test: record issue 9 user service artifact gaps
This commit is contained in:
@@ -14,6 +14,7 @@ This matrix closes the current review pass for the `decision-center`, `mdtodo`,
|
||||
| Project-manager registry probe | `deploy.json` wants `0c3cdb4ee06a23361ed511a2da033d67b53d16f4`; `config.json` still records runtime commit `a278de032d5cdb91010466ac1e2183c79026550d`; remote registry HEAD for `127.0.0.1:5000/unidesk/project-manager:0c3cdb4ee06a23361ed511a2da033d67b53d16f4` returned 404, so no digest is available yet. | The producer and consumer contract is wired, but the desired artifact is still missing. | Publish the desired artifact before any live dev or prod apply. |
|
||||
| Dev service catalog | `decision-center-dev` exists in k3s, while `mdtodo-dev` and `claudeqq-dev` do not. The adapter public catalog did not expose the dev aliases during this pass. | Dev promotion cannot be claimed for `mdtodo` or `claudeqq`; `decision-center-dev` is reachable through direct k3s service proxy only. | Publish artifacts first, then create/verify dev consumers and register dev aliases where intended. |
|
||||
| Frontend closure contract | `bun scripts/frontend-artifact-lane-contract-test.ts` is the standard lightweight contract for the frontend artifact sample. | Frontend lane evidence is now repeatable without live deploy, publish, service restart, or Playwright. | Keep the contract green whenever frontend deploy.json, health metadata, artifact digest, producer preflight, or CD dry-run shape changes. |
|
||||
| User-service gap contract | `bun scripts/issue-9-user-service-artifact-gap-contract-test.ts` normalizes `mdtodo`, `claudeqq` and `todo-note` with `desiredCommit`, `runtimeCommit`, `artifactExists`, `devStatus`, `prodStatus`, `blockedScopes` and `recommendedAction`. | The remaining gap surface is repeatable from `deploy.json`, `CI.json` and local artifact-registry dry-runs without publish, deploy, service restart, or full check/e2e. | Keep the contract green when desired commits, producer metadata, consumer targets or next-hop classifications change. |
|
||||
|
||||
## Service Matrix
|
||||
|
||||
@@ -26,6 +27,26 @@ This matrix closes the current review pass for the `decision-center`, `mdtodo`,
|
||||
| `project-manager` | `127.0.0.1:5000/unidesk/project-manager:0c3cdb4ee06a23361ed511a2da033d67b53d16f4`; registry HEAD returned 404, so no digest was available. Current runtime registry commit in `config.json` is `a278de032d5cdb91010466ac1e2183c79026550d`. | Main-server Compose artifact consumer. CI producer is UniDesk source-build from `src/components/microservices/project-manager/Dockerfile`. | `deploy plan --env dev --service project-manager` resolves the same no-build main-server Compose path; no live dev apply was attempted because the desired artifact is absent. | `deploy plan --env prod --service project-manager --dry-run` resolves the same main-server Compose consumer and health contract, but live prod apply remains blocked until the artifact exists and `/health` can report `deploy.commit` / `deploy.requestedCommit`. | Partial. The source and consumer contract are in place; the registry artifact is not. | Publish `0c3cdb4ee06a23361ed511a2da033d67b53d16f4` to the D601 registry, then run dev and prod artifact-consumer verification. |
|
||||
| `frontend` | `127.0.0.1:5000/unidesk/frontend:b5486a61ab0aa6c227366a95d1afa68281584359`, registry v2 manifest digest `sha256:76d7c47e797605470959ca2274f116149bdc367e6fa155913d19f42516e5b9e4`. | CI producer is `ci publish-user-service` from `src/components/frontend/Dockerfile`. Dev CD is D601 native k3s `frontend-dev`; prod CD is master-server Compose `frontend` / `unidesk-frontend`; both are pull-only artifact consumers. | Public dev `http://74.48.78.17:18083/health` reports `ok=true`, `environment=dev`, `namespace=unidesk-dev`, and deploy commit/requestedCommit `b5486a61ab0aa6c227366a95d1afa68281584359`. | Public prod `http://74.48.78.17:18081/health` reports `ok=true` and deploy commit/requestedCommit `b5486a61ab0aa6c227366a95d1afa68281584359`. Remote `ci publish-user-service --service frontend --commit b5486... --dry-run` reports `runnerDisposition=ready`, all control channels ready, and no missing control channels. | Complete for CI/CD contract. Dev/prod desired and live commit match the artifact; CD dry-runs are non-mutating and no-build. | Remaining UI route acceptance is a manual product/UI gate and is independent of CI/CD artifact correctness. |
|
||||
|
||||
## Normalized Gap Matrix
|
||||
|
||||
Focused read-only evidence for this refresh:
|
||||
|
||||
- remote `microservice status` and `microservice health` for `mdtodo`, `claudeqq` and `todo-note`;
|
||||
- D601 registry v2 manifest `HEAD` against each desired tag, all returning 404;
|
||||
- `deploy plan --env dev|prod --service <id>` and `artifact-registry deploy-service --env dev|prod --service <id> --commit <desiredCommit> --dry-run`, all resolving no-build artifact consumers.
|
||||
|
||||
| Service | desiredCommit | runtimeCommit | artifactExists | devStatus | prodStatus | blockedScopes | recommendedAction |
|
||||
| --- | --- | --- | --- | --- | --- | --- | --- |
|
||||
| `mdtodo` | `75fb6757b2504ba86d61f2587fb34a9c9ed4019a` | `75fb6757b2504ba86d61f2587fb34a9c9ed4019a` from prod Deployment annotations; `/health` is ok but has no deploy metadata | `false` | `missing-dev-service` | `healthy-prod-annotation-aligned` | `registry-artifact`, `dev-service`, `health-deploy-metadata` | Publish the desired artifact, create/verify `unidesk-dev/mdtodo-dev`, then run focused dev smoke before deciding whether prod needs replacement. |
|
||||
| `claudeqq` | `203b1f46684c91340ecbbd8a74502bd55e4f2011` | `203b1f46684c91340ecbbd8a74502bd55e4f2011` from prod `/health.deploy.commit` and `/health.deploy.requestedCommit` | `false` | `missing-dev-service` | `healthy-prod-health-aligned-event-api-unverified` | `registry-artifact`, `dev-service`, `event-api-surface` | Publish the desired artifact, create/verify `unidesk-dev/claudeqq-dev`, then resolve or document the event API paths before prod artifact replacement. |
|
||||
| `todo-note` | `a14ce0eb855a685fa17b47adacd54623e72cd2ff` | `null`; prod health and container labels do not expose source commit | `false` | `consumer-plan-only-no-live-dev` | `healthy-behavior-no-commit-proof` | `registry-artifact`, `runtime-commit-proof`, `health-deploy-metadata` | Publish the desired artifact, then use the no-build Compose artifact consumer to recreate only `todo-note` and verify image labels plus health deploy metadata. |
|
||||
|
||||
Repeatable contract:
|
||||
|
||||
```bash
|
||||
bun scripts/issue-9-user-service-artifact-gap-contract-test.ts
|
||||
```
|
||||
|
||||
## Execution Decision
|
||||
|
||||
No live deployment or publish was executed in this pass.
|
||||
|
||||
@@ -260,10 +260,10 @@ This matrix describes the next promotion stage after dry-run coverage is in plac
|
||||
| `baidu-netdisk` | `master` | source-build supported | dev + prod artifact consumer | pull-only dev validation is diagnosable through `runtimeSecrets.secretSource`, `requiredSecretsPresent`, `missingSecretKeys` and `recommendedAction`; live dev apply waits for the secret source condition | prod artifact and health are aligned; further prod action is only focused post-apply proxy/auth verification after operator approval | canonical Compose env secret source and `/health.auth` gate; no manual secret operation in worker tasks | `GPT-5.5` |
|
||||
| `project-manager` | `master` | source-build supported | dev + prod artifact consumer | dev artifact validation with `/api/projects` | prod artifact validation with live commit proof | none beyond standard artifact/CD checks | `MiniMax` for dry-run/reporting, `GPT-5.5` for release sign-off |
|
||||
| `oa-event-flow` | `master` | source-build supported | dev + prod artifact consumer | dev artifact validation with `/api/diagnostics` | prod artifact validation with live commit proof | none beyond standard artifact/CD checks | `MiniMax` for dry-run/reporting, `GPT-5.5` for release sign-off |
|
||||
| `todo-note` | `master` | external source-build supported | dev + prod artifact consumer | dev recreate with PostgreSQL-backed deploy metadata | prod recreate with matching `deploy.commit` and `deploy.requestedCommit` | external repo fetch and runtime metadata consistency | `DeepSeek` for digesting external-source evidence, `GPT-5.5` for final gate |
|
||||
| `todo-note` | `master` | external source-build supported | dev + prod Compose artifact consumer | consumer dry-run is ready; live dev remains blocked until the desired artifact exists | prod behavior is healthy, but runtime commit proof is absent until the no-build recreate lands image labels and health deploy metadata | registry artifact, runtime commit proof and health deploy metadata | `DeepSeek` for digesting external-source evidence, `GPT-5.5` for final gate |
|
||||
| `decision-center` | `master` | source-build supported | dev + prod k3s consumer closed when desired/live/artifact commit match and dry-run stays no-build | dev artifact CD closed; remaining dev acceptance is focused record CRUD, diary lifecycle, doc-number uniqueness and frontend visibility | prod artifact CD closed; remaining prod acceptance is manual UI/product verification after health/live commit proof | doc-management completeness, PostgreSQL truth and UI acceptance; no deployment drift when desired/live/artifact are aligned | `GPT-5.5` |
|
||||
| `mdtodo` | `master` | source-build supported | dev + prod k3s consumer | dev rollout with deployment metadata and `/health` or `/live` proof | prod rollout with service proxy verification and live commit proof | no NodePort/hostPort/public backend exposure | `MiniMax` for prompt prep, `GPT-5.5` for approval |
|
||||
| `claudeqq` | `master` | source-build supported | dev + prod k3s consumer | dev rollout with Deployment metadata and health via Kubernetes API proxy | prod rollout with same commit-pinned artifact contract | NapCat/backend port exposure must stay private | `MiniMax` for prompt prep, `GPT-5.5` for approval |
|
||||
| `mdtodo` | `master` | source-build supported | dev + prod k3s consumer | dev service is absent until the desired artifact is published and `unidesk-dev/mdtodo-dev` is created/verified | prod is healthy with desired Deployment annotations, but artifact and health deploy metadata are still missing | registry artifact, dev service and health deploy metadata; no NodePort/hostPort/public backend exposure | `MiniMax` for prompt prep, `GPT-5.5` for approval |
|
||||
| `claudeqq` | `master` | source-build supported | dev + prod k3s consumer | dev service is absent until the desired artifact is published and `unidesk-dev/claudeqq-dev` is created/verified | prod health reports the desired commit and NapCat login, but artifact and event API proof remain open | registry artifact, dev service, event API surface; NapCat/backend port exposure must stay private | `MiniMax` for prompt prep, `GPT-5.5` for approval |
|
||||
| `findjob` | `master` | source-build supported | dev + prod direct Compose consumer | pull-only dev validation on D601 with image labels and `/api/health` | pull-only prod recreate with live commit proof | target-side compose health/labels only, no public business ports | `DeepSeek` for dry-run matrix drafting, `GPT-5.5` for final gate |
|
||||
| `pipeline` | `master` | source-build supported | dev + prod direct Compose consumer | pull-only dev validation on D601 with image labels and `/health` | pull-only prod recreate with live commit proof | runtime contract is commit-label + compose service identity | `DeepSeek` for dry-run matrix drafting, `GPT-5.5` for final gate |
|
||||
| `met-nonlinear` | `master` | source-build supported | dev dry-run only | runtime-verification-blocked until long-running TS service image contract is fixed | not authorized | image contract mismatch between ML Dockerfile and TS runtime service | `GPT-5.5` |
|
||||
@@ -278,6 +278,14 @@ bun scripts/frontend-artifact-lane-contract-test.ts
|
||||
|
||||
The contract fixes the current sample around one artifact lane: `deploy.json` dev/prod both request the same frontend commit, `CI.json` keeps the producer as `ci publish-user-service`, the D601 registry manifest digest is recorded, dev and prod health expose matching `deploy.commit` / `deploy.requestedCommit`, `ci publish-user-service --dry-run` is ready, and both CD dry-runs are artifact consumers with no source build.
|
||||
|
||||
User-service artifact gap reviews must report the same normalized fields for each service: `desiredCommit`, `runtimeCommit`, `artifactExists`, `devStatus`, `prodStatus`, `blockedScopes` and `recommendedAction`. The issue #9 gap contract is intentionally lightweight and non-mutating:
|
||||
|
||||
```bash
|
||||
bun scripts/issue-9-user-service-artifact-gap-contract-test.ts
|
||||
```
|
||||
|
||||
The contract pins the current `mdtodo`, `claudeqq` and `todo-note` gap surface: `deploy.json` dev/prod desired commits, `CI.json` producer metadata, structured status fields and dev/prod artifact-consumer dry-runs. It does not publish artifacts, apply manifests, recreate services, restart services, run full check/e2e, or probe browser UI.
|
||||
|
||||
Planned parallelism for the next wave should be three lanes:
|
||||
|
||||
1. Lane A: `frontend`, `baidu-netdisk`, `project-manager`, `oa-event-flow`.
|
||||
|
||||
Reference in New Issue
Block a user