fix(api): expose credential escrow rollups at top level
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Successful in 19s
CD Pipeline / post-deploy-checks (push) Has been cancelled
CD Pipeline / build-and-deploy (push) Has been cancelled

This commit is contained in:
Your Name
2026-06-29 18:48:53 +08:00
parent 1650408392
commit c70bcf4819
2 changed files with 33 additions and 23 deletions

View File

@@ -303,6 +303,29 @@ def _build_payload(
if effective_missing == 0 and not blocked_items:
status = "ready_for_escrow_marker_review"
safe_next_step = "collect_redacted_non_secret_evidence_refs_then_rerun_preflight"
rollup_readback = {
"required_item_count": len(missing_items),
"missing_item_count": len(blocked_items),
"blocked_item_ids": blocked_items,
"effective_escrow_missing_count": effective_missing,
"owner_response_received_count": _int(
rollups.get("credential_escrow_owner_response_received_count")
),
"owner_response_accepted_count": _int(
rollups.get("credential_escrow_owner_response_accepted_count")
),
"runtime_gate_count": _int(rollups.get("credential_escrow_runtime_gate_count")),
"credential_marker_write_authorized_count": _int(
rollups.get("credential_marker_write_authorized_count")
),
"secret_value_collection_allowed": bool(
rollups.get("credential_escrow_secret_value_collection_allowed")
),
"forbidden_true_field_count": _int(
rollups.get("credential_escrow_forbidden_true_field_count")
),
"forbidden_value_count": len(forbidden_values),
}
payload = {
"schema_version": _SCHEMA_VERSION,
@@ -311,6 +334,7 @@ def _build_payload(
"scope": "credential_escrow_evidence_intake",
"status": status,
"safe_next_step": safe_next_step,
**rollup_readback,
"readback": {
"workplan_id": "P0-005",
"workplan_title": "產品資料與備份 contract",
@@ -339,29 +363,7 @@ def _build_payload(
"workflow_dispatch",
"host_or_k8s_write",
],
"rollups": {
"required_item_count": len(missing_items),
"missing_item_count": len(blocked_items),
"blocked_item_ids": blocked_items,
"effective_escrow_missing_count": effective_missing,
"owner_response_received_count": _int(
rollups.get("credential_escrow_owner_response_received_count")
),
"owner_response_accepted_count": _int(
rollups.get("credential_escrow_owner_response_accepted_count")
),
"runtime_gate_count": _int(rollups.get("credential_escrow_runtime_gate_count")),
"credential_marker_write_authorized_count": _int(
rollups.get("credential_marker_write_authorized_count")
),
"secret_value_collection_allowed": bool(
rollups.get("credential_escrow_secret_value_collection_allowed")
),
"forbidden_true_field_count": _int(
rollups.get("credential_escrow_forbidden_true_field_count")
),
"forbidden_value_count": len(forbidden_values),
},
"rollups": rollup_readback,
"operation_boundaries": {
"read_only_api_allowed": True,
"backup_execution_allowed": False,

View File

@@ -31,6 +31,10 @@ def test_credential_escrow_evidence_intake_reports_p0_blocker():
"collect_redacted_non_secret_evidence_refs_then_rerun_preflight"
)
assert payload["readback"]["safe_next_step"] == payload["safe_next_step"]
assert payload["missing_item_count"] == 5
assert payload["owner_response_accepted_count"] == 0
assert payload["runtime_gate_count"] == 0
assert payload["secret_value_collection_allowed"] is False
assert payload["rollups"]["required_item_count"] == 5
assert payload["rollups"]["missing_item_count"] == 5
assert payload["rollups"]["effective_escrow_missing_count"] == 5
@@ -63,6 +67,10 @@ def test_credential_escrow_evidence_intake_endpoint_returns_readiness():
assert data["safe_next_step"] == (
"collect_redacted_non_secret_evidence_refs_then_rerun_preflight"
)
assert data["missing_item_count"] == 5
assert data["owner_response_accepted_count"] == 0
assert data["runtime_gate_count"] == 0
assert data["secret_value_collection_allowed"] is False
assert data["rollups"]["missing_item_count"] == 5
assert data["operation_boundaries"]["restore_execution_allowed"] is False
assert data["operation_boundaries"]["workflow_trigger_allowed"] is False