docs(ops): record macbook artifact sync readback [skip ci]

This commit is contained in:
Your Name
2026-06-24 13:07:57 +08:00
parent 4d33625a4e
commit 3803ba2f12
5 changed files with 179 additions and 1 deletions

View File

@@ -1,3 +1,30 @@
## 2026-06-24MacBook Pro Codex safe artifact sync readback
**背景**MacBook Pro `192.168.0.111` 已在外部環境開機且可 SSH接續雙工作站 Codex / Gitea dev workflow將共同開工入口與治理 snapshot 以白名單方式同步到 MacBook。這不是 raw Codex / ChatGPT 歷史聊天同步,也不是 product repo、`.env`、runtime volume 或 raw `.git` 複製。
**Readback**
- MacBook Pro SSH`ooo@192.168.0.111` 可登入hostname `MacBook-Pro.local`
- 同步白名單 artifacts `9/9` SHA-256 完全一致:`CODEX-START-HERE.md`、Start Here snapshot、completion scorecard、workspace registry JSON/MD、workstation sync dashboard JSON/MD、artifact sync readback JSON/MD。
- MacBook Pro Start Here 回讀:`raw_history_sync=False``registry_ready=3``registry_blocked=8``latest_dev_on_gitea=3``production_on_gitea=8`
- MacBook Pro dashboard 回讀:`artifact_sync_synced=2``artifact_sync_blocked=0`
- MOMO Pro MacBook workspace 維持 ready`/Users/ooo/codex-workspaces/momo-pro-dev`commit `76a89a70986b7428704a12ffbb7180f159db151f`dirty `0`
- AwoooGo MacBook clone 仍 blockedGitea HTTP auth / visibility gate 未解,不能宣稱 MacBook Pro AwoooGo ready。
**新增文件 / snapshot**
- `docs/operations/codex-workstation-artifact-sync-readback.snapshot.json`
- `docs/operations/CODEX-WORKSTATION-ARTIFACT-SYNC-READBACK-2026-06-24.md`
**階段性進度建議**
- P0-009 Gitea / Codex 雙工作站版本一致性可由 `84%` 提升到 `86%`,因 MacBook artifact sync blocker 已清除。
- P1-006 Codex workstation bootstrap automation 可由 `78%` 提升到 `80%`,因 Start Here / Dashboard / artifact readback 已在兩台 Mac 可讀。
- P2-002 Mac Mini / MacBook Pro Codex 同步機制可由 `67%` 提升到 `70%`,但仍保留全產品 Gitea blockers。
- 正式 completion scorecard 尚未更新;原因是 `product-runtime-governance-completion-scorecard.py` 目前仍在主工作樹 untracked tooling需先納入正式 repo / shared tooling capture避免 Start Here 與 LOGBOOK 產生雙重權威。
**邊界**
- 仍不能宣稱「所有產品都可雙機 Codex 開發」:目前只有 AWOOOI、MOMO Pro、AwoooGo 在 Gitea `dev` ready其中 MacBook 實際 workspace confirmed 的新產品是 MOMO Proremaining blocked products `8`
- 仍不能同步 raw Codex App DB / auth / conversations / sessions、`.env`、runtime volumes、raw `.git`
- owner preflight ready 仍 `0`blocked `2`2026FIFA / Agent Bounty 等候 owner response 前不得建立遠端 `dev` branch。
## 2026-06-24剩餘產品 Gitea dev readiness readback
**背景**MOMO Pro / AwoooGo 已完成 Gitea `dev` branch 與 Mac Mini dev workspace 後,繼續盤點剩餘產品是否可安全納入同一套 Gitea dev workflow。本輪只讀不建立 branch、不 clone、不 push、不同步 raw `.git`、不搬 `.env` / runtime volume / raw Codex conversations。

View File

@@ -0,0 +1,40 @@
# Codex Workstation Artifact Sync Readback
- generated_at: `2026-06-24T05:05:27+00:00`
- sync_mode: `handoff_artifacts_not_raw_codex_app_db`
- targets: `2`
- synced_targets: `2`
- blocked_targets: `0`
- tracked_handoff_artifacts: `7`
- synced_files: `9`
- sha256_match_count: `9`
## 結論
Mac Mini 與 MacBook Pro 已同步白名單 handoff artifacts這不是 raw Codex 歷史聊天同步。
## Targets
| Workstation | Host | Status | Tracked Artifacts | Blocker |
|-------------|------|--------|-------------------|---------|
| `mac-mini` | `local` | `synced` | `7` | `none` |
| `macbook-pro` | `192.168.0.111` | `synced` | `7` | `none` |
## Artifacts
| Artifact | SHA-256 |
|----------|---------|
| `start_here_md` | `efc1295f8f904cb90218b8b5e53d37c655757e4ffa2a764dd7c50d396f6a265f` |
| `start_here_snapshot` | `1b62351df729eb3f38d09cbc23c7c26f23b6b043e59010bb430806897da79df2` |
| `completion_scorecard` | `6d2a73cdb33602de1894f9021152d7be8e349924738ccc30aa372ce5d4b9fd47` |
| `workspace_registry_snapshot` | `10953603b940cc0bdc22115e42ce4eec8bfc709d98f73caeb6cf59b1f05e1bbc` |
| `workspace_registry_md` | `2a30db97094e0b5ee07585775db5ecf8ba0ea1858cb01d8c25400699f2cfedb3` |
| `workstation_sync_dashboard_snapshot` | `6f0f917f483839de5affdd08e50dcd4b453b8f162c1f92fa17abc43db463eedc` |
| `workstation_sync_dashboard_md` | `6120c2edd8368e7e04087b01e5e0657a061afed89a90fa8291c1292b04858c02` |
## 安全邊界
- 未同步 raw Codex App DB / auth / conversations / sessions。
- 未同步 secret value、`.env`、runtime volume 或 raw `.git`
- 未修改產品 repo。
- 未執行 production / host / runtime 寫操作。

View File

@@ -0,0 +1,80 @@
{
"schema_version": "codex_workstation_artifact_sync_readback_v1",
"generated_at": "2026-06-24T05:05:27+00:00",
"sync_mode": "handoff_artifacts_not_raw_codex_app_db",
"artifacts": [
{
"artifact_id": "start_here_md",
"source_path": "/Users/ogt/.codex/CODEX-START-HERE.md",
"sha256": "efc1295f8f904cb90218b8b5e53d37c655757e4ffa2a764dd7c50d396f6a265f"
},
{
"artifact_id": "start_here_snapshot",
"source_path": "/Users/ogt/.codex/codex-start-here.snapshot.json",
"sha256": "1b62351df729eb3f38d09cbc23c7c26f23b6b043e59010bb430806897da79df2"
},
{
"artifact_id": "completion_scorecard",
"source_path": "/Users/ogt/.codex/product-runtime-governance-completion-scorecard.snapshot.json",
"sha256": "6d2a73cdb33602de1894f9021152d7be8e349924738ccc30aa372ce5d4b9fd47"
},
{
"artifact_id": "workspace_registry_snapshot",
"source_path": "/Users/ogt/.codex/codex-gitea-workspace-registry.snapshot.json",
"sha256": "10953603b940cc0bdc22115e42ce4eec8bfc709d98f73caeb6cf59b1f05e1bbc"
},
{
"artifact_id": "workspace_registry_md",
"source_path": "/Users/ogt/.codex/CODEX-GITEA-WORKSPACE-REGISTRY-2026-06-24.md",
"sha256": "2a30db97094e0b5ee07585775db5ecf8ba0ea1858cb01d8c25400699f2cfedb3"
},
{
"artifact_id": "workstation_sync_dashboard_snapshot",
"source_path": "/Users/ogt/.codex/codex-workstation-sync-dashboard.snapshot.json",
"sha256": "6f0f917f483839de5affdd08e50dcd4b453b8f162c1f92fa17abc43db463eedc"
},
{
"artifact_id": "workstation_sync_dashboard_md",
"source_path": "/Users/ogt/.codex/CODEX-WORKSTATION-SYNC-DASHBOARD-2026-06-24.md",
"sha256": "6120c2edd8368e7e04087b01e5e0657a061afed89a90fa8291c1292b04858c02"
}
],
"targets": [
{
"workstation_id": "mac-mini",
"host": "local",
"status": "synced",
"artifact_count": 7,
"readback": "LOCAL_ARTIFACT_READBACK_FINAL sha256_ready=7 start_here_registry_ready=3 registry_blocked=8 artifact_sync_blocked=0",
"blocker": "",
"raw_codex_app_synced": false,
"secret_values_collected": false,
"remote_write_performed": false
},
{
"workstation_id": "macbook-pro",
"host": "192.168.0.111",
"status": "synced",
"artifact_count": 7,
"readback": "MACBOOK_ARTIFACT_READBACK_FINAL host=192.168.0.111 sha256_match=9/9 tracked_handoff_artifacts=7 synced_files=9 start_here_registry_ready=3 start_here_registry_blocked=8 latest_dev_on_gitea=3 production_on_gitea=8 raw_history_sync=False dashboard_artifact_sync_synced=2 dashboard_artifact_sync_blocked=0 momo_pro_dev_branch=dev momo_pro_dev_commit=76a89a70986b7428704a12ffbb7180f159db151f awooogo_dev_workspace=blocked_gitea_auth",
"blocker": "",
"raw_codex_app_synced": false,
"secret_values_collected": false,
"remote_write_performed": false
}
],
"summary": {
"target_count": 2,
"synced_target_count": 2,
"blocked_target_count": 0,
"artifact_count": 7,
"sha256_match_count": 9,
"tracked_handoff_artifact_count": 7,
"synced_file_count": 9
},
"raw_codex_app_synced": false,
"secret_values_collected": false,
"remote_write_performed": false,
"local_product_write_performed": false,
"execution_authorized": false
}

View File

@@ -209,6 +209,37 @@ DR_COMPLETE = no, because credential escrow evidence is incomplete
所有回報必須使用這組詞,避免把「服務面可用」誤報成「整體 DR 完成」。
### 0.3 Codex 工作站交接判定
重啟後若需要從 Mac Mini / MacBook Pro 繼續 Codex 開發,必須另外確認 Codex safe handoff artifacts不得把服務恢復與 Codex raw 對話同步混為一談。
2026-06-24 13:03 Asia/Taipei readback
```text
MacBook Pro 192.168.0.111 SSH = OK
Safe artifacts synced = 9/9 SHA-256 matched
Start Here readback = registry_ready 3, registry_blocked 8, latest_dev_on_gitea 3, production_on_gitea 8, raw_history_sync False
Workstation dashboard readback = artifact_sync_synced 2, artifact_sync_blocked 0
MOMO Pro MacBook workspace = /Users/ooo/codex-workspaces/momo-pro-dev, dev commit 76a89a70986b7428704a12ffbb7180f159db151f, dirty 0
AwoooGo MacBook workspace = blocked by Gitea auth / visibility gate
```
允許宣告:
```text
Mac Mini / MacBook Pro 已同步 Codex 開工入口與治理 snapshot。
MOMO Pro 可以在 MacBook Pro 從 Gitea dev workspace 開工;實作前仍需從 dev 切 codex/<task>。
```
禁止宣告:
```text
raw Codex / ChatGPT 歷史聊天已同步。
所有產品都能雙機同步開發。
AwoooGo MacBook workspace ready。
2026FIFA / Agent Bounty owner preflight 已通過。
```
---
## 1. Golden Startup Order

View File

@@ -15,7 +15,7 @@
| P0 host / K3s recovery | DONE | 100% | 120 booted after console fsck at `2026-06-12 15:13`; latest 2026-06-14 18:15 readback shows 120 is reachable, K3s is active, `mon` and `mon1` are both `Ready control-plane`, and cold-start P0/P1 checks are green. |
| P1 backup / alert / escrow | BLOCKED_DR_ESCROW | 96% | 2026-06-24 11:20 backup / alert readback shows 110 `13/13 fresh failed=0`, 188 `2/2 fresh failed=0`, `core_blockers=0`, `integrity_stale=0`, `offsite_fresh=1`, `rclone_gdrive_fresh=1`, `escrow_missing=5`。188 `node-exporter` textfile scrape、PostgreSQL exporter、Redis exporter、MinIO endpoint、Velero BSL and latest completed backup freshness are restored; `BackupHealthMonitorMissing188``PostgreSQLDown``RedisDown``VeleroBackupNotRun` and 110 disk-pressure alerts resolved. DR remains blocked on real non-secret credential escrow evidence IDs. |
| P2 service / data truth | BLOCKED_MOMO_DATA_FRESHNESS | 96% | Public route/TLS, API/Web route, momo health `V10.639`, current-month parity `10936|10936|2026-06-01|2026-06-17|2026-06-01|2026-06-17`, backup exporters, schedules, K3s node readiness/storage conditions, VIP, and 110 / 188 runtime health are green. However MOMO latest business date is `2026-06-17`; stale age is `7` days as of 11:35. Drive pending folder has `0` matching files and archive latest `2026-06-18T01:30:39Z` is already imported by job `56`, so there is no safe newer source to import. |
| P3 docs / automation contracts | DONE_WITH_MOMO_SOURCE_ABSENCE_GATE | 100% | Workplan, SOP v1.32, BACKUP-STATUS, LOGBOOK, 120 console/fsck recovery, Gitea backup stale-dump hardening, reboot ledger/version-comparison SOP, escrow evidence audit, 188 nginx Ansible baseline, 110 cold-start detector script, startup judgment layers, GO/NO-GO tree, host recovery cards, explicit Plan B degraded-operation path, machine-readable `plan_b` baseline, readiness-audit Plan B guard, B0-B5 service levels, T+0/T+120 fallback timeline checks, host role / load-balancing assessment, CD `known_hosts` guardrail, `fwupd-refresh.timer` rollback note, K3s filesystem event blocker, AWOOOI backup no-direct-offsite-sync contract, 110/188 Ansible source-of-truth, Gitea self-hosted readiness validation workflow, post-CD no-regression readbacks, stale-vs-active K8s failed Job classification, 110 runaway browser / CI load AIOps exporter + alert + gated remediation PlayBook, Telegram / AI event packet mapping, healthy heartbeat Telegram suppression, MOMO scheduler / current-month detector fix, 188 node-exporter restore helper, 188 DB/Redis exporter restore helper, 188 MinIO/Velero restore helper, 110 Docker disk pressure cleanup boundary, MOMO Google Drive token userns readback, MOMO daily freshness blocker, MOMO Pro false-noise health monitor source-of-truth, docker-health direct Telegram fallback cooldown, Bitan public-content same-fingerprint cooldown, notification-noise readback, and MOMO source-file absence GO/NO-GO gate are updated. Production image `a84a5a0b` remains live with API `2/2`, Web `2/2`, Worker `1/1`; `7db7800e` is docs-only and does not require runtime image rebuild. |
| P3 docs / automation contracts | DONE_WITH_MOMO_SOURCE_ABSENCE_GATE | 100% | Workplan, SOP v1.32, BACKUP-STATUS, LOGBOOK, 120 console/fsck recovery, Gitea backup stale-dump hardening, reboot ledger/version-comparison SOP, escrow evidence audit, 188 nginx Ansible baseline, 110 cold-start detector script, startup judgment layers, GO/NO-GO tree, host recovery cards, explicit Plan B degraded-operation path, machine-readable `plan_b` baseline, readiness-audit Plan B guard, B0-B5 service levels, T+0/T+120 fallback timeline checks, host role / load-balancing assessment, CD `known_hosts` guardrail, `fwupd-refresh.timer` rollback note, K3s filesystem event blocker, AWOOOI backup no-direct-offsite-sync contract, 110/188 Ansible source-of-truth, Gitea self-hosted readiness validation workflow, post-CD no-regression readbacks, stale-vs-active K8s failed Job classification, 110 runaway browser / CI load AIOps exporter + alert + gated remediation PlayBook, Telegram / AI event packet mapping, healthy heartbeat Telegram suppression, MOMO scheduler / current-month detector fix, 188 node-exporter restore helper, 188 DB/Redis exporter restore helper, 188 MinIO/Velero restore helper, 110 Docker disk pressure cleanup boundary, MOMO Google Drive token userns readback, MOMO daily freshness blocker, MOMO Pro false-noise health monitor source-of-truth, docker-health direct Telegram fallback cooldown, Bitan public-content same-fingerprint cooldown, notification-noise readback, MOMO source-file absence GO/NO-GO gate, and MacBook Pro Codex safe artifact sync readback are updated. Production image `a84a5a0b` remains live with API `2/2`, Web `2/2`, Worker `1/1`; `7db7800e` is docs-only and does not require runtime image rebuild. |
Full cold-start service readiness may not be declared green for the latest verified evidence set. As of 2026-06-24 11:35, routes/hosts/K3s/backups/exporters/Velero are available, but the scorecard is `PASS=86 WARN=0 BLOCKED=1` because MOMO business data freshness is stale beyond 3 days and no newer legitimate source file is available. Do not declare DR scorecard complete while credential escrow evidence remains blocked.