From 34b45365ec324e13a068d011a090023038443d68 Mon Sep 17 00:00:00 2001 From: twentyOne2x Date: Fri, 10 Jul 2026 04:50:04 +0200 Subject: [PATCH] Add Leo direct-claim preflight probes --- .../argus-kb-state-current.json | 1492 +++++++++++++++++ .../argus-kb-state-current.md | 38 + .../current-truth-index.md | 4 + ...isible-direct-claim-preflight-current.json | 43 + ...-visible-direct-claim-preflight-current.md | 59 + .../working-leo-current-state-20260709.md | 12 + .../working-leo-execution-plan-current.md | 6 +- ...telegram_visible_direct_claim_preflight.py | 383 +++++ scripts/probe_argus_kb_state.py | 216 +++ ...telegram_visible_direct_claim_preflight.py | 148 ++ tests/test_probe_argus_kb_state.py | 124 ++ 11 files changed, 2523 insertions(+), 2 deletions(-) create mode 100644 docs/reports/leo-working-state-20260709/argus-kb-state-current.json create mode 100644 docs/reports/leo-working-state-20260709/argus-kb-state-current.md create mode 100644 docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-preflight-current.json create mode 100644 docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-preflight-current.md create mode 100644 scripts/collect_telegram_visible_direct_claim_preflight.py create mode 100644 scripts/probe_argus_kb_state.py create mode 100644 tests/test_collect_telegram_visible_direct_claim_preflight.py create mode 100644 tests/test_probe_argus_kb_state.py diff --git a/docs/reports/leo-working-state-20260709/argus-kb-state-current.json b/docs/reports/leo-working-state-20260709/argus-kb-state-current.json new file mode 100644 index 0000000..0376c93 --- /dev/null +++ b/docs/reports/leo-working-state-20260709/argus-kb-state-current.json @@ -0,0 +1,1492 @@ +{ + "base_url": "http://77.42.65.182:8081", + "checks": { + "approved_need_apply_payload": true, + "approved_proposals_visible": true, + "http_readback_ok": true, + "kb_proposals_endpoint_read_only": true, + "no_worker_applyable_approved_proposals": true + }, + "claim_ceiling": "This is public Argus HTTP diagnostics evidence only. It proves the diagnostics surface can see approved KB proposals and their applyability state; it does not prove Docker/Postgres row counts, gateway systemd state, Telegram-visible reply quality, or production apply execution.", + "fetch_sources": { + "kb_proposals": "supplied_base64_json", + "metrics": "supplied_base64_json", + "vital_signs": "supplied_base64_json" + }, + "generated_at_utc": "2026-07-10T02:48:11.734733+00:00", + "mode": "argus_kb_state_readonly_http_probe", + "raw": { + "kb_proposals": { + "filters": { + "limit": 3, + "proposal_id": "", + "status": "approved" + }, + "generated_at": "2026-07-10T02:47:53.755054+00:00", + "packets": [ + { + "admin_panel_sections": [ + "identity_and_authorization", + "payload_summary", + "candidate_rows_and_sources", + "dependencies_and_schema_gaps", + "dry_run_sql_only_after_apply_payload_exists" + ], + "apply_preview": { + "blocked_fragments": [ + { + "fragment": { + "edge_type": "supersedes_component_of", + "fingerprint": "e199944e9bc5ed47", + "to_claim_id": "d0000000-0000-0000-0000-000000000005" + }, + "kind": "edge", + "missing": [ + "canonical from_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "supersedes_component_of", + "fingerprint": "d358d086d291fbe7", + "to_claim_id": "d0000000-0000-0000-0000-000000000005" + }, + "kind": "edge", + "missing": [ + "canonical from_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "supersedes_component_of", + "fingerprint": "1c4b69b29331394b", + "to_claim_id": "d0000000-0000-0000-0000-000000000005" + }, + "kind": "edge", + "missing": [ + "canonical from_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "supersedes_component_of", + "fingerprint": "87dcb5d88991dc8c", + "to_claim_id": "d0000000-0000-0000-0000-000000000005" + }, + "kind": "edge", + "missing": [ + "canonical from_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "supersedes_component_of", + "fingerprint": "02446e8f4c51bb25", + "target_claim_id": "d0000000-0000-0000-0000-000000000005" + }, + "kind": "edge", + "missing": [ + "canonical from_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "supports", + "fingerprint": "df3281adf186aa43", + "target": "rio:capital-deployment-layer" + }, + "kind": "edge", + "missing": [ + "canonical from_claim", + "canonical to_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "relates", + "fingerprint": "02f3448a8dd588d2", + "target": "teleo telos / fund-build paths toward better attractors" + }, + "kind": "edge", + "missing": [ + "canonical from_claim", + "canonical to_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "supersedes_component_of", + "fingerprint": "02446e8f4c51bb25", + "target_claim_id": "d0000000-0000-0000-0000-000000000005" + }, + "kind": "edge", + "missing": [ + "canonical from_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "draws_from", + "fingerprint": "1edb2d5afd5377f8", + "target": "concept_map:distributed_market_intelligence" + }, + "kind": "edge", + "missing": [ + "canonical from_claim", + "canonical to_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "relates", + "fingerprint": "9fafd1f88c4eada5", + "target_claim_id": "7da4851c-0aac-4084-a99f-baeeeb3aa23e" + }, + "kind": "edge", + "missing": [ + "canonical from_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "supersedes_component_of", + "fingerprint": "02446e8f4c51bb25", + "target_claim_id": "d0000000-0000-0000-0000-000000000005" + }, + "kind": "edge", + "missing": [ + "canonical from_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "requires", + "fingerprint": "563fcd5eb8524025", + "target": "capital_allocation_depends_on_distributed_market_intelligence" + }, + "kind": "edge", + "missing": [ + "canonical from_claim", + "canonical to_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "relates", + "fingerprint": "ce7c4ac6df352dc8", + "target": "rio:active strategy v1 / internet-finance capital product" + }, + "kind": "edge", + "missing": [ + "canonical from_claim", + "canonical to_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "supersedes_component_of", + "fingerprint": "02446e8f4c51bb25", + "target_claim_id": "d0000000-0000-0000-0000-000000000005" + }, + "kind": "edge", + "missing": [ + "canonical from_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "constrains", + "fingerprint": "fb67c7bd15d5fcab", + "target": "internet_finance_structural_advantages_capital_allocation" + }, + "kind": "edge", + "missing": [ + "canonical from_claim", + "canonical to_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "constrains", + "fingerprint": "17dca90227ce9329", + "target": "rio:active strategy v1 / internet-finance capital product" + }, + "kind": "edge", + "missing": [ + "canonical from_claim", + "canonical to_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "serves", + "fingerprint": "615d5c862028cec8", + "target": "teleo telos" + }, + "kind": "edge", + "missing": [ + "canonical from_claim", + "canonical to_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "fingerprint": "70dd6aa6bb9740e9", + "source_key": "rio_belief_capital_allocation_civilizational_infrastructure" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + }, + { + "fragment": { + "fingerprint": "847c3bb14006e8cf", + "source_key": "leo_active_strategy_v2_context" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + }, + { + "fragment": { + "fingerprint": "8c4810e569c88d73", + "source_key": "m3ta_telegram_approval_supersede_split_2026_07_05" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + }, + { + "fragment": { + "fingerprint": "03f47a1ac20ae063", + "source_key": "hayek_use_of_knowledge_in_society_fee_snapshot" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + }, + { + "fragment": { + "fingerprint": "5c84384d3d2a95c2", + "source_key": "hayek_use_of_knowledge_in_society_fee_snapshot" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + }, + { + "fragment": { + "fingerprint": "c6b304adc8d66a26", + "source_key": "hayek_use_of_knowledge_in_society_fee_snapshot" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + }, + { + "fragment": { + "fingerprint": "8c4810e569c88d73", + "source_key": "m3ta_telegram_approval_supersede_split_2026_07_05" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + }, + { + "fragment": { + "fingerprint": "847c3bb14006e8cf", + "source_key": "leo_active_strategy_v2_context" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + }, + { + "fragment": { + "fingerprint": "8c4810e569c88d73", + "source_key": "m3ta_telegram_approval_supersede_split_2026_07_05" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + } + ], + "note": "No canonical write preview is safe until the proposal has a strict apply_payload or strict child proposals.", + "rows": [], + "state": "not_applyable_yet" + }, + "applyability": { + "apply_worker_types": [ + "revise_strategy", + "add_edge", + "attach_evidence" + ], + "missing_contract": [ + "strict payload.apply_payload", + "claim-row normalization", + "source/evidence normalization", + "edge/supersession normalization", + "concept-map storage decision" + ], + "strict_apply_payload_required": true + }, + "has_apply_payload": false, + "identity_and_authorization": { + "applied_at": null, + "applied_by_handle": null, + "channel": "telegram", + "proposed_by_handle": "leo", + "review_note": "Approved by m3ta in Telegram: supersede old compressed internet-finance/capital-allocation claim; approve successor A, B, and D at stated confidence/evidence tiers; approve C only as low-confidence research thesis; approve Distributed market intelligence as concept-map dependency. Canonical application still requires apply workflow for successor rows/edges/evidence.", + "reviewed_at": "2026-07-05T19:30:48.707181+00:00", + "reviewed_by_handle": "m3ta", + "source_ref": "telegram:m3ta:2026-07-05:supersede-old-internet-finance-claim" + }, + "next_admin_action": "Show the approved intent, candidate rows, sources, dependencies, and schema gaps; then normalize into one or more strict apply_payload proposals before enabling the apply worker.", + "normalization_preview": { + "blocked_count": 26, + "blocked_fragments": [ + { + "fragment": { + "edge_type": "supersedes_component_of", + "fingerprint": "e199944e9bc5ed47", + "to_claim_id": "d0000000-0000-0000-0000-000000000005" + }, + "kind": "edge", + "missing": [ + "canonical from_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "supersedes_component_of", + "fingerprint": "d358d086d291fbe7", + "to_claim_id": "d0000000-0000-0000-0000-000000000005" + }, + "kind": "edge", + "missing": [ + "canonical from_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "supersedes_component_of", + "fingerprint": "1c4b69b29331394b", + "to_claim_id": "d0000000-0000-0000-0000-000000000005" + }, + "kind": "edge", + "missing": [ + "canonical from_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "supersedes_component_of", + "fingerprint": "87dcb5d88991dc8c", + "to_claim_id": "d0000000-0000-0000-0000-000000000005" + }, + "kind": "edge", + "missing": [ + "canonical from_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "supersedes_component_of", + "fingerprint": "02446e8f4c51bb25", + "target_claim_id": "d0000000-0000-0000-0000-000000000005" + }, + "kind": "edge", + "missing": [ + "canonical from_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "supports", + "fingerprint": "df3281adf186aa43", + "target": "rio:capital-deployment-layer" + }, + "kind": "edge", + "missing": [ + "canonical from_claim", + "canonical to_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "relates", + "fingerprint": "02f3448a8dd588d2", + "target": "teleo telos / fund-build paths toward better attractors" + }, + "kind": "edge", + "missing": [ + "canonical from_claim", + "canonical to_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "supersedes_component_of", + "fingerprint": "02446e8f4c51bb25", + "target_claim_id": "d0000000-0000-0000-0000-000000000005" + }, + "kind": "edge", + "missing": [ + "canonical from_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "draws_from", + "fingerprint": "1edb2d5afd5377f8", + "target": "concept_map:distributed_market_intelligence" + }, + "kind": "edge", + "missing": [ + "canonical from_claim", + "canonical to_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "relates", + "fingerprint": "9fafd1f88c4eada5", + "target_claim_id": "7da4851c-0aac-4084-a99f-baeeeb3aa23e" + }, + "kind": "edge", + "missing": [ + "canonical from_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "supersedes_component_of", + "fingerprint": "02446e8f4c51bb25", + "target_claim_id": "d0000000-0000-0000-0000-000000000005" + }, + "kind": "edge", + "missing": [ + "canonical from_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "requires", + "fingerprint": "563fcd5eb8524025", + "target": "capital_allocation_depends_on_distributed_market_intelligence" + }, + "kind": "edge", + "missing": [ + "canonical from_claim", + "canonical to_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "relates", + "fingerprint": "ce7c4ac6df352dc8", + "target": "rio:active strategy v1 / internet-finance capital product" + }, + "kind": "edge", + "missing": [ + "canonical from_claim", + "canonical to_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "supersedes_component_of", + "fingerprint": "02446e8f4c51bb25", + "target_claim_id": "d0000000-0000-0000-0000-000000000005" + }, + "kind": "edge", + "missing": [ + "canonical from_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "constrains", + "fingerprint": "fb67c7bd15d5fcab", + "target": "internet_finance_structural_advantages_capital_allocation" + }, + "kind": "edge", + "missing": [ + "canonical from_claim", + "canonical to_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "constrains", + "fingerprint": "17dca90227ce9329", + "target": "rio:active strategy v1 / internet-finance capital product" + }, + "kind": "edge", + "missing": [ + "canonical from_claim", + "canonical to_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "serves", + "fingerprint": "615d5c862028cec8", + "target": "teleo telos" + }, + "kind": "edge", + "missing": [ + "canonical from_claim", + "canonical to_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "fingerprint": "70dd6aa6bb9740e9", + "source_key": "rio_belief_capital_allocation_civilizational_infrastructure" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + }, + { + "fragment": { + "fingerprint": "847c3bb14006e8cf", + "source_key": "leo_active_strategy_v2_context" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + }, + { + "fragment": { + "fingerprint": "8c4810e569c88d73", + "source_key": "m3ta_telegram_approval_supersede_split_2026_07_05" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + }, + { + "fragment": { + "fingerprint": "03f47a1ac20ae063", + "source_key": "hayek_use_of_knowledge_in_society_fee_snapshot" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + }, + { + "fragment": { + "fingerprint": "5c84384d3d2a95c2", + "source_key": "hayek_use_of_knowledge_in_society_fee_snapshot" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + }, + { + "fragment": { + "fingerprint": "c6b304adc8d66a26", + "source_key": "hayek_use_of_knowledge_in_society_fee_snapshot" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + }, + { + "fragment": { + "fingerprint": "8c4810e569c88d73", + "source_key": "m3ta_telegram_approval_supersede_split_2026_07_05" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + }, + { + "fragment": { + "fingerprint": "847c3bb14006e8cf", + "source_key": "leo_active_strategy_v2_context" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + }, + { + "fragment": { + "fingerprint": "8c4810e569c88d73", + "source_key": "m3ta_telegram_approval_supersede_split_2026_07_05" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + } + ], + "next_normalization_action": "Create or identify canonical claim/source rows, then rerun normalization.", + "normalization_state": "blocked_missing_canonical_ids", + "proposal_id": "14fa5ecc-ac7a-41c1-807d-a2e85b936617", + "strict_child_count": 0, + "strict_child_proposals": [] + }, + "payload_summary": { + "approve_now": [ + "Supersede old claim d0000000-0000-0000-0000-000000000005 rather than delete it.", + "Approve A, B, and D as canonical successor candidates at stated confidence/evidence tiers.", + "Approve C only as a research-backed thesis candidate / queue, not as high-confidence truth.", + "Approve use of Distributed market intelligence as the concept-map dependency rather than making the Hayek reframing a replacement claim." + ], + "claim_candidate_count": 4, + "do_not_approve_yet": [ + "Do not raise C above 0.45 until external evidence is gathered.", + "Do not treat internet finance as part of the telos.", + "Do not collapse concept maps into claims if the schema migration is approved later." + ], + "has_concept_map_dependency": true, + "has_governance_standard": false, + "not_requested": null, + "old_claim_id": "d0000000-0000-0000-0000-000000000005", + "proposal_kind": "supersede_compressed_claim_with_split_claim_cluster", + "requested_decision": null, + "schema_gap_note": "teleo-kb currently cannot propose claims or supersede canonical claims directly except through generic attachment-evaluation proposals. This packet stages the canonical intent: supersede one compressed claim and create four separate claim/concept candidates with bodies and edges. Human/reviewer apply workflow required.", + "source_candidate_count": 5, + "supersession_edge_count": 4 + }, + "proposal_id": "14fa5ecc-ac7a-41c1-807d-a2e85b936617", + "proposal_type": "attach_evidence", + "review_state": "approved_needs_apply_payload", + "status": "approved", + "worker_applyable": false, + "worker_supported_type": true + }, + { + "admin_panel_sections": [ + "identity_and_authorization", + "payload_summary", + "candidate_rows_and_sources", + "dependencies_and_schema_gaps", + "dry_run_sql_only_after_apply_payload_exists" + ], + "apply_preview": { + "blocked_fragments": [ + { + "fragment": { + "edge_type": "supports", + "fingerprint": "21c8995c42edcd1c", + "target": "governance_gate:quality-gate" + }, + "kind": "edge", + "missing": [ + "canonical from_claim", + "canonical to_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "supports", + "fingerprint": "97ec4c026538ca5a", + "target": "governance_gate:evidence-bar" + }, + "kind": "edge", + "missing": [ + "canonical from_claim", + "canonical to_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "draws_from", + "fingerprint": "3b2afa52b986a47d", + "target": "hayek_reframed_price_system_distributed_knowledge" + }, + "kind": "edge", + "missing": [ + "canonical from_claim", + "canonical to_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "relates", + "fingerprint": "df2b7a307e44a6c0", + "target": "rio:belief rank 1 / Capital allocation is civilizational infrastructure" + }, + "kind": "edge", + "missing": [ + "canonical from_claim", + "canonical to_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "revises_or_refines", + "fingerprint": "85c9cdcacad38d61", + "target_claim_id": "7da4851c-0aac-4084-a99f-baeeeb3aa23e" + }, + "kind": "edge", + "missing": [ + "canonical from_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "supports", + "fingerprint": "67bb02b4eba05ced", + "target": "internet_finance_structural_advantages_body_draft" + }, + "kind": "edge", + "missing": [ + "canonical from_claim", + "canonical to_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "fingerprint": "4fbb6bcdd6644115", + "source_key": "telegram_feedback_m3ta_claim_shape_2026_07_05" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + }, + { + "fragment": { + "fingerprint": "ea3b4a5ac17fe0e7", + "source_key": "telegram_feedback_m3ta_claim_shape_2026_07_05" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + }, + { + "fragment": { + "fingerprint": "03f47a1ac20ae063", + "source_key": "hayek_use_of_knowledge_in_society_fee_snapshot" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + }, + { + "fragment": { + "fingerprint": "5c84384d3d2a95c2", + "source_key": "hayek_use_of_knowledge_in_society_fee_snapshot" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + }, + { + "fragment": { + "fingerprint": "c6b304adc8d66a26", + "source_key": "hayek_use_of_knowledge_in_society_fee_snapshot" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + } + ], + "note": "No canonical write preview is safe until the proposal has a strict apply_payload or strict child proposals.", + "rows": [], + "state": "not_applyable_yet" + }, + "applyability": { + "apply_worker_types": [ + "revise_strategy", + "add_edge", + "attach_evidence" + ], + "missing_contract": [ + "strict payload.apply_payload", + "claim-row normalization", + "source/evidence normalization" + ], + "strict_apply_payload_required": true + }, + "has_apply_payload": false, + "identity_and_authorization": { + "applied_at": null, + "applied_by_handle": null, + "channel": "telegram", + "proposed_by_handle": "leo", + "review_note": "Approved by m3ta in Telegram with caveat: not every node is a claim; concept maps and other node types also need headline/body/edges/evidence-style hygiene where appropriate. Hayek should likely be structured as a pure concept map of distributed market intelligence, then connected to agent/telos extrapolations rather than forcing a replacement claim.", + "reviewed_at": "2026-07-05T19:11:40.673615+00:00", + "reviewed_by_handle": "m3ta", + "source_ref": "telegram-doc:/home/teleo/.hermes/profiles/leoclean/cache/documents/doc_e37afcd86605_teleo_agent_strategy_kernels_2026-06-30.md; session:20260705_claim_shape" + }, + "next_admin_action": "Show the approved intent, candidate rows, sources, dependencies, and schema gaps; then normalize into one or more strict apply_payload proposals before enabling the apply worker.", + "normalization_preview": { + "blocked_count": 11, + "blocked_fragments": [ + { + "fragment": { + "edge_type": "supports", + "fingerprint": "21c8995c42edcd1c", + "target": "governance_gate:quality-gate" + }, + "kind": "edge", + "missing": [ + "canonical from_claim", + "canonical to_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "supports", + "fingerprint": "97ec4c026538ca5a", + "target": "governance_gate:evidence-bar" + }, + "kind": "edge", + "missing": [ + "canonical from_claim", + "canonical to_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "draws_from", + "fingerprint": "3b2afa52b986a47d", + "target": "hayek_reframed_price_system_distributed_knowledge" + }, + "kind": "edge", + "missing": [ + "canonical from_claim", + "canonical to_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "relates", + "fingerprint": "df2b7a307e44a6c0", + "target": "rio:belief rank 1 / Capital allocation is civilizational infrastructure" + }, + "kind": "edge", + "missing": [ + "canonical from_claim", + "canonical to_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "revises_or_refines", + "fingerprint": "85c9cdcacad38d61", + "target_claim_id": "7da4851c-0aac-4084-a99f-baeeeb3aa23e" + }, + "kind": "edge", + "missing": [ + "canonical from_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "edge_type": "supports", + "fingerprint": "67bb02b4eba05ced", + "target": "internet_finance_structural_advantages_body_draft" + }, + "kind": "edge", + "missing": [ + "canonical from_claim", + "canonical to_claim" + ], + "reason": "edge fragment is not a strict add_edge contract" + }, + { + "fragment": { + "fingerprint": "4fbb6bcdd6644115", + "source_key": "telegram_feedback_m3ta_claim_shape_2026_07_05" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + }, + { + "fragment": { + "fingerprint": "ea3b4a5ac17fe0e7", + "source_key": "telegram_feedback_m3ta_claim_shape_2026_07_05" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + }, + { + "fragment": { + "fingerprint": "03f47a1ac20ae063", + "source_key": "hayek_use_of_knowledge_in_society_fee_snapshot" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + }, + { + "fragment": { + "fingerprint": "5c84384d3d2a95c2", + "source_key": "hayek_use_of_knowledge_in_society_fee_snapshot" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + }, + { + "fragment": { + "fingerprint": "c6b304adc8d66a26", + "source_key": "hayek_use_of_knowledge_in_society_fee_snapshot" + }, + "kind": "evidence", + "missing": [ + "canonical claim_id", + "canonical source_id" + ], + "reason": "evidence fragment is not a strict attach_evidence contract" + } + ], + "next_normalization_action": "Create or identify canonical claim/source rows, then rerun normalization.", + "normalization_state": "blocked_missing_canonical_ids", + "proposal_id": "ac036c9d-20a0-4ffe-881f-57d6b7bacf22", + "strict_child_count": 0, + "strict_child_proposals": [] + }, + "payload_summary": { + "approve_now": [], + "claim_candidate_count": 3, + "do_not_approve_yet": [], + "has_concept_map_dependency": false, + "has_governance_standard": true, + "not_requested": "Do not approve the internet-finance empirical thesis as canonical yet; do not apply the entire June 30 strategy kernel document; do not change canonical claims directly from this packet.", + "old_claim_id": null, + "proposal_kind": "create_kb_claim_node_format_standard_and_research_queue", + "requested_decision": "Approve the node-format standard as a proposal hygiene rule; approve research queue for internet-finance claim packet; approve revising the Hayek anchor from a local/global-information formulation toward dispersed local knowledge plus price-system communication.", + "schema_gap_note": "The current teleo-kb bridge lacks direct propose-context-node/governance-standard/propose-claim-body commands. This packet stages a reviewable format/governance standard plus candidate claim refinements as an attachment-evaluation workaround; canonical application requires reviewer/apply workflow.", + "source_candidate_count": 3, + "supersession_edge_count": 0 + }, + "proposal_id": "ac036c9d-20a0-4ffe-881f-57d6b7bacf22", + "proposal_type": "attach_evidence", + "review_state": "approved_needs_apply_payload", + "status": "approved", + "worker_applyable": false, + "worker_supported_type": true + }, + { + "admin_panel_sections": [ + "identity_and_authorization", + "payload_summary", + "candidate_rows_and_sources", + "dependencies_and_schema_gaps", + "dry_run_sql_only_after_apply_payload_exists" + ], + "apply_preview": { + "blocked_fragments": [], + "note": "No canonical write preview is safe until the proposal has a strict apply_payload or strict child proposals.", + "rows": [], + "state": "not_applyable_yet" + }, + "applyability": { + "apply_worker_types": [ + "revise_strategy", + "add_edge", + "attach_evidence" + ], + "missing_contract": [ + "strict payload.apply_payload", + "source/evidence normalization" + ], + "strict_apply_payload_required": true + }, + "has_apply_payload": false, + "identity_and_authorization": { + "applied_at": null, + "applied_by_handle": null, + "channel": "telegram", + "proposed_by_handle": "leo", + "review_note": "Approved by m3taversal in Telegram after requested changes: claim #6 removed/deferred and competitive advantage/moats neighborhood linkage added. Approved for human resolution/apply; not canonically applied by Leo.", + "reviewed_at": "2026-06-29T16:32:39.431004+00:00", + "reviewed_by_handle": "m3taversal", + "source_ref": "telegram:m3taversal:2026-06-29:7-powers-approved-with-changes" + }, + "next_admin_action": "Show the approved intent, candidate rows, sources, dependencies, and schema gaps; then normalize into one or more strict apply_payload proposals before enabling the apply worker.", + "normalization_preview": { + "blocked_count": 0, + "blocked_fragments": [], + "next_normalization_action": "Rewrite as a supported add_edge, attach_evidence, or revise_strategy apply contract.", + "normalization_state": "no_supported_apply_fragments", + "proposal_id": "a64df080-8502-42e2-98f4-9bbdecb8da73", + "strict_child_count": 0, + "strict_child_proposals": [] + }, + "payload_summary": { + "approve_now": [], + "claim_candidate_count": 0, + "do_not_approve_yet": [], + "has_concept_map_dependency": false, + "has_governance_standard": false, + "not_requested": null, + "old_claim_id": null, + "proposal_kind": "create_reasoning_tool_and_claim_set", + "requested_decision": null, + "schema_gap_note": "The current teleo-kb bridge exposes add_edge and attach_evidence proposals but not add_claim/add_source/add_context_node. This packet is staged as an attach_evidence-style proposal and local proposal artifact for human resolution into canonical source, claim, evidence, edge, and reasoning_tool rows.", + "source_candidate_count": 8, + "supersession_edge_count": 0 + }, + "proposal_id": "a64df080-8502-42e2-98f4-9bbdecb8da73", + "proposal_type": "attach_evidence", + "review_state": "approved_needs_apply_payload", + "status": "approved", + "worker_applyable": false, + "worker_supported_type": true + } + ], + "read_only": true, + "review_state_counts": { + "approved_needs_apply_payload": 3 + }, + "status_counts": { + "approved": 3 + }, + "total": 3, + "worker_applyable_count": 0 + }, + "metrics": { + "approval_rate": 0, + "approved_24h": 0, + "breakers": { + "evaluate": { + "age_s": 4410076, + "failures": 0, + "state": "closed" + }, + "fix": { + "age_s": 5085405, + "failures": 0, + "state": "closed" + }, + "ingest": { + "age_s": 5076640, + "failures": 1, + "state": "closed" + }, + "merge": { + "age_s": 5016434, + "failures": 15, + "state": "halfopen" + }, + "snapshot": { + "age_s": 214, + "failures": 0, + "state": "closed" + }, + "validate": { + "age_s": 1159517, + "failures": 0, + "state": "closed" + }, + "watchdog": { + "age_s": 17, + "failures": 0, + "state": "closed" + } + }, + "domains": { + "ai-alignment": { + "closed": 421, + "merged": 306 + }, + "collective-intelligence": { + "closed": 5, + "merged": 3 + }, + "critical-systems": { + "closed": 1 + }, + "cross-domain": { + "closed": 2580, + "merged": 54 + }, + "energy": { + "closed": 5, + "merged": 10 + }, + "entertainment": { + "closed": 140, + "conflict": 1, + "merged": 715 + }, + "general": { + "closed": 122, + "merged": 429 + }, + "grand-strategy": { + "closed": 294, + "merged": 917 + }, + "health": { + "closed": 483, + "merged": 675 + }, + "internet-finance": { + "closed": 675, + "merged": 690 + }, + "living-agents": { + "closed": 3, + "merged": 2 + }, + "manufacturing": { + "closed": 1, + "merged": 2 + }, + "robotics": { + "closed": 2, + "merged": 3 + }, + "space-development": { + "closed": 660, + "merged": 281 + }, + "teleological-economics": { + "closed": 3 + }, + "unknown": { + "closed": 358, + "merged": 7 + } + }, + "evaluated_24h": 0, + "fix_attempted": 1039, + "fix_rate": 0.22, + "fix_succeeded": 229, + "median_ttm_minutes": null, + "rejection_reasons": [], + "source_map": { + "error": 5, + "extracted": 2233, + "ghost_no_file": 219, + "null_result": 665, + "queued": 4, + "unprocessed": 550 + }, + "status_map": { + "closed": 5753, + "conflict": 1, + "merged": 4094 + }, + "throughput_1h": 0 + }, + "vital_signs": { + "claim_index_status": "unavailable", + "confidence_distribution": {}, + "domain_activity": { + "active": [], + "stagnant": [ + "ai-alignment", + "collective-intelligence", + "critical-systems", + "cross-domain", + "energy", + "entertainment", + "general", + "grand-strategy", + "health", + "internet-finance", + "living-agents", + "manufacturing", + "robotics", + "space-development", + "teleological-economics" + ], + "status": "warning" + }, + "evidence_freshness": null, + "funnel": { + "conversion_rate": 0.416, + "prs_merged": 4094, + "prs_total": 9848, + "sources_extracted": 2233, + "sources_queued": 550, + "sources_total": 3676 + }, + "linkage_density": null, + "orphan_ratio": { + "count": null, + "ratio": null, + "status": "unavailable", + "total": null + }, + "queue_staleness": { + "buckets": { + "30d+": 550 + }, + "oldest_age_days": 78.2, + "stale_count": 550, + "status": "critical" + }, + "review_throughput": { + "approved_waiting": 0, + "backlog": 1, + "conflict_permanent_prs": 0, + "conflict_prs": 0, + "oldest_open_hours": null, + "open_prs": 1, + "reviewing_prs": 0, + "status": "healthy" + } + } + }, + "status": "pass", + "summary": { + "metrics": { + "breakers": { + "evaluate": { + "age_s": 4410076, + "failures": 0, + "state": "closed" + }, + "fix": { + "age_s": 5085405, + "failures": 0, + "state": "closed" + }, + "ingest": { + "age_s": 5076640, + "failures": 1, + "state": "closed" + }, + "merge": { + "age_s": 5016434, + "failures": 15, + "state": "halfopen" + }, + "snapshot": { + "age_s": 214, + "failures": 0, + "state": "closed" + }, + "validate": { + "age_s": 1159517, + "failures": 0, + "state": "closed" + }, + "watchdog": { + "age_s": 17, + "failures": 0, + "state": "closed" + } + }, + "source_map": { + "error": 5, + "extracted": 2233, + "ghost_no_file": 219, + "null_result": 665, + "queued": 4, + "unprocessed": 550 + }, + "status_map": { + "closed": 5753, + "conflict": 1, + "merged": 4094 + } + }, + "proposals": { + "filters": { + "limit": 3, + "proposal_id": "", + "status": "approved" + }, + "generated_at": "2026-07-10T02:47:53.755054+00:00", + "proposal_applyability": { + "14fa5ecc-ac7a-41c1-807d-a2e85b936617": { + "has_apply_payload": false, + "next_admin_action": "Show the approved intent, candidate rows, sources, dependencies, and schema gaps; then normalize into one or more strict apply_payload proposals before enabling the apply worker.", + "worker_applyable": false + }, + "a64df080-8502-42e2-98f4-9bbdecb8da73": { + "has_apply_payload": false, + "next_admin_action": "Show the approved intent, candidate rows, sources, dependencies, and schema gaps; then normalize into one or more strict apply_payload proposals before enabling the apply worker.", + "worker_applyable": false + }, + "ac036c9d-20a0-4ffe-881f-57d6b7bacf22": { + "has_apply_payload": false, + "next_admin_action": "Show the approved intent, candidate rows, sources, dependencies, and schema gaps; then normalize into one or more strict apply_payload proposals before enabling the apply worker.", + "worker_applyable": false + } + }, + "proposal_ids": [ + "14fa5ecc-ac7a-41c1-807d-a2e85b936617", + "ac036c9d-20a0-4ffe-881f-57d6b7bacf22", + "a64df080-8502-42e2-98f4-9bbdecb8da73" + ], + "proposal_review_states": { + "14fa5ecc-ac7a-41c1-807d-a2e85b936617": "approved_needs_apply_payload", + "a64df080-8502-42e2-98f4-9bbdecb8da73": "approved_needs_apply_payload", + "ac036c9d-20a0-4ffe-881f-57d6b7bacf22": "approved_needs_apply_payload" + }, + "read_only": true, + "review_state_counts": { + "approved_needs_apply_payload": 3 + }, + "status_counts": { + "approved": 3 + }, + "total": 3, + "worker_applyable_count": 0 + }, + "vital_signs": { + "claim_index_status": "unavailable", + "funnel": { + "conversion_rate": 0.416, + "prs_merged": 4094, + "prs_total": 9848, + "sources_extracted": 2233, + "sources_queued": 550, + "sources_total": 3676 + }, + "queue_staleness": { + "buckets": { + "30d+": 550 + }, + "oldest_age_days": 78.2, + "stale_count": 550, + "status": "critical" + }, + "review_throughput": { + "approved_waiting": 0, + "backlog": 1, + "conflict_permanent_prs": 0, + "conflict_prs": 0, + "oldest_open_hours": null, + "open_prs": 1, + "reviewing_prs": 0, + "status": "healthy" + } + } + }, + "urls": { + "kb_proposals": "http://77.42.65.182:8081/api/kb-proposals", + "metrics": "http://77.42.65.182:8081/api/metrics", + "vital_signs": "http://77.42.65.182:8081/api/vital-signs" + } +} diff --git a/docs/reports/leo-working-state-20260709/argus-kb-state-current.md b/docs/reports/leo-working-state-20260709/argus-kb-state-current.md new file mode 100644 index 0000000..1211e6f --- /dev/null +++ b/docs/reports/leo-working-state-20260709/argus-kb-state-current.md @@ -0,0 +1,38 @@ +# Argus KB State Probe + +Generated UTC: `2026-07-10T02:48:11.734733+00:00` +Mode: `argus_kb_state_readonly_http_probe` +Status: `pass` +Base URL: `http://77.42.65.182:8081` + +## Fetch Sources + +- `kb_proposals`: `supplied_base64_json` +- `metrics`: `supplied_base64_json` +- `vital_signs`: `supplied_base64_json` + +## Checks + +- `approved_need_apply_payload`: `True` +- `approved_proposals_visible`: `True` +- `http_readback_ok`: `True` +- `kb_proposals_endpoint_read_only`: `True` +- `no_worker_applyable_approved_proposals`: `True` + +## Approved Proposal State + +- Total: `3` +- Status counts: `{"approved": 3}` +- Review state counts: `{"approved_needs_apply_payload": 3}` +- Worker-applyable count: `0` +- Read-only endpoint: `True` + +## Proposal IDs + +- `14fa5ecc-ac7a-41c1-807d-a2e85b936617` +- `ac036c9d-20a0-4ffe-881f-57d6b7bacf22` +- `a64df080-8502-42e2-98f4-9bbdecb8da73` + +## Claim Ceiling + +This is public Argus HTTP diagnostics evidence only. It proves the diagnostics surface can see approved KB proposals and their applyability state; it does not prove Docker/Postgres row counts, gateway systemd state, Telegram-visible reply quality, or production apply execution. diff --git a/docs/reports/leo-working-state-20260709/current-truth-index.md b/docs/reports/leo-working-state-20260709/current-truth-index.md index 0a5dbec..05e5769 100644 --- a/docs/reports/leo-working-state-20260709/current-truth-index.md +++ b/docs/reports/leo-working-state-20260709/current-truth-index.md @@ -23,6 +23,8 @@ Use this file before making status claims. Prefer fresh VPS/GCP readbacks when c - Live VPS handler direct-claim suite score: `docs/reports/leo-working-state-20260709/telegram-handler-direct-claim-suite-score-current.md` - Live VPS handler direct-claim suite review: `docs/reports/leo-working-state-20260709/telegram-handler-direct-claim-suite-review-current.md` - Telegram-visible direct-claim authorization packet, ready-to-request but not sent: `docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-authorization-packet-current.md` +- Telegram-visible direct-claim pre-send preflight, local packet checks pass but current shell cannot SSH to VPS: `docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-preflight-current.md` +- Argus public KB state probe, read-only HTTP diagnostics: `docs/reports/leo-working-state-20260709/argus-kb-state-current.md` - Live VPS handler direct-claim follow-up challenge report: `docs/reports/leo-working-state-20260709/telegram-handler-direct-claim-followup-current.json` - Fable onboarding prompt: `docs/reports/leo-working-state-20260709/fable-leo-teleo-onboarding.md` - Operator surface map: `docs/reports/leo-working-state-20260709/operator-surface-map.md` @@ -130,6 +132,8 @@ Use this file before making status claims. Prefer fresh VPS/GCP readbacks when c - The broader sandbox-first Cory-style benchmark has a full-catalog mixed-evidence score: real retained live Telegram evidence for `OE-01` through `OE-05`, sandbox fixture replies for `CS-01` through `CS-09`, and no-context direct-claim expected-answer/follow-up fixtures for `DC-01` through `DC-06`, `20/20` passing. This is not a live Telegram run for the CS/DC prompts. - The live VPS GatewayRunner direct-claim handler suite for exact `DC-01` through `DC-06` passed again after deploy SHA `7ab563e1aebe08913e72781e4e16a2b2883c5230`: `6/6` runtime replies, strict score `6/6`, no Telegram post, no live profile write, no production DB apply, unchanged DB counts (`public.claims=1837`, `public.sources=4145`, `public.claim_edges=4916`, `public.claim_evidence=4670`, `kb_stage.kb_proposals=26` before and after), temp profile removed, and `leoclean-gateway.service` stayed active/running during the harness with `MainPID=1908033`, `NRestarts=0`, `ExecMainStartTimestamp=Fri 2026-07-10 01:04:22 UTC`. - The Telegram-visible direct-claim benchmark is now executable as an exact authorization packet, not yet run: target `Leo` group `-5146042086`, raw no-context messages `DC-01` through `DC-06`, expected proof paths, before/after DB/service readbacks, scorer output, and final screenshot/accessibility proof are retained in `telegram-visible-direct-claim-authorization-packet-current.md`; `telegram_visible_messages_sent=false`. +- The Telegram-visible direct-claim pre-send preflight harness now verifies the authorization packet and can consume a supplied VPS readback JSON payload. Current local packet checks pass, but this current shell cannot open SSH to `77.42.65.182:22` (`Operation not permitted`), so the retained preflight artifact is `status=fail` until a full-access VPS readback is supplied; no Telegram messages were sent and no DB apply ran. +- The public Argus KB diagnostics HTTP probe passes from live `curl` payloads captured at `2026-07-10T02:47:53Z`: `3` approved proposals are visible (`14fa5ecc`, `ac036c9d`, `a64df080`), all are `approved_needs_apply_payload`, `worker_applyable_count=0`, and the endpoint is read-only. This supports Leo's expected answer that the approved KB work is not yet directly applyable/canonical, but it is not Docker/Postgres row-count or gateway-service proof. - The highest-risk direct-claim cases are now green at handler level: `DC-02` recognizes approved Helmer staging row `a64df080-8502-42e2-98f4-9bbdecb8da73` as approved/unapplied, `DC-03` says the decision-matrix path is not shipped while matrix tables are absent, `DC-04` avoids a single-cause document pointer diagnosis, `DC-05` separates staging demo from authorized canonical apply, and `DC-06` separates `SOUL.md` runtime edits from canonical DB identity. - A strict canonical `add_edge` apply canary is live-proven. - Helmer 7 Powers is full-coverage packet and ledger clone-proven, not production-applied. diff --git a/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-preflight-current.json b/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-preflight-current.json new file mode 100644 index 0000000..5e03fee --- /dev/null +++ b/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-preflight-current.json @@ -0,0 +1,43 @@ +{ + "blocker_readback": { + "attempted_routes": [ + "local authorization packet validation", + "ssh_subprocess remote VPS readback for deploy stamp, service state, packet presence, and DB counts" + ], + "clear_CTA": "Run the remote readback from a full-access shell, base64-encode its JSON output, then rerun `scripts/collect_telegram_visible_direct_claim_preflight.py --remote-json-base64 `. Only after this report passes should the exact DC-01 through DC-06 Telegram group messages be sent under explicit action-time authorization.", + "current_canary": "Pre-send Telegram-visible direct-claim benchmark readiness for DC-01 through DC-06 in the Leo group, expecting packet verification plus VPS deploy/service/DB count readback before any authorized send.", + "exact_gate": "ssh: connect to host 77.42.65.182 port 22: Operation not permitted", + "next_non_user_action": "Rerun this preflight with supplied VPS remote readback JSON, then run the Telegram-visible DC scorer and service/DB after-readbacks if the user explicitly authorizes the group send." + }, + "claim_ceiling": "This is a read-only preflight for an explicitly authorized Telegram-visible DC benchmark. It does not send Telegram messages, does not run production apply, and does not prove Telegram-visible DC behavior until the six-message run is authorized, sent, captured, and scored.", + "generated_at_utc": "2026-07-10T02:45:02.453896+00:00", + "mode": "telegram_visible_direct_claim_preflight_readonly", + "mutates_db": false, + "packet_checks": { + "packet_does_not_execute_production_apply": true, + "packet_does_not_mutate_db": true, + "packet_has_no_authorization_recorded": true, + "packet_message_count_exact": true, + "packet_not_sent": true, + "packet_prompt_ids_exact": true, + "packet_ready_to_request_authorization": true, + "packet_targets_leo_group": true + }, + "packet_path": "docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-authorization-packet-current.json", + "production_apply_executed": false, + "ready_for_authorized_telegram_visible_dc_run": false, + "remote": null, + "remote_checks": { + "db_counts_read": false, + "deploy_head_matches_last_deploy": false, + "remote_packet_nonempty": false, + "remote_packet_present": false, + "service_active_running": false, + "ssh_readback_ok": false + }, + "remote_returncode": 255, + "remote_source": "ssh_subprocess", + "remote_stderr": "ssh: connect to host 77.42.65.182 port 22: Operation not permitted\n", + "status": "fail", + "telegram_visible_messages_sent": false +} diff --git a/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-preflight-current.md b/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-preflight-current.md new file mode 100644 index 0000000..0c03f2b --- /dev/null +++ b/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-preflight-current.md @@ -0,0 +1,59 @@ +# Telegram-Visible Direct-Claim Preflight + +Generated UTC: `2026-07-10T02:45:02.453896+00:00` +Mode: `telegram_visible_direct_claim_preflight_readonly` +Status: `fail` +Ready for authorized Telegram-visible DC run: `False` +Telegram-visible messages sent: `False` +Production apply executed: `False` +Mutates DB: `False` +Remote source: `ssh_subprocess` + +## Packet Checks + +- `packet_does_not_execute_production_apply`: `True` +- `packet_does_not_mutate_db`: `True` +- `packet_has_no_authorization_recorded`: `True` +- `packet_message_count_exact`: `True` +- `packet_not_sent`: `True` +- `packet_prompt_ids_exact`: `True` +- `packet_ready_to_request_authorization`: `True` +- `packet_targets_leo_group`: `True` + +## Remote Checks + +- `db_counts_read`: `False` +- `deploy_head_matches_last_deploy`: `False` +- `remote_packet_nonempty`: `False` +- `remote_packet_present`: `False` +- `service_active_running`: `False` +- `ssh_readback_ok`: `False` + +## Deploy And Service + +- Deploy head: `` +- Last deploy SHA: `` +- ActiveState: `` +- SubState: `` +- MainPID: `` +- NRestarts: `` +- ExecMainStartTimestamp: `` + +## DB Counts Before Send + +- `public.claims`: `` +- `public.sources`: `` +- `public.claim_evidence`: `` +- `public.claim_edges`: `` +- `kb_stage.kb_proposals`: `` + +## Blocker Readback + +- Current canary: Pre-send Telegram-visible direct-claim benchmark readiness for DC-01 through DC-06 in the Leo group, expecting packet verification plus VPS deploy/service/DB count readback before any authorized send. +- Exact gate: `ssh: connect to host 77.42.65.182 port 22: Operation not permitted` +- Clear CTA: Run the remote readback from a full-access shell, base64-encode its JSON output, then rerun `scripts/collect_telegram_visible_direct_claim_preflight.py --remote-json-base64 `. Only after this report passes should the exact DC-01 through DC-06 Telegram group messages be sent under explicit action-time authorization. +- Next non-user action: Rerun this preflight with supplied VPS remote readback JSON, then run the Telegram-visible DC scorer and service/DB after-readbacks if the user explicitly authorizes the group send. + +## Claim Ceiling + +This is a read-only preflight for an explicitly authorized Telegram-visible DC benchmark. It does not send Telegram messages, does not run production apply, and does not prove Telegram-visible DC behavior until the six-message run is authorized, sent, captured, and scored. diff --git a/docs/reports/leo-working-state-20260709/working-leo-current-state-20260709.md b/docs/reports/leo-working-state-20260709/working-leo-current-state-20260709.md index 6d3a33f..f7171d3 100644 --- a/docs/reports/leo-working-state-20260709/working-leo-current-state-20260709.md +++ b/docs/reports/leo-working-state-20260709/working-leo-current-state-20260709.md @@ -56,6 +56,17 @@ A working Leo, for Cory/m3taversal's current expectation, is a Telegram-facing a - required proof after authorization is before/after DB counts, Telegram-visible replies, scorer output, final screenshot/accessibility proof, and service readback - artifact: `work/teleo-infra-main/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-authorization-packet-current.md` - current status remains `telegram_visible_messages_sent=false` +- Telegram-visible direct-claim pre-send preflight harness is now retained: + - artifact: `work/teleo-infra-main/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-preflight-current.md` + - local authorization-packet checks all pass + - current shell cannot complete the VPS SSH readback gate: `ssh: connect to host 77.42.65.182 port 22: Operation not permitted` + - the harness supports `--remote-json-base64` so a full-access VPS readback can be supplied without changing the test logic + - no Telegram message was sent, no production apply ran, and the preflight currently remains `status=fail` until deploy/service/DB counts are supplied +- Argus public KB diagnostics probe is now retained and passing: + - artifact: `work/teleo-infra-main/docs/reports/leo-working-state-20260709/argus-kb-state-current.md` + - live `curl` payloads show `3` approved proposals: `14fa5ecc-ac7a-41c1-807d-a2e85b936617`, `ac036c9d-20a0-4ffe-881f-57d6b7bacf22`, and `a64df080-8502-42e2-98f4-9bbdecb8da73` + - all `3` are `approved_needs_apply_payload`, `worker_applyable_count=0`, and the endpoint is read-only + - claim ceiling: this proves diagnostics/applyability state only, not Docker row counts, systemd service state, Telegram-visible replies, or production apply - Strict apply canary is proven: one strict `add_edge` proposal became a canonical `public.claim_edges` row, and read-only plan verification now passes with after-readback checks. - Guarded approval helper is installed on VPS at `/opt/teleo-eval/workspaces/deploy-infra/scripts/approve_proposal.py`, checksum `c650b8b24b7a89a9e23859c04d850db441483d407fc81580e250ccad65a61d83`, imports successfully, and rejects re-approval of the already-applied canary. - Chrome/Telegram Web is authenticated and read/write-proven for bot testing in the `Leo` group through Computer Use. @@ -69,6 +80,7 @@ A working Leo, for Cory/m3taversal's current expectation, is a Telegram-facing a ## What Is Still Not Proven - The no-context direct-claim behavior Cory is likely to use is handler-proven for `DC-01` through `DC-06` on the VPS GatewayRunner path, and an exact Telegram-visible authorization packet is ready. It has still not been sent as a public/group post. +- The Telegram-visible direct-claim pre-send DB/service/deploy readback is not currently proven in this shell because SSH to `77.42.65.182:22` is denied; the preflight can be completed by supplying the base64 remote JSON payload from a full-access VPS readback. - Old Cory-approved mapped rich proposals are still not fully directly applyable: - `14fa5ecc-ac7a-41c1-807d-a2e85b936617` - `ac036c9d-20a0-4ffe-881f-57d6b7bacf22` diff --git a/docs/reports/leo-working-state-20260709/working-leo-execution-plan-current.md b/docs/reports/leo-working-state-20260709/working-leo-execution-plan-current.md index e6875f6..bc4d5b7 100644 --- a/docs/reports/leo-working-state-20260709/working-leo-execution-plan-current.md +++ b/docs/reports/leo-working-state-20260709/working-leo-execution-plan-current.md @@ -1,6 +1,6 @@ # Working Leo Execution Plan - 2026-07-09 -Claim ceiling: VPS Telegram memory/KB audit, full live-safe open-ended Telegram suite, full mixed-evidence Cory-style outcome/direct-claim sandbox benchmark, live VPS GatewayRunner no-context direct-claim suite, Telegram-visible DC authorization packet, Telegram-to-`kb_stage` proposal staging, and strict existing-ID apply are working. The live VPS handler suite for exact `DC-01` through `DC-06` prompts strict-scores `6/6` after the authorized-session-plan deploy and scorer refresh, with no Telegram post, no live profile write, no production DB apply, unchanged DB counts, temp profile cleanup, and unchanged gateway service state during the harness. The Telegram-visible DC suite is exact-scoped and ready to request authorization, but not sent. The full prepared DB packet set is integrated-clone-proven in dependency order: mapped rich base, cross-surface anchor, Rio strategy context, governance/concept schema, and Helmer 7 Powers. A read-only live production preflight baseline now passes `5/5`, an authorized apply operator runbook is generated, an authorized apply session plan maps every apply-window output path with authorization gates, a production apply authorization packet is ready-to-request, the authorization verifier refuses the current apply window because no exact authorization text/operator identity is present, and the receipt assembler refuses final receipt emission because post-apply session artifacts/counts are absent. None of those packets are production-applied or authorized. GCP parity remains pending. +Claim ceiling: VPS Telegram memory/KB audit, full live-safe open-ended Telegram suite, full mixed-evidence Cory-style outcome/direct-claim sandbox benchmark, live VPS GatewayRunner no-context direct-claim suite, Telegram-visible DC authorization packet, Telegram-to-`kb_stage` proposal staging, and strict existing-ID apply are working. The live VPS handler suite for exact `DC-01` through `DC-06` prompts strict-scores `6/6` after the authorized-session-plan deploy and scorer refresh, with no Telegram post, no live profile write, no production DB apply, unchanged DB counts, temp profile cleanup, and unchanged gateway service state during the harness. The Telegram-visible DC suite is exact-scoped and ready to request authorization, but not sent; the new pre-send preflight harness verifies the packet but cannot complete the current shell's SSH deploy/service/DB readback gate without a supplied full-access VPS JSON payload. Public Argus HTTP diagnostics currently show `3` approved proposals, all `approved_needs_apply_payload`, with `worker_applyable_count=0`, which supports the expected no-overclaim answer but does not prove Docker row counts or systemd state. The full prepared DB packet set is integrated-clone-proven in dependency order: mapped rich base, cross-surface anchor, Rio strategy context, governance/concept schema, and Helmer 7 Powers. A read-only live production preflight baseline now passes `5/5`, an authorized apply operator runbook is generated, an authorized apply session plan maps every apply-window output path with authorization gates, a production apply authorization packet is ready-to-request, the authorization verifier refuses the current apply window because no exact authorization text/operator identity is present, and the receipt assembler refuses final receipt emission because post-apply session artifacts/counts are absent. None of those packets are production-applied or authorized. GCP parity remains pending. ## WL-EXEC-01 - VPS Telegram-visible memory + KB audit - Status: `done` @@ -14,7 +14,7 @@ Claim ceiling: VPS Telegram memory/KB audit, full live-safe open-ended Telegram ## WL-EXEC-01B - Cory-style outcome and direct-claim benchmark - Status: `sandbox_fixture_done_live_handler_done_telegram_visible_auth_ready` -- Result: Full mixed-evidence Cory-style benchmark scores `20/20`: `OE-01` through `OE-05` are retained live Telegram read-only replies; `CS-01` through `CS-09` are sandbox expected-answer fixtures covering broader regular-use cases; `DC-01` through `DC-06` are no-context direct-claim expected-answer fixtures requiring the correct Cory-style follow-up action. A live VPS GatewayRunner handler run of the exact `DC-01` through `DC-06` prompts now returns `6/6` replies and strict-scores `6/6` with no Telegram post, no live profile write, no production DB apply, unchanged DB counts, and unchanged service state during the harness. The Telegram-visible DC run now has an exact authorization packet for the raw `DC-01` through `DC-06` group messages, proof paths, scorer command, DB/service readbacks, and screenshot/accessibility capture; it has not been sent. +- Result: Full mixed-evidence Cory-style benchmark scores `20/20`: `OE-01` through `OE-05` are retained live Telegram read-only replies; `CS-01` through `CS-09` are sandbox expected-answer fixtures covering broader regular-use cases; `DC-01` through `DC-06` are no-context direct-claim expected-answer fixtures requiring the correct Cory-style follow-up action. A live VPS GatewayRunner handler run of the exact `DC-01` through `DC-06` prompts now returns `6/6` replies and strict-scores `6/6` with no Telegram post, no live profile write, no production DB apply, unchanged DB counts, and unchanged service state during the harness. The Telegram-visible DC run now has an exact authorization packet for the raw `DC-01` through `DC-06` group messages, proof paths, scorer command, DB/service readbacks, and screenshot/accessibility capture; it has not been sent. The pre-send preflight harness now exists and local packet checks pass, but the retained current artifact is `status=fail` because this shell cannot SSH to `77.42.65.182:22`; rerun with `--remote-json-base64` from a full-access VPS readback to unlock the Telegram-visible send gate. The Argus HTTP diagnostics probe passes and shows the currently approved proposals are visible but still not worker-applyable. - Not done condition: Reopen if `DC-02` stops recognizing approved Helmer staging row `a64df080-8502-42e2-98f4-9bbdecb8da73` as approved/unapplied, `DC-03` infers decision-matrix approval while `matrix_voters`, `proposal_votes`, and `proposal_decisions` tables are absent, any direct-claim answer omits the `Next Cory-style follow-up:` line, the handler mutates DB/service state during a read-only suite, or the Telegram-visible DC authorization packet drifts from the raw benchmark catalog. - Evidence: - `/Users/user/Documents/Codex/2026-07-09/019f34eb-d297-72d0-b7e2-b222d5515ab9-load/work/teleo-infra-main/docs/reports/leo-working-state-20260709/working-leo-cory-outcome-sandbox-results-current.md` @@ -22,6 +22,8 @@ Claim ceiling: VPS Telegram memory/KB audit, full live-safe open-ended Telegram - `/Users/user/Documents/Codex/2026-07-09/019f34eb-d297-72d0-b7e2-b222d5515ab9-load/work/teleo-infra-main/docs/reports/leo-working-state-20260709/telegram-handler-direct-claim-suite-review-current.md` - `/Users/user/Documents/Codex/2026-07-09/019f34eb-d297-72d0-b7e2-b222d5515ab9-load/work/teleo-infra-main/docs/reports/leo-working-state-20260709/telegram-handler-direct-claim-suite-score-current.md` - `/Users/user/Documents/Codex/2026-07-09/019f34eb-d297-72d0-b7e2-b222d5515ab9-load/work/teleo-infra-main/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-authorization-packet-current.md` + - `/Users/user/Documents/Codex/2026-07-09/019f34eb-d297-72d0-b7e2-b222d5515ab9-load/work/teleo-infra-main/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-preflight-current.md` + - `/Users/user/Documents/Codex/2026-07-09/019f34eb-d297-72d0-b7e2-b222d5515ab9-load/work/teleo-infra-main/docs/reports/leo-working-state-20260709/argus-kb-state-current.md` ## WL-EXEC-02 - VPS runtime stability - Status: `done` diff --git a/scripts/collect_telegram_visible_direct_claim_preflight.py b/scripts/collect_telegram_visible_direct_claim_preflight.py new file mode 100644 index 0000000..47cbf07 --- /dev/null +++ b/scripts/collect_telegram_visible_direct_claim_preflight.py @@ -0,0 +1,383 @@ +#!/usr/bin/env python3 +"""Collect read-only preflight for the Telegram-visible DC benchmark. + +This is a pre-send proof collector. It verifies the exact authorization packet, +then reads the VPS deploy stamp, Leo gateway service state, and current KB row +counts. It never sends Telegram messages and never mutates the database. +""" + +from __future__ import annotations + +import argparse +import base64 +import json +import subprocess +from dataclasses import dataclass +from datetime import datetime, timezone +from pathlib import Path +from typing import Any, Callable + +REPORT_DIR = Path("docs/reports/leo-working-state-20260709") +DEFAULT_PACKET = REPORT_DIR / "telegram-visible-direct-claim-authorization-packet-current.json" +DEFAULT_OUT = REPORT_DIR / "telegram-visible-direct-claim-preflight-current.json" +DEFAULT_MARKDOWN_OUT = REPORT_DIR / "telegram-visible-direct-claim-preflight-current.md" +DEFAULT_SSH_TARGET = "root@77.42.65.182" +DEFAULT_SSH_KEY = Path.home() / ".ssh/livingip_hetzner_20260604_ed25519" +REMOTE_REPO = "/opt/teleo-eval/workspaces/deploy-infra" +REMOTE_PACKET = ( + f"{REMOTE_REPO}/docs/reports/leo-working-state-20260709/" + "telegram-visible-direct-claim-authorization-packet-current.json" +) +EXPECTED_PROMPT_IDS = ["DC-01", "DC-02", "DC-03", "DC-04", "DC-05", "DC-06"] + + +@dataclass(frozen=True) +class CommandResult: + returncode: int + stdout: str + stderr: str + + +Runner = Callable[[list[str], str, int], CommandResult] + + +REMOTE_SCRIPT = r''' +import json +import subprocess +from pathlib import Path + +repo = Path("__REMOTE_REPO__") +packet_path = Path("__REMOTE_PACKET__") + + +def run(command, **kwargs): + return subprocess.run(command, text=True, capture_output=True, check=False, **kwargs) + + +def service_state(): + proc = run([ + "systemctl", + "show", + "leoclean-gateway.service", + "-p", + "ActiveState", + "-p", + "SubState", + "-p", + "MainPID", + "-p", + "NRestarts", + "-p", + "ExecMainStartTimestamp", + "--no-pager", + ]) + state = {} + for line in proc.stdout.splitlines(): + if "=" in line: + key, value = line.split("=", 1) + state[key] = value + return {"returncode": proc.returncode, "stderr": proc.stderr, "state": state} + + +def db_counts(): + sql = """ +select jsonb_build_object( + 'public.claims', (select count(*) from public.claims), + 'public.sources', (select count(*) from public.sources), + 'public.claim_evidence', (select count(*) from public.claim_evidence), + 'public.claim_edges', (select count(*) from public.claim_edges), + 'kb_stage.kb_proposals', (select count(*) from kb_stage.kb_proposals) +)::text; +""" + proc = run( + ["docker", "exec", "-i", "teleo-pg", "psql", "-U", "postgres", "-d", "teleo", "-At", "-q"], + input=sql, + ) + parsed = None + if proc.returncode == 0 and proc.stdout.strip(): + parsed = json.loads(proc.stdout.strip()) + return {"returncode": proc.returncode, "stderr": proc.stderr, "counts": parsed} + + +def git_value(args): + proc = run(["git", "-C", str(repo), *args]) + return {"returncode": proc.returncode, "stdout": proc.stdout.strip(), "stderr": proc.stderr.strip()} + + +payload = { + "deploy_head": git_value(["rev-parse", "HEAD"]), + "last_deploy_sha": { + "returncode": 0, + "stdout": Path("/opt/teleo-eval/.last-deploy-sha").read_text(encoding="utf-8").strip(), + "stderr": "", + }, + "packet_present": packet_path.exists(), + "packet_bytes": packet_path.stat().st_size if packet_path.exists() else 0, + "service": service_state(), + "db_counts": db_counts(), +} +print(json.dumps(payload, sort_keys=True)) +''' + + +def subprocess_runner(command: list[str], input_text: str, timeout: int) -> CommandResult: + proc = subprocess.run(command, input=input_text, text=True, capture_output=True, timeout=timeout, check=False) + return CommandResult(proc.returncode, proc.stdout, proc.stderr) + + +def _load_json(path: Path) -> dict[str, Any]: + return json.loads(path.read_text(encoding="utf-8")) + + +def packet_checks(packet: dict[str, Any]) -> dict[str, bool]: + target = packet.get("target", {}) + return { + "packet_ready_to_request_authorization": packet.get("ready_to_request_authorization") is True, + "packet_not_sent": packet.get("telegram_visible_messages_sent") is False, + "packet_has_no_authorization_recorded": packet.get("telegram_visible_message_authorization_present") is False, + "packet_does_not_mutate_db": packet.get("mutates_db") is False, + "packet_does_not_execute_production_apply": packet.get("production_apply_executed") is False, + "packet_targets_leo_group": target.get("chat_label") == "Leo" and target.get("chat_id") == "-5146042086", + "packet_prompt_ids_exact": target.get("expected_prompt_ids") == EXPECTED_PROMPT_IDS, + "packet_message_count_exact": target.get("message_count") == len(EXPECTED_PROMPT_IDS), + } + + +def ssh_command(args: argparse.Namespace) -> list[str]: + return [ + "ssh", + "-i", + str(args.ssh_key), + "-o", + "BatchMode=yes", + "-o", + "StrictHostKeyChecking=accept-new", + "-o", + f"ConnectTimeout={args.connect_timeout}", + args.ssh_target, + "python3 -", + ] + + +def parse_remote(stdout: str) -> dict[str, Any] | None: + for line in reversed(stdout.splitlines()): + line = line.strip() + if not line.startswith("{"): + continue + try: + return json.loads(line) + except json.JSONDecodeError: + continue + return None + + +def remote_payload_from_args(args: argparse.Namespace) -> tuple[dict[str, Any] | None, int, str]: + if args.remote_json_base64: + try: + decoded = base64.b64decode(args.remote_json_base64, validate=True).decode("utf-8") + return json.loads(decoded), 0, "" + except Exception as exc: # noqa: BLE001 - retained in artifact as a parse gate + return None, 2, f"failed to parse --remote-json-base64: {exc}" + return None, -1, "" + + +def collect_preflight(args: argparse.Namespace, *, runner: Runner = subprocess_runner) -> dict[str, Any]: + packet = _load_json(args.packet) + local_packet_checks = packet_checks(packet) + supplied_payload, supplied_returncode, supplied_stderr = remote_payload_from_args(args) + if supplied_returncode >= 0: + remote_payload = supplied_payload + remote_returncode = supplied_returncode + remote_stderr = supplied_stderr + remote_source = "supplied_remote_json_base64" + else: + remote_script = REMOTE_SCRIPT.replace("__REMOTE_REPO__", REMOTE_REPO).replace("__REMOTE_PACKET__", REMOTE_PACKET) + command = ssh_command(args) + remote_proc = runner(command, remote_script, args.timeout) + remote_payload = parse_remote(remote_proc.stdout) if remote_proc.returncode == 0 else None + remote_returncode = remote_proc.returncode + remote_stderr = remote_proc.stderr + remote_source = "ssh_subprocess" + + remote_checks = { + "ssh_readback_ok": remote_returncode == 0 and remote_payload is not None, + "remote_packet_present": bool((remote_payload or {}).get("packet_present")), + "remote_packet_nonempty": int((remote_payload or {}).get("packet_bytes") or 0) > 0, + "deploy_head_matches_last_deploy": False, + "service_active_running": False, + "db_counts_read": False, + } + if remote_payload: + deploy_head = remote_payload.get("deploy_head", {}).get("stdout") + last_deploy = remote_payload.get("last_deploy_sha", {}).get("stdout") + service_state = remote_payload.get("service", {}).get("state", {}) + counts = remote_payload.get("db_counts", {}).get("counts") + remote_checks.update( + { + "deploy_head_matches_last_deploy": bool(deploy_head and deploy_head == last_deploy), + "service_active_running": service_state.get("ActiveState") == "active" + and service_state.get("SubState") == "running", + "db_counts_read": isinstance(counts, dict) + and all(key in counts for key in EXPECTED_DB_COUNT_KEYS), + } + ) + + status = "pass" if all(local_packet_checks.values()) and all(remote_checks.values()) else "fail" + blocker_readback = { + "current_canary": ( + "Pre-send Telegram-visible direct-claim benchmark readiness for DC-01 through DC-06 in the " + "Leo group, expecting packet verification plus VPS deploy/service/DB count readback before " + "any authorized send." + ), + "attempted_routes": [ + "local authorization packet validation", + f"{remote_source} remote VPS readback for deploy stamp, service state, packet presence, and DB counts", + ], + "exact_gate": "" if status == "pass" else (remote_stderr.strip() or "remote readback checks did not pass"), + "clear_CTA": ( + "Run the remote readback from a full-access shell, base64-encode its JSON output, then rerun " + "`scripts/collect_telegram_visible_direct_claim_preflight.py --remote-json-base64 `. " + "Only after this report passes should the exact DC-01 through DC-06 Telegram group messages be " + "sent under explicit action-time authorization." + ), + "next_non_user_action": ( + "Rerun this preflight with supplied VPS remote readback JSON, then run the Telegram-visible " + "DC scorer and service/DB after-readbacks if the user explicitly authorizes the group send." + ), + } + return { + "generated_at_utc": datetime.now(timezone.utc).isoformat(), + "mode": "telegram_visible_direct_claim_preflight_readonly", + "status": status, + "ready_for_authorized_telegram_visible_dc_run": status == "pass", + "telegram_visible_messages_sent": False, + "production_apply_executed": False, + "mutates_db": False, + "packet_path": str(args.packet), + "packet_checks": local_packet_checks, + "remote_checks": remote_checks, + "remote_source": remote_source, + "remote": remote_payload, + "remote_returncode": remote_returncode, + "remote_stderr": remote_stderr, + "blocker_readback": blocker_readback, + "claim_ceiling": ( + "This is a read-only preflight for an explicitly authorized Telegram-visible DC benchmark. It does " + "not send Telegram messages, does not run production apply, and does not prove Telegram-visible DC " + "behavior until the six-message run is authorized, sent, captured, and scored." + ), + } + + +EXPECTED_DB_COUNT_KEYS = [ + "public.claims", + "public.sources", + "public.claim_evidence", + "public.claim_edges", + "kb_stage.kb_proposals", +] + + +def write_json(path: Path, data: dict[str, Any]) -> None: + path.parent.mkdir(parents=True, exist_ok=True) + path.write_text(json.dumps(data, indent=2, sort_keys=True) + "\n", encoding="utf-8") + + +def write_markdown(path: Path, data: dict[str, Any]) -> None: + remote = data.get("remote") or {} + service = remote.get("service", {}).get("state", {}) + counts = remote.get("db_counts", {}).get("counts") or {} + lines = [ + "# Telegram-Visible Direct-Claim Preflight", + "", + f"Generated UTC: `{data['generated_at_utc']}`", + f"Mode: `{data['mode']}`", + f"Status: `{data['status']}`", + f"Ready for authorized Telegram-visible DC run: `{data['ready_for_authorized_telegram_visible_dc_run']}`", + f"Telegram-visible messages sent: `{data['telegram_visible_messages_sent']}`", + f"Production apply executed: `{data['production_apply_executed']}`", + f"Mutates DB: `{data['mutates_db']}`", + f"Remote source: `{data['remote_source']}`", + "", + "## Packet Checks", + "", + ] + lines.extend(f"- `{key}`: `{value}`" for key, value in sorted(data["packet_checks"].items())) + lines.extend(["", "## Remote Checks", ""]) + lines.extend(f"- `{key}`: `{value}`" for key, value in sorted(data["remote_checks"].items())) + lines.extend( + [ + "", + "## Deploy And Service", + "", + f"- Deploy head: `{remote.get('deploy_head', {}).get('stdout', '')}`", + f"- Last deploy SHA: `{remote.get('last_deploy_sha', {}).get('stdout', '')}`", + f"- ActiveState: `{service.get('ActiveState', '')}`", + f"- SubState: `{service.get('SubState', '')}`", + f"- MainPID: `{service.get('MainPID', '')}`", + f"- NRestarts: `{service.get('NRestarts', '')}`", + f"- ExecMainStartTimestamp: `{service.get('ExecMainStartTimestamp', '')}`", + "", + "## DB Counts Before Send", + "", + ] + ) + lines.extend(f"- `{key}`: `{counts.get(key, '')}`" for key in EXPECTED_DB_COUNT_KEYS) + if data["status"] != "pass": + blocker = data.get("blocker_readback", {}) + lines.extend( + [ + "", + "## Blocker Readback", + "", + f"- Current canary: {blocker.get('current_canary', '')}", + f"- Exact gate: `{blocker.get('exact_gate', '')}`", + f"- Clear CTA: {blocker.get('clear_CTA', '')}", + f"- Next non-user action: {blocker.get('next_non_user_action', '')}", + ] + ) + lines.extend(["", "## Claim Ceiling", "", data["claim_ceiling"], ""]) + path.parent.mkdir(parents=True, exist_ok=True) + path.write_text("\n".join(lines), encoding="utf-8") + + +def parse_args(argv: list[str] | None = None) -> argparse.Namespace: + parser = argparse.ArgumentParser(description=__doc__) + parser.add_argument("--packet", type=Path, default=DEFAULT_PACKET) + parser.add_argument("--ssh-target", default=DEFAULT_SSH_TARGET) + parser.add_argument("--ssh-key", type=Path, default=DEFAULT_SSH_KEY) + parser.add_argument("--connect-timeout", type=int, default=10) + parser.add_argument("--timeout", type=int, default=60) + parser.add_argument( + "--remote-json-base64", + help="Base64-encoded remote readback JSON from an approved top-level SSH command; skips subprocess SSH.", + ) + parser.add_argument("--out", type=Path, default=DEFAULT_OUT) + parser.add_argument("--markdown-out", type=Path, default=DEFAULT_MARKDOWN_OUT) + return parser.parse_args(argv) + + +def main(argv: list[str] | None = None) -> int: + args = parse_args(argv) + data = collect_preflight(args) + write_json(args.out, data) + write_markdown(args.markdown_out, data) + print( + json.dumps( + { + "out": str(args.out), + "markdown_out": str(args.markdown_out), + "status": data["status"], + "ready_for_authorized_telegram_visible_dc_run": data[ + "ready_for_authorized_telegram_visible_dc_run" + ], + }, + indent=2, + sort_keys=True, + ) + ) + return 0 if data["status"] == "pass" else 2 + + +if __name__ == "__main__": + raise SystemExit(main()) diff --git a/scripts/probe_argus_kb_state.py b/scripts/probe_argus_kb_state.py new file mode 100644 index 0000000..6900f6e --- /dev/null +++ b/scripts/probe_argus_kb_state.py @@ -0,0 +1,216 @@ +#!/usr/bin/env python3 +"""Probe read-only Argus KB diagnostics for current approved-proposal state.""" + +from __future__ import annotations + +import argparse +import base64 +import json +import urllib.error +import urllib.request +from datetime import datetime, timezone +from pathlib import Path +from typing import Any, Callable +from urllib.parse import urljoin + +DEFAULT_BASE_URL = "http://77.42.65.182:8081" +REPORT_DIR = Path("docs/reports/leo-working-state-20260709") +DEFAULT_OUT = REPORT_DIR / "argus-kb-state-current.json" +DEFAULT_MARKDOWN_OUT = REPORT_DIR / "argus-kb-state-current.md" + + +FetchJson = Callable[[str, int], dict[str, Any]] + + +def fetch_json(url: str, timeout: int) -> dict[str, Any]: + request = urllib.request.Request(url, headers={"Accept": "application/json"}) + try: + with urllib.request.urlopen(request, timeout=timeout) as response: # noqa: S310 - operator-supplied URL + return json.loads(response.read().decode("utf-8")) + except (urllib.error.URLError, TimeoutError, json.JSONDecodeError) as exc: + return {"_fetch_error": str(exc)} + + +def endpoint(base_url: str, path: str) -> str: + return urljoin(base_url.rstrip("/") + "/", path.lstrip("/")) + + +def decode_supplied_json(value: str | None) -> dict[str, Any] | None: + if not value: + return None + try: + return json.loads(base64.b64decode(value, validate=True).decode("utf-8")) + except Exception as exc: # noqa: BLE001 - retained as a structured fetch error + return {"_fetch_error": f"failed to parse supplied base64 JSON: {exc}"} + + +def supplied_payloads(args: argparse.Namespace) -> dict[str, dict[str, Any] | None]: + return { + "kb_proposals": decode_supplied_json(args.kb_proposals_json_base64), + "vital_signs": decode_supplied_json(args.vital_signs_json_base64), + "metrics": decode_supplied_json(args.metrics_json_base64), + } + + +def proposal_summary(kb_proposals: dict[str, Any]) -> dict[str, Any]: + packets = kb_proposals.get("packets") if isinstance(kb_proposals.get("packets"), list) else [] + return { + "generated_at": kb_proposals.get("generated_at"), + "filters": kb_proposals.get("filters"), + "total": kb_proposals.get("total"), + "status_counts": kb_proposals.get("status_counts") or {}, + "review_state_counts": kb_proposals.get("review_state_counts") or {}, + "worker_applyable_count": kb_proposals.get("worker_applyable_count"), + "read_only": kb_proposals.get("read_only"), + "proposal_ids": [packet.get("proposal_id") for packet in packets], + "proposal_review_states": { + packet.get("proposal_id"): packet.get("review_state") for packet in packets if packet.get("proposal_id") + }, + "proposal_applyability": { + packet.get("proposal_id"): { + "worker_applyable": packet.get("worker_applyable"), + "has_apply_payload": packet.get("has_apply_payload"), + "next_admin_action": packet.get("next_admin_action"), + } + for packet in packets + if packet.get("proposal_id") + }, + } + + +def collect(args: argparse.Namespace, *, fetcher: FetchJson = fetch_json) -> dict[str, Any]: + urls = { + "kb_proposals": endpoint(args.base_url, "/api/kb-proposals"), + "vital_signs": endpoint(args.base_url, "/api/vital-signs"), + "metrics": endpoint(args.base_url, "/api/metrics"), + } + supplied = supplied_payloads(args) + raw = {name: payload if payload is not None else fetcher(urls[name], args.timeout) for name, payload in supplied.items()} + fetch_sources = {name: "supplied_base64_json" if payload is not None else "urllib" for name, payload in supplied.items()} + proposals = proposal_summary(raw["kb_proposals"]) + proposal_total = proposals.get("total") + review_state_counts = proposals.get("review_state_counts") or {} + status_counts = proposals.get("status_counts") or {} + checks = { + "http_readback_ok": all("_fetch_error" not in payload for payload in raw.values()), + "approved_proposals_visible": isinstance(proposal_total, int) + and proposal_total > 0 + and status_counts.get("approved") == proposal_total, + "approved_need_apply_payload": isinstance(proposal_total, int) + and review_state_counts.get("approved_needs_apply_payload") == proposal_total, + "no_worker_applyable_approved_proposals": proposals.get("worker_applyable_count") == 0, + "kb_proposals_endpoint_read_only": proposals.get("read_only") is True, + } + return { + "generated_at_utc": datetime.now(timezone.utc).isoformat(), + "mode": "argus_kb_state_readonly_http_probe", + "base_url": args.base_url, + "urls": urls, + "fetch_sources": fetch_sources, + "status": "pass" if all(checks.values()) else "fail", + "checks": checks, + "summary": { + "proposals": proposals, + "vital_signs": { + "claim_index_status": raw["vital_signs"].get("claim_index_status"), + "review_throughput": raw["vital_signs"].get("review_throughput"), + "funnel": raw["vital_signs"].get("funnel"), + "queue_staleness": raw["vital_signs"].get("queue_staleness"), + }, + "metrics": { + "status_map": raw["metrics"].get("status_map"), + "source_map": raw["metrics"].get("source_map"), + "breakers": raw["metrics"].get("breakers"), + }, + }, + "raw": raw, + "claim_ceiling": ( + "This is public Argus HTTP diagnostics evidence only. It proves the diagnostics surface can see " + "approved KB proposals and their applyability state; it does not prove Docker/Postgres row counts, " + "gateway systemd state, Telegram-visible reply quality, or production apply execution." + ), + } + + +def write_json(path: Path, data: dict[str, Any]) -> None: + path.parent.mkdir(parents=True, exist_ok=True) + path.write_text(json.dumps(data, indent=2, sort_keys=True) + "\n", encoding="utf-8") + + +def write_markdown(path: Path, data: dict[str, Any]) -> None: + proposals = data["summary"]["proposals"] + lines = [ + "# Argus KB State Probe", + "", + f"Generated UTC: `{data['generated_at_utc']}`", + f"Mode: `{data['mode']}`", + f"Status: `{data['status']}`", + f"Base URL: `{data['base_url']}`", + "", + "## Fetch Sources", + "", + ] + lines.extend(f"- `{key}`: `{value}`" for key, value in sorted(data["fetch_sources"].items())) + lines.extend( + [ + "", + "## Checks", + "", + ] + ) + lines.extend(f"- `{key}`: `{value}`" for key, value in sorted(data["checks"].items())) + lines.extend( + [ + "", + "## Approved Proposal State", + "", + f"- Total: `{proposals.get('total')}`", + f"- Status counts: `{json.dumps(proposals.get('status_counts'), sort_keys=True)}`", + f"- Review state counts: `{json.dumps(proposals.get('review_state_counts'), sort_keys=True)}`", + f"- Worker-applyable count: `{proposals.get('worker_applyable_count')}`", + f"- Read-only endpoint: `{proposals.get('read_only')}`", + "", + "## Proposal IDs", + "", + ] + ) + lines.extend(f"- `{proposal_id}`" for proposal_id in proposals.get("proposal_ids") or []) + lines.extend(["", "## Claim Ceiling", "", data["claim_ceiling"], ""]) + path.parent.mkdir(parents=True, exist_ok=True) + path.write_text("\n".join(lines), encoding="utf-8") + + +def parse_args(argv: list[str] | None = None) -> argparse.Namespace: + parser = argparse.ArgumentParser(description=__doc__) + parser.add_argument("--base-url", default=DEFAULT_BASE_URL) + parser.add_argument("--timeout", type=int, default=10) + parser.add_argument("--kb-proposals-json-base64") + parser.add_argument("--vital-signs-json-base64") + parser.add_argument("--metrics-json-base64") + parser.add_argument("--out", type=Path, default=DEFAULT_OUT) + parser.add_argument("--markdown-out", type=Path, default=DEFAULT_MARKDOWN_OUT) + return parser.parse_args(argv) + + +def main(argv: list[str] | None = None) -> int: + args = parse_args(argv) + data = collect(args) + write_json(args.out, data) + write_markdown(args.markdown_out, data) + print( + json.dumps( + { + "out": str(args.out), + "markdown_out": str(args.markdown_out), + "status": data["status"], + "checks": data["checks"], + }, + indent=2, + sort_keys=True, + ) + ) + return 0 if data["status"] == "pass" else 2 + + +if __name__ == "__main__": + raise SystemExit(main()) diff --git a/tests/test_collect_telegram_visible_direct_claim_preflight.py b/tests/test_collect_telegram_visible_direct_claim_preflight.py new file mode 100644 index 0000000..51708a5 --- /dev/null +++ b/tests/test_collect_telegram_visible_direct_claim_preflight.py @@ -0,0 +1,148 @@ +"""Tests for scripts/collect_telegram_visible_direct_claim_preflight.py.""" + +from __future__ import annotations + +import argparse +import base64 +import json +import sys +from pathlib import Path + +REPO_ROOT = Path(__file__).resolve().parents[1] +sys.path.insert(0, str(REPO_ROOT / "scripts")) + +import collect_telegram_visible_direct_claim_preflight as preflight # noqa: E402 + + +def args_for(packet: Path, tmp_path: Path) -> argparse.Namespace: + return argparse.Namespace( + packet=packet, + ssh_target="root@example.invalid", + ssh_key=tmp_path / "key", + connect_timeout=1, + timeout=5, + remote_json_base64=None, + out=tmp_path / "out.json", + markdown_out=tmp_path / "out.md", + ) + + +def good_remote_payload() -> dict: + return { + "deploy_head": {"returncode": 0, "stdout": "abc123", "stderr": ""}, + "last_deploy_sha": {"returncode": 0, "stdout": "abc123", "stderr": ""}, + "packet_present": True, + "packet_bytes": 1024, + "service": { + "returncode": 0, + "stderr": "", + "state": { + "ActiveState": "active", + "SubState": "running", + "MainPID": "1908033", + "NRestarts": "0", + "ExecMainStartTimestamp": "Fri 2026-07-10 01:04:22 UTC", + }, + }, + "db_counts": { + "returncode": 0, + "stderr": "", + "counts": { + "public.claims": 1837, + "public.sources": 4145, + "public.claim_evidence": 4670, + "public.claim_edges": 4916, + "kb_stage.kb_proposals": 26, + }, + }, + } + + +def test_preflight_passes_with_ready_packet_and_remote_readback(tmp_path: Path): + def fake_runner(_command: list[str], _input: str, _timeout: int) -> preflight.CommandResult: + return preflight.CommandResult(0, json.dumps(good_remote_payload()), "") + + result = preflight.collect_preflight(args_for(preflight.DEFAULT_PACKET, tmp_path), runner=fake_runner) + + assert result["status"] == "pass" + assert result["ready_for_authorized_telegram_visible_dc_run"] is True + assert result["telegram_visible_messages_sent"] is False + assert result["production_apply_executed"] is False + assert result["mutates_db"] is False + assert all(result["packet_checks"].values()) + assert all(result["remote_checks"].values()) + assert result["remote_source"] == "ssh_subprocess" + + +def test_preflight_can_use_supplied_remote_payload_without_subprocess_ssh(tmp_path: Path): + args = args_for(preflight.DEFAULT_PACKET, tmp_path) + args.remote_json_base64 = base64.b64encode(json.dumps(good_remote_payload()).encode()).decode() + + def failing_runner(_command: list[str], _input: str, _timeout: int) -> preflight.CommandResult: + raise AssertionError("runner should not be called when remote_json_base64 is supplied") + + result = preflight.collect_preflight(args, runner=failing_runner) + + assert result["status"] == "pass" + assert result["remote_source"] == "supplied_remote_json_base64" + assert result["remote"]["deploy_head"]["stdout"] == "abc123" + + +def test_preflight_fails_on_invalid_supplied_remote_payload(tmp_path: Path): + args = args_for(preflight.DEFAULT_PACKET, tmp_path) + args.remote_json_base64 = "not valid base64" + + result = preflight.collect_preflight(args) + + assert result["status"] == "fail" + assert result["ready_for_authorized_telegram_visible_dc_run"] is False + assert result["remote_returncode"] == 2 + assert "failed to parse --remote-json-base64" in result["remote_stderr"] + assert "Pre-send Telegram-visible direct-claim benchmark" in result["blocker_readback"]["current_canary"] + assert "remote readback" in result["blocker_readback"]["next_non_user_action"] + + +def test_preflight_fails_if_deploy_stamp_drift_detected(tmp_path: Path): + payload = good_remote_payload() + payload["last_deploy_sha"]["stdout"] = "different" + + def fake_runner(_command: list[str], _input: str, _timeout: int) -> preflight.CommandResult: + return preflight.CommandResult(0, json.dumps(payload), "") + + result = preflight.collect_preflight(args_for(preflight.DEFAULT_PACKET, tmp_path), runner=fake_runner) + + assert result["status"] == "fail" + assert result["ready_for_authorized_telegram_visible_dc_run"] is False + assert result["remote_checks"]["deploy_head_matches_last_deploy"] is False + + +def test_markdown_reports_counts_and_claim_ceiling(tmp_path: Path): + def fake_runner(_command: list[str], _input: str, _timeout: int) -> preflight.CommandResult: + return preflight.CommandResult(0, json.dumps(good_remote_payload()), "") + + result = preflight.collect_preflight(args_for(preflight.DEFAULT_PACKET, tmp_path), runner=fake_runner) + out = tmp_path / "preflight.md" + + preflight.write_markdown(out, result) + + text = out.read_text(encoding="utf-8") + assert "Telegram-Visible Direct-Claim Preflight" in text + assert "Ready for authorized Telegram-visible DC run: `True`" in text + assert "Remote source: `ssh_subprocess`" in text + assert "`public.claims`: `1837`" in text + assert "does not send Telegram messages" in text + + +def test_markdown_reports_clear_blocker_cta_on_failure(tmp_path: Path): + def failing_runner(_command: list[str], _input: str, _timeout: int) -> preflight.CommandResult: + return preflight.CommandResult(255, "", "ssh denied\n") + + result = preflight.collect_preflight(args_for(preflight.DEFAULT_PACKET, tmp_path), runner=failing_runner) + out = tmp_path / "preflight-fail.md" + + preflight.write_markdown(out, result) + + text = out.read_text(encoding="utf-8") + assert "## Blocker Readback" in text + assert "Exact gate: `ssh denied`" in text + assert "--remote-json-base64 " in text diff --git a/tests/test_probe_argus_kb_state.py b/tests/test_probe_argus_kb_state.py new file mode 100644 index 0000000..790da76 --- /dev/null +++ b/tests/test_probe_argus_kb_state.py @@ -0,0 +1,124 @@ +"""Tests for scripts/probe_argus_kb_state.py.""" + +from __future__ import annotations + +import argparse +import base64 +import json +import sys +from pathlib import Path + +REPO_ROOT = Path(__file__).resolve().parents[1] +sys.path.insert(0, str(REPO_ROOT / "scripts")) + +import probe_argus_kb_state as probe # noqa: E402 + + +def args_for(tmp_path: Path) -> argparse.Namespace: + return argparse.Namespace( + base_url="http://example.invalid", + timeout=1, + kb_proposals_json_base64=None, + vital_signs_json_base64=None, + metrics_json_base64=None, + out=tmp_path / "argus.json", + markdown_out=tmp_path / "argus.md", + ) + + +def good_payloads() -> dict[str, dict]: + return { + "kb_proposals": { + "generated_at": "2026-07-10T02:43:40+00:00", + "filters": {"status": "approved", "limit": 20}, + "total": 3, + "status_counts": {"approved": 3}, + "review_state_counts": {"approved_needs_apply_payload": 3}, + "worker_applyable_count": 0, + "read_only": True, + "packets": [ + { + "proposal_id": "14fa5ecc-ac7a-41c1-807d-a2e85b936617", + "review_state": "approved_needs_apply_payload", + "worker_applyable": False, + "has_apply_payload": False, + "next_admin_action": "Normalize first.", + }, + { + "proposal_id": "ac036c9d-20a0-4ffe-881f-57d6b7bacf22", + "review_state": "approved_needs_apply_payload", + "worker_applyable": False, + "has_apply_payload": False, + "next_admin_action": "Normalize first.", + }, + { + "proposal_id": "a64df080-8502-42e2-98f4-9bbdecb8da73", + "review_state": "approved_needs_apply_payload", + "worker_applyable": False, + "has_apply_payload": False, + "next_admin_action": "Normalize first.", + }, + ], + }, + "vital_signs": {"claim_index_status": "unavailable", "funnel": {"sources_total": 3676}}, + "metrics": {"status_map": {"merged": 4094}, "source_map": {"extracted": 2233}}, + } + + +def fake_fetch(url: str, _timeout: int) -> dict: + payloads = good_payloads() + if url.endswith("/api/kb-proposals"): + return payloads["kb_proposals"] + if url.endswith("/api/vital-signs"): + return payloads["vital_signs"] + if url.endswith("/api/metrics"): + return payloads["metrics"] + raise AssertionError(url) + + +def test_probe_passes_when_approved_proposals_are_visible_but_not_applyable(tmp_path: Path): + result = probe.collect(args_for(tmp_path), fetcher=fake_fetch) + + assert result["status"] == "pass" + assert all(result["checks"].values()) + assert result["summary"]["proposals"]["total"] == 3 + assert result["summary"]["proposals"]["worker_applyable_count"] == 0 + assert "a64df080-8502-42e2-98f4-9bbdecb8da73" in result["summary"]["proposals"]["proposal_ids"] + + +def test_probe_can_use_supplied_payloads_without_network_fetch(tmp_path: Path): + args = args_for(tmp_path) + payloads = good_payloads() + args.kb_proposals_json_base64 = base64.b64encode(json.dumps(payloads["kb_proposals"]).encode()).decode() + args.vital_signs_json_base64 = base64.b64encode(json.dumps(payloads["vital_signs"]).encode()).decode() + args.metrics_json_base64 = base64.b64encode(json.dumps(payloads["metrics"]).encode()).decode() + + def failing_fetch(_url: str, _timeout: int) -> dict: + raise AssertionError("fetcher should not be called when all payloads are supplied") + + result = probe.collect(args, fetcher=failing_fetch) + + assert result["status"] == "pass" + assert set(result["fetch_sources"].values()) == {"supplied_base64_json"} + + +def test_probe_fails_when_fetch_fails(tmp_path: Path): + def failing_fetch(_url: str, _timeout: int) -> dict: + return {"_fetch_error": "network denied"} + + result = probe.collect(args_for(tmp_path), fetcher=failing_fetch) + + assert result["status"] == "fail" + assert result["checks"]["http_readback_ok"] is False + + +def test_markdown_summarizes_applyability_ceiling(tmp_path: Path): + result = probe.collect(args_for(tmp_path), fetcher=fake_fetch) + out = tmp_path / "argus.md" + + probe.write_markdown(out, result) + + text = out.read_text(encoding="utf-8") + assert "Argus KB State Probe" in text + assert "Worker-applyable count: `0`" in text + assert "This is public Argus HTTP diagnostics evidence only" in text