fix(reboot): expose windows99 verify collection packet
All checks were successful
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Successful in 59s
CD Pipeline / build-and-deploy (push) Successful in 4m50s
CD Pipeline / post-deploy-checks (push) Successful in 1m49s

This commit is contained in:
ogt
2026-07-02 15:07:55 +08:00
parent 8fbb7756a6
commit 6813710d04
6 changed files with 332 additions and 4 deletions

View File

@@ -91,6 +91,10 @@ def _build_payload(scorecard: dict[str, Any], path: Path) -> dict[str, Any]:
active_blockers=active_blockers,
)
)
windows99_verify_collection = _build_windows99_verify_collection_packet(
windows99=windows99,
host_boot_detection=host_boot_detection,
)
blocked_by_fresh_reboot_window_only = active_blockers == [
"host_boot_observation_older_than_target_window"
]
@@ -180,6 +184,19 @@ def _build_payload(scorecard: dict[str, Any], path: Path) -> dict[str, Any]:
"windows99_vmware_powered_off_count": len(
_strings(windows99.get("powered_off_aliases"))
),
"windows99_verify_collection_status": windows99_verify_collection["status"],
"windows99_verify_collection_can_collect_no_secret": (
windows99_verify_collection["can_collect_no_secret_verify"] is True
),
"windows99_verify_collection_blocker_count": len(
_strings(windows99_verify_collection.get("collection_blockers"))
),
"windows99_host99_reachable": (
windows99_verify_collection["host99_reachable"] is True
),
"windows99_host99_uptime_known": (
windows99_verify_collection["host99_uptime_known"] is True
),
}
return {
"schema_version": _API_SCHEMA_VERSION,
@@ -250,6 +267,12 @@ def _build_payload(scorecard: dict[str, Any], path: Path) -> dict[str, Any]:
"windows99_update_no_auto_reboot_ready": rollups[
"windows99_update_no_auto_reboot_ready"
],
"windows99_verify_collection_status": rollups[
"windows99_verify_collection_status"
],
"windows99_verify_collection_can_collect_no_secret": rollups[
"windows99_verify_collection_can_collect_no_secret"
],
},
"reboot_sop_progress": sop_progress,
"controlled_service_data_backup_readback": (
@@ -259,6 +282,7 @@ def _build_payload(scorecard: dict[str, Any], path: Path) -> dict[str, Any]:
"post_reboot_readiness": post_reboot_readiness,
"stockplatform_data_freshness": stockplatform,
"windows99_vmware_autostart": windows99,
"windows99_verify_collection": windows99_verify_collection,
"source_controls": source_controls,
"active_blockers": active_blockers,
"required_checks": required_checks,
@@ -382,6 +406,98 @@ def _build_controlled_service_data_backup_readback(
}
def _build_windows99_verify_collection_packet(
*,
windows99: dict[str, Any],
host_boot_detection: dict[str, Any],
) -> dict[str, Any]:
host99 = _host_row_by_alias(host_boot_detection, "99")
host99_reachable = host99.get("reachable") is True
host99_uptime_known = bool(host99) and _int(host99.get("uptime_seconds")) >= 0
readback_present = windows99.get("readback_present") is True
verify_ready = windows99.get("verify_ready") is True
collection_blockers: list[str] = []
if not host99_reachable:
collection_blockers.append("windows99_host_not_reachable_for_verify_collection")
if not readback_present:
collection_blockers.append("windows99_vmware_autostart_readback_missing")
for blocker in _strings(windows99.get("blockers")):
if blocker not in collection_blockers:
collection_blockers.append(blocker)
if not host99_uptime_known:
collection_blockers.append("windows99_uptime_unknown")
return {
"schema_version": "windows99_vmware_verify_collection_packet_v1",
"status": (
"ready_windows99_vmware_verify_readback_green"
if verify_ready
else (
"blocked_windows99_verify_output_missing_host_reachable"
if host99_reachable and not readback_present
else "blocked_windows99_verify_collection_not_ready"
)
),
"target_host_alias": "99",
"target_host": "192.168.0.99",
"host99_reachable": host99_reachable,
"host99_uptime_known": host99_uptime_known,
"readback_present": readback_present,
"verify_ready": verify_ready,
"can_collect_no_secret_verify": host99_reachable and not verify_ready,
"required_vm_aliases": _strings(windows99.get("required_vm_aliases"))
or ["111", "112", "120", "121", "188"],
"expected_no_secret_output_fields": [
"VMRUN_PRESENT",
"VMX alias=<alias> present=<0|1>",
"VMWARE_SERVICE name=<name> ok=<0|1>",
"VMWARE_AUTOSTART_TASK name=AWOOOI-Start-VMware-VMs ok=<0|1>",
"WINDOWS_UPDATE_POLICY name=<name> ok=<0|1>",
"VM_POWER alias=<alias> running=<0|1>",
"VMWARE_AUTOSTART_CONFIG_READY",
"VMWARE_AUTOSTART_POWER_READY",
"WINDOWS_UPDATE_NO_AUTO_REBOOT_READY",
"VMWARE_AUTOSTART_VERIFY_READY",
],
"no_secret_verify_command": (
"powershell -ExecutionPolicy Bypass -File "
".\\windows99-vmware-autostart.ps1 -Mode Verify"
),
"post_verifier": (
"rerun_reboot_auto_recovery_slo_scorecard_with_"
"windows99_vmware_file_no_secret_no_reboot"
),
"collection_blockers": collection_blockers,
"safe_collection_channels": [
"authorized_windows99_console_verify_stdout_only",
"existing_management_channel_verify_mode_only",
"committed_no_secret_artifact_file_then_scorecard_rerun",
],
"forbidden_actions": [
"windows_password_or_secret_collection",
"host_reboot",
"vm_power_change",
"windows_update_policy_apply",
"manual_registry_edit",
"service_restart",
"github_api",
],
}
def _host_row_by_alias(
host_boot_detection: dict[str, Any],
alias: str,
) -> dict[str, Any]:
rows = host_boot_detection.get("host_rows")
if not isinstance(rows, list):
return {}
for item in rows:
if isinstance(item, dict) and str(item.get("alias") or "") == alias:
return item
return {}
def _build_reboot_sop_progress(
*,
scorecard: dict[str, Any],

View File

@@ -134,6 +134,13 @@ def _assert_reboot_slo_payload(payload: dict):
assert payload["readback"]["latest_verify_only_metric_present"] is False
assert payload["readback"]["windows99_vmware_verify_ready"] is False
assert payload["readback"]["windows99_update_no_auto_reboot_ready"] is False
assert payload["readback"]["windows99_verify_collection_status"] == (
"blocked_windows99_verify_output_missing_host_reachable"
)
assert (
payload["readback"]["windows99_verify_collection_can_collect_no_secret"]
is True
)
assert payload["rollups"]["active_blocker_count"] == 13
assert payload["rollups"]["readiness_percent"] == 15
assert payload["rollups"]["observed_host_count"] == 7
@@ -167,6 +174,16 @@ def _assert_reboot_slo_payload(payload: dict):
assert payload["rollups"]["windows99_vmware_readback_present"] is False
assert payload["rollups"]["windows99_vmware_verify_ready"] is False
assert payload["rollups"]["windows99_update_no_auto_reboot_ready"] is False
assert payload["rollups"]["windows99_verify_collection_status"] == (
"blocked_windows99_verify_output_missing_host_reachable"
)
assert (
payload["rollups"]["windows99_verify_collection_can_collect_no_secret"]
is True
)
assert payload["rollups"]["windows99_verify_collection_blocker_count"] == 2
assert payload["rollups"]["windows99_host99_reachable"] is True
assert payload["rollups"]["windows99_host99_uptime_known"] is False
assert payload["rollups"]["stockplatform_final_retry_window_passed"] is False
assert (
payload["rollups"]["stockplatform_controlled_recovery_gate_required"]
@@ -230,6 +247,24 @@ def _assert_reboot_slo_payload(payload: dict):
assert windows99["readback_present"] is False
assert windows99["required_vm_aliases"] == ["111", "112", "120", "121", "188"]
assert windows99["blockers"] == ["windows99_vmware_autostart_readback_missing"]
collection = payload["windows99_verify_collection"]
assert collection["schema_version"] == (
"windows99_vmware_verify_collection_packet_v1"
)
assert collection["target_host"] in {"192.168.0.99", "host:internal-node"}
assert collection["host99_reachable"] is True
assert collection["host99_uptime_known"] is False
assert collection["readback_present"] is False
assert collection["verify_ready"] is False
assert collection["can_collect_no_secret_verify"] is True
assert collection["collection_blockers"] == [
"windows99_vmware_autostart_readback_missing",
"windows99_uptime_unknown",
]
assert "VMRUN_PRESENT" in collection["expected_no_secret_output_fields"]
assert "-Mode Verify" in collection["no_secret_verify_command"]
assert "host_reboot" in collection["forbidden_actions"]
assert "windows_password_or_secret_collection" in collection["forbidden_actions"]
stockplatform = payload["stockplatform_data_freshness"]
assert stockplatform["freshness_endpoint_readback_present"] is True
assert stockplatform["ingestion_endpoint_readback_present"] is True

View File

@@ -1,3 +1,19 @@
## 2026-07-02 — 15:20 P0-006 Windows 99 Verify collection packet 產品化
**完成內容**
- `scripts/reboot-recovery/reboot-auto-recovery-slo-scorecard.py` 新增 `windows99_verify_collection`,把 99 VMware / Windows Update no-secret Verify 的下一步拆成機器可讀 collection packet。
- `/api/v1/agents/reboot-auto-recovery-slo-scorecard` loader 即使讀舊 snapshot也會從 `host_boot_detection``windows99_vmware_autostart` 推導 `windows99_verify_collection``rollups.windows99_verify_collection_status``can_collect_no_secret``host99_reachable``host99_uptime_known`
- 目前 production truth 仍應維持 fail-closed99 host 可達但缺 live `Verify` output`collection_blockers=["windows99_vmware_autostart_readback_missing","windows99_uptime_unknown"]`;不得宣稱 VM autostart / Windows Update policy 已驗證。
- collection packet 明確列出 expected no-secret output fields、`-Mode Verify` command、post-verifier 與 forbidden actions不得讀 Windows 密碼 / secret不得重啟 host不得改 VM power不得套用 Windows Update policy不得 service restart不得使用 GitHub API。
**驗證**
- `python3.11 -m py_compile scripts/reboot-recovery/reboot-auto-recovery-slo-scorecard.py apps/api/src/services/reboot_auto_recovery_slo_scorecard.py`:通過。
- `DATABASE_URL=sqlite:///tmp/awoooi-test.db python3.11 -m pytest -q scripts/reboot-recovery/tests/test_reboot_auto_recovery_slo_scorecard.py apps/api/tests/test_reboot_auto_recovery_slo_scorecard_api.py``14 passed`
- 本機 API loader readback`status=blocked_reboot_auto_recovery_slo_not_ready``collection=blocked_windows99_verify_output_missing_host_reachable``can_collect=True``blockers=windows99_vmware_autostart_readback_missing,windows99_uptime_unknown`
**仍維持**
- 未執行 Windows / VMware console未讀密碼、token、secret、`.env`、raw sessions / SQLite / auth未重啟主機 / VM / Docker / Nginx / K3s / DB / firewall未觸發 workflow未使用 GitHub / `gh` / GitHub API。
## 2026-07-02 — 14:46 CD controlled-runtime classifier 補上 Windows 99 VMware verifier source
**完成內容**

View File

@@ -58,9 +58,9 @@
| 順序 | ID | 優先序 | 使用者插入要求 | 正規化工作項 | 目前狀態 | 下一個可驗證動作 |
| --- | --- | --- | --- | --- | --- | --- |
| 1 | CIR-P0-RBT-001 | P0 | 「主機重啟後 10 分鐘內全部恢復,且要自動判斷所有主機被重啟」 | 建立 99/110/111/112/120/121/188 reboot event detector + 10 分鐘 SLO scorecard + fixed triage order | 部分已有 `reboot_recovery_slo_alerts`、scorecard、textfile仍需要 fresh all-host reboot/drill 證明 | 產生最新 reboot SLO scorecard readback若缺 fresh event`awaiting_next_reboot_or_approved_drill`,不可宣稱 10 分鐘 SLA 已證明 |
| 2 | CIR-P0-RBT-002 | P0 | 「沒有偵測到主機重啟」 | 修正 host reboot/shutdown/up detectionboot_id / uptime / node exporter / Windows exporter / VMware VM power state 都要進同一事件 | Source verifier 已補scorecard 可解析 Windows99 VMware readbacklive 99 verify output 仍缺 | 收集 `windows99-vmware-autostart.ps1 -Mode Verify` no-secret output 後 rerun scorecard缺 99 時不得把 110/120/121/188 green 當全主機 green |
| 3 | CIR-P0-RBT-003 | P0 | 「192.168.0.99 VMWare 要自動啟動,裡面 111/188/120/121/112 也自動啟動」 | Windows 99 VMware host autostart + guest VM autostart contractVM host 111/188/120/121/112 開機順序與 readback | Source verifier / parser / API readback 已完成snapshot active blocker=`windows99_vmware_autostart_readback_missing` | 從 99 取得 no-secret Verify output確認 `VMRUN_PRESENT`、scheduled task、VMware services、VM power、VMX present 全綠 |
| 4 | CIR-P0-RBT-004 | P0 | 「192.168.0.99 不可因 Windows Update 無預警重開」 | Windows Update reboot policyactive hours / no auto-restart / maintenance window / update notification audit | Source verifier 已補 `WINDOWS_UPDATE_POLICY``WINDOWS_UPDATE_NO_AUTO_REBOOT_READY`live 99 policy readback 仍缺 | 從 99 取得 Verify output若 policy 不綠,再走 controlled apply禁止要求或記錄 Windows 密碼 |
| 2 | CIR-P0-RBT-002 | P0 | 「沒有偵測到主機重啟」 | 修正 host reboot/shutdown/up detectionboot_id / uptime / node exporter / Windows exporter / VMware VM power state 都要進同一事件 | Source verifier 已補scorecard 可解析 Windows99 VMware readback`windows99_verify_collection` 已補 no-secret collection packetlive 99 verify output 仍缺 | 收集 `windows99-vmware-autostart.ps1 -Mode Verify` no-secret output 後 rerun scorecard缺 99 時不得把 110/120/121/188 green 當全主機 green |
| 3 | CIR-P0-RBT-003 | P0 | 「192.168.0.99 VMWare 要自動啟動,裡面 111/188/120/121/112 也自動啟動」 | Windows 99 VMware host autostart + guest VM autostart contractVM host 111/188/120/121/112 開機順序與 readback | Source verifier / parser / API readback / collection packet 已完成snapshot active blocker=`windows99_vmware_autostart_readback_missing` | 從 99 取得 no-secret Verify output確認 `VMRUN_PRESENT`、scheduled task、VMware services、VM power、VMX present 全綠 |
| 4 | CIR-P0-RBT-004 | P0 | 「192.168.0.99 不可因 Windows Update 無預警重開」 | Windows Update reboot policyactive hours / no auto-restart / maintenance window / update notification audit | Source verifier 已補 `WINDOWS_UPDATE_POLICY``WINDOWS_UPDATE_NO_AUTO_REBOOT_READY`collection packet 已列 forbidden actionslive 99 policy readback 仍缺 | 從 99 取得 Verify output若 policy 不綠,再走 controlled apply禁止要求或記錄 Windows 密碼 |
| 5 | CIR-P0-RBT-005 | P0 | 「網站重啟後 502 嚴重影響體驗,要維護頁,外部雲端或專業做法」 | Public maintenance fallbackNginx / edge / external static maintenance page / status page / fail-open UX避免 502 直出 | 尚未完整落地;目前是需求缺口 | 產生 `public_maintenance_fallback` decision recordDNS/edge/外部雲端/本地 Nginx fallback 風險比較,先做不切流量的 check-mode |
| 6 | CIR-P0-RBT-006 | P0 | 「所有主機關機立刻 Telegram 告警,重啟後也要告警,其他告警一併完整思考」 | Down / shutdown suspected / reboot detected / reboot recovered / SLO missed / backup failed / freshness stale / CPU pressure / Gitea queue 告警矩陣 | 部分已有 Alertmanager rule 與 Telegram receipt 補強;仍缺完整 shutdown/up E2E receipt | 建立 Telegram alert matrix + receipt verifier逐項讀回 Alertmanager active/resolved 與 outbound receipt不送測試 secret |
| 7 | CIR-P0-RBT-007 | P0 | 「所有備份包含主機、DB、網站、服務、套件、工具、日誌都沒有監控告警」 | Backup observability coveragebackup job inventory、last success、freshness、offsite、restore drill、Telegram receipt | 部分已有 backup health exporter / alert rules全域 coverage 與 restore drill 未全綠 | 建立 backup coverage matrixhost / DB / website / service config / package list / tool scripts / logs每列有 metric、alert、last_success、restore_verifier |
@@ -130,7 +130,7 @@
| OpenClaw / Gather-style 持續動畫工作室 | route 已存在,已列為 P1 工作項 | 補 production desktop/mobile smoke、AwoooP 導流與截圖證據 |
| AI 專業 UI / 非文字牆 cockpit | 已列為 P2 UX 驗收 | 將長文字區塊收斂成 first-viewport cockpit、cards、flow rows 與 expandable details |
| 10 分鐘 reboot auto-recovery SLA | scorecard source / snapshot / API 已補固定 phase / ETA / blocker / next action 欄位;仍缺 fresh all-host reboot/drill proof | 補 production API readback缺事件則明確標等待下一次 reboot 或 approved drill |
| 99 Windows / VMware autostart | Source verifier / parser / API readback 已完成live 99 Verify output 尚未收集scorecard 以 `windows99_vmware_autostart_readback_missing` fail-closed | 收集 99 no-secret Verify output確認 VM 111/188/120/121/112 running、scheduled task / services / Windows Update policy 全綠 |
| 99 Windows / VMware autostart | Source verifier / parser / API readback / collection packet 已完成live 99 Verify output 尚未收集scorecard 以 `windows99_vmware_autostart_readback_missing` fail-closedcollection packet 顯示 99 reachable、可收 no-secret Verify但 uptime unknown | 收集 99 no-secret Verify output確認 VM 111/188/120/121/112 running、scheduled task / services / Windows Update policy 全綠 |
| 502 maintenance fallback | 尚未完成外部維護頁 / edge fallback 決策與實作 | 先做 no-write decision record + smoke verifier |
| 全備份監控告警 coverage | 部分 exporter/rule 已存在,但 host/DB/site/service/package/tool/log coverage 未全列 | 建立 backup coverage matrix 與 restore drill verifier |
| Stock/Postgres hot pressure | 110 live 已導向 Stock/Postgres playbook尚未完成 hot query / backup export playbook closure | 下一步執行 read-only Stock/Postgres evidence 與 source freshness / query attribution |

View File

@@ -703,6 +703,96 @@ def build_host_pressure_readback(payload: dict[str, Any]) -> dict[str, Any]:
}
def host_row_by_alias(host_boot_detection: dict[str, Any], alias: str) -> dict[str, Any]:
rows = host_boot_detection.get("host_rows")
if not isinstance(rows, list):
return {}
for item in rows:
if isinstance(item, dict) and str(item.get("alias") or "") == alias:
return item
return {}
def build_windows99_verify_collection_packet(
*,
windows99: dict[str, Any],
host_boot_detection: dict[str, Any],
) -> dict[str, Any]:
"""Describe the next no-secret Windows 99 verifier collection step."""
host99 = host_row_by_alias(host_boot_detection, "99")
host99_reachable = host99.get("reachable") is True
host99_uptime_known = int_value(host99.get("uptime_seconds"), -1) >= 0
readback_present = windows99.get("readback_present") is True
verify_ready = windows99.get("verify_ready") is True
blockers = strings(windows99.get("blockers"))
collection_blockers: list[str] = []
if not host99_reachable:
collection_blockers.append("windows99_host_not_reachable_for_verify_collection")
if not readback_present:
collection_blockers.append("windows99_vmware_autostart_readback_missing")
collection_blockers.extend(
blocker for blocker in blockers if blocker not in collection_blockers
)
if not host99_uptime_known:
collection_blockers.append("windows99_uptime_unknown")
status = "ready_windows99_vmware_verify_readback_green"
if not verify_ready:
status = (
"blocked_windows99_verify_output_missing_host_reachable"
if host99_reachable and not readback_present
else "blocked_windows99_verify_collection_not_ready"
)
return {
"schema_version": "windows99_vmware_verify_collection_packet_v1",
"status": status,
"target_host_alias": "99",
"target_host": "192.168.0.99",
"host99_reachable": host99_reachable,
"host99_uptime_known": host99_uptime_known,
"readback_present": readback_present,
"verify_ready": verify_ready,
"can_collect_no_secret_verify": host99_reachable and not verify_ready,
"required_vm_aliases": strings(windows99.get("required_vm_aliases"))
or sorted(WINDOWS99_REQUIRED_VM_ALIASES),
"expected_no_secret_output_fields": [
"VMRUN_PRESENT",
"VMX alias=<alias> present=<0|1>",
"VMWARE_SERVICE name=<name> ok=<0|1>",
"VMWARE_AUTOSTART_TASK name=AWOOOI-Start-VMware-VMs ok=<0|1>",
"WINDOWS_UPDATE_POLICY name=<name> ok=<0|1>",
"VM_POWER alias=<alias> running=<0|1>",
"VMWARE_AUTOSTART_CONFIG_READY",
"VMWARE_AUTOSTART_POWER_READY",
"WINDOWS_UPDATE_NO_AUTO_REBOOT_READY",
"VMWARE_AUTOSTART_VERIFY_READY",
],
"no_secret_verify_command": (
"powershell -ExecutionPolicy Bypass -File "
".\\windows99-vmware-autostart.ps1 -Mode Verify"
),
"post_verifier": (
"rerun_reboot_auto_recovery_slo_scorecard_with_"
"windows99_vmware_file_no_secret_no_reboot"
),
"collection_blockers": collection_blockers,
"safe_collection_channels": [
"authorized_windows99_console_verify_stdout_only",
"existing_management_channel_verify_mode_only",
"committed_no_secret_artifact_file_then_scorecard_rerun",
],
"forbidden_actions": [
"windows_password_or_secret_collection",
"host_reboot",
"vm_power_change",
"windows_update_policy_apply",
"manual_registry_edit",
"service_restart",
"github_api",
],
}
def choose_safe_next_step(
*,
blockers: list[str],
@@ -998,6 +1088,10 @@ def enrich_machine_readback(payload: dict[str, Any]) -> dict[str, Any]:
source_controls_present = (
bool(controls) and source_control_ready_count == len(controls)
)
windows99_verify_collection = build_windows99_verify_collection_packet(
windows99=windows99,
host_boot_detection=host_boot_detection,
)
rollups = {
"active_blocker_count": len(active_blockers),
@@ -1064,6 +1158,19 @@ def enrich_machine_readback(payload: dict[str, Any]) -> dict[str, Any]:
"windows99_vmware_powered_off_count": len(
strings(windows99.get("powered_off_aliases"))
),
"windows99_verify_collection_status": windows99_verify_collection["status"],
"windows99_verify_collection_can_collect_no_secret": (
windows99_verify_collection["can_collect_no_secret_verify"] is True
),
"windows99_verify_collection_blocker_count": len(
strings(windows99_verify_collection.get("collection_blockers"))
),
"windows99_host99_reachable": (
windows99_verify_collection["host99_reachable"] is True
),
"windows99_host99_uptime_known": (
windows99_verify_collection["host99_uptime_known"] is True
),
"capacity_checked": capacity.get("checked") is True,
"capacity_free_gib": capacity.get("free_gib"),
"capacity_min_free_gib": capacity.get("min_free_gib"),
@@ -1091,6 +1198,12 @@ def enrich_machine_readback(payload: dict[str, Any]) -> dict[str, Any]:
"windows99_update_no_auto_reboot_ready": rollups[
"windows99_update_no_auto_reboot_ready"
],
"windows99_verify_collection_status": rollups[
"windows99_verify_collection_status"
],
"windows99_verify_collection_can_collect_no_secret": rollups[
"windows99_verify_collection_can_collect_no_secret"
],
"runtime_write_authorized_by_this_scorecard": False,
"host_reboot_authorized_by_this_scorecard": False,
"workflow_trigger_authorized_by_this_scorecard": False,
@@ -1133,6 +1246,12 @@ def enrich_machine_readback(payload: dict[str, Any]) -> dict[str, Any]:
"reboot_auto_recovery_windows99_update_no_auto_reboot_ready": rollups[
"windows99_update_no_auto_reboot_ready"
],
"reboot_auto_recovery_windows99_verify_collection_status": rollups[
"windows99_verify_collection_status"
],
"reboot_auto_recovery_windows99_verify_collection_can_collect_no_secret": (
rollups["windows99_verify_collection_can_collect_no_secret"]
),
"secret_values_collected": False,
"github_api_used": False,
"workflow_trigger_performed": False,
@@ -1148,6 +1267,7 @@ def enrich_machine_readback(payload: dict[str, Any]) -> dict[str, Any]:
payload["readback"] = readback
payload["rollups"] = rollups
payload["summary"] = summary
payload["windows99_verify_collection"] = windows99_verify_collection
return payload

View File

@@ -232,9 +232,26 @@ def test_green_summary_and_recent_all_host_probe_can_claim_slo(tmp_path: Path) -
assert payload["readback"]["runtime_write_authorized_by_this_scorecard"] is False
assert payload["readback"]["windows99_vmware_verify_ready"] is True
assert payload["readback"]["windows99_update_no_auto_reboot_ready"] is True
assert payload["readback"]["windows99_verify_collection_status"] == (
"ready_windows99_vmware_verify_readback_green"
)
assert (
payload["readback"]["windows99_verify_collection_can_collect_no_secret"]
is False
)
assert payload["rollups"]["source_controls_present"] is True
assert payload["rollups"]["windows99_vmware_verify_ready"] is True
assert payload["rollups"]["windows99_update_no_auto_reboot_ready"] is True
assert payload["rollups"]["windows99_verify_collection_status"] == (
"ready_windows99_vmware_verify_readback_green"
)
assert (
payload["rollups"]["windows99_verify_collection_can_collect_no_secret"]
is False
)
assert payload["rollups"]["windows99_verify_collection_blocker_count"] == 0
assert payload["rollups"]["windows99_host99_reachable"] is True
assert payload["rollups"]["windows99_host99_uptime_known"] is True
assert payload["rollups"]["readiness_percent"] == 100
assert payload["summary"]["reboot_auto_recovery_workplan_id"] == "P0-006"
assert payload["summary"]["reboot_auto_recovery_current_phase"] == "slo_ready"
@@ -256,6 +273,11 @@ def test_green_summary_and_recent_all_host_probe_can_claim_slo(tmp_path: Path) -
"188",
]
assert payload["windows99_vmware_autostart"]["verify_ready"] is True
assert payload["windows99_verify_collection"]["collection_blockers"] == []
assert (
payload["windows99_verify_collection"]["post_verifier"]
== "rerun_reboot_auto_recovery_slo_scorecard_with_windows99_vmware_file_no_secret_no_reboot"
)
assert payload["active_blockers"] == []
assert payload["source_controls"][
"conversation_event_hot_path_index_migration_source_present"
@@ -285,6 +307,25 @@ def test_missing_windows99_vmware_readback_fails_closed(tmp_path: Path) -> None:
assert payload["windows99_vmware_autostart"]["readback_present"] is False
assert payload["readback"]["windows99_vmware_verify_ready"] is False
assert payload["readback"]["windows99_update_no_auto_reboot_ready"] is False
assert payload["readback"]["windows99_verify_collection_status"] == (
"blocked_windows99_verify_output_missing_host_reachable"
)
assert (
payload["readback"]["windows99_verify_collection_can_collect_no_secret"]
is True
)
assert payload["windows99_verify_collection"]["collection_blockers"] == [
"windows99_vmware_autostart_readback_missing"
]
assert "VMRUN_PRESENT" in payload["windows99_verify_collection"][
"expected_no_secret_output_fields"
]
assert "-Mode Verify" in payload["windows99_verify_collection"][
"no_secret_verify_command"
]
assert "windows_password_or_secret_collection" in payload[
"windows99_verify_collection"
]["forbidden_actions"]
assert payload["safe_next_step"] == (
"collect_windows99_vmware_autostart_verify_readback_then_rerun_all_host_"
"reboot_scorecard_no_secret_no_reboot"