docs(ops): record macbook artifact sync readback [skip ci]
This commit is contained in:
@@ -1,3 +1,30 @@
|
||||
## 2026-06-24|MacBook Pro Codex safe artifact sync readback
|
||||
|
||||
**背景**:MacBook Pro `192.168.0.111` 已在外部環境開機且可 SSH,接續雙工作站 Codex / Gitea dev workflow,將共同開工入口與治理 snapshot 以白名單方式同步到 MacBook。這不是 raw Codex / ChatGPT 歷史聊天同步,也不是 product repo、`.env`、runtime volume 或 raw `.git` 複製。
|
||||
|
||||
**Readback**:
|
||||
- MacBook Pro SSH:`ooo@192.168.0.111` 可登入,hostname `MacBook-Pro.local`。
|
||||
- 同步白名單 artifacts `9/9` SHA-256 完全一致:`CODEX-START-HERE.md`、Start Here snapshot、completion scorecard、workspace registry JSON/MD、workstation sync dashboard JSON/MD、artifact sync readback JSON/MD。
|
||||
- MacBook Pro Start Here 回讀:`raw_history_sync=False`、`registry_ready=3`、`registry_blocked=8`、`latest_dev_on_gitea=3`、`production_on_gitea=8`。
|
||||
- MacBook Pro dashboard 回讀:`artifact_sync_synced=2`、`artifact_sync_blocked=0`。
|
||||
- MOMO Pro MacBook workspace 維持 ready:`/Users/ooo/codex-workspaces/momo-pro-dev`,commit `76a89a70986b7428704a12ffbb7180f159db151f`,dirty `0`。
|
||||
- AwoooGo MacBook clone 仍 blocked:Gitea HTTP auth / visibility gate 未解,不能宣稱 MacBook Pro AwoooGo ready。
|
||||
|
||||
**新增文件 / snapshot**:
|
||||
- `docs/operations/codex-workstation-artifact-sync-readback.snapshot.json`
|
||||
- `docs/operations/CODEX-WORKSTATION-ARTIFACT-SYNC-READBACK-2026-06-24.md`
|
||||
|
||||
**階段性進度建議**:
|
||||
- P0-009 Gitea / Codex 雙工作站版本一致性可由 `84%` 提升到 `86%`,因 MacBook artifact sync blocker 已清除。
|
||||
- P1-006 Codex workstation bootstrap automation 可由 `78%` 提升到 `80%`,因 Start Here / Dashboard / artifact readback 已在兩台 Mac 可讀。
|
||||
- P2-002 Mac Mini / MacBook Pro Codex 同步機制可由 `67%` 提升到 `70%`,但仍保留全產品 Gitea blockers。
|
||||
- 正式 completion scorecard 尚未更新;原因是 `product-runtime-governance-completion-scorecard.py` 目前仍在主工作樹 untracked tooling,需先納入正式 repo / shared tooling capture,避免 Start Here 與 LOGBOOK 產生雙重權威。
|
||||
|
||||
**邊界**:
|
||||
- 仍不能宣稱「所有產品都可雙機 Codex 開發」:目前只有 AWOOOI、MOMO Pro、AwoooGo 在 Gitea `dev` ready,其中 MacBook 實際 workspace confirmed 的新產品是 MOMO Pro;remaining blocked products `8`。
|
||||
- 仍不能同步 raw Codex App DB / auth / conversations / sessions、`.env`、runtime volumes、raw `.git`。
|
||||
- owner preflight ready 仍 `0`,blocked `2`;2026FIFA / Agent Bounty 等候 owner response 前不得建立遠端 `dev` branch。
|
||||
|
||||
## 2026-06-24|剩餘產品 Gitea dev readiness readback
|
||||
|
||||
**背景**:MOMO Pro / AwoooGo 已完成 Gitea `dev` branch 與 Mac Mini dev workspace 後,繼續盤點剩餘產品是否可安全納入同一套 Gitea dev workflow。本輪只讀,不建立 branch、不 clone、不 push、不同步 raw `.git`、不搬 `.env` / runtime volume / raw Codex conversations。
|
||||
|
||||
@@ -0,0 +1,40 @@
|
||||
# Codex Workstation Artifact Sync Readback
|
||||
|
||||
- generated_at: `2026-06-24T05:05:27+00:00`
|
||||
- sync_mode: `handoff_artifacts_not_raw_codex_app_db`
|
||||
- targets: `2`
|
||||
- synced_targets: `2`
|
||||
- blocked_targets: `0`
|
||||
- tracked_handoff_artifacts: `7`
|
||||
- synced_files: `9`
|
||||
- sha256_match_count: `9`
|
||||
|
||||
## 結論
|
||||
|
||||
Mac Mini 與 MacBook Pro 已同步白名單 handoff artifacts;這不是 raw Codex 歷史聊天同步。
|
||||
|
||||
## Targets
|
||||
|
||||
| Workstation | Host | Status | Tracked Artifacts | Blocker |
|
||||
|-------------|------|--------|-------------------|---------|
|
||||
| `mac-mini` | `local` | `synced` | `7` | `none` |
|
||||
| `macbook-pro` | `192.168.0.111` | `synced` | `7` | `none` |
|
||||
|
||||
## Artifacts
|
||||
|
||||
| Artifact | SHA-256 |
|
||||
|----------|---------|
|
||||
| `start_here_md` | `efc1295f8f904cb90218b8b5e53d37c655757e4ffa2a764dd7c50d396f6a265f` |
|
||||
| `start_here_snapshot` | `1b62351df729eb3f38d09cbc23c7c26f23b6b043e59010bb430806897da79df2` |
|
||||
| `completion_scorecard` | `6d2a73cdb33602de1894f9021152d7be8e349924738ccc30aa372ce5d4b9fd47` |
|
||||
| `workspace_registry_snapshot` | `10953603b940cc0bdc22115e42ce4eec8bfc709d98f73caeb6cf59b1f05e1bbc` |
|
||||
| `workspace_registry_md` | `2a30db97094e0b5ee07585775db5ecf8ba0ea1858cb01d8c25400699f2cfedb3` |
|
||||
| `workstation_sync_dashboard_snapshot` | `6f0f917f483839de5affdd08e50dcd4b453b8f162c1f92fa17abc43db463eedc` |
|
||||
| `workstation_sync_dashboard_md` | `6120c2edd8368e7e04087b01e5e0657a061afed89a90fa8291c1292b04858c02` |
|
||||
|
||||
## 安全邊界
|
||||
|
||||
- 未同步 raw Codex App DB / auth / conversations / sessions。
|
||||
- 未同步 secret value、`.env`、runtime volume 或 raw `.git`。
|
||||
- 未修改產品 repo。
|
||||
- 未執行 production / host / runtime 寫操作。
|
||||
@@ -0,0 +1,80 @@
|
||||
{
|
||||
"schema_version": "codex_workstation_artifact_sync_readback_v1",
|
||||
"generated_at": "2026-06-24T05:05:27+00:00",
|
||||
"sync_mode": "handoff_artifacts_not_raw_codex_app_db",
|
||||
"artifacts": [
|
||||
{
|
||||
"artifact_id": "start_here_md",
|
||||
"source_path": "/Users/ogt/.codex/CODEX-START-HERE.md",
|
||||
"sha256": "efc1295f8f904cb90218b8b5e53d37c655757e4ffa2a764dd7c50d396f6a265f"
|
||||
},
|
||||
{
|
||||
"artifact_id": "start_here_snapshot",
|
||||
"source_path": "/Users/ogt/.codex/codex-start-here.snapshot.json",
|
||||
"sha256": "1b62351df729eb3f38d09cbc23c7c26f23b6b043e59010bb430806897da79df2"
|
||||
},
|
||||
{
|
||||
"artifact_id": "completion_scorecard",
|
||||
"source_path": "/Users/ogt/.codex/product-runtime-governance-completion-scorecard.snapshot.json",
|
||||
"sha256": "6d2a73cdb33602de1894f9021152d7be8e349924738ccc30aa372ce5d4b9fd47"
|
||||
},
|
||||
{
|
||||
"artifact_id": "workspace_registry_snapshot",
|
||||
"source_path": "/Users/ogt/.codex/codex-gitea-workspace-registry.snapshot.json",
|
||||
"sha256": "10953603b940cc0bdc22115e42ce4eec8bfc709d98f73caeb6cf59b1f05e1bbc"
|
||||
},
|
||||
{
|
||||
"artifact_id": "workspace_registry_md",
|
||||
"source_path": "/Users/ogt/.codex/CODEX-GITEA-WORKSPACE-REGISTRY-2026-06-24.md",
|
||||
"sha256": "2a30db97094e0b5ee07585775db5ecf8ba0ea1858cb01d8c25400699f2cfedb3"
|
||||
},
|
||||
{
|
||||
"artifact_id": "workstation_sync_dashboard_snapshot",
|
||||
"source_path": "/Users/ogt/.codex/codex-workstation-sync-dashboard.snapshot.json",
|
||||
"sha256": "6f0f917f483839de5affdd08e50dcd4b453b8f162c1f92fa17abc43db463eedc"
|
||||
},
|
||||
{
|
||||
"artifact_id": "workstation_sync_dashboard_md",
|
||||
"source_path": "/Users/ogt/.codex/CODEX-WORKSTATION-SYNC-DASHBOARD-2026-06-24.md",
|
||||
"sha256": "6120c2edd8368e7e04087b01e5e0657a061afed89a90fa8291c1292b04858c02"
|
||||
}
|
||||
],
|
||||
"targets": [
|
||||
{
|
||||
"workstation_id": "mac-mini",
|
||||
"host": "local",
|
||||
"status": "synced",
|
||||
"artifact_count": 7,
|
||||
"readback": "LOCAL_ARTIFACT_READBACK_FINAL sha256_ready=7 start_here_registry_ready=3 registry_blocked=8 artifact_sync_blocked=0",
|
||||
"blocker": "",
|
||||
"raw_codex_app_synced": false,
|
||||
"secret_values_collected": false,
|
||||
"remote_write_performed": false
|
||||
},
|
||||
{
|
||||
"workstation_id": "macbook-pro",
|
||||
"host": "192.168.0.111",
|
||||
"status": "synced",
|
||||
"artifact_count": 7,
|
||||
"readback": "MACBOOK_ARTIFACT_READBACK_FINAL host=192.168.0.111 sha256_match=9/9 tracked_handoff_artifacts=7 synced_files=9 start_here_registry_ready=3 start_here_registry_blocked=8 latest_dev_on_gitea=3 production_on_gitea=8 raw_history_sync=False dashboard_artifact_sync_synced=2 dashboard_artifact_sync_blocked=0 momo_pro_dev_branch=dev momo_pro_dev_commit=76a89a70986b7428704a12ffbb7180f159db151f awooogo_dev_workspace=blocked_gitea_auth",
|
||||
"blocker": "",
|
||||
"raw_codex_app_synced": false,
|
||||
"secret_values_collected": false,
|
||||
"remote_write_performed": false
|
||||
}
|
||||
],
|
||||
"summary": {
|
||||
"target_count": 2,
|
||||
"synced_target_count": 2,
|
||||
"blocked_target_count": 0,
|
||||
"artifact_count": 7,
|
||||
"sha256_match_count": 9,
|
||||
"tracked_handoff_artifact_count": 7,
|
||||
"synced_file_count": 9
|
||||
},
|
||||
"raw_codex_app_synced": false,
|
||||
"secret_values_collected": false,
|
||||
"remote_write_performed": false,
|
||||
"local_product_write_performed": false,
|
||||
"execution_authorized": false
|
||||
}
|
||||
@@ -209,6 +209,37 @@ DR_COMPLETE = no, because credential escrow evidence is incomplete
|
||||
|
||||
所有回報必須使用這組詞,避免把「服務面可用」誤報成「整體 DR 完成」。
|
||||
|
||||
### 0.3 Codex 工作站交接判定
|
||||
|
||||
重啟後若需要從 Mac Mini / MacBook Pro 繼續 Codex 開發,必須另外確認 Codex safe handoff artifacts,不得把服務恢復與 Codex raw 對話同步混為一談。
|
||||
|
||||
2026-06-24 13:03 Asia/Taipei readback:
|
||||
|
||||
```text
|
||||
MacBook Pro 192.168.0.111 SSH = OK
|
||||
Safe artifacts synced = 9/9 SHA-256 matched
|
||||
Start Here readback = registry_ready 3, registry_blocked 8, latest_dev_on_gitea 3, production_on_gitea 8, raw_history_sync False
|
||||
Workstation dashboard readback = artifact_sync_synced 2, artifact_sync_blocked 0
|
||||
MOMO Pro MacBook workspace = /Users/ooo/codex-workspaces/momo-pro-dev, dev commit 76a89a70986b7428704a12ffbb7180f159db151f, dirty 0
|
||||
AwoooGo MacBook workspace = blocked by Gitea auth / visibility gate
|
||||
```
|
||||
|
||||
允許宣告:
|
||||
|
||||
```text
|
||||
Mac Mini / MacBook Pro 已同步 Codex 開工入口與治理 snapshot。
|
||||
MOMO Pro 可以在 MacBook Pro 從 Gitea dev workspace 開工;實作前仍需從 dev 切 codex/<task>。
|
||||
```
|
||||
|
||||
禁止宣告:
|
||||
|
||||
```text
|
||||
raw Codex / ChatGPT 歷史聊天已同步。
|
||||
所有產品都能雙機同步開發。
|
||||
AwoooGo MacBook workspace ready。
|
||||
2026FIFA / Agent Bounty owner preflight 已通過。
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## 1. Golden Startup Order
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
| P0 host / K3s recovery | DONE | 100% | 120 booted after console fsck at `2026-06-12 15:13`; latest 2026-06-14 18:15 readback shows 120 is reachable, K3s is active, `mon` and `mon1` are both `Ready control-plane`, and cold-start P0/P1 checks are green. |
|
||||
| P1 backup / alert / escrow | BLOCKED_DR_ESCROW | 96% | 2026-06-24 11:20 backup / alert readback shows 110 `13/13 fresh failed=0`, 188 `2/2 fresh failed=0`, `core_blockers=0`, `integrity_stale=0`, `offsite_fresh=1`, `rclone_gdrive_fresh=1`, `escrow_missing=5`。188 `node-exporter` textfile scrape、PostgreSQL exporter、Redis exporter、MinIO endpoint、Velero BSL and latest completed backup freshness are restored; `BackupHealthMonitorMissing188`、`PostgreSQLDown`、`RedisDown`、`VeleroBackupNotRun` and 110 disk-pressure alerts resolved. DR remains blocked on real non-secret credential escrow evidence IDs. |
|
||||
| P2 service / data truth | BLOCKED_MOMO_DATA_FRESHNESS | 96% | Public route/TLS, API/Web route, momo health `V10.639`, current-month parity `10936|10936|2026-06-01|2026-06-17|2026-06-01|2026-06-17`, backup exporters, schedules, K3s node readiness/storage conditions, VIP, and 110 / 188 runtime health are green. However MOMO latest business date is `2026-06-17`; stale age is `7` days as of 11:35. Drive pending folder has `0` matching files and archive latest `2026-06-18T01:30:39Z` is already imported by job `56`, so there is no safe newer source to import. |
|
||||
| P3 docs / automation contracts | DONE_WITH_MOMO_SOURCE_ABSENCE_GATE | 100% | Workplan, SOP v1.32, BACKUP-STATUS, LOGBOOK, 120 console/fsck recovery, Gitea backup stale-dump hardening, reboot ledger/version-comparison SOP, escrow evidence audit, 188 nginx Ansible baseline, 110 cold-start detector script, startup judgment layers, GO/NO-GO tree, host recovery cards, explicit Plan B degraded-operation path, machine-readable `plan_b` baseline, readiness-audit Plan B guard, B0-B5 service levels, T+0/T+120 fallback timeline checks, host role / load-balancing assessment, CD `known_hosts` guardrail, `fwupd-refresh.timer` rollback note, K3s filesystem event blocker, AWOOOI backup no-direct-offsite-sync contract, 110/188 Ansible source-of-truth, Gitea self-hosted readiness validation workflow, post-CD no-regression readbacks, stale-vs-active K8s failed Job classification, 110 runaway browser / CI load AIOps exporter + alert + gated remediation PlayBook, Telegram / AI event packet mapping, healthy heartbeat Telegram suppression, MOMO scheduler / current-month detector fix, 188 node-exporter restore helper, 188 DB/Redis exporter restore helper, 188 MinIO/Velero restore helper, 110 Docker disk pressure cleanup boundary, MOMO Google Drive token userns readback, MOMO daily freshness blocker, MOMO Pro false-noise health monitor source-of-truth, docker-health direct Telegram fallback cooldown, Bitan public-content same-fingerprint cooldown, notification-noise readback, and MOMO source-file absence GO/NO-GO gate are updated. Production image `a84a5a0b` remains live with API `2/2`, Web `2/2`, Worker `1/1`; `7db7800e` is docs-only and does not require runtime image rebuild. |
|
||||
| P3 docs / automation contracts | DONE_WITH_MOMO_SOURCE_ABSENCE_GATE | 100% | Workplan, SOP v1.32, BACKUP-STATUS, LOGBOOK, 120 console/fsck recovery, Gitea backup stale-dump hardening, reboot ledger/version-comparison SOP, escrow evidence audit, 188 nginx Ansible baseline, 110 cold-start detector script, startup judgment layers, GO/NO-GO tree, host recovery cards, explicit Plan B degraded-operation path, machine-readable `plan_b` baseline, readiness-audit Plan B guard, B0-B5 service levels, T+0/T+120 fallback timeline checks, host role / load-balancing assessment, CD `known_hosts` guardrail, `fwupd-refresh.timer` rollback note, K3s filesystem event blocker, AWOOOI backup no-direct-offsite-sync contract, 110/188 Ansible source-of-truth, Gitea self-hosted readiness validation workflow, post-CD no-regression readbacks, stale-vs-active K8s failed Job classification, 110 runaway browser / CI load AIOps exporter + alert + gated remediation PlayBook, Telegram / AI event packet mapping, healthy heartbeat Telegram suppression, MOMO scheduler / current-month detector fix, 188 node-exporter restore helper, 188 DB/Redis exporter restore helper, 188 MinIO/Velero restore helper, 110 Docker disk pressure cleanup boundary, MOMO Google Drive token userns readback, MOMO daily freshness blocker, MOMO Pro false-noise health monitor source-of-truth, docker-health direct Telegram fallback cooldown, Bitan public-content same-fingerprint cooldown, notification-noise readback, MOMO source-file absence GO/NO-GO gate, and MacBook Pro Codex safe artifact sync readback are updated. Production image `a84a5a0b` remains live with API `2/2`, Web `2/2`, Worker `1/1`; `7db7800e` is docs-only and does not require runtime image rebuild. |
|
||||
|
||||
Full cold-start service readiness may not be declared green for the latest verified evidence set. As of 2026-06-24 11:35, routes/hosts/K3s/backups/exporters/Velero are available, but the scorecard is `PASS=86 WARN=0 BLOCKED=1` because MOMO business data freshness is stale beyond 3 days and no newer legitimate source file is available. Do not declare DR scorecard complete while credential escrow evidence remains blocked.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user