feat(mcp): expose safe federation readback
This commit is contained in:
@@ -1,8 +1,17 @@
|
||||
# PChome 業績成長自動化作戰系統 — AI 競價情報模組 Single Source of Truth
|
||||
|
||||
> **最後更新**: 2026-07-15 (台北時間)
|
||||
> **狀態**: 🟠 Partial。V10.795 已把 PChome TOP50 比價主指標改為業績加權覆蓋、建立 MOMO 同商品 controlled apply 與 durable receipt/post-verifier,並以報表到檔 SLA 取代午夜切日造成的誤判;production 桌機/手機可見驗證已通過。目前業績覆蓋為 40%,但仍有 45/50 商品未形成正式同商品證據、外部平台 runtime 僅 1/15。SEC-P0-001 已完成 production closure,SEC-P0-002 維持 production hybrid canary-ready;full asset reconciliation、software supply chain、統一 controlled-apply envelope、restore drill、internal RAG canary 與 MCP/RAG runtime closure 尚未全部完成。任何局部 receipt 不得代表整體閉環完成。
|
||||
> **適用版本**: V10.795
|
||||
> **狀態**: 🟠 Partial。V10.796 source 新增 EwoooC / MOMO 兩個 canonical product 的公開唯讀 MCP/RAG aggregate receipt,但 production 部署與 AWOOOI durable federation readback 尚待同一 release 驗證;目前 production 仍以 V10.795 runtime truth 為準。V10.795 已把 PChome TOP50 比價主指標改為業績加權覆蓋、建立 MOMO 同商品 controlled apply 與 durable receipt/post-verifier,並以報表到檔 SLA 取代午夜切日造成的誤判;production 桌機/手機可見驗證已通過。目前業績覆蓋為 40%,但仍有 45/50 商品未形成正式同商品證據、外部平台 runtime 僅 1/15。SEC-P0-001 已完成 production closure,SEC-P0-002 維持 production hybrid canary-ready;full asset reconciliation、software supply chain、統一 controlled-apply envelope、restore drill、internal RAG canary 與 MCP/RAG runtime closure 尚未全部完成。任何局部 receipt 不得代表整體閉環完成。
|
||||
> **適用版本**: V10.796 source;production runtime 需由 `/health` 與 federation post-verifier 另行確認
|
||||
|
||||
---
|
||||
|
||||
## 零之負三、AWOOOI MCP federation 公開唯讀契約(V10.796 source)
|
||||
|
||||
- 新增 `/api/public/mcp-federation-readback`,只輸出 `ewoooc` 與 `momo-pro-system` 兩個 canonical identity 的 aggregate metadata;既有需要登入的 AI automation API 不放寬權限。
|
||||
- 每個 product receipt 僅包含 runtime version/health、MCP server IDs 與 counts、pgvector embedding metadata、PixelRAG platform/stage、blockers、Asia/Taipei timestamp,以及可由接收端重算的 SHA-256 fingerprint;不輸出 endpoint URL、tool registry、credential、request/response body、tool output、RAG 內容或正式商品價格。
|
||||
- operation boundary 固定為唯讀:不得 network call、DB write、secret read、external tool call、RAG write 或 production price write。PixelRAG 仍只允許 visual evidence receipt,不得直接寫正式價差或 `ai_insights`。
|
||||
- receipt 會誠實揭露 `:latest` embedding model 等 immutable supply-chain 缺口;本次 source/test 綠燈不代表 production 已部署,也不代表 `MCP-P0-001`、`RAG-P0-001` 或 12 產品 federation 已完成。
|
||||
|
||||
---
|
||||
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
| 6 | `GOV-P0-001` | In progress | Canonical full asset graph + runtime reconciliation | `governance/ewoooc_asset_inventory.json` seeds hosts, services, data, AI, routes, supply chain, observability and recovery. Exit: same-run probe receipt for every asset; drift auto-creates work items. |
|
||||
| 7 | `GOV-P0-002` | Not started | Unified controlled-apply envelope | Introduce one `trace_id/run_id/work_item_id` across sensor, identity, SOT diff, decision, risk, dry-run, execution, verifier, rollback/retry and learning acknowledgement. Start with EventRouter + AutoHeal. |
|
||||
| 8 | `RAG-P0-001` | Not started | Internal RAG candidate canary | V10.770 stops at candidate preview. Exit: bounded pgvector candidate canary, signature/readback/feedback receipt, no price write and no premature `ai_insights` promotion. Next: `run_internal_rag_candidate_canary`. |
|
||||
| 9 | `MCP-P0-001` | In progress | MCP/RAG production runtime closure | Registry and smoke wiring exist, but runtime flags/ports must be live. Exit: MCP servers healthy, router enabled, RAG enabled, approved caller/tool boundary and production query canary pass. |
|
||||
| 9 | `MCP-P0-001` | In progress (`federation_source_ready`) | MCP/RAG production runtime closure | V10.796 source adds a strict public aggregate receipt for canonical `ewoooc` and `momo-pro-system` identities without opening authenticated internal APIs or exposing endpoint/tool payload data. Exit still requires V10.796 production `/health`, two fresh AWOOOI durable receipts with fingerprint recompute, live MCP servers/router/RAG, approved caller/tool boundary and production query canary. Current source readiness must not be reported as runtime closure. |
|
||||
| 10 | `SEC-P0-004` | Not started | Security operations lifecycle and metrics | Add durable security incident state and publish MTTA, MTTR, recurrence, false positive, human intervention, verifier pass, rollback and freshness. Exit: detect-to-learn production receipt. |
|
||||
| 11 | `REL-P0-001` | In progress | Formal deploy and visible proof discipline | Gitea runtime source is main `11d3865dfc15f8b52909ac853c7177a19fa7d5ee`; dev carries the same runtime changes through `fa94c31`. Action #1127 is waiting because no matching `ewoooc-host` runner is online, so it provides no execution evidence. A bounded exact-Git-object fallback deployed V10.795 after 10/10 staging and target SHA-256 checks; archive SHA-256 is `eb3f8618fb4a151e1e96671b0c16aefc35d561529cfc9e8a1fca4f14cca05217` and rollback backup is `/home/ollama/momo-deploy-backups/ewoooc-20260714T174327Z-11d3865`. Production `/health` is healthy at V10.795; all three application containers are healthy and retain their expected identities; `momo-db` remained running and unchanged at `cd092451cb5fd555d0ffff70642e109f3b742882c418beeab631793d1e9dc55d`. Desktop/mobile visible QA confirms the SLA label, 40% revenue KPI and no horizontal overflow. Next: restore the dedicated runner and require commit-bound automated CD/post-verifier proof for subsequent runtime changes. |
|
||||
|
||||
|
||||
Reference in New Issue
Block a user