Add Leo remote preflight readback command
Some checks are pending
CI / lint-and-test (push) Waiting to run

This commit is contained in:
twentyOne2x 2026-07-10 04:56:09 +02:00
parent 34b45365ec
commit 97755068d3
8 changed files with 167 additions and 12 deletions

View file

@ -24,6 +24,7 @@ Use this file before making status claims. Prefer fresh VPS/GCP readbacks when c
- Live VPS handler direct-claim suite review: `docs/reports/leo-working-state-20260709/telegram-handler-direct-claim-suite-review-current.md` - Live VPS handler direct-claim suite review: `docs/reports/leo-working-state-20260709/telegram-handler-direct-claim-suite-review-current.md`
- Telegram-visible direct-claim authorization packet, ready-to-request but not sent: `docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-authorization-packet-current.md` - Telegram-visible direct-claim authorization packet, ready-to-request but not sent: `docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-authorization-packet-current.md`
- Telegram-visible direct-claim pre-send preflight, local packet checks pass but current shell cannot SSH to VPS: `docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-preflight-current.md` - Telegram-visible direct-claim pre-send preflight, local packet checks pass but current shell cannot SSH to VPS: `docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-preflight-current.md`
- Telegram-visible direct-claim full-access remote readback command: `docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-remote-readback-command-current.sh`
- Argus public KB state probe, read-only HTTP diagnostics: `docs/reports/leo-working-state-20260709/argus-kb-state-current.md` - Argus public KB state probe, read-only HTTP diagnostics: `docs/reports/leo-working-state-20260709/argus-kb-state-current.md`
- Live VPS handler direct-claim follow-up challenge report: `docs/reports/leo-working-state-20260709/telegram-handler-direct-claim-followup-current.json` - Live VPS handler direct-claim follow-up challenge report: `docs/reports/leo-working-state-20260709/telegram-handler-direct-claim-followup-current.json`
- Fable onboarding prompt: `docs/reports/leo-working-state-20260709/fable-leo-teleo-onboarding.md` - Fable onboarding prompt: `docs/reports/leo-working-state-20260709/fable-leo-teleo-onboarding.md`
@ -132,7 +133,7 @@ Use this file before making status claims. Prefer fresh VPS/GCP readbacks when c
- The broader sandbox-first Cory-style benchmark has a full-catalog mixed-evidence score: real retained live Telegram evidence for `OE-01` through `OE-05`, sandbox fixture replies for `CS-01` through `CS-09`, and no-context direct-claim expected-answer/follow-up fixtures for `DC-01` through `DC-06`, `20/20` passing. This is not a live Telegram run for the CS/DC prompts. - The broader sandbox-first Cory-style benchmark has a full-catalog mixed-evidence score: real retained live Telegram evidence for `OE-01` through `OE-05`, sandbox fixture replies for `CS-01` through `CS-09`, and no-context direct-claim expected-answer/follow-up fixtures for `DC-01` through `DC-06`, `20/20` passing. This is not a live Telegram run for the CS/DC prompts.
- The live VPS GatewayRunner direct-claim handler suite for exact `DC-01` through `DC-06` passed again after deploy SHA `7ab563e1aebe08913e72781e4e16a2b2883c5230`: `6/6` runtime replies, strict score `6/6`, no Telegram post, no live profile write, no production DB apply, unchanged DB counts (`public.claims=1837`, `public.sources=4145`, `public.claim_edges=4916`, `public.claim_evidence=4670`, `kb_stage.kb_proposals=26` before and after), temp profile removed, and `leoclean-gateway.service` stayed active/running during the harness with `MainPID=1908033`, `NRestarts=0`, `ExecMainStartTimestamp=Fri 2026-07-10 01:04:22 UTC`. - The live VPS GatewayRunner direct-claim handler suite for exact `DC-01` through `DC-06` passed again after deploy SHA `7ab563e1aebe08913e72781e4e16a2b2883c5230`: `6/6` runtime replies, strict score `6/6`, no Telegram post, no live profile write, no production DB apply, unchanged DB counts (`public.claims=1837`, `public.sources=4145`, `public.claim_edges=4916`, `public.claim_evidence=4670`, `kb_stage.kb_proposals=26` before and after), temp profile removed, and `leoclean-gateway.service` stayed active/running during the harness with `MainPID=1908033`, `NRestarts=0`, `ExecMainStartTimestamp=Fri 2026-07-10 01:04:22 UTC`.
- The Telegram-visible direct-claim benchmark is now executable as an exact authorization packet, not yet run: target `Leo` group `-5146042086`, raw no-context messages `DC-01` through `DC-06`, expected proof paths, before/after DB/service readbacks, scorer output, and final screenshot/accessibility proof are retained in `telegram-visible-direct-claim-authorization-packet-current.md`; `telegram_visible_messages_sent=false`. - The Telegram-visible direct-claim benchmark is now executable as an exact authorization packet, not yet run: target `Leo` group `-5146042086`, raw no-context messages `DC-01` through `DC-06`, expected proof paths, before/after DB/service readbacks, scorer output, and final screenshot/accessibility proof are retained in `telegram-visible-direct-claim-authorization-packet-current.md`; `telegram_visible_messages_sent=false`.
- The Telegram-visible direct-claim pre-send preflight harness now verifies the authorization packet and can consume a supplied VPS readback JSON payload. Current local packet checks pass, but this current shell cannot open SSH to `77.42.65.182:22` (`Operation not permitted`), so the retained preflight artifact is `status=fail` until a full-access VPS readback is supplied; no Telegram messages were sent and no DB apply ran. - The Telegram-visible direct-claim pre-send preflight harness now verifies the authorization packet and can consume a supplied VPS readback JSON payload. Current local packet checks pass, but this current shell cannot open SSH to `77.42.65.182:22` (`Operation not permitted`), so the retained preflight artifact is `status=fail` until a full-access VPS readback is supplied. The exact copy-pasteable full-access command is retained in `telegram-visible-direct-claim-remote-readback-command-current.sh` with SHA256 `741b9ee14548122cc5e15009f3bbbbfddd4389a1452099265f80f367cbe467ec`; no Telegram messages were sent and no DB apply ran.
- The public Argus KB diagnostics HTTP probe passes from live `curl` payloads captured at `2026-07-10T02:47:53Z`: `3` approved proposals are visible (`14fa5ecc`, `ac036c9d`, `a64df080`), all are `approved_needs_apply_payload`, `worker_applyable_count=0`, and the endpoint is read-only. This supports Leo's expected answer that the approved KB work is not yet directly applyable/canonical, but it is not Docker/Postgres row-count or gateway-service proof. - The public Argus KB diagnostics HTTP probe passes from live `curl` payloads captured at `2026-07-10T02:47:53Z`: `3` approved proposals are visible (`14fa5ecc`, `ac036c9d`, `a64df080`), all are `approved_needs_apply_payload`, `worker_applyable_count=0`, and the endpoint is read-only. This supports Leo's expected answer that the approved KB work is not yet directly applyable/canonical, but it is not Docker/Postgres row-count or gateway-service proof.
- The highest-risk direct-claim cases are now green at handler level: `DC-02` recognizes approved Helmer staging row `a64df080-8502-42e2-98f4-9bbdecb8da73` as approved/unapplied, `DC-03` says the decision-matrix path is not shipped while matrix tables are absent, `DC-04` avoids a single-cause document pointer diagnosis, `DC-05` separates staging demo from authorized canonical apply, and `DC-06` separates `SOUL.md` runtime edits from canonical DB identity. - The highest-risk direct-claim cases are now green at handler level: `DC-02` recognizes approved Helmer staging row `a64df080-8502-42e2-98f4-9bbdecb8da73` as approved/unapplied, `DC-03` says the decision-matrix path is not shipped while matrix tables are absent, `DC-04` avoids a single-cause document pointer diagnosis, `DC-05` separates staging demo from authorized canonical apply, and `DC-06` separates `SOUL.md` runtime edits from canonical DB identity.
- A strict canonical `add_edge` apply canary is live-proven. - A strict canonical `add_edge` apply canary is live-proven.

View file

@ -4,13 +4,13 @@
"local authorization packet validation", "local authorization packet validation",
"ssh_subprocess remote VPS readback for deploy stamp, service state, packet presence, and DB counts" "ssh_subprocess remote VPS readback for deploy stamp, service state, packet presence, and DB counts"
], ],
"clear_CTA": "Run the remote readback from a full-access shell, base64-encode its JSON output, then rerun `scripts/collect_telegram_visible_direct_claim_preflight.py --remote-json-base64 <payload>`. Only after this report passes should the exact DC-01 through DC-06 Telegram group messages be sent under explicit action-time authorization.", "clear_CTA": "Run `docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-remote-readback-command-current.sh` from a full-access shell, then rerun `scripts/collect_telegram_visible_direct_claim_preflight.py --remote-json-base64 <payload>` with the base64 output it prints. Only after this report passes should the exact DC-01 through DC-06 Telegram group messages be sent under explicit action-time authorization.",
"current_canary": "Pre-send Telegram-visible direct-claim benchmark readiness for DC-01 through DC-06 in the Leo group, expecting packet verification plus VPS deploy/service/DB count readback before any authorized send.", "current_canary": "Pre-send Telegram-visible direct-claim benchmark readiness for DC-01 through DC-06 in the Leo group, expecting packet verification plus VPS deploy/service/DB count readback before any authorized send.",
"exact_gate": "ssh: connect to host 77.42.65.182 port 22: Operation not permitted", "exact_gate": "ssh: connect to host 77.42.65.182 port 22: Operation not permitted",
"next_non_user_action": "Rerun this preflight with supplied VPS remote readback JSON, then run the Telegram-visible DC scorer and service/DB after-readbacks if the user explicitly authorizes the group send." "next_non_user_action": "Rerun this preflight with supplied VPS remote readback JSON, then run the Telegram-visible DC scorer and service/DB after-readbacks if the user explicitly authorizes the group send."
}, },
"claim_ceiling": "This is a read-only preflight for an explicitly authorized Telegram-visible DC benchmark. It does not send Telegram messages, does not run production apply, and does not prove Telegram-visible DC behavior until the six-message run is authorized, sent, captured, and scored.", "claim_ceiling": "This is a read-only preflight for an explicitly authorized Telegram-visible DC benchmark. It does not send Telegram messages, does not run production apply, and does not prove Telegram-visible DC behavior until the six-message run is authorized, sent, captured, and scored.",
"generated_at_utc": "2026-07-10T02:45:02.453896+00:00", "generated_at_utc": "2026-07-10T02:55:21.031274+00:00",
"mode": "telegram_visible_direct_claim_preflight_readonly", "mode": "telegram_visible_direct_claim_preflight_readonly",
"mutates_db": false, "mutates_db": false,
"packet_checks": { "packet_checks": {
@ -35,6 +35,8 @@
"service_active_running": false, "service_active_running": false,
"ssh_readback_ok": false "ssh_readback_ok": false
}, },
"remote_readback_command_path": "docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-remote-readback-command-current.sh",
"remote_readback_command_sha256": "741b9ee14548122cc5e15009f3bbbbfddd4389a1452099265f80f367cbe467ec",
"remote_returncode": 255, "remote_returncode": 255,
"remote_source": "ssh_subprocess", "remote_source": "ssh_subprocess",
"remote_stderr": "ssh: connect to host 77.42.65.182 port 22: Operation not permitted\n", "remote_stderr": "ssh: connect to host 77.42.65.182 port 22: Operation not permitted\n",

View file

@ -1,6 +1,6 @@
# Telegram-Visible Direct-Claim Preflight # Telegram-Visible Direct-Claim Preflight
Generated UTC: `2026-07-10T02:45:02.453896+00:00` Generated UTC: `2026-07-10T02:55:21.031274+00:00`
Mode: `telegram_visible_direct_claim_preflight_readonly` Mode: `telegram_visible_direct_claim_preflight_readonly`
Status: `fail` Status: `fail`
Ready for authorized Telegram-visible DC run: `False` Ready for authorized Telegram-visible DC run: `False`
@ -8,6 +8,8 @@ Telegram-visible messages sent: `False`
Production apply executed: `False` Production apply executed: `False`
Mutates DB: `False` Mutates DB: `False`
Remote source: `ssh_subprocess` Remote source: `ssh_subprocess`
Remote readback command: `docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-remote-readback-command-current.sh`
Remote readback command SHA256: `741b9ee14548122cc5e15009f3bbbbfddd4389a1452099265f80f367cbe467ec`
## Packet Checks ## Packet Checks
@ -51,7 +53,7 @@ Remote source: `ssh_subprocess`
- Current canary: Pre-send Telegram-visible direct-claim benchmark readiness for DC-01 through DC-06 in the Leo group, expecting packet verification plus VPS deploy/service/DB count readback before any authorized send. - Current canary: Pre-send Telegram-visible direct-claim benchmark readiness for DC-01 through DC-06 in the Leo group, expecting packet verification plus VPS deploy/service/DB count readback before any authorized send.
- Exact gate: `ssh: connect to host 77.42.65.182 port 22: Operation not permitted` - Exact gate: `ssh: connect to host 77.42.65.182 port 22: Operation not permitted`
- Clear CTA: Run the remote readback from a full-access shell, base64-encode its JSON output, then rerun `scripts/collect_telegram_visible_direct_claim_preflight.py --remote-json-base64 <payload>`. Only after this report passes should the exact DC-01 through DC-06 Telegram group messages be sent under explicit action-time authorization. - Clear CTA: Run `docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-remote-readback-command-current.sh` from a full-access shell, then rerun `scripts/collect_telegram_visible_direct_claim_preflight.py --remote-json-base64 <payload>` with the base64 output it prints. Only after this report passes should the exact DC-01 through DC-06 Telegram group messages be sent under explicit action-time authorization.
- Next non-user action: Rerun this preflight with supplied VPS remote readback JSON, then run the Telegram-visible DC scorer and service/DB after-readbacks if the user explicitly authorizes the group send. - Next non-user action: Rerun this preflight with supplied VPS remote readback JSON, then run the Telegram-visible DC scorer and service/DB after-readbacks if the user explicitly authorizes the group send.
## Claim Ceiling ## Claim Ceiling

View file

@ -0,0 +1,81 @@
#!/usr/bin/env bash
set -euo pipefail
ssh -i /Users/user/.ssh/livingip_hetzner_20260604_ed25519 -o BatchMode=yes -o StrictHostKeyChecking=accept-new -o ConnectTimeout=10 root@77.42.65.182 "python3 -" <<'PY' | base64 | tr -d '\n'
import json
import subprocess
from pathlib import Path
repo = Path("/opt/teleo-eval/workspaces/deploy-infra")
packet_path = Path("/opt/teleo-eval/workspaces/deploy-infra/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-authorization-packet-current.json")
def run(command, **kwargs):
return subprocess.run(command, text=True, capture_output=True, check=False, **kwargs)
def service_state():
proc = run([
"systemctl",
"show",
"leoclean-gateway.service",
"-p",
"ActiveState",
"-p",
"SubState",
"-p",
"MainPID",
"-p",
"NRestarts",
"-p",
"ExecMainStartTimestamp",
"--no-pager",
])
state = {}
for line in proc.stdout.splitlines():
if "=" in line:
key, value = line.split("=", 1)
state[key] = value
return {"returncode": proc.returncode, "stderr": proc.stderr, "state": state}
def db_counts():
sql = """
select jsonb_build_object(
'public.claims', (select count(*) from public.claims),
'public.sources', (select count(*) from public.sources),
'public.claim_evidence', (select count(*) from public.claim_evidence),
'public.claim_edges', (select count(*) from public.claim_edges),
'kb_stage.kb_proposals', (select count(*) from kb_stage.kb_proposals)
)::text;
"""
proc = run(
["docker", "exec", "-i", "teleo-pg", "psql", "-U", "postgres", "-d", "teleo", "-At", "-q"],
input=sql,
)
parsed = None
if proc.returncode == 0 and proc.stdout.strip():
parsed = json.loads(proc.stdout.strip())
return {"returncode": proc.returncode, "stderr": proc.stderr, "counts": parsed}
def git_value(args):
proc = run(["git", "-C", str(repo), *args])
return {"returncode": proc.returncode, "stdout": proc.stdout.strip(), "stderr": proc.stderr.strip()}
payload = {
"deploy_head": git_value(["rev-parse", "HEAD"]),
"last_deploy_sha": {
"returncode": 0,
"stdout": Path("/opt/teleo-eval/.last-deploy-sha").read_text(encoding="utf-8").strip(),
"stderr": "",
},
"packet_present": packet_path.exists(),
"packet_bytes": packet_path.stat().st_size if packet_path.exists() else 0,
"service": service_state(),
"db_counts": db_counts(),
}
print(json.dumps(payload, sort_keys=True))
PY
printf '\n'

View file

@ -58,6 +58,8 @@ A working Leo, for Cory/m3taversal's current expectation, is a Telegram-facing a
- current status remains `telegram_visible_messages_sent=false` - current status remains `telegram_visible_messages_sent=false`
- Telegram-visible direct-claim pre-send preflight harness is now retained: - Telegram-visible direct-claim pre-send preflight harness is now retained:
- artifact: `work/teleo-infra-main/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-preflight-current.md` - artifact: `work/teleo-infra-main/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-preflight-current.md`
- full-access remote readback command: `work/teleo-infra-main/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-remote-readback-command-current.sh`
- command SHA256: `741b9ee14548122cc5e15009f3bbbbfddd4389a1452099265f80f367cbe467ec`
- local authorization-packet checks all pass - local authorization-packet checks all pass
- current shell cannot complete the VPS SSH readback gate: `ssh: connect to host 77.42.65.182 port 22: Operation not permitted` - current shell cannot complete the VPS SSH readback gate: `ssh: connect to host 77.42.65.182 port 22: Operation not permitted`
- the harness supports `--remote-json-base64` so a full-access VPS readback can be supplied without changing the test logic - the harness supports `--remote-json-base64` so a full-access VPS readback can be supplied without changing the test logic
@ -80,7 +82,7 @@ A working Leo, for Cory/m3taversal's current expectation, is a Telegram-facing a
## What Is Still Not Proven ## What Is Still Not Proven
- The no-context direct-claim behavior Cory is likely to use is handler-proven for `DC-01` through `DC-06` on the VPS GatewayRunner path, and an exact Telegram-visible authorization packet is ready. It has still not been sent as a public/group post. - The no-context direct-claim behavior Cory is likely to use is handler-proven for `DC-01` through `DC-06` on the VPS GatewayRunner path, and an exact Telegram-visible authorization packet is ready. It has still not been sent as a public/group post.
- The Telegram-visible direct-claim pre-send DB/service/deploy readback is not currently proven in this shell because SSH to `77.42.65.182:22` is denied; the preflight can be completed by supplying the base64 remote JSON payload from a full-access VPS readback. - The Telegram-visible direct-claim pre-send DB/service/deploy readback is not currently proven in this shell because SSH to `77.42.65.182:22` is denied; the preflight can be completed by running `telegram-visible-direct-claim-remote-readback-command-current.sh` from a full-access shell and passing its base64 output back through `--remote-json-base64`.
- Old Cory-approved mapped rich proposals are still not fully directly applyable: - Old Cory-approved mapped rich proposals are still not fully directly applyable:
- `14fa5ecc-ac7a-41c1-807d-a2e85b936617` - `14fa5ecc-ac7a-41c1-807d-a2e85b936617`
- `ac036c9d-20a0-4ffe-881f-57d6b7bacf22` - `ac036c9d-20a0-4ffe-881f-57d6b7bacf22`

View file

@ -1,6 +1,6 @@
# Working Leo Execution Plan - 2026-07-09 # Working Leo Execution Plan - 2026-07-09
Claim ceiling: VPS Telegram memory/KB audit, full live-safe open-ended Telegram suite, full mixed-evidence Cory-style outcome/direct-claim sandbox benchmark, live VPS GatewayRunner no-context direct-claim suite, Telegram-visible DC authorization packet, Telegram-to-`kb_stage` proposal staging, and strict existing-ID apply are working. The live VPS handler suite for exact `DC-01` through `DC-06` prompts strict-scores `6/6` after the authorized-session-plan deploy and scorer refresh, with no Telegram post, no live profile write, no production DB apply, unchanged DB counts, temp profile cleanup, and unchanged gateway service state during the harness. The Telegram-visible DC suite is exact-scoped and ready to request authorization, but not sent; the new pre-send preflight harness verifies the packet but cannot complete the current shell's SSH deploy/service/DB readback gate without a supplied full-access VPS JSON payload. Public Argus HTTP diagnostics currently show `3` approved proposals, all `approved_needs_apply_payload`, with `worker_applyable_count=0`, which supports the expected no-overclaim answer but does not prove Docker row counts or systemd state. The full prepared DB packet set is integrated-clone-proven in dependency order: mapped rich base, cross-surface anchor, Rio strategy context, governance/concept schema, and Helmer 7 Powers. A read-only live production preflight baseline now passes `5/5`, an authorized apply operator runbook is generated, an authorized apply session plan maps every apply-window output path with authorization gates, a production apply authorization packet is ready-to-request, the authorization verifier refuses the current apply window because no exact authorization text/operator identity is present, and the receipt assembler refuses final receipt emission because post-apply session artifacts/counts are absent. None of those packets are production-applied or authorized. GCP parity remains pending. Claim ceiling: VPS Telegram memory/KB audit, full live-safe open-ended Telegram suite, full mixed-evidence Cory-style outcome/direct-claim sandbox benchmark, live VPS GatewayRunner no-context direct-claim suite, Telegram-visible DC authorization packet, Telegram-to-`kb_stage` proposal staging, and strict existing-ID apply are working. The live VPS handler suite for exact `DC-01` through `DC-06` prompts strict-scores `6/6` after the authorized-session-plan deploy and scorer refresh, with no Telegram post, no live profile write, no production DB apply, unchanged DB counts, temp profile cleanup, and unchanged gateway service state during the harness. The Telegram-visible DC suite is exact-scoped and ready to request authorization, but not sent; the new pre-send preflight harness verifies the packet but cannot complete the current shell's SSH deploy/service/DB readback gate without a supplied full-access VPS JSON payload. It now retains a copy-pasteable full-access command script for that payload. Public Argus HTTP diagnostics currently show `3` approved proposals, all `approved_needs_apply_payload`, with `worker_applyable_count=0`, which supports the expected no-overclaim answer but does not prove Docker row counts or systemd state. The full prepared DB packet set is integrated-clone-proven in dependency order: mapped rich base, cross-surface anchor, Rio strategy context, governance/concept schema, and Helmer 7 Powers. A read-only live production preflight baseline now passes `5/5`, an authorized apply operator runbook is generated, an authorized apply session plan maps every apply-window output path with authorization gates, a production apply authorization packet is ready-to-request, the authorization verifier refuses the current apply window because no exact authorization text/operator identity is present, and the receipt assembler refuses final receipt emission because post-apply session artifacts/counts are absent. None of those packets are production-applied or authorized. GCP parity remains pending.
## WL-EXEC-01 - VPS Telegram-visible memory + KB audit ## WL-EXEC-01 - VPS Telegram-visible memory + KB audit
- Status: `done` - Status: `done`
@ -14,7 +14,7 @@ Claim ceiling: VPS Telegram memory/KB audit, full live-safe open-ended Telegram
## WL-EXEC-01B - Cory-style outcome and direct-claim benchmark ## WL-EXEC-01B - Cory-style outcome and direct-claim benchmark
- Status: `sandbox_fixture_done_live_handler_done_telegram_visible_auth_ready` - Status: `sandbox_fixture_done_live_handler_done_telegram_visible_auth_ready`
- Result: Full mixed-evidence Cory-style benchmark scores `20/20`: `OE-01` through `OE-05` are retained live Telegram read-only replies; `CS-01` through `CS-09` are sandbox expected-answer fixtures covering broader regular-use cases; `DC-01` through `DC-06` are no-context direct-claim expected-answer fixtures requiring the correct Cory-style follow-up action. A live VPS GatewayRunner handler run of the exact `DC-01` through `DC-06` prompts now returns `6/6` replies and strict-scores `6/6` with no Telegram post, no live profile write, no production DB apply, unchanged DB counts, and unchanged service state during the harness. The Telegram-visible DC run now has an exact authorization packet for the raw `DC-01` through `DC-06` group messages, proof paths, scorer command, DB/service readbacks, and screenshot/accessibility capture; it has not been sent. The pre-send preflight harness now exists and local packet checks pass, but the retained current artifact is `status=fail` because this shell cannot SSH to `77.42.65.182:22`; rerun with `--remote-json-base64` from a full-access VPS readback to unlock the Telegram-visible send gate. The Argus HTTP diagnostics probe passes and shows the currently approved proposals are visible but still not worker-applyable. - Result: Full mixed-evidence Cory-style benchmark scores `20/20`: `OE-01` through `OE-05` are retained live Telegram read-only replies; `CS-01` through `CS-09` are sandbox expected-answer fixtures covering broader regular-use cases; `DC-01` through `DC-06` are no-context direct-claim expected-answer fixtures requiring the correct Cory-style follow-up action. A live VPS GatewayRunner handler run of the exact `DC-01` through `DC-06` prompts now returns `6/6` replies and strict-scores `6/6` with no Telegram post, no live profile write, no production DB apply, unchanged DB counts, and unchanged service state during the harness. The Telegram-visible DC run now has an exact authorization packet for the raw `DC-01` through `DC-06` group messages, proof paths, scorer command, DB/service readbacks, and screenshot/accessibility capture; it has not been sent. The pre-send preflight harness now exists and local packet checks pass, but the retained current artifact is `status=fail` because this shell cannot SSH to `77.42.65.182:22`; run `telegram-visible-direct-claim-remote-readback-command-current.sh` from a full-access shell, then rerun the preflight with `--remote-json-base64` to unlock the Telegram-visible send gate. The Argus HTTP diagnostics probe passes and shows the currently approved proposals are visible but still not worker-applyable.
- Not done condition: Reopen if `DC-02` stops recognizing approved Helmer staging row `a64df080-8502-42e2-98f4-9bbdecb8da73` as approved/unapplied, `DC-03` infers decision-matrix approval while `matrix_voters`, `proposal_votes`, and `proposal_decisions` tables are absent, any direct-claim answer omits the `Next Cory-style follow-up:` line, the handler mutates DB/service state during a read-only suite, or the Telegram-visible DC authorization packet drifts from the raw benchmark catalog. - Not done condition: Reopen if `DC-02` stops recognizing approved Helmer staging row `a64df080-8502-42e2-98f4-9bbdecb8da73` as approved/unapplied, `DC-03` infers decision-matrix approval while `matrix_voters`, `proposal_votes`, and `proposal_decisions` tables are absent, any direct-claim answer omits the `Next Cory-style follow-up:` line, the handler mutates DB/service state during a read-only suite, or the Telegram-visible DC authorization packet drifts from the raw benchmark catalog.
- Evidence: - Evidence:
- `/Users/user/Documents/Codex/2026-07-09/019f34eb-d297-72d0-b7e2-b222d5515ab9-load/work/teleo-infra-main/docs/reports/leo-working-state-20260709/working-leo-cory-outcome-sandbox-results-current.md` - `/Users/user/Documents/Codex/2026-07-09/019f34eb-d297-72d0-b7e2-b222d5515ab9-load/work/teleo-infra-main/docs/reports/leo-working-state-20260709/working-leo-cory-outcome-sandbox-results-current.md`
@ -23,6 +23,7 @@ Claim ceiling: VPS Telegram memory/KB audit, full live-safe open-ended Telegram
- `/Users/user/Documents/Codex/2026-07-09/019f34eb-d297-72d0-b7e2-b222d5515ab9-load/work/teleo-infra-main/docs/reports/leo-working-state-20260709/telegram-handler-direct-claim-suite-score-current.md` - `/Users/user/Documents/Codex/2026-07-09/019f34eb-d297-72d0-b7e2-b222d5515ab9-load/work/teleo-infra-main/docs/reports/leo-working-state-20260709/telegram-handler-direct-claim-suite-score-current.md`
- `/Users/user/Documents/Codex/2026-07-09/019f34eb-d297-72d0-b7e2-b222d5515ab9-load/work/teleo-infra-main/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-authorization-packet-current.md` - `/Users/user/Documents/Codex/2026-07-09/019f34eb-d297-72d0-b7e2-b222d5515ab9-load/work/teleo-infra-main/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-authorization-packet-current.md`
- `/Users/user/Documents/Codex/2026-07-09/019f34eb-d297-72d0-b7e2-b222d5515ab9-load/work/teleo-infra-main/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-preflight-current.md` - `/Users/user/Documents/Codex/2026-07-09/019f34eb-d297-72d0-b7e2-b222d5515ab9-load/work/teleo-infra-main/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-preflight-current.md`
- `/Users/user/Documents/Codex/2026-07-09/019f34eb-d297-72d0-b7e2-b222d5515ab9-load/work/teleo-infra-main/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-remote-readback-command-current.sh`
- `/Users/user/Documents/Codex/2026-07-09/019f34eb-d297-72d0-b7e2-b222d5515ab9-load/work/teleo-infra-main/docs/reports/leo-working-state-20260709/argus-kb-state-current.md` - `/Users/user/Documents/Codex/2026-07-09/019f34eb-d297-72d0-b7e2-b222d5515ab9-load/work/teleo-infra-main/docs/reports/leo-working-state-20260709/argus-kb-state-current.md`
## WL-EXEC-02 - VPS runtime stability ## WL-EXEC-02 - VPS runtime stability

View file

@ -10,7 +10,9 @@ from __future__ import annotations
import argparse import argparse
import base64 import base64
import hashlib
import json import json
import shlex
import subprocess import subprocess
from dataclasses import dataclass from dataclasses import dataclass
from datetime import datetime, timezone from datetime import datetime, timezone
@ -21,6 +23,7 @@ REPORT_DIR = Path("docs/reports/leo-working-state-20260709")
DEFAULT_PACKET = REPORT_DIR / "telegram-visible-direct-claim-authorization-packet-current.json" DEFAULT_PACKET = REPORT_DIR / "telegram-visible-direct-claim-authorization-packet-current.json"
DEFAULT_OUT = REPORT_DIR / "telegram-visible-direct-claim-preflight-current.json" DEFAULT_OUT = REPORT_DIR / "telegram-visible-direct-claim-preflight-current.json"
DEFAULT_MARKDOWN_OUT = REPORT_DIR / "telegram-visible-direct-claim-preflight-current.md" DEFAULT_MARKDOWN_OUT = REPORT_DIR / "telegram-visible-direct-claim-preflight-current.md"
DEFAULT_REMOTE_COMMAND_OUT = REPORT_DIR / "telegram-visible-direct-claim-remote-readback-command-current.sh"
DEFAULT_SSH_TARGET = "root@77.42.65.182" DEFAULT_SSH_TARGET = "root@77.42.65.182"
DEFAULT_SSH_KEY = Path.home() / ".ssh/livingip_hetzner_20260604_ed25519" DEFAULT_SSH_KEY = Path.home() / ".ssh/livingip_hetzner_20260604_ed25519"
REMOTE_REPO = "/opt/teleo-eval/workspaces/deploy-infra" REMOTE_REPO = "/opt/teleo-eval/workspaces/deploy-infra"
@ -159,6 +162,39 @@ def ssh_command(args: argparse.Namespace) -> list[str]:
] ]
def remote_script_text() -> str:
return REMOTE_SCRIPT.replace("__REMOTE_REPO__", REMOTE_REPO).replace("__REMOTE_PACKET__", REMOTE_PACKET)
def remote_readback_command_script(args: argparse.Namespace) -> str:
lines = [
"#!/usr/bin/env bash",
"set -euo pipefail",
(
"ssh "
f"-i {shlex.quote(str(args.ssh_key))} "
"-o BatchMode=yes "
"-o StrictHostKeyChecking=accept-new "
f"-o ConnectTimeout={int(args.connect_timeout)} "
f"{shlex.quote(args.ssh_target)} "
'"python3 -" <<\'PY\' | base64 | tr -d \'\\n\''
),
remote_script_text().rstrip(),
"PY",
"printf '\\n'",
"",
]
return "\n".join(lines)
def write_remote_readback_command(path: Path, args: argparse.Namespace) -> str:
script = remote_readback_command_script(args)
path.parent.mkdir(parents=True, exist_ok=True)
path.write_text(script, encoding="utf-8")
path.chmod(0o755)
return hashlib.sha256(script.encode("utf-8")).hexdigest()
def parse_remote(stdout: str) -> dict[str, Any] | None: def parse_remote(stdout: str) -> dict[str, Any] | None:
for line in reversed(stdout.splitlines()): for line in reversed(stdout.splitlines()):
line = line.strip() line = line.strip()
@ -191,9 +227,8 @@ def collect_preflight(args: argparse.Namespace, *, runner: Runner = subprocess_r
remote_stderr = supplied_stderr remote_stderr = supplied_stderr
remote_source = "supplied_remote_json_base64" remote_source = "supplied_remote_json_base64"
else: else:
remote_script = REMOTE_SCRIPT.replace("__REMOTE_REPO__", REMOTE_REPO).replace("__REMOTE_PACKET__", REMOTE_PACKET)
command = ssh_command(args) command = ssh_command(args)
remote_proc = runner(command, remote_script, args.timeout) remote_proc = runner(command, remote_script_text(), args.timeout)
remote_payload = parse_remote(remote_proc.stdout) if remote_proc.returncode == 0 else None remote_payload = parse_remote(remote_proc.stdout) if remote_proc.returncode == 0 else None
remote_returncode = remote_proc.returncode remote_returncode = remote_proc.returncode
remote_stderr = remote_proc.stderr remote_stderr = remote_proc.stderr
@ -235,8 +270,9 @@ def collect_preflight(args: argparse.Namespace, *, runner: Runner = subprocess_r
], ],
"exact_gate": "" if status == "pass" else (remote_stderr.strip() or "remote readback checks did not pass"), "exact_gate": "" if status == "pass" else (remote_stderr.strip() or "remote readback checks did not pass"),
"clear_CTA": ( "clear_CTA": (
"Run the remote readback from a full-access shell, base64-encode its JSON output, then rerun " f"Run `{args.remote_command_out}` from a full-access shell, then rerun "
"`scripts/collect_telegram_visible_direct_claim_preflight.py --remote-json-base64 <payload>`. " "`scripts/collect_telegram_visible_direct_claim_preflight.py --remote-json-base64 <payload>` "
"with the base64 output it prints. "
"Only after this report passes should the exact DC-01 through DC-06 Telegram group messages be " "Only after this report passes should the exact DC-01 through DC-06 Telegram group messages be "
"sent under explicit action-time authorization." "sent under explicit action-time authorization."
), ),
@ -260,6 +296,10 @@ def collect_preflight(args: argparse.Namespace, *, runner: Runner = subprocess_r
"remote": remote_payload, "remote": remote_payload,
"remote_returncode": remote_returncode, "remote_returncode": remote_returncode,
"remote_stderr": remote_stderr, "remote_stderr": remote_stderr,
"remote_readback_command_path": str(args.remote_command_out),
"remote_readback_command_sha256": hashlib.sha256(
remote_readback_command_script(args).encode("utf-8")
).hexdigest(),
"blocker_readback": blocker_readback, "blocker_readback": blocker_readback,
"claim_ceiling": ( "claim_ceiling": (
"This is a read-only preflight for an explicitly authorized Telegram-visible DC benchmark. It does " "This is a read-only preflight for an explicitly authorized Telegram-visible DC benchmark. It does "
@ -298,6 +338,8 @@ def write_markdown(path: Path, data: dict[str, Any]) -> None:
f"Production apply executed: `{data['production_apply_executed']}`", f"Production apply executed: `{data['production_apply_executed']}`",
f"Mutates DB: `{data['mutates_db']}`", f"Mutates DB: `{data['mutates_db']}`",
f"Remote source: `{data['remote_source']}`", f"Remote source: `{data['remote_source']}`",
f"Remote readback command: `{data['remote_readback_command_path']}`",
f"Remote readback command SHA256: `{data['remote_readback_command_sha256']}`",
"", "",
"## Packet Checks", "## Packet Checks",
"", "",
@ -354,12 +396,16 @@ def parse_args(argv: list[str] | None = None) -> argparse.Namespace:
) )
parser.add_argument("--out", type=Path, default=DEFAULT_OUT) parser.add_argument("--out", type=Path, default=DEFAULT_OUT)
parser.add_argument("--markdown-out", type=Path, default=DEFAULT_MARKDOWN_OUT) parser.add_argument("--markdown-out", type=Path, default=DEFAULT_MARKDOWN_OUT)
parser.add_argument("--remote-command-out", type=Path, default=DEFAULT_REMOTE_COMMAND_OUT)
return parser.parse_args(argv) return parser.parse_args(argv)
def main(argv: list[str] | None = None) -> int: def main(argv: list[str] | None = None) -> int:
args = parse_args(argv) args = parse_args(argv)
remote_command_sha256 = write_remote_readback_command(args.remote_command_out, args)
data = collect_preflight(args) data = collect_preflight(args)
if data["remote_readback_command_sha256"] != remote_command_sha256:
raise RuntimeError("remote readback command hash drifted during collection")
write_json(args.out, data) write_json(args.out, data)
write_markdown(args.markdown_out, data) write_markdown(args.markdown_out, data)
print( print(
@ -367,6 +413,7 @@ def main(argv: list[str] | None = None) -> int:
{ {
"out": str(args.out), "out": str(args.out),
"markdown_out": str(args.markdown_out), "markdown_out": str(args.markdown_out),
"remote_command_out": str(args.remote_command_out),
"status": data["status"], "status": data["status"],
"ready_for_authorized_telegram_visible_dc_run": data[ "ready_for_authorized_telegram_visible_dc_run": data[
"ready_for_authorized_telegram_visible_dc_run" "ready_for_authorized_telegram_visible_dc_run"

View file

@ -24,6 +24,7 @@ def args_for(packet: Path, tmp_path: Path) -> argparse.Namespace:
remote_json_base64=None, remote_json_base64=None,
out=tmp_path / "out.json", out=tmp_path / "out.json",
markdown_out=tmp_path / "out.md", markdown_out=tmp_path / "out.md",
remote_command_out=tmp_path / "remote-readback.sh",
) )
@ -72,6 +73,8 @@ def test_preflight_passes_with_ready_packet_and_remote_readback(tmp_path: Path):
assert all(result["packet_checks"].values()) assert all(result["packet_checks"].values())
assert all(result["remote_checks"].values()) assert all(result["remote_checks"].values())
assert result["remote_source"] == "ssh_subprocess" assert result["remote_source"] == "ssh_subprocess"
assert result["remote_readback_command_path"].endswith("remote-readback.sh")
assert len(result["remote_readback_command_sha256"]) == 64
def test_preflight_can_use_supplied_remote_payload_without_subprocess_ssh(tmp_path: Path): def test_preflight_can_use_supplied_remote_payload_without_subprocess_ssh(tmp_path: Path):
@ -88,6 +91,21 @@ def test_preflight_can_use_supplied_remote_payload_without_subprocess_ssh(tmp_pa
assert result["remote"]["deploy_head"]["stdout"] == "abc123" assert result["remote"]["deploy_head"]["stdout"] == "abc123"
def test_remote_readback_command_is_copy_pasteable_shape(tmp_path: Path):
args = args_for(preflight.DEFAULT_PACKET, tmp_path)
digest = preflight.write_remote_readback_command(args.remote_command_out, args)
text = args.remote_command_out.read_text(encoding="utf-8")
assert text.startswith("#!/usr/bin/env bash\nset -euo pipefail\nssh ")
assert "root@example.invalid" in text
assert "python3 -\" <<'PY' | base64 | tr -d '\\n'" in text
assert "'public.claims'" in text
assert "telegram-visible-direct-claim-authorization-packet-current.json" in text
assert text.endswith("printf '\\n'\n")
assert len(digest) == 64
def test_preflight_fails_on_invalid_supplied_remote_payload(tmp_path: Path): def test_preflight_fails_on_invalid_supplied_remote_payload(tmp_path: Path):
args = args_for(preflight.DEFAULT_PACKET, tmp_path) args = args_for(preflight.DEFAULT_PACKET, tmp_path)
args.remote_json_base64 = "not valid base64" args.remote_json_base64 = "not valid base64"
@ -129,6 +147,7 @@ def test_markdown_reports_counts_and_claim_ceiling(tmp_path: Path):
assert "Telegram-Visible Direct-Claim Preflight" in text assert "Telegram-Visible Direct-Claim Preflight" in text
assert "Ready for authorized Telegram-visible DC run: `True`" in text assert "Ready for authorized Telegram-visible DC run: `True`" in text
assert "Remote source: `ssh_subprocess`" in text assert "Remote source: `ssh_subprocess`" in text
assert "Remote readback command:" in text
assert "`public.claims`: `1837`" in text assert "`public.claims`: `1837`" in text
assert "does not send Telegram messages" in text assert "does not send Telegram messages" in text