Harden Leo Telegram-visible preflight readback
Some checks are pending
CI / lint-and-test (push) Waiting to run
Some checks are pending
CI / lint-and-test (push) Waiting to run
This commit is contained in:
parent
7de4c38953
commit
9f892c5e34
8 changed files with 316 additions and 257 deletions
|
|
@ -24,7 +24,7 @@ Use this file before making status claims. Prefer fresh VPS/GCP readbacks when c
|
|||
- Live VPS handler direct-claim suite review: `docs/reports/leo-working-state-20260709/telegram-handler-direct-claim-suite-review-current.md`
|
||||
- Telegram-visible direct-claim authorization packet, ready-to-request but not sent: `docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-authorization-packet-current.md`
|
||||
- Telegram-visible direct-claim capture receipt, currently awaiting capture: `docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-capture-receipt-current.md`
|
||||
- Telegram-visible direct-claim pre-send preflight, local packet checks pass but current shell cannot SSH to VPS: `docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-preflight-current.md`
|
||||
- Telegram-visible direct-claim pre-send preflight, passed from supplied top-level SSH readback payload: `docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-preflight-current.md`
|
||||
- Telegram-visible direct-claim full-access remote readback command: `docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-remote-readback-command-current.sh`
|
||||
- Argus public KB state probe, read-only HTTP diagnostics: `docs/reports/leo-working-state-20260709/argus-kb-state-current.md`
|
||||
- Live VPS handler direct-claim follow-up challenge report: `docs/reports/leo-working-state-20260709/telegram-handler-direct-claim-followup-current.json`
|
||||
|
|
@ -135,7 +135,7 @@ Use this file before making status claims. Prefer fresh VPS/GCP readbacks when c
|
|||
- The live VPS GatewayRunner direct-claim handler suite for exact `DC-01` through `DC-06` passed again after deploy SHA `7ab563e1aebe08913e72781e4e16a2b2883c5230`: `6/6` runtime replies, strict score `6/6`, no Telegram post, no live profile write, no production DB apply, unchanged DB counts (`public.claims=1837`, `public.sources=4145`, `public.claim_edges=4916`, `public.claim_evidence=4670`, `kb_stage.kb_proposals=26` before and after), temp profile removed, and `leoclean-gateway.service` stayed active/running during the harness with `MainPID=1908033`, `NRestarts=0`, `ExecMainStartTimestamp=Fri 2026-07-10 01:04:22 UTC`.
|
||||
- The Telegram-visible direct-claim benchmark is now executable as an exact authorization packet, not yet run: target `Leo` group `-5146042086`, raw no-context messages `DC-01` through `DC-06`, expected proof paths, before/after DB/service readbacks, scorer output, and final screenshot/accessibility proof are retained in `telegram-visible-direct-claim-authorization-packet-current.md`; `telegram_visible_messages_sent=false`.
|
||||
- The Telegram-visible direct-claim capture receipt assembler is retained and currently `status=awaiting_capture`; it will not emit a passing receipt until the exact operator authorization text, exact six DC messages, nonempty Telegram-visible Leo replies, DB before/after counts, service readback, final screenshot/accessibility proof, and `6/6` direct-claim score are present.
|
||||
- The Telegram-visible direct-claim pre-send preflight harness now verifies the authorization packet and can consume a supplied VPS readback JSON payload. Current local packet checks pass, but this current shell cannot open SSH to `77.42.65.182:22` (`Operation not permitted`), so the retained preflight artifact is `status=fail` until a full-access VPS readback is supplied. The exact copy-pasteable full-access command is retained in `telegram-visible-direct-claim-remote-readback-command-current.sh` with SHA256 `741b9ee14548122cc5e15009f3bbbbfddd4389a1452099265f80f367cbe467ec`; no Telegram messages were sent and no DB apply ran.
|
||||
- The Telegram-visible direct-claim pre-send preflight now passes from supplied top-level SSH readback payload: deploy head and `.last-deploy-sha` both equal `7de4c3895350b8fa082bb70eef3ced799130a661`, the remote packet is present/nonempty, `leoclean-gateway.service` is active/running with `MainPID=1908033` and `NRestarts=0`, and DB counts read as `public.claims=1837`, `public.sources=4145`, `public.claim_edges=4916`, `public.claim_evidence=4670`, `kb_stage.kb_proposals=26`. The retained remote readback command SHA256 is `9bbfbe1de6e3f63e7aa9f73a7f412aa16f8f2f60b3c46f87ee93472290047c89`; no Telegram messages were sent and no DB apply ran.
|
||||
- The public Argus KB diagnostics HTTP probe passes from live `curl` payloads captured at `2026-07-10T02:47:53Z`: `3` approved proposals are visible (`14fa5ecc`, `ac036c9d`, `a64df080`), all are `approved_needs_apply_payload`, `worker_applyable_count=0`, and the endpoint is read-only. This supports Leo's expected answer that the approved KB work is not yet directly applyable/canonical, but it is not Docker/Postgres row-count or gateway-service proof.
|
||||
- The highest-risk direct-claim cases are now green at handler level: `DC-02` recognizes approved Helmer staging row `a64df080-8502-42e2-98f4-9bbdecb8da73` as approved/unapplied, `DC-03` says the decision-matrix path is not shipped while matrix tables are absent, `DC-04` avoids a single-cause document pointer diagnosis, `DC-05` separates staging demo from authorized canonical apply, and `DC-06` separates `SOUL.md` runtime edits from canonical DB identity.
|
||||
- A strict canonical `add_edge` apply canary is live-proven.
|
||||
|
|
|
|||
|
|
@ -2,15 +2,15 @@
|
|||
"blocker_readback": {
|
||||
"attempted_routes": [
|
||||
"local authorization packet validation",
|
||||
"ssh_subprocess remote VPS readback for deploy stamp, service state, packet presence, and DB counts"
|
||||
"supplied_remote_json_base64 remote VPS readback for deploy stamp, service state, packet presence, and DB counts"
|
||||
],
|
||||
"clear_CTA": "Run `docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-remote-readback-command-current.sh` from a full-access shell, then rerun `scripts/collect_telegram_visible_direct_claim_preflight.py --remote-json-base64 <payload>` with the base64 output it prints. Only after this report passes should the exact DC-01 through DC-06 Telegram group messages be sent under explicit action-time authorization.",
|
||||
"current_canary": "Pre-send Telegram-visible direct-claim benchmark readiness for DC-01 through DC-06 in the Leo group, expecting packet verification plus VPS deploy/service/DB count readback before any authorized send.",
|
||||
"exact_gate": "ssh: connect to host 77.42.65.182 port 22: Operation not permitted",
|
||||
"exact_gate": "",
|
||||
"next_non_user_action": "Rerun this preflight with supplied VPS remote readback JSON, then run the Telegram-visible DC scorer and service/DB after-readbacks if the user explicitly authorizes the group send."
|
||||
},
|
||||
"claim_ceiling": "This is a read-only preflight for an explicitly authorized Telegram-visible DC benchmark. It does not send Telegram messages, does not run production apply, and does not prove Telegram-visible DC behavior until the six-message run is authorized, sent, captured, and scored.",
|
||||
"generated_at_utc": "2026-07-10T02:55:21.031274+00:00",
|
||||
"generated_at_utc": "2026-07-10T03:08:59.760485+00:00",
|
||||
"mode": "telegram_visible_direct_claim_preflight_readonly",
|
||||
"mutates_db": false,
|
||||
"packet_checks": {
|
||||
|
|
@ -25,21 +25,56 @@
|
|||
},
|
||||
"packet_path": "docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-authorization-packet-current.json",
|
||||
"production_apply_executed": false,
|
||||
"ready_for_authorized_telegram_visible_dc_run": false,
|
||||
"remote": null,
|
||||
"ready_for_authorized_telegram_visible_dc_run": true,
|
||||
"remote": {
|
||||
"db_counts": {
|
||||
"counts": {
|
||||
"kb_stage.kb_proposals": 26,
|
||||
"public.claim_edges": 4916,
|
||||
"public.claim_evidence": 4670,
|
||||
"public.claims": 1837,
|
||||
"public.sources": 4145
|
||||
},
|
||||
"returncode": 0,
|
||||
"stderr": ""
|
||||
},
|
||||
"deploy_head": {
|
||||
"returncode": 0,
|
||||
"stderr": "",
|
||||
"stdout": "7de4c3895350b8fa082bb70eef3ced799130a661"
|
||||
},
|
||||
"last_deploy_sha": {
|
||||
"returncode": 0,
|
||||
"stderr": "",
|
||||
"stdout": "7de4c3895350b8fa082bb70eef3ced799130a661"
|
||||
},
|
||||
"packet_bytes": 9700,
|
||||
"packet_present": true,
|
||||
"service": {
|
||||
"returncode": 0,
|
||||
"state": {
|
||||
"ActiveState": "active",
|
||||
"ExecMainStartTimestamp": "Fri 2026-07-10 01:04:22 UTC",
|
||||
"MainPID": "1908033",
|
||||
"NRestarts": "0",
|
||||
"SubState": "running"
|
||||
},
|
||||
"stderr": ""
|
||||
}
|
||||
},
|
||||
"remote_checks": {
|
||||
"db_counts_read": false,
|
||||
"deploy_head_matches_last_deploy": false,
|
||||
"remote_packet_nonempty": false,
|
||||
"remote_packet_present": false,
|
||||
"service_active_running": false,
|
||||
"ssh_readback_ok": false
|
||||
"db_counts_read": true,
|
||||
"deploy_head_matches_last_deploy": true,
|
||||
"remote_packet_nonempty": true,
|
||||
"remote_packet_present": true,
|
||||
"service_active_running": true,
|
||||
"ssh_readback_ok": true
|
||||
},
|
||||
"remote_readback_command_path": "docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-remote-readback-command-current.sh",
|
||||
"remote_readback_command_sha256": "741b9ee14548122cc5e15009f3bbbbfddd4389a1452099265f80f367cbe467ec",
|
||||
"remote_returncode": 255,
|
||||
"remote_source": "ssh_subprocess",
|
||||
"remote_stderr": "ssh: connect to host 77.42.65.182 port 22: Operation not permitted\n",
|
||||
"status": "fail",
|
||||
"remote_readback_command_sha256": "9bbfbe1de6e3f63e7aa9f73a7f412aa16f8f2f60b3c46f87ee93472290047c89",
|
||||
"remote_returncode": 0,
|
||||
"remote_source": "supplied_remote_json_base64",
|
||||
"remote_stderr": "",
|
||||
"status": "pass",
|
||||
"telegram_visible_messages_sent": false
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,15 +1,15 @@
|
|||
# Telegram-Visible Direct-Claim Preflight
|
||||
|
||||
Generated UTC: `2026-07-10T02:55:21.031274+00:00`
|
||||
Generated UTC: `2026-07-10T03:08:59.760485+00:00`
|
||||
Mode: `telegram_visible_direct_claim_preflight_readonly`
|
||||
Status: `fail`
|
||||
Ready for authorized Telegram-visible DC run: `False`
|
||||
Status: `pass`
|
||||
Ready for authorized Telegram-visible DC run: `True`
|
||||
Telegram-visible messages sent: `False`
|
||||
Production apply executed: `False`
|
||||
Mutates DB: `False`
|
||||
Remote source: `ssh_subprocess`
|
||||
Remote source: `supplied_remote_json_base64`
|
||||
Remote readback command: `docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-remote-readback-command-current.sh`
|
||||
Remote readback command SHA256: `741b9ee14548122cc5e15009f3bbbbfddd4389a1452099265f80f367cbe467ec`
|
||||
Remote readback command SHA256: `9bbfbe1de6e3f63e7aa9f73a7f412aa16f8f2f60b3c46f87ee93472290047c89`
|
||||
|
||||
## Packet Checks
|
||||
|
||||
|
|
@ -24,37 +24,30 @@ Remote readback command SHA256: `741b9ee14548122cc5e15009f3bbbbfddd4389a14520992
|
|||
|
||||
## Remote Checks
|
||||
|
||||
- `db_counts_read`: `False`
|
||||
- `deploy_head_matches_last_deploy`: `False`
|
||||
- `remote_packet_nonempty`: `False`
|
||||
- `remote_packet_present`: `False`
|
||||
- `service_active_running`: `False`
|
||||
- `ssh_readback_ok`: `False`
|
||||
- `db_counts_read`: `True`
|
||||
- `deploy_head_matches_last_deploy`: `True`
|
||||
- `remote_packet_nonempty`: `True`
|
||||
- `remote_packet_present`: `True`
|
||||
- `service_active_running`: `True`
|
||||
- `ssh_readback_ok`: `True`
|
||||
|
||||
## Deploy And Service
|
||||
|
||||
- Deploy head: ``
|
||||
- Last deploy SHA: ``
|
||||
- ActiveState: ``
|
||||
- SubState: ``
|
||||
- MainPID: ``
|
||||
- NRestarts: ``
|
||||
- ExecMainStartTimestamp: ``
|
||||
- Deploy head: `7de4c3895350b8fa082bb70eef3ced799130a661`
|
||||
- Last deploy SHA: `7de4c3895350b8fa082bb70eef3ced799130a661`
|
||||
- ActiveState: `active`
|
||||
- SubState: `running`
|
||||
- MainPID: `1908033`
|
||||
- NRestarts: `0`
|
||||
- ExecMainStartTimestamp: `Fri 2026-07-10 01:04:22 UTC`
|
||||
|
||||
## DB Counts Before Send
|
||||
|
||||
- `public.claims`: ``
|
||||
- `public.sources`: ``
|
||||
- `public.claim_evidence`: ``
|
||||
- `public.claim_edges`: ``
|
||||
- `kb_stage.kb_proposals`: ``
|
||||
|
||||
## Blocker Readback
|
||||
|
||||
- Current canary: Pre-send Telegram-visible direct-claim benchmark readiness for DC-01 through DC-06 in the Leo group, expecting packet verification plus VPS deploy/service/DB count readback before any authorized send.
|
||||
- Exact gate: `ssh: connect to host 77.42.65.182 port 22: Operation not permitted`
|
||||
- Clear CTA: Run `docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-remote-readback-command-current.sh` from a full-access shell, then rerun `scripts/collect_telegram_visible_direct_claim_preflight.py --remote-json-base64 <payload>` with the base64 output it prints. Only after this report passes should the exact DC-01 through DC-06 Telegram group messages be sent under explicit action-time authorization.
|
||||
- Next non-user action: Rerun this preflight with supplied VPS remote readback JSON, then run the Telegram-visible DC scorer and service/DB after-readbacks if the user explicitly authorizes the group send.
|
||||
- `public.claims`: `1837`
|
||||
- `public.sources`: `4145`
|
||||
- `public.claim_evidence`: `4670`
|
||||
- `public.claim_edges`: `4916`
|
||||
- `kb_stage.kb_proposals`: `26`
|
||||
|
||||
## Claim Ceiling
|
||||
|
||||
|
|
|
|||
|
|
@ -1,80 +1,42 @@
|
|||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
ssh -i /Users/user/.ssh/livingip_hetzner_20260604_ed25519 -o BatchMode=yes -o StrictHostKeyChecking=accept-new -o ConnectTimeout=10 root@77.42.65.182 "python3 -" <<'PY' | base64 | tr -d '\n'
|
||||
|
||||
# Remote packet: /opt/teleo-eval/workspaces/deploy-infra/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-authorization-packet-current.json
|
||||
# Readback covers deploy head, .last-deploy-sha, leoclean-gateway.service, and DB counts:
|
||||
# public.claims, public.sources, public.claim_evidence, public.claim_edges, kb_stage.kb_proposals
|
||||
run_ssh() {
|
||||
ssh -i /Users/user/.ssh/livingip_hetzner_20260604_ed25519 -o BatchMode=yes -o StrictHostKeyChecking=accept-new -o ConnectTimeout=10 root@77.42.65.182 "$1"
|
||||
}
|
||||
DEPLOY_READBACK="$(run_ssh 'cd /opt/teleo-eval/workspaces/deploy-infra && printf '"'"'deploy_head='"'"' && git rev-parse HEAD && printf '"'"'last_deploy_sha='"'"' && cat /opt/teleo-eval/.last-deploy-sha && printf '"'"'\n'"'"' && if [ -s /opt/teleo-eval/workspaces/deploy-infra/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-authorization-packet-current.json ]; then printf '"'"'packet_present=true\npacket_bytes='"'"'; wc -c < /opt/teleo-eval/workspaces/deploy-infra/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-authorization-packet-current.json; else printf '"'"'packet_present=false\npacket_bytes=0\n'"'"'; fi')"
|
||||
SERVICE_READBACK="$(run_ssh 'systemctl show leoclean-gateway.service -p ActiveState -p SubState -p MainPID -p NRestarts -p ExecMainStartTimestamp --no-pager')"
|
||||
DB_COUNTS_READBACK="$(run_ssh 'docker exec teleo-pg psql -U postgres -d teleo -At -q -c '"'"'select jsonb_build_object(
|
||||
'"'"'"'"'"'"'"'"'public.claims'"'"'"'"'"'"'"'"', (select count(*) from public.claims),
|
||||
'"'"'"'"'"'"'"'"'public.sources'"'"'"'"'"'"'"'"', (select count(*) from public.sources),
|
||||
'"'"'"'"'"'"'"'"'public.claim_evidence'"'"'"'"'"'"'"'"', (select count(*) from public.claim_evidence),
|
||||
'"'"'"'"'"'"'"'"'public.claim_edges'"'"'"'"'"'"'"'"', (select count(*) from public.claim_edges),
|
||||
'"'"'"'"'"'"'"'"'kb_stage.kb_proposals'"'"'"'"'"'"'"'"', (select count(*) from kb_stage.kb_proposals)
|
||||
)::text;'"'"'')"
|
||||
python3 - "$DEPLOY_READBACK" "$SERVICE_READBACK" "$DB_COUNTS_READBACK" <<'PY' | base64 | tr -d '\n'
|
||||
import json
|
||||
import subprocess
|
||||
from pathlib import Path
|
||||
|
||||
repo = Path("/opt/teleo-eval/workspaces/deploy-infra")
|
||||
packet_path = Path("/opt/teleo-eval/workspaces/deploy-infra/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-authorization-packet-current.json")
|
||||
|
||||
|
||||
def run(command, **kwargs):
|
||||
return subprocess.run(command, text=True, capture_output=True, check=False, **kwargs)
|
||||
|
||||
|
||||
def service_state():
|
||||
proc = run([
|
||||
"systemctl",
|
||||
"show",
|
||||
"leoclean-gateway.service",
|
||||
"-p",
|
||||
"ActiveState",
|
||||
"-p",
|
||||
"SubState",
|
||||
"-p",
|
||||
"MainPID",
|
||||
"-p",
|
||||
"NRestarts",
|
||||
"-p",
|
||||
"ExecMainStartTimestamp",
|
||||
"--no-pager",
|
||||
])
|
||||
state = {}
|
||||
for line in proc.stdout.splitlines():
|
||||
if "=" in line:
|
||||
key, value = line.split("=", 1)
|
||||
state[key] = value
|
||||
return {"returncode": proc.returncode, "stderr": proc.stderr, "state": state}
|
||||
|
||||
|
||||
def db_counts():
|
||||
sql = """
|
||||
select jsonb_build_object(
|
||||
'public.claims', (select count(*) from public.claims),
|
||||
'public.sources', (select count(*) from public.sources),
|
||||
'public.claim_evidence', (select count(*) from public.claim_evidence),
|
||||
'public.claim_edges', (select count(*) from public.claim_edges),
|
||||
'kb_stage.kb_proposals', (select count(*) from kb_stage.kb_proposals)
|
||||
)::text;
|
||||
"""
|
||||
proc = run(
|
||||
["docker", "exec", "-i", "teleo-pg", "psql", "-U", "postgres", "-d", "teleo", "-At", "-q"],
|
||||
input=sql,
|
||||
)
|
||||
parsed = None
|
||||
if proc.returncode == 0 and proc.stdout.strip():
|
||||
parsed = json.loads(proc.stdout.strip())
|
||||
return {"returncode": proc.returncode, "stderr": proc.stderr, "counts": parsed}
|
||||
|
||||
|
||||
def git_value(args):
|
||||
proc = run(["git", "-C", str(repo), *args])
|
||||
return {"returncode": proc.returncode, "stdout": proc.stdout.strip(), "stderr": proc.stderr.strip()}
|
||||
import sys
|
||||
|
||||
def kv(text):
|
||||
out = {}
|
||||
for line in text.splitlines():
|
||||
if '=' in line:
|
||||
key, value = line.split('=', 1)
|
||||
out[key] = value.strip()
|
||||
return out
|
||||
|
||||
deploy = kv(sys.argv[1])
|
||||
service = kv(sys.argv[2])
|
||||
counts = json.loads(sys.argv[3])
|
||||
payload = {
|
||||
"deploy_head": git_value(["rev-parse", "HEAD"]),
|
||||
"last_deploy_sha": {
|
||||
"returncode": 0,
|
||||
"stdout": Path("/opt/teleo-eval/.last-deploy-sha").read_text(encoding="utf-8").strip(),
|
||||
"stderr": "",
|
||||
},
|
||||
"packet_present": packet_path.exists(),
|
||||
"packet_bytes": packet_path.stat().st_size if packet_path.exists() else 0,
|
||||
"service": service_state(),
|
||||
"db_counts": db_counts(),
|
||||
'deploy_head': {'returncode': 0, 'stdout': deploy.get('deploy_head', ''), 'stderr': ''},
|
||||
'last_deploy_sha': {'returncode': 0, 'stdout': deploy.get('last_deploy_sha', ''), 'stderr': ''},
|
||||
'packet_present': deploy.get('packet_present') == 'true',
|
||||
'packet_bytes': int(deploy.get('packet_bytes') or 0),
|
||||
'service': {'returncode': 0, 'stderr': '', 'state': service},
|
||||
'db_counts': {'returncode': 0, 'stderr': '', 'counts': counts},
|
||||
}
|
||||
print(json.dumps(payload, sort_keys=True))
|
||||
PY
|
||||
|
|
|
|||
|
|
@ -64,11 +64,12 @@ A working Leo, for Cory/m3taversal's current expectation, is a Telegram-facing a
|
|||
- Telegram-visible direct-claim pre-send preflight harness is now retained:
|
||||
- artifact: `work/teleo-infra-main/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-preflight-current.md`
|
||||
- full-access remote readback command: `work/teleo-infra-main/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-remote-readback-command-current.sh`
|
||||
- command SHA256: `741b9ee14548122cc5e15009f3bbbbfddd4389a1452099265f80f367cbe467ec`
|
||||
- command SHA256: `9bbfbe1de6e3f63e7aa9f73a7f412aa16f8f2f60b3c46f87ee93472290047c89`
|
||||
- local authorization-packet checks all pass
|
||||
- current shell cannot complete the VPS SSH readback gate: `ssh: connect to host 77.42.65.182 port 22: Operation not permitted`
|
||||
- the harness supports `--remote-json-base64` so a full-access VPS readback can be supplied without changing the test logic
|
||||
- no Telegram message was sent, no production apply ran, and the preflight currently remains `status=fail` until deploy/service/DB counts are supplied
|
||||
- supplied top-level SSH readback payload passes all remote checks: deploy head matches `.last-deploy-sha` at `7de4c3895350b8fa082bb70eef3ced799130a661`, the remote packet is present/nonempty, `leoclean-gateway.service` is active/running, and DB counts are readable
|
||||
- service readback: `MainPID=1908033`, `NRestarts=0`, `ExecMainStartTimestamp=Fri 2026-07-10 01:04:22 UTC`
|
||||
- DB counts before any send: `public.claims=1837`, `public.sources=4145`, `public.claim_edges=4916`, `public.claim_evidence=4670`, `kb_stage.kb_proposals=26`
|
||||
- no Telegram message was sent, no production apply ran, and the current preflight status is `pass`
|
||||
- Argus public KB diagnostics probe is now retained and passing:
|
||||
- artifact: `work/teleo-infra-main/docs/reports/leo-working-state-20260709/argus-kb-state-current.md`
|
||||
- live `curl` payloads show `3` approved proposals: `14fa5ecc-ac7a-41c1-807d-a2e85b936617`, `ac036c9d-20a0-4ffe-881f-57d6b7bacf22`, and `a64df080-8502-42e2-98f4-9bbdecb8da73`
|
||||
|
|
@ -88,7 +89,7 @@ A working Leo, for Cory/m3taversal's current expectation, is a Telegram-facing a
|
|||
|
||||
- The no-context direct-claim behavior Cory is likely to use is handler-proven for `DC-01` through `DC-06` on the VPS GatewayRunner path, and an exact Telegram-visible authorization packet is ready. It has still not been sent as a public/group post.
|
||||
- The Telegram-visible direct-claim capture receipt is not ready because no authorized visible DC capture exists yet.
|
||||
- The Telegram-visible direct-claim pre-send DB/service/deploy readback is not currently proven in this shell because SSH to `77.42.65.182:22` is denied; the preflight can be completed by running `telegram-visible-direct-claim-remote-readback-command-current.sh` from a full-access shell and passing its base64 output back through `--remote-json-base64`.
|
||||
- The Telegram-visible direct-claim pre-send DB/service/deploy readback is now proven in the retained preflight, but the actual six-message Telegram-visible DC run is not authorized/sent/captured/scored yet.
|
||||
- Old Cory-approved mapped rich proposals are still not fully directly applyable:
|
||||
- `14fa5ecc-ac7a-41c1-807d-a2e85b936617`
|
||||
- `ac036c9d-20a0-4ffe-881f-57d6b7bacf22`
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# Working Leo Execution Plan - 2026-07-09
|
||||
|
||||
Claim ceiling: VPS Telegram memory/KB audit, full live-safe open-ended Telegram suite, full mixed-evidence Cory-style outcome/direct-claim sandbox benchmark, live VPS GatewayRunner no-context direct-claim suite, Telegram-visible DC authorization packet, Telegram-to-`kb_stage` proposal staging, and strict existing-ID apply are working. The live VPS handler suite for exact `DC-01` through `DC-06` prompts strict-scores `6/6` after the authorized-session-plan deploy and scorer refresh, with no Telegram post, no live profile write, no production DB apply, unchanged DB counts, temp profile cleanup, and unchanged gateway service state during the harness. The Telegram-visible DC suite is exact-scoped and ready to request authorization, but not sent; the new pre-send preflight harness verifies the packet but cannot complete the current shell's SSH deploy/service/DB readback gate without a supplied full-access VPS JSON payload. It now retains a copy-pasteable full-access command script for that payload, and the capture receipt assembler is retained but remains `awaiting_capture` until real visible replies plus DB/service/visual proof are supplied and scored. Public Argus HTTP diagnostics currently show `3` approved proposals, all `approved_needs_apply_payload`, with `worker_applyable_count=0`, which supports the expected no-overclaim answer but does not prove Docker row counts or systemd state. The full prepared DB packet set is integrated-clone-proven in dependency order: mapped rich base, cross-surface anchor, Rio strategy context, governance/concept schema, and Helmer 7 Powers. A read-only live production preflight baseline now passes `5/5`, an authorized apply operator runbook is generated, an authorized apply session plan maps every apply-window output path with authorization gates, a production apply authorization packet is ready-to-request, the authorization verifier refuses the current apply window because no exact authorization text/operator identity is present, and the receipt assembler refuses final receipt emission because post-apply session artifacts/counts are absent. None of those packets are production-applied or authorized. GCP parity remains pending.
|
||||
Claim ceiling: VPS Telegram memory/KB audit, full live-safe open-ended Telegram suite, full mixed-evidence Cory-style outcome/direct-claim sandbox benchmark, live VPS GatewayRunner no-context direct-claim suite, Telegram-visible DC authorization packet, Telegram-visible DC pre-send preflight, Telegram-to-`kb_stage` proposal staging, and strict existing-ID apply are working. The live VPS handler suite for exact `DC-01` through `DC-06` prompts strict-scores `6/6` after the authorized-session-plan deploy and scorer refresh, with no Telegram post, no live profile write, no production DB apply, unchanged DB counts, temp profile cleanup, and unchanged gateway service state during the harness. The Telegram-visible DC suite is exact-scoped and ready to request authorization, but not sent; the pre-send preflight now passes from supplied top-level SSH readback payload with deploy head and `.last-deploy-sha` at `7de4c3895350b8fa082bb70eef3ced799130a661`, active/running service state, and DB counts present. The capture receipt assembler is retained but remains `awaiting_capture` until real visible replies plus DB/service/visual proof are supplied and scored. Public Argus HTTP diagnostics currently show `3` approved proposals, all `approved_needs_apply_payload`, with `worker_applyable_count=0`, which supports the expected no-overclaim answer but does not prove Docker row counts or systemd state. The full prepared DB packet set is integrated-clone-proven in dependency order: mapped rich base, cross-surface anchor, Rio strategy context, governance/concept schema, and Helmer 7 Powers. A read-only live production preflight baseline now passes `5/5`, an authorized apply operator runbook is generated, an authorized apply session plan maps every apply-window output path with authorization gates, a production apply authorization packet is ready-to-request, the authorization verifier refuses the current apply window because no exact authorization text/operator identity is present, and the receipt assembler refuses final receipt emission because post-apply session artifacts/counts are absent. None of those packets are production-applied or authorized. GCP parity remains pending.
|
||||
|
||||
## WL-EXEC-01 - VPS Telegram-visible memory + KB audit
|
||||
- Status: `done`
|
||||
|
|
@ -14,7 +14,7 @@ Claim ceiling: VPS Telegram memory/KB audit, full live-safe open-ended Telegram
|
|||
|
||||
## WL-EXEC-01B - Cory-style outcome and direct-claim benchmark
|
||||
- Status: `sandbox_fixture_done_live_handler_done_telegram_visible_auth_ready`
|
||||
- Result: Full mixed-evidence Cory-style benchmark scores `20/20`: `OE-01` through `OE-05` are retained live Telegram read-only replies; `CS-01` through `CS-09` are sandbox expected-answer fixtures covering broader regular-use cases; `DC-01` through `DC-06` are no-context direct-claim expected-answer fixtures requiring the correct Cory-style follow-up action. A live VPS GatewayRunner handler run of the exact `DC-01` through `DC-06` prompts now returns `6/6` replies and strict-scores `6/6` with no Telegram post, no live profile write, no production DB apply, unchanged DB counts, and unchanged service state during the harness. The Telegram-visible DC run now has an exact authorization packet for the raw `DC-01` through `DC-06` group messages, proof paths, scorer command, DB/service readbacks, and screenshot/accessibility capture; it has not been sent. The capture receipt assembler now exists and is `awaiting_capture`, refusing pass until the exact authorized visible replies, DB/service readbacks, screenshot/accessibility proof, and `6/6` score are present. The pre-send preflight harness now exists and local packet checks pass, but the retained current artifact is `status=fail` because this shell cannot SSH to `77.42.65.182:22`; run `telegram-visible-direct-claim-remote-readback-command-current.sh` from a full-access shell, then rerun the preflight with `--remote-json-base64` to unlock the Telegram-visible send gate. The Argus HTTP diagnostics probe passes and shows the currently approved proposals are visible but still not worker-applyable.
|
||||
- Result: Full mixed-evidence Cory-style benchmark scores `20/20`: `OE-01` through `OE-05` are retained live Telegram read-only replies; `CS-01` through `CS-09` are sandbox expected-answer fixtures covering broader regular-use cases; `DC-01` through `DC-06` are no-context direct-claim expected-answer fixtures requiring the correct Cory-style follow-up action. A live VPS GatewayRunner handler run of the exact `DC-01` through `DC-06` prompts now returns `6/6` replies and strict-scores `6/6` with no Telegram post, no live profile write, no production DB apply, unchanged DB counts, and unchanged service state during the harness. The Telegram-visible DC run now has an exact authorization packet for the raw `DC-01` through `DC-06` group messages, proof paths, scorer command, DB/service readbacks, and screenshot/accessibility capture; it has not been sent. The pre-send preflight now passes from supplied top-level SSH readback payload: deploy head matches `.last-deploy-sha`, the remote packet is present/nonempty, service is active/running, and DB counts are present. The capture receipt assembler now exists and is `awaiting_capture`, refusing pass until the exact authorized visible replies, DB/service readbacks, screenshot/accessibility proof, and `6/6` score are present. The Argus HTTP diagnostics probe passes and shows the currently approved proposals are visible but still not worker-applyable.
|
||||
- Not done condition: Reopen if `DC-02` stops recognizing approved Helmer staging row `a64df080-8502-42e2-98f4-9bbdecb8da73` as approved/unapplied, `DC-03` infers decision-matrix approval while `matrix_voters`, `proposal_votes`, and `proposal_decisions` tables are absent, any direct-claim answer omits the `Next Cory-style follow-up:` line, the handler mutates DB/service state during a read-only suite, or the Telegram-visible DC authorization packet drifts from the raw benchmark catalog.
|
||||
- Evidence:
|
||||
- `/Users/user/Documents/Codex/2026-07-09/019f34eb-d297-72d0-b7e2-b222d5515ab9-load/work/teleo-infra-main/docs/reports/leo-working-state-20260709/working-leo-cory-outcome-sandbox-results-current.md`
|
||||
|
|
|
|||
|
|
@ -44,85 +44,6 @@ class CommandResult:
|
|||
Runner = Callable[[list[str], str, int], CommandResult]
|
||||
|
||||
|
||||
REMOTE_SCRIPT = r'''
|
||||
import json
|
||||
import subprocess
|
||||
from pathlib import Path
|
||||
|
||||
repo = Path("__REMOTE_REPO__")
|
||||
packet_path = Path("__REMOTE_PACKET__")
|
||||
|
||||
|
||||
def run(command, **kwargs):
|
||||
return subprocess.run(command, text=True, capture_output=True, check=False, **kwargs)
|
||||
|
||||
|
||||
def service_state():
|
||||
proc = run([
|
||||
"systemctl",
|
||||
"show",
|
||||
"leoclean-gateway.service",
|
||||
"-p",
|
||||
"ActiveState",
|
||||
"-p",
|
||||
"SubState",
|
||||
"-p",
|
||||
"MainPID",
|
||||
"-p",
|
||||
"NRestarts",
|
||||
"-p",
|
||||
"ExecMainStartTimestamp",
|
||||
"--no-pager",
|
||||
])
|
||||
state = {}
|
||||
for line in proc.stdout.splitlines():
|
||||
if "=" in line:
|
||||
key, value = line.split("=", 1)
|
||||
state[key] = value
|
||||
return {"returncode": proc.returncode, "stderr": proc.stderr, "state": state}
|
||||
|
||||
|
||||
def db_counts():
|
||||
sql = """
|
||||
select jsonb_build_object(
|
||||
'public.claims', (select count(*) from public.claims),
|
||||
'public.sources', (select count(*) from public.sources),
|
||||
'public.claim_evidence', (select count(*) from public.claim_evidence),
|
||||
'public.claim_edges', (select count(*) from public.claim_edges),
|
||||
'kb_stage.kb_proposals', (select count(*) from kb_stage.kb_proposals)
|
||||
)::text;
|
||||
"""
|
||||
proc = run(
|
||||
["docker", "exec", "-i", "teleo-pg", "psql", "-U", "postgres", "-d", "teleo", "-At", "-q"],
|
||||
input=sql,
|
||||
)
|
||||
parsed = None
|
||||
if proc.returncode == 0 and proc.stdout.strip():
|
||||
parsed = json.loads(proc.stdout.strip())
|
||||
return {"returncode": proc.returncode, "stderr": proc.stderr, "counts": parsed}
|
||||
|
||||
|
||||
def git_value(args):
|
||||
proc = run(["git", "-C", str(repo), *args])
|
||||
return {"returncode": proc.returncode, "stdout": proc.stdout.strip(), "stderr": proc.stderr.strip()}
|
||||
|
||||
|
||||
payload = {
|
||||
"deploy_head": git_value(["rev-parse", "HEAD"]),
|
||||
"last_deploy_sha": {
|
||||
"returncode": 0,
|
||||
"stdout": Path("/opt/teleo-eval/.last-deploy-sha").read_text(encoding="utf-8").strip(),
|
||||
"stderr": "",
|
||||
},
|
||||
"packet_present": packet_path.exists(),
|
||||
"packet_bytes": packet_path.stat().st_size if packet_path.exists() else 0,
|
||||
"service": service_state(),
|
||||
"db_counts": db_counts(),
|
||||
}
|
||||
print(json.dumps(payload, sort_keys=True))
|
||||
'''
|
||||
|
||||
|
||||
def subprocess_runner(command: list[str], input_text: str, timeout: int) -> CommandResult:
|
||||
proc = subprocess.run(command, input=input_text, text=True, capture_output=True, timeout=timeout, check=False)
|
||||
return CommandResult(proc.returncode, proc.stdout, proc.stderr)
|
||||
|
|
@ -146,7 +67,7 @@ def packet_checks(packet: dict[str, Any]) -> dict[str, bool]:
|
|||
}
|
||||
|
||||
|
||||
def ssh_command(args: argparse.Namespace) -> list[str]:
|
||||
def ssh_command(args: argparse.Namespace, remote_command: str) -> list[str]:
|
||||
return [
|
||||
"ssh",
|
||||
"-i",
|
||||
|
|
@ -158,28 +79,164 @@ def ssh_command(args: argparse.Namespace) -> list[str]:
|
|||
"-o",
|
||||
f"ConnectTimeout={args.connect_timeout}",
|
||||
args.ssh_target,
|
||||
"python3 -",
|
||||
remote_command,
|
||||
]
|
||||
|
||||
|
||||
def remote_script_text() -> str:
|
||||
return REMOTE_SCRIPT.replace("__REMOTE_REPO__", REMOTE_REPO).replace("__REMOTE_PACKET__", REMOTE_PACKET)
|
||||
def db_counts_sql() -> str:
|
||||
return """
|
||||
select jsonb_build_object(
|
||||
'public.claims', (select count(*) from public.claims),
|
||||
'public.sources', (select count(*) from public.sources),
|
||||
'public.claim_evidence', (select count(*) from public.claim_evidence),
|
||||
'public.claim_edges', (select count(*) from public.claim_edges),
|
||||
'kb_stage.kb_proposals', (select count(*) from kb_stage.kb_proposals)
|
||||
)::text;
|
||||
""".strip()
|
||||
|
||||
|
||||
def deploy_readback_command() -> str:
|
||||
repo = shlex.quote(REMOTE_REPO)
|
||||
packet = shlex.quote(REMOTE_PACKET)
|
||||
return (
|
||||
f"cd {repo} && "
|
||||
"printf 'deploy_head=' && git rev-parse HEAD && "
|
||||
"printf 'last_deploy_sha=' && cat /opt/teleo-eval/.last-deploy-sha && printf '\\n' && "
|
||||
f"if [ -s {packet} ]; then "
|
||||
"printf 'packet_present=true\\npacket_bytes='; "
|
||||
f"wc -c < {packet}; "
|
||||
"else printf 'packet_present=false\\npacket_bytes=0\\n'; fi"
|
||||
)
|
||||
|
||||
|
||||
def service_readback_command() -> str:
|
||||
return (
|
||||
"systemctl show leoclean-gateway.service "
|
||||
"-p ActiveState -p SubState -p MainPID -p NRestarts -p ExecMainStartTimestamp --no-pager"
|
||||
)
|
||||
|
||||
|
||||
def db_counts_readback_command() -> str:
|
||||
return "docker exec teleo-pg psql -U postgres -d teleo -At -q -c " + shlex.quote(db_counts_sql())
|
||||
|
||||
|
||||
def parse_key_value_lines(text: str) -> dict[str, str]:
|
||||
values = {}
|
||||
for line in text.splitlines():
|
||||
if "=" not in line:
|
||||
continue
|
||||
key, value = line.split("=", 1)
|
||||
values[key] = value.strip()
|
||||
return values
|
||||
|
||||
|
||||
def collect_remote_direct(args: argparse.Namespace, runner: Runner) -> tuple[dict[str, Any] | None, int, str]:
|
||||
commands = {
|
||||
"deploy": deploy_readback_command(),
|
||||
"service": service_readback_command(),
|
||||
"db_counts": db_counts_readback_command(),
|
||||
}
|
||||
results = {
|
||||
name: runner(ssh_command(args, command), "", args.timeout)
|
||||
for name, command in commands.items()
|
||||
}
|
||||
stderr = "\n".join(
|
||||
f"{name}: {result.stderr.strip()}"
|
||||
for name, result in results.items()
|
||||
if result.stderr.strip()
|
||||
)
|
||||
returncode = next((result.returncode for result in results.values() if result.returncode != 0), 0)
|
||||
deploy_values = parse_key_value_lines(results["deploy"].stdout)
|
||||
service_values = parse_key_value_lines(results["service"].stdout)
|
||||
counts = None
|
||||
if results["db_counts"].returncode == 0 and results["db_counts"].stdout.strip():
|
||||
try:
|
||||
counts = json.loads(results["db_counts"].stdout.strip())
|
||||
except json.JSONDecodeError:
|
||||
counts = None
|
||||
try:
|
||||
packet_bytes = int(deploy_values.get("packet_bytes", "0") or "0")
|
||||
except ValueError:
|
||||
packet_bytes = 0
|
||||
payload = {
|
||||
"deploy_head": {
|
||||
"returncode": results["deploy"].returncode,
|
||||
"stdout": deploy_values.get("deploy_head", ""),
|
||||
"stderr": results["deploy"].stderr.strip(),
|
||||
},
|
||||
"last_deploy_sha": {
|
||||
"returncode": results["deploy"].returncode,
|
||||
"stdout": deploy_values.get("last_deploy_sha", ""),
|
||||
"stderr": results["deploy"].stderr.strip(),
|
||||
},
|
||||
"packet_present": deploy_values.get("packet_present") == "true",
|
||||
"packet_bytes": packet_bytes,
|
||||
"service": {
|
||||
"returncode": results["service"].returncode,
|
||||
"stderr": results["service"].stderr,
|
||||
"state": service_values,
|
||||
},
|
||||
"db_counts": {
|
||||
"returncode": results["db_counts"].returncode,
|
||||
"stderr": results["db_counts"].stderr,
|
||||
"counts": counts,
|
||||
},
|
||||
}
|
||||
return payload, returncode, stderr
|
||||
|
||||
|
||||
def remote_readback_command_script(args: argparse.Namespace) -> str:
|
||||
ssh_prefix = " ".join(
|
||||
shlex.quote(part)
|
||||
for part in [
|
||||
"ssh",
|
||||
"-i",
|
||||
str(args.ssh_key),
|
||||
"-o",
|
||||
"BatchMode=yes",
|
||||
"-o",
|
||||
"StrictHostKeyChecking=accept-new",
|
||||
"-o",
|
||||
f"ConnectTimeout={int(args.connect_timeout)}",
|
||||
args.ssh_target,
|
||||
]
|
||||
)
|
||||
lines = [
|
||||
"#!/usr/bin/env bash",
|
||||
"set -euo pipefail",
|
||||
(
|
||||
"ssh "
|
||||
f"-i {shlex.quote(str(args.ssh_key))} "
|
||||
"-o BatchMode=yes "
|
||||
"-o StrictHostKeyChecking=accept-new "
|
||||
f"-o ConnectTimeout={int(args.connect_timeout)} "
|
||||
f"{shlex.quote(args.ssh_target)} "
|
||||
'"python3 -" <<\'PY\' | base64 | tr -d \'\\n\''
|
||||
),
|
||||
remote_script_text().rstrip(),
|
||||
f"# Remote packet: {REMOTE_PACKET}",
|
||||
"# Readback covers deploy head, .last-deploy-sha, leoclean-gateway.service, and DB counts:",
|
||||
"# public.claims, public.sources, public.claim_evidence, public.claim_edges, kb_stage.kb_proposals",
|
||||
"run_ssh() {",
|
||||
f" {ssh_prefix} \"$1\"",
|
||||
"}",
|
||||
f"DEPLOY_READBACK=\"$(run_ssh {shlex.quote(deploy_readback_command())})\"",
|
||||
f"SERVICE_READBACK=\"$(run_ssh {shlex.quote(service_readback_command())})\"",
|
||||
f"DB_COUNTS_READBACK=\"$(run_ssh {shlex.quote(db_counts_readback_command())})\"",
|
||||
"python3 - \"$DEPLOY_READBACK\" \"$SERVICE_READBACK\" \"$DB_COUNTS_READBACK\" <<'PY' | base64 | tr -d '\\n'",
|
||||
"import json",
|
||||
"import sys",
|
||||
"",
|
||||
"def kv(text):",
|
||||
" out = {}",
|
||||
" for line in text.splitlines():",
|
||||
" if '=' in line:",
|
||||
" key, value = line.split('=', 1)",
|
||||
" out[key] = value.strip()",
|
||||
" return out",
|
||||
"",
|
||||
"deploy = kv(sys.argv[1])",
|
||||
"service = kv(sys.argv[2])",
|
||||
"counts = json.loads(sys.argv[3])",
|
||||
"payload = {",
|
||||
" 'deploy_head': {'returncode': 0, 'stdout': deploy.get('deploy_head', ''), 'stderr': ''},",
|
||||
" 'last_deploy_sha': {'returncode': 0, 'stdout': deploy.get('last_deploy_sha', ''), 'stderr': ''},",
|
||||
" 'packet_present': deploy.get('packet_present') == 'true',",
|
||||
" 'packet_bytes': int(deploy.get('packet_bytes') or 0),",
|
||||
" 'service': {'returncode': 0, 'stderr': '', 'state': service},",
|
||||
" 'db_counts': {'returncode': 0, 'stderr': '', 'counts': counts},",
|
||||
"}",
|
||||
"print(json.dumps(payload, sort_keys=True))",
|
||||
"PY",
|
||||
"printf '\\n'",
|
||||
"",
|
||||
|
|
@ -195,18 +252,6 @@ def write_remote_readback_command(path: Path, args: argparse.Namespace) -> str:
|
|||
return hashlib.sha256(script.encode("utf-8")).hexdigest()
|
||||
|
||||
|
||||
def parse_remote(stdout: str) -> dict[str, Any] | None:
|
||||
for line in reversed(stdout.splitlines()):
|
||||
line = line.strip()
|
||||
if not line.startswith("{"):
|
||||
continue
|
||||
try:
|
||||
return json.loads(line)
|
||||
except json.JSONDecodeError:
|
||||
continue
|
||||
return None
|
||||
|
||||
|
||||
def remote_payload_from_args(args: argparse.Namespace) -> tuple[dict[str, Any] | None, int, str]:
|
||||
if args.remote_json_base64:
|
||||
try:
|
||||
|
|
@ -227,12 +272,8 @@ def collect_preflight(args: argparse.Namespace, *, runner: Runner = subprocess_r
|
|||
remote_stderr = supplied_stderr
|
||||
remote_source = "supplied_remote_json_base64"
|
||||
else:
|
||||
command = ssh_command(args)
|
||||
remote_proc = runner(command, remote_script_text(), args.timeout)
|
||||
remote_payload = parse_remote(remote_proc.stdout) if remote_proc.returncode == 0 else None
|
||||
remote_returncode = remote_proc.returncode
|
||||
remote_stderr = remote_proc.stderr
|
||||
remote_source = "ssh_subprocess"
|
||||
remote_payload, remote_returncode, remote_stderr = collect_remote_direct(args, runner)
|
||||
remote_source = "ssh_direct_commands"
|
||||
|
||||
remote_checks = {
|
||||
"ssh_readback_ok": remote_returncode == 0 and remote_payload is not None,
|
||||
|
|
|
|||
|
|
@ -59,11 +59,35 @@ def good_remote_payload() -> dict:
|
|||
}
|
||||
|
||||
|
||||
def test_preflight_passes_with_ready_packet_and_remote_readback(tmp_path: Path):
|
||||
def fake_runner(_command: list[str], _input: str, _timeout: int) -> preflight.CommandResult:
|
||||
return preflight.CommandResult(0, json.dumps(good_remote_payload()), "")
|
||||
def good_direct_runner(command: list[str], _input: str, _timeout: int) -> preflight.CommandResult:
|
||||
remote_command = command[-1]
|
||||
if "git rev-parse HEAD" in remote_command:
|
||||
return preflight.CommandResult(
|
||||
0,
|
||||
"deploy_head=abc123\nlast_deploy_sha=abc123\npacket_present=true\npacket_bytes=1024\n",
|
||||
"",
|
||||
)
|
||||
if "systemctl show leoclean-gateway.service" in remote_command:
|
||||
return preflight.CommandResult(
|
||||
0,
|
||||
"\n".join(
|
||||
[
|
||||
"ActiveState=active",
|
||||
"SubState=running",
|
||||
"MainPID=1908033",
|
||||
"NRestarts=0",
|
||||
"ExecMainStartTimestamp=Fri 2026-07-10 01:04:22 UTC",
|
||||
]
|
||||
),
|
||||
"",
|
||||
)
|
||||
if "docker exec teleo-pg" in remote_command:
|
||||
return preflight.CommandResult(0, json.dumps(good_remote_payload()["db_counts"]["counts"]), "")
|
||||
raise AssertionError(f"unexpected command: {remote_command}")
|
||||
|
||||
result = preflight.collect_preflight(args_for(preflight.DEFAULT_PACKET, tmp_path), runner=fake_runner)
|
||||
|
||||
def test_preflight_passes_with_ready_packet_and_remote_readback(tmp_path: Path):
|
||||
result = preflight.collect_preflight(args_for(preflight.DEFAULT_PACKET, tmp_path), runner=good_direct_runner)
|
||||
|
||||
assert result["status"] == "pass"
|
||||
assert result["ready_for_authorized_telegram_visible_dc_run"] is True
|
||||
|
|
@ -72,7 +96,7 @@ def test_preflight_passes_with_ready_packet_and_remote_readback(tmp_path: Path):
|
|||
assert result["mutates_db"] is False
|
||||
assert all(result["packet_checks"].values())
|
||||
assert all(result["remote_checks"].values())
|
||||
assert result["remote_source"] == "ssh_subprocess"
|
||||
assert result["remote_source"] == "ssh_direct_commands"
|
||||
assert result["remote_readback_command_path"].endswith("remote-readback.sh")
|
||||
assert len(result["remote_readback_command_sha256"]) == 64
|
||||
|
||||
|
|
@ -97,10 +121,12 @@ def test_remote_readback_command_is_copy_pasteable_shape(tmp_path: Path):
|
|||
digest = preflight.write_remote_readback_command(args.remote_command_out, args)
|
||||
|
||||
text = args.remote_command_out.read_text(encoding="utf-8")
|
||||
assert text.startswith("#!/usr/bin/env bash\nset -euo pipefail\nssh ")
|
||||
assert text.startswith("#!/usr/bin/env bash\nset -euo pipefail\n# Remote packet:")
|
||||
assert "root@example.invalid" in text
|
||||
assert "python3 -\" <<'PY' | base64 | tr -d '\\n'" in text
|
||||
assert "'public.claims'" in text
|
||||
assert "DEPLOY_READBACK" in text
|
||||
assert "SERVICE_READBACK" in text
|
||||
assert "DB_COUNTS_READBACK" in text
|
||||
assert "public.claims" in text
|
||||
assert "telegram-visible-direct-claim-authorization-packet-current.json" in text
|
||||
assert text.endswith("printf '\\n'\n")
|
||||
assert len(digest) == 64
|
||||
|
|
@ -121,13 +147,17 @@ def test_preflight_fails_on_invalid_supplied_remote_payload(tmp_path: Path):
|
|||
|
||||
|
||||
def test_preflight_fails_if_deploy_stamp_drift_detected(tmp_path: Path):
|
||||
payload = good_remote_payload()
|
||||
payload["last_deploy_sha"]["stdout"] = "different"
|
||||
def drift_runner(command: list[str], _input: str, _timeout: int) -> preflight.CommandResult:
|
||||
remote_command = command[-1]
|
||||
if "git rev-parse HEAD" in remote_command:
|
||||
return preflight.CommandResult(
|
||||
0,
|
||||
"deploy_head=abc123\nlast_deploy_sha=different\npacket_present=true\npacket_bytes=1024\n",
|
||||
"",
|
||||
)
|
||||
return good_direct_runner(command, _input, _timeout)
|
||||
|
||||
def fake_runner(_command: list[str], _input: str, _timeout: int) -> preflight.CommandResult:
|
||||
return preflight.CommandResult(0, json.dumps(payload), "")
|
||||
|
||||
result = preflight.collect_preflight(args_for(preflight.DEFAULT_PACKET, tmp_path), runner=fake_runner)
|
||||
result = preflight.collect_preflight(args_for(preflight.DEFAULT_PACKET, tmp_path), runner=drift_runner)
|
||||
|
||||
assert result["status"] == "fail"
|
||||
assert result["ready_for_authorized_telegram_visible_dc_run"] is False
|
||||
|
|
@ -135,10 +165,7 @@ def test_preflight_fails_if_deploy_stamp_drift_detected(tmp_path: Path):
|
|||
|
||||
|
||||
def test_markdown_reports_counts_and_claim_ceiling(tmp_path: Path):
|
||||
def fake_runner(_command: list[str], _input: str, _timeout: int) -> preflight.CommandResult:
|
||||
return preflight.CommandResult(0, json.dumps(good_remote_payload()), "")
|
||||
|
||||
result = preflight.collect_preflight(args_for(preflight.DEFAULT_PACKET, tmp_path), runner=fake_runner)
|
||||
result = preflight.collect_preflight(args_for(preflight.DEFAULT_PACKET, tmp_path), runner=good_direct_runner)
|
||||
out = tmp_path / "preflight.md"
|
||||
|
||||
preflight.write_markdown(out, result)
|
||||
|
|
@ -146,7 +173,7 @@ def test_markdown_reports_counts_and_claim_ceiling(tmp_path: Path):
|
|||
text = out.read_text(encoding="utf-8")
|
||||
assert "Telegram-Visible Direct-Claim Preflight" in text
|
||||
assert "Ready for authorized Telegram-visible DC run: `True`" in text
|
||||
assert "Remote source: `ssh_subprocess`" in text
|
||||
assert "Remote source: `ssh_direct_commands`" in text
|
||||
assert "Remote readback command:" in text
|
||||
assert "`public.claims`: `1837`" in text
|
||||
assert "does not send Telegram messages" in text
|
||||
|
|
@ -163,5 +190,5 @@ def test_markdown_reports_clear_blocker_cta_on_failure(tmp_path: Path):
|
|||
|
||||
text = out.read_text(encoding="utf-8")
|
||||
assert "## Blocker Readback" in text
|
||||
assert "Exact gate: `ssh denied`" in text
|
||||
assert "Exact gate: `deploy: ssh denied" in text
|
||||
assert "--remote-json-base64 <payload>" in text
|
||||
|
|
|
|||
Loading…
Reference in a new issue