1536 lines
68 KiB
Python
1536 lines
68 KiB
Python
"""Delivery closure workbench summary.
|
|
|
|
Builds the product-facing delivery closure view from existing committed,
|
|
read-only snapshots. The summary is intentionally compact so the UI does not
|
|
need to fan out across five separate endpoints or duplicate blocker math.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
from typing import Any
|
|
|
|
from src.services.awoooi_production_deploy_readback_blocker import (
|
|
load_latest_awoooi_production_deploy_readback_blocker,
|
|
)
|
|
from src.services.awoooi_status_cleanup_dashboard import (
|
|
load_latest_awoooi_status_cleanup_dashboard,
|
|
)
|
|
from src.services.backup_dr_readiness_matrix import (
|
|
load_latest_backup_dr_readiness_matrix,
|
|
)
|
|
from src.services.credential_escrow_evidence_intake_readiness import (
|
|
load_latest_credential_escrow_evidence_intake_readiness,
|
|
)
|
|
from src.services.gitea_private_inventory_p0_scorecard import (
|
|
load_latest_gitea_private_inventory_p0_scorecard,
|
|
)
|
|
from src.services.gitea_workflow_runner_health import (
|
|
load_latest_gitea_workflow_runner_health,
|
|
)
|
|
from src.services.p0_cicd_baseline_source_readiness import (
|
|
load_latest_p0_cicd_baseline_source_readiness,
|
|
)
|
|
from src.services.reboot_auto_recovery_slo_scorecard import (
|
|
load_latest_reboot_auto_recovery_slo_scorecard,
|
|
)
|
|
from src.services.runtime_surface_inventory import (
|
|
load_latest_runtime_surface_inventory,
|
|
)
|
|
|
|
_SCHEMA_VERSION = "delivery_closure_workbench_v1"
|
|
|
|
|
|
def load_delivery_closure_workbench() -> dict[str, Any]:
|
|
"""Load existing delivery snapshots and return a compact workbench model."""
|
|
status_cleanup = load_latest_awoooi_status_cleanup_dashboard()
|
|
production_deploy = load_latest_awoooi_production_deploy_readback_blocker()
|
|
private_inventory = load_latest_gitea_private_inventory_p0_scorecard()
|
|
cicd_baseline = load_latest_p0_cicd_baseline_source_readiness()
|
|
gitea = load_latest_gitea_workflow_runner_health()
|
|
runtime = load_latest_runtime_surface_inventory()
|
|
backup = load_latest_backup_dr_readiness_matrix()
|
|
credential_escrow_intake = load_latest_credential_escrow_evidence_intake_readiness()
|
|
reboot_slo = load_latest_reboot_auto_recovery_slo_scorecard()
|
|
return build_delivery_closure_workbench(
|
|
status_cleanup=status_cleanup,
|
|
production_deploy=production_deploy,
|
|
private_inventory=private_inventory,
|
|
cicd_baseline=cicd_baseline,
|
|
gitea=gitea,
|
|
runtime=runtime,
|
|
backup=backup,
|
|
credential_escrow_intake=credential_escrow_intake,
|
|
reboot_slo=reboot_slo,
|
|
)
|
|
|
|
|
|
def build_delivery_closure_workbench(
|
|
*,
|
|
status_cleanup: dict[str, Any],
|
|
production_deploy: dict[str, Any],
|
|
private_inventory: dict[str, Any],
|
|
cicd_baseline: dict[str, Any],
|
|
gitea: dict[str, Any],
|
|
runtime: dict[str, Any],
|
|
backup: dict[str, Any],
|
|
credential_escrow_intake: dict[str, Any],
|
|
reboot_slo: dict[str, Any],
|
|
) -> dict[str, Any]:
|
|
"""Build the delivery workbench response from already validated snapshots."""
|
|
status_summary = _dict(status_cleanup.get("summary"))
|
|
private_inventory_readback = _dict(private_inventory.get("readback"))
|
|
private_inventory_rollups = _dict(private_inventory.get("rollups"))
|
|
private_inventory_boundaries = _dict(private_inventory.get("operation_boundaries"))
|
|
private_inventory_retired_github = _dict(
|
|
private_inventory.get("github_retired_context")
|
|
)
|
|
private_inventory_single_preflight = _dict(
|
|
private_inventory.get("authenticated_inventory_single_preflight_intake")
|
|
)
|
|
private_inventory_single_preflight_boundaries = _dict(
|
|
private_inventory_single_preflight.get("operation_boundaries")
|
|
)
|
|
cicd_baseline_readback = _dict(cicd_baseline.get("readback"))
|
|
cicd_baseline_rollups = _dict(cicd_baseline.get("rollups"))
|
|
production_deploy_readback = _dict(production_deploy.get("readback"))
|
|
production_deploy_rollups = _dict(production_deploy.get("rollups"))
|
|
gitea_status = _dict(gitea.get("program_status"))
|
|
gitea_rollups = _dict(gitea.get("rollups"))
|
|
runtime_status = _dict(runtime.get("program_status"))
|
|
runtime_rollups = _dict(runtime.get("rollups"))
|
|
backup_status = _dict(backup.get("program_status"))
|
|
backup_rollups = _dict(backup.get("rollups"))
|
|
reboot_readback = _dict(reboot_slo.get("readback"))
|
|
reboot_rollups = _dict(reboot_slo.get("rollups"))
|
|
reboot_stockplatform = _dict(reboot_slo.get("stockplatform_data_freshness"))
|
|
reboot_stockplatform_eod = _dict(reboot_stockplatform.get("eod_window"))
|
|
reboot_stockplatform_recovery_gate = _dict(
|
|
reboot_stockplatform.get("controlled_recovery_gate")
|
|
)
|
|
credential_intake_rollups = _dict(credential_escrow_intake.get("rollups"))
|
|
credential_intake_readback = _dict(credential_escrow_intake.get("readback"))
|
|
single_preflight_intake = _dict(
|
|
credential_escrow_intake.get("single_preflight_intake")
|
|
)
|
|
single_preflight_boundaries = _dict(
|
|
single_preflight_intake.get("operation_boundaries")
|
|
)
|
|
|
|
private_inventory_blockers = _int(
|
|
private_inventory_rollups.get("active_blocker_count")
|
|
)
|
|
reboot_blockers = _int(reboot_rollups.get("active_blocker_count"))
|
|
credential_escrow_required_items = _int(
|
|
backup_rollups.get("credential_escrow_required_item_count")
|
|
)
|
|
credential_escrow_missing_items = _int(
|
|
backup_rollups.get("credential_escrow_effective_missing_count")
|
|
)
|
|
credential_escrow_completion = _percent(
|
|
(
|
|
(credential_escrow_required_items - credential_escrow_missing_items)
|
|
/ max(credential_escrow_required_items, 1)
|
|
)
|
|
* 100
|
|
)
|
|
backup_blocked_row_ids = _strings(backup_rollups.get("blocked_row_ids"))
|
|
backup_non_credential_blockers = [
|
|
row_id
|
|
for row_id in backup_blocked_row_ids
|
|
if row_id != "credential_escrow_markers"
|
|
]
|
|
runtime_action_required = set(
|
|
_strings(runtime_rollups.get("action_required_surface_ids"))
|
|
)
|
|
runtime_secret_surfaces = set(_strings(runtime_rollups.get("secret_surface_ids")))
|
|
|
|
lanes = [
|
|
{
|
|
"id": "release",
|
|
"source_id": "status_cleanup",
|
|
"completion_percent": _percent(
|
|
status_summary.get("overall_completion_percent")
|
|
),
|
|
"status": str(status_summary.get("dashboard_status") or "unknown"),
|
|
"blocker_count": _int(status_summary.get("blocked_gate_count")),
|
|
"metric": {
|
|
"kind": "blocked_gate",
|
|
"blocked": _int(status_summary.get("blocked_gate_count")),
|
|
"total": _int(status_summary.get("gate_count")),
|
|
},
|
|
"href": "/governance?tab=automation-inventory",
|
|
"next_action": _first_string(status_cleanup.get("next_actions")),
|
|
},
|
|
{
|
|
"id": "production_deploy",
|
|
"source_id": "production_deploy_readback",
|
|
"completion_percent": _percent(
|
|
100
|
|
if production_deploy_rollups.get("production_image_tag_matches_main")
|
|
is True
|
|
else 40
|
|
),
|
|
"status": str(production_deploy.get("status") or "unknown"),
|
|
"blocker_count": _int(production_deploy_rollups.get("hard_blocker_count")),
|
|
"metric": {
|
|
"kind": "deploy_readback",
|
|
"observed_source_control_main_short_sha": str(
|
|
production_deploy_readback.get(
|
|
"observed_source_control_main_short_sha"
|
|
)
|
|
or ""
|
|
),
|
|
"production_image_tag_short_sha": str(
|
|
production_deploy_readback.get("production_image_tag_short_sha")
|
|
or ""
|
|
),
|
|
"production_image_tag_matches_main": production_deploy_readback.get(
|
|
"production_image_tag_matches_main"
|
|
)
|
|
is True,
|
|
"current_main_cd_run_visible": production_deploy_readback.get(
|
|
"current_main_cd_run_visible"
|
|
)
|
|
is True,
|
|
"authorized_dispatch_channel_ready": production_deploy_readback.get(
|
|
"authorized_dispatch_channel_ready"
|
|
)
|
|
is True,
|
|
"manual_run_button_visible": production_deploy_readback.get(
|
|
"manual_run_button_visible"
|
|
)
|
|
is True,
|
|
"gitea_sign_in_required": production_deploy_readback.get(
|
|
"gitea_sign_in_required"
|
|
)
|
|
is True,
|
|
"dispatch_without_token_http_status": _int(
|
|
production_deploy_readback.get(
|
|
"dispatch_without_token_http_status"
|
|
)
|
|
),
|
|
"dispatch_without_token_message": str(
|
|
production_deploy_readback.get("dispatch_without_token_message")
|
|
or ""
|
|
),
|
|
"latest_visible_cd_run_id": str(
|
|
production_deploy_readback.get("latest_visible_cd_run_id") or ""
|
|
),
|
|
"latest_visible_cd_run_status": str(
|
|
production_deploy_readback.get("latest_visible_cd_run_status")
|
|
or ""
|
|
),
|
|
"latest_visible_cd_run_jobs_total_count": _int(
|
|
production_deploy_readback.get(
|
|
"latest_visible_cd_run_jobs_total_count"
|
|
)
|
|
),
|
|
"gitea_actions_list_without_token_http_status": _int(
|
|
production_deploy_readback.get(
|
|
"gitea_actions_list_without_token_http_status"
|
|
)
|
|
),
|
|
"gitea_actions_list_without_token_message": str(
|
|
production_deploy_readback.get(
|
|
"gitea_actions_list_without_token_message"
|
|
)
|
|
or ""
|
|
),
|
|
"latest_visible_waiting_runner_run_id": str(
|
|
production_deploy_readback.get(
|
|
"latest_visible_waiting_runner_run_id"
|
|
)
|
|
or ""
|
|
),
|
|
"latest_visible_waiting_runner_workflow": str(
|
|
production_deploy_readback.get(
|
|
"latest_visible_waiting_runner_workflow"
|
|
)
|
|
or ""
|
|
),
|
|
"latest_visible_waiting_runner_kind": str(
|
|
production_deploy_readback.get(
|
|
"latest_visible_waiting_runner_kind"
|
|
)
|
|
or ""
|
|
),
|
|
"latest_visible_waiting_runner_status": str(
|
|
production_deploy_readback.get(
|
|
"latest_visible_waiting_runner_status"
|
|
)
|
|
or ""
|
|
),
|
|
"latest_visible_waiting_runner_label": str(
|
|
production_deploy_readback.get(
|
|
"latest_visible_waiting_runner_label"
|
|
)
|
|
or ""
|
|
),
|
|
"public_actions_queue_readback_schema_version": str(
|
|
production_deploy_readback.get(
|
|
"public_actions_queue_readback_schema_version"
|
|
)
|
|
or ""
|
|
),
|
|
"public_actions_queue_readback_verifier": str(
|
|
production_deploy_readback.get(
|
|
"public_actions_queue_readback_verifier"
|
|
)
|
|
or ""
|
|
),
|
|
"non110_runner_cd_closure_verifier_schema_version": str(
|
|
production_deploy_readback.get(
|
|
"non110_runner_cd_closure_verifier_schema_version"
|
|
)
|
|
or ""
|
|
),
|
|
"non110_runner_cd_closure_verifier": str(
|
|
production_deploy_readback.get(
|
|
"non110_runner_cd_closure_verifier"
|
|
)
|
|
or ""
|
|
),
|
|
"non110_runner_cd_closure_status": str(
|
|
production_deploy_readback.get(
|
|
"non110_runner_cd_closure_status"
|
|
)
|
|
or ""
|
|
),
|
|
"non110_runner_cd_closure_required": production_deploy_readback.get(
|
|
"non110_runner_cd_closure_required"
|
|
)
|
|
is True,
|
|
"non110_runner_cd_closure_ordered_step_count": _int(
|
|
production_deploy_readback.get(
|
|
"non110_runner_cd_closure_ordered_step_count"
|
|
)
|
|
),
|
|
"non110_runner_cd_closure_ordered_completed_prefix_count": _int(
|
|
production_deploy_readback.get(
|
|
"non110_runner_cd_closure_ordered_completed_prefix_count"
|
|
)
|
|
),
|
|
"non110_runner_cd_closure_evidence_completed_step_count": _int(
|
|
production_deploy_readback.get(
|
|
"non110_runner_cd_closure_evidence_completed_step_count"
|
|
)
|
|
),
|
|
"non110_runner_cd_closure_ordered_completion_percent": _int(
|
|
production_deploy_readback.get(
|
|
"non110_runner_cd_closure_ordered_completion_percent"
|
|
)
|
|
),
|
|
"non110_runner_cd_closure_evidence_completion_percent": _int(
|
|
production_deploy_readback.get(
|
|
"non110_runner_cd_closure_evidence_completion_percent"
|
|
)
|
|
),
|
|
"non110_runner_cd_closure_next_blocked_step_index": _int(
|
|
production_deploy_readback.get(
|
|
"non110_runner_cd_closure_next_blocked_step_index"
|
|
)
|
|
),
|
|
"non110_runner_cd_closure_next_blocked_step_id": str(
|
|
production_deploy_readback.get(
|
|
"non110_runner_cd_closure_next_blocked_step_id"
|
|
)
|
|
or ""
|
|
),
|
|
"non110_runner_cd_closure_next_blocked_step_action": str(
|
|
production_deploy_readback.get(
|
|
"non110_runner_cd_closure_next_blocked_step_action"
|
|
)
|
|
or ""
|
|
),
|
|
"non110_runner_ready": production_deploy_readback.get(
|
|
"non110_runner_ready"
|
|
)
|
|
is True,
|
|
"non110_runner_prepare_only_source_ready": production_deploy_readback.get(
|
|
"non110_runner_prepare_only_source_ready"
|
|
)
|
|
is True,
|
|
"non110_runner_safe_registration_helper_ready": production_deploy_readback.get(
|
|
"non110_runner_safe_registration_helper_ready"
|
|
)
|
|
is True,
|
|
"non110_runner_workflow_labels_aligned": production_deploy_readback.get(
|
|
"non110_runner_workflow_labels_aligned"
|
|
)
|
|
is True,
|
|
"non110_runner_host_label": str(
|
|
production_deploy_readback.get("non110_runner_host_label") or ""
|
|
),
|
|
"non110_runner_ubuntu_label": str(
|
|
production_deploy_readback.get("non110_runner_ubuntu_label") or ""
|
|
),
|
|
"non110_runner_online_label_match": production_deploy_readback.get(
|
|
"non110_runner_online_label_match"
|
|
)
|
|
is True,
|
|
"non110_runner_autostart_path_armed": production_deploy_readback.get(
|
|
"non110_runner_autostart_path_armed"
|
|
)
|
|
is True,
|
|
"non110_runner_ready_autostart_path_count": _int(
|
|
production_deploy_readback.get(
|
|
"non110_runner_ready_autostart_path_count"
|
|
)
|
|
),
|
|
"non110_runner_registration_condition_required": production_deploy_readback.get(
|
|
"non110_runner_registration_condition_required"
|
|
)
|
|
is True,
|
|
"non110_runner_ready_config_count": _int(
|
|
production_deploy_readback.get(
|
|
"non110_runner_ready_config_count"
|
|
)
|
|
),
|
|
"non110_runner_ready_service_count": _int(
|
|
production_deploy_readback.get(
|
|
"non110_runner_ready_service_count"
|
|
)
|
|
),
|
|
"non110_runner_ready_registration_count": _int(
|
|
production_deploy_readback.get(
|
|
"non110_runner_ready_registration_count"
|
|
)
|
|
),
|
|
"non110_runner_safe_next_step": str(
|
|
production_deploy_readback.get("non110_runner_safe_next_step")
|
|
or ""
|
|
),
|
|
"non110_runner_remaining_blocker_count": len(
|
|
_strings(
|
|
production_deploy_readback.get(
|
|
"non110_runner_remaining_blockers"
|
|
)
|
|
)
|
|
),
|
|
},
|
|
"href": "/deployments",
|
|
"next_action": _first_string(production_deploy.get("next_actions")),
|
|
},
|
|
{
|
|
"id": "reboot_auto_recovery",
|
|
"source_id": "reboot_auto_recovery_slo_scorecard",
|
|
"completion_percent": _percent(
|
|
reboot_rollups.get("readiness_percent")
|
|
),
|
|
"status": str(reboot_slo.get("status") or "unknown"),
|
|
"blocker_count": reboot_blockers,
|
|
"metric": {
|
|
"kind": "reboot_auto_recovery_slo",
|
|
"workplan_id": str(reboot_readback.get("workplan_id") or "P0-006"),
|
|
"target_minutes": _int(reboot_readback.get("target_minutes")),
|
|
"can_claim_all_services_recovered_within_target": reboot_rollups.get(
|
|
"can_claim_all_services_recovered_within_target"
|
|
)
|
|
is True,
|
|
"active_blockers": _strings(reboot_slo.get("active_blockers")),
|
|
"post_start_blocked": _int(
|
|
reboot_rollups.get("post_start_blocked")
|
|
),
|
|
"service_green": reboot_rollups.get("service_green") is True,
|
|
"product_data_green": reboot_rollups.get("product_data_green")
|
|
is True,
|
|
"backup_core_green": reboot_rollups.get("backup_core_green") is True,
|
|
"observed_host_count": _int(
|
|
reboot_rollups.get("observed_host_count")
|
|
),
|
|
"missing_host_count": _int(reboot_rollups.get("missing_host_count")),
|
|
"unreachable_host_count": _int(
|
|
reboot_rollups.get("unreachable_host_count")
|
|
),
|
|
"stale_host_count": _int(reboot_rollups.get("stale_host_count")),
|
|
"stockplatform_freshness_status": str(
|
|
reboot_rollups.get("stockplatform_freshness_status") or ""
|
|
),
|
|
"stockplatform_ingestion_status": str(
|
|
reboot_rollups.get("stockplatform_ingestion_status") or ""
|
|
),
|
|
"stockplatform_freshness_blocker_count": _int(
|
|
reboot_rollups.get("stockplatform_freshness_blocker_count")
|
|
),
|
|
"stockplatform_ingestion_blocker_count": _int(
|
|
reboot_rollups.get("stockplatform_ingestion_blocker_count")
|
|
),
|
|
"stockplatform_freshness_blockers": _strings(
|
|
reboot_stockplatform.get("freshness_blockers")
|
|
),
|
|
"stockplatform_ingestion_blockers": _strings(
|
|
reboot_stockplatform.get("ingestion_blockers")
|
|
),
|
|
"stockplatform_eod_classification": str(
|
|
reboot_stockplatform_eod.get("classification") or ""
|
|
),
|
|
"stockplatform_eod_next_action": str(
|
|
reboot_stockplatform_eod.get("next_action") or ""
|
|
),
|
|
"stockplatform_final_retry_window_end_local": str(
|
|
reboot_stockplatform_eod.get("final_retry_window_end_local") or ""
|
|
),
|
|
"stockplatform_final_retry_window_passed": reboot_rollups.get(
|
|
"stockplatform_final_retry_window_passed"
|
|
)
|
|
is True,
|
|
"stockplatform_controlled_recovery_gate_required": reboot_rollups.get(
|
|
"stockplatform_controlled_recovery_gate_required"
|
|
)
|
|
is True,
|
|
"stockplatform_controlled_recovery_gate_status": str(
|
|
reboot_stockplatform_recovery_gate.get("status") or ""
|
|
),
|
|
"host_reboot_performed": _dict(
|
|
reboot_slo.get("operation_boundaries")
|
|
).get("host_reboot_performed")
|
|
is True,
|
|
"service_restart_performed": _dict(
|
|
reboot_slo.get("operation_boundaries")
|
|
).get("service_restart_performed")
|
|
is True,
|
|
"database_write_or_restore_performed": _dict(
|
|
reboot_slo.get("operation_boundaries")
|
|
).get("database_write_or_restore_performed")
|
|
is True,
|
|
"secret_value_collection_allowed": _dict(
|
|
reboot_slo.get("operation_boundaries")
|
|
).get("secret_value_collection_allowed")
|
|
is True,
|
|
},
|
|
"href": "/operations",
|
|
"next_action": str(reboot_readback.get("safe_next_step") or ""),
|
|
},
|
|
{
|
|
"id": "credential_escrow",
|
|
"source_id": "backup_dr_credential_escrow",
|
|
"completion_percent": credential_escrow_completion,
|
|
"status": str(
|
|
backup_rollups.get("credential_escrow_intake_status")
|
|
or "blocked_waiting_non_secret_credential_escrow_evidence"
|
|
),
|
|
"blocker_count": credential_escrow_missing_items,
|
|
"metric": {
|
|
"kind": "credential_escrow_evidence",
|
|
"workplan_id": "P0-005",
|
|
"required_item_count": credential_escrow_required_items,
|
|
"effective_missing_count": credential_escrow_missing_items,
|
|
"active_gate_present": backup_rollups.get(
|
|
"credential_escrow_active_gate_present"
|
|
)
|
|
is True,
|
|
"preflight_status": str(
|
|
backup_rollups.get("credential_escrow_preflight_status") or ""
|
|
),
|
|
"owner_response_received_count": _int(
|
|
backup_rollups.get(
|
|
"credential_escrow_owner_response_received_count"
|
|
)
|
|
),
|
|
"owner_response_accepted_count": _int(
|
|
backup_rollups.get(
|
|
"credential_escrow_owner_response_accepted_count"
|
|
)
|
|
),
|
|
"runtime_gate_count": _int(
|
|
backup_rollups.get("credential_escrow_runtime_gate_count")
|
|
),
|
|
"secret_value_collection_allowed": (
|
|
backup_rollups.get(
|
|
"credential_escrow_secret_value_collection_allowed"
|
|
)
|
|
is True
|
|
),
|
|
"credential_marker_write_authorized_count": _int(
|
|
backup_rollups.get("credential_marker_write_authorized_count")
|
|
),
|
|
"forbidden_true_field_count": _int(
|
|
backup_rollups.get("credential_escrow_forbidden_true_field_count")
|
|
),
|
|
"single_preflight_intake_ready": (
|
|
credential_escrow_intake.get("single_preflight_intake_ready")
|
|
is True
|
|
),
|
|
"single_preflight_intake_ready_count": _int(
|
|
credential_intake_rollups.get("single_preflight_intake_ready_count")
|
|
),
|
|
"single_preflight_intake_schema_version": str(
|
|
single_preflight_intake.get("schema_version") or ""
|
|
),
|
|
"single_preflight_required_item_count": _int(
|
|
single_preflight_intake.get("required_item_count")
|
|
),
|
|
"single_preflight_secret_value_collection_allowed": (
|
|
single_preflight_boundaries.get("secret_value_collection_allowed")
|
|
is True
|
|
),
|
|
"single_preflight_credential_marker_write_performed": (
|
|
single_preflight_boundaries.get(
|
|
"credential_marker_write_performed"
|
|
)
|
|
is True
|
|
),
|
|
"single_preflight_runtime_action_performed": (
|
|
single_preflight_boundaries.get("runtime_action_performed") is True
|
|
),
|
|
"owner_response_skeleton_required_item_count": _int(
|
|
credential_escrow_intake.get(
|
|
"owner_response_skeleton_required_item_count"
|
|
)
|
|
),
|
|
"owner_response_skeleton_secret_value_collection_allowed": (
|
|
credential_escrow_intake.get(
|
|
"owner_response_skeleton_secret_value_collection_allowed"
|
|
)
|
|
is True
|
|
),
|
|
"scorecard_schema_version": str(
|
|
backup_rollups.get(
|
|
"credential_escrow_intake_scorecard_schema_version"
|
|
)
|
|
or ""
|
|
),
|
|
"scorecard_verifier": str(
|
|
backup_rollups.get("credential_escrow_intake_scorecard_verifier")
|
|
or ""
|
|
),
|
|
},
|
|
"href": "/operations",
|
|
"next_action": "collect_redacted_non_secret_evidence_refs_then_rerun_preflight",
|
|
},
|
|
{
|
|
"id": "gitea_private_inventory",
|
|
"source_id": "gitea_private_inventory_p0_scorecard",
|
|
"completion_percent": _percent(
|
|
private_inventory_rollups.get("review_readiness_percent")
|
|
),
|
|
"status": str(private_inventory.get("status") or "unknown"),
|
|
"blocker_count": private_inventory_blockers,
|
|
"metric": {
|
|
"kind": "private_inventory",
|
|
"workplan_id": str(
|
|
private_inventory_readback.get("workplan_id") or "P0-003"
|
|
),
|
|
"private_inventory_source": str(
|
|
private_inventory_readback.get("private_inventory_source")
|
|
or "gitea"
|
|
),
|
|
"gitea_repo_inventory_status": str(
|
|
private_inventory_rollups.get("gitea_repo_inventory_status")
|
|
or "unknown"
|
|
),
|
|
"gitea_visibility_scope": str(
|
|
private_inventory_rollups.get("gitea_visibility_scope")
|
|
or "unknown"
|
|
),
|
|
"gitea_public_repo_count": _int(
|
|
private_inventory_rollups.get("gitea_public_repo_count")
|
|
),
|
|
"expected_product_count": _int(
|
|
private_inventory_rollups.get("expected_product_count")
|
|
),
|
|
"present_product_row_count": _int(
|
|
private_inventory_rollups.get("present_product_row_count")
|
|
),
|
|
"missing_product_row_count": _int(
|
|
private_inventory_rollups.get("missing_product_row_count")
|
|
),
|
|
"accepted_inventory_payload_count": _int(
|
|
private_inventory_rollups.get("accepted_inventory_payload_count")
|
|
),
|
|
"owner_coverage_attestation_received_count": _int(
|
|
private_inventory_rollups.get(
|
|
"owner_coverage_attestation_received_count"
|
|
)
|
|
),
|
|
"authenticated_inventory_single_preflight_intake_ready": (
|
|
private_inventory.get(
|
|
"authenticated_inventory_single_preflight_intake_ready"
|
|
)
|
|
is True
|
|
),
|
|
"authenticated_inventory_single_preflight_intake_ready_count": _int(
|
|
private_inventory_rollups.get(
|
|
"authenticated_inventory_single_preflight_intake_ready_count"
|
|
)
|
|
),
|
|
"authenticated_inventory_single_preflight_intake_schema_version": str(
|
|
private_inventory_single_preflight.get("schema_version") or ""
|
|
),
|
|
"authenticated_inventory_payload_skeleton_repo_count_floor": _int(
|
|
private_inventory_rollups.get(
|
|
"authenticated_inventory_payload_skeleton_repo_count_floor"
|
|
)
|
|
),
|
|
"authenticated_inventory_required_redaction_attestation_count": _int(
|
|
private_inventory_rollups.get(
|
|
"authenticated_inventory_required_redaction_attestation_count"
|
|
)
|
|
),
|
|
"authenticated_inventory_single_preflight_token_value_collection_allowed": (
|
|
private_inventory_single_preflight_boundaries.get(
|
|
"token_value_collection_allowed"
|
|
)
|
|
is True
|
|
),
|
|
"authenticated_inventory_single_preflight_repo_write_performed": (
|
|
private_inventory_single_preflight_boundaries.get(
|
|
"repo_write_performed"
|
|
)
|
|
is True
|
|
),
|
|
"authenticated_inventory_single_preflight_refs_sync_performed": (
|
|
private_inventory_single_preflight_boundaries.get(
|
|
"refs_sync_performed"
|
|
)
|
|
is True
|
|
),
|
|
"authenticated_inventory_single_preflight_github_api_used": (
|
|
private_inventory_single_preflight_boundaries.get("github_api_used")
|
|
is True
|
|
),
|
|
"authenticated_inventory_single_preflight_runtime_action_performed": (
|
|
private_inventory_single_preflight_boundaries.get(
|
|
"runtime_action_performed"
|
|
)
|
|
is True
|
|
),
|
|
"github_lane_excluded_from_p0_blocker_count": (
|
|
private_inventory_rollups.get(
|
|
"github_lane_excluded_from_p0_blocker_count"
|
|
)
|
|
is True
|
|
),
|
|
"active_blockers": _strings(private_inventory.get("active_blockers")),
|
|
},
|
|
"href": "/delivery",
|
|
"next_action": str(private_inventory_readback.get("safe_next_step") or ""),
|
|
},
|
|
{
|
|
"id": "cicd_baseline",
|
|
"source_id": "p0_cicd_baseline_source_readiness",
|
|
"completion_percent": _percent(
|
|
cicd_baseline_rollups.get("source_readiness_percent")
|
|
),
|
|
"status": str(cicd_baseline.get("status") or "unknown"),
|
|
"blocker_count": _int(
|
|
cicd_baseline_rollups.get("missing_required_source_count")
|
|
),
|
|
"metric": {
|
|
"kind": "source_readiness",
|
|
"workplan_id": str(
|
|
cicd_baseline_readback.get("workplan_id") or "P0-004"
|
|
),
|
|
"required_source_count": _int(
|
|
cicd_baseline_rollups.get("required_source_count")
|
|
),
|
|
"present_required_source_count": _int(
|
|
cicd_baseline_rollups.get("present_required_source_count")
|
|
),
|
|
"missing_required_source_count": _int(
|
|
cicd_baseline_rollups.get("missing_required_source_count")
|
|
),
|
|
"source_readiness_percent": _int(
|
|
cicd_baseline_rollups.get("source_readiness_percent")
|
|
),
|
|
"blocked_source_ids": _strings(
|
|
cicd_baseline_rollups.get("blocked_source_ids")
|
|
),
|
|
"workflow_modification_allowed": _dict(
|
|
cicd_baseline.get("operation_boundaries")
|
|
).get("workflow_modification_allowed")
|
|
is True,
|
|
"workflow_trigger_allowed": _dict(
|
|
cicd_baseline.get("operation_boundaries")
|
|
).get("workflow_trigger_allowed")
|
|
is True,
|
|
"safe_next_step": str(
|
|
cicd_baseline_readback.get("safe_next_step") or ""
|
|
),
|
|
},
|
|
"href": "/deployments",
|
|
"next_action": _first_string(cicd_baseline.get("next_actions")),
|
|
},
|
|
{
|
|
"id": "gitea",
|
|
"source_id": "gitea_ci_cd",
|
|
"completion_percent": _percent(
|
|
gitea_status.get("overall_completion_percent")
|
|
),
|
|
"status": str(gitea_status.get("current_task_id") or "unknown"),
|
|
"blocker_count": len(
|
|
_strings(gitea_rollups.get("runner_contracts_requiring_action"))
|
|
),
|
|
"metric": {
|
|
"kind": "workflow_count",
|
|
"count": _int(gitea_rollups.get("total_workflows")),
|
|
},
|
|
"href": "/deployments",
|
|
"next_action": _first_contract_action(gitea.get("runner_contracts")),
|
|
},
|
|
{
|
|
"id": "runtime",
|
|
"source_id": "runtime_surface",
|
|
"completion_percent": _percent(
|
|
runtime_status.get("overall_completion_percent")
|
|
),
|
|
"status": str(runtime_status.get("current_task_id") or "unknown"),
|
|
"blocker_count": len(runtime_action_required | runtime_secret_surfaces),
|
|
"metric": {
|
|
"kind": "surface_count",
|
|
"total": _int(runtime_rollups.get("total_surfaces")),
|
|
},
|
|
"href": "/governance?tab=automation-inventory",
|
|
"next_action": _first_surface_action(runtime.get("runtime_surfaces")),
|
|
},
|
|
{
|
|
"id": "backup",
|
|
"source_id": "backup_dr",
|
|
"completion_percent": _percent(
|
|
backup_status.get("overall_completion_percent")
|
|
),
|
|
"status": str(backup_status.get("current_task_id") or "unknown"),
|
|
"blocker_count": len(backup_non_credential_blockers),
|
|
"metric": {
|
|
"kind": "readiness_row_count",
|
|
"rows": _int(backup_rollups.get("total_rows")),
|
|
"blocked_row_ids": backup_blocked_row_ids,
|
|
"non_credential_blocked_row_ids": backup_non_credential_blockers,
|
|
"credential_escrow_intake_scorecard_schema_version": str(
|
|
backup_rollups.get(
|
|
"credential_escrow_intake_scorecard_schema_version"
|
|
)
|
|
or ""
|
|
),
|
|
"credential_escrow_intake_scorecard_verifier": str(
|
|
backup_rollups.get("credential_escrow_intake_scorecard_verifier")
|
|
or ""
|
|
),
|
|
"credential_escrow_intake_status": str(
|
|
backup_rollups.get("credential_escrow_intake_status") or ""
|
|
),
|
|
"credential_escrow_active_gate_present": backup_rollups.get(
|
|
"credential_escrow_active_gate_present"
|
|
)
|
|
is True,
|
|
"credential_escrow_preflight_status": str(
|
|
backup_rollups.get("credential_escrow_preflight_status") or ""
|
|
),
|
|
"credential_escrow_required_item_count": _int(
|
|
backup_rollups.get("credential_escrow_required_item_count")
|
|
),
|
|
"credential_escrow_effective_missing_count": _int(
|
|
backup_rollups.get("credential_escrow_effective_missing_count")
|
|
),
|
|
"credential_escrow_owner_response_received_count": _int(
|
|
backup_rollups.get(
|
|
"credential_escrow_owner_response_received_count"
|
|
)
|
|
),
|
|
"credential_escrow_owner_response_accepted_count": _int(
|
|
backup_rollups.get(
|
|
"credential_escrow_owner_response_accepted_count"
|
|
)
|
|
),
|
|
"credential_escrow_runtime_gate_count": _int(
|
|
backup_rollups.get("credential_escrow_runtime_gate_count")
|
|
),
|
|
"credential_escrow_secret_value_collection_allowed": (
|
|
backup_rollups.get(
|
|
"credential_escrow_secret_value_collection_allowed"
|
|
)
|
|
is True
|
|
),
|
|
"credential_marker_write_authorized_count": _int(
|
|
backup_rollups.get("credential_marker_write_authorized_count")
|
|
),
|
|
"credential_escrow_forbidden_true_field_count": _int(
|
|
backup_rollups.get(
|
|
"credential_escrow_forbidden_true_field_count"
|
|
)
|
|
),
|
|
"credential_escrow_single_preflight_intake_ready": (
|
|
credential_escrow_intake.get("single_preflight_intake_ready")
|
|
is True
|
|
),
|
|
"credential_escrow_single_preflight_intake_schema_version": str(
|
|
single_preflight_intake.get("schema_version") or ""
|
|
),
|
|
"credential_escrow_single_preflight_required_item_count": _int(
|
|
single_preflight_intake.get("required_item_count")
|
|
),
|
|
"credential_escrow_single_preflight_secret_value_collection_allowed": (
|
|
single_preflight_boundaries.get("secret_value_collection_allowed")
|
|
is True
|
|
),
|
|
},
|
|
"href": "/operations",
|
|
"next_action": _first_backup_action(backup.get("readiness_rows")),
|
|
},
|
|
]
|
|
|
|
for lane in lanes:
|
|
lane["tone"] = _tone(
|
|
_int(lane["blocker_count"]), _int(lane["completion_percent"])
|
|
)
|
|
|
|
source_statuses = [
|
|
_source_status("status_cleanup", status_cleanup),
|
|
_source_status("production_deploy_readback", production_deploy),
|
|
_source_status("reboot_auto_recovery_slo_scorecard", reboot_slo),
|
|
_source_status("gitea_private_inventory_p0_scorecard", private_inventory),
|
|
_source_status("p0_cicd_baseline_source_readiness", cicd_baseline),
|
|
_source_status("gitea_ci_cd", gitea),
|
|
_source_status("runtime_surface", runtime),
|
|
_source_status("backup_dr", backup),
|
|
]
|
|
generated_candidates = [
|
|
source["generated_at"] for source in source_statuses if source["generated_at"]
|
|
]
|
|
loaded_source_count = sum(1 for source in source_statuses if source["loaded"])
|
|
high_risk_blocker_count = sum(_int(lane["blocker_count"]) for lane in lanes)
|
|
average_completion = _percent(
|
|
sum(_int(lane["completion_percent"]) for lane in lanes) / max(len(lanes), 1)
|
|
)
|
|
next_focus = [
|
|
{
|
|
"lane_id": lane["id"],
|
|
"blocker_count": lane["blocker_count"],
|
|
"completion_percent": lane["completion_percent"],
|
|
"next_action": lane["next_action"],
|
|
}
|
|
for lane in lanes
|
|
if _int(lane["blocker_count"]) > 0 or _int(lane["completion_percent"]) < 80
|
|
][:5]
|
|
|
|
return {
|
|
"schema_version": _SCHEMA_VERSION,
|
|
"generated_at": max(generated_candidates) if generated_candidates else "",
|
|
"status": "blocked_delivery_actions_required"
|
|
if high_risk_blocker_count
|
|
else "ready",
|
|
"summary": {
|
|
"source_count": len(source_statuses),
|
|
"loaded_source_count": loaded_source_count,
|
|
"average_completion_percent": average_completion,
|
|
"high_risk_blocker_count": high_risk_blocker_count,
|
|
"runtime_execution_authorized": False,
|
|
"remote_write_authorized": False,
|
|
"repo_creation_authorized": False,
|
|
"visibility_change_authorized": False,
|
|
"refs_sync_authorized": False,
|
|
"workflow_trigger_authorized": False,
|
|
"reboot_auto_recovery_status": str(reboot_slo.get("status") or ""),
|
|
"reboot_auto_recovery_workplan_id": str(
|
|
reboot_readback.get("workplan_id") or "P0-006"
|
|
),
|
|
"reboot_auto_recovery_readiness_percent": _int(
|
|
reboot_rollups.get("readiness_percent")
|
|
),
|
|
"reboot_auto_recovery_active_blocker_count": reboot_blockers,
|
|
"reboot_auto_recovery_can_claim_slo": reboot_rollups.get(
|
|
"can_claim_all_services_recovered_within_target"
|
|
)
|
|
is True,
|
|
"reboot_auto_recovery_service_green": reboot_rollups.get("service_green")
|
|
is True,
|
|
"reboot_auto_recovery_product_data_green": reboot_rollups.get(
|
|
"product_data_green"
|
|
)
|
|
is True,
|
|
"reboot_auto_recovery_observed_host_count": _int(
|
|
reboot_rollups.get("observed_host_count")
|
|
),
|
|
"reboot_auto_recovery_stale_host_count": _int(
|
|
reboot_rollups.get("stale_host_count")
|
|
),
|
|
"reboot_auto_recovery_stockplatform_freshness_status": str(
|
|
reboot_rollups.get("stockplatform_freshness_status") or ""
|
|
),
|
|
"reboot_auto_recovery_stockplatform_ingestion_status": str(
|
|
reboot_rollups.get("stockplatform_ingestion_status") or ""
|
|
),
|
|
"reboot_auto_recovery_stockplatform_final_retry_window_passed": (
|
|
reboot_rollups.get("stockplatform_final_retry_window_passed") is True
|
|
),
|
|
"reboot_auto_recovery_stockplatform_controlled_recovery_gate_required": (
|
|
reboot_rollups.get("stockplatform_controlled_recovery_gate_required")
|
|
is True
|
|
),
|
|
"reboot_auto_recovery_safe_next_step": str(
|
|
reboot_readback.get("safe_next_step") or ""
|
|
),
|
|
"gitea_private_inventory_status": str(private_inventory.get("status") or ""),
|
|
"gitea_private_inventory_workplan_id": str(
|
|
private_inventory_readback.get("workplan_id") or ""
|
|
),
|
|
"gitea_private_inventory_source": str(
|
|
private_inventory_readback.get("private_inventory_source") or ""
|
|
),
|
|
"gitea_private_inventory_review_readiness_percent": _int(
|
|
private_inventory_rollups.get("review_readiness_percent")
|
|
),
|
|
"gitea_private_inventory_active_blocker_count": private_inventory_blockers,
|
|
"gitea_private_inventory_repo_inventory_status": str(
|
|
private_inventory_rollups.get("gitea_repo_inventory_status") or ""
|
|
),
|
|
"gitea_private_inventory_visibility_scope": str(
|
|
private_inventory_rollups.get("gitea_visibility_scope") or ""
|
|
),
|
|
"gitea_private_inventory_public_repo_count": _int(
|
|
private_inventory_rollups.get("gitea_public_repo_count")
|
|
),
|
|
"gitea_private_inventory_expected_product_count": _int(
|
|
private_inventory_rollups.get("expected_product_count")
|
|
),
|
|
"gitea_private_inventory_present_product_row_count": _int(
|
|
private_inventory_rollups.get("present_product_row_count")
|
|
),
|
|
"gitea_private_inventory_missing_product_row_count": _int(
|
|
private_inventory_rollups.get("missing_product_row_count")
|
|
),
|
|
"gitea_private_inventory_accepted_payload_count": _int(
|
|
private_inventory_rollups.get("accepted_inventory_payload_count")
|
|
),
|
|
"gitea_private_inventory_owner_coverage_attestation_received_count": _int(
|
|
private_inventory_rollups.get(
|
|
"owner_coverage_attestation_received_count"
|
|
)
|
|
),
|
|
"gitea_private_inventory_authenticated_single_preflight_intake_ready": (
|
|
private_inventory.get(
|
|
"authenticated_inventory_single_preflight_intake_ready"
|
|
)
|
|
is True
|
|
),
|
|
"gitea_private_inventory_authenticated_single_preflight_intake_ready_count": _int(
|
|
private_inventory_rollups.get(
|
|
"authenticated_inventory_single_preflight_intake_ready_count"
|
|
)
|
|
),
|
|
"gitea_private_inventory_authenticated_single_preflight_intake_schema_version": str(
|
|
private_inventory_single_preflight.get("schema_version") or ""
|
|
),
|
|
"gitea_private_inventory_authenticated_payload_skeleton_repo_count_floor": _int(
|
|
private_inventory_rollups.get(
|
|
"authenticated_inventory_payload_skeleton_repo_count_floor"
|
|
)
|
|
),
|
|
"gitea_private_inventory_authenticated_required_redaction_attestation_count": _int(
|
|
private_inventory_rollups.get(
|
|
"authenticated_inventory_required_redaction_attestation_count"
|
|
)
|
|
),
|
|
"gitea_private_inventory_authenticated_single_preflight_token_value_collection_allowed": (
|
|
private_inventory_single_preflight_boundaries.get(
|
|
"token_value_collection_allowed"
|
|
)
|
|
is True
|
|
),
|
|
"gitea_private_inventory_authenticated_single_preflight_repo_write_performed": (
|
|
private_inventory_single_preflight_boundaries.get("repo_write_performed")
|
|
is True
|
|
),
|
|
"gitea_private_inventory_authenticated_single_preflight_refs_sync_performed": (
|
|
private_inventory_single_preflight_boundaries.get("refs_sync_performed")
|
|
is True
|
|
),
|
|
"gitea_private_inventory_authenticated_single_preflight_github_api_used": (
|
|
private_inventory_single_preflight_boundaries.get("github_api_used")
|
|
is True
|
|
),
|
|
"gitea_private_inventory_authenticated_single_preflight_runtime_action_performed": (
|
|
private_inventory_single_preflight_boundaries.get(
|
|
"runtime_action_performed"
|
|
)
|
|
is True
|
|
),
|
|
"gitea_private_inventory_all_active_product_repos_have_owner_readiness_row": (
|
|
private_inventory_rollups.get(
|
|
"all_active_product_repos_have_gitea_owner_readiness_row"
|
|
)
|
|
is True
|
|
),
|
|
"gitea_private_inventory_safe_next_step": str(
|
|
private_inventory_readback.get("safe_next_step") or ""
|
|
),
|
|
"github_global_freeze_enabled": True,
|
|
"github_lane_status": str(
|
|
private_inventory_retired_github.get("status")
|
|
or "stopped_retired_do_not_use"
|
|
),
|
|
"github_lane_excluded_from_p0_blocker_count": (
|
|
private_inventory_rollups.get(
|
|
"github_lane_excluded_from_p0_blocker_count"
|
|
)
|
|
is True
|
|
),
|
|
"p0_cicd_baseline_status": str(cicd_baseline.get("status") or ""),
|
|
"p0_cicd_baseline_workplan_id": str(
|
|
cicd_baseline_readback.get("workplan_id") or ""
|
|
),
|
|
"p0_cicd_baseline_source_readiness_percent": _int(
|
|
cicd_baseline_rollups.get("source_readiness_percent")
|
|
),
|
|
"p0_cicd_baseline_required_source_count": _int(
|
|
cicd_baseline_rollups.get("required_source_count")
|
|
),
|
|
"p0_cicd_baseline_present_required_source_count": _int(
|
|
cicd_baseline_rollups.get("present_required_source_count")
|
|
),
|
|
"p0_cicd_baseline_missing_required_source_count": _int(
|
|
cicd_baseline_rollups.get("missing_required_source_count")
|
|
),
|
|
"p0_cicd_baseline_blocked_source_ids": _strings(
|
|
cicd_baseline_rollups.get("blocked_source_ids")
|
|
),
|
|
"p0_cicd_baseline_safe_next_step": str(
|
|
cicd_baseline_readback.get("safe_next_step") or ""
|
|
),
|
|
"production_deploy_status": str(production_deploy.get("status") or ""),
|
|
"production_deploy_source_control_main_ready": production_deploy_rollups.get(
|
|
"source_control_main_ready"
|
|
)
|
|
is True,
|
|
"production_deploy_image_tag_matches_main": production_deploy_rollups.get(
|
|
"production_image_tag_matches_main"
|
|
)
|
|
is True,
|
|
"production_deploy_governance_fields_present": production_deploy_rollups.get(
|
|
"production_governance_fields_present"
|
|
)
|
|
is True,
|
|
"production_deploy_authorized_dispatch_channel_ready": (
|
|
production_deploy_rollups.get("authorized_dispatch_channel_ready")
|
|
is True
|
|
),
|
|
"production_deploy_manual_run_button_visible": production_deploy_readback.get(
|
|
"manual_run_button_visible"
|
|
)
|
|
is True,
|
|
"production_deploy_gitea_sign_in_required": production_deploy_readback.get(
|
|
"gitea_sign_in_required"
|
|
)
|
|
is True,
|
|
"production_deploy_dispatch_without_token_http_status": _int(
|
|
production_deploy_readback.get("dispatch_without_token_http_status")
|
|
),
|
|
"production_deploy_dispatch_without_token_message": str(
|
|
production_deploy_readback.get("dispatch_without_token_message") or ""
|
|
),
|
|
"production_deploy_hard_blocker_count": _int(
|
|
production_deploy_rollups.get("hard_blocker_count")
|
|
),
|
|
"production_deploy_latest_visible_cd_run_id": str(
|
|
production_deploy_readback.get("latest_visible_cd_run_id") or ""
|
|
),
|
|
"production_deploy_latest_visible_cd_run_status": str(
|
|
production_deploy_readback.get("latest_visible_cd_run_status") or ""
|
|
),
|
|
"production_deploy_latest_visible_cd_run_jobs_total_count": _int(
|
|
production_deploy_readback.get(
|
|
"latest_visible_cd_run_jobs_total_count"
|
|
)
|
|
),
|
|
"production_deploy_gitea_actions_list_without_token_http_status": _int(
|
|
production_deploy_readback.get(
|
|
"gitea_actions_list_without_token_http_status"
|
|
)
|
|
),
|
|
"production_deploy_gitea_actions_list_without_token_message": str(
|
|
production_deploy_readback.get(
|
|
"gitea_actions_list_without_token_message"
|
|
)
|
|
or ""
|
|
),
|
|
"production_deploy_latest_visible_waiting_runner_run_id": str(
|
|
production_deploy_readback.get("latest_visible_waiting_runner_run_id")
|
|
or ""
|
|
),
|
|
"production_deploy_latest_visible_waiting_runner_workflow": str(
|
|
production_deploy_readback.get(
|
|
"latest_visible_waiting_runner_workflow"
|
|
)
|
|
or ""
|
|
),
|
|
"production_deploy_latest_visible_waiting_runner_kind": str(
|
|
production_deploy_readback.get("latest_visible_waiting_runner_kind")
|
|
or ""
|
|
),
|
|
"production_deploy_latest_visible_waiting_runner_status": str(
|
|
production_deploy_readback.get("latest_visible_waiting_runner_status")
|
|
or ""
|
|
),
|
|
"production_deploy_latest_visible_waiting_runner_label": str(
|
|
production_deploy_readback.get("latest_visible_waiting_runner_label")
|
|
or ""
|
|
),
|
|
"production_deploy_public_actions_queue_readback_schema_version": str(
|
|
production_deploy_readback.get(
|
|
"public_actions_queue_readback_schema_version"
|
|
)
|
|
or ""
|
|
),
|
|
"production_deploy_public_actions_queue_readback_verifier": str(
|
|
production_deploy_readback.get("public_actions_queue_readback_verifier")
|
|
or ""
|
|
),
|
|
"production_deploy_non110_runner_cd_closure_verifier_schema_version": str(
|
|
production_deploy_readback.get(
|
|
"non110_runner_cd_closure_verifier_schema_version"
|
|
)
|
|
or ""
|
|
),
|
|
"production_deploy_non110_runner_cd_closure_verifier": str(
|
|
production_deploy_readback.get("non110_runner_cd_closure_verifier")
|
|
or ""
|
|
),
|
|
"production_deploy_non110_runner_cd_closure_status": str(
|
|
production_deploy_readback.get("non110_runner_cd_closure_status")
|
|
or ""
|
|
),
|
|
"production_deploy_non110_runner_cd_closure_required": (
|
|
production_deploy_readback.get("non110_runner_cd_closure_required")
|
|
is True
|
|
),
|
|
"production_deploy_non110_runner_cd_closure_ordered_step_count": _int(
|
|
production_deploy_readback.get(
|
|
"non110_runner_cd_closure_ordered_step_count"
|
|
)
|
|
),
|
|
"production_deploy_non110_runner_cd_closure_ordered_completed_prefix_count": _int(
|
|
production_deploy_readback.get(
|
|
"non110_runner_cd_closure_ordered_completed_prefix_count"
|
|
)
|
|
),
|
|
"production_deploy_non110_runner_cd_closure_evidence_completed_step_count": _int(
|
|
production_deploy_readback.get(
|
|
"non110_runner_cd_closure_evidence_completed_step_count"
|
|
)
|
|
),
|
|
"production_deploy_non110_runner_cd_closure_ordered_completion_percent": _int(
|
|
production_deploy_readback.get(
|
|
"non110_runner_cd_closure_ordered_completion_percent"
|
|
)
|
|
),
|
|
"production_deploy_non110_runner_cd_closure_evidence_completion_percent": _int(
|
|
production_deploy_readback.get(
|
|
"non110_runner_cd_closure_evidence_completion_percent"
|
|
)
|
|
),
|
|
"production_deploy_non110_runner_cd_closure_next_blocked_step_index": _int(
|
|
production_deploy_readback.get(
|
|
"non110_runner_cd_closure_next_blocked_step_index"
|
|
)
|
|
),
|
|
"production_deploy_non110_runner_cd_closure_next_blocked_step_id": str(
|
|
production_deploy_readback.get(
|
|
"non110_runner_cd_closure_next_blocked_step_id"
|
|
)
|
|
or ""
|
|
),
|
|
"production_deploy_non110_runner_cd_closure_next_blocked_step_action": str(
|
|
production_deploy_readback.get(
|
|
"non110_runner_cd_closure_next_blocked_step_action"
|
|
)
|
|
or ""
|
|
),
|
|
"production_deploy_non110_runner_ready": production_deploy_readback.get(
|
|
"non110_runner_ready"
|
|
)
|
|
is True,
|
|
"production_deploy_non110_runner_prepare_only_source_ready": (
|
|
production_deploy_readback.get("non110_runner_prepare_only_source_ready")
|
|
is True
|
|
),
|
|
"production_deploy_non110_runner_safe_registration_helper_ready": (
|
|
production_deploy_readback.get(
|
|
"non110_runner_safe_registration_helper_ready"
|
|
)
|
|
is True
|
|
),
|
|
"production_deploy_non110_runner_workflow_labels_aligned": (
|
|
production_deploy_readback.get(
|
|
"non110_runner_workflow_labels_aligned"
|
|
)
|
|
is True
|
|
),
|
|
"production_deploy_non110_runner_host_label": str(
|
|
production_deploy_readback.get("non110_runner_host_label") or ""
|
|
),
|
|
"production_deploy_non110_runner_ubuntu_label": str(
|
|
production_deploy_readback.get("non110_runner_ubuntu_label") or ""
|
|
),
|
|
"production_deploy_non110_runner_online_label_match": (
|
|
production_deploy_readback.get("non110_runner_online_label_match")
|
|
is True
|
|
),
|
|
"production_deploy_non110_runner_autostart_path_armed": (
|
|
production_deploy_readback.get("non110_runner_autostart_path_armed")
|
|
is True
|
|
),
|
|
"production_deploy_non110_runner_ready_autostart_path_count": _int(
|
|
production_deploy_readback.get(
|
|
"non110_runner_ready_autostart_path_count"
|
|
)
|
|
),
|
|
"production_deploy_non110_runner_registration_condition_required": (
|
|
production_deploy_readback.get(
|
|
"non110_runner_registration_condition_required"
|
|
)
|
|
is True
|
|
),
|
|
"production_deploy_non110_runner_ready_config_count": _int(
|
|
production_deploy_readback.get("non110_runner_ready_config_count")
|
|
),
|
|
"production_deploy_non110_runner_ready_service_count": _int(
|
|
production_deploy_readback.get("non110_runner_ready_service_count")
|
|
),
|
|
"production_deploy_non110_runner_ready_registration_count": _int(
|
|
production_deploy_readback.get(
|
|
"non110_runner_ready_registration_count"
|
|
)
|
|
),
|
|
"production_deploy_non110_runner_safe_next_step": str(
|
|
production_deploy_readback.get("non110_runner_safe_next_step") or ""
|
|
),
|
|
"production_deploy_non110_runner_remaining_blocker_count": len(
|
|
_strings(
|
|
production_deploy_readback.get(
|
|
"non110_runner_remaining_blockers"
|
|
)
|
|
)
|
|
),
|
|
"backup_credential_escrow_intake_scorecard_schema_version": str(
|
|
backup_rollups.get(
|
|
"credential_escrow_intake_scorecard_schema_version"
|
|
)
|
|
or ""
|
|
),
|
|
"backup_credential_escrow_intake_scorecard_verifier": str(
|
|
backup_rollups.get("credential_escrow_intake_scorecard_verifier")
|
|
or ""
|
|
),
|
|
"backup_credential_escrow_intake_status": str(
|
|
backup_rollups.get("credential_escrow_intake_status") or ""
|
|
),
|
|
"backup_credential_escrow_active_gate_present": backup_rollups.get(
|
|
"credential_escrow_active_gate_present"
|
|
)
|
|
is True,
|
|
"backup_credential_escrow_preflight_status": str(
|
|
backup_rollups.get("credential_escrow_preflight_status") or ""
|
|
),
|
|
"backup_credential_escrow_required_item_count": _int(
|
|
backup_rollups.get("credential_escrow_required_item_count")
|
|
),
|
|
"backup_credential_escrow_effective_missing_count": _int(
|
|
backup_rollups.get("credential_escrow_effective_missing_count")
|
|
),
|
|
"backup_credential_escrow_owner_response_received_count": _int(
|
|
backup_rollups.get(
|
|
"credential_escrow_owner_response_received_count"
|
|
)
|
|
),
|
|
"backup_credential_escrow_owner_response_accepted_count": _int(
|
|
backup_rollups.get(
|
|
"credential_escrow_owner_response_accepted_count"
|
|
)
|
|
),
|
|
"backup_credential_escrow_runtime_gate_count": _int(
|
|
backup_rollups.get("credential_escrow_runtime_gate_count")
|
|
),
|
|
"backup_credential_escrow_secret_value_collection_allowed": (
|
|
backup_rollups.get(
|
|
"credential_escrow_secret_value_collection_allowed"
|
|
)
|
|
is True
|
|
),
|
|
"backup_credential_marker_write_authorized_count": _int(
|
|
backup_rollups.get("credential_marker_write_authorized_count")
|
|
),
|
|
"backup_credential_escrow_forbidden_true_field_count": _int(
|
|
backup_rollups.get("credential_escrow_forbidden_true_field_count")
|
|
),
|
|
"backup_credential_escrow_single_preflight_intake_ready": (
|
|
credential_escrow_intake.get("single_preflight_intake_ready") is True
|
|
),
|
|
"backup_credential_escrow_single_preflight_intake_ready_count": _int(
|
|
credential_intake_rollups.get("single_preflight_intake_ready_count")
|
|
),
|
|
"backup_credential_escrow_single_preflight_intake_schema_version": str(
|
|
single_preflight_intake.get("schema_version") or ""
|
|
),
|
|
"backup_credential_escrow_single_preflight_required_item_count": _int(
|
|
single_preflight_intake.get("required_item_count")
|
|
),
|
|
"backup_credential_escrow_single_preflight_safe_next_step": str(
|
|
credential_intake_readback.get("safe_next_step")
|
|
or credential_escrow_intake.get("safe_next_step")
|
|
or ""
|
|
),
|
|
"backup_credential_escrow_single_preflight_secret_value_collection_allowed": (
|
|
single_preflight_boundaries.get("secret_value_collection_allowed")
|
|
is True
|
|
),
|
|
"backup_credential_escrow_single_preflight_credential_marker_write_performed": (
|
|
single_preflight_boundaries.get("credential_marker_write_performed")
|
|
is True
|
|
),
|
|
"backup_credential_escrow_single_preflight_runtime_action_performed": (
|
|
single_preflight_boundaries.get("runtime_action_performed") is True
|
|
),
|
|
"github_write_channel_ready": False,
|
|
"github_account_status": "stopped_retired_do_not_use",
|
|
"github_account_suspended": False,
|
|
"github_api_forbidden_count": 0,
|
|
"github_controlled_apply_ready_count": 0,
|
|
"github_blocked_preflight_target_count": 0,
|
|
"github_operator_unblock_required": False,
|
|
"github_operator_unblock_status": "github_global_freeze_stopped_retired_do_not_use",
|
|
"github_internal_governance_writeback_ready": False,
|
|
"github_mcp_evidence_packet_count": 0,
|
|
"github_rag_evidence_ref_count": 0,
|
|
"github_km_writeback_ready_count": 0,
|
|
"github_playbook_writeback_ready_count": 0,
|
|
"github_timeline_log_ready_count": 0,
|
|
"github_logbook_entry_count": 0,
|
|
"secret_values_collected": False,
|
|
},
|
|
"source_statuses": source_statuses,
|
|
"lanes": lanes,
|
|
"next_focus": next_focus,
|
|
"operation_boundaries": {
|
|
"read_only_api_allowed": True,
|
|
"runtime_write_allowed": False,
|
|
"remote_write_allowed": False,
|
|
"repo_creation_allowed": False,
|
|
"visibility_change_allowed": False,
|
|
"refs_sync_allowed": False,
|
|
"workflow_trigger_allowed": False,
|
|
"production_deploy_trigger_allowed": _dict(
|
|
production_deploy.get("operation_boundaries")
|
|
).get("deploy_trigger_allowed")
|
|
is True,
|
|
"gitea_api_write_allowed": private_inventory_boundaries.get(
|
|
"gitea_api_write_allowed"
|
|
)
|
|
is True,
|
|
"gitea_authenticated_inventory_import_execution_allowed": (
|
|
private_inventory_boundaries.get(
|
|
"authenticated_inventory_import_execution_allowed"
|
|
)
|
|
is True
|
|
),
|
|
"github_write_channel_ready": False,
|
|
"github_controlled_apply_allowed": False,
|
|
"secret_value_collection_allowed": False,
|
|
"backup_restore_execution_allowed": False,
|
|
"active_scan_allowed": False,
|
|
"host_reboot_performed": _dict(
|
|
reboot_slo.get("operation_boundaries")
|
|
).get("host_reboot_performed")
|
|
is True,
|
|
"service_restart_performed": _dict(
|
|
reboot_slo.get("operation_boundaries")
|
|
).get("service_restart_performed")
|
|
is True,
|
|
"database_write_or_restore_performed": _dict(
|
|
reboot_slo.get("operation_boundaries")
|
|
).get("database_write_or_restore_performed")
|
|
is True,
|
|
"stockplatform_manual_data_write_performed": _dict(
|
|
reboot_slo.get("operation_boundaries")
|
|
).get("stockplatform_manual_data_write_performed")
|
|
is True,
|
|
},
|
|
}
|
|
|
|
|
|
def _source_status(source_id: str, payload: dict[str, Any]) -> dict[str, Any]:
|
|
source_missing = payload.get("source_missing") is True
|
|
return {
|
|
"id": source_id,
|
|
"loaded": not source_missing,
|
|
"schema_version": str(payload.get("schema_version") or ""),
|
|
"generated_at": str(payload.get("generated_at") or ""),
|
|
"missing_reason": str(payload.get("missing_reason") or "")
|
|
if source_missing
|
|
else "",
|
|
}
|
|
|
|
|
|
def _tone(blocker_count: int, percent: int) -> str:
|
|
if blocker_count > 0:
|
|
return "danger"
|
|
if percent < 80:
|
|
return "warn"
|
|
return "ok"
|
|
|
|
|
|
def _dict(value: Any) -> dict[str, Any]:
|
|
return value if isinstance(value, dict) else {}
|
|
|
|
|
|
def _int(value: Any) -> int:
|
|
if isinstance(value, bool):
|
|
return int(value)
|
|
if isinstance(value, int | float):
|
|
return int(value)
|
|
return 0
|
|
|
|
|
|
def _percent(value: Any) -> int:
|
|
return max(0, min(100, round(float(value or 0))))
|
|
|
|
|
|
def _strings(value: Any) -> list[str]:
|
|
if not isinstance(value, list):
|
|
return []
|
|
return [str(item) for item in value if item is not None]
|
|
|
|
|
|
def _first_string(value: Any) -> str:
|
|
if isinstance(value, list) and value:
|
|
return str(value[0])
|
|
return ""
|
|
|
|
|
|
def _first_contract_action(value: Any) -> str:
|
|
if not isinstance(value, list):
|
|
return ""
|
|
for row in value:
|
|
if isinstance(row, dict) and row.get("status") == "action_required":
|
|
return str(row.get("next_action") or "")
|
|
return _first_row_action(value)
|
|
|
|
|
|
def _first_surface_action(value: Any) -> str:
|
|
if not isinstance(value, list):
|
|
return ""
|
|
for row in value:
|
|
if isinstance(row, dict) and row.get("status") != "manifest_mapped":
|
|
return str(row.get("next_action") or "")
|
|
return _first_row_action(value)
|
|
|
|
|
|
def _first_backup_action(value: Any) -> str:
|
|
if not isinstance(value, list):
|
|
return ""
|
|
for row in value:
|
|
if isinstance(row, dict) and row.get("overall_readiness") in {
|
|
"blocked",
|
|
"action_required",
|
|
}:
|
|
return str(row.get("next_action") or "")
|
|
return _first_row_action(value)
|
|
|
|
|
|
def _first_row_action(value: Any) -> str:
|
|
if not isinstance(value, list):
|
|
return ""
|
|
for row in value:
|
|
if isinstance(row, dict) and row.get("next_action"):
|
|
return str(row["next_action"])
|
|
return ""
|