Add Leo remote preflight readback command
Some checks are pending
CI / lint-and-test (push) Waiting to run
Some checks are pending
CI / lint-and-test (push) Waiting to run
This commit is contained in:
parent
34b45365ec
commit
97755068d3
8 changed files with 167 additions and 12 deletions
|
|
@ -24,6 +24,7 @@ Use this file before making status claims. Prefer fresh VPS/GCP readbacks when c
|
|||
- Live VPS handler direct-claim suite review: `docs/reports/leo-working-state-20260709/telegram-handler-direct-claim-suite-review-current.md`
|
||||
- Telegram-visible direct-claim authorization packet, ready-to-request but not sent: `docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-authorization-packet-current.md`
|
||||
- Telegram-visible direct-claim pre-send preflight, local packet checks pass but current shell cannot SSH to VPS: `docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-preflight-current.md`
|
||||
- Telegram-visible direct-claim full-access remote readback command: `docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-remote-readback-command-current.sh`
|
||||
- Argus public KB state probe, read-only HTTP diagnostics: `docs/reports/leo-working-state-20260709/argus-kb-state-current.md`
|
||||
- Live VPS handler direct-claim follow-up challenge report: `docs/reports/leo-working-state-20260709/telegram-handler-direct-claim-followup-current.json`
|
||||
- Fable onboarding prompt: `docs/reports/leo-working-state-20260709/fable-leo-teleo-onboarding.md`
|
||||
|
|
@ -132,7 +133,7 @@ Use this file before making status claims. Prefer fresh VPS/GCP readbacks when c
|
|||
- The broader sandbox-first Cory-style benchmark has a full-catalog mixed-evidence score: real retained live Telegram evidence for `OE-01` through `OE-05`, sandbox fixture replies for `CS-01` through `CS-09`, and no-context direct-claim expected-answer/follow-up fixtures for `DC-01` through `DC-06`, `20/20` passing. This is not a live Telegram run for the CS/DC prompts.
|
||||
- The live VPS GatewayRunner direct-claim handler suite for exact `DC-01` through `DC-06` passed again after deploy SHA `7ab563e1aebe08913e72781e4e16a2b2883c5230`: `6/6` runtime replies, strict score `6/6`, no Telegram post, no live profile write, no production DB apply, unchanged DB counts (`public.claims=1837`, `public.sources=4145`, `public.claim_edges=4916`, `public.claim_evidence=4670`, `kb_stage.kb_proposals=26` before and after), temp profile removed, and `leoclean-gateway.service` stayed active/running during the harness with `MainPID=1908033`, `NRestarts=0`, `ExecMainStartTimestamp=Fri 2026-07-10 01:04:22 UTC`.
|
||||
- The Telegram-visible direct-claim benchmark is now executable as an exact authorization packet, not yet run: target `Leo` group `-5146042086`, raw no-context messages `DC-01` through `DC-06`, expected proof paths, before/after DB/service readbacks, scorer output, and final screenshot/accessibility proof are retained in `telegram-visible-direct-claim-authorization-packet-current.md`; `telegram_visible_messages_sent=false`.
|
||||
- The Telegram-visible direct-claim pre-send preflight harness now verifies the authorization packet and can consume a supplied VPS readback JSON payload. Current local packet checks pass, but this current shell cannot open SSH to `77.42.65.182:22` (`Operation not permitted`), so the retained preflight artifact is `status=fail` until a full-access VPS readback is supplied; no Telegram messages were sent and no DB apply ran.
|
||||
- The Telegram-visible direct-claim pre-send preflight harness now verifies the authorization packet and can consume a supplied VPS readback JSON payload. Current local packet checks pass, but this current shell cannot open SSH to `77.42.65.182:22` (`Operation not permitted`), so the retained preflight artifact is `status=fail` until a full-access VPS readback is supplied. The exact copy-pasteable full-access command is retained in `telegram-visible-direct-claim-remote-readback-command-current.sh` with SHA256 `741b9ee14548122cc5e15009f3bbbbfddd4389a1452099265f80f367cbe467ec`; no Telegram messages were sent and no DB apply ran.
|
||||
- The public Argus KB diagnostics HTTP probe passes from live `curl` payloads captured at `2026-07-10T02:47:53Z`: `3` approved proposals are visible (`14fa5ecc`, `ac036c9d`, `a64df080`), all are `approved_needs_apply_payload`, `worker_applyable_count=0`, and the endpoint is read-only. This supports Leo's expected answer that the approved KB work is not yet directly applyable/canonical, but it is not Docker/Postgres row-count or gateway-service proof.
|
||||
- The highest-risk direct-claim cases are now green at handler level: `DC-02` recognizes approved Helmer staging row `a64df080-8502-42e2-98f4-9bbdecb8da73` as approved/unapplied, `DC-03` says the decision-matrix path is not shipped while matrix tables are absent, `DC-04` avoids a single-cause document pointer diagnosis, `DC-05` separates staging demo from authorized canonical apply, and `DC-06` separates `SOUL.md` runtime edits from canonical DB identity.
|
||||
- A strict canonical `add_edge` apply canary is live-proven.
|
||||
|
|
|
|||
|
|
@ -4,13 +4,13 @@
|
|||
"local authorization packet validation",
|
||||
"ssh_subprocess remote VPS readback for deploy stamp, service state, packet presence, and DB counts"
|
||||
],
|
||||
"clear_CTA": "Run the remote readback from a full-access shell, base64-encode its JSON output, then rerun `scripts/collect_telegram_visible_direct_claim_preflight.py --remote-json-base64 <payload>`. Only after this report passes should the exact DC-01 through DC-06 Telegram group messages be sent under explicit action-time authorization.",
|
||||
"clear_CTA": "Run `docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-remote-readback-command-current.sh` from a full-access shell, then rerun `scripts/collect_telegram_visible_direct_claim_preflight.py --remote-json-base64 <payload>` with the base64 output it prints. Only after this report passes should the exact DC-01 through DC-06 Telegram group messages be sent under explicit action-time authorization.",
|
||||
"current_canary": "Pre-send Telegram-visible direct-claim benchmark readiness for DC-01 through DC-06 in the Leo group, expecting packet verification plus VPS deploy/service/DB count readback before any authorized send.",
|
||||
"exact_gate": "ssh: connect to host 77.42.65.182 port 22: Operation not permitted",
|
||||
"next_non_user_action": "Rerun this preflight with supplied VPS remote readback JSON, then run the Telegram-visible DC scorer and service/DB after-readbacks if the user explicitly authorizes the group send."
|
||||
},
|
||||
"claim_ceiling": "This is a read-only preflight for an explicitly authorized Telegram-visible DC benchmark. It does not send Telegram messages, does not run production apply, and does not prove Telegram-visible DC behavior until the six-message run is authorized, sent, captured, and scored.",
|
||||
"generated_at_utc": "2026-07-10T02:45:02.453896+00:00",
|
||||
"generated_at_utc": "2026-07-10T02:55:21.031274+00:00",
|
||||
"mode": "telegram_visible_direct_claim_preflight_readonly",
|
||||
"mutates_db": false,
|
||||
"packet_checks": {
|
||||
|
|
@ -35,6 +35,8 @@
|
|||
"service_active_running": false,
|
||||
"ssh_readback_ok": false
|
||||
},
|
||||
"remote_readback_command_path": "docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-remote-readback-command-current.sh",
|
||||
"remote_readback_command_sha256": "741b9ee14548122cc5e15009f3bbbbfddd4389a1452099265f80f367cbe467ec",
|
||||
"remote_returncode": 255,
|
||||
"remote_source": "ssh_subprocess",
|
||||
"remote_stderr": "ssh: connect to host 77.42.65.182 port 22: Operation not permitted\n",
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# Telegram-Visible Direct-Claim Preflight
|
||||
|
||||
Generated UTC: `2026-07-10T02:45:02.453896+00:00`
|
||||
Generated UTC: `2026-07-10T02:55:21.031274+00:00`
|
||||
Mode: `telegram_visible_direct_claim_preflight_readonly`
|
||||
Status: `fail`
|
||||
Ready for authorized Telegram-visible DC run: `False`
|
||||
|
|
@ -8,6 +8,8 @@ Telegram-visible messages sent: `False`
|
|||
Production apply executed: `False`
|
||||
Mutates DB: `False`
|
||||
Remote source: `ssh_subprocess`
|
||||
Remote readback command: `docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-remote-readback-command-current.sh`
|
||||
Remote readback command SHA256: `741b9ee14548122cc5e15009f3bbbbfddd4389a1452099265f80f367cbe467ec`
|
||||
|
||||
## Packet Checks
|
||||
|
||||
|
|
@ -51,7 +53,7 @@ Remote source: `ssh_subprocess`
|
|||
|
||||
- Current canary: Pre-send Telegram-visible direct-claim benchmark readiness for DC-01 through DC-06 in the Leo group, expecting packet verification plus VPS deploy/service/DB count readback before any authorized send.
|
||||
- Exact gate: `ssh: connect to host 77.42.65.182 port 22: Operation not permitted`
|
||||
- Clear CTA: Run the remote readback from a full-access shell, base64-encode its JSON output, then rerun `scripts/collect_telegram_visible_direct_claim_preflight.py --remote-json-base64 <payload>`. Only after this report passes should the exact DC-01 through DC-06 Telegram group messages be sent under explicit action-time authorization.
|
||||
- Clear CTA: Run `docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-remote-readback-command-current.sh` from a full-access shell, then rerun `scripts/collect_telegram_visible_direct_claim_preflight.py --remote-json-base64 <payload>` with the base64 output it prints. Only after this report passes should the exact DC-01 through DC-06 Telegram group messages be sent under explicit action-time authorization.
|
||||
- Next non-user action: Rerun this preflight with supplied VPS remote readback JSON, then run the Telegram-visible DC scorer and service/DB after-readbacks if the user explicitly authorizes the group send.
|
||||
|
||||
## Claim Ceiling
|
||||
|
|
|
|||
|
|
@ -0,0 +1,81 @@
|
|||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
ssh -i /Users/user/.ssh/livingip_hetzner_20260604_ed25519 -o BatchMode=yes -o StrictHostKeyChecking=accept-new -o ConnectTimeout=10 root@77.42.65.182 "python3 -" <<'PY' | base64 | tr -d '\n'
|
||||
|
||||
import json
|
||||
import subprocess
|
||||
from pathlib import Path
|
||||
|
||||
repo = Path("/opt/teleo-eval/workspaces/deploy-infra")
|
||||
packet_path = Path("/opt/teleo-eval/workspaces/deploy-infra/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-authorization-packet-current.json")
|
||||
|
||||
|
||||
def run(command, **kwargs):
|
||||
return subprocess.run(command, text=True, capture_output=True, check=False, **kwargs)
|
||||
|
||||
|
||||
def service_state():
|
||||
proc = run([
|
||||
"systemctl",
|
||||
"show",
|
||||
"leoclean-gateway.service",
|
||||
"-p",
|
||||
"ActiveState",
|
||||
"-p",
|
||||
"SubState",
|
||||
"-p",
|
||||
"MainPID",
|
||||
"-p",
|
||||
"NRestarts",
|
||||
"-p",
|
||||
"ExecMainStartTimestamp",
|
||||
"--no-pager",
|
||||
])
|
||||
state = {}
|
||||
for line in proc.stdout.splitlines():
|
||||
if "=" in line:
|
||||
key, value = line.split("=", 1)
|
||||
state[key] = value
|
||||
return {"returncode": proc.returncode, "stderr": proc.stderr, "state": state}
|
||||
|
||||
|
||||
def db_counts():
|
||||
sql = """
|
||||
select jsonb_build_object(
|
||||
'public.claims', (select count(*) from public.claims),
|
||||
'public.sources', (select count(*) from public.sources),
|
||||
'public.claim_evidence', (select count(*) from public.claim_evidence),
|
||||
'public.claim_edges', (select count(*) from public.claim_edges),
|
||||
'kb_stage.kb_proposals', (select count(*) from kb_stage.kb_proposals)
|
||||
)::text;
|
||||
"""
|
||||
proc = run(
|
||||
["docker", "exec", "-i", "teleo-pg", "psql", "-U", "postgres", "-d", "teleo", "-At", "-q"],
|
||||
input=sql,
|
||||
)
|
||||
parsed = None
|
||||
if proc.returncode == 0 and proc.stdout.strip():
|
||||
parsed = json.loads(proc.stdout.strip())
|
||||
return {"returncode": proc.returncode, "stderr": proc.stderr, "counts": parsed}
|
||||
|
||||
|
||||
def git_value(args):
|
||||
proc = run(["git", "-C", str(repo), *args])
|
||||
return {"returncode": proc.returncode, "stdout": proc.stdout.strip(), "stderr": proc.stderr.strip()}
|
||||
|
||||
|
||||
payload = {
|
||||
"deploy_head": git_value(["rev-parse", "HEAD"]),
|
||||
"last_deploy_sha": {
|
||||
"returncode": 0,
|
||||
"stdout": Path("/opt/teleo-eval/.last-deploy-sha").read_text(encoding="utf-8").strip(),
|
||||
"stderr": "",
|
||||
},
|
||||
"packet_present": packet_path.exists(),
|
||||
"packet_bytes": packet_path.stat().st_size if packet_path.exists() else 0,
|
||||
"service": service_state(),
|
||||
"db_counts": db_counts(),
|
||||
}
|
||||
print(json.dumps(payload, sort_keys=True))
|
||||
PY
|
||||
printf '\n'
|
||||
|
|
@ -58,6 +58,8 @@ A working Leo, for Cory/m3taversal's current expectation, is a Telegram-facing a
|
|||
- current status remains `telegram_visible_messages_sent=false`
|
||||
- Telegram-visible direct-claim pre-send preflight harness is now retained:
|
||||
- artifact: `work/teleo-infra-main/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-preflight-current.md`
|
||||
- full-access remote readback command: `work/teleo-infra-main/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-remote-readback-command-current.sh`
|
||||
- command SHA256: `741b9ee14548122cc5e15009f3bbbbfddd4389a1452099265f80f367cbe467ec`
|
||||
- local authorization-packet checks all pass
|
||||
- current shell cannot complete the VPS SSH readback gate: `ssh: connect to host 77.42.65.182 port 22: Operation not permitted`
|
||||
- the harness supports `--remote-json-base64` so a full-access VPS readback can be supplied without changing the test logic
|
||||
|
|
@ -80,7 +82,7 @@ A working Leo, for Cory/m3taversal's current expectation, is a Telegram-facing a
|
|||
## What Is Still Not Proven
|
||||
|
||||
- The no-context direct-claim behavior Cory is likely to use is handler-proven for `DC-01` through `DC-06` on the VPS GatewayRunner path, and an exact Telegram-visible authorization packet is ready. It has still not been sent as a public/group post.
|
||||
- The Telegram-visible direct-claim pre-send DB/service/deploy readback is not currently proven in this shell because SSH to `77.42.65.182:22` is denied; the preflight can be completed by supplying the base64 remote JSON payload from a full-access VPS readback.
|
||||
- The Telegram-visible direct-claim pre-send DB/service/deploy readback is not currently proven in this shell because SSH to `77.42.65.182:22` is denied; the preflight can be completed by running `telegram-visible-direct-claim-remote-readback-command-current.sh` from a full-access shell and passing its base64 output back through `--remote-json-base64`.
|
||||
- Old Cory-approved mapped rich proposals are still not fully directly applyable:
|
||||
- `14fa5ecc-ac7a-41c1-807d-a2e85b936617`
|
||||
- `ac036c9d-20a0-4ffe-881f-57d6b7bacf22`
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# Working Leo Execution Plan - 2026-07-09
|
||||
|
||||
Claim ceiling: VPS Telegram memory/KB audit, full live-safe open-ended Telegram suite, full mixed-evidence Cory-style outcome/direct-claim sandbox benchmark, live VPS GatewayRunner no-context direct-claim suite, Telegram-visible DC authorization packet, Telegram-to-`kb_stage` proposal staging, and strict existing-ID apply are working. The live VPS handler suite for exact `DC-01` through `DC-06` prompts strict-scores `6/6` after the authorized-session-plan deploy and scorer refresh, with no Telegram post, no live profile write, no production DB apply, unchanged DB counts, temp profile cleanup, and unchanged gateway service state during the harness. The Telegram-visible DC suite is exact-scoped and ready to request authorization, but not sent; the new pre-send preflight harness verifies the packet but cannot complete the current shell's SSH deploy/service/DB readback gate without a supplied full-access VPS JSON payload. Public Argus HTTP diagnostics currently show `3` approved proposals, all `approved_needs_apply_payload`, with `worker_applyable_count=0`, which supports the expected no-overclaim answer but does not prove Docker row counts or systemd state. The full prepared DB packet set is integrated-clone-proven in dependency order: mapped rich base, cross-surface anchor, Rio strategy context, governance/concept schema, and Helmer 7 Powers. A read-only live production preflight baseline now passes `5/5`, an authorized apply operator runbook is generated, an authorized apply session plan maps every apply-window output path with authorization gates, a production apply authorization packet is ready-to-request, the authorization verifier refuses the current apply window because no exact authorization text/operator identity is present, and the receipt assembler refuses final receipt emission because post-apply session artifacts/counts are absent. None of those packets are production-applied or authorized. GCP parity remains pending.
|
||||
Claim ceiling: VPS Telegram memory/KB audit, full live-safe open-ended Telegram suite, full mixed-evidence Cory-style outcome/direct-claim sandbox benchmark, live VPS GatewayRunner no-context direct-claim suite, Telegram-visible DC authorization packet, Telegram-to-`kb_stage` proposal staging, and strict existing-ID apply are working. The live VPS handler suite for exact `DC-01` through `DC-06` prompts strict-scores `6/6` after the authorized-session-plan deploy and scorer refresh, with no Telegram post, no live profile write, no production DB apply, unchanged DB counts, temp profile cleanup, and unchanged gateway service state during the harness. The Telegram-visible DC suite is exact-scoped and ready to request authorization, but not sent; the new pre-send preflight harness verifies the packet but cannot complete the current shell's SSH deploy/service/DB readback gate without a supplied full-access VPS JSON payload. It now retains a copy-pasteable full-access command script for that payload. Public Argus HTTP diagnostics currently show `3` approved proposals, all `approved_needs_apply_payload`, with `worker_applyable_count=0`, which supports the expected no-overclaim answer but does not prove Docker row counts or systemd state. The full prepared DB packet set is integrated-clone-proven in dependency order: mapped rich base, cross-surface anchor, Rio strategy context, governance/concept schema, and Helmer 7 Powers. A read-only live production preflight baseline now passes `5/5`, an authorized apply operator runbook is generated, an authorized apply session plan maps every apply-window output path with authorization gates, a production apply authorization packet is ready-to-request, the authorization verifier refuses the current apply window because no exact authorization text/operator identity is present, and the receipt assembler refuses final receipt emission because post-apply session artifacts/counts are absent. None of those packets are production-applied or authorized. GCP parity remains pending.
|
||||
|
||||
## WL-EXEC-01 - VPS Telegram-visible memory + KB audit
|
||||
- Status: `done`
|
||||
|
|
@ -14,7 +14,7 @@ Claim ceiling: VPS Telegram memory/KB audit, full live-safe open-ended Telegram
|
|||
|
||||
## WL-EXEC-01B - Cory-style outcome and direct-claim benchmark
|
||||
- Status: `sandbox_fixture_done_live_handler_done_telegram_visible_auth_ready`
|
||||
- Result: Full mixed-evidence Cory-style benchmark scores `20/20`: `OE-01` through `OE-05` are retained live Telegram read-only replies; `CS-01` through `CS-09` are sandbox expected-answer fixtures covering broader regular-use cases; `DC-01` through `DC-06` are no-context direct-claim expected-answer fixtures requiring the correct Cory-style follow-up action. A live VPS GatewayRunner handler run of the exact `DC-01` through `DC-06` prompts now returns `6/6` replies and strict-scores `6/6` with no Telegram post, no live profile write, no production DB apply, unchanged DB counts, and unchanged service state during the harness. The Telegram-visible DC run now has an exact authorization packet for the raw `DC-01` through `DC-06` group messages, proof paths, scorer command, DB/service readbacks, and screenshot/accessibility capture; it has not been sent. The pre-send preflight harness now exists and local packet checks pass, but the retained current artifact is `status=fail` because this shell cannot SSH to `77.42.65.182:22`; rerun with `--remote-json-base64` from a full-access VPS readback to unlock the Telegram-visible send gate. The Argus HTTP diagnostics probe passes and shows the currently approved proposals are visible but still not worker-applyable.
|
||||
- Result: Full mixed-evidence Cory-style benchmark scores `20/20`: `OE-01` through `OE-05` are retained live Telegram read-only replies; `CS-01` through `CS-09` are sandbox expected-answer fixtures covering broader regular-use cases; `DC-01` through `DC-06` are no-context direct-claim expected-answer fixtures requiring the correct Cory-style follow-up action. A live VPS GatewayRunner handler run of the exact `DC-01` through `DC-06` prompts now returns `6/6` replies and strict-scores `6/6` with no Telegram post, no live profile write, no production DB apply, unchanged DB counts, and unchanged service state during the harness. The Telegram-visible DC run now has an exact authorization packet for the raw `DC-01` through `DC-06` group messages, proof paths, scorer command, DB/service readbacks, and screenshot/accessibility capture; it has not been sent. The pre-send preflight harness now exists and local packet checks pass, but the retained current artifact is `status=fail` because this shell cannot SSH to `77.42.65.182:22`; run `telegram-visible-direct-claim-remote-readback-command-current.sh` from a full-access shell, then rerun the preflight with `--remote-json-base64` to unlock the Telegram-visible send gate. The Argus HTTP diagnostics probe passes and shows the currently approved proposals are visible but still not worker-applyable.
|
||||
- Not done condition: Reopen if `DC-02` stops recognizing approved Helmer staging row `a64df080-8502-42e2-98f4-9bbdecb8da73` as approved/unapplied, `DC-03` infers decision-matrix approval while `matrix_voters`, `proposal_votes`, and `proposal_decisions` tables are absent, any direct-claim answer omits the `Next Cory-style follow-up:` line, the handler mutates DB/service state during a read-only suite, or the Telegram-visible DC authorization packet drifts from the raw benchmark catalog.
|
||||
- Evidence:
|
||||
- `/Users/user/Documents/Codex/2026-07-09/019f34eb-d297-72d0-b7e2-b222d5515ab9-load/work/teleo-infra-main/docs/reports/leo-working-state-20260709/working-leo-cory-outcome-sandbox-results-current.md`
|
||||
|
|
@ -23,6 +23,7 @@ Claim ceiling: VPS Telegram memory/KB audit, full live-safe open-ended Telegram
|
|||
- `/Users/user/Documents/Codex/2026-07-09/019f34eb-d297-72d0-b7e2-b222d5515ab9-load/work/teleo-infra-main/docs/reports/leo-working-state-20260709/telegram-handler-direct-claim-suite-score-current.md`
|
||||
- `/Users/user/Documents/Codex/2026-07-09/019f34eb-d297-72d0-b7e2-b222d5515ab9-load/work/teleo-infra-main/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-authorization-packet-current.md`
|
||||
- `/Users/user/Documents/Codex/2026-07-09/019f34eb-d297-72d0-b7e2-b222d5515ab9-load/work/teleo-infra-main/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-preflight-current.md`
|
||||
- `/Users/user/Documents/Codex/2026-07-09/019f34eb-d297-72d0-b7e2-b222d5515ab9-load/work/teleo-infra-main/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-remote-readback-command-current.sh`
|
||||
- `/Users/user/Documents/Codex/2026-07-09/019f34eb-d297-72d0-b7e2-b222d5515ab9-load/work/teleo-infra-main/docs/reports/leo-working-state-20260709/argus-kb-state-current.md`
|
||||
|
||||
## WL-EXEC-02 - VPS runtime stability
|
||||
|
|
|
|||
|
|
@ -10,7 +10,9 @@ from __future__ import annotations
|
|||
|
||||
import argparse
|
||||
import base64
|
||||
import hashlib
|
||||
import json
|
||||
import shlex
|
||||
import subprocess
|
||||
from dataclasses import dataclass
|
||||
from datetime import datetime, timezone
|
||||
|
|
@ -21,6 +23,7 @@ REPORT_DIR = Path("docs/reports/leo-working-state-20260709")
|
|||
DEFAULT_PACKET = REPORT_DIR / "telegram-visible-direct-claim-authorization-packet-current.json"
|
||||
DEFAULT_OUT = REPORT_DIR / "telegram-visible-direct-claim-preflight-current.json"
|
||||
DEFAULT_MARKDOWN_OUT = REPORT_DIR / "telegram-visible-direct-claim-preflight-current.md"
|
||||
DEFAULT_REMOTE_COMMAND_OUT = REPORT_DIR / "telegram-visible-direct-claim-remote-readback-command-current.sh"
|
||||
DEFAULT_SSH_TARGET = "root@77.42.65.182"
|
||||
DEFAULT_SSH_KEY = Path.home() / ".ssh/livingip_hetzner_20260604_ed25519"
|
||||
REMOTE_REPO = "/opt/teleo-eval/workspaces/deploy-infra"
|
||||
|
|
@ -159,6 +162,39 @@ def ssh_command(args: argparse.Namespace) -> list[str]:
|
|||
]
|
||||
|
||||
|
||||
def remote_script_text() -> str:
|
||||
return REMOTE_SCRIPT.replace("__REMOTE_REPO__", REMOTE_REPO).replace("__REMOTE_PACKET__", REMOTE_PACKET)
|
||||
|
||||
|
||||
def remote_readback_command_script(args: argparse.Namespace) -> str:
|
||||
lines = [
|
||||
"#!/usr/bin/env bash",
|
||||
"set -euo pipefail",
|
||||
(
|
||||
"ssh "
|
||||
f"-i {shlex.quote(str(args.ssh_key))} "
|
||||
"-o BatchMode=yes "
|
||||
"-o StrictHostKeyChecking=accept-new "
|
||||
f"-o ConnectTimeout={int(args.connect_timeout)} "
|
||||
f"{shlex.quote(args.ssh_target)} "
|
||||
'"python3 -" <<\'PY\' | base64 | tr -d \'\\n\''
|
||||
),
|
||||
remote_script_text().rstrip(),
|
||||
"PY",
|
||||
"printf '\\n'",
|
||||
"",
|
||||
]
|
||||
return "\n".join(lines)
|
||||
|
||||
|
||||
def write_remote_readback_command(path: Path, args: argparse.Namespace) -> str:
|
||||
script = remote_readback_command_script(args)
|
||||
path.parent.mkdir(parents=True, exist_ok=True)
|
||||
path.write_text(script, encoding="utf-8")
|
||||
path.chmod(0o755)
|
||||
return hashlib.sha256(script.encode("utf-8")).hexdigest()
|
||||
|
||||
|
||||
def parse_remote(stdout: str) -> dict[str, Any] | None:
|
||||
for line in reversed(stdout.splitlines()):
|
||||
line = line.strip()
|
||||
|
|
@ -191,9 +227,8 @@ def collect_preflight(args: argparse.Namespace, *, runner: Runner = subprocess_r
|
|||
remote_stderr = supplied_stderr
|
||||
remote_source = "supplied_remote_json_base64"
|
||||
else:
|
||||
remote_script = REMOTE_SCRIPT.replace("__REMOTE_REPO__", REMOTE_REPO).replace("__REMOTE_PACKET__", REMOTE_PACKET)
|
||||
command = ssh_command(args)
|
||||
remote_proc = runner(command, remote_script, args.timeout)
|
||||
remote_proc = runner(command, remote_script_text(), args.timeout)
|
||||
remote_payload = parse_remote(remote_proc.stdout) if remote_proc.returncode == 0 else None
|
||||
remote_returncode = remote_proc.returncode
|
||||
remote_stderr = remote_proc.stderr
|
||||
|
|
@ -235,8 +270,9 @@ def collect_preflight(args: argparse.Namespace, *, runner: Runner = subprocess_r
|
|||
],
|
||||
"exact_gate": "" if status == "pass" else (remote_stderr.strip() or "remote readback checks did not pass"),
|
||||
"clear_CTA": (
|
||||
"Run the remote readback from a full-access shell, base64-encode its JSON output, then rerun "
|
||||
"`scripts/collect_telegram_visible_direct_claim_preflight.py --remote-json-base64 <payload>`. "
|
||||
f"Run `{args.remote_command_out}` from a full-access shell, then rerun "
|
||||
"`scripts/collect_telegram_visible_direct_claim_preflight.py --remote-json-base64 <payload>` "
|
||||
"with the base64 output it prints. "
|
||||
"Only after this report passes should the exact DC-01 through DC-06 Telegram group messages be "
|
||||
"sent under explicit action-time authorization."
|
||||
),
|
||||
|
|
@ -260,6 +296,10 @@ def collect_preflight(args: argparse.Namespace, *, runner: Runner = subprocess_r
|
|||
"remote": remote_payload,
|
||||
"remote_returncode": remote_returncode,
|
||||
"remote_stderr": remote_stderr,
|
||||
"remote_readback_command_path": str(args.remote_command_out),
|
||||
"remote_readback_command_sha256": hashlib.sha256(
|
||||
remote_readback_command_script(args).encode("utf-8")
|
||||
).hexdigest(),
|
||||
"blocker_readback": blocker_readback,
|
||||
"claim_ceiling": (
|
||||
"This is a read-only preflight for an explicitly authorized Telegram-visible DC benchmark. It does "
|
||||
|
|
@ -298,6 +338,8 @@ def write_markdown(path: Path, data: dict[str, Any]) -> None:
|
|||
f"Production apply executed: `{data['production_apply_executed']}`",
|
||||
f"Mutates DB: `{data['mutates_db']}`",
|
||||
f"Remote source: `{data['remote_source']}`",
|
||||
f"Remote readback command: `{data['remote_readback_command_path']}`",
|
||||
f"Remote readback command SHA256: `{data['remote_readback_command_sha256']}`",
|
||||
"",
|
||||
"## Packet Checks",
|
||||
"",
|
||||
|
|
@ -354,12 +396,16 @@ def parse_args(argv: list[str] | None = None) -> argparse.Namespace:
|
|||
)
|
||||
parser.add_argument("--out", type=Path, default=DEFAULT_OUT)
|
||||
parser.add_argument("--markdown-out", type=Path, default=DEFAULT_MARKDOWN_OUT)
|
||||
parser.add_argument("--remote-command-out", type=Path, default=DEFAULT_REMOTE_COMMAND_OUT)
|
||||
return parser.parse_args(argv)
|
||||
|
||||
|
||||
def main(argv: list[str] | None = None) -> int:
|
||||
args = parse_args(argv)
|
||||
remote_command_sha256 = write_remote_readback_command(args.remote_command_out, args)
|
||||
data = collect_preflight(args)
|
||||
if data["remote_readback_command_sha256"] != remote_command_sha256:
|
||||
raise RuntimeError("remote readback command hash drifted during collection")
|
||||
write_json(args.out, data)
|
||||
write_markdown(args.markdown_out, data)
|
||||
print(
|
||||
|
|
@ -367,6 +413,7 @@ def main(argv: list[str] | None = None) -> int:
|
|||
{
|
||||
"out": str(args.out),
|
||||
"markdown_out": str(args.markdown_out),
|
||||
"remote_command_out": str(args.remote_command_out),
|
||||
"status": data["status"],
|
||||
"ready_for_authorized_telegram_visible_dc_run": data[
|
||||
"ready_for_authorized_telegram_visible_dc_run"
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@ def args_for(packet: Path, tmp_path: Path) -> argparse.Namespace:
|
|||
remote_json_base64=None,
|
||||
out=tmp_path / "out.json",
|
||||
markdown_out=tmp_path / "out.md",
|
||||
remote_command_out=tmp_path / "remote-readback.sh",
|
||||
)
|
||||
|
||||
|
||||
|
|
@ -72,6 +73,8 @@ def test_preflight_passes_with_ready_packet_and_remote_readback(tmp_path: Path):
|
|||
assert all(result["packet_checks"].values())
|
||||
assert all(result["remote_checks"].values())
|
||||
assert result["remote_source"] == "ssh_subprocess"
|
||||
assert result["remote_readback_command_path"].endswith("remote-readback.sh")
|
||||
assert len(result["remote_readback_command_sha256"]) == 64
|
||||
|
||||
|
||||
def test_preflight_can_use_supplied_remote_payload_without_subprocess_ssh(tmp_path: Path):
|
||||
|
|
@ -88,6 +91,21 @@ def test_preflight_can_use_supplied_remote_payload_without_subprocess_ssh(tmp_pa
|
|||
assert result["remote"]["deploy_head"]["stdout"] == "abc123"
|
||||
|
||||
|
||||
def test_remote_readback_command_is_copy_pasteable_shape(tmp_path: Path):
|
||||
args = args_for(preflight.DEFAULT_PACKET, tmp_path)
|
||||
|
||||
digest = preflight.write_remote_readback_command(args.remote_command_out, args)
|
||||
|
||||
text = args.remote_command_out.read_text(encoding="utf-8")
|
||||
assert text.startswith("#!/usr/bin/env bash\nset -euo pipefail\nssh ")
|
||||
assert "root@example.invalid" in text
|
||||
assert "python3 -\" <<'PY' | base64 | tr -d '\\n'" in text
|
||||
assert "'public.claims'" in text
|
||||
assert "telegram-visible-direct-claim-authorization-packet-current.json" in text
|
||||
assert text.endswith("printf '\\n'\n")
|
||||
assert len(digest) == 64
|
||||
|
||||
|
||||
def test_preflight_fails_on_invalid_supplied_remote_payload(tmp_path: Path):
|
||||
args = args_for(preflight.DEFAULT_PACKET, tmp_path)
|
||||
args.remote_json_base64 = "not valid base64"
|
||||
|
|
@ -129,6 +147,7 @@ def test_markdown_reports_counts_and_claim_ceiling(tmp_path: Path):
|
|||
assert "Telegram-Visible Direct-Claim Preflight" in text
|
||||
assert "Ready for authorized Telegram-visible DC run: `True`" in text
|
||||
assert "Remote source: `ssh_subprocess`" in text
|
||||
assert "Remote readback command:" in text
|
||||
assert "`public.claims`: `1837`" in text
|
||||
assert "does not send Telegram messages" in text
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue