入 check-mode/apply。
|
||||
- 本地 `py_compile` / `ruff F,E9` / 14 個 truth-chain/operator/router tests 通過;待推版和 production smoke。
|
||||
|
||||
**T3 第二段 production verified(2026-05-13 台北)**:
|
||||
- `3799e0db feat(awooop): audit ansible decision candidates` 已推 Gitea main,Code Review run `1936` success,CD run `1935` success。
|
||||
- Deploy marker:`90b9ddb7 chore(cd): deploy 3799e0d [skip ci]`。
|
||||
- Production API/Web/Worker image 均為 `3799e0db0d30f29fdc251197634d2fca4c2c67fd`,K3s rollout success,health 200 / `mock_mode=false`。
|
||||
- API pod pure smoke:DockerContainerUnhealthy 事件可產生 `ansible_candidate_matched` audit payload,`candidate_count=2`,`check_mode_executed=false`。
|
||||
- Truth-chain smoke:
|
||||
- `INC-20260512-B6C589` → `manual_required/blocked`,`mcp_gateway_total=8`,`execution.ansible.audit_contract=ansible_executor_audit_v1`,`ansible_candidates=2`。
|
||||
- `7f858956` → `dedup_or_repeat_updated/pending`,`repeat_12h=12`,`outbound_visible=2`。
|
||||
- 邊界:仍未執行 Ansible check-mode / apply / rollback;T3 目前完成的是 first-class candidate audit,而不是修復執行器。
|
||||
|
||||
---
|
||||
|
||||
### 2026-04-20 晚 (台北) — C1-C4 全流程串接 — Playbook 鏈路保護(commit de2d34d)
|
||||
|
||||
Reference in New Issue
Block a user