Refresh Leo Telegram-visible preflight
Some checks are pending
CI / lint-and-test (push) Waiting to run

This commit is contained in:
twentyOne2x 2026-07-10 06:26:22 +02:00
parent 63278b6354
commit a717965b45
5 changed files with 14 additions and 14 deletions

View file

@ -144,7 +144,7 @@ Use this file before making status claims. Prefer fresh VPS/GCP readbacks when c
- Intentional restart survival is now live-proven as a separate required proof row, not implied by `NRestarts=0`: `systemctl restart leoclean-gateway.service` returned `0`, service moved from `MainPID=1908033` to `MainPID=2845730`, stayed active/running after restart and after the no-post handler smoke, canonical DB counts stayed unchanged (`1837/4145/4670/4916/26`), no Telegram post or production DB apply ran, no live profile change was recorded, temp profile cleanup succeeded, and the post-restart no-post `DC-01` through `DC-06` handler smoke returned six runtime replies. The retained pre-repair post-restart strict score was `5/6`; after deploying repair SHA `090becae1621436467610e529d6328d70964d11f`, the same no-post direct-claim suite strict-scored `6/6` with `DC-01` through `DC-06` all passing, DB counts unchanged, no Telegram post, no production DB apply, no live profile change, and cleanup confirmed. The raw handler JSON is retained on the VPS at `/tmp/leo-post-skill-repair-direct-claim-current.json` with SHA256 `6fffdbafc18913c4fc62feb00906988dee2e696d279f22dd284951a79451f39c`.
- The Telegram-visible direct-claim benchmark is now executable as an exact authorization packet, not yet run: target `Leo` group `-5146042086`, raw no-context messages `DC-01` through `DC-06`, expected proof paths, before/after DB/service readbacks, scorer output, and final screenshot/accessibility proof are retained in `telegram-visible-direct-claim-authorization-packet-current.md`; `telegram_visible_messages_sent=false`.
- The Telegram-visible direct-claim capture receipt assembler is retained and currently `status=awaiting_capture`; it will not emit a passing receipt until the exact operator authorization text, exact six DC messages, nonempty Telegram-visible Leo replies, DB before/after counts, service readback, final screenshot/accessibility proof, and `6/6` direct-claim score are present.
- The Telegram-visible direct-claim pre-send preflight now passes from supplied top-level SSH readback payload: deploy head and `.last-deploy-sha` both equal `7de4c3895350b8fa082bb70eef3ced799130a661`, the remote packet is present/nonempty, `leoclean-gateway.service` is active/running with `MainPID=1908033` and `NRestarts=0`, and DB counts read as `public.claims=1837`, `public.sources=4145`, `public.claim_edges=4916`, `public.claim_evidence=4670`, `kb_stage.kb_proposals=26`. The retained remote readback command SHA256 is `9bbfbe1de6e3f63e7aa9f73a7f412aa16f8f2f60b3c46f87ee93472290047c89`; no Telegram messages were sent and no DB apply ran.
- The Telegram-visible direct-claim pre-send preflight now passes from supplied top-level SSH readback payload: deploy head and `.last-deploy-sha` both equal `63278b6354d3f5f15ed68897be95d484530db59f`, the remote packet is present/nonempty, `leoclean-gateway.service` is active/running with `MainPID=2999690`, `NRestarts=0`, and `ExecMainStartTimestamp=Fri 2026-07-10 03:47:11 UTC`, and DB counts read as `public.claims=1837`, `public.sources=4145`, `public.claim_edges=4916`, `public.claim_evidence=4670`, `kb_stage.kb_proposals=26`. The retained remote readback command SHA256 is `9bbfbe1de6e3f63e7aa9f73a7f412aa16f8f2f60b3c46f87ee93472290047c89`; no Telegram messages were sent and no DB apply ran.
- The public Argus KB diagnostics HTTP probe passes from live `curl` payloads captured at `2026-07-10T02:47:53Z`: `3` approved proposals are visible (`14fa5ecc`, `ac036c9d`, `a64df080`), all are `approved_needs_apply_payload`, `worker_applyable_count=0`, and the endpoint is read-only. This supports Leo's expected answer that the approved KB work is not yet directly applyable/canonical, but it is not Docker/Postgres row-count or gateway-service proof.
- The highest-risk direct-claim cases are now green at handler level: `DC-02` recognizes approved Helmer staging row `a64df080-8502-42e2-98f4-9bbdecb8da73` as approved/unapplied, `DC-03` says the decision-matrix path is not shipped while matrix tables are absent, `DC-04` avoids a single-cause document pointer diagnosis, `DC-05` separates staging demo from authorized canonical apply, and `DC-06` separates `SOUL.md` runtime edits from canonical DB identity.
- A strict canonical `add_edge` apply canary is live-proven.

View file

@ -10,7 +10,7 @@
"next_non_user_action": "Rerun this preflight with supplied VPS remote readback JSON, then run the Telegram-visible DC scorer and service/DB after-readbacks if the user explicitly authorizes the group send."
},
"claim_ceiling": "This is a read-only preflight for an explicitly authorized Telegram-visible DC benchmark. It does not send Telegram messages, does not run production apply, and does not prove Telegram-visible DC behavior until the six-message run is authorized, sent, captured, and scored.",
"generated_at_utc": "2026-07-10T03:08:59.760485+00:00",
"generated_at_utc": "2026-07-10T04:25:06.518703+00:00",
"mode": "telegram_visible_direct_claim_preflight_readonly",
"mutates_db": false,
"packet_checks": {
@ -41,12 +41,12 @@
"deploy_head": {
"returncode": 0,
"stderr": "",
"stdout": "7de4c3895350b8fa082bb70eef3ced799130a661"
"stdout": "63278b6354d3f5f15ed68897be95d484530db59f"
},
"last_deploy_sha": {
"returncode": 0,
"stderr": "",
"stdout": "7de4c3895350b8fa082bb70eef3ced799130a661"
"stdout": "63278b6354d3f5f15ed68897be95d484530db59f"
},
"packet_bytes": 9700,
"packet_present": true,
@ -54,8 +54,8 @@
"returncode": 0,
"state": {
"ActiveState": "active",
"ExecMainStartTimestamp": "Fri 2026-07-10 01:04:22 UTC",
"MainPID": "1908033",
"ExecMainStartTimestamp": "Fri 2026-07-10 03:47:11 UTC",
"MainPID": "2999690",
"NRestarts": "0",
"SubState": "running"
},

View file

@ -1,6 +1,6 @@
# Telegram-Visible Direct-Claim Preflight
Generated UTC: `2026-07-10T03:08:59.760485+00:00`
Generated UTC: `2026-07-10T04:25:06.518703+00:00`
Mode: `telegram_visible_direct_claim_preflight_readonly`
Status: `pass`
Ready for authorized Telegram-visible DC run: `True`
@ -33,13 +33,13 @@ Remote readback command SHA256: `9bbfbe1de6e3f63e7aa9f73a7f412aa16f8f2f60b3c46f8
## Deploy And Service
- Deploy head: `7de4c3895350b8fa082bb70eef3ced799130a661`
- Last deploy SHA: `7de4c3895350b8fa082bb70eef3ced799130a661`
- Deploy head: `63278b6354d3f5f15ed68897be95d484530db59f`
- Last deploy SHA: `63278b6354d3f5f15ed68897be95d484530db59f`
- ActiveState: `active`
- SubState: `running`
- MainPID: `1908033`
- MainPID: `2999690`
- NRestarts: `0`
- ExecMainStartTimestamp: `Fri 2026-07-10 01:04:22 UTC`
- ExecMainStartTimestamp: `Fri 2026-07-10 03:47:11 UTC`
## DB Counts Before Send

View file

@ -67,8 +67,8 @@ A working Leo, for Cory/m3taversal's current expectation, is a Telegram-facing a
- full-access remote readback command: `work/teleo-infra-main/docs/reports/leo-working-state-20260709/telegram-visible-direct-claim-remote-readback-command-current.sh`
- command SHA256: `9bbfbe1de6e3f63e7aa9f73a7f412aa16f8f2f60b3c46f87ee93472290047c89`
- local authorization-packet checks all pass
- supplied top-level SSH readback payload passes all remote checks: deploy head matches `.last-deploy-sha` at `7de4c3895350b8fa082bb70eef3ced799130a661`, the remote packet is present/nonempty, `leoclean-gateway.service` is active/running, and DB counts are readable
- service readback: `MainPID=1908033`, `NRestarts=0`, `ExecMainStartTimestamp=Fri 2026-07-10 01:04:22 UTC`
- supplied top-level SSH readback payload passes all remote checks: deploy head matches `.last-deploy-sha` at `63278b6354d3f5f15ed68897be95d484530db59f`, the remote packet is present/nonempty, `leoclean-gateway.service` is active/running, and DB counts are readable
- service readback: `MainPID=2999690`, `NRestarts=0`, `ExecMainStartTimestamp=Fri 2026-07-10 03:47:11 UTC`
- DB counts before any send: `public.claims=1837`, `public.sources=4145`, `public.claim_edges=4916`, `public.claim_evidence=4670`, `kb_stage.kb_proposals=26`
- no Telegram message was sent, no production apply ran, and the current preflight status is `pass`
- Argus public KB diagnostics probe is now retained and passing:

View file

@ -1,6 +1,6 @@
# Working Leo Execution Plan - 2026-07-09
Claim ceiling: VPS Telegram memory/KB audit, full live-safe open-ended Telegram suite, full mixed-evidence Cory-style outcome/direct-claim sandbox benchmark, live VPS GatewayRunner no-context direct-claim suite, Telegram-visible DC authorization packet, Telegram-visible DC pre-send preflight, Telegram-to-`kb_stage` proposal staging, and strict existing-ID apply are working. The live VPS handler suite for exact `DC-01` through `DC-06` prompts strict-scores `6/6` after the authorized-session-plan deploy and scorer refresh, with no Telegram post, no live profile write, no production DB apply, unchanged DB counts, temp profile cleanup, and unchanged gateway service state during the harness. The Telegram-visible DC suite is exact-scoped and ready to request authorization, but not sent; the pre-send preflight now passes from supplied top-level SSH readback payload with deploy head and `.last-deploy-sha` at `7de4c3895350b8fa082bb70eef3ced799130a661`, active/running service state, and DB counts present. The capture receipt assembler is retained but remains `awaiting_capture` until real visible replies plus DB/service/visual proof are supplied and scored. Public Argus HTTP diagnostics currently show `3` approved proposals, all `approved_needs_apply_payload`, with `worker_applyable_count=0`, which supports the expected no-overclaim answer but does not prove Docker row counts or systemd state. The full prepared DB packet set is integrated-clone-proven in dependency order: mapped rich base, cross-surface anchor, Rio strategy context, governance/concept schema, and Helmer 7 Powers. A read-only live production preflight baseline now passes `5/5`, an authorized apply operator runbook is generated, an authorized apply session plan maps every apply-window output path with authorization gates, a production apply authorization packet is ready-to-request, the authorization verifier refuses the current apply window because no exact authorization text/operator identity is present, and the receipt assembler refuses final receipt emission because post-apply session artifacts/counts are absent. None of those packets are production-applied or authorized. GCP parity remains pending.
Claim ceiling: VPS Telegram memory/KB audit, full live-safe open-ended Telegram suite, full mixed-evidence Cory-style outcome/direct-claim sandbox benchmark, live VPS GatewayRunner no-context direct-claim suite, Telegram-visible DC authorization packet, Telegram-visible DC pre-send preflight, Telegram-to-`kb_stage` proposal staging, and strict existing-ID apply are working. The live VPS handler suite for exact `DC-01` through `DC-06` prompts strict-scores `6/6` after the authorized-session-plan deploy and scorer refresh, with no Telegram post, no live profile write, no production DB apply, unchanged DB counts, temp profile cleanup, and unchanged gateway service state during the harness. The Telegram-visible DC suite is exact-scoped and ready to request authorization, but not sent; the pre-send preflight now passes from supplied top-level SSH readback payload with deploy head and `.last-deploy-sha` at `63278b6354d3f5f15ed68897be95d484530db59f`, active/running service state (`MainPID=2999690`, `NRestarts=0`), and DB counts present. The capture receipt assembler is retained but remains `awaiting_capture` until real visible replies plus DB/service/visual proof are supplied and scored. Public Argus HTTP diagnostics currently show `3` approved proposals, all `approved_needs_apply_payload`, with `worker_applyable_count=0`, which supports the expected no-overclaim answer but does not prove Docker row counts or systemd state. The full prepared DB packet set is integrated-clone-proven in dependency order: mapped rich base, cross-surface anchor, Rio strategy context, governance/concept schema, and Helmer 7 Powers. A read-only live production preflight baseline now passes `5/5`, an authorized apply operator runbook is generated, an authorized apply session plan maps every apply-window output path with authorization gates, a production apply authorization packet is ready-to-request, the authorization verifier refuses the current apply window because no exact authorization text/operator identity is present, and the receipt assembler refuses final receipt emission because post-apply session artifacts/counts are absent. None of those packets are production-applied or authorized. GCP parity remains pending.
## WL-EXEC-01 - VPS Telegram-visible memory + KB audit
- Status: `done`