fix: align mdtodo artifact health metadata contract

This commit is contained in:
Codex
2026-05-21 12:58:03 +00:00
parent a9929cc3d9
commit 5ebef54936
7 changed files with 202 additions and 16 deletions
@@ -21,7 +21,7 @@ This matrix closes the current review pass for the `decision-center`, `mdtodo`,
| Service | Desired artifact | Deployment and CI shape | Dev acceptance | Prod acceptance | Ideal-state status | Blockers / next step |
| --- | --- | --- | --- | --- | --- | --- |
| `decision-center` | `127.0.0.1:5000/unidesk/decision-center:b5486a61ab0aa6c227366a95d1afa68281584359`, registry digest `sha256:55ae6b20af3b6ec88394de46678cd4ddf86c461126ee1e95e91005baf72f03ed`. Previous desired tag `54c1f8e165f90fa8509fda1f0c01f8c3fa82cbee` still exists with digest `sha256:8af6842a2a1b23bfaf6067a402821f4d0e54b76ebc24e59303c6cbefad6490d1`, but it is no longer the desired state. | k3s-managed artifact consumer on D601. CI producer is UniDesk source-build from `src/components/microservices/decision-center/Dockerfile`; CD dry-run is a no-build D601 k3s artifact consumer for dev and prod. | `unidesk-dev/decision-center-dev` is ready 1/1 and health reports `deploy.commit` / `deploy.requestedCommit` as `b5486a61ab0aa6c227366a95d1afa68281584359`, matching desired and artifact. | `unidesk/decision-center` is ready 1/1 and health reports `deploy.commit` / `deploy.requestedCommit` as `b5486a61ab0aa6c227366a95d1afa68281584359`; private proxy `/api/records?limit=1` returned 200. | Complete for artifact CD contract. Dev/prod desired, live health and registry artifact now align on `b5486a61ab0aa6c227366a95d1afa68281584359`; no deploy was needed. | Remaining work is manual UI/product acceptance only: record CRUD, diary lifecycle, doc-number uniqueness and frontend Decision Center visibility. Keep the desired-state contract green so future edits cannot reintroduce stale desired commits or source-build CD. |
| `mdtodo` | `127.0.0.1:5000/unidesk/mdtodo:75fb6757b2504ba86d61f2587fb34a9c9ed4019a`; registry HEAD returned 404, so no digest was available. | k3s-managed artifact consumer on D601. CI producer is UniDesk source-build from `src/components/microservices/mdtodo/Dockerfile`. | `unidesk-dev/mdtodo-dev` does not exist. | `unidesk/mdtodo` is ready 1/1. Deployment annotations record deploy and requested commit `75fb6757b2504ba86d61f2587fb34a9c9ed4019a`; health returned `ok=true`, and `/live` returned 200. Health does not expose deploy metadata. | Partial. Prod is healthy and annotated with the desired commit, but the desired registry artifact is absent and dev is absent. | Publish the desired artifact, add deploy metadata to health or keep strict label/annotation verification, then run dev -> focused smoke -> prod if prod replacement is still needed. |
| `mdtodo` | `127.0.0.1:5000/unidesk/mdtodo:595de3d320b73ec006794440b32db48b3ad14d2b`; registry artifact still needs publication. The previous `75fb6757b2504ba86d61f2587fb34a9c9ed4019a` target predates `mdtodo` health deploy metadata. | k3s-managed artifact consumer on D601. CI producer is UniDesk source-build from `src/components/microservices/mdtodo/Dockerfile`. | `unidesk-dev/mdtodo-dev` does not exist. | `unidesk/mdtodo` is ready 1/1 at the old annotated commit `75fb6757b2504ba86d61f2587fb34a9c9ed4019a`; health returned `ok=true`, and `/live` returned 200 during the earlier smoke. Runtime health metadata still needs proof after the new artifact is deployed. | Partial. The source/desired contract now points at a health-metadata-capable commit, but the desired registry artifact is absent, dev is absent and prod runtime is intentionally behind the new desired commit. | Publish the new desired artifact, create/verify `unidesk-dev/mdtodo-dev`, prove `/health.deploy.commit` and `/live.deploy.commit` in dev, then decide whether prod needs artifact replacement. |
| `claudeqq` | `127.0.0.1:5000/unidesk/claudeqq:203b1f46684c91340ecbbd8a74502bd55e4f2011`; registry HEAD returned 404, so no digest was available. | k3s-managed artifact consumer on D601. CI producer uses the external Gitee source plus UniDesk adapter/overlay. | `unidesk-dev/claudeqq-dev` does not exist. | `unidesk/claudeqq` is ready 1/1. Deployment annotations and `/health` report commit/requested commit `203b1f46684c91340ecbbd8a74502bd55e4f2011`; health also reports NapCat `logged_in`. Focused API probes for `/api/events/recent` and `/api/events/subscriptions` returned 404. | Partial. Prod commit alignment and health are good, but the desired registry artifact is absent, dev is absent and the expected event API surface is not verified. | Publish the desired artifact, create/verify dev, and either fix or document the current event API paths before any prod artifact replacement. |
| `todo-note` | `127.0.0.1:5000/unidesk/todo-note:a14ce0eb855a685fa17b47adacd54623e72cd2ff`; registry HEAD returned 404, so no digest was available. | Main-server Compose artifact consumer. CI producer uses the external Gitee source. CD plan is pull-only and no-build for Compose service `todo-note`, container `todo-note-backend`. | The dev/prod consumer plans resolve, but no live dev apply was attempted because the desired artifact is absent. | Runtime health returned 200 with PostgreSQL storage and running reminders. Private proxy `/api/instances` returned 200. The running container image is `unidesk-todo-note`; runtime labels do not expose `unidesk.ai/source-commit`, and health does not expose deploy metadata. | Not yet. Runtime behavior is healthy, but image digest/commit proof is missing and the desired registry artifact is absent. | Publish the desired artifact, then use the Compose artifact consumer to recreate only `todo-note` with no build/no deps and verify image labels plus health deploy metadata. |
| `project-manager` | `127.0.0.1:5000/unidesk/project-manager:0c3cdb4ee06a23361ed511a2da033d67b53d16f4`; registry HEAD returned 404, so no digest was available. Current runtime registry commit in `config.json` is `a278de032d5cdb91010466ac1e2183c79026550d`. | Main-server Compose artifact consumer. CI producer is UniDesk source-build from `src/components/microservices/project-manager/Dockerfile`. | `deploy plan --env dev --service project-manager` resolves the same no-build main-server Compose path; no live dev apply was attempted because the desired artifact is absent. | `deploy plan --env prod --service project-manager --dry-run` resolves the same main-server Compose consumer and health contract, but live prod apply remains blocked until the artifact exists and `/health` can report `deploy.commit` / `deploy.requestedCommit`. | Partial. The source and consumer contract are in place; the registry artifact is not. | Publish `0c3cdb4ee06a23361ed511a2da033d67b53d16f4` to the D601 registry, then run dev and prod artifact-consumer verification. |
@@ -37,13 +37,14 @@ Focused read-only evidence for this refresh:
| Service | desiredCommit | runtimeCommit | artifactExists | devStatus | prodStatus | blockedScopes | recommendedAction |
| --- | --- | --- | --- | --- | --- | --- | --- |
| `mdtodo` | `75fb6757b2504ba86d61f2587fb34a9c9ed4019a` | `75fb6757b2504ba86d61f2587fb34a9c9ed4019a` from prod Deployment annotations; `/health` is ok but has no deploy metadata | `false` | `missing-dev-service` | `healthy-prod-annotation-aligned` | `registry-artifact`, `dev-service`, `health-deploy-metadata` | Publish the desired artifact, create/verify `unidesk-dev/mdtodo-dev`, then run focused dev smoke before deciding whether prod needs replacement. |
| `mdtodo` | `595de3d320b73ec006794440b32db48b3ad14d2b` | `75fb6757b2504ba86d61f2587fb34a9c9ed4019a` from prod Deployment annotations; that runtime predates `mdtodo` health deploy metadata | `false` | `missing-dev-service` | `healthy-prod-annotation-stale-after-health-metadata-repin` | `registry-artifact`, `dev-service`, `runtime-health-metadata-proof`, `prod-runtime-commit-drift` | Publish the desired artifact that includes `mdtodo` health deploy metadata, create/verify `unidesk-dev/mdtodo-dev`, then run focused dev smoke before deciding whether prod needs replacement. |
| `claudeqq` | `203b1f46684c91340ecbbd8a74502bd55e4f2011` | `203b1f46684c91340ecbbd8a74502bd55e4f2011` from prod `/health.deploy.commit` and `/health.deploy.requestedCommit` | `false` | `missing-dev-service` | `healthy-prod-health-aligned-event-api-unverified` | `registry-artifact`, `dev-service`, `event-api-surface` | Publish the desired artifact, create/verify `unidesk-dev/claudeqq-dev`, then resolve or document the event API paths before prod artifact replacement. |
| `todo-note` | `a14ce0eb855a685fa17b47adacd54623e72cd2ff` | `null`; prod health and container labels do not expose source commit | `false` | `consumer-plan-only-no-live-dev` | `healthy-behavior-no-commit-proof` | `registry-artifact`, `runtime-commit-proof`, `health-deploy-metadata` | Publish the desired artifact, then use the no-build Compose artifact consumer to recreate only `todo-note` and verify image labels plus health deploy metadata. |
Repeatable contracts:
```bash
bun scripts/issue-9-mdtodo-health-metadata-contract-test.ts
bun scripts/issue-9-user-service-artifact-gap-contract-test.ts
bun scripts/issue-9-user-service-deploy-apply-dry-run-contract-test.ts
```
@@ -53,6 +54,17 @@ bun scripts/issue-9-user-service-deploy-apply-dry-run-contract-test.ts
No live deployment or publish was executed in this pass.
- `decision-center` drift was desired-state only: dev/prod live health and the registry artifact already matched `b5486a61...`, so `deploy.json` was repinned to that verified commit without deploying.
- `mdtodo`, `claudeqq`, `todo-note` and `project-manager` do not have the desired registry artifact tags, so live apply would not satisfy the artifact-consumer contract.
- `mdtodo`, `claudeqq`, `todo-note` and `project-manager` do not have the desired registry artifact tags, so live apply would not satisfy the artifact-consumer contract. For `mdtodo`, the desired tag is now `595de3d320b73ec006794440b32db48b3ad14d2b` because that is the already-merged commit that adds `/health.deploy` and `/live.deploy`.
- `frontend` is the first batch sample that can be marked complete for the CI/CD artifact lane: desired commit, registry artifact digest, dev/prod health metadata, publish dry-run readiness and dev/prod CD no-build dry-runs are aligned.
- Focused smoke stayed limited to health, deployment metadata, registry HEAD/tag checks and small private proxy API calls.
## MDTODO Next Preconditions
Before a real `mdtodo` artifact publish or dev deploy:
- Run the read-only publish preflight for `595de3d320b73ec006794440b32db48b3ad14d2b`: `bun scripts/cli.ts ci publish-user-service --service mdtodo --commit 595de3d320b73ec006794440b32db48b3ad14d2b --dry-run`. It must report `runnerDisposition=ready` or clearly classify only infrastructure blockers.
- Publish only from the controlled D601 CI path: `bun scripts/cli.ts ci publish-user-service --service mdtodo --commit 595de3d320b73ec006794440b32db48b3ad14d2b --wait-ms 1200000`.
- Record the resulting `artifactSummary.imageRef`, `digest` and `digestRef`; verify registry `HEAD /v2/unidesk/mdtodo/manifests/595de3d320b73ec006794440b32db48b3ad14d2b` returns a digest.
- Keep `deploy apply --env dev --service mdtodo --dry-run` on the D601 k3s no-build artifact consumer and confirm it targets only `unidesk-dev/mdtodo-dev`.
- Run real dev apply only after the artifact exists, then verify `unidesk-dev/mdtodo-dev` readiness and service-proxy `/health.deploy.commit`, `/health.deploy.requestedCommit`, `/live.deploy.commit` all equal `595de3d320b73ec006794440b32db48b3ad14d2b`.
- Evaluate prod replacement only after dev proof is recorded; prod currently runs the older annotated `75fb6757b2504ba86d61f2587fb34a9c9ed4019a` runtime.