diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index 04917569..62351381 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -1,3 +1,30 @@ +## 2026-06-24|MacBook Pro Codex safe artifact sync readback + +**背景**:MacBook Pro `192.168.0.111` 已在外部環境開機且可 SSH,接續雙工作站 Codex / Gitea dev workflow,將共同開工入口與治理 snapshot 以白名單方式同步到 MacBook。這不是 raw Codex / ChatGPT 歷史聊天同步,也不是 product repo、`.env`、runtime volume 或 raw `.git` 複製。 + +**Readback**: +- MacBook Pro SSH:`ooo@192.168.0.111` 可登入,hostname `MacBook-Pro.local`。 +- 同步白名單 artifacts `9/9` SHA-256 完全一致:`CODEX-START-HERE.md`、Start Here snapshot、completion scorecard、workspace registry JSON/MD、workstation sync dashboard JSON/MD、artifact sync readback JSON/MD。 +- MacBook Pro Start Here 回讀:`raw_history_sync=False`、`registry_ready=3`、`registry_blocked=8`、`latest_dev_on_gitea=3`、`production_on_gitea=8`。 +- MacBook Pro dashboard 回讀:`artifact_sync_synced=2`、`artifact_sync_blocked=0`。 +- MOMO Pro MacBook workspace 維持 ready:`/Users/ooo/codex-workspaces/momo-pro-dev`,commit `76a89a70986b7428704a12ffbb7180f159db151f`,dirty `0`。 +- AwoooGo MacBook clone 仍 blocked:Gitea HTTP auth / visibility gate 未解,不能宣稱 MacBook Pro AwoooGo ready。 + +**新增文件 / snapshot**: +- `docs/operations/codex-workstation-artifact-sync-readback.snapshot.json` +- `docs/operations/CODEX-WORKSTATION-ARTIFACT-SYNC-READBACK-2026-06-24.md` + +**階段性進度建議**: +- P0-009 Gitea / Codex 雙工作站版本一致性可由 `84%` 提升到 `86%`,因 MacBook artifact sync blocker 已清除。 +- P1-006 Codex workstation bootstrap automation 可由 `78%` 提升到 `80%`,因 Start Here / Dashboard / artifact readback 已在兩台 Mac 可讀。 +- P2-002 Mac Mini / MacBook Pro Codex 同步機制可由 `67%` 提升到 `70%`,但仍保留全產品 Gitea blockers。 +- 正式 completion scorecard 尚未更新;原因是 `product-runtime-governance-completion-scorecard.py` 目前仍在主工作樹 untracked tooling,需先納入正式 repo / shared tooling capture,避免 Start Here 與 LOGBOOK 產生雙重權威。 + +**邊界**: +- 仍不能宣稱「所有產品都可雙機 Codex 開發」:目前只有 AWOOOI、MOMO Pro、AwoooGo 在 Gitea `dev` ready,其中 MacBook 實際 workspace confirmed 的新產品是 MOMO Pro;remaining blocked products `8`。 +- 仍不能同步 raw Codex App DB / auth / conversations / sessions、`.env`、runtime volumes、raw `.git`。 +- owner preflight ready 仍 `0`,blocked `2`;2026FIFA / Agent Bounty 等候 owner response 前不得建立遠端 `dev` branch。 + ## 2026-06-24|剩餘產品 Gitea dev readiness readback **背景**:MOMO Pro / AwoooGo 已完成 Gitea `dev` branch 與 Mac Mini dev workspace 後,繼續盤點剩餘產品是否可安全納入同一套 Gitea dev workflow。本輪只讀,不建立 branch、不 clone、不 push、不同步 raw `.git`、不搬 `.env` / runtime volume / raw Codex conversations。 diff --git a/docs/operations/CODEX-WORKSTATION-ARTIFACT-SYNC-READBACK-2026-06-24.md b/docs/operations/CODEX-WORKSTATION-ARTIFACT-SYNC-READBACK-2026-06-24.md new file mode 100644 index 00000000..af584f21 --- /dev/null +++ b/docs/operations/CODEX-WORKSTATION-ARTIFACT-SYNC-READBACK-2026-06-24.md @@ -0,0 +1,40 @@ +# Codex Workstation Artifact Sync Readback + +- generated_at: `2026-06-24T05:05:27+00:00` +- sync_mode: `handoff_artifacts_not_raw_codex_app_db` +- targets: `2` +- synced_targets: `2` +- blocked_targets: `0` +- tracked_handoff_artifacts: `7` +- synced_files: `9` +- sha256_match_count: `9` + +## 結論 + +Mac Mini 與 MacBook Pro 已同步白名單 handoff artifacts;這不是 raw Codex 歷史聊天同步。 + +## Targets + +| Workstation | Host | Status | Tracked Artifacts | Blocker | +|-------------|------|--------|-------------------|---------| +| `mac-mini` | `local` | `synced` | `7` | `none` | +| `macbook-pro` | `192.168.0.111` | `synced` | `7` | `none` | + +## Artifacts + +| Artifact | SHA-256 | +|----------|---------| +| `start_here_md` | `efc1295f8f904cb90218b8b5e53d37c655757e4ffa2a764dd7c50d396f6a265f` | +| `start_here_snapshot` | `1b62351df729eb3f38d09cbc23c7c26f23b6b043e59010bb430806897da79df2` | +| `completion_scorecard` | `6d2a73cdb33602de1894f9021152d7be8e349924738ccc30aa372ce5d4b9fd47` | +| `workspace_registry_snapshot` | `10953603b940cc0bdc22115e42ce4eec8bfc709d98f73caeb6cf59b1f05e1bbc` | +| `workspace_registry_md` | `2a30db97094e0b5ee07585775db5ecf8ba0ea1858cb01d8c25400699f2cfedb3` | +| `workstation_sync_dashboard_snapshot` | `6f0f917f483839de5affdd08e50dcd4b453b8f162c1f92fa17abc43db463eedc` | +| `workstation_sync_dashboard_md` | `6120c2edd8368e7e04087b01e5e0657a061afed89a90fa8291c1292b04858c02` | + +## 安全邊界 + +- 未同步 raw Codex App DB / auth / conversations / sessions。 +- 未同步 secret value、`.env`、runtime volume 或 raw `.git`。 +- 未修改產品 repo。 +- 未執行 production / host / runtime 寫操作。 diff --git a/docs/operations/codex-workstation-artifact-sync-readback.snapshot.json b/docs/operations/codex-workstation-artifact-sync-readback.snapshot.json new file mode 100644 index 00000000..36b30822 --- /dev/null +++ b/docs/operations/codex-workstation-artifact-sync-readback.snapshot.json @@ -0,0 +1,80 @@ +{ + "schema_version": "codex_workstation_artifact_sync_readback_v1", + "generated_at": "2026-06-24T05:05:27+00:00", + "sync_mode": "handoff_artifacts_not_raw_codex_app_db", + "artifacts": [ + { + "artifact_id": "start_here_md", + "source_path": "/Users/ogt/.codex/CODEX-START-HERE.md", + "sha256": "efc1295f8f904cb90218b8b5e53d37c655757e4ffa2a764dd7c50d396f6a265f" + }, + { + "artifact_id": "start_here_snapshot", + "source_path": "/Users/ogt/.codex/codex-start-here.snapshot.json", + "sha256": "1b62351df729eb3f38d09cbc23c7c26f23b6b043e59010bb430806897da79df2" + }, + { + "artifact_id": "completion_scorecard", + "source_path": "/Users/ogt/.codex/product-runtime-governance-completion-scorecard.snapshot.json", + "sha256": "6d2a73cdb33602de1894f9021152d7be8e349924738ccc30aa372ce5d4b9fd47" + }, + { + "artifact_id": "workspace_registry_snapshot", + "source_path": "/Users/ogt/.codex/codex-gitea-workspace-registry.snapshot.json", + "sha256": "10953603b940cc0bdc22115e42ce4eec8bfc709d98f73caeb6cf59b1f05e1bbc" + }, + { + "artifact_id": "workspace_registry_md", + "source_path": "/Users/ogt/.codex/CODEX-GITEA-WORKSPACE-REGISTRY-2026-06-24.md", + "sha256": "2a30db97094e0b5ee07585775db5ecf8ba0ea1858cb01d8c25400699f2cfedb3" + }, + { + "artifact_id": "workstation_sync_dashboard_snapshot", + "source_path": "/Users/ogt/.codex/codex-workstation-sync-dashboard.snapshot.json", + "sha256": "6f0f917f483839de5affdd08e50dcd4b453b8f162c1f92fa17abc43db463eedc" + }, + { + "artifact_id": "workstation_sync_dashboard_md", + "source_path": "/Users/ogt/.codex/CODEX-WORKSTATION-SYNC-DASHBOARD-2026-06-24.md", + "sha256": "6120c2edd8368e7e04087b01e5e0657a061afed89a90fa8291c1292b04858c02" + } + ], + "targets": [ + { + "workstation_id": "mac-mini", + "host": "local", + "status": "synced", + "artifact_count": 7, + "readback": "LOCAL_ARTIFACT_READBACK_FINAL sha256_ready=7 start_here_registry_ready=3 registry_blocked=8 artifact_sync_blocked=0", + "blocker": "", + "raw_codex_app_synced": false, + "secret_values_collected": false, + "remote_write_performed": false + }, + { + "workstation_id": "macbook-pro", + "host": "192.168.0.111", + "status": "synced", + "artifact_count": 7, + "readback": "MACBOOK_ARTIFACT_READBACK_FINAL host=192.168.0.111 sha256_match=9/9 tracked_handoff_artifacts=7 synced_files=9 start_here_registry_ready=3 start_here_registry_blocked=8 latest_dev_on_gitea=3 production_on_gitea=8 raw_history_sync=False dashboard_artifact_sync_synced=2 dashboard_artifact_sync_blocked=0 momo_pro_dev_branch=dev momo_pro_dev_commit=76a89a70986b7428704a12ffbb7180f159db151f awooogo_dev_workspace=blocked_gitea_auth", + "blocker": "", + "raw_codex_app_synced": false, + "secret_values_collected": false, + "remote_write_performed": false + } + ], + "summary": { + "target_count": 2, + "synced_target_count": 2, + "blocked_target_count": 0, + "artifact_count": 7, + "sha256_match_count": 9, + "tracked_handoff_artifact_count": 7, + "synced_file_count": 9 + }, + "raw_codex_app_synced": false, + "secret_values_collected": false, + "remote_write_performed": false, + "local_product_write_performed": false, + "execution_authorized": false +} diff --git a/docs/runbooks/FULL-STACK-COLD-START-SOP.md b/docs/runbooks/FULL-STACK-COLD-START-SOP.md index 092391f1..befefceb 100644 --- a/docs/runbooks/FULL-STACK-COLD-START-SOP.md +++ b/docs/runbooks/FULL-STACK-COLD-START-SOP.md @@ -209,6 +209,37 @@ DR_COMPLETE = no, because credential escrow evidence is incomplete 所有回報必須使用這組詞,避免把「服務面可用」誤報成「整體 DR 完成」。 +### 0.3 Codex 工作站交接判定 + +重啟後若需要從 Mac Mini / MacBook Pro 繼續 Codex 開發,必須另外確認 Codex safe handoff artifacts,不得把服務恢復與 Codex raw 對話同步混為一談。 + +2026-06-24 13:03 Asia/Taipei readback: + +```text +MacBook Pro 192.168.0.111 SSH = OK +Safe artifacts synced = 9/9 SHA-256 matched +Start Here readback = registry_ready 3, registry_blocked 8, latest_dev_on_gitea 3, production_on_gitea 8, raw_history_sync False +Workstation dashboard readback = artifact_sync_synced 2, artifact_sync_blocked 0 +MOMO Pro MacBook workspace = /Users/ooo/codex-workspaces/momo-pro-dev, dev commit 76a89a70986b7428704a12ffbb7180f159db151f, dirty 0 +AwoooGo MacBook workspace = blocked by Gitea auth / visibility gate +``` + +允許宣告: + +```text +Mac Mini / MacBook Pro 已同步 Codex 開工入口與治理 snapshot。 +MOMO Pro 可以在 MacBook Pro 從 Gitea dev workspace 開工;實作前仍需從 dev 切 codex/。 +``` + +禁止宣告: + +```text +raw Codex / ChatGPT 歷史聊天已同步。 +所有產品都能雙機同步開發。 +AwoooGo MacBook workspace ready。 +2026FIFA / Agent Bounty owner preflight 已通過。 +``` + --- ## 1. Golden Startup Order diff --git a/docs/workplans/2026-06-04-reboot-cold-start-backup-recovery-workplan.md b/docs/workplans/2026-06-04-reboot-cold-start-backup-recovery-workplan.md index 82dd37db..37d2a2d7 100644 --- a/docs/workplans/2026-06-04-reboot-cold-start-backup-recovery-workplan.md +++ b/docs/workplans/2026-06-04-reboot-cold-start-backup-recovery-workplan.md @@ -15,7 +15,7 @@ | P0 host / K3s recovery | DONE | 100% | 120 booted after console fsck at `2026-06-12 15:13`; latest 2026-06-14 18:15 readback shows 120 is reachable, K3s is active, `mon` and `mon1` are both `Ready control-plane`, and cold-start P0/P1 checks are green. | | P1 backup / alert / escrow | BLOCKED_DR_ESCROW | 96% | 2026-06-24 11:20 backup / alert readback shows 110 `13/13 fresh failed=0`, 188 `2/2 fresh failed=0`, `core_blockers=0`, `integrity_stale=0`, `offsite_fresh=1`, `rclone_gdrive_fresh=1`, `escrow_missing=5`。188 `node-exporter` textfile scrape、PostgreSQL exporter、Redis exporter、MinIO endpoint、Velero BSL and latest completed backup freshness are restored; `BackupHealthMonitorMissing188`、`PostgreSQLDown`、`RedisDown`、`VeleroBackupNotRun` and 110 disk-pressure alerts resolved. DR remains blocked on real non-secret credential escrow evidence IDs. | | P2 service / data truth | BLOCKED_MOMO_DATA_FRESHNESS | 96% | Public route/TLS, API/Web route, momo health `V10.639`, current-month parity `10936|10936|2026-06-01|2026-06-17|2026-06-01|2026-06-17`, backup exporters, schedules, K3s node readiness/storage conditions, VIP, and 110 / 188 runtime health are green. However MOMO latest business date is `2026-06-17`; stale age is `7` days as of 11:35. Drive pending folder has `0` matching files and archive latest `2026-06-18T01:30:39Z` is already imported by job `56`, so there is no safe newer source to import. | -| P3 docs / automation contracts | DONE_WITH_MOMO_SOURCE_ABSENCE_GATE | 100% | Workplan, SOP v1.32, BACKUP-STATUS, LOGBOOK, 120 console/fsck recovery, Gitea backup stale-dump hardening, reboot ledger/version-comparison SOP, escrow evidence audit, 188 nginx Ansible baseline, 110 cold-start detector script, startup judgment layers, GO/NO-GO tree, host recovery cards, explicit Plan B degraded-operation path, machine-readable `plan_b` baseline, readiness-audit Plan B guard, B0-B5 service levels, T+0/T+120 fallback timeline checks, host role / load-balancing assessment, CD `known_hosts` guardrail, `fwupd-refresh.timer` rollback note, K3s filesystem event blocker, AWOOOI backup no-direct-offsite-sync contract, 110/188 Ansible source-of-truth, Gitea self-hosted readiness validation workflow, post-CD no-regression readbacks, stale-vs-active K8s failed Job classification, 110 runaway browser / CI load AIOps exporter + alert + gated remediation PlayBook, Telegram / AI event packet mapping, healthy heartbeat Telegram suppression, MOMO scheduler / current-month detector fix, 188 node-exporter restore helper, 188 DB/Redis exporter restore helper, 188 MinIO/Velero restore helper, 110 Docker disk pressure cleanup boundary, MOMO Google Drive token userns readback, MOMO daily freshness blocker, MOMO Pro false-noise health monitor source-of-truth, docker-health direct Telegram fallback cooldown, Bitan public-content same-fingerprint cooldown, notification-noise readback, and MOMO source-file absence GO/NO-GO gate are updated. Production image `a84a5a0b` remains live with API `2/2`, Web `2/2`, Worker `1/1`; `7db7800e` is docs-only and does not require runtime image rebuild. | +| P3 docs / automation contracts | DONE_WITH_MOMO_SOURCE_ABSENCE_GATE | 100% | Workplan, SOP v1.32, BACKUP-STATUS, LOGBOOK, 120 console/fsck recovery, Gitea backup stale-dump hardening, reboot ledger/version-comparison SOP, escrow evidence audit, 188 nginx Ansible baseline, 110 cold-start detector script, startup judgment layers, GO/NO-GO tree, host recovery cards, explicit Plan B degraded-operation path, machine-readable `plan_b` baseline, readiness-audit Plan B guard, B0-B5 service levels, T+0/T+120 fallback timeline checks, host role / load-balancing assessment, CD `known_hosts` guardrail, `fwupd-refresh.timer` rollback note, K3s filesystem event blocker, AWOOOI backup no-direct-offsite-sync contract, 110/188 Ansible source-of-truth, Gitea self-hosted readiness validation workflow, post-CD no-regression readbacks, stale-vs-active K8s failed Job classification, 110 runaway browser / CI load AIOps exporter + alert + gated remediation PlayBook, Telegram / AI event packet mapping, healthy heartbeat Telegram suppression, MOMO scheduler / current-month detector fix, 188 node-exporter restore helper, 188 DB/Redis exporter restore helper, 188 MinIO/Velero restore helper, 110 Docker disk pressure cleanup boundary, MOMO Google Drive token userns readback, MOMO daily freshness blocker, MOMO Pro false-noise health monitor source-of-truth, docker-health direct Telegram fallback cooldown, Bitan public-content same-fingerprint cooldown, notification-noise readback, MOMO source-file absence GO/NO-GO gate, and MacBook Pro Codex safe artifact sync readback are updated. Production image `a84a5a0b` remains live with API `2/2`, Web `2/2`, Worker `1/1`; `7db7800e` is docs-only and does not require runtime image rebuild. | Full cold-start service readiness may not be declared green for the latest verified evidence set. As of 2026-06-24 11:35, routes/hosts/K3s/backups/exporters/Velero are available, but the scorecard is `PASS=86 WARN=0 BLOCKED=1` because MOMO business data freshness is stale beyond 3 days and no newer legitimate source file is available. Do not declare DR scorecard complete while credential escrow evidence remains blocked.