wooo/ewoooc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V10.496 add market intel queue writer cli review gate

Browse Source
This commit is contained in:
OoO
2026-05-31 13:52:05 +08:00
parent d1a08b0b37
commit b109bbf3c4
12 changed files with 1242 additions and 179 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
TODO_NEXT_STEPS.txt
View File

@@ -4,6 +4,7 @@
================================================================================
【已完成】
- V10.496 新增市場情報 MCP Fetch Candidate Queue Writer CLI Review 安全預覽 gate只審核 writer preflight 後的 CLI review 草案,確認 script path、target table、preflight id、payload row count、candidate/dedupe keys 與 command argv禁止 API 執行 CLI、禁止 `--execute` / `--apply-real-write` / `--approval-token` 進 payloadAPI 不讀 token、不寫檔、不開 DB、不寫 queue、不掛 scheduler。
- V10.495 新增市場情報 MCP Fetch Candidate Queue Writer Preflight 安全預覽 gate只審核 queue review 後的 writer preflight 草案,確認 target_table、write_mode、dedupe strategy、insert columns、payload rows 與候選 key 對齊API 不開 DB、不執行 CLI、不建立 queue、不更新 review_state、不寫 DB、不連外、不掛 scheduler。
- V10.494 新增市場情報 MCP Fetch Candidate Queue Review 安全預覽 gate只審核 candidate handoff 後的人工 queue review 草案,要求候選 key 對齊、review_state 停在 needs_review、allowed actions 限定人工確認/否決/延後、queue_write_status 維持 not_persistedAPI 不建立 queue、不更新 review_state、不寫 DB、不連外、不掛 scheduler。
- V10.493 新增市場情報 MCP Fetch Candidate Handoff Review 安全預覽 gate只審核 parser review 後的候選交接包,確認 source/candidate key 對齊、queue policy 仍是 manual preview、候選數維持小批次、無 raw/secret/side-effectAPI 不建立 queue、不寫 DB、不讀 artifact、不連外、不掛 scheduler。

2
config.py
View File

@@ -350,7 +350,7 @@ YOUTUBE_API_KEY = os.getenv('YOUTUBE_API_KEY', '')
# ==========================================
# 系統版本與路徑
# ==========================================
SYSTEM_VERSION = "V10.495"
SYSTEM_VERSION = "V10.496"
LOG_FILE_PATH = os.path.join(BASE_DIR, 'logs/system.log')
public_url = PUBLIC_URL # 用於模板顯示

1
docs/adr/ADR-035-cross-platform-market-campaign-intelligence.md
View File

@@ -167,6 +167,7 @@ EwoooC 目前已有 MOMO EDM / 節慶活動資料、`promo_products`、PChome
- 2026-05-31 追加 MCP fetch candidate handoff review gate`services.market_intel.mcp_fetch_candidate_handoff_review``/api/market_intel/mcp_fetch_candidate_handoff_review` 在 parser review 通過後審核候選交接包,檢查 source/candidate key 對齊、queue policy 是否仍是 `manual_candidate_review` / `preview_only`、小批次候選上限、操作員無寫入/無連外/無排程確認、raw HTML/secret 外洩與 side-effect flagsAPI/UI 不建立 queue、不讀 artifact、不寫 DB、不掛 scheduler只放行到人工 candidate queue review。
- 2026-05-31 追加 MCP fetch candidate queue review gate`services.market_intel.mcp_fetch_candidate_queue_review``/api/market_intel/mcp_fetch_candidate_queue_review` 在 handoff review 通過後審核人工 queue review 草案,檢查候選 key 對齊、`review_state=needs_review`、allowed actions 人工限定、`queue_write_status=not_persisted`、操作員無寫入/無連外/無排程確認、raw HTML/secret 外洩與 side-effect flagsAPI/UI 不建立 queue、不更新 review_state、不讀 artifact、不寫 DB、不掛 scheduler只放行到 writer preflight。
- 2026-05-31 追加 MCP fetch candidate queue writer preflight gate`services.market_intel.mcp_fetch_candidate_queue_writer_preflight``/api/market_intel/mcp_fetch_candidate_queue_writer_preflight` 在 queue review 通過後審核 writer preflight 草案,檢查 `target_table=market_alert_review_queue``write_mode=cli_only_later`、dedupe strategy、insert columns、payload rows、候選 key 對齊、小批次上限、操作員無寫入/無連外/無 CLI/無排程確認、raw HTML/secret 外洩與 side-effect flagsAPI/UI 不開 DB、不執行 CLI、不建立 queue、不更新 review_state、不寫 DB、不掛 scheduler只放行到 CLI writer review。
- 2026-05-31 追加 MCP fetch candidate queue writer CLI review gate`services.market_intel.mcp_fetch_candidate_queue_writer_cli_review``/api/market_intel/mcp_fetch_candidate_queue_writer_cli_review` 在 writer preflight 通過後審核 CLI review 草案,檢查 script path、target table、preflight id、payload row count、candidate/dedupe keys、`--sample-json``--read-only-preflight` 與 forbidden flagsAPI/UI 不執行 CLI、不讀 approval token、不寫檔、不開 DB、不寫 queue、不掛 scheduler只放行到 operator run package review。
- 2026-05-18 追加 scheduler attach plan preview`services.market_intel.scheduler_plan``/api/market_intel/scheduler_plan` 描述未來 `campaign_discovery_daily``campaign_product_probe``product_match_review_seed` 三個 job 的 cadence、gate、fallback 與安全邊界。此階段不註冊 scheduler job、不啟動 crawler、不連外、不寫 DB排程掛載必須等 migration、seed、MCP fetch gate、manual sample 與人工批准全過。
- 2026-05-18 追加 match review plan preview`services.market_intel.match_review_plan``/api/market_intel/match_review_plan` 定義商品比對訊號、分數門檻、`needs_review → confirmed/rejected` HITL 流程與安全邊界。此階段不建立 review queue、不自動 confirmed、不寫 `market_product_matches`、不呼叫 MCP價格只能作為輔助訊號不能單獨決定同品比對。
- 2026-05-18 追加 opportunity plan preview`services.market_intel.opportunity_plan``/api/market_intel/opportunity_plan` 定義競品低價威脅、促銷缺口、深折重疊、活動即將結束四類規則與分級策略。此階段不建立 opportunity queue、不派送 Telegram、不產生 AI 摘要、不寫 DB高風險項必須先有 confirmed match 與 DB evidence 才能升級。

3
docs/memory/code_modularization_inventory_20260430.md
View File

@@ -45,6 +45,7 @@
- 2026-05-31 追記:同步市場情報 MCP fetch candidate queue review gate 後的 `services/market_intel/deployment_readiness.py` 行數;本次新增邏輯維持在獨立 `services/market_intel/mcp_fetch_candidate_queue_review.py`route 延續 `routes/market_intel_mcp_run_routes.py` extension。
- 2026-05-31 追記:同步市場情報 MCP fetch candidate queue writer preflight gate 後的 `services/market_intel/deployment_readiness.py` 行數;本次新增邏輯維持在獨立 `services/market_intel/mcp_fetch_candidate_queue_writer_preflight.py`route 延續 `routes/market_intel_mcp_run_routes.py` extension。
- 2026-05-31 追記:`services/market_intel/mcp_fetch_candidate_queue_writer_preflight.py` 目前 628 行,略過 600 行提醒門檻;暫不拆分的理由是 gate 條件、sample payload 與 side-effect blocklist 需留在單一 preview module 便於審核,下一個 writer CLI review gate 若共用相同常數再抽 `mcp_fetch_candidate_queue_writer_policy.py`
- 2026-05-31 追記:同步市場情報 MCP fetch candidate queue writer CLI review gate 後的 `services/market_intel/deployment_readiness.py` 行數;本次新增 `services/market_intel/mcp_fetch_candidate_queue_writer_cli_review.py` 為 591 行,仍低於 600 行提醒門檻。
- 2026-05-24 追記:同步背景 Code Review 111 fallback 保護合併後的 `services/code_review_pipeline_service.py` 行數;此處只更新 inventory不變更 Code Review 行為。
- 2026-05-21 追記:同步 PChome/LUDEYA 商品線名稱漂移比對更新後的 `services/marketplace_product_matcher.py` 行數;此處只更新 inventory不變更模組化決策。
- 2026-05-21 追記:同步 MAC/Yuskin/AHC 名稱漂移與 bundle equivalent matcher 更新後的 `services/marketplace_product_matcher.py` 行數;此處只更新 inventory不變更模組化決策。
@@ -97,7 +98,7 @@
| 805 | `routes/bot_api_routes.py` | P2 Bot API Blueprint | route glue / bot action service |
| 1319 | `routes/market_intel_review_report_routes.py` | P2 market intel review report Blueprint | review report route glue / export payload / phase handoff orchestration |
| 917 | `routes/market_intel_routes.py` | P2 market intel Blueprint | page route / API route glue / MCP gate route registration helper |
| 1219 | `services/market_intel/deployment_readiness.py` | P2 market intel deployment readiness | preflight gates / readiness payload / route contract helpers |
| 1260 | `services/market_intel/deployment_readiness.py` | P2 market intel deployment readiness | preflight gates / readiness payload / route contract helpers |
| 846 | `services/market_intel/candidate_queue_review_ai_summary_persistence_telegram_dispatch_report_catalog_record_run_receipt.py` | P2 market intel review receipt pipeline | AI summary / persistence / Telegram dispatch / report catalog run receipt orchestration |
## 市場情報開發前置禁區

1
docs/memory/current_execution_queue_20260524.md
View File

@@ -91,6 +91,7 @@
- 2026-05-31 起,`V10.493` 新增市場情報 MCP Fetch Candidate Handoff Review gate在 parser review 通過後只審核候選交接包,要求 source/candidate key 完全對齊、queue policy 維持 manual preview、小批次上限與操作員無寫入/無連外/無排程確認;仍不建立 queue、不寫 DB、不讀 artifact、不連外、不掛 scheduler。
- 2026-05-31 起,`V10.494` 新增市場情報 MCP Fetch Candidate Queue Review gate在 handoff review 通過後只審核人工 queue review 草案,要求候選 key 完全對齊、review_state 只停在 `needs_review`、allowed actions 限人工操作、queue_write_status 維持 `not_persisted`;仍不建立 queue、不更新 review_state、不寫 DB、不連外、不掛 scheduler。
- 2026-05-31 起,`V10.495` 新增市場情報 MCP Fetch Candidate Queue Writer Preflight gate在 queue review 通過後只審核 writer preflight 草案,要求 target table、write mode、dedupe strategy、insert columns、payload rows 與候選 key 完全對齊;仍不開 DB、不執行 CLI、不建立 queue、不更新 review_state、不寫 DB、不連外、不掛 scheduler。
- 2026-05-31 起,`V10.496` 新增市場情報 MCP Fetch Candidate Queue Writer CLI Review gate在 writer preflight 通過後只審核 CLI review 草案,要求 script path、target table、preflight id、row count、candidate/dedupe keys 與 read-only command argv 對齊;仍不執行 CLI、不讀 approval token、不寫檔、不開 DB、不寫 queue、不掛 scheduler。
## 3. 12 Agent 決策信封整合

1
docs/memory/history_logs.md
View File

@@ -13,6 +13,7 @@
## 📅 詳細更新日誌 (考古存檔)
### 2026-05-24PChome 近門檻身份回收第二輪
- **V10.496 市場情報 MCP Fetch Candidate Queue Writer CLI Review gate**: 新增 `/api/market_intel/mcp_fetch_candidate_queue_writer_cli_review` 與 UI preview只審核 writer preflight 後的 CLI review 草案;要求 script path、target table、preflight id、payload row count、candidate/dedupe keys 與 command argv 完全對齊,並禁止 `--execute``--apply-real-write``--approval-token` 進 API payload且 API 不執行 CLI、不讀 token、不寫檔、不開 DB、不寫 queue、不掛 scheduler。
- **V10.495 市場情報 MCP Fetch Candidate Queue Writer Preflight gate**: 新增 `/api/market_intel/mcp_fetch_candidate_queue_writer_preflight` 與 UI preview只審核 queue review 後的 writer preflight 草案;要求 `target_table=market_alert_review_queue``write_mode=cli_only_later`、dedupe strategy、insert columns、payload rows 與候選 key 完全對齊,且 API 不開 DB、不執行 CLI、不建立 queue、不更新 review_state、不寫 DB、不連外、不掛 scheduler。
- **V10.494 市場情報 MCP Fetch Candidate Queue Review gate**: 新增 `/api/market_intel/mcp_fetch_candidate_queue_review` 與 UI preview只審核 candidate handoff 後的人工 queue review 草案;要求候選 key 完全對齊、`review_state=needs_review`、allowed actions 限人工確認/否決/延後、`queue_write_status=not_persisted`,且 API 不建立 queue、不更新 review_state、不寫 DB、不連外、不掛 scheduler。
- **V10.493 市場情報 MCP Fetch Candidate Handoff Review gate**: 新增 `/api/market_intel/mcp_fetch_candidate_handoff_review` 與 UI preview只審核 parser review 後的候選交接包;要求 source/candidate key 完全對齊、queue policy 維持 `manual_candidate_review` / `preview_only`、候選數維持小批次,且 API 不建立 queue、不寫 DB、不讀 artifact、不連外、不掛 scheduler。

49
routes/market_intel_mcp_run_routes.py
View File

@@ -28,6 +28,9 @@ from services.market_intel.mcp_fetch_candidate_queue_review import (
from services.market_intel.mcp_fetch_candidate_queue_writer_preflight import (
build_mcp_fetch_candidate_queue_writer_preflight_preview,
)
from services.market_intel.mcp_fetch_candidate_queue_writer_cli_review import (
build_mcp_fetch_candidate_queue_writer_cli_review_preview,
)
@market_intel_bp.route("/api/market_intel/mcp_fetch_run_package", methods=["GET", "POST"])
@@ -298,3 +301,49 @@ def market_intel_mcp_fetch_candidate_queue_writer_preflight():
phase=service.phase,
)
)
@market_intel_bp.route(
"/api/market_intel/mcp_fetch_candidate_queue_writer_cli_review",
methods=["GET", "POST"],
)
@login_required
def market_intel_mcp_fetch_candidate_queue_writer_cli_review():
writer_preflight_package = {}
writer_preflight_result = None
writer_cli_review = None
if request.method == "POST":
payload = request.get_json(silent=True) or {}
package = (
payload.get("writer_cli_review_package")
or payload.get("candidate_queue_writer_cli_review")
or payload.get("writer_cli_review")
or payload
)
writer_preflight_package = (
package.get("writer_preflight_package")
or package.get("candidate_queue_writer_preflight")
or package.get("writer_preflight")
or package.get("preflight_package")
or {}
)
writer_preflight_result = (
package.get("writer_preflight_result")
or package.get("mcp_fetch_candidate_queue_writer_preflight")
)
writer_cli_review = (
package.get("writer_cli_review")
or package.get("candidate_queue_writer_cli_review")
or package.get("cli_review")
or package.get("review_payload")
)
service = MarketIntelService()
return jsonify(
build_mcp_fetch_candidate_queue_writer_cli_review_preview(
writer_preflight_package=writer_preflight_package,
writer_preflight_result=writer_preflight_result,
writer_cli_review=writer_cli_review,
phase=service.phase,
)
)

41
services/market_intel/deployment_readiness.py
View File

@@ -84,6 +84,9 @@ from services.market_intel.mcp_fetch_candidate_queue_review import (
from services.market_intel.mcp_fetch_candidate_queue_writer_preflight import (
build_mcp_fetch_candidate_queue_writer_preflight_preview,
)
from services.market_intel.mcp_fetch_candidate_queue_writer_cli_review import (
build_mcp_fetch_candidate_queue_writer_cli_review_preview,
)
from services.market_intel.mcp_manual_fetch_handoff import (
build_mcp_manual_fetch_handoff_preview,
)
@@ -221,6 +224,11 @@ PRODUCTION_SMOKE_TARGETS = (
+ ("/api/market_intel/mcp_fetch_candidate_queue_writer_preflight",)
+ PRODUCTION_SMOKE_TARGETS[-1:]
)
PRODUCTION_SMOKE_TARGETS = (
PRODUCTION_SMOKE_TARGETS[:-1]
+ ("/api/market_intel/mcp_fetch_candidate_queue_writer_cli_review",)
+ PRODUCTION_SMOKE_TARGETS[-1:]
)
def _run_review_preview_safe(payload, mode):
return bool(payload["mode"] == mode and all(not payload.get(key) for key in BLOCKED_RUN_REVIEW_KEYS))
def build_deployment_readiness_preview(*, service, market_intel_tables, schema_smoke_builder):
@@ -275,6 +283,11 @@ def build_deployment_readiness_preview(*, service, market_intel_tables, schema_s
phase=service.phase,
)
)
mcp_fetch_candidate_queue_writer_cli_review = (
build_mcp_fetch_candidate_queue_writer_cli_review_preview(
phase=service.phase,
)
)
scheduler_plan = service.build_scheduler_plan()
manual_sample_plan = service.build_manual_sample_plan()
manual_sample_acceptance = service.build_manual_sample_acceptance()
@@ -822,6 +835,33 @@ def build_deployment_readiness_preview(*, service, market_intel_tables, schema_s
and not mcp_fetch_candidate_queue_writer_preflight["file_written"]
and not mcp_fetch_candidate_queue_writer_preflight["scheduler_attached"]
),
"mcp_fetch_candidate_queue_writer_cli_review_preview_safe": bool(
mcp_fetch_candidate_queue_writer_cli_review["mode"]
== "mcp_fetch_candidate_queue_writer_cli_review_preview"
and not mcp_fetch_candidate_queue_writer_cli_review["payload_persisted"]
and not mcp_fetch_candidate_queue_writer_cli_review["cli_review_persisted"]
and not mcp_fetch_candidate_queue_writer_cli_review[
"package_artifact_created"
]
and not mcp_fetch_candidate_queue_writer_cli_review["api_writes_file"]
and not mcp_fetch_candidate_queue_writer_cli_review["api_executes_cli"]
and not mcp_fetch_candidate_queue_writer_cli_review[
"api_reads_approval_token"
]
and not mcp_fetch_candidate_queue_writer_cli_review[
"api_opens_database_connection"
]
and not mcp_fetch_candidate_queue_writer_cli_review["api_writes_database"]
and not mcp_fetch_candidate_queue_writer_cli_review[
"api_uses_external_network"
]
and not mcp_fetch_candidate_queue_writer_cli_review[
"database_write_executed"
]
and not mcp_fetch_candidate_queue_writer_cli_review["cli_executed"]
and not mcp_fetch_candidate_queue_writer_cli_review["file_written"]
and not mcp_fetch_candidate_queue_writer_cli_review["scheduler_attached"]
),
"candidate_queue_writer_postwrite_smoke_planned_safe": bool(
candidate_queue_writer_postwrite_smoke["mode"]
== "candidate_queue_writer_postwrite_smoke_planned"
@@ -1142,6 +1182,7 @@ def build_deployment_readiness_preview(*, service, market_intel_tables, schema_s
"mcp_fetch_candidate_handoff_review": mcp_fetch_candidate_handoff_review,
"mcp_fetch_candidate_queue_review": mcp_fetch_candidate_queue_review,
"mcp_fetch_candidate_queue_writer_preflight": mcp_fetch_candidate_queue_writer_preflight,
"mcp_fetch_candidate_queue_writer_cli_review": mcp_fetch_candidate_queue_writer_cli_review,
"scheduler_plan": scheduler_plan,
"manual_sample_plan": manual_sample_plan,
"manual_sample_acceptance": manual_sample_acceptance,

591
services/market_intel/mcp_fetch_candidate_queue_writer_cli_review.py Normal file
View File

@@ -0,0 +1,591 @@
"""市場情報 MCP fetch candidate queue writer CLI review preview。
本模組只審核 writer preflight 後的 CLI review 草案API/UI 不執行 CLI、
不讀 approval token、不開 DB、不寫 queue、不掛 scheduler。
"""
from services.market_intel.mcp_fetch_candidate_queue_writer_preflight import (
TARGET_TABLE,
build_mcp_fetch_candidate_queue_writer_preflight_preview,
)
SCRIPT_PATH = "scripts/market_intel_candidate_queue_writer.py"
MAX_CLI_REVIEW_ITEMS = 80
SAFE_REVIEW_MODES = {"candidate_queue_writer_cli_review_preview"}
SAFE_COMMAND_MODES = {"manual_shell_review_only"}
REQUIRED_SAFE_FLAGS = ("--sample-json", "--read-only-preflight")
FORBIDDEN_COMMAND_FLAGS = (
"--apply-real-write",
"--approval-token",
"--execute",
)
FORBIDDEN_SECRET_KEYS = (
"approval_token",
"approval-token",
"api_key",
"authorization",
"bearer",
"client_secret",
"cookie",
"password",
"secret",
"session_cookie",
"token",
)
SAFE_SECRET_METADATA_KEYS = {
"approval_token_shell_only",
"operator_confirmed_no_approval_token_in_payload",
"operator_confirmed_no_secret_payload",
}
FORBIDDEN_RAW_PAYLOAD_KEYS = (
"body_html",
"document_html",
"html",
"page_html",
"raw_body",
"raw_html",
"raw_snapshot",
"response_body",
)
_BLOCKED_SIDE_EFFECT_KEYS = (
"allow_api_execution",
"allow_cli_execution",
"allow_database_write",
"allow_external_network_in_api",
"allow_scheduler_attach",
"api_executed_cli",
"api_executes_cli",
"api_opens_database_connection",
"api_reads_approval_token",
"api_uses_external_network",
"api_writes_database",
"api_writes_file",
"apply_real_write",
"attach_scheduler",
"candidate_queue_created",
"candidate_queue_persisted",
"candidate_review_state_updated",
"cli_executed",
"command_executed",
"database_commit_executed",
"database_connection_opened",
"database_session_created",
"database_write_executed",
"execute_requested",
"external_network_executed",
"file_written",
"network_request_allowed",
"package_artifact_created",
"payload_persisted",
"ready_for_api_database_write",
"ready_for_real_write",
"review_state_update_executed",
"scheduler_attached",
"write_database",
"writes_executed",
"would_write_database",
)
def _as_dict(value):
return value if isinstance(value, dict) else {}
def _as_list(value):
if value is None:
return []
if isinstance(value, (list, tuple, set)):
return list(value)
return [value]
def _safe_int(value):
try:
return int(value or 0)
except (TypeError, ValueError):
return 0
def _safe_text(value, limit=500):
if value is None:
return None
text = str(value).strip()
return text[:limit] if text else None
def _contains_forbidden_key(value, forbidden_keys, *, safe_keys=None):
safe_keys = safe_keys or set()
if isinstance(value, dict):
for key, nested in value.items():
normalized_key = str(key).lower()
if normalized_key in safe_keys and isinstance(nested, bool):
continue
if any(forbidden_key in normalized_key for forbidden_key in forbidden_keys):
return True
if _contains_forbidden_key(nested, forbidden_keys, safe_keys=safe_keys):
return True
elif isinstance(value, list):
return any(
_contains_forbidden_key(item, forbidden_keys, safe_keys=safe_keys)
for item in value
)
return False
def _blocked_side_effects(payload):
found = []
def visit(value, path):
if isinstance(value, dict):
for key, item in value.items():
normalized_key = str(key).lower()
key_path = f"{path}.{key}" if path else key
if normalized_key in _BLOCKED_SIDE_EFFECT_KEYS and bool(item):
found.append(key_path)
visit(item, key_path)
elif isinstance(value, list):
for index, item in enumerate(value):
visit(item, f"{path}[{index}]")
visit(payload, "")
return found
def _preflight_from_inputs(preflight_package, preflight_result, phase):
if isinstance(preflight_result, dict) and preflight_result:
return preflight_result
preflight_package = _as_dict(preflight_package)
return build_mcp_fetch_candidate_queue_writer_preflight_preview(
queue_review_package=(
preflight_package.get("queue_review_package")
or preflight_package.get("candidate_queue_review")
or preflight_package.get("queue_review")
),
queue_review_result=(
preflight_package.get("queue_review_result")
or preflight_package.get("mcp_fetch_candidate_queue_review")
),
writer_preflight=(
preflight_package.get("writer_preflight")
or preflight_package.get("candidate_queue_writer_preflight")
or preflight_package.get("preflight")
),
phase=phase,
)
def _preflight_summary(preflight):
preflight = _as_dict(preflight)
writer_summary = _as_dict(preflight.get("writer_preflight_summary"))
rows = _as_list(writer_summary.get("payload_rows"))
side_effects_clear = bool(
not preflight.get("network_request_allowed")
and not preflight.get("api_executes_cli")
and not preflight.get("api_opens_database_connection")
and not preflight.get("api_writes_database")
and not preflight.get("api_uses_external_network")
and not preflight.get("database_write_executed")
and not preflight.get("cli_executed")
and not preflight.get("file_written")
and not preflight.get("scheduler_attached")
and not preflight.get("candidate_queue_created")
and not preflight.get("candidate_queue_persisted")
and not preflight.get("candidate_review_state_updated")
)
return {
"mode": preflight.get("mode"),
"accepted": bool(
preflight.get("mcp_fetch_candidate_queue_writer_preflight_accepted")
),
"ready_for_candidate_queue_writer_cli_review": bool(
preflight.get("ready_for_candidate_queue_writer_cli_review")
),
"target_table": writer_summary.get("target_table"),
"preflight_id": writer_summary.get("preflight_id"),
"payload_row_count": _safe_int(writer_summary.get("payload_row_count")),
"campaign_candidate_count": _safe_int(
writer_summary.get("campaign_candidate_count")
),
"product_candidate_count": _safe_int(
writer_summary.get("product_candidate_count")
),
"candidate_keys": sorted(
row.get("candidate_key") for row in rows if row.get("candidate_key")
),
"dedupe_keys": sorted(row.get("dedupe_key") for row in rows if row.get("dedupe_key")),
"side_effects_clear": side_effects_clear,
"blocked_reasons": preflight.get("blocked_reasons", []),
}
def _sample_cli_review_package():
preflight_preview = build_mcp_fetch_candidate_queue_writer_preflight_preview()
preflight_package = preflight_preview["sample_writer_preflight_package"]
preflight_result = build_mcp_fetch_candidate_queue_writer_preflight_preview(
queue_review_package=preflight_package["queue_review_package"],
queue_review_result=preflight_package["queue_review_result"],
writer_preflight=preflight_package["writer_preflight"],
)
preflight = _preflight_summary(preflight_result)
return {
"writer_preflight_package": preflight_package,
"writer_preflight_result": preflight_result,
"writer_cli_review": {
"review_id": "market-intel-candidate-writer-cli-review-sample",
"review_mode": "candidate_queue_writer_cli_review_preview",
"command_mode": "manual_shell_review_only",
"script_path": SCRIPT_PATH,
"target_table": TARGET_TABLE,
"preflight_id": preflight["preflight_id"],
"expected_payload_row_count": preflight["payload_row_count"],
"expected_candidate_keys": preflight["candidate_keys"],
"expected_dedupe_keys": preflight["dedupe_keys"],
"command_argv_preview": [
"python3",
SCRIPT_PATH,
"--sample-json",
"<operator-reviewed-json>",
"--read-only-preflight",
],
"operator_confirmed_no_api_cli_execution": True,
"operator_confirmed_no_database_write": True,
"operator_confirmed_no_external_network": True,
"operator_confirmed_no_scheduler_attach": True,
"operator_confirmed_no_persistence": True,
"operator_confirmed_no_approval_token_in_payload": True,
"operator_confirmed_no_secret_payload": True,
"dry_run_first_required": True,
"approval_token_shell_only": True,
"api_execution_allowed": False,
"real_write_allowed": False,
},
}
def _cli_review_summary(cli_review):
cli_review = _as_dict(cli_review)
command_argv = [
_safe_text(item, 200) for item in _as_list(cli_review.get("command_argv_preview"))
]
command_argv = [item for item in command_argv if item]
candidate_keys = sorted(
key for key in _as_list(cli_review.get("expected_candidate_keys")) if key
)
dedupe_keys = sorted(
key for key in _as_list(cli_review.get("expected_dedupe_keys")) if key
)
operator_boundaries_confirmed = bool(
cli_review.get("operator_confirmed_no_api_cli_execution")
and cli_review.get("operator_confirmed_no_database_write")
and cli_review.get("operator_confirmed_no_external_network")
and cli_review.get("operator_confirmed_no_scheduler_attach")
and cli_review.get("operator_confirmed_no_persistence")
and cli_review.get("operator_confirmed_no_approval_token_in_payload")
and cli_review.get("operator_confirmed_no_secret_payload")
)
return {
"provided_keys": sorted(cli_review.keys()),
"review_id": _safe_text(cli_review.get("review_id"), 160),
"review_mode": _safe_text(cli_review.get("review_mode"), 120),
"command_mode": _safe_text(cli_review.get("command_mode"), 120),
"script_path": _safe_text(cli_review.get("script_path"), 240),
"target_table": _safe_text(cli_review.get("target_table"), 160),
"preflight_id": _safe_text(cli_review.get("preflight_id"), 160),
"expected_payload_row_count": _safe_int(
cli_review.get("expected_payload_row_count")
),
"expected_candidate_keys": candidate_keys,
"expected_dedupe_keys": dedupe_keys,
"command_argv_preview": command_argv,
"required_safe_flags_present": all(
flag in command_argv for flag in REQUIRED_SAFE_FLAGS
),
"forbidden_command_flags_absent": not any(
flag in command_argv for flag in FORBIDDEN_COMMAND_FLAGS
),
"command_invokes_expected_script": bool(
SCRIPT_PATH in command_argv and command_argv[:1] in (["python"], ["python3"])
),
"operator_boundaries_confirmed": operator_boundaries_confirmed,
"dry_run_first_required": bool(cli_review.get("dry_run_first_required")),
"approval_token_shell_only": bool(cli_review.get("approval_token_shell_only")),
"api_execution_allowed": bool(cli_review.get("api_execution_allowed")),
"real_write_allowed": bool(cli_review.get("real_write_allowed")),
"candidate_keys_unique": bool(
candidate_keys and len(set(candidate_keys)) == len(candidate_keys)
),
"dedupe_keys_unique": bool(
dedupe_keys and len(set(dedupe_keys)) == len(dedupe_keys)
),
"raw_payload_submitted_to_api": _contains_forbidden_key(
cli_review,
FORBIDDEN_RAW_PAYLOAD_KEYS,
),
"secret_or_token_submitted_to_api": _contains_forbidden_key(
cli_review,
FORBIDDEN_SECRET_KEYS,
safe_keys=SAFE_SECRET_METADATA_KEYS,
),
"blocked_side_effects": _blocked_side_effects(cli_review),
}
def _review_gates(
*,
preflight_received,
cli_review_received,
cli_review_valid_object,
preflight,
cli_review,
):
preflight_candidate_keys = set(preflight["candidate_keys"])
review_candidate_keys = set(cli_review["expected_candidate_keys"])
preflight_dedupe_keys = set(preflight["dedupe_keys"])
review_dedupe_keys = set(cli_review["expected_dedupe_keys"])
return [
{
"key": "writer_preflight_payload_or_result_received",
"label": "已提供 writer preflight package 或已審核結果",
"passed": preflight_received,
},
{
"key": "writer_preflight_accepted",
"label": "writer preflight gate 必須已通過",
"passed": preflight["accepted"],
},
{
"key": "writer_preflight_ready_for_cli_review",
"label": "writer preflight 只放行到 CLI review",
"passed": preflight["ready_for_candidate_queue_writer_cli_review"],
},
{
"key": "writer_preflight_side_effect_free",
"label": "writer preflight 未顯示 API 執行、寫 DB 或掛 scheduler",
"passed": preflight["side_effects_clear"],
},
{
"key": "writer_cli_review_payload_received",
"label": "已提供 writer CLI review 草案",
"passed": cli_review_received,
},
{
"key": "writer_cli_review_valid_object",
"label": "writer CLI review payload 必須是 JSON object",
"passed": cli_review_valid_object,
},
{
"key": "writer_cli_review_identity_recorded",
"label": "writer CLI review 必須記錄 review_id",
"passed": bool(cli_review["review_id"]),
},
{
"key": "writer_cli_review_mode_preview_only",
"label": "writer CLI review 必須維持 preview mode",
"passed": cli_review["review_mode"] in SAFE_REVIEW_MODES,
},
{
"key": "writer_cli_command_mode_manual_shell_only",
"label": "command mode 必須是 manual_shell_review_only",
"passed": cli_review["command_mode"] in SAFE_COMMAND_MODES,
},
{
"key": "writer_cli_script_path_safe",
"label": "script path 必須是候選 queue writer CLI",
"passed": cli_review["script_path"] == SCRIPT_PATH,
},
{
"key": "writer_cli_target_table_safe",
"label": "target table 必須是 market_alert_review_queue",
"passed": cli_review["target_table"] == TARGET_TABLE,
},
{
"key": "writer_cli_preflight_id_matches",
"label": "CLI review preflight_id 必須對齊 writer preflight",
"passed": bool(
cli_review["preflight_id"]
and cli_review["preflight_id"] == preflight["preflight_id"]
),
},
{
"key": "writer_cli_payload_count_matches_preflight",
"label": "CLI review row count 必須對齊 writer preflight",
"passed": bool(
0 < cli_review["expected_payload_row_count"] <= MAX_CLI_REVIEW_ITEMS
and cli_review["expected_payload_row_count"]
== preflight["payload_row_count"]
),
},
{
"key": "writer_cli_candidate_keys_match_preflight",
"label": "CLI review candidate keys 必須完全對齊 writer preflight",
"passed": bool(
preflight_candidate_keys
and review_candidate_keys == preflight_candidate_keys
and cli_review["candidate_keys_unique"]
),
},
{
"key": "writer_cli_dedupe_keys_match_preflight",
"label": "CLI review dedupe keys 必須完全對齊 writer preflight",
"passed": bool(
preflight_dedupe_keys
and review_dedupe_keys == preflight_dedupe_keys
and cli_review["dedupe_keys_unique"]
),
},
{
"key": "writer_cli_command_invokes_expected_script",
"label": "command argv 必須只預覽候選 queue writer script",
"passed": cli_review["command_invokes_expected_script"],
},
{
"key": "writer_cli_required_safe_flags_present",
"label": "command argv 必須包含 sample-json 與 read-only preflight",
"passed": cli_review["required_safe_flags_present"],
},
{
"key": "writer_cli_forbidden_write_flags_absent",
"label": "command argv 不得包含 execute/apply/approval-token",
"passed": cli_review["forbidden_command_flags_absent"],
},
{
"key": "writer_cli_operator_boundaries_confirmed",
"label": "操作員確認 API 不執行 CLI、不讀 token、不寫 DB、不保存、不掛排程",
"passed": cli_review["operator_boundaries_confirmed"],
},
{
"key": "writer_cli_dry_run_first_required",
"label": "正式流程必須先 dry-run / read-only preflight",
"passed": cli_review["dry_run_first_required"],
},
{
"key": "writer_cli_approval_token_shell_only",
"label": "approval token 只能在 shell 提供,不得進 API payload",
"passed": cli_review["approval_token_shell_only"],
},
{
"key": "writer_cli_no_api_execution_or_real_write",
"label": "API review payload 不得允許 CLI 執行或 real write",
"passed": bool(
not cli_review["api_execution_allowed"]
and not cli_review["real_write_allowed"]
),
},
{
"key": "writer_cli_no_raw_payload",
"label": "writer CLI review payload 不得回貼 raw HTML/body/snapshot",
"passed": not cli_review["raw_payload_submitted_to_api"],
},
{
"key": "writer_cli_no_secret_or_token_key",
"label": "writer CLI review payload 不得包含 secret、cookie、password 或 token key",
"passed": not cli_review["secret_or_token_submitted_to_api"],
},
{
"key": "writer_cli_side_effect_free",
"label": "writer CLI review payload 不得要求 API 執行、寫檔、寫 DB 或掛 scheduler",
"passed": not cli_review["blocked_side_effects"],
},
]
def build_mcp_fetch_candidate_queue_writer_cli_review_preview(
*,
writer_preflight_package=None,
writer_preflight_result=None,
writer_cli_review=None,
phase=None,
):
"""建立 fetch candidate queue writer CLI review不執行 CLI 或寫入。"""
writer_preflight_package = _as_dict(writer_preflight_package)
preflight_result_received = bool(
isinstance(writer_preflight_result, dict) and writer_preflight_result
)
cli_review_valid_object = (
isinstance(writer_cli_review, dict) if writer_cli_review is not None else True
)
cli_review_payload = _as_dict(writer_cli_review)
preflight_data = _preflight_from_inputs(
writer_preflight_package,
writer_preflight_result,
phase,
)
preflight_received = bool(
writer_preflight_package or preflight_result_received
)
payload_received = bool(
preflight_received or cli_review_payload or writer_cli_review is not None
)
cli_review_received = bool(cli_review_payload)
preflight = _preflight_summary(preflight_data)
cli_review = _cli_review_summary(cli_review_payload)
gates = _review_gates(
preflight_received=preflight_received,
cli_review_received=cli_review_received,
cli_review_valid_object=cli_review_valid_object,
preflight=preflight,
cli_review=cli_review,
)
blocked_reasons = [gate["key"] for gate in gates if not gate["passed"]]
accepted = bool(payload_received and not blocked_reasons)
return {
"mode": (
"mcp_fetch_candidate_queue_writer_cli_review"
if payload_received
else "mcp_fetch_candidate_queue_writer_cli_review_preview"
),
"phase": phase,
"writer_cli_review_payload_received": payload_received,
"writer_preflight_received": preflight_received,
"writer_cli_review_received": cli_review_received,
"writer_cli_review_valid_object": cli_review_valid_object,
"writer_preflight_accepted": preflight["accepted"],
"mcp_fetch_candidate_queue_writer_cli_review_accepted": accepted,
"candidate_queue_writer_cli_review_ready": accepted,
"ready_for_candidate_queue_writer_run_package_review": accepted,
"ready_for_api_database_write": False,
"ready_for_real_write": False,
"ready_for_scheduler_attach": False,
"network_request_allowed": False,
"api_executes_cli": False,
"api_reads_approval_token": False,
"api_opens_database_connection": False,
"api_writes_database": False,
"api_uses_external_network": False,
"cli_executed": False,
"candidate_queue_created": False,
"candidate_queue_persisted": False,
"candidate_review_state_updated": False,
"payload_row_count": cli_review["expected_payload_row_count"],
"gate_count": len(gates),
"passed_gate_count": sum(1 for gate in gates if gate["passed"]),
"blocked_reasons": blocked_reasons,
"gates": gates,
"writer_preflight_summary": preflight,
"writer_cli_review_summary": cli_review,
"sample_writer_cli_review_package": _sample_cli_review_package(),
"next_operator_steps": [
"CLI review 通過後,只代表可整理 operator run package不代表可執行 CLI",
"真正 --execute、--apply-real-write 與 approval token 必須留在人工 shell gate",
"API/UI 仍不得讀 token、不得執行 CLI、不得開 DB、不得寫 queue",
],
"payload_persisted": False,
"cli_review_persisted": False,
"package_artifact_created": False,
"api_writes_file": False,
"database_session_created": False,
"database_commit_executed": False,
"database_write_executed": False,
"external_network_executed": False,
"file_written": False,
"writes_executed": False,
"would_write_database": False,
"scheduler_attached": False,
}

2
services/market_intel/phase.py
View File

@@ -1,3 +1,3 @@
"""市場情報 rollout phase 單一來源。"""
MARKET_INTEL_PHASE = "phase_128_market_intel_mcp_fetch_candidate_queue_writer_preflight"
MARKET_INTEL_PHASE = "phase_129_market_intel_mcp_fetch_candidate_queue_writer_cli_review"

170
templates/market_intel/disabled.html
View File

@@ -864,6 +864,32 @@
</div>
</div>
<div class="market-intel-panel" data-market-intel-mcp-fetch-candidate-queue-writer-cli-review>
<div class="market-intel-preview-head">
<div>
<p class="market-intel-muted momo-mono mb-1">MCP / WRITER CLI REVIEW</p>
<h2 class="market-intel-preview-title">MCP Candidate Queue Writer CLI Review</h2>
</div>
<button class="market-intel-icon-button" type="button" title="重新整理 MCP Writer CLI Review" data-market-intel-mcp-fetch-candidate-queue-writer-cli-review-refresh>
<i class="fas fa-rotate-right" aria-hidden="true"></i>
</button>
</div>
<div class="market-intel-preview-meta" data-market-intel-mcp-fetch-candidate-queue-writer-cli-review-meta>
<span class="market-intel-pill">loading</span>
</div>
<div data-market-intel-mcp-fetch-candidate-queue-writer-cli-review-body>
<div class="market-intel-empty">讀取 MCP Writer CLI Review 中...</div>
</div>
<div class="market-intel-control-row mt-3">
<textarea class="market-intel-json-input" rows="9" spellcheck="false" data-market-intel-mcp-fetch-candidate-queue-writer-cli-review-input placeholder="writer preflight and CLI review JSON"></textarea>
<div class="market-intel-control-actions">
<button class="market-intel-icon-button" type="button" title="審核 MCP Writer CLI Review JSON" data-market-intel-mcp-fetch-candidate-queue-writer-cli-review-review>
<i class="fas fa-check" aria-hidden="true"></i>
</button>
</div>
</div>
</div>
<div class="market-intel-panel" data-market-intel-manual-sample>
<div class="market-intel-preview-head">
<div>
@@ -1380,6 +1406,7 @@
const mcpFetchCandidateHandoffReviewRoot = document.querySelector('[data-market-intel-mcp-fetch-candidate-handoff-review]');
const mcpFetchCandidateQueueReviewRoot = document.querySelector('[data-market-intel-mcp-fetch-candidate-queue-review]');
const mcpFetchCandidateQueueWriterPreflightRoot = document.querySelector('[data-market-intel-mcp-fetch-candidate-queue-writer-preflight]');
const mcpFetchCandidateQueueWriterCliReviewRoot = document.querySelector('[data-market-intel-mcp-fetch-candidate-queue-writer-cli-review]');
const manualSampleRoot = document.querySelector('[data-market-intel-manual-sample]');
const sampleAcceptanceRoot = document.querySelector('[data-market-intel-sample-acceptance]');
const sampleReviewRoot = document.querySelector('[data-market-intel-sample-review]');
@@ -1396,7 +1423,7 @@
const liveInventoryRoot = document.querySelector('[data-market-intel-live-inventory]');
const approvalRoot = document.querySelector('[data-market-intel-approval]');
const deployRoot = document.querySelector('[data-market-intel-deploy]');
if (!root && !writerRoot && !cliRoot && !dbProbeRoot && !seedDiffRoot && !legacyBridgeRoot && !mcpReadinessRoot && !mcpPreflightRoot && !mcpActivationRoot && !mcpFetchGateRoot && !mcpCompletionRoot && !mcpActivationEvidenceRoot && !mcpRuntimeSmokeRoot && !mcpRuntimePromotionRoot && !mcpManualFetchHandoffRoot && !mcpFetchTargetReviewRoot && !mcpFetchRunPackageRoot && !mcpFetchRunReadinessRoot && !mcpFetchRunReceiptRoot && !mcpFetchResultParserReviewRoot && !mcpFetchCandidateHandoffReviewRoot && !mcpFetchCandidateQueueReviewRoot && !mcpFetchCandidateQueueWriterPreflightRoot && !manualSampleRoot && !sampleAcceptanceRoot && !sampleReviewRoot && !schedulerRoot && !matchReviewRoot && !opportunityRoot && !opportunityScoringRoot && !opportunityEvidenceRoot && !opportunityAlertRoot && !migrationRoot && !migrationDrillRoot && !catalogReviewRoot && !liveSmokeRoot && !liveInventoryRoot && !approvalRoot && !deployRoot) return;
if (!root && !writerRoot && !cliRoot && !dbProbeRoot && !seedDiffRoot && !legacyBridgeRoot && !mcpReadinessRoot && !mcpPreflightRoot && !mcpActivationRoot && !mcpFetchGateRoot && !mcpCompletionRoot && !mcpActivationEvidenceRoot && !mcpRuntimeSmokeRoot && !mcpRuntimePromotionRoot && !mcpManualFetchHandoffRoot && !mcpFetchTargetReviewRoot && !mcpFetchRunPackageRoot && !mcpFetchRunReadinessRoot && !mcpFetchRunReceiptRoot && !mcpFetchResultParserReviewRoot && !mcpFetchCandidateHandoffReviewRoot && !mcpFetchCandidateQueueReviewRoot && !mcpFetchCandidateQueueWriterPreflightRoot && !mcpFetchCandidateQueueWriterCliReviewRoot && !manualSampleRoot && !sampleAcceptanceRoot && !sampleReviewRoot && !schedulerRoot && !matchReviewRoot && !opportunityRoot && !opportunityScoringRoot && !opportunityEvidenceRoot && !opportunityAlertRoot && !migrationRoot && !migrationDrillRoot && !catalogReviewRoot && !liveSmokeRoot && !liveInventoryRoot && !approvalRoot && !deployRoot) return;
const meta = root ? root.querySelector('[data-market-intel-preview-meta]') : null;
const body = root ? root.querySelector('[data-market-intel-preview-body]') : null;
@@ -1515,6 +1542,12 @@
const mcpFetchCandidateQueueWriterPreflightReview = mcpFetchCandidateQueueWriterPreflightRoot ? mcpFetchCandidateQueueWriterPreflightRoot.querySelector('[data-market-intel-mcp-fetch-candidate-queue-writer-preflight-review]') : null;
const mcpFetchCandidateQueueWriterPreflightRefresh = mcpFetchCandidateQueueWriterPreflightRoot ? mcpFetchCandidateQueueWriterPreflightRoot.querySelector('[data-market-intel-mcp-fetch-candidate-queue-writer-preflight-refresh]') : null;
const mcpFetchCandidateQueueWriterPreflightEndpoint = "{{ url_for('market_intel.market_intel_mcp_fetch_candidate_queue_writer_preflight') }}";
const mcpFetchCandidateQueueWriterCliReviewMeta = mcpFetchCandidateQueueWriterCliReviewRoot ? mcpFetchCandidateQueueWriterCliReviewRoot.querySelector('[data-market-intel-mcp-fetch-candidate-queue-writer-cli-review-meta]') : null;
const mcpFetchCandidateQueueWriterCliReviewBody = mcpFetchCandidateQueueWriterCliReviewRoot ? mcpFetchCandidateQueueWriterCliReviewRoot.querySelector('[data-market-intel-mcp-fetch-candidate-queue-writer-cli-review-body]') : null;
const mcpFetchCandidateQueueWriterCliReviewInput = mcpFetchCandidateQueueWriterCliReviewRoot ? mcpFetchCandidateQueueWriterCliReviewRoot.querySelector('[data-market-intel-mcp-fetch-candidate-queue-writer-cli-review-input]') : null;
const mcpFetchCandidateQueueWriterCliReviewReview = mcpFetchCandidateQueueWriterCliReviewRoot ? mcpFetchCandidateQueueWriterCliReviewRoot.querySelector('[data-market-intel-mcp-fetch-candidate-queue-writer-cli-review-review]') : null;
const mcpFetchCandidateQueueWriterCliReviewRefresh = mcpFetchCandidateQueueWriterCliReviewRoot ? mcpFetchCandidateQueueWriterCliReviewRoot.querySelector('[data-market-intel-mcp-fetch-candidate-queue-writer-cli-review-refresh]') : null;
const mcpFetchCandidateQueueWriterCliReviewEndpoint = "{{ url_for('market_intel.market_intel_mcp_fetch_candidate_queue_writer_cli_review') }}";
const manualSampleMeta = manualSampleRoot ? manualSampleRoot.querySelector('[data-market-intel-manual-sample-meta]') : null;
const manualSampleBody = manualSampleRoot ? manualSampleRoot.querySelector('[data-market-intel-manual-sample-body]') : null;
const manualSampleRefresh = manualSampleRoot ? manualSampleRoot.querySelector('[data-market-intel-manual-sample-refresh]') : null;
@@ -3981,6 +4014,134 @@
}
};
const renderMcpFetchCandidateQueueWriterCliReviewMeta = data => {
mcpFetchCandidateQueueWriterCliReviewMeta.innerHTML = [
`mode=${data.mode || 'unknown'}`,
`accepted=${data.mcp_fetch_candidate_queue_writer_cli_review_accepted ? 'yes' : 'no'}`,
`gates=${data.passed_gate_count || 0}/${data.gate_count || 0}`,
`rows=${data.payload_row_count || 0}`,
`cli=${data.api_executes_cli ? 'exec' : 'blocked'}`,
`db=${data.api_writes_database ? 'write' : 'blocked'}`
].map(item => `<span class="market-intel-pill">${escapeHtml(item)}</span>`).join('');
};
const renderMcpFetchCandidateQueueWriterCliReviewBody = data => {
const blockers = (data.blocked_reasons || []).join(' / ');
const gates = data.gates || [];
const preflight = data.writer_preflight_summary || {};
const review = data.writer_cli_review_summary || {};
const argv = review.command_argv_preview || [];
const steps = data.next_operator_steps || [];
const renderCheck = (key, label, status) => `
<div class="market-intel-check">
<div>
<strong>${escapeHtml(key)}</strong>
<small>${escapeHtml(label || '')}</small>
</div>
<span>${escapeHtml(status)}</span>
</div>
`;
mcpFetchCandidateQueueWriterCliReviewBody.innerHTML = `
<div class="market-intel-empty mb-3">此 CLI review 只審核人工 shell writer 草案API 不執行 CLI、不讀 approval token、不寫檔、不開 DB、不寫 queue、不掛 scheduler。${blockers ? `阻擋:${escapeHtml(blockers)}` : ''}</div>
<div class="market-intel-deploy-grid">
<div data-market-intel-mcp-fetch-candidate-queue-writer-cli-review-gates>
<p class="market-intel-deploy-section-title">CLI REVIEW GATES</p>
<div class="market-intel-check-list">${
gates.length
? gates.map(item => renderCheck(item.key, item.label, item.passed ? 'PASS' : 'BLOCK')).join('')
: '<div class="market-intel-empty">尚未提供 CLI review gates。</div>'
}</div>
</div>
<div data-market-intel-mcp-fetch-candidate-queue-writer-cli-review-preflight>
<p class="market-intel-deploy-section-title">PREFLIGHT LINK</p>
<div class="market-intel-check-list">
${renderCheck('writer_preflight', `${preflight.accepted ? 'accepted' : 'pending'} / rows=${preflight.payload_row_count || 0}`, preflight.accepted ? 'ACCEPTED' : 'PENDING')}
${renderCheck('preflight_id', preflight.preflight_id || 'missing', preflight.preflight_id ? 'LINKED' : 'BLOCK')}
${renderCheck('preflight_boundary', 'no CLI / no DB / no scheduler', preflight.side_effects_clear ? 'CLOSED' : 'BLOCK')}
</div>
</div>
<div data-market-intel-mcp-fetch-candidate-queue-writer-cli-review-command>
<p class="market-intel-deploy-section-title">COMMAND REVIEW</p>
<div class="market-intel-check-list">
${renderCheck('script_path', review.script_path || 'missing', review.script_path === 'scripts/market_intel_candidate_queue_writer.py' ? 'READY' : 'BLOCK')}
${renderCheck('command_mode', review.command_mode || 'missing', review.command_mode === 'manual_shell_review_only' ? 'MANUAL' : 'BLOCK')}
${renderCheck('safe_flags', argv.join(' '), review.required_safe_flags_present ? 'READY' : 'BLOCK')}
${renderCheck('forbidden_flags', '--execute / --apply-real-write / --approval-token', review.forbidden_command_flags_absent ? 'ABSENT' : 'BLOCK')}
</div>
</div>
<div data-market-intel-mcp-fetch-candidate-queue-writer-cli-review-payload>
<p class="market-intel-deploy-section-title">PAYLOAD CONTRACT</p>
<div class="market-intel-check-list">
${renderCheck('target_table', review.target_table || 'missing', review.target_table === 'market_alert_review_queue' ? 'TARGET' : 'BLOCK')}
${renderCheck('row_count', `${review.expected_payload_row_count || 0}`, review.expected_payload_row_count === preflight.payload_row_count ? 'MATCH' : 'BLOCK')}
${renderCheck('candidate_keys', `${(review.expected_candidate_keys || []).length}`, review.candidate_keys_unique ? 'UNIQUE' : 'BLOCK')}
${renderCheck('dedupe_keys', `${(review.expected_dedupe_keys || []).length}`, review.dedupe_keys_unique ? 'UNIQUE' : 'BLOCK')}
</div>
</div>
<div data-market-intel-mcp-fetch-candidate-queue-writer-cli-review-next>
<p class="market-intel-deploy-section-title">BOUNDARY / NEXT</p>
<div class="market-intel-check-list">
${renderCheck(
'api_boundary',
'no CLI / no token / no DB / no queue write / no scheduler',
data.api_executes_cli || data.api_reads_approval_token || data.api_writes_database ? 'BLOCK' : 'CLOSED'
)}
${steps.map((item, index) => renderCheck(`step_${index + 1}`, item, 'NEXT')).join('')}
</div>
</div>
</div>
`;
if (mcpFetchCandidateQueueWriterCliReviewInput && !mcpFetchCandidateQueueWriterCliReviewInput.value.trim() && data.sample_writer_cli_review_package) {
mcpFetchCandidateQueueWriterCliReviewInput.value = JSON.stringify(data.sample_writer_cli_review_package, null, 2);
}
};
const loadMcpFetchCandidateQueueWriterCliReview = async () => {
if (!mcpFetchCandidateQueueWriterCliReviewMeta || !mcpFetchCandidateQueueWriterCliReviewBody) return;
mcpFetchCandidateQueueWriterCliReviewBody.innerHTML = '<div class="market-intel-empty">讀取 MCP Writer CLI Review 中...</div>';
try {
const response = await fetch(mcpFetchCandidateQueueWriterCliReviewEndpoint, { credentials: 'same-origin' });
if (!response.ok) throw new Error(`HTTP ${response.status}`);
const data = await response.json();
renderMcpFetchCandidateQueueWriterCliReviewMeta(data);
renderMcpFetchCandidateQueueWriterCliReviewBody(data);
} catch (error) {
mcpFetchCandidateQueueWriterCliReviewMeta.innerHTML = '<span class="market-intel-pill">error</span>';
mcpFetchCandidateQueueWriterCliReviewBody.innerHTML = `<div class="market-intel-empty">MCP Writer CLI Review 讀取失敗:${escapeHtml(error.message)}</div>`;
}
};
const reviewMcpFetchCandidateQueueWriterCliReview = async () => {
if (!mcpFetchCandidateQueueWriterCliReviewMeta || !mcpFetchCandidateQueueWriterCliReviewBody || !mcpFetchCandidateQueueWriterCliReviewInput) return;
let parsed;
try {
parsed = JSON.parse(mcpFetchCandidateQueueWriterCliReviewInput.value || '{}');
} catch (error) {
mcpFetchCandidateQueueWriterCliReviewMeta.innerHTML = '<span class="market-intel-pill">json_error</span>';
mcpFetchCandidateQueueWriterCliReviewBody.innerHTML = `<div class="market-intel-empty">JSON 格式錯誤:${escapeHtml(error.message)}</div>`;
return;
}
mcpFetchCandidateQueueWriterCliReviewBody.innerHTML = '<div class="market-intel-empty">審核 MCP Writer CLI Review 中...</div>';
try {
const response = await fetch(mcpFetchCandidateQueueWriterCliReviewEndpoint, {
method: 'POST',
credentials: 'same-origin',
headers: {
'Content-Type': 'application/json',
'X-CSRFToken': csrfToken
},
body: JSON.stringify({ writer_cli_review_package: parsed })
});
const data = await response.json();
if (!response.ok && !data.mode) throw new Error(`HTTP ${response.status}`);
renderMcpFetchCandidateQueueWriterCliReviewMeta(data);
renderMcpFetchCandidateQueueWriterCliReviewBody(data);
} catch (error) {
mcpFetchCandidateQueueWriterCliReviewMeta.innerHTML = '<span class="market-intel-pill">error</span>';
mcpFetchCandidateQueueWriterCliReviewBody.innerHTML = `<div class="market-intel-empty">MCP Writer CLI Review 審核失敗:${escapeHtml(error.message)}</div>`;
}
};
const renderManualSampleMeta = data => {
manualSampleMeta.innerHTML = [
`mode=${data.mode || 'unknown'}`,
@@ -13456,6 +13617,12 @@
if (mcpFetchCandidateQueueWriterPreflightReview) {
mcpFetchCandidateQueueWriterPreflightReview.addEventListener('click', reviewMcpFetchCandidateQueueWriterPreflight);
}
if (mcpFetchCandidateQueueWriterCliReviewRefresh) {
mcpFetchCandidateQueueWriterCliReviewRefresh.addEventListener('click', loadMcpFetchCandidateQueueWriterCliReview);
}
if (mcpFetchCandidateQueueWriterCliReviewReview) {
mcpFetchCandidateQueueWriterCliReviewReview.addEventListener('click', reviewMcpFetchCandidateQueueWriterCliReview);
}
if (manualSampleRefresh) {
manualSampleRefresh.addEventListener('click', loadManualSample);
}
@@ -13722,6 +13889,7 @@
loadMcpFetchCandidateHandoffReview();
loadMcpFetchCandidateQueueReview();
loadMcpFetchCandidateQueueWriterPreflight();
loadMcpFetchCandidateQueueWriterCliReview();
loadManualSample();
loadSampleAcceptance();
loadSampleReview();

559
tests/test_market_intel_skeleton.py
View File

File diff suppressed because it is too large Load Diff