From 4a0a8bf75b7fe49e00567a32d95cf86f58cda175 Mon Sep 17 00:00:00 2001 From: OoO Date: Tue, 19 May 2026 13:16:59 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E5=B8=82=E5=A0=B4=E6=83=85?= =?UTF-8?q?=E5=A0=B1=20queue=20review=20decision?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- TODO_NEXT_STEPS.txt | 1 + config.py | 2 +- ...s-platform-market-campaign-intelligence.md | 1 + routes/README.md | 4 +- routes/market_intel_review_routes.py | 44 +++ .../candidate_queue_review_decision.py | 219 +++++++++++++ services/market_intel/deployment_readiness.py | 13 +- services/market_intel/service.py | 2 +- templates/market_intel/disabled.html | 117 +++++++ tests/test_market_intel_skeleton.py | 306 ++++++++++++++---- 10 files changed, 648 insertions(+), 61 deletions(-) create mode 100644 services/market_intel/candidate_queue_review_decision.py diff --git a/TODO_NEXT_STEPS.txt b/TODO_NEXT_STEPS.txt index 55c9478..f8b4251 100644 --- a/TODO_NEXT_STEPS.txt +++ b/TODO_NEXT_STEPS.txt @@ -136,6 +136,7 @@ - Phase 63 candidate queue writer run closeout:新增 `services/market_intel/candidate_queue_writer_run_closeout.py`、POST `/api/market_intel/manual_sample_review/candidate_queue_writer_run_closeout` 與 UI closeout 按鈕,在 receipt 通過後檢查 closeout artifact、操作員人工 queue review/read-only inventory 確認與安全 promotion gate;API/UI 不回吐原始 receipt、不讀 approval token、不執行 CLI、不連 DB、不寫 queue、不掛 scheduler;版本同步至 V10.248。 - Phase 64 candidate queue review handoff:新增 `services/market_intel/candidate_queue_review_handoff.py`、POST `/api/market_intel/manual_sample_review/candidate_queue_review_handoff` 與 UI handoff 按鈕,將 writer closeout 轉成人工 queue review / read-only inventory 交接契約;API/UI 不讀 approval token、不查 DB、不更新 review_state、不補寫 queue、不掛 scheduler;版本同步至 V10.251。 - Phase 65 candidate queue review inventory:新增 `services/market_intel/candidate_queue_review_inventory.py`、`routes/market_intel_review_routes.py`、POST `/api/market_intel/manual_sample_review/candidate_queue_review_inventory` 與 UI inventory 按鈕,把 handoff、post-write smoke、live DB inventory 合併成只讀人工審核庫存檢查;預設不連 DB,人工只讀查詢仍不更新 review_state、不補寫 queue、不讀 token、不掛 scheduler;版本同步至 V10.252。 + - Phase 66 candidate queue review decision:新增 `services/market_intel/candidate_queue_review_decision.py`、POST `/api/market_intel/manual_sample_review/candidate_queue_review_decision` 與 UI decision 按鈕,將通過 inventory 的 queue row 整理成人工決策草案;API/UI 不更新 review_state、不寫 decision record、不讀 token、不掛 scheduler;版本同步至 V10.254。 - V10.248 補市場情報 390px preview panel QA:sample review 工具列改為 textarea + 可換行 action rail,移除舊的硬編 8 欄 grid;`check_responsive_overflow` 新增 `--screenshot-all`,本機 390x844 `/market_intel` 真頁面 QA 通過且 overflow=0。 - V10.250 補 Code Review Gemini 備援遙測護欄:Ollama 主路徑失敗時 `fallback_to` 明確指向 `code_review_openclaw_gemini`,測試鎖住「Gemini 不得記成 `code_review_openclaw` 主 caller」;AI Calls 觀測台會把 legacy `code_review_openclaw + gemini` 顯示成 Gemini 備援,避免誤判 Gemini-first。 - Schema smoke:`tests/test_market_intel_skeleton.py` 檢查 `Base.metadata` 內含 ADR-035 八張 `market_*` tables。 diff --git a/config.py b/config.py index f5d61d3..19bea0c 100644 --- a/config.py +++ b/config.py @@ -320,7 +320,7 @@ YOUTUBE_API_KEY = os.getenv('YOUTUBE_API_KEY', '') # ========================================== # 系統版本與路徑 # ========================================== -SYSTEM_VERSION = "V10.253" +SYSTEM_VERSION = "V10.254" LOG_FILE_PATH = os.path.join(BASE_DIR, 'logs/system.log') public_url = PUBLIC_URL # 用於模板顯示 diff --git a/docs/adr/ADR-035-cross-platform-market-campaign-intelligence.md b/docs/adr/ADR-035-cross-platform-market-campaign-intelligence.md index cfba11d..16dd918 100644 --- a/docs/adr/ADR-035-cross-platform-market-campaign-intelligence.md +++ b/docs/adr/ADR-035-cross-platform-market-campaign-intelligence.md @@ -191,6 +191,7 @@ EwoooC 目前已有 MOMO EDM / 節慶活動資料、`promo_products`、PChome - 2026-05-19 追加 candidate queue writer run closeout:`services.market_intel.candidate_queue_writer_run_closeout` 與 `/api/market_intel/manual_sample_review/candidate_queue_writer_run_closeout` 在 receipt 通過後整理 closeout gate、人工確認與下一階段 promotion 摘要。此 closeout 只允許放行到人工 queue review / read-only inventory;API/UI 不回吐原始 receipt、不讀 approval token、不執行 CLI、不連 DB、不寫 queue、不掛 scheduler。 - 2026-05-19 追加 candidate queue review handoff:`services.market_intel.candidate_queue_review_handoff` 與 `/api/market_intel/manual_sample_review/candidate_queue_review_handoff` 將 closeout 後的 expected dedupe key、review contract、人工操作順序與 forbidden API actions 整理為交接包。此 handoff 不查 DB、不更新 `review_state`、不補寫 missing queue row、不讀 approval token、不掛 scheduler。 - 2026-05-19 追加 candidate queue review inventory:`services.market_intel.candidate_queue_review_inventory` 與 `/api/market_intel/manual_sample_review/candidate_queue_review_inventory` 將 handoff、post-write smoke 與 live DB inventory 串成只讀人工審核庫存檢查。預設不連 DB;人工明確要求只讀查詢時仍不更新 `review_state`、不補寫 queue row、不讀 approval token、不掛 scheduler。 +- 2026-05-19 追加 candidate queue review decision:`services.market_intel.candidate_queue_review_decision` 與 `/api/market_intel/manual_sample_review/candidate_queue_review_decision` 將通過 inventory 的 queue row 整理成人工決策草案,限制 next state 為 `confirmed` / `rejected` / `deferred`。此階段不更新 `review_state`、不寫 decision record、不讀 approval token、不掛 scheduler。 ### Phase 4:Coupang / Shopee Adapter diff --git a/routes/README.md b/routes/README.md index 3aabdb6..0450431 100644 --- a/routes/README.md +++ b/routes/README.md @@ -19,8 +19,8 @@ | `edm_routes.py` | EDM 與節慶儀表板 | `/edm`, `/festival` | | `monthly_routes.py` | 月結分析 | `/monthly_summary_analysis`, `/api/monthly_summary_data` | | `daily_sales_routes.py` | 當日業績 | `/daily_sales`, `/daily_sales/export*` | -| `market_intel_routes.py` | 市場情報 Phase 65 candidate queue review inventory 主路由 | `/market_intel`, `/market_intel/*`, `/api/market_intel/status`, `/api/market_intel/schema`, `/api/market_intel/schema_smoke`, `/api/market_intel/schema_db_probe`, `/api/market_intel/platform_seed_db_diff`, `/api/market_intel/legacy_source_bridge`, `/api/market_intel/mcp_readiness`, `/api/market_intel/mcp_tool_contract`, `/api/market_intel/mcp_deploy_preflight`, `/api/market_intel/mcp_activation_runbook`, `/api/market_intel/mcp_fetch_gate`, `/api/market_intel/scheduler_plan`, `/api/market_intel/manual_sample_plan`, `/api/market_intel/manual_sample_acceptance`, `/api/market_intel/manual_sample_review`, `/api/market_intel/manual_sample_review/evaluate`, `/api/market_intel/manual_sample_review/candidate_handoff`, `/api/market_intel/manual_sample_review/candidate_queue_draft`, `/api/market_intel/manual_sample_review/candidate_queue_approval`, `/api/market_intel/manual_sample_review/candidate_queue_transaction`, `/api/market_intel/manual_sample_review/candidate_queue_writer_status`, `/api/market_intel/manual_sample_review/candidate_queue_writer_preflight`, `/api/market_intel/manual_sample_review/candidate_queue_writer_postwrite_smoke`, `/api/market_intel/manual_sample_review/candidate_queue_writer_operator_drill`, `/api/market_intel/manual_sample_review/candidate_queue_writer_run_package`, `/api/market_intel/manual_sample_review/candidate_queue_writer_run_readiness`, `/api/market_intel/manual_sample_review/candidate_queue_writer_run_receipt`, `/api/market_intel/manual_sample_review/candidate_queue_writer_run_closeout`, `/api/market_intel/manual_sample_review/candidate_queue_review_handoff`, `/api/market_intel/match_review_plan`, `/api/market_intel/opportunity_plan`, `/api/market_intel/opportunity_scoring_plan`, `/api/market_intel/opportunity_evidence_plan`, `/api/market_intel/opportunity_alert_plan`, `/api/market_intel/adapters`, `/api/market_intel/dry_run_plan`, `/api/market_intel/discovery_plan`, `/api/market_intel/manual_discovery`, `/api/market_intel/candidate_preview`, `/api/market_intel/platform_seed_plan`, `/api/market_intel/platform_seed_write_guard`, `/api/market_intel/platform_seed_writer_plan`, `/api/market_intel/migration_blueprint`, `/api/market_intel/migration_apply_drill`, `/api/market_intel/migration_catalog_review`, `/api/market_intel/migration_live_smoke`, `/api/market_intel/live_db_inventory`, `/api/market_intel/seed_writer_cli_status`, `/api/market_intel/write_approval_runbook`, `/api/market_intel/deployment_readiness` | -| `market_intel_review_routes.py` | 市場情報人工 queue review 只讀延伸 API | `/api/market_intel/manual_sample_review/candidate_queue_review_inventory` | +| `market_intel_routes.py` | 市場情報 Phase 66 candidate queue review decision 主路由 | `/market_intel`, `/market_intel/*`, `/api/market_intel/status`, `/api/market_intel/schema`, `/api/market_intel/schema_smoke`, `/api/market_intel/schema_db_probe`, `/api/market_intel/platform_seed_db_diff`, `/api/market_intel/legacy_source_bridge`, `/api/market_intel/mcp_readiness`, `/api/market_intel/mcp_tool_contract`, `/api/market_intel/mcp_deploy_preflight`, `/api/market_intel/mcp_activation_runbook`, `/api/market_intel/mcp_fetch_gate`, `/api/market_intel/scheduler_plan`, `/api/market_intel/manual_sample_plan`, `/api/market_intel/manual_sample_acceptance`, `/api/market_intel/manual_sample_review`, `/api/market_intel/manual_sample_review/evaluate`, `/api/market_intel/manual_sample_review/candidate_handoff`, `/api/market_intel/manual_sample_review/candidate_queue_draft`, `/api/market_intel/manual_sample_review/candidate_queue_approval`, `/api/market_intel/manual_sample_review/candidate_queue_transaction`, `/api/market_intel/manual_sample_review/candidate_queue_writer_status`, `/api/market_intel/manual_sample_review/candidate_queue_writer_preflight`, `/api/market_intel/manual_sample_review/candidate_queue_writer_postwrite_smoke`, `/api/market_intel/manual_sample_review/candidate_queue_writer_operator_drill`, `/api/market_intel/manual_sample_review/candidate_queue_writer_run_package`, `/api/market_intel/manual_sample_review/candidate_queue_writer_run_readiness`, `/api/market_intel/manual_sample_review/candidate_queue_writer_run_receipt`, `/api/market_intel/manual_sample_review/candidate_queue_writer_run_closeout`, `/api/market_intel/manual_sample_review/candidate_queue_review_handoff`, `/api/market_intel/match_review_plan`, `/api/market_intel/opportunity_plan`, `/api/market_intel/opportunity_scoring_plan`, `/api/market_intel/opportunity_evidence_plan`, `/api/market_intel/opportunity_alert_plan`, `/api/market_intel/adapters`, `/api/market_intel/dry_run_plan`, `/api/market_intel/discovery_plan`, `/api/market_intel/manual_discovery`, `/api/market_intel/candidate_preview`, `/api/market_intel/platform_seed_plan`, `/api/market_intel/platform_seed_write_guard`, `/api/market_intel/platform_seed_writer_plan`, `/api/market_intel/migration_blueprint`, `/api/market_intel/migration_apply_drill`, `/api/market_intel/migration_catalog_review`, `/api/market_intel/migration_live_smoke`, `/api/market_intel/live_db_inventory`, `/api/market_intel/seed_writer_cli_status`, `/api/market_intel/write_approval_runbook`, `/api/market_intel/deployment_readiness` | +| `market_intel_review_routes.py` | 市場情報人工 queue review 只讀延伸 API | `/api/market_intel/manual_sample_review/candidate_queue_review_inventory`, `/api/market_intel/manual_sample_review/candidate_queue_review_decision` | | `api_routes.py` | 通用任務與查詢 API | `/api/run_task`, `/api/history/*` | | `export_routes.py` | 匯出功能 | `/api/export/*` | | `import_routes.py` | 匯入功能 | `/api/import_excel`, `/api/import/monthly_summary` | diff --git a/routes/market_intel_review_routes.py b/routes/market_intel_review_routes.py index 2740368..09c3550 100644 --- a/routes/market_intel_review_routes.py +++ b/routes/market_intel_review_routes.py @@ -12,6 +12,9 @@ from services.market_intel.candidate_queue_review_handoff import ( from services.market_intel.candidate_queue_review_inventory import ( build_candidate_queue_review_inventory, ) +from services.market_intel.candidate_queue_review_decision import ( + build_candidate_queue_review_decision, +) from services.market_intel.candidate_queue_writer_cli import ( build_candidate_queue_writer_cli_plan, ) @@ -164,3 +167,44 @@ def market_intel_manual_sample_candidate_queue_review_inventory(): ) data["phase"] = service.phase return jsonify(data), 400 if payload_error else 200 + + +@market_intel_review_bp.route( + "/api/market_intel/manual_sample_review/candidate_queue_review_decision", + methods=["POST"], +) +@login_required +def market_intel_manual_sample_candidate_queue_review_decision(): + service = MarketIntelService() + execute_requested = request.args.get("execute", "false").lower() == "true" + sample_result, operator_evidence, writer_output, smoke_result, payload_error, limit = ( + _extract_run_payload() + ) + transaction_preview, handoff = _build_closeout_stack( + service=service, + sample_result=sample_result, + payload_error=payload_error, + operator_evidence=operator_evidence, + writer_output=writer_output, + postwrite_smoke_result=smoke_result, + limit=limit, + ) + read_only_allowed = bool(execute_requested and handoff.get("handoff_ready")) + inventory = build_candidate_queue_review_inventory( + review_handoff=handoff, + postwrite_smoke=build_candidate_queue_writer_postwrite_smoke( + transaction_preview=transaction_preview, + execute_requested=read_only_allowed, + ), + live_db_inventory=service.build_live_db_inventory( + execute_requested=read_only_allowed, + ), + operator_evidence=operator_evidence, + execute_requested=execute_requested, + ) + data = build_candidate_queue_review_decision( + review_inventory=inventory, + operator_evidence=operator_evidence, + ) + data["phase"] = service.phase + return jsonify(data), 400 if payload_error else 200 diff --git a/services/market_intel/candidate_queue_review_decision.py b/services/market_intel/candidate_queue_review_decision.py new file mode 100644 index 0000000..c9e0257 --- /dev/null +++ b/services/market_intel/candidate_queue_review_decision.py @@ -0,0 +1,219 @@ +"""候選審核 queue 人工決策草案。 + +本模組只在 review inventory 通過後整理人工決策契約; +不更新 review_state、不寫審核紀錄、不讀 approval token、不掛 scheduler。 +""" + + +FORBIDDEN_TOKEN_KEYWORDS = ( + "approval_token", + "approval-token", + "market_intel_queue_write_approval", +) +SAFE_TOKEN_METADATA_KEYS = { + "approval_token_present", + "approval_token_valid", + "approval_token_secret_configured", +} +SAFE_APPROVAL_ENV_VAR = "MARKET_INTEL_QUEUE_WRITE_APPROVAL" +TARGET_TABLE = "market_alert_review_queue" +ALLOWED_DECISIONS = ("confirmed", "rejected", "deferred") + + +def _as_dict(value): + return value if isinstance(value, dict) else {} + + +def _as_list(value): + if value is None: + return [] + if isinstance(value, (list, tuple, set)): + return list(value) + return [value] + + +def _contains_forbidden_token_key(value): + if isinstance(value, dict): + for key, nested in value.items(): + normalized_key = str(key).lower() + if normalized_key in SAFE_TOKEN_METADATA_KEYS and isinstance(nested, bool): + continue + if normalized_key == "approval_env_var" and nested == SAFE_APPROVAL_ENV_VAR: + continue + if any(token_key in normalized_key for token_key in FORBIDDEN_TOKEN_KEYWORDS): + return True + if _contains_forbidden_token_key(nested): + return True + elif isinstance(value, list): + return any(_contains_forbidden_token_key(item) for item in value) + return False + + +def _operator_summary(operator_evidence): + operator_evidence = _as_dict(operator_evidence) + proposed_decision = str(operator_evidence.get("proposed_review_decision") or "").strip() + return { + "provided_keys": sorted(operator_evidence.keys()), + "reviewer_id": str(operator_evidence.get("reviewer_id") or "").strip(), + "proposed_review_decision": proposed_decision, + "decision_notes_present": bool(str(operator_evidence.get("decision_notes") or "").strip()), + "operator_confirmed_manual_decision_only": bool( + operator_evidence.get("operator_confirmed_manual_decision_only") + ), + "operator_confirmed_no_scheduler_attach": bool( + operator_evidence.get("operator_confirmed_no_scheduler_attach") + ), + "operator_confirmed_no_api_db_write": bool( + operator_evidence.get("operator_confirmed_no_api_db_write") + ), + "approval_token_submitted_to_api": _contains_forbidden_token_key( + operator_evidence + ), + } + + +def _decision_rows(review_inventory, proposed_decision): + rows = [] + for row in _as_list(_as_dict(review_inventory).get("row_summaries")): + row = _as_dict(row) + rows.append( + { + "dedupe_key": row.get("dedupe_key"), + "current_review_state": row.get("review_state"), + "proposed_review_state": proposed_decision or None, + "priority_lane": row.get("priority_lane"), + "total_score": row.get("total_score"), + "write_status": "manual_decision_preview_only", + } + ) + return rows + + +def _review_gates(review_inventory, operator_summary, decision_rows): + proposed_decision = operator_summary["proposed_review_decision"] + return [ + { + "key": "review_inventory_ready", + "label": "上一階段 inventory 必須通過", + "passed": bool(review_inventory.get("review_inventory_ready")), + }, + { + "key": "review_rows_present", + "label": "必須有 needs_review row 可供人工決策", + "passed": bool(decision_rows), + }, + { + "key": "all_rows_still_needs_review", + "label": "所有 row 的目前狀態必須仍是 needs_review", + "passed": bool( + decision_rows + and all(row.get("current_review_state") == "needs_review" for row in decision_rows) + ), + }, + { + "key": "reviewer_identity_present", + "label": "人工審核需提供 reviewer_id", + "passed": bool(operator_summary["reviewer_id"]), + }, + { + "key": "proposed_decision_allowed", + "label": "人工決策只能是 confirmed / rejected / deferred", + "passed": proposed_decision in ALLOWED_DECISIONS, + }, + { + "key": "decision_notes_present", + "label": "人工決策需留下 notes,方便後續稽核", + "passed": bool(operator_summary["decision_notes_present"]), + }, + { + "key": "operator_confirmed_decision_is_manual", + "label": "操作員確認 API 只產生草案,不更新 review_state", + "passed": bool( + operator_summary["operator_confirmed_manual_decision_only"] + and operator_summary["operator_confirmed_no_api_db_write"] + and operator_summary["operator_confirmed_no_scheduler_attach"] + ), + }, + { + "key": "decision_no_approval_token_submitted_to_api", + "label": "payload 不得包含一次性 approval token key", + "passed": not operator_summary["approval_token_submitted_to_api"], + }, + ] + + +def build_candidate_queue_review_decision( + *, + review_inventory, + operator_evidence=None, +): + """建立人工 queue review 決策草案;不執行 DB update。""" + review_inventory = _as_dict(review_inventory) + operator_summary = _operator_summary(operator_evidence) + decision_rows = _decision_rows( + review_inventory, + operator_summary["proposed_review_decision"], + ) + gates = _review_gates(review_inventory, operator_summary, decision_rows) + blocked_reasons = [gate["key"] for gate in gates if not gate["passed"]] + decision_ready = bool(not blocked_reasons) + + return { + "mode": "candidate_queue_review_decision_preview", + "target_table": TARGET_TABLE, + "decision_ready": decision_ready, + "ready_for_human_decision_record": decision_ready, + "ready_for_api_review_state_update": False, + "ready_for_api_database_write": False, + "ready_for_scheduler_attach": False, + "api_executes_cli": False, + "api_reads_approval_token": False, + "api_writes_file": False, + "api_writes_database": False, + "api_updates_review_state": False, + "decision_record_written": False, + "review_state_update_executed": False, + "read_only_query_executed": bool(review_inventory.get("read_only_query_executed")), + "database_connection_opened": bool(review_inventory.get("database_connection_opened")), + "database_session_created": False, + "explicit_transaction_opened": False, + "database_write_executed": False, + "database_commit_executed": False, + "database_rollback_executed": False, + "external_network_executed": False, + "scheduler_attached": False, + "writes_executed": False, + "would_write_database": False, + "expected_dedupe_keys": _as_list(review_inventory.get("expected_dedupe_keys")), + "decision_rows": decision_rows, + "operator_decision_summary": operator_summary, + "blocked_reasons": blocked_reasons, + "gates": gates, + "decision_contract": { + "expected_current_state": "needs_review", + "allowed_next_states": list(ALLOWED_DECISIONS), + "manual_record_required": True, + "forbidden_api_actions": [ + "update_review_state", + "write_decision_record", + "dispatch_alert", + "attach_scheduler", + ], + }, + "next_operator_steps": [ + "人工確認每個 dedupe key 對應 evidence_json", + "選擇 confirmed / rejected / deferred 並留下 decision_notes", + "在 API 外部人工審核流程記錄 reviewer_id 與決策", + "若 row 狀態不是 needs_review,停回 inventory / post-write smoke", + ], + "safe_boundaries": [ + "do_not_update_review_state_from_api", + "do_not_write_decision_record_from_api", + "do_not_insert_missing_queue_row_from_api", + "do_not_read_approval_token_from_api", + "do_not_execute_cli_from_review_decision", + "do_not_attach_scheduler_from_review_decision", + "no_remove_orphans", + "no_momo_db_lifecycle_change", + ], + } diff --git a/services/market_intel/deployment_readiness.py b/services/market_intel/deployment_readiness.py index 09512ec..133cd7d 100644 --- a/services/market_intel/deployment_readiness.py +++ b/services/market_intel/deployment_readiness.py @@ -13,10 +13,11 @@ from services.market_intel.candidate_queue_writer_run_receipt import build_candi from services.market_intel.candidate_queue_writer_run_closeout import build_candidate_queue_writer_run_closeout from services.market_intel.candidate_queue_review_handoff import build_candidate_queue_review_handoff from services.market_intel.candidate_queue_review_inventory import build_candidate_queue_review_inventory +from services.market_intel.candidate_queue_review_decision import build_candidate_queue_review_decision -BLOCKED_RUN_REVIEW_KEYS = ("ready_for_api_database_write", "ready_for_scheduler_attach", "api_executes_cli", "api_reads_approval_token", "api_writes_file", "api_writes_database", "api_updates_review_state", "database_connection_opened", "database_write_executed", "database_commit_executed", "scheduler_attached", "writes_executed", "would_write_database") -PRODUCTION_SMOKE_TARGETS = ("/health", "/market_intel", "/api/market_intel/status", "/api/market_intel/deployment_readiness", "/api/market_intel/schema_smoke", "/api/market_intel/schema_db_probe", "/api/market_intel/platform_seed_db_diff", "/api/market_intel/legacy_source_bridge", "/api/market_intel/mcp_readiness", "/api/market_intel/mcp_tool_contract", "/api/market_intel/mcp_deploy_preflight", "/api/market_intel/mcp_activation_runbook", "/api/market_intel/mcp_fetch_gate", "/api/market_intel/scheduler_plan", "/api/market_intel/manual_sample_plan", "/api/market_intel/manual_sample_acceptance", "/api/market_intel/manual_sample_review", "/api/market_intel/match_review_plan", "/api/market_intel/opportunity_plan", "/api/market_intel/opportunity_scoring_plan", "/api/market_intel/opportunity_evidence_plan", "/api/market_intel/opportunity_alert_plan", "/api/market_intel/migration_apply_drill", "/api/market_intel/migration_catalog_review", "/api/market_intel/migration_live_smoke", "/api/market_intel/live_db_inventory", "/api/market_intel/manual_sample_review/candidate_queue_writer_postwrite_smoke", "/api/market_intel/manual_sample_review/candidate_queue_writer_operator_drill", "/api/market_intel/manual_sample_review/candidate_queue_writer_run_package", "/api/market_intel/manual_sample_review/candidate_queue_writer_run_readiness", "/api/market_intel/manual_sample_review/candidate_queue_writer_run_receipt", "/api/market_intel/manual_sample_review/candidate_queue_writer_run_closeout", "/api/market_intel/manual_sample_review/candidate_queue_review_handoff", "/api/market_intel/manual_sample_review/candidate_queue_review_inventory") +BLOCKED_RUN_REVIEW_KEYS = ("ready_for_api_database_write", "ready_for_scheduler_attach", "api_executes_cli", "api_reads_approval_token", "api_writes_file", "api_writes_database", "api_updates_review_state", "decision_record_written", "review_state_update_executed", "database_connection_opened", "database_write_executed", "database_commit_executed", "scheduler_attached", "writes_executed", "would_write_database") +PRODUCTION_SMOKE_TARGETS = ("/health", "/market_intel", "/api/market_intel/status", "/api/market_intel/deployment_readiness", "/api/market_intel/schema_smoke", "/api/market_intel/schema_db_probe", "/api/market_intel/platform_seed_db_diff", "/api/market_intel/legacy_source_bridge", "/api/market_intel/mcp_readiness", "/api/market_intel/mcp_tool_contract", "/api/market_intel/mcp_deploy_preflight", "/api/market_intel/mcp_activation_runbook", "/api/market_intel/mcp_fetch_gate", "/api/market_intel/scheduler_plan", "/api/market_intel/manual_sample_plan", "/api/market_intel/manual_sample_acceptance", "/api/market_intel/manual_sample_review", "/api/market_intel/match_review_plan", "/api/market_intel/opportunity_plan", "/api/market_intel/opportunity_scoring_plan", "/api/market_intel/opportunity_evidence_plan", "/api/market_intel/opportunity_alert_plan", "/api/market_intel/migration_apply_drill", "/api/market_intel/migration_catalog_review", "/api/market_intel/migration_live_smoke", "/api/market_intel/live_db_inventory", "/api/market_intel/manual_sample_review/candidate_queue_writer_postwrite_smoke", "/api/market_intel/manual_sample_review/candidate_queue_writer_operator_drill", "/api/market_intel/manual_sample_review/candidate_queue_writer_run_package", "/api/market_intel/manual_sample_review/candidate_queue_writer_run_readiness", "/api/market_intel/manual_sample_review/candidate_queue_writer_run_receipt", "/api/market_intel/manual_sample_review/candidate_queue_writer_run_closeout", "/api/market_intel/manual_sample_review/candidate_queue_review_handoff", "/api/market_intel/manual_sample_review/candidate_queue_review_inventory", "/api/market_intel/manual_sample_review/candidate_queue_review_decision") def _run_review_preview_safe(payload, mode): @@ -106,6 +107,9 @@ def build_deployment_readiness_preview( postwrite_smoke=candidate_queue_writer_postwrite_smoke, live_db_inventory=live_db_inventory, ) + candidate_queue_review_decision = build_candidate_queue_review_decision( + review_inventory=candidate_queue_review_inventory, + ) checks = { "schema_smoke_passed": bool(schema_smoke["passed"]), "feature_flags_default_safe": bool( @@ -332,6 +336,10 @@ def build_deployment_readiness_preview( candidate_queue_review_inventory, "candidate_queue_review_inventory_preview", ), + "candidate_queue_review_decision_preview_safe": _run_review_preview_safe( + candidate_queue_review_decision, + "candidate_queue_review_decision_preview", + ), "match_review_plan_preview_safe": bool( match_review_plan["mode"] == "match_review_plan_preview" and not match_review_plan["review_queue_created"] @@ -569,6 +577,7 @@ def build_deployment_readiness_preview( "candidate_queue_writer_run_closeout": candidate_queue_writer_run_closeout, "candidate_queue_review_handoff": candidate_queue_review_handoff, "candidate_queue_review_inventory": candidate_queue_review_inventory, + "candidate_queue_review_decision": candidate_queue_review_decision, "match_review_plan": match_review_plan, "opportunity_plan": opportunity_plan, "opportunity_scoring_plan": opportunity_scoring_plan, diff --git a/services/market_intel/service.py b/services/market_intel/service.py index c6388c9..95c2d85 100644 --- a/services/market_intel/service.py +++ b/services/market_intel/service.py @@ -108,7 +108,7 @@ class MarketIntelRuntimeStatus: class MarketIntelService: """市場情報入口服務,先集中 feature gate 與安全狀態。""" - phase = "phase_65_candidate_queue_review_inventory" + phase = "phase_66_candidate_queue_review_decision" def get_runtime_status(self) -> MarketIntelRuntimeStatus: return MarketIntelRuntimeStatus( diff --git a/templates/market_intel/disabled.html b/templates/market_intel/disabled.html index 75b74db..f49d947 100644 --- a/templates/market_intel/disabled.html +++ b/templates/market_intel/disabled.html @@ -634,6 +634,9 @@ + @@ -973,6 +976,7 @@ const sampleCandidateQueueRunCloseout = sampleReviewRoot ? sampleReviewRoot.querySelector('[data-market-intel-sample-candidate-queue-run-closeout]') : null; const sampleCandidateQueueReviewHandoff = sampleReviewRoot ? sampleReviewRoot.querySelector('[data-market-intel-sample-candidate-queue-review-handoff]') : null; const sampleCandidateQueueReviewInventory = sampleReviewRoot ? sampleReviewRoot.querySelector('[data-market-intel-sample-candidate-queue-review-inventory]') : null; + const sampleCandidateQueueReviewDecision = sampleReviewRoot ? sampleReviewRoot.querySelector('[data-market-intel-sample-candidate-queue-review-decision]') : null; const sampleReviewEndpoint = "{{ url_for('market_intel.market_intel_manual_sample_review') }}"; const sampleReviewEvaluateEndpoint = "{{ url_for('market_intel.market_intel_manual_sample_review_evaluate') }}"; const sampleCandidateHandoffEndpoint = "{{ url_for('market_intel.market_intel_manual_sample_candidate_handoff') }}"; @@ -989,6 +993,7 @@ const sampleCandidateQueueRunCloseoutEndpoint = "{{ url_for('market_intel.market_intel_manual_sample_candidate_queue_writer_run_closeout') }}"; const sampleCandidateQueueReviewHandoffEndpoint = "{{ url_for('market_intel.market_intel_manual_sample_candidate_queue_review_handoff') }}"; const sampleCandidateQueueReviewInventoryEndpoint = "{{ url_for('market_intel_review.market_intel_manual_sample_candidate_queue_review_inventory') }}"; + const sampleCandidateQueueReviewDecisionEndpoint = "{{ url_for('market_intel_review.market_intel_manual_sample_candidate_queue_review_decision') }}"; const schedulerMeta = schedulerRoot ? schedulerRoot.querySelector('[data-market-intel-scheduler-meta]') : null; const schedulerBody = schedulerRoot ? schedulerRoot.querySelector('[data-market-intel-scheduler-body]') : null; const schedulerRefresh = schedulerRoot ? schedulerRoot.querySelector('[data-market-intel-scheduler-refresh]') : null; @@ -3249,6 +3254,115 @@ } }; + const renderCandidateQueueReviewDecision = data => { + const blockers = (data.blocked_reasons || []).join(' / '); + const operator = data.operator_decision_summary || {}; + const contract = data.decision_contract || {}; + const gates = data.gates || []; + sampleReviewMeta.innerHTML = [ + `mode=${data.mode || 'unknown'}`, + `decision=${data.decision_ready ? 'ready' : 'blocked'}`, + `proposed=${operator.proposed_review_decision || 'none'}`, + `rows=${(data.decision_rows || []).length}`, + `api_update=${data.api_updates_review_state ? 'yes' : 'no'}` + ].map(item => `${escapeHtml(item)}`).join(''); + sampleReviewBody.innerHTML = ` +
此卡只產生人工 queue review decision 草案;不更新 review_state、不寫 decision record、不讀 token、不掛 scheduler。${blockers ? `阻擋:${escapeHtml(blockers)}` : ''}
+
+
+

DECISION GATES

+
${ + gates.map(gate => ` +
+
+ ${escapeHtml(gate.key)} + ${escapeHtml(gate.label)} +
+ ${gate.passed ? 'PASS' : 'BLOCK'} +
+ `).join('') || '
尚未提供 decision gates。
' + }
+
+
+

CONTRACT

+
+
+
expected_current_state
+ ${escapeHtml(contract.expected_current_state || 'needs_review')} +
+ ${(contract.allowed_next_states || []).map(item => ` +
+
${escapeHtml(item)}
+ ALLOW +
+ `).join('')} +
+
+
+

OPERATOR

+
+ ${[ + ['reviewer_id', operator.reviewer_id || 'missing'], + ['decision_notes_present', operator.decision_notes_present], + ['manual_decision_only', operator.operator_confirmed_manual_decision_only], + ['approval_token_submitted_to_api', operator.approval_token_submitted_to_api] + ].map(([key, value]) => ` +
+
${escapeHtml(key)}
+ ${escapeHtml(String(value))} +
+ `).join('')} +
+
+
+

DECISION ROWS

+
${ + (data.decision_rows || []).map(row => ` +
+
+ ${escapeHtml(row.dedupe_key || 'unknown')} + ${escapeHtml(row.current_review_state || 'unknown')} -> ${escapeHtml(row.proposed_review_state || 'none')} +
+ ${escapeHtml(row.write_status || 'preview')} +
+ `).join('') || '
尚未產生 decision rows。
' + }
+
+
+ `; + }; + + const loadCandidateQueueReviewDecision = async () => { + if (!sampleReviewMeta || !sampleReviewBody || !sampleReviewInput) return; + let parsed; + try { + parsed = JSON.parse(sampleReviewInput.value || '{}'); + } catch (error) { + sampleReviewMeta.innerHTML = 'json_error'; + sampleReviewBody.innerHTML = `
JSON 格式錯誤:${escapeHtml(error.message)}
`; + return; + } + const body = parsed && parsed.sample_result ? parsed : { sample_result: parsed }; + sampleReviewBody.innerHTML = '
產生 queue review decision 草案中...
'; + try { + const response = await fetch(sampleCandidateQueueReviewDecisionEndpoint, { + method: 'POST', + credentials: 'same-origin', + headers: { + 'Content-Type': 'application/json', + 'X-CSRFToken': csrfToken + }, + body: JSON.stringify(body) + }); + const data = await response.json(); + if (!response.ok && !data.mode) throw new Error(`HTTP ${response.status}`); + renderCandidateQueueReviewDecision(data); + } catch (error) { + sampleReviewMeta.innerHTML = 'error'; + sampleReviewBody.innerHTML = `
queue review decision 草案失敗:${escapeHtml(error.message)}
`; + } + }; + const renderSchedulerMeta = data => { schedulerMeta.innerHTML = [ `mode=${data.mode || 'unknown'}`, @@ -4785,6 +4899,9 @@ if (sampleCandidateQueueReviewInventory) { sampleCandidateQueueReviewInventory.addEventListener('click', loadCandidateQueueReviewInventory); } + if (sampleCandidateQueueReviewDecision) { + sampleCandidateQueueReviewDecision.addEventListener('click', loadCandidateQueueReviewDecision); + } if (schedulerRefresh) { schedulerRefresh.addEventListener('click', loadScheduler); } diff --git a/tests/test_market_intel_skeleton.py b/tests/test_market_intel_skeleton.py index b5a2809..34a052c 100644 --- a/tests/test_market_intel_skeleton.py +++ b/tests/test_market_intel_skeleton.py @@ -691,6 +691,7 @@ def test_market_intel_preview_template_uses_safe_fetch_false_endpoint(): assert "data-market-intel-sample-candidate-queue-run-closeout" in template assert "data-market-intel-sample-candidate-queue-review-handoff" in template assert "data-market-intel-sample-candidate-queue-review-inventory" in template + assert "data-market-intel-sample-candidate-queue-review-decision" in template assert "data-market-intel-approval" in template assert "data-market-intel-approval-gates" in template assert "data-market-intel-deploy" in template @@ -748,6 +749,10 @@ def test_market_intel_preview_template_uses_safe_fetch_false_endpoint(): "market_intel_review.market_intel_manual_sample_candidate_queue_review_inventory" in template ) + assert ( + "market_intel_review.market_intel_manual_sample_candidate_queue_review_decision" + in template + ) assert "X-CSRFToken" in template assert "market_intel.market_intel_scheduler_plan" in template assert "market_intel.market_intel_match_review_plan" in template @@ -784,7 +789,7 @@ def test_legacy_source_bridge_default_is_planned_only(): bridge = MarketIntelService().build_legacy_source_bridge() assert bridge["mode"] == "legacy_source_bridge_planned" - assert bridge["phase"] == "phase_65_candidate_queue_review_inventory" + assert bridge["phase"] == "phase_66_candidate_queue_review_decision" assert bridge["execute_requested"] is False assert bridge["read_only_query_executed"] is False assert bridge["database_connection_opened"] is False @@ -942,7 +947,7 @@ def test_mcp_tool_contract_preview_is_read_only_and_whitelisted(): contract = MarketIntelService().build_mcp_tool_contract() assert contract["mode"] == "mcp_tool_contract_preview" - assert contract["phase"] == "phase_65_candidate_queue_review_inventory" + assert contract["phase"] == "phase_66_candidate_queue_review_decision" assert contract["caller"] == "market_intel" assert contract["contract_ready"] is True assert contract["blocked_reasons"] == [] @@ -1075,7 +1080,7 @@ def test_mcp_activation_runbook_route_is_preview_only(): assert response.status_code == 200 assert data["mode"] == "mcp_activation_runbook_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["deployment_actions_executed"] is False assert data["docker_command_executed"] is False assert data["ssh_command_executed"] is False @@ -1088,7 +1093,7 @@ def test_mcp_fetch_gate_default_blocks_external_fetch(): gate = MarketIntelService().build_mcp_fetch_gate(fetch_requested=True) assert gate["mode"] == "mcp_fetch_gate_planned" - assert gate["phase"] == "phase_65_candidate_queue_review_inventory" + assert gate["phase"] == "phase_66_candidate_queue_review_decision" assert gate["fetch_requested"] is True assert gate["manual_fetch_gate_open"] is False assert gate["network_request_allowed"] is False @@ -1158,7 +1163,7 @@ def test_mcp_fetch_gate_route_is_preview_only(): assert response.status_code == 200 assert data["mode"] == "mcp_fetch_gate_planned" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["fetch_requested"] is False assert data["network_request_allowed"] is False assert data["external_network_executed"] is False @@ -1170,7 +1175,7 @@ def test_manual_sample_plan_preview_blocks_fetch_and_write(): plan = MarketIntelService().build_manual_sample_plan() assert plan["mode"] == "manual_sample_fetch_plan_preview" - assert plan["phase"] == "phase_65_candidate_queue_review_inventory" + assert plan["phase"] == "phase_66_candidate_queue_review_decision" assert plan["ready_for_manual_sample_fetch"] is False assert plan["sample_fetch_executed"] is False assert plan["external_network_executed"] is False @@ -1218,7 +1223,7 @@ def test_manual_sample_plan_route_is_preview_only(): assert response.status_code == 200 assert data["mode"] == "manual_sample_fetch_plan_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["sample_fetch_executed"] is False assert data["external_network_executed"] is False assert data["database_write_executed"] is False @@ -1229,7 +1234,7 @@ def test_manual_sample_acceptance_preview_blocks_candidate_import(): acceptance = MarketIntelService().build_manual_sample_acceptance() assert acceptance["mode"] == "manual_sample_acceptance_preview" - assert acceptance["phase"] == "phase_65_candidate_queue_review_inventory" + assert acceptance["phase"] == "phase_66_candidate_queue_review_decision" assert acceptance["contract_ready"] is True assert acceptance["sample_result_loaded"] is False assert acceptance["sample_result_accepted"] is False @@ -1271,7 +1276,7 @@ def test_manual_sample_acceptance_route_is_preview_only(): assert response.status_code == 200 assert data["mode"] == "manual_sample_acceptance_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["sample_result_loaded"] is False assert data["candidate_import_allowed"] is False assert data["external_network_executed"] is False @@ -1283,7 +1288,7 @@ def test_manual_sample_review_preview_is_planned_until_result_loaded(): review = MarketIntelService().build_manual_sample_review() assert review["mode"] == "manual_sample_review_preview" - assert review["phase"] == "phase_65_candidate_queue_review_inventory" + assert review["phase"] == "phase_66_candidate_queue_review_decision" assert review["contract_ready"] is True assert review["sample_result_loaded"] is False assert review["sample_result_reviewed"] is False @@ -1394,7 +1399,7 @@ def test_manual_sample_review_route_is_preview_only(): assert response.status_code == 200 assert data["mode"] == "manual_sample_review_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["sample_result_loaded"] is False assert data["sample_result_reviewed"] is False assert data["candidate_import_allowed"] is False @@ -1433,7 +1438,7 @@ def test_manual_sample_review_evaluation_preview_accepts_payload_without_persist ) assert review["mode"] == "manual_sample_review_evaluation_preview" - assert review["phase"] == "phase_65_candidate_queue_review_inventory" + assert review["phase"] == "phase_66_candidate_queue_review_decision" assert review["review_request_type"] == "operator_posted_json" assert review["payload_received"] is True assert review["payload_valid_json_object"] is True @@ -1495,7 +1500,7 @@ def test_manual_sample_review_evaluate_route_is_post_only_and_no_write(): assert response.status_code == 200 assert data["mode"] == "manual_sample_review_evaluation_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["payload_received"] is True assert data["payload_valid_json_object"] is True assert data["payload_persisted"] is False @@ -1575,7 +1580,7 @@ def test_manual_sample_candidate_handoff_preview_creates_candidates_without_pers ) assert handoff["mode"] == "manual_sample_candidate_handoff_preview" - assert handoff["phase"] == "phase_65_candidate_queue_review_inventory" + assert handoff["phase"] == "phase_66_candidate_queue_review_decision" assert handoff["payload_received"] is True assert handoff["payload_valid_json_object"] is True assert handoff["payload_persisted"] is False @@ -1639,7 +1644,7 @@ def test_manual_sample_candidate_handoff_route_is_post_only_and_no_write(): assert response.status_code == 200 assert data["mode"] == "manual_sample_candidate_handoff_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["payload_received"] is True assert data["handoff_ready"] is True assert data["candidate_handoff_created"] is True @@ -1698,7 +1703,7 @@ def test_manual_sample_candidate_queue_draft_preview_builds_review_items_without ) assert queue_draft["mode"] == "manual_sample_candidate_queue_draft_preview" - assert queue_draft["phase"] == "phase_65_candidate_queue_review_inventory" + assert queue_draft["phase"] == "phase_66_candidate_queue_review_decision" assert queue_draft["payload_received"] is True assert queue_draft["payload_valid_json_object"] is True assert queue_draft["payload_persisted"] is False @@ -1772,7 +1777,7 @@ def test_manual_sample_candidate_queue_draft_route_is_post_only_and_no_write(): assert response.status_code == 200 assert data["mode"] == "manual_sample_candidate_queue_draft_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["payload_received"] is True assert data["handoff_ready"] is True assert data["queue_draft_ready"] is True @@ -1835,7 +1840,7 @@ def test_manual_sample_candidate_queue_approval_preview_blocks_write_and_maps_ro ) assert approval["mode"] == "manual_sample_candidate_queue_approval_preview" - assert approval["phase"] == "phase_65_candidate_queue_review_inventory" + assert approval["phase"] == "phase_66_candidate_queue_review_decision" assert approval["payload_received"] is True assert approval["payload_valid_json_object"] is True assert approval["payload_persisted"] is False @@ -1913,7 +1918,7 @@ def test_manual_sample_candidate_queue_approval_route_is_post_only_and_no_write( assert response.status_code == 200 assert data["mode"] == "manual_sample_candidate_queue_approval_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["payload_received"] is True assert data["approval_preview_created"] is True assert data["approval_request_created"] is False @@ -1976,7 +1981,7 @@ def test_manual_sample_candidate_queue_transaction_preview_blocks_execution(): ) assert transaction["mode"] == "manual_sample_candidate_queue_transaction_preview" - assert transaction["phase"] == "phase_65_candidate_queue_review_inventory" + assert transaction["phase"] == "phase_66_candidate_queue_review_decision" assert transaction["payload_received"] is True assert transaction["payload_valid_json_object"] is True assert transaction["payload_persisted"] is False @@ -2056,7 +2061,7 @@ def test_manual_sample_candidate_queue_transaction_route_is_post_only_and_no_wri assert response.status_code == 200 assert data["mode"] == "manual_sample_candidate_queue_transaction_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["payload_received"] is True assert data["transaction_preview_created"] is True assert data["transaction_ready"] is False @@ -3398,6 +3403,88 @@ def test_candidate_queue_review_inventory_preview_is_read_only_manual_gate(): ) +def test_candidate_queue_review_decision_preview_is_manual_only(): + from services.market_intel.candidate_queue_review_decision import ( + build_candidate_queue_review_decision, + ) + + fixture = _build_candidate_queue_writer_receipt_fixture( + "sample-batch-review-decision" + ) + inventory = { + "mode": "candidate_queue_review_inventory_preview", + "review_inventory_ready": True, + "read_only_query_executed": True, + "database_connection_opened": True, + "database_write_executed": False, + "database_commit_executed": False, + "scheduler_attached": False, + "expected_dedupe_keys": fixture["expected_keys"], + "row_summaries": [ + { + "dedupe_key": fixture["expected_keys"][0], + "review_state": "needs_review", + "priority_lane": "watch", + "total_score": 82.5, + } + ], + } + operator_evidence = { + "reviewer_id": "operator-a", + "proposed_review_decision": "confirmed", + "decision_notes": "evidence reviewed manually", + "operator_confirmed_manual_decision_only": True, + "operator_confirmed_no_api_db_write": True, + "operator_confirmed_no_scheduler_attach": True, + } + decision = build_candidate_queue_review_decision( + review_inventory=inventory, + operator_evidence=operator_evidence, + ) + token_leak = build_candidate_queue_review_decision( + review_inventory=inventory, + operator_evidence={**operator_evidence, "approval_token": TEST_APPROVAL_TOKEN}, + ) + + assert decision["mode"] == "candidate_queue_review_decision_preview" + assert decision["decision_ready"] is True + assert decision["ready_for_human_decision_record"] is True + assert decision["ready_for_api_review_state_update"] is False + assert decision["ready_for_api_database_write"] is False + assert decision["ready_for_scheduler_attach"] is False + assert decision["api_executes_cli"] is False + assert decision["api_reads_approval_token"] is False + assert decision["api_writes_database"] is False + assert decision["api_updates_review_state"] is False + assert decision["decision_record_written"] is False + assert decision["review_state_update_executed"] is False + assert decision["database_write_executed"] is False + assert decision["database_commit_executed"] is False + assert decision["scheduler_attached"] is False + assert decision["decision_rows"][0]["current_review_state"] == "needs_review" + assert decision["decision_rows"][0]["proposed_review_state"] == "confirmed" + assert decision["decision_contract"]["allowed_next_states"] == [ + "confirmed", + "rejected", + "deferred", + ] + assert "update_review_state" in decision["decision_contract"]["forbidden_api_actions"] + assert "do_not_write_decision_record_from_api" in decision["safe_boundaries"] + assert decision["blocked_reasons"] == [] + assert token_leak["decision_ready"] is False + assert token_leak["operator_decision_summary"][ + "approval_token_submitted_to_api" + ] is True + assert "decision_no_approval_token_submitted_to_api" in token_leak[ + "blocked_reasons" + ] + assert TEST_APPROVAL_TOKEN not in json.dumps( + token_leak, + ensure_ascii=False, + sort_keys=True, + ) + + def test_candidate_queue_writer_preflight_route_is_post_only_and_no_write(): from routes.market_intel_routes import market_intel_bp @@ -3440,7 +3527,7 @@ def test_candidate_queue_writer_preflight_route_is_post_only_and_no_write(): assert response.status_code == 200 assert data["mode"] == "candidate_queue_writer_preflight_planned" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["execute_requested"] is False assert data["read_only_query_executed"] is False assert data["database_connection_opened"] is False @@ -3497,7 +3584,7 @@ def test_candidate_queue_writer_status_route_never_leaks_approval_token(monkeypa assert response.status_code == 200 assert data["mode"] == "candidate_queue_writer_cli_blocked" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["execute_requested"] is True assert data["apply_real_write_requested"] is True assert data["approval_token_present"] is False @@ -3586,7 +3673,7 @@ def test_candidate_queue_writer_postwrite_smoke_route_is_post_only_and_no_write( assert response.status_code == 200 assert data["mode"] == "candidate_queue_writer_postwrite_smoke_planned" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["execute_requested"] is False assert data["read_only_query_executed"] is False assert data["database_connection_opened"] is False @@ -3640,7 +3727,7 @@ def test_candidate_queue_writer_operator_drill_route_is_post_only_and_no_write() assert response.status_code == 200 assert data["mode"] == "candidate_queue_writer_operator_drill_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["operator_drill_ready"] is True assert data["api_executes_cli"] is False assert data["api_reads_approval_token"] is False @@ -3696,7 +3783,7 @@ def test_candidate_queue_writer_run_package_route_is_post_only_and_no_write(): assert response.status_code == 200 assert data["mode"] == "candidate_queue_writer_run_package_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["package_ready"] is True assert data["package_artifact_created"] is False assert data["api_writes_file"] is False @@ -3762,7 +3849,7 @@ def test_candidate_queue_writer_run_readiness_route_is_post_only_and_no_write(): assert response.status_code == 200 assert data["mode"] == "candidate_queue_writer_run_readiness_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["ready_for_cli_operator_run"] is True assert data["ready_for_api_database_write"] is False assert data["api_executes_cli"] is False @@ -4064,7 +4151,7 @@ def test_candidate_queue_writer_run_receipt_route_accepts_inline_payload_no_writ assert response.status_code == 200 assert data["mode"] == "candidate_queue_writer_run_receipt_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["receipt_passed"] is True assert data["ready_for_api_database_write"] is False assert data["ready_for_scheduler_attach"] is False @@ -4112,7 +4199,7 @@ def test_candidate_queue_writer_run_closeout_route_is_post_only_and_no_write(): assert response.status_code == 200 assert data["mode"] == "candidate_queue_writer_run_closeout_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["closeout_passed"] is True assert data["ready_for_next_manual_phase"] is True assert data["ready_for_api_database_write"] is False @@ -4161,7 +4248,7 @@ def test_candidate_queue_review_handoff_route_is_post_only_and_no_write(): assert response.status_code == 200 assert data["mode"] == "candidate_queue_review_handoff_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["handoff_ready"] is True assert data["ready_for_manual_queue_review"] is True assert data["ready_for_api_database_write"] is False @@ -4219,7 +4306,7 @@ def test_candidate_queue_review_inventory_route_is_post_only_and_no_write(): assert get_response.status_code == 405 assert response.status_code == 200 assert data["mode"] == "candidate_queue_review_inventory_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["execute_requested"] is False assert data["review_inventory_ready"] is False assert data["ready_for_human_decision_review"] is False @@ -4240,6 +4327,73 @@ def test_candidate_queue_review_inventory_route_is_post_only_and_no_write(): assert "do_not_insert_missing_queue_row_from_api" in data["safe_boundaries"] +def test_candidate_queue_review_decision_route_is_post_only_and_no_write(): + from routes.market_intel_routes import market_intel_bp + from routes.market_intel_review_routes import market_intel_review_bp + + fixture = _build_candidate_queue_writer_receipt_fixture( + "sample-batch-review-decision-route" + ) + app = Flask(__name__) + app.secret_key = "test-secret" + app.register_blueprint(market_intel_bp) + app.register_blueprint(market_intel_review_bp) + client = app.test_client() + with client.session_transaction() as session: + session["logged_in"] = True + + get_response = client.get( + "/api/market_intel/manual_sample_review/" + "candidate_queue_review_decision" + ) + response = client.post( + "/api/market_intel/manual_sample_review/" + "candidate_queue_review_decision?execute=false", + json={ + "sample_result": fixture["sample_result"], + "operator_evidence": { + **fixture["operator_evidence"], + "closeout_artifact_path": "artifacts/market_intel/closeout.json", + "operator_confirmed_queue_review_next": True, + "operator_confirmed_no_scheduler_attach": True, + "operator_confirmed_no_api_db_write": True, + "operator_confirmed_inventory_read_only": True, + "reviewer_id": "operator-a", + "proposed_review_decision": "confirmed", + "decision_notes": "manual review only", + "operator_confirmed_manual_decision_only": True, + }, + "writer_output": fixture["writer_output"], + "postwrite_smoke_result": fixture["postwrite_smoke_result"], + }, + ) + data = response.get_json() + + assert get_response.status_code == 405 + assert response.status_code == 200 + assert data["mode"] == "candidate_queue_review_decision_preview" + assert data["phase"] == "phase_66_candidate_queue_review_decision" + assert data["decision_ready"] is False + assert data["ready_for_human_decision_record"] is False + assert data["ready_for_api_review_state_update"] is False + assert data["ready_for_api_database_write"] is False + assert data["ready_for_scheduler_attach"] is False + assert data["api_executes_cli"] is False + assert data["api_reads_approval_token"] is False + assert data["api_writes_database"] is False + assert data["api_updates_review_state"] is False + assert data["decision_record_written"] is False + assert data["review_state_update_executed"] is False + assert data["read_only_query_executed"] is False + assert data["database_connection_opened"] is False + assert data["database_write_executed"] is False + assert data["database_commit_executed"] is False + assert data["scheduler_attached"] is False + assert data["expected_dedupe_keys"] == fixture["expected_keys"] + assert "review_inventory_ready" in data["blocked_reasons"] + assert "do_not_update_review_state_from_api" in data["safe_boundaries"] + + def test_candidate_queue_writer_run_receipt_route_is_post_only_and_no_write(): from routes.market_intel_routes import market_intel_bp @@ -4268,7 +4422,7 @@ def test_candidate_queue_writer_run_receipt_route_is_post_only_and_no_write(): assert response.status_code == 200 assert data["mode"] == "candidate_queue_writer_run_receipt_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["receipt_passed"] is True assert data["ready_for_next_manual_review"] is True assert data["ready_for_api_database_write"] is False @@ -4293,7 +4447,7 @@ def test_scheduler_plan_preview_blocks_job_attachment(): plan = MarketIntelService().build_scheduler_plan() assert plan["mode"] == "scheduler_attach_plan_preview" - assert plan["phase"] == "phase_65_candidate_queue_review_inventory" + assert plan["phase"] == "phase_66_candidate_queue_review_decision" assert plan["ready_to_attach_scheduler"] is False assert plan["scheduler_attached"] is False assert plan["scheduler_registration_executed"] is False @@ -4331,7 +4485,7 @@ def test_scheduler_plan_route_is_preview_only(): assert response.status_code == 200 assert data["mode"] == "scheduler_attach_plan_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["scheduler_registration_executed"] is False assert data["crawler_job_started"] is False assert data["external_network_executed"] is False @@ -4342,7 +4496,7 @@ def test_match_review_plan_preview_blocks_auto_confirm(): plan = MarketIntelService().build_match_review_plan() assert plan["mode"] == "match_review_plan_preview" - assert plan["phase"] == "phase_65_candidate_queue_review_inventory" + assert plan["phase"] == "phase_66_candidate_queue_review_decision" assert plan["ready_for_review_queue"] is False assert plan["review_queue_created"] is False assert plan["auto_match_executed"] is False @@ -4378,7 +4532,7 @@ def test_match_review_plan_route_is_preview_only(): assert response.status_code == 200 assert data["mode"] == "match_review_plan_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["review_queue_created"] is False assert data["auto_confirm_executed"] is False assert data["external_network_executed"] is False @@ -4389,7 +4543,7 @@ def test_opportunity_plan_preview_blocks_alerts_and_ai_summary(): plan = MarketIntelService().build_opportunity_plan() assert plan["mode"] == "opportunity_plan_preview" - assert plan["phase"] == "phase_65_candidate_queue_review_inventory" + assert plan["phase"] == "phase_66_candidate_queue_review_decision" assert plan["ready_for_opportunity_queue"] is False assert plan["opportunity_queue_created"] is False assert plan["threat_alert_dispatched"] is False @@ -4430,7 +4584,7 @@ def test_opportunity_plan_route_is_preview_only(): assert response.status_code == 200 assert data["mode"] == "opportunity_plan_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["opportunity_queue_created"] is False assert data["threat_alert_dispatched"] is False assert data["ai_summary_generated"] is False @@ -4441,7 +4595,7 @@ def test_opportunity_scoring_plan_preview_blocks_scoring_and_alerts(): plan = MarketIntelService().build_opportunity_scoring_plan() assert plan["mode"] == "opportunity_scoring_plan_preview" - assert plan["phase"] == "phase_65_candidate_queue_review_inventory" + assert plan["phase"] == "phase_66_candidate_queue_review_decision" assert plan["ready_for_scoring_job"] is False assert plan["scoring_job_created"] is False assert plan["score_calculation_executed"] is False @@ -4489,7 +4643,7 @@ def test_opportunity_scoring_plan_route_is_preview_only(): assert response.status_code == 200 assert data["mode"] == "opportunity_scoring_plan_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["scoring_job_created"] is False assert data["score_calculation_executed"] is False assert data["sample_scores_generated"] is False @@ -4501,7 +4655,7 @@ def test_opportunity_evidence_plan_preview_blocks_queries_and_alerts(): plan = MarketIntelService().build_opportunity_evidence_plan() assert plan["mode"] == "opportunity_evidence_plan_preview" - assert plan["phase"] == "phase_65_candidate_queue_review_inventory" + assert plan["phase"] == "phase_66_candidate_queue_review_decision" assert plan["ready_for_evidence_bundle"] is False assert plan["evidence_bundle_created"] is False assert plan["evidence_query_executed"] is False @@ -4547,7 +4701,7 @@ def test_opportunity_evidence_plan_route_is_preview_only(): assert response.status_code == 200 assert data["mode"] == "opportunity_evidence_plan_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["evidence_bundle_created"] is False assert data["evidence_query_executed"] is False assert data["sample_evidence_generated"] is False @@ -4560,7 +4714,7 @@ def test_opportunity_alert_plan_preview_blocks_dispatch_and_llm_calls(): plan = MarketIntelService().build_opportunity_alert_plan() assert plan["mode"] == "opportunity_alert_plan_preview" - assert plan["phase"] == "phase_65_candidate_queue_review_inventory" + assert plan["phase"] == "phase_66_candidate_queue_review_decision" assert plan["ready_for_alert_candidates"] is False assert plan["alert_candidate_created"] is False assert plan["alert_queue_created"] is False @@ -4645,7 +4799,7 @@ def test_opportunity_alert_plan_route_is_preview_only(): assert response.status_code == 200 assert data["mode"] == "opportunity_alert_plan_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["alert_candidate_created"] is False assert data["alert_queue_created"] is False assert data["review_queue_created"] is False @@ -4723,7 +4877,7 @@ def test_mcp_deploy_preflight_route_is_preview_only(): assert response.status_code == 200 assert data["mode"] == "mcp_external_deploy_preflight_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["deployment_actions_executed"] is False assert data["docker_command_executed"] is False assert data["ssh_command_executed"] is False @@ -4738,7 +4892,7 @@ def test_mcp_readiness_default_is_planned_only(monkeypatch): readiness = MarketIntelService().build_mcp_readiness() assert readiness["mode"] == "mcp_readiness_planned" - assert readiness["phase"] == "phase_65_candidate_queue_review_inventory" + assert readiness["phase"] == "phase_66_candidate_queue_review_decision" assert readiness["execute_requested"] is False assert readiness["router_enabled"] is False assert readiness["external_mcp_complete"] is False @@ -5168,6 +5322,10 @@ def test_deployment_readiness_reports_app_only_release_gate(): readiness["checks"]["candidate_queue_review_inventory_preview_safe"] is True ) + assert ( + readiness["checks"]["candidate_queue_review_decision_preview_safe"] + is True + ) assert readiness["checks"]["match_review_plan_preview_safe"] is True assert readiness["checks"]["opportunity_plan_preview_safe"] is True assert readiness["checks"]["opportunity_scoring_plan_preview_safe"] is True @@ -5242,6 +5400,10 @@ def test_deployment_readiness_reports_app_only_release_gate(): "/api/market_intel/manual_sample_review/candidate_queue_review_inventory" in readiness["production_smoke_targets"] ) + assert ( + "/api/market_intel/manual_sample_review/candidate_queue_review_decision" + in readiness["production_smoke_targets"] + ) assert readiness["write_approval_runbook"]["ready_for_real_write"] is False assert readiness["write_approval_runbook"]["writes_executed"] is False assert readiness["migration_blueprint"]["migration_executed"] is False @@ -5846,6 +6008,40 @@ def test_deployment_readiness_reports_app_only_release_gate(): is False ) assert readiness["candidate_queue_review_inventory"]["scheduler_attached"] is False + assert ( + readiness["candidate_queue_review_decision"]["mode"] + == "candidate_queue_review_decision_preview" + ) + assert readiness["candidate_queue_review_decision"]["decision_ready"] is False + assert ( + readiness["candidate_queue_review_decision"][ + "ready_for_api_review_state_update" + ] + is False + ) + assert ( + readiness["candidate_queue_review_decision"]["api_updates_review_state"] + is False + ) + assert ( + readiness["candidate_queue_review_decision"]["decision_record_written"] + is False + ) + assert ( + readiness["candidate_queue_review_decision"][ + "review_state_update_executed" + ] + is False + ) + assert ( + readiness["candidate_queue_review_decision"]["database_write_executed"] + is False + ) + assert ( + readiness["candidate_queue_review_decision"]["database_commit_executed"] + is False + ) + assert readiness["candidate_queue_review_decision"]["scheduler_attached"] is False assert readiness["scheduler_plan"]["scheduler_registration_executed"] is False assert readiness["scheduler_plan"]["crawler_job_started"] is False assert readiness["scheduler_plan"]["database_write_executed"] is False @@ -5950,7 +6146,7 @@ def test_migration_apply_drill_planned_is_safe_and_manual_only(): drill = MarketIntelService().build_migration_apply_drill() assert drill["mode"] == "migration_apply_drill_preview" - assert drill["phase"] == "phase_65_candidate_queue_review_inventory" + assert drill["phase"] == "phase_66_candidate_queue_review_decision" assert drill["execute_requested"] is False assert drill["schema_state"] == "planned_no_db_probe" assert drill["drill_ready_for_operator_review"] is True @@ -6065,7 +6261,7 @@ def test_migration_apply_drill_route_is_preview_only(): assert response.status_code == 200 assert data["mode"] == "migration_apply_drill_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["execute_requested"] is False assert data["migration_executed"] is False assert data["rollback_executed"] is False @@ -6077,7 +6273,7 @@ def test_migration_catalog_review_planned_is_safe_and_diagnostic(): review = MarketIntelService().build_migration_catalog_review() assert review["mode"] == "migration_catalog_review_preview" - assert review["phase"] == "phase_65_candidate_queue_review_inventory" + assert review["phase"] == "phase_66_candidate_queue_review_decision" assert review["execute_requested"] is False assert review["catalog_state"] == "planned_no_probe" assert review["seed_state"] == "planned_no_probe" @@ -6192,7 +6388,7 @@ def test_migration_catalog_review_route_is_preview_only(): assert response.status_code == 200 assert data["mode"] == "migration_catalog_review_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["execute_requested"] is False assert data["catalog_state"] == "planned_no_probe" assert data["migration_executed"] is False @@ -6205,7 +6401,7 @@ def test_migration_live_smoke_planned_is_preview_only(): smoke = MarketIntelService().build_migration_live_smoke() assert smoke["mode"] == "migration_live_smoke_preview" - assert smoke["phase"] == "phase_65_candidate_queue_review_inventory" + assert smoke["phase"] == "phase_66_candidate_queue_review_decision" assert smoke["execute_requested"] is False assert smoke["smoke_result"] == "planned_no_execution" assert smoke["live_smoke_passed"] is False @@ -6267,7 +6463,7 @@ def test_migration_live_smoke_route_is_preview_only(): assert response.status_code == 200 assert data["mode"] == "migration_live_smoke_preview" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["execute_requested"] is False assert data["smoke_result"] == "planned_no_execution" assert data["migration_executed"] is False @@ -6280,7 +6476,7 @@ def test_live_db_inventory_planned_is_preview_only(): inventory = MarketIntelService().build_live_db_inventory() assert inventory["mode"] == "live_db_inventory_planned" - assert inventory["phase"] == "phase_65_candidate_queue_review_inventory" + assert inventory["phase"] == "phase_66_candidate_queue_review_decision" assert inventory["execute_requested"] is False assert inventory["read_only_query_executed"] is False assert inventory["database_connection_opened"] is False @@ -6424,7 +6620,7 @@ def test_live_db_inventory_route_is_preview_only(): assert response.status_code == 200 assert data["mode"] == "live_db_inventory_planned" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["execute_requested"] is False assert data["read_only_query_executed"] is False assert data["database_write_executed"] is False @@ -6651,7 +6847,7 @@ def test_candidate_queue_writer_cli_script_outputs_blocked_gate(tmp_path): assert result.returncode == 0 assert data["mode"] == "candidate_queue_writer_cli_blocked" - assert data["phase"] == "phase_65_candidate_queue_review_inventory" + assert data["phase"] == "phase_66_candidate_queue_review_decision" assert data["execute_requested"] is False assert data["apply_real_write_requested"] is False assert data["writes_executed"] is False