wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'gitea-ssh/main' into codex/p0-product-manifest-standard-20260629
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 0s
Details
CD Pipeline / cancel-stale-cd (push) Has been skipped
Details
CD Pipeline / tests (push) Failing after 2m46s
Details
CD Pipeline / build-and-deploy (push) Has been skipped
Details
CD Pipeline / post-deploy-checks (push) Has been skipped
Details

Browse Source 
# Conflicts:
#	docs/LOGBOOK.md
This commit is contained in:
Your Name
2026-06-29 12:47:25 +08:00
parent 356cb7a867 e596343568
commit c9fa91bfed
16 changed files with 457 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
apps/api/src/services/awoooi_gitea_onboarding_warning_step_dashboard.py Normal file
View File

@@ -0,0 +1,33 @@
"""AWOOOI warning-step dashboard source."""
from __future__ import annotations
from typing import Any
from src.services.awoooi_onboarding_source_contracts import source_ready_payload
_SCHEMA_VERSION = "awoooi_gitea_onboarding_warning_step_dashboard_v1"
def load_latest_awoooi_gitea_onboarding_warning_step_dashboard() -> dict[str, Any]:
"""Return the read-only dashboard model for warning-step gates."""
return source_ready_payload(
schema_version=_SCHEMA_VERSION,
source_id="warning_step_dashboard_service",
status="dashboard_source_ready_apply_gate_closed",
readback={
"dashboard_status": "ready_read_only_apply_gate_closed",
"gate_count": 4,
"blocked_gate_count": 1,
"cards": [
"owner_package",
"owner_response_preflight",
"template_copy_execution_plan",
"template_copy_apply_gate",
],
},
next_actions=[
"show_apply_gate_closed_state",
"wait_for_apply_gate_before_workflow_copy",
],
)

37
apps/api/src/services/awoooi_gitea_onboarding_warning_step_owner_package.py Normal file
View File

@@ -0,0 +1,37 @@
"""AWOOOI Gitea onboarding warning-step owner package source."""
from __future__ import annotations
from typing import Any
from src.services.awoooi_onboarding_source_contracts import source_ready_payload
_SCHEMA_VERSION = "awoooi_gitea_onboarding_warning_step_owner_package_v1"
def load_latest_awoooi_gitea_onboarding_warning_step_owner_package() -> dict[str, Any]:
"""Return the committed owner package source for warning-step review."""
return source_ready_payload(
schema_version=_SCHEMA_VERSION,
source_id="warning_step_owner_package_service",
status="source_ready_owner_package_recorded",
readback={
"package_id": "awoooi-gitea-onboarding-warning-step-owner-package",
"workflow_modification_authorized": False,
"workflow_trigger_authorized": False,
"required_review_items": [
"target_workflow_template",
"warning_only_behavior",
"runner_pressure_guard",
"post_copy_verifier",
],
"source_refs": [
"docs/operations/p0-cicd-baseline-source-readiness.snapshot.json",
"ops/runner/guard-gitea-runner-pressure.py",
],
},
next_actions=[
"validate_owner_response_preflight_before_template_copy_plan",
"keep_warning_step_copy_blocked_until_apply_gate",
],
)

48
apps/api/src/services/awoooi_gitea_onboarding_warning_step_owner_response_preflight.py Normal file
View File

@@ -0,0 +1,48 @@
"""AWOOOI warning-step owner response preflight source."""
from __future__ import annotations
from collections.abc import Mapping
from typing import Any
from src.services.awoooi_onboarding_source_contracts import source_ready_payload
_SCHEMA_VERSION = "awoooi_gitea_onboarding_warning_step_owner_response_preflight_v1"
_REQUIRED_ACKS = (
"accept_warning_only_scope",
"confirm_no_push_or_pull_request_trigger",
"confirm_no_generic_runner_label",
"confirm_runner_pressure_guard_required",
)
def load_latest_awoooi_gitea_onboarding_warning_step_owner_response_preflight(
response: Mapping[str, Any] | None = None,
) -> dict[str, Any]:
"""Validate redacted owner response fields without opening workflow gates."""
response = response or {}
accepted = [
key for key in _REQUIRED_ACKS if response.get(key) is True
]
ready = len(accepted) == len(_REQUIRED_ACKS)
return source_ready_payload(
schema_version=_SCHEMA_VERSION,
source_id="warning_step_owner_response_preflight_service",
status=(
"ready_for_template_copy_plan"
if ready
else "blocked_owner_response_acknowledgements_missing"
),
readback={
"required_acknowledgement_count": len(_REQUIRED_ACKS),
"accepted_acknowledgement_count": len(accepted),
"missing_acknowledgements": [
key for key in _REQUIRED_ACKS if key not in accepted
],
"ready_for_template_copy_plan": ready,
},
next_actions=[
"collect_redacted_owner_acknowledgements",
"rerun_preflight_before_copy_execution_plan",
],
)

30
apps/api/src/services/awoooi_gitea_onboarding_warning_step_template_copy_apply_gate.py Normal file
View File

@@ -0,0 +1,30 @@
"""AWOOOI warning-step template copy apply gate source."""
from __future__ import annotations
from typing import Any
from src.services.awoooi_onboarding_source_contracts import source_ready_payload
_SCHEMA_VERSION = "awoooi_gitea_onboarding_warning_step_template_copy_apply_gate_v1"
def load_latest_awoooi_gitea_onboarding_warning_step_template_copy_apply_gate() -> dict[str, Any]:
"""Return the apply gate source while keeping workflow writes closed."""
return source_ready_payload(
schema_version=_SCHEMA_VERSION,
source_id="warning_step_template_copy_apply_gate_service",
status="apply_gate_closed_source_ready",
readback={
"apply_allowed": False,
"confirmed_command_count": 0,
"required_command_count": 1,
"confirmed_validation_count": 0,
"required_validation_count": 2,
"workflow_template_copy_authorized": False,
},
next_actions=[
"confirm_template_copy_command_preview",
"confirm_post_copy_validation_before_workflow_modification",
],
)

34
apps/api/src/services/awoooi_gitea_onboarding_warning_step_template_copy_execution_plan.py Normal file
View File

@@ -0,0 +1,34 @@
"""AWOOOI warning-step template copy execution plan source."""
from __future__ import annotations
from typing import Any
from src.services.awoooi_onboarding_source_contracts import source_ready_payload
_SCHEMA_VERSION = "awoooi_gitea_onboarding_warning_step_template_copy_execution_plan_v1"
def load_latest_awoooi_gitea_onboarding_warning_step_template_copy_execution_plan() -> dict[str, Any]:
"""Return the dry-run-only template copy plan source."""
return source_ready_payload(
schema_version=_SCHEMA_VERSION,
source_id="warning_step_template_copy_execution_plan_service",
status="dry_run_plan_ready_apply_gate_required",
readback={
"execution_status": "blocked_apply_gate_required",
"dry_run_only": True,
"command_preview_count": 1,
"command_preview": [
"copy warning-step template after apply gate confirms source readiness"
],
"post_copy_validators": [
"python3 ops/runner/guard-gitea-runner-pressure.py --root .",
"git diff --check",
],
},
next_actions=[
"open_template_copy_apply_gate",
"do_not_copy_workflow_until_apply_gate_allows",
],
)

33
apps/api/src/services/awoooi_new_product_onboarding_page_model.py Normal file
View File

@@ -0,0 +1,33 @@
"""AWOOOI new product onboarding page model source."""
from __future__ import annotations
from typing import Any
from src.services.awoooi_onboarding_source_contracts import source_ready_payload
_SCHEMA_VERSION = "awoooi_new_product_onboarding_page_model_v1"
def load_latest_awoooi_new_product_onboarding_page_model() -> dict[str, Any]:
"""Return the page model source for onboarding readiness UI."""
return source_ready_payload(
schema_version=_SCHEMA_VERSION,
source_id="new_product_onboarding_page_model_service",
status="page_model_source_ready_read_only",
readback={
"page_model_ready": True,
"primary_view": "onboarding_readiness",
"write_controls_enabled": False,
"expected_sections": [
"baseline_sources",
"warning_step_gates",
"security_contract",
"runtime_readback",
],
},
next_actions=[
"wire_page_model_after_read_only_api_route",
"keep_write_controls_disabled_until_apply_gate",
],
)

34
apps/api/src/services/awoooi_onboarding_reminder_contract.py Normal file
View File

@@ -0,0 +1,34 @@
"""AWOOOI onboarding reminder contract source."""
from __future__ import annotations
from typing import Any
from src.services.awoooi_onboarding_source_contracts import source_ready_payload
_SCHEMA_VERSION = "awoooi_onboarding_reminder_contract_v1"
def load_latest_awoooi_onboarding_reminder_contract() -> dict[str, Any]:
"""Return the read-only onboarding reminder contract."""
return source_ready_payload(
schema_version=_SCHEMA_VERSION,
source_id="onboarding_reminder_contract_service",
status="contract_source_ready_inactive_template",
readback={
"contract_status": "inactive_template",
"warning_step_enabled": False,
"notification_send_authorized": False,
"strict_blocking_authorized": False,
"evidence_refs_required": [
"dev_baseline",
"ci_cd_baseline",
"security_contract",
"runtime_readback",
],
},
next_actions=[
"keep_reminder_contract_inactive_until_apply_gate",
"use_as_read_only_source_for_p0_baseline",
],
)

59
apps/api/src/services/awoooi_onboarding_source_contracts.py Normal file
View File

@@ -0,0 +1,59 @@
"""Shared read-only contracts for AWOOOI onboarding source readiness."""
from __future__ import annotations
from copy import deepcopy
from typing import Any
_SAFE_OPERATION_BOUNDARIES: dict[str, bool] = {
"read_only_api_allowed": True,
"workflow_modification_allowed": False,
"workflow_trigger_allowed": False,
"repo_creation_allowed": False,
"refs_sync_allowed": False,
"github_api_allowed": False,
"host_or_k8s_write_allowed": False,
"secret_read_allowed": False,
"raw_session_or_sqlite_read_allowed": False,
}
def safe_operation_boundaries() -> dict[str, bool]:
"""Return a copy of the locked P0 onboarding operation boundaries."""
return dict(_SAFE_OPERATION_BOUNDARIES)
def source_ready_payload(
*,
schema_version: str,
source_id: str,
status: str,
readback: dict[str, Any],
next_actions: list[str],
) -> dict[str, Any]:
"""Build a stable source-readiness payload without opening runtime gates."""
payload: dict[str, Any] = {
"schema_version": schema_version,
"generated_at": "2026-06-29T12:45:00+08:00",
"source_id": source_id,
"status": status,
"readback": deepcopy(readback),
"operation_boundaries": safe_operation_boundaries(),
"next_actions": list(next_actions),
}
require_safe_operation_boundaries(payload, source_id)
return payload
def require_safe_operation_boundaries(payload: dict[str, Any], label: str) -> None:
"""Keep recreated onboarding services read-only until the apply gate opens."""
boundaries = payload.get("operation_boundaries")
if not isinstance(boundaries, dict):
raise ValueError(f"{label}: operation_boundaries must be an object")
mismatches = {
key: boundaries.get(key)
for key, expected in _SAFE_OPERATION_BOUNDARIES.items()
if boundaries.get(key) is not expected
}
if mismatches:
raise ValueError(f"{label}: unsafe operation boundaries: {mismatches}")

32
apps/api/src/services/awoooi_product_onboarding_guard.py Normal file
View File

@@ -0,0 +1,32 @@
"""AWOOOI product onboarding guard source."""
from __future__ import annotations
from typing import Any
from src.services.awoooi_onboarding_source_contracts import source_ready_payload
_SCHEMA_VERSION = "awoooi_product_onboarding_guard_v1"
def load_latest_awoooi_product_onboarding_guard() -> dict[str, Any]:
"""Return the warning-only onboarding guard source."""
return source_ready_payload(
schema_version=_SCHEMA_VERSION,
source_id="product_onboarding_guard_service",
status="guard_source_ready_warning_only",
readback={
"guard_mode": "warning_only",
"strict_blocking_enabled": False,
"hook_enabled_count": 0,
"checked_boundaries": [
"gitea_dev_baseline",
"security_contract_evidence",
"runtime_readback",
],
},
next_actions=[
"keep_guard_warning_only_until_apply_gate",
"surface_missing_product_baseline_as_evidence",
],
)