From 57ed859e969e005ea95af55e5ea42fd9c393760d Mon Sep 17 00:00:00 2001 From: Codex Date: Sun, 28 Jun 2026 10:06:24 +0000 Subject: [PATCH] docs: update web sentinel post-task guidance --- .agents/skills/unidesk-monitor/SKILL.md | 20 +++++------ .../skills/unidesk-monitor/references/full.md | 36 +++++++++++-------- 2 files changed, 31 insertions(+), 25 deletions(-) diff --git a/.agents/skills/unidesk-monitor/SKILL.md b/.agents/skills/unidesk-monitor/SKILL.md index 280f2bf4..8d430769 100644 --- a/.agents/skills/unidesk-monitor/SKILL.md +++ b/.agents/skills/unidesk-monitor/SKILL.md @@ -23,16 +23,16 @@ description: UniDesk monitoring and Web sentinel operations. Use when working on ## Quick Commands ```bash -bun scripts/cli.ts web-probe sentinel status --node D601 --lane v03 -bun scripts/cli.ts web-probe sentinel status --node D601 --lane v03 --sentinel -bun scripts/cli.ts web-probe sentinel control-plane status --node D601 --lane v03 --sentinel -bun scripts/cli.ts web-probe sentinel validate --node D601 --lane v03 --sentinel -bun scripts/cli.ts web-probe sentinel dashboard verify --node D601 --lane v03 --sentinel -bun scripts/cli.ts web-probe sentinel dashboard screenshot --node D601 --lane v03 --sentinel -bun scripts/cli.ts web-probe sentinel report --node D601 --lane v03 --sentinel --latest --view summary -bun scripts/cli.ts web-probe sentinel control-plane trigger-current --node D601 --lane v03 --sentinel --confirm -trans D601:k3s kubectl -n get cronjob -l app.kubernetes.io/component=cadence-scheduler -trans D601:k3s kubectl -n create job --from=cronjob/ +bun scripts/cli.ts web-probe sentinel status --node --lane +bun scripts/cli.ts web-probe sentinel status --node --lane --sentinel +bun scripts/cli.ts web-probe sentinel control-plane status --node --lane --sentinel +bun scripts/cli.ts web-probe sentinel validate --node --lane --sentinel +bun scripts/cli.ts web-probe sentinel dashboard verify --node --lane --sentinel +bun scripts/cli.ts web-probe sentinel dashboard screenshot --node --lane --sentinel +bun scripts/cli.ts web-probe sentinel report --node --lane --sentinel --latest --view summary +bun scripts/cli.ts web-probe sentinel control-plane trigger-current --node --lane --sentinel --confirm +trans :k3s kubectl -n get cronjob -l app.kubernetes.io/component=cadence-scheduler +trans :k3s kubectl -n create job --from=cronjob/ ``` For k3s cadence validation, first use the controlled control-plane status/trigger commands, then inspect the rendered CronJob in the target k3s namespace. Manual `kubectl create job --from=cronjob/...` is validation evidence only; persistent cadence changes must be made through YAML/GitOps and redeployed. diff --git a/.agents/skills/unidesk-monitor/references/full.md b/.agents/skills/unidesk-monitor/references/full.md index 7bd61730..7af97c1f 100644 --- a/.agents/skills/unidesk-monitor/references/full.md +++ b/.agents/skills/unidesk-monitor/references/full.md @@ -5,43 +5,43 @@ Primary registry: ```bash -bun scripts/cli.ts web-probe sentinel status --node D601 --lane v03 +bun scripts/cli.ts web-probe sentinel status --node --lane ``` -Known D601/v03 sentinel ids: +Known sentinel ids vary by node/lane and must come from YAML. Common `v03` examples include: - `workbench-dsflash-go-tool-call-10x` - `workbench-auth-session-switch-2users` +- `workbench-fake-echo-session-invariance-10x` - `mdtodo-visual-regression` Per-sentinel drill-down: ```bash -bun scripts/cli.ts web-probe sentinel status --node D601 --lane v03 --sentinel -bun scripts/cli.ts web-probe sentinel control-plane status --node D601 --lane v03 --sentinel +bun scripts/cli.ts web-probe sentinel status --node --lane --sentinel +bun scripts/cli.ts web-probe sentinel control-plane status --node --lane --sentinel ``` Freshness-only check: ```bash -bun scripts/web-probe-sentinel-scheduler.ts run --node D601 --lane v03 --sentinel --stale-multiplier 1 --dry-run +bun scripts/web-probe-sentinel-scheduler.ts run --node --lane --sentinel --stale-multiplier 1 --dry-run ``` -Host timer installation/status: +Cadence/runtime validation is k3s-first: ```bash -bun scripts/web-probe-sentinel-scheduler.ts status-systemd --node D601 --lane v03 -bun scripts/web-probe-sentinel-scheduler.ts install-systemd --node D601 --lane v03 --confirm -bun scripts/web-probe-sentinel-scheduler.ts status-systemd --node D601 --lane v03 --sentinel +trans :k3s kubectl -n get cronjob -l app.kubernetes.io/component=cadence-scheduler +trans :k3s kubectl -n create job --from=cronjob/ ``` -Without `--sentinel`, `status-systemd` and `install-systemd` enumerate every enabled sentinel from the YAML registry and manage independent per-sentinel timers. Use this when a sentinel's latest run is stale: a missing timer is a runtime defect even if `run --dry-run` can enumerate the sentinel and mark it due. +Host `systemd` timer commands are legacy diagnostics only. Enabled HWLAB Web sentinels must run from target node/lane k3s CronJob/GitOps. If a sentinel's latest run is stale, first compare YAML cadence, latest run age and rendered CronJob state for that sentinel; a missing or stale CronJob is a runtime defect even if the dry-run scheduler can enumerate the sentinel and mark it due. Dashboard render and screenshot verification: ```bash -bun scripts/cli.ts web-probe sentinel dashboard verify --node D601 --lane v03 --sentinel -bun scripts/cli.ts web-probe sentinel dashboard screenshot --node D601 --lane v03 --sentinel +bun scripts/cli.ts web-probe sentinel dashboard verify --node --lane --sentinel +bun scripts/cli.ts web-probe sentinel dashboard screenshot --node --lane --sentinel ``` The screenshot command runs through the selected node/lane remote browser and downloads the PNG artifact to the caller's `/tmp` by default. Closeout evidence should cite `localPath`, `sha256`, page HTTP status, selected DOM summary fields and `layout.horizontalOverflow` / `overflowCount`; do not replace this with a local browser screenshot or ad-hoc `web-probe script` when the sentinel command can cover the page. @@ -53,14 +53,15 @@ Use the freshness-only `--dry-run` scheduler command when the question is only " Report drill-down: ```bash -bun scripts/cli.ts web-probe sentinel report --node D601 --lane v03 --sentinel --latest --view summary -bun scripts/cli.ts web-probe sentinel report --node D601 --lane v03 --sentinel --latest --view findings -bun scripts/cli.ts web-probe sentinel report --node D601 --lane v03 --sentinel --run --view trace-frame +bun scripts/cli.ts web-probe sentinel report --node --lane --sentinel --latest --view summary +bun scripts/cli.ts web-probe sentinel report --node --lane --sentinel --latest --view findings +bun scripts/cli.ts web-probe sentinel report --node --lane --sentinel --run --view trace-frame ``` Public dashboard paths: - `https://monitor.pikapython.com/` +- `https://monitor.pikapython.com/sentinels/d518-workbench-dsflash-go-tool-call-10x/` - `https://monitor.pikapython.com/sentinels/workbench-auth-session-switch-2users/` Direct API probes for shell/API/render separation: @@ -79,12 +80,15 @@ Use `web-probe script` with explicit `page.goto("https://monitor.pikapython.com/ Root registry: - `config/hwlab-node-lanes.yaml#lanes.v03.targets.D601.observability.webProbe.sentinels` +- `config/hwlab-node-lanes.yaml#lanes.v03.targets.D518.observability.webProbe.sentinels` Per-sentinel management YAML: - `config/hwlab-web-probe-sentinels/d601-v03/workbench-dsflash-go-tool-call-10x.yaml#sentinel` - `config/hwlab-web-probe-sentinels/d601-v03/workbench-auth-session-switch-2users.yaml#sentinel` - `config/hwlab-web-probe-sentinels/d601-v03/mdtodo-visual-regression.yaml#sentinel` +- `config/hwlab-web-probe-sentinels/d518-v03/workbench-dsflash-go-tool-call-10x.yaml#sentinel` +- `config/hwlab-web-probe-sentinels/d518-v03/workbench-fake-echo-session-invariance-10x.yaml#sentinel` Typical config refs: @@ -127,6 +131,8 @@ If `origin/master` advances while rolling out a sentinel, first classify the new Source mirror readiness must be proven by the internal mirror object/read probe for the expected commit. A GitHub/source head check alone is not sufficient evidence to skip source sync, because it does not prove the k3s publish job can fetch the object from the node-local mirror. +If the internal mirror branch is ahead of the expected commit, status may still be ready only when the expected object exists and `expected` is an ancestor of the mirror branch tip. Treat that as `mirror-ahead`, not as a source blocker. An exact SHA match is sufficient but not required during parallel master advancement. + Dashboard aggregate counters may include historical runs only when the UI labels that scope explicitly. They must not sit beside a latest-run chart or selected-run check list without a scope label. If trend, run detail and check list disagree, first identify whether each number is a type count, sample count or historical aggregate before changing code. For Code Agent multi-round quick-verify, accept the latest run's `turn-summary` / `trace-frame` plus `blockingFindingCount=0` and `controlFindingCount=0`. Analyzer red findings about hydration, API-to-DOM lag or timing drift are investigation evidence unless they coincide with missing durable turns/final responses, failed submit/login/auth, broken continuity, absent report or unavailable user path.