Files
awoooi/docs/operations/agent99-enterprise-ai-automation-work-items.snapshot.json
ogt 34e32f6ed6
All checks were successful
CD Pipeline / workflow-shape (push) Successful in 1s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Successful in 2m27s
CD Pipeline / build-and-deploy (push) Successful in 6m39s
CD Pipeline / post-deploy-checks (push) Successful in 1m55s
fix(agent99): dispatch actionable alerts with receipts
2026-07-11 10:30:29 +08:00

807 lines
50 KiB
JSON

{
"schema_version": "agent99_enterprise_ai_automation_work_items_v1",
"generated_at": "2026-07-11T10:27:00+08:00",
"status": "in_progress_p0_alert_routing_grouping_dedupe",
"scope_complete": false,
"north_star": "Make Windows host 192.168.0.99 the policy-controlled on-prem AI execution node for all hosts, VMs, services, products, sites, tools, packages, alerts and recovery workflows, with external monitoring when host 99 is unavailable.",
"canonical_sources": {
"human_plan": "docs/workplans/2026-07-10-agent99-enterprise-ai-automation-master-plan.md",
"historical_requirement_ledger": "docs/workplans/2026-07-02-commander-inserted-requirements-priority-ledger.md",
"agent99_sop": "AGENT99-AI-WORKSTATION-SOP.md",
"reboot_sop": "HOST-REBOOT-AI-AUTOMATION-SOP.md",
"cold_start_baseline": "ops/reboot-recovery/full-stack-cold-start-baseline.yml",
"backup_baseline": "ops/reboot-recovery/full-stack-backup-baseline.yml",
"product_repo_inventory": "docs/operations/gitea-all-product-dev-prod-repo-readback.snapshot.json",
"runtime_enterprise_work_items_readback": "https://awoooi.wooo.work/api/v1/agents/agent99-enterprise-ai-automation-work-items",
"runtime_priority_readback": "https://awoooi.wooo.work/api/v1/agents/awoooi-priority-work-order-readback",
"runtime_reboot_slo_readback": "https://awoooi.wooo.work/api/v1/agents/reboot-auto-recovery-slo-scorecard"
},
"current_p0": {
"id": "AG99-P0-002",
"title": "Alert taxonomy, routing, grouping and dedupe",
"reason": "Direct Alertmanager events and actionable Telegram cards did not share one receipt and resolution contract; cold-start could be misclassified as Kubernetes and failed CI/CD cards were not mirrored to Agent99.",
"implementation_status": "source_candidate_and_contract_green_runtime_deploy_pending",
"next_action": "Finish the Gitea source receipt and single-writer CD coordination, atomically deploy the tested package to Windows 99, verify the runtime manifest, then replay exact ACTION REQUIRED cold-start and CI/CD failure cards plus the existing alert corpus."
},
"current_runtime_truth": {
"observed_at": "2026-07-11T10:27:41+08:00",
"awoooi_health_http_status": 200,
"awoooi_health_state": "degraded",
"awoooi_runtime_build_commit_sha": "4a4b95e5135e8cf71d807a54700a962f5490088f",
"gitea_main_observed_sha": "f102616f0",
"gitea_main_deployed_source_sha": "4a4b95e5135e8cf71d807a54700a962f5490088f",
"runtime_work_items_generated_at": "2026-07-10T19:40:00+08:00",
"windows99_agent99_manifest_observed_at": "2026-07-11T09:51:00+08:00",
"windows99_agent99_source_revision": "e478ee128dfa046a9ddad872d3f60446e4477486e",
"windows99_agent99_runtime_matched": true,
"windows99_agent99_runtime_file_count": 14,
"windows99_agent99_runtime_mismatch_count": 0,
"reboot_slo_status": "blocked_reboot_auto_recovery_slo_not_ready",
"reboot_slo_readiness_percent": 33,
"reboot_slo_primary_blocker": "fresh_all_host_reboot_event_missing",
"reboot_slo_active_blockers": [
"all_required_hosts_not_in_10_minute_reboot_window",
"host_boot_observation_older_than_target_window",
"host_uptime_unknown",
"windows99_vmware_guest_power_not_ready",
"edge_public_maintenance_live_config_drift",
"windows99_vmware_vmx_missing",
"windows99_update_no_auto_reboot_policy_not_ready",
"privileged_edge_apply_channel_unavailable",
"stockplatform_freshness_blocked",
"stockplatform_ingestion_blocked",
"post_start_blocked_not_zero",
"service_green_not_1",
"fresh_all_host_reboot_event_missing",
"windows99_vmware_autostart_config_not_ready",
"product_data_green_not_1",
"stockplatform_freshness_core_market_index_daily_tw_stale",
"stockplatform_freshness_core_price_daily_missing",
"stockplatform_freshness_core_chips_daily_missing",
"stockplatform_freshness_core_margin_short_daily_missing",
"stockplatform_freshness_ai_recommendations_stale",
"stockplatform_ingestion_core.price_daily_incomplete",
"stockplatform_ingestion_core.chips_daily_incomplete",
"stockplatform_ingestion_core.margin_short_daily_incomplete",
"stockplatform_ingestion_core.market_index_daily.tw_incomplete"
],
"claims_forbidden": [
"all_services_recovered_within_10_minutes",
"all_products_are_latest",
"agent99_is_a_complete_ai_agent",
"http_200_means_full_stack_healthy",
"command_exit_zero_means_incident_resolved"
]
},
"coverage": {
"hosts": [
{
"id": "99",
"address": "192.168.0.99",
"role": "Windows AI execution and VMware control node",
"required_surfaces": ["Agent99", "VMware Workstation", "vmrun", "Task Scheduler", "PowerShell", "OpenSSH", "Windows Update policy", "desktop control center"]
},
{
"id": "110",
"address": "192.168.0.110",
"role": "DevOps, SCM, registry, observability and backup node",
"required_surfaces": ["Gitea", "Gitea Actions runner", "Docker", "Harbor", "Registry", "Prometheus", "Alertmanager", "Sentry", "backup"]
},
{
"id": "111",
"address": "192.168.0.111",
"role": "Required VMware guest with role manifest pending",
"required_surfaces": ["verified VMX inventory", "VM power", "boot identity", "uptime", "SSH", "exporter", "service role manifest"]
},
{
"id": "112",
"address": "192.168.0.112",
"role": "Kali and IWOOOS security node",
"required_surfaces": ["VM power", "boot identity", "SSH", "security tool health", "IWOOOS evidence collector"]
},
{
"id": "120",
"address": "192.168.0.120",
"role": "K3s control plane, VIP and AWOOOI workload node",
"required_surfaces": ["K3s", "containerd", "kubectl", "VIP", "AWOOOI deployments", "Velero", "CronJobs"]
},
{
"id": "121",
"address": "192.168.0.121",
"role": "K3s peer and DR drill node",
"required_surfaces": ["K3s", "containerd", "peer readiness", "workload balance", "Velero restore drill"]
},
{
"id": "188",
"address": "192.168.0.188",
"role": "Data, AI, observability and web workload node",
"required_surfaces": ["PostgreSQL", "Redis", "MOMO", "Nginx", "OpenClaw", "Ollama", "SignOz", "Langfuse", "AI providers", "backup"]
}
],
"products": [
{"id": "awoooi", "gitea_repo": "wooo/awoooi"},
{"id": "ewoooc", "gitea_repo": "wooo/ewoooc"},
{"id": "2026fifa", "gitea_repo": "wooo/2026FIFAWorldCup"},
{"id": "agent-bounty-protocol", "gitea_repo": "wooo/agent-bounty-protocol"},
{"id": "awooogo", "gitea_repo": "wooo/AwoooGo"},
{"id": "stockplatform-v2", "gitea_repo": "wooo/stockplatform-v2"},
{"id": "vibework", "gitea_repo": "wooo/vibework"},
{"id": "momo-pro-system", "gitea_repo": "wooo/momo-pro-system"},
{"id": "tsenyang-website", "gitea_repo": "wooo/tsenyang-website"},
{"id": "vtuber", "gitea_repo": "wooo/vtuber"},
{"id": "bitan-pharmacy", "gitea_repo": "wooo/bitan-pharmacy"},
{"id": "clawbot-openclaw", "gitea_repo": "wooo/clawbot-v5"}
],
"platform_planes": ["AWOOOI", "AwoooP", "IWOOOS", "AISOC", "AgentOps", "OpenClaw", "KM", "RAG", "MCP", "PlayBook"],
"public_surfaces": [
{"id": "awoooi-api", "url": "https://awoooi.wooo.work/api/v1/health", "owner": "awoooi"},
{"id": "awoooi-web", "url": "https://awoooi.wooo.work/", "owner": "awoooi"},
{"id": "iwooos", "url": "https://awoooi.wooo.work/zh-TW/iwooos", "owner": "awoooi"},
{"id": "vibework", "url": "https://vibework.wooo.work/", "owner": "vibework"},
{"id": "awooogo", "url": "https://awooogo.wooo.work/", "owner": "awooogo"},
{"id": "2026fifa", "url": "https://2026fifa.wooo.work/", "owner": "2026fifa"},
{"id": "agent", "url": "https://agent.wooo.work/", "owner": "ownership_contract_pending"},
{"id": "momo", "url": "https://mo.wooo.work/", "owner": "momo-pro-system"},
{"id": "momo-health", "url": "https://mo.wooo.work/health", "owner": "momo-pro-system"},
{"id": "stock", "url": "https://stock.wooo.work/", "owner": "stockplatform-v2"},
{"id": "stock-health", "url": "https://stock.wooo.work/healthz", "owner": "stockplatform-v2"},
{"id": "stock-api", "url": "https://stock.wooo.work/api/healthz", "owner": "stockplatform-v2"},
{"id": "bitan", "url": "https://bitan.wooo.work/", "owner": "bitan-pharmacy"},
{"id": "tsenyang", "url": "https://tsenyang.com/", "owner": "tsenyang-website"},
{"id": "tsenyang-www", "url": "https://www.tsenyang.com/", "owner": "tsenyang-website"},
{"id": "vtuber", "url": "https://vtuber.wooo.work/", "owner": "vtuber"},
{"id": "gitea", "url": "https://gitea.wooo.work/", "owner": "platform-110"},
{"id": "harbor", "url": "https://harbor.wooo.work/", "owner": "platform-110"},
{"id": "registry", "url": "https://registry.wooo.work/", "owner": "platform-110"},
{"id": "sentry", "url": "https://sentry.wooo.work/", "owner": "platform-observability"},
{"id": "signoz", "url": "https://signoz.wooo.work/", "owner": "platform-observability"},
{"id": "langfuse", "url": "https://langfuse.wooo.work/", "owner": "platform-ai"},
{"id": "aiops", "url": "https://aiops.wooo.work/", "owner": "ownership_contract_pending"}
],
"service_domains": [
"windows_and_vmware",
"network_and_dns",
"linux_systemd_and_schedulers",
"docker_containerd_and_k3s",
"gitea_runner_harbor_registry_and_cd",
"postgresql_redis_and_object_data",
"nginx_tls_edge_and_maintenance",
"prometheus_alertmanager_sentry_signoz_langfuse_and_wazuh",
"openclaw_hermes_nemotron_elephantalpha_ollama_litellm_and_models",
"backup_restic_rclone_velero_offsite_integrity_and_restore",
"km_rag_mcp_playbook_and_agentops",
"telegram_sre_and_operator_command_surfaces"
],
"package_domains": [
"windows_updates_and_drivers",
"linux_os_packages_and_kernels",
"container_images_and_digests",
"python_node_and_application_dependencies",
"vmware_tools_and_guest_agents",
"ai_models_adapters_and_provider_clients",
"security_rules_signatures_and_sbom"
]
},
"control_plane": [
{"node": "external_watcher_edge", "responsibility": "Detect host 99 or all-site outage and keep alerts/status/maintenance available outside the local failure domain."},
{"node": "awoooi", "responsibility": "Canonical events, incidents, fingerprints, recurrence, product and SLO read models."},
{"node": "awooop", "responsibility": "Work Items, Runs, approvals, candidates, rollback, verifier and asset ledger."},
{"node": "iwooos_aisoc", "responsibility": "Security evidence, policy, investigation and controlled response."},
{"node": "agent99", "responsibility": "Evidence collection, planning, policy-bound execution, verification and callbacks for Windows, VMs, hosts, services and sites."},
{"node": "km_rag_mcp_playbook", "responsibility": "Replayable evidence, knowledge, tools, trusted remediation and learning."},
{"node": "telegram_sre", "responsibility": "Human-readable command and incident summary surface, never the only database or an arbitrary shell."}
],
"automation_flow": [
"sense",
"normalize",
"group_and_dedupe",
"collect_evidence",
"plan",
"policy_decision",
"controlled_execute",
"mode_specific_verify",
"callback_and_notify",
"learn_and_prevent_recurrence"
],
"outcome_contract": {
"states": ["received", "diagnosing", "candidate_ready", "executing", "verifying", "resolved", "degraded", "blocked", "failed"],
"resolved_requires": ["verifier_passed", "source_event_resolved", "evidence_ref", "verified_at", "callback_written"],
"exit_code_zero_semantics": "command_transport_completed_only",
"observation_window_required_after_resolved": true
},
"professional_controls": [
"external_failure_domain_monitoring",
"zero_trust_authenticated_ingress",
"event_sourcing_and_idempotency",
"single_flight_and_concurrency_locks",
"dependency_dag_and_recovery_state_machine",
"mode_specific_verifiers",
"progressive_remediation_and_canary",
"circuit_breakers_timeouts_and_real_rollback",
"immutable_redacted_evidence",
"source_cd_runtime_and_data_freshness_provenance",
"slo_error_budget_mtta_mttr_and_recurrence",
"playbook_replay_shadow_canary_and_trust_promotion",
"sbom_cve_eol_package_and_model_drift",
"backup_integrity_offsite_and_restore_drills",
"human_readable_traditional_chinese_incident_cards"
],
"hard_boundaries": [
"secret_token_private_key_cookie_session_or_authorization_header_plaintext_access_or_exfiltration",
"drop_truncate_destructive_migration_restore_prune_or_remote_delete",
"host_reboot_vm_power_change_node_drain_or_irreversible_firewall_cutover",
"credentialed_exploit_or_external_attack_scan",
"paid_provider_cost_change_or_production_provider_route_switch",
"unvalidated_openclaw_core_replacement",
"force_push_repo_ref_visibility_or_source_history_destruction",
"raw_runtime_secret_volume_session_sqlite_or_auth_database_access"
],
"shared_acceptance_contract": [
"target_selector_present",
"source_of_truth_diff_present",
"before_evidence_present",
"check_mode_or_dry_run_present",
"rollback_present",
"mode_specific_post_verifier_present",
"timeout_and_single_flight_present",
"callback_and_human_readable_notification_present",
"km_rag_playbook_and_recurrence_writeback_present"
],
"promotion_contract": {
"applies_before_states": ["candidate_ready", "in_progress", "executing"],
"required_item_fields": [
"id",
"order",
"priority",
"status",
"title",
"owner_lane",
"dependencies",
"scope_refs",
"problem",
"trigger",
"ai_role",
"action_mode",
"evidence_sources",
"controlled_actions",
"prohibited_actions",
"rollback",
"verifier",
"callback",
"acceptance",
"next_action"
]
},
"work_items": [
{
"id": "AG99-P0-001",
"order": 1,
"priority": "P0",
"status": "complete",
"title": "Agent outcome truth and source-runtime reconciliation",
"owner_lane": "agent99_control_plane",
"dependencies": [],
"scope_refs": ["host:99", "platform:Agent99", "platform:AWOOOI", "platform:AwoooP"],
"problem": "Command exit success is counted as resolved and deployed Windows scripts can drift from Gitea source.",
"trigger": "Any Agent99 command completion or source/runtime manifest mismatch.",
"ai_role": "Outcome evaluator and runtime provenance verifier",
"action_mode": "controlled_apply",
"evidence_sources": ["Agent99 event store", "mode evidence JSON", "source file hashes", "host 99 runtime file hashes", "AWOOOI incident state"],
"controlled_actions": ["replace outcome mapping", "add verifier contract", "deploy signed script set", "write runtime manifest"],
"prohibited_actions": ["mark resolved from exit code alone", "read secrets", "reboot host 99"],
"rollback": "Restore previous signed Agent99 script set and keep incidents degraded rather than resolved.",
"verifier": "For every mode, require post-condition pass plus source event resolution; compare source and runtime manifest hashes.",
"callback": "Write final outcome to AWOOOI incident and AwoooP Run/Verifier using the same trace id.",
"acceptance": "No false-resolved regression cases; source/runtime drift count is zero; unresolved evidence stays degraded or blocked.",
"completion_receipt": {
"source_revision": "5ea4405c2a75b51244da168a4834d27e24d74ee6",
"runtime_manifest_matched": true,
"runtime_manifest_file_count": 7,
"runtime_manifest_mismatch_count": 0,
"self_health_runtime_manifest_severity": "ok",
"outcome_self_test_ok": true,
"operator_replay_state": "resolved",
"operator_replay_verified_resolved": 1,
"alert_replay_state": "verifying",
"alert_replay_verified_resolved": 0,
"alert_replay_source_event_resolved": false,
"telegram_sent_count": 0,
"rollback": "C:\\Wooo\\Agent99\\rollback\\p0-001-pre-5ea4405c",
"evidence": [
"C:\\Wooo\\Agent99\\evidence\\agent99-OutcomeContractSelfTest-20260710-161302.json",
"C:\\Wooo\\Agent99\\evidence\\agent99-SelfCheck-20260710-161350.json",
"C:\\Wooo\\Agent99\\queue\\processed\\processed-p0-001-operator-verifier-20260710-1615.json",
"C:\\Wooo\\Agent99\\queue\\processed\\processed-p0-001-alert-verifier-20260710-1615.json",
"C:\\Wooo\\Agent99\\evidence\\agent99-ControlTick-20260710-161919.json"
]
},
"next_action": "Keep runtime-manifest drift and verified-resolution counters under SelfCheck; continue with AG99-P0-002."
},
{
"id": "AG99-P0-002",
"order": 2,
"priority": "P0",
"status": "in_progress",
"title": "Alert taxonomy, routing, grouping and dedupe",
"owner_lane": "awoooi_alert_router_agent99_ingress",
"dependencies": ["AG99-P0-001"],
"scope_refs": ["all:alerts", "platform:AWOOOI", "host:99", "surface:Telegram"],
"problem": "Source text can contaminate routing, actionable Telegram cards can bypass Agent99, transport responses can be mistaken for accepted work, and wrong modes or duplicate incidents can result.",
"trigger": "Any normalized Alertmanager event, AI automation card, ACTION REQUIRED incident card, or failed AWOOOI CI/CD card entering the AWOOOI-to-Agent99 bridge.",
"ai_role": "Normalized incident classifier",
"action_mode": "controlled_apply",
"evidence_sources": ["Alertmanager payload", "Telegram outbound source envelope", "relay acceptance receipt", "suggestedMode", "event kind", "fingerprint", "five-minute grouping window"],
"controlled_actions": ["prioritize explicit kind and suggested mode", "group before bridge", "single-flight by incident fingerprint", "mirror actionable cards", "retain sanitized dispatch receipt", "propagate source-event resolution policy"],
"prohibited_actions": ["route from source name alone", "emit duplicate same-state incidents"],
"rollback": "Restore previous router while keeping dedupe store and queued events intact.",
"verifier": "Replay exact Alertmanager and Telegram card corpus; assert one active incident, expected mode, accepted relay receipt, runtime evidence and legal source-event closure per fingerprint.",
"callback": "Publish normalized route decision and dedupe reason to AWOOOI and AwoooP.",
"acceptance": "Known ACTION REQUIRED cold-start, CI/CD failure, backup, provider, reboot, PostgreSQL, host and K3s samples route to the correct lane with no duplicate same-state dispatch; every accepted dispatch has a durable receipt and runtime verifier outcome.",
"completion_percent": 85,
"completion_dimensions": {
"source_contract_percent": 100,
"test_contract_percent": 100,
"gitea_cd_percent": 0,
"windows99_runtime_percent": 0,
"live_replay_percent": 0
},
"implementation_progress": "Source dispatcher, receipt, taxonomy and resolution-policy contracts are green; Gitea CD, Windows 99 runtime deployment and exact live replay remain pending.",
"evidence_refs": ["131 focused tests passed after Gitea main rebase", "276 expanded all-Telegram and Agent99/RepairCandidate tests passed after Telegram single-owner integration", "repository static governance suite passed", "synthetic relay HTTP 202 ok=true inboxTriggered=true", "runtime work-items endpoint still serves 2026-07-10 snapshot"],
"next_action": "Finish the Gitea source receipt and single-writer coordination, deploy atomically to Windows 99, verify the runtime manifest, and rerun the exact actionable-card and Alertmanager corpus through live ingress."
},
{
"id": "AG99-P0-003",
"order": 3,
"priority": "P0",
"status": "planned",
"title": "Authenticated and policy-preserving Agent99 ingress",
"owner_lane": "agent99_security",
"dependencies": ["AG99-P0-002"],
"scope_refs": ["host:99", "surface:Telegram", "surface:LAN relay", "platform:IWOOOS"],
"problem": "Relay authentication is optional, the LAN is broadly trusted, producer repair policy can be overwritten and Telegram lacks a sender allowlist.",
"trigger": "Any LAN relay, Telegram command or monitoring-event ingress request.",
"ai_role": "Zero-trust command gate",
"action_mode": "controlled_apply",
"evidence_sources": ["relay auth metadata", "Telegram chat and sender metadata", "request policy", "idempotency key"],
"controlled_actions": ["require relay token presence without exposing it", "enforce chat and sender allowlists", "preserve producer auto-repair policy", "single consumer lease"],
"prohibited_actions": ["accept unauthenticated LAN writes", "log token or raw chat id", "force controlled apply at producer"],
"rollback": "Disable remote ingress and retain local signed queue until authentication is healthy.",
"verifier": "Negative auth tests, replay protection, allowlist tests and policy preservation tests.",
"callback": "Record accepted or rejected ingress receipt without secret values.",
"acceptance": "Unauthenticated, replayed or unauthorized requests are rejected; authorized requests preserve source policy and trace identity.",
"next_action": "Make relay authentication mandatory and add Telegram sender authorization."
},
{
"id": "AG99-P0-004",
"order": 4,
"priority": "P0",
"status": "planned",
"title": "EvidenceCollect, MCP and RepairCandidate lanes",
"owner_lane": "agent99_investigator_awooop_candidate",
"dependencies": ["AG99-P0-001", "AG99-P0-002", "AG99-P0-003"],
"scope_refs": ["all:incidents", "platform:MCP", "platform:AwoooP"],
"problem": "Events with missing evidence are sent to unrelated fixed modes and repair candidates are not materialized or traceable.",
"trigger": "An actionable incident lacks a trusted PlayBook, complete evidence or a safe executable candidate.",
"ai_role": "Evidence investigator and controlled remediation planner",
"action_mode": "observe_then_controlled_apply",
"evidence_sources": ["metrics", "logs", "runtime state", "recent changes", "source and deploy provenance", "MCP references"],
"controlled_actions": ["collect redacted evidence", "create candidate", "attach repair rollback and verifier", "queue owner review when required"],
"prohibited_actions": ["execute generic fallback repair", "invent missing evidence", "switch provider"],
"rollback": "Expire the candidate without runtime action and preserve the evidence packet.",
"verifier": "Incident-to-candidate trace and required-field completeness checker.",
"callback": "Create or update AwoooP Work Item and AWOOOI incident candidate status.",
"acceptance": "Every actionable missing-evidence incident has a candidate or an explicit blocked reason, not a false resolved result.",
"next_action": "Add first-class EvidenceCollect and RepairCandidate modes and state directories."
},
{
"id": "AG99-P0-005",
"order": 5,
"priority": "P0",
"status": "planned",
"title": "Mode-specific verifiers, rollback, cooldown and circuit breakers",
"owner_lane": "agent99_remediation_runtime",
"dependencies": ["AG99-P0-004"],
"scope_refs": ["all:remediation_modes"],
"problem": "Generic execution success and permissive verifier logic can write cooldown markers after failed repairs; rollback is often only recorded.",
"trigger": "Any remediation mode reaches execution, verification, rollback or cooldown evaluation.",
"ai_role": "Remediation executor and post-condition verifier",
"action_mode": "controlled_apply",
"evidence_sources": ["before state", "command receipt", "post state", "source alert", "observation window"],
"controlled_actions": ["run allowlisted repair", "perform actual rollback", "open circuit on repeated failures", "write cooldown only after verified success"],
"prohibited_actions": ["generic stateful restart", "cooldown on failed verify", "delete healthy pods"],
"rollback": "Mode-specific executable rollback with its own verifier.",
"verifier": "Recover, Perf, LoadShed, Harbor, AWOOOI, backup and provider modes each define independent post-conditions.",
"callback": "Report execution and verification separately to AWOOOI and AwoooP.",
"acceptance": "Failure, rollback and resolved states are distinguishable and regression-tested for every executable mode.",
"next_action": "Replace OR-based load-shed success and add verifier interfaces per mode."
},
{
"id": "AG99-P0-006",
"order": 6,
"priority": "P0",
"status": "planned",
"title": "Agent99 completion callback and incident closure",
"owner_lane": "agent99_awoooi_awooop_integration",
"dependencies": ["AG99-P0-001", "AG99-P0-005"],
"scope_refs": ["platform:AWOOOI", "platform:AwoooP", "platform:IWOOOS", "surface:Telegram"],
"problem": "AWOOOI-to-Agent99 dispatch is not matched by a canonical Agent99-to-AWOOOI completion path.",
"trigger": "Any Agent99 run changes state or produces a verifier result.",
"ai_role": "Cross-system incident closer",
"action_mode": "controlled_apply",
"evidence_sources": ["incident id", "run id", "work item id", "verifier receipt", "recurrence state"],
"controlled_actions": ["write signed callback", "update Run and Work Item", "render human notification", "reopen on recurrence"],
"prohibited_actions": ["close by Telegram send success", "create unrelated incident ids"],
"rollback": "Queue callback retry idempotently without repeating the repair.",
"verifier": "Read back identical trace, final state and verifier evidence from AWOOOI and AwoooP.",
"callback": "This work item creates the canonical callback contract.",
"acceptance": "One trace is visible from alert receipt through final verifier, notification and recurrence counters.",
"next_action": "Define callback schema and idempotent authenticated endpoint."
},
{
"id": "AG99-P0-007",
"order": 7,
"priority": "P0",
"status": "in_progress_blocked",
"title": "All-host ten-minute reboot recovery state machine",
"owner_lane": "reboot_auto_recovery",
"dependencies": ["AG99-P0-001", "AG99-P0-005", "AG99-P0-006"],
"scope_refs": ["host:99", "host:110", "host:111", "host:112", "host:120", "host:121", "host:188", "all:public_surfaces"],
"problem": "Reboot detection and recovery remain one-shot or incomplete, with stale uptime, unreachable host and VM power blockers.",
"trigger": "Fresh boot identity, host down/up transition, Windows startup task or all-host reboot correlation.",
"ai_role": "Dependency-aware reboot recovery orchestrator",
"action_mode": "controlled_apply",
"evidence_sources": ["boot id", "uptime", "VM power", "SSH", "exporters", "service DAG", "public and data freshness"],
"controlled_actions": ["detect reboot epoch", "start dependency phases", "retry bounded stateless recovery", "emit ETA and blockers"],
"prohibited_actions": ["blind host reboot", "declare green from route 200", "skip data and backup checks"],
"rollback": "Stop at last verified phase, activate maintenance state and preserve dependent workloads.",
"verifier": "Measure detection time, first availability, full green time and every required host/service/product gate.",
"callback": "Write reboot incident phase and SLO result to AWOOOI, AwoooP and Telegram.",
"acceptance": "A fresh all-host reboot drill is detected and all required gates recover within 600 seconds or report a precise blocker and ETA.",
"next_action": "After AG99-P0-001 through AG99-P0-004, rerun no-secret collector and state-machine scorecard without VM power changes."
},
{
"id": "AG99-P0-008",
"order": 8,
"priority": "P0",
"status": "in_progress_blocked",
"title": "Windows 99 VMware autostart, VMX, lock and update policy",
"owner_lane": "windows99_vmware",
"dependencies": ["AG99-P0-003", "AG99-P0-005"],
"scope_refs": ["host:99", "host:110", "host:111", "host:112", "host:120", "host:121", "host:188"],
"problem": "Verified VMX inventory, guest power readback, VMware autostart and Windows no-auto-reboot policy are not all green.",
"trigger": "Windows startup, VMware exclusive-lock error, guest power mismatch, VMX drift or Windows Update policy drift.",
"ai_role": "Windows and VMware control agent",
"action_mode": "check_mode_then_controlled_apply",
"evidence_sources": ["VMX inventory", "vmrun list", "VMware services", "scheduled tasks", "lock owners", "Windows Update policy"],
"controlled_actions": ["repair stale lock after owner proof", "configure autostart order", "verify guest tools and network", "apply reversible update policy"],
"prohibited_actions": ["delete unknown lock", "guess VMX path", "power off VM", "reboot Windows without break-glass"],
"rollback": "Restore previous task, service and policy exports; keep guest power unchanged during check mode.",
"verifier": "All required VMX paths exist, guests report running and reachable, tasks survive reboot, update policy drift is zero.",
"callback": "Update reboot SLO VMware and Windows policy gates.",
"acceptance": "99 startup automatically launches VMware and required guests in order, with no exclusive-lock failure and no surprise Windows Update reboot.",
"next_action": "Complete 111 role/VMX inventory and build the guest-power readback check mode."
},
{
"id": "AG99-P0-009",
"order": 9,
"priority": "P0",
"status": "in_progress_blocked",
"title": "External outage watcher and maintenance failover",
"owner_lane": "edge_external_observability",
"dependencies": ["AG99-P0-002", "AG99-P0-006"],
"scope_refs": ["host:99", "all:hosts", "all:public_surfaces"],
"problem": "Host 99 cannot detect its own outage and edge fallback has live configuration drift, allowing raw 502 during local recovery.",
"trigger": "External synthetic failure, local recovery incident or raw public 5xx threshold breach.",
"ai_role": "External availability observer and maintenance-state controller",
"action_mode": "controlled_apply",
"evidence_sources": ["external synthetic probes", "edge health", "maintenance headers", "local recovery state"],
"controlled_actions": ["send down and up incidents", "activate pre-provisioned maintenance origin", "withdraw fallback after verifier"],
"prohibited_actions": ["daily DNS mutation", "hide partial outage", "depend on 99 for all-host-down detection"],
"rollback": "Restore previous edge origin and keep status page incident open until public verifier passes.",
"verifier": "External probe sees maintenance content instead of raw 502 during outage and normal routes after recovery.",
"callback": "Correlate external outage with reboot incident and Telegram lifecycle card.",
"acceptance": "Down, recovering and recovered remain observable outside the LAN, and public users never receive unmanaged 502 for a known full-stack recovery.",
"next_action": "Resolve edge live-config drift and define an independent watcher runtime outside 99/110/188."
},
{
"id": "AG99-P0-010",
"order": 10,
"priority": "P0",
"status": "in_progress",
"title": "All-product version and data freshness matrix",
"owner_lane": "product_runtime_governance",
"dependencies": ["AG99-P0-006"],
"scope_refs": ["all:products", "all:public_surfaces", "all:data_sources"],
"problem": "Repository presence and HTTP 200 do not prove that every product runtime and dataset is current.",
"trigger": "Source change, CD completion, scheduled freshness audit or product stale/degraded alert.",
"ai_role": "Release and freshness auditor",
"action_mode": "observe_then_controlled_apply",
"evidence_sources": ["Gitea main and dev SHA", "Gitea CD run", "deploy marker", "runtime image digest", "public smoke", "data last seen"],
"controlled_actions": ["flag drift", "queue product-specific deploy candidate", "rerun freshness ingestion verifier"],
"prohibited_actions": ["claim latest from repo alone", "force deploy without product verifier", "switch paid provider"],
"rollback": "Use product-specific previous image or release marker and rerun functional/data verifiers.",
"verifier": "One row per product and route with source, CD, runtime, HTTP, feature and data-freshness evidence in the same window.",
"callback": "Project matrix status to AWOOOI product governance and AwoooP Work Items.",
"acceptance": "All 12 product rows and all public surfaces are either verified current or explicitly degraded with owner and next action.",
"next_action": "Generate a fresh matrix and close route ownership_contract_pending rows."
},
{
"id": "AG99-P0-011",
"order": 11,
"priority": "P0",
"status": "planned",
"title": "Global log registry, anomaly analysis and correlation",
"owner_lane": "aiops_log_intelligence",
"dependencies": ["AG99-P0-002", "AG99-P0-004"],
"scope_refs": ["all:hosts", "all:products", "all:sites", "all:services", "all:tools", "all:packages"],
"problem": "Logs are distributed and noisy; Agent99 lacks a complete freshness-aware source registry and cross-signal causal correlation.",
"trigger": "New log source registration, source freshness breach or incident evidence collection.",
"ai_role": "Log analyst and root-cause correlator",
"action_mode": "observe_then_controlled_apply",
"evidence_sources": ["redacted log metadata", "metrics", "traces", "deploy events", "backup events", "host events"],
"controlled_actions": ["tag and cluster", "identify primary and secondary signals", "create evidence packet", "route to playbook"],
"prohibited_actions": ["ingest secrets", "read raw sessions or SQLite", "auto-execute from untrusted log text"],
"rollback": "Disable faulty adapter or model route while retaining raw-source pointers and normalized receipts.",
"verifier": "Coverage, freshness, redaction, cluster precision and incident linkage readback.",
"callback": "Write cluster, root-cause confidence and evidence refs to incident and KM/RAG.",
"acceptance": "Every registered domain has owner, adapter, freshness and redaction status; primary issue and noise are distinguishable.",
"next_action": "Build metadata-only registry and first adapters for Telegram, reboot, CPU, backup and provider freshness."
},
{
"id": "AG99-P0-012",
"order": 12,
"priority": "P0",
"status": "in_progress",
"title": "Backup observability, integrity, offsite and restore drills",
"owner_lane": "backup_dr",
"dependencies": ["AG99-P0-006", "AG99-P0-011"],
"scope_refs": ["all:backup_domains", "all:hosts", "all:products"],
"problem": "Backup activity and restore readiness are not consistently visible or understandable across host, DB, site, service, package, tool, log and AI artifacts.",
"trigger": "Backup schedule window, freshness breach, integrity failure, offsite failure or restore drill due date.",
"ai_role": "Backup auditor and safe restore planner",
"action_mode": "observe_then_controlled_apply",
"evidence_sources": ["schedule", "last success", "snapshot metadata", "integrity result", "offsite receipt", "restore drill"],
"controlled_actions": ["rerun non-destructive verifier", "repair stale status marker", "queue isolated restore drill"],
"prohibited_actions": ["read backup contents or secrets", "prune", "restore over production", "delete remote copies"],
"rollback": "Stop verifier or isolated drill without changing source repositories.",
"verifier": "Each baseline domain has schedule, freshness, integrity and isolated restore evidence.",
"callback": "Report one lifecycle incident per failed backup domain and update DR scorecard.",
"acceptance": "No unknown backup target; failures name the domain, age, SLA, owner, evidence and safe next action.",
"completion_percent": 78,
"implementation_progress": "The 110/188 backup heartbeat, Gitea full-dump isolated restore, private bundle off-host copy, sample restore, Velero missed-run backfill and Prometheus alert slice are live green.",
"evidence_refs": ["110 backup 13/13", "188 backup 4/4", "Gitea dump CRC and inventory 15/15", "Gitea product bundles and remote SHA-256 12/12 on 188", "Velero backfill job succeeded", "Prometheus source/canonical/active/runtime SHA matched", "Backup/Gitea non-inactive alerts 0"],
"next_action": "Merge and deploy the source branch through Gitea, then complete the remaining DB, registry, package, tool, log and AI-artifact restore-receipt matrix."
},
{
"id": "AG99-P0-013",
"order": 13,
"priority": "P0",
"status": "in_progress",
"title": "All-host performance AIOps and safe load shedding",
"owner_lane": "performance_aiops",
"dependencies": ["AG99-P0-001", "AG99-P0-005", "AG99-P0-011"],
"scope_refs": ["all:hosts", "all:services", "host:110", "host:188"],
"problem": "110 and 188 have recurring pressure, some readbacks are empty, and one-time load drops are treated as closure without causal proof.",
"trigger": "Sustained CPU, memory, disk, IO, queue or database threshold breach, or a performance readback failure.",
"ai_role": "Performance diagnostician and load-shed controller",
"action_mode": "controlled_apply",
"evidence_sources": ["CPU per core", "memory", "disk", "IO", "process and container attribution", "DB queries", "queue", "backup and crawler schedules"],
"controlled_actions": ["throttle allowlisted batch work", "pause duplicate jobs", "apply existing resource limits", "resume after verifier"],
"prohibited_actions": ["kill unknown process", "restart stateful service generically", "emit empty-value alerts"],
"rollback": "Restore prior quotas or resume paused jobs after health and queue checks.",
"verifier": "Sustained observation window plus service SLO, queue, data freshness and process attribution.",
"callback": "Update performance incident and Telegram only on state change or action result.",
"acceptance": "Pressure is attributed, safely reduced and stays within threshold without service or freshness regression.",
"next_action": "Fix perf readback failures and complete 110/188 process, DB and backup/crawler correlation."
},
{
"id": "AG99-P0-014",
"order": 14,
"priority": "P0",
"status": "in_progress",
"title": "Gitea, Harbor, Registry, Gitea-only CD and complete DR",
"owner_lane": "source_control_registry_cd_dr",
"dependencies": ["AG99-P0-005", "AG99-P0-006", "AG99-P0-012"],
"scope_refs": ["host:110", "all:products", "surface:gitea", "surface:harbor", "surface:registry"],
"problem": "Repository refs are currently present, but complete Gitea state, registry, runner/CD and full restore coverage must be proven continuously.",
"trigger": "SCM, registry or CD health failure; scheduled backup/restore audit; repository visibility complaint; release drift.",
"ai_role": "SCM, registry and release recovery engineer",
"action_mode": "controlled_apply",
"evidence_sources": ["Gitea SSH refs", "main and dev branches", "Gitea full dump", "DB settings issues packages LFS", "Harbor manifest", "runner queue", "deploy marker", "sample restore"],
"controlled_actions": ["repair stateless exporter", "queue bounded runner action", "verify repository and registry", "perform isolated restore dry run"],
"prohibited_actions": ["create replacement repo to hide loss", "change visibility", "force push", "restore production", "use GitHub"],
"rollback": "Restore previous runner/CD config and keep registry/source incident open; never rewrite repository history.",
"verifier": "All expected repos and refs, full dump components, registry artifacts, CD run and runtime markers read back successfully.",
"callback": "Update source-control, release and DR scorecards with one trace.",
"acceptance": "All 12 products have source and release proof and the platform can be reconstructed in isolation from verified backups.",
"completion_percent": 72,
"implementation_progress": "Gitea full dump and off-host private bundle restore-confidence are live verified; Harbor/Registry artifacts, runner/CD and complete platform reconstruction remain open.",
"evidence_refs": ["Gitea full dump 6928031514 bytes", "regular repository inventory 15/15", "product bundle manifest 12/12", "188 sample clone and fsck passed"],
"next_action": "Merge/deploy the Gitea DR source, then add Harbor/Registry artifact restore receipts and runner/CD/runtime-marker reconstruction proof."
},
{
"id": "AG99-P1-001",
"order": 15,
"priority": "P1",
"status": "planned",
"title": "Model-backed planner, reviewer and tool loop",
"owner_lane": "agent_ai_runtime",
"dependencies": ["AG99-P0-004", "AG99-P0-005"],
"scope_refs": ["platform:OpenClaw", "platform:Hermes", "platform:NemoTron", "platform:ElephantAlpha", "platform:Ollama"],
"action_mode": "shadow_then_canary",
"verifier": "Replay, shadow agreement, unsafe-action rejection, canary success and cost/latency limits.",
"acceptance": "The planner emits structured allowlisted tool plans with evidence, risk, rollback and verifier, and cannot bypass policy.",
"next_action": "Define planner tool schema and replay corpus from verified incidents."
},
{
"id": "AG99-P1-002",
"order": 16,
"priority": "P1",
"status": "planned",
"title": "PlayBook trust, promotion and recurrence prevention",
"owner_lane": "knowledge_governance",
"dependencies": ["AG99-P0-006", "AG99-P1-001"],
"scope_refs": ["platform:KM", "platform:RAG", "platform:MCP", "platform:PlayBook"],
"action_mode": "controlled_apply",
"verifier": "Trust score is derived from replay, execution, rollback, recurrence and human override receipts.",
"acceptance": "Repeated incidents promote verified automation or create a permanent-fix work item; failed playbooks are demoted automatically.",
"next_action": "Define trust and promotion schema with minimum replay/shadow/canary evidence."
},
{
"id": "AG99-P1-003",
"order": 17,
"priority": "P1",
"status": "planned",
"title": "Human-readable Traditional Chinese Telegram incident cards",
"owner_lane": "telegram_incident_experience",
"dependencies": ["AG99-P0-006"],
"scope_refs": ["surface:Telegram", "all:incidents"],
"action_mode": "controlled_apply",
"verifier": "Message snapshot tests, duplicate suppression, state-change delivery and evidence-link checks.",
"acceptance": "Every card explains impact, AI action, verified result and next step in Traditional Chinese; charts or screenshots are attached when they improve understanding.",
"next_action": "Replace raw technical completion messages with one lifecycle card per incident state change."
},
{
"id": "AG99-P1-004",
"order": 18,
"priority": "P1",
"status": "planned",
"title": "Agent99 desktop, Telegram and API command surfaces",
"owner_lane": "agent99_operator_experience",
"dependencies": ["AG99-P0-003", "AG99-P0-006"],
"scope_refs": ["host:99", "surface:Telegram", "surface:Agent99 desktop"],
"action_mode": "controlled_apply",
"verifier": "The same request has identical policy, trace, execution and result across all command surfaces.",
"acceptance": "Operators can issue natural-language tasks without Codex quota and cannot escape allowlisted tools or audit.",
"next_action": "Unify Submit Request, Telegram and API behind the authenticated task schema."
},
{
"id": "AG99-P1-005",
"order": 19,
"priority": "P1",
"status": "planned",
"title": "AWOOOI, AwoooP and IWOOOS product integration",
"owner_lane": "platform_product_integration",
"dependencies": ["AG99-P0-006", "AG99-P1-002"],
"scope_refs": ["platform:AWOOOI", "platform:AwoooP", "platform:IWOOOS", "platform:AISOC"],
"action_mode": "controlled_apply",
"verifier": "Runs, Work Items, Incidents, Observability and Knowledge show the same asset ids, owners, states and next actions.",
"acceptance": "No remediation exists only in Telegram or Windows files; all lifecycle assets are visible and queryable in the products.",
"next_action": "Add shared incident/run/work-item/asset projections and deep links."
},
{
"id": "AG99-P1-006",
"order": 20,
"priority": "P1",
"status": "planned",
"title": "Tool, package, image and model lifecycle governance",
"owner_lane": "supply_chain_governance",
"dependencies": ["AG99-P0-010", "AG99-P0-014"],
"scope_refs": ["all:tools", "all:packages", "all:container_images", "all:ai_models"],
"action_mode": "observe_then_controlled_apply",
"verifier": "Version, digest, SBOM, CVE, EOL, compatibility, rollback and runtime readback per managed artifact.",
"acceptance": "Drift and vulnerable or unsupported artifacts are visible, prioritized and updated only through canary and rollback-aware plans.",
"next_action": "Build package-domain inventory and freshness policy without automatic major upgrades."
},
{
"id": "AG99-P1-007",
"order": 21,
"priority": "P1",
"status": "planned",
"title": "AISOC security triage and controlled response",
"owner_lane": "iwooos_aisoc",
"dependencies": ["AG99-P0-003", "AG99-P0-011", "AG99-P1-001"],
"scope_refs": ["host:112", "platform:IWOOOS", "platform:AISOC", "all:security_signals"],
"action_mode": "observe_then_controlled_apply",
"verifier": "Evidence integrity, rule/model agreement, containment scope, rollback and service impact checks.",
"acceptance": "Security incidents receive evidence-backed triage and safe containment candidates without autonomous attack scans or credential actions.",
"next_action": "Map IWOOOS/Wazuh signal taxonomy to the shared incident and candidate schema."
},
{
"id": "AG99-P1-008",
"order": 22,
"priority": "P1",
"status": "planned",
"title": "Automation metrics, incident reporting and permanent fixes",
"owner_lane": "agentops_reporting",
"dependencies": ["AG99-P0-006", "AG99-P1-002", "AG99-P1-005"],
"scope_refs": ["all:incidents", "all:work_items", "platform:AgentOps"],
"action_mode": "observe",
"verifier": "Counts reconcile with event and verifier receipts; reports distinguish current, resolved, failed, avoided and recurrent problems.",
"acceptance": "Daily, incident and weekly reports expose MTTA, MTTR, SLO, recurrence, false positives, coverage and human intervention.",
"next_action": "Define counters and report schema from canonical event and verifier data."
},
{
"id": "AG99-P2-001",
"order": 23,
"priority": "P2",
"status": "planned",
"title": "Cold-start, restore and chaos game days",
"owner_lane": "resilience_engineering",
"dependencies": ["AG99-P0-007", "AG99-P0-012", "AG99-P1-008"],
"scope_refs": ["all:hosts", "all:products", "all:backup_domains"],
"action_mode": "isolated_then_controlled_apply",
"verifier": "Preflight, abort criteria, SLO timing, rollback and post-drill data integrity.",
"acceptance": "Recovery claims are proven by scheduled isolated drills and explicitly approved production game days.",
"next_action": "Create isolated drill calendar and evidence templates."
},
{
"id": "AG99-P2-002",
"order": 24,
"priority": "P2",
"status": "planned",
"title": "Capacity, cost and model quality optimization",
"owner_lane": "capacity_finops_agentops",
"dependencies": ["AG99-P0-013", "AG99-P1-001", "AG99-P1-008"],
"scope_refs": ["all:hosts", "all:models", "all:automation_lanes"],
"action_mode": "observe_then_controlled_apply",
"verifier": "Capacity headroom, service SLO, automation success, model quality, latency and approved cost limits.",
"acceptance": "Resource and model routing changes improve measured outcomes without hidden provider or cost changes.",
"next_action": "Establish baselines before any optimization action."
},
{
"id": "AG99-P2-003",
"order": 25,
"priority": "P2",
"status": "planned",
"title": "Controlled GUI, VM Console and browser automation",
"owner_lane": "agent99_desktop_automation",
"dependencies": ["AG99-P0-003", "AG99-P0-008", "AG99-P1-004"],
"scope_refs": ["host:99", "surface:VMware Console", "surface:Windows desktop", "surface:browser"],
"action_mode": "controlled_apply",
"verifier": "App identity, allowed action, before/after screenshot, target-state readback and rollback.",
"acceptance": "GUI automation is used only where no reliable API or CLI exists and remains fully policy-bound and auditable.",
"next_action": "Define an allowlisted desktop tool catalog and screenshot evidence contract."
}
],
"summary": {
"host_count": 7,
"product_count": 12,
"public_surface_count": 23,
"work_item_count": 25,
"p0_count": 14,
"p1_count": 8,
"p2_count": 3,
"in_progress_count": 5,
"in_progress_blocked_count": 3,
"planned_count": 16,
"complete_count": 1,
"current_p0_count": 1
},
"next_execution_order": [
"AG99-P0-002",
"AG99-P0-003",
"AG99-P0-004",
"AG99-P0-005",
"AG99-P0-006",
"AG99-P0-007",
"AG99-P0-008",
"AG99-P0-009",
"AG99-P0-010",
"AG99-P0-011",
"AG99-P0-012",
"AG99-P0-013",
"AG99-P0-014"
]
}