diff --git a/dados/repository-mesh-central-write-status.json b/dados/repository-mesh-central-write-status.json index f819f14..2c1940f 100644 --- a/dados/repository-mesh-central-write-status.json +++ b/dados/repository-mesh-central-write-status.json @@ -1,11 +1,32 @@ { - "centralPlatformFolder": "", - "failureCount": 0, - "failures": [], - "generatedAt": "2026-05-02T02:38:16+00:00", - "ok": true, + "centralPlatformFolder": "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform", + "failureCount": 4, + "failures": [ + { + "error": "PermissionError: [Errno 13] Permission denied: 'G:\\\\_codex-git\\\\nucleo-gestao-operacional\\\\central-de-ordem-de-servico\\\\projects\\\\15_repo_tudo-para-ia-mais-humana-platform\\\\reports\\\\EXECUTADO__repository-mesh-sync.md'", + "operation": "write_text", + "path": "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\reports\\EXECUTADO__repository-mesh-sync.md" + }, + { + "error": "PermissionError: [Errno 13] Permission denied: 'G:\\\\_codex-git\\\\nucleo-gestao-operacional\\\\central-de-ordem-de-servico\\\\projects\\\\15_repo_tudo-para-ia-mais-humana-platform\\\\reports\\\\PENDENCIAS-CODEX__repository-mesh-sync.md'", + "operation": "write_text", + "path": "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\reports\\PENDENCIAS-CODEX__repository-mesh-sync.md" + }, + { + "error": "PermissionError: [Errno 13] Permission denied: 'G:\\\\_codex-git\\\\nucleo-gestao-operacional\\\\central-de-ordem-de-servico\\\\projects\\\\15_repo_tudo-para-ia-mais-humana-platform\\\\audit\\\\AUDITORIA-GPT__repository-mesh-sync.md'", + "operation": "write_text", + "path": "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\audit\\AUDITORIA-GPT__repository-mesh-sync.md" + }, + { + "error": "PermissionError: [Errno 13] Permission denied: 'G:\\\\_codex-git\\\\nucleo-gestao-operacional\\\\central-de-ordem-de-servico\\\\projects\\\\15_repo_tudo-para-ia-mais-humana-platform\\\\indexes\\\\repository-mesh-index.md'", + "operation": "write_text", + "path": "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\indexes\\repository-mesh-index.md" + } + ], + "generatedAt": "2026-05-02T05:32:42+00:00", + "ok": false, "policy": "falha de escrita central nao deve abortar artefatos do projeto real", - "requested": false, + "requested": true, "written": [], "writtenCount": 0 } \ No newline at end of file diff --git a/dados/repository-mesh-derived-orders.json b/dados/repository-mesh-derived-orders.json index cb489cc..bb6952b 100644 --- a/dados/repository-mesh-derived-orders.json +++ b/dados/repository-mesh-derived-orders.json @@ -89,6 +89,36 @@ "registrar pendencias no SQLite semantico" ] }, + { + "affected_paths": [ + "G:/_codex-git/tudo-para-ia-mais-humana", + "G:/codex_vm/_codex-git", + "/root/__gpt-codex", + "/root/_codex-git" + ], + "expected_result": "Espelho inventariado, bloqueios resolvidos ou formalizados, hashes comparados, e sincronizacao automatica mantida apenas quando segura.", + "object_scope": "Repositorio `admin/tudo-para-ia-mais-humana`, espelho local `tudo-para-ia-mais-humana`, recibo `mesh-receipt-02d7454d0e65` e plano `dirty_blocked`.", + "order_id": "0103_EXECUTIVA__reconciliar-espelho-tudo-para-ia-mais-humana", + "order_type": "executiva", + "priority": "alta", + "project_id": "tudo-para-ia-mais-humana", + "purpose": "Garantir que a malha de repositorios preserve a alteracao valida mais recente sem sobrescrever estado local ou remoto.", + "ready_criteria": [ + "hashes comparados", + "working trees limpos ou pendencia registrada", + "remote origin validado", + "ambientes inacessiveis formalizados" + ], + "reason": "alteracoes locais nao commitadas podem ser a versao valida mais recente; ambiente declarado pela OS nao esta acessivel a partir desta sessao; windows-primary possui working tree sujo", + "status": "planejada", + "title": "Reconciliar espelho tudo-para-ia-mais-humana", + "validations": [ + "python -m mais_humana.cli repo-mesh --fetch", + "validar que nao houve reset/checkout/clean/pull destrutivo", + "comparar HEAD e status --short", + "registrar pendencias no SQLite semantico" + ] + }, { "affected_paths": [ "G:/_codex-git/tudo-para-ia-platform-base", @@ -98,7 +128,7 @@ ], "expected_result": "Espelho inventariado, bloqueios resolvidos ou formalizados, hashes comparados, e sincronizacao automatica mantida apenas quando segura.", "object_scope": "Repositorio `admin/tudo-para-ia-platform-base`, espelho local `tudo-para-ia-platform-base`, recibo `mesh-receipt-ed527f50239e` e plano `dirty_blocked`.", - "order_id": "0103_EXECUTIVA__reconciliar-espelho-tudo-para-ia-platform-base", + "order_id": "0104_EXECUTIVA__reconciliar-espelho-tudo-para-ia-platform-base", "order_type": "executiva", "priority": "alta", "project_id": "tudo-para-ia-mais-humana", @@ -119,36 +149,6 @@ "registrar pendencias no SQLite semantico" ] }, - { - "affected_paths": [ - "G:/_codex-git/tudo-para-ia-business-platform", - "G:/codex_vm/_codex-git", - "/root/__gpt-codex", - "/root/_codex-git" - ], - "expected_result": "Espelho inventariado, bloqueios resolvidos ou formalizados, hashes comparados, e sincronizacao automatica mantida apenas quando segura.", - "object_scope": "Repositorio `admin/tudo-para-ia-business-platform`, espelho local `tudo-para-ia-business-platform`, recibo `mesh-receipt-7c46b8b7ecec` e plano `environment_blocked`.", - "order_id": "0104_EXECUTIVA__reconciliar-espelho-tudo-para-ia-business-platform", - "order_type": "executiva", - "priority": "alta", - "project_id": "tudo-para-ia-mais-humana", - "purpose": "Garantir que a malha de repositorios preserve a alteracao valida mais recente sem sobrescrever estado local ou remoto.", - "ready_criteria": [ - "hashes comparados", - "working trees limpos ou pendencia registrada", - "remote origin validado", - "ambientes inacessiveis formalizados" - ], - "reason": "ambiente declarado pela OS nao esta acessivel a partir desta sessao", - "status": "planejada", - "title": "Reconciliar espelho tudo-para-ia-business-platform", - "validations": [ - "python -m mais_humana.cli repo-mesh --fetch", - "validar que nao houve reset/checkout/clean/pull destrutivo", - "comparar HEAD e status --short", - "registrar pendencias no SQLite semantico" - ] - }, { "affected_paths": [ "G:/_codex-git/tudo-para-ia-finance-platform", @@ -239,6 +239,36 @@ "registrar pendencias no SQLite semantico" ] }, + { + "affected_paths": [ + "G:/_codex-git/tudo-para-ia-mais-humana", + "G:/codex_vm/_codex-git", + "/root/__gpt-codex", + "/root/_codex-git" + ], + "expected_result": "Espelho inventariado, bloqueios resolvidos ou formalizados, hashes comparados, e sincronizacao automatica mantida apenas quando segura.", + "object_scope": "Repositorio `admin/tudo-para-ia-mais-humana`, espelho local `tudo-para-ia-mais-humana`, recibo `mesh-receipt-02d7454d0e65` e plano `dirty_blocked`.", + "order_id": "0103_GERENCIAL__governar-sincronizacao-de-tudo-para-ia-mais-humana", + "order_type": "gerencial", + "priority": "alta", + "project_id": "tudo-para-ia-mais-humana", + "purpose": "Garantir que a malha de repositorios preserve a alteracao valida mais recente sem sobrescrever estado local ou remoto.", + "ready_criteria": [ + "hashes comparados", + "working trees limpos ou pendencia registrada", + "remote origin validado", + "ambientes inacessiveis formalizados" + ], + "reason": "alteracoes locais nao commitadas podem ser a versao valida mais recente; ambiente declarado pela OS nao esta acessivel a partir desta sessao; windows-primary possui working tree sujo", + "status": "planejada", + "title": "Governar sincronizacao de tudo-para-ia-mais-humana", + "validations": [ + "python -m mais_humana.cli repo-mesh --fetch", + "validar que nao houve reset/checkout/clean/pull destrutivo", + "comparar HEAD e status --short", + "registrar pendencias no SQLite semantico" + ] + }, { "affected_paths": [ "G:/_codex-git/tudo-para-ia-platform-base", @@ -248,7 +278,7 @@ ], "expected_result": "Espelho inventariado, bloqueios resolvidos ou formalizados, hashes comparados, e sincronizacao automatica mantida apenas quando segura.", "object_scope": "Repositorio `admin/tudo-para-ia-platform-base`, espelho local `tudo-para-ia-platform-base`, recibo `mesh-receipt-ed527f50239e` e plano `dirty_blocked`.", - "order_id": "0103_GERENCIAL__governar-sincronizacao-de-tudo-para-ia-platform-base", + "order_id": "0104_GERENCIAL__governar-sincronizacao-de-tudo-para-ia-platform-base", "order_type": "gerencial", "priority": "alta", "project_id": "tudo-para-ia-mais-humana", @@ -268,35 +298,5 @@ "comparar HEAD e status --short", "registrar pendencias no SQLite semantico" ] - }, - { - "affected_paths": [ - "G:/_codex-git/tudo-para-ia-business-platform", - "G:/codex_vm/_codex-git", - "/root/__gpt-codex", - "/root/_codex-git" - ], - "expected_result": "Espelho inventariado, bloqueios resolvidos ou formalizados, hashes comparados, e sincronizacao automatica mantida apenas quando segura.", - "object_scope": "Repositorio `admin/tudo-para-ia-business-platform`, espelho local `tudo-para-ia-business-platform`, recibo `mesh-receipt-7c46b8b7ecec` e plano `environment_blocked`.", - "order_id": "0104_GERENCIAL__governar-sincronizacao-de-tudo-para-ia-business-platform", - "order_type": "gerencial", - "priority": "alta", - "project_id": "tudo-para-ia-mais-humana", - "purpose": "Garantir que a malha de repositorios preserve a alteracao valida mais recente sem sobrescrever estado local ou remoto.", - "ready_criteria": [ - "hashes comparados", - "working trees limpos ou pendencia registrada", - "remote origin validado", - "ambientes inacessiveis formalizados" - ], - "reason": "ambiente declarado pela OS nao esta acessivel a partir desta sessao", - "status": "planejada", - "title": "Governar sincronizacao de tudo-para-ia-business-platform", - "validations": [ - "python -m mais_humana.cli repo-mesh --fetch", - "validar que nao houve reset/checkout/clean/pull destrutivo", - "comparar HEAD e status --short", - "registrar pendencias no SQLite semantico" - ] } ] \ No newline at end of file diff --git a/dados/repository-mesh-inventory.json b/dados/repository-mesh-inventory.json index ec659b2..42f045a 100644 --- a/dados/repository-mesh-inventory.json +++ b/dados/repository-mesh-inventory.json @@ -1,5 +1,5 @@ { - "central_root": null, + "central_root": "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects", "ecosystem_root": "G:\\_codex-git", "environments": [ { @@ -35,47 +35,47 @@ "root": "/root/_codex-git" } ], - "fetch_enabled": false, - "generated_at": "2026-05-02T02:38:16+00:00", - "plugin_auth_attempt": "git fetch/push bloqueado por SEC_E_NO_CREDENTIALS no ciclo seguro da rodada; sem reset destrutivo", - "report_id": "repository-mesh-01dbdab36e20", + "fetch_enabled": true, + "generated_at": "2026-05-02T05:32:42+00:00", + "plugin_auth_attempt": "mcp_tool_call_rejected_before_router", + "report_id": "repository-mesh-28c1ea98b122", "summaries": [ { "actions": [ { - "action_id": "mesh-action-e38f76b77b81", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-61bb08f62bc5", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-primary", "evidence": [ - "bb1cec9a273a3c64023a6e7554e33a31bd7a8015", - "https://git.ami.app.br/admin/tudo-para-ia-business-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-business-platform" }, { - "action_id": "mesh-action-63be244a7eff", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-a6131408e2be", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-secondary", "evidence": [ - "bb1cec9a273a3c64023a6e7554e33a31bd7a8015", - "https://git.ami.app.br/admin/tudo-para-ia-business-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-business-platform" }, { @@ -115,12 +115,12 @@ "target_name": "tudo-para-ia-business-platform" } ], - "aligned_hash": "bb1cec9a273a3c64023a6e7554e33a31bd7a8015", + "aligned_hash": "775e3c0ba8dfd5dc03c7e03384b0adbf93be729e", "credential_error_count": 0, "destructive_block_count": 0, "dirty_count": 0, "hash_set": [ - "bb1cec9a273a3c64023a6e7554e33a31bd7a8015" + "775e3c0ba8dfd5dc03c7e03384b0adbf93be729e" ], "missing_count": 2, "nominal_mismatch_count": 2, @@ -137,10 +137,44 @@ "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, - "head": "bb1cec9a273a3c64023a6e7554e33a31bd7a8015", - "head_summary": "bb1cec9 auto-sync: tudo-para-ia-business-platform 2026-05-01 23:18:33", + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-business-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-business-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, + "head": "775e3c0ba8dfd5dc03c7e03384b0adbf93be729e", + "head_summary": "775e3c0 auto-sync: tudo-para-ia-business-platform 2026-05-02 00:08:15", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-business-platform.git", "status_short": [], "upstream": "origin/main" @@ -148,7 +182,7 @@ "matched_name": "tudo-para-ia-business-platform", "matched_path": "G:\\_codex-git\\tudo-para-ia-business-platform", "nomenclature_note": null, - "observed_at": "2026-05-02T02:37:46+00:00", + "observed_at": "2026-05-02T05:31:58+00:00", "presence": "present_git", "target_name": "tudo-para-ia-business-platform" }, @@ -164,10 +198,44 @@ "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, - "head": "bb1cec9a273a3c64023a6e7554e33a31bd7a8015", - "head_summary": "bb1cec9 auto-sync: tudo-para-ia-business-platform 2026-05-01 23:18:33", + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-business-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-business-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, + "head": "775e3c0ba8dfd5dc03c7e03384b0adbf93be729e", + "head_summary": "775e3c0 auto-sync: tudo-para-ia-business-platform 2026-05-02 00:08:15", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-business-platform.git", "status_short": [], "upstream": "origin/main" @@ -175,7 +243,7 @@ "matched_name": "tudo-para-ia-business-platform", "matched_path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-business-platform", "nomenclature_note": null, - "observed_at": "2026-05-02T02:37:47+00:00", + "observed_at": "2026-05-02T05:31:59+00:00", "presence": "present_git", "target_name": "tudo-para-ia-business-platform" }, @@ -187,7 +255,7 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/__gpt-codex", - "observed_at": "2026-05-02T02:37:47+00:00", + "observed_at": "2026-05-02T05:31:59+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-business-platform" }, @@ -199,14 +267,14 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/_codex-git", - "observed_at": "2026-05-02T02:37:47+00:00", + "observed_at": "2026-05-02T05:31:59+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-business-platform" } ], "remote_mismatch_count": 0, "risk": "blocked", - "summary": "hash unico bb1cec9a273a; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais", + "summary": "hash unico 775e3c0ba8df; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais", "target": { "aliases": [], "canonical_name": null, @@ -221,39 +289,39 @@ { "actions": [ { - "action_id": "mesh-action-8374a60fd4d0", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-cf83302e51c3", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-primary", "evidence": [ - "a97cd9a1103e336b14d52570788095cfaea71394", - "https://git.ami.app.br/admin/tudo-para-ia-compliance-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-compliance-platform" }, { - "action_id": "mesh-action-af3c932ce656", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-89d16c6d68ae", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-secondary", "evidence": [ - "a97cd9a1103e336b14d52570788095cfaea71394", - "https://git.ami.app.br/admin/tudo-para-ia-compliance-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-compliance-platform" }, { @@ -315,8 +383,42 @@ "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-compliance-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-compliance-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, "head": "a97cd9a1103e336b14d52570788095cfaea71394", "head_summary": "a97cd9a auto-sync: tudo-para-ia-compliance-platform 2026-05-01 23:24:32", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-compliance-platform.git", @@ -326,7 +428,7 @@ "matched_name": "tudo-para-ia-compliance-platform", "matched_path": "G:\\_codex-git\\tudo-para-ia-compliance-platform", "nomenclature_note": null, - "observed_at": "2026-05-02T02:37:48+00:00", + "observed_at": "2026-05-02T05:32:00+00:00", "presence": "present_git", "target_name": "tudo-para-ia-compliance-platform" }, @@ -342,8 +444,42 @@ "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-compliance-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-compliance-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, "head": "a97cd9a1103e336b14d52570788095cfaea71394", "head_summary": "a97cd9a auto-sync: tudo-para-ia-compliance-platform 2026-05-01 23:24:32", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-compliance-platform.git", @@ -353,7 +489,7 @@ "matched_name": "tudo-para-ia-compliance-platform", "matched_path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-compliance-platform", "nomenclature_note": null, - "observed_at": "2026-05-02T02:37:49+00:00", + "observed_at": "2026-05-02T05:32:01+00:00", "presence": "present_git", "target_name": "tudo-para-ia-compliance-platform" }, @@ -365,7 +501,7 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/__gpt-codex", - "observed_at": "2026-05-02T02:37:49+00:00", + "observed_at": "2026-05-02T05:32:01+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-compliance-platform" }, @@ -377,7 +513,7 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/_codex-git", - "observed_at": "2026-05-02T02:37:49+00:00", + "observed_at": "2026-05-02T05:32:01+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-compliance-platform" } @@ -399,39 +535,39 @@ { "actions": [ { - "action_id": "mesh-action-4b3ec70981ea", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-9c34fd44f893", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-primary", "evidence": [ - "bf45665a80ffd63b0ddb5608a49007429c140a39", - "https://git.ami.app.br/admin/tudo-para-ia-customer-ops-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-customer-ops-platform" }, { - "action_id": "mesh-action-9abead089781", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-e09246d00bf7", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-secondary", "evidence": [ - "bf45665a80ffd63b0ddb5608a49007429c140a39", - "https://git.ami.app.br/admin/tudo-para-ia-customer-ops-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-customer-ops-platform" }, { @@ -493,8 +629,42 @@ "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-customer-ops-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-customer-ops-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, "head": "bf45665a80ffd63b0ddb5608a49007429c140a39", "head_summary": "bf45665 auto-sync: tudo-para-ia-customer-ops-platform 2026-05-01 20:10:07", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-customer-ops-platform.git", @@ -504,7 +674,7 @@ "matched_name": "tudo-para-ia-customer-ops-platform", "matched_path": "G:\\_codex-git\\tudo-para-ia-customer-ops-platform", "nomenclature_note": null, - "observed_at": "2026-05-02T02:37:50+00:00", + "observed_at": "2026-05-02T05:32:02+00:00", "presence": "present_git", "target_name": "tudo-para-ia-customer-ops-platform" }, @@ -520,8 +690,42 @@ "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-customer-ops-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-customer-ops-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, "head": "bf45665a80ffd63b0ddb5608a49007429c140a39", "head_summary": "bf45665 auto-sync: tudo-para-ia-customer-ops-platform 2026-05-01 20:10:07", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-customer-ops-platform.git", @@ -531,7 +735,7 @@ "matched_name": "tudo-para-ia-customer-ops-platform", "matched_path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-customer-ops-platform", "nomenclature_note": null, - "observed_at": "2026-05-02T02:37:51+00:00", + "observed_at": "2026-05-02T05:32:03+00:00", "presence": "present_git", "target_name": "tudo-para-ia-customer-ops-platform" }, @@ -543,7 +747,7 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/__gpt-codex", - "observed_at": "2026-05-02T02:37:51+00:00", + "observed_at": "2026-05-02T05:32:03+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-customer-ops-platform" }, @@ -555,7 +759,7 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/_codex-git", - "observed_at": "2026-05-02T02:37:51+00:00", + "observed_at": "2026-05-02T05:32:03+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-customer-ops-platform" } @@ -577,39 +781,39 @@ { "actions": [ { - "action_id": "mesh-action-5880bb6552f2", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-604e958b1ab4", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-primary", "evidence": [ - "e7330785b3b792c8401bfec9ae46c146f1231155", - "https://git.ami.app.br/admin/tudo-para-ia-docs-plataform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-docs-plataform" }, { - "action_id": "mesh-action-080ca079b879", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-c22d79c0aa76", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-secondary", "evidence": [ - "e7330785b3b792c8401bfec9ae46c146f1231155", - "https://git.ami.app.br/admin/tudo-para-ia-docs-plataform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-docs-plataform" }, { @@ -649,12 +853,12 @@ "target_name": "tudo-para-ia-docs-plataform" } ], - "aligned_hash": "e7330785b3b792c8401bfec9ae46c146f1231155", + "aligned_hash": "f0d043d97d78b31f95c55ab1be2cfff5e65ec500", "credential_error_count": 0, "destructive_block_count": 0, "dirty_count": 0, "hash_set": [ - "e7330785b3b792c8401bfec9ae46c146f1231155" + "f0d043d97d78b31f95c55ab1be2cfff5e65ec500" ], "missing_count": 2, "nominal_mismatch_count": 2, @@ -671,10 +875,44 @@ "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, - "head": "e7330785b3b792c8401bfec9ae46c146f1231155", - "head_summary": "e733078 auto-sync: tudo-para-ia-docs-plataform 2026-05-01 23:23:35", + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-docs-plataform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-docs-plataform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, + "head": "f0d043d97d78b31f95c55ab1be2cfff5e65ec500", + "head_summary": "f0d043d auto-sync: tudo-para-ia-docs-plataform 2026-05-02 00:28:25", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-docs-plataform.git", "status_short": [], "upstream": "origin/main" @@ -682,7 +920,7 @@ "matched_name": "tudo-para-ia-docs-plataform", "matched_path": "G:\\_codex-git\\tudo-para-ia-docs-plataform", "nomenclature_note": null, - "observed_at": "2026-05-02T02:37:52+00:00", + "observed_at": "2026-05-02T05:32:09+00:00", "presence": "present_git", "target_name": "tudo-para-ia-docs-plataform" }, @@ -698,10 +936,44 @@ "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, - "head": "e7330785b3b792c8401bfec9ae46c146f1231155", - "head_summary": "e733078 auto-sync: tudo-para-ia-docs-plataform 2026-05-01 23:23:35", + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-docs-plataform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-docs-plataform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, + "head": "f0d043d97d78b31f95c55ab1be2cfff5e65ec500", + "head_summary": "f0d043d auto-sync: tudo-para-ia-docs-plataform 2026-05-02 00:28:25", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-docs-plataform.git", "status_short": [], "upstream": "origin/main" @@ -709,7 +981,7 @@ "matched_name": "tudo-para-ia-docs-plataform", "matched_path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-docs-plataform", "nomenclature_note": null, - "observed_at": "2026-05-02T02:37:53+00:00", + "observed_at": "2026-05-02T05:32:10+00:00", "presence": "present_git", "target_name": "tudo-para-ia-docs-plataform" }, @@ -721,7 +993,7 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/__gpt-codex", - "observed_at": "2026-05-02T02:37:53+00:00", + "observed_at": "2026-05-02T05:32:10+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-docs-plataform" }, @@ -733,14 +1005,14 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/_codex-git", - "observed_at": "2026-05-02T02:37:53+00:00", + "observed_at": "2026-05-02T05:32:10+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-docs-plataform" } ], "remote_mismatch_count": 0, "risk": "blocked", - "summary": "hash unico e7330785b3b7; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais", + "summary": "hash unico f0d043d97d78; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais", "target": { "aliases": [], "canonical_name": null, @@ -774,21 +1046,39 @@ "target_name": "tudo-para-ia-finance-platform" }, { - "action_id": "mesh-action-413d08f8b1e0", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" + "action_id": "mesh-action-9acb48b0d9c1", + "can_execute_automatically": false, + "command_preview": [], + "destructive": false, + "environment_id": "windows-primary", + "evidence": [ + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", + "target_name": "tudo-para-ia-finance-platform" + }, + { + "action_id": "mesh-action-1f40560bc8ae", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-secondary", "evidence": [ - "af42e69e75fa557d1cb646f18b9c20593854cd96", - "https://git.ami.app.br/admin/tudo-para-ia-finance-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-finance-platform" }, { @@ -828,12 +1118,12 @@ "target_name": "tudo-para-ia-finance-platform" } ], - "aligned_hash": "af42e69e75fa557d1cb646f18b9c20593854cd96", + "aligned_hash": "c09e54801470f45b22513b53fdedb3cc3750654b", "credential_error_count": 0, "destructive_block_count": 1, "dirty_count": 1, "hash_set": [ - "af42e69e75fa557d1cb646f18b9c20593854cd96" + "c09e54801470f45b22513b53fdedb3cc3750654b" ], "missing_count": 2, "nominal_mismatch_count": 2, @@ -850,10 +1140,44 @@ "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, - "head": "af42e69e75fa557d1cb646f18b9c20593854cd96", - "head_summary": "af42e69 auto-sync: tudo-para-ia-finance-platform 2026-05-01 23:24:50", + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-finance-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-finance-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, + "head": "c09e54801470f45b22513b53fdedb3cc3750654b", + "head_summary": "c09e548 auto-sync: tudo-para-ia-finance-platform 2026-05-02 00:09:34", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-finance-platform.git", "status_short": [ "m _paradigmas/lago" @@ -863,7 +1187,7 @@ "matched_name": "tudo-para-ia-finance-platform", "matched_path": "G:\\_codex-git\\tudo-para-ia-finance-platform", "nomenclature_note": null, - "observed_at": "2026-05-02T02:37:54+00:00", + "observed_at": "2026-05-02T05:32:12+00:00", "presence": "present_git", "target_name": "tudo-para-ia-finance-platform" }, @@ -879,10 +1203,44 @@ "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, - "head": "af42e69e75fa557d1cb646f18b9c20593854cd96", - "head_summary": "af42e69 auto-sync: tudo-para-ia-finance-platform 2026-05-01 23:24:50", + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-finance-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-finance-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, + "head": "c09e54801470f45b22513b53fdedb3cc3750654b", + "head_summary": "c09e548 auto-sync: tudo-para-ia-finance-platform 2026-05-02 00:09:34", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-finance-platform.git", "status_short": [], "upstream": "origin/main" @@ -890,7 +1248,7 @@ "matched_name": "tudo-para-ia-finance-platform", "matched_path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-finance-platform", "nomenclature_note": null, - "observed_at": "2026-05-02T02:37:55+00:00", + "observed_at": "2026-05-02T05:32:12+00:00", "presence": "present_git", "target_name": "tudo-para-ia-finance-platform" }, @@ -902,7 +1260,7 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/__gpt-codex", - "observed_at": "2026-05-02T02:37:55+00:00", + "observed_at": "2026-05-02T05:32:12+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-finance-platform" }, @@ -914,14 +1272,14 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/_codex-git", - "observed_at": "2026-05-02T02:37:55+00:00", + "observed_at": "2026-05-02T05:32:12+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-finance-platform" } ], "remote_mismatch_count": 0, "risk": "blocked", - "summary": "hash unico af42e69e75fa; 2 materializacoes ausentes/inacessiveis; 1 worktrees sujos; 2 divergencias nominais; 1 bloqueios contra sync destrutiva", + "summary": "hash unico c09e54801470; 2 materializacoes ausentes/inacessiveis; 1 worktrees sujos; 2 divergencias nominais; 1 bloqueios contra sync destrutiva", "target": { "aliases": [], "canonical_name": null, @@ -936,39 +1294,39 @@ { "actions": [ { - "action_id": "mesh-action-789e9b017369", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-8a4690c9c29d", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-primary", "evidence": [ - "d116fb397d34068883f78e7508aedb97b0fa7eab", - "https://git.ami.app.br/admin/tudo-para-ia-gettys-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-gettys-platform" }, { - "action_id": "mesh-action-32ab51a5fbcf", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-5850fef3cb38", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-secondary", "evidence": [ - "d116fb397d34068883f78e7508aedb97b0fa7eab", - "https://git.ami.app.br/admin/tudo-para-ia-gettys-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-gettys-platform" }, { @@ -1008,12 +1366,12 @@ "target_name": "tudo-para-ia-gettys-platform" } ], - "aligned_hash": "d116fb397d34068883f78e7508aedb97b0fa7eab", + "aligned_hash": "e304fb7dbfc34ff5c05bd636194e1ccb6a307931", "credential_error_count": 0, "destructive_block_count": 0, "dirty_count": 0, "hash_set": [ - "d116fb397d34068883f78e7508aedb97b0fa7eab" + "e304fb7dbfc34ff5c05bd636194e1ccb6a307931" ], "missing_count": 2, "nominal_mismatch_count": 2, @@ -1030,10 +1388,44 @@ "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, - "head": "d116fb397d34068883f78e7508aedb97b0fa7eab", - "head_summary": "d116fb3 auto-sync: tudo-para-ia-gettys-platform 2026-05-01 23:21:08", + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-gettys-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-gettys-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, + "head": "e304fb7dbfc34ff5c05bd636194e1ccb6a307931", + "head_summary": "e304fb7 auto-sync: tudo-para-ia-gettys-platform 2026-05-02 00:33:47", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-gettys-platform.git", "status_short": [], "upstream": "origin/main" @@ -1041,7 +1433,7 @@ "matched_name": "tudo-para-ia-gettys-platform", "matched_path": "G:\\_codex-git\\tudo-para-ia-gettys-platform", "nomenclature_note": null, - "observed_at": "2026-05-02T02:37:56+00:00", + "observed_at": "2026-05-02T05:32:14+00:00", "presence": "present_git", "target_name": "tudo-para-ia-gettys-platform" }, @@ -1057,10 +1449,44 @@ "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, - "head": "d116fb397d34068883f78e7508aedb97b0fa7eab", - "head_summary": "d116fb3 auto-sync: tudo-para-ia-gettys-platform 2026-05-01 23:21:08", + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-gettys-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-gettys-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, + "head": "e304fb7dbfc34ff5c05bd636194e1ccb6a307931", + "head_summary": "e304fb7 auto-sync: tudo-para-ia-gettys-platform 2026-05-02 00:33:47", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-gettys-platform.git", "status_short": [], "upstream": "origin/main" @@ -1068,7 +1494,7 @@ "matched_name": "tudo-para-ia-gettys-platform", "matched_path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-gettys-platform", "nomenclature_note": null, - "observed_at": "2026-05-02T02:37:57+00:00", + "observed_at": "2026-05-02T05:32:16+00:00", "presence": "present_git", "target_name": "tudo-para-ia-gettys-platform" }, @@ -1080,7 +1506,7 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/__gpt-codex", - "observed_at": "2026-05-02T02:37:57+00:00", + "observed_at": "2026-05-02T05:32:16+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-gettys-platform" }, @@ -1092,14 +1518,14 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/_codex-git", - "observed_at": "2026-05-02T02:37:57+00:00", + "observed_at": "2026-05-02T05:32:16+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-gettys-platform" } ], "remote_mismatch_count": 0, "risk": "blocked", - "summary": "hash unico d116fb397d34; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais", + "summary": "hash unico e304fb7dbfc3; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais", "target": { "aliases": [], "canonical_name": null, @@ -1134,21 +1560,39 @@ "target_name": "tudo-para-ia-identity-platform" }, { - "action_id": "mesh-action-741e3c31e3e1", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" + "action_id": "mesh-action-bf839e1eb7da", + "can_execute_automatically": false, + "command_preview": [], + "destructive": false, + "environment_id": "windows-primary", + "evidence": [ + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", + "target_name": "tudo-para-ia-identity-platform" + }, + { + "action_id": "mesh-action-ddc7a0df464a", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-secondary", "evidence": [ - "5d47be0be72a335d59be91c6dc36756e20355847", - "https://git.ami.app.br/admin/tudo-para-ia-identity-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-identity-platform" }, { @@ -1188,12 +1632,12 @@ "target_name": "tudo-para-ia-identity-platform" } ], - "aligned_hash": "5d47be0be72a335d59be91c6dc36756e20355847", + "aligned_hash": "a31adba6dd47eec7f584dbac0e8a76bc802ad3c0", "credential_error_count": 0, "destructive_block_count": 1, "dirty_count": 1, "hash_set": [ - "5d47be0be72a335d59be91c6dc36756e20355847" + "a31adba6dd47eec7f584dbac0e8a76bc802ad3c0" ], "missing_count": 2, "nominal_mismatch_count": 2, @@ -1210,10 +1654,44 @@ "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, - "head": "5d47be0be72a335d59be91c6dc36756e20355847", - "head_summary": "5d47be0 auto-sync: tudo-para-ia-identity-platform 2026-05-01 23:19:25", + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-identity-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-identity-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, + "head": "a31adba6dd47eec7f584dbac0e8a76bc802ad3c0", + "head_summary": "a31adba auto-sync: tudo-para-ia-identity-platform 2026-05-02 00:18:40", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-identity-platform.git", "status_short": [ "m _paradigmas/moesif/github/repos-clonados/moesif-browser-js", @@ -1224,7 +1702,7 @@ "matched_name": "tudo-para-ia-identity-platform", "matched_path": "G:\\_codex-git\\tudo-para-ia-identity-platform", "nomenclature_note": null, - "observed_at": "2026-05-02T02:37:59+00:00", + "observed_at": "2026-05-02T05:32:19+00:00", "presence": "present_git", "target_name": "tudo-para-ia-identity-platform" }, @@ -1240,10 +1718,44 @@ "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, - "head": "5d47be0be72a335d59be91c6dc36756e20355847", - "head_summary": "5d47be0 auto-sync: tudo-para-ia-identity-platform 2026-05-01 23:19:25", + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-identity-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-identity-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, + "head": "a31adba6dd47eec7f584dbac0e8a76bc802ad3c0", + "head_summary": "a31adba auto-sync: tudo-para-ia-identity-platform 2026-05-02 00:18:40", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-identity-platform.git", "status_short": [], "upstream": "origin/main" @@ -1251,7 +1763,7 @@ "matched_name": "tudo-para-ia-identity-platform", "matched_path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-identity-platform", "nomenclature_note": null, - "observed_at": "2026-05-02T02:38:00+00:00", + "observed_at": "2026-05-02T05:32:20+00:00", "presence": "present_git", "target_name": "tudo-para-ia-identity-platform" }, @@ -1263,7 +1775,7 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/__gpt-codex", - "observed_at": "2026-05-02T02:38:00+00:00", + "observed_at": "2026-05-02T05:32:20+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-identity-platform" }, @@ -1275,14 +1787,14 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/_codex-git", - "observed_at": "2026-05-02T02:38:00+00:00", + "observed_at": "2026-05-02T05:32:20+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-identity-platform" } ], "remote_mismatch_count": 0, "risk": "blocked", - "summary": "hash unico 5d47be0be72a; 2 materializacoes ausentes/inacessiveis; 1 worktrees sujos; 2 divergencias nominais; 1 bloqueios contra sync destrutiva", + "summary": "hash unico a31adba6dd47; 2 materializacoes ausentes/inacessiveis; 1 worktrees sujos; 2 divergencias nominais; 1 bloqueios contra sync destrutiva", "target": { "aliases": [], "canonical_name": null, @@ -1356,6 +1868,24 @@ "risk": "blocked", "target_name": "tudo-para-ia-integracoes-platform" }, + { + "action_id": "mesh-action-9d7038836e52", + "can_execute_automatically": false, + "command_preview": [], + "destructive": false, + "environment_id": "windows-primary", + "evidence": [ + "error: cannot open '.git/FETCH_HEAD': Permission denied" + ], + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", + "target_name": "tudo-para-ia-integracoes-platform" + }, { "action_id": "mesh-action-c9373212b179", "can_execute_automatically": true, @@ -1400,6 +1930,24 @@ "risk": "attention", "target_name": "tudo-para-ia-integracoes-platform" }, + { + "action_id": "mesh-action-a26163e6be59", + "can_execute_automatically": false, + "command_preview": [], + "destructive": false, + "environment_id": "windows-secondary", + "evidence": [ + "error: cannot open '.git/FETCH_HEAD': Permission denied" + ], + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", + "target_name": "tudo-para-ia-integracoes-platform" + }, { "action_id": "mesh-action-3db4026be62c", "can_execute_automatically": false, @@ -1460,8 +2008,42 @@ "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-integracoes-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-integracoes-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, "head": "e067074d349a7101579276bd582601b3e6476de8", "head_summary": "e067074 chore: limpar lixo operacional regeneravel", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-integracoes-plataform.git", @@ -1473,7 +2055,7 @@ "matched_name": "tudo-para-ia-integracoes-platform", "matched_path": "G:\\_codex-git\\tudo-para-ia-integracoes-platform", "nomenclature_note": null, - "observed_at": "2026-05-02T02:38:01+00:00", + "observed_at": "2026-05-02T05:32:22+00:00", "presence": "present_git", "target_name": "tudo-para-ia-integracoes-platform" }, @@ -1489,8 +2071,42 @@ "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-integracoes-plataform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-integracoes-plataform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, "head": "eaf49821adefdc1b9d64f456598e9c478a1d498d", "head_summary": "eaf4982 auto-sync: tudo-para-ia-integracoes-plataform 2026-05-01 20:09:21", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-integracoes-plataform.git", @@ -1500,7 +2116,7 @@ "matched_name": "tudo-para-ia-integracoes-plataform", "matched_path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-integracoes-plataform", "nomenclature_note": "materializado como alias tudo-para-ia-integracoes-plataform; esperado tudo-para-ia-integracoes-platform", - "observed_at": "2026-05-02T02:38:02+00:00", + "observed_at": "2026-05-02T05:32:23+00:00", "presence": "present_git", "target_name": "tudo-para-ia-integracoes-platform" }, @@ -1512,7 +2128,7 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/__gpt-codex", - "observed_at": "2026-05-02T02:38:02+00:00", + "observed_at": "2026-05-02T05:32:23+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-integracoes-platform" }, @@ -1524,7 +2140,7 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/_codex-git", - "observed_at": "2026-05-02T02:38:02+00:00", + "observed_at": "2026-05-02T05:32:23+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-integracoes-platform" } @@ -1550,39 +2166,39 @@ { "actions": [ { - "action_id": "mesh-action-4a98dea693b0", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-93207ce20f3a", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-primary", "evidence": [ - "37c3ae1945864be8fed0e3dd4c0c560b486fba09", - "https://git.ami.app.br/admin/tudo-para-ia-intelligence-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-intelligence-platform" }, { - "action_id": "mesh-action-6e5402580b0f", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-735158c04761", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-secondary", "evidence": [ - "37c3ae1945864be8fed0e3dd4c0c560b486fba09", - "https://git.ami.app.br/admin/tudo-para-ia-intelligence-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-intelligence-platform" }, { @@ -1645,6 +2261,23 @@ }, "branch": "main", "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-intelligence-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, { "argv": [ "git", @@ -1664,7 +2297,23 @@ "stdout": "" } ], - "fetch_result": null, + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-intelligence-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, "head": "37c3ae1945864be8fed0e3dd4c0c560b486fba09", "head_summary": "37c3ae1 chore: limpar lixo operacional regeneravel", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-intelligence-platform.git", @@ -1674,7 +2323,7 @@ "matched_name": "tudo-para-ia-intelligence-platform", "matched_path": "G:\\_codex-git\\tudo-para-ia-intelligence-platform", "nomenclature_note": null, - "observed_at": "2026-05-02T02:38:03+00:00", + "observed_at": "2026-05-02T05:32:24+00:00", "presence": "present_git", "target_name": "tudo-para-ia-intelligence-platform" }, @@ -1690,8 +2339,42 @@ "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-intelligence-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-intelligence-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, "head": "37c3ae1945864be8fed0e3dd4c0c560b486fba09", "head_summary": "37c3ae1 chore: limpar lixo operacional regeneravel", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-intelligence-platform.git", @@ -1701,7 +2384,7 @@ "matched_name": "tudo-para-ia-intelligence-platform", "matched_path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-intelligence-platform", "nomenclature_note": null, - "observed_at": "2026-05-02T02:38:04+00:00", + "observed_at": "2026-05-02T05:32:25+00:00", "presence": "present_git", "target_name": "tudo-para-ia-intelligence-platform" }, @@ -1713,7 +2396,7 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/__gpt-codex", - "observed_at": "2026-05-02T02:38:04+00:00", + "observed_at": "2026-05-02T05:32:25+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-intelligence-platform" }, @@ -1725,7 +2408,7 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/_codex-git", - "observed_at": "2026-05-02T02:38:04+00:00", + "observed_at": "2026-05-02T05:32:25+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-intelligence-platform" } @@ -1747,21 +2430,43 @@ { "actions": [ { - "action_id": "mesh-action-0e884491866e", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" + "action_id": "mesh-action-3f78c9633c6e", + "can_execute_automatically": false, + "command_preview": [], + "destructive": true, + "environment_id": "windows-primary", + "evidence": [ + "M src/mais_humana/generated_mcp_control_contracts.py", + " M src/mais_humana/mcp_contract.py", + " M tests/test_mcp_provider_contract.py", + " M tools/generate_mcp_control_contracts.py" ], + "kind": "block_destructive_sync", + "reason": "working tree sujo; pull/reset/merge/rebase poderiam sobrescrever alteracao valida", + "required_before": [ + "commit ou stash consciente das alteracoes", + "registrar diff resumido", + "decidir precedencia" + ], + "risk": "blocked", + "target_name": "tudo-para-ia-mais-humana-platform" + }, + { + "action_id": "mesh-action-bfd19a507a03", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-primary", "evidence": [ - "cdce7a8b65d26384877de0fe599f603eb39e43e2", - "https://git.ami.app.br/admin/tudo-para-ia-mais-humana.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-mais-humana-platform" }, { @@ -1771,7 +2476,7 @@ "destructive": true, "environment_id": "windows-secondary", "evidence": [ - "ahead=1;behind=11;upstream=origin/main" + "ahead=1;behind=16;upstream=origin/main" ], "kind": "block_destructive_sync", "reason": "branch divergente ahead/behind; reconciliacao automatica poderia escolher versao antiga", @@ -1783,6 +2488,24 @@ "risk": "blocked", "target_name": "tudo-para-ia-mais-humana-platform" }, + { + "action_id": "mesh-action-5deeb419c0c0", + "can_execute_automatically": false, + "command_preview": [], + "destructive": false, + "environment_id": "windows-secondary", + "evidence": [ + "error: cannot open '.git/FETCH_HEAD': Permission denied" + ], + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", + "target_name": "tudo-para-ia-mais-humana-platform" + }, { "action_id": "mesh-action-26c9087acf3e", "can_execute_automatically": false, @@ -1822,10 +2545,10 @@ ], "aligned_hash": null, "credential_error_count": 0, - "destructive_block_count": 1, - "dirty_count": 0, + "destructive_block_count": 2, + "dirty_count": 1, "hash_set": [ - "cdce7a8b65d26384877de0fe599f603eb39e43e2", + "9493926b90d2bb2d7a42cfd65656fe7e3cd43c63", "f9d954deda54309e96214df45a0949f22e8f6b77" ], "missing_count": 2, @@ -1844,6 +2567,23 @@ }, "branch": "main", "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-mais-humana", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, { "argv": [ "git", @@ -1863,17 +2603,38 @@ "stdout": "" } ], - "fetch_result": null, - "head": "cdce7a8b65d26384877de0fe599f603eb39e43e2", - "head_summary": "cdce7a8 auto-sync: tudo-para-ia-mais-humana 2026-05-01 23:21:24", + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-mais-humana", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, + "head": "9493926b90d2bb2d7a42cfd65656fe7e3cd43c63", + "head_summary": "9493926 chore: record round 015 semantic closeout", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-mais-humana.git", - "status_short": [], + "status_short": [ + "M src/mais_humana/generated_mcp_control_contracts.py", + " M src/mais_humana/mcp_contract.py", + " M tests/test_mcp_provider_contract.py", + " M tools/generate_mcp_control_contracts.py" + ], "upstream": null }, "matched_name": "tudo-para-ia-mais-humana", "matched_path": "G:\\_codex-git\\tudo-para-ia-mais-humana", "nomenclature_note": null, - "observed_at": "2026-05-02T02:38:04+00:00", + "observed_at": "2026-05-02T05:32:25+00:00", "presence": "present_git", "target_name": "tudo-para-ia-mais-humana-platform" }, @@ -1884,13 +2645,47 @@ "git_state": { "ahead_behind": { "ahead": 1, - "behind": 11, + "behind": 16, "error": null, "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-mais-humana", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-mais-humana", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, "head": "f9d954deda54309e96214df45a0949f22e8f6b77", "head_summary": "f9d954d Initial commit", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-mais-humana.git", @@ -1900,7 +2695,7 @@ "matched_name": "tudo-para-ia-mais-humana", "matched_path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-mais-humana", "nomenclature_note": null, - "observed_at": "2026-05-02T02:38:05+00:00", + "observed_at": "2026-05-02T05:32:26+00:00", "presence": "present_git", "target_name": "tudo-para-ia-mais-humana-platform" }, @@ -1912,7 +2707,7 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/__gpt-codex", - "observed_at": "2026-05-02T02:38:05+00:00", + "observed_at": "2026-05-02T05:32:26+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-mais-humana-platform" }, @@ -1924,14 +2719,14 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/_codex-git", - "observed_at": "2026-05-02T02:38:05+00:00", + "observed_at": "2026-05-02T05:32:26+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-mais-humana-platform" } ], "remote_mismatch_count": 0, "risk": "blocked", - "summary": "2 hashes distintos; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais; 1 bloqueios contra sync destrutiva", + "summary": "2 hashes distintos; 2 materializacoes ausentes/inacessiveis; 1 worktrees sujos; 2 divergencias nominais; 2 bloqueios contra sync destrutiva", "target": { "aliases": [ "tudo-para-ia-mais-humana-plataform" @@ -1950,39 +2745,39 @@ { "actions": [ { - "action_id": "mesh-action-3ca71e7cd6ac", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-09c924f2d891", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-primary", "evidence": [ - "694c3906aa8811c3733aa43897cbea602ffe525b", - "https://git.ami.app.br/admin/tudo-para-ia-mcps-internos-plataform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-mcps-internos-plataform" }, { - "action_id": "mesh-action-76753a97221b", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-5b157361e3ee", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-secondary", "evidence": [ - "694c3906aa8811c3733aa43897cbea602ffe525b", - "https://git.ami.app.br/admin/tudo-para-ia-mcps-internos-plataform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-mcps-internos-plataform" }, { @@ -2022,12 +2817,12 @@ "target_name": "tudo-para-ia-mcps-internos-plataform" } ], - "aligned_hash": "694c3906aa8811c3733aa43897cbea602ffe525b", + "aligned_hash": "26ddf904aca27526a043634825af07ac85f0a91f", "credential_error_count": 0, "destructive_block_count": 0, "dirty_count": 0, "hash_set": [ - "694c3906aa8811c3733aa43897cbea602ffe525b" + "26ddf904aca27526a043634825af07ac85f0a91f" ], "missing_count": 2, "nominal_mismatch_count": 2, @@ -2044,10 +2839,44 @@ "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, - "head": "694c3906aa8811c3733aa43897cbea602ffe525b", - "head_summary": "694c390 auto-sync: tudo-para-ia-mcps-internos-plataform 2026-05-01 23:33:42", + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-mcps-internos-plataform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-mcps-internos-plataform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, + "head": "26ddf904aca27526a043634825af07ac85f0a91f", + "head_summary": "26ddf90 auto-sync: tudo-para-ia-mcps-internos-plataform 2026-05-02 00:24:09", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-mcps-internos-plataform.git", "status_short": [], "upstream": "origin/main" @@ -2055,7 +2884,7 @@ "matched_name": "tudo-para-ia-mcps-internos-plataform", "matched_path": "G:\\_codex-git\\tudo-para-ia-mcps-internos-plataform", "nomenclature_note": null, - "observed_at": "2026-05-02T02:38:06+00:00", + "observed_at": "2026-05-02T05:32:27+00:00", "presence": "present_git", "target_name": "tudo-para-ia-mcps-internos-plataform" }, @@ -2071,10 +2900,44 @@ "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, - "head": "694c3906aa8811c3733aa43897cbea602ffe525b", - "head_summary": "694c390 auto-sync: tudo-para-ia-mcps-internos-plataform 2026-05-01 23:33:42", + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-mcps-internos-plataform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-mcps-internos-plataform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, + "head": "26ddf904aca27526a043634825af07ac85f0a91f", + "head_summary": "26ddf90 auto-sync: tudo-para-ia-mcps-internos-plataform 2026-05-02 00:24:09", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-mcps-internos-plataform.git", "status_short": [], "upstream": "origin/main" @@ -2082,7 +2945,7 @@ "matched_name": "tudo-para-ia-mcps-internos-plataform", "matched_path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-mcps-internos-plataform", "nomenclature_note": null, - "observed_at": "2026-05-02T02:38:08+00:00", + "observed_at": "2026-05-02T05:32:32+00:00", "presence": "present_git", "target_name": "tudo-para-ia-mcps-internos-plataform" }, @@ -2094,7 +2957,7 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/__gpt-codex", - "observed_at": "2026-05-02T02:38:08+00:00", + "observed_at": "2026-05-02T05:32:32+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-mcps-internos-plataform" }, @@ -2106,14 +2969,14 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/_codex-git", - "observed_at": "2026-05-02T02:38:08+00:00", + "observed_at": "2026-05-02T05:32:32+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-mcps-internos-plataform" } ], "remote_mismatch_count": 0, "risk": "blocked", - "summary": "hash unico 694c3906aa88; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais", + "summary": "hash unico 26ddf904aca2; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais", "target": { "aliases": [], "canonical_name": null, @@ -2128,21 +2991,21 @@ { "actions": [ { - "action_id": "mesh-action-dd0d93d14349", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-e16f250cddb5", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-primary", "evidence": [ - "f87d17cf683222b53fb7a1e6217667d7af35fd45", - "https://git.ami.app.br/admin/tudo-para-ia-platform-base.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-platform-base" }, { @@ -2181,7 +3044,7 @@ "destructive": false, "environment_id": "windows-secondary", "evidence": [ - "ahead=0;behind=9;upstream=origin/main" + "ahead=0;behind=10;upstream=origin/main" ], "kind": "block_destructive_sync", "reason": "ha commits remotos nao aplicados; pull automatico so e seguro com working tree limpo e comparacao de hash", @@ -2193,6 +3056,24 @@ "risk": "blocked", "target_name": "tudo-para-ia-platform-base" }, + { + "action_id": "mesh-action-75f9e9dfb259", + "can_execute_automatically": false, + "command_preview": [], + "destructive": false, + "environment_id": "windows-secondary", + "evidence": [ + "error: cannot open '.git/FETCH_HEAD': Permission denied" + ], + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", + "target_name": "tudo-para-ia-platform-base" + }, { "action_id": "mesh-action-0f86f1adcf16", "can_execute_automatically": false, @@ -2235,7 +3116,7 @@ "destructive_block_count": 2, "dirty_count": 1, "hash_set": [ - "f87d17cf683222b53fb7a1e6217667d7af35fd45", + "c326f6e7014a08ce4d9cbdf20576f8356920f4a1", "4f6e1590ddafd990da4fb07c50e97a545a05aa36" ], "missing_count": 2, @@ -2253,10 +3134,44 @@ "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, - "head": "f87d17cf683222b53fb7a1e6217667d7af35fd45", - "head_summary": "f87d17c auto-sync: tudo-para-ia-platform-base 2026-05-01 23:24:18", + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-platform-base", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-platform-base", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, + "head": "c326f6e7014a08ce4d9cbdf20576f8356920f4a1", + "head_summary": "c326f6e auto-sync: tudo-para-ia-platform-base 2026-05-02 00:09:10", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-platform-base.git", "status_short": [], "upstream": "origin/main" @@ -2264,7 +3179,7 @@ "matched_name": "tudo-para-ia-platform-base", "matched_path": "G:\\_codex-git\\tudo-para-ia-platform-base", "nomenclature_note": null, - "observed_at": "2026-05-02T02:38:09+00:00", + "observed_at": "2026-05-02T05:32:33+00:00", "presence": "present_git", "target_name": "tudo-para-ia-platform-base" }, @@ -2275,13 +3190,47 @@ "git_state": { "ahead_behind": { "ahead": 0, - "behind": 9, + "behind": 10, "error": null, "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-platform-base", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-platform-base", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, "head": "4f6e1590ddafd990da4fb07c50e97a545a05aa36", "head_summary": "4f6e159 chore: materialize platform round", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-platform-base.git", @@ -2448,7 +3397,7 @@ "matched_name": "tudo-para-ia-platform-base", "matched_path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-platform-base", "nomenclature_note": null, - "observed_at": "2026-05-02T02:38:10+00:00", + "observed_at": "2026-05-02T05:32:35+00:00", "presence": "present_git", "target_name": "tudo-para-ia-platform-base" }, @@ -2460,7 +3409,7 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/__gpt-codex", - "observed_at": "2026-05-02T02:38:10+00:00", + "observed_at": "2026-05-02T05:32:35+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-platform-base" }, @@ -2472,7 +3421,7 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/_codex-git", - "observed_at": "2026-05-02T02:38:10+00:00", + "observed_at": "2026-05-02T05:32:35+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-platform-base" } @@ -2494,39 +3443,39 @@ { "actions": [ { - "action_id": "mesh-action-6dd1f81234a2", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-917cb9437e58", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-primary", "evidence": [ - "7980d3de29ab1432feb8b1fdcc6ad3e06dae8825", - "https://git.ami.app.br/admin/tudo-para-ia-public-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-public-platform" }, { - "action_id": "mesh-action-a135683c8f40", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-0dd44b8f05dc", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-secondary", "evidence": [ - "7980d3de29ab1432feb8b1fdcc6ad3e06dae8825", - "https://git.ami.app.br/admin/tudo-para-ia-public-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-public-platform" }, { @@ -2588,8 +3537,42 @@ "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-public-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-public-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, "head": "7980d3de29ab1432feb8b1fdcc6ad3e06dae8825", "head_summary": "7980d3d auto-sync: tudo-para-ia-public-platform 2026-05-01 23:21:36", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-public-platform.git", @@ -2599,7 +3582,7 @@ "matched_name": "tudo-para-ia-public-platform", "matched_path": "G:\\_codex-git\\tudo-para-ia-public-platform", "nomenclature_note": null, - "observed_at": "2026-05-02T02:38:10+00:00", + "observed_at": "2026-05-02T05:32:36+00:00", "presence": "present_git", "target_name": "tudo-para-ia-public-platform" }, @@ -2615,8 +3598,42 @@ "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-public-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-public-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, "head": "7980d3de29ab1432feb8b1fdcc6ad3e06dae8825", "head_summary": "7980d3d auto-sync: tudo-para-ia-public-platform 2026-05-01 23:21:36", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-public-platform.git", @@ -2626,7 +3643,7 @@ "matched_name": "tudo-para-ia-public-platform", "matched_path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-public-platform", "nomenclature_note": null, - "observed_at": "2026-05-02T02:38:11+00:00", + "observed_at": "2026-05-02T05:32:37+00:00", "presence": "present_git", "target_name": "tudo-para-ia-public-platform" }, @@ -2638,7 +3655,7 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/__gpt-codex", - "observed_at": "2026-05-02T02:38:11+00:00", + "observed_at": "2026-05-02T05:32:37+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-public-platform" }, @@ -2650,7 +3667,7 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/_codex-git", - "observed_at": "2026-05-02T02:38:11+00:00", + "observed_at": "2026-05-02T05:32:37+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-public-platform" } @@ -2672,39 +3689,39 @@ { "actions": [ { - "action_id": "mesh-action-ff616d525be0", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-d0bbf9052ed8", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-primary", "evidence": [ - "b83f848f3ef61c83e8abc342066a7cb161b9237c", - "https://git.ami.app.br/admin/tudo-para-ia-stj-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-stj-platform" }, { - "action_id": "mesh-action-9e801c40f5c8", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-2a5a6ae13064", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-secondary", "evidence": [ - "b83f848f3ef61c83e8abc342066a7cb161b9237c", - "https://git.ami.app.br/admin/tudo-para-ia-stj-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-stj-platform" }, { @@ -2766,8 +3783,42 @@ "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-stj-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-stj-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, "head": "b83f848f3ef61c83e8abc342066a7cb161b9237c", "head_summary": "b83f848 auto-sync: tudo-para-ia-stj-platform 2026-05-01 23:24:05", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-stj-platform.git", @@ -2777,7 +3828,7 @@ "matched_name": "tudo-para-ia-stj-platform", "matched_path": "G:\\_codex-git\\tudo-para-ia-stj-platform", "nomenclature_note": null, - "observed_at": "2026-05-02T02:38:13+00:00", + "observed_at": "2026-05-02T05:32:38+00:00", "presence": "present_git", "target_name": "tudo-para-ia-stj-platform" }, @@ -2793,8 +3844,42 @@ "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-stj-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-stj-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, "head": "b83f848f3ef61c83e8abc342066a7cb161b9237c", "head_summary": "b83f848 auto-sync: tudo-para-ia-stj-platform 2026-05-01 23:24:05", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-stj-platform.git", @@ -2804,7 +3889,7 @@ "matched_name": "tudo-para-ia-stj-platform", "matched_path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-stj-platform", "nomenclature_note": null, - "observed_at": "2026-05-02T02:38:14+00:00", + "observed_at": "2026-05-02T05:32:39+00:00", "presence": "present_git", "target_name": "tudo-para-ia-stj-platform" }, @@ -2816,7 +3901,7 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/__gpt-codex", - "observed_at": "2026-05-02T02:38:14+00:00", + "observed_at": "2026-05-02T05:32:39+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-stj-platform" }, @@ -2828,7 +3913,7 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/_codex-git", - "observed_at": "2026-05-02T02:38:14+00:00", + "observed_at": "2026-05-02T05:32:39+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-stj-platform" } @@ -2850,39 +3935,64 @@ { "actions": [ { - "action_id": "mesh-action-61bbdbde877a", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], - "destructive": false, + "action_id": "mesh-action-22557e2b043e", + "can_execute_automatically": false, + "command_preview": [], + "destructive": true, "environment_id": "windows-primary", "evidence": [ - "76c81999d710ab23e438f9017192dd9fd37018af", - "https://git.ami.app.br/admin/tudo-para-ia-ui-platform.git" + "M reports/browser-validations/index.json", + " M reports/latest-mcp-gateway-evidence.json", + " M reports/latest-static-browser-validation.json", + " M reports/latest-unit-tests.json", + " M reports/mcp-gateway-evidence/index.json", + "?? reports/browser-validations/static-browser-validation-20260502053043.json", + "?? reports/mcp-gateway-evidence/mcp-gateway-evidence-20260502053114-483b3a8d.json" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "block_destructive_sync", + "reason": "working tree sujo; pull/reset/merge/rebase poderiam sobrescrever alteracao valida", + "required_before": [ + "commit ou stash consciente das alteracoes", + "registrar diff resumido", + "decidir precedencia" + ], + "risk": "blocked", "target_name": "tudo-para-ia-ui-platform" }, { - "action_id": "mesh-action-f6946d42b041", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" + "action_id": "mesh-action-59ea5ecc1144", + "can_execute_automatically": false, + "command_preview": [], + "destructive": false, + "environment_id": "windows-primary", + "evidence": [ + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", + "target_name": "tudo-para-ia-ui-platform" + }, + { + "action_id": "mesh-action-e130012ee3bd", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-secondary", "evidence": [ - "76c81999d710ab23e438f9017192dd9fd37018af", - "https://git.ami.app.br/admin/tudo-para-ia-ui-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-ui-platform" }, { @@ -2922,12 +4032,12 @@ "target_name": "tudo-para-ia-ui-platform" } ], - "aligned_hash": "76c81999d710ab23e438f9017192dd9fd37018af", + "aligned_hash": "a1e6f07058d82892abbdca8d1f25ce3f0a072e44", "credential_error_count": 0, - "destructive_block_count": 0, - "dirty_count": 0, + "destructive_block_count": 1, + "dirty_count": 1, "hash_set": [ - "76c81999d710ab23e438f9017192dd9fd37018af" + "a1e6f07058d82892abbdca8d1f25ce3f0a072e44" ], "missing_count": 2, "nominal_mismatch_count": 2, @@ -2945,6 +4055,23 @@ }, "branch": "main", "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-ui-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, { "argv": [ "git", @@ -2964,17 +4091,41 @@ "stdout": "" } ], - "fetch_result": null, - "head": "76c81999d710ab23e438f9017192dd9fd37018af", - "head_summary": "76c8199 auto-sync: tudo-para-ia-ui-platform 2026-05-01 23:14:54", + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\_codex-git\\tudo-para-ia-ui-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, + "head": "a1e6f07058d82892abbdca8d1f25ce3f0a072e44", + "head_summary": "a1e6f07 auto-sync: tudo-para-ia-ui-platform 2026-05-02 00:20:00", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-ui-platform.git", - "status_short": [], + "status_short": [ + "M reports/browser-validations/index.json", + " M reports/latest-mcp-gateway-evidence.json", + " M reports/latest-static-browser-validation.json", + " M reports/latest-unit-tests.json", + " M reports/mcp-gateway-evidence/index.json", + "?? reports/browser-validations/static-browser-validation-20260502053043.json", + "?? reports/mcp-gateway-evidence/mcp-gateway-evidence-20260502053114-483b3a8d.json" + ], "upstream": null }, "matched_name": "tudo-para-ia-ui-platform", "matched_path": "G:\\_codex-git\\tudo-para-ia-ui-platform", "nomenclature_note": null, - "observed_at": "2026-05-02T02:38:15+00:00", + "observed_at": "2026-05-02T05:32:40+00:00", "presence": "present_git", "target_name": "tudo-para-ia-ui-platform" }, @@ -2990,10 +4141,44 @@ "upstream": "origin/main" }, "branch": "main", - "command_errors": [], - "fetch_result": null, - "head": "76c81999d710ab23e438f9017192dd9fd37018af", - "head_summary": "76c8199 auto-sync: tudo-para-ia-ui-platform 2026-05-01 23:14:54", + "command_errors": [ + { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-ui-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + } + ], + "fetch_result": { + "argv": [ + "git", + "-c", + "safe.directory=*", + "-C", + "G:\\codex_vm\\_codex-git\\tudo-para-ia-ui-platform", + "fetch", + "--all", + "--prune" + ], + "cwd": null, + "error_kind": "unknown", + "returncode": 255, + "stderr": "error: cannot open '.git/FETCH_HEAD': Permission denied\n", + "stdout": "" + }, + "head": "a1e6f07058d82892abbdca8d1f25ce3f0a072e44", + "head_summary": "a1e6f07 auto-sync: tudo-para-ia-ui-platform 2026-05-02 00:20:00", "remote_origin": "https://git.ami.app.br/admin/tudo-para-ia-ui-platform.git", "status_short": [], "upstream": "origin/main" @@ -3001,7 +4186,7 @@ "matched_name": "tudo-para-ia-ui-platform", "matched_path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-ui-platform", "nomenclature_note": null, - "observed_at": "2026-05-02T02:38:16+00:00", + "observed_at": "2026-05-02T05:32:42+00:00", "presence": "present_git", "target_name": "tudo-para-ia-ui-platform" }, @@ -3013,7 +4198,7 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/__gpt-codex", - "observed_at": "2026-05-02T02:38:16+00:00", + "observed_at": "2026-05-02T05:32:42+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-ui-platform" }, @@ -3025,14 +4210,14 @@ "matched_name": null, "matched_path": null, "nomenclature_note": "ambiente nao acessivel a partir desta sessao: /root/_codex-git", - "observed_at": "2026-05-02T02:38:16+00:00", + "observed_at": "2026-05-02T05:32:42+00:00", "presence": "unreachable_environment", "target_name": "tudo-para-ia-ui-platform" } ], "remote_mismatch_count": 0, "risk": "blocked", - "summary": "hash unico 76c81999d710; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais", + "summary": "hash unico a1e6f07058d8; 2 materializacoes ausentes/inacessiveis; 1 worktrees sujos; 2 divergencias nominais; 1 bloqueios contra sync destrutiva", "target": { "aliases": [], "canonical_name": null, diff --git a/dados/repository-mesh-orders.json b/dados/repository-mesh-orders.json index d0b57de..b383007 100644 --- a/dados/repository-mesh-orders.json +++ b/dados/repository-mesh-orders.json @@ -1,43 +1,43 @@ { - "generatedAt": "2026-05-02T02:38:16+00:00", - "reportId": "repository-mesh-01dbdab36e20", + "generatedAt": "2026-05-02T05:32:42+00:00", + "reportId": "repository-mesh-28c1ea98b122", "repositories": [ { "actions": [ { - "action_id": "mesh-action-e38f76b77b81", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-61bb08f62bc5", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-primary", "evidence": [ - "bb1cec9a273a3c64023a6e7554e33a31bd7a8015", - "https://git.ami.app.br/admin/tudo-para-ia-business-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-business-platform" }, { - "action_id": "mesh-action-63be244a7eff", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-a6131408e2be", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-secondary", "evidence": [ - "bb1cec9a273a3c64023a6e7554e33a31bd7a8015", - "https://git.ami.app.br/admin/tudo-para-ia-business-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-business-platform" }, { @@ -77,7 +77,18 @@ "target_name": "tudo-para-ia-business-platform" } ], - "activeOrders": [], + "activeOrders": [ + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\01_repo_tudo-para-ia-business-platform\\orders\\executivas\\0066_EXECUTIVA__executar-health-live-mcp-gateway-business-via-wrangler.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\01_repo_tudo-para-ia-business-platform\\orders\\executivas\\0067_EXECUTIVA__executar-identity-write-com-approvalid-e-readback-transit.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\01_repo_tudo-para-ia-business-platform\\orders\\executivas\\0068_EXECUTIVA__obter-finance-receipt-ledger-e-smoke-controlado.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\01_repo_tudo-para-ia-business-platform\\orders\\executivas\\0069_EXECUTIVA__sincronizar-remotos-business-mcps-central-com-credenciais-schannel.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\01_repo_tudo-para-ia-business-platform\\orders\\executivas\\0070_EXECUTIVA__fechar-typecheck-mcps-sem-debito-docs-smokecases.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\01_repo_tudo-para-ia-business-platform\\orders\\gerenciais\\0061_GERENCIAL__homologar-runner-wrangler-node-npm-sem-spawn-eperm.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\01_repo_tudo-para-ia-business-platform\\orders\\gerenciais\\0062_GERENCIAL__pactuar-contrato-docs-smokecases-para-typecheck-ecossistema.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\01_repo_tudo-para-ia-business-platform\\orders\\gerenciais\\0063_GERENCIAL__governar-readiness-round-0061-0065-como-gate-business-mcps.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\01_repo_tudo-para-ia-business-platform\\orders\\gerenciais\\0064_GERENCIAL__definir-politica-sync-auto-sync-e-commits-multi-repo.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\01_repo_tudo-para-ia-business-platform\\orders\\gerenciais\\0065_GERENCIAL__aprovar-protocolo-identity-finance-com-owners-e-recibos.md" + ], "centralFolder": "01_repo_tudo-para-ia-business-platform", "declaredName": "tudo-para-ia-business-platform", "expectedLocalName": "tudo-para-ia-business-platform", @@ -86,39 +97,39 @@ { "actions": [ { - "action_id": "mesh-action-8374a60fd4d0", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-cf83302e51c3", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-primary", "evidence": [ - "a97cd9a1103e336b14d52570788095cfaea71394", - "https://git.ami.app.br/admin/tudo-para-ia-compliance-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-compliance-platform" }, { - "action_id": "mesh-action-af3c932ce656", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-89d16c6d68ae", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-secondary", "evidence": [ - "a97cd9a1103e336b14d52570788095cfaea71394", - "https://git.ami.app.br/admin/tudo-para-ia-compliance-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-compliance-platform" }, { @@ -158,7 +169,18 @@ "target_name": "tudo-para-ia-compliance-platform" } ], - "activeOrders": [], + "activeOrders": [ + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\02_repo_tudo-para-ia-compliance-platform\\orders\\executivas\\0027_EXECUTIVA__executar-deploy-wrangler-em-runner-homologado.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\02_repo_tudo-para-ia-compliance-platform\\orders\\executivas\\0028_EXECUTIVA__conectar-identity-business-oficial-live.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\02_repo_tudo-para-ia-compliance-platform\\orders\\executivas\\0029_EXECUTIVA__provar-consumo-ui-governance-live-same-source.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\02_repo_tudo-para-ia-compliance-platform\\orders\\executivas\\0030_EXECUTIVA__publicar-release-gate-em-ci-com-custodia.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\02_repo_tudo-para-ia-compliance-platform\\orders\\executivas\\0031_EXECUTIVA__operacionalizar-retencao-legal-hold-e-descarte-aprovado.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\02_repo_tudo-para-ia-compliance-platform\\orders\\gerenciais\\0021_GERENCIAL__homologar-runner-cloudflare-workers-compliance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\02_repo_tudo-para-ia-compliance-platform\\orders\\gerenciais\\0022_GERENCIAL__pactuar-cutover-identity-business-live-compliance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\02_repo_tudo-para-ia-compliance-platform\\orders\\gerenciais\\0023_GERENCIAL__aprovar-politica-retencao-legal-hold-r2-d1.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\02_repo_tudo-para-ia-compliance-platform\\orders\\gerenciais\\0024_GERENCIAL__governar-consumidores-ui-docs-customer-ops.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\02_repo_tudo-para-ia-compliance-platform\\orders\\gerenciais\\0025_GERENCIAL__aprovar-slo-custo-roadmap-tenant-compliance.md" + ], "centralFolder": "02_repo_tudo-para-ia-compliance-platform", "declaredName": "tudo-para-ia-compliance-platform", "expectedLocalName": "tudo-para-ia-compliance-platform", @@ -167,39 +189,39 @@ { "actions": [ { - "action_id": "mesh-action-4b3ec70981ea", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-9c34fd44f893", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-primary", "evidence": [ - "bf45665a80ffd63b0ddb5608a49007429c140a39", - "https://git.ami.app.br/admin/tudo-para-ia-customer-ops-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-customer-ops-platform" }, { - "action_id": "mesh-action-9abead089781", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-e09246d00bf7", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-secondary", "evidence": [ - "bf45665a80ffd63b0ddb5608a49007429c140a39", - "https://git.ami.app.br/admin/tudo-para-ia-customer-ops-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-customer-ops-platform" }, { @@ -239,7 +261,18 @@ "target_name": "tudo-para-ia-customer-ops-platform" } ], - "activeOrders": [], + "activeOrders": [ + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\03_repo_tudo-para-ia-customer-ops-platform\\orders\\executivas\\0041_EXECUTIVA__executar-dryrun-deploy-em-runner-spawn-liberado-com-hash.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\03_repo_tudo-para-ia-customer-ops-platform\\orders\\executivas\\0042_EXECUTIVA__registrar-catalogo-v5-no-mcp-central-com-endpoint-autenticado.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\03_repo_tudo-para-ia-customer-ops-platform\\orders\\executivas\\0043_EXECUTIVA__validar-business-identity-canonicos-com-live-required.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\03_repo_tudo-para-ia-customer-ops-platform\\orders\\executivas\\0044_EXECUTIVA__executar-expurgo-live-com-confirmacao-operador-e-readback.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\03_repo_tudo-para-ia-customer-ops-platform\\orders\\executivas\\0045_EXECUTIVA__validar-health-profile-catalogo-worker-publicado.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\03_repo_tudo-para-ia-customer-ops-platform\\orders\\gerenciais\\0031_GERENCIAL__homologar-runner-wrangler-deploy-com-esbuild-workerd.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\03_repo_tudo-para-ia-customer-ops-platform\\orders\\gerenciais\\0032_GERENCIAL__governar-catalogo-v5-mcp-central-com-rollback.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\03_repo_tudo-para-ia-customer-ops-platform\\orders\\gerenciais\\0033_GERENCIAL__pactuar-matriz-canonica-business-identity-sem-fixture.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\03_repo_tudo-para-ia-customer-ops-platform\\orders\\gerenciais\\0034_GERENCIAL__formalizar-aceite-expurgo-live-com-cadeia-custodia.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\03_repo_tudo-para-ia-customer-ops-platform\\orders\\gerenciais\\0035_GERENCIAL__publicar-politica-evidencia-http-externa-sanitizada.md" + ], "centralFolder": "03_repo_tudo-para-ia-customer-ops-platform", "declaredName": "tudo-para-ia-customer-ops-platform", "expectedLocalName": "tudo-para-ia-customer-ops-platform", @@ -248,39 +281,39 @@ { "actions": [ { - "action_id": "mesh-action-5880bb6552f2", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-604e958b1ab4", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-primary", "evidence": [ - "e7330785b3b792c8401bfec9ae46c146f1231155", - "https://git.ami.app.br/admin/tudo-para-ia-docs-plataform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-docs-plataform" }, { - "action_id": "mesh-action-080ca079b879", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-c22d79c0aa76", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-secondary", "evidence": [ - "e7330785b3b792c8401bfec9ae46c146f1231155", - "https://git.ami.app.br/admin/tudo-para-ia-docs-plataform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-docs-plataform" }, { @@ -320,7 +353,18 @@ "target_name": "tudo-para-ia-docs-plataform" } ], - "activeOrders": [], + "activeOrders": [ + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\04_repo_tudo-para-ia-docs-plataform\\orders\\executivas\\0074_EXECUTIVA__executar-deploy-docs-documentation-quality-gates-em-worker.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\04_repo_tudo-para-ia-docs-plataform\\orders\\executivas\\0075_EXECUTIVA__registrar-docs-ecosystem-documentation-quality-gates-no-mcps-internos.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\04_repo_tudo-para-ia-docs-plataform\\orders\\executivas\\0076_EXECUTIVA__rodar-smoke-remoto-quality-gates-pos-deploy-e-registro.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\04_repo_tudo-para-ia-docs-plataform\\orders\\executivas\\0077_EXECUTIVA__publicar-evidence-pack-quality-gates-em-destino-institucional.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\04_repo_tudo-para-ia-docs-plataform\\orders\\executivas\\0078_EXECUTIVA__reconciliar-push-docs-e-central-quality-gates.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\04_repo_tudo-para-ia-docs-plataform\\orders\\gerenciais\\0071_GERENCIAL__homologar-quality-gates-documentais-como-release-gate-docs.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\04_repo_tudo-para-ia-docs-plataform\\orders\\gerenciais\\0072_GERENCIAL__governar-fila-release-blocked-documental.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\04_repo_tudo-para-ia-docs-plataform\\orders\\gerenciais\\0073_GERENCIAL__pactuar-promocao-docs-ecosystem-tools-response-ready-no-mcp.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\04_repo_tudo-para-ia-docs-plataform\\orders\\gerenciais\\0074_GERENCIAL__homologar-cadencia-deploy-manual-docs-quality-gates.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\04_repo_tudo-para-ia-docs-plataform\\orders\\gerenciais\\0075_GERENCIAL__governar-artefatos-typescript-gerados-quality-gates.md" + ], "centralFolder": "04_repo_tudo-para-ia-docs-plataform", "declaredName": "tudo-para-ia-docs-plataform", "expectedLocalName": "tudo-para-ia-docs-plataform", @@ -348,21 +392,39 @@ "target_name": "tudo-para-ia-finance-platform" }, { - "action_id": "mesh-action-413d08f8b1e0", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" + "action_id": "mesh-action-9acb48b0d9c1", + "can_execute_automatically": false, + "command_preview": [], + "destructive": false, + "environment_id": "windows-primary", + "evidence": [ + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", + "target_name": "tudo-para-ia-finance-platform" + }, + { + "action_id": "mesh-action-1f40560bc8ae", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-secondary", "evidence": [ - "af42e69e75fa557d1cb646f18b9c20593854cd96", - "https://git.ami.app.br/admin/tudo-para-ia-finance-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-finance-platform" }, { @@ -402,7 +464,92 @@ "target_name": "tudo-para-ia-finance-platform" } ], - "activeOrders": [], + "activeOrders": [ + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0001_EXECUTIVA__persistencia-d1-do-ledger-financeiro.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0002_EXECUTIVA__alinhar-contrato-finance-mcp-interno.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0003_EXECUTIVA__provisionar-recursos-cloudflare-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0004_EXECUTIVA__aplicar-schema-d1-real-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0005_EXECUTIVA__publicar-smoke-cloudflare-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0006_EXECUTIVA__definir-eventos-financeiros-canonicos.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0007_EXECUTIVA__integrar-evidencias-finance-d1-kv-r2.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0008_EXECUTIVA__criar-consumer-finance-events.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0009_EXECUTIVA__integrar-eventos-business-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0010_EXECUTIVA__integrar-pagamentos-integracoes-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0011_EXECUTIVA__expor-consulta-evidencias-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0012_EXECUTIVA__automatizar-smoke-publico-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0013_EXECUTIVA__endurecer-consumer-finance-events-dlq-retry.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0014_EXECUTIVA__publicar-produtor-business-revenue-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0015_EXECUTIVA__publicar-produtores-integracoes-payment-cost-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0016_EXECUTIVA__criar-painel-operacional-evidencias-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0017_EXECUTIVA__endurecer-autorizacao-evidence-tools-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0018_EXECUTIVA__validar-publicacao-real-business-revenue-com-plugin-cloudflare.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0019_EXECUTIVA__validar-publicacao-real-integracoes-payment-cost-com-plugin-cloudflare.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0020_EXECUTIVA__automatizar-alertas-operacionais-dlq-replay-e-evidencia.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0021_EXECUTIVA__executar-replay-controlado-real-com-falha-de-homologacao.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0022_EXECUTIVA__integrar-painel-finance-a-ui-platform-admin.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0023_EXECUTIVA__reatestar-plugin-cloudflare-publicacao-business-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0024_EXECUTIVA__reatestar-plugin-cloudflare-publicacao-integracoes-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0025_EXECUTIVA__persistir-alertas-operacionais-em-d1-e-customer-ops.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0026_EXECUTIVA__consumir-contrato-finance-ui-admin-em-ui-platform.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0027_EXECUTIVA__automatizar-replay-homologado-com-approval-real.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0028_EXECUTIVA__liberar-ambiente-wrangler-e-publicar-schema-worker-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0029_EXECUTIVA__validar-endpoints-finance-remotos-pos-deploy.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0030_EXECUTIVA__executar-validacao-live-business-integracoes-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0031_EXECUTIVA__promover-ui-finance-admin-com-endpoint-autenticado.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0032_EXECUTIVA__expandir-operacao-customer-ops-monitor-replay-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0033_EXECUTIVA__executar-d1-e-deploy-finance-em-host-com-spawn-liberado.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0034_EXECUTIVA__validar-endpoints-recorrencia-e-customerops-remotos.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0035_EXECUTIVA__ativar-agendamento-recorrente-finance-worker.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0036_EXECUTIVA__promover-contrato-tools-finance-52-para-mcp-central-ui-docs.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0037_EXECUTIVA__homologar-live-business-integracoes-replay-pos-deploy.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0038_EXECUTIVA__publicar_finance_worker_contrato_56_tools_pos_deploy_manual.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0039_EXECUTIVA__revalidar_finance_mcp_remote_validation_live.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0040_EXECUTIVA__homologar_live_business_integracoes_finance_sem_simulation.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0041_EXECUTIVA__promover_contrato_finance_56_tools_para_ui_docs.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\executivas\\0042_EXECUTIVA__coletar_aceite_customerops_finance_monitor_replay.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0001_GERENCIAL__governanca-finance-entre-business-integracoes-docs-e-mcp.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0002_GERENCIAL__roteiro-cloudflare-real-e-docs-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0003_GERENCIAL__promocao-docs-finance-cloudflare-operacional.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0004_GERENCIAL__matriz-maturidade-finance-cross-platform.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0005_GERENCIAL__quality-gates-finance-producao.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0006_GERENCIAL__observabilidade-custos-uso-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0007_GERENCIAL__versionamento-contratos-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0008_GERENCIAL__operacao-finance-cloudflare-pos-publicacao.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0009_GERENCIAL__governanca-eventos-finance-cross-platform.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0010_GERENCIAL__observabilidade-finance-pos-producao.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0011_GERENCIAL__release-rollback-finance-worker.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0012_GERENCIAL__custos-margem-produtos-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0013_GERENCIAL__slo-sla-finance-cloudflare-operacional.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0014_GERENCIAL__politica-retencao-evidencias-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0015_GERENCIAL__governanca-custos-cloudflare-queues-d1-r2.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0016_GERENCIAL__arquitetura-integracao-finance-business-integracoes-prod.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0017_GERENCIAL__hardening-seguranca-evidencias-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0018_GERENCIAL__decisao-operacional-cloudflare-plugin-vs-deploy-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0019_GERENCIAL__governanca-release-cross-platform-business-integracoes-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0020_GERENCIAL__politica-de-evidencia-e-retencao-operacionalizada-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0021_GERENCIAL__scorecard-slo-sla-e-custo-margem-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0022_GERENCIAL__auditoria-de-credenciais-e-escopos-finance-mcp.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0023_GERENCIAL__politica-credencial-cloudflare-plugin-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0024_GERENCIAL__governanca-alertas-customer-ops-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0025_GERENCIAL__aceite-ui-admin-finance-same-source.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0026_GERENCIAL__retencao-alertas-scorecard-evidencias-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0027_GERENCIAL__roadmap-finance-venda-controlada-pos-plugin.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0028_GERENCIAL__politica-wrangler-primeiro-plugin-auxiliar-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0029_GERENCIAL__governanca-ambiente-codex-windows-wrangler-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0030_GERENCIAL__aceite-cross-platform-live-business-integracoes-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0031_GERENCIAL__governanca-ui-admin-finance-same-source.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0032_GERENCIAL__maturidade-venda-controlada-finance-pos-deploy.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0033_GERENCIAL__governanca-host-wrangler-sem-spawn-eperm-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0034_GERENCIAL__politica-endpoints-recorrentes-finance-customerops.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0035_GERENCIAL__aceite-mcp-central-ui-docs-contrato-finance-52-tools.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0036_GERENCIAL__governanca-scheduler-replay-customerops-finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0037_GERENCIAL__maturidade-venda-controlada-finance-live-pos-deploy.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0038_GERENCIAL__governar_transicao_finance_52_54_para_56_tools.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0039_GERENCIAL__formalizar_estado_control_plane_simulated_finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0040_GERENCIAL__aprovar_gate_live_business_integracoes_finance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0041_GERENCIAL__governar_aceite_ui_docs_finance_por_source_hash.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\05_repo_tudo-para-ia-finance-platform\\orders\\gerenciais\\0042_GERENCIAL__definir_sla_venda_controlada_finance_pos_live.md" + ], "centralFolder": "05_repo_tudo-para-ia-finance-platform", "declaredName": "tudo-para-ia-finance-platform", "expectedLocalName": "tudo-para-ia-finance-platform", @@ -411,39 +558,39 @@ { "actions": [ { - "action_id": "mesh-action-789e9b017369", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-8a4690c9c29d", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-primary", "evidence": [ - "d116fb397d34068883f78e7508aedb97b0fa7eab", - "https://git.ami.app.br/admin/tudo-para-ia-gettys-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-gettys-platform" }, { - "action_id": "mesh-action-32ab51a5fbcf", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-5850fef3cb38", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-secondary", "evidence": [ - "d116fb397d34068883f78e7508aedb97b0fa7eab", - "https://git.ami.app.br/admin/tudo-para-ia-gettys-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-gettys-platform" }, { @@ -483,7 +630,28 @@ "target_name": "tudo-para-ia-gettys-platform" } ], - "activeOrders": [], + "activeOrders": [ + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\06_repo_tudo-para-ia-gettys-platform\\orders\\executivas\\0051_EXECUTIVA__publicar_worker_gettys_v05_com_wrangler_e_validar_admin_status.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\06_repo_tudo-para-ia-gettys-platform\\orders\\executivas\\0052_EXECUTIVA__rodar_regressao_protegida_gettys_com_refs_readonly_internal_pos_deploy.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\06_repo_tudo-para-ia-gettys-platform\\orders\\executivas\\0053_EXECUTIVA__aplicar_provider_gettys_no_mcp_central_apos_admin_status_remoto.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\06_repo_tudo-para-ia-gettys-platform\\orders\\executivas\\0054_EXECUTIVA__publicar_docs_gettys_index_ou_ratificar_catalogonly_com_drift_resolvido.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\06_repo_tudo-para-ia-gettys-platform\\orders\\executivas\\0055_EXECUTIVA__executar_customer_ops_runtime_real_com_admin_status_v05_e_ticketref.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\06_repo_tudo-para-ia-gettys-platform\\orders\\executivas\\0056_EXECUTIVA__publicar_gettys_mcp_remote_validation_pos_deploy_manual.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\06_repo_tudo-para-ia-gettys-platform\\orders\\executivas\\0057_EXECUTIVA__revalidar_gettys_health_openapi_mcp_remote_validation_live.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\06_repo_tudo-para-ia-gettys-platform\\orders\\executivas\\0058_EXECUTIVA__confirmar_admin_status_gettys_com_chave_e_readback.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\06_repo_tudo-para-ia-gettys-platform\\orders\\executivas\\0059_EXECUTIVA__promover_gettys_remote_validation_para_ui_docs_customerops.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\06_repo_tudo-para-ia-gettys-platform\\orders\\executivas\\0060_EXECUTIVA__coletar_aceite_gettys_por_source_hash_remoto.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\06_repo_tudo-para-ia-gettys-platform\\orders\\gerenciais\\0046_GERENCIAL__governar_drift_contrato_remoto_gettys_v02_para_v05.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\06_repo_tudo-para-ia-gettys-platform\\orders\\gerenciais\\0047_GERENCIAL__aprovar_release_window_wrangler_gettys_com_drift_gate.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\06_repo_tudo-para-ia-gettys-platform\\orders\\gerenciais\\0048_GERENCIAL__pactuar_mcp_ui_same_source_gettys_somente_com_admin_status_remoto.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\06_repo_tudo-para-ia-gettys-platform\\orders\\gerenciais\\0049_GERENCIAL__governar_docs_customer_ops_e_slo_apos_contrato_remoto_reconciliado.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\06_repo_tudo-para-ia-gettys-platform\\orders\\gerenciais\\0050_GERENCIAL__definir_cadencia_de_evidencias_live_gettys_sem_expor_segredos.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\06_repo_tudo-para-ia-gettys-platform\\orders\\gerenciais\\0051_GERENCIAL__governar_estado_gettys_worker_ok_mcp_simulated.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\06_repo_tudo-para-ia-gettys-platform\\orders\\gerenciais\\0052_GERENCIAL__aprovar_gate_gettys_openapi_v05_remote_validation.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\06_repo_tudo-para-ia-gettys-platform\\orders\\gerenciais\\0053_GERENCIAL__formalizar_cadencia_evidencias_live_gettys.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\06_repo_tudo-para-ia-gettys-platform\\orders\\gerenciais\\0054_GERENCIAL__governar_aceite_ui_docs_customerops_gettys_por_hash.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\06_repo_tudo-para-ia-gettys-platform\\orders\\gerenciais\\0055_GERENCIAL__alinhar_gettys_na_matriz_router007_cross_platform.md" + ], "centralFolder": "06_repo_tudo-para-ia-gettys-platform", "declaredName": "tudo-para-ia-gettys-platform", "expectedLocalName": "tudo-para-ia-gettys-platform", @@ -512,21 +680,39 @@ "target_name": "tudo-para-ia-identity-platform" }, { - "action_id": "mesh-action-741e3c31e3e1", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" + "action_id": "mesh-action-bf839e1eb7da", + "can_execute_automatically": false, + "command_preview": [], + "destructive": false, + "environment_id": "windows-primary", + "evidence": [ + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", + "target_name": "tudo-para-ia-identity-platform" + }, + { + "action_id": "mesh-action-ddc7a0df464a", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-secondary", "evidence": [ - "5d47be0be72a335d59be91c6dc36756e20355847", - "https://git.ami.app.br/admin/tudo-para-ia-identity-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-identity-platform" }, { @@ -566,7 +752,38 @@ "target_name": "tudo-para-ia-identity-platform" } ], - "activeOrders": [], + "activeOrders": [ + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\executivas\\0061_EXECUTIVA__publicar-deploy-nobundle-em-runner-wrangler-sem-spawn-eperm.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\executivas\\0062_EXECUTIVA__validar-openapi-auth-policy-governance-order-control-remoto.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\executivas\\0063_EXECUTIVA__gerar-snapshots-d1-governance-order-control-com-readback.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\executivas\\0064_EXECUTIVA__homologar-consumidores-mcp-ui-docs-gpt-por-hash-remoto.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\executivas\\0065_EXECUTIVA__fechar-retencao-24h-com-duas-janelas-reais.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\executivas\\0066_EXECUTIVA__publicar-identity-e-mcps-internos-com-wrangler-runner-sem-eperm.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\executivas\\0067_EXECUTIVA__validar-gateway-mcp-remoto-com-tools-identity-publicadas.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\executivas\\0068_EXECUTIVA__gerar-readback-d1-governance-order-control-access-assurance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\executivas\\0069_EXECUTIVA__coletar-aceite-consumidores-por-hash-remoto-identity.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\executivas\\0070_EXECUTIVA__fechar-retencao-24h-identity-com-duas-janelas-d1.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\executivas\\0071_EXECUTIVA__publicar_rota_identity_mcp_remote_validation_pos_deploy_manual.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\executivas\\0072_EXECUTIVA__configurar_segredo_upstream_identity_access_assurance_no_mcp.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\executivas\\0073_EXECUTIVA__revalidar_gateway_mcp_identity_remote_validation_live.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\executivas\\0074_EXECUTIVA__gerar_readback_d1_identity_remote_validation_access_assurance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\executivas\\0075_EXECUTIVA__coletar_aceite_consumidores_identity_por_source_hash_remoto.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\gerenciais\\0056_GERENCIAL__homologar-runner-oficial-wrangler-node-sem-eperm.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\gerenciais\\0057_GERENCIAL__aprovar-release-probe-como-gate-institucional.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\gerenciais\\0058_GERENCIAL__pactuar-aceite-consumidores-identity-por-hash-remoto.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\gerenciais\\0059_GERENCIAL__formalizar-sla-identity-business-customer-ops-pos-deploy.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\gerenciais\\0060_GERENCIAL__governar-metas-de-linhas-por-escopo-material.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\gerenciais\\0061_GERENCIAL__homologar-runner-cloudflare-wrangler-sem-wrapper-eperm.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\gerenciais\\0062_GERENCIAL__governar-publicacao-mcp-identity-same-source.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\gerenciais\\0063_GERENCIAL__aprovar-contrato-access-assurance-com-consumidores.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\gerenciais\\0064_GERENCIAL__formalizar-sla-identity-mcps-business-customer-ops.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\gerenciais\\0065_GERENCIAL__governar-limite-producao-linhas-sem-enchimento.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\gerenciais\\0066_GERENCIAL__governar_estado_publicado_parcial_identity_mcp.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\gerenciais\\0067_GERENCIAL__aprovar_rotacao_segredo_identity_mcp_access_assurance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\gerenciais\\0068_GERENCIAL__formalizar_gate_hash_remoto_identity_para_ui_docs_customerops.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\gerenciais\\0069_GERENCIAL__governar_matriz_router007_identity_finance_gettys.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\07_repo_tudo-para-ia-identity-platform\\orders\\gerenciais\\0070_GERENCIAL__definir_sla_readback_d1_identity_pos_deploy.md" + ], "centralFolder": "07_repo_tudo-para-ia-identity-platform", "declaredName": "tudo-para-ia-identity-platform", "expectedLocalName": "tudo-para-ia-identity-platform", @@ -634,6 +851,24 @@ "risk": "blocked", "target_name": "tudo-para-ia-integracoes-platform" }, + { + "action_id": "mesh-action-9d7038836e52", + "can_execute_automatically": false, + "command_preview": [], + "destructive": false, + "environment_id": "windows-primary", + "evidence": [ + "error: cannot open '.git/FETCH_HEAD': Permission denied" + ], + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", + "target_name": "tudo-para-ia-integracoes-platform" + }, { "action_id": "mesh-action-c9373212b179", "can_execute_automatically": true, @@ -678,6 +913,24 @@ "risk": "attention", "target_name": "tudo-para-ia-integracoes-platform" }, + { + "action_id": "mesh-action-a26163e6be59", + "can_execute_automatically": false, + "command_preview": [], + "destructive": false, + "environment_id": "windows-secondary", + "evidence": [ + "error: cannot open '.git/FETCH_HEAD': Permission denied" + ], + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", + "target_name": "tudo-para-ia-integracoes-platform" + }, { "action_id": "mesh-action-3db4026be62c", "can_execute_automatically": false, @@ -715,7 +968,18 @@ "target_name": "tudo-para-ia-integracoes-platform" } ], - "activeOrders": [], + "activeOrders": [ + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\08_repo_tudo-para-ia-integracoes-plataform\\orders\\executivas\\0046_EXECUTIVA__executar-ci-node24-round12-com-artifact-sourcehash.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\08_repo_tudo-para-ia-integracoes-plataform\\orders\\executivas\\0047_EXECUTIVA__publicar-preview-admin-round12-samesource-com-wrangler.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\08_repo_tudo-para-ia-integracoes-plataform\\orders\\executivas\\0048_EXECUTIVA__provisionar-evidence-store-r2-d1-para-round12-mcp-transit.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\08_repo_tudo-para-ia-integracoes-plataform\\orders\\executivas\\0049_EXECUTIVA__validar-endpoints-gpt-admin-round12-via-mcps-gateway-e-worker.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\08_repo_tudo-para-ia-integracoes-plataform\\orders\\executivas\\0050_EXECUTIVA__homologar-whatsapp-pilot-payload-live-com-connector-consent-ticket.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\08_repo_tudo-para-ia-integracoes-plataform\\orders\\gerenciais\\0041_GERENCIAL__institucionalizar-mcp-transit-control-plane-com-auditoria.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\08_repo_tudo-para-ia-integracoes-plataform\\orders\\gerenciais\\0042_GERENCIAL__aprovar-politica-worker-admin-round12-preview-rollback.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\08_repo_tudo-para-ia-integracoes-plataform\\orders\\gerenciais\\0043_GERENCIAL__definir-store-evidencias-r2-d1-legalhold-e-retencao-round12.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\08_repo_tudo-para-ia-integracoes-plataform\\orders\\gerenciais\\0044_GERENCIAL__firmar-contrato-business-identity-customerops-whatsapp-piloto.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\08_repo_tudo-para-ia-integracoes-plataform\\orders\\gerenciais\\0045_GERENCIAL__governar-runner-node24-artifacts-sourcehash-e-wrangler.md" + ], "centralFolder": "08_repo_tudo-para-ia-integracoes-plataform", "declaredName": "tudo-para-ia-integracoes-platform", "expectedLocalName": "tudo-para-ia-integracoes-platform", @@ -724,39 +988,39 @@ { "actions": [ { - "action_id": "mesh-action-4a98dea693b0", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-93207ce20f3a", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-primary", "evidence": [ - "37c3ae1945864be8fed0e3dd4c0c560b486fba09", - "https://git.ami.app.br/admin/tudo-para-ia-intelligence-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-intelligence-platform" }, { - "action_id": "mesh-action-6e5402580b0f", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-735158c04761", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-secondary", "evidence": [ - "37c3ae1945864be8fed0e3dd4c0c560b486fba09", - "https://git.ami.app.br/admin/tudo-para-ia-intelligence-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-intelligence-platform" }, { @@ -796,7 +1060,18 @@ "target_name": "tudo-para-ia-intelligence-platform" } ], - "activeOrders": [], + "activeOrders": [ + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\09_repo_tudo-para-ia-intelligence-platform\\orders\\executivas\\0052_EXECUTIVA__executar-wrangler-deploy-e-r2-em-runner-spawn-permitido.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\09_repo_tudo-para-ia-intelligence-platform\\orders\\executivas\\0053_EXECUTIVA__registrar-intelligence-runtime-minimo-no-mcp-apos-url-publica.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\09_repo_tudo-para-ia-intelligence-platform\\orders\\executivas\\0054_EXECUTIVA__executar-owner-gates-live-identity-business-docs-compliance.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\09_repo_tudo-para-ia-intelligence-platform\\orders\\executivas\\0055_EXECUTIVA__persistir-admin-same-source-em-d1-kv-r2-e-comparar-hashes.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\09_repo_tudo-para-ia-intelligence-platform\\orders\\executivas\\0056_EXECUTIVA__sincronizar-commits-e-push-com-pathspec-validado.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\09_repo_tudo-para-ia-intelligence-platform\\orders\\gerenciais\\0047_GERENCIAL__homologar-runner-cloudflare-oficial-intelligence.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\09_repo_tudo-para-ia-intelligence-platform\\orders\\gerenciais\\0048_GERENCIAL__aprovar-retencao-admin-same-source-compliance-com-r2.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\09_repo_tudo-para-ia-intelligence-platform\\orders\\gerenciais\\0049_GERENCIAL__pactuar-mcp-runtime-minimum-com-docs-e-ui.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\09_repo_tudo-para-ia-intelligence-platform\\orders\\gerenciais\\0050_GERENCIAL__separar-readiness-tecnica-comercial-e-governanca.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\09_repo_tudo-para-ia-intelligence-platform\\orders\\gerenciais\\0051_GERENCIAL__governar-sincronizacao-central-com-worktree-multi-plataforma.md" + ], "centralFolder": "09_repo_tudo-para-ia-intelligence-platform", "declaredName": "tudo-para-ia-intelligence-platform", "expectedLocalName": "tudo-para-ia-intelligence-platform", @@ -805,21 +1080,43 @@ { "actions": [ { - "action_id": "mesh-action-0e884491866e", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" + "action_id": "mesh-action-3f78c9633c6e", + "can_execute_automatically": false, + "command_preview": [], + "destructive": true, + "environment_id": "windows-primary", + "evidence": [ + "M src/mais_humana/generated_mcp_control_contracts.py", + " M src/mais_humana/mcp_contract.py", + " M tests/test_mcp_provider_contract.py", + " M tools/generate_mcp_control_contracts.py" ], + "kind": "block_destructive_sync", + "reason": "working tree sujo; pull/reset/merge/rebase poderiam sobrescrever alteracao valida", + "required_before": [ + "commit ou stash consciente das alteracoes", + "registrar diff resumido", + "decidir precedencia" + ], + "risk": "blocked", + "target_name": "tudo-para-ia-mais-humana-platform" + }, + { + "action_id": "mesh-action-bfd19a507a03", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-primary", "evidence": [ - "cdce7a8b65d26384877de0fe599f603eb39e43e2", - "https://git.ami.app.br/admin/tudo-para-ia-mais-humana.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-mais-humana-platform" }, { @@ -829,7 +1126,7 @@ "destructive": true, "environment_id": "windows-secondary", "evidence": [ - "ahead=1;behind=11;upstream=origin/main" + "ahead=1;behind=16;upstream=origin/main" ], "kind": "block_destructive_sync", "reason": "branch divergente ahead/behind; reconciliacao automatica poderia escolher versao antiga", @@ -841,6 +1138,24 @@ "risk": "blocked", "target_name": "tudo-para-ia-mais-humana-platform" }, + { + "action_id": "mesh-action-5deeb419c0c0", + "can_execute_automatically": false, + "command_preview": [], + "destructive": false, + "environment_id": "windows-secondary", + "evidence": [ + "error: cannot open '.git/FETCH_HEAD': Permission denied" + ], + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", + "target_name": "tudo-para-ia-mais-humana-platform" + }, { "action_id": "mesh-action-26c9087acf3e", "can_execute_automatically": false, @@ -878,7 +1193,82 @@ "target_name": "tudo-para-ia-mais-humana-platform" } ], - "activeOrders": [], + "activeOrders": [ + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0001_EXECUTIVA__resolver-ou-formalizar-bloqueios-conhecidos.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0002_EXECUTIVA__resolver-ou-formalizar-bloqueios-conhecidos.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0003_EXECUTIVA__resolver-ou-formalizar-bloqueios-conhecidos.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0004_EXECUTIVA__elevar-maturidade-humana-de-business-platform.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0005_EXECUTIVA__elevar-maturidade-humana-de-compliance-platform.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0006_EXECUTIVA__resolver-ou-formalizar-bloqueios-conhecidos.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0007_EXECUTIVA__resolver-ou-formalizar-bloqueios-conhecidos.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0008_EXECUTIVA__resolver-ou-formalizar-bloqueios-conhecidos.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0009_EXECUTIVA__elevar-maturidade-humana-de-business-platform.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0010_EXECUTIVA__elevar-maturidade-humana-de-compliance-platform.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0011_EXECUTIVA__resolver-ou-formalizar-bloqueios-conhecidos.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0012_EXECUTIVA__resolver-ou-formalizar-bloqueios-conhecidos.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0013_EXECUTIVA__resolver-ou-formalizar-bloqueios-conhecidos.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0014_EXECUTIVA__elevar-maturidade-humana-de-business-platform.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0015_EXECUTIVA__elevar-maturidade-humana-de-compliance-platform.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0016_EXECUTIVA__publicar-rulebook-mcp-provider-mais-humana.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0017_EXECUTIVA__resolver-docs-catalogonly-com-response-ready-minimo.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0018_EXECUTIVA__classificar-truthstate-e-sourcehash-em-todas-as-plataformas.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0019_EXECUTIVA__blindar-redaction-credentialref-e-cfat-em-artefatos.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0020_EXECUTIVA__validar-mcp-admin-ui-same-source-rulebook.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0021_EXECUTIVA__validar-mcp-gateway-live-rulebook-com-wrangler.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0022_EXECUTIVA__resolver-docs-response-ready-ou-excecao-formal.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0023_EXECUTIVA__executar-wrangler-em-runner-sem-node-eperm.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0024_EXECUTIVA__sincronizar-git-real-e-central-com-credencial-valida.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0025_EXECUTIVA__homologar-admin-ui-same-source-live.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0026_EXECUTIVA__deploy-mcps-gateway-mais-humana-tools-com-wrangler.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0027_EXECUTIVA__validar-live-mais-humana-rulebook-e-transit-ledger.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0028_EXECUTIVA__resolver-docs-response-ready-ou-excecao-formal.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0029_EXECUTIVA__sincronizar-git-real-mcps-e-central-com-credencial-valida.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0030_EXECUTIVA__destravar-escrita-central-e-sql-semantico-da-plataforma-15.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0031_EXECUTIVA__publicar-provider-mais-humana-no-mcps-gateway-via-wrangler-homologado.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0032_EXECUTIVA__validar-live-tools-mais-humana-v1-execute-com-evidencia.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0033_EXECUTIVA__sincronizar-git-mais-humana-mcps-central-com-credenciais.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0034_EXECUTIVA__corrigir-acl-escrita-central-e-sql-semantico-plataforma-15.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0035_EXECUTIVA__reconciliar-nome-canonico-real-alias-platform.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\executivas\\0036_EXECUTIVA__normalizar-limpeza-test-tmp-e-acl-local.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0011_GERENCIAL__fundacao-da-plataforma.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0012_GERENCIAL__resolver-ou-formalizar-bloqueios-conhecidos.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0013_GERENCIAL__resolver-ou-formalizar-bloqueios-conhecidos.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0014_GERENCIAL__resolver-ou-formalizar-bloqueios-conhecidos.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0015_GERENCIAL__elevar-maturidade-humana-de-business-platform.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0016_GERENCIAL__elevar-maturidade-humana-de-compliance-platform.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0017_GERENCIAL__resolver-ou-formalizar-bloqueios-conhecidos.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0018_GERENCIAL__resolver-ou-formalizar-bloqueios-conhecidos.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0019_GERENCIAL__resolver-ou-formalizar-bloqueios-conhecidos.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0020_GERENCIAL__elevar-maturidade-humana-de-business-platform.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0021_GERENCIAL__elevar-maturidade-humana-de-compliance-platform.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0022_GERENCIAL__resolver-ou-formalizar-bloqueios-conhecidos.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0023_GERENCIAL__resolver-ou-formalizar-bloqueios-conhecidos.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0024_GERENCIAL__resolver-ou-formalizar-bloqueios-conhecidos.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0025_GERENCIAL__elevar-maturidade-humana-de-business-platform.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0026_GERENCIAL__elevar-maturidade-humana-de-compliance-platform.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0027_GERENCIAL__nome-canonico-mcps-conect.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0028_GERENCIAL__autorizar-renome-canonico-mais-humana-plataform.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0030_GERENCIAL__definir-modelo-oficial-de-relatorio-humano.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0031_GERENCIAL__governar-ui-como-renderizador-sem-fonte-paralela.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0032_GERENCIAL__homologar-rulebook-como-contrato-de-maturidade-humana.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0033_GERENCIAL__autorizar-renome-canonico-mais-humana-plataform.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0034_GERENCIAL__pactuar-politica-waf-para-gpt-mcp-gateway.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0035_GERENCIAL__governar-docs-catalogonly-response-ready.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0036_GERENCIAL__homologar-runner-wrangler-para-cloudflare.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0037_GERENCIAL__governar-sync-central-plataforma-untracked.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0038_GERENCIAL__aprovar-publicacao-provider-mais-humana-no-mcp-gateway.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0039_GERENCIAL__governar-ledger-transito-mcp-como-artefato-obrigatorio.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0040_GERENCIAL__pactuar-politica-waf-gpt-para-mcp-gateway.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0041_GERENCIAL__homologar-runner-wrangler-node-esbuild-sem-eperm.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0042_GERENCIAL__governar-renome-canonico-e-sync-central-plataforma-15.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0043_GERENCIAL__aprovar-janela-publicacao-provider-mais-humana-com-rollback.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0045_GERENCIAL__pactuar-politica-acesso-waf-gpt-mcp-gateway.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0046_GERENCIAL__homologar-runner-oficial-wrangler-node-esbuild.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0047_GERENCIAL__decidir-nome-canonico-e-politica-alias-mais-humana.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\orders\\gerenciais\\0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional.md" + ], "centralFolder": "15_repo_tudo-para-ia-mais-humana-platform", "declaredName": "tudo-para-ia-mais-humana-platform", "expectedLocalName": "tudo-para-ia-mais-humana", @@ -887,39 +1277,39 @@ { "actions": [ { - "action_id": "mesh-action-3ca71e7cd6ac", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-09c924f2d891", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-primary", "evidence": [ - "694c3906aa8811c3733aa43897cbea602ffe525b", - "https://git.ami.app.br/admin/tudo-para-ia-mcps-internos-plataform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-mcps-internos-plataform" }, { - "action_id": "mesh-action-76753a97221b", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-5b157361e3ee", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-secondary", "evidence": [ - "694c3906aa8811c3733aa43897cbea602ffe525b", - "https://git.ami.app.br/admin/tudo-para-ia-mcps-internos-plataform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-mcps-internos-plataform" }, { @@ -959,7 +1349,18 @@ "target_name": "tudo-para-ia-mcps-internos-plataform" } ], - "activeOrders": [], + "activeOrders": [ + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\10_repo_tudo-para-ia-mcps-internos-plataform\\orders\\executivas\\0073_EXECUTIVA__validar-transit-proof-ledger-live-pos-deploy-manual.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\10_repo_tudo-para-ia-mcps-internos-plataform\\orders\\executivas\\0074_EXECUTIVA__executar-smoke-gpt-painel-auditoria-em-worker-publicado.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\10_repo_tudo-para-ia-mcps-internos-plataform\\orders\\executivas\\0075_EXECUTIVA__restaurar-biblioteca-privada-para-suite-service-binding.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\10_repo_tudo-para-ia-mcps-internos-plataform\\orders\\executivas\\0076_EXECUTIVA__sincronizar-repo-central-e-remotos-com-schanel-credenciais-validas.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\10_repo_tudo-para-ia-mcps-internos-plataform\\orders\\executivas\\0077_EXECUTIVA__reconciliar-deltas-concorrentes-do-gateway-mcps.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\10_repo_tudo-para-ia-mcps-internos-plataform\\orders\\gerenciais\\0068_GERENCIAL__homologar-ledger-same-source-como-gate-vivo.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\10_repo_tudo-para-ia-mcps-internos-plataform\\orders\\gerenciais\\0069_GERENCIAL__instituir-politica-de-deploy-manual-e-evidencia-pos-deploy.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\10_repo_tudo-para-ia-mcps-internos-plataform\\orders\\gerenciais\\0070_GERENCIAL__governar-biblioteca-privada-como-dependencia-de-suite.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\10_repo_tudo-para-ia-mcps-internos-plataform\\orders\\gerenciais\\0071_GERENCIAL__normalizar-sync-git-schanel-e-autosync.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\10_repo_tudo-para-ia-mcps-internos-plataform\\orders\\gerenciais\\0072_GERENCIAL__governar-deltas-concorrentes-do-control-plane-mcps.md" + ], "centralFolder": "10_repo_tudo-para-ia-mcps-internos-plataform", "declaredName": "tudo-para-ia-mcps-internos-plataform", "expectedLocalName": "tudo-para-ia-mcps-internos-plataform", @@ -968,21 +1369,21 @@ { "actions": [ { - "action_id": "mesh-action-dd0d93d14349", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-e16f250cddb5", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-primary", "evidence": [ - "f87d17cf683222b53fb7a1e6217667d7af35fd45", - "https://git.ami.app.br/admin/tudo-para-ia-platform-base.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-platform-base" }, { @@ -1021,7 +1422,7 @@ "destructive": false, "environment_id": "windows-secondary", "evidence": [ - "ahead=0;behind=9;upstream=origin/main" + "ahead=0;behind=10;upstream=origin/main" ], "kind": "block_destructive_sync", "reason": "ha commits remotos nao aplicados; pull automatico so e seguro com working tree limpo e comparacao de hash", @@ -1033,6 +1434,24 @@ "risk": "blocked", "target_name": "tudo-para-ia-platform-base" }, + { + "action_id": "mesh-action-75f9e9dfb259", + "can_execute_automatically": false, + "command_preview": [], + "destructive": false, + "environment_id": "windows-secondary", + "evidence": [ + "error: cannot open '.git/FETCH_HEAD': Permission denied" + ], + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", + "target_name": "tudo-para-ia-platform-base" + }, { "action_id": "mesh-action-0f86f1adcf16", "can_execute_automatically": false, @@ -1070,7 +1489,18 @@ "target_name": "tudo-para-ia-platform-base" } ], - "activeOrders": [], + "activeOrders": [ + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\11_repo_tudo-para-ia-platform-base\\orders\\executivas\\0057_EXECUTIVA__homologar-primeiro-consumidor-do-ledger-mcp.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\11_repo_tudo-para-ia-platform-base\\orders\\executivas\\0058_EXECUTIVA__executar-smoke-same-source-em-business-identity-docs-integracoes-ui.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\11_repo_tudo-para-ia-platform-base\\orders\\executivas\\0059_EXECUTIVA__publicar-relatorios-mcp-transit-consumer-publications-nos-consumidores.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\11_repo_tudo-para-ia-platform-base\\orders\\executivas\\0060_EXECUTIVA__sincronizar-platform-base-remoto-com-credenciais-validas.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\11_repo_tudo-para-ia-platform-base\\orders\\executivas\\0061_EXECUTIVA__regenerar-artifacts-pos-consumidor-homologado.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\11_repo_tudo-para-ia-platform-base\\orders\\gerenciais\\0052_GERENCIAL__homologar-ledger-consumer-publications-como-fonte-canonica.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\11_repo_tudo-para-ia-platform-base\\orders\\gerenciais\\0053_GERENCIAL__aprovar-gate-same-source-cross-platform.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\11_repo_tudo-para-ia-platform-base\\orders\\gerenciais\\0054_GERENCIAL__governar-rollout-de-consumidores-mcp.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\11_repo_tudo-para-ia-platform-base\\orders\\gerenciais\\0055_GERENCIAL__normatizar-sync-schanel-platform-base.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\11_repo_tudo-para-ia-platform-base\\orders\\gerenciais\\0056_GERENCIAL__governar-producao-gerada-e-limite-de-codigo-util.md" + ], "centralFolder": "11_repo_tudo-para-ia-platform-base", "declaredName": "tudo-para-ia-platform-base", "expectedLocalName": "tudo-para-ia-platform-base", @@ -1079,39 +1509,39 @@ { "actions": [ { - "action_id": "mesh-action-6dd1f81234a2", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-917cb9437e58", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-primary", "evidence": [ - "7980d3de29ab1432feb8b1fdcc6ad3e06dae8825", - "https://git.ami.app.br/admin/tudo-para-ia-public-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-public-platform" }, { - "action_id": "mesh-action-a135683c8f40", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-0dd44b8f05dc", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-secondary", "evidence": [ - "7980d3de29ab1432feb8b1fdcc6ad3e06dae8825", - "https://git.ami.app.br/admin/tudo-para-ia-public-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-public-platform" }, { @@ -1151,7 +1581,18 @@ "target_name": "tudo-para-ia-public-platform" } ], - "activeOrders": [], + "activeOrders": [ + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\12_repo_tudo-para-ia-public-platform\\orders\\executivas\\0056_EXECUTIVA__executar-pages-deploy-runner-oficial.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\12_repo_tudo-para-ia-public-platform\\orders\\executivas\\0057_EXECUTIVA__confirmar-readback-canonical-live.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\12_repo_tudo-para-ia-public-platform\\orders\\executivas\\0058_EXECUTIVA__registrar-contrato-mcp-central-public.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\12_repo_tudo-para-ia-public-platform\\orders\\executivas\\0059_EXECUTIVA__sincronizar-docs-platform-sourcehash.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\12_repo_tudo-para-ia-public-platform\\orders\\executivas\\0060_EXECUTIVA__homologar-lead-handoff-sem-pii.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\12_repo_tudo-para-ia-public-platform\\orders\\gerenciais\\0051_GERENCIAL__homologar-runner-pages-deploy.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\12_repo_tudo-para-ia-public-platform\\orders\\gerenciais\\0052_GERENCIAL__decidir-dominio-final-canonical.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\12_repo_tudo-para-ia-public-platform\\orders\\gerenciais\\0053_GERENCIAL__governar-mcp-central-ui-public.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\12_repo_tudo-para-ia-public-platform\\orders\\gerenciais\\0054_GERENCIAL__governar-docs-platform-peer-public.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\12_repo_tudo-para-ia-public-platform\\orders\\gerenciais\\0055_GERENCIAL__aprovar-retencao-purge-suporte-leads.md" + ], "centralFolder": "12_repo_tudo-para-ia-public-platform", "declaredName": "tudo-para-ia-public-platform", "expectedLocalName": "tudo-para-ia-public-platform", @@ -1160,39 +1601,39 @@ { "actions": [ { - "action_id": "mesh-action-ff616d525be0", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-d0bbf9052ed8", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-primary", "evidence": [ - "b83f848f3ef61c83e8abc342066a7cb161b9237c", - "https://git.ami.app.br/admin/tudo-para-ia-stj-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-stj-platform" }, { - "action_id": "mesh-action-9e801c40f5c8", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], + "action_id": "mesh-action-2a5a6ae13064", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-secondary", "evidence": [ - "b83f848f3ef61c83e8abc342066a7cb161b9237c", - "https://git.ami.app.br/admin/tudo-para-ia-stj-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-stj-platform" }, { @@ -1232,7 +1673,18 @@ "target_name": "tudo-para-ia-stj-platform" } ], - "activeOrders": [], + "activeOrders": [ + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\13_repo_tudo-para-ia-stj-platform\\orders\\executivas\\0066_EXECUTIVA__publicar-mcp-gateway-aliases-round015.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\13_repo_tudo-para-ia-stj-platform\\orders\\executivas\\0067_EXECUTIVA__deploy-stj-workers-wrangler.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\13_repo_tudo-para-ia-stj-platform\\orders\\executivas\\0068_EXECUTIVA__consolidar-readback-byte-preserving.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\13_repo_tudo-para-ia-stj-platform\\orders\\executivas\\0069_EXECUTIVA__rodar-suite-stj-runner-liberado.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\13_repo_tudo-para-ia-stj-platform\\orders\\executivas\\0070_EXECUTIVA__sincronizar-repositorios-stj.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\13_repo_tudo-para-ia-stj-platform\\orders\\gerenciais\\0061_GERENCIAL__aprovar-release-mcp-gateway-round015.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\13_repo_tudo-para-ia-stj-platform\\orders\\gerenciais\\0062_GERENCIAL__homologar-runner-cloudflare-operacional.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\13_repo_tudo-para-ia-stj-platform\\orders\\gerenciais\\0063_GERENCIAL__formalizar-readback-byte-preserving.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\13_repo_tudo-para-ia-stj-platform\\orders\\gerenciais\\0064_GERENCIAL__pactuar-chave-mcp-gateway-e-aceites.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\13_repo_tudo-para-ia-stj-platform\\orders\\gerenciais\\0065_GERENCIAL__governar-sync-git-remotos.md" + ], "centralFolder": "13_repo_tudo-para-ia-stj-platform", "declaredName": "tudo-para-ia-stj-platform", "expectedLocalName": "tudo-para-ia-stj-platform", @@ -1241,39 +1693,64 @@ { "actions": [ { - "action_id": "mesh-action-61bbdbde877a", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" - ], - "destructive": false, + "action_id": "mesh-action-22557e2b043e", + "can_execute_automatically": false, + "command_preview": [], + "destructive": true, "environment_id": "windows-primary", "evidence": [ - "76c81999d710ab23e438f9017192dd9fd37018af", - "https://git.ami.app.br/admin/tudo-para-ia-ui-platform.git" + "M reports/browser-validations/index.json", + " M reports/latest-mcp-gateway-evidence.json", + " M reports/latest-static-browser-validation.json", + " M reports/latest-unit-tests.json", + " M reports/mcp-gateway-evidence/index.json", + "?? reports/browser-validations/static-browser-validation-20260502053043.json", + "?? reports/mcp-gateway-evidence/mcp-gateway-evidence-20260502053114-483b3a8d.json" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "block_destructive_sync", + "reason": "working tree sujo; pull/reset/merge/rebase poderiam sobrescrever alteracao valida", + "required_before": [ + "commit ou stash consciente das alteracoes", + "registrar diff resumido", + "decidir precedencia" + ], + "risk": "blocked", "target_name": "tudo-para-ia-ui-platform" }, { - "action_id": "mesh-action-f6946d42b041", - "can_execute_automatically": true, - "command_preview": [ - "git fetch --all --prune" + "action_id": "mesh-action-59ea5ecc1144", + "can_execute_automatically": false, + "command_preview": [], + "destructive": false, + "environment_id": "windows-primary", + "evidence": [ + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", + "target_name": "tudo-para-ia-ui-platform" + }, + { + "action_id": "mesh-action-e130012ee3bd", + "can_execute_automatically": false, + "command_preview": [], "destructive": false, "environment_id": "windows-secondary", "evidence": [ - "76c81999d710ab23e438f9017192dd9fd37018af", - "https://git.ami.app.br/admin/tudo-para-ia-ui-platform.git" + "error: cannot open '.git/FETCH_HEAD': Permission denied" ], - "kind": "fetch", - "reason": "espelho materializado; fetch nao destrutivo e acao padrao de manutencao", - "required_before": [], - "risk": "ok", + "kind": "register_evidence", + "reason": "fetch falhou: unknown", + "required_before": [ + "fornecer credencial Git valida", + "reexecutar fetch nao destrutivo" + ], + "risk": "attention", "target_name": "tudo-para-ia-ui-platform" }, { @@ -1313,7 +1790,18 @@ "target_name": "tudo-para-ia-ui-platform" } ], - "activeOrders": [], + "activeOrders": [ + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\14_repo_tudo-para-ia-ui-platform\\orders\\executivas\\0097_EXECUTIVA__homologar-mcps-gateway-bearer-externo-sem-skip.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\14_repo_tudo-para-ia-ui-platform\\orders\\executivas\\0098_EXECUTIVA__executar-browser-validation-runner-com-spawn-permitido.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\14_repo_tudo-para-ia-ui-platform\\orders\\executivas\\0099_EXECUTIVA__ensaiar-rollback-pages-com-owner-e-readback.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\14_repo_tudo-para-ia-ui-platform\\orders\\executivas\\0100_EXECUTIVA__ativar-credentialref-resolver-readonly-vivo.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\14_repo_tudo-para-ia-ui-platform\\orders\\executivas\\0101_EXECUTIVA__regularizar-git-fetch-push-schannel-e-central-divergente.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\14_repo_tudo-para-ia-ui-platform\\orders\\gerenciais\\0092_GERENCIAL__governar-gateway-bearer-docs-ci-retencao-externa.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\14_repo_tudo-para-ia-ui-platform\\orders\\gerenciais\\0093_GERENCIAL__homologar-ambiente-browser-sem-eperm-para-release-ui.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\14_repo_tudo-para-ia-ui-platform\\orders\\gerenciais\\0094_GERENCIAL__aprovar-politica-rollback-pages-e-janela-de-reversao.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\14_repo_tudo-para-ia-ui-platform\\orders\\gerenciais\\0095_GERENCIAL__governar-credentialref-readonly-institucional-sem-segredo.md", + "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\14_repo_tudo-para-ia-ui-platform\\orders\\gerenciais\\0096_GERENCIAL__governar-sincronizacao-git-segura-e-credenciais-remotas.md" + ], "centralFolder": "14_repo_tudo-para-ia-ui-platform", "declaredName": "tudo-para-ia-ui-platform", "expectedLocalName": "tudo-para-ia-ui-platform", diff --git a/dados/repository-mesh-reconciliation-summary.json b/dados/repository-mesh-reconciliation-summary.json index d5246a5..484d3f1 100644 --- a/dados/repository-mesh-reconciliation-summary.json +++ b/dados/repository-mesh-reconciliation-summary.json @@ -2,12 +2,12 @@ "autoSyncReadyCount": 0, "blockerCount": 15, "credentialBlockedCount": 0, - "generatedAt": "2026-05-02T02:38:16+00:00", - "planId": "mesh-plan-3f7271f011b8", + "generatedAt": "2026-05-02T05:32:42+00:00", + "planId": "mesh-plan-7bb1ea59a136", "receipts": [ { "expected_local_name": "tudo-para-ia-business-platform", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-business-platform", "latest_state": { "blockers": [], @@ -19,8 +19,8 @@ "cleanliness": "clean", "environment_id": "windows-primary", "environment_kind": "windows_primary", - "head": "bb1cec9a273a3c64023a6e7554e33a31bd7a8015", - "observed_at": "2026-05-02T02:37:46+00:00", + "head": "775e3c0ba8dfd5dc03c7e03384b0adbf93be729e", + "observed_at": "2026-05-02T05:31:58+00:00", "path": "G:\\_codex-git\\tudo-para-ia-business-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-business-platform.git", "status_preview": [], @@ -34,8 +34,8 @@ "cleanliness": "clean", "environment_id": "windows-secondary", "environment_kind": "windows_secondary", - "head": "bb1cec9a273a3c64023a6e7554e33a31bd7a8015", - "observed_at": "2026-05-02T02:37:47+00:00", + "head": "775e3c0ba8dfd5dc03c7e03384b0adbf93be729e", + "observed_at": "2026-05-02T05:31:59+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-business-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-business-platform.git", "status_preview": [], @@ -48,7 +48,7 @@ "reason": "todos os ambientes com HEAD confirmado apontam para o mesmo commit", "rejected_heads": [], "selected_environment": "windows-primary", - "selected_head": "bb1cec9a273a3c64023a6e7554e33a31bd7a8015", + "selected_head": "775e3c0ba8dfd5dc03c7e03384b0adbf93be729e", "selected_path": "G:\\_codex-git\\tudo-para-ia-business-platform", "target_name": "tudo-para-ia-business-platform" }, @@ -153,7 +153,7 @@ "pending_items": [ "ambiente declarado pela OS nao esta acessivel a partir desta sessao" ], - "receipt_id": "mesh-receipt-7c46b8b7ecec", + "receipt_id": "mesh-receipt-184e055e9773", "risk": "blocked", "safe_to_auto_sync": false, "status": "environment_blocked", @@ -161,7 +161,7 @@ }, { "expected_local_name": "tudo-para-ia-compliance-platform", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-compliance-platform", "latest_state": { "blockers": [], @@ -174,7 +174,7 @@ "environment_id": "windows-primary", "environment_kind": "windows_primary", "head": "a97cd9a1103e336b14d52570788095cfaea71394", - "observed_at": "2026-05-02T02:37:48+00:00", + "observed_at": "2026-05-02T05:32:00+00:00", "path": "G:\\_codex-git\\tudo-para-ia-compliance-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-compliance-platform.git", "status_preview": [], @@ -189,7 +189,7 @@ "environment_id": "windows-secondary", "environment_kind": "windows_secondary", "head": "a97cd9a1103e336b14d52570788095cfaea71394", - "observed_at": "2026-05-02T02:37:49+00:00", + "observed_at": "2026-05-02T05:32:01+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-compliance-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-compliance-platform.git", "status_preview": [], @@ -315,7 +315,7 @@ }, { "expected_local_name": "tudo-para-ia-customer-ops-platform", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-customer-ops-platform", "latest_state": { "blockers": [], @@ -328,7 +328,7 @@ "environment_id": "windows-primary", "environment_kind": "windows_primary", "head": "bf45665a80ffd63b0ddb5608a49007429c140a39", - "observed_at": "2026-05-02T02:37:50+00:00", + "observed_at": "2026-05-02T05:32:02+00:00", "path": "G:\\_codex-git\\tudo-para-ia-customer-ops-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-customer-ops-platform.git", "status_preview": [], @@ -343,7 +343,7 @@ "environment_id": "windows-secondary", "environment_kind": "windows_secondary", "head": "bf45665a80ffd63b0ddb5608a49007429c140a39", - "observed_at": "2026-05-02T02:37:51+00:00", + "observed_at": "2026-05-02T05:32:03+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-customer-ops-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-customer-ops-platform.git", "status_preview": [], @@ -469,7 +469,7 @@ }, { "expected_local_name": "tudo-para-ia-docs-plataform", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-docs-plataform", "latest_state": { "blockers": [], @@ -481,8 +481,8 @@ "cleanliness": "clean", "environment_id": "windows-primary", "environment_kind": "windows_primary", - "head": "e7330785b3b792c8401bfec9ae46c146f1231155", - "observed_at": "2026-05-02T02:37:52+00:00", + "head": "f0d043d97d78b31f95c55ab1be2cfff5e65ec500", + "observed_at": "2026-05-02T05:32:09+00:00", "path": "G:\\_codex-git\\tudo-para-ia-docs-plataform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-docs-plataform.git", "status_preview": [], @@ -496,8 +496,8 @@ "cleanliness": "clean", "environment_id": "windows-secondary", "environment_kind": "windows_secondary", - "head": "e7330785b3b792c8401bfec9ae46c146f1231155", - "observed_at": "2026-05-02T02:37:53+00:00", + "head": "f0d043d97d78b31f95c55ab1be2cfff5e65ec500", + "observed_at": "2026-05-02T05:32:10+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-docs-plataform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-docs-plataform.git", "status_preview": [], @@ -510,7 +510,7 @@ "reason": "todos os ambientes com HEAD confirmado apontam para o mesmo commit", "rejected_heads": [], "selected_environment": "windows-primary", - "selected_head": "e7330785b3b792c8401bfec9ae46c146f1231155", + "selected_head": "f0d043d97d78b31f95c55ab1be2cfff5e65ec500", "selected_path": "G:\\_codex-git\\tudo-para-ia-docs-plataform", "target_name": "tudo-para-ia-docs-plataform" }, @@ -615,7 +615,7 @@ "pending_items": [ "ambiente declarado pela OS nao esta acessivel a partir desta sessao" ], - "receipt_id": "mesh-receipt-c4a77cfe57a7", + "receipt_id": "mesh-receipt-4ce8efb5e024", "risk": "blocked", "safe_to_auto_sync": false, "status": "environment_blocked", @@ -623,7 +623,7 @@ }, { "expected_local_name": "tudo-para-ia-finance-platform", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-finance-platform", "latest_state": { "blockers": [ @@ -637,8 +637,8 @@ "cleanliness": "dirty", "environment_id": "windows-primary", "environment_kind": "windows_primary", - "head": "af42e69e75fa557d1cb646f18b9c20593854cd96", - "observed_at": "2026-05-02T02:37:54+00:00", + "head": "c09e54801470f45b22513b53fdedb3cc3750654b", + "observed_at": "2026-05-02T05:32:12+00:00", "path": "G:\\_codex-git\\tudo-para-ia-finance-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-finance-platform.git", "status_preview": [ @@ -654,8 +654,8 @@ "cleanliness": "clean", "environment_id": "windows-secondary", "environment_kind": "windows_secondary", - "head": "af42e69e75fa557d1cb646f18b9c20593854cd96", - "observed_at": "2026-05-02T02:37:55+00:00", + "head": "c09e54801470f45b22513b53fdedb3cc3750654b", + "observed_at": "2026-05-02T05:32:12+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-finance-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-finance-platform.git", "status_preview": [], @@ -667,7 +667,7 @@ "precedence": "dirty_tree", "reason": "estado sujo impede declarar commit como fonte unica de verdade", "rejected_heads": [ - "af42e69e75fa557d1cb646f18b9c20593854cd96" + "c09e54801470f45b22513b53fdedb3cc3750654b" ], "selected_environment": null, "selected_head": null, @@ -807,7 +807,7 @@ }, { "expected_local_name": "tudo-para-ia-gettys-platform", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-gettys-platform", "latest_state": { "blockers": [], @@ -819,8 +819,8 @@ "cleanliness": "clean", "environment_id": "windows-primary", "environment_kind": "windows_primary", - "head": "d116fb397d34068883f78e7508aedb97b0fa7eab", - "observed_at": "2026-05-02T02:37:56+00:00", + "head": "e304fb7dbfc34ff5c05bd636194e1ccb6a307931", + "observed_at": "2026-05-02T05:32:14+00:00", "path": "G:\\_codex-git\\tudo-para-ia-gettys-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-gettys-platform.git", "status_preview": [], @@ -834,8 +834,8 @@ "cleanliness": "clean", "environment_id": "windows-secondary", "environment_kind": "windows_secondary", - "head": "d116fb397d34068883f78e7508aedb97b0fa7eab", - "observed_at": "2026-05-02T02:37:57+00:00", + "head": "e304fb7dbfc34ff5c05bd636194e1ccb6a307931", + "observed_at": "2026-05-02T05:32:16+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-gettys-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-gettys-platform.git", "status_preview": [], @@ -848,7 +848,7 @@ "reason": "todos os ambientes com HEAD confirmado apontam para o mesmo commit", "rejected_heads": [], "selected_environment": "windows-primary", - "selected_head": "d116fb397d34068883f78e7508aedb97b0fa7eab", + "selected_head": "e304fb7dbfc34ff5c05bd636194e1ccb6a307931", "selected_path": "G:\\_codex-git\\tudo-para-ia-gettys-platform", "target_name": "tudo-para-ia-gettys-platform" }, @@ -953,7 +953,7 @@ "pending_items": [ "ambiente declarado pela OS nao esta acessivel a partir desta sessao" ], - "receipt_id": "mesh-receipt-91daef99f22d", + "receipt_id": "mesh-receipt-871c5cba6723", "risk": "blocked", "safe_to_auto_sync": false, "status": "environment_blocked", @@ -961,7 +961,7 @@ }, { "expected_local_name": "tudo-para-ia-identity-platform", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-identity-platform", "latest_state": { "blockers": [ @@ -975,8 +975,8 @@ "cleanliness": "dirty", "environment_id": "windows-primary", "environment_kind": "windows_primary", - "head": "5d47be0be72a335d59be91c6dc36756e20355847", - "observed_at": "2026-05-02T02:37:59+00:00", + "head": "a31adba6dd47eec7f584dbac0e8a76bc802ad3c0", + "observed_at": "2026-05-02T05:32:19+00:00", "path": "G:\\_codex-git\\tudo-para-ia-identity-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-identity-platform.git", "status_preview": [ @@ -993,8 +993,8 @@ "cleanliness": "clean", "environment_id": "windows-secondary", "environment_kind": "windows_secondary", - "head": "5d47be0be72a335d59be91c6dc36756e20355847", - "observed_at": "2026-05-02T02:38:00+00:00", + "head": "a31adba6dd47eec7f584dbac0e8a76bc802ad3c0", + "observed_at": "2026-05-02T05:32:20+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-identity-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-identity-platform.git", "status_preview": [], @@ -1006,7 +1006,7 @@ "precedence": "dirty_tree", "reason": "estado sujo impede declarar commit como fonte unica de verdade", "rejected_heads": [ - "5d47be0be72a335d59be91c6dc36756e20355847" + "a31adba6dd47eec7f584dbac0e8a76bc802ad3c0" ], "selected_environment": null, "selected_head": null, @@ -1147,7 +1147,7 @@ }, { "expected_local_name": "tudo-para-ia-integracoes-platform", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-integracoes-platform", "latest_state": { "blockers": [ @@ -1162,7 +1162,7 @@ "environment_id": "windows-primary", "environment_kind": "windows_primary", "head": "e067074d349a7101579276bd582601b3e6476de8", - "observed_at": "2026-05-02T02:38:01+00:00", + "observed_at": "2026-05-02T05:32:22+00:00", "path": "G:\\_codex-git\\tudo-para-ia-integracoes-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-integracoes-plataform.git", "status_preview": [ @@ -1179,7 +1179,7 @@ "environment_id": "windows-secondary", "environment_kind": "windows_secondary", "head": "eaf49821adefdc1b9d64f456598e9c478a1d498d", - "observed_at": "2026-05-02T02:38:02+00:00", + "observed_at": "2026-05-02T05:32:23+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-integracoes-plataform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-integracoes-plataform.git", "status_preview": [], @@ -1431,7 +1431,7 @@ }, { "expected_local_name": "tudo-para-ia-intelligence-platform", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-intelligence-platform", "latest_state": { "blockers": [], @@ -1444,7 +1444,7 @@ "environment_id": "windows-primary", "environment_kind": "windows_primary", "head": "37c3ae1945864be8fed0e3dd4c0c560b486fba09", - "observed_at": "2026-05-02T02:38:03+00:00", + "observed_at": "2026-05-02T05:32:24+00:00", "path": "G:\\_codex-git\\tudo-para-ia-intelligence-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-intelligence-platform.git", "status_preview": [], @@ -1459,7 +1459,7 @@ "environment_id": "windows-secondary", "environment_kind": "windows_secondary", "head": "37c3ae1945864be8fed0e3dd4c0c560b486fba09", - "observed_at": "2026-05-02T02:38:04+00:00", + "observed_at": "2026-05-02T05:32:25+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-intelligence-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-intelligence-platform.git", "status_preview": [], @@ -1585,37 +1585,42 @@ }, { "expected_local_name": "tudo-para-ia-mais-humana", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-mais-humana", "latest_state": { "blockers": [ - "windows-secondary esta ahead=1 behind=11" + "windows-primary possui working tree sujo" ], "candidates": [ { "ahead": -1, "behind": -1, "branch": "main", - "cleanliness": "clean", + "cleanliness": "dirty", "environment_id": "windows-primary", "environment_kind": "windows_primary", - "head": "cdce7a8b65d26384877de0fe599f603eb39e43e2", - "observed_at": "2026-05-02T02:38:04+00:00", + "head": "9493926b90d2bb2d7a42cfd65656fe7e3cd43c63", + "observed_at": "2026-05-02T05:32:25+00:00", "path": "G:\\_codex-git\\tudo-para-ia-mais-humana", "remote": "https://git.ami.app.br/admin/tudo-para-ia-mais-humana.git", - "status_preview": [], + "status_preview": [ + "M src/mais_humana/generated_mcp_control_contracts.py", + " M src/mais_humana/mcp_contract.py", + " M tests/test_mcp_provider_contract.py", + " M tools/generate_mcp_control_contracts.py" + ], "target_name": "tudo-para-ia-mais-humana-platform", "upstream": "" }, { "ahead": 1, - "behind": 11, + "behind": 16, "branch": "main", "cleanliness": "clean", "environment_id": "windows-secondary", "environment_kind": "windows_secondary", "head": "f9d954deda54309e96214df45a0949f22e8f6b77", - "observed_at": "2026-05-02T02:38:05+00:00", + "observed_at": "2026-05-02T05:32:26+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-mais-humana", "remote": "https://git.ami.app.br/admin/tudo-para-ia-mais-humana.git", "status_preview": [], @@ -1623,11 +1628,11 @@ "upstream": "origin/main" } ], - "confidence": 0.2, - "precedence": "divergent", - "reason": "divergencia ahead/behind exige decisao humana de precedencia", + "confidence": 0.25, + "precedence": "dirty_tree", + "reason": "estado sujo impede declarar commit como fonte unica de verdade", "rejected_heads": [ - "cdce7a8b65d26384877de0fe599f603eb39e43e2", + "9493926b90d2bb2d7a42cfd65656fe7e3cd43c63", "f9d954deda54309e96214df45a0949f22e8f6b77" ], "selected_environment": null, @@ -1706,6 +1711,31 @@ } ], "operations": [ + { + "automatic": false, + "commands": [], + "destructive": false, + "evidence": [ + "windows-primary", + "G:\\_codex-git\\tudo-para-ia-mais-humana", + "M src/mais_humana/generated_mcp_control_contracts.py", + " M src/mais_humana/mcp_contract.py", + " M tests/test_mcp_provider_contract.py", + " M tools/generate_mcp_control_contracts.py" + ], + "operation_id": "mesh-op-939aab9da783", + "preconditions": [ + "registrar diff", + "commit ou stash consciente", + "decidir precedencia antes de pull/merge" + ], + "reason": "alteracoes locais nao commitadas podem ser a versao valida mais recente", + "rollback": [], + "severity": "blocker", + "status": "dirty_blocked", + "target_name": "tudo-para-ia-mais-humana-platform", + "title": "Bloquear sincronizacao destrutiva por working tree sujo" + }, { "automatic": false, "commands": [], @@ -1750,18 +1780,19 @@ } ], "pending_items": [ + "alteracoes locais nao commitadas podem ser a versao valida mais recente", "ambiente declarado pela OS nao esta acessivel a partir desta sessao", - "windows-secondary esta ahead=1 behind=11" + "windows-primary possui working tree sujo" ], - "receipt_id": "mesh-receipt-c6a2b8e7407d", + "receipt_id": "mesh-receipt-02d7454d0e65", "risk": "blocked", "safe_to_auto_sync": false, - "status": "environment_blocked", + "status": "dirty_blocked", "target_name": "tudo-para-ia-mais-humana-platform" }, { "expected_local_name": "tudo-para-ia-mcps-internos-plataform", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-mcps-internos-plataform", "latest_state": { "blockers": [], @@ -1773,8 +1804,8 @@ "cleanliness": "clean", "environment_id": "windows-primary", "environment_kind": "windows_primary", - "head": "694c3906aa8811c3733aa43897cbea602ffe525b", - "observed_at": "2026-05-02T02:38:06+00:00", + "head": "26ddf904aca27526a043634825af07ac85f0a91f", + "observed_at": "2026-05-02T05:32:27+00:00", "path": "G:\\_codex-git\\tudo-para-ia-mcps-internos-plataform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-mcps-internos-plataform.git", "status_preview": [], @@ -1788,8 +1819,8 @@ "cleanliness": "clean", "environment_id": "windows-secondary", "environment_kind": "windows_secondary", - "head": "694c3906aa8811c3733aa43897cbea602ffe525b", - "observed_at": "2026-05-02T02:38:08+00:00", + "head": "26ddf904aca27526a043634825af07ac85f0a91f", + "observed_at": "2026-05-02T05:32:32+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-mcps-internos-plataform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-mcps-internos-plataform.git", "status_preview": [], @@ -1802,7 +1833,7 @@ "reason": "todos os ambientes com HEAD confirmado apontam para o mesmo commit", "rejected_heads": [], "selected_environment": "windows-primary", - "selected_head": "694c3906aa8811c3733aa43897cbea602ffe525b", + "selected_head": "26ddf904aca27526a043634825af07ac85f0a91f", "selected_path": "G:\\_codex-git\\tudo-para-ia-mcps-internos-plataform", "target_name": "tudo-para-ia-mcps-internos-plataform" }, @@ -1907,7 +1938,7 @@ "pending_items": [ "ambiente declarado pela OS nao esta acessivel a partir desta sessao" ], - "receipt_id": "mesh-receipt-ee4775550bc8", + "receipt_id": "mesh-receipt-74871925a86b", "risk": "blocked", "safe_to_auto_sync": false, "status": "environment_blocked", @@ -1915,7 +1946,7 @@ }, { "expected_local_name": "tudo-para-ia-platform-base", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-platform-base", "latest_state": { "blockers": [ @@ -1929,8 +1960,8 @@ "cleanliness": "clean", "environment_id": "windows-primary", "environment_kind": "windows_primary", - "head": "f87d17cf683222b53fb7a1e6217667d7af35fd45", - "observed_at": "2026-05-02T02:38:09+00:00", + "head": "c326f6e7014a08ce4d9cbdf20576f8356920f4a1", + "observed_at": "2026-05-02T05:32:33+00:00", "path": "G:\\_codex-git\\tudo-para-ia-platform-base", "remote": "https://git.ami.app.br/admin/tudo-para-ia-platform-base.git", "status_preview": [], @@ -1939,13 +1970,13 @@ }, { "ahead": 0, - "behind": 9, + "behind": 10, "branch": "main", "cleanliness": "dirty", "environment_id": "windows-secondary", "environment_kind": "windows_secondary", "head": "4f6e1590ddafd990da4fb07c50e97a545a05aa36", - "observed_at": "2026-05-02T02:38:10+00:00", + "observed_at": "2026-05-02T05:32:35+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-platform-base", "remote": "https://git.ami.app.br/admin/tudo-para-ia-platform-base.git", "status_preview": [ @@ -1966,7 +1997,7 @@ "precedence": "dirty_tree", "reason": "estado sujo impede declarar commit como fonte unica de verdade", "rejected_heads": [ - "f87d17cf683222b53fb7a1e6217667d7af35fd45", + "c326f6e7014a08ce4d9cbdf20576f8356920f4a1", "4f6e1590ddafd990da4fb07c50e97a545a05aa36" ], "selected_environment": null, @@ -2098,7 +2129,7 @@ }, { "expected_local_name": "tudo-para-ia-public-platform", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-public-platform", "latest_state": { "blockers": [], @@ -2111,7 +2142,7 @@ "environment_id": "windows-primary", "environment_kind": "windows_primary", "head": "7980d3de29ab1432feb8b1fdcc6ad3e06dae8825", - "observed_at": "2026-05-02T02:38:10+00:00", + "observed_at": "2026-05-02T05:32:36+00:00", "path": "G:\\_codex-git\\tudo-para-ia-public-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-public-platform.git", "status_preview": [], @@ -2126,7 +2157,7 @@ "environment_id": "windows-secondary", "environment_kind": "windows_secondary", "head": "7980d3de29ab1432feb8b1fdcc6ad3e06dae8825", - "observed_at": "2026-05-02T02:38:11+00:00", + "observed_at": "2026-05-02T05:32:37+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-public-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-public-platform.git", "status_preview": [], @@ -2252,7 +2283,7 @@ }, { "expected_local_name": "tudo-para-ia-stj-platform", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-stj-platform", "latest_state": { "blockers": [], @@ -2265,7 +2296,7 @@ "environment_id": "windows-primary", "environment_kind": "windows_primary", "head": "b83f848f3ef61c83e8abc342066a7cb161b9237c", - "observed_at": "2026-05-02T02:38:13+00:00", + "observed_at": "2026-05-02T05:32:38+00:00", "path": "G:\\_codex-git\\tudo-para-ia-stj-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-stj-platform.git", "status_preview": [], @@ -2280,7 +2311,7 @@ "environment_id": "windows-secondary", "environment_kind": "windows_secondary", "head": "b83f848f3ef61c83e8abc342066a7cb161b9237c", - "observed_at": "2026-05-02T02:38:14+00:00", + "observed_at": "2026-05-02T05:32:39+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-stj-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-stj-platform.git", "status_preview": [], @@ -2406,23 +2437,33 @@ }, { "expected_local_name": "tudo-para-ia-ui-platform", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-ui-platform", "latest_state": { - "blockers": [], + "blockers": [ + "windows-primary possui working tree sujo" + ], "candidates": [ { "ahead": -1, "behind": -1, "branch": "main", - "cleanliness": "clean", + "cleanliness": "dirty", "environment_id": "windows-primary", "environment_kind": "windows_primary", - "head": "76c81999d710ab23e438f9017192dd9fd37018af", - "observed_at": "2026-05-02T02:38:15+00:00", + "head": "a1e6f07058d82892abbdca8d1f25ce3f0a072e44", + "observed_at": "2026-05-02T05:32:40+00:00", "path": "G:\\_codex-git\\tudo-para-ia-ui-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-ui-platform.git", - "status_preview": [], + "status_preview": [ + "M reports/browser-validations/index.json", + " M reports/latest-mcp-gateway-evidence.json", + " M reports/latest-static-browser-validation.json", + " M reports/latest-unit-tests.json", + " M reports/mcp-gateway-evidence/index.json", + "?? reports/browser-validations/static-browser-validation-20260502053043.json", + "?? reports/mcp-gateway-evidence/mcp-gateway-evidence-20260502053114-483b3a8d.json" + ], "target_name": "tudo-para-ia-ui-platform", "upstream": "" }, @@ -2433,8 +2474,8 @@ "cleanliness": "clean", "environment_id": "windows-secondary", "environment_kind": "windows_secondary", - "head": "76c81999d710ab23e438f9017192dd9fd37018af", - "observed_at": "2026-05-02T02:38:16+00:00", + "head": "a1e6f07058d82892abbdca8d1f25ce3f0a072e44", + "observed_at": "2026-05-02T05:32:42+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-ui-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-ui-platform.git", "status_preview": [], @@ -2442,13 +2483,15 @@ "upstream": "origin/main" } ], - "confidence": 0.95, - "precedence": "single_hash", - "reason": "todos os ambientes com HEAD confirmado apontam para o mesmo commit", - "rejected_heads": [], - "selected_environment": "windows-primary", - "selected_head": "76c81999d710ab23e438f9017192dd9fd37018af", - "selected_path": "G:\\_codex-git\\tudo-para-ia-ui-platform", + "confidence": 0.25, + "precedence": "dirty_tree", + "reason": "estado sujo impede declarar commit como fonte unica de verdade", + "rejected_heads": [ + "a1e6f07058d82892abbdca8d1f25ce3f0a072e44" + ], + "selected_environment": null, + "selected_head": null, + "selected_path": null, "target_name": "tudo-para-ia-ui-platform" }, "naming_decisions": [ @@ -2506,6 +2549,34 @@ } ], "operations": [ + { + "automatic": false, + "commands": [], + "destructive": false, + "evidence": [ + "windows-primary", + "G:\\_codex-git\\tudo-para-ia-ui-platform", + "M reports/browser-validations/index.json", + " M reports/latest-mcp-gateway-evidence.json", + " M reports/latest-static-browser-validation.json", + " M reports/latest-unit-tests.json", + " M reports/mcp-gateway-evidence/index.json", + "?? reports/browser-validations/static-browser-validation-20260502053043.json", + "?? reports/mcp-gateway-evidence/mcp-gateway-evidence-20260502053114-483b3a8d.json" + ], + "operation_id": "mesh-op-a2cb403626e6", + "preconditions": [ + "registrar diff", + "commit ou stash consciente", + "decidir precedencia antes de pull/merge" + ], + "reason": "alteracoes locais nao commitadas podem ser a versao valida mais recente", + "rollback": [], + "severity": "blocker", + "status": "dirty_blocked", + "target_name": "tudo-para-ia-ui-platform", + "title": "Bloquear sincronizacao destrutiva por working tree sujo" + }, { "automatic": false, "commands": [], @@ -2550,15 +2621,17 @@ } ], "pending_items": [ - "ambiente declarado pela OS nao esta acessivel a partir desta sessao" + "alteracoes locais nao commitadas podem ser a versao valida mais recente", + "ambiente declarado pela OS nao esta acessivel a partir desta sessao", + "windows-primary possui working tree sujo" ], - "receipt_id": "mesh-receipt-0da2571a6260", + "receipt_id": "mesh-receipt-05048e673989", "risk": "blocked", "safe_to_auto_sync": false, - "status": "environment_blocked", + "status": "dirty_blocked", "target_name": "tudo-para-ia-ui-platform" } ], "renameReadyCount": 0, - "reportId": "repository-mesh-01dbdab36e20" + "reportId": "repository-mesh-28c1ea98b122" } \ No newline at end of file diff --git a/dados/repository-mesh-reconciliation.json b/dados/repository-mesh-reconciliation.json index d931f04..66f3024 100644 --- a/dados/repository-mesh-reconciliation.json +++ b/dados/repository-mesh-reconciliation.json @@ -1,10 +1,10 @@ { - "generated_at": "2026-05-02T02:38:16+00:00", - "plan_id": "mesh-plan-3f7271f011b8", + "generated_at": "2026-05-02T05:32:42+00:00", + "plan_id": "mesh-plan-7bb1ea59a136", "receipts": [ { "expected_local_name": "tudo-para-ia-business-platform", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-business-platform", "latest_state": { "blockers": [], @@ -16,8 +16,8 @@ "cleanliness": "clean", "environment_id": "windows-primary", "environment_kind": "windows_primary", - "head": "bb1cec9a273a3c64023a6e7554e33a31bd7a8015", - "observed_at": "2026-05-02T02:37:46+00:00", + "head": "775e3c0ba8dfd5dc03c7e03384b0adbf93be729e", + "observed_at": "2026-05-02T05:31:58+00:00", "path": "G:\\_codex-git\\tudo-para-ia-business-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-business-platform.git", "status_preview": [], @@ -31,8 +31,8 @@ "cleanliness": "clean", "environment_id": "windows-secondary", "environment_kind": "windows_secondary", - "head": "bb1cec9a273a3c64023a6e7554e33a31bd7a8015", - "observed_at": "2026-05-02T02:37:47+00:00", + "head": "775e3c0ba8dfd5dc03c7e03384b0adbf93be729e", + "observed_at": "2026-05-02T05:31:59+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-business-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-business-platform.git", "status_preview": [], @@ -45,7 +45,7 @@ "reason": "todos os ambientes com HEAD confirmado apontam para o mesmo commit", "rejected_heads": [], "selected_environment": "windows-primary", - "selected_head": "bb1cec9a273a3c64023a6e7554e33a31bd7a8015", + "selected_head": "775e3c0ba8dfd5dc03c7e03384b0adbf93be729e", "selected_path": "G:\\_codex-git\\tudo-para-ia-business-platform", "target_name": "tudo-para-ia-business-platform" }, @@ -150,7 +150,7 @@ "pending_items": [ "ambiente declarado pela OS nao esta acessivel a partir desta sessao" ], - "receipt_id": "mesh-receipt-7c46b8b7ecec", + "receipt_id": "mesh-receipt-184e055e9773", "risk": "blocked", "safe_to_auto_sync": false, "status": "environment_blocked", @@ -158,7 +158,7 @@ }, { "expected_local_name": "tudo-para-ia-compliance-platform", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-compliance-platform", "latest_state": { "blockers": [], @@ -171,7 +171,7 @@ "environment_id": "windows-primary", "environment_kind": "windows_primary", "head": "a97cd9a1103e336b14d52570788095cfaea71394", - "observed_at": "2026-05-02T02:37:48+00:00", + "observed_at": "2026-05-02T05:32:00+00:00", "path": "G:\\_codex-git\\tudo-para-ia-compliance-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-compliance-platform.git", "status_preview": [], @@ -186,7 +186,7 @@ "environment_id": "windows-secondary", "environment_kind": "windows_secondary", "head": "a97cd9a1103e336b14d52570788095cfaea71394", - "observed_at": "2026-05-02T02:37:49+00:00", + "observed_at": "2026-05-02T05:32:01+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-compliance-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-compliance-platform.git", "status_preview": [], @@ -312,7 +312,7 @@ }, { "expected_local_name": "tudo-para-ia-customer-ops-platform", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-customer-ops-platform", "latest_state": { "blockers": [], @@ -325,7 +325,7 @@ "environment_id": "windows-primary", "environment_kind": "windows_primary", "head": "bf45665a80ffd63b0ddb5608a49007429c140a39", - "observed_at": "2026-05-02T02:37:50+00:00", + "observed_at": "2026-05-02T05:32:02+00:00", "path": "G:\\_codex-git\\tudo-para-ia-customer-ops-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-customer-ops-platform.git", "status_preview": [], @@ -340,7 +340,7 @@ "environment_id": "windows-secondary", "environment_kind": "windows_secondary", "head": "bf45665a80ffd63b0ddb5608a49007429c140a39", - "observed_at": "2026-05-02T02:37:51+00:00", + "observed_at": "2026-05-02T05:32:03+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-customer-ops-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-customer-ops-platform.git", "status_preview": [], @@ -466,7 +466,7 @@ }, { "expected_local_name": "tudo-para-ia-docs-plataform", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-docs-plataform", "latest_state": { "blockers": [], @@ -478,8 +478,8 @@ "cleanliness": "clean", "environment_id": "windows-primary", "environment_kind": "windows_primary", - "head": "e7330785b3b792c8401bfec9ae46c146f1231155", - "observed_at": "2026-05-02T02:37:52+00:00", + "head": "f0d043d97d78b31f95c55ab1be2cfff5e65ec500", + "observed_at": "2026-05-02T05:32:09+00:00", "path": "G:\\_codex-git\\tudo-para-ia-docs-plataform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-docs-plataform.git", "status_preview": [], @@ -493,8 +493,8 @@ "cleanliness": "clean", "environment_id": "windows-secondary", "environment_kind": "windows_secondary", - "head": "e7330785b3b792c8401bfec9ae46c146f1231155", - "observed_at": "2026-05-02T02:37:53+00:00", + "head": "f0d043d97d78b31f95c55ab1be2cfff5e65ec500", + "observed_at": "2026-05-02T05:32:10+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-docs-plataform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-docs-plataform.git", "status_preview": [], @@ -507,7 +507,7 @@ "reason": "todos os ambientes com HEAD confirmado apontam para o mesmo commit", "rejected_heads": [], "selected_environment": "windows-primary", - "selected_head": "e7330785b3b792c8401bfec9ae46c146f1231155", + "selected_head": "f0d043d97d78b31f95c55ab1be2cfff5e65ec500", "selected_path": "G:\\_codex-git\\tudo-para-ia-docs-plataform", "target_name": "tudo-para-ia-docs-plataform" }, @@ -612,7 +612,7 @@ "pending_items": [ "ambiente declarado pela OS nao esta acessivel a partir desta sessao" ], - "receipt_id": "mesh-receipt-c4a77cfe57a7", + "receipt_id": "mesh-receipt-4ce8efb5e024", "risk": "blocked", "safe_to_auto_sync": false, "status": "environment_blocked", @@ -620,7 +620,7 @@ }, { "expected_local_name": "tudo-para-ia-finance-platform", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-finance-platform", "latest_state": { "blockers": [ @@ -634,8 +634,8 @@ "cleanliness": "dirty", "environment_id": "windows-primary", "environment_kind": "windows_primary", - "head": "af42e69e75fa557d1cb646f18b9c20593854cd96", - "observed_at": "2026-05-02T02:37:54+00:00", + "head": "c09e54801470f45b22513b53fdedb3cc3750654b", + "observed_at": "2026-05-02T05:32:12+00:00", "path": "G:\\_codex-git\\tudo-para-ia-finance-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-finance-platform.git", "status_preview": [ @@ -651,8 +651,8 @@ "cleanliness": "clean", "environment_id": "windows-secondary", "environment_kind": "windows_secondary", - "head": "af42e69e75fa557d1cb646f18b9c20593854cd96", - "observed_at": "2026-05-02T02:37:55+00:00", + "head": "c09e54801470f45b22513b53fdedb3cc3750654b", + "observed_at": "2026-05-02T05:32:12+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-finance-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-finance-platform.git", "status_preview": [], @@ -664,7 +664,7 @@ "precedence": "dirty_tree", "reason": "estado sujo impede declarar commit como fonte unica de verdade", "rejected_heads": [ - "af42e69e75fa557d1cb646f18b9c20593854cd96" + "c09e54801470f45b22513b53fdedb3cc3750654b" ], "selected_environment": null, "selected_head": null, @@ -804,7 +804,7 @@ }, { "expected_local_name": "tudo-para-ia-gettys-platform", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-gettys-platform", "latest_state": { "blockers": [], @@ -816,8 +816,8 @@ "cleanliness": "clean", "environment_id": "windows-primary", "environment_kind": "windows_primary", - "head": "d116fb397d34068883f78e7508aedb97b0fa7eab", - "observed_at": "2026-05-02T02:37:56+00:00", + "head": "e304fb7dbfc34ff5c05bd636194e1ccb6a307931", + "observed_at": "2026-05-02T05:32:14+00:00", "path": "G:\\_codex-git\\tudo-para-ia-gettys-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-gettys-platform.git", "status_preview": [], @@ -831,8 +831,8 @@ "cleanliness": "clean", "environment_id": "windows-secondary", "environment_kind": "windows_secondary", - "head": "d116fb397d34068883f78e7508aedb97b0fa7eab", - "observed_at": "2026-05-02T02:37:57+00:00", + "head": "e304fb7dbfc34ff5c05bd636194e1ccb6a307931", + "observed_at": "2026-05-02T05:32:16+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-gettys-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-gettys-platform.git", "status_preview": [], @@ -845,7 +845,7 @@ "reason": "todos os ambientes com HEAD confirmado apontam para o mesmo commit", "rejected_heads": [], "selected_environment": "windows-primary", - "selected_head": "d116fb397d34068883f78e7508aedb97b0fa7eab", + "selected_head": "e304fb7dbfc34ff5c05bd636194e1ccb6a307931", "selected_path": "G:\\_codex-git\\tudo-para-ia-gettys-platform", "target_name": "tudo-para-ia-gettys-platform" }, @@ -950,7 +950,7 @@ "pending_items": [ "ambiente declarado pela OS nao esta acessivel a partir desta sessao" ], - "receipt_id": "mesh-receipt-91daef99f22d", + "receipt_id": "mesh-receipt-871c5cba6723", "risk": "blocked", "safe_to_auto_sync": false, "status": "environment_blocked", @@ -958,7 +958,7 @@ }, { "expected_local_name": "tudo-para-ia-identity-platform", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-identity-platform", "latest_state": { "blockers": [ @@ -972,8 +972,8 @@ "cleanliness": "dirty", "environment_id": "windows-primary", "environment_kind": "windows_primary", - "head": "5d47be0be72a335d59be91c6dc36756e20355847", - "observed_at": "2026-05-02T02:37:59+00:00", + "head": "a31adba6dd47eec7f584dbac0e8a76bc802ad3c0", + "observed_at": "2026-05-02T05:32:19+00:00", "path": "G:\\_codex-git\\tudo-para-ia-identity-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-identity-platform.git", "status_preview": [ @@ -990,8 +990,8 @@ "cleanliness": "clean", "environment_id": "windows-secondary", "environment_kind": "windows_secondary", - "head": "5d47be0be72a335d59be91c6dc36756e20355847", - "observed_at": "2026-05-02T02:38:00+00:00", + "head": "a31adba6dd47eec7f584dbac0e8a76bc802ad3c0", + "observed_at": "2026-05-02T05:32:20+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-identity-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-identity-platform.git", "status_preview": [], @@ -1003,7 +1003,7 @@ "precedence": "dirty_tree", "reason": "estado sujo impede declarar commit como fonte unica de verdade", "rejected_heads": [ - "5d47be0be72a335d59be91c6dc36756e20355847" + "a31adba6dd47eec7f584dbac0e8a76bc802ad3c0" ], "selected_environment": null, "selected_head": null, @@ -1144,7 +1144,7 @@ }, { "expected_local_name": "tudo-para-ia-integracoes-platform", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-integracoes-platform", "latest_state": { "blockers": [ @@ -1159,7 +1159,7 @@ "environment_id": "windows-primary", "environment_kind": "windows_primary", "head": "e067074d349a7101579276bd582601b3e6476de8", - "observed_at": "2026-05-02T02:38:01+00:00", + "observed_at": "2026-05-02T05:32:22+00:00", "path": "G:\\_codex-git\\tudo-para-ia-integracoes-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-integracoes-plataform.git", "status_preview": [ @@ -1176,7 +1176,7 @@ "environment_id": "windows-secondary", "environment_kind": "windows_secondary", "head": "eaf49821adefdc1b9d64f456598e9c478a1d498d", - "observed_at": "2026-05-02T02:38:02+00:00", + "observed_at": "2026-05-02T05:32:23+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-integracoes-plataform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-integracoes-plataform.git", "status_preview": [], @@ -1428,7 +1428,7 @@ }, { "expected_local_name": "tudo-para-ia-intelligence-platform", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-intelligence-platform", "latest_state": { "blockers": [], @@ -1441,7 +1441,7 @@ "environment_id": "windows-primary", "environment_kind": "windows_primary", "head": "37c3ae1945864be8fed0e3dd4c0c560b486fba09", - "observed_at": "2026-05-02T02:38:03+00:00", + "observed_at": "2026-05-02T05:32:24+00:00", "path": "G:\\_codex-git\\tudo-para-ia-intelligence-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-intelligence-platform.git", "status_preview": [], @@ -1456,7 +1456,7 @@ "environment_id": "windows-secondary", "environment_kind": "windows_secondary", "head": "37c3ae1945864be8fed0e3dd4c0c560b486fba09", - "observed_at": "2026-05-02T02:38:04+00:00", + "observed_at": "2026-05-02T05:32:25+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-intelligence-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-intelligence-platform.git", "status_preview": [], @@ -1582,37 +1582,42 @@ }, { "expected_local_name": "tudo-para-ia-mais-humana", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-mais-humana", "latest_state": { "blockers": [ - "windows-secondary esta ahead=1 behind=11" + "windows-primary possui working tree sujo" ], "candidates": [ { "ahead": -1, "behind": -1, "branch": "main", - "cleanliness": "clean", + "cleanliness": "dirty", "environment_id": "windows-primary", "environment_kind": "windows_primary", - "head": "cdce7a8b65d26384877de0fe599f603eb39e43e2", - "observed_at": "2026-05-02T02:38:04+00:00", + "head": "9493926b90d2bb2d7a42cfd65656fe7e3cd43c63", + "observed_at": "2026-05-02T05:32:25+00:00", "path": "G:\\_codex-git\\tudo-para-ia-mais-humana", "remote": "https://git.ami.app.br/admin/tudo-para-ia-mais-humana.git", - "status_preview": [], + "status_preview": [ + "M src/mais_humana/generated_mcp_control_contracts.py", + " M src/mais_humana/mcp_contract.py", + " M tests/test_mcp_provider_contract.py", + " M tools/generate_mcp_control_contracts.py" + ], "target_name": "tudo-para-ia-mais-humana-platform", "upstream": "" }, { "ahead": 1, - "behind": 11, + "behind": 16, "branch": "main", "cleanliness": "clean", "environment_id": "windows-secondary", "environment_kind": "windows_secondary", "head": "f9d954deda54309e96214df45a0949f22e8f6b77", - "observed_at": "2026-05-02T02:38:05+00:00", + "observed_at": "2026-05-02T05:32:26+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-mais-humana", "remote": "https://git.ami.app.br/admin/tudo-para-ia-mais-humana.git", "status_preview": [], @@ -1620,11 +1625,11 @@ "upstream": "origin/main" } ], - "confidence": 0.2, - "precedence": "divergent", - "reason": "divergencia ahead/behind exige decisao humana de precedencia", + "confidence": 0.25, + "precedence": "dirty_tree", + "reason": "estado sujo impede declarar commit como fonte unica de verdade", "rejected_heads": [ - "cdce7a8b65d26384877de0fe599f603eb39e43e2", + "9493926b90d2bb2d7a42cfd65656fe7e3cd43c63", "f9d954deda54309e96214df45a0949f22e8f6b77" ], "selected_environment": null, @@ -1703,6 +1708,31 @@ } ], "operations": [ + { + "automatic": false, + "commands": [], + "destructive": false, + "evidence": [ + "windows-primary", + "G:\\_codex-git\\tudo-para-ia-mais-humana", + "M src/mais_humana/generated_mcp_control_contracts.py", + " M src/mais_humana/mcp_contract.py", + " M tests/test_mcp_provider_contract.py", + " M tools/generate_mcp_control_contracts.py" + ], + "operation_id": "mesh-op-939aab9da783", + "preconditions": [ + "registrar diff", + "commit ou stash consciente", + "decidir precedencia antes de pull/merge" + ], + "reason": "alteracoes locais nao commitadas podem ser a versao valida mais recente", + "rollback": [], + "severity": "blocker", + "status": "dirty_blocked", + "target_name": "tudo-para-ia-mais-humana-platform", + "title": "Bloquear sincronizacao destrutiva por working tree sujo" + }, { "automatic": false, "commands": [], @@ -1747,18 +1777,19 @@ } ], "pending_items": [ + "alteracoes locais nao commitadas podem ser a versao valida mais recente", "ambiente declarado pela OS nao esta acessivel a partir desta sessao", - "windows-secondary esta ahead=1 behind=11" + "windows-primary possui working tree sujo" ], - "receipt_id": "mesh-receipt-c6a2b8e7407d", + "receipt_id": "mesh-receipt-02d7454d0e65", "risk": "blocked", "safe_to_auto_sync": false, - "status": "environment_blocked", + "status": "dirty_blocked", "target_name": "tudo-para-ia-mais-humana-platform" }, { "expected_local_name": "tudo-para-ia-mcps-internos-plataform", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-mcps-internos-plataform", "latest_state": { "blockers": [], @@ -1770,8 +1801,8 @@ "cleanliness": "clean", "environment_id": "windows-primary", "environment_kind": "windows_primary", - "head": "694c3906aa8811c3733aa43897cbea602ffe525b", - "observed_at": "2026-05-02T02:38:06+00:00", + "head": "26ddf904aca27526a043634825af07ac85f0a91f", + "observed_at": "2026-05-02T05:32:27+00:00", "path": "G:\\_codex-git\\tudo-para-ia-mcps-internos-plataform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-mcps-internos-plataform.git", "status_preview": [], @@ -1785,8 +1816,8 @@ "cleanliness": "clean", "environment_id": "windows-secondary", "environment_kind": "windows_secondary", - "head": "694c3906aa8811c3733aa43897cbea602ffe525b", - "observed_at": "2026-05-02T02:38:08+00:00", + "head": "26ddf904aca27526a043634825af07ac85f0a91f", + "observed_at": "2026-05-02T05:32:32+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-mcps-internos-plataform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-mcps-internos-plataform.git", "status_preview": [], @@ -1799,7 +1830,7 @@ "reason": "todos os ambientes com HEAD confirmado apontam para o mesmo commit", "rejected_heads": [], "selected_environment": "windows-primary", - "selected_head": "694c3906aa8811c3733aa43897cbea602ffe525b", + "selected_head": "26ddf904aca27526a043634825af07ac85f0a91f", "selected_path": "G:\\_codex-git\\tudo-para-ia-mcps-internos-plataform", "target_name": "tudo-para-ia-mcps-internos-plataform" }, @@ -1904,7 +1935,7 @@ "pending_items": [ "ambiente declarado pela OS nao esta acessivel a partir desta sessao" ], - "receipt_id": "mesh-receipt-ee4775550bc8", + "receipt_id": "mesh-receipt-74871925a86b", "risk": "blocked", "safe_to_auto_sync": false, "status": "environment_blocked", @@ -1912,7 +1943,7 @@ }, { "expected_local_name": "tudo-para-ia-platform-base", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-platform-base", "latest_state": { "blockers": [ @@ -1926,8 +1957,8 @@ "cleanliness": "clean", "environment_id": "windows-primary", "environment_kind": "windows_primary", - "head": "f87d17cf683222b53fb7a1e6217667d7af35fd45", - "observed_at": "2026-05-02T02:38:09+00:00", + "head": "c326f6e7014a08ce4d9cbdf20576f8356920f4a1", + "observed_at": "2026-05-02T05:32:33+00:00", "path": "G:\\_codex-git\\tudo-para-ia-platform-base", "remote": "https://git.ami.app.br/admin/tudo-para-ia-platform-base.git", "status_preview": [], @@ -1936,13 +1967,13 @@ }, { "ahead": 0, - "behind": 9, + "behind": 10, "branch": "main", "cleanliness": "dirty", "environment_id": "windows-secondary", "environment_kind": "windows_secondary", "head": "4f6e1590ddafd990da4fb07c50e97a545a05aa36", - "observed_at": "2026-05-02T02:38:10+00:00", + "observed_at": "2026-05-02T05:32:35+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-platform-base", "remote": "https://git.ami.app.br/admin/tudo-para-ia-platform-base.git", "status_preview": [ @@ -1963,7 +1994,7 @@ "precedence": "dirty_tree", "reason": "estado sujo impede declarar commit como fonte unica de verdade", "rejected_heads": [ - "f87d17cf683222b53fb7a1e6217667d7af35fd45", + "c326f6e7014a08ce4d9cbdf20576f8356920f4a1", "4f6e1590ddafd990da4fb07c50e97a545a05aa36" ], "selected_environment": null, @@ -2095,7 +2126,7 @@ }, { "expected_local_name": "tudo-para-ia-public-platform", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-public-platform", "latest_state": { "blockers": [], @@ -2108,7 +2139,7 @@ "environment_id": "windows-primary", "environment_kind": "windows_primary", "head": "7980d3de29ab1432feb8b1fdcc6ad3e06dae8825", - "observed_at": "2026-05-02T02:38:10+00:00", + "observed_at": "2026-05-02T05:32:36+00:00", "path": "G:\\_codex-git\\tudo-para-ia-public-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-public-platform.git", "status_preview": [], @@ -2123,7 +2154,7 @@ "environment_id": "windows-secondary", "environment_kind": "windows_secondary", "head": "7980d3de29ab1432feb8b1fdcc6ad3e06dae8825", - "observed_at": "2026-05-02T02:38:11+00:00", + "observed_at": "2026-05-02T05:32:37+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-public-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-public-platform.git", "status_preview": [], @@ -2249,7 +2280,7 @@ }, { "expected_local_name": "tudo-para-ia-stj-platform", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-stj-platform", "latest_state": { "blockers": [], @@ -2262,7 +2293,7 @@ "environment_id": "windows-primary", "environment_kind": "windows_primary", "head": "b83f848f3ef61c83e8abc342066a7cb161b9237c", - "observed_at": "2026-05-02T02:38:13+00:00", + "observed_at": "2026-05-02T05:32:38+00:00", "path": "G:\\_codex-git\\tudo-para-ia-stj-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-stj-platform.git", "status_preview": [], @@ -2277,7 +2308,7 @@ "environment_id": "windows-secondary", "environment_kind": "windows_secondary", "head": "b83f848f3ef61c83e8abc342066a7cb161b9237c", - "observed_at": "2026-05-02T02:38:14+00:00", + "observed_at": "2026-05-02T05:32:39+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-stj-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-stj-platform.git", "status_preview": [], @@ -2403,23 +2434,33 @@ }, { "expected_local_name": "tudo-para-ia-ui-platform", - "generated_at": "2026-05-02T02:38:16+00:00", + "generated_at": "2026-05-02T05:32:42+00:00", "gitea_repo": "admin/tudo-para-ia-ui-platform", "latest_state": { - "blockers": [], + "blockers": [ + "windows-primary possui working tree sujo" + ], "candidates": [ { "ahead": -1, "behind": -1, "branch": "main", - "cleanliness": "clean", + "cleanliness": "dirty", "environment_id": "windows-primary", "environment_kind": "windows_primary", - "head": "76c81999d710ab23e438f9017192dd9fd37018af", - "observed_at": "2026-05-02T02:38:15+00:00", + "head": "a1e6f07058d82892abbdca8d1f25ce3f0a072e44", + "observed_at": "2026-05-02T05:32:40+00:00", "path": "G:\\_codex-git\\tudo-para-ia-ui-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-ui-platform.git", - "status_preview": [], + "status_preview": [ + "M reports/browser-validations/index.json", + " M reports/latest-mcp-gateway-evidence.json", + " M reports/latest-static-browser-validation.json", + " M reports/latest-unit-tests.json", + " M reports/mcp-gateway-evidence/index.json", + "?? reports/browser-validations/static-browser-validation-20260502053043.json", + "?? reports/mcp-gateway-evidence/mcp-gateway-evidence-20260502053114-483b3a8d.json" + ], "target_name": "tudo-para-ia-ui-platform", "upstream": "" }, @@ -2430,8 +2471,8 @@ "cleanliness": "clean", "environment_id": "windows-secondary", "environment_kind": "windows_secondary", - "head": "76c81999d710ab23e438f9017192dd9fd37018af", - "observed_at": "2026-05-02T02:38:16+00:00", + "head": "a1e6f07058d82892abbdca8d1f25ce3f0a072e44", + "observed_at": "2026-05-02T05:32:42+00:00", "path": "G:\\codex_vm\\_codex-git\\tudo-para-ia-ui-platform", "remote": "https://git.ami.app.br/admin/tudo-para-ia-ui-platform.git", "status_preview": [], @@ -2439,13 +2480,15 @@ "upstream": "origin/main" } ], - "confidence": 0.95, - "precedence": "single_hash", - "reason": "todos os ambientes com HEAD confirmado apontam para o mesmo commit", - "rejected_heads": [], - "selected_environment": "windows-primary", - "selected_head": "76c81999d710ab23e438f9017192dd9fd37018af", - "selected_path": "G:\\_codex-git\\tudo-para-ia-ui-platform", + "confidence": 0.25, + "precedence": "dirty_tree", + "reason": "estado sujo impede declarar commit como fonte unica de verdade", + "rejected_heads": [ + "a1e6f07058d82892abbdca8d1f25ce3f0a072e44" + ], + "selected_environment": null, + "selected_head": null, + "selected_path": null, "target_name": "tudo-para-ia-ui-platform" }, "naming_decisions": [ @@ -2503,6 +2546,34 @@ } ], "operations": [ + { + "automatic": false, + "commands": [], + "destructive": false, + "evidence": [ + "windows-primary", + "G:\\_codex-git\\tudo-para-ia-ui-platform", + "M reports/browser-validations/index.json", + " M reports/latest-mcp-gateway-evidence.json", + " M reports/latest-static-browser-validation.json", + " M reports/latest-unit-tests.json", + " M reports/mcp-gateway-evidence/index.json", + "?? reports/browser-validations/static-browser-validation-20260502053043.json", + "?? reports/mcp-gateway-evidence/mcp-gateway-evidence-20260502053114-483b3a8d.json" + ], + "operation_id": "mesh-op-a2cb403626e6", + "preconditions": [ + "registrar diff", + "commit ou stash consciente", + "decidir precedencia antes de pull/merge" + ], + "reason": "alteracoes locais nao commitadas podem ser a versao valida mais recente", + "rollback": [], + "severity": "blocker", + "status": "dirty_blocked", + "target_name": "tudo-para-ia-ui-platform", + "title": "Bloquear sincronizacao destrutiva por working tree sujo" + }, { "automatic": false, "commands": [], @@ -2547,16 +2618,18 @@ } ], "pending_items": [ - "ambiente declarado pela OS nao esta acessivel a partir desta sessao" + "alteracoes locais nao commitadas podem ser a versao valida mais recente", + "ambiente declarado pela OS nao esta acessivel a partir desta sessao", + "windows-primary possui working tree sujo" ], - "receipt_id": "mesh-receipt-0da2571a6260", + "receipt_id": "mesh-receipt-05048e673989", "risk": "blocked", "safe_to_auto_sync": false, - "status": "environment_blocked", + "status": "dirty_blocked", "target_name": "tudo-para-ia-ui-platform" } ], - "report_id": "repository-mesh-01dbdab36e20", + "report_id": "repository-mesh-28c1ea98b122", "summary": [ "recibos: 15", "auto_sync_ready: 0", diff --git a/dados/repository-mesh-summary.json b/dados/repository-mesh-summary.json index ca9494c..2f42440 100644 --- a/dados/repository-mesh-summary.json +++ b/dados/repository-mesh-summary.json @@ -2,41 +2,43 @@ "attention": 0, "blocked": 15, "credentialErrors": 0, - "destructiveBlocks": 7, - "dirtyRepositories": 4, + "destructiveBlocks": 9, + "dirtyRepositories": 6, "environments": 4, - "fetchEnabled": false, - "generatedAt": "2026-05-02T02:38:16+00:00", + "fetchEnabled": true, + "generatedAt": "2026-05-02T05:32:42+00:00", "missingMaterializations": 30, "observations": 60, "ok": 0, - "pluginAuthAttempt": "git fetch/push bloqueado por SEC_E_NO_CREDENTIALS no ciclo seguro da rodada; sem reset destrutivo", - "reportId": "repository-mesh-01dbdab36e20", + "pluginAuthAttempt": "mcp_tool_call_rejected_before_router", + "reportId": "repository-mesh-28c1ea98b122", "repositories": [ { "actionKinds": [ - "fetch", + "register_evidence", "require_environment_access" ], - "alignedHash": "bb1cec9a273a3c64023a6e7554e33a31bd7a8015", + "alignedHash": "775e3c0ba8dfd5dc03c7e03384b0adbf93be729e", "credentialErrors": 0, "declaredName": "tudo-para-ia-business-platform", "dirty": 0, "expectedLocalName": "tudo-para-ia-business-platform", - "fetchErrorKinds": [], + "fetchErrorKinds": [ + "unknown" + ], "giteaRepo": "admin/tudo-para-ia-business-platform", "hashes": [ - "bb1cec9a273a3c64023a6e7554e33a31bd7a8015" + "775e3c0ba8dfd5dc03c7e03384b0adbf93be729e" ], "missing": 2, "nominalMismatch": 2, "remoteMismatch": 0, "risk": "blocked", - "summary": "hash unico bb1cec9a273a; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais" + "summary": "hash unico 775e3c0ba8df; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais" }, { "actionKinds": [ - "fetch", + "register_evidence", "require_environment_access" ], "alignedHash": "a97cd9a1103e336b14d52570788095cfaea71394", @@ -44,7 +46,9 @@ "declaredName": "tudo-para-ia-compliance-platform", "dirty": 0, "expectedLocalName": "tudo-para-ia-compliance-platform", - "fetchErrorKinds": [], + "fetchErrorKinds": [ + "unknown" + ], "giteaRepo": "admin/tudo-para-ia-compliance-platform", "hashes": [ "a97cd9a1103e336b14d52570788095cfaea71394" @@ -57,7 +61,7 @@ }, { "actionKinds": [ - "fetch", + "register_evidence", "require_environment_access" ], "alignedHash": "bf45665a80ffd63b0ddb5608a49007429c140a39", @@ -65,7 +69,9 @@ "declaredName": "tudo-para-ia-customer-ops-platform", "dirty": 0, "expectedLocalName": "tudo-para-ia-customer-ops-platform", - "fetchErrorKinds": [], + "fetchErrorKinds": [ + "unknown" + ], "giteaRepo": "admin/tudo-para-ia-customer-ops-platform", "hashes": [ "bf45665a80ffd63b0ddb5608a49007429c140a39" @@ -78,94 +84,103 @@ }, { "actionKinds": [ - "fetch", + "register_evidence", "require_environment_access" ], - "alignedHash": "e7330785b3b792c8401bfec9ae46c146f1231155", + "alignedHash": "f0d043d97d78b31f95c55ab1be2cfff5e65ec500", "credentialErrors": 0, "declaredName": "tudo-para-ia-docs-plataform", "dirty": 0, "expectedLocalName": "tudo-para-ia-docs-plataform", - "fetchErrorKinds": [], + "fetchErrorKinds": [ + "unknown" + ], "giteaRepo": "admin/tudo-para-ia-docs-plataform", "hashes": [ - "e7330785b3b792c8401bfec9ae46c146f1231155" + "f0d043d97d78b31f95c55ab1be2cfff5e65ec500" ], "missing": 2, "nominalMismatch": 2, "remoteMismatch": 0, "risk": "blocked", - "summary": "hash unico e7330785b3b7; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais" + "summary": "hash unico f0d043d97d78; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais" }, { "actionKinds": [ "block_destructive_sync", - "fetch", + "register_evidence", "require_environment_access" ], - "alignedHash": "af42e69e75fa557d1cb646f18b9c20593854cd96", + "alignedHash": "c09e54801470f45b22513b53fdedb3cc3750654b", "credentialErrors": 0, "declaredName": "tudo-para-ia-finance-platform", "dirty": 1, "expectedLocalName": "tudo-para-ia-finance-platform", - "fetchErrorKinds": [], + "fetchErrorKinds": [ + "unknown" + ], "giteaRepo": "admin/tudo-para-ia-finance-platform", "hashes": [ - "af42e69e75fa557d1cb646f18b9c20593854cd96" + "c09e54801470f45b22513b53fdedb3cc3750654b" ], "missing": 2, "nominalMismatch": 2, "remoteMismatch": 0, "risk": "blocked", - "summary": "hash unico af42e69e75fa; 2 materializacoes ausentes/inacessiveis; 1 worktrees sujos; 2 divergencias nominais; 1 bloqueios contra sync destrutiva" + "summary": "hash unico c09e54801470; 2 materializacoes ausentes/inacessiveis; 1 worktrees sujos; 2 divergencias nominais; 1 bloqueios contra sync destrutiva" }, { "actionKinds": [ - "fetch", + "register_evidence", "require_environment_access" ], - "alignedHash": "d116fb397d34068883f78e7508aedb97b0fa7eab", + "alignedHash": "e304fb7dbfc34ff5c05bd636194e1ccb6a307931", "credentialErrors": 0, "declaredName": "tudo-para-ia-gettys-platform", "dirty": 0, "expectedLocalName": "tudo-para-ia-gettys-platform", - "fetchErrorKinds": [], + "fetchErrorKinds": [ + "unknown" + ], "giteaRepo": "admin/tudo-para-ia-gettys-platform", "hashes": [ - "d116fb397d34068883f78e7508aedb97b0fa7eab" + "e304fb7dbfc34ff5c05bd636194e1ccb6a307931" ], "missing": 2, "nominalMismatch": 2, "remoteMismatch": 0, "risk": "blocked", - "summary": "hash unico d116fb397d34; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais" + "summary": "hash unico e304fb7dbfc3; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais" }, { "actionKinds": [ "block_destructive_sync", - "fetch", + "register_evidence", "require_environment_access" ], - "alignedHash": "5d47be0be72a335d59be91c6dc36756e20355847", + "alignedHash": "a31adba6dd47eec7f584dbac0e8a76bc802ad3c0", "credentialErrors": 0, "declaredName": "tudo-para-ia-identity-platform", "dirty": 1, "expectedLocalName": "tudo-para-ia-identity-platform", - "fetchErrorKinds": [], + "fetchErrorKinds": [ + "unknown" + ], "giteaRepo": "admin/tudo-para-ia-identity-platform", "hashes": [ - "5d47be0be72a335d59be91c6dc36756e20355847" + "a31adba6dd47eec7f584dbac0e8a76bc802ad3c0" ], "missing": 2, "nominalMismatch": 2, "remoteMismatch": 0, "risk": "blocked", - "summary": "hash unico 5d47be0be72a; 2 materializacoes ausentes/inacessiveis; 1 worktrees sujos; 2 divergencias nominais; 1 bloqueios contra sync destrutiva" + "summary": "hash unico a31adba6dd47; 2 materializacoes ausentes/inacessiveis; 1 worktrees sujos; 2 divergencias nominais; 1 bloqueios contra sync destrutiva" }, { "actionKinds": [ "fix_remote_url", "block_destructive_sync", + "register_evidence", "rename_local_folder", "require_environment_access" ], @@ -174,7 +189,9 @@ "declaredName": "tudo-para-ia-integracoes-platform", "dirty": 1, "expectedLocalName": "tudo-para-ia-integracoes-platform", - "fetchErrorKinds": [], + "fetchErrorKinds": [ + "unknown" + ], "giteaRepo": "admin/tudo-para-ia-integracoes-platform", "hashes": [ "e067074d349a7101579276bd582601b3e6476de8", @@ -188,7 +205,7 @@ }, { "actionKinds": [ - "fetch", + "register_evidence", "require_environment_access" ], "alignedHash": "37c3ae1945864be8fed0e3dd4c0c560b486fba09", @@ -196,7 +213,9 @@ "declaredName": "tudo-para-ia-intelligence-platform", "dirty": 0, "expectedLocalName": "tudo-para-ia-intelligence-platform", - "fetchErrorKinds": [], + "fetchErrorKinds": [ + "unknown" + ], "giteaRepo": "admin/tudo-para-ia-intelligence-platform", "hashes": [ "37c3ae1945864be8fed0e3dd4c0c560b486fba09" @@ -209,51 +228,55 @@ }, { "actionKinds": [ - "fetch", "block_destructive_sync", + "register_evidence", "require_environment_access" ], "alignedHash": null, "credentialErrors": 0, "declaredName": "tudo-para-ia-mais-humana-platform", - "dirty": 0, + "dirty": 1, "expectedLocalName": "tudo-para-ia-mais-humana", - "fetchErrorKinds": [], + "fetchErrorKinds": [ + "unknown" + ], "giteaRepo": "admin/tudo-para-ia-mais-humana", "hashes": [ - "cdce7a8b65d26384877de0fe599f603eb39e43e2", + "9493926b90d2bb2d7a42cfd65656fe7e3cd43c63", "f9d954deda54309e96214df45a0949f22e8f6b77" ], "missing": 2, "nominalMismatch": 2, "remoteMismatch": 0, "risk": "blocked", - "summary": "2 hashes distintos; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais; 1 bloqueios contra sync destrutiva" + "summary": "2 hashes distintos; 2 materializacoes ausentes/inacessiveis; 1 worktrees sujos; 2 divergencias nominais; 2 bloqueios contra sync destrutiva" }, { "actionKinds": [ - "fetch", + "register_evidence", "require_environment_access" ], - "alignedHash": "694c3906aa8811c3733aa43897cbea602ffe525b", + "alignedHash": "26ddf904aca27526a043634825af07ac85f0a91f", "credentialErrors": 0, "declaredName": "tudo-para-ia-mcps-internos-plataform", "dirty": 0, "expectedLocalName": "tudo-para-ia-mcps-internos-plataform", - "fetchErrorKinds": [], + "fetchErrorKinds": [ + "unknown" + ], "giteaRepo": "admin/tudo-para-ia-mcps-internos-plataform", "hashes": [ - "694c3906aa8811c3733aa43897cbea602ffe525b" + "26ddf904aca27526a043634825af07ac85f0a91f" ], "missing": 2, "nominalMismatch": 2, "remoteMismatch": 0, "risk": "blocked", - "summary": "hash unico 694c3906aa88; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais" + "summary": "hash unico 26ddf904aca2; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais" }, { "actionKinds": [ - "fetch", + "register_evidence", "block_destructive_sync", "require_environment_access" ], @@ -262,10 +285,12 @@ "declaredName": "tudo-para-ia-platform-base", "dirty": 1, "expectedLocalName": "tudo-para-ia-platform-base", - "fetchErrorKinds": [], + "fetchErrorKinds": [ + "unknown" + ], "giteaRepo": "admin/tudo-para-ia-platform-base", "hashes": [ - "f87d17cf683222b53fb7a1e6217667d7af35fd45", + "c326f6e7014a08ce4d9cbdf20576f8356920f4a1", "4f6e1590ddafd990da4fb07c50e97a545a05aa36" ], "missing": 2, @@ -276,7 +301,7 @@ }, { "actionKinds": [ - "fetch", + "register_evidence", "require_environment_access" ], "alignedHash": "7980d3de29ab1432feb8b1fdcc6ad3e06dae8825", @@ -284,7 +309,9 @@ "declaredName": "tudo-para-ia-public-platform", "dirty": 0, "expectedLocalName": "tudo-para-ia-public-platform", - "fetchErrorKinds": [], + "fetchErrorKinds": [ + "unknown" + ], "giteaRepo": "admin/tudo-para-ia-public-platform", "hashes": [ "7980d3de29ab1432feb8b1fdcc6ad3e06dae8825" @@ -297,7 +324,7 @@ }, { "actionKinds": [ - "fetch", + "register_evidence", "require_environment_access" ], "alignedHash": "b83f848f3ef61c83e8abc342066a7cb161b9237c", @@ -305,7 +332,9 @@ "declaredName": "tudo-para-ia-stj-platform", "dirty": 0, "expectedLocalName": "tudo-para-ia-stj-platform", - "fetchErrorKinds": [], + "fetchErrorKinds": [ + "unknown" + ], "giteaRepo": "admin/tudo-para-ia-stj-platform", "hashes": [ "b83f848f3ef61c83e8abc342066a7cb161b9237c" @@ -318,24 +347,27 @@ }, { "actionKinds": [ - "fetch", + "block_destructive_sync", + "register_evidence", "require_environment_access" ], - "alignedHash": "76c81999d710ab23e438f9017192dd9fd37018af", + "alignedHash": "a1e6f07058d82892abbdca8d1f25ce3f0a072e44", "credentialErrors": 0, "declaredName": "tudo-para-ia-ui-platform", - "dirty": 0, + "dirty": 1, "expectedLocalName": "tudo-para-ia-ui-platform", - "fetchErrorKinds": [], + "fetchErrorKinds": [ + "unknown" + ], "giteaRepo": "admin/tudo-para-ia-ui-platform", "hashes": [ - "76c81999d710ab23e438f9017192dd9fd37018af" + "a1e6f07058d82892abbdca8d1f25ce3f0a072e44" ], "missing": 2, "nominalMismatch": 2, "remoteMismatch": 0, "risk": "blocked", - "summary": "hash unico 76c81999d710; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais" + "summary": "hash unico a1e6f07058d8; 2 materializacoes ausentes/inacessiveis; 1 worktrees sujos; 2 divergencias nominais; 1 bloqueios contra sync destrutiva" } ], "targets": 15 diff --git a/ecossistema/REPOSITORY-MESH-AUTOMATION.md b/ecossistema/REPOSITORY-MESH-AUTOMATION.md index d322a29..2e712c1 100644 --- a/ecossistema/REPOSITORY-MESH-AUTOMATION.md +++ b/ecossistema/REPOSITORY-MESH-AUTOMATION.md @@ -34,7 +34,7 @@ Register-ScheduledTask -TaskName 'TudoParaIA-RepositoryMeshSync' -Action $action ## Estado desta rodada -- report_id: `repository-mesh-01dbdab36e20` +- report_id: `repository-mesh-28c1ea98b122` - blocked: `15` - attention: `0` - credential_errors: `0` @@ -42,18 +42,18 @@ Register-ScheduledTask -TaskName 'TudoParaIA-RepositoryMeshSync' -Action $action ## Bloqueios para ativacao plena -- tudo-para-ia-business-platform: hash unico bb1cec9a273a; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais +- tudo-para-ia-business-platform: hash unico 775e3c0ba8df; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais - tudo-para-ia-compliance-platform: hash unico a97cd9a1103e; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais - tudo-para-ia-customer-ops-platform: hash unico bf45665a80ff; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais -- tudo-para-ia-docs-plataform: hash unico e7330785b3b7; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais -- tudo-para-ia-finance-platform: hash unico af42e69e75fa; 2 materializacoes ausentes/inacessiveis; 1 worktrees sujos; 2 divergencias nominais; 1 bloqueios contra sync destrutiva -- tudo-para-ia-gettys-platform: hash unico d116fb397d34; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais -- tudo-para-ia-identity-platform: hash unico 5d47be0be72a; 2 materializacoes ausentes/inacessiveis; 1 worktrees sujos; 2 divergencias nominais; 1 bloqueios contra sync destrutiva +- tudo-para-ia-docs-plataform: hash unico f0d043d97d78; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais +- tudo-para-ia-finance-platform: hash unico c09e54801470; 2 materializacoes ausentes/inacessiveis; 1 worktrees sujos; 2 divergencias nominais; 1 bloqueios contra sync destrutiva +- tudo-para-ia-gettys-platform: hash unico e304fb7dbfc3; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais +- tudo-para-ia-identity-platform: hash unico a31adba6dd47; 2 materializacoes ausentes/inacessiveis; 1 worktrees sujos; 2 divergencias nominais; 1 bloqueios contra sync destrutiva - tudo-para-ia-integracoes-platform: 2 hashes distintos; 2 materializacoes ausentes/inacessiveis; 1 worktrees sujos; 2 remotes divergentes; 3 divergencias nominais; 2 bloqueios contra sync destrutiva - tudo-para-ia-intelligence-platform: hash unico 37c3ae194586; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais -- tudo-para-ia-mais-humana-platform: 2 hashes distintos; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais; 1 bloqueios contra sync destrutiva -- tudo-para-ia-mcps-internos-plataform: hash unico 694c3906aa88; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais +- tudo-para-ia-mais-humana-platform: 2 hashes distintos; 2 materializacoes ausentes/inacessiveis; 1 worktrees sujos; 2 divergencias nominais; 2 bloqueios contra sync destrutiva +- tudo-para-ia-mcps-internos-plataform: hash unico 26ddf904aca2; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais - tudo-para-ia-platform-base: 2 hashes distintos; 2 materializacoes ausentes/inacessiveis; 1 worktrees sujos; 2 divergencias nominais; 2 bloqueios contra sync destrutiva - tudo-para-ia-public-platform: hash unico 7980d3de29ab; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais - tudo-para-ia-stj-platform: hash unico b83f848f3ef6; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais -- tudo-para-ia-ui-platform: hash unico 76c81999d710; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais +- tudo-para-ia-ui-platform: hash unico a1e6f07058d8; 2 materializacoes ausentes/inacessiveis; 1 worktrees sujos; 2 divergencias nominais; 1 bloqueios contra sync destrutiva diff --git a/ecossistema/REPOSITORY-MESH-CENTRAL-WRITE-STATUS.md b/ecossistema/REPOSITORY-MESH-CENTRAL-WRITE-STATUS.md index 703d0ef..44b12bb 100644 --- a/ecossistema/REPOSITORY-MESH-CENTRAL-WRITE-STATUS.md +++ b/ecossistema/REPOSITORY-MESH-CENTRAL-WRITE-STATUS.md @@ -1,11 +1,11 @@ # Repository Mesh Central Write Status -- generated_at: `2026-05-02T02:38:16+00:00` -- central_platform_folder: `` -- requested: `False` -- ok: `True` +- generated_at: `2026-05-02T05:32:42+00:00` +- central_platform_folder: `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform` +- requested: `True` +- ok: `False` - written_count: `0` -- failure_count: `0` +- failure_count: `4` ## Arquivos escritos @@ -13,7 +13,10 @@ ## Falhas -- Nenhuma falha de escrita central registrada. +- `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\reports\EXECUTADO__repository-mesh-sync.md` `write_text`: PermissionError: [Errno 13] Permission denied: 'G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\reports\\EXECUTADO__repository-mesh-sync.md' +- `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\reports\PENDENCIAS-CODEX__repository-mesh-sync.md` `write_text`: PermissionError: [Errno 13] Permission denied: 'G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\reports\\PENDENCIAS-CODEX__repository-mesh-sync.md' +- `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\audit\AUDITORIA-GPT__repository-mesh-sync.md` `write_text`: PermissionError: [Errno 13] Permission denied: 'G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\audit\\AUDITORIA-GPT__repository-mesh-sync.md' +- `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\indexes\repository-mesh-index.md` `write_text`: PermissionError: [Errno 13] Permission denied: 'G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\indexes\\repository-mesh-index.md' ## Politica diff --git a/ecossistema/REPOSITORY-MESH-ORDERS.md b/ecossistema/REPOSITORY-MESH-ORDERS.md index 57f39a3..3cb2196 100644 --- a/ecossistema/REPOSITORY-MESH-ORDERS.md +++ b/ecossistema/REPOSITORY-MESH-ORDERS.md @@ -1,94 +1,314 @@ # Ordens relacionadas por repositorio -- report_id: `repository-mesh-01dbdab36e20` -- generated_at: `2026-05-02T02:38:16+00:00` +- report_id: `repository-mesh-28c1ea98b122` +- generated_at: `2026-05-02T05:32:42+00:00` ## tudo-para-ia-business-platform - pasta_central: `01_repo_tudo-para-ia-business-platform` - risco: `blocked` -- ordens_ativas: nenhuma ordem encontrada ou pasta central ausente +- ordens_ativas: + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\01_repo_tudo-para-ia-business-platform\orders\executivas\0066_EXECUTIVA__executar-health-live-mcp-gateway-business-via-wrangler.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\01_repo_tudo-para-ia-business-platform\orders\executivas\0067_EXECUTIVA__executar-identity-write-com-approvalid-e-readback-transit.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\01_repo_tudo-para-ia-business-platform\orders\executivas\0068_EXECUTIVA__obter-finance-receipt-ledger-e-smoke-controlado.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\01_repo_tudo-para-ia-business-platform\orders\executivas\0069_EXECUTIVA__sincronizar-remotos-business-mcps-central-com-credenciais-schannel.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\01_repo_tudo-para-ia-business-platform\orders\executivas\0070_EXECUTIVA__fechar-typecheck-mcps-sem-debito-docs-smokecases.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\01_repo_tudo-para-ia-business-platform\orders\gerenciais\0061_GERENCIAL__homologar-runner-wrangler-node-npm-sem-spawn-eperm.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\01_repo_tudo-para-ia-business-platform\orders\gerenciais\0062_GERENCIAL__pactuar-contrato-docs-smokecases-para-typecheck-ecossistema.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\01_repo_tudo-para-ia-business-platform\orders\gerenciais\0063_GERENCIAL__governar-readiness-round-0061-0065-como-gate-business-mcps.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\01_repo_tudo-para-ia-business-platform\orders\gerenciais\0064_GERENCIAL__definir-politica-sync-auto-sync-e-commits-multi-repo.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\01_repo_tudo-para-ia-business-platform\orders\gerenciais\0065_GERENCIAL__aprovar-protocolo-identity-finance-com-owners-e-recibos.md` ## tudo-para-ia-compliance-platform - pasta_central: `02_repo_tudo-para-ia-compliance-platform` - risco: `blocked` -- ordens_ativas: nenhuma ordem encontrada ou pasta central ausente +- ordens_ativas: + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\02_repo_tudo-para-ia-compliance-platform\orders\executivas\0027_EXECUTIVA__executar-deploy-wrangler-em-runner-homologado.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\02_repo_tudo-para-ia-compliance-platform\orders\executivas\0028_EXECUTIVA__conectar-identity-business-oficial-live.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\02_repo_tudo-para-ia-compliance-platform\orders\executivas\0029_EXECUTIVA__provar-consumo-ui-governance-live-same-source.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\02_repo_tudo-para-ia-compliance-platform\orders\executivas\0030_EXECUTIVA__publicar-release-gate-em-ci-com-custodia.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\02_repo_tudo-para-ia-compliance-platform\orders\executivas\0031_EXECUTIVA__operacionalizar-retencao-legal-hold-e-descarte-aprovado.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\02_repo_tudo-para-ia-compliance-platform\orders\gerenciais\0021_GERENCIAL__homologar-runner-cloudflare-workers-compliance.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\02_repo_tudo-para-ia-compliance-platform\orders\gerenciais\0022_GERENCIAL__pactuar-cutover-identity-business-live-compliance.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\02_repo_tudo-para-ia-compliance-platform\orders\gerenciais\0023_GERENCIAL__aprovar-politica-retencao-legal-hold-r2-d1.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\02_repo_tudo-para-ia-compliance-platform\orders\gerenciais\0024_GERENCIAL__governar-consumidores-ui-docs-customer-ops.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\02_repo_tudo-para-ia-compliance-platform\orders\gerenciais\0025_GERENCIAL__aprovar-slo-custo-roadmap-tenant-compliance.md` ## tudo-para-ia-customer-ops-platform - pasta_central: `03_repo_tudo-para-ia-customer-ops-platform` - risco: `blocked` -- ordens_ativas: nenhuma ordem encontrada ou pasta central ausente +- ordens_ativas: + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\03_repo_tudo-para-ia-customer-ops-platform\orders\executivas\0041_EXECUTIVA__executar-dryrun-deploy-em-runner-spawn-liberado-com-hash.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\03_repo_tudo-para-ia-customer-ops-platform\orders\executivas\0042_EXECUTIVA__registrar-catalogo-v5-no-mcp-central-com-endpoint-autenticado.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\03_repo_tudo-para-ia-customer-ops-platform\orders\executivas\0043_EXECUTIVA__validar-business-identity-canonicos-com-live-required.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\03_repo_tudo-para-ia-customer-ops-platform\orders\executivas\0044_EXECUTIVA__executar-expurgo-live-com-confirmacao-operador-e-readback.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\03_repo_tudo-para-ia-customer-ops-platform\orders\executivas\0045_EXECUTIVA__validar-health-profile-catalogo-worker-publicado.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\03_repo_tudo-para-ia-customer-ops-platform\orders\gerenciais\0031_GERENCIAL__homologar-runner-wrangler-deploy-com-esbuild-workerd.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\03_repo_tudo-para-ia-customer-ops-platform\orders\gerenciais\0032_GERENCIAL__governar-catalogo-v5-mcp-central-com-rollback.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\03_repo_tudo-para-ia-customer-ops-platform\orders\gerenciais\0033_GERENCIAL__pactuar-matriz-canonica-business-identity-sem-fixture.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\03_repo_tudo-para-ia-customer-ops-platform\orders\gerenciais\0034_GERENCIAL__formalizar-aceite-expurgo-live-com-cadeia-custodia.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\03_repo_tudo-para-ia-customer-ops-platform\orders\gerenciais\0035_GERENCIAL__publicar-politica-evidencia-http-externa-sanitizada.md` ## tudo-para-ia-docs-plataform - pasta_central: `04_repo_tudo-para-ia-docs-plataform` - risco: `blocked` -- ordens_ativas: nenhuma ordem encontrada ou pasta central ausente +- ordens_ativas: + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\04_repo_tudo-para-ia-docs-plataform\orders\executivas\0074_EXECUTIVA__executar-deploy-docs-documentation-quality-gates-em-worker.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\04_repo_tudo-para-ia-docs-plataform\orders\executivas\0075_EXECUTIVA__registrar-docs-ecosystem-documentation-quality-gates-no-mcps-internos.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\04_repo_tudo-para-ia-docs-plataform\orders\executivas\0076_EXECUTIVA__rodar-smoke-remoto-quality-gates-pos-deploy-e-registro.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\04_repo_tudo-para-ia-docs-plataform\orders\executivas\0077_EXECUTIVA__publicar-evidence-pack-quality-gates-em-destino-institucional.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\04_repo_tudo-para-ia-docs-plataform\orders\executivas\0078_EXECUTIVA__reconciliar-push-docs-e-central-quality-gates.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\04_repo_tudo-para-ia-docs-plataform\orders\gerenciais\0071_GERENCIAL__homologar-quality-gates-documentais-como-release-gate-docs.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\04_repo_tudo-para-ia-docs-plataform\orders\gerenciais\0072_GERENCIAL__governar-fila-release-blocked-documental.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\04_repo_tudo-para-ia-docs-plataform\orders\gerenciais\0073_GERENCIAL__pactuar-promocao-docs-ecosystem-tools-response-ready-no-mcp.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\04_repo_tudo-para-ia-docs-plataform\orders\gerenciais\0074_GERENCIAL__homologar-cadencia-deploy-manual-docs-quality-gates.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\04_repo_tudo-para-ia-docs-plataform\orders\gerenciais\0075_GERENCIAL__governar-artefatos-typescript-gerados-quality-gates.md` ## tudo-para-ia-finance-platform - pasta_central: `05_repo_tudo-para-ia-finance-platform` - risco: `blocked` -- ordens_ativas: nenhuma ordem encontrada ou pasta central ausente +- ordens_ativas: + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0001_EXECUTIVA__persistencia-d1-do-ledger-financeiro.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0002_EXECUTIVA__alinhar-contrato-finance-mcp-interno.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0003_EXECUTIVA__provisionar-recursos-cloudflare-finance.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0004_EXECUTIVA__aplicar-schema-d1-real-finance.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0005_EXECUTIVA__publicar-smoke-cloudflare-finance.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0006_EXECUTIVA__definir-eventos-financeiros-canonicos.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0007_EXECUTIVA__integrar-evidencias-finance-d1-kv-r2.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0008_EXECUTIVA__criar-consumer-finance-events.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0009_EXECUTIVA__integrar-eventos-business-finance.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0010_EXECUTIVA__integrar-pagamentos-integracoes-finance.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0011_EXECUTIVA__expor-consulta-evidencias-finance.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0012_EXECUTIVA__automatizar-smoke-publico-finance.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0013_EXECUTIVA__endurecer-consumer-finance-events-dlq-retry.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0014_EXECUTIVA__publicar-produtor-business-revenue-finance.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0015_EXECUTIVA__publicar-produtores-integracoes-payment-cost-finance.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0016_EXECUTIVA__criar-painel-operacional-evidencias-finance.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0017_EXECUTIVA__endurecer-autorizacao-evidence-tools-finance.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0018_EXECUTIVA__validar-publicacao-real-business-revenue-com-plugin-cloudflare.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0019_EXECUTIVA__validar-publicacao-real-integracoes-payment-cost-com-plugin-cloudflare.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0020_EXECUTIVA__automatizar-alertas-operacionais-dlq-replay-e-evidencia.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0021_EXECUTIVA__executar-replay-controlado-real-com-falha-de-homologacao.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0022_EXECUTIVA__integrar-painel-finance-a-ui-platform-admin.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0023_EXECUTIVA__reatestar-plugin-cloudflare-publicacao-business-finance.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0024_EXECUTIVA__reatestar-plugin-cloudflare-publicacao-integracoes-finance.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0025_EXECUTIVA__persistir-alertas-operacionais-em-d1-e-customer-ops.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0026_EXECUTIVA__consumir-contrato-finance-ui-admin-em-ui-platform.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0027_EXECUTIVA__automatizar-replay-homologado-com-approval-real.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0028_EXECUTIVA__liberar-ambiente-wrangler-e-publicar-schema-worker-finance.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0029_EXECUTIVA__validar-endpoints-finance-remotos-pos-deploy.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\05_repo_tudo-para-ia-finance-platform\orders\executivas\0030_EXECUTIVA__executar-validacao-live-business-integracoes-finance.md` ## tudo-para-ia-gettys-platform - pasta_central: `06_repo_tudo-para-ia-gettys-platform` - risco: `blocked` -- ordens_ativas: nenhuma ordem encontrada ou pasta central ausente +- ordens_ativas: + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\06_repo_tudo-para-ia-gettys-platform\orders\executivas\0051_EXECUTIVA__publicar_worker_gettys_v05_com_wrangler_e_validar_admin_status.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\06_repo_tudo-para-ia-gettys-platform\orders\executivas\0052_EXECUTIVA__rodar_regressao_protegida_gettys_com_refs_readonly_internal_pos_deploy.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\06_repo_tudo-para-ia-gettys-platform\orders\executivas\0053_EXECUTIVA__aplicar_provider_gettys_no_mcp_central_apos_admin_status_remoto.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\06_repo_tudo-para-ia-gettys-platform\orders\executivas\0054_EXECUTIVA__publicar_docs_gettys_index_ou_ratificar_catalogonly_com_drift_resolvido.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\06_repo_tudo-para-ia-gettys-platform\orders\executivas\0055_EXECUTIVA__executar_customer_ops_runtime_real_com_admin_status_v05_e_ticketref.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\06_repo_tudo-para-ia-gettys-platform\orders\executivas\0056_EXECUTIVA__publicar_gettys_mcp_remote_validation_pos_deploy_manual.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\06_repo_tudo-para-ia-gettys-platform\orders\executivas\0057_EXECUTIVA__revalidar_gettys_health_openapi_mcp_remote_validation_live.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\06_repo_tudo-para-ia-gettys-platform\orders\executivas\0058_EXECUTIVA__confirmar_admin_status_gettys_com_chave_e_readback.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\06_repo_tudo-para-ia-gettys-platform\orders\executivas\0059_EXECUTIVA__promover_gettys_remote_validation_para_ui_docs_customerops.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\06_repo_tudo-para-ia-gettys-platform\orders\executivas\0060_EXECUTIVA__coletar_aceite_gettys_por_source_hash_remoto.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\06_repo_tudo-para-ia-gettys-platform\orders\gerenciais\0046_GERENCIAL__governar_drift_contrato_remoto_gettys_v02_para_v05.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\06_repo_tudo-para-ia-gettys-platform\orders\gerenciais\0047_GERENCIAL__aprovar_release_window_wrangler_gettys_com_drift_gate.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\06_repo_tudo-para-ia-gettys-platform\orders\gerenciais\0048_GERENCIAL__pactuar_mcp_ui_same_source_gettys_somente_com_admin_status_remoto.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\06_repo_tudo-para-ia-gettys-platform\orders\gerenciais\0049_GERENCIAL__governar_docs_customer_ops_e_slo_apos_contrato_remoto_reconciliado.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\06_repo_tudo-para-ia-gettys-platform\orders\gerenciais\0050_GERENCIAL__definir_cadencia_de_evidencias_live_gettys_sem_expor_segredos.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\06_repo_tudo-para-ia-gettys-platform\orders\gerenciais\0051_GERENCIAL__governar_estado_gettys_worker_ok_mcp_simulated.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\06_repo_tudo-para-ia-gettys-platform\orders\gerenciais\0052_GERENCIAL__aprovar_gate_gettys_openapi_v05_remote_validation.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\06_repo_tudo-para-ia-gettys-platform\orders\gerenciais\0053_GERENCIAL__formalizar_cadencia_evidencias_live_gettys.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\06_repo_tudo-para-ia-gettys-platform\orders\gerenciais\0054_GERENCIAL__governar_aceite_ui_docs_customerops_gettys_por_hash.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\06_repo_tudo-para-ia-gettys-platform\orders\gerenciais\0055_GERENCIAL__alinhar_gettys_na_matriz_router007_cross_platform.md` ## tudo-para-ia-identity-platform - pasta_central: `07_repo_tudo-para-ia-identity-platform` - risco: `blocked` -- ordens_ativas: nenhuma ordem encontrada ou pasta central ausente +- ordens_ativas: + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\executivas\0061_EXECUTIVA__publicar-deploy-nobundle-em-runner-wrangler-sem-spawn-eperm.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\executivas\0062_EXECUTIVA__validar-openapi-auth-policy-governance-order-control-remoto.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\executivas\0063_EXECUTIVA__gerar-snapshots-d1-governance-order-control-com-readback.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\executivas\0064_EXECUTIVA__homologar-consumidores-mcp-ui-docs-gpt-por-hash-remoto.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\executivas\0065_EXECUTIVA__fechar-retencao-24h-com-duas-janelas-reais.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\executivas\0066_EXECUTIVA__publicar-identity-e-mcps-internos-com-wrangler-runner-sem-eperm.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\executivas\0067_EXECUTIVA__validar-gateway-mcp-remoto-com-tools-identity-publicadas.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\executivas\0068_EXECUTIVA__gerar-readback-d1-governance-order-control-access-assurance.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\executivas\0069_EXECUTIVA__coletar-aceite-consumidores-por-hash-remoto-identity.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\executivas\0070_EXECUTIVA__fechar-retencao-24h-identity-com-duas-janelas-d1.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\executivas\0071_EXECUTIVA__publicar_rota_identity_mcp_remote_validation_pos_deploy_manual.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\executivas\0072_EXECUTIVA__configurar_segredo_upstream_identity_access_assurance_no_mcp.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\executivas\0073_EXECUTIVA__revalidar_gateway_mcp_identity_remote_validation_live.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\executivas\0074_EXECUTIVA__gerar_readback_d1_identity_remote_validation_access_assurance.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\executivas\0075_EXECUTIVA__coletar_aceite_consumidores_identity_por_source_hash_remoto.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\gerenciais\0056_GERENCIAL__homologar-runner-oficial-wrangler-node-sem-eperm.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\gerenciais\0057_GERENCIAL__aprovar-release-probe-como-gate-institucional.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\gerenciais\0058_GERENCIAL__pactuar-aceite-consumidores-identity-por-hash-remoto.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\gerenciais\0059_GERENCIAL__formalizar-sla-identity-business-customer-ops-pos-deploy.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\gerenciais\0060_GERENCIAL__governar-metas-de-linhas-por-escopo-material.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\gerenciais\0061_GERENCIAL__homologar-runner-cloudflare-wrangler-sem-wrapper-eperm.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\gerenciais\0062_GERENCIAL__governar-publicacao-mcp-identity-same-source.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\gerenciais\0063_GERENCIAL__aprovar-contrato-access-assurance-com-consumidores.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\gerenciais\0064_GERENCIAL__formalizar-sla-identity-mcps-business-customer-ops.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\gerenciais\0065_GERENCIAL__governar-limite-producao-linhas-sem-enchimento.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\gerenciais\0066_GERENCIAL__governar_estado_publicado_parcial_identity_mcp.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\gerenciais\0067_GERENCIAL__aprovar_rotacao_segredo_identity_mcp_access_assurance.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\gerenciais\0068_GERENCIAL__formalizar_gate_hash_remoto_identity_para_ui_docs_customerops.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\gerenciais\0069_GERENCIAL__governar_matriz_router007_identity_finance_gettys.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\07_repo_tudo-para-ia-identity-platform\orders\gerenciais\0070_GERENCIAL__definir_sla_readback_d1_identity_pos_deploy.md` ## tudo-para-ia-integracoes-platform - pasta_central: `08_repo_tudo-para-ia-integracoes-plataform` - risco: `blocked` -- ordens_ativas: nenhuma ordem encontrada ou pasta central ausente +- ordens_ativas: + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\08_repo_tudo-para-ia-integracoes-plataform\orders\executivas\0046_EXECUTIVA__executar-ci-node24-round12-com-artifact-sourcehash.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\08_repo_tudo-para-ia-integracoes-plataform\orders\executivas\0047_EXECUTIVA__publicar-preview-admin-round12-samesource-com-wrangler.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\08_repo_tudo-para-ia-integracoes-plataform\orders\executivas\0048_EXECUTIVA__provisionar-evidence-store-r2-d1-para-round12-mcp-transit.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\08_repo_tudo-para-ia-integracoes-plataform\orders\executivas\0049_EXECUTIVA__validar-endpoints-gpt-admin-round12-via-mcps-gateway-e-worker.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\08_repo_tudo-para-ia-integracoes-plataform\orders\executivas\0050_EXECUTIVA__homologar-whatsapp-pilot-payload-live-com-connector-consent-ticket.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\08_repo_tudo-para-ia-integracoes-plataform\orders\gerenciais\0041_GERENCIAL__institucionalizar-mcp-transit-control-plane-com-auditoria.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\08_repo_tudo-para-ia-integracoes-plataform\orders\gerenciais\0042_GERENCIAL__aprovar-politica-worker-admin-round12-preview-rollback.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\08_repo_tudo-para-ia-integracoes-plataform\orders\gerenciais\0043_GERENCIAL__definir-store-evidencias-r2-d1-legalhold-e-retencao-round12.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\08_repo_tudo-para-ia-integracoes-plataform\orders\gerenciais\0044_GERENCIAL__firmar-contrato-business-identity-customerops-whatsapp-piloto.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\08_repo_tudo-para-ia-integracoes-plataform\orders\gerenciais\0045_GERENCIAL__governar-runner-node24-artifacts-sourcehash-e-wrangler.md` ## tudo-para-ia-intelligence-platform - pasta_central: `09_repo_tudo-para-ia-intelligence-platform` - risco: `blocked` -- ordens_ativas: nenhuma ordem encontrada ou pasta central ausente +- ordens_ativas: + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\09_repo_tudo-para-ia-intelligence-platform\orders\executivas\0052_EXECUTIVA__executar-wrangler-deploy-e-r2-em-runner-spawn-permitido.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\09_repo_tudo-para-ia-intelligence-platform\orders\executivas\0053_EXECUTIVA__registrar-intelligence-runtime-minimo-no-mcp-apos-url-publica.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\09_repo_tudo-para-ia-intelligence-platform\orders\executivas\0054_EXECUTIVA__executar-owner-gates-live-identity-business-docs-compliance.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\09_repo_tudo-para-ia-intelligence-platform\orders\executivas\0055_EXECUTIVA__persistir-admin-same-source-em-d1-kv-r2-e-comparar-hashes.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\09_repo_tudo-para-ia-intelligence-platform\orders\executivas\0056_EXECUTIVA__sincronizar-commits-e-push-com-pathspec-validado.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\09_repo_tudo-para-ia-intelligence-platform\orders\gerenciais\0047_GERENCIAL__homologar-runner-cloudflare-oficial-intelligence.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\09_repo_tudo-para-ia-intelligence-platform\orders\gerenciais\0048_GERENCIAL__aprovar-retencao-admin-same-source-compliance-com-r2.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\09_repo_tudo-para-ia-intelligence-platform\orders\gerenciais\0049_GERENCIAL__pactuar-mcp-runtime-minimum-com-docs-e-ui.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\09_repo_tudo-para-ia-intelligence-platform\orders\gerenciais\0050_GERENCIAL__separar-readiness-tecnica-comercial-e-governanca.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\09_repo_tudo-para-ia-intelligence-platform\orders\gerenciais\0051_GERENCIAL__governar-sincronizacao-central-com-worktree-multi-plataforma.md` ## tudo-para-ia-mais-humana-platform - pasta_central: `15_repo_tudo-para-ia-mais-humana-platform` - risco: `blocked` -- ordens_ativas: nenhuma ordem encontrada ou pasta central ausente +- ordens_ativas: + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0001_EXECUTIVA__resolver-ou-formalizar-bloqueios-conhecidos.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0002_EXECUTIVA__resolver-ou-formalizar-bloqueios-conhecidos.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0003_EXECUTIVA__resolver-ou-formalizar-bloqueios-conhecidos.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0004_EXECUTIVA__elevar-maturidade-humana-de-business-platform.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0005_EXECUTIVA__elevar-maturidade-humana-de-compliance-platform.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0006_EXECUTIVA__resolver-ou-formalizar-bloqueios-conhecidos.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0007_EXECUTIVA__resolver-ou-formalizar-bloqueios-conhecidos.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0008_EXECUTIVA__resolver-ou-formalizar-bloqueios-conhecidos.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0009_EXECUTIVA__elevar-maturidade-humana-de-business-platform.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0010_EXECUTIVA__elevar-maturidade-humana-de-compliance-platform.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0011_EXECUTIVA__resolver-ou-formalizar-bloqueios-conhecidos.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0012_EXECUTIVA__resolver-ou-formalizar-bloqueios-conhecidos.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0013_EXECUTIVA__resolver-ou-formalizar-bloqueios-conhecidos.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0014_EXECUTIVA__elevar-maturidade-humana-de-business-platform.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0015_EXECUTIVA__elevar-maturidade-humana-de-compliance-platform.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0016_EXECUTIVA__publicar-rulebook-mcp-provider-mais-humana.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0017_EXECUTIVA__resolver-docs-catalogonly-com-response-ready-minimo.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0018_EXECUTIVA__classificar-truthstate-e-sourcehash-em-todas-as-plataformas.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0019_EXECUTIVA__blindar-redaction-credentialref-e-cfat-em-artefatos.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0020_EXECUTIVA__validar-mcp-admin-ui-same-source-rulebook.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0021_EXECUTIVA__validar-mcp-gateway-live-rulebook-com-wrangler.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0022_EXECUTIVA__resolver-docs-response-ready-ou-excecao-formal.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0023_EXECUTIVA__executar-wrangler-em-runner-sem-node-eperm.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0024_EXECUTIVA__sincronizar-git-real-e-central-com-credencial-valida.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0025_EXECUTIVA__homologar-admin-ui-same-source-live.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0026_EXECUTIVA__deploy-mcps-gateway-mais-humana-tools-com-wrangler.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0027_EXECUTIVA__validar-live-mais-humana-rulebook-e-transit-ledger.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0028_EXECUTIVA__resolver-docs-response-ready-ou-excecao-formal.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0029_EXECUTIVA__sincronizar-git-real-mcps-e-central-com-credencial-valida.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\15_repo_tudo-para-ia-mais-humana-platform\orders\executivas\0030_EXECUTIVA__destravar-escrita-central-e-sql-semantico-da-plataforma-15.md` ## tudo-para-ia-mcps-internos-plataform - pasta_central: `10_repo_tudo-para-ia-mcps-internos-plataform` - risco: `blocked` -- ordens_ativas: nenhuma ordem encontrada ou pasta central ausente +- ordens_ativas: + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\10_repo_tudo-para-ia-mcps-internos-plataform\orders\executivas\0073_EXECUTIVA__validar-transit-proof-ledger-live-pos-deploy-manual.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\10_repo_tudo-para-ia-mcps-internos-plataform\orders\executivas\0074_EXECUTIVA__executar-smoke-gpt-painel-auditoria-em-worker-publicado.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\10_repo_tudo-para-ia-mcps-internos-plataform\orders\executivas\0075_EXECUTIVA__restaurar-biblioteca-privada-para-suite-service-binding.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\10_repo_tudo-para-ia-mcps-internos-plataform\orders\executivas\0076_EXECUTIVA__sincronizar-repo-central-e-remotos-com-schanel-credenciais-validas.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\10_repo_tudo-para-ia-mcps-internos-plataform\orders\executivas\0077_EXECUTIVA__reconciliar-deltas-concorrentes-do-gateway-mcps.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\10_repo_tudo-para-ia-mcps-internos-plataform\orders\gerenciais\0068_GERENCIAL__homologar-ledger-same-source-como-gate-vivo.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\10_repo_tudo-para-ia-mcps-internos-plataform\orders\gerenciais\0069_GERENCIAL__instituir-politica-de-deploy-manual-e-evidencia-pos-deploy.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\10_repo_tudo-para-ia-mcps-internos-plataform\orders\gerenciais\0070_GERENCIAL__governar-biblioteca-privada-como-dependencia-de-suite.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\10_repo_tudo-para-ia-mcps-internos-plataform\orders\gerenciais\0071_GERENCIAL__normalizar-sync-git-schanel-e-autosync.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\10_repo_tudo-para-ia-mcps-internos-plataform\orders\gerenciais\0072_GERENCIAL__governar-deltas-concorrentes-do-control-plane-mcps.md` ## tudo-para-ia-platform-base - pasta_central: `11_repo_tudo-para-ia-platform-base` - risco: `blocked` -- ordens_ativas: nenhuma ordem encontrada ou pasta central ausente +- ordens_ativas: + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\11_repo_tudo-para-ia-platform-base\orders\executivas\0057_EXECUTIVA__homologar-primeiro-consumidor-do-ledger-mcp.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\11_repo_tudo-para-ia-platform-base\orders\executivas\0058_EXECUTIVA__executar-smoke-same-source-em-business-identity-docs-integracoes-ui.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\11_repo_tudo-para-ia-platform-base\orders\executivas\0059_EXECUTIVA__publicar-relatorios-mcp-transit-consumer-publications-nos-consumidores.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\11_repo_tudo-para-ia-platform-base\orders\executivas\0060_EXECUTIVA__sincronizar-platform-base-remoto-com-credenciais-validas.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\11_repo_tudo-para-ia-platform-base\orders\executivas\0061_EXECUTIVA__regenerar-artifacts-pos-consumidor-homologado.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\11_repo_tudo-para-ia-platform-base\orders\gerenciais\0052_GERENCIAL__homologar-ledger-consumer-publications-como-fonte-canonica.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\11_repo_tudo-para-ia-platform-base\orders\gerenciais\0053_GERENCIAL__aprovar-gate-same-source-cross-platform.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\11_repo_tudo-para-ia-platform-base\orders\gerenciais\0054_GERENCIAL__governar-rollout-de-consumidores-mcp.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\11_repo_tudo-para-ia-platform-base\orders\gerenciais\0055_GERENCIAL__normatizar-sync-schanel-platform-base.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\11_repo_tudo-para-ia-platform-base\orders\gerenciais\0056_GERENCIAL__governar-producao-gerada-e-limite-de-codigo-util.md` ## tudo-para-ia-public-platform - pasta_central: `12_repo_tudo-para-ia-public-platform` - risco: `blocked` -- ordens_ativas: nenhuma ordem encontrada ou pasta central ausente +- ordens_ativas: + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\12_repo_tudo-para-ia-public-platform\orders\executivas\0056_EXECUTIVA__executar-pages-deploy-runner-oficial.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\12_repo_tudo-para-ia-public-platform\orders\executivas\0057_EXECUTIVA__confirmar-readback-canonical-live.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\12_repo_tudo-para-ia-public-platform\orders\executivas\0058_EXECUTIVA__registrar-contrato-mcp-central-public.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\12_repo_tudo-para-ia-public-platform\orders\executivas\0059_EXECUTIVA__sincronizar-docs-platform-sourcehash.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\12_repo_tudo-para-ia-public-platform\orders\executivas\0060_EXECUTIVA__homologar-lead-handoff-sem-pii.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\12_repo_tudo-para-ia-public-platform\orders\gerenciais\0051_GERENCIAL__homologar-runner-pages-deploy.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\12_repo_tudo-para-ia-public-platform\orders\gerenciais\0052_GERENCIAL__decidir-dominio-final-canonical.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\12_repo_tudo-para-ia-public-platform\orders\gerenciais\0053_GERENCIAL__governar-mcp-central-ui-public.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\12_repo_tudo-para-ia-public-platform\orders\gerenciais\0054_GERENCIAL__governar-docs-platform-peer-public.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\12_repo_tudo-para-ia-public-platform\orders\gerenciais\0055_GERENCIAL__aprovar-retencao-purge-suporte-leads.md` ## tudo-para-ia-stj-platform - pasta_central: `13_repo_tudo-para-ia-stj-platform` - risco: `blocked` -- ordens_ativas: nenhuma ordem encontrada ou pasta central ausente +- ordens_ativas: + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\13_repo_tudo-para-ia-stj-platform\orders\executivas\0066_EXECUTIVA__publicar-mcp-gateway-aliases-round015.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\13_repo_tudo-para-ia-stj-platform\orders\executivas\0067_EXECUTIVA__deploy-stj-workers-wrangler.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\13_repo_tudo-para-ia-stj-platform\orders\executivas\0068_EXECUTIVA__consolidar-readback-byte-preserving.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\13_repo_tudo-para-ia-stj-platform\orders\executivas\0069_EXECUTIVA__rodar-suite-stj-runner-liberado.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\13_repo_tudo-para-ia-stj-platform\orders\executivas\0070_EXECUTIVA__sincronizar-repositorios-stj.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\13_repo_tudo-para-ia-stj-platform\orders\gerenciais\0061_GERENCIAL__aprovar-release-mcp-gateway-round015.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\13_repo_tudo-para-ia-stj-platform\orders\gerenciais\0062_GERENCIAL__homologar-runner-cloudflare-operacional.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\13_repo_tudo-para-ia-stj-platform\orders\gerenciais\0063_GERENCIAL__formalizar-readback-byte-preserving.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\13_repo_tudo-para-ia-stj-platform\orders\gerenciais\0064_GERENCIAL__pactuar-chave-mcp-gateway-e-aceites.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\13_repo_tudo-para-ia-stj-platform\orders\gerenciais\0065_GERENCIAL__governar-sync-git-remotos.md` ## tudo-para-ia-ui-platform - pasta_central: `14_repo_tudo-para-ia-ui-platform` - risco: `blocked` -- ordens_ativas: nenhuma ordem encontrada ou pasta central ausente +- ordens_ativas: + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\14_repo_tudo-para-ia-ui-platform\orders\executivas\0097_EXECUTIVA__homologar-mcps-gateway-bearer-externo-sem-skip.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\14_repo_tudo-para-ia-ui-platform\orders\executivas\0098_EXECUTIVA__executar-browser-validation-runner-com-spawn-permitido.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\14_repo_tudo-para-ia-ui-platform\orders\executivas\0099_EXECUTIVA__ensaiar-rollback-pages-com-owner-e-readback.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\14_repo_tudo-para-ia-ui-platform\orders\executivas\0100_EXECUTIVA__ativar-credentialref-resolver-readonly-vivo.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\14_repo_tudo-para-ia-ui-platform\orders\executivas\0101_EXECUTIVA__regularizar-git-fetch-push-schannel-e-central-divergente.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\14_repo_tudo-para-ia-ui-platform\orders\gerenciais\0092_GERENCIAL__governar-gateway-bearer-docs-ci-retencao-externa.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\14_repo_tudo-para-ia-ui-platform\orders\gerenciais\0093_GERENCIAL__homologar-ambiente-browser-sem-eperm-para-release-ui.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\14_repo_tudo-para-ia-ui-platform\orders\gerenciais\0094_GERENCIAL__aprovar-politica-rollback-pages-e-janela-de-reversao.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\14_repo_tudo-para-ia-ui-platform\orders\gerenciais\0095_GERENCIAL__governar-credentialref-readonly-institucional-sem-segredo.md` + - `G:\_codex-git\nucleo-gestao-operacional\central-de-ordem-de-servico\projects\14_repo_tudo-para-ia-ui-platform\orders\gerenciais\0096_GERENCIAL__governar-sincronizacao-git-segura-e-credenciais-remotas.md` diff --git a/ecossistema/REPOSITORY-MESH-RECONCILIATION.md b/ecossistema/REPOSITORY-MESH-RECONCILIATION.md index d192874..c99ecca 100644 --- a/ecossistema/REPOSITORY-MESH-RECONCILIATION.md +++ b/ecossistema/REPOSITORY-MESH-RECONCILIATION.md @@ -1,8 +1,8 @@ # Repository Mesh Reconciliation Plan -- plan_id: `mesh-plan-3f7271f011b8` -- report_id: `repository-mesh-01dbdab36e20` -- generated_at: `2026-05-02T02:38:16+00:00` +- plan_id: `mesh-plan-7bb1ea59a136` +- report_id: `repository-mesh-28c1ea98b122` +- generated_at: `2026-05-02T05:32:42+00:00` - blockers: `15` - auto_sync_ready: `0` - rename_ready: `0` @@ -20,11 +20,11 @@ ### tudo-para-ia-business-platform -- receipt_id: `mesh-receipt-7c46b8b7ecec` +- receipt_id: `mesh-receipt-184e055e9773` - status: `environment_blocked` - risk: `blocked` - safe_to_auto_sync: `False` -- selected_head: `bb1cec9a273a3c64023a6e7554e33a31bd7a8015` +- selected_head: `775e3c0ba8dfd5dc03c7e03384b0adbf93be729e` - selected_environment: `windows-primary` - precedence: `single_hash` - reason: todos os ambientes com HEAD confirmado apontam para o mesmo commit @@ -77,11 +77,11 @@ ### tudo-para-ia-docs-plataform -- receipt_id: `mesh-receipt-c4a77cfe57a7` +- receipt_id: `mesh-receipt-4ce8efb5e024` - status: `environment_blocked` - risk: `blocked` - safe_to_auto_sync: `False` -- selected_head: `e7330785b3b792c8401bfec9ae46c146f1231155` +- selected_head: `f0d043d97d78b31f95c55ab1be2cfff5e65ec500` - selected_environment: `windows-primary` - precedence: `single_hash` - reason: todos os ambientes com HEAD confirmado apontam para o mesmo commit @@ -118,11 +118,11 @@ ### tudo-para-ia-gettys-platform -- receipt_id: `mesh-receipt-91daef99f22d` +- receipt_id: `mesh-receipt-871c5cba6723` - status: `environment_blocked` - risk: `blocked` - safe_to_auto_sync: `False` -- selected_head: `d116fb397d34068883f78e7508aedb97b0fa7eab` +- selected_head: `e304fb7dbfc34ff5c05bd636194e1ccb6a307931` - selected_environment: `windows-primary` - precedence: `single_hash` - reason: todos os ambientes com HEAD confirmado apontam para o mesmo commit @@ -207,31 +207,33 @@ ### tudo-para-ia-mais-humana-platform -- receipt_id: `mesh-receipt-c6a2b8e7407d` -- status: `environment_blocked` +- receipt_id: `mesh-receipt-02d7454d0e65` +- status: `dirty_blocked` - risk: `blocked` - safe_to_auto_sync: `False` - selected_head: `` - selected_environment: `` -- precedence: `divergent` -- reason: divergencia ahead/behind exige decisao humana de precedencia +- precedence: `dirty_tree` +- reason: estado sujo impede declarar commit como fonte unica de verdade - nomenclatura: - `exact` selected=`tudo-para-ia-mais-humana` expected=`tudo-para-ia-mais-humana` reason=nome esperado ja esta materializado - `exact` selected=`tudo-para-ia-mais-humana` expected=`tudo-para-ia-mais-humana` reason=nome esperado ja esta materializado - pendencias: + - alteracoes locais nao commitadas podem ser a versao valida mais recente - ambiente declarado pela OS nao esta acessivel a partir desta sessao - - windows-secondary esta ahead=1 behind=11 + - windows-primary possui working tree sujo - operacoes: + - `dirty_blocked` `blocker` `manual`: Bloquear sincronizacao destrutiva por working tree sujo - `environment_blocked` `blocker` `manual`: Executar inventario no ambiente inacessivel - `environment_blocked` `blocker` `manual`: Executar inventario no ambiente inacessivel ### tudo-para-ia-mcps-internos-plataform -- receipt_id: `mesh-receipt-ee4775550bc8` +- receipt_id: `mesh-receipt-74871925a86b` - status: `environment_blocked` - risk: `blocked` - safe_to_auto_sync: `False` -- selected_head: `694c3906aa8811c3733aa43897cbea602ffe525b` +- selected_head: `26ddf904aca27526a043634825af07ac85f0a91f` - selected_environment: `windows-primary` - precedence: `single_hash` - reason: todos os ambientes com HEAD confirmado apontam para o mesmo commit @@ -306,19 +308,22 @@ ### tudo-para-ia-ui-platform -- receipt_id: `mesh-receipt-0da2571a6260` -- status: `environment_blocked` +- receipt_id: `mesh-receipt-05048e673989` +- status: `dirty_blocked` - risk: `blocked` - safe_to_auto_sync: `False` -- selected_head: `76c81999d710ab23e438f9017192dd9fd37018af` -- selected_environment: `windows-primary` -- precedence: `single_hash` -- reason: todos os ambientes com HEAD confirmado apontam para o mesmo commit +- selected_head: `` +- selected_environment: `` +- precedence: `dirty_tree` +- reason: estado sujo impede declarar commit como fonte unica de verdade - nomenclatura: - `exact` selected=`tudo-para-ia-ui-platform` expected=`tudo-para-ia-ui-platform` reason=nome esperado ja esta materializado - `exact` selected=`tudo-para-ia-ui-platform` expected=`tudo-para-ia-ui-platform` reason=nome esperado ja esta materializado - pendencias: + - alteracoes locais nao commitadas podem ser a versao valida mais recente - ambiente declarado pela OS nao esta acessivel a partir desta sessao + - windows-primary possui working tree sujo - operacoes: + - `dirty_blocked` `blocker` `manual`: Bloquear sincronizacao destrutiva por working tree sujo - `environment_blocked` `blocker` `manual`: Executar inventario no ambiente inacessivel - `environment_blocked` `blocker` `manual`: Executar inventario no ambiente inacessivel diff --git a/ecossistema/REPOSITORY-MESH-SYNC.md b/ecossistema/REPOSITORY-MESH-SYNC.md index 58dbe73..2e62924 100644 --- a/ecossistema/REPOSITORY-MESH-SYNC.md +++ b/ecossistema/REPOSITORY-MESH-SYNC.md @@ -1,19 +1,19 @@ # Repository Mesh Sync -- report_id: `repository-mesh-01dbdab36e20` -- generated_at: `2026-05-02T02:38:16+00:00` +- report_id: `repository-mesh-28c1ea98b122` +- generated_at: `2026-05-02T05:32:42+00:00` - ecosystem_root: `G:\_codex-git` -- fetch_enabled: `False` -- plugin_cloudflare_auth_attempt: `git fetch/push bloqueado por SEC_E_NO_CREDENTIALS no ciclo seguro da rodada; sem reset destrutivo` +- fetch_enabled: `True` +- plugin_cloudflare_auth_attempt: `mcp_tool_call_rejected_before_router` - repositorios declarados: `15` - ambientes declarados: `4` - observacoes: `60` - ok: `0` - attention: `0` - blocked: `15` -- worktrees sujos: `4` +- worktrees sujos: `6` - falhas de credencial: `0` -- bloqueios contra sync destrutiva: `7` +- bloqueios contra sync destrutiva: `9` ## Regra de seguranca aplicada @@ -30,18 +30,18 @@ - repositorio_gitea: `admin/tudo-para-ia-business-platform` - remote_esperado: `https://git.ami.app.br/admin/tudo-para-ia-business-platform.git` - risco: `blocked` -- resumo: hash unico bb1cec9a273a; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais +- resumo: hash unico 775e3c0ba8df; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais | ambiente | presenca | branch | head | remote | worktree | observacao | | --- | --- | --- | --- | --- | --- | --- | -| `windows-primary` | `present_git` | `main` | `bb1cec9a273a` | `https://git.ami.app.br/admin/tudo-para-ia-business-platform.git` | `clean` | | -| `windows-secondary` | `present_git` | `main` | `bb1cec9a273a` | `https://git.ami.app.br/admin/tudo-para-ia-business-platform.git` | `clean` | | +| `windows-primary` | `present_git` | `main` | `775e3c0ba8df` | `https://git.ami.app.br/admin/tudo-para-ia-business-platform.git` | `clean` | | +| `windows-secondary` | `present_git` | `main` | `775e3c0ba8df` | `https://git.ami.app.br/admin/tudo-para-ia-business-platform.git` | `clean` | | | `codex-server` | `unreachable_environment` | `` | `` | `` | `unreachable_environment` | ambiente nao acessivel a partir desta sessao: /root/__gpt-codex | | `gitlab-server` | `unreachable_environment` | `` | `` | `` | `unreachable_environment` | ambiente nao acessivel a partir desta sessao: /root/_codex-git | Acoes/decisoes: -- `fetch` `ok` `auto`: espelho materializado; fetch nao destrutivo e acao padrao de manutencao -- `fetch` `ok` `auto`: espelho materializado; fetch nao destrutivo e acao padrao de manutencao +- `register_evidence` `attention` `manual`: fetch falhou: unknown +- `register_evidence` `attention` `manual`: fetch falhou: unknown - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao @@ -61,8 +61,8 @@ Acoes/decisoes: | `gitlab-server` | `unreachable_environment` | `` | `` | `` | `unreachable_environment` | ambiente nao acessivel a partir desta sessao: /root/_codex-git | Acoes/decisoes: -- `fetch` `ok` `auto`: espelho materializado; fetch nao destrutivo e acao padrao de manutencao -- `fetch` `ok` `auto`: espelho materializado; fetch nao destrutivo e acao padrao de manutencao +- `register_evidence` `attention` `manual`: fetch falhou: unknown +- `register_evidence` `attention` `manual`: fetch falhou: unknown - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao @@ -82,8 +82,8 @@ Acoes/decisoes: | `gitlab-server` | `unreachable_environment` | `` | `` | `` | `unreachable_environment` | ambiente nao acessivel a partir desta sessao: /root/_codex-git | Acoes/decisoes: -- `fetch` `ok` `auto`: espelho materializado; fetch nao destrutivo e acao padrao de manutencao -- `fetch` `ok` `auto`: espelho materializado; fetch nao destrutivo e acao padrao de manutencao +- `register_evidence` `attention` `manual`: fetch falhou: unknown +- `register_evidence` `attention` `manual`: fetch falhou: unknown - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao @@ -93,18 +93,18 @@ Acoes/decisoes: - repositorio_gitea: `admin/tudo-para-ia-docs-plataform` - remote_esperado: `https://git.ami.app.br/admin/tudo-para-ia-docs-plataform.git` - risco: `blocked` -- resumo: hash unico e7330785b3b7; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais +- resumo: hash unico f0d043d97d78; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais | ambiente | presenca | branch | head | remote | worktree | observacao | | --- | --- | --- | --- | --- | --- | --- | -| `windows-primary` | `present_git` | `main` | `e7330785b3b7` | `https://git.ami.app.br/admin/tudo-para-ia-docs-plataform.git` | `clean` | | -| `windows-secondary` | `present_git` | `main` | `e7330785b3b7` | `https://git.ami.app.br/admin/tudo-para-ia-docs-plataform.git` | `clean` | | +| `windows-primary` | `present_git` | `main` | `f0d043d97d78` | `https://git.ami.app.br/admin/tudo-para-ia-docs-plataform.git` | `clean` | | +| `windows-secondary` | `present_git` | `main` | `f0d043d97d78` | `https://git.ami.app.br/admin/tudo-para-ia-docs-plataform.git` | `clean` | | | `codex-server` | `unreachable_environment` | `` | `` | `` | `unreachable_environment` | ambiente nao acessivel a partir desta sessao: /root/__gpt-codex | | `gitlab-server` | `unreachable_environment` | `` | `` | `` | `unreachable_environment` | ambiente nao acessivel a partir desta sessao: /root/_codex-git | Acoes/decisoes: -- `fetch` `ok` `auto`: espelho materializado; fetch nao destrutivo e acao padrao de manutencao -- `fetch` `ok` `auto`: espelho materializado; fetch nao destrutivo e acao padrao de manutencao +- `register_evidence` `attention` `manual`: fetch falhou: unknown +- `register_evidence` `attention` `manual`: fetch falhou: unknown - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao @@ -114,18 +114,19 @@ Acoes/decisoes: - repositorio_gitea: `admin/tudo-para-ia-finance-platform` - remote_esperado: `https://git.ami.app.br/admin/tudo-para-ia-finance-platform.git` - risco: `blocked` -- resumo: hash unico af42e69e75fa; 2 materializacoes ausentes/inacessiveis; 1 worktrees sujos; 2 divergencias nominais; 1 bloqueios contra sync destrutiva +- resumo: hash unico c09e54801470; 2 materializacoes ausentes/inacessiveis; 1 worktrees sujos; 2 divergencias nominais; 1 bloqueios contra sync destrutiva | ambiente | presenca | branch | head | remote | worktree | observacao | | --- | --- | --- | --- | --- | --- | --- | -| `windows-primary` | `present_git` | `main` | `af42e69e75fa` | `https://git.ami.app.br/admin/tudo-para-ia-finance-platform.git` | `dirty` | | -| `windows-secondary` | `present_git` | `main` | `af42e69e75fa` | `https://git.ami.app.br/admin/tudo-para-ia-finance-platform.git` | `clean` | | +| `windows-primary` | `present_git` | `main` | `c09e54801470` | `https://git.ami.app.br/admin/tudo-para-ia-finance-platform.git` | `dirty` | | +| `windows-secondary` | `present_git` | `main` | `c09e54801470` | `https://git.ami.app.br/admin/tudo-para-ia-finance-platform.git` | `clean` | | | `codex-server` | `unreachable_environment` | `` | `` | `` | `unreachable_environment` | ambiente nao acessivel a partir desta sessao: /root/__gpt-codex | | `gitlab-server` | `unreachable_environment` | `` | `` | `` | `unreachable_environment` | ambiente nao acessivel a partir desta sessao: /root/_codex-git | Acoes/decisoes: - `block_destructive_sync` `blocked` `manual`: working tree sujo; pull/reset/merge/rebase poderiam sobrescrever alteracao valida -- `fetch` `ok` `auto`: espelho materializado; fetch nao destrutivo e acao padrao de manutencao +- `register_evidence` `attention` `manual`: fetch falhou: unknown +- `register_evidence` `attention` `manual`: fetch falhou: unknown - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao @@ -135,18 +136,18 @@ Acoes/decisoes: - repositorio_gitea: `admin/tudo-para-ia-gettys-platform` - remote_esperado: `https://git.ami.app.br/admin/tudo-para-ia-gettys-platform.git` - risco: `blocked` -- resumo: hash unico d116fb397d34; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais +- resumo: hash unico e304fb7dbfc3; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais | ambiente | presenca | branch | head | remote | worktree | observacao | | --- | --- | --- | --- | --- | --- | --- | -| `windows-primary` | `present_git` | `main` | `d116fb397d34` | `https://git.ami.app.br/admin/tudo-para-ia-gettys-platform.git` | `clean` | | -| `windows-secondary` | `present_git` | `main` | `d116fb397d34` | `https://git.ami.app.br/admin/tudo-para-ia-gettys-platform.git` | `clean` | | +| `windows-primary` | `present_git` | `main` | `e304fb7dbfc3` | `https://git.ami.app.br/admin/tudo-para-ia-gettys-platform.git` | `clean` | | +| `windows-secondary` | `present_git` | `main` | `e304fb7dbfc3` | `https://git.ami.app.br/admin/tudo-para-ia-gettys-platform.git` | `clean` | | | `codex-server` | `unreachable_environment` | `` | `` | `` | `unreachable_environment` | ambiente nao acessivel a partir desta sessao: /root/__gpt-codex | | `gitlab-server` | `unreachable_environment` | `` | `` | `` | `unreachable_environment` | ambiente nao acessivel a partir desta sessao: /root/_codex-git | Acoes/decisoes: -- `fetch` `ok` `auto`: espelho materializado; fetch nao destrutivo e acao padrao de manutencao -- `fetch` `ok` `auto`: espelho materializado; fetch nao destrutivo e acao padrao de manutencao +- `register_evidence` `attention` `manual`: fetch falhou: unknown +- `register_evidence` `attention` `manual`: fetch falhou: unknown - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao @@ -156,18 +157,19 @@ Acoes/decisoes: - repositorio_gitea: `admin/tudo-para-ia-identity-platform` - remote_esperado: `https://git.ami.app.br/admin/tudo-para-ia-identity-platform.git` - risco: `blocked` -- resumo: hash unico 5d47be0be72a; 2 materializacoes ausentes/inacessiveis; 1 worktrees sujos; 2 divergencias nominais; 1 bloqueios contra sync destrutiva +- resumo: hash unico a31adba6dd47; 2 materializacoes ausentes/inacessiveis; 1 worktrees sujos; 2 divergencias nominais; 1 bloqueios contra sync destrutiva | ambiente | presenca | branch | head | remote | worktree | observacao | | --- | --- | --- | --- | --- | --- | --- | -| `windows-primary` | `present_git` | `main` | `5d47be0be72a` | `https://git.ami.app.br/admin/tudo-para-ia-identity-platform.git` | `dirty` | | -| `windows-secondary` | `present_git` | `main` | `5d47be0be72a` | `https://git.ami.app.br/admin/tudo-para-ia-identity-platform.git` | `clean` | | +| `windows-primary` | `present_git` | `main` | `a31adba6dd47` | `https://git.ami.app.br/admin/tudo-para-ia-identity-platform.git` | `dirty` | | +| `windows-secondary` | `present_git` | `main` | `a31adba6dd47` | `https://git.ami.app.br/admin/tudo-para-ia-identity-platform.git` | `clean` | | | `codex-server` | `unreachable_environment` | `` | `` | `` | `unreachable_environment` | ambiente nao acessivel a partir desta sessao: /root/__gpt-codex | | `gitlab-server` | `unreachable_environment` | `` | `` | `` | `unreachable_environment` | ambiente nao acessivel a partir desta sessao: /root/_codex-git | Acoes/decisoes: - `block_destructive_sync` `blocked` `manual`: working tree sujo; pull/reset/merge/rebase poderiam sobrescrever alteracao valida -- `fetch` `ok` `auto`: espelho materializado; fetch nao destrutivo e acao padrao de manutencao +- `register_evidence` `attention` `manual`: fetch falhou: unknown +- `register_evidence` `attention` `manual`: fetch falhou: unknown - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao @@ -192,8 +194,10 @@ Acoes/decisoes: - `fix_remote_url` `attention` `manual`: remote origin nao corresponde ao Gitea esperado - `block_destructive_sync` `blocked` `manual`: working tree sujo; pull/reset/merge/rebase poderiam sobrescrever alteracao valida - `block_destructive_sync` `blocked` `manual`: branch divergente ahead/behind; reconciliacao automatica poderia escolher versao antiga +- `register_evidence` `attention` `manual`: fetch falhou: unknown - `rename_local_folder` `attention` `auto`: materializado como alias tudo-para-ia-integracoes-plataform; esperado tudo-para-ia-integracoes-platform - `fix_remote_url` `attention` `manual`: remote origin nao corresponde ao Gitea esperado +- `register_evidence` `attention` `manual`: fetch falhou: unknown - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao @@ -213,8 +217,8 @@ Acoes/decisoes: | `gitlab-server` | `unreachable_environment` | `` | `` | `` | `unreachable_environment` | ambiente nao acessivel a partir desta sessao: /root/_codex-git | Acoes/decisoes: -- `fetch` `ok` `auto`: espelho materializado; fetch nao destrutivo e acao padrao de manutencao -- `fetch` `ok` `auto`: espelho materializado; fetch nao destrutivo e acao padrao de manutencao +- `register_evidence` `attention` `manual`: fetch falhou: unknown +- `register_evidence` `attention` `manual`: fetch falhou: unknown - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao @@ -224,20 +228,22 @@ Acoes/decisoes: - repositorio_gitea: `admin/tudo-para-ia-mais-humana` - remote_esperado: `https://git.ami.app.br/admin/tudo-para-ia-mais-humana.git` - risco: `blocked` -- resumo: 2 hashes distintos; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais; 1 bloqueios contra sync destrutiva +- resumo: 2 hashes distintos; 2 materializacoes ausentes/inacessiveis; 1 worktrees sujos; 2 divergencias nominais; 2 bloqueios contra sync destrutiva - notas: - nome canonico administrativo declarado como -platform; repo local/remoto materializado segue sem sufixo ate decisao Gitea | ambiente | presenca | branch | head | remote | worktree | observacao | | --- | --- | --- | --- | --- | --- | --- | -| `windows-primary` | `present_git` | `main` | `cdce7a8b65d2` | `https://git.ami.app.br/admin/tudo-para-ia-mais-humana.git` | `clean` | | +| `windows-primary` | `present_git` | `main` | `9493926b90d2` | `https://git.ami.app.br/admin/tudo-para-ia-mais-humana.git` | `dirty` | | | `windows-secondary` | `present_git` | `main` | `f9d954deda54` | `https://git.ami.app.br/admin/tudo-para-ia-mais-humana.git` | `clean` | | | `codex-server` | `unreachable_environment` | `` | `` | `` | `unreachable_environment` | ambiente nao acessivel a partir desta sessao: /root/__gpt-codex | | `gitlab-server` | `unreachable_environment` | `` | `` | `` | `unreachable_environment` | ambiente nao acessivel a partir desta sessao: /root/_codex-git | Acoes/decisoes: -- `fetch` `ok` `auto`: espelho materializado; fetch nao destrutivo e acao padrao de manutencao +- `block_destructive_sync` `blocked` `manual`: working tree sujo; pull/reset/merge/rebase poderiam sobrescrever alteracao valida +- `register_evidence` `attention` `manual`: fetch falhou: unknown - `block_destructive_sync` `blocked` `manual`: branch divergente ahead/behind; reconciliacao automatica poderia escolher versao antiga +- `register_evidence` `attention` `manual`: fetch falhou: unknown - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao @@ -247,18 +253,18 @@ Acoes/decisoes: - repositorio_gitea: `admin/tudo-para-ia-mcps-internos-plataform` - remote_esperado: `https://git.ami.app.br/admin/tudo-para-ia-mcps-internos-plataform.git` - risco: `blocked` -- resumo: hash unico 694c3906aa88; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais +- resumo: hash unico 26ddf904aca2; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais | ambiente | presenca | branch | head | remote | worktree | observacao | | --- | --- | --- | --- | --- | --- | --- | -| `windows-primary` | `present_git` | `main` | `694c3906aa88` | `https://git.ami.app.br/admin/tudo-para-ia-mcps-internos-plataform.git` | `clean` | | -| `windows-secondary` | `present_git` | `main` | `694c3906aa88` | `https://git.ami.app.br/admin/tudo-para-ia-mcps-internos-plataform.git` | `clean` | | +| `windows-primary` | `present_git` | `main` | `26ddf904aca2` | `https://git.ami.app.br/admin/tudo-para-ia-mcps-internos-plataform.git` | `clean` | | +| `windows-secondary` | `present_git` | `main` | `26ddf904aca2` | `https://git.ami.app.br/admin/tudo-para-ia-mcps-internos-plataform.git` | `clean` | | | `codex-server` | `unreachable_environment` | `` | `` | `` | `unreachable_environment` | ambiente nao acessivel a partir desta sessao: /root/__gpt-codex | | `gitlab-server` | `unreachable_environment` | `` | `` | `` | `unreachable_environment` | ambiente nao acessivel a partir desta sessao: /root/_codex-git | Acoes/decisoes: -- `fetch` `ok` `auto`: espelho materializado; fetch nao destrutivo e acao padrao de manutencao -- `fetch` `ok` `auto`: espelho materializado; fetch nao destrutivo e acao padrao de manutencao +- `register_evidence` `attention` `manual`: fetch falhou: unknown +- `register_evidence` `attention` `manual`: fetch falhou: unknown - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao @@ -272,15 +278,16 @@ Acoes/decisoes: | ambiente | presenca | branch | head | remote | worktree | observacao | | --- | --- | --- | --- | --- | --- | --- | -| `windows-primary` | `present_git` | `main` | `f87d17cf6832` | `https://git.ami.app.br/admin/tudo-para-ia-platform-base.git` | `clean` | | +| `windows-primary` | `present_git` | `main` | `c326f6e7014a` | `https://git.ami.app.br/admin/tudo-para-ia-platform-base.git` | `clean` | | | `windows-secondary` | `present_git` | `main` | `4f6e1590ddaf` | `https://git.ami.app.br/admin/tudo-para-ia-platform-base.git` | `dirty` | | | `codex-server` | `unreachable_environment` | `` | `` | `` | `unreachable_environment` | ambiente nao acessivel a partir desta sessao: /root/__gpt-codex | | `gitlab-server` | `unreachable_environment` | `` | `` | `` | `unreachable_environment` | ambiente nao acessivel a partir desta sessao: /root/_codex-git | Acoes/decisoes: -- `fetch` `ok` `auto`: espelho materializado; fetch nao destrutivo e acao padrao de manutencao +- `register_evidence` `attention` `manual`: fetch falhou: unknown - `block_destructive_sync` `blocked` `manual`: working tree sujo; pull/reset/merge/rebase poderiam sobrescrever alteracao valida - `block_destructive_sync` `blocked` `manual`: ha commits remotos nao aplicados; pull automatico so e seguro com working tree limpo e comparacao de hash +- `register_evidence` `attention` `manual`: fetch falhou: unknown - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao @@ -300,8 +307,8 @@ Acoes/decisoes: | `gitlab-server` | `unreachable_environment` | `` | `` | `` | `unreachable_environment` | ambiente nao acessivel a partir desta sessao: /root/_codex-git | Acoes/decisoes: -- `fetch` `ok` `auto`: espelho materializado; fetch nao destrutivo e acao padrao de manutencao -- `fetch` `ok` `auto`: espelho materializado; fetch nao destrutivo e acao padrao de manutencao +- `register_evidence` `attention` `manual`: fetch falhou: unknown +- `register_evidence` `attention` `manual`: fetch falhou: unknown - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao @@ -321,8 +328,8 @@ Acoes/decisoes: | `gitlab-server` | `unreachable_environment` | `` | `` | `` | `unreachable_environment` | ambiente nao acessivel a partir desta sessao: /root/_codex-git | Acoes/decisoes: -- `fetch` `ok` `auto`: espelho materializado; fetch nao destrutivo e acao padrao de manutencao -- `fetch` `ok` `auto`: espelho materializado; fetch nao destrutivo e acao padrao de manutencao +- `register_evidence` `attention` `manual`: fetch falhou: unknown +- `register_evidence` `attention` `manual`: fetch falhou: unknown - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao @@ -332,17 +339,18 @@ Acoes/decisoes: - repositorio_gitea: `admin/tudo-para-ia-ui-platform` - remote_esperado: `https://git.ami.app.br/admin/tudo-para-ia-ui-platform.git` - risco: `blocked` -- resumo: hash unico 76c81999d710; 2 materializacoes ausentes/inacessiveis; 2 divergencias nominais +- resumo: hash unico a1e6f07058d8; 2 materializacoes ausentes/inacessiveis; 1 worktrees sujos; 2 divergencias nominais; 1 bloqueios contra sync destrutiva | ambiente | presenca | branch | head | remote | worktree | observacao | | --- | --- | --- | --- | --- | --- | --- | -| `windows-primary` | `present_git` | `main` | `76c81999d710` | `https://git.ami.app.br/admin/tudo-para-ia-ui-platform.git` | `clean` | | -| `windows-secondary` | `present_git` | `main` | `76c81999d710` | `https://git.ami.app.br/admin/tudo-para-ia-ui-platform.git` | `clean` | | +| `windows-primary` | `present_git` | `main` | `a1e6f07058d8` | `https://git.ami.app.br/admin/tudo-para-ia-ui-platform.git` | `dirty` | | +| `windows-secondary` | `present_git` | `main` | `a1e6f07058d8` | `https://git.ami.app.br/admin/tudo-para-ia-ui-platform.git` | `clean` | | | `codex-server` | `unreachable_environment` | `` | `` | `` | `unreachable_environment` | ambiente nao acessivel a partir desta sessao: /root/__gpt-codex | | `gitlab-server` | `unreachable_environment` | `` | `` | `` | `unreachable_environment` | ambiente nao acessivel a partir desta sessao: /root/_codex-git | Acoes/decisoes: -- `fetch` `ok` `auto`: espelho materializado; fetch nao destrutivo e acao padrao de manutencao -- `fetch` `ok` `auto`: espelho materializado; fetch nao destrutivo e acao padrao de manutencao +- `block_destructive_sync` `blocked` `manual`: working tree sujo; pull/reset/merge/rebase poderiam sobrescrever alteracao valida +- `register_evidence` `attention` `manual`: fetch falhou: unknown +- `register_evidence` `attention` `manual`: fetch falhou: unknown - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao - `require_environment_access` `blocked` `manual`: ambiente declarado na OS nao esta acessivel nesta sessao diff --git a/matrizes/repository-mesh-actions.csv b/matrizes/repository-mesh-actions.csv index b4836a7..07f4b3e 100644 --- a/matrizes/repository-mesh-actions.csv +++ b/matrizes/repository-mesh-actions.csv @@ -1,65 +1,73 @@ action_id,nome_declarado,ambiente,tipo,risco,automatico,destrutivo,motivo,comandos,pre_requisitos,evidencias -mesh-action-e38f76b77b81,tudo-para-ia-business-platform,windows-primary,fetch,ok,sim,nao,espelho materializado; fetch nao destrutivo e acao padrao de manutencao,git fetch --all --prune,,bb1cec9a273a3c64023a6e7554e33a31bd7a8015 | https://git.ami.app.br/admin/tudo-para-ia-business-platform.git -mesh-action-63be244a7eff,tudo-para-ia-business-platform,windows-secondary,fetch,ok,sim,nao,espelho materializado; fetch nao destrutivo e acao padrao de manutencao,git fetch --all --prune,,bb1cec9a273a3c64023a6e7554e33a31bd7a8015 | https://git.ami.app.br/admin/tudo-para-ia-business-platform.git +mesh-action-61bb08f62bc5,tudo-para-ia-business-platform,windows-primary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied +mesh-action-a6131408e2be,tudo-para-ia-business-platform,windows-secondary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied mesh-action-d2727fbc94ef,tudo-para-ia-business-platform,codex-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex mesh-action-e331b3e4c497,tudo-para-ia-business-platform,gitlab-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/_codex-git -mesh-action-8374a60fd4d0,tudo-para-ia-compliance-platform,windows-primary,fetch,ok,sim,nao,espelho materializado; fetch nao destrutivo e acao padrao de manutencao,git fetch --all --prune,,a97cd9a1103e336b14d52570788095cfaea71394 | https://git.ami.app.br/admin/tudo-para-ia-compliance-platform.git -mesh-action-af3c932ce656,tudo-para-ia-compliance-platform,windows-secondary,fetch,ok,sim,nao,espelho materializado; fetch nao destrutivo e acao padrao de manutencao,git fetch --all --prune,,a97cd9a1103e336b14d52570788095cfaea71394 | https://git.ami.app.br/admin/tudo-para-ia-compliance-platform.git +mesh-action-cf83302e51c3,tudo-para-ia-compliance-platform,windows-primary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied +mesh-action-89d16c6d68ae,tudo-para-ia-compliance-platform,windows-secondary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied mesh-action-6903dd01bc1f,tudo-para-ia-compliance-platform,codex-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex mesh-action-6e50d3c37aeb,tudo-para-ia-compliance-platform,gitlab-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/_codex-git -mesh-action-4b3ec70981ea,tudo-para-ia-customer-ops-platform,windows-primary,fetch,ok,sim,nao,espelho materializado; fetch nao destrutivo e acao padrao de manutencao,git fetch --all --prune,,bf45665a80ffd63b0ddb5608a49007429c140a39 | https://git.ami.app.br/admin/tudo-para-ia-customer-ops-platform.git -mesh-action-9abead089781,tudo-para-ia-customer-ops-platform,windows-secondary,fetch,ok,sim,nao,espelho materializado; fetch nao destrutivo e acao padrao de manutencao,git fetch --all --prune,,bf45665a80ffd63b0ddb5608a49007429c140a39 | https://git.ami.app.br/admin/tudo-para-ia-customer-ops-platform.git +mesh-action-9c34fd44f893,tudo-para-ia-customer-ops-platform,windows-primary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied +mesh-action-e09246d00bf7,tudo-para-ia-customer-ops-platform,windows-secondary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied mesh-action-d681ca4be32c,tudo-para-ia-customer-ops-platform,codex-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex mesh-action-a2aae3a00161,tudo-para-ia-customer-ops-platform,gitlab-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/_codex-git -mesh-action-5880bb6552f2,tudo-para-ia-docs-plataform,windows-primary,fetch,ok,sim,nao,espelho materializado; fetch nao destrutivo e acao padrao de manutencao,git fetch --all --prune,,e7330785b3b792c8401bfec9ae46c146f1231155 | https://git.ami.app.br/admin/tudo-para-ia-docs-plataform.git -mesh-action-080ca079b879,tudo-para-ia-docs-plataform,windows-secondary,fetch,ok,sim,nao,espelho materializado; fetch nao destrutivo e acao padrao de manutencao,git fetch --all --prune,,e7330785b3b792c8401bfec9ae46c146f1231155 | https://git.ami.app.br/admin/tudo-para-ia-docs-plataform.git +mesh-action-604e958b1ab4,tudo-para-ia-docs-plataform,windows-primary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied +mesh-action-c22d79c0aa76,tudo-para-ia-docs-plataform,windows-secondary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied mesh-action-9be03dcb6263,tudo-para-ia-docs-plataform,codex-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex mesh-action-258528af32fb,tudo-para-ia-docs-plataform,gitlab-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/_codex-git mesh-action-a7a379dbe718,tudo-para-ia-finance-platform,windows-primary,block_destructive_sync,blocked,nao,sim,working tree sujo; pull/reset/merge/rebase poderiam sobrescrever alteracao valida,,commit ou stash consciente das alteracoes | registrar diff resumido | decidir precedencia,m _paradigmas/lago -mesh-action-413d08f8b1e0,tudo-para-ia-finance-platform,windows-secondary,fetch,ok,sim,nao,espelho materializado; fetch nao destrutivo e acao padrao de manutencao,git fetch --all --prune,,af42e69e75fa557d1cb646f18b9c20593854cd96 | https://git.ami.app.br/admin/tudo-para-ia-finance-platform.git +mesh-action-9acb48b0d9c1,tudo-para-ia-finance-platform,windows-primary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied +mesh-action-1f40560bc8ae,tudo-para-ia-finance-platform,windows-secondary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied mesh-action-fdf8583a2010,tudo-para-ia-finance-platform,codex-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex mesh-action-04ed792cb988,tudo-para-ia-finance-platform,gitlab-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/_codex-git -mesh-action-789e9b017369,tudo-para-ia-gettys-platform,windows-primary,fetch,ok,sim,nao,espelho materializado; fetch nao destrutivo e acao padrao de manutencao,git fetch --all --prune,,d116fb397d34068883f78e7508aedb97b0fa7eab | https://git.ami.app.br/admin/tudo-para-ia-gettys-platform.git -mesh-action-32ab51a5fbcf,tudo-para-ia-gettys-platform,windows-secondary,fetch,ok,sim,nao,espelho materializado; fetch nao destrutivo e acao padrao de manutencao,git fetch --all --prune,,d116fb397d34068883f78e7508aedb97b0fa7eab | https://git.ami.app.br/admin/tudo-para-ia-gettys-platform.git +mesh-action-8a4690c9c29d,tudo-para-ia-gettys-platform,windows-primary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied +mesh-action-5850fef3cb38,tudo-para-ia-gettys-platform,windows-secondary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied mesh-action-2a2fb7bc0dab,tudo-para-ia-gettys-platform,codex-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex mesh-action-d794140f218c,tudo-para-ia-gettys-platform,gitlab-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/_codex-git mesh-action-fccffbbb759e,tudo-para-ia-identity-platform,windows-primary,block_destructive_sync,blocked,nao,sim,working tree sujo; pull/reset/merge/rebase poderiam sobrescrever alteracao valida,,commit ou stash consciente das alteracoes | registrar diff resumido | decidir precedencia,m _paradigmas/moesif/github/repos-clonados/moesif-browser-js | m _paradigmas/moesif/github/repos-clonados/moesif-nodejs -mesh-action-741e3c31e3e1,tudo-para-ia-identity-platform,windows-secondary,fetch,ok,sim,nao,espelho materializado; fetch nao destrutivo e acao padrao de manutencao,git fetch --all --prune,,5d47be0be72a335d59be91c6dc36756e20355847 | https://git.ami.app.br/admin/tudo-para-ia-identity-platform.git +mesh-action-bf839e1eb7da,tudo-para-ia-identity-platform,windows-primary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied +mesh-action-ddc7a0df464a,tudo-para-ia-identity-platform,windows-secondary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied mesh-action-3fa1024c9e04,tudo-para-ia-identity-platform,codex-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex mesh-action-434fa6be1041,tudo-para-ia-identity-platform,gitlab-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/_codex-git mesh-action-8af64b1a2f4d,tudo-para-ia-integracoes-platform,windows-primary,fix_remote_url,attention,nao,nao,remote origin nao corresponde ao Gitea esperado,git remote set-url origin https://git.ami.app.br/admin/tudo-para-ia-integracoes-platform.git,registrar remote anterior | executar fetch apos ajuste | nao alterar branch nem working tree,https://git.ami.app.br/admin/tudo-para-ia-integracoes-plataform.git | https://git.ami.app.br/admin/tudo-para-ia-integracoes-platform.git mesh-action-c0dce06f8d11,tudo-para-ia-integracoes-platform,windows-primary,block_destructive_sync,blocked,nao,sim,working tree sujo; pull/reset/merge/rebase poderiam sobrescrever alteracao valida,,commit ou stash consciente das alteracoes | registrar diff resumido | decidir precedencia,M apps/tudo-para-ia-dajuds/wrangler.jsonc mesh-action-c9e28f4ec5a2,tudo-para-ia-integracoes-platform,windows-primary,block_destructive_sync,blocked,nao,sim,branch divergente ahead/behind; reconciliacao automatica poderia escolher versao antiga,,comparar commits | decidir fonte valida mais recente | fazer merge/rebase apenas com operador,ahead=1;behind=1;upstream=origin/main +mesh-action-9d7038836e52,tudo-para-ia-integracoes-platform,windows-primary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied mesh-action-c9373212b179,tudo-para-ia-integracoes-platform,windows-secondary,rename_local_folder,attention,sim,nao,materializado como alias tudo-para-ia-integracoes-plataform; esperado tudo-para-ia-integracoes-platform,Rename-Item -LiteralPath 'G:\codex_vm\_codex-git\tudo-para-ia-integracoes-plataform' -NewName 'tudo-para-ia-integracoes-platform',confirmar destino inexistente | registrar hash HEAD antes do renome,G:\codex_vm\_codex-git\tudo-para-ia-integracoes-plataform | G:\codex_vm\_codex-git\tudo-para-ia-integracoes-platform | eaf49821adefdc1b9d64f456598e9c478a1d498d mesh-action-dea83db8f4af,tudo-para-ia-integracoes-platform,windows-secondary,fix_remote_url,attention,nao,nao,remote origin nao corresponde ao Gitea esperado,git remote set-url origin https://git.ami.app.br/admin/tudo-para-ia-integracoes-platform.git,registrar remote anterior | executar fetch apos ajuste | nao alterar branch nem working tree,https://git.ami.app.br/admin/tudo-para-ia-integracoes-plataform.git | https://git.ami.app.br/admin/tudo-para-ia-integracoes-platform.git +mesh-action-a26163e6be59,tudo-para-ia-integracoes-platform,windows-secondary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied mesh-action-3db4026be62c,tudo-para-ia-integracoes-platform,codex-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex mesh-action-110e2ce0a0e4,tudo-para-ia-integracoes-platform,gitlab-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/_codex-git -mesh-action-4a98dea693b0,tudo-para-ia-intelligence-platform,windows-primary,fetch,ok,sim,nao,espelho materializado; fetch nao destrutivo e acao padrao de manutencao,git fetch --all --prune,,37c3ae1945864be8fed0e3dd4c0c560b486fba09 | https://git.ami.app.br/admin/tudo-para-ia-intelligence-platform.git -mesh-action-6e5402580b0f,tudo-para-ia-intelligence-platform,windows-secondary,fetch,ok,sim,nao,espelho materializado; fetch nao destrutivo e acao padrao de manutencao,git fetch --all --prune,,37c3ae1945864be8fed0e3dd4c0c560b486fba09 | https://git.ami.app.br/admin/tudo-para-ia-intelligence-platform.git +mesh-action-93207ce20f3a,tudo-para-ia-intelligence-platform,windows-primary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied +mesh-action-735158c04761,tudo-para-ia-intelligence-platform,windows-secondary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied mesh-action-343284eab795,tudo-para-ia-intelligence-platform,codex-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex mesh-action-f82ec42b3d5d,tudo-para-ia-intelligence-platform,gitlab-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/_codex-git -mesh-action-0e884491866e,tudo-para-ia-mais-humana-platform,windows-primary,fetch,ok,sim,nao,espelho materializado; fetch nao destrutivo e acao padrao de manutencao,git fetch --all --prune,,cdce7a8b65d26384877de0fe599f603eb39e43e2 | https://git.ami.app.br/admin/tudo-para-ia-mais-humana.git -mesh-action-19aedce744b3,tudo-para-ia-mais-humana-platform,windows-secondary,block_destructive_sync,blocked,nao,sim,branch divergente ahead/behind; reconciliacao automatica poderia escolher versao antiga,,comparar commits | decidir fonte valida mais recente | fazer merge/rebase apenas com operador,ahead=1;behind=11;upstream=origin/main +mesh-action-3f78c9633c6e,tudo-para-ia-mais-humana-platform,windows-primary,block_destructive_sync,blocked,nao,sim,working tree sujo; pull/reset/merge/rebase poderiam sobrescrever alteracao valida,,commit ou stash consciente das alteracoes | registrar diff resumido | decidir precedencia,M src/mais_humana/generated_mcp_control_contracts.py | M src/mais_humana/mcp_contract.py | M tests/test_mcp_provider_contract.py | M tools/generate_mcp_control_contracts.py +mesh-action-bfd19a507a03,tudo-para-ia-mais-humana-platform,windows-primary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied +mesh-action-19aedce744b3,tudo-para-ia-mais-humana-platform,windows-secondary,block_destructive_sync,blocked,nao,sim,branch divergente ahead/behind; reconciliacao automatica poderia escolher versao antiga,,comparar commits | decidir fonte valida mais recente | fazer merge/rebase apenas com operador,ahead=1;behind=16;upstream=origin/main +mesh-action-5deeb419c0c0,tudo-para-ia-mais-humana-platform,windows-secondary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied mesh-action-26c9087acf3e,tudo-para-ia-mais-humana-platform,codex-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex mesh-action-fe32fc21acb6,tudo-para-ia-mais-humana-platform,gitlab-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/_codex-git -mesh-action-3ca71e7cd6ac,tudo-para-ia-mcps-internos-plataform,windows-primary,fetch,ok,sim,nao,espelho materializado; fetch nao destrutivo e acao padrao de manutencao,git fetch --all --prune,,694c3906aa8811c3733aa43897cbea602ffe525b | https://git.ami.app.br/admin/tudo-para-ia-mcps-internos-plataform.git -mesh-action-76753a97221b,tudo-para-ia-mcps-internos-plataform,windows-secondary,fetch,ok,sim,nao,espelho materializado; fetch nao destrutivo e acao padrao de manutencao,git fetch --all --prune,,694c3906aa8811c3733aa43897cbea602ffe525b | https://git.ami.app.br/admin/tudo-para-ia-mcps-internos-plataform.git +mesh-action-09c924f2d891,tudo-para-ia-mcps-internos-plataform,windows-primary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied +mesh-action-5b157361e3ee,tudo-para-ia-mcps-internos-plataform,windows-secondary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied mesh-action-d9abe9c7fbe5,tudo-para-ia-mcps-internos-plataform,codex-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex mesh-action-b15f913f3744,tudo-para-ia-mcps-internos-plataform,gitlab-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/_codex-git -mesh-action-dd0d93d14349,tudo-para-ia-platform-base,windows-primary,fetch,ok,sim,nao,espelho materializado; fetch nao destrutivo e acao padrao de manutencao,git fetch --all --prune,,f87d17cf683222b53fb7a1e6217667d7af35fd45 | https://git.ami.app.br/admin/tudo-para-ia-platform-base.git +mesh-action-e16f250cddb5,tudo-para-ia-platform-base,windows-primary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied mesh-action-971fc22703f5,tudo-para-ia-platform-base,windows-secondary,block_destructive_sync,blocked,nao,sim,working tree sujo; pull/reset/merge/rebase poderiam sobrescrever alteracao valida,,commit ou stash consciente das alteracoes | registrar diff resumido | decidir precedencia,M .gitignore | M README.md | M apps/platform-shell/README.md | M apps/platform-shell/package.json | M apps/platform-shell/src/index.ts | M contracts/platform-derivation.contract.json | M contracts/platform-shell.contract.json | M docs/architecture.md -mesh-action-5ef117e15bae,tudo-para-ia-platform-base,windows-secondary,block_destructive_sync,blocked,nao,nao,ha commits remotos nao aplicados; pull automatico so e seguro com working tree limpo e comparacao de hash,git fetch --all --prune | git merge --ff-only @{u},confirmar working tree limpo | usar somente fast-forward | bloquear se nao for fast-forward,ahead=0;behind=9;upstream=origin/main +mesh-action-5ef117e15bae,tudo-para-ia-platform-base,windows-secondary,block_destructive_sync,blocked,nao,nao,ha commits remotos nao aplicados; pull automatico so e seguro com working tree limpo e comparacao de hash,git fetch --all --prune | git merge --ff-only @{u},confirmar working tree limpo | usar somente fast-forward | bloquear se nao for fast-forward,ahead=0;behind=10;upstream=origin/main +mesh-action-75f9e9dfb259,tudo-para-ia-platform-base,windows-secondary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied mesh-action-0f86f1adcf16,tudo-para-ia-platform-base,codex-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex mesh-action-6bfd95e48bda,tudo-para-ia-platform-base,gitlab-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/_codex-git -mesh-action-6dd1f81234a2,tudo-para-ia-public-platform,windows-primary,fetch,ok,sim,nao,espelho materializado; fetch nao destrutivo e acao padrao de manutencao,git fetch --all --prune,,7980d3de29ab1432feb8b1fdcc6ad3e06dae8825 | https://git.ami.app.br/admin/tudo-para-ia-public-platform.git -mesh-action-a135683c8f40,tudo-para-ia-public-platform,windows-secondary,fetch,ok,sim,nao,espelho materializado; fetch nao destrutivo e acao padrao de manutencao,git fetch --all --prune,,7980d3de29ab1432feb8b1fdcc6ad3e06dae8825 | https://git.ami.app.br/admin/tudo-para-ia-public-platform.git +mesh-action-917cb9437e58,tudo-para-ia-public-platform,windows-primary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied +mesh-action-0dd44b8f05dc,tudo-para-ia-public-platform,windows-secondary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied mesh-action-9f5e32a23747,tudo-para-ia-public-platform,codex-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex mesh-action-b6eacc950f4a,tudo-para-ia-public-platform,gitlab-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/_codex-git -mesh-action-ff616d525be0,tudo-para-ia-stj-platform,windows-primary,fetch,ok,sim,nao,espelho materializado; fetch nao destrutivo e acao padrao de manutencao,git fetch --all --prune,,b83f848f3ef61c83e8abc342066a7cb161b9237c | https://git.ami.app.br/admin/tudo-para-ia-stj-platform.git -mesh-action-9e801c40f5c8,tudo-para-ia-stj-platform,windows-secondary,fetch,ok,sim,nao,espelho materializado; fetch nao destrutivo e acao padrao de manutencao,git fetch --all --prune,,b83f848f3ef61c83e8abc342066a7cb161b9237c | https://git.ami.app.br/admin/tudo-para-ia-stj-platform.git +mesh-action-d0bbf9052ed8,tudo-para-ia-stj-platform,windows-primary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied +mesh-action-2a5a6ae13064,tudo-para-ia-stj-platform,windows-secondary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied mesh-action-78a22f74add8,tudo-para-ia-stj-platform,codex-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex mesh-action-999e2c9f4df6,tudo-para-ia-stj-platform,gitlab-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/_codex-git -mesh-action-61bbdbde877a,tudo-para-ia-ui-platform,windows-primary,fetch,ok,sim,nao,espelho materializado; fetch nao destrutivo e acao padrao de manutencao,git fetch --all --prune,,76c81999d710ab23e438f9017192dd9fd37018af | https://git.ami.app.br/admin/tudo-para-ia-ui-platform.git -mesh-action-f6946d42b041,tudo-para-ia-ui-platform,windows-secondary,fetch,ok,sim,nao,espelho materializado; fetch nao destrutivo e acao padrao de manutencao,git fetch --all --prune,,76c81999d710ab23e438f9017192dd9fd37018af | https://git.ami.app.br/admin/tudo-para-ia-ui-platform.git +mesh-action-22557e2b043e,tudo-para-ia-ui-platform,windows-primary,block_destructive_sync,blocked,nao,sim,working tree sujo; pull/reset/merge/rebase poderiam sobrescrever alteracao valida,,commit ou stash consciente das alteracoes | registrar diff resumido | decidir precedencia,M reports/browser-validations/index.json | M reports/latest-mcp-gateway-evidence.json | M reports/latest-static-browser-validation.json | M reports/latest-unit-tests.json | M reports/mcp-gateway-evidence/index.json | ?? reports/browser-validations/static-browser-validation-20260502053043.json | ?? reports/mcp-gateway-evidence/mcp-gateway-evidence-20260502053114-483b3a8d.json +mesh-action-59ea5ecc1144,tudo-para-ia-ui-platform,windows-primary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied +mesh-action-e130012ee3bd,tudo-para-ia-ui-platform,windows-secondary,register_evidence,attention,nao,nao,fetch falhou: unknown,,fornecer credencial Git valida | reexecutar fetch nao destrutivo,error: cannot open '.git/FETCH_HEAD': Permission denied mesh-action-dae55776e43a,tudo-para-ia-ui-platform,codex-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex mesh-action-ff4124206ec5,tudo-para-ia-ui-platform,gitlab-server,require_environment_access,blocked,nao,nao,ambiente declarado na OS nao esta acessivel nesta sessao,,abrir sessao no ambiente indicado | rodar inventario local com a mesma rotina,ambiente nao acessivel a partir desta sessao: /root/_codex-git diff --git a/matrizes/repository-mesh-inventory.csv b/matrizes/repository-mesh-inventory.csv index b28bf10..d525d01 100644 --- a/matrizes/repository-mesh-inventory.csv +++ b/matrizes/repository-mesh-inventory.csv @@ -1,61 +1,61 @@ nome_declarado,nome_esperado,repositorio_gitea,ambiente,caminho_esperado,nome_encontrado,caminho_encontrado,presenca,branch,head,remote_origin,status_worktree,ahead_behind,fetch,observacao_nomenclatura -tudo-para-ia-business-platform,tudo-para-ia-business-platform,admin/tudo-para-ia-business-platform,windows-primary,G:\_codex-git\tudo-para-ia-business-platform,tudo-para-ia-business-platform,G:\_codex-git\tudo-para-ia-business-platform,present_git,main,bb1cec9a273a3c64023a6e7554e33a31bd7a8015,https://git.ami.app.br/admin/tudo-para-ia-business-platform.git,clean,ahead=0;behind=0;upstream=origin/main,not-run, -tudo-para-ia-business-platform,tudo-para-ia-business-platform,admin/tudo-para-ia-business-platform,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-business-platform,tudo-para-ia-business-platform,G:\codex_vm\_codex-git\tudo-para-ia-business-platform,present_git,main,bb1cec9a273a3c64023a6e7554e33a31bd7a8015,https://git.ami.app.br/admin/tudo-para-ia-business-platform.git,clean,ahead=0;behind=0;upstream=origin/main,not-run, -tudo-para-ia-business-platform,tudo-para-ia-business-platform,admin/tudo-para-ia-business-platform,codex-server,\root\__gpt-codex\tudo-para-ia-business-platform,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex -tudo-para-ia-business-platform,tudo-para-ia-business-platform,admin/tudo-para-ia-business-platform,gitlab-server,\root\_codex-git\tudo-para-ia-business-platform,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/_codex-git -tudo-para-ia-compliance-platform,tudo-para-ia-compliance-platform,admin/tudo-para-ia-compliance-platform,windows-primary,G:\_codex-git\tudo-para-ia-compliance-platform,tudo-para-ia-compliance-platform,G:\_codex-git\tudo-para-ia-compliance-platform,present_git,main,a97cd9a1103e336b14d52570788095cfaea71394,https://git.ami.app.br/admin/tudo-para-ia-compliance-platform.git,clean,ahead=0;behind=0;upstream=origin/main,not-run, -tudo-para-ia-compliance-platform,tudo-para-ia-compliance-platform,admin/tudo-para-ia-compliance-platform,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-compliance-platform,tudo-para-ia-compliance-platform,G:\codex_vm\_codex-git\tudo-para-ia-compliance-platform,present_git,main,a97cd9a1103e336b14d52570788095cfaea71394,https://git.ami.app.br/admin/tudo-para-ia-compliance-platform.git,clean,ahead=0;behind=0;upstream=origin/main,not-run, -tudo-para-ia-compliance-platform,tudo-para-ia-compliance-platform,admin/tudo-para-ia-compliance-platform,codex-server,\root\__gpt-codex\tudo-para-ia-compliance-platform,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex -tudo-para-ia-compliance-platform,tudo-para-ia-compliance-platform,admin/tudo-para-ia-compliance-platform,gitlab-server,\root\_codex-git\tudo-para-ia-compliance-platform,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/_codex-git -tudo-para-ia-customer-ops-platform,tudo-para-ia-customer-ops-platform,admin/tudo-para-ia-customer-ops-platform,windows-primary,G:\_codex-git\tudo-para-ia-customer-ops-platform,tudo-para-ia-customer-ops-platform,G:\_codex-git\tudo-para-ia-customer-ops-platform,present_git,main,bf45665a80ffd63b0ddb5608a49007429c140a39,https://git.ami.app.br/admin/tudo-para-ia-customer-ops-platform.git,clean,ahead=0;behind=0;upstream=origin/main,not-run, -tudo-para-ia-customer-ops-platform,tudo-para-ia-customer-ops-platform,admin/tudo-para-ia-customer-ops-platform,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-customer-ops-platform,tudo-para-ia-customer-ops-platform,G:\codex_vm\_codex-git\tudo-para-ia-customer-ops-platform,present_git,main,bf45665a80ffd63b0ddb5608a49007429c140a39,https://git.ami.app.br/admin/tudo-para-ia-customer-ops-platform.git,clean,ahead=0;behind=0;upstream=origin/main,not-run, -tudo-para-ia-customer-ops-platform,tudo-para-ia-customer-ops-platform,admin/tudo-para-ia-customer-ops-platform,codex-server,\root\__gpt-codex\tudo-para-ia-customer-ops-platform,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex -tudo-para-ia-customer-ops-platform,tudo-para-ia-customer-ops-platform,admin/tudo-para-ia-customer-ops-platform,gitlab-server,\root\_codex-git\tudo-para-ia-customer-ops-platform,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/_codex-git -tudo-para-ia-docs-plataform,tudo-para-ia-docs-plataform,admin/tudo-para-ia-docs-plataform,windows-primary,G:\_codex-git\tudo-para-ia-docs-plataform,tudo-para-ia-docs-plataform,G:\_codex-git\tudo-para-ia-docs-plataform,present_git,main,e7330785b3b792c8401bfec9ae46c146f1231155,https://git.ami.app.br/admin/tudo-para-ia-docs-plataform.git,clean,ahead=0;behind=0;upstream=origin/main,not-run, -tudo-para-ia-docs-plataform,tudo-para-ia-docs-plataform,admin/tudo-para-ia-docs-plataform,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-docs-plataform,tudo-para-ia-docs-plataform,G:\codex_vm\_codex-git\tudo-para-ia-docs-plataform,present_git,main,e7330785b3b792c8401bfec9ae46c146f1231155,https://git.ami.app.br/admin/tudo-para-ia-docs-plataform.git,clean,ahead=0;behind=0;upstream=origin/main,not-run, -tudo-para-ia-docs-plataform,tudo-para-ia-docs-plataform,admin/tudo-para-ia-docs-plataform,codex-server,\root\__gpt-codex\tudo-para-ia-docs-plataform,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex -tudo-para-ia-docs-plataform,tudo-para-ia-docs-plataform,admin/tudo-para-ia-docs-plataform,gitlab-server,\root\_codex-git\tudo-para-ia-docs-plataform,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/_codex-git -tudo-para-ia-finance-platform,tudo-para-ia-finance-platform,admin/tudo-para-ia-finance-platform,windows-primary,G:\_codex-git\tudo-para-ia-finance-platform,tudo-para-ia-finance-platform,G:\_codex-git\tudo-para-ia-finance-platform,present_git,main,af42e69e75fa557d1cb646f18b9c20593854cd96,https://git.ami.app.br/admin/tudo-para-ia-finance-platform.git,dirty,ahead=0;behind=0;upstream=origin/main,not-run, -tudo-para-ia-finance-platform,tudo-para-ia-finance-platform,admin/tudo-para-ia-finance-platform,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-finance-platform,tudo-para-ia-finance-platform,G:\codex_vm\_codex-git\tudo-para-ia-finance-platform,present_git,main,af42e69e75fa557d1cb646f18b9c20593854cd96,https://git.ami.app.br/admin/tudo-para-ia-finance-platform.git,clean,ahead=0;behind=0;upstream=origin/main,not-run, -tudo-para-ia-finance-platform,tudo-para-ia-finance-platform,admin/tudo-para-ia-finance-platform,codex-server,\root\__gpt-codex\tudo-para-ia-finance-platform,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex -tudo-para-ia-finance-platform,tudo-para-ia-finance-platform,admin/tudo-para-ia-finance-platform,gitlab-server,\root\_codex-git\tudo-para-ia-finance-platform,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/_codex-git -tudo-para-ia-gettys-platform,tudo-para-ia-gettys-platform,admin/tudo-para-ia-gettys-platform,windows-primary,G:\_codex-git\tudo-para-ia-gettys-platform,tudo-para-ia-gettys-platform,G:\_codex-git\tudo-para-ia-gettys-platform,present_git,main,d116fb397d34068883f78e7508aedb97b0fa7eab,https://git.ami.app.br/admin/tudo-para-ia-gettys-platform.git,clean,ahead=0;behind=0;upstream=origin/main,not-run, -tudo-para-ia-gettys-platform,tudo-para-ia-gettys-platform,admin/tudo-para-ia-gettys-platform,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-gettys-platform,tudo-para-ia-gettys-platform,G:\codex_vm\_codex-git\tudo-para-ia-gettys-platform,present_git,main,d116fb397d34068883f78e7508aedb97b0fa7eab,https://git.ami.app.br/admin/tudo-para-ia-gettys-platform.git,clean,ahead=0;behind=0;upstream=origin/main,not-run, -tudo-para-ia-gettys-platform,tudo-para-ia-gettys-platform,admin/tudo-para-ia-gettys-platform,codex-server,\root\__gpt-codex\tudo-para-ia-gettys-platform,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex -tudo-para-ia-gettys-platform,tudo-para-ia-gettys-platform,admin/tudo-para-ia-gettys-platform,gitlab-server,\root\_codex-git\tudo-para-ia-gettys-platform,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/_codex-git -tudo-para-ia-identity-platform,tudo-para-ia-identity-platform,admin/tudo-para-ia-identity-platform,windows-primary,G:\_codex-git\tudo-para-ia-identity-platform,tudo-para-ia-identity-platform,G:\_codex-git\tudo-para-ia-identity-platform,present_git,main,5d47be0be72a335d59be91c6dc36756e20355847,https://git.ami.app.br/admin/tudo-para-ia-identity-platform.git,dirty,ahead=0;behind=0;upstream=origin/main,not-run, -tudo-para-ia-identity-platform,tudo-para-ia-identity-platform,admin/tudo-para-ia-identity-platform,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-identity-platform,tudo-para-ia-identity-platform,G:\codex_vm\_codex-git\tudo-para-ia-identity-platform,present_git,main,5d47be0be72a335d59be91c6dc36756e20355847,https://git.ami.app.br/admin/tudo-para-ia-identity-platform.git,clean,ahead=0;behind=0;upstream=origin/main,not-run, -tudo-para-ia-identity-platform,tudo-para-ia-identity-platform,admin/tudo-para-ia-identity-platform,codex-server,\root\__gpt-codex\tudo-para-ia-identity-platform,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex -tudo-para-ia-identity-platform,tudo-para-ia-identity-platform,admin/tudo-para-ia-identity-platform,gitlab-server,\root\_codex-git\tudo-para-ia-identity-platform,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/_codex-git -tudo-para-ia-integracoes-platform,tudo-para-ia-integracoes-platform,admin/tudo-para-ia-integracoes-platform,windows-primary,G:\_codex-git\tudo-para-ia-integracoes-platform,tudo-para-ia-integracoes-platform,G:\_codex-git\tudo-para-ia-integracoes-platform,present_git,main,e067074d349a7101579276bd582601b3e6476de8,https://git.ami.app.br/admin/tudo-para-ia-integracoes-plataform.git,dirty,ahead=1;behind=1;upstream=origin/main,not-run, -tudo-para-ia-integracoes-platform,tudo-para-ia-integracoes-platform,admin/tudo-para-ia-integracoes-platform,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-integracoes-platform,tudo-para-ia-integracoes-plataform,G:\codex_vm\_codex-git\tudo-para-ia-integracoes-plataform,present_git,main,eaf49821adefdc1b9d64f456598e9c478a1d498d,https://git.ami.app.br/admin/tudo-para-ia-integracoes-plataform.git,clean,ahead=0;behind=0;upstream=origin/main,not-run,materializado como alias tudo-para-ia-integracoes-plataform; esperado tudo-para-ia-integracoes-platform -tudo-para-ia-integracoes-platform,tudo-para-ia-integracoes-platform,admin/tudo-para-ia-integracoes-platform,codex-server,\root\__gpt-codex\tudo-para-ia-integracoes-platform,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex -tudo-para-ia-integracoes-platform,tudo-para-ia-integracoes-platform,admin/tudo-para-ia-integracoes-platform,gitlab-server,\root\_codex-git\tudo-para-ia-integracoes-platform,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/_codex-git -tudo-para-ia-intelligence-platform,tudo-para-ia-intelligence-platform,admin/tudo-para-ia-intelligence-platform,windows-primary,G:\_codex-git\tudo-para-ia-intelligence-platform,tudo-para-ia-intelligence-platform,G:\_codex-git\tudo-para-ia-intelligence-platform,present_git,main,37c3ae1945864be8fed0e3dd4c0c560b486fba09,https://git.ami.app.br/admin/tudo-para-ia-intelligence-platform.git,clean,unknown:fatal: no upstream configured for branch 'main',not-run, -tudo-para-ia-intelligence-platform,tudo-para-ia-intelligence-platform,admin/tudo-para-ia-intelligence-platform,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-intelligence-platform,tudo-para-ia-intelligence-platform,G:\codex_vm\_codex-git\tudo-para-ia-intelligence-platform,present_git,main,37c3ae1945864be8fed0e3dd4c0c560b486fba09,https://git.ami.app.br/admin/tudo-para-ia-intelligence-platform.git,clean,ahead=0;behind=0;upstream=origin/main,not-run, -tudo-para-ia-intelligence-platform,tudo-para-ia-intelligence-platform,admin/tudo-para-ia-intelligence-platform,codex-server,\root\__gpt-codex\tudo-para-ia-intelligence-platform,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex -tudo-para-ia-intelligence-platform,tudo-para-ia-intelligence-platform,admin/tudo-para-ia-intelligence-platform,gitlab-server,\root\_codex-git\tudo-para-ia-intelligence-platform,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/_codex-git -tudo-para-ia-mais-humana-platform,tudo-para-ia-mais-humana,admin/tudo-para-ia-mais-humana,windows-primary,G:\_codex-git\tudo-para-ia-mais-humana,tudo-para-ia-mais-humana,G:\_codex-git\tudo-para-ia-mais-humana,present_git,main,cdce7a8b65d26384877de0fe599f603eb39e43e2,https://git.ami.app.br/admin/tudo-para-ia-mais-humana.git,clean,unknown:fatal: no upstream configured for branch 'main',not-run, -tudo-para-ia-mais-humana-platform,tudo-para-ia-mais-humana,admin/tudo-para-ia-mais-humana,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-mais-humana,tudo-para-ia-mais-humana,G:\codex_vm\_codex-git\tudo-para-ia-mais-humana,present_git,main,f9d954deda54309e96214df45a0949f22e8f6b77,https://git.ami.app.br/admin/tudo-para-ia-mais-humana.git,clean,ahead=1;behind=11;upstream=origin/main,not-run, -tudo-para-ia-mais-humana-platform,tudo-para-ia-mais-humana,admin/tudo-para-ia-mais-humana,codex-server,\root\__gpt-codex\tudo-para-ia-mais-humana,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex -tudo-para-ia-mais-humana-platform,tudo-para-ia-mais-humana,admin/tudo-para-ia-mais-humana,gitlab-server,\root\_codex-git\tudo-para-ia-mais-humana,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/_codex-git -tudo-para-ia-mcps-internos-plataform,tudo-para-ia-mcps-internos-plataform,admin/tudo-para-ia-mcps-internos-plataform,windows-primary,G:\_codex-git\tudo-para-ia-mcps-internos-plataform,tudo-para-ia-mcps-internos-plataform,G:\_codex-git\tudo-para-ia-mcps-internos-plataform,present_git,main,694c3906aa8811c3733aa43897cbea602ffe525b,https://git.ami.app.br/admin/tudo-para-ia-mcps-internos-plataform.git,clean,ahead=0;behind=0;upstream=origin/main,not-run, -tudo-para-ia-mcps-internos-plataform,tudo-para-ia-mcps-internos-plataform,admin/tudo-para-ia-mcps-internos-plataform,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-mcps-internos-plataform,tudo-para-ia-mcps-internos-plataform,G:\codex_vm\_codex-git\tudo-para-ia-mcps-internos-plataform,present_git,main,694c3906aa8811c3733aa43897cbea602ffe525b,https://git.ami.app.br/admin/tudo-para-ia-mcps-internos-plataform.git,clean,ahead=0;behind=0;upstream=origin/main,not-run, -tudo-para-ia-mcps-internos-plataform,tudo-para-ia-mcps-internos-plataform,admin/tudo-para-ia-mcps-internos-plataform,codex-server,\root\__gpt-codex\tudo-para-ia-mcps-internos-plataform,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex -tudo-para-ia-mcps-internos-plataform,tudo-para-ia-mcps-internos-plataform,admin/tudo-para-ia-mcps-internos-plataform,gitlab-server,\root\_codex-git\tudo-para-ia-mcps-internos-plataform,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/_codex-git -tudo-para-ia-platform-base,tudo-para-ia-platform-base,admin/tudo-para-ia-platform-base,windows-primary,G:\_codex-git\tudo-para-ia-platform-base,tudo-para-ia-platform-base,G:\_codex-git\tudo-para-ia-platform-base,present_git,main,f87d17cf683222b53fb7a1e6217667d7af35fd45,https://git.ami.app.br/admin/tudo-para-ia-platform-base.git,clean,ahead=0;behind=0;upstream=origin/main,not-run, -tudo-para-ia-platform-base,tudo-para-ia-platform-base,admin/tudo-para-ia-platform-base,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-platform-base,tudo-para-ia-platform-base,G:\codex_vm\_codex-git\tudo-para-ia-platform-base,present_git,main,4f6e1590ddafd990da4fb07c50e97a545a05aa36,https://git.ami.app.br/admin/tudo-para-ia-platform-base.git,dirty,ahead=0;behind=9;upstream=origin/main,not-run, -tudo-para-ia-platform-base,tudo-para-ia-platform-base,admin/tudo-para-ia-platform-base,codex-server,\root\__gpt-codex\tudo-para-ia-platform-base,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex -tudo-para-ia-platform-base,tudo-para-ia-platform-base,admin/tudo-para-ia-platform-base,gitlab-server,\root\_codex-git\tudo-para-ia-platform-base,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/_codex-git -tudo-para-ia-public-platform,tudo-para-ia-public-platform,admin/tudo-para-ia-public-platform,windows-primary,G:\_codex-git\tudo-para-ia-public-platform,tudo-para-ia-public-platform,G:\_codex-git\tudo-para-ia-public-platform,present_git,main,7980d3de29ab1432feb8b1fdcc6ad3e06dae8825,https://git.ami.app.br/admin/tudo-para-ia-public-platform.git,clean,ahead=0;behind=0;upstream=origin/main,not-run, -tudo-para-ia-public-platform,tudo-para-ia-public-platform,admin/tudo-para-ia-public-platform,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-public-platform,tudo-para-ia-public-platform,G:\codex_vm\_codex-git\tudo-para-ia-public-platform,present_git,main,7980d3de29ab1432feb8b1fdcc6ad3e06dae8825,https://git.ami.app.br/admin/tudo-para-ia-public-platform.git,clean,ahead=0;behind=0;upstream=origin/main,not-run, -tudo-para-ia-public-platform,tudo-para-ia-public-platform,admin/tudo-para-ia-public-platform,codex-server,\root\__gpt-codex\tudo-para-ia-public-platform,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex -tudo-para-ia-public-platform,tudo-para-ia-public-platform,admin/tudo-para-ia-public-platform,gitlab-server,\root\_codex-git\tudo-para-ia-public-platform,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/_codex-git -tudo-para-ia-stj-platform,tudo-para-ia-stj-platform,admin/tudo-para-ia-stj-platform,windows-primary,G:\_codex-git\tudo-para-ia-stj-platform,tudo-para-ia-stj-platform,G:\_codex-git\tudo-para-ia-stj-platform,present_git,main,b83f848f3ef61c83e8abc342066a7cb161b9237c,https://git.ami.app.br/admin/tudo-para-ia-stj-platform.git,clean,ahead=0;behind=0;upstream=origin/main,not-run, -tudo-para-ia-stj-platform,tudo-para-ia-stj-platform,admin/tudo-para-ia-stj-platform,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-stj-platform,tudo-para-ia-stj-platform,G:\codex_vm\_codex-git\tudo-para-ia-stj-platform,present_git,main,b83f848f3ef61c83e8abc342066a7cb161b9237c,https://git.ami.app.br/admin/tudo-para-ia-stj-platform.git,clean,ahead=0;behind=0;upstream=origin/main,not-run, -tudo-para-ia-stj-platform,tudo-para-ia-stj-platform,admin/tudo-para-ia-stj-platform,codex-server,\root\__gpt-codex\tudo-para-ia-stj-platform,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex -tudo-para-ia-stj-platform,tudo-para-ia-stj-platform,admin/tudo-para-ia-stj-platform,gitlab-server,\root\_codex-git\tudo-para-ia-stj-platform,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/_codex-git -tudo-para-ia-ui-platform,tudo-para-ia-ui-platform,admin/tudo-para-ia-ui-platform,windows-primary,G:\_codex-git\tudo-para-ia-ui-platform,tudo-para-ia-ui-platform,G:\_codex-git\tudo-para-ia-ui-platform,present_git,main,76c81999d710ab23e438f9017192dd9fd37018af,https://git.ami.app.br/admin/tudo-para-ia-ui-platform.git,clean,unknown:fatal: no upstream configured for branch 'main',not-run, -tudo-para-ia-ui-platform,tudo-para-ia-ui-platform,admin/tudo-para-ia-ui-platform,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-ui-platform,tudo-para-ia-ui-platform,G:\codex_vm\_codex-git\tudo-para-ia-ui-platform,present_git,main,76c81999d710ab23e438f9017192dd9fd37018af,https://git.ami.app.br/admin/tudo-para-ia-ui-platform.git,clean,ahead=0;behind=0;upstream=origin/main,not-run, -tudo-para-ia-ui-platform,tudo-para-ia-ui-platform,admin/tudo-para-ia-ui-platform,codex-server,\root\__gpt-codex\tudo-para-ia-ui-platform,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex -tudo-para-ia-ui-platform,tudo-para-ia-ui-platform,admin/tudo-para-ia-ui-platform,gitlab-server,\root\_codex-git\tudo-para-ia-ui-platform,,,unreachable_environment,,,,unreachable_environment,,not-run,ambiente nao acessivel a partir desta sessao: /root/_codex-git +tudo-para-ia-business-platform,tudo-para-ia-business-platform,admin/tudo-para-ia-business-platform,windows-primary,G:\_codex-git\tudo-para-ia-business-platform,tudo-para-ia-business-platform,G:\_codex-git\tudo-para-ia-business-platform,present_git,main,775e3c0ba8dfd5dc03c7e03384b0adbf93be729e,https://git.ami.app.br/admin/tudo-para-ia-business-platform.git,clean,ahead=0;behind=0;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-business-platform,tudo-para-ia-business-platform,admin/tudo-para-ia-business-platform,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-business-platform,tudo-para-ia-business-platform,G:\codex_vm\_codex-git\tudo-para-ia-business-platform,present_git,main,775e3c0ba8dfd5dc03c7e03384b0adbf93be729e,https://git.ami.app.br/admin/tudo-para-ia-business-platform.git,clean,ahead=0;behind=0;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-business-platform,tudo-para-ia-business-platform,admin/tudo-para-ia-business-platform,codex-server,\root\__gpt-codex\tudo-para-ia-business-platform,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex +tudo-para-ia-business-platform,tudo-para-ia-business-platform,admin/tudo-para-ia-business-platform,gitlab-server,\root\_codex-git\tudo-para-ia-business-platform,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/_codex-git +tudo-para-ia-compliance-platform,tudo-para-ia-compliance-platform,admin/tudo-para-ia-compliance-platform,windows-primary,G:\_codex-git\tudo-para-ia-compliance-platform,tudo-para-ia-compliance-platform,G:\_codex-git\tudo-para-ia-compliance-platform,present_git,main,a97cd9a1103e336b14d52570788095cfaea71394,https://git.ami.app.br/admin/tudo-para-ia-compliance-platform.git,clean,ahead=0;behind=0;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-compliance-platform,tudo-para-ia-compliance-platform,admin/tudo-para-ia-compliance-platform,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-compliance-platform,tudo-para-ia-compliance-platform,G:\codex_vm\_codex-git\tudo-para-ia-compliance-platform,present_git,main,a97cd9a1103e336b14d52570788095cfaea71394,https://git.ami.app.br/admin/tudo-para-ia-compliance-platform.git,clean,ahead=0;behind=0;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-compliance-platform,tudo-para-ia-compliance-platform,admin/tudo-para-ia-compliance-platform,codex-server,\root\__gpt-codex\tudo-para-ia-compliance-platform,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex +tudo-para-ia-compliance-platform,tudo-para-ia-compliance-platform,admin/tudo-para-ia-compliance-platform,gitlab-server,\root\_codex-git\tudo-para-ia-compliance-platform,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/_codex-git +tudo-para-ia-customer-ops-platform,tudo-para-ia-customer-ops-platform,admin/tudo-para-ia-customer-ops-platform,windows-primary,G:\_codex-git\tudo-para-ia-customer-ops-platform,tudo-para-ia-customer-ops-platform,G:\_codex-git\tudo-para-ia-customer-ops-platform,present_git,main,bf45665a80ffd63b0ddb5608a49007429c140a39,https://git.ami.app.br/admin/tudo-para-ia-customer-ops-platform.git,clean,ahead=0;behind=0;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-customer-ops-platform,tudo-para-ia-customer-ops-platform,admin/tudo-para-ia-customer-ops-platform,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-customer-ops-platform,tudo-para-ia-customer-ops-platform,G:\codex_vm\_codex-git\tudo-para-ia-customer-ops-platform,present_git,main,bf45665a80ffd63b0ddb5608a49007429c140a39,https://git.ami.app.br/admin/tudo-para-ia-customer-ops-platform.git,clean,ahead=0;behind=0;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-customer-ops-platform,tudo-para-ia-customer-ops-platform,admin/tudo-para-ia-customer-ops-platform,codex-server,\root\__gpt-codex\tudo-para-ia-customer-ops-platform,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex +tudo-para-ia-customer-ops-platform,tudo-para-ia-customer-ops-platform,admin/tudo-para-ia-customer-ops-platform,gitlab-server,\root\_codex-git\tudo-para-ia-customer-ops-platform,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/_codex-git +tudo-para-ia-docs-plataform,tudo-para-ia-docs-plataform,admin/tudo-para-ia-docs-plataform,windows-primary,G:\_codex-git\tudo-para-ia-docs-plataform,tudo-para-ia-docs-plataform,G:\_codex-git\tudo-para-ia-docs-plataform,present_git,main,f0d043d97d78b31f95c55ab1be2cfff5e65ec500,https://git.ami.app.br/admin/tudo-para-ia-docs-plataform.git,clean,ahead=0;behind=0;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-docs-plataform,tudo-para-ia-docs-plataform,admin/tudo-para-ia-docs-plataform,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-docs-plataform,tudo-para-ia-docs-plataform,G:\codex_vm\_codex-git\tudo-para-ia-docs-plataform,present_git,main,f0d043d97d78b31f95c55ab1be2cfff5e65ec500,https://git.ami.app.br/admin/tudo-para-ia-docs-plataform.git,clean,ahead=0;behind=0;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-docs-plataform,tudo-para-ia-docs-plataform,admin/tudo-para-ia-docs-plataform,codex-server,\root\__gpt-codex\tudo-para-ia-docs-plataform,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex +tudo-para-ia-docs-plataform,tudo-para-ia-docs-plataform,admin/tudo-para-ia-docs-plataform,gitlab-server,\root\_codex-git\tudo-para-ia-docs-plataform,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/_codex-git +tudo-para-ia-finance-platform,tudo-para-ia-finance-platform,admin/tudo-para-ia-finance-platform,windows-primary,G:\_codex-git\tudo-para-ia-finance-platform,tudo-para-ia-finance-platform,G:\_codex-git\tudo-para-ia-finance-platform,present_git,main,c09e54801470f45b22513b53fdedb3cc3750654b,https://git.ami.app.br/admin/tudo-para-ia-finance-platform.git,dirty,ahead=0;behind=0;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-finance-platform,tudo-para-ia-finance-platform,admin/tudo-para-ia-finance-platform,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-finance-platform,tudo-para-ia-finance-platform,G:\codex_vm\_codex-git\tudo-para-ia-finance-platform,present_git,main,c09e54801470f45b22513b53fdedb3cc3750654b,https://git.ami.app.br/admin/tudo-para-ia-finance-platform.git,clean,ahead=0;behind=0;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-finance-platform,tudo-para-ia-finance-platform,admin/tudo-para-ia-finance-platform,codex-server,\root\__gpt-codex\tudo-para-ia-finance-platform,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex +tudo-para-ia-finance-platform,tudo-para-ia-finance-platform,admin/tudo-para-ia-finance-platform,gitlab-server,\root\_codex-git\tudo-para-ia-finance-platform,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/_codex-git +tudo-para-ia-gettys-platform,tudo-para-ia-gettys-platform,admin/tudo-para-ia-gettys-platform,windows-primary,G:\_codex-git\tudo-para-ia-gettys-platform,tudo-para-ia-gettys-platform,G:\_codex-git\tudo-para-ia-gettys-platform,present_git,main,e304fb7dbfc34ff5c05bd636194e1ccb6a307931,https://git.ami.app.br/admin/tudo-para-ia-gettys-platform.git,clean,ahead=0;behind=0;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-gettys-platform,tudo-para-ia-gettys-platform,admin/tudo-para-ia-gettys-platform,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-gettys-platform,tudo-para-ia-gettys-platform,G:\codex_vm\_codex-git\tudo-para-ia-gettys-platform,present_git,main,e304fb7dbfc34ff5c05bd636194e1ccb6a307931,https://git.ami.app.br/admin/tudo-para-ia-gettys-platform.git,clean,ahead=0;behind=0;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-gettys-platform,tudo-para-ia-gettys-platform,admin/tudo-para-ia-gettys-platform,codex-server,\root\__gpt-codex\tudo-para-ia-gettys-platform,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex +tudo-para-ia-gettys-platform,tudo-para-ia-gettys-platform,admin/tudo-para-ia-gettys-platform,gitlab-server,\root\_codex-git\tudo-para-ia-gettys-platform,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/_codex-git +tudo-para-ia-identity-platform,tudo-para-ia-identity-platform,admin/tudo-para-ia-identity-platform,windows-primary,G:\_codex-git\tudo-para-ia-identity-platform,tudo-para-ia-identity-platform,G:\_codex-git\tudo-para-ia-identity-platform,present_git,main,a31adba6dd47eec7f584dbac0e8a76bc802ad3c0,https://git.ami.app.br/admin/tudo-para-ia-identity-platform.git,dirty,ahead=0;behind=0;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-identity-platform,tudo-para-ia-identity-platform,admin/tudo-para-ia-identity-platform,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-identity-platform,tudo-para-ia-identity-platform,G:\codex_vm\_codex-git\tudo-para-ia-identity-platform,present_git,main,a31adba6dd47eec7f584dbac0e8a76bc802ad3c0,https://git.ami.app.br/admin/tudo-para-ia-identity-platform.git,clean,ahead=0;behind=0;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-identity-platform,tudo-para-ia-identity-platform,admin/tudo-para-ia-identity-platform,codex-server,\root\__gpt-codex\tudo-para-ia-identity-platform,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex +tudo-para-ia-identity-platform,tudo-para-ia-identity-platform,admin/tudo-para-ia-identity-platform,gitlab-server,\root\_codex-git\tudo-para-ia-identity-platform,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/_codex-git +tudo-para-ia-integracoes-platform,tudo-para-ia-integracoes-platform,admin/tudo-para-ia-integracoes-platform,windows-primary,G:\_codex-git\tudo-para-ia-integracoes-platform,tudo-para-ia-integracoes-platform,G:\_codex-git\tudo-para-ia-integracoes-platform,present_git,main,e067074d349a7101579276bd582601b3e6476de8,https://git.ami.app.br/admin/tudo-para-ia-integracoes-plataform.git,dirty,ahead=1;behind=1;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-integracoes-platform,tudo-para-ia-integracoes-platform,admin/tudo-para-ia-integracoes-platform,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-integracoes-platform,tudo-para-ia-integracoes-plataform,G:\codex_vm\_codex-git\tudo-para-ia-integracoes-plataform,present_git,main,eaf49821adefdc1b9d64f456598e9c478a1d498d,https://git.ami.app.br/admin/tudo-para-ia-integracoes-plataform.git,clean,ahead=0;behind=0;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied,materializado como alias tudo-para-ia-integracoes-plataform; esperado tudo-para-ia-integracoes-platform +tudo-para-ia-integracoes-platform,tudo-para-ia-integracoes-platform,admin/tudo-para-ia-integracoes-platform,codex-server,\root\__gpt-codex\tudo-para-ia-integracoes-platform,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex +tudo-para-ia-integracoes-platform,tudo-para-ia-integracoes-platform,admin/tudo-para-ia-integracoes-platform,gitlab-server,\root\_codex-git\tudo-para-ia-integracoes-platform,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/_codex-git +tudo-para-ia-intelligence-platform,tudo-para-ia-intelligence-platform,admin/tudo-para-ia-intelligence-platform,windows-primary,G:\_codex-git\tudo-para-ia-intelligence-platform,tudo-para-ia-intelligence-platform,G:\_codex-git\tudo-para-ia-intelligence-platform,present_git,main,37c3ae1945864be8fed0e3dd4c0c560b486fba09,https://git.ami.app.br/admin/tudo-para-ia-intelligence-platform.git,clean,unknown:fatal: no upstream configured for branch 'main',error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-intelligence-platform,tudo-para-ia-intelligence-platform,admin/tudo-para-ia-intelligence-platform,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-intelligence-platform,tudo-para-ia-intelligence-platform,G:\codex_vm\_codex-git\tudo-para-ia-intelligence-platform,present_git,main,37c3ae1945864be8fed0e3dd4c0c560b486fba09,https://git.ami.app.br/admin/tudo-para-ia-intelligence-platform.git,clean,ahead=0;behind=0;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-intelligence-platform,tudo-para-ia-intelligence-platform,admin/tudo-para-ia-intelligence-platform,codex-server,\root\__gpt-codex\tudo-para-ia-intelligence-platform,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex +tudo-para-ia-intelligence-platform,tudo-para-ia-intelligence-platform,admin/tudo-para-ia-intelligence-platform,gitlab-server,\root\_codex-git\tudo-para-ia-intelligence-platform,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/_codex-git +tudo-para-ia-mais-humana-platform,tudo-para-ia-mais-humana,admin/tudo-para-ia-mais-humana,windows-primary,G:\_codex-git\tudo-para-ia-mais-humana,tudo-para-ia-mais-humana,G:\_codex-git\tudo-para-ia-mais-humana,present_git,main,9493926b90d2bb2d7a42cfd65656fe7e3cd43c63,https://git.ami.app.br/admin/tudo-para-ia-mais-humana.git,dirty,unknown:fatal: no upstream configured for branch 'main',error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-mais-humana-platform,tudo-para-ia-mais-humana,admin/tudo-para-ia-mais-humana,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-mais-humana,tudo-para-ia-mais-humana,G:\codex_vm\_codex-git\tudo-para-ia-mais-humana,present_git,main,f9d954deda54309e96214df45a0949f22e8f6b77,https://git.ami.app.br/admin/tudo-para-ia-mais-humana.git,clean,ahead=1;behind=16;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-mais-humana-platform,tudo-para-ia-mais-humana,admin/tudo-para-ia-mais-humana,codex-server,\root\__gpt-codex\tudo-para-ia-mais-humana,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex +tudo-para-ia-mais-humana-platform,tudo-para-ia-mais-humana,admin/tudo-para-ia-mais-humana,gitlab-server,\root\_codex-git\tudo-para-ia-mais-humana,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/_codex-git +tudo-para-ia-mcps-internos-plataform,tudo-para-ia-mcps-internos-plataform,admin/tudo-para-ia-mcps-internos-plataform,windows-primary,G:\_codex-git\tudo-para-ia-mcps-internos-plataform,tudo-para-ia-mcps-internos-plataform,G:\_codex-git\tudo-para-ia-mcps-internos-plataform,present_git,main,26ddf904aca27526a043634825af07ac85f0a91f,https://git.ami.app.br/admin/tudo-para-ia-mcps-internos-plataform.git,clean,ahead=0;behind=0;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-mcps-internos-plataform,tudo-para-ia-mcps-internos-plataform,admin/tudo-para-ia-mcps-internos-plataform,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-mcps-internos-plataform,tudo-para-ia-mcps-internos-plataform,G:\codex_vm\_codex-git\tudo-para-ia-mcps-internos-plataform,present_git,main,26ddf904aca27526a043634825af07ac85f0a91f,https://git.ami.app.br/admin/tudo-para-ia-mcps-internos-plataform.git,clean,ahead=0;behind=0;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-mcps-internos-plataform,tudo-para-ia-mcps-internos-plataform,admin/tudo-para-ia-mcps-internos-plataform,codex-server,\root\__gpt-codex\tudo-para-ia-mcps-internos-plataform,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex +tudo-para-ia-mcps-internos-plataform,tudo-para-ia-mcps-internos-plataform,admin/tudo-para-ia-mcps-internos-plataform,gitlab-server,\root\_codex-git\tudo-para-ia-mcps-internos-plataform,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/_codex-git +tudo-para-ia-platform-base,tudo-para-ia-platform-base,admin/tudo-para-ia-platform-base,windows-primary,G:\_codex-git\tudo-para-ia-platform-base,tudo-para-ia-platform-base,G:\_codex-git\tudo-para-ia-platform-base,present_git,main,c326f6e7014a08ce4d9cbdf20576f8356920f4a1,https://git.ami.app.br/admin/tudo-para-ia-platform-base.git,clean,ahead=0;behind=0;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-platform-base,tudo-para-ia-platform-base,admin/tudo-para-ia-platform-base,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-platform-base,tudo-para-ia-platform-base,G:\codex_vm\_codex-git\tudo-para-ia-platform-base,present_git,main,4f6e1590ddafd990da4fb07c50e97a545a05aa36,https://git.ami.app.br/admin/tudo-para-ia-platform-base.git,dirty,ahead=0;behind=10;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-platform-base,tudo-para-ia-platform-base,admin/tudo-para-ia-platform-base,codex-server,\root\__gpt-codex\tudo-para-ia-platform-base,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex +tudo-para-ia-platform-base,tudo-para-ia-platform-base,admin/tudo-para-ia-platform-base,gitlab-server,\root\_codex-git\tudo-para-ia-platform-base,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/_codex-git +tudo-para-ia-public-platform,tudo-para-ia-public-platform,admin/tudo-para-ia-public-platform,windows-primary,G:\_codex-git\tudo-para-ia-public-platform,tudo-para-ia-public-platform,G:\_codex-git\tudo-para-ia-public-platform,present_git,main,7980d3de29ab1432feb8b1fdcc6ad3e06dae8825,https://git.ami.app.br/admin/tudo-para-ia-public-platform.git,clean,ahead=0;behind=0;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-public-platform,tudo-para-ia-public-platform,admin/tudo-para-ia-public-platform,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-public-platform,tudo-para-ia-public-platform,G:\codex_vm\_codex-git\tudo-para-ia-public-platform,present_git,main,7980d3de29ab1432feb8b1fdcc6ad3e06dae8825,https://git.ami.app.br/admin/tudo-para-ia-public-platform.git,clean,ahead=0;behind=0;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-public-platform,tudo-para-ia-public-platform,admin/tudo-para-ia-public-platform,codex-server,\root\__gpt-codex\tudo-para-ia-public-platform,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex +tudo-para-ia-public-platform,tudo-para-ia-public-platform,admin/tudo-para-ia-public-platform,gitlab-server,\root\_codex-git\tudo-para-ia-public-platform,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/_codex-git +tudo-para-ia-stj-platform,tudo-para-ia-stj-platform,admin/tudo-para-ia-stj-platform,windows-primary,G:\_codex-git\tudo-para-ia-stj-platform,tudo-para-ia-stj-platform,G:\_codex-git\tudo-para-ia-stj-platform,present_git,main,b83f848f3ef61c83e8abc342066a7cb161b9237c,https://git.ami.app.br/admin/tudo-para-ia-stj-platform.git,clean,ahead=0;behind=0;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-stj-platform,tudo-para-ia-stj-platform,admin/tudo-para-ia-stj-platform,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-stj-platform,tudo-para-ia-stj-platform,G:\codex_vm\_codex-git\tudo-para-ia-stj-platform,present_git,main,b83f848f3ef61c83e8abc342066a7cb161b9237c,https://git.ami.app.br/admin/tudo-para-ia-stj-platform.git,clean,ahead=0;behind=0;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-stj-platform,tudo-para-ia-stj-platform,admin/tudo-para-ia-stj-platform,codex-server,\root\__gpt-codex\tudo-para-ia-stj-platform,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex +tudo-para-ia-stj-platform,tudo-para-ia-stj-platform,admin/tudo-para-ia-stj-platform,gitlab-server,\root\_codex-git\tudo-para-ia-stj-platform,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/_codex-git +tudo-para-ia-ui-platform,tudo-para-ia-ui-platform,admin/tudo-para-ia-ui-platform,windows-primary,G:\_codex-git\tudo-para-ia-ui-platform,tudo-para-ia-ui-platform,G:\_codex-git\tudo-para-ia-ui-platform,present_git,main,a1e6f07058d82892abbdca8d1f25ce3f0a072e44,https://git.ami.app.br/admin/tudo-para-ia-ui-platform.git,dirty,unknown:fatal: no upstream configured for branch 'main',error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-ui-platform,tudo-para-ia-ui-platform,admin/tudo-para-ia-ui-platform,windows-secondary,G:\codex_vm\_codex-git\tudo-para-ia-ui-platform,tudo-para-ia-ui-platform,G:\codex_vm\_codex-git\tudo-para-ia-ui-platform,present_git,main,a1e6f07058d82892abbdca8d1f25ce3f0a072e44,https://git.ami.app.br/admin/tudo-para-ia-ui-platform.git,clean,ahead=0;behind=0;upstream=origin/main,error: cannot open '.git/FETCH_HEAD': Permission denied, +tudo-para-ia-ui-platform,tudo-para-ia-ui-platform,admin/tudo-para-ia-ui-platform,codex-server,\root\__gpt-codex\tudo-para-ia-ui-platform,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/__gpt-codex +tudo-para-ia-ui-platform,tudo-para-ia-ui-platform,admin/tudo-para-ia-ui-platform,gitlab-server,\root\_codex-git\tudo-para-ia-ui-platform,,,unreachable_environment,,,,unreachable_environment,,,ambiente nao acessivel a partir desta sessao: /root/_codex-git diff --git a/matrizes/repository-mesh-operations.csv b/matrizes/repository-mesh-operations.csv index 0be498d..01f9454 100644 --- a/matrizes/repository-mesh-operations.csv +++ b/matrizes/repository-mesh-operations.csv @@ -24,6 +24,7 @@ mesh-op-53371f9e9f69,tudo-para-ia-integracoes-platform,nominal_rename_ready,warn mesh-op-d2c860f5f4ea,tudo-para-ia-integracoes-platform,manual_decision_required,blocker,no,no,Resolver conflito nominal antes de sincronizar,mais de uma variante nominal existe; reconciliacao manual evita duplicar repositorio,,comparar HEAD de cada variante nominal | decidir pasta canonica | bloquear clone/rename automatico,,tudo-para-ia-integracoes-platform:G:\_codex-git\tudo-para-ia-integracoes-platform:exists | tudo-para-ia-integracoes-plataform:G:\_codex-git\tudo-para-ia-integracoes-plataform:exists mesh-op-43539e7f7909,tudo-para-ia-intelligence-platform,environment_blocked,blocker,no,no,Executar inventario no ambiente inacessivel,ambiente declarado pela OS nao esta acessivel a partir desta sessao,,abrir sessao no host correspondente | rodar mais_humana.cli repo-mesh localmente,,codex-server | \root\__gpt-codex\tudo-para-ia-intelligence-platform | ambiente nao acessivel a partir desta sessao: /root/__gpt-codex mesh-op-d613b4ef3042,tudo-para-ia-intelligence-platform,environment_blocked,blocker,no,no,Executar inventario no ambiente inacessivel,ambiente declarado pela OS nao esta acessivel a partir desta sessao,,abrir sessao no host correspondente | rodar mais_humana.cli repo-mesh localmente,,gitlab-server | \root\_codex-git\tudo-para-ia-intelligence-platform | ambiente nao acessivel a partir desta sessao: /root/_codex-git +mesh-op-939aab9da783,tudo-para-ia-mais-humana-platform,dirty_blocked,blocker,no,no,Bloquear sincronizacao destrutiva por working tree sujo,alteracoes locais nao commitadas podem ser a versao valida mais recente,,registrar diff | commit ou stash consciente | decidir precedencia antes de pull/merge,,windows-primary | G:\_codex-git\tudo-para-ia-mais-humana | M src/mais_humana/generated_mcp_control_contracts.py | M src/mais_humana/mcp_contract.py | M tests/test_mcp_provider_contract.py | M tools/generate_mcp_control_contracts.py mesh-op-e68f2304a7c5,tudo-para-ia-mais-humana-platform,environment_blocked,blocker,no,no,Executar inventario no ambiente inacessivel,ambiente declarado pela OS nao esta acessivel a partir desta sessao,,abrir sessao no host correspondente | rodar mais_humana.cli repo-mesh localmente,,codex-server | \root\__gpt-codex\tudo-para-ia-mais-humana | ambiente nao acessivel a partir desta sessao: /root/__gpt-codex mesh-op-bff28aba5f29,tudo-para-ia-mais-humana-platform,environment_blocked,blocker,no,no,Executar inventario no ambiente inacessivel,ambiente declarado pela OS nao esta acessivel a partir desta sessao,,abrir sessao no host correspondente | rodar mais_humana.cli repo-mesh localmente,,gitlab-server | \root\_codex-git\tudo-para-ia-mais-humana | ambiente nao acessivel a partir desta sessao: /root/_codex-git mesh-op-21e28a2e2dfd,tudo-para-ia-mcps-internos-plataform,environment_blocked,blocker,no,no,Executar inventario no ambiente inacessivel,ambiente declarado pela OS nao esta acessivel a partir desta sessao,,abrir sessao no host correspondente | rodar mais_humana.cli repo-mesh localmente,,codex-server | \root\__gpt-codex\tudo-para-ia-mcps-internos-plataform | ambiente nao acessivel a partir desta sessao: /root/__gpt-codex @@ -35,5 +36,6 @@ mesh-op-56670cc10694,tudo-para-ia-public-platform,environment_blocked,blocker,no mesh-op-5421845d6647,tudo-para-ia-public-platform,environment_blocked,blocker,no,no,Executar inventario no ambiente inacessivel,ambiente declarado pela OS nao esta acessivel a partir desta sessao,,abrir sessao no host correspondente | rodar mais_humana.cli repo-mesh localmente,,gitlab-server | \root\_codex-git\tudo-para-ia-public-platform | ambiente nao acessivel a partir desta sessao: /root/_codex-git mesh-op-741697842896,tudo-para-ia-stj-platform,environment_blocked,blocker,no,no,Executar inventario no ambiente inacessivel,ambiente declarado pela OS nao esta acessivel a partir desta sessao,,abrir sessao no host correspondente | rodar mais_humana.cli repo-mesh localmente,,codex-server | \root\__gpt-codex\tudo-para-ia-stj-platform | ambiente nao acessivel a partir desta sessao: /root/__gpt-codex mesh-op-2e71dfc6b5b7,tudo-para-ia-stj-platform,environment_blocked,blocker,no,no,Executar inventario no ambiente inacessivel,ambiente declarado pela OS nao esta acessivel a partir desta sessao,,abrir sessao no host correspondente | rodar mais_humana.cli repo-mesh localmente,,gitlab-server | \root\_codex-git\tudo-para-ia-stj-platform | ambiente nao acessivel a partir desta sessao: /root/_codex-git +mesh-op-a2cb403626e6,tudo-para-ia-ui-platform,dirty_blocked,blocker,no,no,Bloquear sincronizacao destrutiva por working tree sujo,alteracoes locais nao commitadas podem ser a versao valida mais recente,,registrar diff | commit ou stash consciente | decidir precedencia antes de pull/merge,,windows-primary | G:\_codex-git\tudo-para-ia-ui-platform | M reports/browser-validations/index.json | M reports/latest-mcp-gateway-evidence.json | M reports/latest-static-browser-validation.json | M reports/latest-unit-tests.json | M reports/mcp-gateway-evidence/index.json | ?? reports/browser-validations/static-browser-validation-20260502053043.json | ?? reports/mcp-gateway-evidence/mcp-gateway-evidence-20260502053114-483b3a8d.json mesh-op-7b801670d5d2,tudo-para-ia-ui-platform,environment_blocked,blocker,no,no,Executar inventario no ambiente inacessivel,ambiente declarado pela OS nao esta acessivel a partir desta sessao,,abrir sessao no host correspondente | rodar mais_humana.cli repo-mesh localmente,,codex-server | \root\__gpt-codex\tudo-para-ia-ui-platform | ambiente nao acessivel a partir desta sessao: /root/__gpt-codex mesh-op-894c832cefcb,tudo-para-ia-ui-platform,environment_blocked,blocker,no,no,Executar inventario no ambiente inacessivel,ambiente declarado pela OS nao esta acessivel a partir desta sessao,,abrir sessao no host correspondente | rodar mais_humana.cli repo-mesh localmente,,gitlab-server | \root\_codex-git\tudo-para-ia-ui-platform | ambiente nao acessivel a partir desta sessao: /root/_codex-git diff --git a/matrizes/repository-mesh-reconciliation.csv b/matrizes/repository-mesh-reconciliation.csv index 34400c9..97482f5 100644 --- a/matrizes/repository-mesh-reconciliation.csv +++ b/matrizes/repository-mesh-reconciliation.csv @@ -1,16 +1,16 @@ receipt_id,target_name,expected_local_name,status,risk,safe_to_auto_sync,selected_head,selected_environment,precedence,naming_status,pending_count,operation_count -mesh-receipt-7c46b8b7ecec,tudo-para-ia-business-platform,tudo-para-ia-business-platform,environment_blocked,blocked,no,bb1cec9a273a3c64023a6e7554e33a31bd7a8015,windows-primary,single_hash,exact | exact,1,2 +mesh-receipt-184e055e9773,tudo-para-ia-business-platform,tudo-para-ia-business-platform,environment_blocked,blocked,no,775e3c0ba8dfd5dc03c7e03384b0adbf93be729e,windows-primary,single_hash,exact | exact,1,2 mesh-receipt-808d841cbf34,tudo-para-ia-compliance-platform,tudo-para-ia-compliance-platform,environment_blocked,blocked,no,a97cd9a1103e336b14d52570788095cfaea71394,windows-primary,single_hash,exact | exact,1,2 mesh-receipt-999ee9650cbc,tudo-para-ia-customer-ops-platform,tudo-para-ia-customer-ops-platform,environment_blocked,blocked,no,bf45665a80ffd63b0ddb5608a49007429c140a39,windows-primary,single_hash,exact | exact,1,2 -mesh-receipt-c4a77cfe57a7,tudo-para-ia-docs-plataform,tudo-para-ia-docs-plataform,environment_blocked,blocked,no,e7330785b3b792c8401bfec9ae46c146f1231155,windows-primary,single_hash,exact | exact,1,2 +mesh-receipt-4ce8efb5e024,tudo-para-ia-docs-plataform,tudo-para-ia-docs-plataform,environment_blocked,blocked,no,f0d043d97d78b31f95c55ab1be2cfff5e65ec500,windows-primary,single_hash,exact | exact,1,2 mesh-receipt-c595e6b60555,tudo-para-ia-finance-platform,tudo-para-ia-finance-platform,dirty_blocked,blocked,no,,,dirty_tree,exact | exact,3,3 -mesh-receipt-91daef99f22d,tudo-para-ia-gettys-platform,tudo-para-ia-gettys-platform,environment_blocked,blocked,no,d116fb397d34068883f78e7508aedb97b0fa7eab,windows-primary,single_hash,exact | exact,1,2 +mesh-receipt-871c5cba6723,tudo-para-ia-gettys-platform,tudo-para-ia-gettys-platform,environment_blocked,blocked,no,e304fb7dbfc34ff5c05bd636194e1ccb6a307931,windows-primary,single_hash,exact | exact,1,2 mesh-receipt-3affe8d12639,tudo-para-ia-identity-platform,tudo-para-ia-identity-platform,dirty_blocked,blocked,no,,,dirty_tree,exact | exact,3,3 mesh-receipt-4b969c8e040f,tudo-para-ia-integracoes-platform,tudo-para-ia-integracoes-platform,dirty_blocked,blocked,no,,,dirty_tree,conflict | canonical_rename_required,6,7 mesh-receipt-ce597b4837e6,tudo-para-ia-intelligence-platform,tudo-para-ia-intelligence-platform,environment_blocked,blocked,no,37c3ae1945864be8fed0e3dd4c0c560b486fba09,windows-primary,single_hash,exact | exact,1,2 -mesh-receipt-c6a2b8e7407d,tudo-para-ia-mais-humana-platform,tudo-para-ia-mais-humana,environment_blocked,blocked,no,,,divergent,exact | exact,2,2 -mesh-receipt-ee4775550bc8,tudo-para-ia-mcps-internos-plataform,tudo-para-ia-mcps-internos-plataform,environment_blocked,blocked,no,694c3906aa8811c3733aa43897cbea602ffe525b,windows-primary,single_hash,exact | exact,1,2 +mesh-receipt-02d7454d0e65,tudo-para-ia-mais-humana-platform,tudo-para-ia-mais-humana,dirty_blocked,blocked,no,,,dirty_tree,exact | exact,3,3 +mesh-receipt-74871925a86b,tudo-para-ia-mcps-internos-plataform,tudo-para-ia-mcps-internos-plataform,environment_blocked,blocked,no,26ddf904aca27526a043634825af07ac85f0a91f,windows-primary,single_hash,exact | exact,1,2 mesh-receipt-ed527f50239e,tudo-para-ia-platform-base,tudo-para-ia-platform-base,dirty_blocked,blocked,no,,,dirty_tree,exact | exact,3,3 mesh-receipt-ce47ac5b1f53,tudo-para-ia-public-platform,tudo-para-ia-public-platform,environment_blocked,blocked,no,7980d3de29ab1432feb8b1fdcc6ad3e06dae8825,windows-primary,single_hash,exact | exact,1,2 mesh-receipt-70e74a566b88,tudo-para-ia-stj-platform,tudo-para-ia-stj-platform,environment_blocked,blocked,no,b83f848f3ef61c83e8abc342066a7cb161b9237c,windows-primary,single_hash,exact | exact,1,2 -mesh-receipt-0da2571a6260,tudo-para-ia-ui-platform,tudo-para-ia-ui-platform,environment_blocked,blocked,no,76c81999d710ab23e438f9017192dd9fd37018af,windows-primary,single_hash,exact | exact,1,2 +mesh-receipt-05048e673989,tudo-para-ia-ui-platform,tudo-para-ia-ui-platform,dirty_blocked,blocked,no,,,dirty_tree,exact | exact,3,3 diff --git a/os-orientadoras/repository-mesh-derived-orders.md b/os-orientadoras/repository-mesh-derived-orders.md index 254744a..798af5f 100644 --- a/os-orientadoras/repository-mesh-derived-orders.md +++ b/os-orientadoras/repository-mesh-derived-orders.md @@ -42,7 +42,21 @@ - `comparar HEAD e status --short` - `registrar pendencias no SQLite semantico` -## 0103_EXECUTIVA__reconciliar-espelho-tudo-para-ia-platform-base +## 0103_EXECUTIVA__reconciliar-espelho-tudo-para-ia-mais-humana + +- tipo: `executiva` +- prioridade: `alta` +- titulo: Reconciliar espelho tudo-para-ia-mais-humana +- finalidade: Garantir que a malha de repositorios preserve a alteracao valida mais recente sem sobrescrever estado local ou remoto. +- objeto: Repositorio `admin/tudo-para-ia-mais-humana`, espelho local `tudo-para-ia-mais-humana`, recibo `mesh-receipt-02d7454d0e65` e plano `dirty_blocked`. +- motivo: alteracoes locais nao commitadas podem ser a versao valida mais recente; ambiente declarado pela OS nao esta acessivel a partir desta sessao; windows-primary possui working tree sujo +- validacoes: + - `python -m mais_humana.cli repo-mesh --fetch` + - `validar que nao houve reset/checkout/clean/pull destrutivo` + - `comparar HEAD e status --short` + - `registrar pendencias no SQLite semantico` + +## 0104_EXECUTIVA__reconciliar-espelho-tudo-para-ia-platform-base - tipo: `executiva` - prioridade: `alta` @@ -56,20 +70,6 @@ - `comparar HEAD e status --short` - `registrar pendencias no SQLite semantico` -## 0104_EXECUTIVA__reconciliar-espelho-tudo-para-ia-business-platform - -- tipo: `executiva` -- prioridade: `alta` -- titulo: Reconciliar espelho tudo-para-ia-business-platform -- finalidade: Garantir que a malha de repositorios preserve a alteracao valida mais recente sem sobrescrever estado local ou remoto. -- objeto: Repositorio `admin/tudo-para-ia-business-platform`, espelho local `tudo-para-ia-business-platform`, recibo `mesh-receipt-7c46b8b7ecec` e plano `environment_blocked`. -- motivo: ambiente declarado pela OS nao esta acessivel a partir desta sessao -- validacoes: - - `python -m mais_humana.cli repo-mesh --fetch` - - `validar que nao houve reset/checkout/clean/pull destrutivo` - - `comparar HEAD e status --short` - - `registrar pendencias no SQLite semantico` - ## 0100_GERENCIAL__governar-sincronizacao-de-tudo-para-ia-finance-platform - tipo: `gerencial` @@ -112,7 +112,21 @@ - `comparar HEAD e status --short` - `registrar pendencias no SQLite semantico` -## 0103_GERENCIAL__governar-sincronizacao-de-tudo-para-ia-platform-base +## 0103_GERENCIAL__governar-sincronizacao-de-tudo-para-ia-mais-humana + +- tipo: `gerencial` +- prioridade: `alta` +- titulo: Governar sincronizacao de tudo-para-ia-mais-humana +- finalidade: Garantir que a malha de repositorios preserve a alteracao valida mais recente sem sobrescrever estado local ou remoto. +- objeto: Repositorio `admin/tudo-para-ia-mais-humana`, espelho local `tudo-para-ia-mais-humana`, recibo `mesh-receipt-02d7454d0e65` e plano `dirty_blocked`. +- motivo: alteracoes locais nao commitadas podem ser a versao valida mais recente; ambiente declarado pela OS nao esta acessivel a partir desta sessao; windows-primary possui working tree sujo +- validacoes: + - `python -m mais_humana.cli repo-mesh --fetch` + - `validar que nao houve reset/checkout/clean/pull destrutivo` + - `comparar HEAD e status --short` + - `registrar pendencias no SQLite semantico` + +## 0104_GERENCIAL__governar-sincronizacao-de-tudo-para-ia-platform-base - tipo: `gerencial` - prioridade: `alta` @@ -125,17 +139,3 @@ - `validar que nao houve reset/checkout/clean/pull destrutivo` - `comparar HEAD e status --short` - `registrar pendencias no SQLite semantico` - -## 0104_GERENCIAL__governar-sincronizacao-de-tudo-para-ia-business-platform - -- tipo: `gerencial` -- prioridade: `alta` -- titulo: Governar sincronizacao de tudo-para-ia-business-platform -- finalidade: Garantir que a malha de repositorios preserve a alteracao valida mais recente sem sobrescrever estado local ou remoto. -- objeto: Repositorio `admin/tudo-para-ia-business-platform`, espelho local `tudo-para-ia-business-platform`, recibo `mesh-receipt-7c46b8b7ecec` e plano `environment_blocked`. -- motivo: ambiente declarado pela OS nao esta acessivel a partir desta sessao -- validacoes: - - `python -m mais_humana.cli repo-mesh --fetch` - - `validar que nao houve reset/checkout/clean/pull destrutivo` - - `comparar HEAD e status --short` - - `registrar pendencias no SQLite semantico` diff --git a/src/mais_humana/cli.py b/src/mais_humana/cli.py index e6182d3..5145693 100644 --- a/src/mais_humana/cli.py +++ b/src/mais_humana/cli.py @@ -264,6 +264,9 @@ def command_repo_mesh(args: argparse.Namespace) -> int: try: for folder_name in ("reports", "indexes", "audit", "status"): (central_for_write / folder_name).mkdir(parents=True, exist_ok=True) + probe_path = central_for_write / "reports" / ".repository_mesh_write_probe.tmp" + probe_path.write_text("repository mesh write probe\n", encoding="utf-8") + probe_path.unlink(missing_ok=True) except OSError as exc: central_write_error = f"{type(exc).__name__}: {exc}" central_for_write = None diff --git a/src/mais_humana/generated_mcp_control_contracts.py b/src/mais_humana/generated_mcp_control_contracts.py index c39ff10..aa2b161 100644 --- a/src/mais_humana/generated_mcp_control_contracts.py +++ b/src/mais_humana/generated_mcp_control_contracts.py @@ -950,6 +950,5141 @@ CONTRACT_0036 = McpControlContract( ) CONTRACT_0037 = McpControlContract( + contract_id='business.administrador_empresa.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Business Platform para Administrador da empresa', + purpose='Expor consulta de Business Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'administrador_empresaNeed', + 'consultaState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.administrador_empresa.consulta', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para business/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para business/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0038 = McpControlContract( + contract_id='business.administrador_empresa.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Business Platform para Administrador da empresa', + purpose='Expor diagnostico de Business Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'administrador_empresaNeed', + 'diagnosticoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.administrador_empresa.diagnostico', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para business/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para business/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0039 = McpControlContract( + contract_id='business.administrador_empresa.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Business Platform para Administrador da empresa', + purpose='Expor acao de Business Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'administrador_empresaNeed', + 'acaoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.administrador_empresa.acao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para business/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para business/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0040 = McpControlContract( + contract_id='business.administrador_empresa.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Business Platform para Administrador da empresa', + purpose='Expor auditoria de Business Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'administrador_empresaNeed', + 'auditoriaState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.administrador_empresa.auditoria', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para business/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para business/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0041 = McpControlContract( + contract_id='business.administrador_empresa.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Business Platform para Administrador da empresa', + purpose='Expor explicacao de Business Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'administrador_empresaNeed', + 'explicacaoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.administrador_empresa.explicacao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para business/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para business/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0042 = McpControlContract( + contract_id='business.ceo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='ceo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Business Platform para CEO', + purpose='Expor consulta de Business Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'ceoNeed', + 'consultaState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.ceo.consulta', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para business/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para business/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0043 = McpControlContract( + contract_id='business.ceo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='ceo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Business Platform para CEO', + purpose='Expor diagnostico de Business Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'ceoNeed', + 'diagnosticoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.ceo.diagnostico', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para business/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para business/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0044 = McpControlContract( + contract_id='business.ceo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='ceo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Business Platform para CEO', + purpose='Expor acao de Business Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'ceoNeed', + 'acaoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.ceo.acao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para business/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para business/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0045 = McpControlContract( + contract_id='business.ceo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='ceo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Business Platform para CEO', + purpose='Expor auditoria de Business Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'ceoNeed', + 'auditoriaState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.ceo.auditoria', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para business/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para business/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0046 = McpControlContract( + contract_id='business.ceo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='ceo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Business Platform para CEO', + purpose='Expor explicacao de Business Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'ceoNeed', + 'explicacaoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.ceo.explicacao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para business/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para business/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0047 = McpControlContract( + contract_id='business.gestor_operacional.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Business Platform para Gestor operacional', + purpose='Expor consulta de Business Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'gestor_operacionalNeed', + 'consultaState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.gestor_operacional.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para business/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para business/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0048 = McpControlContract( + contract_id='business.gestor_operacional.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Business Platform para Gestor operacional', + purpose='Expor diagnostico de Business Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'gestor_operacionalNeed', + 'diagnosticoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.gestor_operacional.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para business/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para business/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0049 = McpControlContract( + contract_id='business.gestor_operacional.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Business Platform para Gestor operacional', + purpose='Expor acao de Business Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'gestor_operacionalNeed', + 'acaoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.gestor_operacional.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para business/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para business/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0050 = McpControlContract( + contract_id='business.gestor_operacional.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Business Platform para Gestor operacional', + purpose='Expor auditoria de Business Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'gestor_operacionalNeed', + 'auditoriaState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.gestor_operacional.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para business/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para business/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0051 = McpControlContract( + contract_id='business.gestor_operacional.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Business Platform para Gestor operacional', + purpose='Expor explicacao de Business Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'gestor_operacionalNeed', + 'explicacaoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.gestor_operacional.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para business/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para business/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0052 = McpControlContract( + contract_id='business.suporte.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='suporte', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Business Platform para Equipe de suporte', + purpose='Expor consulta de Business Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'suporteNeed', + 'consultaState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.suporte.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para business/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para business/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0053 = McpControlContract( + contract_id='business.suporte.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='suporte', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Business Platform para Equipe de suporte', + purpose='Expor diagnostico de Business Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'suporteNeed', + 'diagnosticoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.suporte.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para business/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para business/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0054 = McpControlContract( + contract_id='business.suporte.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='suporte', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Business Platform para Equipe de suporte', + purpose='Expor acao de Business Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'suporteNeed', + 'acaoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.suporte.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para business/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para business/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0055 = McpControlContract( + contract_id='business.suporte.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='suporte', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Business Platform para Equipe de suporte', + purpose='Expor auditoria de Business Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'suporteNeed', + 'auditoriaState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.suporte.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para business/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para business/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0056 = McpControlContract( + contract_id='business.suporte.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='suporte', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Business Platform para Equipe de suporte', + purpose='Expor explicacao de Business Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'suporteNeed', + 'explicacaoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.suporte.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para business/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para business/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0057 = McpControlContract( + contract_id='business.atendimento_cliente.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Business Platform para Atendimento ao cliente', + purpose='Expor consulta de Business Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'atendimento_clienteNeed', + 'consultaState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.atendimento_cliente.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para business/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para business/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0058 = McpControlContract( + contract_id='business.atendimento_cliente.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Business Platform para Atendimento ao cliente', + purpose='Expor diagnostico de Business Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'atendimento_clienteNeed', + 'diagnosticoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.atendimento_cliente.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para business/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para business/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0059 = McpControlContract( + contract_id='business.atendimento_cliente.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Business Platform para Atendimento ao cliente', + purpose='Expor acao de Business Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'atendimento_clienteNeed', + 'acaoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.atendimento_cliente.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para business/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para business/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0060 = McpControlContract( + contract_id='business.atendimento_cliente.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Business Platform para Atendimento ao cliente', + purpose='Expor auditoria de Business Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'atendimento_clienteNeed', + 'auditoriaState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.atendimento_cliente.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para business/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para business/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0061 = McpControlContract( + contract_id='business.atendimento_cliente.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Business Platform para Atendimento ao cliente', + purpose='Expor explicacao de Business Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'atendimento_clienteNeed', + 'explicacaoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.atendimento_cliente.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para business/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para business/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0062 = McpControlContract( + contract_id='business.financeiro.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='financeiro', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Business Platform para Financeiro', + purpose='Expor consulta de Business Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'financeiroNeed', + 'consultaState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.financeiro.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para business/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para business/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0063 = McpControlContract( + contract_id='business.financeiro.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='financeiro', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Business Platform para Financeiro', + purpose='Expor diagnostico de Business Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'financeiroNeed', + 'diagnosticoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.financeiro.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para business/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para business/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0064 = McpControlContract( + contract_id='business.financeiro.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='financeiro', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Business Platform para Financeiro', + purpose='Expor acao de Business Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'financeiroNeed', + 'acaoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.financeiro.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para business/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para business/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0065 = McpControlContract( + contract_id='business.financeiro.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='financeiro', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Business Platform para Financeiro', + purpose='Expor auditoria de Business Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'financeiroNeed', + 'auditoriaState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.financeiro.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para business/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para business/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0066 = McpControlContract( + contract_id='business.financeiro.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='financeiro', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Business Platform para Financeiro', + purpose='Expor explicacao de Business Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'financeiroNeed', + 'explicacaoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.financeiro.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para business/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para business/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0067 = McpControlContract( + contract_id='business.contador.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='contador', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Business Platform para Contador', + purpose='Expor consulta de Business Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'contadorNeed', + 'consultaState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.contador.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para business/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para business/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0068 = McpControlContract( + contract_id='business.contador.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='contador', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Business Platform para Contador', + purpose='Expor diagnostico de Business Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'contadorNeed', + 'diagnosticoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.contador.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para business/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para business/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0069 = McpControlContract( + contract_id='business.contador.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='contador', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Business Platform para Contador', + purpose='Expor acao de Business Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'contadorNeed', + 'acaoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.contador.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para business/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para business/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0070 = McpControlContract( + contract_id='business.contador.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='contador', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Business Platform para Contador', + purpose='Expor auditoria de Business Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'contadorNeed', + 'auditoriaState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.contador.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para business/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para business/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0071 = McpControlContract( + contract_id='business.contador.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='contador', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Business Platform para Contador', + purpose='Expor explicacao de Business Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'contadorNeed', + 'explicacaoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.contador.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para business/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para business/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0072 = McpControlContract( + contract_id='business.juridico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='juridico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Business Platform para Juridico', + purpose='Expor consulta de Business Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'juridicoNeed', + 'consultaState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.juridico.consulta', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para business/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para business/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0073 = McpControlContract( + contract_id='business.juridico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='juridico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Business Platform para Juridico', + purpose='Expor diagnostico de Business Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'juridicoNeed', + 'diagnosticoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.juridico.diagnostico', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para business/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para business/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0074 = McpControlContract( + contract_id='business.juridico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='juridico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Business Platform para Juridico', + purpose='Expor acao de Business Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'juridicoNeed', + 'acaoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.juridico.acao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para business/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para business/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0075 = McpControlContract( + contract_id='business.juridico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='juridico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Business Platform para Juridico', + purpose='Expor auditoria de Business Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'juridicoNeed', + 'auditoriaState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.juridico.auditoria', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para business/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para business/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0076 = McpControlContract( + contract_id='business.juridico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='juridico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Business Platform para Juridico', + purpose='Expor explicacao de Business Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'juridicoNeed', + 'explicacaoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.juridico.explicacao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para business/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para business/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0077 = McpControlContract( + contract_id='business.secretaria.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='secretaria', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Business Platform para Secretaria', + purpose='Expor consulta de Business Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'secretariaNeed', + 'consultaState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.secretaria.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para business/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para business/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0078 = McpControlContract( + contract_id='business.secretaria.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='secretaria', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Business Platform para Secretaria', + purpose='Expor diagnostico de Business Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'secretariaNeed', + 'diagnosticoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.secretaria.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para business/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para business/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0079 = McpControlContract( + contract_id='business.secretaria.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='secretaria', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Business Platform para Secretaria', + purpose='Expor acao de Business Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'secretariaNeed', + 'acaoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.secretaria.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para business/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para business/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0080 = McpControlContract( + contract_id='business.secretaria.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='secretaria', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Business Platform para Secretaria', + purpose='Expor auditoria de Business Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'secretariaNeed', + 'auditoriaState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.secretaria.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para business/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para business/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0081 = McpControlContract( + contract_id='business.secretaria.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='secretaria', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Business Platform para Secretaria', + purpose='Expor explicacao de Business Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'secretariaNeed', + 'explicacaoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.secretaria.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para business/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para business/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0082 = McpControlContract( + contract_id='business.tecnico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='tecnico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Business Platform para Tecnico', + purpose='Expor consulta de Business Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'tecnicoNeed', + 'consultaState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.tecnico.consulta', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para business/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para business/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0083 = McpControlContract( + contract_id='business.tecnico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='tecnico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Business Platform para Tecnico', + purpose='Expor diagnostico de Business Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'tecnicoNeed', + 'diagnosticoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.tecnico.diagnostico', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para business/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para business/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0084 = McpControlContract( + contract_id='business.tecnico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='tecnico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Business Platform para Tecnico', + purpose='Expor acao de Business Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'tecnicoNeed', + 'acaoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.tecnico.acao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para business/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para business/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0085 = McpControlContract( + contract_id='business.tecnico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='tecnico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Business Platform para Tecnico', + purpose='Expor auditoria de Business Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'tecnicoNeed', + 'auditoriaState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.tecnico.auditoria', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para business/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para business/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0086 = McpControlContract( + contract_id='business.tecnico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='tecnico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Business Platform para Tecnico', + purpose='Expor explicacao de Business Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'tecnicoNeed', + 'explicacaoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.tecnico.explicacao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para business/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para business/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0087 = McpControlContract( + contract_id='business.usuario_final.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='usuario_final', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Business Platform para Usuario final', + purpose='Expor consulta de Business Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'usuario_finalNeed', + 'consultaState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.usuario_final.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para business/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para business/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0088 = McpControlContract( + contract_id='business.usuario_final.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='usuario_final', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Business Platform para Usuario final', + purpose='Expor diagnostico de Business Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'usuario_finalNeed', + 'diagnosticoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.usuario_final.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para business/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para business/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0089 = McpControlContract( + contract_id='business.usuario_final.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='usuario_final', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Business Platform para Usuario final', + purpose='Expor acao de Business Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'usuario_finalNeed', + 'acaoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.usuario_final.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para business/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para business/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0090 = McpControlContract( + contract_id='business.usuario_final.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='usuario_final', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Business Platform para Usuario final', + purpose='Expor auditoria de Business Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'usuario_finalNeed', + 'auditoriaState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.usuario_final.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para business/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para business/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0091 = McpControlContract( + contract_id='business.usuario_final.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='usuario_final', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Business Platform para Usuario final', + purpose='Expor explicacao de Business Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'usuario_finalNeed', + 'explicacaoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.usuario_final.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para business/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para business/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0092 = McpControlContract( + contract_id='business.cliente_externo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='cliente_externo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Business Platform para Cliente externo', + purpose='Expor consulta de Business Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'cliente_externoNeed', + 'consultaState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.cliente_externo.consulta', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para business/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para business/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0093 = McpControlContract( + contract_id='business.cliente_externo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='cliente_externo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Business Platform para Cliente externo', + purpose='Expor diagnostico de Business Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'cliente_externoNeed', + 'diagnosticoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.cliente_externo.diagnostico', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para business/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para business/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0094 = McpControlContract( + contract_id='business.cliente_externo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='cliente_externo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Business Platform para Cliente externo', + purpose='Expor acao de Business Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'cliente_externoNeed', + 'acaoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.cliente_externo.acao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para business/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para business/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0095 = McpControlContract( + contract_id='business.cliente_externo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='cliente_externo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Business Platform para Cliente externo', + purpose='Expor auditoria de Business Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'cliente_externoNeed', + 'auditoriaState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.cliente_externo.auditoria', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para business/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para business/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0096 = McpControlContract( + contract_id='business.cliente_externo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='cliente_externo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Business Platform para Cliente externo', + purpose='Expor explicacao de Business Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'cliente_externoNeed', + 'explicacaoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.cliente_externo.explicacao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para business/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para business/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0097 = McpControlContract( + contract_id='business.planejamento_estrategico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Business Platform para Planejamento estrategico', + purpose='Expor consulta de Business Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'planejamento_estrategicoNeed', + 'consultaState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.planejamento_estrategico.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para business/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para business/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0098 = McpControlContract( + contract_id='business.planejamento_estrategico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Business Platform para Planejamento estrategico', + purpose='Expor diagnostico de Business Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'planejamento_estrategicoNeed', + 'diagnosticoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.planejamento_estrategico.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para business/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para business/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0099 = McpControlContract( + contract_id='business.planejamento_estrategico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Business Platform para Planejamento estrategico', + purpose='Expor acao de Business Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'planejamento_estrategicoNeed', + 'acaoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.planejamento_estrategico.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para business/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para business/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0100 = McpControlContract( + contract_id='business.planejamento_estrategico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Business Platform para Planejamento estrategico', + purpose='Expor auditoria de Business Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'planejamento_estrategicoNeed', + 'auditoriaState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.planejamento_estrategico.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para business/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para business/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0101 = McpControlContract( + contract_id='business.planejamento_estrategico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='business', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Business Platform para Planejamento estrategico', + purpose='Expor explicacao de Business Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'businessStatus', + 'planejamento_estrategicoNeed', + 'explicacaoState', + 'commercialGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.business.planejamento_estrategico.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider business via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para business/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para business/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0102 = McpControlContract( contract_id='business.credentialref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='business', @@ -975,7 +6110,7 @@ CONTRACT_0037 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0038 = McpControlContract( +CONTRACT_0103 = McpControlContract( contract_id='business.tokenref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='business', @@ -1001,7 +6136,7 @@ CONTRACT_0038 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0039 = McpControlContract( +CONTRACT_0104 = McpControlContract( contract_id='business.secretref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='business', @@ -1027,7 +6162,7 @@ CONTRACT_0039 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0040 = McpControlContract( +CONTRACT_0105 = McpControlContract( contract_id='business.cfat.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='business', @@ -1053,7 +6188,7 @@ CONTRACT_0040 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0041 = McpControlContract( +CONTRACT_0106 = McpControlContract( contract_id='business.administrador_empresa.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -1122,7 +6257,7 @@ CONTRACT_0041 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0042 = McpControlContract( +CONTRACT_0107 = McpControlContract( contract_id='business.administrador_empresa.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -1191,7 +6326,7 @@ CONTRACT_0042 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0043 = McpControlContract( +CONTRACT_0108 = McpControlContract( contract_id='business.administrador_empresa.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -1260,7 +6395,7 @@ CONTRACT_0043 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0044 = McpControlContract( +CONTRACT_0109 = McpControlContract( contract_id='business.ceo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -1329,7 +6464,7 @@ CONTRACT_0044 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0045 = McpControlContract( +CONTRACT_0110 = McpControlContract( contract_id='business.ceo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -1398,7 +6533,7 @@ CONTRACT_0045 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0046 = McpControlContract( +CONTRACT_0111 = McpControlContract( contract_id='business.ceo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -1467,7 +6602,7 @@ CONTRACT_0046 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0047 = McpControlContract( +CONTRACT_0112 = McpControlContract( contract_id='business.gestor_operacional.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -1536,7 +6671,7 @@ CONTRACT_0047 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0048 = McpControlContract( +CONTRACT_0113 = McpControlContract( contract_id='business.gestor_operacional.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -1605,7 +6740,7 @@ CONTRACT_0048 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0049 = McpControlContract( +CONTRACT_0114 = McpControlContract( contract_id='business.gestor_operacional.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -1674,7 +6809,7 @@ CONTRACT_0049 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0050 = McpControlContract( +CONTRACT_0115 = McpControlContract( contract_id='business.suporte.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -1743,7 +6878,7 @@ CONTRACT_0050 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0051 = McpControlContract( +CONTRACT_0116 = McpControlContract( contract_id='business.suporte.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -1812,7 +6947,7 @@ CONTRACT_0051 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0052 = McpControlContract( +CONTRACT_0117 = McpControlContract( contract_id='business.suporte.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -1881,7 +7016,7 @@ CONTRACT_0052 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0053 = McpControlContract( +CONTRACT_0118 = McpControlContract( contract_id='business.atendimento_cliente.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -1950,7 +7085,7 @@ CONTRACT_0053 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0054 = McpControlContract( +CONTRACT_0119 = McpControlContract( contract_id='business.atendimento_cliente.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -2019,7 +7154,7 @@ CONTRACT_0054 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0055 = McpControlContract( +CONTRACT_0120 = McpControlContract( contract_id='business.atendimento_cliente.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -2088,7 +7223,7 @@ CONTRACT_0055 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0056 = McpControlContract( +CONTRACT_0121 = McpControlContract( contract_id='business.financeiro.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -2157,7 +7292,7 @@ CONTRACT_0056 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0057 = McpControlContract( +CONTRACT_0122 = McpControlContract( contract_id='business.financeiro.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -2226,7 +7361,7 @@ CONTRACT_0057 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0058 = McpControlContract( +CONTRACT_0123 = McpControlContract( contract_id='business.financeiro.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -2295,7 +7430,7 @@ CONTRACT_0058 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0059 = McpControlContract( +CONTRACT_0124 = McpControlContract( contract_id='business.contador.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -2364,7 +7499,7 @@ CONTRACT_0059 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0060 = McpControlContract( +CONTRACT_0125 = McpControlContract( contract_id='business.contador.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -2433,7 +7568,7 @@ CONTRACT_0060 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0061 = McpControlContract( +CONTRACT_0126 = McpControlContract( contract_id='business.contador.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -2502,7 +7637,7 @@ CONTRACT_0061 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0062 = McpControlContract( +CONTRACT_0127 = McpControlContract( contract_id='business.juridico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -2571,7 +7706,7 @@ CONTRACT_0062 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0063 = McpControlContract( +CONTRACT_0128 = McpControlContract( contract_id='business.juridico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -2640,7 +7775,7 @@ CONTRACT_0063 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0064 = McpControlContract( +CONTRACT_0129 = McpControlContract( contract_id='business.juridico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -2709,7 +7844,7 @@ CONTRACT_0064 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0065 = McpControlContract( +CONTRACT_0130 = McpControlContract( contract_id='business.secretaria.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -2778,7 +7913,7 @@ CONTRACT_0065 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0066 = McpControlContract( +CONTRACT_0131 = McpControlContract( contract_id='business.secretaria.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -2847,7 +7982,7 @@ CONTRACT_0066 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0067 = McpControlContract( +CONTRACT_0132 = McpControlContract( contract_id='business.secretaria.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -2916,7 +8051,7 @@ CONTRACT_0067 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0068 = McpControlContract( +CONTRACT_0133 = McpControlContract( contract_id='business.tecnico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -2985,7 +8120,7 @@ CONTRACT_0068 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0069 = McpControlContract( +CONTRACT_0134 = McpControlContract( contract_id='business.tecnico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -3054,7 +8189,7 @@ CONTRACT_0069 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0070 = McpControlContract( +CONTRACT_0135 = McpControlContract( contract_id='business.tecnico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -3123,7 +8258,7 @@ CONTRACT_0070 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0071 = McpControlContract( +CONTRACT_0136 = McpControlContract( contract_id='business.usuario_final.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -3192,7 +8327,7 @@ CONTRACT_0071 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0072 = McpControlContract( +CONTRACT_0137 = McpControlContract( contract_id='business.usuario_final.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -3261,7 +8396,7 @@ CONTRACT_0072 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0073 = McpControlContract( +CONTRACT_0138 = McpControlContract( contract_id='business.usuario_final.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -3330,7 +8465,7 @@ CONTRACT_0073 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0074 = McpControlContract( +CONTRACT_0139 = McpControlContract( contract_id='business.cliente_externo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -3399,7 +8534,7 @@ CONTRACT_0074 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0075 = McpControlContract( +CONTRACT_0140 = McpControlContract( contract_id='business.cliente_externo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -3468,7 +8603,7 @@ CONTRACT_0075 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0076 = McpControlContract( +CONTRACT_0141 = McpControlContract( contract_id='business.cliente_externo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -3537,7 +8672,7 @@ CONTRACT_0076 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0077 = McpControlContract( +CONTRACT_0142 = McpControlContract( contract_id='business.planejamento_estrategico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -3606,7 +8741,7 @@ CONTRACT_0077 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0078 = McpControlContract( +CONTRACT_0143 = McpControlContract( contract_id='business.planejamento_estrategico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -3675,7 +8810,7 @@ CONTRACT_0078 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0079 = McpControlContract( +CONTRACT_0144 = McpControlContract( contract_id='business.planejamento_estrategico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='business', @@ -3744,7 +8879,7 @@ CONTRACT_0079 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0080 = McpControlContract( +CONTRACT_0145 = McpControlContract( contract_id='compliance.administrador_empresa.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='compliance', @@ -3770,7 +8905,7 @@ CONTRACT_0080 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0081 = McpControlContract( +CONTRACT_0146 = McpControlContract( contract_id='compliance.ceo.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='compliance', @@ -3796,7 +8931,7 @@ CONTRACT_0081 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0082 = McpControlContract( +CONTRACT_0147 = McpControlContract( contract_id='compliance.gestor_operacional.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='compliance', @@ -3822,7 +8957,7 @@ CONTRACT_0082 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0083 = McpControlContract( +CONTRACT_0148 = McpControlContract( contract_id='compliance.suporte.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='compliance', @@ -3848,7 +8983,7 @@ CONTRACT_0083 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0084 = McpControlContract( +CONTRACT_0149 = McpControlContract( contract_id='compliance.atendimento_cliente.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='compliance', @@ -3874,7 +9009,7 @@ CONTRACT_0084 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0085 = McpControlContract( +CONTRACT_0150 = McpControlContract( contract_id='compliance.financeiro.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='compliance', @@ -3900,7 +9035,7 @@ CONTRACT_0085 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0086 = McpControlContract( +CONTRACT_0151 = McpControlContract( contract_id='compliance.contador.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='compliance', @@ -3926,7 +9061,7 @@ CONTRACT_0086 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0087 = McpControlContract( +CONTRACT_0152 = McpControlContract( contract_id='compliance.juridico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='compliance', @@ -3952,7 +9087,7 @@ CONTRACT_0087 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0088 = McpControlContract( +CONTRACT_0153 = McpControlContract( contract_id='compliance.secretaria.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='compliance', @@ -3978,7 +9113,7 @@ CONTRACT_0088 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0089 = McpControlContract( +CONTRACT_0154 = McpControlContract( contract_id='compliance.tecnico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='compliance', @@ -4004,7 +9139,7 @@ CONTRACT_0089 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0090 = McpControlContract( +CONTRACT_0155 = McpControlContract( contract_id='compliance.usuario_final.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='compliance', @@ -4030,7 +9165,7 @@ CONTRACT_0090 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0091 = McpControlContract( +CONTRACT_0156 = McpControlContract( contract_id='compliance.cliente_externo.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='compliance', @@ -4056,7 +9191,7 @@ CONTRACT_0091 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0092 = McpControlContract( +CONTRACT_0157 = McpControlContract( contract_id='compliance.planejamento_estrategico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='compliance', @@ -4082,7 +9217,7 @@ CONTRACT_0092 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0093 = McpControlContract( +CONTRACT_0158 = McpControlContract( contract_id='compliance.administrador_empresa.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='compliance', @@ -4108,7 +9243,7 @@ CONTRACT_0093 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0094 = McpControlContract( +CONTRACT_0159 = McpControlContract( contract_id='compliance.ceo.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='compliance', @@ -4134,7 +9269,7 @@ CONTRACT_0094 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0095 = McpControlContract( +CONTRACT_0160 = McpControlContract( contract_id='compliance.gestor_operacional.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='compliance', @@ -4160,7 +9295,7 @@ CONTRACT_0095 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0096 = McpControlContract( +CONTRACT_0161 = McpControlContract( contract_id='compliance.suporte.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='compliance', @@ -4186,7 +9321,7 @@ CONTRACT_0096 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0097 = McpControlContract( +CONTRACT_0162 = McpControlContract( contract_id='compliance.atendimento_cliente.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='compliance', @@ -4212,7 +9347,7 @@ CONTRACT_0097 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0098 = McpControlContract( +CONTRACT_0163 = McpControlContract( contract_id='compliance.financeiro.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='compliance', @@ -4238,7 +9373,7 @@ CONTRACT_0098 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0099 = McpControlContract( +CONTRACT_0164 = McpControlContract( contract_id='compliance.contador.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='compliance', @@ -4264,7 +9399,7 @@ CONTRACT_0099 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0100 = McpControlContract( +CONTRACT_0165 = McpControlContract( contract_id='compliance.juridico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='compliance', @@ -4290,7 +9425,7 @@ CONTRACT_0100 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0101 = McpControlContract( +CONTRACT_0166 = McpControlContract( contract_id='compliance.secretaria.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='compliance', @@ -4316,7 +9451,7 @@ CONTRACT_0101 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0102 = McpControlContract( +CONTRACT_0167 = McpControlContract( contract_id='compliance.tecnico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='compliance', @@ -4342,7 +9477,7 @@ CONTRACT_0102 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0103 = McpControlContract( +CONTRACT_0168 = McpControlContract( contract_id='compliance.usuario_final.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='compliance', @@ -4368,7 +9503,7 @@ CONTRACT_0103 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0104 = McpControlContract( +CONTRACT_0169 = McpControlContract( contract_id='compliance.cliente_externo.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='compliance', @@ -4394,7 +9529,7 @@ CONTRACT_0104 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0105 = McpControlContract( +CONTRACT_0170 = McpControlContract( contract_id='compliance.planejamento_estrategico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='compliance', @@ -4420,7 +9555,7 @@ CONTRACT_0105 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0106 = McpControlContract( +CONTRACT_0171 = McpControlContract( contract_id='compliance.privacy.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='compliance', @@ -4446,7 +9581,7 @@ CONTRACT_0106 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0107 = McpControlContract( +CONTRACT_0172 = McpControlContract( contract_id='compliance.risk.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='compliance', @@ -4472,7 +9607,7 @@ CONTRACT_0107 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0108 = McpControlContract( +CONTRACT_0173 = McpControlContract( contract_id='compliance.audit.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='compliance', @@ -4498,7 +9633,7 @@ CONTRACT_0108 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0109 = McpControlContract( +CONTRACT_0174 = McpControlContract( contract_id='compliance.consent.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='compliance', @@ -4524,7 +9659,7 @@ CONTRACT_0109 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0110 = McpControlContract( +CONTRACT_0175 = McpControlContract( contract_id='compliance.retention.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='compliance', @@ -4550,7 +9685,7 @@ CONTRACT_0110 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0111 = McpControlContract( +CONTRACT_0176 = McpControlContract( contract_id='compliance.consulta.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='compliance', @@ -4576,7 +9711,7 @@ CONTRACT_0111 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0112 = McpControlContract( +CONTRACT_0177 = McpControlContract( contract_id='compliance.diagnostico.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='compliance', @@ -4602,7 +9737,7 @@ CONTRACT_0112 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0113 = McpControlContract( +CONTRACT_0178 = McpControlContract( contract_id='compliance.acao.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='compliance', @@ -4628,7 +9763,7 @@ CONTRACT_0113 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0114 = McpControlContract( +CONTRACT_0179 = McpControlContract( contract_id='compliance.auditoria.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='compliance', @@ -4654,7 +9789,7 @@ CONTRACT_0114 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0115 = McpControlContract( +CONTRACT_0180 = McpControlContract( contract_id='compliance.explicacao.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='compliance', @@ -4680,7 +9815,5142 @@ CONTRACT_0115 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0116 = McpControlContract( +CONTRACT_0181 = McpControlContract( + contract_id='compliance.administrador_empresa.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Compliance Platform para Administrador da empresa', + purpose='Expor consulta de Compliance Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'administrador_empresaNeed', + 'consultaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.administrador_empresa.consulta', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para compliance/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para compliance/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0182 = McpControlContract( + contract_id='compliance.administrador_empresa.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Compliance Platform para Administrador da empresa', + purpose='Expor diagnostico de Compliance Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'administrador_empresaNeed', + 'diagnosticoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.administrador_empresa.diagnostico', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para compliance/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para compliance/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0183 = McpControlContract( + contract_id='compliance.administrador_empresa.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Compliance Platform para Administrador da empresa', + purpose='Expor acao de Compliance Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'administrador_empresaNeed', + 'acaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.administrador_empresa.acao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para compliance/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para compliance/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0184 = McpControlContract( + contract_id='compliance.administrador_empresa.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Compliance Platform para Administrador da empresa', + purpose='Expor auditoria de Compliance Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'administrador_empresaNeed', + 'auditoriaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.administrador_empresa.auditoria', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para compliance/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para compliance/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0185 = McpControlContract( + contract_id='compliance.administrador_empresa.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Compliance Platform para Administrador da empresa', + purpose='Expor explicacao de Compliance Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'administrador_empresaNeed', + 'explicacaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.administrador_empresa.explicacao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para compliance/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para compliance/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0186 = McpControlContract( + contract_id='compliance.ceo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='ceo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Compliance Platform para CEO', + purpose='Expor consulta de Compliance Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'ceoNeed', + 'consultaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.ceo.consulta', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para compliance/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para compliance/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0187 = McpControlContract( + contract_id='compliance.ceo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='ceo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Compliance Platform para CEO', + purpose='Expor diagnostico de Compliance Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'ceoNeed', + 'diagnosticoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.ceo.diagnostico', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para compliance/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para compliance/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0188 = McpControlContract( + contract_id='compliance.ceo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='ceo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Compliance Platform para CEO', + purpose='Expor acao de Compliance Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'ceoNeed', + 'acaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.ceo.acao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para compliance/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para compliance/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0189 = McpControlContract( + contract_id='compliance.ceo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='ceo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Compliance Platform para CEO', + purpose='Expor auditoria de Compliance Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'ceoNeed', + 'auditoriaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.ceo.auditoria', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para compliance/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para compliance/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0190 = McpControlContract( + contract_id='compliance.ceo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='ceo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Compliance Platform para CEO', + purpose='Expor explicacao de Compliance Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'ceoNeed', + 'explicacaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.ceo.explicacao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para compliance/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para compliance/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0191 = McpControlContract( + contract_id='compliance.gestor_operacional.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Compliance Platform para Gestor operacional', + purpose='Expor consulta de Compliance Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'gestor_operacionalNeed', + 'consultaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.gestor_operacional.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para compliance/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para compliance/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0192 = McpControlContract( + contract_id='compliance.gestor_operacional.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Compliance Platform para Gestor operacional', + purpose='Expor diagnostico de Compliance Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'gestor_operacionalNeed', + 'diagnosticoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.gestor_operacional.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para compliance/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para compliance/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0193 = McpControlContract( + contract_id='compliance.gestor_operacional.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Compliance Platform para Gestor operacional', + purpose='Expor acao de Compliance Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'gestor_operacionalNeed', + 'acaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.gestor_operacional.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para compliance/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para compliance/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0194 = McpControlContract( + contract_id='compliance.gestor_operacional.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Compliance Platform para Gestor operacional', + purpose='Expor auditoria de Compliance Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'gestor_operacionalNeed', + 'auditoriaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.gestor_operacional.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para compliance/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para compliance/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0195 = McpControlContract( + contract_id='compliance.gestor_operacional.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Compliance Platform para Gestor operacional', + purpose='Expor explicacao de Compliance Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'gestor_operacionalNeed', + 'explicacaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.gestor_operacional.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para compliance/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para compliance/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0196 = McpControlContract( + contract_id='compliance.suporte.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='suporte', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Compliance Platform para Equipe de suporte', + purpose='Expor consulta de Compliance Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'suporteNeed', + 'consultaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.suporte.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para compliance/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para compliance/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0197 = McpControlContract( + contract_id='compliance.suporte.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='suporte', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Compliance Platform para Equipe de suporte', + purpose='Expor diagnostico de Compliance Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'suporteNeed', + 'diagnosticoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.suporte.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para compliance/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para compliance/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0198 = McpControlContract( + contract_id='compliance.suporte.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='suporte', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Compliance Platform para Equipe de suporte', + purpose='Expor acao de Compliance Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'suporteNeed', + 'acaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.suporte.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para compliance/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para compliance/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0199 = McpControlContract( + contract_id='compliance.suporte.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='suporte', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Compliance Platform para Equipe de suporte', + purpose='Expor auditoria de Compliance Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'suporteNeed', + 'auditoriaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.suporte.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para compliance/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para compliance/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0200 = McpControlContract( + contract_id='compliance.suporte.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='suporte', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Compliance Platform para Equipe de suporte', + purpose='Expor explicacao de Compliance Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'suporteNeed', + 'explicacaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.suporte.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para compliance/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para compliance/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0201 = McpControlContract( + contract_id='compliance.atendimento_cliente.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Compliance Platform para Atendimento ao cliente', + purpose='Expor consulta de Compliance Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'atendimento_clienteNeed', + 'consultaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.atendimento_cliente.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para compliance/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para compliance/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0202 = McpControlContract( + contract_id='compliance.atendimento_cliente.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Compliance Platform para Atendimento ao cliente', + purpose='Expor diagnostico de Compliance Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'atendimento_clienteNeed', + 'diagnosticoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.atendimento_cliente.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para compliance/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para compliance/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0203 = McpControlContract( + contract_id='compliance.atendimento_cliente.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Compliance Platform para Atendimento ao cliente', + purpose='Expor acao de Compliance Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'atendimento_clienteNeed', + 'acaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.atendimento_cliente.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para compliance/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para compliance/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0204 = McpControlContract( + contract_id='compliance.atendimento_cliente.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Compliance Platform para Atendimento ao cliente', + purpose='Expor auditoria de Compliance Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'atendimento_clienteNeed', + 'auditoriaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.atendimento_cliente.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para compliance/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para compliance/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0205 = McpControlContract( + contract_id='compliance.atendimento_cliente.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Compliance Platform para Atendimento ao cliente', + purpose='Expor explicacao de Compliance Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'atendimento_clienteNeed', + 'explicacaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.atendimento_cliente.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para compliance/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para compliance/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0206 = McpControlContract( + contract_id='compliance.financeiro.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='financeiro', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Compliance Platform para Financeiro', + purpose='Expor consulta de Compliance Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'financeiroNeed', + 'consultaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.financeiro.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para compliance/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para compliance/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0207 = McpControlContract( + contract_id='compliance.financeiro.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='financeiro', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Compliance Platform para Financeiro', + purpose='Expor diagnostico de Compliance Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'financeiroNeed', + 'diagnosticoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.financeiro.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para compliance/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para compliance/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0208 = McpControlContract( + contract_id='compliance.financeiro.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='financeiro', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Compliance Platform para Financeiro', + purpose='Expor acao de Compliance Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'financeiroNeed', + 'acaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.financeiro.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para compliance/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para compliance/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0209 = McpControlContract( + contract_id='compliance.financeiro.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='financeiro', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Compliance Platform para Financeiro', + purpose='Expor auditoria de Compliance Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'financeiroNeed', + 'auditoriaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.financeiro.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para compliance/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para compliance/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0210 = McpControlContract( + contract_id='compliance.financeiro.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='financeiro', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Compliance Platform para Financeiro', + purpose='Expor explicacao de Compliance Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'financeiroNeed', + 'explicacaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.financeiro.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para compliance/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para compliance/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0211 = McpControlContract( + contract_id='compliance.contador.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='contador', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Compliance Platform para Contador', + purpose='Expor consulta de Compliance Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'contadorNeed', + 'consultaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.contador.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para compliance/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para compliance/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0212 = McpControlContract( + contract_id='compliance.contador.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='contador', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Compliance Platform para Contador', + purpose='Expor diagnostico de Compliance Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'contadorNeed', + 'diagnosticoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.contador.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para compliance/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para compliance/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0213 = McpControlContract( + contract_id='compliance.contador.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='contador', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Compliance Platform para Contador', + purpose='Expor acao de Compliance Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'contadorNeed', + 'acaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.contador.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para compliance/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para compliance/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0214 = McpControlContract( + contract_id='compliance.contador.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='contador', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Compliance Platform para Contador', + purpose='Expor auditoria de Compliance Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'contadorNeed', + 'auditoriaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.contador.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para compliance/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para compliance/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0215 = McpControlContract( + contract_id='compliance.contador.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='contador', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Compliance Platform para Contador', + purpose='Expor explicacao de Compliance Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'contadorNeed', + 'explicacaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.contador.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para compliance/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para compliance/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0216 = McpControlContract( + contract_id='compliance.juridico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='juridico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Compliance Platform para Juridico', + purpose='Expor consulta de Compliance Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'juridicoNeed', + 'consultaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.juridico.consulta', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para compliance/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para compliance/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0217 = McpControlContract( + contract_id='compliance.juridico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='juridico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Compliance Platform para Juridico', + purpose='Expor diagnostico de Compliance Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'juridicoNeed', + 'diagnosticoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.juridico.diagnostico', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para compliance/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para compliance/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0218 = McpControlContract( + contract_id='compliance.juridico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='juridico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Compliance Platform para Juridico', + purpose='Expor acao de Compliance Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'juridicoNeed', + 'acaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.juridico.acao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para compliance/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para compliance/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0219 = McpControlContract( + contract_id='compliance.juridico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='juridico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Compliance Platform para Juridico', + purpose='Expor auditoria de Compliance Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'juridicoNeed', + 'auditoriaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.juridico.auditoria', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para compliance/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para compliance/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0220 = McpControlContract( + contract_id='compliance.juridico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='juridico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Compliance Platform para Juridico', + purpose='Expor explicacao de Compliance Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'juridicoNeed', + 'explicacaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.juridico.explicacao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para compliance/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para compliance/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0221 = McpControlContract( + contract_id='compliance.secretaria.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='secretaria', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Compliance Platform para Secretaria', + purpose='Expor consulta de Compliance Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'secretariaNeed', + 'consultaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.secretaria.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para compliance/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para compliance/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0222 = McpControlContract( + contract_id='compliance.secretaria.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='secretaria', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Compliance Platform para Secretaria', + purpose='Expor diagnostico de Compliance Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'secretariaNeed', + 'diagnosticoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.secretaria.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para compliance/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para compliance/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0223 = McpControlContract( + contract_id='compliance.secretaria.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='secretaria', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Compliance Platform para Secretaria', + purpose='Expor acao de Compliance Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'secretariaNeed', + 'acaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.secretaria.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para compliance/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para compliance/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0224 = McpControlContract( + contract_id='compliance.secretaria.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='secretaria', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Compliance Platform para Secretaria', + purpose='Expor auditoria de Compliance Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'secretariaNeed', + 'auditoriaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.secretaria.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para compliance/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para compliance/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0225 = McpControlContract( + contract_id='compliance.secretaria.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='secretaria', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Compliance Platform para Secretaria', + purpose='Expor explicacao de Compliance Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'secretariaNeed', + 'explicacaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.secretaria.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para compliance/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para compliance/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0226 = McpControlContract( + contract_id='compliance.tecnico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='tecnico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Compliance Platform para Tecnico', + purpose='Expor consulta de Compliance Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'tecnicoNeed', + 'consultaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.tecnico.consulta', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para compliance/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para compliance/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0227 = McpControlContract( + contract_id='compliance.tecnico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='tecnico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Compliance Platform para Tecnico', + purpose='Expor diagnostico de Compliance Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'tecnicoNeed', + 'diagnosticoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.tecnico.diagnostico', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para compliance/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para compliance/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0228 = McpControlContract( + contract_id='compliance.tecnico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='tecnico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Compliance Platform para Tecnico', + purpose='Expor acao de Compliance Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'tecnicoNeed', + 'acaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.tecnico.acao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para compliance/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para compliance/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0229 = McpControlContract( + contract_id='compliance.tecnico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='tecnico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Compliance Platform para Tecnico', + purpose='Expor auditoria de Compliance Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'tecnicoNeed', + 'auditoriaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.tecnico.auditoria', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para compliance/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para compliance/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0230 = McpControlContract( + contract_id='compliance.tecnico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='tecnico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Compliance Platform para Tecnico', + purpose='Expor explicacao de Compliance Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'tecnicoNeed', + 'explicacaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.tecnico.explicacao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para compliance/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para compliance/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0231 = McpControlContract( + contract_id='compliance.usuario_final.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='usuario_final', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Compliance Platform para Usuario final', + purpose='Expor consulta de Compliance Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'usuario_finalNeed', + 'consultaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.usuario_final.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para compliance/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para compliance/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0232 = McpControlContract( + contract_id='compliance.usuario_final.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='usuario_final', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Compliance Platform para Usuario final', + purpose='Expor diagnostico de Compliance Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'usuario_finalNeed', + 'diagnosticoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.usuario_final.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para compliance/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para compliance/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0233 = McpControlContract( + contract_id='compliance.usuario_final.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='usuario_final', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Compliance Platform para Usuario final', + purpose='Expor acao de Compliance Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'usuario_finalNeed', + 'acaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.usuario_final.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para compliance/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para compliance/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0234 = McpControlContract( + contract_id='compliance.usuario_final.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='usuario_final', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Compliance Platform para Usuario final', + purpose='Expor auditoria de Compliance Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'usuario_finalNeed', + 'auditoriaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.usuario_final.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para compliance/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para compliance/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0235 = McpControlContract( + contract_id='compliance.usuario_final.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='usuario_final', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Compliance Platform para Usuario final', + purpose='Expor explicacao de Compliance Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'usuario_finalNeed', + 'explicacaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.usuario_final.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para compliance/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para compliance/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0236 = McpControlContract( + contract_id='compliance.cliente_externo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='cliente_externo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Compliance Platform para Cliente externo', + purpose='Expor consulta de Compliance Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'cliente_externoNeed', + 'consultaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.cliente_externo.consulta', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para compliance/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para compliance/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0237 = McpControlContract( + contract_id='compliance.cliente_externo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='cliente_externo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Compliance Platform para Cliente externo', + purpose='Expor diagnostico de Compliance Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'cliente_externoNeed', + 'diagnosticoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.cliente_externo.diagnostico', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para compliance/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para compliance/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0238 = McpControlContract( + contract_id='compliance.cliente_externo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='cliente_externo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Compliance Platform para Cliente externo', + purpose='Expor acao de Compliance Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'cliente_externoNeed', + 'acaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.cliente_externo.acao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para compliance/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para compliance/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0239 = McpControlContract( + contract_id='compliance.cliente_externo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='cliente_externo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Compliance Platform para Cliente externo', + purpose='Expor auditoria de Compliance Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'cliente_externoNeed', + 'auditoriaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.cliente_externo.auditoria', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para compliance/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para compliance/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0240 = McpControlContract( + contract_id='compliance.cliente_externo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='cliente_externo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Compliance Platform para Cliente externo', + purpose='Expor explicacao de Compliance Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'cliente_externoNeed', + 'explicacaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.cliente_externo.explicacao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para compliance/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para compliance/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0241 = McpControlContract( + contract_id='compliance.planejamento_estrategico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Compliance Platform para Planejamento estrategico', + purpose='Expor consulta de Compliance Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'planejamento_estrategicoNeed', + 'consultaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.planejamento_estrategico.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para compliance/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para compliance/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0242 = McpControlContract( + contract_id='compliance.planejamento_estrategico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Compliance Platform para Planejamento estrategico', + purpose='Expor diagnostico de Compliance Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'planejamento_estrategicoNeed', + 'diagnosticoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.planejamento_estrategico.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para compliance/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para compliance/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0243 = McpControlContract( + contract_id='compliance.planejamento_estrategico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Compliance Platform para Planejamento estrategico', + purpose='Expor acao de Compliance Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'planejamento_estrategicoNeed', + 'acaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.planejamento_estrategico.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para compliance/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para compliance/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0244 = McpControlContract( + contract_id='compliance.planejamento_estrategico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Compliance Platform para Planejamento estrategico', + purpose='Expor auditoria de Compliance Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'planejamento_estrategicoNeed', + 'auditoriaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.planejamento_estrategico.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para compliance/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para compliance/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0245 = McpControlContract( + contract_id='compliance.planejamento_estrategico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='compliance', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Compliance Platform para Planejamento estrategico', + purpose='Expor explicacao de Compliance Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'complianceStatus', + 'planejamento_estrategicoNeed', + 'explicacaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.compliance.planejamento_estrategico.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider compliance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para compliance/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para compliance/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0246 = McpControlContract( contract_id='compliance.credentialref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='compliance', @@ -4706,7 +14976,7 @@ CONTRACT_0116 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0117 = McpControlContract( +CONTRACT_0247 = McpControlContract( contract_id='compliance.tokenref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='compliance', @@ -4732,7 +15002,7 @@ CONTRACT_0117 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0118 = McpControlContract( +CONTRACT_0248 = McpControlContract( contract_id='compliance.secretref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='compliance', @@ -4758,7 +15028,7 @@ CONTRACT_0118 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0119 = McpControlContract( +CONTRACT_0249 = McpControlContract( contract_id='compliance.cfat.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='compliance', @@ -4784,7 +15054,7 @@ CONTRACT_0119 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0120 = McpControlContract( +CONTRACT_0250 = McpControlContract( contract_id='compliance.administrador_empresa.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -4853,7 +15123,7 @@ CONTRACT_0120 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0121 = McpControlContract( +CONTRACT_0251 = McpControlContract( contract_id='compliance.administrador_empresa.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -4922,7 +15192,7 @@ CONTRACT_0121 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0122 = McpControlContract( +CONTRACT_0252 = McpControlContract( contract_id='compliance.administrador_empresa.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -4991,7 +15261,7 @@ CONTRACT_0122 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0123 = McpControlContract( +CONTRACT_0253 = McpControlContract( contract_id='compliance.ceo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -5060,7 +15330,7 @@ CONTRACT_0123 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0124 = McpControlContract( +CONTRACT_0254 = McpControlContract( contract_id='compliance.ceo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -5129,7 +15399,7 @@ CONTRACT_0124 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0125 = McpControlContract( +CONTRACT_0255 = McpControlContract( contract_id='compliance.ceo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -5198,7 +15468,7 @@ CONTRACT_0125 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0126 = McpControlContract( +CONTRACT_0256 = McpControlContract( contract_id='compliance.gestor_operacional.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -5267,7 +15537,7 @@ CONTRACT_0126 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0127 = McpControlContract( +CONTRACT_0257 = McpControlContract( contract_id='compliance.gestor_operacional.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -5336,7 +15606,7 @@ CONTRACT_0127 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0128 = McpControlContract( +CONTRACT_0258 = McpControlContract( contract_id='compliance.gestor_operacional.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -5405,7 +15675,7 @@ CONTRACT_0128 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0129 = McpControlContract( +CONTRACT_0259 = McpControlContract( contract_id='compliance.suporte.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -5474,7 +15744,7 @@ CONTRACT_0129 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0130 = McpControlContract( +CONTRACT_0260 = McpControlContract( contract_id='compliance.suporte.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -5543,7 +15813,7 @@ CONTRACT_0130 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0131 = McpControlContract( +CONTRACT_0261 = McpControlContract( contract_id='compliance.suporte.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -5612,7 +15882,7 @@ CONTRACT_0131 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0132 = McpControlContract( +CONTRACT_0262 = McpControlContract( contract_id='compliance.atendimento_cliente.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -5681,7 +15951,7 @@ CONTRACT_0132 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0133 = McpControlContract( +CONTRACT_0263 = McpControlContract( contract_id='compliance.atendimento_cliente.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -5750,7 +16020,7 @@ CONTRACT_0133 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0134 = McpControlContract( +CONTRACT_0264 = McpControlContract( contract_id='compliance.atendimento_cliente.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -5819,7 +16089,7 @@ CONTRACT_0134 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0135 = McpControlContract( +CONTRACT_0265 = McpControlContract( contract_id='compliance.financeiro.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -5888,7 +16158,7 @@ CONTRACT_0135 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0136 = McpControlContract( +CONTRACT_0266 = McpControlContract( contract_id='compliance.financeiro.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -5957,7 +16227,7 @@ CONTRACT_0136 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0137 = McpControlContract( +CONTRACT_0267 = McpControlContract( contract_id='compliance.financeiro.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -6026,7 +16296,7 @@ CONTRACT_0137 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0138 = McpControlContract( +CONTRACT_0268 = McpControlContract( contract_id='compliance.contador.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -6095,7 +16365,7 @@ CONTRACT_0138 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0139 = McpControlContract( +CONTRACT_0269 = McpControlContract( contract_id='compliance.contador.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -6164,7 +16434,7 @@ CONTRACT_0139 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0140 = McpControlContract( +CONTRACT_0270 = McpControlContract( contract_id='compliance.contador.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -6233,7 +16503,7 @@ CONTRACT_0140 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0141 = McpControlContract( +CONTRACT_0271 = McpControlContract( contract_id='compliance.juridico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -6302,7 +16572,7 @@ CONTRACT_0141 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0142 = McpControlContract( +CONTRACT_0272 = McpControlContract( contract_id='compliance.juridico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -6371,7 +16641,7 @@ CONTRACT_0142 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0143 = McpControlContract( +CONTRACT_0273 = McpControlContract( contract_id='compliance.juridico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -6440,7 +16710,7 @@ CONTRACT_0143 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0144 = McpControlContract( +CONTRACT_0274 = McpControlContract( contract_id='compliance.secretaria.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -6509,7 +16779,7 @@ CONTRACT_0144 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0145 = McpControlContract( +CONTRACT_0275 = McpControlContract( contract_id='compliance.secretaria.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -6578,7 +16848,7 @@ CONTRACT_0145 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0146 = McpControlContract( +CONTRACT_0276 = McpControlContract( contract_id='compliance.secretaria.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -6647,7 +16917,7 @@ CONTRACT_0146 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0147 = McpControlContract( +CONTRACT_0277 = McpControlContract( contract_id='compliance.tecnico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -6716,7 +16986,7 @@ CONTRACT_0147 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0148 = McpControlContract( +CONTRACT_0278 = McpControlContract( contract_id='compliance.tecnico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -6785,7 +17055,7 @@ CONTRACT_0148 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0149 = McpControlContract( +CONTRACT_0279 = McpControlContract( contract_id='compliance.tecnico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -6854,7 +17124,7 @@ CONTRACT_0149 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0150 = McpControlContract( +CONTRACT_0280 = McpControlContract( contract_id='compliance.usuario_final.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -6923,7 +17193,7 @@ CONTRACT_0150 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0151 = McpControlContract( +CONTRACT_0281 = McpControlContract( contract_id='compliance.usuario_final.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -6992,7 +17262,7 @@ CONTRACT_0151 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0152 = McpControlContract( +CONTRACT_0282 = McpControlContract( contract_id='compliance.usuario_final.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -7061,7 +17331,7 @@ CONTRACT_0152 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0153 = McpControlContract( +CONTRACT_0283 = McpControlContract( contract_id='compliance.cliente_externo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -7130,7 +17400,7 @@ CONTRACT_0153 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0154 = McpControlContract( +CONTRACT_0284 = McpControlContract( contract_id='compliance.cliente_externo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -7199,7 +17469,7 @@ CONTRACT_0154 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0155 = McpControlContract( +CONTRACT_0285 = McpControlContract( contract_id='compliance.cliente_externo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -7268,7 +17538,7 @@ CONTRACT_0155 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0156 = McpControlContract( +CONTRACT_0286 = McpControlContract( contract_id='compliance.planejamento_estrategico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -7337,7 +17607,7 @@ CONTRACT_0156 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0157 = McpControlContract( +CONTRACT_0287 = McpControlContract( contract_id='compliance.planejamento_estrategico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -7406,7 +17676,7 @@ CONTRACT_0157 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0158 = McpControlContract( +CONTRACT_0288 = McpControlContract( contract_id='compliance.planejamento_estrategico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='compliance', @@ -7475,7 +17745,7 @@ CONTRACT_0158 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0159 = McpControlContract( +CONTRACT_0289 = McpControlContract( contract_id='customer_ops.administrador_empresa.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='customer_ops', @@ -7501,7 +17771,7 @@ CONTRACT_0159 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0160 = McpControlContract( +CONTRACT_0290 = McpControlContract( contract_id='customer_ops.ceo.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='customer_ops', @@ -7527,7 +17797,7 @@ CONTRACT_0160 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0161 = McpControlContract( +CONTRACT_0291 = McpControlContract( contract_id='customer_ops.gestor_operacional.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='customer_ops', @@ -7553,7 +17823,7 @@ CONTRACT_0161 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0162 = McpControlContract( +CONTRACT_0292 = McpControlContract( contract_id='customer_ops.suporte.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='customer_ops', @@ -7579,7 +17849,7 @@ CONTRACT_0162 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0163 = McpControlContract( +CONTRACT_0293 = McpControlContract( contract_id='customer_ops.atendimento_cliente.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='customer_ops', @@ -7605,7 +17875,7 @@ CONTRACT_0163 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0164 = McpControlContract( +CONTRACT_0294 = McpControlContract( contract_id='customer_ops.financeiro.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='customer_ops', @@ -7631,7 +17901,7 @@ CONTRACT_0164 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0165 = McpControlContract( +CONTRACT_0295 = McpControlContract( contract_id='customer_ops.contador.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='customer_ops', @@ -7657,7 +17927,7 @@ CONTRACT_0165 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0166 = McpControlContract( +CONTRACT_0296 = McpControlContract( contract_id='customer_ops.juridico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='customer_ops', @@ -7683,7 +17953,7 @@ CONTRACT_0166 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0167 = McpControlContract( +CONTRACT_0297 = McpControlContract( contract_id='customer_ops.secretaria.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='customer_ops', @@ -7709,7 +17979,7 @@ CONTRACT_0167 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0168 = McpControlContract( +CONTRACT_0298 = McpControlContract( contract_id='customer_ops.tecnico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='customer_ops', @@ -7735,7 +18005,7 @@ CONTRACT_0168 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0169 = McpControlContract( +CONTRACT_0299 = McpControlContract( contract_id='customer_ops.usuario_final.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='customer_ops', @@ -7761,7 +18031,7 @@ CONTRACT_0169 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0170 = McpControlContract( +CONTRACT_0300 = McpControlContract( contract_id='customer_ops.cliente_externo.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='customer_ops', @@ -7787,7 +18057,7 @@ CONTRACT_0170 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0171 = McpControlContract( +CONTRACT_0301 = McpControlContract( contract_id='customer_ops.planejamento_estrategico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='customer_ops', @@ -7813,7 +18083,7 @@ CONTRACT_0171 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0172 = McpControlContract( +CONTRACT_0302 = McpControlContract( contract_id='customer_ops.administrador_empresa.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='customer_ops', @@ -7839,7 +18109,7 @@ CONTRACT_0172 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0173 = McpControlContract( +CONTRACT_0303 = McpControlContract( contract_id='customer_ops.ceo.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='customer_ops', @@ -7865,7 +18135,7 @@ CONTRACT_0173 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0174 = McpControlContract( +CONTRACT_0304 = McpControlContract( contract_id='customer_ops.gestor_operacional.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='customer_ops', @@ -7891,7 +18161,7 @@ CONTRACT_0174 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0175 = McpControlContract( +CONTRACT_0305 = McpControlContract( contract_id='customer_ops.suporte.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='customer_ops', @@ -7917,7 +18187,7 @@ CONTRACT_0175 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0176 = McpControlContract( +CONTRACT_0306 = McpControlContract( contract_id='customer_ops.atendimento_cliente.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='customer_ops', @@ -7943,7 +18213,7 @@ CONTRACT_0176 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0177 = McpControlContract( +CONTRACT_0307 = McpControlContract( contract_id='customer_ops.financeiro.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='customer_ops', @@ -7969,7 +18239,7 @@ CONTRACT_0177 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0178 = McpControlContract( +CONTRACT_0308 = McpControlContract( contract_id='customer_ops.contador.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='customer_ops', @@ -7995,7 +18265,7 @@ CONTRACT_0178 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0179 = McpControlContract( +CONTRACT_0309 = McpControlContract( contract_id='customer_ops.juridico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='customer_ops', @@ -8021,7 +18291,7 @@ CONTRACT_0179 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0180 = McpControlContract( +CONTRACT_0310 = McpControlContract( contract_id='customer_ops.secretaria.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='customer_ops', @@ -8047,7 +18317,7 @@ CONTRACT_0180 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0181 = McpControlContract( +CONTRACT_0311 = McpControlContract( contract_id='customer_ops.tecnico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='customer_ops', @@ -8073,7 +18343,7 @@ CONTRACT_0181 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0182 = McpControlContract( +CONTRACT_0312 = McpControlContract( contract_id='customer_ops.usuario_final.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='customer_ops', @@ -8099,7 +18369,7 @@ CONTRACT_0182 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0183 = McpControlContract( +CONTRACT_0313 = McpControlContract( contract_id='customer_ops.cliente_externo.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='customer_ops', @@ -8125,7 +18395,7 @@ CONTRACT_0183 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0184 = McpControlContract( +CONTRACT_0314 = McpControlContract( contract_id='customer_ops.planejamento_estrategico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='customer_ops', @@ -8151,7 +18421,7 @@ CONTRACT_0184 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0185 = McpControlContract( +CONTRACT_0315 = McpControlContract( contract_id='customer_ops.tickets.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='customer_ops', @@ -8177,7 +18447,7 @@ CONTRACT_0185 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0186 = McpControlContract( +CONTRACT_0316 = McpControlContract( contract_id='customer_ops.incidents.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='customer_ops', @@ -8203,7 +18473,7 @@ CONTRACT_0186 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0187 = McpControlContract( +CONTRACT_0317 = McpControlContract( contract_id='customer_ops.diagnostics.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='customer_ops', @@ -8229,7 +18499,7 @@ CONTRACT_0187 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0188 = McpControlContract( +CONTRACT_0318 = McpControlContract( contract_id='customer_ops.customer-status.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='customer_ops', @@ -8255,7 +18525,7 @@ CONTRACT_0188 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0189 = McpControlContract( +CONTRACT_0319 = McpControlContract( contract_id='customer_ops.handoffs.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='customer_ops', @@ -8281,7 +18551,7 @@ CONTRACT_0189 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0190 = McpControlContract( +CONTRACT_0320 = McpControlContract( contract_id='customer_ops.consulta.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='customer_ops', @@ -8307,7 +18577,7 @@ CONTRACT_0190 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0191 = McpControlContract( +CONTRACT_0321 = McpControlContract( contract_id='customer_ops.diagnostico.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='customer_ops', @@ -8333,7 +18603,7 @@ CONTRACT_0191 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0192 = McpControlContract( +CONTRACT_0322 = McpControlContract( contract_id='customer_ops.acao.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='customer_ops', @@ -8359,7 +18629,7 @@ CONTRACT_0192 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0193 = McpControlContract( +CONTRACT_0323 = McpControlContract( contract_id='customer_ops.auditoria.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='customer_ops', @@ -8385,7 +18655,7 @@ CONTRACT_0193 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0194 = McpControlContract( +CONTRACT_0324 = McpControlContract( contract_id='customer_ops.explicacao.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='customer_ops', @@ -8411,7 +18681,5142 @@ CONTRACT_0194 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0195 = McpControlContract( +CONTRACT_0325 = McpControlContract( + contract_id='customer_ops.administrador_empresa.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Customer Ops Platform para Administrador da empresa', + purpose='Expor consulta de Customer Ops Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'administrador_empresaNeed', + 'consultaState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.administrador_empresa.consulta', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para customer_ops/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para customer_ops/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0326 = McpControlContract( + contract_id='customer_ops.administrador_empresa.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Customer Ops Platform para Administrador da empresa', + purpose='Expor diagnostico de Customer Ops Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'administrador_empresaNeed', + 'diagnosticoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.administrador_empresa.diagnostico', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para customer_ops/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para customer_ops/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0327 = McpControlContract( + contract_id='customer_ops.administrador_empresa.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Customer Ops Platform para Administrador da empresa', + purpose='Expor acao de Customer Ops Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'administrador_empresaNeed', + 'acaoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.administrador_empresa.acao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para customer_ops/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para customer_ops/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0328 = McpControlContract( + contract_id='customer_ops.administrador_empresa.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Customer Ops Platform para Administrador da empresa', + purpose='Expor auditoria de Customer Ops Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'administrador_empresaNeed', + 'auditoriaState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.administrador_empresa.auditoria', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para customer_ops/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para customer_ops/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0329 = McpControlContract( + contract_id='customer_ops.administrador_empresa.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Customer Ops Platform para Administrador da empresa', + purpose='Expor explicacao de Customer Ops Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'administrador_empresaNeed', + 'explicacaoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.administrador_empresa.explicacao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para customer_ops/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para customer_ops/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0330 = McpControlContract( + contract_id='customer_ops.ceo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='ceo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Customer Ops Platform para CEO', + purpose='Expor consulta de Customer Ops Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'ceoNeed', + 'consultaState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.ceo.consulta', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para customer_ops/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para customer_ops/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0331 = McpControlContract( + contract_id='customer_ops.ceo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='ceo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Customer Ops Platform para CEO', + purpose='Expor diagnostico de Customer Ops Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'ceoNeed', + 'diagnosticoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.ceo.diagnostico', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para customer_ops/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para customer_ops/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0332 = McpControlContract( + contract_id='customer_ops.ceo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='ceo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Customer Ops Platform para CEO', + purpose='Expor acao de Customer Ops Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'ceoNeed', + 'acaoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.ceo.acao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para customer_ops/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para customer_ops/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0333 = McpControlContract( + contract_id='customer_ops.ceo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='ceo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Customer Ops Platform para CEO', + purpose='Expor auditoria de Customer Ops Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'ceoNeed', + 'auditoriaState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.ceo.auditoria', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para customer_ops/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para customer_ops/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0334 = McpControlContract( + contract_id='customer_ops.ceo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='ceo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Customer Ops Platform para CEO', + purpose='Expor explicacao de Customer Ops Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'ceoNeed', + 'explicacaoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.ceo.explicacao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para customer_ops/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para customer_ops/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0335 = McpControlContract( + contract_id='customer_ops.gestor_operacional.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Customer Ops Platform para Gestor operacional', + purpose='Expor consulta de Customer Ops Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'gestor_operacionalNeed', + 'consultaState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.gestor_operacional.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para customer_ops/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para customer_ops/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0336 = McpControlContract( + contract_id='customer_ops.gestor_operacional.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Customer Ops Platform para Gestor operacional', + purpose='Expor diagnostico de Customer Ops Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'gestor_operacionalNeed', + 'diagnosticoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.gestor_operacional.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para customer_ops/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para customer_ops/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0337 = McpControlContract( + contract_id='customer_ops.gestor_operacional.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Customer Ops Platform para Gestor operacional', + purpose='Expor acao de Customer Ops Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'gestor_operacionalNeed', + 'acaoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.gestor_operacional.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para customer_ops/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para customer_ops/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0338 = McpControlContract( + contract_id='customer_ops.gestor_operacional.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Customer Ops Platform para Gestor operacional', + purpose='Expor auditoria de Customer Ops Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'gestor_operacionalNeed', + 'auditoriaState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.gestor_operacional.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para customer_ops/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para customer_ops/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0339 = McpControlContract( + contract_id='customer_ops.gestor_operacional.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Customer Ops Platform para Gestor operacional', + purpose='Expor explicacao de Customer Ops Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'gestor_operacionalNeed', + 'explicacaoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.gestor_operacional.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para customer_ops/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para customer_ops/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0340 = McpControlContract( + contract_id='customer_ops.suporte.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='suporte', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Customer Ops Platform para Equipe de suporte', + purpose='Expor consulta de Customer Ops Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'suporteNeed', + 'consultaState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.suporte.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para customer_ops/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para customer_ops/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0341 = McpControlContract( + contract_id='customer_ops.suporte.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='suporte', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Customer Ops Platform para Equipe de suporte', + purpose='Expor diagnostico de Customer Ops Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'suporteNeed', + 'diagnosticoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.suporte.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para customer_ops/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para customer_ops/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0342 = McpControlContract( + contract_id='customer_ops.suporte.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='suporte', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Customer Ops Platform para Equipe de suporte', + purpose='Expor acao de Customer Ops Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'suporteNeed', + 'acaoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.suporte.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para customer_ops/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para customer_ops/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0343 = McpControlContract( + contract_id='customer_ops.suporte.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='suporte', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Customer Ops Platform para Equipe de suporte', + purpose='Expor auditoria de Customer Ops Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'suporteNeed', + 'auditoriaState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.suporte.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para customer_ops/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para customer_ops/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0344 = McpControlContract( + contract_id='customer_ops.suporte.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='suporte', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Customer Ops Platform para Equipe de suporte', + purpose='Expor explicacao de Customer Ops Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'suporteNeed', + 'explicacaoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.suporte.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para customer_ops/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para customer_ops/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0345 = McpControlContract( + contract_id='customer_ops.atendimento_cliente.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Customer Ops Platform para Atendimento ao cliente', + purpose='Expor consulta de Customer Ops Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'atendimento_clienteNeed', + 'consultaState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.atendimento_cliente.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para customer_ops/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para customer_ops/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0346 = McpControlContract( + contract_id='customer_ops.atendimento_cliente.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Customer Ops Platform para Atendimento ao cliente', + purpose='Expor diagnostico de Customer Ops Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'atendimento_clienteNeed', + 'diagnosticoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.atendimento_cliente.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para customer_ops/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para customer_ops/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0347 = McpControlContract( + contract_id='customer_ops.atendimento_cliente.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Customer Ops Platform para Atendimento ao cliente', + purpose='Expor acao de Customer Ops Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'atendimento_clienteNeed', + 'acaoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.atendimento_cliente.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para customer_ops/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para customer_ops/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0348 = McpControlContract( + contract_id='customer_ops.atendimento_cliente.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Customer Ops Platform para Atendimento ao cliente', + purpose='Expor auditoria de Customer Ops Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'atendimento_clienteNeed', + 'auditoriaState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.atendimento_cliente.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para customer_ops/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para customer_ops/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0349 = McpControlContract( + contract_id='customer_ops.atendimento_cliente.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Customer Ops Platform para Atendimento ao cliente', + purpose='Expor explicacao de Customer Ops Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'atendimento_clienteNeed', + 'explicacaoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.atendimento_cliente.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para customer_ops/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para customer_ops/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0350 = McpControlContract( + contract_id='customer_ops.financeiro.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='financeiro', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Customer Ops Platform para Financeiro', + purpose='Expor consulta de Customer Ops Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'financeiroNeed', + 'consultaState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.financeiro.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para customer_ops/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para customer_ops/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0351 = McpControlContract( + contract_id='customer_ops.financeiro.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='financeiro', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Customer Ops Platform para Financeiro', + purpose='Expor diagnostico de Customer Ops Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'financeiroNeed', + 'diagnosticoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.financeiro.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para customer_ops/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para customer_ops/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0352 = McpControlContract( + contract_id='customer_ops.financeiro.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='financeiro', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Customer Ops Platform para Financeiro', + purpose='Expor acao de Customer Ops Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'financeiroNeed', + 'acaoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.financeiro.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para customer_ops/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para customer_ops/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0353 = McpControlContract( + contract_id='customer_ops.financeiro.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='financeiro', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Customer Ops Platform para Financeiro', + purpose='Expor auditoria de Customer Ops Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'financeiroNeed', + 'auditoriaState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.financeiro.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para customer_ops/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para customer_ops/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0354 = McpControlContract( + contract_id='customer_ops.financeiro.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='financeiro', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Customer Ops Platform para Financeiro', + purpose='Expor explicacao de Customer Ops Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'financeiroNeed', + 'explicacaoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.financeiro.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para customer_ops/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para customer_ops/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0355 = McpControlContract( + contract_id='customer_ops.contador.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='contador', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Customer Ops Platform para Contador', + purpose='Expor consulta de Customer Ops Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'contadorNeed', + 'consultaState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.contador.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para customer_ops/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para customer_ops/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0356 = McpControlContract( + contract_id='customer_ops.contador.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='contador', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Customer Ops Platform para Contador', + purpose='Expor diagnostico de Customer Ops Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'contadorNeed', + 'diagnosticoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.contador.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para customer_ops/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para customer_ops/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0357 = McpControlContract( + contract_id='customer_ops.contador.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='contador', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Customer Ops Platform para Contador', + purpose='Expor acao de Customer Ops Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'contadorNeed', + 'acaoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.contador.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para customer_ops/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para customer_ops/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0358 = McpControlContract( + contract_id='customer_ops.contador.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='contador', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Customer Ops Platform para Contador', + purpose='Expor auditoria de Customer Ops Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'contadorNeed', + 'auditoriaState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.contador.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para customer_ops/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para customer_ops/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0359 = McpControlContract( + contract_id='customer_ops.contador.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='contador', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Customer Ops Platform para Contador', + purpose='Expor explicacao de Customer Ops Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'contadorNeed', + 'explicacaoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.contador.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para customer_ops/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para customer_ops/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0360 = McpControlContract( + contract_id='customer_ops.juridico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='juridico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Customer Ops Platform para Juridico', + purpose='Expor consulta de Customer Ops Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'juridicoNeed', + 'consultaState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.juridico.consulta', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para customer_ops/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para customer_ops/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0361 = McpControlContract( + contract_id='customer_ops.juridico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='juridico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Customer Ops Platform para Juridico', + purpose='Expor diagnostico de Customer Ops Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'juridicoNeed', + 'diagnosticoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.juridico.diagnostico', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para customer_ops/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para customer_ops/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0362 = McpControlContract( + contract_id='customer_ops.juridico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='juridico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Customer Ops Platform para Juridico', + purpose='Expor acao de Customer Ops Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'juridicoNeed', + 'acaoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.juridico.acao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para customer_ops/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para customer_ops/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0363 = McpControlContract( + contract_id='customer_ops.juridico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='juridico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Customer Ops Platform para Juridico', + purpose='Expor auditoria de Customer Ops Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'juridicoNeed', + 'auditoriaState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.juridico.auditoria', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para customer_ops/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para customer_ops/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0364 = McpControlContract( + contract_id='customer_ops.juridico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='juridico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Customer Ops Platform para Juridico', + purpose='Expor explicacao de Customer Ops Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'juridicoNeed', + 'explicacaoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.juridico.explicacao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para customer_ops/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para customer_ops/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0365 = McpControlContract( + contract_id='customer_ops.secretaria.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='secretaria', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Customer Ops Platform para Secretaria', + purpose='Expor consulta de Customer Ops Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'secretariaNeed', + 'consultaState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.secretaria.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para customer_ops/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para customer_ops/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0366 = McpControlContract( + contract_id='customer_ops.secretaria.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='secretaria', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Customer Ops Platform para Secretaria', + purpose='Expor diagnostico de Customer Ops Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'secretariaNeed', + 'diagnosticoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.secretaria.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para customer_ops/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para customer_ops/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0367 = McpControlContract( + contract_id='customer_ops.secretaria.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='secretaria', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Customer Ops Platform para Secretaria', + purpose='Expor acao de Customer Ops Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'secretariaNeed', + 'acaoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.secretaria.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para customer_ops/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para customer_ops/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0368 = McpControlContract( + contract_id='customer_ops.secretaria.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='secretaria', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Customer Ops Platform para Secretaria', + purpose='Expor auditoria de Customer Ops Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'secretariaNeed', + 'auditoriaState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.secretaria.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para customer_ops/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para customer_ops/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0369 = McpControlContract( + contract_id='customer_ops.secretaria.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='secretaria', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Customer Ops Platform para Secretaria', + purpose='Expor explicacao de Customer Ops Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'secretariaNeed', + 'explicacaoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.secretaria.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para customer_ops/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para customer_ops/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0370 = McpControlContract( + contract_id='customer_ops.tecnico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='tecnico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Customer Ops Platform para Tecnico', + purpose='Expor consulta de Customer Ops Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'tecnicoNeed', + 'consultaState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.tecnico.consulta', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para customer_ops/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para customer_ops/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0371 = McpControlContract( + contract_id='customer_ops.tecnico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='tecnico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Customer Ops Platform para Tecnico', + purpose='Expor diagnostico de Customer Ops Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'tecnicoNeed', + 'diagnosticoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.tecnico.diagnostico', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para customer_ops/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para customer_ops/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0372 = McpControlContract( + contract_id='customer_ops.tecnico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='tecnico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Customer Ops Platform para Tecnico', + purpose='Expor acao de Customer Ops Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'tecnicoNeed', + 'acaoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.tecnico.acao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para customer_ops/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para customer_ops/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0373 = McpControlContract( + contract_id='customer_ops.tecnico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='tecnico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Customer Ops Platform para Tecnico', + purpose='Expor auditoria de Customer Ops Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'tecnicoNeed', + 'auditoriaState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.tecnico.auditoria', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para customer_ops/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para customer_ops/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0374 = McpControlContract( + contract_id='customer_ops.tecnico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='tecnico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Customer Ops Platform para Tecnico', + purpose='Expor explicacao de Customer Ops Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'tecnicoNeed', + 'explicacaoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.tecnico.explicacao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para customer_ops/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para customer_ops/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0375 = McpControlContract( + contract_id='customer_ops.usuario_final.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='usuario_final', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Customer Ops Platform para Usuario final', + purpose='Expor consulta de Customer Ops Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'usuario_finalNeed', + 'consultaState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.usuario_final.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para customer_ops/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para customer_ops/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0376 = McpControlContract( + contract_id='customer_ops.usuario_final.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='usuario_final', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Customer Ops Platform para Usuario final', + purpose='Expor diagnostico de Customer Ops Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'usuario_finalNeed', + 'diagnosticoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.usuario_final.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para customer_ops/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para customer_ops/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0377 = McpControlContract( + contract_id='customer_ops.usuario_final.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='usuario_final', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Customer Ops Platform para Usuario final', + purpose='Expor acao de Customer Ops Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'usuario_finalNeed', + 'acaoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.usuario_final.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para customer_ops/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para customer_ops/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0378 = McpControlContract( + contract_id='customer_ops.usuario_final.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='usuario_final', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Customer Ops Platform para Usuario final', + purpose='Expor auditoria de Customer Ops Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'usuario_finalNeed', + 'auditoriaState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.usuario_final.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para customer_ops/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para customer_ops/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0379 = McpControlContract( + contract_id='customer_ops.usuario_final.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='usuario_final', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Customer Ops Platform para Usuario final', + purpose='Expor explicacao de Customer Ops Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'usuario_finalNeed', + 'explicacaoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.usuario_final.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para customer_ops/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para customer_ops/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0380 = McpControlContract( + contract_id='customer_ops.cliente_externo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='cliente_externo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Customer Ops Platform para Cliente externo', + purpose='Expor consulta de Customer Ops Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'cliente_externoNeed', + 'consultaState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.cliente_externo.consulta', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para customer_ops/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para customer_ops/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0381 = McpControlContract( + contract_id='customer_ops.cliente_externo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='cliente_externo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Customer Ops Platform para Cliente externo', + purpose='Expor diagnostico de Customer Ops Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'cliente_externoNeed', + 'diagnosticoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.cliente_externo.diagnostico', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para customer_ops/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para customer_ops/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0382 = McpControlContract( + contract_id='customer_ops.cliente_externo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='cliente_externo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Customer Ops Platform para Cliente externo', + purpose='Expor acao de Customer Ops Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'cliente_externoNeed', + 'acaoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.cliente_externo.acao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para customer_ops/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para customer_ops/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0383 = McpControlContract( + contract_id='customer_ops.cliente_externo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='cliente_externo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Customer Ops Platform para Cliente externo', + purpose='Expor auditoria de Customer Ops Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'cliente_externoNeed', + 'auditoriaState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.cliente_externo.auditoria', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para customer_ops/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para customer_ops/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0384 = McpControlContract( + contract_id='customer_ops.cliente_externo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='cliente_externo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Customer Ops Platform para Cliente externo', + purpose='Expor explicacao de Customer Ops Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'cliente_externoNeed', + 'explicacaoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.cliente_externo.explicacao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para customer_ops/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para customer_ops/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0385 = McpControlContract( + contract_id='customer_ops.planejamento_estrategico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Customer Ops Platform para Planejamento estrategico', + purpose='Expor consulta de Customer Ops Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'planejamento_estrategicoNeed', + 'consultaState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.planejamento_estrategico.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para customer_ops/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para customer_ops/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0386 = McpControlContract( + contract_id='customer_ops.planejamento_estrategico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Customer Ops Platform para Planejamento estrategico', + purpose='Expor diagnostico de Customer Ops Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'planejamento_estrategicoNeed', + 'diagnosticoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.planejamento_estrategico.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para customer_ops/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para customer_ops/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0387 = McpControlContract( + contract_id='customer_ops.planejamento_estrategico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Customer Ops Platform para Planejamento estrategico', + purpose='Expor acao de Customer Ops Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'planejamento_estrategicoNeed', + 'acaoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.planejamento_estrategico.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para customer_ops/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para customer_ops/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0388 = McpControlContract( + contract_id='customer_ops.planejamento_estrategico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Customer Ops Platform para Planejamento estrategico', + purpose='Expor auditoria de Customer Ops Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'planejamento_estrategicoNeed', + 'auditoriaState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.planejamento_estrategico.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para customer_ops/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para customer_ops/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0389 = McpControlContract( + contract_id='customer_ops.planejamento_estrategico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='customer_ops', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Customer Ops Platform para Planejamento estrategico', + purpose='Expor explicacao de Customer Ops Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'customer_opsStatus', + 'planejamento_estrategicoNeed', + 'explicacaoState', + 'supportGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.customer_ops.planejamento_estrategico.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider customer_ops via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para customer_ops/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para customer_ops/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0390 = McpControlContract( contract_id='customer_ops.credentialref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='customer_ops', @@ -8437,7 +23842,7 @@ CONTRACT_0195 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0196 = McpControlContract( +CONTRACT_0391 = McpControlContract( contract_id='customer_ops.tokenref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='customer_ops', @@ -8463,7 +23868,7 @@ CONTRACT_0196 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0197 = McpControlContract( +CONTRACT_0392 = McpControlContract( contract_id='customer_ops.secretref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='customer_ops', @@ -8489,7 +23894,7 @@ CONTRACT_0197 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0198 = McpControlContract( +CONTRACT_0393 = McpControlContract( contract_id='customer_ops.cfat.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='customer_ops', @@ -8515,7 +23920,7 @@ CONTRACT_0198 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0199 = McpControlContract( +CONTRACT_0394 = McpControlContract( contract_id='customer_ops.administrador_empresa.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -8584,7 +23989,7 @@ CONTRACT_0199 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0200 = McpControlContract( +CONTRACT_0395 = McpControlContract( contract_id='customer_ops.administrador_empresa.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -8653,7 +24058,7 @@ CONTRACT_0200 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0201 = McpControlContract( +CONTRACT_0396 = McpControlContract( contract_id='customer_ops.administrador_empresa.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -8722,7 +24127,7 @@ CONTRACT_0201 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0202 = McpControlContract( +CONTRACT_0397 = McpControlContract( contract_id='customer_ops.ceo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -8791,7 +24196,7 @@ CONTRACT_0202 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0203 = McpControlContract( +CONTRACT_0398 = McpControlContract( contract_id='customer_ops.ceo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -8860,7 +24265,7 @@ CONTRACT_0203 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0204 = McpControlContract( +CONTRACT_0399 = McpControlContract( contract_id='customer_ops.ceo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -8929,7 +24334,7 @@ CONTRACT_0204 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0205 = McpControlContract( +CONTRACT_0400 = McpControlContract( contract_id='customer_ops.gestor_operacional.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -8998,7 +24403,7 @@ CONTRACT_0205 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0206 = McpControlContract( +CONTRACT_0401 = McpControlContract( contract_id='customer_ops.gestor_operacional.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -9067,7 +24472,7 @@ CONTRACT_0206 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0207 = McpControlContract( +CONTRACT_0402 = McpControlContract( contract_id='customer_ops.gestor_operacional.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -9136,7 +24541,7 @@ CONTRACT_0207 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0208 = McpControlContract( +CONTRACT_0403 = McpControlContract( contract_id='customer_ops.suporte.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -9205,7 +24610,7 @@ CONTRACT_0208 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0209 = McpControlContract( +CONTRACT_0404 = McpControlContract( contract_id='customer_ops.suporte.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -9274,7 +24679,7 @@ CONTRACT_0209 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0210 = McpControlContract( +CONTRACT_0405 = McpControlContract( contract_id='customer_ops.suporte.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -9343,7 +24748,7 @@ CONTRACT_0210 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0211 = McpControlContract( +CONTRACT_0406 = McpControlContract( contract_id='customer_ops.atendimento_cliente.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -9412,7 +24817,7 @@ CONTRACT_0211 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0212 = McpControlContract( +CONTRACT_0407 = McpControlContract( contract_id='customer_ops.atendimento_cliente.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -9481,7 +24886,7 @@ CONTRACT_0212 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0213 = McpControlContract( +CONTRACT_0408 = McpControlContract( contract_id='customer_ops.atendimento_cliente.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -9550,7 +24955,7 @@ CONTRACT_0213 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0214 = McpControlContract( +CONTRACT_0409 = McpControlContract( contract_id='customer_ops.financeiro.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -9619,7 +25024,7 @@ CONTRACT_0214 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0215 = McpControlContract( +CONTRACT_0410 = McpControlContract( contract_id='customer_ops.financeiro.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -9688,7 +25093,7 @@ CONTRACT_0215 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0216 = McpControlContract( +CONTRACT_0411 = McpControlContract( contract_id='customer_ops.financeiro.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -9757,7 +25162,7 @@ CONTRACT_0216 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0217 = McpControlContract( +CONTRACT_0412 = McpControlContract( contract_id='customer_ops.contador.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -9826,7 +25231,7 @@ CONTRACT_0217 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0218 = McpControlContract( +CONTRACT_0413 = McpControlContract( contract_id='customer_ops.contador.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -9895,7 +25300,7 @@ CONTRACT_0218 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0219 = McpControlContract( +CONTRACT_0414 = McpControlContract( contract_id='customer_ops.contador.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -9964,7 +25369,7 @@ CONTRACT_0219 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0220 = McpControlContract( +CONTRACT_0415 = McpControlContract( contract_id='customer_ops.juridico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -10033,7 +25438,7 @@ CONTRACT_0220 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0221 = McpControlContract( +CONTRACT_0416 = McpControlContract( contract_id='customer_ops.juridico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -10102,7 +25507,7 @@ CONTRACT_0221 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0222 = McpControlContract( +CONTRACT_0417 = McpControlContract( contract_id='customer_ops.juridico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -10171,7 +25576,7 @@ CONTRACT_0222 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0223 = McpControlContract( +CONTRACT_0418 = McpControlContract( contract_id='customer_ops.secretaria.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -10240,7 +25645,7 @@ CONTRACT_0223 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0224 = McpControlContract( +CONTRACT_0419 = McpControlContract( contract_id='customer_ops.secretaria.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -10309,7 +25714,7 @@ CONTRACT_0224 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0225 = McpControlContract( +CONTRACT_0420 = McpControlContract( contract_id='customer_ops.secretaria.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -10378,7 +25783,7 @@ CONTRACT_0225 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0226 = McpControlContract( +CONTRACT_0421 = McpControlContract( contract_id='customer_ops.tecnico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -10447,7 +25852,7 @@ CONTRACT_0226 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0227 = McpControlContract( +CONTRACT_0422 = McpControlContract( contract_id='customer_ops.tecnico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -10516,7 +25921,7 @@ CONTRACT_0227 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0228 = McpControlContract( +CONTRACT_0423 = McpControlContract( contract_id='customer_ops.tecnico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -10585,7 +25990,7 @@ CONTRACT_0228 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0229 = McpControlContract( +CONTRACT_0424 = McpControlContract( contract_id='customer_ops.usuario_final.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -10654,7 +26059,7 @@ CONTRACT_0229 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0230 = McpControlContract( +CONTRACT_0425 = McpControlContract( contract_id='customer_ops.usuario_final.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -10723,7 +26128,7 @@ CONTRACT_0230 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0231 = McpControlContract( +CONTRACT_0426 = McpControlContract( contract_id='customer_ops.usuario_final.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -10792,7 +26197,7 @@ CONTRACT_0231 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0232 = McpControlContract( +CONTRACT_0427 = McpControlContract( contract_id='customer_ops.cliente_externo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -10861,7 +26266,7 @@ CONTRACT_0232 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0233 = McpControlContract( +CONTRACT_0428 = McpControlContract( contract_id='customer_ops.cliente_externo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -10930,7 +26335,7 @@ CONTRACT_0233 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0234 = McpControlContract( +CONTRACT_0429 = McpControlContract( contract_id='customer_ops.cliente_externo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -10999,7 +26404,7 @@ CONTRACT_0234 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0235 = McpControlContract( +CONTRACT_0430 = McpControlContract( contract_id='customer_ops.planejamento_estrategico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -11068,7 +26473,7 @@ CONTRACT_0235 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0236 = McpControlContract( +CONTRACT_0431 = McpControlContract( contract_id='customer_ops.planejamento_estrategico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -11137,7 +26542,7 @@ CONTRACT_0236 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0237 = McpControlContract( +CONTRACT_0432 = McpControlContract( contract_id='customer_ops.planejamento_estrategico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='customer_ops', @@ -11206,7 +26611,7 @@ CONTRACT_0237 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0238 = McpControlContract( +CONTRACT_0433 = McpControlContract( contract_id='docs.administrador_empresa.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='docs', @@ -11232,7 +26637,7 @@ CONTRACT_0238 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0239 = McpControlContract( +CONTRACT_0434 = McpControlContract( contract_id='docs.ceo.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='docs', @@ -11258,7 +26663,7 @@ CONTRACT_0239 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0240 = McpControlContract( +CONTRACT_0435 = McpControlContract( contract_id='docs.gestor_operacional.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='docs', @@ -11284,7 +26689,7 @@ CONTRACT_0240 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0241 = McpControlContract( +CONTRACT_0436 = McpControlContract( contract_id='docs.suporte.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='docs', @@ -11310,7 +26715,7 @@ CONTRACT_0241 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0242 = McpControlContract( +CONTRACT_0437 = McpControlContract( contract_id='docs.atendimento_cliente.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='docs', @@ -11336,7 +26741,7 @@ CONTRACT_0242 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0243 = McpControlContract( +CONTRACT_0438 = McpControlContract( contract_id='docs.financeiro.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='docs', @@ -11362,7 +26767,7 @@ CONTRACT_0243 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0244 = McpControlContract( +CONTRACT_0439 = McpControlContract( contract_id='docs.contador.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='docs', @@ -11388,7 +26793,7 @@ CONTRACT_0244 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0245 = McpControlContract( +CONTRACT_0440 = McpControlContract( contract_id='docs.juridico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='docs', @@ -11414,7 +26819,7 @@ CONTRACT_0245 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0246 = McpControlContract( +CONTRACT_0441 = McpControlContract( contract_id='docs.secretaria.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='docs', @@ -11440,7 +26845,7 @@ CONTRACT_0246 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0247 = McpControlContract( +CONTRACT_0442 = McpControlContract( contract_id='docs.tecnico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='docs', @@ -11466,7 +26871,7 @@ CONTRACT_0247 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0248 = McpControlContract( +CONTRACT_0443 = McpControlContract( contract_id='docs.usuario_final.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='docs', @@ -11492,7 +26897,7 @@ CONTRACT_0248 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0249 = McpControlContract( +CONTRACT_0444 = McpControlContract( contract_id='docs.cliente_externo.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='docs', @@ -11518,7 +26923,7 @@ CONTRACT_0249 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0250 = McpControlContract( +CONTRACT_0445 = McpControlContract( contract_id='docs.planejamento_estrategico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='docs', @@ -11544,7 +26949,7 @@ CONTRACT_0250 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0251 = McpControlContract( +CONTRACT_0446 = McpControlContract( contract_id='docs.administrador_empresa.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='docs', @@ -11570,7 +26975,7 @@ CONTRACT_0251 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0252 = McpControlContract( +CONTRACT_0447 = McpControlContract( contract_id='docs.ceo.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='docs', @@ -11596,7 +27001,7 @@ CONTRACT_0252 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0253 = McpControlContract( +CONTRACT_0448 = McpControlContract( contract_id='docs.gestor_operacional.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='docs', @@ -11622,7 +27027,7 @@ CONTRACT_0253 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0254 = McpControlContract( +CONTRACT_0449 = McpControlContract( contract_id='docs.suporte.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='docs', @@ -11648,7 +27053,7 @@ CONTRACT_0254 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0255 = McpControlContract( +CONTRACT_0450 = McpControlContract( contract_id='docs.atendimento_cliente.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='docs', @@ -11674,7 +27079,7 @@ CONTRACT_0255 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0256 = McpControlContract( +CONTRACT_0451 = McpControlContract( contract_id='docs.financeiro.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='docs', @@ -11700,7 +27105,7 @@ CONTRACT_0256 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0257 = McpControlContract( +CONTRACT_0452 = McpControlContract( contract_id='docs.contador.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='docs', @@ -11726,7 +27131,7 @@ CONTRACT_0257 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0258 = McpControlContract( +CONTRACT_0453 = McpControlContract( contract_id='docs.juridico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='docs', @@ -11752,7 +27157,7 @@ CONTRACT_0258 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0259 = McpControlContract( +CONTRACT_0454 = McpControlContract( contract_id='docs.secretaria.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='docs', @@ -11778,7 +27183,7 @@ CONTRACT_0259 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0260 = McpControlContract( +CONTRACT_0455 = McpControlContract( contract_id='docs.tecnico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='docs', @@ -11804,7 +27209,7 @@ CONTRACT_0260 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0261 = McpControlContract( +CONTRACT_0456 = McpControlContract( contract_id='docs.usuario_final.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='docs', @@ -11830,7 +27235,7 @@ CONTRACT_0261 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0262 = McpControlContract( +CONTRACT_0457 = McpControlContract( contract_id='docs.cliente_externo.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='docs', @@ -11856,7 +27261,7 @@ CONTRACT_0262 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0263 = McpControlContract( +CONTRACT_0458 = McpControlContract( contract_id='docs.planejamento_estrategico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='docs', @@ -11882,7 +27287,7 @@ CONTRACT_0263 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0264 = McpControlContract( +CONTRACT_0459 = McpControlContract( contract_id='docs.canonical-docs.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='docs', @@ -11908,7 +27313,7 @@ CONTRACT_0264 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0265 = McpControlContract( +CONTRACT_0460 = McpControlContract( contract_id='docs.contracts.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='docs', @@ -11934,7 +27339,7 @@ CONTRACT_0265 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0266 = McpControlContract( +CONTRACT_0461 = McpControlContract( contract_id='docs.proofs.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='docs', @@ -11960,7 +27365,7 @@ CONTRACT_0266 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0267 = McpControlContract( +CONTRACT_0462 = McpControlContract( contract_id='docs.help.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='docs', @@ -11986,7 +27391,7 @@ CONTRACT_0267 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0268 = McpControlContract( +CONTRACT_0463 = McpControlContract( contract_id='docs.runbooks.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='docs', @@ -12012,7 +27417,7 @@ CONTRACT_0268 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0269 = McpControlContract( +CONTRACT_0464 = McpControlContract( contract_id='docs.consulta.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='docs', @@ -12038,7 +27443,7 @@ CONTRACT_0269 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0270 = McpControlContract( +CONTRACT_0465 = McpControlContract( contract_id='docs.diagnostico.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='docs', @@ -12064,7 +27469,7 @@ CONTRACT_0270 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0271 = McpControlContract( +CONTRACT_0466 = McpControlContract( contract_id='docs.acao.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='docs', @@ -12090,7 +27495,7 @@ CONTRACT_0271 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0272 = McpControlContract( +CONTRACT_0467 = McpControlContract( contract_id='docs.auditoria.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='docs', @@ -12116,7 +27521,7 @@ CONTRACT_0272 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0273 = McpControlContract( +CONTRACT_0468 = McpControlContract( contract_id='docs.explicacao.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='docs', @@ -12142,7 +27547,5142 @@ CONTRACT_0273 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0274 = McpControlContract( +CONTRACT_0469 = McpControlContract( + contract_id='docs.administrador_empresa.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Docs Platform para Administrador da empresa', + purpose='Expor consulta de Docs Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'administrador_empresaNeed', + 'consultaState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.administrador_empresa.consulta', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para docs/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para docs/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0470 = McpControlContract( + contract_id='docs.administrador_empresa.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Docs Platform para Administrador da empresa', + purpose='Expor diagnostico de Docs Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'administrador_empresaNeed', + 'diagnosticoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.administrador_empresa.diagnostico', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para docs/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para docs/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0471 = McpControlContract( + contract_id='docs.administrador_empresa.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Docs Platform para Administrador da empresa', + purpose='Expor acao de Docs Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'administrador_empresaNeed', + 'acaoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.administrador_empresa.acao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para docs/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para docs/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0472 = McpControlContract( + contract_id='docs.administrador_empresa.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Docs Platform para Administrador da empresa', + purpose='Expor auditoria de Docs Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'administrador_empresaNeed', + 'auditoriaState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.administrador_empresa.auditoria', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para docs/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para docs/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0473 = McpControlContract( + contract_id='docs.administrador_empresa.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Docs Platform para Administrador da empresa', + purpose='Expor explicacao de Docs Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'administrador_empresaNeed', + 'explicacaoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.administrador_empresa.explicacao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para docs/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para docs/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0474 = McpControlContract( + contract_id='docs.ceo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='ceo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Docs Platform para CEO', + purpose='Expor consulta de Docs Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'ceoNeed', + 'consultaState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.ceo.consulta', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para docs/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para docs/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0475 = McpControlContract( + contract_id='docs.ceo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='ceo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Docs Platform para CEO', + purpose='Expor diagnostico de Docs Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'ceoNeed', + 'diagnosticoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.ceo.diagnostico', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para docs/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para docs/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0476 = McpControlContract( + contract_id='docs.ceo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='ceo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Docs Platform para CEO', + purpose='Expor acao de Docs Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'ceoNeed', + 'acaoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.ceo.acao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para docs/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para docs/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0477 = McpControlContract( + contract_id='docs.ceo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='ceo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Docs Platform para CEO', + purpose='Expor auditoria de Docs Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'ceoNeed', + 'auditoriaState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.ceo.auditoria', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para docs/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para docs/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0478 = McpControlContract( + contract_id='docs.ceo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='ceo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Docs Platform para CEO', + purpose='Expor explicacao de Docs Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'ceoNeed', + 'explicacaoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.ceo.explicacao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para docs/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para docs/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0479 = McpControlContract( + contract_id='docs.gestor_operacional.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Docs Platform para Gestor operacional', + purpose='Expor consulta de Docs Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'gestor_operacionalNeed', + 'consultaState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.gestor_operacional.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para docs/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para docs/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0480 = McpControlContract( + contract_id='docs.gestor_operacional.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Docs Platform para Gestor operacional', + purpose='Expor diagnostico de Docs Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'gestor_operacionalNeed', + 'diagnosticoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.gestor_operacional.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para docs/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para docs/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0481 = McpControlContract( + contract_id='docs.gestor_operacional.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Docs Platform para Gestor operacional', + purpose='Expor acao de Docs Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'gestor_operacionalNeed', + 'acaoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.gestor_operacional.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para docs/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para docs/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0482 = McpControlContract( + contract_id='docs.gestor_operacional.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Docs Platform para Gestor operacional', + purpose='Expor auditoria de Docs Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'gestor_operacionalNeed', + 'auditoriaState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.gestor_operacional.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para docs/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para docs/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0483 = McpControlContract( + contract_id='docs.gestor_operacional.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Docs Platform para Gestor operacional', + purpose='Expor explicacao de Docs Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'gestor_operacionalNeed', + 'explicacaoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.gestor_operacional.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para docs/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para docs/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0484 = McpControlContract( + contract_id='docs.suporte.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='suporte', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Docs Platform para Equipe de suporte', + purpose='Expor consulta de Docs Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'suporteNeed', + 'consultaState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.suporte.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para docs/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para docs/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0485 = McpControlContract( + contract_id='docs.suporte.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='suporte', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Docs Platform para Equipe de suporte', + purpose='Expor diagnostico de Docs Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'suporteNeed', + 'diagnosticoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.suporte.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para docs/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para docs/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0486 = McpControlContract( + contract_id='docs.suporte.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='suporte', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Docs Platform para Equipe de suporte', + purpose='Expor acao de Docs Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'suporteNeed', + 'acaoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.suporte.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para docs/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para docs/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0487 = McpControlContract( + contract_id='docs.suporte.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='suporte', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Docs Platform para Equipe de suporte', + purpose='Expor auditoria de Docs Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'suporteNeed', + 'auditoriaState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.suporte.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para docs/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para docs/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0488 = McpControlContract( + contract_id='docs.suporte.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='suporte', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Docs Platform para Equipe de suporte', + purpose='Expor explicacao de Docs Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'suporteNeed', + 'explicacaoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.suporte.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para docs/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para docs/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0489 = McpControlContract( + contract_id='docs.atendimento_cliente.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Docs Platform para Atendimento ao cliente', + purpose='Expor consulta de Docs Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'atendimento_clienteNeed', + 'consultaState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.atendimento_cliente.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para docs/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para docs/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0490 = McpControlContract( + contract_id='docs.atendimento_cliente.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Docs Platform para Atendimento ao cliente', + purpose='Expor diagnostico de Docs Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'atendimento_clienteNeed', + 'diagnosticoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.atendimento_cliente.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para docs/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para docs/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0491 = McpControlContract( + contract_id='docs.atendimento_cliente.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Docs Platform para Atendimento ao cliente', + purpose='Expor acao de Docs Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'atendimento_clienteNeed', + 'acaoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.atendimento_cliente.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para docs/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para docs/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0492 = McpControlContract( + contract_id='docs.atendimento_cliente.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Docs Platform para Atendimento ao cliente', + purpose='Expor auditoria de Docs Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'atendimento_clienteNeed', + 'auditoriaState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.atendimento_cliente.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para docs/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para docs/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0493 = McpControlContract( + contract_id='docs.atendimento_cliente.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Docs Platform para Atendimento ao cliente', + purpose='Expor explicacao de Docs Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'atendimento_clienteNeed', + 'explicacaoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.atendimento_cliente.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para docs/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para docs/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0494 = McpControlContract( + contract_id='docs.financeiro.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='financeiro', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Docs Platform para Financeiro', + purpose='Expor consulta de Docs Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'financeiroNeed', + 'consultaState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.financeiro.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para docs/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para docs/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0495 = McpControlContract( + contract_id='docs.financeiro.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='financeiro', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Docs Platform para Financeiro', + purpose='Expor diagnostico de Docs Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'financeiroNeed', + 'diagnosticoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.financeiro.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para docs/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para docs/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0496 = McpControlContract( + contract_id='docs.financeiro.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='financeiro', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Docs Platform para Financeiro', + purpose='Expor acao de Docs Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'financeiroNeed', + 'acaoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.financeiro.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para docs/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para docs/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0497 = McpControlContract( + contract_id='docs.financeiro.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='financeiro', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Docs Platform para Financeiro', + purpose='Expor auditoria de Docs Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'financeiroNeed', + 'auditoriaState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.financeiro.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para docs/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para docs/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0498 = McpControlContract( + contract_id='docs.financeiro.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='financeiro', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Docs Platform para Financeiro', + purpose='Expor explicacao de Docs Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'financeiroNeed', + 'explicacaoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.financeiro.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para docs/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para docs/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0499 = McpControlContract( + contract_id='docs.contador.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='contador', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Docs Platform para Contador', + purpose='Expor consulta de Docs Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'contadorNeed', + 'consultaState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.contador.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para docs/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para docs/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0500 = McpControlContract( + contract_id='docs.contador.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='contador', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Docs Platform para Contador', + purpose='Expor diagnostico de Docs Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'contadorNeed', + 'diagnosticoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.contador.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para docs/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para docs/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0501 = McpControlContract( + contract_id='docs.contador.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='contador', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Docs Platform para Contador', + purpose='Expor acao de Docs Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'contadorNeed', + 'acaoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.contador.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para docs/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para docs/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0502 = McpControlContract( + contract_id='docs.contador.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='contador', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Docs Platform para Contador', + purpose='Expor auditoria de Docs Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'contadorNeed', + 'auditoriaState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.contador.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para docs/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para docs/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0503 = McpControlContract( + contract_id='docs.contador.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='contador', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Docs Platform para Contador', + purpose='Expor explicacao de Docs Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'contadorNeed', + 'explicacaoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.contador.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para docs/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para docs/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0504 = McpControlContract( + contract_id='docs.juridico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='juridico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Docs Platform para Juridico', + purpose='Expor consulta de Docs Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'juridicoNeed', + 'consultaState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.juridico.consulta', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para docs/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para docs/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0505 = McpControlContract( + contract_id='docs.juridico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='juridico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Docs Platform para Juridico', + purpose='Expor diagnostico de Docs Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'juridicoNeed', + 'diagnosticoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.juridico.diagnostico', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para docs/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para docs/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0506 = McpControlContract( + contract_id='docs.juridico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='juridico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Docs Platform para Juridico', + purpose='Expor acao de Docs Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'juridicoNeed', + 'acaoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.juridico.acao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para docs/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para docs/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0507 = McpControlContract( + contract_id='docs.juridico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='juridico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Docs Platform para Juridico', + purpose='Expor auditoria de Docs Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'juridicoNeed', + 'auditoriaState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.juridico.auditoria', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para docs/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para docs/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0508 = McpControlContract( + contract_id='docs.juridico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='juridico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Docs Platform para Juridico', + purpose='Expor explicacao de Docs Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'juridicoNeed', + 'explicacaoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.juridico.explicacao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para docs/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para docs/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0509 = McpControlContract( + contract_id='docs.secretaria.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='secretaria', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Docs Platform para Secretaria', + purpose='Expor consulta de Docs Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'secretariaNeed', + 'consultaState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.secretaria.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para docs/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para docs/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0510 = McpControlContract( + contract_id='docs.secretaria.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='secretaria', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Docs Platform para Secretaria', + purpose='Expor diagnostico de Docs Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'secretariaNeed', + 'diagnosticoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.secretaria.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para docs/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para docs/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0511 = McpControlContract( + contract_id='docs.secretaria.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='secretaria', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Docs Platform para Secretaria', + purpose='Expor acao de Docs Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'secretariaNeed', + 'acaoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.secretaria.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para docs/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para docs/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0512 = McpControlContract( + contract_id='docs.secretaria.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='secretaria', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Docs Platform para Secretaria', + purpose='Expor auditoria de Docs Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'secretariaNeed', + 'auditoriaState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.secretaria.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para docs/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para docs/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0513 = McpControlContract( + contract_id='docs.secretaria.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='secretaria', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Docs Platform para Secretaria', + purpose='Expor explicacao de Docs Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'secretariaNeed', + 'explicacaoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.secretaria.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para docs/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para docs/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0514 = McpControlContract( + contract_id='docs.tecnico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='tecnico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Docs Platform para Tecnico', + purpose='Expor consulta de Docs Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'tecnicoNeed', + 'consultaState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.tecnico.consulta', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para docs/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para docs/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0515 = McpControlContract( + contract_id='docs.tecnico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='tecnico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Docs Platform para Tecnico', + purpose='Expor diagnostico de Docs Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'tecnicoNeed', + 'diagnosticoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.tecnico.diagnostico', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para docs/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para docs/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0516 = McpControlContract( + contract_id='docs.tecnico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='tecnico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Docs Platform para Tecnico', + purpose='Expor acao de Docs Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'tecnicoNeed', + 'acaoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.tecnico.acao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para docs/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para docs/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0517 = McpControlContract( + contract_id='docs.tecnico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='tecnico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Docs Platform para Tecnico', + purpose='Expor auditoria de Docs Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'tecnicoNeed', + 'auditoriaState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.tecnico.auditoria', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para docs/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para docs/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0518 = McpControlContract( + contract_id='docs.tecnico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='tecnico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Docs Platform para Tecnico', + purpose='Expor explicacao de Docs Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'tecnicoNeed', + 'explicacaoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.tecnico.explicacao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para docs/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para docs/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0519 = McpControlContract( + contract_id='docs.usuario_final.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='usuario_final', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Docs Platform para Usuario final', + purpose='Expor consulta de Docs Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'usuario_finalNeed', + 'consultaState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.usuario_final.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para docs/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para docs/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0520 = McpControlContract( + contract_id='docs.usuario_final.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='usuario_final', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Docs Platform para Usuario final', + purpose='Expor diagnostico de Docs Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'usuario_finalNeed', + 'diagnosticoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.usuario_final.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para docs/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para docs/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0521 = McpControlContract( + contract_id='docs.usuario_final.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='usuario_final', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Docs Platform para Usuario final', + purpose='Expor acao de Docs Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'usuario_finalNeed', + 'acaoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.usuario_final.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para docs/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para docs/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0522 = McpControlContract( + contract_id='docs.usuario_final.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='usuario_final', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Docs Platform para Usuario final', + purpose='Expor auditoria de Docs Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'usuario_finalNeed', + 'auditoriaState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.usuario_final.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para docs/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para docs/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0523 = McpControlContract( + contract_id='docs.usuario_final.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='usuario_final', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Docs Platform para Usuario final', + purpose='Expor explicacao de Docs Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'usuario_finalNeed', + 'explicacaoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.usuario_final.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para docs/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para docs/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0524 = McpControlContract( + contract_id='docs.cliente_externo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='cliente_externo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Docs Platform para Cliente externo', + purpose='Expor consulta de Docs Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'cliente_externoNeed', + 'consultaState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.cliente_externo.consulta', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para docs/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para docs/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0525 = McpControlContract( + contract_id='docs.cliente_externo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='cliente_externo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Docs Platform para Cliente externo', + purpose='Expor diagnostico de Docs Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'cliente_externoNeed', + 'diagnosticoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.cliente_externo.diagnostico', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para docs/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para docs/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0526 = McpControlContract( + contract_id='docs.cliente_externo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='cliente_externo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Docs Platform para Cliente externo', + purpose='Expor acao de Docs Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'cliente_externoNeed', + 'acaoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.cliente_externo.acao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para docs/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para docs/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0527 = McpControlContract( + contract_id='docs.cliente_externo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='cliente_externo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Docs Platform para Cliente externo', + purpose='Expor auditoria de Docs Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'cliente_externoNeed', + 'auditoriaState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.cliente_externo.auditoria', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para docs/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para docs/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0528 = McpControlContract( + contract_id='docs.cliente_externo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='cliente_externo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Docs Platform para Cliente externo', + purpose='Expor explicacao de Docs Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'cliente_externoNeed', + 'explicacaoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.cliente_externo.explicacao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para docs/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para docs/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0529 = McpControlContract( + contract_id='docs.planejamento_estrategico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Docs Platform para Planejamento estrategico', + purpose='Expor consulta de Docs Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'planejamento_estrategicoNeed', + 'consultaState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.planejamento_estrategico.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para docs/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para docs/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0530 = McpControlContract( + contract_id='docs.planejamento_estrategico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Docs Platform para Planejamento estrategico', + purpose='Expor diagnostico de Docs Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'planejamento_estrategicoNeed', + 'diagnosticoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.planejamento_estrategico.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para docs/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para docs/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0531 = McpControlContract( + contract_id='docs.planejamento_estrategico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Docs Platform para Planejamento estrategico', + purpose='Expor acao de Docs Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'planejamento_estrategicoNeed', + 'acaoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.planejamento_estrategico.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para docs/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para docs/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0532 = McpControlContract( + contract_id='docs.planejamento_estrategico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Docs Platform para Planejamento estrategico', + purpose='Expor auditoria de Docs Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'planejamento_estrategicoNeed', + 'auditoriaState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.planejamento_estrategico.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para docs/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para docs/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0533 = McpControlContract( + contract_id='docs.planejamento_estrategico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='docs', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Docs Platform para Planejamento estrategico', + purpose='Expor explicacao de Docs Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'docsStatus', + 'planejamento_estrategicoNeed', + 'explicacaoState', + 'documentationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.FORMAL_EXCEPTION, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.docs.planejamento_estrategico.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider docs via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para docs/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para docs/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0534 = McpControlContract( contract_id='docs.credentialref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='docs', @@ -12168,7 +32708,7 @@ CONTRACT_0274 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0275 = McpControlContract( +CONTRACT_0535 = McpControlContract( contract_id='docs.tokenref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='docs', @@ -12194,7 +32734,7 @@ CONTRACT_0275 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0276 = McpControlContract( +CONTRACT_0536 = McpControlContract( contract_id='docs.secretref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='docs', @@ -12220,7 +32760,7 @@ CONTRACT_0276 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0277 = McpControlContract( +CONTRACT_0537 = McpControlContract( contract_id='docs.cfat.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='docs', @@ -12246,7 +32786,7 @@ CONTRACT_0277 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0278 = McpControlContract( +CONTRACT_0538 = McpControlContract( contract_id='docs.administrador_empresa.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -12315,7 +32855,7 @@ CONTRACT_0278 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0279 = McpControlContract( +CONTRACT_0539 = McpControlContract( contract_id='docs.administrador_empresa.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -12384,7 +32924,7 @@ CONTRACT_0279 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0280 = McpControlContract( +CONTRACT_0540 = McpControlContract( contract_id='docs.administrador_empresa.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -12453,7 +32993,7 @@ CONTRACT_0280 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0281 = McpControlContract( +CONTRACT_0541 = McpControlContract( contract_id='docs.ceo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -12522,7 +33062,7 @@ CONTRACT_0281 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0282 = McpControlContract( +CONTRACT_0542 = McpControlContract( contract_id='docs.ceo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -12591,7 +33131,7 @@ CONTRACT_0282 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0283 = McpControlContract( +CONTRACT_0543 = McpControlContract( contract_id='docs.ceo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -12660,7 +33200,7 @@ CONTRACT_0283 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0284 = McpControlContract( +CONTRACT_0544 = McpControlContract( contract_id='docs.gestor_operacional.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -12729,7 +33269,7 @@ CONTRACT_0284 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0285 = McpControlContract( +CONTRACT_0545 = McpControlContract( contract_id='docs.gestor_operacional.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -12798,7 +33338,7 @@ CONTRACT_0285 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0286 = McpControlContract( +CONTRACT_0546 = McpControlContract( contract_id='docs.gestor_operacional.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -12867,7 +33407,7 @@ CONTRACT_0286 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0287 = McpControlContract( +CONTRACT_0547 = McpControlContract( contract_id='docs.suporte.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -12936,7 +33476,7 @@ CONTRACT_0287 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0288 = McpControlContract( +CONTRACT_0548 = McpControlContract( contract_id='docs.suporte.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -13005,7 +33545,7 @@ CONTRACT_0288 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0289 = McpControlContract( +CONTRACT_0549 = McpControlContract( contract_id='docs.suporte.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -13074,7 +33614,7 @@ CONTRACT_0289 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0290 = McpControlContract( +CONTRACT_0550 = McpControlContract( contract_id='docs.atendimento_cliente.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -13143,7 +33683,7 @@ CONTRACT_0290 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0291 = McpControlContract( +CONTRACT_0551 = McpControlContract( contract_id='docs.atendimento_cliente.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -13212,7 +33752,7 @@ CONTRACT_0291 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0292 = McpControlContract( +CONTRACT_0552 = McpControlContract( contract_id='docs.atendimento_cliente.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -13281,7 +33821,7 @@ CONTRACT_0292 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0293 = McpControlContract( +CONTRACT_0553 = McpControlContract( contract_id='docs.financeiro.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -13350,7 +33890,7 @@ CONTRACT_0293 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0294 = McpControlContract( +CONTRACT_0554 = McpControlContract( contract_id='docs.financeiro.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -13419,7 +33959,7 @@ CONTRACT_0294 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0295 = McpControlContract( +CONTRACT_0555 = McpControlContract( contract_id='docs.financeiro.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -13488,7 +34028,7 @@ CONTRACT_0295 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0296 = McpControlContract( +CONTRACT_0556 = McpControlContract( contract_id='docs.contador.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -13557,7 +34097,7 @@ CONTRACT_0296 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0297 = McpControlContract( +CONTRACT_0557 = McpControlContract( contract_id='docs.contador.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -13626,7 +34166,7 @@ CONTRACT_0297 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0298 = McpControlContract( +CONTRACT_0558 = McpControlContract( contract_id='docs.contador.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -13695,7 +34235,7 @@ CONTRACT_0298 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0299 = McpControlContract( +CONTRACT_0559 = McpControlContract( contract_id='docs.juridico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -13764,7 +34304,7 @@ CONTRACT_0299 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0300 = McpControlContract( +CONTRACT_0560 = McpControlContract( contract_id='docs.juridico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -13833,7 +34373,7 @@ CONTRACT_0300 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0301 = McpControlContract( +CONTRACT_0561 = McpControlContract( contract_id='docs.juridico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -13902,7 +34442,7 @@ CONTRACT_0301 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0302 = McpControlContract( +CONTRACT_0562 = McpControlContract( contract_id='docs.secretaria.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -13971,7 +34511,7 @@ CONTRACT_0302 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0303 = McpControlContract( +CONTRACT_0563 = McpControlContract( contract_id='docs.secretaria.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -14040,7 +34580,7 @@ CONTRACT_0303 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0304 = McpControlContract( +CONTRACT_0564 = McpControlContract( contract_id='docs.secretaria.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -14109,7 +34649,7 @@ CONTRACT_0304 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0305 = McpControlContract( +CONTRACT_0565 = McpControlContract( contract_id='docs.tecnico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -14178,7 +34718,7 @@ CONTRACT_0305 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0306 = McpControlContract( +CONTRACT_0566 = McpControlContract( contract_id='docs.tecnico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -14247,7 +34787,7 @@ CONTRACT_0306 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0307 = McpControlContract( +CONTRACT_0567 = McpControlContract( contract_id='docs.tecnico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -14316,7 +34856,7 @@ CONTRACT_0307 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0308 = McpControlContract( +CONTRACT_0568 = McpControlContract( contract_id='docs.usuario_final.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -14385,7 +34925,7 @@ CONTRACT_0308 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0309 = McpControlContract( +CONTRACT_0569 = McpControlContract( contract_id='docs.usuario_final.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -14454,7 +34994,7 @@ CONTRACT_0309 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0310 = McpControlContract( +CONTRACT_0570 = McpControlContract( contract_id='docs.usuario_final.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -14523,7 +35063,7 @@ CONTRACT_0310 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0311 = McpControlContract( +CONTRACT_0571 = McpControlContract( contract_id='docs.cliente_externo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -14592,7 +35132,7 @@ CONTRACT_0311 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0312 = McpControlContract( +CONTRACT_0572 = McpControlContract( contract_id='docs.cliente_externo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -14661,7 +35201,7 @@ CONTRACT_0312 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0313 = McpControlContract( +CONTRACT_0573 = McpControlContract( contract_id='docs.cliente_externo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -14730,7 +35270,7 @@ CONTRACT_0313 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0314 = McpControlContract( +CONTRACT_0574 = McpControlContract( contract_id='docs.planejamento_estrategico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -14799,7 +35339,7 @@ CONTRACT_0314 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0315 = McpControlContract( +CONTRACT_0575 = McpControlContract( contract_id='docs.planejamento_estrategico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -14868,7 +35408,7 @@ CONTRACT_0315 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0316 = McpControlContract( +CONTRACT_0576 = McpControlContract( contract_id='docs.planejamento_estrategico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='docs', @@ -14937,7 +35477,7 @@ CONTRACT_0316 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0317 = McpControlContract( +CONTRACT_0577 = McpControlContract( contract_id='finance.administrador_empresa.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='finance', @@ -14963,7 +35503,7 @@ CONTRACT_0317 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0318 = McpControlContract( +CONTRACT_0578 = McpControlContract( contract_id='finance.ceo.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='finance', @@ -14989,7 +35529,7 @@ CONTRACT_0318 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0319 = McpControlContract( +CONTRACT_0579 = McpControlContract( contract_id='finance.gestor_operacional.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='finance', @@ -15015,7 +35555,7 @@ CONTRACT_0319 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0320 = McpControlContract( +CONTRACT_0580 = McpControlContract( contract_id='finance.suporte.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='finance', @@ -15041,7 +35581,7 @@ CONTRACT_0320 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0321 = McpControlContract( +CONTRACT_0581 = McpControlContract( contract_id='finance.atendimento_cliente.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='finance', @@ -15067,7 +35607,7 @@ CONTRACT_0321 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0322 = McpControlContract( +CONTRACT_0582 = McpControlContract( contract_id='finance.financeiro.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='finance', @@ -15093,7 +35633,7 @@ CONTRACT_0322 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0323 = McpControlContract( +CONTRACT_0583 = McpControlContract( contract_id='finance.contador.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='finance', @@ -15119,7 +35659,7 @@ CONTRACT_0323 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0324 = McpControlContract( +CONTRACT_0584 = McpControlContract( contract_id='finance.juridico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='finance', @@ -15145,7 +35685,7 @@ CONTRACT_0324 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0325 = McpControlContract( +CONTRACT_0585 = McpControlContract( contract_id='finance.secretaria.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='finance', @@ -15171,7 +35711,7 @@ CONTRACT_0325 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0326 = McpControlContract( +CONTRACT_0586 = McpControlContract( contract_id='finance.tecnico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='finance', @@ -15197,7 +35737,7 @@ CONTRACT_0326 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0327 = McpControlContract( +CONTRACT_0587 = McpControlContract( contract_id='finance.usuario_final.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='finance', @@ -15223,7 +35763,7 @@ CONTRACT_0327 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0328 = McpControlContract( +CONTRACT_0588 = McpControlContract( contract_id='finance.cliente_externo.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='finance', @@ -15249,7 +35789,7 @@ CONTRACT_0328 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0329 = McpControlContract( +CONTRACT_0589 = McpControlContract( contract_id='finance.planejamento_estrategico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='finance', @@ -15275,7 +35815,7 @@ CONTRACT_0329 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0330 = McpControlContract( +CONTRACT_0590 = McpControlContract( contract_id='finance.administrador_empresa.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='finance', @@ -15301,7 +35841,7 @@ CONTRACT_0330 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0331 = McpControlContract( +CONTRACT_0591 = McpControlContract( contract_id='finance.ceo.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='finance', @@ -15327,7 +35867,7 @@ CONTRACT_0331 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0332 = McpControlContract( +CONTRACT_0592 = McpControlContract( contract_id='finance.gestor_operacional.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='finance', @@ -15353,7 +35893,7 @@ CONTRACT_0332 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0333 = McpControlContract( +CONTRACT_0593 = McpControlContract( contract_id='finance.suporte.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='finance', @@ -15379,7 +35919,7 @@ CONTRACT_0333 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0334 = McpControlContract( +CONTRACT_0594 = McpControlContract( contract_id='finance.atendimento_cliente.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='finance', @@ -15405,7 +35945,7 @@ CONTRACT_0334 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0335 = McpControlContract( +CONTRACT_0595 = McpControlContract( contract_id='finance.financeiro.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='finance', @@ -15431,7 +35971,7 @@ CONTRACT_0335 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0336 = McpControlContract( +CONTRACT_0596 = McpControlContract( contract_id='finance.contador.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='finance', @@ -15457,7 +35997,7 @@ CONTRACT_0336 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0337 = McpControlContract( +CONTRACT_0597 = McpControlContract( contract_id='finance.juridico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='finance', @@ -15483,7 +36023,7 @@ CONTRACT_0337 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0338 = McpControlContract( +CONTRACT_0598 = McpControlContract( contract_id='finance.secretaria.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='finance', @@ -15509,7 +36049,7 @@ CONTRACT_0338 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0339 = McpControlContract( +CONTRACT_0599 = McpControlContract( contract_id='finance.tecnico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='finance', @@ -15535,7 +36075,7 @@ CONTRACT_0339 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0340 = McpControlContract( +CONTRACT_0600 = McpControlContract( contract_id='finance.usuario_final.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='finance', @@ -15561,7 +36101,7 @@ CONTRACT_0340 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0341 = McpControlContract( +CONTRACT_0601 = McpControlContract( contract_id='finance.cliente_externo.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='finance', @@ -15587,7 +36127,7 @@ CONTRACT_0341 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0342 = McpControlContract( +CONTRACT_0602 = McpControlContract( contract_id='finance.planejamento_estrategico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='finance', @@ -15613,7 +36153,7 @@ CONTRACT_0342 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0343 = McpControlContract( +CONTRACT_0603 = McpControlContract( contract_id='finance.invoices.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='finance', @@ -15639,7 +36179,7 @@ CONTRACT_0343 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0344 = McpControlContract( +CONTRACT_0604 = McpControlContract( contract_id='finance.usage.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='finance', @@ -15665,7 +36205,7 @@ CONTRACT_0344 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0345 = McpControlContract( +CONTRACT_0605 = McpControlContract( contract_id='finance.cost.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='finance', @@ -15691,7 +36231,7 @@ CONTRACT_0345 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0346 = McpControlContract( +CONTRACT_0606 = McpControlContract( contract_id='finance.reconciliation.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='finance', @@ -15717,7 +36257,7 @@ CONTRACT_0346 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0347 = McpControlContract( +CONTRACT_0607 = McpControlContract( contract_id='finance.quota.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='finance', @@ -15743,7 +36283,7 @@ CONTRACT_0347 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0348 = McpControlContract( +CONTRACT_0608 = McpControlContract( contract_id='finance.consulta.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='finance', @@ -15769,7 +36309,7 @@ CONTRACT_0348 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0349 = McpControlContract( +CONTRACT_0609 = McpControlContract( contract_id='finance.diagnostico.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='finance', @@ -15795,7 +36335,7 @@ CONTRACT_0349 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0350 = McpControlContract( +CONTRACT_0610 = McpControlContract( contract_id='finance.acao.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='finance', @@ -15821,7 +36361,7 @@ CONTRACT_0350 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0351 = McpControlContract( +CONTRACT_0611 = McpControlContract( contract_id='finance.auditoria.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='finance', @@ -15847,7 +36387,7 @@ CONTRACT_0351 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0352 = McpControlContract( +CONTRACT_0612 = McpControlContract( contract_id='finance.explicacao.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='finance', @@ -15873,7 +36413,5142 @@ CONTRACT_0352 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0353 = McpControlContract( +CONTRACT_0613 = McpControlContract( + contract_id='finance.administrador_empresa.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Finance Platform para Administrador da empresa', + purpose='Expor consulta de Finance Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'administrador_empresaNeed', + 'consultaState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.administrador_empresa.consulta', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para finance/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para finance/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0614 = McpControlContract( + contract_id='finance.administrador_empresa.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Finance Platform para Administrador da empresa', + purpose='Expor diagnostico de Finance Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'administrador_empresaNeed', + 'diagnosticoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.administrador_empresa.diagnostico', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para finance/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para finance/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0615 = McpControlContract( + contract_id='finance.administrador_empresa.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Finance Platform para Administrador da empresa', + purpose='Expor acao de Finance Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'administrador_empresaNeed', + 'acaoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.administrador_empresa.acao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para finance/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para finance/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0616 = McpControlContract( + contract_id='finance.administrador_empresa.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Finance Platform para Administrador da empresa', + purpose='Expor auditoria de Finance Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'administrador_empresaNeed', + 'auditoriaState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.administrador_empresa.auditoria', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para finance/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para finance/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0617 = McpControlContract( + contract_id='finance.administrador_empresa.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Finance Platform para Administrador da empresa', + purpose='Expor explicacao de Finance Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'administrador_empresaNeed', + 'explicacaoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.administrador_empresa.explicacao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para finance/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para finance/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0618 = McpControlContract( + contract_id='finance.ceo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='ceo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Finance Platform para CEO', + purpose='Expor consulta de Finance Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'ceoNeed', + 'consultaState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.ceo.consulta', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para finance/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para finance/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0619 = McpControlContract( + contract_id='finance.ceo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='ceo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Finance Platform para CEO', + purpose='Expor diagnostico de Finance Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'ceoNeed', + 'diagnosticoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.ceo.diagnostico', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para finance/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para finance/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0620 = McpControlContract( + contract_id='finance.ceo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='ceo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Finance Platform para CEO', + purpose='Expor acao de Finance Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'ceoNeed', + 'acaoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.ceo.acao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para finance/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para finance/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0621 = McpControlContract( + contract_id='finance.ceo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='ceo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Finance Platform para CEO', + purpose='Expor auditoria de Finance Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'ceoNeed', + 'auditoriaState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.ceo.auditoria', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para finance/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para finance/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0622 = McpControlContract( + contract_id='finance.ceo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='ceo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Finance Platform para CEO', + purpose='Expor explicacao de Finance Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'ceoNeed', + 'explicacaoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.ceo.explicacao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para finance/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para finance/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0623 = McpControlContract( + contract_id='finance.gestor_operacional.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Finance Platform para Gestor operacional', + purpose='Expor consulta de Finance Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'gestor_operacionalNeed', + 'consultaState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.gestor_operacional.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para finance/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para finance/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0624 = McpControlContract( + contract_id='finance.gestor_operacional.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Finance Platform para Gestor operacional', + purpose='Expor diagnostico de Finance Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'gestor_operacionalNeed', + 'diagnosticoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.gestor_operacional.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para finance/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para finance/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0625 = McpControlContract( + contract_id='finance.gestor_operacional.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Finance Platform para Gestor operacional', + purpose='Expor acao de Finance Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'gestor_operacionalNeed', + 'acaoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.gestor_operacional.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para finance/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para finance/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0626 = McpControlContract( + contract_id='finance.gestor_operacional.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Finance Platform para Gestor operacional', + purpose='Expor auditoria de Finance Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'gestor_operacionalNeed', + 'auditoriaState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.gestor_operacional.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para finance/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para finance/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0627 = McpControlContract( + contract_id='finance.gestor_operacional.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Finance Platform para Gestor operacional', + purpose='Expor explicacao de Finance Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'gestor_operacionalNeed', + 'explicacaoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.gestor_operacional.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para finance/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para finance/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0628 = McpControlContract( + contract_id='finance.suporte.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='suporte', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Finance Platform para Equipe de suporte', + purpose='Expor consulta de Finance Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'suporteNeed', + 'consultaState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.suporte.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para finance/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para finance/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0629 = McpControlContract( + contract_id='finance.suporte.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='suporte', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Finance Platform para Equipe de suporte', + purpose='Expor diagnostico de Finance Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'suporteNeed', + 'diagnosticoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.suporte.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para finance/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para finance/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0630 = McpControlContract( + contract_id='finance.suporte.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='suporte', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Finance Platform para Equipe de suporte', + purpose='Expor acao de Finance Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'suporteNeed', + 'acaoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.suporte.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para finance/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para finance/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0631 = McpControlContract( + contract_id='finance.suporte.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='suporte', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Finance Platform para Equipe de suporte', + purpose='Expor auditoria de Finance Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'suporteNeed', + 'auditoriaState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.suporte.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para finance/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para finance/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0632 = McpControlContract( + contract_id='finance.suporte.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='suporte', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Finance Platform para Equipe de suporte', + purpose='Expor explicacao de Finance Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'suporteNeed', + 'explicacaoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.suporte.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para finance/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para finance/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0633 = McpControlContract( + contract_id='finance.atendimento_cliente.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Finance Platform para Atendimento ao cliente', + purpose='Expor consulta de Finance Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'atendimento_clienteNeed', + 'consultaState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.atendimento_cliente.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para finance/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para finance/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0634 = McpControlContract( + contract_id='finance.atendimento_cliente.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Finance Platform para Atendimento ao cliente', + purpose='Expor diagnostico de Finance Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'atendimento_clienteNeed', + 'diagnosticoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.atendimento_cliente.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para finance/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para finance/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0635 = McpControlContract( + contract_id='finance.atendimento_cliente.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Finance Platform para Atendimento ao cliente', + purpose='Expor acao de Finance Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'atendimento_clienteNeed', + 'acaoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.atendimento_cliente.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para finance/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para finance/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0636 = McpControlContract( + contract_id='finance.atendimento_cliente.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Finance Platform para Atendimento ao cliente', + purpose='Expor auditoria de Finance Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'atendimento_clienteNeed', + 'auditoriaState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.atendimento_cliente.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para finance/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para finance/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0637 = McpControlContract( + contract_id='finance.atendimento_cliente.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Finance Platform para Atendimento ao cliente', + purpose='Expor explicacao de Finance Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'atendimento_clienteNeed', + 'explicacaoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.atendimento_cliente.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para finance/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para finance/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0638 = McpControlContract( + contract_id='finance.financeiro.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='financeiro', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Finance Platform para Financeiro', + purpose='Expor consulta de Finance Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'financeiroNeed', + 'consultaState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.financeiro.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para finance/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para finance/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0639 = McpControlContract( + contract_id='finance.financeiro.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='financeiro', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Finance Platform para Financeiro', + purpose='Expor diagnostico de Finance Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'financeiroNeed', + 'diagnosticoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.financeiro.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para finance/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para finance/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0640 = McpControlContract( + contract_id='finance.financeiro.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='financeiro', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Finance Platform para Financeiro', + purpose='Expor acao de Finance Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'financeiroNeed', + 'acaoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.financeiro.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para finance/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para finance/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0641 = McpControlContract( + contract_id='finance.financeiro.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='financeiro', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Finance Platform para Financeiro', + purpose='Expor auditoria de Finance Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'financeiroNeed', + 'auditoriaState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.financeiro.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para finance/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para finance/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0642 = McpControlContract( + contract_id='finance.financeiro.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='financeiro', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Finance Platform para Financeiro', + purpose='Expor explicacao de Finance Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'financeiroNeed', + 'explicacaoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.financeiro.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para finance/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para finance/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0643 = McpControlContract( + contract_id='finance.contador.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='contador', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Finance Platform para Contador', + purpose='Expor consulta de Finance Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'contadorNeed', + 'consultaState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.contador.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para finance/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para finance/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0644 = McpControlContract( + contract_id='finance.contador.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='contador', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Finance Platform para Contador', + purpose='Expor diagnostico de Finance Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'contadorNeed', + 'diagnosticoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.contador.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para finance/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para finance/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0645 = McpControlContract( + contract_id='finance.contador.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='contador', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Finance Platform para Contador', + purpose='Expor acao de Finance Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'contadorNeed', + 'acaoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.contador.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para finance/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para finance/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0646 = McpControlContract( + contract_id='finance.contador.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='contador', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Finance Platform para Contador', + purpose='Expor auditoria de Finance Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'contadorNeed', + 'auditoriaState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.contador.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para finance/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para finance/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0647 = McpControlContract( + contract_id='finance.contador.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='contador', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Finance Platform para Contador', + purpose='Expor explicacao de Finance Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'contadorNeed', + 'explicacaoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.contador.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para finance/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para finance/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0648 = McpControlContract( + contract_id='finance.juridico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='juridico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Finance Platform para Juridico', + purpose='Expor consulta de Finance Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'juridicoNeed', + 'consultaState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.juridico.consulta', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para finance/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para finance/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0649 = McpControlContract( + contract_id='finance.juridico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='juridico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Finance Platform para Juridico', + purpose='Expor diagnostico de Finance Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'juridicoNeed', + 'diagnosticoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.juridico.diagnostico', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para finance/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para finance/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0650 = McpControlContract( + contract_id='finance.juridico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='juridico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Finance Platform para Juridico', + purpose='Expor acao de Finance Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'juridicoNeed', + 'acaoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.juridico.acao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para finance/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para finance/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0651 = McpControlContract( + contract_id='finance.juridico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='juridico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Finance Platform para Juridico', + purpose='Expor auditoria de Finance Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'juridicoNeed', + 'auditoriaState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.juridico.auditoria', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para finance/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para finance/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0652 = McpControlContract( + contract_id='finance.juridico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='juridico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Finance Platform para Juridico', + purpose='Expor explicacao de Finance Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'juridicoNeed', + 'explicacaoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.juridico.explicacao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para finance/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para finance/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0653 = McpControlContract( + contract_id='finance.secretaria.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='secretaria', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Finance Platform para Secretaria', + purpose='Expor consulta de Finance Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'secretariaNeed', + 'consultaState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.secretaria.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para finance/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para finance/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0654 = McpControlContract( + contract_id='finance.secretaria.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='secretaria', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Finance Platform para Secretaria', + purpose='Expor diagnostico de Finance Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'secretariaNeed', + 'diagnosticoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.secretaria.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para finance/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para finance/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0655 = McpControlContract( + contract_id='finance.secretaria.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='secretaria', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Finance Platform para Secretaria', + purpose='Expor acao de Finance Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'secretariaNeed', + 'acaoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.secretaria.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para finance/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para finance/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0656 = McpControlContract( + contract_id='finance.secretaria.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='secretaria', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Finance Platform para Secretaria', + purpose='Expor auditoria de Finance Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'secretariaNeed', + 'auditoriaState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.secretaria.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para finance/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para finance/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0657 = McpControlContract( + contract_id='finance.secretaria.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='secretaria', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Finance Platform para Secretaria', + purpose='Expor explicacao de Finance Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'secretariaNeed', + 'explicacaoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.secretaria.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para finance/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para finance/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0658 = McpControlContract( + contract_id='finance.tecnico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='tecnico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Finance Platform para Tecnico', + purpose='Expor consulta de Finance Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'tecnicoNeed', + 'consultaState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.tecnico.consulta', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para finance/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para finance/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0659 = McpControlContract( + contract_id='finance.tecnico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='tecnico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Finance Platform para Tecnico', + purpose='Expor diagnostico de Finance Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'tecnicoNeed', + 'diagnosticoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.tecnico.diagnostico', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para finance/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para finance/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0660 = McpControlContract( + contract_id='finance.tecnico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='tecnico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Finance Platform para Tecnico', + purpose='Expor acao de Finance Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'tecnicoNeed', + 'acaoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.tecnico.acao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para finance/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para finance/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0661 = McpControlContract( + contract_id='finance.tecnico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='tecnico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Finance Platform para Tecnico', + purpose='Expor auditoria de Finance Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'tecnicoNeed', + 'auditoriaState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.tecnico.auditoria', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para finance/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para finance/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0662 = McpControlContract( + contract_id='finance.tecnico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='tecnico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Finance Platform para Tecnico', + purpose='Expor explicacao de Finance Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'tecnicoNeed', + 'explicacaoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.tecnico.explicacao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para finance/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para finance/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0663 = McpControlContract( + contract_id='finance.usuario_final.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='usuario_final', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Finance Platform para Usuario final', + purpose='Expor consulta de Finance Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'usuario_finalNeed', + 'consultaState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.usuario_final.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para finance/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para finance/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0664 = McpControlContract( + contract_id='finance.usuario_final.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='usuario_final', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Finance Platform para Usuario final', + purpose='Expor diagnostico de Finance Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'usuario_finalNeed', + 'diagnosticoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.usuario_final.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para finance/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para finance/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0665 = McpControlContract( + contract_id='finance.usuario_final.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='usuario_final', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Finance Platform para Usuario final', + purpose='Expor acao de Finance Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'usuario_finalNeed', + 'acaoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.usuario_final.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para finance/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para finance/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0666 = McpControlContract( + contract_id='finance.usuario_final.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='usuario_final', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Finance Platform para Usuario final', + purpose='Expor auditoria de Finance Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'usuario_finalNeed', + 'auditoriaState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.usuario_final.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para finance/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para finance/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0667 = McpControlContract( + contract_id='finance.usuario_final.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='usuario_final', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Finance Platform para Usuario final', + purpose='Expor explicacao de Finance Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'usuario_finalNeed', + 'explicacaoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.usuario_final.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para finance/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para finance/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0668 = McpControlContract( + contract_id='finance.cliente_externo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='cliente_externo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Finance Platform para Cliente externo', + purpose='Expor consulta de Finance Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'cliente_externoNeed', + 'consultaState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.cliente_externo.consulta', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para finance/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para finance/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0669 = McpControlContract( + contract_id='finance.cliente_externo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='cliente_externo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Finance Platform para Cliente externo', + purpose='Expor diagnostico de Finance Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'cliente_externoNeed', + 'diagnosticoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.cliente_externo.diagnostico', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para finance/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para finance/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0670 = McpControlContract( + contract_id='finance.cliente_externo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='cliente_externo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Finance Platform para Cliente externo', + purpose='Expor acao de Finance Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'cliente_externoNeed', + 'acaoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.cliente_externo.acao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para finance/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para finance/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0671 = McpControlContract( + contract_id='finance.cliente_externo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='cliente_externo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Finance Platform para Cliente externo', + purpose='Expor auditoria de Finance Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'cliente_externoNeed', + 'auditoriaState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.cliente_externo.auditoria', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para finance/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para finance/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0672 = McpControlContract( + contract_id='finance.cliente_externo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='cliente_externo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Finance Platform para Cliente externo', + purpose='Expor explicacao de Finance Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'cliente_externoNeed', + 'explicacaoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.cliente_externo.explicacao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para finance/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para finance/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0673 = McpControlContract( + contract_id='finance.planejamento_estrategico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Finance Platform para Planejamento estrategico', + purpose='Expor consulta de Finance Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'planejamento_estrategicoNeed', + 'consultaState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.planejamento_estrategico.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para finance/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para finance/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0674 = McpControlContract( + contract_id='finance.planejamento_estrategico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Finance Platform para Planejamento estrategico', + purpose='Expor diagnostico de Finance Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'planejamento_estrategicoNeed', + 'diagnosticoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.planejamento_estrategico.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para finance/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para finance/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0675 = McpControlContract( + contract_id='finance.planejamento_estrategico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Finance Platform para Planejamento estrategico', + purpose='Expor acao de Finance Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'planejamento_estrategicoNeed', + 'acaoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.planejamento_estrategico.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para finance/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para finance/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0676 = McpControlContract( + contract_id='finance.planejamento_estrategico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Finance Platform para Planejamento estrategico', + purpose='Expor auditoria de Finance Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'planejamento_estrategicoNeed', + 'auditoriaState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.planejamento_estrategico.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para finance/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para finance/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0677 = McpControlContract( + contract_id='finance.planejamento_estrategico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='finance', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Finance Platform para Planejamento estrategico', + purpose='Expor explicacao de Finance Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'financeStatus', + 'planejamento_estrategicoNeed', + 'explicacaoState', + 'financeGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.finance.planejamento_estrategico.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider finance via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para finance/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para finance/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0678 = McpControlContract( contract_id='finance.credentialref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='finance', @@ -15899,7 +41574,7 @@ CONTRACT_0353 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0354 = McpControlContract( +CONTRACT_0679 = McpControlContract( contract_id='finance.tokenref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='finance', @@ -15925,7 +41600,7 @@ CONTRACT_0354 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0355 = McpControlContract( +CONTRACT_0680 = McpControlContract( contract_id='finance.secretref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='finance', @@ -15951,7 +41626,7 @@ CONTRACT_0355 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0356 = McpControlContract( +CONTRACT_0681 = McpControlContract( contract_id='finance.cfat.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='finance', @@ -15977,7 +41652,7 @@ CONTRACT_0356 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0357 = McpControlContract( +CONTRACT_0682 = McpControlContract( contract_id='finance.administrador_empresa.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -16046,7 +41721,7 @@ CONTRACT_0357 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0358 = McpControlContract( +CONTRACT_0683 = McpControlContract( contract_id='finance.administrador_empresa.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -16115,7 +41790,7 @@ CONTRACT_0358 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0359 = McpControlContract( +CONTRACT_0684 = McpControlContract( contract_id='finance.administrador_empresa.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -16184,7 +41859,7 @@ CONTRACT_0359 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0360 = McpControlContract( +CONTRACT_0685 = McpControlContract( contract_id='finance.ceo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -16253,7 +41928,7 @@ CONTRACT_0360 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0361 = McpControlContract( +CONTRACT_0686 = McpControlContract( contract_id='finance.ceo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -16322,7 +41997,7 @@ CONTRACT_0361 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0362 = McpControlContract( +CONTRACT_0687 = McpControlContract( contract_id='finance.ceo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -16391,7 +42066,7 @@ CONTRACT_0362 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0363 = McpControlContract( +CONTRACT_0688 = McpControlContract( contract_id='finance.gestor_operacional.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -16460,7 +42135,7 @@ CONTRACT_0363 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0364 = McpControlContract( +CONTRACT_0689 = McpControlContract( contract_id='finance.gestor_operacional.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -16529,7 +42204,7 @@ CONTRACT_0364 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0365 = McpControlContract( +CONTRACT_0690 = McpControlContract( contract_id='finance.gestor_operacional.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -16598,7 +42273,7 @@ CONTRACT_0365 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0366 = McpControlContract( +CONTRACT_0691 = McpControlContract( contract_id='finance.suporte.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -16667,7 +42342,7 @@ CONTRACT_0366 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0367 = McpControlContract( +CONTRACT_0692 = McpControlContract( contract_id='finance.suporte.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -16736,7 +42411,7 @@ CONTRACT_0367 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0368 = McpControlContract( +CONTRACT_0693 = McpControlContract( contract_id='finance.suporte.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -16805,7 +42480,7 @@ CONTRACT_0368 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0369 = McpControlContract( +CONTRACT_0694 = McpControlContract( contract_id='finance.atendimento_cliente.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -16874,7 +42549,7 @@ CONTRACT_0369 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0370 = McpControlContract( +CONTRACT_0695 = McpControlContract( contract_id='finance.atendimento_cliente.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -16943,7 +42618,7 @@ CONTRACT_0370 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0371 = McpControlContract( +CONTRACT_0696 = McpControlContract( contract_id='finance.atendimento_cliente.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -17012,7 +42687,7 @@ CONTRACT_0371 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0372 = McpControlContract( +CONTRACT_0697 = McpControlContract( contract_id='finance.financeiro.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -17081,7 +42756,7 @@ CONTRACT_0372 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0373 = McpControlContract( +CONTRACT_0698 = McpControlContract( contract_id='finance.financeiro.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -17150,7 +42825,7 @@ CONTRACT_0373 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0374 = McpControlContract( +CONTRACT_0699 = McpControlContract( contract_id='finance.financeiro.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -17219,7 +42894,7 @@ CONTRACT_0374 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0375 = McpControlContract( +CONTRACT_0700 = McpControlContract( contract_id='finance.contador.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -17288,7 +42963,7 @@ CONTRACT_0375 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0376 = McpControlContract( +CONTRACT_0701 = McpControlContract( contract_id='finance.contador.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -17357,7 +43032,7 @@ CONTRACT_0376 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0377 = McpControlContract( +CONTRACT_0702 = McpControlContract( contract_id='finance.contador.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -17426,7 +43101,7 @@ CONTRACT_0377 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0378 = McpControlContract( +CONTRACT_0703 = McpControlContract( contract_id='finance.juridico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -17495,7 +43170,7 @@ CONTRACT_0378 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0379 = McpControlContract( +CONTRACT_0704 = McpControlContract( contract_id='finance.juridico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -17564,7 +43239,7 @@ CONTRACT_0379 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0380 = McpControlContract( +CONTRACT_0705 = McpControlContract( contract_id='finance.juridico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -17633,7 +43308,7 @@ CONTRACT_0380 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0381 = McpControlContract( +CONTRACT_0706 = McpControlContract( contract_id='finance.secretaria.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -17702,7 +43377,7 @@ CONTRACT_0381 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0382 = McpControlContract( +CONTRACT_0707 = McpControlContract( contract_id='finance.secretaria.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -17771,7 +43446,7 @@ CONTRACT_0382 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0383 = McpControlContract( +CONTRACT_0708 = McpControlContract( contract_id='finance.secretaria.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -17840,7 +43515,7 @@ CONTRACT_0383 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0384 = McpControlContract( +CONTRACT_0709 = McpControlContract( contract_id='finance.tecnico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -17909,7 +43584,7 @@ CONTRACT_0384 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0385 = McpControlContract( +CONTRACT_0710 = McpControlContract( contract_id='finance.tecnico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -17978,7 +43653,7 @@ CONTRACT_0385 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0386 = McpControlContract( +CONTRACT_0711 = McpControlContract( contract_id='finance.tecnico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -18047,7 +43722,7 @@ CONTRACT_0386 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0387 = McpControlContract( +CONTRACT_0712 = McpControlContract( contract_id='finance.usuario_final.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -18116,7 +43791,7 @@ CONTRACT_0387 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0388 = McpControlContract( +CONTRACT_0713 = McpControlContract( contract_id='finance.usuario_final.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -18185,7 +43860,7 @@ CONTRACT_0388 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0389 = McpControlContract( +CONTRACT_0714 = McpControlContract( contract_id='finance.usuario_final.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -18254,7 +43929,7 @@ CONTRACT_0389 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0390 = McpControlContract( +CONTRACT_0715 = McpControlContract( contract_id='finance.cliente_externo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -18323,7 +43998,7 @@ CONTRACT_0390 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0391 = McpControlContract( +CONTRACT_0716 = McpControlContract( contract_id='finance.cliente_externo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -18392,7 +44067,7 @@ CONTRACT_0391 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0392 = McpControlContract( +CONTRACT_0717 = McpControlContract( contract_id='finance.cliente_externo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -18461,7 +44136,7 @@ CONTRACT_0392 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0393 = McpControlContract( +CONTRACT_0718 = McpControlContract( contract_id='finance.planejamento_estrategico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -18530,7 +44205,7 @@ CONTRACT_0393 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0394 = McpControlContract( +CONTRACT_0719 = McpControlContract( contract_id='finance.planejamento_estrategico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -18599,7 +44274,7 @@ CONTRACT_0394 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0395 = McpControlContract( +CONTRACT_0720 = McpControlContract( contract_id='finance.planejamento_estrategico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='finance', @@ -18668,7 +44343,7 @@ CONTRACT_0395 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0396 = McpControlContract( +CONTRACT_0721 = McpControlContract( contract_id='gettys.administrador_empresa.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='gettys', @@ -18694,7 +44369,7 @@ CONTRACT_0396 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0397 = McpControlContract( +CONTRACT_0722 = McpControlContract( contract_id='gettys.ceo.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='gettys', @@ -18720,7 +44395,7 @@ CONTRACT_0397 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0398 = McpControlContract( +CONTRACT_0723 = McpControlContract( contract_id='gettys.gestor_operacional.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='gettys', @@ -18746,7 +44421,7 @@ CONTRACT_0398 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0399 = McpControlContract( +CONTRACT_0724 = McpControlContract( contract_id='gettys.suporte.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='gettys', @@ -18772,7 +44447,7 @@ CONTRACT_0399 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0400 = McpControlContract( +CONTRACT_0725 = McpControlContract( contract_id='gettys.atendimento_cliente.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='gettys', @@ -18798,7 +44473,7 @@ CONTRACT_0400 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0401 = McpControlContract( +CONTRACT_0726 = McpControlContract( contract_id='gettys.financeiro.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='gettys', @@ -18824,7 +44499,7 @@ CONTRACT_0401 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0402 = McpControlContract( +CONTRACT_0727 = McpControlContract( contract_id='gettys.contador.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='gettys', @@ -18850,7 +44525,7 @@ CONTRACT_0402 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0403 = McpControlContract( +CONTRACT_0728 = McpControlContract( contract_id='gettys.juridico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='gettys', @@ -18876,7 +44551,7 @@ CONTRACT_0403 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0404 = McpControlContract( +CONTRACT_0729 = McpControlContract( contract_id='gettys.secretaria.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='gettys', @@ -18902,7 +44577,7 @@ CONTRACT_0404 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0405 = McpControlContract( +CONTRACT_0730 = McpControlContract( contract_id='gettys.tecnico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='gettys', @@ -18928,7 +44603,7 @@ CONTRACT_0405 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0406 = McpControlContract( +CONTRACT_0731 = McpControlContract( contract_id='gettys.usuario_final.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='gettys', @@ -18954,7 +44629,7 @@ CONTRACT_0406 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0407 = McpControlContract( +CONTRACT_0732 = McpControlContract( contract_id='gettys.cliente_externo.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='gettys', @@ -18980,7 +44655,7 @@ CONTRACT_0407 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0408 = McpControlContract( +CONTRACT_0733 = McpControlContract( contract_id='gettys.planejamento_estrategico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='gettys', @@ -19006,7 +44681,7 @@ CONTRACT_0408 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0409 = McpControlContract( +CONTRACT_0734 = McpControlContract( contract_id='gettys.administrador_empresa.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='gettys', @@ -19032,7 +44707,7 @@ CONTRACT_0409 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0410 = McpControlContract( +CONTRACT_0735 = McpControlContract( contract_id='gettys.ceo.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='gettys', @@ -19058,7 +44733,7 @@ CONTRACT_0410 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0411 = McpControlContract( +CONTRACT_0736 = McpControlContract( contract_id='gettys.gestor_operacional.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='gettys', @@ -19084,7 +44759,7 @@ CONTRACT_0411 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0412 = McpControlContract( +CONTRACT_0737 = McpControlContract( contract_id='gettys.suporte.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='gettys', @@ -19110,7 +44785,7 @@ CONTRACT_0412 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0413 = McpControlContract( +CONTRACT_0738 = McpControlContract( contract_id='gettys.atendimento_cliente.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='gettys', @@ -19136,7 +44811,7 @@ CONTRACT_0413 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0414 = McpControlContract( +CONTRACT_0739 = McpControlContract( contract_id='gettys.financeiro.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='gettys', @@ -19162,7 +44837,7 @@ CONTRACT_0414 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0415 = McpControlContract( +CONTRACT_0740 = McpControlContract( contract_id='gettys.contador.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='gettys', @@ -19188,7 +44863,7 @@ CONTRACT_0415 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0416 = McpControlContract( +CONTRACT_0741 = McpControlContract( contract_id='gettys.juridico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='gettys', @@ -19214,7 +44889,7 @@ CONTRACT_0416 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0417 = McpControlContract( +CONTRACT_0742 = McpControlContract( contract_id='gettys.secretaria.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='gettys', @@ -19240,7 +44915,7 @@ CONTRACT_0417 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0418 = McpControlContract( +CONTRACT_0743 = McpControlContract( contract_id='gettys.tecnico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='gettys', @@ -19266,7 +44941,7 @@ CONTRACT_0418 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0419 = McpControlContract( +CONTRACT_0744 = McpControlContract( contract_id='gettys.usuario_final.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='gettys', @@ -19292,7 +44967,7 @@ CONTRACT_0419 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0420 = McpControlContract( +CONTRACT_0745 = McpControlContract( contract_id='gettys.cliente_externo.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='gettys', @@ -19318,7 +44993,7 @@ CONTRACT_0420 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0421 = McpControlContract( +CONTRACT_0746 = McpControlContract( contract_id='gettys.planejamento_estrategico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='gettys', @@ -19344,7 +45019,7 @@ CONTRACT_0421 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0422 = McpControlContract( +CONTRACT_0747 = McpControlContract( contract_id='gettys.gettys-overview.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='gettys', @@ -19370,7 +45045,7 @@ CONTRACT_0422 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0423 = McpControlContract( +CONTRACT_0748 = McpControlContract( contract_id='gettys.admin-screen.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='gettys', @@ -19396,7 +45071,7 @@ CONTRACT_0423 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0424 = McpControlContract( +CONTRACT_0749 = McpControlContract( contract_id='gettys.health.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='gettys', @@ -19422,7 +45097,7 @@ CONTRACT_0424 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0425 = McpControlContract( +CONTRACT_0750 = McpControlContract( contract_id='gettys.product-readiness.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='gettys', @@ -19448,7 +45123,7 @@ CONTRACT_0425 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0426 = McpControlContract( +CONTRACT_0751 = McpControlContract( contract_id='gettys.consulta.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='gettys', @@ -19474,7 +45149,7 @@ CONTRACT_0426 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0427 = McpControlContract( +CONTRACT_0752 = McpControlContract( contract_id='gettys.diagnostico.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='gettys', @@ -19500,7 +45175,7 @@ CONTRACT_0427 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0428 = McpControlContract( +CONTRACT_0753 = McpControlContract( contract_id='gettys.acao.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='gettys', @@ -19526,7 +45201,7 @@ CONTRACT_0428 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0429 = McpControlContract( +CONTRACT_0754 = McpControlContract( contract_id='gettys.auditoria.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='gettys', @@ -19552,7 +45227,7 @@ CONTRACT_0429 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0430 = McpControlContract( +CONTRACT_0755 = McpControlContract( contract_id='gettys.explicacao.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='gettys', @@ -19578,7 +45253,5142 @@ CONTRACT_0430 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0431 = McpControlContract( +CONTRACT_0756 = McpControlContract( + contract_id='gettys.administrador_empresa.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Gettys Platform para Administrador da empresa', + purpose='Expor consulta de Gettys Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'administrador_empresaNeed', + 'consultaState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.administrador_empresa.consulta', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para gettys/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para gettys/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0757 = McpControlContract( + contract_id='gettys.administrador_empresa.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Gettys Platform para Administrador da empresa', + purpose='Expor diagnostico de Gettys Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'administrador_empresaNeed', + 'diagnosticoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.administrador_empresa.diagnostico', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para gettys/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para gettys/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0758 = McpControlContract( + contract_id='gettys.administrador_empresa.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Gettys Platform para Administrador da empresa', + purpose='Expor acao de Gettys Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'administrador_empresaNeed', + 'acaoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.administrador_empresa.acao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para gettys/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para gettys/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0759 = McpControlContract( + contract_id='gettys.administrador_empresa.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Gettys Platform para Administrador da empresa', + purpose='Expor auditoria de Gettys Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'administrador_empresaNeed', + 'auditoriaState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.administrador_empresa.auditoria', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para gettys/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para gettys/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0760 = McpControlContract( + contract_id='gettys.administrador_empresa.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Gettys Platform para Administrador da empresa', + purpose='Expor explicacao de Gettys Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'administrador_empresaNeed', + 'explicacaoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.administrador_empresa.explicacao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para gettys/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para gettys/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0761 = McpControlContract( + contract_id='gettys.ceo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='ceo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Gettys Platform para CEO', + purpose='Expor consulta de Gettys Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'ceoNeed', + 'consultaState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.ceo.consulta', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para gettys/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para gettys/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0762 = McpControlContract( + contract_id='gettys.ceo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='ceo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Gettys Platform para CEO', + purpose='Expor diagnostico de Gettys Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'ceoNeed', + 'diagnosticoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.ceo.diagnostico', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para gettys/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para gettys/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0763 = McpControlContract( + contract_id='gettys.ceo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='ceo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Gettys Platform para CEO', + purpose='Expor acao de Gettys Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'ceoNeed', + 'acaoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.ceo.acao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para gettys/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para gettys/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0764 = McpControlContract( + contract_id='gettys.ceo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='ceo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Gettys Platform para CEO', + purpose='Expor auditoria de Gettys Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'ceoNeed', + 'auditoriaState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.ceo.auditoria', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para gettys/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para gettys/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0765 = McpControlContract( + contract_id='gettys.ceo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='ceo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Gettys Platform para CEO', + purpose='Expor explicacao de Gettys Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'ceoNeed', + 'explicacaoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.ceo.explicacao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para gettys/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para gettys/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0766 = McpControlContract( + contract_id='gettys.gestor_operacional.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Gettys Platform para Gestor operacional', + purpose='Expor consulta de Gettys Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'gestor_operacionalNeed', + 'consultaState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.gestor_operacional.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para gettys/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para gettys/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0767 = McpControlContract( + contract_id='gettys.gestor_operacional.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Gettys Platform para Gestor operacional', + purpose='Expor diagnostico de Gettys Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'gestor_operacionalNeed', + 'diagnosticoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.gestor_operacional.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para gettys/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para gettys/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0768 = McpControlContract( + contract_id='gettys.gestor_operacional.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Gettys Platform para Gestor operacional', + purpose='Expor acao de Gettys Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'gestor_operacionalNeed', + 'acaoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.gestor_operacional.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para gettys/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para gettys/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0769 = McpControlContract( + contract_id='gettys.gestor_operacional.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Gettys Platform para Gestor operacional', + purpose='Expor auditoria de Gettys Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'gestor_operacionalNeed', + 'auditoriaState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.gestor_operacional.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para gettys/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para gettys/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0770 = McpControlContract( + contract_id='gettys.gestor_operacional.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Gettys Platform para Gestor operacional', + purpose='Expor explicacao de Gettys Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'gestor_operacionalNeed', + 'explicacaoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.gestor_operacional.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para gettys/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para gettys/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0771 = McpControlContract( + contract_id='gettys.suporte.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='suporte', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Gettys Platform para Equipe de suporte', + purpose='Expor consulta de Gettys Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'suporteNeed', + 'consultaState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.suporte.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para gettys/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para gettys/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0772 = McpControlContract( + contract_id='gettys.suporte.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='suporte', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Gettys Platform para Equipe de suporte', + purpose='Expor diagnostico de Gettys Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'suporteNeed', + 'diagnosticoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.suporte.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para gettys/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para gettys/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0773 = McpControlContract( + contract_id='gettys.suporte.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='suporte', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Gettys Platform para Equipe de suporte', + purpose='Expor acao de Gettys Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'suporteNeed', + 'acaoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.suporte.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para gettys/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para gettys/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0774 = McpControlContract( + contract_id='gettys.suporte.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='suporte', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Gettys Platform para Equipe de suporte', + purpose='Expor auditoria de Gettys Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'suporteNeed', + 'auditoriaState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.suporte.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para gettys/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para gettys/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0775 = McpControlContract( + contract_id='gettys.suporte.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='suporte', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Gettys Platform para Equipe de suporte', + purpose='Expor explicacao de Gettys Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'suporteNeed', + 'explicacaoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.suporte.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para gettys/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para gettys/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0776 = McpControlContract( + contract_id='gettys.atendimento_cliente.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Gettys Platform para Atendimento ao cliente', + purpose='Expor consulta de Gettys Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'atendimento_clienteNeed', + 'consultaState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.atendimento_cliente.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para gettys/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para gettys/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0777 = McpControlContract( + contract_id='gettys.atendimento_cliente.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Gettys Platform para Atendimento ao cliente', + purpose='Expor diagnostico de Gettys Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'atendimento_clienteNeed', + 'diagnosticoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.atendimento_cliente.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para gettys/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para gettys/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0778 = McpControlContract( + contract_id='gettys.atendimento_cliente.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Gettys Platform para Atendimento ao cliente', + purpose='Expor acao de Gettys Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'atendimento_clienteNeed', + 'acaoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.atendimento_cliente.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para gettys/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para gettys/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0779 = McpControlContract( + contract_id='gettys.atendimento_cliente.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Gettys Platform para Atendimento ao cliente', + purpose='Expor auditoria de Gettys Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'atendimento_clienteNeed', + 'auditoriaState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.atendimento_cliente.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para gettys/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para gettys/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0780 = McpControlContract( + contract_id='gettys.atendimento_cliente.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Gettys Platform para Atendimento ao cliente', + purpose='Expor explicacao de Gettys Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'atendimento_clienteNeed', + 'explicacaoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.atendimento_cliente.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para gettys/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para gettys/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0781 = McpControlContract( + contract_id='gettys.financeiro.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='financeiro', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Gettys Platform para Financeiro', + purpose='Expor consulta de Gettys Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'financeiroNeed', + 'consultaState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.financeiro.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para gettys/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para gettys/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0782 = McpControlContract( + contract_id='gettys.financeiro.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='financeiro', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Gettys Platform para Financeiro', + purpose='Expor diagnostico de Gettys Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'financeiroNeed', + 'diagnosticoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.financeiro.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para gettys/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para gettys/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0783 = McpControlContract( + contract_id='gettys.financeiro.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='financeiro', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Gettys Platform para Financeiro', + purpose='Expor acao de Gettys Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'financeiroNeed', + 'acaoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.financeiro.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para gettys/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para gettys/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0784 = McpControlContract( + contract_id='gettys.financeiro.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='financeiro', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Gettys Platform para Financeiro', + purpose='Expor auditoria de Gettys Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'financeiroNeed', + 'auditoriaState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.financeiro.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para gettys/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para gettys/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0785 = McpControlContract( + contract_id='gettys.financeiro.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='financeiro', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Gettys Platform para Financeiro', + purpose='Expor explicacao de Gettys Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'financeiroNeed', + 'explicacaoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.financeiro.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para gettys/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para gettys/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0786 = McpControlContract( + contract_id='gettys.contador.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='contador', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Gettys Platform para Contador', + purpose='Expor consulta de Gettys Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'contadorNeed', + 'consultaState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.contador.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para gettys/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para gettys/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0787 = McpControlContract( + contract_id='gettys.contador.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='contador', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Gettys Platform para Contador', + purpose='Expor diagnostico de Gettys Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'contadorNeed', + 'diagnosticoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.contador.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para gettys/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para gettys/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0788 = McpControlContract( + contract_id='gettys.contador.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='contador', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Gettys Platform para Contador', + purpose='Expor acao de Gettys Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'contadorNeed', + 'acaoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.contador.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para gettys/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para gettys/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0789 = McpControlContract( + contract_id='gettys.contador.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='contador', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Gettys Platform para Contador', + purpose='Expor auditoria de Gettys Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'contadorNeed', + 'auditoriaState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.contador.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para gettys/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para gettys/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0790 = McpControlContract( + contract_id='gettys.contador.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='contador', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Gettys Platform para Contador', + purpose='Expor explicacao de Gettys Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'contadorNeed', + 'explicacaoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.contador.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para gettys/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para gettys/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0791 = McpControlContract( + contract_id='gettys.juridico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='juridico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Gettys Platform para Juridico', + purpose='Expor consulta de Gettys Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'juridicoNeed', + 'consultaState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.juridico.consulta', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para gettys/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para gettys/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0792 = McpControlContract( + contract_id='gettys.juridico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='juridico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Gettys Platform para Juridico', + purpose='Expor diagnostico de Gettys Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'juridicoNeed', + 'diagnosticoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.juridico.diagnostico', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para gettys/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para gettys/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0793 = McpControlContract( + contract_id='gettys.juridico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='juridico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Gettys Platform para Juridico', + purpose='Expor acao de Gettys Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'juridicoNeed', + 'acaoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.juridico.acao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para gettys/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para gettys/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0794 = McpControlContract( + contract_id='gettys.juridico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='juridico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Gettys Platform para Juridico', + purpose='Expor auditoria de Gettys Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'juridicoNeed', + 'auditoriaState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.juridico.auditoria', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para gettys/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para gettys/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0795 = McpControlContract( + contract_id='gettys.juridico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='juridico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Gettys Platform para Juridico', + purpose='Expor explicacao de Gettys Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'juridicoNeed', + 'explicacaoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.juridico.explicacao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para gettys/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para gettys/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0796 = McpControlContract( + contract_id='gettys.secretaria.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='secretaria', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Gettys Platform para Secretaria', + purpose='Expor consulta de Gettys Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'secretariaNeed', + 'consultaState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.secretaria.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para gettys/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para gettys/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0797 = McpControlContract( + contract_id='gettys.secretaria.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='secretaria', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Gettys Platform para Secretaria', + purpose='Expor diagnostico de Gettys Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'secretariaNeed', + 'diagnosticoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.secretaria.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para gettys/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para gettys/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0798 = McpControlContract( + contract_id='gettys.secretaria.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='secretaria', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Gettys Platform para Secretaria', + purpose='Expor acao de Gettys Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'secretariaNeed', + 'acaoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.secretaria.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para gettys/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para gettys/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0799 = McpControlContract( + contract_id='gettys.secretaria.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='secretaria', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Gettys Platform para Secretaria', + purpose='Expor auditoria de Gettys Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'secretariaNeed', + 'auditoriaState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.secretaria.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para gettys/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para gettys/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0800 = McpControlContract( + contract_id='gettys.secretaria.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='secretaria', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Gettys Platform para Secretaria', + purpose='Expor explicacao de Gettys Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'secretariaNeed', + 'explicacaoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.secretaria.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para gettys/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para gettys/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0801 = McpControlContract( + contract_id='gettys.tecnico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='tecnico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Gettys Platform para Tecnico', + purpose='Expor consulta de Gettys Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'tecnicoNeed', + 'consultaState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.tecnico.consulta', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para gettys/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para gettys/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0802 = McpControlContract( + contract_id='gettys.tecnico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='tecnico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Gettys Platform para Tecnico', + purpose='Expor diagnostico de Gettys Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'tecnicoNeed', + 'diagnosticoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.tecnico.diagnostico', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para gettys/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para gettys/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0803 = McpControlContract( + contract_id='gettys.tecnico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='tecnico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Gettys Platform para Tecnico', + purpose='Expor acao de Gettys Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'tecnicoNeed', + 'acaoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.tecnico.acao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para gettys/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para gettys/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0804 = McpControlContract( + contract_id='gettys.tecnico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='tecnico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Gettys Platform para Tecnico', + purpose='Expor auditoria de Gettys Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'tecnicoNeed', + 'auditoriaState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.tecnico.auditoria', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para gettys/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para gettys/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0805 = McpControlContract( + contract_id='gettys.tecnico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='tecnico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Gettys Platform para Tecnico', + purpose='Expor explicacao de Gettys Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'tecnicoNeed', + 'explicacaoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.tecnico.explicacao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para gettys/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para gettys/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0806 = McpControlContract( + contract_id='gettys.usuario_final.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='usuario_final', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Gettys Platform para Usuario final', + purpose='Expor consulta de Gettys Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'usuario_finalNeed', + 'consultaState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.usuario_final.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para gettys/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para gettys/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0807 = McpControlContract( + contract_id='gettys.usuario_final.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='usuario_final', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Gettys Platform para Usuario final', + purpose='Expor diagnostico de Gettys Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'usuario_finalNeed', + 'diagnosticoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.usuario_final.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para gettys/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para gettys/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0808 = McpControlContract( + contract_id='gettys.usuario_final.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='usuario_final', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Gettys Platform para Usuario final', + purpose='Expor acao de Gettys Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'usuario_finalNeed', + 'acaoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.usuario_final.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para gettys/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para gettys/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0809 = McpControlContract( + contract_id='gettys.usuario_final.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='usuario_final', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Gettys Platform para Usuario final', + purpose='Expor auditoria de Gettys Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'usuario_finalNeed', + 'auditoriaState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.usuario_final.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para gettys/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para gettys/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0810 = McpControlContract( + contract_id='gettys.usuario_final.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='usuario_final', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Gettys Platform para Usuario final', + purpose='Expor explicacao de Gettys Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'usuario_finalNeed', + 'explicacaoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.usuario_final.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para gettys/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para gettys/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0811 = McpControlContract( + contract_id='gettys.cliente_externo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='cliente_externo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Gettys Platform para Cliente externo', + purpose='Expor consulta de Gettys Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'cliente_externoNeed', + 'consultaState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.cliente_externo.consulta', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para gettys/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para gettys/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0812 = McpControlContract( + contract_id='gettys.cliente_externo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='cliente_externo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Gettys Platform para Cliente externo', + purpose='Expor diagnostico de Gettys Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'cliente_externoNeed', + 'diagnosticoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.cliente_externo.diagnostico', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para gettys/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para gettys/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0813 = McpControlContract( + contract_id='gettys.cliente_externo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='cliente_externo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Gettys Platform para Cliente externo', + purpose='Expor acao de Gettys Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'cliente_externoNeed', + 'acaoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.cliente_externo.acao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para gettys/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para gettys/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0814 = McpControlContract( + contract_id='gettys.cliente_externo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='cliente_externo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Gettys Platform para Cliente externo', + purpose='Expor auditoria de Gettys Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'cliente_externoNeed', + 'auditoriaState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.cliente_externo.auditoria', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para gettys/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para gettys/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0815 = McpControlContract( + contract_id='gettys.cliente_externo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='cliente_externo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Gettys Platform para Cliente externo', + purpose='Expor explicacao de Gettys Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'cliente_externoNeed', + 'explicacaoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.cliente_externo.explicacao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para gettys/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para gettys/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0816 = McpControlContract( + contract_id='gettys.planejamento_estrategico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Gettys Platform para Planejamento estrategico', + purpose='Expor consulta de Gettys Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'planejamento_estrategicoNeed', + 'consultaState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.planejamento_estrategico.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para gettys/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para gettys/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0817 = McpControlContract( + contract_id='gettys.planejamento_estrategico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Gettys Platform para Planejamento estrategico', + purpose='Expor diagnostico de Gettys Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'planejamento_estrategicoNeed', + 'diagnosticoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.planejamento_estrategico.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para gettys/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para gettys/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0818 = McpControlContract( + contract_id='gettys.planejamento_estrategico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Gettys Platform para Planejamento estrategico', + purpose='Expor acao de Gettys Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'planejamento_estrategicoNeed', + 'acaoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.planejamento_estrategico.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para gettys/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para gettys/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0819 = McpControlContract( + contract_id='gettys.planejamento_estrategico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Gettys Platform para Planejamento estrategico', + purpose='Expor auditoria de Gettys Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'planejamento_estrategicoNeed', + 'auditoriaState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.planejamento_estrategico.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para gettys/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para gettys/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0820 = McpControlContract( + contract_id='gettys.planejamento_estrategico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='gettys', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Gettys Platform para Planejamento estrategico', + purpose='Expor explicacao de Gettys Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'gettysStatus', + 'planejamento_estrategicoNeed', + 'explicacaoState', + 'operationsGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.gettys.planejamento_estrategico.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider gettys via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para gettys/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para gettys/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0821 = McpControlContract( contract_id='gettys.credentialref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='gettys', @@ -19604,7 +50414,7 @@ CONTRACT_0431 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0432 = McpControlContract( +CONTRACT_0822 = McpControlContract( contract_id='gettys.tokenref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='gettys', @@ -19630,7 +50440,7 @@ CONTRACT_0432 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0433 = McpControlContract( +CONTRACT_0823 = McpControlContract( contract_id='gettys.secretref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='gettys', @@ -19656,7 +50466,7 @@ CONTRACT_0433 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0434 = McpControlContract( +CONTRACT_0824 = McpControlContract( contract_id='gettys.cfat.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='gettys', @@ -19682,7 +50492,7 @@ CONTRACT_0434 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0435 = McpControlContract( +CONTRACT_0825 = McpControlContract( contract_id='gettys.administrador_empresa.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -19751,7 +50561,7 @@ CONTRACT_0435 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0436 = McpControlContract( +CONTRACT_0826 = McpControlContract( contract_id='gettys.administrador_empresa.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -19820,7 +50630,7 @@ CONTRACT_0436 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0437 = McpControlContract( +CONTRACT_0827 = McpControlContract( contract_id='gettys.administrador_empresa.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -19889,7 +50699,7 @@ CONTRACT_0437 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0438 = McpControlContract( +CONTRACT_0828 = McpControlContract( contract_id='gettys.ceo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -19958,7 +50768,7 @@ CONTRACT_0438 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0439 = McpControlContract( +CONTRACT_0829 = McpControlContract( contract_id='gettys.ceo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -20027,7 +50837,7 @@ CONTRACT_0439 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0440 = McpControlContract( +CONTRACT_0830 = McpControlContract( contract_id='gettys.ceo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -20096,7 +50906,7 @@ CONTRACT_0440 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0441 = McpControlContract( +CONTRACT_0831 = McpControlContract( contract_id='gettys.gestor_operacional.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -20165,7 +50975,7 @@ CONTRACT_0441 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0442 = McpControlContract( +CONTRACT_0832 = McpControlContract( contract_id='gettys.gestor_operacional.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -20234,7 +51044,7 @@ CONTRACT_0442 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0443 = McpControlContract( +CONTRACT_0833 = McpControlContract( contract_id='gettys.gestor_operacional.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -20303,7 +51113,7 @@ CONTRACT_0443 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0444 = McpControlContract( +CONTRACT_0834 = McpControlContract( contract_id='gettys.suporte.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -20372,7 +51182,7 @@ CONTRACT_0444 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0445 = McpControlContract( +CONTRACT_0835 = McpControlContract( contract_id='gettys.suporte.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -20441,7 +51251,7 @@ CONTRACT_0445 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0446 = McpControlContract( +CONTRACT_0836 = McpControlContract( contract_id='gettys.suporte.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -20510,7 +51320,7 @@ CONTRACT_0446 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0447 = McpControlContract( +CONTRACT_0837 = McpControlContract( contract_id='gettys.atendimento_cliente.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -20579,7 +51389,7 @@ CONTRACT_0447 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0448 = McpControlContract( +CONTRACT_0838 = McpControlContract( contract_id='gettys.atendimento_cliente.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -20648,7 +51458,7 @@ CONTRACT_0448 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0449 = McpControlContract( +CONTRACT_0839 = McpControlContract( contract_id='gettys.atendimento_cliente.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -20717,7 +51527,7 @@ CONTRACT_0449 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0450 = McpControlContract( +CONTRACT_0840 = McpControlContract( contract_id='gettys.financeiro.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -20786,7 +51596,7 @@ CONTRACT_0450 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0451 = McpControlContract( +CONTRACT_0841 = McpControlContract( contract_id='gettys.financeiro.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -20855,7 +51665,7 @@ CONTRACT_0451 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0452 = McpControlContract( +CONTRACT_0842 = McpControlContract( contract_id='gettys.financeiro.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -20924,7 +51734,7 @@ CONTRACT_0452 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0453 = McpControlContract( +CONTRACT_0843 = McpControlContract( contract_id='gettys.contador.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -20993,7 +51803,7 @@ CONTRACT_0453 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0454 = McpControlContract( +CONTRACT_0844 = McpControlContract( contract_id='gettys.contador.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -21062,7 +51872,7 @@ CONTRACT_0454 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0455 = McpControlContract( +CONTRACT_0845 = McpControlContract( contract_id='gettys.contador.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -21131,7 +51941,7 @@ CONTRACT_0455 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0456 = McpControlContract( +CONTRACT_0846 = McpControlContract( contract_id='gettys.juridico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -21200,7 +52010,7 @@ CONTRACT_0456 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0457 = McpControlContract( +CONTRACT_0847 = McpControlContract( contract_id='gettys.juridico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -21269,7 +52079,7 @@ CONTRACT_0457 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0458 = McpControlContract( +CONTRACT_0848 = McpControlContract( contract_id='gettys.juridico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -21338,7 +52148,7 @@ CONTRACT_0458 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0459 = McpControlContract( +CONTRACT_0849 = McpControlContract( contract_id='gettys.secretaria.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -21407,7 +52217,7 @@ CONTRACT_0459 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0460 = McpControlContract( +CONTRACT_0850 = McpControlContract( contract_id='gettys.secretaria.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -21476,7 +52286,7 @@ CONTRACT_0460 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0461 = McpControlContract( +CONTRACT_0851 = McpControlContract( contract_id='gettys.secretaria.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -21545,7 +52355,7 @@ CONTRACT_0461 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0462 = McpControlContract( +CONTRACT_0852 = McpControlContract( contract_id='gettys.tecnico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -21614,7 +52424,7 @@ CONTRACT_0462 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0463 = McpControlContract( +CONTRACT_0853 = McpControlContract( contract_id='gettys.tecnico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -21683,7 +52493,7 @@ CONTRACT_0463 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0464 = McpControlContract( +CONTRACT_0854 = McpControlContract( contract_id='gettys.tecnico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -21752,7 +52562,7 @@ CONTRACT_0464 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0465 = McpControlContract( +CONTRACT_0855 = McpControlContract( contract_id='gettys.usuario_final.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -21821,7 +52631,7 @@ CONTRACT_0465 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0466 = McpControlContract( +CONTRACT_0856 = McpControlContract( contract_id='gettys.usuario_final.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -21890,7 +52700,7 @@ CONTRACT_0466 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0467 = McpControlContract( +CONTRACT_0857 = McpControlContract( contract_id='gettys.usuario_final.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -21959,7 +52769,7 @@ CONTRACT_0467 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0468 = McpControlContract( +CONTRACT_0858 = McpControlContract( contract_id='gettys.cliente_externo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -22028,7 +52838,7 @@ CONTRACT_0468 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0469 = McpControlContract( +CONTRACT_0859 = McpControlContract( contract_id='gettys.cliente_externo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -22097,7 +52907,7 @@ CONTRACT_0469 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0470 = McpControlContract( +CONTRACT_0860 = McpControlContract( contract_id='gettys.cliente_externo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -22166,7 +52976,7 @@ CONTRACT_0470 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0471 = McpControlContract( +CONTRACT_0861 = McpControlContract( contract_id='gettys.planejamento_estrategico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -22235,7 +53045,7 @@ CONTRACT_0471 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0472 = McpControlContract( +CONTRACT_0862 = McpControlContract( contract_id='gettys.planejamento_estrategico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -22304,7 +53114,7 @@ CONTRACT_0472 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0473 = McpControlContract( +CONTRACT_0863 = McpControlContract( contract_id='gettys.planejamento_estrategico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='gettys', @@ -22373,7 +53183,7 @@ CONTRACT_0473 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0474 = McpControlContract( +CONTRACT_0864 = McpControlContract( contract_id='identity.administrador_empresa.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='identity', @@ -22399,7 +53209,7 @@ CONTRACT_0474 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0475 = McpControlContract( +CONTRACT_0865 = McpControlContract( contract_id='identity.ceo.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='identity', @@ -22425,7 +53235,7 @@ CONTRACT_0475 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0476 = McpControlContract( +CONTRACT_0866 = McpControlContract( contract_id='identity.gestor_operacional.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='identity', @@ -22451,7 +53261,7 @@ CONTRACT_0476 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0477 = McpControlContract( +CONTRACT_0867 = McpControlContract( contract_id='identity.suporte.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='identity', @@ -22477,7 +53287,7 @@ CONTRACT_0477 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0478 = McpControlContract( +CONTRACT_0868 = McpControlContract( contract_id='identity.atendimento_cliente.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='identity', @@ -22503,7 +53313,7 @@ CONTRACT_0478 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0479 = McpControlContract( +CONTRACT_0869 = McpControlContract( contract_id='identity.financeiro.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='identity', @@ -22529,7 +53339,7 @@ CONTRACT_0479 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0480 = McpControlContract( +CONTRACT_0870 = McpControlContract( contract_id='identity.contador.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='identity', @@ -22555,7 +53365,7 @@ CONTRACT_0480 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0481 = McpControlContract( +CONTRACT_0871 = McpControlContract( contract_id='identity.juridico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='identity', @@ -22581,7 +53391,7 @@ CONTRACT_0481 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0482 = McpControlContract( +CONTRACT_0872 = McpControlContract( contract_id='identity.secretaria.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='identity', @@ -22607,7 +53417,7 @@ CONTRACT_0482 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0483 = McpControlContract( +CONTRACT_0873 = McpControlContract( contract_id='identity.tecnico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='identity', @@ -22633,7 +53443,7 @@ CONTRACT_0483 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0484 = McpControlContract( +CONTRACT_0874 = McpControlContract( contract_id='identity.usuario_final.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='identity', @@ -22659,7 +53469,7 @@ CONTRACT_0484 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0485 = McpControlContract( +CONTRACT_0875 = McpControlContract( contract_id='identity.cliente_externo.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='identity', @@ -22685,7 +53495,7 @@ CONTRACT_0485 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0486 = McpControlContract( +CONTRACT_0876 = McpControlContract( contract_id='identity.planejamento_estrategico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='identity', @@ -22711,7 +53521,7 @@ CONTRACT_0486 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0487 = McpControlContract( +CONTRACT_0877 = McpControlContract( contract_id='identity.administrador_empresa.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='identity', @@ -22737,7 +53547,7 @@ CONTRACT_0487 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0488 = McpControlContract( +CONTRACT_0878 = McpControlContract( contract_id='identity.ceo.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='identity', @@ -22763,7 +53573,7 @@ CONTRACT_0488 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0489 = McpControlContract( +CONTRACT_0879 = McpControlContract( contract_id='identity.gestor_operacional.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='identity', @@ -22789,7 +53599,7 @@ CONTRACT_0489 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0490 = McpControlContract( +CONTRACT_0880 = McpControlContract( contract_id='identity.suporte.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='identity', @@ -22815,7 +53625,7 @@ CONTRACT_0490 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0491 = McpControlContract( +CONTRACT_0881 = McpControlContract( contract_id='identity.atendimento_cliente.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='identity', @@ -22841,7 +53651,7 @@ CONTRACT_0491 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0492 = McpControlContract( +CONTRACT_0882 = McpControlContract( contract_id='identity.financeiro.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='identity', @@ -22867,7 +53677,7 @@ CONTRACT_0492 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0493 = McpControlContract( +CONTRACT_0883 = McpControlContract( contract_id='identity.contador.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='identity', @@ -22893,7 +53703,7 @@ CONTRACT_0493 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0494 = McpControlContract( +CONTRACT_0884 = McpControlContract( contract_id='identity.juridico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='identity', @@ -22919,7 +53729,7 @@ CONTRACT_0494 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0495 = McpControlContract( +CONTRACT_0885 = McpControlContract( contract_id='identity.secretaria.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='identity', @@ -22945,7 +53755,7 @@ CONTRACT_0495 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0496 = McpControlContract( +CONTRACT_0886 = McpControlContract( contract_id='identity.tecnico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='identity', @@ -22971,7 +53781,7 @@ CONTRACT_0496 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0497 = McpControlContract( +CONTRACT_0887 = McpControlContract( contract_id='identity.usuario_final.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='identity', @@ -22997,7 +53807,7 @@ CONTRACT_0497 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0498 = McpControlContract( +CONTRACT_0888 = McpControlContract( contract_id='identity.cliente_externo.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='identity', @@ -23023,7 +53833,7 @@ CONTRACT_0498 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0499 = McpControlContract( +CONTRACT_0889 = McpControlContract( contract_id='identity.planejamento_estrategico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='identity', @@ -23049,7 +53859,7 @@ CONTRACT_0499 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0500 = McpControlContract( +CONTRACT_0890 = McpControlContract( contract_id='identity.rbac.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='identity', @@ -23075,7 +53885,7 @@ CONTRACT_0500 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0501 = McpControlContract( +CONTRACT_0891 = McpControlContract( contract_id='identity.sessions.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='identity', @@ -23101,7 +53911,7 @@ CONTRACT_0501 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0502 = McpControlContract( +CONTRACT_0892 = McpControlContract( contract_id='identity.organizations.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='identity', @@ -23127,7 +53937,7 @@ CONTRACT_0502 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0503 = McpControlContract( +CONTRACT_0893 = McpControlContract( contract_id='identity.incidents.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='identity', @@ -23153,7 +53963,7 @@ CONTRACT_0503 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0504 = McpControlContract( +CONTRACT_0894 = McpControlContract( contract_id='identity.audit.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='identity', @@ -23179,7 +53989,7 @@ CONTRACT_0504 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0505 = McpControlContract( +CONTRACT_0895 = McpControlContract( contract_id='identity.contracts.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='identity', @@ -23205,7 +54015,7 @@ CONTRACT_0505 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0506 = McpControlContract( +CONTRACT_0896 = McpControlContract( contract_id='identity.consulta.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='identity', @@ -23231,7 +54041,7 @@ CONTRACT_0506 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0507 = McpControlContract( +CONTRACT_0897 = McpControlContract( contract_id='identity.diagnostico.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='identity', @@ -23257,7 +54067,7 @@ CONTRACT_0507 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0508 = McpControlContract( +CONTRACT_0898 = McpControlContract( contract_id='identity.acao.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='identity', @@ -23283,7 +54093,7 @@ CONTRACT_0508 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0509 = McpControlContract( +CONTRACT_0899 = McpControlContract( contract_id='identity.auditoria.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='identity', @@ -23309,7 +54119,7 @@ CONTRACT_0509 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0510 = McpControlContract( +CONTRACT_0900 = McpControlContract( contract_id='identity.explicacao.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='identity', @@ -23335,7 +54145,5142 @@ CONTRACT_0510 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0511 = McpControlContract( +CONTRACT_0901 = McpControlContract( + contract_id='identity.administrador_empresa.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Identity Platform para Administrador da empresa', + purpose='Expor consulta de Identity Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'administrador_empresaNeed', + 'consultaState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.administrador_empresa.consulta', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para identity/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para identity/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0902 = McpControlContract( + contract_id='identity.administrador_empresa.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Identity Platform para Administrador da empresa', + purpose='Expor diagnostico de Identity Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'administrador_empresaNeed', + 'diagnosticoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.administrador_empresa.diagnostico', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para identity/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para identity/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0903 = McpControlContract( + contract_id='identity.administrador_empresa.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Identity Platform para Administrador da empresa', + purpose='Expor acao de Identity Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'administrador_empresaNeed', + 'acaoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.administrador_empresa.acao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para identity/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para identity/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0904 = McpControlContract( + contract_id='identity.administrador_empresa.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Identity Platform para Administrador da empresa', + purpose='Expor auditoria de Identity Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'administrador_empresaNeed', + 'auditoriaState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.administrador_empresa.auditoria', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para identity/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para identity/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0905 = McpControlContract( + contract_id='identity.administrador_empresa.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Identity Platform para Administrador da empresa', + purpose='Expor explicacao de Identity Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'administrador_empresaNeed', + 'explicacaoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.administrador_empresa.explicacao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para identity/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para identity/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0906 = McpControlContract( + contract_id='identity.ceo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='ceo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Identity Platform para CEO', + purpose='Expor consulta de Identity Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'ceoNeed', + 'consultaState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.ceo.consulta', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para identity/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para identity/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0907 = McpControlContract( + contract_id='identity.ceo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='ceo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Identity Platform para CEO', + purpose='Expor diagnostico de Identity Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'ceoNeed', + 'diagnosticoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.ceo.diagnostico', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para identity/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para identity/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0908 = McpControlContract( + contract_id='identity.ceo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='ceo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Identity Platform para CEO', + purpose='Expor acao de Identity Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'ceoNeed', + 'acaoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.ceo.acao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para identity/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para identity/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0909 = McpControlContract( + contract_id='identity.ceo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='ceo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Identity Platform para CEO', + purpose='Expor auditoria de Identity Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'ceoNeed', + 'auditoriaState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.ceo.auditoria', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para identity/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para identity/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0910 = McpControlContract( + contract_id='identity.ceo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='ceo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Identity Platform para CEO', + purpose='Expor explicacao de Identity Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'ceoNeed', + 'explicacaoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.ceo.explicacao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para identity/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para identity/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0911 = McpControlContract( + contract_id='identity.gestor_operacional.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Identity Platform para Gestor operacional', + purpose='Expor consulta de Identity Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'gestor_operacionalNeed', + 'consultaState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.gestor_operacional.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para identity/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para identity/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0912 = McpControlContract( + contract_id='identity.gestor_operacional.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Identity Platform para Gestor operacional', + purpose='Expor diagnostico de Identity Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'gestor_operacionalNeed', + 'diagnosticoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.gestor_operacional.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para identity/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para identity/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0913 = McpControlContract( + contract_id='identity.gestor_operacional.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Identity Platform para Gestor operacional', + purpose='Expor acao de Identity Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'gestor_operacionalNeed', + 'acaoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.gestor_operacional.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para identity/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para identity/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0914 = McpControlContract( + contract_id='identity.gestor_operacional.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Identity Platform para Gestor operacional', + purpose='Expor auditoria de Identity Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'gestor_operacionalNeed', + 'auditoriaState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.gestor_operacional.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para identity/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para identity/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0915 = McpControlContract( + contract_id='identity.gestor_operacional.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Identity Platform para Gestor operacional', + purpose='Expor explicacao de Identity Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'gestor_operacionalNeed', + 'explicacaoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.gestor_operacional.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para identity/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para identity/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0916 = McpControlContract( + contract_id='identity.suporte.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='suporte', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Identity Platform para Equipe de suporte', + purpose='Expor consulta de Identity Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'suporteNeed', + 'consultaState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.suporte.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para identity/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para identity/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0917 = McpControlContract( + contract_id='identity.suporte.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='suporte', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Identity Platform para Equipe de suporte', + purpose='Expor diagnostico de Identity Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'suporteNeed', + 'diagnosticoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.suporte.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para identity/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para identity/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0918 = McpControlContract( + contract_id='identity.suporte.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='suporte', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Identity Platform para Equipe de suporte', + purpose='Expor acao de Identity Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'suporteNeed', + 'acaoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.suporte.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para identity/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para identity/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0919 = McpControlContract( + contract_id='identity.suporte.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='suporte', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Identity Platform para Equipe de suporte', + purpose='Expor auditoria de Identity Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'suporteNeed', + 'auditoriaState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.suporte.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para identity/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para identity/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0920 = McpControlContract( + contract_id='identity.suporte.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='suporte', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Identity Platform para Equipe de suporte', + purpose='Expor explicacao de Identity Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'suporteNeed', + 'explicacaoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.suporte.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para identity/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para identity/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0921 = McpControlContract( + contract_id='identity.atendimento_cliente.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Identity Platform para Atendimento ao cliente', + purpose='Expor consulta de Identity Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'atendimento_clienteNeed', + 'consultaState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.atendimento_cliente.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para identity/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para identity/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0922 = McpControlContract( + contract_id='identity.atendimento_cliente.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Identity Platform para Atendimento ao cliente', + purpose='Expor diagnostico de Identity Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'atendimento_clienteNeed', + 'diagnosticoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.atendimento_cliente.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para identity/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para identity/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0923 = McpControlContract( + contract_id='identity.atendimento_cliente.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Identity Platform para Atendimento ao cliente', + purpose='Expor acao de Identity Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'atendimento_clienteNeed', + 'acaoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.atendimento_cliente.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para identity/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para identity/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0924 = McpControlContract( + contract_id='identity.atendimento_cliente.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Identity Platform para Atendimento ao cliente', + purpose='Expor auditoria de Identity Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'atendimento_clienteNeed', + 'auditoriaState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.atendimento_cliente.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para identity/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para identity/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0925 = McpControlContract( + contract_id='identity.atendimento_cliente.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Identity Platform para Atendimento ao cliente', + purpose='Expor explicacao de Identity Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'atendimento_clienteNeed', + 'explicacaoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.atendimento_cliente.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para identity/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para identity/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0926 = McpControlContract( + contract_id='identity.financeiro.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='financeiro', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Identity Platform para Financeiro', + purpose='Expor consulta de Identity Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'financeiroNeed', + 'consultaState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.financeiro.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para identity/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para identity/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0927 = McpControlContract( + contract_id='identity.financeiro.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='financeiro', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Identity Platform para Financeiro', + purpose='Expor diagnostico de Identity Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'financeiroNeed', + 'diagnosticoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.financeiro.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para identity/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para identity/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0928 = McpControlContract( + contract_id='identity.financeiro.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='financeiro', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Identity Platform para Financeiro', + purpose='Expor acao de Identity Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'financeiroNeed', + 'acaoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.financeiro.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para identity/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para identity/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0929 = McpControlContract( + contract_id='identity.financeiro.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='financeiro', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Identity Platform para Financeiro', + purpose='Expor auditoria de Identity Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'financeiroNeed', + 'auditoriaState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.financeiro.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para identity/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para identity/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0930 = McpControlContract( + contract_id='identity.financeiro.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='financeiro', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Identity Platform para Financeiro', + purpose='Expor explicacao de Identity Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'financeiroNeed', + 'explicacaoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.financeiro.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para identity/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para identity/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0931 = McpControlContract( + contract_id='identity.contador.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='contador', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Identity Platform para Contador', + purpose='Expor consulta de Identity Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'contadorNeed', + 'consultaState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.contador.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para identity/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para identity/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0932 = McpControlContract( + contract_id='identity.contador.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='contador', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Identity Platform para Contador', + purpose='Expor diagnostico de Identity Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'contadorNeed', + 'diagnosticoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.contador.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para identity/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para identity/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0933 = McpControlContract( + contract_id='identity.contador.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='contador', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Identity Platform para Contador', + purpose='Expor acao de Identity Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'contadorNeed', + 'acaoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.contador.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para identity/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para identity/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0934 = McpControlContract( + contract_id='identity.contador.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='contador', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Identity Platform para Contador', + purpose='Expor auditoria de Identity Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'contadorNeed', + 'auditoriaState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.contador.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para identity/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para identity/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0935 = McpControlContract( + contract_id='identity.contador.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='contador', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Identity Platform para Contador', + purpose='Expor explicacao de Identity Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'contadorNeed', + 'explicacaoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.contador.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para identity/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para identity/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0936 = McpControlContract( + contract_id='identity.juridico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='juridico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Identity Platform para Juridico', + purpose='Expor consulta de Identity Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'juridicoNeed', + 'consultaState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.juridico.consulta', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para identity/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para identity/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0937 = McpControlContract( + contract_id='identity.juridico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='juridico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Identity Platform para Juridico', + purpose='Expor diagnostico de Identity Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'juridicoNeed', + 'diagnosticoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.juridico.diagnostico', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para identity/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para identity/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0938 = McpControlContract( + contract_id='identity.juridico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='juridico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Identity Platform para Juridico', + purpose='Expor acao de Identity Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'juridicoNeed', + 'acaoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.juridico.acao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para identity/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para identity/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0939 = McpControlContract( + contract_id='identity.juridico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='juridico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Identity Platform para Juridico', + purpose='Expor auditoria de Identity Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'juridicoNeed', + 'auditoriaState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.juridico.auditoria', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para identity/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para identity/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0940 = McpControlContract( + contract_id='identity.juridico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='juridico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Identity Platform para Juridico', + purpose='Expor explicacao de Identity Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'juridicoNeed', + 'explicacaoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.juridico.explicacao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para identity/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para identity/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0941 = McpControlContract( + contract_id='identity.secretaria.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='secretaria', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Identity Platform para Secretaria', + purpose='Expor consulta de Identity Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'secretariaNeed', + 'consultaState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.secretaria.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para identity/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para identity/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0942 = McpControlContract( + contract_id='identity.secretaria.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='secretaria', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Identity Platform para Secretaria', + purpose='Expor diagnostico de Identity Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'secretariaNeed', + 'diagnosticoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.secretaria.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para identity/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para identity/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0943 = McpControlContract( + contract_id='identity.secretaria.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='secretaria', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Identity Platform para Secretaria', + purpose='Expor acao de Identity Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'secretariaNeed', + 'acaoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.secretaria.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para identity/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para identity/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0944 = McpControlContract( + contract_id='identity.secretaria.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='secretaria', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Identity Platform para Secretaria', + purpose='Expor auditoria de Identity Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'secretariaNeed', + 'auditoriaState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.secretaria.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para identity/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para identity/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0945 = McpControlContract( + contract_id='identity.secretaria.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='secretaria', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Identity Platform para Secretaria', + purpose='Expor explicacao de Identity Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'secretariaNeed', + 'explicacaoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.secretaria.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para identity/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para identity/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0946 = McpControlContract( + contract_id='identity.tecnico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='tecnico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Identity Platform para Tecnico', + purpose='Expor consulta de Identity Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'tecnicoNeed', + 'consultaState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.tecnico.consulta', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para identity/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para identity/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0947 = McpControlContract( + contract_id='identity.tecnico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='tecnico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Identity Platform para Tecnico', + purpose='Expor diagnostico de Identity Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'tecnicoNeed', + 'diagnosticoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.tecnico.diagnostico', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para identity/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para identity/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0948 = McpControlContract( + contract_id='identity.tecnico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='tecnico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Identity Platform para Tecnico', + purpose='Expor acao de Identity Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'tecnicoNeed', + 'acaoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.tecnico.acao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para identity/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para identity/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0949 = McpControlContract( + contract_id='identity.tecnico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='tecnico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Identity Platform para Tecnico', + purpose='Expor auditoria de Identity Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'tecnicoNeed', + 'auditoriaState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.tecnico.auditoria', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para identity/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para identity/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0950 = McpControlContract( + contract_id='identity.tecnico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='tecnico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Identity Platform para Tecnico', + purpose='Expor explicacao de Identity Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'tecnicoNeed', + 'explicacaoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.tecnico.explicacao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para identity/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para identity/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0951 = McpControlContract( + contract_id='identity.usuario_final.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='usuario_final', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Identity Platform para Usuario final', + purpose='Expor consulta de Identity Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'usuario_finalNeed', + 'consultaState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.usuario_final.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para identity/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para identity/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0952 = McpControlContract( + contract_id='identity.usuario_final.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='usuario_final', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Identity Platform para Usuario final', + purpose='Expor diagnostico de Identity Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'usuario_finalNeed', + 'diagnosticoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.usuario_final.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para identity/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para identity/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0953 = McpControlContract( + contract_id='identity.usuario_final.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='usuario_final', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Identity Platform para Usuario final', + purpose='Expor acao de Identity Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'usuario_finalNeed', + 'acaoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.usuario_final.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para identity/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para identity/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0954 = McpControlContract( + contract_id='identity.usuario_final.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='usuario_final', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Identity Platform para Usuario final', + purpose='Expor auditoria de Identity Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'usuario_finalNeed', + 'auditoriaState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.usuario_final.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para identity/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para identity/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0955 = McpControlContract( + contract_id='identity.usuario_final.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='usuario_final', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Identity Platform para Usuario final', + purpose='Expor explicacao de Identity Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'usuario_finalNeed', + 'explicacaoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.usuario_final.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para identity/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para identity/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0956 = McpControlContract( + contract_id='identity.cliente_externo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='cliente_externo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Identity Platform para Cliente externo', + purpose='Expor consulta de Identity Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'cliente_externoNeed', + 'consultaState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.cliente_externo.consulta', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para identity/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para identity/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0957 = McpControlContract( + contract_id='identity.cliente_externo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='cliente_externo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Identity Platform para Cliente externo', + purpose='Expor diagnostico de Identity Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'cliente_externoNeed', + 'diagnosticoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.cliente_externo.diagnostico', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para identity/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para identity/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0958 = McpControlContract( + contract_id='identity.cliente_externo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='cliente_externo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Identity Platform para Cliente externo', + purpose='Expor acao de Identity Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'cliente_externoNeed', + 'acaoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.cliente_externo.acao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para identity/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para identity/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0959 = McpControlContract( + contract_id='identity.cliente_externo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='cliente_externo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Identity Platform para Cliente externo', + purpose='Expor auditoria de Identity Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'cliente_externoNeed', + 'auditoriaState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.cliente_externo.auditoria', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para identity/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para identity/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0960 = McpControlContract( + contract_id='identity.cliente_externo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='cliente_externo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Identity Platform para Cliente externo', + purpose='Expor explicacao de Identity Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'cliente_externoNeed', + 'explicacaoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.cliente_externo.explicacao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para identity/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para identity/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0961 = McpControlContract( + contract_id='identity.planejamento_estrategico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Identity Platform para Planejamento estrategico', + purpose='Expor consulta de Identity Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'planejamento_estrategicoNeed', + 'consultaState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.planejamento_estrategico.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para identity/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para identity/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0962 = McpControlContract( + contract_id='identity.planejamento_estrategico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Identity Platform para Planejamento estrategico', + purpose='Expor diagnostico de Identity Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'planejamento_estrategicoNeed', + 'diagnosticoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.planejamento_estrategico.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para identity/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para identity/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0963 = McpControlContract( + contract_id='identity.planejamento_estrategico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Identity Platform para Planejamento estrategico', + purpose='Expor acao de Identity Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'planejamento_estrategicoNeed', + 'acaoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.planejamento_estrategico.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para identity/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para identity/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0964 = McpControlContract( + contract_id='identity.planejamento_estrategico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Identity Platform para Planejamento estrategico', + purpose='Expor auditoria de Identity Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'planejamento_estrategicoNeed', + 'auditoriaState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.planejamento_estrategico.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para identity/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para identity/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0965 = McpControlContract( + contract_id='identity.planejamento_estrategico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='identity', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Identity Platform para Planejamento estrategico', + purpose='Expor explicacao de Identity Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'identityStatus', + 'planejamento_estrategicoNeed', + 'explicacaoState', + 'securityGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.identity.planejamento_estrategico.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider identity via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para identity/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para identity/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_0966 = McpControlContract( contract_id='identity.credentialref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='identity', @@ -23361,7 +59306,7 @@ CONTRACT_0511 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0512 = McpControlContract( +CONTRACT_0967 = McpControlContract( contract_id='identity.tokenref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='identity', @@ -23387,7 +59332,7 @@ CONTRACT_0512 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0513 = McpControlContract( +CONTRACT_0968 = McpControlContract( contract_id='identity.secretref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='identity', @@ -23413,7 +59358,7 @@ CONTRACT_0513 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0514 = McpControlContract( +CONTRACT_0969 = McpControlContract( contract_id='identity.cfat.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='identity', @@ -23439,7 +59384,7 @@ CONTRACT_0514 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0515 = McpControlContract( +CONTRACT_0970 = McpControlContract( contract_id='identity.administrador_empresa.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -23508,7 +59453,7 @@ CONTRACT_0515 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0516 = McpControlContract( +CONTRACT_0971 = McpControlContract( contract_id='identity.administrador_empresa.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -23577,7 +59522,7 @@ CONTRACT_0516 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0517 = McpControlContract( +CONTRACT_0972 = McpControlContract( contract_id='identity.administrador_empresa.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -23646,7 +59591,7 @@ CONTRACT_0517 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0518 = McpControlContract( +CONTRACT_0973 = McpControlContract( contract_id='identity.ceo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -23715,7 +59660,7 @@ CONTRACT_0518 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0519 = McpControlContract( +CONTRACT_0974 = McpControlContract( contract_id='identity.ceo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -23784,7 +59729,7 @@ CONTRACT_0519 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0520 = McpControlContract( +CONTRACT_0975 = McpControlContract( contract_id='identity.ceo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -23853,7 +59798,7 @@ CONTRACT_0520 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0521 = McpControlContract( +CONTRACT_0976 = McpControlContract( contract_id='identity.gestor_operacional.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -23922,7 +59867,7 @@ CONTRACT_0521 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0522 = McpControlContract( +CONTRACT_0977 = McpControlContract( contract_id='identity.gestor_operacional.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -23991,7 +59936,7 @@ CONTRACT_0522 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0523 = McpControlContract( +CONTRACT_0978 = McpControlContract( contract_id='identity.gestor_operacional.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -24060,7 +60005,7 @@ CONTRACT_0523 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0524 = McpControlContract( +CONTRACT_0979 = McpControlContract( contract_id='identity.suporte.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -24129,7 +60074,7 @@ CONTRACT_0524 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0525 = McpControlContract( +CONTRACT_0980 = McpControlContract( contract_id='identity.suporte.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -24198,7 +60143,7 @@ CONTRACT_0525 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0526 = McpControlContract( +CONTRACT_0981 = McpControlContract( contract_id='identity.suporte.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -24267,7 +60212,7 @@ CONTRACT_0526 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0527 = McpControlContract( +CONTRACT_0982 = McpControlContract( contract_id='identity.atendimento_cliente.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -24336,7 +60281,7 @@ CONTRACT_0527 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0528 = McpControlContract( +CONTRACT_0983 = McpControlContract( contract_id='identity.atendimento_cliente.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -24405,7 +60350,7 @@ CONTRACT_0528 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0529 = McpControlContract( +CONTRACT_0984 = McpControlContract( contract_id='identity.atendimento_cliente.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -24474,7 +60419,7 @@ CONTRACT_0529 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0530 = McpControlContract( +CONTRACT_0985 = McpControlContract( contract_id='identity.financeiro.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -24543,7 +60488,7 @@ CONTRACT_0530 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0531 = McpControlContract( +CONTRACT_0986 = McpControlContract( contract_id='identity.financeiro.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -24612,7 +60557,7 @@ CONTRACT_0531 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0532 = McpControlContract( +CONTRACT_0987 = McpControlContract( contract_id='identity.financeiro.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -24681,7 +60626,7 @@ CONTRACT_0532 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0533 = McpControlContract( +CONTRACT_0988 = McpControlContract( contract_id='identity.contador.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -24750,7 +60695,7 @@ CONTRACT_0533 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0534 = McpControlContract( +CONTRACT_0989 = McpControlContract( contract_id='identity.contador.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -24819,7 +60764,7 @@ CONTRACT_0534 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0535 = McpControlContract( +CONTRACT_0990 = McpControlContract( contract_id='identity.contador.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -24888,7 +60833,7 @@ CONTRACT_0535 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0536 = McpControlContract( +CONTRACT_0991 = McpControlContract( contract_id='identity.juridico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -24957,7 +60902,7 @@ CONTRACT_0536 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0537 = McpControlContract( +CONTRACT_0992 = McpControlContract( contract_id='identity.juridico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -25026,7 +60971,7 @@ CONTRACT_0537 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0538 = McpControlContract( +CONTRACT_0993 = McpControlContract( contract_id='identity.juridico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -25095,7 +61040,7 @@ CONTRACT_0538 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0539 = McpControlContract( +CONTRACT_0994 = McpControlContract( contract_id='identity.secretaria.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -25164,7 +61109,7 @@ CONTRACT_0539 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0540 = McpControlContract( +CONTRACT_0995 = McpControlContract( contract_id='identity.secretaria.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -25233,7 +61178,7 @@ CONTRACT_0540 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0541 = McpControlContract( +CONTRACT_0996 = McpControlContract( contract_id='identity.secretaria.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -25302,7 +61247,7 @@ CONTRACT_0541 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0542 = McpControlContract( +CONTRACT_0997 = McpControlContract( contract_id='identity.tecnico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -25371,7 +61316,7 @@ CONTRACT_0542 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0543 = McpControlContract( +CONTRACT_0998 = McpControlContract( contract_id='identity.tecnico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -25440,7 +61385,7 @@ CONTRACT_0543 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0544 = McpControlContract( +CONTRACT_0999 = McpControlContract( contract_id='identity.tecnico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -25509,7 +61454,7 @@ CONTRACT_0544 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0545 = McpControlContract( +CONTRACT_1000 = McpControlContract( contract_id='identity.usuario_final.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -25578,7 +61523,7 @@ CONTRACT_0545 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0546 = McpControlContract( +CONTRACT_1001 = McpControlContract( contract_id='identity.usuario_final.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -25647,7 +61592,7 @@ CONTRACT_0546 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0547 = McpControlContract( +CONTRACT_1002 = McpControlContract( contract_id='identity.usuario_final.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -25716,7 +61661,7 @@ CONTRACT_0547 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0548 = McpControlContract( +CONTRACT_1003 = McpControlContract( contract_id='identity.cliente_externo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -25785,7 +61730,7 @@ CONTRACT_0548 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0549 = McpControlContract( +CONTRACT_1004 = McpControlContract( contract_id='identity.cliente_externo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -25854,7 +61799,7 @@ CONTRACT_0549 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0550 = McpControlContract( +CONTRACT_1005 = McpControlContract( contract_id='identity.cliente_externo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -25923,7 +61868,7 @@ CONTRACT_0550 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0551 = McpControlContract( +CONTRACT_1006 = McpControlContract( contract_id='identity.planejamento_estrategico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -25992,7 +61937,7 @@ CONTRACT_0551 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0552 = McpControlContract( +CONTRACT_1007 = McpControlContract( contract_id='identity.planejamento_estrategico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -26061,7 +62006,7 @@ CONTRACT_0552 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0553 = McpControlContract( +CONTRACT_1008 = McpControlContract( contract_id='identity.planejamento_estrategico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='identity', @@ -26130,7 +62075,7 @@ CONTRACT_0553 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0554 = McpControlContract( +CONTRACT_1009 = McpControlContract( contract_id='integracoes.administrador_empresa.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='integracoes', @@ -26156,7 +62101,7 @@ CONTRACT_0554 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0555 = McpControlContract( +CONTRACT_1010 = McpControlContract( contract_id='integracoes.ceo.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='integracoes', @@ -26182,7 +62127,7 @@ CONTRACT_0555 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0556 = McpControlContract( +CONTRACT_1011 = McpControlContract( contract_id='integracoes.gestor_operacional.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='integracoes', @@ -26208,7 +62153,7 @@ CONTRACT_0556 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0557 = McpControlContract( +CONTRACT_1012 = McpControlContract( contract_id='integracoes.suporte.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='integracoes', @@ -26234,7 +62179,7 @@ CONTRACT_0557 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0558 = McpControlContract( +CONTRACT_1013 = McpControlContract( contract_id='integracoes.atendimento_cliente.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='integracoes', @@ -26260,7 +62205,7 @@ CONTRACT_0558 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0559 = McpControlContract( +CONTRACT_1014 = McpControlContract( contract_id='integracoes.financeiro.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='integracoes', @@ -26286,7 +62231,7 @@ CONTRACT_0559 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0560 = McpControlContract( +CONTRACT_1015 = McpControlContract( contract_id='integracoes.contador.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='integracoes', @@ -26312,7 +62257,7 @@ CONTRACT_0560 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0561 = McpControlContract( +CONTRACT_1016 = McpControlContract( contract_id='integracoes.juridico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='integracoes', @@ -26338,7 +62283,7 @@ CONTRACT_0561 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0562 = McpControlContract( +CONTRACT_1017 = McpControlContract( contract_id='integracoes.secretaria.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='integracoes', @@ -26364,7 +62309,7 @@ CONTRACT_0562 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0563 = McpControlContract( +CONTRACT_1018 = McpControlContract( contract_id='integracoes.tecnico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='integracoes', @@ -26390,7 +62335,7 @@ CONTRACT_0563 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0564 = McpControlContract( +CONTRACT_1019 = McpControlContract( contract_id='integracoes.usuario_final.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='integracoes', @@ -26416,7 +62361,7 @@ CONTRACT_0564 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0565 = McpControlContract( +CONTRACT_1020 = McpControlContract( contract_id='integracoes.cliente_externo.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='integracoes', @@ -26442,7 +62387,7 @@ CONTRACT_0565 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0566 = McpControlContract( +CONTRACT_1021 = McpControlContract( contract_id='integracoes.planejamento_estrategico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='integracoes', @@ -26468,7 +62413,7 @@ CONTRACT_0566 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0567 = McpControlContract( +CONTRACT_1022 = McpControlContract( contract_id='integracoes.administrador_empresa.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='integracoes', @@ -26494,7 +62439,7 @@ CONTRACT_0567 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0568 = McpControlContract( +CONTRACT_1023 = McpControlContract( contract_id='integracoes.ceo.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='integracoes', @@ -26520,7 +62465,7 @@ CONTRACT_0568 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0569 = McpControlContract( +CONTRACT_1024 = McpControlContract( contract_id='integracoes.gestor_operacional.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='integracoes', @@ -26546,7 +62491,7 @@ CONTRACT_0569 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0570 = McpControlContract( +CONTRACT_1025 = McpControlContract( contract_id='integracoes.suporte.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='integracoes', @@ -26572,7 +62517,7 @@ CONTRACT_0570 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0571 = McpControlContract( +CONTRACT_1026 = McpControlContract( contract_id='integracoes.atendimento_cliente.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='integracoes', @@ -26598,7 +62543,7 @@ CONTRACT_0571 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0572 = McpControlContract( +CONTRACT_1027 = McpControlContract( contract_id='integracoes.financeiro.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='integracoes', @@ -26624,7 +62569,7 @@ CONTRACT_0572 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0573 = McpControlContract( +CONTRACT_1028 = McpControlContract( contract_id='integracoes.contador.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='integracoes', @@ -26650,7 +62595,7 @@ CONTRACT_0573 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0574 = McpControlContract( +CONTRACT_1029 = McpControlContract( contract_id='integracoes.juridico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='integracoes', @@ -26676,7 +62621,7 @@ CONTRACT_0574 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0575 = McpControlContract( +CONTRACT_1030 = McpControlContract( contract_id='integracoes.secretaria.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='integracoes', @@ -26702,7 +62647,7 @@ CONTRACT_0575 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0576 = McpControlContract( +CONTRACT_1031 = McpControlContract( contract_id='integracoes.tecnico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='integracoes', @@ -26728,7 +62673,7 @@ CONTRACT_0576 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0577 = McpControlContract( +CONTRACT_1032 = McpControlContract( contract_id='integracoes.usuario_final.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='integracoes', @@ -26754,7 +62699,7 @@ CONTRACT_0577 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0578 = McpControlContract( +CONTRACT_1033 = McpControlContract( contract_id='integracoes.cliente_externo.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='integracoes', @@ -26780,7 +62725,7 @@ CONTRACT_0578 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0579 = McpControlContract( +CONTRACT_1034 = McpControlContract( contract_id='integracoes.planejamento_estrategico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='integracoes', @@ -26806,7 +62751,7 @@ CONTRACT_0579 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0580 = McpControlContract( +CONTRACT_1035 = McpControlContract( contract_id='integracoes.byok.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='integracoes', @@ -26832,7 +62777,7 @@ CONTRACT_0580 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0581 = McpControlContract( +CONTRACT_1036 = McpControlContract( contract_id='integracoes.providers.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='integracoes', @@ -26858,7 +62803,7 @@ CONTRACT_0581 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0582 = McpControlContract( +CONTRACT_1037 = McpControlContract( contract_id='integracoes.credentials.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='integracoes', @@ -26884,7 +62829,7 @@ CONTRACT_0582 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0583 = McpControlContract( +CONTRACT_1038 = McpControlContract( contract_id='integracoes.smoke.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='integracoes', @@ -26910,7 +62855,7 @@ CONTRACT_0583 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0584 = McpControlContract( +CONTRACT_1039 = McpControlContract( contract_id='integracoes.products.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='integracoes', @@ -26936,7 +62881,7 @@ CONTRACT_0584 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0585 = McpControlContract( +CONTRACT_1040 = McpControlContract( contract_id='integracoes.tenant.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='integracoes', @@ -26962,7 +62907,7 @@ CONTRACT_0585 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0586 = McpControlContract( +CONTRACT_1041 = McpControlContract( contract_id='integracoes.consulta.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='integracoes', @@ -26988,7 +62933,7 @@ CONTRACT_0586 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0587 = McpControlContract( +CONTRACT_1042 = McpControlContract( contract_id='integracoes.diagnostico.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='integracoes', @@ -27014,7 +62959,7 @@ CONTRACT_0587 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0588 = McpControlContract( +CONTRACT_1043 = McpControlContract( contract_id='integracoes.acao.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='integracoes', @@ -27040,7 +62985,7 @@ CONTRACT_0588 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0589 = McpControlContract( +CONTRACT_1044 = McpControlContract( contract_id='integracoes.auditoria.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='integracoes', @@ -27066,7 +63011,7 @@ CONTRACT_0589 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0590 = McpControlContract( +CONTRACT_1045 = McpControlContract( contract_id='integracoes.explicacao.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='integracoes', @@ -27092,7 +63037,5142 @@ CONTRACT_0590 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0591 = McpControlContract( +CONTRACT_1046 = McpControlContract( + contract_id='integracoes.administrador_empresa.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Integracoes Platform para Administrador da empresa', + purpose='Expor consulta de Integracoes Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'administrador_empresaNeed', + 'consultaState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.administrador_empresa.consulta', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para integracoes/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para integracoes/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1047 = McpControlContract( + contract_id='integracoes.administrador_empresa.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Integracoes Platform para Administrador da empresa', + purpose='Expor diagnostico de Integracoes Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'administrador_empresaNeed', + 'diagnosticoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.administrador_empresa.diagnostico', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para integracoes/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para integracoes/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1048 = McpControlContract( + contract_id='integracoes.administrador_empresa.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Integracoes Platform para Administrador da empresa', + purpose='Expor acao de Integracoes Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'administrador_empresaNeed', + 'acaoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.administrador_empresa.acao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para integracoes/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para integracoes/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1049 = McpControlContract( + contract_id='integracoes.administrador_empresa.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Integracoes Platform para Administrador da empresa', + purpose='Expor auditoria de Integracoes Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'administrador_empresaNeed', + 'auditoriaState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.administrador_empresa.auditoria', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para integracoes/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para integracoes/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1050 = McpControlContract( + contract_id='integracoes.administrador_empresa.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Integracoes Platform para Administrador da empresa', + purpose='Expor explicacao de Integracoes Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'administrador_empresaNeed', + 'explicacaoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.administrador_empresa.explicacao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para integracoes/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para integracoes/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1051 = McpControlContract( + contract_id='integracoes.ceo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='ceo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Integracoes Platform para CEO', + purpose='Expor consulta de Integracoes Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'ceoNeed', + 'consultaState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.ceo.consulta', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para integracoes/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para integracoes/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1052 = McpControlContract( + contract_id='integracoes.ceo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='ceo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Integracoes Platform para CEO', + purpose='Expor diagnostico de Integracoes Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'ceoNeed', + 'diagnosticoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.ceo.diagnostico', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para integracoes/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para integracoes/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1053 = McpControlContract( + contract_id='integracoes.ceo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='ceo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Integracoes Platform para CEO', + purpose='Expor acao de Integracoes Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'ceoNeed', + 'acaoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.ceo.acao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para integracoes/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para integracoes/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1054 = McpControlContract( + contract_id='integracoes.ceo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='ceo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Integracoes Platform para CEO', + purpose='Expor auditoria de Integracoes Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'ceoNeed', + 'auditoriaState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.ceo.auditoria', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para integracoes/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para integracoes/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1055 = McpControlContract( + contract_id='integracoes.ceo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='ceo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Integracoes Platform para CEO', + purpose='Expor explicacao de Integracoes Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'ceoNeed', + 'explicacaoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.ceo.explicacao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para integracoes/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para integracoes/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1056 = McpControlContract( + contract_id='integracoes.gestor_operacional.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Integracoes Platform para Gestor operacional', + purpose='Expor consulta de Integracoes Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'gestor_operacionalNeed', + 'consultaState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.gestor_operacional.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para integracoes/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para integracoes/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1057 = McpControlContract( + contract_id='integracoes.gestor_operacional.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Integracoes Platform para Gestor operacional', + purpose='Expor diagnostico de Integracoes Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'gestor_operacionalNeed', + 'diagnosticoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.gestor_operacional.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para integracoes/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para integracoes/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1058 = McpControlContract( + contract_id='integracoes.gestor_operacional.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Integracoes Platform para Gestor operacional', + purpose='Expor acao de Integracoes Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'gestor_operacionalNeed', + 'acaoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.gestor_operacional.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para integracoes/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para integracoes/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1059 = McpControlContract( + contract_id='integracoes.gestor_operacional.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Integracoes Platform para Gestor operacional', + purpose='Expor auditoria de Integracoes Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'gestor_operacionalNeed', + 'auditoriaState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.gestor_operacional.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para integracoes/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para integracoes/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1060 = McpControlContract( + contract_id='integracoes.gestor_operacional.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Integracoes Platform para Gestor operacional', + purpose='Expor explicacao de Integracoes Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'gestor_operacionalNeed', + 'explicacaoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.gestor_operacional.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para integracoes/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para integracoes/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1061 = McpControlContract( + contract_id='integracoes.suporte.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='suporte', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Integracoes Platform para Equipe de suporte', + purpose='Expor consulta de Integracoes Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'suporteNeed', + 'consultaState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.suporte.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para integracoes/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para integracoes/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1062 = McpControlContract( + contract_id='integracoes.suporte.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='suporte', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Integracoes Platform para Equipe de suporte', + purpose='Expor diagnostico de Integracoes Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'suporteNeed', + 'diagnosticoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.suporte.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para integracoes/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para integracoes/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1063 = McpControlContract( + contract_id='integracoes.suporte.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='suporte', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Integracoes Platform para Equipe de suporte', + purpose='Expor acao de Integracoes Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'suporteNeed', + 'acaoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.suporte.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para integracoes/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para integracoes/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1064 = McpControlContract( + contract_id='integracoes.suporte.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='suporte', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Integracoes Platform para Equipe de suporte', + purpose='Expor auditoria de Integracoes Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'suporteNeed', + 'auditoriaState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.suporte.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para integracoes/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para integracoes/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1065 = McpControlContract( + contract_id='integracoes.suporte.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='suporte', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Integracoes Platform para Equipe de suporte', + purpose='Expor explicacao de Integracoes Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'suporteNeed', + 'explicacaoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.suporte.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para integracoes/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para integracoes/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1066 = McpControlContract( + contract_id='integracoes.atendimento_cliente.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Integracoes Platform para Atendimento ao cliente', + purpose='Expor consulta de Integracoes Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'atendimento_clienteNeed', + 'consultaState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.atendimento_cliente.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para integracoes/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para integracoes/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1067 = McpControlContract( + contract_id='integracoes.atendimento_cliente.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Integracoes Platform para Atendimento ao cliente', + purpose='Expor diagnostico de Integracoes Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'atendimento_clienteNeed', + 'diagnosticoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.atendimento_cliente.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para integracoes/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para integracoes/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1068 = McpControlContract( + contract_id='integracoes.atendimento_cliente.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Integracoes Platform para Atendimento ao cliente', + purpose='Expor acao de Integracoes Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'atendimento_clienteNeed', + 'acaoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.atendimento_cliente.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para integracoes/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para integracoes/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1069 = McpControlContract( + contract_id='integracoes.atendimento_cliente.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Integracoes Platform para Atendimento ao cliente', + purpose='Expor auditoria de Integracoes Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'atendimento_clienteNeed', + 'auditoriaState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.atendimento_cliente.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para integracoes/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para integracoes/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1070 = McpControlContract( + contract_id='integracoes.atendimento_cliente.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Integracoes Platform para Atendimento ao cliente', + purpose='Expor explicacao de Integracoes Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'atendimento_clienteNeed', + 'explicacaoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.atendimento_cliente.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para integracoes/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para integracoes/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1071 = McpControlContract( + contract_id='integracoes.financeiro.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='financeiro', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Integracoes Platform para Financeiro', + purpose='Expor consulta de Integracoes Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'financeiroNeed', + 'consultaState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.financeiro.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para integracoes/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para integracoes/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1072 = McpControlContract( + contract_id='integracoes.financeiro.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='financeiro', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Integracoes Platform para Financeiro', + purpose='Expor diagnostico de Integracoes Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'financeiroNeed', + 'diagnosticoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.financeiro.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para integracoes/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para integracoes/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1073 = McpControlContract( + contract_id='integracoes.financeiro.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='financeiro', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Integracoes Platform para Financeiro', + purpose='Expor acao de Integracoes Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'financeiroNeed', + 'acaoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.financeiro.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para integracoes/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para integracoes/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1074 = McpControlContract( + contract_id='integracoes.financeiro.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='financeiro', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Integracoes Platform para Financeiro', + purpose='Expor auditoria de Integracoes Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'financeiroNeed', + 'auditoriaState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.financeiro.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para integracoes/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para integracoes/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1075 = McpControlContract( + contract_id='integracoes.financeiro.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='financeiro', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Integracoes Platform para Financeiro', + purpose='Expor explicacao de Integracoes Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'financeiroNeed', + 'explicacaoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.financeiro.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para integracoes/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para integracoes/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1076 = McpControlContract( + contract_id='integracoes.contador.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='contador', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Integracoes Platform para Contador', + purpose='Expor consulta de Integracoes Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'contadorNeed', + 'consultaState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.contador.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para integracoes/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para integracoes/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1077 = McpControlContract( + contract_id='integracoes.contador.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='contador', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Integracoes Platform para Contador', + purpose='Expor diagnostico de Integracoes Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'contadorNeed', + 'diagnosticoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.contador.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para integracoes/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para integracoes/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1078 = McpControlContract( + contract_id='integracoes.contador.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='contador', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Integracoes Platform para Contador', + purpose='Expor acao de Integracoes Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'contadorNeed', + 'acaoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.contador.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para integracoes/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para integracoes/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1079 = McpControlContract( + contract_id='integracoes.contador.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='contador', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Integracoes Platform para Contador', + purpose='Expor auditoria de Integracoes Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'contadorNeed', + 'auditoriaState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.contador.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para integracoes/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para integracoes/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1080 = McpControlContract( + contract_id='integracoes.contador.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='contador', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Integracoes Platform para Contador', + purpose='Expor explicacao de Integracoes Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'contadorNeed', + 'explicacaoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.contador.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para integracoes/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para integracoes/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1081 = McpControlContract( + contract_id='integracoes.juridico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='juridico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Integracoes Platform para Juridico', + purpose='Expor consulta de Integracoes Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'juridicoNeed', + 'consultaState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.juridico.consulta', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para integracoes/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para integracoes/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1082 = McpControlContract( + contract_id='integracoes.juridico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='juridico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Integracoes Platform para Juridico', + purpose='Expor diagnostico de Integracoes Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'juridicoNeed', + 'diagnosticoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.juridico.diagnostico', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para integracoes/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para integracoes/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1083 = McpControlContract( + contract_id='integracoes.juridico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='juridico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Integracoes Platform para Juridico', + purpose='Expor acao de Integracoes Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'juridicoNeed', + 'acaoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.juridico.acao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para integracoes/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para integracoes/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1084 = McpControlContract( + contract_id='integracoes.juridico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='juridico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Integracoes Platform para Juridico', + purpose='Expor auditoria de Integracoes Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'juridicoNeed', + 'auditoriaState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.juridico.auditoria', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para integracoes/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para integracoes/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1085 = McpControlContract( + contract_id='integracoes.juridico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='juridico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Integracoes Platform para Juridico', + purpose='Expor explicacao de Integracoes Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'juridicoNeed', + 'explicacaoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.juridico.explicacao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para integracoes/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para integracoes/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1086 = McpControlContract( + contract_id='integracoes.secretaria.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='secretaria', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Integracoes Platform para Secretaria', + purpose='Expor consulta de Integracoes Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'secretariaNeed', + 'consultaState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.secretaria.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para integracoes/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para integracoes/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1087 = McpControlContract( + contract_id='integracoes.secretaria.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='secretaria', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Integracoes Platform para Secretaria', + purpose='Expor diagnostico de Integracoes Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'secretariaNeed', + 'diagnosticoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.secretaria.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para integracoes/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para integracoes/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1088 = McpControlContract( + contract_id='integracoes.secretaria.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='secretaria', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Integracoes Platform para Secretaria', + purpose='Expor acao de Integracoes Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'secretariaNeed', + 'acaoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.secretaria.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para integracoes/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para integracoes/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1089 = McpControlContract( + contract_id='integracoes.secretaria.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='secretaria', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Integracoes Platform para Secretaria', + purpose='Expor auditoria de Integracoes Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'secretariaNeed', + 'auditoriaState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.secretaria.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para integracoes/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para integracoes/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1090 = McpControlContract( + contract_id='integracoes.secretaria.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='secretaria', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Integracoes Platform para Secretaria', + purpose='Expor explicacao de Integracoes Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'secretariaNeed', + 'explicacaoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.secretaria.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para integracoes/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para integracoes/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1091 = McpControlContract( + contract_id='integracoes.tecnico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='tecnico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Integracoes Platform para Tecnico', + purpose='Expor consulta de Integracoes Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'tecnicoNeed', + 'consultaState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.tecnico.consulta', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para integracoes/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para integracoes/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1092 = McpControlContract( + contract_id='integracoes.tecnico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='tecnico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Integracoes Platform para Tecnico', + purpose='Expor diagnostico de Integracoes Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'tecnicoNeed', + 'diagnosticoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.tecnico.diagnostico', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para integracoes/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para integracoes/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1093 = McpControlContract( + contract_id='integracoes.tecnico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='tecnico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Integracoes Platform para Tecnico', + purpose='Expor acao de Integracoes Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'tecnicoNeed', + 'acaoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.tecnico.acao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para integracoes/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para integracoes/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1094 = McpControlContract( + contract_id='integracoes.tecnico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='tecnico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Integracoes Platform para Tecnico', + purpose='Expor auditoria de Integracoes Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'tecnicoNeed', + 'auditoriaState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.tecnico.auditoria', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para integracoes/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para integracoes/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1095 = McpControlContract( + contract_id='integracoes.tecnico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='tecnico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Integracoes Platform para Tecnico', + purpose='Expor explicacao de Integracoes Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'tecnicoNeed', + 'explicacaoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.tecnico.explicacao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para integracoes/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para integracoes/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1096 = McpControlContract( + contract_id='integracoes.usuario_final.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='usuario_final', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Integracoes Platform para Usuario final', + purpose='Expor consulta de Integracoes Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'usuario_finalNeed', + 'consultaState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.usuario_final.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para integracoes/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para integracoes/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1097 = McpControlContract( + contract_id='integracoes.usuario_final.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='usuario_final', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Integracoes Platform para Usuario final', + purpose='Expor diagnostico de Integracoes Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'usuario_finalNeed', + 'diagnosticoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.usuario_final.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para integracoes/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para integracoes/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1098 = McpControlContract( + contract_id='integracoes.usuario_final.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='usuario_final', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Integracoes Platform para Usuario final', + purpose='Expor acao de Integracoes Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'usuario_finalNeed', + 'acaoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.usuario_final.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para integracoes/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para integracoes/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1099 = McpControlContract( + contract_id='integracoes.usuario_final.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='usuario_final', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Integracoes Platform para Usuario final', + purpose='Expor auditoria de Integracoes Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'usuario_finalNeed', + 'auditoriaState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.usuario_final.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para integracoes/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para integracoes/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1100 = McpControlContract( + contract_id='integracoes.usuario_final.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='usuario_final', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Integracoes Platform para Usuario final', + purpose='Expor explicacao de Integracoes Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'usuario_finalNeed', + 'explicacaoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.usuario_final.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para integracoes/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para integracoes/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1101 = McpControlContract( + contract_id='integracoes.cliente_externo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='cliente_externo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Integracoes Platform para Cliente externo', + purpose='Expor consulta de Integracoes Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'cliente_externoNeed', + 'consultaState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.cliente_externo.consulta', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para integracoes/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para integracoes/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1102 = McpControlContract( + contract_id='integracoes.cliente_externo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='cliente_externo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Integracoes Platform para Cliente externo', + purpose='Expor diagnostico de Integracoes Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'cliente_externoNeed', + 'diagnosticoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.cliente_externo.diagnostico', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para integracoes/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para integracoes/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1103 = McpControlContract( + contract_id='integracoes.cliente_externo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='cliente_externo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Integracoes Platform para Cliente externo', + purpose='Expor acao de Integracoes Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'cliente_externoNeed', + 'acaoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.cliente_externo.acao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para integracoes/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para integracoes/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1104 = McpControlContract( + contract_id='integracoes.cliente_externo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='cliente_externo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Integracoes Platform para Cliente externo', + purpose='Expor auditoria de Integracoes Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'cliente_externoNeed', + 'auditoriaState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.cliente_externo.auditoria', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para integracoes/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para integracoes/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1105 = McpControlContract( + contract_id='integracoes.cliente_externo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='cliente_externo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Integracoes Platform para Cliente externo', + purpose='Expor explicacao de Integracoes Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'cliente_externoNeed', + 'explicacaoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.cliente_externo.explicacao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para integracoes/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para integracoes/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1106 = McpControlContract( + contract_id='integracoes.planejamento_estrategico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Integracoes Platform para Planejamento estrategico', + purpose='Expor consulta de Integracoes Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'planejamento_estrategicoNeed', + 'consultaState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.planejamento_estrategico.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para integracoes/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para integracoes/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1107 = McpControlContract( + contract_id='integracoes.planejamento_estrategico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Integracoes Platform para Planejamento estrategico', + purpose='Expor diagnostico de Integracoes Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'planejamento_estrategicoNeed', + 'diagnosticoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.planejamento_estrategico.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para integracoes/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para integracoes/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1108 = McpControlContract( + contract_id='integracoes.planejamento_estrategico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Integracoes Platform para Planejamento estrategico', + purpose='Expor acao de Integracoes Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'planejamento_estrategicoNeed', + 'acaoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.planejamento_estrategico.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para integracoes/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para integracoes/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1109 = McpControlContract( + contract_id='integracoes.planejamento_estrategico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Integracoes Platform para Planejamento estrategico', + purpose='Expor auditoria de Integracoes Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'planejamento_estrategicoNeed', + 'auditoriaState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.planejamento_estrategico.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para integracoes/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para integracoes/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1110 = McpControlContract( + contract_id='integracoes.planejamento_estrategico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='integracoes', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Integracoes Platform para Planejamento estrategico', + purpose='Expor explicacao de Integracoes Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'integracoesStatus', + 'planejamento_estrategicoNeed', + 'explicacaoState', + 'integrationGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.integracoes.planejamento_estrategico.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider integracoes via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para integracoes/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para integracoes/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1111 = McpControlContract( contract_id='integracoes.credentialref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='integracoes', @@ -27118,7 +68198,7 @@ CONTRACT_0591 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0592 = McpControlContract( +CONTRACT_1112 = McpControlContract( contract_id='integracoes.tokenref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='integracoes', @@ -27144,7 +68224,7 @@ CONTRACT_0592 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0593 = McpControlContract( +CONTRACT_1113 = McpControlContract( contract_id='integracoes.secretref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='integracoes', @@ -27170,7 +68250,7 @@ CONTRACT_0593 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0594 = McpControlContract( +CONTRACT_1114 = McpControlContract( contract_id='integracoes.cfat.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='integracoes', @@ -27196,7 +68276,7 @@ CONTRACT_0594 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0595 = McpControlContract( +CONTRACT_1115 = McpControlContract( contract_id='integracoes.administrador_empresa.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -27265,7 +68345,7 @@ CONTRACT_0595 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0596 = McpControlContract( +CONTRACT_1116 = McpControlContract( contract_id='integracoes.administrador_empresa.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -27334,7 +68414,7 @@ CONTRACT_0596 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0597 = McpControlContract( +CONTRACT_1117 = McpControlContract( contract_id='integracoes.administrador_empresa.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -27403,7 +68483,7 @@ CONTRACT_0597 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0598 = McpControlContract( +CONTRACT_1118 = McpControlContract( contract_id='integracoes.ceo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -27472,7 +68552,7 @@ CONTRACT_0598 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0599 = McpControlContract( +CONTRACT_1119 = McpControlContract( contract_id='integracoes.ceo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -27541,7 +68621,7 @@ CONTRACT_0599 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0600 = McpControlContract( +CONTRACT_1120 = McpControlContract( contract_id='integracoes.ceo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -27610,7 +68690,7 @@ CONTRACT_0600 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0601 = McpControlContract( +CONTRACT_1121 = McpControlContract( contract_id='integracoes.gestor_operacional.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -27679,7 +68759,7 @@ CONTRACT_0601 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0602 = McpControlContract( +CONTRACT_1122 = McpControlContract( contract_id='integracoes.gestor_operacional.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -27748,7 +68828,7 @@ CONTRACT_0602 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0603 = McpControlContract( +CONTRACT_1123 = McpControlContract( contract_id='integracoes.gestor_operacional.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -27817,7 +68897,7 @@ CONTRACT_0603 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0604 = McpControlContract( +CONTRACT_1124 = McpControlContract( contract_id='integracoes.suporte.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -27886,7 +68966,7 @@ CONTRACT_0604 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0605 = McpControlContract( +CONTRACT_1125 = McpControlContract( contract_id='integracoes.suporte.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -27955,7 +69035,7 @@ CONTRACT_0605 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0606 = McpControlContract( +CONTRACT_1126 = McpControlContract( contract_id='integracoes.suporte.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -28024,7 +69104,7 @@ CONTRACT_0606 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0607 = McpControlContract( +CONTRACT_1127 = McpControlContract( contract_id='integracoes.atendimento_cliente.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -28093,7 +69173,7 @@ CONTRACT_0607 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0608 = McpControlContract( +CONTRACT_1128 = McpControlContract( contract_id='integracoes.atendimento_cliente.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -28162,7 +69242,7 @@ CONTRACT_0608 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0609 = McpControlContract( +CONTRACT_1129 = McpControlContract( contract_id='integracoes.atendimento_cliente.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -28231,7 +69311,7 @@ CONTRACT_0609 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0610 = McpControlContract( +CONTRACT_1130 = McpControlContract( contract_id='integracoes.financeiro.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -28300,7 +69380,7 @@ CONTRACT_0610 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0611 = McpControlContract( +CONTRACT_1131 = McpControlContract( contract_id='integracoes.financeiro.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -28369,7 +69449,7 @@ CONTRACT_0611 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0612 = McpControlContract( +CONTRACT_1132 = McpControlContract( contract_id='integracoes.financeiro.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -28438,7 +69518,7 @@ CONTRACT_0612 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0613 = McpControlContract( +CONTRACT_1133 = McpControlContract( contract_id='integracoes.contador.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -28507,7 +69587,7 @@ CONTRACT_0613 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0614 = McpControlContract( +CONTRACT_1134 = McpControlContract( contract_id='integracoes.contador.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -28576,7 +69656,7 @@ CONTRACT_0614 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0615 = McpControlContract( +CONTRACT_1135 = McpControlContract( contract_id='integracoes.contador.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -28645,7 +69725,7 @@ CONTRACT_0615 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0616 = McpControlContract( +CONTRACT_1136 = McpControlContract( contract_id='integracoes.juridico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -28714,7 +69794,7 @@ CONTRACT_0616 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0617 = McpControlContract( +CONTRACT_1137 = McpControlContract( contract_id='integracoes.juridico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -28783,7 +69863,7 @@ CONTRACT_0617 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0618 = McpControlContract( +CONTRACT_1138 = McpControlContract( contract_id='integracoes.juridico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -28852,7 +69932,7 @@ CONTRACT_0618 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0619 = McpControlContract( +CONTRACT_1139 = McpControlContract( contract_id='integracoes.secretaria.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -28921,7 +70001,7 @@ CONTRACT_0619 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0620 = McpControlContract( +CONTRACT_1140 = McpControlContract( contract_id='integracoes.secretaria.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -28990,7 +70070,7 @@ CONTRACT_0620 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0621 = McpControlContract( +CONTRACT_1141 = McpControlContract( contract_id='integracoes.secretaria.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -29059,7 +70139,7 @@ CONTRACT_0621 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0622 = McpControlContract( +CONTRACT_1142 = McpControlContract( contract_id='integracoes.tecnico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -29128,7 +70208,7 @@ CONTRACT_0622 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0623 = McpControlContract( +CONTRACT_1143 = McpControlContract( contract_id='integracoes.tecnico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -29197,7 +70277,7 @@ CONTRACT_0623 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0624 = McpControlContract( +CONTRACT_1144 = McpControlContract( contract_id='integracoes.tecnico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -29266,7 +70346,7 @@ CONTRACT_0624 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0625 = McpControlContract( +CONTRACT_1145 = McpControlContract( contract_id='integracoes.usuario_final.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -29335,7 +70415,7 @@ CONTRACT_0625 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0626 = McpControlContract( +CONTRACT_1146 = McpControlContract( contract_id='integracoes.usuario_final.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -29404,7 +70484,7 @@ CONTRACT_0626 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0627 = McpControlContract( +CONTRACT_1147 = McpControlContract( contract_id='integracoes.usuario_final.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -29473,7 +70553,7 @@ CONTRACT_0627 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0628 = McpControlContract( +CONTRACT_1148 = McpControlContract( contract_id='integracoes.cliente_externo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -29542,7 +70622,7 @@ CONTRACT_0628 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0629 = McpControlContract( +CONTRACT_1149 = McpControlContract( contract_id='integracoes.cliente_externo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -29611,7 +70691,7 @@ CONTRACT_0629 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0630 = McpControlContract( +CONTRACT_1150 = McpControlContract( contract_id='integracoes.cliente_externo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -29680,7 +70760,7 @@ CONTRACT_0630 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0631 = McpControlContract( +CONTRACT_1151 = McpControlContract( contract_id='integracoes.planejamento_estrategico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -29749,7 +70829,7 @@ CONTRACT_0631 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0632 = McpControlContract( +CONTRACT_1152 = McpControlContract( contract_id='integracoes.planejamento_estrategico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -29818,7 +70898,7 @@ CONTRACT_0632 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0633 = McpControlContract( +CONTRACT_1153 = McpControlContract( contract_id='integracoes.planejamento_estrategico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='integracoes', @@ -29887,7 +70967,7 @@ CONTRACT_0633 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0634 = McpControlContract( +CONTRACT_1154 = McpControlContract( contract_id='intelligence.administrador_empresa.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='intelligence', @@ -29913,7 +70993,7 @@ CONTRACT_0634 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0635 = McpControlContract( +CONTRACT_1155 = McpControlContract( contract_id='intelligence.ceo.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='intelligence', @@ -29939,7 +71019,7 @@ CONTRACT_0635 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0636 = McpControlContract( +CONTRACT_1156 = McpControlContract( contract_id='intelligence.gestor_operacional.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='intelligence', @@ -29965,7 +71045,7 @@ CONTRACT_0636 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0637 = McpControlContract( +CONTRACT_1157 = McpControlContract( contract_id='intelligence.suporte.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='intelligence', @@ -29991,7 +71071,7 @@ CONTRACT_0637 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0638 = McpControlContract( +CONTRACT_1158 = McpControlContract( contract_id='intelligence.atendimento_cliente.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='intelligence', @@ -30017,7 +71097,7 @@ CONTRACT_0638 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0639 = McpControlContract( +CONTRACT_1159 = McpControlContract( contract_id='intelligence.financeiro.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='intelligence', @@ -30043,7 +71123,7 @@ CONTRACT_0639 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0640 = McpControlContract( +CONTRACT_1160 = McpControlContract( contract_id='intelligence.contador.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='intelligence', @@ -30069,7 +71149,7 @@ CONTRACT_0640 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0641 = McpControlContract( +CONTRACT_1161 = McpControlContract( contract_id='intelligence.juridico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='intelligence', @@ -30095,7 +71175,7 @@ CONTRACT_0641 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0642 = McpControlContract( +CONTRACT_1162 = McpControlContract( contract_id='intelligence.secretaria.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='intelligence', @@ -30121,7 +71201,7 @@ CONTRACT_0642 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0643 = McpControlContract( +CONTRACT_1163 = McpControlContract( contract_id='intelligence.tecnico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='intelligence', @@ -30147,7 +71227,7 @@ CONTRACT_0643 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0644 = McpControlContract( +CONTRACT_1164 = McpControlContract( contract_id='intelligence.usuario_final.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='intelligence', @@ -30173,7 +71253,7 @@ CONTRACT_0644 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0645 = McpControlContract( +CONTRACT_1165 = McpControlContract( contract_id='intelligence.cliente_externo.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='intelligence', @@ -30199,7 +71279,7 @@ CONTRACT_0645 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0646 = McpControlContract( +CONTRACT_1166 = McpControlContract( contract_id='intelligence.planejamento_estrategico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='intelligence', @@ -30225,7 +71305,7 @@ CONTRACT_0646 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0647 = McpControlContract( +CONTRACT_1167 = McpControlContract( contract_id='intelligence.administrador_empresa.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='intelligence', @@ -30251,7 +71331,7 @@ CONTRACT_0647 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0648 = McpControlContract( +CONTRACT_1168 = McpControlContract( contract_id='intelligence.ceo.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='intelligence', @@ -30277,7 +71357,7 @@ CONTRACT_0648 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0649 = McpControlContract( +CONTRACT_1169 = McpControlContract( contract_id='intelligence.gestor_operacional.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='intelligence', @@ -30303,7 +71383,7 @@ CONTRACT_0649 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0650 = McpControlContract( +CONTRACT_1170 = McpControlContract( contract_id='intelligence.suporte.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='intelligence', @@ -30329,7 +71409,7 @@ CONTRACT_0650 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0651 = McpControlContract( +CONTRACT_1171 = McpControlContract( contract_id='intelligence.atendimento_cliente.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='intelligence', @@ -30355,7 +71435,7 @@ CONTRACT_0651 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0652 = McpControlContract( +CONTRACT_1172 = McpControlContract( contract_id='intelligence.financeiro.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='intelligence', @@ -30381,7 +71461,7 @@ CONTRACT_0652 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0653 = McpControlContract( +CONTRACT_1173 = McpControlContract( contract_id='intelligence.contador.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='intelligence', @@ -30407,7 +71487,7 @@ CONTRACT_0653 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0654 = McpControlContract( +CONTRACT_1174 = McpControlContract( contract_id='intelligence.juridico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='intelligence', @@ -30433,7 +71513,7 @@ CONTRACT_0654 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0655 = McpControlContract( +CONTRACT_1175 = McpControlContract( contract_id='intelligence.secretaria.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='intelligence', @@ -30459,7 +71539,7 @@ CONTRACT_0655 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0656 = McpControlContract( +CONTRACT_1176 = McpControlContract( contract_id='intelligence.tecnico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='intelligence', @@ -30485,7 +71565,7 @@ CONTRACT_0656 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0657 = McpControlContract( +CONTRACT_1177 = McpControlContract( contract_id='intelligence.usuario_final.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='intelligence', @@ -30511,7 +71591,7 @@ CONTRACT_0657 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0658 = McpControlContract( +CONTRACT_1178 = McpControlContract( contract_id='intelligence.cliente_externo.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='intelligence', @@ -30537,7 +71617,7 @@ CONTRACT_0658 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0659 = McpControlContract( +CONTRACT_1179 = McpControlContract( contract_id='intelligence.planejamento_estrategico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='intelligence', @@ -30563,7 +71643,7 @@ CONTRACT_0659 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0660 = McpControlContract( +CONTRACT_1180 = McpControlContract( contract_id='intelligence.analytics.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='intelligence', @@ -30589,7 +71669,7 @@ CONTRACT_0660 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0661 = McpControlContract( +CONTRACT_1181 = McpControlContract( contract_id='intelligence.recommendations.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='intelligence', @@ -30615,7 +71695,7 @@ CONTRACT_0661 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0662 = McpControlContract( +CONTRACT_1182 = McpControlContract( contract_id='intelligence.risk.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='intelligence', @@ -30641,7 +71721,7 @@ CONTRACT_0662 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0663 = McpControlContract( +CONTRACT_1183 = McpControlContract( contract_id='intelligence.prioritization.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='intelligence', @@ -30667,7 +71747,7 @@ CONTRACT_0663 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0664 = McpControlContract( +CONTRACT_1184 = McpControlContract( contract_id='intelligence.consulta.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='intelligence', @@ -30693,7 +71773,7 @@ CONTRACT_0664 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0665 = McpControlContract( +CONTRACT_1185 = McpControlContract( contract_id='intelligence.diagnostico.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='intelligence', @@ -30719,7 +71799,7 @@ CONTRACT_0665 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0666 = McpControlContract( +CONTRACT_1186 = McpControlContract( contract_id='intelligence.acao.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='intelligence', @@ -30745,7 +71825,7 @@ CONTRACT_0666 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0667 = McpControlContract( +CONTRACT_1187 = McpControlContract( contract_id='intelligence.auditoria.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='intelligence', @@ -30771,7 +71851,7 @@ CONTRACT_0667 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0668 = McpControlContract( +CONTRACT_1188 = McpControlContract( contract_id='intelligence.explicacao.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='intelligence', @@ -30797,7 +71877,5142 @@ CONTRACT_0668 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0669 = McpControlContract( +CONTRACT_1189 = McpControlContract( + contract_id='intelligence.administrador_empresa.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Intelligence Platform para Administrador da empresa', + purpose='Expor consulta de Intelligence Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'administrador_empresaNeed', + 'consultaState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.administrador_empresa.consulta', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para intelligence/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para intelligence/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1190 = McpControlContract( + contract_id='intelligence.administrador_empresa.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Intelligence Platform para Administrador da empresa', + purpose='Expor diagnostico de Intelligence Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'administrador_empresaNeed', + 'diagnosticoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.administrador_empresa.diagnostico', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para intelligence/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para intelligence/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1191 = McpControlContract( + contract_id='intelligence.administrador_empresa.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Intelligence Platform para Administrador da empresa', + purpose='Expor acao de Intelligence Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'administrador_empresaNeed', + 'acaoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.administrador_empresa.acao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para intelligence/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para intelligence/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1192 = McpControlContract( + contract_id='intelligence.administrador_empresa.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Intelligence Platform para Administrador da empresa', + purpose='Expor auditoria de Intelligence Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'administrador_empresaNeed', + 'auditoriaState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.administrador_empresa.auditoria', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para intelligence/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para intelligence/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1193 = McpControlContract( + contract_id='intelligence.administrador_empresa.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Intelligence Platform para Administrador da empresa', + purpose='Expor explicacao de Intelligence Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'administrador_empresaNeed', + 'explicacaoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.administrador_empresa.explicacao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para intelligence/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para intelligence/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1194 = McpControlContract( + contract_id='intelligence.ceo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='ceo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Intelligence Platform para CEO', + purpose='Expor consulta de Intelligence Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'ceoNeed', + 'consultaState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.ceo.consulta', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para intelligence/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para intelligence/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1195 = McpControlContract( + contract_id='intelligence.ceo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='ceo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Intelligence Platform para CEO', + purpose='Expor diagnostico de Intelligence Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'ceoNeed', + 'diagnosticoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.ceo.diagnostico', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para intelligence/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para intelligence/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1196 = McpControlContract( + contract_id='intelligence.ceo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='ceo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Intelligence Platform para CEO', + purpose='Expor acao de Intelligence Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'ceoNeed', + 'acaoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.ceo.acao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para intelligence/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para intelligence/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1197 = McpControlContract( + contract_id='intelligence.ceo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='ceo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Intelligence Platform para CEO', + purpose='Expor auditoria de Intelligence Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'ceoNeed', + 'auditoriaState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.ceo.auditoria', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para intelligence/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para intelligence/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1198 = McpControlContract( + contract_id='intelligence.ceo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='ceo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Intelligence Platform para CEO', + purpose='Expor explicacao de Intelligence Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'ceoNeed', + 'explicacaoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.ceo.explicacao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para intelligence/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para intelligence/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1199 = McpControlContract( + contract_id='intelligence.gestor_operacional.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Intelligence Platform para Gestor operacional', + purpose='Expor consulta de Intelligence Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'gestor_operacionalNeed', + 'consultaState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.gestor_operacional.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para intelligence/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para intelligence/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1200 = McpControlContract( + contract_id='intelligence.gestor_operacional.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Intelligence Platform para Gestor operacional', + purpose='Expor diagnostico de Intelligence Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'gestor_operacionalNeed', + 'diagnosticoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.gestor_operacional.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para intelligence/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para intelligence/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1201 = McpControlContract( + contract_id='intelligence.gestor_operacional.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Intelligence Platform para Gestor operacional', + purpose='Expor acao de Intelligence Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'gestor_operacionalNeed', + 'acaoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.gestor_operacional.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para intelligence/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para intelligence/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1202 = McpControlContract( + contract_id='intelligence.gestor_operacional.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Intelligence Platform para Gestor operacional', + purpose='Expor auditoria de Intelligence Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'gestor_operacionalNeed', + 'auditoriaState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.gestor_operacional.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para intelligence/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para intelligence/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1203 = McpControlContract( + contract_id='intelligence.gestor_operacional.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Intelligence Platform para Gestor operacional', + purpose='Expor explicacao de Intelligence Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'gestor_operacionalNeed', + 'explicacaoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.gestor_operacional.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para intelligence/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para intelligence/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1204 = McpControlContract( + contract_id='intelligence.suporte.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='suporte', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Intelligence Platform para Equipe de suporte', + purpose='Expor consulta de Intelligence Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'suporteNeed', + 'consultaState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.suporte.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para intelligence/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para intelligence/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1205 = McpControlContract( + contract_id='intelligence.suporte.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='suporte', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Intelligence Platform para Equipe de suporte', + purpose='Expor diagnostico de Intelligence Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'suporteNeed', + 'diagnosticoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.suporte.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para intelligence/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para intelligence/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1206 = McpControlContract( + contract_id='intelligence.suporte.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='suporte', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Intelligence Platform para Equipe de suporte', + purpose='Expor acao de Intelligence Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'suporteNeed', + 'acaoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.suporte.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para intelligence/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para intelligence/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1207 = McpControlContract( + contract_id='intelligence.suporte.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='suporte', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Intelligence Platform para Equipe de suporte', + purpose='Expor auditoria de Intelligence Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'suporteNeed', + 'auditoriaState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.suporte.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para intelligence/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para intelligence/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1208 = McpControlContract( + contract_id='intelligence.suporte.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='suporte', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Intelligence Platform para Equipe de suporte', + purpose='Expor explicacao de Intelligence Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'suporteNeed', + 'explicacaoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.suporte.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para intelligence/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para intelligence/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1209 = McpControlContract( + contract_id='intelligence.atendimento_cliente.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Intelligence Platform para Atendimento ao cliente', + purpose='Expor consulta de Intelligence Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'atendimento_clienteNeed', + 'consultaState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.atendimento_cliente.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para intelligence/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para intelligence/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1210 = McpControlContract( + contract_id='intelligence.atendimento_cliente.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Intelligence Platform para Atendimento ao cliente', + purpose='Expor diagnostico de Intelligence Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'atendimento_clienteNeed', + 'diagnosticoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.atendimento_cliente.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para intelligence/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para intelligence/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1211 = McpControlContract( + contract_id='intelligence.atendimento_cliente.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Intelligence Platform para Atendimento ao cliente', + purpose='Expor acao de Intelligence Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'atendimento_clienteNeed', + 'acaoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.atendimento_cliente.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para intelligence/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para intelligence/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1212 = McpControlContract( + contract_id='intelligence.atendimento_cliente.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Intelligence Platform para Atendimento ao cliente', + purpose='Expor auditoria de Intelligence Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'atendimento_clienteNeed', + 'auditoriaState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.atendimento_cliente.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para intelligence/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para intelligence/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1213 = McpControlContract( + contract_id='intelligence.atendimento_cliente.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Intelligence Platform para Atendimento ao cliente', + purpose='Expor explicacao de Intelligence Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'atendimento_clienteNeed', + 'explicacaoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.atendimento_cliente.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para intelligence/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para intelligence/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1214 = McpControlContract( + contract_id='intelligence.financeiro.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='financeiro', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Intelligence Platform para Financeiro', + purpose='Expor consulta de Intelligence Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'financeiroNeed', + 'consultaState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.financeiro.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para intelligence/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para intelligence/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1215 = McpControlContract( + contract_id='intelligence.financeiro.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='financeiro', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Intelligence Platform para Financeiro', + purpose='Expor diagnostico de Intelligence Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'financeiroNeed', + 'diagnosticoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.financeiro.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para intelligence/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para intelligence/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1216 = McpControlContract( + contract_id='intelligence.financeiro.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='financeiro', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Intelligence Platform para Financeiro', + purpose='Expor acao de Intelligence Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'financeiroNeed', + 'acaoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.financeiro.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para intelligence/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para intelligence/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1217 = McpControlContract( + contract_id='intelligence.financeiro.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='financeiro', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Intelligence Platform para Financeiro', + purpose='Expor auditoria de Intelligence Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'financeiroNeed', + 'auditoriaState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.financeiro.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para intelligence/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para intelligence/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1218 = McpControlContract( + contract_id='intelligence.financeiro.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='financeiro', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Intelligence Platform para Financeiro', + purpose='Expor explicacao de Intelligence Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'financeiroNeed', + 'explicacaoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.financeiro.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para intelligence/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para intelligence/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1219 = McpControlContract( + contract_id='intelligence.contador.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='contador', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Intelligence Platform para Contador', + purpose='Expor consulta de Intelligence Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'contadorNeed', + 'consultaState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.contador.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para intelligence/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para intelligence/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1220 = McpControlContract( + contract_id='intelligence.contador.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='contador', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Intelligence Platform para Contador', + purpose='Expor diagnostico de Intelligence Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'contadorNeed', + 'diagnosticoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.contador.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para intelligence/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para intelligence/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1221 = McpControlContract( + contract_id='intelligence.contador.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='contador', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Intelligence Platform para Contador', + purpose='Expor acao de Intelligence Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'contadorNeed', + 'acaoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.contador.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para intelligence/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para intelligence/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1222 = McpControlContract( + contract_id='intelligence.contador.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='contador', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Intelligence Platform para Contador', + purpose='Expor auditoria de Intelligence Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'contadorNeed', + 'auditoriaState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.contador.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para intelligence/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para intelligence/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1223 = McpControlContract( + contract_id='intelligence.contador.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='contador', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Intelligence Platform para Contador', + purpose='Expor explicacao de Intelligence Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'contadorNeed', + 'explicacaoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.contador.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para intelligence/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para intelligence/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1224 = McpControlContract( + contract_id='intelligence.juridico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='juridico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Intelligence Platform para Juridico', + purpose='Expor consulta de Intelligence Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'juridicoNeed', + 'consultaState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.juridico.consulta', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para intelligence/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para intelligence/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1225 = McpControlContract( + contract_id='intelligence.juridico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='juridico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Intelligence Platform para Juridico', + purpose='Expor diagnostico de Intelligence Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'juridicoNeed', + 'diagnosticoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.juridico.diagnostico', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para intelligence/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para intelligence/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1226 = McpControlContract( + contract_id='intelligence.juridico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='juridico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Intelligence Platform para Juridico', + purpose='Expor acao de Intelligence Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'juridicoNeed', + 'acaoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.juridico.acao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para intelligence/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para intelligence/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1227 = McpControlContract( + contract_id='intelligence.juridico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='juridico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Intelligence Platform para Juridico', + purpose='Expor auditoria de Intelligence Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'juridicoNeed', + 'auditoriaState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.juridico.auditoria', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para intelligence/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para intelligence/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1228 = McpControlContract( + contract_id='intelligence.juridico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='juridico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Intelligence Platform para Juridico', + purpose='Expor explicacao de Intelligence Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'juridicoNeed', + 'explicacaoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.juridico.explicacao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para intelligence/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para intelligence/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1229 = McpControlContract( + contract_id='intelligence.secretaria.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='secretaria', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Intelligence Platform para Secretaria', + purpose='Expor consulta de Intelligence Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'secretariaNeed', + 'consultaState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.secretaria.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para intelligence/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para intelligence/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1230 = McpControlContract( + contract_id='intelligence.secretaria.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='secretaria', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Intelligence Platform para Secretaria', + purpose='Expor diagnostico de Intelligence Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'secretariaNeed', + 'diagnosticoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.secretaria.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para intelligence/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para intelligence/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1231 = McpControlContract( + contract_id='intelligence.secretaria.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='secretaria', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Intelligence Platform para Secretaria', + purpose='Expor acao de Intelligence Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'secretariaNeed', + 'acaoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.secretaria.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para intelligence/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para intelligence/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1232 = McpControlContract( + contract_id='intelligence.secretaria.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='secretaria', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Intelligence Platform para Secretaria', + purpose='Expor auditoria de Intelligence Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'secretariaNeed', + 'auditoriaState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.secretaria.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para intelligence/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para intelligence/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1233 = McpControlContract( + contract_id='intelligence.secretaria.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='secretaria', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Intelligence Platform para Secretaria', + purpose='Expor explicacao de Intelligence Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'secretariaNeed', + 'explicacaoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.secretaria.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para intelligence/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para intelligence/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1234 = McpControlContract( + contract_id='intelligence.tecnico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='tecnico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Intelligence Platform para Tecnico', + purpose='Expor consulta de Intelligence Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'tecnicoNeed', + 'consultaState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.tecnico.consulta', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para intelligence/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para intelligence/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1235 = McpControlContract( + contract_id='intelligence.tecnico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='tecnico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Intelligence Platform para Tecnico', + purpose='Expor diagnostico de Intelligence Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'tecnicoNeed', + 'diagnosticoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.tecnico.diagnostico', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para intelligence/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para intelligence/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1236 = McpControlContract( + contract_id='intelligence.tecnico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='tecnico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Intelligence Platform para Tecnico', + purpose='Expor acao de Intelligence Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'tecnicoNeed', + 'acaoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.tecnico.acao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para intelligence/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para intelligence/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1237 = McpControlContract( + contract_id='intelligence.tecnico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='tecnico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Intelligence Platform para Tecnico', + purpose='Expor auditoria de Intelligence Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'tecnicoNeed', + 'auditoriaState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.tecnico.auditoria', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para intelligence/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para intelligence/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1238 = McpControlContract( + contract_id='intelligence.tecnico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='tecnico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Intelligence Platform para Tecnico', + purpose='Expor explicacao de Intelligence Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'tecnicoNeed', + 'explicacaoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.tecnico.explicacao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para intelligence/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para intelligence/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1239 = McpControlContract( + contract_id='intelligence.usuario_final.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='usuario_final', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Intelligence Platform para Usuario final', + purpose='Expor consulta de Intelligence Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'usuario_finalNeed', + 'consultaState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.usuario_final.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para intelligence/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para intelligence/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1240 = McpControlContract( + contract_id='intelligence.usuario_final.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='usuario_final', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Intelligence Platform para Usuario final', + purpose='Expor diagnostico de Intelligence Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'usuario_finalNeed', + 'diagnosticoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.usuario_final.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para intelligence/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para intelligence/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1241 = McpControlContract( + contract_id='intelligence.usuario_final.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='usuario_final', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Intelligence Platform para Usuario final', + purpose='Expor acao de Intelligence Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'usuario_finalNeed', + 'acaoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.usuario_final.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para intelligence/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para intelligence/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1242 = McpControlContract( + contract_id='intelligence.usuario_final.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='usuario_final', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Intelligence Platform para Usuario final', + purpose='Expor auditoria de Intelligence Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'usuario_finalNeed', + 'auditoriaState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.usuario_final.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para intelligence/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para intelligence/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1243 = McpControlContract( + contract_id='intelligence.usuario_final.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='usuario_final', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Intelligence Platform para Usuario final', + purpose='Expor explicacao de Intelligence Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'usuario_finalNeed', + 'explicacaoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.usuario_final.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para intelligence/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para intelligence/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1244 = McpControlContract( + contract_id='intelligence.cliente_externo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='cliente_externo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Intelligence Platform para Cliente externo', + purpose='Expor consulta de Intelligence Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'cliente_externoNeed', + 'consultaState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.cliente_externo.consulta', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para intelligence/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para intelligence/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1245 = McpControlContract( + contract_id='intelligence.cliente_externo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='cliente_externo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Intelligence Platform para Cliente externo', + purpose='Expor diagnostico de Intelligence Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'cliente_externoNeed', + 'diagnosticoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.cliente_externo.diagnostico', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para intelligence/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para intelligence/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1246 = McpControlContract( + contract_id='intelligence.cliente_externo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='cliente_externo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Intelligence Platform para Cliente externo', + purpose='Expor acao de Intelligence Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'cliente_externoNeed', + 'acaoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.cliente_externo.acao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para intelligence/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para intelligence/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1247 = McpControlContract( + contract_id='intelligence.cliente_externo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='cliente_externo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Intelligence Platform para Cliente externo', + purpose='Expor auditoria de Intelligence Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'cliente_externoNeed', + 'auditoriaState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.cliente_externo.auditoria', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para intelligence/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para intelligence/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1248 = McpControlContract( + contract_id='intelligence.cliente_externo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='cliente_externo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Intelligence Platform para Cliente externo', + purpose='Expor explicacao de Intelligence Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'cliente_externoNeed', + 'explicacaoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.cliente_externo.explicacao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para intelligence/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para intelligence/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1249 = McpControlContract( + contract_id='intelligence.planejamento_estrategico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Intelligence Platform para Planejamento estrategico', + purpose='Expor consulta de Intelligence Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'planejamento_estrategicoNeed', + 'consultaState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.planejamento_estrategico.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para intelligence/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para intelligence/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1250 = McpControlContract( + contract_id='intelligence.planejamento_estrategico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Intelligence Platform para Planejamento estrategico', + purpose='Expor diagnostico de Intelligence Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'planejamento_estrategicoNeed', + 'diagnosticoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.planejamento_estrategico.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para intelligence/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para intelligence/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1251 = McpControlContract( + contract_id='intelligence.planejamento_estrategico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Intelligence Platform para Planejamento estrategico', + purpose='Expor acao de Intelligence Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'planejamento_estrategicoNeed', + 'acaoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.planejamento_estrategico.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para intelligence/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para intelligence/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1252 = McpControlContract( + contract_id='intelligence.planejamento_estrategico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Intelligence Platform para Planejamento estrategico', + purpose='Expor auditoria de Intelligence Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'planejamento_estrategicoNeed', + 'auditoriaState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.planejamento_estrategico.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para intelligence/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para intelligence/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1253 = McpControlContract( + contract_id='intelligence.planejamento_estrategico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='intelligence', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Intelligence Platform para Planejamento estrategico', + purpose='Expor explicacao de Intelligence Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'intelligenceStatus', + 'planejamento_estrategicoNeed', + 'explicacaoState', + 'strategyGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.BLOCKED, + panel_ready=False, + gpt_explainable=True, + report_model_id='admin-route.intelligence.planejamento_estrategico.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider intelligence via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para intelligence/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para intelligence/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1254 = McpControlContract( contract_id='intelligence.credentialref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='intelligence', @@ -30823,7 +77038,7 @@ CONTRACT_0669 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0670 = McpControlContract( +CONTRACT_1255 = McpControlContract( contract_id='intelligence.tokenref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='intelligence', @@ -30849,7 +77064,7 @@ CONTRACT_0670 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0671 = McpControlContract( +CONTRACT_1256 = McpControlContract( contract_id='intelligence.secretref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='intelligence', @@ -30875,7 +77090,7 @@ CONTRACT_0671 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0672 = McpControlContract( +CONTRACT_1257 = McpControlContract( contract_id='intelligence.cfat.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='intelligence', @@ -30901,7 +77116,7 @@ CONTRACT_0672 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0673 = McpControlContract( +CONTRACT_1258 = McpControlContract( contract_id='intelligence.administrador_empresa.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -30970,7 +77185,7 @@ CONTRACT_0673 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0674 = McpControlContract( +CONTRACT_1259 = McpControlContract( contract_id='intelligence.administrador_empresa.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -31039,7 +77254,7 @@ CONTRACT_0674 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0675 = McpControlContract( +CONTRACT_1260 = McpControlContract( contract_id='intelligence.administrador_empresa.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -31108,7 +77323,7 @@ CONTRACT_0675 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0676 = McpControlContract( +CONTRACT_1261 = McpControlContract( contract_id='intelligence.ceo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -31177,7 +77392,7 @@ CONTRACT_0676 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0677 = McpControlContract( +CONTRACT_1262 = McpControlContract( contract_id='intelligence.ceo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -31246,7 +77461,7 @@ CONTRACT_0677 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0678 = McpControlContract( +CONTRACT_1263 = McpControlContract( contract_id='intelligence.ceo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -31315,7 +77530,7 @@ CONTRACT_0678 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0679 = McpControlContract( +CONTRACT_1264 = McpControlContract( contract_id='intelligence.gestor_operacional.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -31384,7 +77599,7 @@ CONTRACT_0679 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0680 = McpControlContract( +CONTRACT_1265 = McpControlContract( contract_id='intelligence.gestor_operacional.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -31453,7 +77668,7 @@ CONTRACT_0680 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0681 = McpControlContract( +CONTRACT_1266 = McpControlContract( contract_id='intelligence.gestor_operacional.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -31522,7 +77737,7 @@ CONTRACT_0681 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0682 = McpControlContract( +CONTRACT_1267 = McpControlContract( contract_id='intelligence.suporte.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -31591,7 +77806,7 @@ CONTRACT_0682 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0683 = McpControlContract( +CONTRACT_1268 = McpControlContract( contract_id='intelligence.suporte.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -31660,7 +77875,7 @@ CONTRACT_0683 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0684 = McpControlContract( +CONTRACT_1269 = McpControlContract( contract_id='intelligence.suporte.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -31729,7 +77944,7 @@ CONTRACT_0684 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0685 = McpControlContract( +CONTRACT_1270 = McpControlContract( contract_id='intelligence.atendimento_cliente.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -31798,7 +78013,7 @@ CONTRACT_0685 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0686 = McpControlContract( +CONTRACT_1271 = McpControlContract( contract_id='intelligence.atendimento_cliente.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -31867,7 +78082,7 @@ CONTRACT_0686 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0687 = McpControlContract( +CONTRACT_1272 = McpControlContract( contract_id='intelligence.atendimento_cliente.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -31936,7 +78151,7 @@ CONTRACT_0687 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0688 = McpControlContract( +CONTRACT_1273 = McpControlContract( contract_id='intelligence.financeiro.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -32005,7 +78220,7 @@ CONTRACT_0688 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0689 = McpControlContract( +CONTRACT_1274 = McpControlContract( contract_id='intelligence.financeiro.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -32074,7 +78289,7 @@ CONTRACT_0689 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0690 = McpControlContract( +CONTRACT_1275 = McpControlContract( contract_id='intelligence.financeiro.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -32143,7 +78358,7 @@ CONTRACT_0690 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0691 = McpControlContract( +CONTRACT_1276 = McpControlContract( contract_id='intelligence.contador.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -32212,7 +78427,7 @@ CONTRACT_0691 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0692 = McpControlContract( +CONTRACT_1277 = McpControlContract( contract_id='intelligence.contador.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -32281,7 +78496,7 @@ CONTRACT_0692 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0693 = McpControlContract( +CONTRACT_1278 = McpControlContract( contract_id='intelligence.contador.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -32350,7 +78565,7 @@ CONTRACT_0693 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0694 = McpControlContract( +CONTRACT_1279 = McpControlContract( contract_id='intelligence.juridico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -32419,7 +78634,7 @@ CONTRACT_0694 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0695 = McpControlContract( +CONTRACT_1280 = McpControlContract( contract_id='intelligence.juridico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -32488,7 +78703,7 @@ CONTRACT_0695 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0696 = McpControlContract( +CONTRACT_1281 = McpControlContract( contract_id='intelligence.juridico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -32557,7 +78772,7 @@ CONTRACT_0696 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0697 = McpControlContract( +CONTRACT_1282 = McpControlContract( contract_id='intelligence.secretaria.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -32626,7 +78841,7 @@ CONTRACT_0697 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0698 = McpControlContract( +CONTRACT_1283 = McpControlContract( contract_id='intelligence.secretaria.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -32695,7 +78910,7 @@ CONTRACT_0698 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0699 = McpControlContract( +CONTRACT_1284 = McpControlContract( contract_id='intelligence.secretaria.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -32764,7 +78979,7 @@ CONTRACT_0699 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0700 = McpControlContract( +CONTRACT_1285 = McpControlContract( contract_id='intelligence.tecnico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -32833,7 +79048,7 @@ CONTRACT_0700 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0701 = McpControlContract( +CONTRACT_1286 = McpControlContract( contract_id='intelligence.tecnico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -32902,7 +79117,7 @@ CONTRACT_0701 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0702 = McpControlContract( +CONTRACT_1287 = McpControlContract( contract_id='intelligence.tecnico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -32971,7 +79186,7 @@ CONTRACT_0702 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0703 = McpControlContract( +CONTRACT_1288 = McpControlContract( contract_id='intelligence.usuario_final.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -33040,7 +79255,7 @@ CONTRACT_0703 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0704 = McpControlContract( +CONTRACT_1289 = McpControlContract( contract_id='intelligence.usuario_final.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -33109,7 +79324,7 @@ CONTRACT_0704 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0705 = McpControlContract( +CONTRACT_1290 = McpControlContract( contract_id='intelligence.usuario_final.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -33178,7 +79393,7 @@ CONTRACT_0705 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0706 = McpControlContract( +CONTRACT_1291 = McpControlContract( contract_id='intelligence.cliente_externo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -33247,7 +79462,7 @@ CONTRACT_0706 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0707 = McpControlContract( +CONTRACT_1292 = McpControlContract( contract_id='intelligence.cliente_externo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -33316,7 +79531,7 @@ CONTRACT_0707 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0708 = McpControlContract( +CONTRACT_1293 = McpControlContract( contract_id='intelligence.cliente_externo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -33385,7 +79600,7 @@ CONTRACT_0708 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0709 = McpControlContract( +CONTRACT_1294 = McpControlContract( contract_id='intelligence.planejamento_estrategico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -33454,7 +79669,7 @@ CONTRACT_0709 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0710 = McpControlContract( +CONTRACT_1295 = McpControlContract( contract_id='intelligence.planejamento_estrategico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -33523,7 +79738,7 @@ CONTRACT_0710 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0711 = McpControlContract( +CONTRACT_1296 = McpControlContract( contract_id='intelligence.planejamento_estrategico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='intelligence', @@ -33592,7 +79807,7 @@ CONTRACT_0711 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0712 = McpControlContract( +CONTRACT_1297 = McpControlContract( contract_id='mcps.administrador_empresa.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='mcps', @@ -33618,7 +79833,7 @@ CONTRACT_0712 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0713 = McpControlContract( +CONTRACT_1298 = McpControlContract( contract_id='mcps.ceo.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='mcps', @@ -33644,7 +79859,7 @@ CONTRACT_0713 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0714 = McpControlContract( +CONTRACT_1299 = McpControlContract( contract_id='mcps.gestor_operacional.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='mcps', @@ -33670,7 +79885,7 @@ CONTRACT_0714 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0715 = McpControlContract( +CONTRACT_1300 = McpControlContract( contract_id='mcps.suporte.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='mcps', @@ -33696,7 +79911,7 @@ CONTRACT_0715 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0716 = McpControlContract( +CONTRACT_1301 = McpControlContract( contract_id='mcps.atendimento_cliente.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='mcps', @@ -33722,7 +79937,7 @@ CONTRACT_0716 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0717 = McpControlContract( +CONTRACT_1302 = McpControlContract( contract_id='mcps.financeiro.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='mcps', @@ -33748,7 +79963,7 @@ CONTRACT_0717 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0718 = McpControlContract( +CONTRACT_1303 = McpControlContract( contract_id='mcps.contador.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='mcps', @@ -33774,7 +79989,7 @@ CONTRACT_0718 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0719 = McpControlContract( +CONTRACT_1304 = McpControlContract( contract_id='mcps.juridico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='mcps', @@ -33800,7 +80015,7 @@ CONTRACT_0719 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0720 = McpControlContract( +CONTRACT_1305 = McpControlContract( contract_id='mcps.secretaria.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='mcps', @@ -33826,7 +80041,7 @@ CONTRACT_0720 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0721 = McpControlContract( +CONTRACT_1306 = McpControlContract( contract_id='mcps.tecnico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='mcps', @@ -33852,7 +80067,7 @@ CONTRACT_0721 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0722 = McpControlContract( +CONTRACT_1307 = McpControlContract( contract_id='mcps.usuario_final.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='mcps', @@ -33878,7 +80093,7 @@ CONTRACT_0722 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0723 = McpControlContract( +CONTRACT_1308 = McpControlContract( contract_id='mcps.cliente_externo.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='mcps', @@ -33904,7 +80119,7 @@ CONTRACT_0723 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0724 = McpControlContract( +CONTRACT_1309 = McpControlContract( contract_id='mcps.planejamento_estrategico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='mcps', @@ -33930,7 +80145,7 @@ CONTRACT_0724 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0725 = McpControlContract( +CONTRACT_1310 = McpControlContract( contract_id='mcps.administrador_empresa.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='mcps', @@ -33956,7 +80171,7 @@ CONTRACT_0725 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0726 = McpControlContract( +CONTRACT_1311 = McpControlContract( contract_id='mcps.ceo.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='mcps', @@ -33982,7 +80197,7 @@ CONTRACT_0726 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0727 = McpControlContract( +CONTRACT_1312 = McpControlContract( contract_id='mcps.gestor_operacional.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='mcps', @@ -34008,7 +80223,7 @@ CONTRACT_0727 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0728 = McpControlContract( +CONTRACT_1313 = McpControlContract( contract_id='mcps.suporte.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='mcps', @@ -34034,7 +80249,7 @@ CONTRACT_0728 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0729 = McpControlContract( +CONTRACT_1314 = McpControlContract( contract_id='mcps.atendimento_cliente.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='mcps', @@ -34060,7 +80275,7 @@ CONTRACT_0729 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0730 = McpControlContract( +CONTRACT_1315 = McpControlContract( contract_id='mcps.financeiro.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='mcps', @@ -34086,7 +80301,7 @@ CONTRACT_0730 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0731 = McpControlContract( +CONTRACT_1316 = McpControlContract( contract_id='mcps.contador.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='mcps', @@ -34112,7 +80327,7 @@ CONTRACT_0731 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0732 = McpControlContract( +CONTRACT_1317 = McpControlContract( contract_id='mcps.juridico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='mcps', @@ -34138,7 +80353,7 @@ CONTRACT_0732 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0733 = McpControlContract( +CONTRACT_1318 = McpControlContract( contract_id='mcps.secretaria.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='mcps', @@ -34164,7 +80379,7 @@ CONTRACT_0733 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0734 = McpControlContract( +CONTRACT_1319 = McpControlContract( contract_id='mcps.tecnico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='mcps', @@ -34190,7 +80405,7 @@ CONTRACT_0734 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0735 = McpControlContract( +CONTRACT_1320 = McpControlContract( contract_id='mcps.usuario_final.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='mcps', @@ -34216,7 +80431,7 @@ CONTRACT_0735 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0736 = McpControlContract( +CONTRACT_1321 = McpControlContract( contract_id='mcps.cliente_externo.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='mcps', @@ -34242,7 +80457,7 @@ CONTRACT_0736 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0737 = McpControlContract( +CONTRACT_1322 = McpControlContract( contract_id='mcps.planejamento_estrategico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='mcps', @@ -34268,7 +80483,7 @@ CONTRACT_0737 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0738 = McpControlContract( +CONTRACT_1323 = McpControlContract( contract_id='mcps.admin-ui.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='mcps', @@ -34294,7 +80509,7 @@ CONTRACT_0738 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0739 = McpControlContract( +CONTRACT_1324 = McpControlContract( contract_id='mcps.tools.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='mcps', @@ -34320,7 +80535,7 @@ CONTRACT_0739 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0740 = McpControlContract( +CONTRACT_1325 = McpControlContract( contract_id='mcps.readiness.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='mcps', @@ -34346,7 +80561,7 @@ CONTRACT_0740 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0741 = McpControlContract( +CONTRACT_1326 = McpControlContract( contract_id='mcps.samesource.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='mcps', @@ -34372,7 +80587,7 @@ CONTRACT_0741 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0742 = McpControlContract( +CONTRACT_1327 = McpControlContract( contract_id='mcps.evidence.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='mcps', @@ -34398,7 +80613,7 @@ CONTRACT_0742 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0743 = McpControlContract( +CONTRACT_1328 = McpControlContract( contract_id='mcps.catalog.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='mcps', @@ -34424,7 +80639,7 @@ CONTRACT_0743 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0744 = McpControlContract( +CONTRACT_1329 = McpControlContract( contract_id='mcps.consulta.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='mcps', @@ -34450,7 +80665,7 @@ CONTRACT_0744 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0745 = McpControlContract( +CONTRACT_1330 = McpControlContract( contract_id='mcps.diagnostico.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='mcps', @@ -34476,7 +80691,7 @@ CONTRACT_0745 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0746 = McpControlContract( +CONTRACT_1331 = McpControlContract( contract_id='mcps.acao.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='mcps', @@ -34502,7 +80717,7 @@ CONTRACT_0746 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0747 = McpControlContract( +CONTRACT_1332 = McpControlContract( contract_id='mcps.auditoria.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='mcps', @@ -34528,7 +80743,7 @@ CONTRACT_0747 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0748 = McpControlContract( +CONTRACT_1333 = McpControlContract( contract_id='mcps.explicacao.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='mcps', @@ -34554,7 +80769,5142 @@ CONTRACT_0748 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0749 = McpControlContract( +CONTRACT_1334 = McpControlContract( + contract_id='mcps.administrador_empresa.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de MCPs Internos Platform para Administrador da empresa', + purpose='Expor consulta de MCPs Internos Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'administrador_empresaNeed', + 'consultaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.administrador_empresa.consulta', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para mcps/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para mcps/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1335 = McpControlContract( + contract_id='mcps.administrador_empresa.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de MCPs Internos Platform para Administrador da empresa', + purpose='Expor diagnostico de MCPs Internos Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'administrador_empresaNeed', + 'diagnosticoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.administrador_empresa.diagnostico', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para mcps/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para mcps/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1336 = McpControlContract( + contract_id='mcps.administrador_empresa.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de MCPs Internos Platform para Administrador da empresa', + purpose='Expor acao de MCPs Internos Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'administrador_empresaNeed', + 'acaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.administrador_empresa.acao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para mcps/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para mcps/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1337 = McpControlContract( + contract_id='mcps.administrador_empresa.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de MCPs Internos Platform para Administrador da empresa', + purpose='Expor auditoria de MCPs Internos Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'administrador_empresaNeed', + 'auditoriaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.administrador_empresa.auditoria', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para mcps/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para mcps/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1338 = McpControlContract( + contract_id='mcps.administrador_empresa.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de MCPs Internos Platform para Administrador da empresa', + purpose='Expor explicacao de MCPs Internos Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'administrador_empresaNeed', + 'explicacaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.administrador_empresa.explicacao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para mcps/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para mcps/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1339 = McpControlContract( + contract_id='mcps.ceo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='ceo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de MCPs Internos Platform para CEO', + purpose='Expor consulta de MCPs Internos Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'ceoNeed', + 'consultaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.ceo.consulta', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para mcps/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para mcps/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1340 = McpControlContract( + contract_id='mcps.ceo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='ceo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de MCPs Internos Platform para CEO', + purpose='Expor diagnostico de MCPs Internos Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'ceoNeed', + 'diagnosticoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.ceo.diagnostico', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para mcps/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para mcps/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1341 = McpControlContract( + contract_id='mcps.ceo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='ceo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de MCPs Internos Platform para CEO', + purpose='Expor acao de MCPs Internos Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'ceoNeed', + 'acaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.ceo.acao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para mcps/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para mcps/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1342 = McpControlContract( + contract_id='mcps.ceo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='ceo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de MCPs Internos Platform para CEO', + purpose='Expor auditoria de MCPs Internos Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'ceoNeed', + 'auditoriaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.ceo.auditoria', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para mcps/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para mcps/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1343 = McpControlContract( + contract_id='mcps.ceo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='ceo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de MCPs Internos Platform para CEO', + purpose='Expor explicacao de MCPs Internos Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'ceoNeed', + 'explicacaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.ceo.explicacao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para mcps/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para mcps/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1344 = McpControlContract( + contract_id='mcps.gestor_operacional.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de MCPs Internos Platform para Gestor operacional', + purpose='Expor consulta de MCPs Internos Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'gestor_operacionalNeed', + 'consultaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.gestor_operacional.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para mcps/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para mcps/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1345 = McpControlContract( + contract_id='mcps.gestor_operacional.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de MCPs Internos Platform para Gestor operacional', + purpose='Expor diagnostico de MCPs Internos Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'gestor_operacionalNeed', + 'diagnosticoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.gestor_operacional.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para mcps/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para mcps/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1346 = McpControlContract( + contract_id='mcps.gestor_operacional.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de MCPs Internos Platform para Gestor operacional', + purpose='Expor acao de MCPs Internos Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'gestor_operacionalNeed', + 'acaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.gestor_operacional.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para mcps/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para mcps/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1347 = McpControlContract( + contract_id='mcps.gestor_operacional.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de MCPs Internos Platform para Gestor operacional', + purpose='Expor auditoria de MCPs Internos Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'gestor_operacionalNeed', + 'auditoriaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.gestor_operacional.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para mcps/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para mcps/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1348 = McpControlContract( + contract_id='mcps.gestor_operacional.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de MCPs Internos Platform para Gestor operacional', + purpose='Expor explicacao de MCPs Internos Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'gestor_operacionalNeed', + 'explicacaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.gestor_operacional.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para mcps/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para mcps/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1349 = McpControlContract( + contract_id='mcps.suporte.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='suporte', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de MCPs Internos Platform para Equipe de suporte', + purpose='Expor consulta de MCPs Internos Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'suporteNeed', + 'consultaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.suporte.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para mcps/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para mcps/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1350 = McpControlContract( + contract_id='mcps.suporte.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='suporte', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de MCPs Internos Platform para Equipe de suporte', + purpose='Expor diagnostico de MCPs Internos Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'suporteNeed', + 'diagnosticoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.suporte.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para mcps/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para mcps/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1351 = McpControlContract( + contract_id='mcps.suporte.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='suporte', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de MCPs Internos Platform para Equipe de suporte', + purpose='Expor acao de MCPs Internos Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'suporteNeed', + 'acaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.suporte.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para mcps/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para mcps/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1352 = McpControlContract( + contract_id='mcps.suporte.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='suporte', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de MCPs Internos Platform para Equipe de suporte', + purpose='Expor auditoria de MCPs Internos Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'suporteNeed', + 'auditoriaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.suporte.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para mcps/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para mcps/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1353 = McpControlContract( + contract_id='mcps.suporte.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='suporte', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de MCPs Internos Platform para Equipe de suporte', + purpose='Expor explicacao de MCPs Internos Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'suporteNeed', + 'explicacaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.suporte.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para mcps/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para mcps/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1354 = McpControlContract( + contract_id='mcps.atendimento_cliente.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de MCPs Internos Platform para Atendimento ao cliente', + purpose='Expor consulta de MCPs Internos Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'atendimento_clienteNeed', + 'consultaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.atendimento_cliente.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para mcps/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para mcps/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1355 = McpControlContract( + contract_id='mcps.atendimento_cliente.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de MCPs Internos Platform para Atendimento ao cliente', + purpose='Expor diagnostico de MCPs Internos Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'atendimento_clienteNeed', + 'diagnosticoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.atendimento_cliente.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para mcps/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para mcps/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1356 = McpControlContract( + contract_id='mcps.atendimento_cliente.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de MCPs Internos Platform para Atendimento ao cliente', + purpose='Expor acao de MCPs Internos Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'atendimento_clienteNeed', + 'acaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.atendimento_cliente.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para mcps/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para mcps/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1357 = McpControlContract( + contract_id='mcps.atendimento_cliente.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de MCPs Internos Platform para Atendimento ao cliente', + purpose='Expor auditoria de MCPs Internos Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'atendimento_clienteNeed', + 'auditoriaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.atendimento_cliente.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para mcps/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para mcps/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1358 = McpControlContract( + contract_id='mcps.atendimento_cliente.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de MCPs Internos Platform para Atendimento ao cliente', + purpose='Expor explicacao de MCPs Internos Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'atendimento_clienteNeed', + 'explicacaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.atendimento_cliente.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para mcps/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para mcps/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1359 = McpControlContract( + contract_id='mcps.financeiro.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='financeiro', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de MCPs Internos Platform para Financeiro', + purpose='Expor consulta de MCPs Internos Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'financeiroNeed', + 'consultaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.financeiro.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para mcps/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para mcps/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1360 = McpControlContract( + contract_id='mcps.financeiro.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='financeiro', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de MCPs Internos Platform para Financeiro', + purpose='Expor diagnostico de MCPs Internos Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'financeiroNeed', + 'diagnosticoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.financeiro.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para mcps/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para mcps/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1361 = McpControlContract( + contract_id='mcps.financeiro.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='financeiro', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de MCPs Internos Platform para Financeiro', + purpose='Expor acao de MCPs Internos Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'financeiroNeed', + 'acaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.financeiro.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para mcps/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para mcps/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1362 = McpControlContract( + contract_id='mcps.financeiro.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='financeiro', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de MCPs Internos Platform para Financeiro', + purpose='Expor auditoria de MCPs Internos Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'financeiroNeed', + 'auditoriaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.financeiro.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para mcps/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para mcps/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1363 = McpControlContract( + contract_id='mcps.financeiro.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='financeiro', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de MCPs Internos Platform para Financeiro', + purpose='Expor explicacao de MCPs Internos Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'financeiroNeed', + 'explicacaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.financeiro.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para mcps/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para mcps/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1364 = McpControlContract( + contract_id='mcps.contador.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='contador', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de MCPs Internos Platform para Contador', + purpose='Expor consulta de MCPs Internos Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'contadorNeed', + 'consultaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.contador.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para mcps/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para mcps/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1365 = McpControlContract( + contract_id='mcps.contador.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='contador', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de MCPs Internos Platform para Contador', + purpose='Expor diagnostico de MCPs Internos Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'contadorNeed', + 'diagnosticoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.contador.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para mcps/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para mcps/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1366 = McpControlContract( + contract_id='mcps.contador.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='contador', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de MCPs Internos Platform para Contador', + purpose='Expor acao de MCPs Internos Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'contadorNeed', + 'acaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.contador.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para mcps/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para mcps/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1367 = McpControlContract( + contract_id='mcps.contador.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='contador', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de MCPs Internos Platform para Contador', + purpose='Expor auditoria de MCPs Internos Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'contadorNeed', + 'auditoriaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.contador.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para mcps/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para mcps/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1368 = McpControlContract( + contract_id='mcps.contador.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='contador', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de MCPs Internos Platform para Contador', + purpose='Expor explicacao de MCPs Internos Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'contadorNeed', + 'explicacaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.contador.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para mcps/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para mcps/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1369 = McpControlContract( + contract_id='mcps.juridico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='juridico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de MCPs Internos Platform para Juridico', + purpose='Expor consulta de MCPs Internos Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'juridicoNeed', + 'consultaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.juridico.consulta', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para mcps/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para mcps/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1370 = McpControlContract( + contract_id='mcps.juridico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='juridico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de MCPs Internos Platform para Juridico', + purpose='Expor diagnostico de MCPs Internos Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'juridicoNeed', + 'diagnosticoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.juridico.diagnostico', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para mcps/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para mcps/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1371 = McpControlContract( + contract_id='mcps.juridico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='juridico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de MCPs Internos Platform para Juridico', + purpose='Expor acao de MCPs Internos Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'juridicoNeed', + 'acaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.juridico.acao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para mcps/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para mcps/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1372 = McpControlContract( + contract_id='mcps.juridico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='juridico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de MCPs Internos Platform para Juridico', + purpose='Expor auditoria de MCPs Internos Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'juridicoNeed', + 'auditoriaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.juridico.auditoria', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para mcps/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para mcps/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1373 = McpControlContract( + contract_id='mcps.juridico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='juridico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de MCPs Internos Platform para Juridico', + purpose='Expor explicacao de MCPs Internos Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'juridicoNeed', + 'explicacaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.juridico.explicacao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para mcps/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para mcps/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1374 = McpControlContract( + contract_id='mcps.secretaria.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='secretaria', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de MCPs Internos Platform para Secretaria', + purpose='Expor consulta de MCPs Internos Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'secretariaNeed', + 'consultaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.secretaria.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para mcps/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para mcps/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1375 = McpControlContract( + contract_id='mcps.secretaria.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='secretaria', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de MCPs Internos Platform para Secretaria', + purpose='Expor diagnostico de MCPs Internos Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'secretariaNeed', + 'diagnosticoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.secretaria.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para mcps/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para mcps/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1376 = McpControlContract( + contract_id='mcps.secretaria.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='secretaria', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de MCPs Internos Platform para Secretaria', + purpose='Expor acao de MCPs Internos Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'secretariaNeed', + 'acaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.secretaria.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para mcps/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para mcps/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1377 = McpControlContract( + contract_id='mcps.secretaria.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='secretaria', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de MCPs Internos Platform para Secretaria', + purpose='Expor auditoria de MCPs Internos Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'secretariaNeed', + 'auditoriaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.secretaria.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para mcps/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para mcps/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1378 = McpControlContract( + contract_id='mcps.secretaria.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='secretaria', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de MCPs Internos Platform para Secretaria', + purpose='Expor explicacao de MCPs Internos Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'secretariaNeed', + 'explicacaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.secretaria.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para mcps/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para mcps/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1379 = McpControlContract( + contract_id='mcps.tecnico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='tecnico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de MCPs Internos Platform para Tecnico', + purpose='Expor consulta de MCPs Internos Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'tecnicoNeed', + 'consultaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.tecnico.consulta', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para mcps/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para mcps/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1380 = McpControlContract( + contract_id='mcps.tecnico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='tecnico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de MCPs Internos Platform para Tecnico', + purpose='Expor diagnostico de MCPs Internos Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'tecnicoNeed', + 'diagnosticoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.tecnico.diagnostico', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para mcps/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para mcps/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1381 = McpControlContract( + contract_id='mcps.tecnico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='tecnico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de MCPs Internos Platform para Tecnico', + purpose='Expor acao de MCPs Internos Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'tecnicoNeed', + 'acaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.tecnico.acao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para mcps/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para mcps/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1382 = McpControlContract( + contract_id='mcps.tecnico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='tecnico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de MCPs Internos Platform para Tecnico', + purpose='Expor auditoria de MCPs Internos Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'tecnicoNeed', + 'auditoriaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.tecnico.auditoria', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para mcps/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para mcps/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1383 = McpControlContract( + contract_id='mcps.tecnico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='tecnico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de MCPs Internos Platform para Tecnico', + purpose='Expor explicacao de MCPs Internos Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'tecnicoNeed', + 'explicacaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.tecnico.explicacao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para mcps/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para mcps/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1384 = McpControlContract( + contract_id='mcps.usuario_final.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='usuario_final', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de MCPs Internos Platform para Usuario final', + purpose='Expor consulta de MCPs Internos Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'usuario_finalNeed', + 'consultaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.usuario_final.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para mcps/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para mcps/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1385 = McpControlContract( + contract_id='mcps.usuario_final.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='usuario_final', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de MCPs Internos Platform para Usuario final', + purpose='Expor diagnostico de MCPs Internos Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'usuario_finalNeed', + 'diagnosticoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.usuario_final.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para mcps/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para mcps/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1386 = McpControlContract( + contract_id='mcps.usuario_final.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='usuario_final', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de MCPs Internos Platform para Usuario final', + purpose='Expor acao de MCPs Internos Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'usuario_finalNeed', + 'acaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.usuario_final.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para mcps/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para mcps/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1387 = McpControlContract( + contract_id='mcps.usuario_final.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='usuario_final', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de MCPs Internos Platform para Usuario final', + purpose='Expor auditoria de MCPs Internos Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'usuario_finalNeed', + 'auditoriaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.usuario_final.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para mcps/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para mcps/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1388 = McpControlContract( + contract_id='mcps.usuario_final.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='usuario_final', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de MCPs Internos Platform para Usuario final', + purpose='Expor explicacao de MCPs Internos Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'usuario_finalNeed', + 'explicacaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.usuario_final.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para mcps/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para mcps/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1389 = McpControlContract( + contract_id='mcps.cliente_externo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='cliente_externo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de MCPs Internos Platform para Cliente externo', + purpose='Expor consulta de MCPs Internos Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'cliente_externoNeed', + 'consultaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.cliente_externo.consulta', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para mcps/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para mcps/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1390 = McpControlContract( + contract_id='mcps.cliente_externo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='cliente_externo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de MCPs Internos Platform para Cliente externo', + purpose='Expor diagnostico de MCPs Internos Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'cliente_externoNeed', + 'diagnosticoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.cliente_externo.diagnostico', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para mcps/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para mcps/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1391 = McpControlContract( + contract_id='mcps.cliente_externo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='cliente_externo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de MCPs Internos Platform para Cliente externo', + purpose='Expor acao de MCPs Internos Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'cliente_externoNeed', + 'acaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.cliente_externo.acao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para mcps/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para mcps/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1392 = McpControlContract( + contract_id='mcps.cliente_externo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='cliente_externo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de MCPs Internos Platform para Cliente externo', + purpose='Expor auditoria de MCPs Internos Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'cliente_externoNeed', + 'auditoriaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.cliente_externo.auditoria', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para mcps/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para mcps/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1393 = McpControlContract( + contract_id='mcps.cliente_externo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='cliente_externo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de MCPs Internos Platform para Cliente externo', + purpose='Expor explicacao de MCPs Internos Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'cliente_externoNeed', + 'explicacaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.cliente_externo.explicacao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para mcps/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para mcps/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1394 = McpControlContract( + contract_id='mcps.planejamento_estrategico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de MCPs Internos Platform para Planejamento estrategico', + purpose='Expor consulta de MCPs Internos Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'planejamento_estrategicoNeed', + 'consultaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.planejamento_estrategico.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para mcps/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para mcps/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1395 = McpControlContract( + contract_id='mcps.planejamento_estrategico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de MCPs Internos Platform para Planejamento estrategico', + purpose='Expor diagnostico de MCPs Internos Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'planejamento_estrategicoNeed', + 'diagnosticoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.planejamento_estrategico.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para mcps/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para mcps/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1396 = McpControlContract( + contract_id='mcps.planejamento_estrategico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de MCPs Internos Platform para Planejamento estrategico', + purpose='Expor acao de MCPs Internos Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'planejamento_estrategicoNeed', + 'acaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.planejamento_estrategico.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para mcps/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para mcps/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1397 = McpControlContract( + contract_id='mcps.planejamento_estrategico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de MCPs Internos Platform para Planejamento estrategico', + purpose='Expor auditoria de MCPs Internos Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'planejamento_estrategicoNeed', + 'auditoriaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.planejamento_estrategico.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para mcps/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para mcps/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1398 = McpControlContract( + contract_id='mcps.planejamento_estrategico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='mcps', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de MCPs Internos Platform para Planejamento estrategico', + purpose='Expor explicacao de MCPs Internos Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'mcpsStatus', + 'planejamento_estrategicoNeed', + 'explicacaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.mcps.planejamento_estrategico.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider mcps via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para mcps/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para mcps/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1399 = McpControlContract( contract_id='mcps.credentialref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='mcps', @@ -34580,7 +85930,7 @@ CONTRACT_0749 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0750 = McpControlContract( +CONTRACT_1400 = McpControlContract( contract_id='mcps.tokenref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='mcps', @@ -34606,7 +85956,7 @@ CONTRACT_0750 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0751 = McpControlContract( +CONTRACT_1401 = McpControlContract( contract_id='mcps.secretref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='mcps', @@ -34632,7 +85982,7 @@ CONTRACT_0751 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0752 = McpControlContract( +CONTRACT_1402 = McpControlContract( contract_id='mcps.cfat.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='mcps', @@ -34658,7 +86008,7 @@ CONTRACT_0752 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0753 = McpControlContract( +CONTRACT_1403 = McpControlContract( contract_id='mcps.administrador_empresa.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -34727,7 +86077,7 @@ CONTRACT_0753 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0754 = McpControlContract( +CONTRACT_1404 = McpControlContract( contract_id='mcps.administrador_empresa.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -34796,7 +86146,7 @@ CONTRACT_0754 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0755 = McpControlContract( +CONTRACT_1405 = McpControlContract( contract_id='mcps.administrador_empresa.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -34865,7 +86215,7 @@ CONTRACT_0755 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0756 = McpControlContract( +CONTRACT_1406 = McpControlContract( contract_id='mcps.ceo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -34934,7 +86284,7 @@ CONTRACT_0756 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0757 = McpControlContract( +CONTRACT_1407 = McpControlContract( contract_id='mcps.ceo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -35003,7 +86353,7 @@ CONTRACT_0757 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0758 = McpControlContract( +CONTRACT_1408 = McpControlContract( contract_id='mcps.ceo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -35072,7 +86422,7 @@ CONTRACT_0758 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0759 = McpControlContract( +CONTRACT_1409 = McpControlContract( contract_id='mcps.gestor_operacional.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -35141,7 +86491,7 @@ CONTRACT_0759 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0760 = McpControlContract( +CONTRACT_1410 = McpControlContract( contract_id='mcps.gestor_operacional.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -35210,7 +86560,7 @@ CONTRACT_0760 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0761 = McpControlContract( +CONTRACT_1411 = McpControlContract( contract_id='mcps.gestor_operacional.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -35279,7 +86629,7 @@ CONTRACT_0761 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0762 = McpControlContract( +CONTRACT_1412 = McpControlContract( contract_id='mcps.suporte.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -35348,7 +86698,7 @@ CONTRACT_0762 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0763 = McpControlContract( +CONTRACT_1413 = McpControlContract( contract_id='mcps.suporte.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -35417,7 +86767,7 @@ CONTRACT_0763 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0764 = McpControlContract( +CONTRACT_1414 = McpControlContract( contract_id='mcps.suporte.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -35486,7 +86836,7 @@ CONTRACT_0764 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0765 = McpControlContract( +CONTRACT_1415 = McpControlContract( contract_id='mcps.atendimento_cliente.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -35555,7 +86905,7 @@ CONTRACT_0765 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0766 = McpControlContract( +CONTRACT_1416 = McpControlContract( contract_id='mcps.atendimento_cliente.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -35624,7 +86974,7 @@ CONTRACT_0766 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0767 = McpControlContract( +CONTRACT_1417 = McpControlContract( contract_id='mcps.atendimento_cliente.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -35693,7 +87043,7 @@ CONTRACT_0767 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0768 = McpControlContract( +CONTRACT_1418 = McpControlContract( contract_id='mcps.financeiro.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -35762,7 +87112,7 @@ CONTRACT_0768 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0769 = McpControlContract( +CONTRACT_1419 = McpControlContract( contract_id='mcps.financeiro.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -35831,7 +87181,7 @@ CONTRACT_0769 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0770 = McpControlContract( +CONTRACT_1420 = McpControlContract( contract_id='mcps.financeiro.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -35900,7 +87250,7 @@ CONTRACT_0770 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0771 = McpControlContract( +CONTRACT_1421 = McpControlContract( contract_id='mcps.contador.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -35969,7 +87319,7 @@ CONTRACT_0771 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0772 = McpControlContract( +CONTRACT_1422 = McpControlContract( contract_id='mcps.contador.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -36038,7 +87388,7 @@ CONTRACT_0772 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0773 = McpControlContract( +CONTRACT_1423 = McpControlContract( contract_id='mcps.contador.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -36107,7 +87457,7 @@ CONTRACT_0773 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0774 = McpControlContract( +CONTRACT_1424 = McpControlContract( contract_id='mcps.juridico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -36176,7 +87526,7 @@ CONTRACT_0774 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0775 = McpControlContract( +CONTRACT_1425 = McpControlContract( contract_id='mcps.juridico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -36245,7 +87595,7 @@ CONTRACT_0775 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0776 = McpControlContract( +CONTRACT_1426 = McpControlContract( contract_id='mcps.juridico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -36314,7 +87664,7 @@ CONTRACT_0776 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0777 = McpControlContract( +CONTRACT_1427 = McpControlContract( contract_id='mcps.secretaria.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -36383,7 +87733,7 @@ CONTRACT_0777 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0778 = McpControlContract( +CONTRACT_1428 = McpControlContract( contract_id='mcps.secretaria.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -36452,7 +87802,7 @@ CONTRACT_0778 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0779 = McpControlContract( +CONTRACT_1429 = McpControlContract( contract_id='mcps.secretaria.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -36521,7 +87871,7 @@ CONTRACT_0779 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0780 = McpControlContract( +CONTRACT_1430 = McpControlContract( contract_id='mcps.tecnico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -36590,7 +87940,7 @@ CONTRACT_0780 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0781 = McpControlContract( +CONTRACT_1431 = McpControlContract( contract_id='mcps.tecnico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -36659,7 +88009,7 @@ CONTRACT_0781 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0782 = McpControlContract( +CONTRACT_1432 = McpControlContract( contract_id='mcps.tecnico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -36728,7 +88078,7 @@ CONTRACT_0782 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0783 = McpControlContract( +CONTRACT_1433 = McpControlContract( contract_id='mcps.usuario_final.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -36797,7 +88147,7 @@ CONTRACT_0783 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0784 = McpControlContract( +CONTRACT_1434 = McpControlContract( contract_id='mcps.usuario_final.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -36866,7 +88216,7 @@ CONTRACT_0784 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0785 = McpControlContract( +CONTRACT_1435 = McpControlContract( contract_id='mcps.usuario_final.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -36935,7 +88285,7 @@ CONTRACT_0785 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0786 = McpControlContract( +CONTRACT_1436 = McpControlContract( contract_id='mcps.cliente_externo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -37004,7 +88354,7 @@ CONTRACT_0786 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0787 = McpControlContract( +CONTRACT_1437 = McpControlContract( contract_id='mcps.cliente_externo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -37073,7 +88423,7 @@ CONTRACT_0787 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0788 = McpControlContract( +CONTRACT_1438 = McpControlContract( contract_id='mcps.cliente_externo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -37142,7 +88492,7 @@ CONTRACT_0788 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0789 = McpControlContract( +CONTRACT_1439 = McpControlContract( contract_id='mcps.planejamento_estrategico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -37211,7 +88561,7 @@ CONTRACT_0789 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0790 = McpControlContract( +CONTRACT_1440 = McpControlContract( contract_id='mcps.planejamento_estrategico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -37280,7 +88630,7 @@ CONTRACT_0790 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0791 = McpControlContract( +CONTRACT_1441 = McpControlContract( contract_id='mcps.planejamento_estrategico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='mcps', @@ -37349,7 +88699,7 @@ CONTRACT_0791 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0792 = McpControlContract( +CONTRACT_1442 = McpControlContract( contract_id='platform_base.administrador_empresa.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='platform_base', @@ -37375,7 +88725,7 @@ CONTRACT_0792 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0793 = McpControlContract( +CONTRACT_1443 = McpControlContract( contract_id='platform_base.ceo.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='platform_base', @@ -37401,7 +88751,7 @@ CONTRACT_0793 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0794 = McpControlContract( +CONTRACT_1444 = McpControlContract( contract_id='platform_base.gestor_operacional.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='platform_base', @@ -37427,7 +88777,7 @@ CONTRACT_0794 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0795 = McpControlContract( +CONTRACT_1445 = McpControlContract( contract_id='platform_base.suporte.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='platform_base', @@ -37453,7 +88803,7 @@ CONTRACT_0795 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0796 = McpControlContract( +CONTRACT_1446 = McpControlContract( contract_id='platform_base.atendimento_cliente.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='platform_base', @@ -37479,7 +88829,7 @@ CONTRACT_0796 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0797 = McpControlContract( +CONTRACT_1447 = McpControlContract( contract_id='platform_base.financeiro.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='platform_base', @@ -37505,7 +88855,7 @@ CONTRACT_0797 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0798 = McpControlContract( +CONTRACT_1448 = McpControlContract( contract_id='platform_base.contador.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='platform_base', @@ -37531,7 +88881,7 @@ CONTRACT_0798 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0799 = McpControlContract( +CONTRACT_1449 = McpControlContract( contract_id='platform_base.juridico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='platform_base', @@ -37557,7 +88907,7 @@ CONTRACT_0799 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0800 = McpControlContract( +CONTRACT_1450 = McpControlContract( contract_id='platform_base.secretaria.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='platform_base', @@ -37583,7 +88933,7 @@ CONTRACT_0800 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0801 = McpControlContract( +CONTRACT_1451 = McpControlContract( contract_id='platform_base.tecnico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='platform_base', @@ -37609,7 +88959,7 @@ CONTRACT_0801 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0802 = McpControlContract( +CONTRACT_1452 = McpControlContract( contract_id='platform_base.usuario_final.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='platform_base', @@ -37635,7 +88985,7 @@ CONTRACT_0802 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0803 = McpControlContract( +CONTRACT_1453 = McpControlContract( contract_id='platform_base.cliente_externo.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='platform_base', @@ -37661,7 +89011,7 @@ CONTRACT_0803 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0804 = McpControlContract( +CONTRACT_1454 = McpControlContract( contract_id='platform_base.planejamento_estrategico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='platform_base', @@ -37687,7 +89037,7 @@ CONTRACT_0804 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0805 = McpControlContract( +CONTRACT_1455 = McpControlContract( contract_id='platform_base.administrador_empresa.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='platform_base', @@ -37713,7 +89063,7 @@ CONTRACT_0805 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0806 = McpControlContract( +CONTRACT_1456 = McpControlContract( contract_id='platform_base.ceo.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='platform_base', @@ -37739,7 +89089,7 @@ CONTRACT_0806 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0807 = McpControlContract( +CONTRACT_1457 = McpControlContract( contract_id='platform_base.gestor_operacional.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='platform_base', @@ -37765,7 +89115,7 @@ CONTRACT_0807 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0808 = McpControlContract( +CONTRACT_1458 = McpControlContract( contract_id='platform_base.suporte.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='platform_base', @@ -37791,7 +89141,7 @@ CONTRACT_0808 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0809 = McpControlContract( +CONTRACT_1459 = McpControlContract( contract_id='platform_base.atendimento_cliente.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='platform_base', @@ -37817,7 +89167,7 @@ CONTRACT_0809 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0810 = McpControlContract( +CONTRACT_1460 = McpControlContract( contract_id='platform_base.financeiro.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='platform_base', @@ -37843,7 +89193,7 @@ CONTRACT_0810 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0811 = McpControlContract( +CONTRACT_1461 = McpControlContract( contract_id='platform_base.contador.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='platform_base', @@ -37869,7 +89219,7 @@ CONTRACT_0811 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0812 = McpControlContract( +CONTRACT_1462 = McpControlContract( contract_id='platform_base.juridico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='platform_base', @@ -37895,7 +89245,7 @@ CONTRACT_0812 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0813 = McpControlContract( +CONTRACT_1463 = McpControlContract( contract_id='platform_base.secretaria.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='platform_base', @@ -37921,7 +89271,7 @@ CONTRACT_0813 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0814 = McpControlContract( +CONTRACT_1464 = McpControlContract( contract_id='platform_base.tecnico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='platform_base', @@ -37947,7 +89297,7 @@ CONTRACT_0814 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0815 = McpControlContract( +CONTRACT_1465 = McpControlContract( contract_id='platform_base.usuario_final.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='platform_base', @@ -37973,7 +89323,7 @@ CONTRACT_0815 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0816 = McpControlContract( +CONTRACT_1466 = McpControlContract( contract_id='platform_base.cliente_externo.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='platform_base', @@ -37999,7 +89349,7 @@ CONTRACT_0816 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0817 = McpControlContract( +CONTRACT_1467 = McpControlContract( contract_id='platform_base.planejamento_estrategico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='platform_base', @@ -38025,7 +89375,7 @@ CONTRACT_0817 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0818 = McpControlContract( +CONTRACT_1468 = McpControlContract( contract_id='platform_base.templates.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='platform_base', @@ -38051,7 +89401,7 @@ CONTRACT_0818 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0819 = McpControlContract( +CONTRACT_1469 = McpControlContract( contract_id='platform_base.standards.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='platform_base', @@ -38077,7 +89427,7 @@ CONTRACT_0819 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0820 = McpControlContract( +CONTRACT_1470 = McpControlContract( contract_id='platform_base.contracts.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='platform_base', @@ -38103,7 +89453,7 @@ CONTRACT_0820 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0821 = McpControlContract( +CONTRACT_1471 = McpControlContract( contract_id='platform_base.shared-runtime.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='platform_base', @@ -38129,7 +89479,7 @@ CONTRACT_0821 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0822 = McpControlContract( +CONTRACT_1472 = McpControlContract( contract_id='platform_base.consulta.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='platform_base', @@ -38155,7 +89505,7 @@ CONTRACT_0822 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0823 = McpControlContract( +CONTRACT_1473 = McpControlContract( contract_id='platform_base.diagnostico.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='platform_base', @@ -38181,7 +89531,7 @@ CONTRACT_0823 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0824 = McpControlContract( +CONTRACT_1474 = McpControlContract( contract_id='platform_base.acao.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='platform_base', @@ -38207,7 +89557,7 @@ CONTRACT_0824 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0825 = McpControlContract( +CONTRACT_1475 = McpControlContract( contract_id='platform_base.auditoria.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='platform_base', @@ -38233,7 +89583,7 @@ CONTRACT_0825 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0826 = McpControlContract( +CONTRACT_1476 = McpControlContract( contract_id='platform_base.explicacao.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='platform_base', @@ -38259,7 +89609,5142 @@ CONTRACT_0826 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0827 = McpControlContract( +CONTRACT_1477 = McpControlContract( + contract_id='platform_base.administrador_empresa.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Platform Base para Administrador da empresa', + purpose='Expor consulta de Platform Base para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'administrador_empresaNeed', + 'consultaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.administrador_empresa.consulta', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para platform_base/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para platform_base/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1478 = McpControlContract( + contract_id='platform_base.administrador_empresa.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Platform Base para Administrador da empresa', + purpose='Expor diagnostico de Platform Base para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'administrador_empresaNeed', + 'diagnosticoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.administrador_empresa.diagnostico', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para platform_base/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para platform_base/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1479 = McpControlContract( + contract_id='platform_base.administrador_empresa.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Platform Base para Administrador da empresa', + purpose='Expor acao de Platform Base para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'administrador_empresaNeed', + 'acaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.administrador_empresa.acao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para platform_base/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para platform_base/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1480 = McpControlContract( + contract_id='platform_base.administrador_empresa.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Platform Base para Administrador da empresa', + purpose='Expor auditoria de Platform Base para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'administrador_empresaNeed', + 'auditoriaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.administrador_empresa.auditoria', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para platform_base/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para platform_base/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1481 = McpControlContract( + contract_id='platform_base.administrador_empresa.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Platform Base para Administrador da empresa', + purpose='Expor explicacao de Platform Base para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'administrador_empresaNeed', + 'explicacaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.administrador_empresa.explicacao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para platform_base/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para platform_base/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1482 = McpControlContract( + contract_id='platform_base.ceo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='ceo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Platform Base para CEO', + purpose='Expor consulta de Platform Base para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'ceoNeed', + 'consultaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.ceo.consulta', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para platform_base/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para platform_base/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1483 = McpControlContract( + contract_id='platform_base.ceo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='ceo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Platform Base para CEO', + purpose='Expor diagnostico de Platform Base para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'ceoNeed', + 'diagnosticoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.ceo.diagnostico', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para platform_base/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para platform_base/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1484 = McpControlContract( + contract_id='platform_base.ceo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='ceo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Platform Base para CEO', + purpose='Expor acao de Platform Base para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'ceoNeed', + 'acaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.ceo.acao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para platform_base/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para platform_base/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1485 = McpControlContract( + contract_id='platform_base.ceo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='ceo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Platform Base para CEO', + purpose='Expor auditoria de Platform Base para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'ceoNeed', + 'auditoriaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.ceo.auditoria', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para platform_base/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para platform_base/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1486 = McpControlContract( + contract_id='platform_base.ceo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='ceo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Platform Base para CEO', + purpose='Expor explicacao de Platform Base para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'ceoNeed', + 'explicacaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.ceo.explicacao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para platform_base/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para platform_base/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1487 = McpControlContract( + contract_id='platform_base.gestor_operacional.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Platform Base para Gestor operacional', + purpose='Expor consulta de Platform Base para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'gestor_operacionalNeed', + 'consultaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.gestor_operacional.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para platform_base/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para platform_base/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1488 = McpControlContract( + contract_id='platform_base.gestor_operacional.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Platform Base para Gestor operacional', + purpose='Expor diagnostico de Platform Base para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'gestor_operacionalNeed', + 'diagnosticoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.gestor_operacional.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para platform_base/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para platform_base/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1489 = McpControlContract( + contract_id='platform_base.gestor_operacional.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Platform Base para Gestor operacional', + purpose='Expor acao de Platform Base para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'gestor_operacionalNeed', + 'acaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.gestor_operacional.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para platform_base/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para platform_base/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1490 = McpControlContract( + contract_id='platform_base.gestor_operacional.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Platform Base para Gestor operacional', + purpose='Expor auditoria de Platform Base para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'gestor_operacionalNeed', + 'auditoriaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.gestor_operacional.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para platform_base/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para platform_base/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1491 = McpControlContract( + contract_id='platform_base.gestor_operacional.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Platform Base para Gestor operacional', + purpose='Expor explicacao de Platform Base para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'gestor_operacionalNeed', + 'explicacaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.gestor_operacional.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para platform_base/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para platform_base/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1492 = McpControlContract( + contract_id='platform_base.suporte.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='suporte', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Platform Base para Equipe de suporte', + purpose='Expor consulta de Platform Base para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'suporteNeed', + 'consultaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.suporte.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para platform_base/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para platform_base/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1493 = McpControlContract( + contract_id='platform_base.suporte.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='suporte', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Platform Base para Equipe de suporte', + purpose='Expor diagnostico de Platform Base para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'suporteNeed', + 'diagnosticoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.suporte.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para platform_base/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para platform_base/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1494 = McpControlContract( + contract_id='platform_base.suporte.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='suporte', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Platform Base para Equipe de suporte', + purpose='Expor acao de Platform Base para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'suporteNeed', + 'acaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.suporte.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para platform_base/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para platform_base/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1495 = McpControlContract( + contract_id='platform_base.suporte.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='suporte', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Platform Base para Equipe de suporte', + purpose='Expor auditoria de Platform Base para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'suporteNeed', + 'auditoriaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.suporte.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para platform_base/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para platform_base/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1496 = McpControlContract( + contract_id='platform_base.suporte.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='suporte', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Platform Base para Equipe de suporte', + purpose='Expor explicacao de Platform Base para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'suporteNeed', + 'explicacaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.suporte.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para platform_base/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para platform_base/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1497 = McpControlContract( + contract_id='platform_base.atendimento_cliente.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Platform Base para Atendimento ao cliente', + purpose='Expor consulta de Platform Base para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'atendimento_clienteNeed', + 'consultaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.atendimento_cliente.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para platform_base/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para platform_base/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1498 = McpControlContract( + contract_id='platform_base.atendimento_cliente.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Platform Base para Atendimento ao cliente', + purpose='Expor diagnostico de Platform Base para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'atendimento_clienteNeed', + 'diagnosticoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.atendimento_cliente.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para platform_base/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para platform_base/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1499 = McpControlContract( + contract_id='platform_base.atendimento_cliente.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Platform Base para Atendimento ao cliente', + purpose='Expor acao de Platform Base para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'atendimento_clienteNeed', + 'acaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.atendimento_cliente.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para platform_base/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para platform_base/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1500 = McpControlContract( + contract_id='platform_base.atendimento_cliente.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Platform Base para Atendimento ao cliente', + purpose='Expor auditoria de Platform Base para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'atendimento_clienteNeed', + 'auditoriaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.atendimento_cliente.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para platform_base/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para platform_base/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1501 = McpControlContract( + contract_id='platform_base.atendimento_cliente.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Platform Base para Atendimento ao cliente', + purpose='Expor explicacao de Platform Base para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'atendimento_clienteNeed', + 'explicacaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.atendimento_cliente.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para platform_base/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para platform_base/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1502 = McpControlContract( + contract_id='platform_base.financeiro.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='financeiro', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Platform Base para Financeiro', + purpose='Expor consulta de Platform Base para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'financeiroNeed', + 'consultaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.financeiro.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para platform_base/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para platform_base/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1503 = McpControlContract( + contract_id='platform_base.financeiro.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='financeiro', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Platform Base para Financeiro', + purpose='Expor diagnostico de Platform Base para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'financeiroNeed', + 'diagnosticoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.financeiro.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para platform_base/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para platform_base/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1504 = McpControlContract( + contract_id='platform_base.financeiro.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='financeiro', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Platform Base para Financeiro', + purpose='Expor acao de Platform Base para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'financeiroNeed', + 'acaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.financeiro.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para platform_base/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para platform_base/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1505 = McpControlContract( + contract_id='platform_base.financeiro.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='financeiro', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Platform Base para Financeiro', + purpose='Expor auditoria de Platform Base para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'financeiroNeed', + 'auditoriaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.financeiro.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para platform_base/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para platform_base/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1506 = McpControlContract( + contract_id='platform_base.financeiro.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='financeiro', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Platform Base para Financeiro', + purpose='Expor explicacao de Platform Base para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'financeiroNeed', + 'explicacaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.financeiro.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para platform_base/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para platform_base/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1507 = McpControlContract( + contract_id='platform_base.contador.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='contador', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Platform Base para Contador', + purpose='Expor consulta de Platform Base para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'contadorNeed', + 'consultaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.contador.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para platform_base/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para platform_base/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1508 = McpControlContract( + contract_id='platform_base.contador.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='contador', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Platform Base para Contador', + purpose='Expor diagnostico de Platform Base para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'contadorNeed', + 'diagnosticoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.contador.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para platform_base/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para platform_base/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1509 = McpControlContract( + contract_id='platform_base.contador.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='contador', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Platform Base para Contador', + purpose='Expor acao de Platform Base para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'contadorNeed', + 'acaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.contador.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para platform_base/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para platform_base/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1510 = McpControlContract( + contract_id='platform_base.contador.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='contador', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Platform Base para Contador', + purpose='Expor auditoria de Platform Base para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'contadorNeed', + 'auditoriaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.contador.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para platform_base/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para platform_base/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1511 = McpControlContract( + contract_id='platform_base.contador.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='contador', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Platform Base para Contador', + purpose='Expor explicacao de Platform Base para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'contadorNeed', + 'explicacaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.contador.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para platform_base/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para platform_base/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1512 = McpControlContract( + contract_id='platform_base.juridico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='juridico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Platform Base para Juridico', + purpose='Expor consulta de Platform Base para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'juridicoNeed', + 'consultaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.juridico.consulta', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para platform_base/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para platform_base/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1513 = McpControlContract( + contract_id='platform_base.juridico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='juridico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Platform Base para Juridico', + purpose='Expor diagnostico de Platform Base para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'juridicoNeed', + 'diagnosticoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.juridico.diagnostico', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para platform_base/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para platform_base/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1514 = McpControlContract( + contract_id='platform_base.juridico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='juridico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Platform Base para Juridico', + purpose='Expor acao de Platform Base para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'juridicoNeed', + 'acaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.juridico.acao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para platform_base/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para platform_base/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1515 = McpControlContract( + contract_id='platform_base.juridico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='juridico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Platform Base para Juridico', + purpose='Expor auditoria de Platform Base para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'juridicoNeed', + 'auditoriaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.juridico.auditoria', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para platform_base/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para platform_base/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1516 = McpControlContract( + contract_id='platform_base.juridico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='juridico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Platform Base para Juridico', + purpose='Expor explicacao de Platform Base para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'juridicoNeed', + 'explicacaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.juridico.explicacao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para platform_base/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para platform_base/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1517 = McpControlContract( + contract_id='platform_base.secretaria.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='secretaria', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Platform Base para Secretaria', + purpose='Expor consulta de Platform Base para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'secretariaNeed', + 'consultaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.secretaria.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para platform_base/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para platform_base/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1518 = McpControlContract( + contract_id='platform_base.secretaria.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='secretaria', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Platform Base para Secretaria', + purpose='Expor diagnostico de Platform Base para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'secretariaNeed', + 'diagnosticoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.secretaria.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para platform_base/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para platform_base/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1519 = McpControlContract( + contract_id='platform_base.secretaria.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='secretaria', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Platform Base para Secretaria', + purpose='Expor acao de Platform Base para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'secretariaNeed', + 'acaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.secretaria.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para platform_base/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para platform_base/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1520 = McpControlContract( + contract_id='platform_base.secretaria.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='secretaria', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Platform Base para Secretaria', + purpose='Expor auditoria de Platform Base para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'secretariaNeed', + 'auditoriaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.secretaria.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para platform_base/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para platform_base/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1521 = McpControlContract( + contract_id='platform_base.secretaria.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='secretaria', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Platform Base para Secretaria', + purpose='Expor explicacao de Platform Base para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'secretariaNeed', + 'explicacaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.secretaria.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para platform_base/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para platform_base/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1522 = McpControlContract( + contract_id='platform_base.tecnico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='tecnico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Platform Base para Tecnico', + purpose='Expor consulta de Platform Base para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'tecnicoNeed', + 'consultaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.tecnico.consulta', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para platform_base/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para platform_base/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1523 = McpControlContract( + contract_id='platform_base.tecnico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='tecnico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Platform Base para Tecnico', + purpose='Expor diagnostico de Platform Base para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'tecnicoNeed', + 'diagnosticoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.tecnico.diagnostico', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para platform_base/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para platform_base/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1524 = McpControlContract( + contract_id='platform_base.tecnico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='tecnico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Platform Base para Tecnico', + purpose='Expor acao de Platform Base para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'tecnicoNeed', + 'acaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.tecnico.acao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para platform_base/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para platform_base/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1525 = McpControlContract( + contract_id='platform_base.tecnico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='tecnico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Platform Base para Tecnico', + purpose='Expor auditoria de Platform Base para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'tecnicoNeed', + 'auditoriaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.tecnico.auditoria', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para platform_base/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para platform_base/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1526 = McpControlContract( + contract_id='platform_base.tecnico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='tecnico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Platform Base para Tecnico', + purpose='Expor explicacao de Platform Base para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'tecnicoNeed', + 'explicacaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.tecnico.explicacao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para platform_base/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para platform_base/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1527 = McpControlContract( + contract_id='platform_base.usuario_final.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='usuario_final', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Platform Base para Usuario final', + purpose='Expor consulta de Platform Base para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'usuario_finalNeed', + 'consultaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.usuario_final.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para platform_base/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para platform_base/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1528 = McpControlContract( + contract_id='platform_base.usuario_final.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='usuario_final', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Platform Base para Usuario final', + purpose='Expor diagnostico de Platform Base para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'usuario_finalNeed', + 'diagnosticoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.usuario_final.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para platform_base/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para platform_base/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1529 = McpControlContract( + contract_id='platform_base.usuario_final.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='usuario_final', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Platform Base para Usuario final', + purpose='Expor acao de Platform Base para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'usuario_finalNeed', + 'acaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.usuario_final.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para platform_base/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para platform_base/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1530 = McpControlContract( + contract_id='platform_base.usuario_final.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='usuario_final', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Platform Base para Usuario final', + purpose='Expor auditoria de Platform Base para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'usuario_finalNeed', + 'auditoriaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.usuario_final.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para platform_base/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para platform_base/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1531 = McpControlContract( + contract_id='platform_base.usuario_final.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='usuario_final', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Platform Base para Usuario final', + purpose='Expor explicacao de Platform Base para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'usuario_finalNeed', + 'explicacaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.usuario_final.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para platform_base/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para platform_base/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1532 = McpControlContract( + contract_id='platform_base.cliente_externo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='cliente_externo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Platform Base para Cliente externo', + purpose='Expor consulta de Platform Base para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'cliente_externoNeed', + 'consultaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.cliente_externo.consulta', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para platform_base/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para platform_base/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1533 = McpControlContract( + contract_id='platform_base.cliente_externo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='cliente_externo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Platform Base para Cliente externo', + purpose='Expor diagnostico de Platform Base para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'cliente_externoNeed', + 'diagnosticoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.cliente_externo.diagnostico', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para platform_base/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para platform_base/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1534 = McpControlContract( + contract_id='platform_base.cliente_externo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='cliente_externo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Platform Base para Cliente externo', + purpose='Expor acao de Platform Base para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'cliente_externoNeed', + 'acaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.cliente_externo.acao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para platform_base/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para platform_base/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1535 = McpControlContract( + contract_id='platform_base.cliente_externo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='cliente_externo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Platform Base para Cliente externo', + purpose='Expor auditoria de Platform Base para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'cliente_externoNeed', + 'auditoriaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.cliente_externo.auditoria', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para platform_base/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para platform_base/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1536 = McpControlContract( + contract_id='platform_base.cliente_externo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='cliente_externo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Platform Base para Cliente externo', + purpose='Expor explicacao de Platform Base para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'cliente_externoNeed', + 'explicacaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.cliente_externo.explicacao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para platform_base/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para platform_base/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1537 = McpControlContract( + contract_id='platform_base.planejamento_estrategico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Platform Base para Planejamento estrategico', + purpose='Expor consulta de Platform Base para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'planejamento_estrategicoNeed', + 'consultaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.planejamento_estrategico.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para platform_base/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para platform_base/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1538 = McpControlContract( + contract_id='platform_base.planejamento_estrategico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Platform Base para Planejamento estrategico', + purpose='Expor diagnostico de Platform Base para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'planejamento_estrategicoNeed', + 'diagnosticoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.planejamento_estrategico.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para platform_base/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para platform_base/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1539 = McpControlContract( + contract_id='platform_base.planejamento_estrategico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Platform Base para Planejamento estrategico', + purpose='Expor acao de Platform Base para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'planejamento_estrategicoNeed', + 'acaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.planejamento_estrategico.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para platform_base/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para platform_base/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1540 = McpControlContract( + contract_id='platform_base.planejamento_estrategico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Platform Base para Planejamento estrategico', + purpose='Expor auditoria de Platform Base para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'planejamento_estrategicoNeed', + 'auditoriaState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.planejamento_estrategico.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para platform_base/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para platform_base/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1541 = McpControlContract( + contract_id='platform_base.planejamento_estrategico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='platform_base', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Platform Base para Planejamento estrategico', + purpose='Expor explicacao de Platform Base para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'platform_baseStatus', + 'planejamento_estrategicoNeed', + 'explicacaoState', + 'governanceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.DERIVED, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.platform_base.planejamento_estrategico.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider platform_base via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para platform_base/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para platform_base/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1542 = McpControlContract( contract_id='platform_base.credentialref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='platform_base', @@ -38285,7 +94770,7 @@ CONTRACT_0827 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0828 = McpControlContract( +CONTRACT_1543 = McpControlContract( contract_id='platform_base.tokenref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='platform_base', @@ -38311,7 +94796,7 @@ CONTRACT_0828 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0829 = McpControlContract( +CONTRACT_1544 = McpControlContract( contract_id='platform_base.secretref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='platform_base', @@ -38337,7 +94822,7 @@ CONTRACT_0829 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0830 = McpControlContract( +CONTRACT_1545 = McpControlContract( contract_id='platform_base.cfat.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='platform_base', @@ -38363,7 +94848,7 @@ CONTRACT_0830 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0831 = McpControlContract( +CONTRACT_1546 = McpControlContract( contract_id='platform_base.administrador_empresa.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -38432,7 +94917,7 @@ CONTRACT_0831 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0832 = McpControlContract( +CONTRACT_1547 = McpControlContract( contract_id='platform_base.administrador_empresa.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -38501,7 +94986,7 @@ CONTRACT_0832 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0833 = McpControlContract( +CONTRACT_1548 = McpControlContract( contract_id='platform_base.administrador_empresa.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -38570,7 +95055,7 @@ CONTRACT_0833 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0834 = McpControlContract( +CONTRACT_1549 = McpControlContract( contract_id='platform_base.ceo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -38639,7 +95124,7 @@ CONTRACT_0834 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0835 = McpControlContract( +CONTRACT_1550 = McpControlContract( contract_id='platform_base.ceo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -38708,7 +95193,7 @@ CONTRACT_0835 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0836 = McpControlContract( +CONTRACT_1551 = McpControlContract( contract_id='platform_base.ceo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -38777,7 +95262,7 @@ CONTRACT_0836 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0837 = McpControlContract( +CONTRACT_1552 = McpControlContract( contract_id='platform_base.gestor_operacional.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -38846,7 +95331,7 @@ CONTRACT_0837 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0838 = McpControlContract( +CONTRACT_1553 = McpControlContract( contract_id='platform_base.gestor_operacional.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -38915,7 +95400,7 @@ CONTRACT_0838 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0839 = McpControlContract( +CONTRACT_1554 = McpControlContract( contract_id='platform_base.gestor_operacional.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -38984,7 +95469,7 @@ CONTRACT_0839 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0840 = McpControlContract( +CONTRACT_1555 = McpControlContract( contract_id='platform_base.suporte.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -39053,7 +95538,7 @@ CONTRACT_0840 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0841 = McpControlContract( +CONTRACT_1556 = McpControlContract( contract_id='platform_base.suporte.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -39122,7 +95607,7 @@ CONTRACT_0841 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0842 = McpControlContract( +CONTRACT_1557 = McpControlContract( contract_id='platform_base.suporte.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -39191,7 +95676,7 @@ CONTRACT_0842 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0843 = McpControlContract( +CONTRACT_1558 = McpControlContract( contract_id='platform_base.atendimento_cliente.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -39260,7 +95745,7 @@ CONTRACT_0843 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0844 = McpControlContract( +CONTRACT_1559 = McpControlContract( contract_id='platform_base.atendimento_cliente.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -39329,7 +95814,7 @@ CONTRACT_0844 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0845 = McpControlContract( +CONTRACT_1560 = McpControlContract( contract_id='platform_base.atendimento_cliente.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -39398,7 +95883,7 @@ CONTRACT_0845 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0846 = McpControlContract( +CONTRACT_1561 = McpControlContract( contract_id='platform_base.financeiro.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -39467,7 +95952,7 @@ CONTRACT_0846 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0847 = McpControlContract( +CONTRACT_1562 = McpControlContract( contract_id='platform_base.financeiro.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -39536,7 +96021,7 @@ CONTRACT_0847 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0848 = McpControlContract( +CONTRACT_1563 = McpControlContract( contract_id='platform_base.financeiro.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -39605,7 +96090,7 @@ CONTRACT_0848 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0849 = McpControlContract( +CONTRACT_1564 = McpControlContract( contract_id='platform_base.contador.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -39674,7 +96159,7 @@ CONTRACT_0849 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0850 = McpControlContract( +CONTRACT_1565 = McpControlContract( contract_id='platform_base.contador.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -39743,7 +96228,7 @@ CONTRACT_0850 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0851 = McpControlContract( +CONTRACT_1566 = McpControlContract( contract_id='platform_base.contador.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -39812,7 +96297,7 @@ CONTRACT_0851 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0852 = McpControlContract( +CONTRACT_1567 = McpControlContract( contract_id='platform_base.juridico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -39881,7 +96366,7 @@ CONTRACT_0852 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0853 = McpControlContract( +CONTRACT_1568 = McpControlContract( contract_id='platform_base.juridico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -39950,7 +96435,7 @@ CONTRACT_0853 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0854 = McpControlContract( +CONTRACT_1569 = McpControlContract( contract_id='platform_base.juridico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -40019,7 +96504,7 @@ CONTRACT_0854 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0855 = McpControlContract( +CONTRACT_1570 = McpControlContract( contract_id='platform_base.secretaria.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -40088,7 +96573,7 @@ CONTRACT_0855 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0856 = McpControlContract( +CONTRACT_1571 = McpControlContract( contract_id='platform_base.secretaria.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -40157,7 +96642,7 @@ CONTRACT_0856 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0857 = McpControlContract( +CONTRACT_1572 = McpControlContract( contract_id='platform_base.secretaria.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -40226,7 +96711,7 @@ CONTRACT_0857 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0858 = McpControlContract( +CONTRACT_1573 = McpControlContract( contract_id='platform_base.tecnico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -40295,7 +96780,7 @@ CONTRACT_0858 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0859 = McpControlContract( +CONTRACT_1574 = McpControlContract( contract_id='platform_base.tecnico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -40364,7 +96849,7 @@ CONTRACT_0859 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0860 = McpControlContract( +CONTRACT_1575 = McpControlContract( contract_id='platform_base.tecnico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -40433,7 +96918,7 @@ CONTRACT_0860 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0861 = McpControlContract( +CONTRACT_1576 = McpControlContract( contract_id='platform_base.usuario_final.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -40502,7 +96987,7 @@ CONTRACT_0861 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0862 = McpControlContract( +CONTRACT_1577 = McpControlContract( contract_id='platform_base.usuario_final.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -40571,7 +97056,7 @@ CONTRACT_0862 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0863 = McpControlContract( +CONTRACT_1578 = McpControlContract( contract_id='platform_base.usuario_final.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -40640,7 +97125,7 @@ CONTRACT_0863 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0864 = McpControlContract( +CONTRACT_1579 = McpControlContract( contract_id='platform_base.cliente_externo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -40709,7 +97194,7 @@ CONTRACT_0864 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0865 = McpControlContract( +CONTRACT_1580 = McpControlContract( contract_id='platform_base.cliente_externo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -40778,7 +97263,7 @@ CONTRACT_0865 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0866 = McpControlContract( +CONTRACT_1581 = McpControlContract( contract_id='platform_base.cliente_externo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -40847,7 +97332,7 @@ CONTRACT_0866 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0867 = McpControlContract( +CONTRACT_1582 = McpControlContract( contract_id='platform_base.planejamento_estrategico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -40916,7 +97401,7 @@ CONTRACT_0867 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0868 = McpControlContract( +CONTRACT_1583 = McpControlContract( contract_id='platform_base.planejamento_estrategico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -40985,7 +97470,7 @@ CONTRACT_0868 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0869 = McpControlContract( +CONTRACT_1584 = McpControlContract( contract_id='platform_base.planejamento_estrategico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='platform_base', @@ -41054,7 +97539,7 @@ CONTRACT_0869 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0870 = McpControlContract( +CONTRACT_1585 = McpControlContract( contract_id='public.administrador_empresa.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='public', @@ -41080,7 +97565,7 @@ CONTRACT_0870 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0871 = McpControlContract( +CONTRACT_1586 = McpControlContract( contract_id='public.ceo.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='public', @@ -41106,7 +97591,7 @@ CONTRACT_0871 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0872 = McpControlContract( +CONTRACT_1587 = McpControlContract( contract_id='public.gestor_operacional.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='public', @@ -41132,7 +97617,7 @@ CONTRACT_0872 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0873 = McpControlContract( +CONTRACT_1588 = McpControlContract( contract_id='public.suporte.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='public', @@ -41158,7 +97643,7 @@ CONTRACT_0873 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0874 = McpControlContract( +CONTRACT_1589 = McpControlContract( contract_id='public.atendimento_cliente.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='public', @@ -41184,7 +97669,7 @@ CONTRACT_0874 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0875 = McpControlContract( +CONTRACT_1590 = McpControlContract( contract_id='public.financeiro.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='public', @@ -41210,7 +97695,7 @@ CONTRACT_0875 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0876 = McpControlContract( +CONTRACT_1591 = McpControlContract( contract_id='public.contador.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='public', @@ -41236,7 +97721,7 @@ CONTRACT_0876 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0877 = McpControlContract( +CONTRACT_1592 = McpControlContract( contract_id='public.juridico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='public', @@ -41262,7 +97747,7 @@ CONTRACT_0877 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0878 = McpControlContract( +CONTRACT_1593 = McpControlContract( contract_id='public.secretaria.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='public', @@ -41288,7 +97773,7 @@ CONTRACT_0878 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0879 = McpControlContract( +CONTRACT_1594 = McpControlContract( contract_id='public.tecnico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='public', @@ -41314,7 +97799,7 @@ CONTRACT_0879 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0880 = McpControlContract( +CONTRACT_1595 = McpControlContract( contract_id='public.usuario_final.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='public', @@ -41340,7 +97825,7 @@ CONTRACT_0880 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0881 = McpControlContract( +CONTRACT_1596 = McpControlContract( contract_id='public.cliente_externo.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='public', @@ -41366,7 +97851,7 @@ CONTRACT_0881 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0882 = McpControlContract( +CONTRACT_1597 = McpControlContract( contract_id='public.planejamento_estrategico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='public', @@ -41392,7 +97877,7 @@ CONTRACT_0882 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0883 = McpControlContract( +CONTRACT_1598 = McpControlContract( contract_id='public.administrador_empresa.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='public', @@ -41418,7 +97903,7 @@ CONTRACT_0883 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0884 = McpControlContract( +CONTRACT_1599 = McpControlContract( contract_id='public.ceo.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='public', @@ -41444,7 +97929,7 @@ CONTRACT_0884 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0885 = McpControlContract( +CONTRACT_1600 = McpControlContract( contract_id='public.gestor_operacional.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='public', @@ -41470,7 +97955,7 @@ CONTRACT_0885 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0886 = McpControlContract( +CONTRACT_1601 = McpControlContract( contract_id='public.suporte.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='public', @@ -41496,7 +97981,7 @@ CONTRACT_0886 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0887 = McpControlContract( +CONTRACT_1602 = McpControlContract( contract_id='public.atendimento_cliente.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='public', @@ -41522,7 +98007,7 @@ CONTRACT_0887 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0888 = McpControlContract( +CONTRACT_1603 = McpControlContract( contract_id='public.financeiro.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='public', @@ -41548,7 +98033,7 @@ CONTRACT_0888 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0889 = McpControlContract( +CONTRACT_1604 = McpControlContract( contract_id='public.contador.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='public', @@ -41574,7 +98059,7 @@ CONTRACT_0889 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0890 = McpControlContract( +CONTRACT_1605 = McpControlContract( contract_id='public.juridico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='public', @@ -41600,7 +98085,7 @@ CONTRACT_0890 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0891 = McpControlContract( +CONTRACT_1606 = McpControlContract( contract_id='public.secretaria.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='public', @@ -41626,7 +98111,7 @@ CONTRACT_0891 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0892 = McpControlContract( +CONTRACT_1607 = McpControlContract( contract_id='public.tecnico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='public', @@ -41652,7 +98137,7 @@ CONTRACT_0892 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0893 = McpControlContract( +CONTRACT_1608 = McpControlContract( contract_id='public.usuario_final.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='public', @@ -41678,7 +98163,7 @@ CONTRACT_0893 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0894 = McpControlContract( +CONTRACT_1609 = McpControlContract( contract_id='public.cliente_externo.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='public', @@ -41704,7 +98189,7 @@ CONTRACT_0894 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0895 = McpControlContract( +CONTRACT_1610 = McpControlContract( contract_id='public.planejamento_estrategico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='public', @@ -41730,7 +98215,7 @@ CONTRACT_0895 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0896 = McpControlContract( +CONTRACT_1611 = McpControlContract( contract_id='public.landing.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='public', @@ -41756,7 +98241,7 @@ CONTRACT_0896 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0897 = McpControlContract( +CONTRACT_1612 = McpControlContract( contract_id='public.onboarding.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='public', @@ -41782,7 +98267,7 @@ CONTRACT_0897 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0898 = McpControlContract( +CONTRACT_1613 = McpControlContract( contract_id='public.public-docs.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='public', @@ -41808,7 +98293,7 @@ CONTRACT_0898 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0899 = McpControlContract( +CONTRACT_1614 = McpControlContract( contract_id='public.status.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='public', @@ -41834,7 +98319,7 @@ CONTRACT_0899 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0900 = McpControlContract( +CONTRACT_1615 = McpControlContract( contract_id='public.consulta.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='public', @@ -41860,7 +98345,7 @@ CONTRACT_0900 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0901 = McpControlContract( +CONTRACT_1616 = McpControlContract( contract_id='public.diagnostico.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='public', @@ -41886,7 +98371,7 @@ CONTRACT_0901 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0902 = McpControlContract( +CONTRACT_1617 = McpControlContract( contract_id='public.acao.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='public', @@ -41912,7 +98397,7 @@ CONTRACT_0902 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0903 = McpControlContract( +CONTRACT_1618 = McpControlContract( contract_id='public.auditoria.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='public', @@ -41938,7 +98423,7 @@ CONTRACT_0903 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0904 = McpControlContract( +CONTRACT_1619 = McpControlContract( contract_id='public.explicacao.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='public', @@ -41964,7 +98449,5142 @@ CONTRACT_0904 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0905 = McpControlContract( +CONTRACT_1620 = McpControlContract( + contract_id='public.administrador_empresa.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Public Platform para Administrador da empresa', + purpose='Expor consulta de Public Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'administrador_empresaNeed', + 'consultaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.administrador_empresa.consulta', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para public/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para public/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1621 = McpControlContract( + contract_id='public.administrador_empresa.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Public Platform para Administrador da empresa', + purpose='Expor diagnostico de Public Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'administrador_empresaNeed', + 'diagnosticoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.administrador_empresa.diagnostico', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para public/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para public/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1622 = McpControlContract( + contract_id='public.administrador_empresa.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Public Platform para Administrador da empresa', + purpose='Expor acao de Public Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'administrador_empresaNeed', + 'acaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.administrador_empresa.acao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para public/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para public/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1623 = McpControlContract( + contract_id='public.administrador_empresa.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Public Platform para Administrador da empresa', + purpose='Expor auditoria de Public Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'administrador_empresaNeed', + 'auditoriaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.administrador_empresa.auditoria', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para public/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para public/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1624 = McpControlContract( + contract_id='public.administrador_empresa.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Public Platform para Administrador da empresa', + purpose='Expor explicacao de Public Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'administrador_empresaNeed', + 'explicacaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.administrador_empresa.explicacao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para public/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para public/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1625 = McpControlContract( + contract_id='public.ceo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='ceo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Public Platform para CEO', + purpose='Expor consulta de Public Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'ceoNeed', + 'consultaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.ceo.consulta', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para public/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para public/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1626 = McpControlContract( + contract_id='public.ceo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='ceo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Public Platform para CEO', + purpose='Expor diagnostico de Public Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'ceoNeed', + 'diagnosticoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.ceo.diagnostico', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para public/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para public/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1627 = McpControlContract( + contract_id='public.ceo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='ceo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Public Platform para CEO', + purpose='Expor acao de Public Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'ceoNeed', + 'acaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.ceo.acao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para public/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para public/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1628 = McpControlContract( + contract_id='public.ceo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='ceo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Public Platform para CEO', + purpose='Expor auditoria de Public Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'ceoNeed', + 'auditoriaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.ceo.auditoria', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para public/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para public/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1629 = McpControlContract( + contract_id='public.ceo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='ceo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Public Platform para CEO', + purpose='Expor explicacao de Public Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'ceoNeed', + 'explicacaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.ceo.explicacao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para public/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para public/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1630 = McpControlContract( + contract_id='public.gestor_operacional.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Public Platform para Gestor operacional', + purpose='Expor consulta de Public Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'gestor_operacionalNeed', + 'consultaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.gestor_operacional.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para public/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para public/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1631 = McpControlContract( + contract_id='public.gestor_operacional.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Public Platform para Gestor operacional', + purpose='Expor diagnostico de Public Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'gestor_operacionalNeed', + 'diagnosticoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.gestor_operacional.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para public/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para public/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1632 = McpControlContract( + contract_id='public.gestor_operacional.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Public Platform para Gestor operacional', + purpose='Expor acao de Public Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'gestor_operacionalNeed', + 'acaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.gestor_operacional.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para public/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para public/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1633 = McpControlContract( + contract_id='public.gestor_operacional.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Public Platform para Gestor operacional', + purpose='Expor auditoria de Public Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'gestor_operacionalNeed', + 'auditoriaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.gestor_operacional.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para public/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para public/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1634 = McpControlContract( + contract_id='public.gestor_operacional.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Public Platform para Gestor operacional', + purpose='Expor explicacao de Public Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'gestor_operacionalNeed', + 'explicacaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.gestor_operacional.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para public/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para public/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1635 = McpControlContract( + contract_id='public.suporte.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='suporte', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Public Platform para Equipe de suporte', + purpose='Expor consulta de Public Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'suporteNeed', + 'consultaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.suporte.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para public/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para public/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1636 = McpControlContract( + contract_id='public.suporte.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='suporte', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Public Platform para Equipe de suporte', + purpose='Expor diagnostico de Public Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'suporteNeed', + 'diagnosticoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.suporte.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para public/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para public/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1637 = McpControlContract( + contract_id='public.suporte.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='suporte', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Public Platform para Equipe de suporte', + purpose='Expor acao de Public Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'suporteNeed', + 'acaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.suporte.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para public/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para public/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1638 = McpControlContract( + contract_id='public.suporte.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='suporte', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Public Platform para Equipe de suporte', + purpose='Expor auditoria de Public Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'suporteNeed', + 'auditoriaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.suporte.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para public/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para public/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1639 = McpControlContract( + contract_id='public.suporte.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='suporte', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Public Platform para Equipe de suporte', + purpose='Expor explicacao de Public Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'suporteNeed', + 'explicacaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.suporte.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para public/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para public/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1640 = McpControlContract( + contract_id='public.atendimento_cliente.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Public Platform para Atendimento ao cliente', + purpose='Expor consulta de Public Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'atendimento_clienteNeed', + 'consultaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.atendimento_cliente.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para public/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para public/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1641 = McpControlContract( + contract_id='public.atendimento_cliente.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Public Platform para Atendimento ao cliente', + purpose='Expor diagnostico de Public Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'atendimento_clienteNeed', + 'diagnosticoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.atendimento_cliente.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para public/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para public/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1642 = McpControlContract( + contract_id='public.atendimento_cliente.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Public Platform para Atendimento ao cliente', + purpose='Expor acao de Public Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'atendimento_clienteNeed', + 'acaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.atendimento_cliente.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para public/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para public/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1643 = McpControlContract( + contract_id='public.atendimento_cliente.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Public Platform para Atendimento ao cliente', + purpose='Expor auditoria de Public Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'atendimento_clienteNeed', + 'auditoriaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.atendimento_cliente.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para public/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para public/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1644 = McpControlContract( + contract_id='public.atendimento_cliente.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Public Platform para Atendimento ao cliente', + purpose='Expor explicacao de Public Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'atendimento_clienteNeed', + 'explicacaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.atendimento_cliente.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para public/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para public/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1645 = McpControlContract( + contract_id='public.financeiro.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='financeiro', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Public Platform para Financeiro', + purpose='Expor consulta de Public Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'financeiroNeed', + 'consultaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.financeiro.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para public/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para public/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1646 = McpControlContract( + contract_id='public.financeiro.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='financeiro', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Public Platform para Financeiro', + purpose='Expor diagnostico de Public Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'financeiroNeed', + 'diagnosticoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.financeiro.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para public/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para public/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1647 = McpControlContract( + contract_id='public.financeiro.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='financeiro', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Public Platform para Financeiro', + purpose='Expor acao de Public Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'financeiroNeed', + 'acaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.financeiro.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para public/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para public/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1648 = McpControlContract( + contract_id='public.financeiro.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='financeiro', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Public Platform para Financeiro', + purpose='Expor auditoria de Public Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'financeiroNeed', + 'auditoriaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.financeiro.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para public/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para public/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1649 = McpControlContract( + contract_id='public.financeiro.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='financeiro', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Public Platform para Financeiro', + purpose='Expor explicacao de Public Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'financeiroNeed', + 'explicacaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.financeiro.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para public/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para public/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1650 = McpControlContract( + contract_id='public.contador.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='contador', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Public Platform para Contador', + purpose='Expor consulta de Public Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'contadorNeed', + 'consultaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.contador.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para public/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para public/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1651 = McpControlContract( + contract_id='public.contador.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='contador', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Public Platform para Contador', + purpose='Expor diagnostico de Public Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'contadorNeed', + 'diagnosticoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.contador.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para public/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para public/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1652 = McpControlContract( + contract_id='public.contador.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='contador', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Public Platform para Contador', + purpose='Expor acao de Public Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'contadorNeed', + 'acaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.contador.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para public/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para public/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1653 = McpControlContract( + contract_id='public.contador.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='contador', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Public Platform para Contador', + purpose='Expor auditoria de Public Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'contadorNeed', + 'auditoriaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.contador.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para public/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para public/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1654 = McpControlContract( + contract_id='public.contador.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='contador', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Public Platform para Contador', + purpose='Expor explicacao de Public Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'contadorNeed', + 'explicacaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.contador.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para public/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para public/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1655 = McpControlContract( + contract_id='public.juridico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='juridico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Public Platform para Juridico', + purpose='Expor consulta de Public Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'juridicoNeed', + 'consultaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.juridico.consulta', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para public/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para public/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1656 = McpControlContract( + contract_id='public.juridico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='juridico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Public Platform para Juridico', + purpose='Expor diagnostico de Public Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'juridicoNeed', + 'diagnosticoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.juridico.diagnostico', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para public/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para public/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1657 = McpControlContract( + contract_id='public.juridico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='juridico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Public Platform para Juridico', + purpose='Expor acao de Public Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'juridicoNeed', + 'acaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.juridico.acao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para public/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para public/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1658 = McpControlContract( + contract_id='public.juridico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='juridico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Public Platform para Juridico', + purpose='Expor auditoria de Public Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'juridicoNeed', + 'auditoriaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.juridico.auditoria', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para public/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para public/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1659 = McpControlContract( + contract_id='public.juridico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='juridico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Public Platform para Juridico', + purpose='Expor explicacao de Public Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'juridicoNeed', + 'explicacaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.juridico.explicacao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para public/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para public/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1660 = McpControlContract( + contract_id='public.secretaria.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='secretaria', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Public Platform para Secretaria', + purpose='Expor consulta de Public Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'secretariaNeed', + 'consultaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.secretaria.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para public/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para public/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1661 = McpControlContract( + contract_id='public.secretaria.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='secretaria', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Public Platform para Secretaria', + purpose='Expor diagnostico de Public Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'secretariaNeed', + 'diagnosticoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.secretaria.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para public/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para public/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1662 = McpControlContract( + contract_id='public.secretaria.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='secretaria', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Public Platform para Secretaria', + purpose='Expor acao de Public Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'secretariaNeed', + 'acaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.secretaria.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para public/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para public/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1663 = McpControlContract( + contract_id='public.secretaria.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='secretaria', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Public Platform para Secretaria', + purpose='Expor auditoria de Public Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'secretariaNeed', + 'auditoriaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.secretaria.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para public/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para public/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1664 = McpControlContract( + contract_id='public.secretaria.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='secretaria', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Public Platform para Secretaria', + purpose='Expor explicacao de Public Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'secretariaNeed', + 'explicacaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.secretaria.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para public/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para public/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1665 = McpControlContract( + contract_id='public.tecnico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='tecnico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Public Platform para Tecnico', + purpose='Expor consulta de Public Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'tecnicoNeed', + 'consultaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.tecnico.consulta', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para public/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para public/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1666 = McpControlContract( + contract_id='public.tecnico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='tecnico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Public Platform para Tecnico', + purpose='Expor diagnostico de Public Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'tecnicoNeed', + 'diagnosticoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.tecnico.diagnostico', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para public/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para public/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1667 = McpControlContract( + contract_id='public.tecnico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='tecnico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Public Platform para Tecnico', + purpose='Expor acao de Public Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'tecnicoNeed', + 'acaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.tecnico.acao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para public/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para public/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1668 = McpControlContract( + contract_id='public.tecnico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='tecnico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Public Platform para Tecnico', + purpose='Expor auditoria de Public Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'tecnicoNeed', + 'auditoriaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.tecnico.auditoria', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para public/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para public/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1669 = McpControlContract( + contract_id='public.tecnico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='tecnico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Public Platform para Tecnico', + purpose='Expor explicacao de Public Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'tecnicoNeed', + 'explicacaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.tecnico.explicacao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para public/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para public/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1670 = McpControlContract( + contract_id='public.usuario_final.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='usuario_final', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Public Platform para Usuario final', + purpose='Expor consulta de Public Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'usuario_finalNeed', + 'consultaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.usuario_final.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para public/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para public/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1671 = McpControlContract( + contract_id='public.usuario_final.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='usuario_final', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Public Platform para Usuario final', + purpose='Expor diagnostico de Public Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'usuario_finalNeed', + 'diagnosticoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.usuario_final.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para public/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para public/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1672 = McpControlContract( + contract_id='public.usuario_final.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='usuario_final', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Public Platform para Usuario final', + purpose='Expor acao de Public Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'usuario_finalNeed', + 'acaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.usuario_final.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para public/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para public/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1673 = McpControlContract( + contract_id='public.usuario_final.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='usuario_final', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Public Platform para Usuario final', + purpose='Expor auditoria de Public Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'usuario_finalNeed', + 'auditoriaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.usuario_final.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para public/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para public/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1674 = McpControlContract( + contract_id='public.usuario_final.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='usuario_final', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Public Platform para Usuario final', + purpose='Expor explicacao de Public Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'usuario_finalNeed', + 'explicacaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.usuario_final.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para public/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para public/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1675 = McpControlContract( + contract_id='public.cliente_externo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='cliente_externo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Public Platform para Cliente externo', + purpose='Expor consulta de Public Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'cliente_externoNeed', + 'consultaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.cliente_externo.consulta', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para public/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para public/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1676 = McpControlContract( + contract_id='public.cliente_externo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='cliente_externo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Public Platform para Cliente externo', + purpose='Expor diagnostico de Public Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'cliente_externoNeed', + 'diagnosticoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.cliente_externo.diagnostico', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para public/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para public/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1677 = McpControlContract( + contract_id='public.cliente_externo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='cliente_externo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Public Platform para Cliente externo', + purpose='Expor acao de Public Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'cliente_externoNeed', + 'acaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.cliente_externo.acao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para public/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para public/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1678 = McpControlContract( + contract_id='public.cliente_externo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='cliente_externo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Public Platform para Cliente externo', + purpose='Expor auditoria de Public Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'cliente_externoNeed', + 'auditoriaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.cliente_externo.auditoria', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para public/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para public/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1679 = McpControlContract( + contract_id='public.cliente_externo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='cliente_externo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Public Platform para Cliente externo', + purpose='Expor explicacao de Public Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'cliente_externoNeed', + 'explicacaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.cliente_externo.explicacao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para public/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para public/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1680 = McpControlContract( + contract_id='public.planejamento_estrategico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de Public Platform para Planejamento estrategico', + purpose='Expor consulta de Public Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'planejamento_estrategicoNeed', + 'consultaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.planejamento_estrategico.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para public/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para public/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1681 = McpControlContract( + contract_id='public.planejamento_estrategico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de Public Platform para Planejamento estrategico', + purpose='Expor diagnostico de Public Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'planejamento_estrategicoNeed', + 'diagnosticoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.planejamento_estrategico.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para public/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para public/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1682 = McpControlContract( + contract_id='public.planejamento_estrategico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de Public Platform para Planejamento estrategico', + purpose='Expor acao de Public Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'planejamento_estrategicoNeed', + 'acaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.planejamento_estrategico.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para public/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para public/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1683 = McpControlContract( + contract_id='public.planejamento_estrategico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de Public Platform para Planejamento estrategico', + purpose='Expor auditoria de Public Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'planejamento_estrategicoNeed', + 'auditoriaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.planejamento_estrategico.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para public/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para public/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1684 = McpControlContract( + contract_id='public.planejamento_estrategico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='public', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de Public Platform para Planejamento estrategico', + purpose='Expor explicacao de Public Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'publicStatus', + 'planejamento_estrategicoNeed', + 'explicacaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.public.planejamento_estrategico.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider public via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para public/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para public/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=8, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1685 = McpControlContract( contract_id='public.credentialref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='public', @@ -41990,7 +103610,7 @@ CONTRACT_0905 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0906 = McpControlContract( +CONTRACT_1686 = McpControlContract( contract_id='public.tokenref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='public', @@ -42016,7 +103636,7 @@ CONTRACT_0906 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0907 = McpControlContract( +CONTRACT_1687 = McpControlContract( contract_id='public.secretref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='public', @@ -42042,7 +103662,7 @@ CONTRACT_0907 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0908 = McpControlContract( +CONTRACT_1688 = McpControlContract( contract_id='public.cfat.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='public', @@ -42068,7 +103688,7 @@ CONTRACT_0908 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0909 = McpControlContract( +CONTRACT_1689 = McpControlContract( contract_id='public.administrador_empresa.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -42137,7 +103757,7 @@ CONTRACT_0909 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0910 = McpControlContract( +CONTRACT_1690 = McpControlContract( contract_id='public.administrador_empresa.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -42206,7 +103826,7 @@ CONTRACT_0910 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0911 = McpControlContract( +CONTRACT_1691 = McpControlContract( contract_id='public.administrador_empresa.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -42275,7 +103895,7 @@ CONTRACT_0911 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0912 = McpControlContract( +CONTRACT_1692 = McpControlContract( contract_id='public.ceo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -42344,7 +103964,7 @@ CONTRACT_0912 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0913 = McpControlContract( +CONTRACT_1693 = McpControlContract( contract_id='public.ceo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -42413,7 +104033,7 @@ CONTRACT_0913 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0914 = McpControlContract( +CONTRACT_1694 = McpControlContract( contract_id='public.ceo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -42482,7 +104102,7 @@ CONTRACT_0914 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0915 = McpControlContract( +CONTRACT_1695 = McpControlContract( contract_id='public.gestor_operacional.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -42551,7 +104171,7 @@ CONTRACT_0915 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0916 = McpControlContract( +CONTRACT_1696 = McpControlContract( contract_id='public.gestor_operacional.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -42620,7 +104240,7 @@ CONTRACT_0916 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0917 = McpControlContract( +CONTRACT_1697 = McpControlContract( contract_id='public.gestor_operacional.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -42689,7 +104309,7 @@ CONTRACT_0917 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0918 = McpControlContract( +CONTRACT_1698 = McpControlContract( contract_id='public.suporte.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -42758,7 +104378,7 @@ CONTRACT_0918 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0919 = McpControlContract( +CONTRACT_1699 = McpControlContract( contract_id='public.suporte.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -42827,7 +104447,7 @@ CONTRACT_0919 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0920 = McpControlContract( +CONTRACT_1700 = McpControlContract( contract_id='public.suporte.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -42896,7 +104516,7 @@ CONTRACT_0920 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0921 = McpControlContract( +CONTRACT_1701 = McpControlContract( contract_id='public.atendimento_cliente.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -42965,7 +104585,7 @@ CONTRACT_0921 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0922 = McpControlContract( +CONTRACT_1702 = McpControlContract( contract_id='public.atendimento_cliente.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -43034,7 +104654,7 @@ CONTRACT_0922 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0923 = McpControlContract( +CONTRACT_1703 = McpControlContract( contract_id='public.atendimento_cliente.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -43103,7 +104723,7 @@ CONTRACT_0923 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0924 = McpControlContract( +CONTRACT_1704 = McpControlContract( contract_id='public.financeiro.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -43172,7 +104792,7 @@ CONTRACT_0924 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0925 = McpControlContract( +CONTRACT_1705 = McpControlContract( contract_id='public.financeiro.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -43241,7 +104861,7 @@ CONTRACT_0925 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0926 = McpControlContract( +CONTRACT_1706 = McpControlContract( contract_id='public.financeiro.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -43310,7 +104930,7 @@ CONTRACT_0926 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0927 = McpControlContract( +CONTRACT_1707 = McpControlContract( contract_id='public.contador.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -43379,7 +104999,7 @@ CONTRACT_0927 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0928 = McpControlContract( +CONTRACT_1708 = McpControlContract( contract_id='public.contador.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -43448,7 +105068,7 @@ CONTRACT_0928 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0929 = McpControlContract( +CONTRACT_1709 = McpControlContract( contract_id='public.contador.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -43517,7 +105137,7 @@ CONTRACT_0929 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0930 = McpControlContract( +CONTRACT_1710 = McpControlContract( contract_id='public.juridico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -43586,7 +105206,7 @@ CONTRACT_0930 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0931 = McpControlContract( +CONTRACT_1711 = McpControlContract( contract_id='public.juridico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -43655,7 +105275,7 @@ CONTRACT_0931 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0932 = McpControlContract( +CONTRACT_1712 = McpControlContract( contract_id='public.juridico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -43724,7 +105344,7 @@ CONTRACT_0932 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0933 = McpControlContract( +CONTRACT_1713 = McpControlContract( contract_id='public.secretaria.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -43793,7 +105413,7 @@ CONTRACT_0933 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0934 = McpControlContract( +CONTRACT_1714 = McpControlContract( contract_id='public.secretaria.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -43862,7 +105482,7 @@ CONTRACT_0934 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0935 = McpControlContract( +CONTRACT_1715 = McpControlContract( contract_id='public.secretaria.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -43931,7 +105551,7 @@ CONTRACT_0935 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0936 = McpControlContract( +CONTRACT_1716 = McpControlContract( contract_id='public.tecnico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -44000,7 +105620,7 @@ CONTRACT_0936 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0937 = McpControlContract( +CONTRACT_1717 = McpControlContract( contract_id='public.tecnico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -44069,7 +105689,7 @@ CONTRACT_0937 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0938 = McpControlContract( +CONTRACT_1718 = McpControlContract( contract_id='public.tecnico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -44138,7 +105758,7 @@ CONTRACT_0938 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0939 = McpControlContract( +CONTRACT_1719 = McpControlContract( contract_id='public.usuario_final.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -44207,7 +105827,7 @@ CONTRACT_0939 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0940 = McpControlContract( +CONTRACT_1720 = McpControlContract( contract_id='public.usuario_final.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -44276,7 +105896,7 @@ CONTRACT_0940 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0941 = McpControlContract( +CONTRACT_1721 = McpControlContract( contract_id='public.usuario_final.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -44345,7 +105965,7 @@ CONTRACT_0941 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0942 = McpControlContract( +CONTRACT_1722 = McpControlContract( contract_id='public.cliente_externo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -44414,7 +106034,7 @@ CONTRACT_0942 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0943 = McpControlContract( +CONTRACT_1723 = McpControlContract( contract_id='public.cliente_externo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -44483,7 +106103,7 @@ CONTRACT_0943 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0944 = McpControlContract( +CONTRACT_1724 = McpControlContract( contract_id='public.cliente_externo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -44552,7 +106172,7 @@ CONTRACT_0944 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0945 = McpControlContract( +CONTRACT_1725 = McpControlContract( contract_id='public.planejamento_estrategico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -44621,7 +106241,7 @@ CONTRACT_0945 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0946 = McpControlContract( +CONTRACT_1726 = McpControlContract( contract_id='public.planejamento_estrategico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -44690,7 +106310,7 @@ CONTRACT_0946 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0947 = McpControlContract( +CONTRACT_1727 = McpControlContract( contract_id='public.planejamento_estrategico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='public', @@ -44759,7 +106379,7 @@ CONTRACT_0947 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0948 = McpControlContract( +CONTRACT_1728 = McpControlContract( contract_id='stj.administrador_empresa.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='stj', @@ -44785,7 +106405,7 @@ CONTRACT_0948 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0949 = McpControlContract( +CONTRACT_1729 = McpControlContract( contract_id='stj.ceo.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='stj', @@ -44811,7 +106431,7 @@ CONTRACT_0949 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0950 = McpControlContract( +CONTRACT_1730 = McpControlContract( contract_id='stj.gestor_operacional.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='stj', @@ -44837,7 +106457,7 @@ CONTRACT_0950 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0951 = McpControlContract( +CONTRACT_1731 = McpControlContract( contract_id='stj.suporte.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='stj', @@ -44863,7 +106483,7 @@ CONTRACT_0951 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0952 = McpControlContract( +CONTRACT_1732 = McpControlContract( contract_id='stj.atendimento_cliente.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='stj', @@ -44889,7 +106509,7 @@ CONTRACT_0952 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0953 = McpControlContract( +CONTRACT_1733 = McpControlContract( contract_id='stj.financeiro.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='stj', @@ -44915,7 +106535,7 @@ CONTRACT_0953 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0954 = McpControlContract( +CONTRACT_1734 = McpControlContract( contract_id='stj.contador.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='stj', @@ -44941,7 +106561,7 @@ CONTRACT_0954 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0955 = McpControlContract( +CONTRACT_1735 = McpControlContract( contract_id='stj.juridico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='stj', @@ -44967,7 +106587,7 @@ CONTRACT_0955 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0956 = McpControlContract( +CONTRACT_1736 = McpControlContract( contract_id='stj.secretaria.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='stj', @@ -44993,7 +106613,7 @@ CONTRACT_0956 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0957 = McpControlContract( +CONTRACT_1737 = McpControlContract( contract_id='stj.tecnico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='stj', @@ -45019,7 +106639,7 @@ CONTRACT_0957 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0958 = McpControlContract( +CONTRACT_1738 = McpControlContract( contract_id='stj.usuario_final.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='stj', @@ -45045,7 +106665,7 @@ CONTRACT_0958 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0959 = McpControlContract( +CONTRACT_1739 = McpControlContract( contract_id='stj.cliente_externo.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='stj', @@ -45071,7 +106691,7 @@ CONTRACT_0959 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0960 = McpControlContract( +CONTRACT_1740 = McpControlContract( contract_id='stj.planejamento_estrategico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='stj', @@ -45097,7 +106717,7 @@ CONTRACT_0960 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_0961 = McpControlContract( +CONTRACT_1741 = McpControlContract( contract_id='stj.administrador_empresa.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='stj', @@ -45123,7 +106743,7 @@ CONTRACT_0961 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0962 = McpControlContract( +CONTRACT_1742 = McpControlContract( contract_id='stj.ceo.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='stj', @@ -45149,7 +106769,7 @@ CONTRACT_0962 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0963 = McpControlContract( +CONTRACT_1743 = McpControlContract( contract_id='stj.gestor_operacional.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='stj', @@ -45175,7 +106795,7 @@ CONTRACT_0963 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0964 = McpControlContract( +CONTRACT_1744 = McpControlContract( contract_id='stj.suporte.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='stj', @@ -45201,7 +106821,7 @@ CONTRACT_0964 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0965 = McpControlContract( +CONTRACT_1745 = McpControlContract( contract_id='stj.atendimento_cliente.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='stj', @@ -45227,7 +106847,7 @@ CONTRACT_0965 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0966 = McpControlContract( +CONTRACT_1746 = McpControlContract( contract_id='stj.financeiro.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='stj', @@ -45253,7 +106873,7 @@ CONTRACT_0966 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0967 = McpControlContract( +CONTRACT_1747 = McpControlContract( contract_id='stj.contador.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='stj', @@ -45279,7 +106899,7 @@ CONTRACT_0967 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0968 = McpControlContract( +CONTRACT_1748 = McpControlContract( contract_id='stj.juridico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='stj', @@ -45305,7 +106925,7 @@ CONTRACT_0968 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0969 = McpControlContract( +CONTRACT_1749 = McpControlContract( contract_id='stj.secretaria.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='stj', @@ -45331,7 +106951,7 @@ CONTRACT_0969 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0970 = McpControlContract( +CONTRACT_1750 = McpControlContract( contract_id='stj.tecnico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='stj', @@ -45357,7 +106977,7 @@ CONTRACT_0970 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0971 = McpControlContract( +CONTRACT_1751 = McpControlContract( contract_id='stj.usuario_final.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='stj', @@ -45383,7 +107003,7 @@ CONTRACT_0971 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0972 = McpControlContract( +CONTRACT_1752 = McpControlContract( contract_id='stj.cliente_externo.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='stj', @@ -45409,7 +107029,7 @@ CONTRACT_0972 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0973 = McpControlContract( +CONTRACT_1753 = McpControlContract( contract_id='stj.planejamento_estrategico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='stj', @@ -45435,7 +107055,7 @@ CONTRACT_0973 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_0974 = McpControlContract( +CONTRACT_1754 = McpControlContract( contract_id='stj.process-query.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='stj', @@ -45461,7 +107081,7 @@ CONTRACT_0974 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0975 = McpControlContract( +CONTRACT_1755 = McpControlContract( contract_id='stj.monitoring.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='stj', @@ -45487,7 +107107,7 @@ CONTRACT_0975 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0976 = McpControlContract( +CONTRACT_1756 = McpControlContract( contract_id='stj.public-documents.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='stj', @@ -45513,7 +107133,7 @@ CONTRACT_0976 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0977 = McpControlContract( +CONTRACT_1757 = McpControlContract( contract_id='stj.legal-readiness.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='stj', @@ -45539,7 +107159,7 @@ CONTRACT_0977 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_0978 = McpControlContract( +CONTRACT_1758 = McpControlContract( contract_id='stj.consulta.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='stj', @@ -45565,7 +107185,7 @@ CONTRACT_0978 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0979 = McpControlContract( +CONTRACT_1759 = McpControlContract( contract_id='stj.diagnostico.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='stj', @@ -45591,7 +107211,7 @@ CONTRACT_0979 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0980 = McpControlContract( +CONTRACT_1760 = McpControlContract( contract_id='stj.acao.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='stj', @@ -45617,7 +107237,7 @@ CONTRACT_0980 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0981 = McpControlContract( +CONTRACT_1761 = McpControlContract( contract_id='stj.auditoria.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='stj', @@ -45643,7 +107263,7 @@ CONTRACT_0981 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0982 = McpControlContract( +CONTRACT_1762 = McpControlContract( contract_id='stj.explicacao.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='stj', @@ -45669,7 +107289,5142 @@ CONTRACT_0982 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_0983 = McpControlContract( +CONTRACT_1763 = McpControlContract( + contract_id='stj.administrador_empresa.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de STJ Platform para Administrador da empresa', + purpose='Expor consulta de STJ Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'administrador_empresaNeed', + 'consultaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.administrador_empresa.consulta', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para stj/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para stj/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1764 = McpControlContract( + contract_id='stj.administrador_empresa.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de STJ Platform para Administrador da empresa', + purpose='Expor diagnostico de STJ Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'administrador_empresaNeed', + 'diagnosticoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.administrador_empresa.diagnostico', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para stj/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para stj/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1765 = McpControlContract( + contract_id='stj.administrador_empresa.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de STJ Platform para Administrador da empresa', + purpose='Expor acao de STJ Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'administrador_empresaNeed', + 'acaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.administrador_empresa.acao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para stj/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para stj/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1766 = McpControlContract( + contract_id='stj.administrador_empresa.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de STJ Platform para Administrador da empresa', + purpose='Expor auditoria de STJ Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'administrador_empresaNeed', + 'auditoriaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.administrador_empresa.auditoria', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para stj/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para stj/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1767 = McpControlContract( + contract_id='stj.administrador_empresa.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de STJ Platform para Administrador da empresa', + purpose='Expor explicacao de STJ Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'administrador_empresaNeed', + 'explicacaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.administrador_empresa.explicacao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para stj/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para stj/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1768 = McpControlContract( + contract_id='stj.ceo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='ceo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de STJ Platform para CEO', + purpose='Expor consulta de STJ Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'ceoNeed', + 'consultaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.ceo.consulta', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para stj/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para stj/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1769 = McpControlContract( + contract_id='stj.ceo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='ceo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de STJ Platform para CEO', + purpose='Expor diagnostico de STJ Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'ceoNeed', + 'diagnosticoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.ceo.diagnostico', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para stj/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para stj/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1770 = McpControlContract( + contract_id='stj.ceo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='ceo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de STJ Platform para CEO', + purpose='Expor acao de STJ Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'ceoNeed', + 'acaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.ceo.acao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para stj/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para stj/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1771 = McpControlContract( + contract_id='stj.ceo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='ceo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de STJ Platform para CEO', + purpose='Expor auditoria de STJ Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'ceoNeed', + 'auditoriaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.ceo.auditoria', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para stj/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para stj/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1772 = McpControlContract( + contract_id='stj.ceo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='ceo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de STJ Platform para CEO', + purpose='Expor explicacao de STJ Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'ceoNeed', + 'explicacaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.ceo.explicacao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para stj/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para stj/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1773 = McpControlContract( + contract_id='stj.gestor_operacional.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de STJ Platform para Gestor operacional', + purpose='Expor consulta de STJ Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'gestor_operacionalNeed', + 'consultaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.gestor_operacional.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para stj/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para stj/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1774 = McpControlContract( + contract_id='stj.gestor_operacional.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de STJ Platform para Gestor operacional', + purpose='Expor diagnostico de STJ Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'gestor_operacionalNeed', + 'diagnosticoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.gestor_operacional.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para stj/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para stj/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1775 = McpControlContract( + contract_id='stj.gestor_operacional.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de STJ Platform para Gestor operacional', + purpose='Expor acao de STJ Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'gestor_operacionalNeed', + 'acaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.gestor_operacional.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para stj/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para stj/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1776 = McpControlContract( + contract_id='stj.gestor_operacional.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de STJ Platform para Gestor operacional', + purpose='Expor auditoria de STJ Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'gestor_operacionalNeed', + 'auditoriaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.gestor_operacional.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para stj/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para stj/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1777 = McpControlContract( + contract_id='stj.gestor_operacional.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de STJ Platform para Gestor operacional', + purpose='Expor explicacao de STJ Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'gestor_operacionalNeed', + 'explicacaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.gestor_operacional.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para stj/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para stj/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1778 = McpControlContract( + contract_id='stj.suporte.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='suporte', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de STJ Platform para Equipe de suporte', + purpose='Expor consulta de STJ Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'suporteNeed', + 'consultaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.suporte.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para stj/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para stj/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1779 = McpControlContract( + contract_id='stj.suporte.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='suporte', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de STJ Platform para Equipe de suporte', + purpose='Expor diagnostico de STJ Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'suporteNeed', + 'diagnosticoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.suporte.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para stj/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para stj/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1780 = McpControlContract( + contract_id='stj.suporte.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='suporte', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de STJ Platform para Equipe de suporte', + purpose='Expor acao de STJ Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'suporteNeed', + 'acaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.suporte.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para stj/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para stj/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1781 = McpControlContract( + contract_id='stj.suporte.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='suporte', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de STJ Platform para Equipe de suporte', + purpose='Expor auditoria de STJ Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'suporteNeed', + 'auditoriaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.suporte.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para stj/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para stj/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1782 = McpControlContract( + contract_id='stj.suporte.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='suporte', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de STJ Platform para Equipe de suporte', + purpose='Expor explicacao de STJ Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'suporteNeed', + 'explicacaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.suporte.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para stj/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para stj/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1783 = McpControlContract( + contract_id='stj.atendimento_cliente.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de STJ Platform para Atendimento ao cliente', + purpose='Expor consulta de STJ Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'atendimento_clienteNeed', + 'consultaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.atendimento_cliente.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para stj/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para stj/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1784 = McpControlContract( + contract_id='stj.atendimento_cliente.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de STJ Platform para Atendimento ao cliente', + purpose='Expor diagnostico de STJ Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'atendimento_clienteNeed', + 'diagnosticoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.atendimento_cliente.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para stj/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para stj/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1785 = McpControlContract( + contract_id='stj.atendimento_cliente.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de STJ Platform para Atendimento ao cliente', + purpose='Expor acao de STJ Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'atendimento_clienteNeed', + 'acaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.atendimento_cliente.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para stj/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para stj/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1786 = McpControlContract( + contract_id='stj.atendimento_cliente.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de STJ Platform para Atendimento ao cliente', + purpose='Expor auditoria de STJ Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'atendimento_clienteNeed', + 'auditoriaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.atendimento_cliente.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para stj/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para stj/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1787 = McpControlContract( + contract_id='stj.atendimento_cliente.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de STJ Platform para Atendimento ao cliente', + purpose='Expor explicacao de STJ Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'atendimento_clienteNeed', + 'explicacaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.atendimento_cliente.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para stj/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para stj/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1788 = McpControlContract( + contract_id='stj.financeiro.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='financeiro', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de STJ Platform para Financeiro', + purpose='Expor consulta de STJ Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'financeiroNeed', + 'consultaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.financeiro.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para stj/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para stj/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1789 = McpControlContract( + contract_id='stj.financeiro.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='financeiro', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de STJ Platform para Financeiro', + purpose='Expor diagnostico de STJ Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'financeiroNeed', + 'diagnosticoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.financeiro.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para stj/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para stj/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1790 = McpControlContract( + contract_id='stj.financeiro.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='financeiro', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de STJ Platform para Financeiro', + purpose='Expor acao de STJ Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'financeiroNeed', + 'acaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.financeiro.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para stj/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para stj/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1791 = McpControlContract( + contract_id='stj.financeiro.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='financeiro', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de STJ Platform para Financeiro', + purpose='Expor auditoria de STJ Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'financeiroNeed', + 'auditoriaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.financeiro.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para stj/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para stj/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1792 = McpControlContract( + contract_id='stj.financeiro.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='financeiro', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de STJ Platform para Financeiro', + purpose='Expor explicacao de STJ Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'financeiroNeed', + 'explicacaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.financeiro.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para stj/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para stj/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1793 = McpControlContract( + contract_id='stj.contador.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='contador', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de STJ Platform para Contador', + purpose='Expor consulta de STJ Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'contadorNeed', + 'consultaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.contador.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para stj/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para stj/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1794 = McpControlContract( + contract_id='stj.contador.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='contador', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de STJ Platform para Contador', + purpose='Expor diagnostico de STJ Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'contadorNeed', + 'diagnosticoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.contador.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para stj/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para stj/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1795 = McpControlContract( + contract_id='stj.contador.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='contador', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de STJ Platform para Contador', + purpose='Expor acao de STJ Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'contadorNeed', + 'acaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.contador.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para stj/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para stj/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1796 = McpControlContract( + contract_id='stj.contador.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='contador', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de STJ Platform para Contador', + purpose='Expor auditoria de STJ Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'contadorNeed', + 'auditoriaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.contador.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para stj/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para stj/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1797 = McpControlContract( + contract_id='stj.contador.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='contador', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de STJ Platform para Contador', + purpose='Expor explicacao de STJ Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'contadorNeed', + 'explicacaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.contador.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para stj/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para stj/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1798 = McpControlContract( + contract_id='stj.juridico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='juridico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de STJ Platform para Juridico', + purpose='Expor consulta de STJ Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'juridicoNeed', + 'consultaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.juridico.consulta', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para stj/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para stj/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1799 = McpControlContract( + contract_id='stj.juridico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='juridico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de STJ Platform para Juridico', + purpose='Expor diagnostico de STJ Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'juridicoNeed', + 'diagnosticoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.juridico.diagnostico', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para stj/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para stj/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1800 = McpControlContract( + contract_id='stj.juridico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='juridico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de STJ Platform para Juridico', + purpose='Expor acao de STJ Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'juridicoNeed', + 'acaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.juridico.acao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para stj/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para stj/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1801 = McpControlContract( + contract_id='stj.juridico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='juridico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de STJ Platform para Juridico', + purpose='Expor auditoria de STJ Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'juridicoNeed', + 'auditoriaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.juridico.auditoria', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para stj/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para stj/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1802 = McpControlContract( + contract_id='stj.juridico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='juridico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de STJ Platform para Juridico', + purpose='Expor explicacao de STJ Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'juridicoNeed', + 'explicacaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.juridico.explicacao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para stj/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para stj/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1803 = McpControlContract( + contract_id='stj.secretaria.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='secretaria', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de STJ Platform para Secretaria', + purpose='Expor consulta de STJ Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'secretariaNeed', + 'consultaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.secretaria.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para stj/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para stj/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1804 = McpControlContract( + contract_id='stj.secretaria.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='secretaria', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de STJ Platform para Secretaria', + purpose='Expor diagnostico de STJ Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'secretariaNeed', + 'diagnosticoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.secretaria.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para stj/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para stj/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1805 = McpControlContract( + contract_id='stj.secretaria.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='secretaria', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de STJ Platform para Secretaria', + purpose='Expor acao de STJ Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'secretariaNeed', + 'acaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.secretaria.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para stj/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para stj/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1806 = McpControlContract( + contract_id='stj.secretaria.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='secretaria', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de STJ Platform para Secretaria', + purpose='Expor auditoria de STJ Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'secretariaNeed', + 'auditoriaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.secretaria.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para stj/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para stj/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1807 = McpControlContract( + contract_id='stj.secretaria.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='secretaria', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de STJ Platform para Secretaria', + purpose='Expor explicacao de STJ Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'secretariaNeed', + 'explicacaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.secretaria.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para stj/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para stj/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1808 = McpControlContract( + contract_id='stj.tecnico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='tecnico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de STJ Platform para Tecnico', + purpose='Expor consulta de STJ Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'tecnicoNeed', + 'consultaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.tecnico.consulta', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para stj/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para stj/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1809 = McpControlContract( + contract_id='stj.tecnico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='tecnico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de STJ Platform para Tecnico', + purpose='Expor diagnostico de STJ Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'tecnicoNeed', + 'diagnosticoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.tecnico.diagnostico', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para stj/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para stj/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1810 = McpControlContract( + contract_id='stj.tecnico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='tecnico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de STJ Platform para Tecnico', + purpose='Expor acao de STJ Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'tecnicoNeed', + 'acaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.tecnico.acao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para stj/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para stj/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1811 = McpControlContract( + contract_id='stj.tecnico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='tecnico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de STJ Platform para Tecnico', + purpose='Expor auditoria de STJ Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'tecnicoNeed', + 'auditoriaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.tecnico.auditoria', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para stj/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para stj/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1812 = McpControlContract( + contract_id='stj.tecnico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='tecnico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de STJ Platform para Tecnico', + purpose='Expor explicacao de STJ Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'tecnicoNeed', + 'explicacaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.tecnico.explicacao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para stj/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para stj/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1813 = McpControlContract( + contract_id='stj.usuario_final.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='usuario_final', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de STJ Platform para Usuario final', + purpose='Expor consulta de STJ Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'usuario_finalNeed', + 'consultaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.usuario_final.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para stj/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para stj/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1814 = McpControlContract( + contract_id='stj.usuario_final.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='usuario_final', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de STJ Platform para Usuario final', + purpose='Expor diagnostico de STJ Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'usuario_finalNeed', + 'diagnosticoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.usuario_final.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para stj/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para stj/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1815 = McpControlContract( + contract_id='stj.usuario_final.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='usuario_final', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de STJ Platform para Usuario final', + purpose='Expor acao de STJ Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'usuario_finalNeed', + 'acaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.usuario_final.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para stj/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para stj/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1816 = McpControlContract( + contract_id='stj.usuario_final.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='usuario_final', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de STJ Platform para Usuario final', + purpose='Expor auditoria de STJ Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'usuario_finalNeed', + 'auditoriaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.usuario_final.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para stj/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para stj/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1817 = McpControlContract( + contract_id='stj.usuario_final.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='usuario_final', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de STJ Platform para Usuario final', + purpose='Expor explicacao de STJ Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'usuario_finalNeed', + 'explicacaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.usuario_final.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para stj/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para stj/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1818 = McpControlContract( + contract_id='stj.cliente_externo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='cliente_externo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de STJ Platform para Cliente externo', + purpose='Expor consulta de STJ Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'cliente_externoNeed', + 'consultaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.cliente_externo.consulta', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para stj/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para stj/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1819 = McpControlContract( + contract_id='stj.cliente_externo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='cliente_externo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de STJ Platform para Cliente externo', + purpose='Expor diagnostico de STJ Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'cliente_externoNeed', + 'diagnosticoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.cliente_externo.diagnostico', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para stj/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para stj/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1820 = McpControlContract( + contract_id='stj.cliente_externo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='cliente_externo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de STJ Platform para Cliente externo', + purpose='Expor acao de STJ Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'cliente_externoNeed', + 'acaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.cliente_externo.acao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para stj/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para stj/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1821 = McpControlContract( + contract_id='stj.cliente_externo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='cliente_externo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de STJ Platform para Cliente externo', + purpose='Expor auditoria de STJ Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'cliente_externoNeed', + 'auditoriaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.cliente_externo.auditoria', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para stj/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para stj/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1822 = McpControlContract( + contract_id='stj.cliente_externo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='cliente_externo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de STJ Platform para Cliente externo', + purpose='Expor explicacao de STJ Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'cliente_externoNeed', + 'explicacaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.cliente_externo.explicacao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para stj/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para stj/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1823 = McpControlContract( + contract_id='stj.planejamento_estrategico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de STJ Platform para Planejamento estrategico', + purpose='Expor consulta de STJ Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'planejamento_estrategicoNeed', + 'consultaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.planejamento_estrategico.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para stj/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para stj/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1824 = McpControlContract( + contract_id='stj.planejamento_estrategico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de STJ Platform para Planejamento estrategico', + purpose='Expor diagnostico de STJ Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'planejamento_estrategicoNeed', + 'diagnosticoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.planejamento_estrategico.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para stj/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para stj/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1825 = McpControlContract( + contract_id='stj.planejamento_estrategico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de STJ Platform para Planejamento estrategico', + purpose='Expor acao de STJ Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'planejamento_estrategicoNeed', + 'acaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.planejamento_estrategico.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para stj/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para stj/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1826 = McpControlContract( + contract_id='stj.planejamento_estrategico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de STJ Platform para Planejamento estrategico', + purpose='Expor auditoria de STJ Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'planejamento_estrategicoNeed', + 'auditoriaState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.planejamento_estrategico.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para stj/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para stj/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1827 = McpControlContract( + contract_id='stj.planejamento_estrategico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='stj', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de STJ Platform para Planejamento estrategico', + purpose='Expor explicacao de STJ Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'stjStatus', + 'planejamento_estrategicoNeed', + 'explicacaoState', + 'legalGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.RESPONSE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.stj.planejamento_estrategico.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider stj via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para stj/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para stj/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=7, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1828 = McpControlContract( contract_id='stj.credentialref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='stj', @@ -45695,7 +112450,7 @@ CONTRACT_0983 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0984 = McpControlContract( +CONTRACT_1829 = McpControlContract( contract_id='stj.tokenref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='stj', @@ -45721,7 +112476,7 @@ CONTRACT_0984 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0985 = McpControlContract( +CONTRACT_1830 = McpControlContract( contract_id='stj.secretref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='stj', @@ -45747,7 +112502,7 @@ CONTRACT_0985 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0986 = McpControlContract( +CONTRACT_1831 = McpControlContract( contract_id='stj.cfat.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='stj', @@ -45773,7 +112528,7 @@ CONTRACT_0986 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_0987 = McpControlContract( +CONTRACT_1832 = McpControlContract( contract_id='stj.administrador_empresa.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -45842,7 +112597,7 @@ CONTRACT_0987 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0988 = McpControlContract( +CONTRACT_1833 = McpControlContract( contract_id='stj.administrador_empresa.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -45911,7 +112666,7 @@ CONTRACT_0988 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0989 = McpControlContract( +CONTRACT_1834 = McpControlContract( contract_id='stj.administrador_empresa.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -45980,7 +112735,7 @@ CONTRACT_0989 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0990 = McpControlContract( +CONTRACT_1835 = McpControlContract( contract_id='stj.ceo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -46049,7 +112804,7 @@ CONTRACT_0990 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0991 = McpControlContract( +CONTRACT_1836 = McpControlContract( contract_id='stj.ceo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -46118,7 +112873,7 @@ CONTRACT_0991 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0992 = McpControlContract( +CONTRACT_1837 = McpControlContract( contract_id='stj.ceo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -46187,7 +112942,7 @@ CONTRACT_0992 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0993 = McpControlContract( +CONTRACT_1838 = McpControlContract( contract_id='stj.gestor_operacional.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -46256,7 +113011,7 @@ CONTRACT_0993 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0994 = McpControlContract( +CONTRACT_1839 = McpControlContract( contract_id='stj.gestor_operacional.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -46325,7 +113080,7 @@ CONTRACT_0994 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0995 = McpControlContract( +CONTRACT_1840 = McpControlContract( contract_id='stj.gestor_operacional.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -46394,7 +113149,7 @@ CONTRACT_0995 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0996 = McpControlContract( +CONTRACT_1841 = McpControlContract( contract_id='stj.suporte.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -46463,7 +113218,7 @@ CONTRACT_0996 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0997 = McpControlContract( +CONTRACT_1842 = McpControlContract( contract_id='stj.suporte.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -46532,7 +113287,7 @@ CONTRACT_0997 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0998 = McpControlContract( +CONTRACT_1843 = McpControlContract( contract_id='stj.suporte.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -46601,7 +113356,7 @@ CONTRACT_0998 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_0999 = McpControlContract( +CONTRACT_1844 = McpControlContract( contract_id='stj.atendimento_cliente.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -46670,7 +113425,7 @@ CONTRACT_0999 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1000 = McpControlContract( +CONTRACT_1845 = McpControlContract( contract_id='stj.atendimento_cliente.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -46739,7 +113494,7 @@ CONTRACT_1000 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1001 = McpControlContract( +CONTRACT_1846 = McpControlContract( contract_id='stj.atendimento_cliente.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -46808,7 +113563,7 @@ CONTRACT_1001 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1002 = McpControlContract( +CONTRACT_1847 = McpControlContract( contract_id='stj.financeiro.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -46877,7 +113632,7 @@ CONTRACT_1002 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1003 = McpControlContract( +CONTRACT_1848 = McpControlContract( contract_id='stj.financeiro.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -46946,7 +113701,7 @@ CONTRACT_1003 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1004 = McpControlContract( +CONTRACT_1849 = McpControlContract( contract_id='stj.financeiro.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -47015,7 +113770,7 @@ CONTRACT_1004 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1005 = McpControlContract( +CONTRACT_1850 = McpControlContract( contract_id='stj.contador.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -47084,7 +113839,7 @@ CONTRACT_1005 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1006 = McpControlContract( +CONTRACT_1851 = McpControlContract( contract_id='stj.contador.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -47153,7 +113908,7 @@ CONTRACT_1006 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1007 = McpControlContract( +CONTRACT_1852 = McpControlContract( contract_id='stj.contador.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -47222,7 +113977,7 @@ CONTRACT_1007 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1008 = McpControlContract( +CONTRACT_1853 = McpControlContract( contract_id='stj.juridico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -47291,7 +114046,7 @@ CONTRACT_1008 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1009 = McpControlContract( +CONTRACT_1854 = McpControlContract( contract_id='stj.juridico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -47360,7 +114115,7 @@ CONTRACT_1009 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1010 = McpControlContract( +CONTRACT_1855 = McpControlContract( contract_id='stj.juridico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -47429,7 +114184,7 @@ CONTRACT_1010 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1011 = McpControlContract( +CONTRACT_1856 = McpControlContract( contract_id='stj.secretaria.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -47498,7 +114253,7 @@ CONTRACT_1011 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1012 = McpControlContract( +CONTRACT_1857 = McpControlContract( contract_id='stj.secretaria.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -47567,7 +114322,7 @@ CONTRACT_1012 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1013 = McpControlContract( +CONTRACT_1858 = McpControlContract( contract_id='stj.secretaria.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -47636,7 +114391,7 @@ CONTRACT_1013 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1014 = McpControlContract( +CONTRACT_1859 = McpControlContract( contract_id='stj.tecnico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -47705,7 +114460,7 @@ CONTRACT_1014 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1015 = McpControlContract( +CONTRACT_1860 = McpControlContract( contract_id='stj.tecnico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -47774,7 +114529,7 @@ CONTRACT_1015 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1016 = McpControlContract( +CONTRACT_1861 = McpControlContract( contract_id='stj.tecnico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -47843,7 +114598,7 @@ CONTRACT_1016 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1017 = McpControlContract( +CONTRACT_1862 = McpControlContract( contract_id='stj.usuario_final.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -47912,7 +114667,7 @@ CONTRACT_1017 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1018 = McpControlContract( +CONTRACT_1863 = McpControlContract( contract_id='stj.usuario_final.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -47981,7 +114736,7 @@ CONTRACT_1018 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1019 = McpControlContract( +CONTRACT_1864 = McpControlContract( contract_id='stj.usuario_final.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -48050,7 +114805,7 @@ CONTRACT_1019 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1020 = McpControlContract( +CONTRACT_1865 = McpControlContract( contract_id='stj.cliente_externo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -48119,7 +114874,7 @@ CONTRACT_1020 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1021 = McpControlContract( +CONTRACT_1866 = McpControlContract( contract_id='stj.cliente_externo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -48188,7 +114943,7 @@ CONTRACT_1021 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1022 = McpControlContract( +CONTRACT_1867 = McpControlContract( contract_id='stj.cliente_externo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -48257,7 +115012,7 @@ CONTRACT_1022 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1023 = McpControlContract( +CONTRACT_1868 = McpControlContract( contract_id='stj.planejamento_estrategico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -48326,7 +115081,7 @@ CONTRACT_1023 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1024 = McpControlContract( +CONTRACT_1869 = McpControlContract( contract_id='stj.planejamento_estrategico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -48395,7 +115150,7 @@ CONTRACT_1024 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1025 = McpControlContract( +CONTRACT_1870 = McpControlContract( contract_id='stj.planejamento_estrategico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='stj', @@ -48464,7 +115219,7 @@ CONTRACT_1025 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1026 = McpControlContract( +CONTRACT_1871 = McpControlContract( contract_id='ui.administrador_empresa.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='ui', @@ -48490,7 +115245,7 @@ CONTRACT_1026 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_1027 = McpControlContract( +CONTRACT_1872 = McpControlContract( contract_id='ui.ceo.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='ui', @@ -48516,7 +115271,7 @@ CONTRACT_1027 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_1028 = McpControlContract( +CONTRACT_1873 = McpControlContract( contract_id='ui.gestor_operacional.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='ui', @@ -48542,7 +115297,7 @@ CONTRACT_1028 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_1029 = McpControlContract( +CONTRACT_1874 = McpControlContract( contract_id='ui.suporte.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='ui', @@ -48568,7 +115323,7 @@ CONTRACT_1029 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_1030 = McpControlContract( +CONTRACT_1875 = McpControlContract( contract_id='ui.atendimento_cliente.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='ui', @@ -48594,7 +115349,7 @@ CONTRACT_1030 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_1031 = McpControlContract( +CONTRACT_1876 = McpControlContract( contract_id='ui.financeiro.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='ui', @@ -48620,7 +115375,7 @@ CONTRACT_1031 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_1032 = McpControlContract( +CONTRACT_1877 = McpControlContract( contract_id='ui.contador.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='ui', @@ -48646,7 +115401,7 @@ CONTRACT_1032 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_1033 = McpControlContract( +CONTRACT_1878 = McpControlContract( contract_id='ui.juridico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='ui', @@ -48672,7 +115427,7 @@ CONTRACT_1033 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_1034 = McpControlContract( +CONTRACT_1879 = McpControlContract( contract_id='ui.secretaria.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='ui', @@ -48698,7 +115453,7 @@ CONTRACT_1034 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_1035 = McpControlContract( +CONTRACT_1880 = McpControlContract( contract_id='ui.tecnico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='ui', @@ -48724,7 +115479,7 @@ CONTRACT_1035 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_1036 = McpControlContract( +CONTRACT_1881 = McpControlContract( contract_id='ui.usuario_final.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='ui', @@ -48750,7 +115505,7 @@ CONTRACT_1036 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_1037 = McpControlContract( +CONTRACT_1882 = McpControlContract( contract_id='ui.cliente_externo.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='ui', @@ -48776,7 +115531,7 @@ CONTRACT_1037 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_1038 = McpControlContract( +CONTRACT_1883 = McpControlContract( contract_id='ui.planejamento_estrategico.provider-tool', kind=McpContractKind.PROVIDER_TOOL, platform_id='ui', @@ -48802,7 +115557,7 @@ CONTRACT_1038 = McpControlContract( generated_from='platform_profile_provider_contract', ) -CONTRACT_1039 = McpControlContract( +CONTRACT_1884 = McpControlContract( contract_id='ui.administrador_empresa.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='ui', @@ -48828,7 +115583,7 @@ CONTRACT_1039 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_1040 = McpControlContract( +CONTRACT_1885 = McpControlContract( contract_id='ui.ceo.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='ui', @@ -48854,7 +115609,7 @@ CONTRACT_1040 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_1041 = McpControlContract( +CONTRACT_1886 = McpControlContract( contract_id='ui.gestor_operacional.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='ui', @@ -48880,7 +115635,7 @@ CONTRACT_1041 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_1042 = McpControlContract( +CONTRACT_1887 = McpControlContract( contract_id='ui.suporte.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='ui', @@ -48906,7 +115661,7 @@ CONTRACT_1042 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_1043 = McpControlContract( +CONTRACT_1888 = McpControlContract( contract_id='ui.atendimento_cliente.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='ui', @@ -48932,7 +115687,7 @@ CONTRACT_1043 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_1044 = McpControlContract( +CONTRACT_1889 = McpControlContract( contract_id='ui.financeiro.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='ui', @@ -48958,7 +115713,7 @@ CONTRACT_1044 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_1045 = McpControlContract( +CONTRACT_1890 = McpControlContract( contract_id='ui.contador.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='ui', @@ -48984,7 +115739,7 @@ CONTRACT_1045 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_1046 = McpControlContract( +CONTRACT_1891 = McpControlContract( contract_id='ui.juridico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='ui', @@ -49010,7 +115765,7 @@ CONTRACT_1046 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_1047 = McpControlContract( +CONTRACT_1892 = McpControlContract( contract_id='ui.secretaria.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='ui', @@ -49036,7 +115791,7 @@ CONTRACT_1047 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_1048 = McpControlContract( +CONTRACT_1893 = McpControlContract( contract_id='ui.tecnico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='ui', @@ -49062,7 +115817,7 @@ CONTRACT_1048 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_1049 = McpControlContract( +CONTRACT_1894 = McpControlContract( contract_id='ui.usuario_final.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='ui', @@ -49088,7 +115843,7 @@ CONTRACT_1049 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_1050 = McpControlContract( +CONTRACT_1895 = McpControlContract( contract_id='ui.cliente_externo.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='ui', @@ -49114,7 +115869,7 @@ CONTRACT_1050 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_1051 = McpControlContract( +CONTRACT_1896 = McpControlContract( contract_id='ui.planejamento_estrategico.report-model', kind=McpContractKind.REPORT_MODEL, platform_id='ui', @@ -49140,7 +115895,7 @@ CONTRACT_1051 = McpControlContract( generated_from='platform_profile_report_model_contract', ) -CONTRACT_1052 = McpControlContract( +CONTRACT_1897 = McpControlContract( contract_id='ui.design-system.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='ui', @@ -49166,7 +115921,7 @@ CONTRACT_1052 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_1053 = McpControlContract( +CONTRACT_1898 = McpControlContract( contract_id='ui.screen-contract.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='ui', @@ -49192,7 +115947,7 @@ CONTRACT_1053 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_1054 = McpControlContract( +CONTRACT_1899 = McpControlContract( contract_id='ui.pwa.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='ui', @@ -49218,7 +115973,7 @@ CONTRACT_1054 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_1055 = McpControlContract( +CONTRACT_1900 = McpControlContract( contract_id='ui.panelready.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='ui', @@ -49244,7 +115999,7 @@ CONTRACT_1055 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_1056 = McpControlContract( +CONTRACT_1901 = McpControlContract( contract_id='ui.samesource.ui-screen', kind=McpContractKind.UI_SCREEN, platform_id='ui', @@ -49270,7 +116025,7 @@ CONTRACT_1056 = McpControlContract( generated_from='platform_surface_ui_contract', ) -CONTRACT_1057 = McpControlContract( +CONTRACT_1902 = McpControlContract( contract_id='ui.consulta.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='ui', @@ -49296,7 +116051,7 @@ CONTRACT_1057 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_1058 = McpControlContract( +CONTRACT_1903 = McpControlContract( contract_id='ui.diagnostico.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='ui', @@ -49322,7 +116077,7 @@ CONTRACT_1058 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_1059 = McpControlContract( +CONTRACT_1904 = McpControlContract( contract_id='ui.acao.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='ui', @@ -49348,7 +116103,7 @@ CONTRACT_1059 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_1060 = McpControlContract( +CONTRACT_1905 = McpControlContract( contract_id='ui.auditoria.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='ui', @@ -49374,7 +116129,7 @@ CONTRACT_1060 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_1061 = McpControlContract( +CONTRACT_1906 = McpControlContract( contract_id='ui.explicacao.transit-policy', kind=McpContractKind.TRANSIT_POLICY, platform_id='ui', @@ -49400,7 +116155,5142 @@ CONTRACT_1061 = McpControlContract( generated_from='platform_transit_policy_contract', ) -CONTRACT_1062 = McpControlContract( +CONTRACT_1907 = McpControlContract( + contract_id='ui.administrador_empresa.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de UI Platform para Administrador da empresa', + purpose='Expor consulta de UI Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'administrador_empresaNeed', + 'consultaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.administrador_empresa.consulta', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para ui/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para ui/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1908 = McpControlContract( + contract_id='ui.administrador_empresa.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de UI Platform para Administrador da empresa', + purpose='Expor diagnostico de UI Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'administrador_empresaNeed', + 'diagnosticoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.administrador_empresa.diagnostico', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para ui/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para ui/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1909 = McpControlContract( + contract_id='ui.administrador_empresa.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de UI Platform para Administrador da empresa', + purpose='Expor acao de UI Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'administrador_empresaNeed', + 'acaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.administrador_empresa.acao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para ui/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para ui/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1910 = McpControlContract( + contract_id='ui.administrador_empresa.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de UI Platform para Administrador da empresa', + purpose='Expor auditoria de UI Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'administrador_empresaNeed', + 'auditoriaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.administrador_empresa.auditoria', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para ui/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para ui/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1911 = McpControlContract( + contract_id='ui.administrador_empresa.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='administrador_empresa', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de UI Platform para Administrador da empresa', + purpose='Expor explicacao de UI Platform para Administrador da empresa somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'administrador_empresaNeed', + 'explicacaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.administrador_empresa.explicacao', + audience=AudienceClass.ADMINISTRATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para ui/administrador_empresa exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para ui/administrador_empresa', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1912 = McpControlContract( + contract_id='ui.ceo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='ceo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de UI Platform para CEO', + purpose='Expor consulta de UI Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'ceoNeed', + 'consultaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.ceo.consulta', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para ui/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para ui/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1913 = McpControlContract( + contract_id='ui.ceo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='ceo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de UI Platform para CEO', + purpose='Expor diagnostico de UI Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'ceoNeed', + 'diagnosticoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.ceo.diagnostico', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para ui/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para ui/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1914 = McpControlContract( + contract_id='ui.ceo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='ceo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de UI Platform para CEO', + purpose='Expor acao de UI Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'ceoNeed', + 'acaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.ceo.acao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para ui/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para ui/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1915 = McpControlContract( + contract_id='ui.ceo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='ceo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de UI Platform para CEO', + purpose='Expor auditoria de UI Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'ceoNeed', + 'auditoriaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.ceo.auditoria', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para ui/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para ui/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1916 = McpControlContract( + contract_id='ui.ceo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='ceo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de UI Platform para CEO', + purpose='Expor explicacao de UI Platform para CEO somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'ceoNeed', + 'explicacaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.ceo.explicacao', + audience=AudienceClass.EXECUTIVE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para ui/ceo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para ui/ceo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1917 = McpControlContract( + contract_id='ui.gestor_operacional.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de UI Platform para Gestor operacional', + purpose='Expor consulta de UI Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'gestor_operacionalNeed', + 'consultaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.gestor_operacional.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para ui/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para ui/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1918 = McpControlContract( + contract_id='ui.gestor_operacional.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de UI Platform para Gestor operacional', + purpose='Expor diagnostico de UI Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'gestor_operacionalNeed', + 'diagnosticoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.gestor_operacional.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para ui/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para ui/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1919 = McpControlContract( + contract_id='ui.gestor_operacional.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de UI Platform para Gestor operacional', + purpose='Expor acao de UI Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'gestor_operacionalNeed', + 'acaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.gestor_operacional.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para ui/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para ui/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1920 = McpControlContract( + contract_id='ui.gestor_operacional.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de UI Platform para Gestor operacional', + purpose='Expor auditoria de UI Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'gestor_operacionalNeed', + 'auditoriaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.gestor_operacional.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para ui/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para ui/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1921 = McpControlContract( + contract_id='ui.gestor_operacional.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='gestor_operacional', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de UI Platform para Gestor operacional', + purpose='Expor explicacao de UI Platform para Gestor operacional somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'gestor_operacionalNeed', + 'explicacaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.gestor_operacional.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para ui/gestor_operacional exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para ui/gestor_operacional', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1922 = McpControlContract( + contract_id='ui.suporte.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='suporte', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de UI Platform para Equipe de suporte', + purpose='Expor consulta de UI Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'suporteNeed', + 'consultaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.suporte.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para ui/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para ui/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1923 = McpControlContract( + contract_id='ui.suporte.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='suporte', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de UI Platform para Equipe de suporte', + purpose='Expor diagnostico de UI Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'suporteNeed', + 'diagnosticoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.suporte.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para ui/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para ui/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1924 = McpControlContract( + contract_id='ui.suporte.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='suporte', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de UI Platform para Equipe de suporte', + purpose='Expor acao de UI Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'suporteNeed', + 'acaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.suporte.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para ui/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para ui/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1925 = McpControlContract( + contract_id='ui.suporte.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='suporte', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de UI Platform para Equipe de suporte', + purpose='Expor auditoria de UI Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'suporteNeed', + 'auditoriaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.suporte.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para ui/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para ui/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1926 = McpControlContract( + contract_id='ui.suporte.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='suporte', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de UI Platform para Equipe de suporte', + purpose='Expor explicacao de UI Platform para Equipe de suporte somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'suporteNeed', + 'explicacaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.suporte.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para ui/suporte exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para ui/suporte', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1927 = McpControlContract( + contract_id='ui.atendimento_cliente.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de UI Platform para Atendimento ao cliente', + purpose='Expor consulta de UI Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'atendimento_clienteNeed', + 'consultaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.atendimento_cliente.consulta', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para ui/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para ui/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1928 = McpControlContract( + contract_id='ui.atendimento_cliente.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de UI Platform para Atendimento ao cliente', + purpose='Expor diagnostico de UI Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'atendimento_clienteNeed', + 'diagnosticoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.atendimento_cliente.diagnostico', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para ui/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para ui/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1929 = McpControlContract( + contract_id='ui.atendimento_cliente.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de UI Platform para Atendimento ao cliente', + purpose='Expor acao de UI Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'atendimento_clienteNeed', + 'acaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.atendimento_cliente.acao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para ui/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para ui/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1930 = McpControlContract( + contract_id='ui.atendimento_cliente.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de UI Platform para Atendimento ao cliente', + purpose='Expor auditoria de UI Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'atendimento_clienteNeed', + 'auditoriaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.atendimento_cliente.auditoria', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para ui/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para ui/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1931 = McpControlContract( + contract_id='ui.atendimento_cliente.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='atendimento_cliente', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de UI Platform para Atendimento ao cliente', + purpose='Expor explicacao de UI Platform para Atendimento ao cliente somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'atendimento_clienteNeed', + 'explicacaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.atendimento_cliente.explicacao', + audience=AudienceClass.SUPPORT, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para ui/atendimento_cliente exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para ui/atendimento_cliente', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1932 = McpControlContract( + contract_id='ui.financeiro.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='financeiro', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de UI Platform para Financeiro', + purpose='Expor consulta de UI Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'financeiroNeed', + 'consultaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.financeiro.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para ui/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para ui/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1933 = McpControlContract( + contract_id='ui.financeiro.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='financeiro', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de UI Platform para Financeiro', + purpose='Expor diagnostico de UI Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'financeiroNeed', + 'diagnosticoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.financeiro.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para ui/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para ui/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1934 = McpControlContract( + contract_id='ui.financeiro.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='financeiro', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de UI Platform para Financeiro', + purpose='Expor acao de UI Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'financeiroNeed', + 'acaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.financeiro.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para ui/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para ui/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1935 = McpControlContract( + contract_id='ui.financeiro.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='financeiro', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de UI Platform para Financeiro', + purpose='Expor auditoria de UI Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'financeiroNeed', + 'auditoriaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.financeiro.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para ui/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para ui/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1936 = McpControlContract( + contract_id='ui.financeiro.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='financeiro', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de UI Platform para Financeiro', + purpose='Expor explicacao de UI Platform para Financeiro somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'financeiroNeed', + 'explicacaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.financeiro.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para ui/financeiro exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para ui/financeiro', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1937 = McpControlContract( + contract_id='ui.contador.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='contador', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de UI Platform para Contador', + purpose='Expor consulta de UI Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'contadorNeed', + 'consultaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.contador.consulta', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para ui/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para ui/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1938 = McpControlContract( + contract_id='ui.contador.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='contador', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de UI Platform para Contador', + purpose='Expor diagnostico de UI Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'contadorNeed', + 'diagnosticoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.contador.diagnostico', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para ui/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para ui/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1939 = McpControlContract( + contract_id='ui.contador.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='contador', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de UI Platform para Contador', + purpose='Expor acao de UI Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'contadorNeed', + 'acaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.contador.acao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para ui/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para ui/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1940 = McpControlContract( + contract_id='ui.contador.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='contador', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de UI Platform para Contador', + purpose='Expor auditoria de UI Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'contadorNeed', + 'auditoriaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.contador.auditoria', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para ui/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para ui/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1941 = McpControlContract( + contract_id='ui.contador.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='contador', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de UI Platform para Contador', + purpose='Expor explicacao de UI Platform para Contador somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'contadorNeed', + 'explicacaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.contador.explicacao', + audience=AudienceClass.FINANCE, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para ui/contador exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para ui/contador', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1942 = McpControlContract( + contract_id='ui.juridico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='juridico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de UI Platform para Juridico', + purpose='Expor consulta de UI Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'juridicoNeed', + 'consultaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.juridico.consulta', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para ui/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para ui/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1943 = McpControlContract( + contract_id='ui.juridico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='juridico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de UI Platform para Juridico', + purpose='Expor diagnostico de UI Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'juridicoNeed', + 'diagnosticoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.juridico.diagnostico', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para ui/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para ui/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1944 = McpControlContract( + contract_id='ui.juridico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='juridico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de UI Platform para Juridico', + purpose='Expor acao de UI Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'juridicoNeed', + 'acaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.juridico.acao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para ui/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para ui/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1945 = McpControlContract( + contract_id='ui.juridico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='juridico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de UI Platform para Juridico', + purpose='Expor auditoria de UI Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'juridicoNeed', + 'auditoriaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.juridico.auditoria', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para ui/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para ui/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1946 = McpControlContract( + contract_id='ui.juridico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='juridico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de UI Platform para Juridico', + purpose='Expor explicacao de UI Platform para Juridico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'juridicoNeed', + 'explicacaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.juridico.explicacao', + audience=AudienceClass.LEGAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para ui/juridico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para ui/juridico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1947 = McpControlContract( + contract_id='ui.secretaria.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='secretaria', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de UI Platform para Secretaria', + purpose='Expor consulta de UI Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'secretariaNeed', + 'consultaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.secretaria.consulta', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para ui/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para ui/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1948 = McpControlContract( + contract_id='ui.secretaria.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='secretaria', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de UI Platform para Secretaria', + purpose='Expor diagnostico de UI Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'secretariaNeed', + 'diagnosticoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.secretaria.diagnostico', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para ui/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para ui/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1949 = McpControlContract( + contract_id='ui.secretaria.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='secretaria', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de UI Platform para Secretaria', + purpose='Expor acao de UI Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'secretariaNeed', + 'acaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.secretaria.acao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para ui/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para ui/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1950 = McpControlContract( + contract_id='ui.secretaria.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='secretaria', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de UI Platform para Secretaria', + purpose='Expor auditoria de UI Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'secretariaNeed', + 'auditoriaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.secretaria.auditoria', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para ui/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para ui/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1951 = McpControlContract( + contract_id='ui.secretaria.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='secretaria', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de UI Platform para Secretaria', + purpose='Expor explicacao de UI Platform para Secretaria somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'secretariaNeed', + 'explicacaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.secretaria.explicacao', + audience=AudienceClass.OPERATOR, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para ui/secretaria exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para ui/secretaria', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1952 = McpControlContract( + contract_id='ui.tecnico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='tecnico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de UI Platform para Tecnico', + purpose='Expor consulta de UI Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'tecnicoNeed', + 'consultaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.tecnico.consulta', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para ui/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para ui/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1953 = McpControlContract( + contract_id='ui.tecnico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='tecnico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de UI Platform para Tecnico', + purpose='Expor diagnostico de UI Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'tecnicoNeed', + 'diagnosticoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.tecnico.diagnostico', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para ui/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para ui/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1954 = McpControlContract( + contract_id='ui.tecnico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='tecnico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de UI Platform para Tecnico', + purpose='Expor acao de UI Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'tecnicoNeed', + 'acaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.tecnico.acao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para ui/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para ui/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1955 = McpControlContract( + contract_id='ui.tecnico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='tecnico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de UI Platform para Tecnico', + purpose='Expor auditoria de UI Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'tecnicoNeed', + 'auditoriaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.tecnico.auditoria', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para ui/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para ui/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1956 = McpControlContract( + contract_id='ui.tecnico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='tecnico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de UI Platform para Tecnico', + purpose='Expor explicacao de UI Platform para Tecnico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'tecnicoNeed', + 'explicacaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.tecnico.explicacao', + audience=AudienceClass.TECHNICAL, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para ui/tecnico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para ui/tecnico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1957 = McpControlContract( + contract_id='ui.usuario_final.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='usuario_final', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de UI Platform para Usuario final', + purpose='Expor consulta de UI Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'usuario_finalNeed', + 'consultaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.usuario_final.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para ui/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para ui/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1958 = McpControlContract( + contract_id='ui.usuario_final.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='usuario_final', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de UI Platform para Usuario final', + purpose='Expor diagnostico de UI Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'usuario_finalNeed', + 'diagnosticoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.usuario_final.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para ui/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para ui/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1959 = McpControlContract( + contract_id='ui.usuario_final.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='usuario_final', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de UI Platform para Usuario final', + purpose='Expor acao de UI Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'usuario_finalNeed', + 'acaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.usuario_final.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para ui/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para ui/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1960 = McpControlContract( + contract_id='ui.usuario_final.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='usuario_final', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de UI Platform para Usuario final', + purpose='Expor auditoria de UI Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'usuario_finalNeed', + 'auditoriaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.usuario_final.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para ui/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para ui/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1961 = McpControlContract( + contract_id='ui.usuario_final.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='usuario_final', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de UI Platform para Usuario final', + purpose='Expor explicacao de UI Platform para Usuario final somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'usuario_finalNeed', + 'explicacaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.usuario_final.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para ui/usuario_final exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para ui/usuario_final', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1962 = McpControlContract( + contract_id='ui.cliente_externo.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='cliente_externo', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de UI Platform para Cliente externo', + purpose='Expor consulta de UI Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'cliente_externoNeed', + 'consultaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.cliente_externo.consulta', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para ui/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para ui/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1963 = McpControlContract( + contract_id='ui.cliente_externo.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='cliente_externo', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de UI Platform para Cliente externo', + purpose='Expor diagnostico de UI Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'cliente_externoNeed', + 'diagnosticoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.cliente_externo.diagnostico', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para ui/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para ui/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1964 = McpControlContract( + contract_id='ui.cliente_externo.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='cliente_externo', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de UI Platform para Cliente externo', + purpose='Expor acao de UI Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'cliente_externoNeed', + 'acaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.cliente_externo.acao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para ui/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para ui/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1965 = McpControlContract( + contract_id='ui.cliente_externo.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='cliente_externo', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de UI Platform para Cliente externo', + purpose='Expor auditoria de UI Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'cliente_externoNeed', + 'auditoriaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.cliente_externo.auditoria', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para ui/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para ui/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1966 = McpControlContract( + contract_id='ui.cliente_externo.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='cliente_externo', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de UI Platform para Cliente externo', + purpose='Expor explicacao de UI Platform para Cliente externo somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'cliente_externoNeed', + 'explicacaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.cliente_externo.explicacao', + audience=AudienceClass.CUSTOMER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para ui/cliente_externo exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para ui/cliente_externo', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1967 = McpControlContract( + contract_id='ui.planejamento_estrategico.consulta.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.consulta', + title='Rota administrativa consulta de UI Platform para Planejamento estrategico', + purpose='Expor consulta de UI Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'planejamento_estrategicoNeed', + 'consultaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'consultaRoute', + 'queryFamily', + 'mcp_admin_readonly', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.planejamento_estrategico.consulta', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa consulta para ui/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.readonly e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa consulta para ui/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'query', 'consulta', 'mcp.admin.readonly'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1968 = McpControlContract( + contract_id='ui.planejamento_estrategico.diagnostico.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.diagnostico', + title='Rota administrativa diagnostico de UI Platform para Planejamento estrategico', + purpose='Expor diagnostico de UI Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'planejamento_estrategicoNeed', + 'diagnosticoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'diagnosticoRoute', + 'diagnosticFamily', + 'mcp_admin_diagnostic', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.planejamento_estrategico.diagnostico', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa diagnostico para ui/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.diagnostic e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa diagnostico para ui/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'diagnostic', 'diagnostico', 'mcp.admin.diagnostic'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1969 = McpControlContract( + contract_id='ui.planejamento_estrategico.acao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.acao', + title='Rota administrativa acao de UI Platform para Planejamento estrategico', + purpose='Expor acao de UI Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'planejamento_estrategicoNeed', + 'acaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'acaoRoute', + 'actionFamily', + 'mcp_admin_action_request', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.planejamento_estrategico.acao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa acao para ui/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.action.request e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa acao para ui/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'action', 'acao', 'mcp.admin.action.request'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1970 = McpControlContract( + contract_id='ui.planejamento_estrategico.auditoria.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.auditoria', + title='Rota administrativa auditoria de UI Platform para Planejamento estrategico', + purpose='Expor auditoria de UI Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'planejamento_estrategicoNeed', + 'auditoriaState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'auditoriaRoute', + 'auditFamily', + 'mcp_admin_audit', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.planejamento_estrategico.auditoria', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa auditoria para ui/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.audit e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa auditoria para ui/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'audit', 'auditoria', 'mcp.admin.audit'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1971 = McpControlContract( + contract_id='ui.planejamento_estrategico.explicacao.administration-route', + kind=McpContractKind.ADMINISTRATION_ROUTE, + platform_id='ui', + profile_id='planejamento_estrategico', + tool_id='mais_humana.admin.explicacao', + title='Rota administrativa explicacao de UI Platform para Planejamento estrategico', + purpose='Expor explicacao de UI Platform para Planejamento estrategico somente pelo MCP control plane, com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto.', + source_endpoint=MCP_EXECUTE_ENDPOINT, + source_tool_id='mais_humana.mcp_transit.ledger', + required_transit_fields=MCP_TRANSIT_FIELDS, + required_payload_fields=( + 'origin', + 'destination', + 'tool', + 'payload', + 'actor', + 'permission', + 'result', + 'traceId', + 'auditId', + 'timestamp', + 'projectId', + 'platformId', + 'profileId', + 'surfaceId', + 'category', + 'sourceEndpoint', + 'sourceToolId', + 'sourcePayloadHash', + 'sourceRecordsHash', + 'truthState', + 'panelReady', + 'gptExplainable', + 'humanNextAction', + 'uiStatus', + 'planejamento_estrategicoNeed', + 'explicacaoState', + 'experienceGate', + 'adminRouteId', + 'adminRouteKind', + 'controlPlaneId', + 'ownerPlatformId', + 'targetPlatformId', + 'routeFamily', + 'permissionScope', + 'executionMode', + 'capabilityId', + 'capabilityVersion', + 'policyDecision', + 'policyReason', + 'inputSchemaHash', + 'outputSchemaHash', + 'operatorIntent', + 'approvalRequired', + 'dryRunSupported', + 'rollbackSupported', + 'humanExplanation', + 'auditRetentionPolicy', + 'mcpOnlyAdministration', + 'directPlatformBypassBlocked', + 'explicacaoRoute', + 'explanationFamily', + 'mcp_admin_explain', + ), + truth_state=TruthState.SAME_SOURCE_READY, + panel_ready=True, + gpt_explainable=True, + report_model_id='admin-route.ui.planejamento_estrategico.explicacao', + audience=AudienceClass.USER, + redaction_requirements=('bloquear valores cfat_ brutos em qualquer artefato humano', 'permitir apenas credentialRef, tokenRef ou secretRef opacos', 'mascarar Authorization Bearer antes de persistir evidencia', 'registrar sourcePayloadHash e sourceRecordsHash sem payload sensivel bruto', 'vincular redaction ao provider ui via MCP', 'bloquear administracao direta fora do MCPs Internos', 'persistir apenas hashes e referencias opacas de credencial'), + validation_steps=('executar rota administrativa explicacao para ui/planejamento_estrategico exclusivamente pelo MCPs Internos', 'confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp', 'validar permissionScope=mcp.admin.explain e bloquear bypass direto da plataforma', 'registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash', 'confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato', 'gerar humanExplanation para auditoria da IA administradora'), + pending_if_missing='homologar rota administrativa explicacao para ui/planejamento_estrategico', + order_ids=('0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo', '0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release', '0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional'), + policy_tags=('administration_route', 'mcp_only', 'explanation', 'explicacao', 'mcp.admin.explain'), + maturity_level=9, + generated_from='platform_profile_administration_route_contract', +) + +CONTRACT_1972 = McpControlContract( contract_id='ui.credentialref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='ui', @@ -49426,7 +121316,7 @@ CONTRACT_1062 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_1063 = McpControlContract( +CONTRACT_1973 = McpControlContract( contract_id='ui.tokenref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='ui', @@ -49452,7 +121342,7 @@ CONTRACT_1063 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_1064 = McpControlContract( +CONTRACT_1974 = McpControlContract( contract_id='ui.secretref.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='ui', @@ -49478,7 +121368,7 @@ CONTRACT_1064 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_1065 = McpControlContract( +CONTRACT_1975 = McpControlContract( contract_id='ui.cfat.redaction-policy', kind=McpContractKind.REDACTION_POLICY, platform_id='ui', @@ -49504,7 +121394,7 @@ CONTRACT_1065 = McpControlContract( generated_from='platform_redaction_policy_contract', ) -CONTRACT_1066 = McpControlContract( +CONTRACT_1976 = McpControlContract( contract_id='ui.administrador_empresa.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -49573,7 +121463,7 @@ CONTRACT_1066 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1067 = McpControlContract( +CONTRACT_1977 = McpControlContract( contract_id='ui.administrador_empresa.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -49642,7 +121532,7 @@ CONTRACT_1067 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1068 = McpControlContract( +CONTRACT_1978 = McpControlContract( contract_id='ui.administrador_empresa.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -49711,7 +121601,7 @@ CONTRACT_1068 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1069 = McpControlContract( +CONTRACT_1979 = McpControlContract( contract_id='ui.ceo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -49780,7 +121670,7 @@ CONTRACT_1069 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1070 = McpControlContract( +CONTRACT_1980 = McpControlContract( contract_id='ui.ceo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -49849,7 +121739,7 @@ CONTRACT_1070 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1071 = McpControlContract( +CONTRACT_1981 = McpControlContract( contract_id='ui.ceo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -49918,7 +121808,7 @@ CONTRACT_1071 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1072 = McpControlContract( +CONTRACT_1982 = McpControlContract( contract_id='ui.gestor_operacional.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -49987,7 +121877,7 @@ CONTRACT_1072 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1073 = McpControlContract( +CONTRACT_1983 = McpControlContract( contract_id='ui.gestor_operacional.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -50056,7 +121946,7 @@ CONTRACT_1073 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1074 = McpControlContract( +CONTRACT_1984 = McpControlContract( contract_id='ui.gestor_operacional.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -50125,7 +122015,7 @@ CONTRACT_1074 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1075 = McpControlContract( +CONTRACT_1985 = McpControlContract( contract_id='ui.suporte.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -50194,7 +122084,7 @@ CONTRACT_1075 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1076 = McpControlContract( +CONTRACT_1986 = McpControlContract( contract_id='ui.suporte.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -50263,7 +122153,7 @@ CONTRACT_1076 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1077 = McpControlContract( +CONTRACT_1987 = McpControlContract( contract_id='ui.suporte.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -50332,7 +122222,7 @@ CONTRACT_1077 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1078 = McpControlContract( +CONTRACT_1988 = McpControlContract( contract_id='ui.atendimento_cliente.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -50401,7 +122291,7 @@ CONTRACT_1078 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1079 = McpControlContract( +CONTRACT_1989 = McpControlContract( contract_id='ui.atendimento_cliente.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -50470,7 +122360,7 @@ CONTRACT_1079 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1080 = McpControlContract( +CONTRACT_1990 = McpControlContract( contract_id='ui.atendimento_cliente.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -50539,7 +122429,7 @@ CONTRACT_1080 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1081 = McpControlContract( +CONTRACT_1991 = McpControlContract( contract_id='ui.financeiro.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -50608,7 +122498,7 @@ CONTRACT_1081 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1082 = McpControlContract( +CONTRACT_1992 = McpControlContract( contract_id='ui.financeiro.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -50677,7 +122567,7 @@ CONTRACT_1082 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1083 = McpControlContract( +CONTRACT_1993 = McpControlContract( contract_id='ui.financeiro.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -50746,7 +122636,7 @@ CONTRACT_1083 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1084 = McpControlContract( +CONTRACT_1994 = McpControlContract( contract_id='ui.contador.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -50815,7 +122705,7 @@ CONTRACT_1084 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1085 = McpControlContract( +CONTRACT_1995 = McpControlContract( contract_id='ui.contador.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -50884,7 +122774,7 @@ CONTRACT_1085 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1086 = McpControlContract( +CONTRACT_1996 = McpControlContract( contract_id='ui.contador.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -50953,7 +122843,7 @@ CONTRACT_1086 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1087 = McpControlContract( +CONTRACT_1997 = McpControlContract( contract_id='ui.juridico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -51022,7 +122912,7 @@ CONTRACT_1087 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1088 = McpControlContract( +CONTRACT_1998 = McpControlContract( contract_id='ui.juridico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -51091,7 +122981,7 @@ CONTRACT_1088 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1089 = McpControlContract( +CONTRACT_1999 = McpControlContract( contract_id='ui.juridico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -51160,7 +123050,7 @@ CONTRACT_1089 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1090 = McpControlContract( +CONTRACT_2000 = McpControlContract( contract_id='ui.secretaria.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -51229,7 +123119,7 @@ CONTRACT_1090 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1091 = McpControlContract( +CONTRACT_2001 = McpControlContract( contract_id='ui.secretaria.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -51298,7 +123188,7 @@ CONTRACT_1091 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1092 = McpControlContract( +CONTRACT_2002 = McpControlContract( contract_id='ui.secretaria.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -51367,7 +123257,7 @@ CONTRACT_1092 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1093 = McpControlContract( +CONTRACT_2003 = McpControlContract( contract_id='ui.tecnico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -51436,7 +123326,7 @@ CONTRACT_1093 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1094 = McpControlContract( +CONTRACT_2004 = McpControlContract( contract_id='ui.tecnico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -51505,7 +123395,7 @@ CONTRACT_1094 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1095 = McpControlContract( +CONTRACT_2005 = McpControlContract( contract_id='ui.tecnico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -51574,7 +123464,7 @@ CONTRACT_1095 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1096 = McpControlContract( +CONTRACT_2006 = McpControlContract( contract_id='ui.usuario_final.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -51643,7 +123533,7 @@ CONTRACT_1096 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1097 = McpControlContract( +CONTRACT_2007 = McpControlContract( contract_id='ui.usuario_final.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -51712,7 +123602,7 @@ CONTRACT_1097 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1098 = McpControlContract( +CONTRACT_2008 = McpControlContract( contract_id='ui.usuario_final.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -51781,7 +123671,7 @@ CONTRACT_1098 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1099 = McpControlContract( +CONTRACT_2009 = McpControlContract( contract_id='ui.cliente_externo.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -51850,7 +123740,7 @@ CONTRACT_1099 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1100 = McpControlContract( +CONTRACT_2010 = McpControlContract( contract_id='ui.cliente_externo.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -51919,7 +123809,7 @@ CONTRACT_1100 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1101 = McpControlContract( +CONTRACT_2011 = McpControlContract( contract_id='ui.cliente_externo.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -51988,7 +123878,7 @@ CONTRACT_1101 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1102 = McpControlContract( +CONTRACT_2012 = McpControlContract( contract_id='ui.planejamento_estrategico.gpt-execute-probe.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -52057,7 +123947,7 @@ CONTRACT_1102 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1103 = McpControlContract( +CONTRACT_2013 = McpControlContract( contract_id='ui.planejamento_estrategico.admin-ui-render.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -52126,7 +124016,7 @@ CONTRACT_1103 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1104 = McpControlContract( +CONTRACT_2014 = McpControlContract( contract_id='ui.planejamento_estrategico.automation-smoke.access-policy', kind=McpContractKind.ACCESS_POLICY, platform_id='ui', @@ -52195,7 +124085,7 @@ CONTRACT_1104 = McpControlContract( generated_from='platform_profile_access_policy_contract', ) -CONTRACT_1105 = McpControlContract( +CONTRACT_2015 = McpControlContract( contract_id='docs.formal-exception.docs-catalogonly', kind=McpContractKind.DOCS_EXCEPTION, platform_id='docs', @@ -52221,7 +124111,7 @@ CONTRACT_1105 = McpControlContract( generated_from='special_governance_contract', ) -CONTRACT_1106 = McpControlContract( +CONTRACT_2016 = McpControlContract( contract_id='mais-humana.canonical-rename.platform', kind=McpContractKind.CANONICAL_RENAME, platform_id='mais_humana', @@ -53354,6 +125244,916 @@ CONTRACTS = ( CONTRACT_1104, CONTRACT_1105, CONTRACT_1106, + CONTRACT_1107, + CONTRACT_1108, + CONTRACT_1109, + CONTRACT_1110, + CONTRACT_1111, + CONTRACT_1112, + CONTRACT_1113, + CONTRACT_1114, + CONTRACT_1115, + CONTRACT_1116, + CONTRACT_1117, + CONTRACT_1118, + CONTRACT_1119, + CONTRACT_1120, + CONTRACT_1121, + CONTRACT_1122, + CONTRACT_1123, + CONTRACT_1124, + CONTRACT_1125, + CONTRACT_1126, + CONTRACT_1127, + CONTRACT_1128, + CONTRACT_1129, + CONTRACT_1130, + CONTRACT_1131, + CONTRACT_1132, + CONTRACT_1133, + CONTRACT_1134, + CONTRACT_1135, + CONTRACT_1136, + CONTRACT_1137, + CONTRACT_1138, + CONTRACT_1139, + CONTRACT_1140, + CONTRACT_1141, + CONTRACT_1142, + CONTRACT_1143, + CONTRACT_1144, + CONTRACT_1145, + CONTRACT_1146, + CONTRACT_1147, + CONTRACT_1148, + CONTRACT_1149, + CONTRACT_1150, + CONTRACT_1151, + CONTRACT_1152, + CONTRACT_1153, + CONTRACT_1154, + CONTRACT_1155, + CONTRACT_1156, + CONTRACT_1157, + CONTRACT_1158, + CONTRACT_1159, + CONTRACT_1160, + CONTRACT_1161, + CONTRACT_1162, + CONTRACT_1163, + CONTRACT_1164, + CONTRACT_1165, + CONTRACT_1166, + CONTRACT_1167, + CONTRACT_1168, + CONTRACT_1169, + CONTRACT_1170, + CONTRACT_1171, + CONTRACT_1172, + CONTRACT_1173, + CONTRACT_1174, + CONTRACT_1175, + CONTRACT_1176, + CONTRACT_1177, + CONTRACT_1178, + CONTRACT_1179, + CONTRACT_1180, + CONTRACT_1181, + CONTRACT_1182, + CONTRACT_1183, + CONTRACT_1184, + CONTRACT_1185, + CONTRACT_1186, + CONTRACT_1187, + CONTRACT_1188, + CONTRACT_1189, + CONTRACT_1190, + CONTRACT_1191, + CONTRACT_1192, + CONTRACT_1193, + CONTRACT_1194, + CONTRACT_1195, + CONTRACT_1196, + CONTRACT_1197, + CONTRACT_1198, + CONTRACT_1199, + CONTRACT_1200, + CONTRACT_1201, + CONTRACT_1202, + CONTRACT_1203, + CONTRACT_1204, + CONTRACT_1205, + CONTRACT_1206, + CONTRACT_1207, + CONTRACT_1208, + CONTRACT_1209, + CONTRACT_1210, + CONTRACT_1211, + CONTRACT_1212, + CONTRACT_1213, + CONTRACT_1214, + CONTRACT_1215, + CONTRACT_1216, + CONTRACT_1217, + CONTRACT_1218, + CONTRACT_1219, + CONTRACT_1220, + CONTRACT_1221, + CONTRACT_1222, + CONTRACT_1223, + CONTRACT_1224, + CONTRACT_1225, + CONTRACT_1226, + CONTRACT_1227, + CONTRACT_1228, + CONTRACT_1229, + CONTRACT_1230, + CONTRACT_1231, + CONTRACT_1232, + CONTRACT_1233, + CONTRACT_1234, + CONTRACT_1235, + CONTRACT_1236, + CONTRACT_1237, + CONTRACT_1238, + CONTRACT_1239, + CONTRACT_1240, + CONTRACT_1241, + CONTRACT_1242, + CONTRACT_1243, + CONTRACT_1244, + CONTRACT_1245, + CONTRACT_1246, + CONTRACT_1247, + CONTRACT_1248, + CONTRACT_1249, + CONTRACT_1250, + CONTRACT_1251, + CONTRACT_1252, + CONTRACT_1253, + CONTRACT_1254, + CONTRACT_1255, + CONTRACT_1256, + CONTRACT_1257, + CONTRACT_1258, + CONTRACT_1259, + CONTRACT_1260, + CONTRACT_1261, + CONTRACT_1262, + CONTRACT_1263, + CONTRACT_1264, + CONTRACT_1265, + CONTRACT_1266, + CONTRACT_1267, + CONTRACT_1268, + CONTRACT_1269, + CONTRACT_1270, + CONTRACT_1271, + CONTRACT_1272, + CONTRACT_1273, + CONTRACT_1274, + CONTRACT_1275, + CONTRACT_1276, + CONTRACT_1277, + CONTRACT_1278, + CONTRACT_1279, + CONTRACT_1280, + CONTRACT_1281, + CONTRACT_1282, + CONTRACT_1283, + CONTRACT_1284, + CONTRACT_1285, + CONTRACT_1286, + CONTRACT_1287, + CONTRACT_1288, + CONTRACT_1289, + CONTRACT_1290, + CONTRACT_1291, + CONTRACT_1292, + CONTRACT_1293, + CONTRACT_1294, + CONTRACT_1295, + CONTRACT_1296, + CONTRACT_1297, + CONTRACT_1298, + CONTRACT_1299, + CONTRACT_1300, + CONTRACT_1301, + CONTRACT_1302, + CONTRACT_1303, + CONTRACT_1304, + CONTRACT_1305, + CONTRACT_1306, + CONTRACT_1307, + CONTRACT_1308, + CONTRACT_1309, + CONTRACT_1310, + CONTRACT_1311, + CONTRACT_1312, + CONTRACT_1313, + CONTRACT_1314, + CONTRACT_1315, + CONTRACT_1316, + CONTRACT_1317, + CONTRACT_1318, + CONTRACT_1319, + CONTRACT_1320, + CONTRACT_1321, + CONTRACT_1322, + CONTRACT_1323, + CONTRACT_1324, + CONTRACT_1325, + CONTRACT_1326, + CONTRACT_1327, + CONTRACT_1328, + CONTRACT_1329, + CONTRACT_1330, + CONTRACT_1331, + CONTRACT_1332, + CONTRACT_1333, + CONTRACT_1334, + CONTRACT_1335, + CONTRACT_1336, + CONTRACT_1337, + CONTRACT_1338, + CONTRACT_1339, + CONTRACT_1340, + CONTRACT_1341, + CONTRACT_1342, + CONTRACT_1343, + CONTRACT_1344, + CONTRACT_1345, + CONTRACT_1346, + CONTRACT_1347, + CONTRACT_1348, + CONTRACT_1349, + CONTRACT_1350, + CONTRACT_1351, + CONTRACT_1352, + CONTRACT_1353, + CONTRACT_1354, + CONTRACT_1355, + CONTRACT_1356, + CONTRACT_1357, + CONTRACT_1358, + CONTRACT_1359, + CONTRACT_1360, + CONTRACT_1361, + CONTRACT_1362, + CONTRACT_1363, + CONTRACT_1364, + CONTRACT_1365, + CONTRACT_1366, + CONTRACT_1367, + CONTRACT_1368, + CONTRACT_1369, + CONTRACT_1370, + CONTRACT_1371, + CONTRACT_1372, + CONTRACT_1373, + CONTRACT_1374, + CONTRACT_1375, + CONTRACT_1376, + CONTRACT_1377, + CONTRACT_1378, + CONTRACT_1379, + CONTRACT_1380, + CONTRACT_1381, + CONTRACT_1382, + CONTRACT_1383, + CONTRACT_1384, + CONTRACT_1385, + CONTRACT_1386, + CONTRACT_1387, + CONTRACT_1388, + CONTRACT_1389, + CONTRACT_1390, + CONTRACT_1391, + CONTRACT_1392, + CONTRACT_1393, + CONTRACT_1394, + CONTRACT_1395, + CONTRACT_1396, + CONTRACT_1397, + CONTRACT_1398, + CONTRACT_1399, + CONTRACT_1400, + CONTRACT_1401, + CONTRACT_1402, + CONTRACT_1403, + CONTRACT_1404, + CONTRACT_1405, + CONTRACT_1406, + CONTRACT_1407, + CONTRACT_1408, + CONTRACT_1409, + CONTRACT_1410, + CONTRACT_1411, + CONTRACT_1412, + CONTRACT_1413, + CONTRACT_1414, + CONTRACT_1415, + CONTRACT_1416, + CONTRACT_1417, + CONTRACT_1418, + CONTRACT_1419, + CONTRACT_1420, + CONTRACT_1421, + CONTRACT_1422, + CONTRACT_1423, + CONTRACT_1424, + CONTRACT_1425, + CONTRACT_1426, + CONTRACT_1427, + CONTRACT_1428, + CONTRACT_1429, + CONTRACT_1430, + CONTRACT_1431, + CONTRACT_1432, + CONTRACT_1433, + CONTRACT_1434, + CONTRACT_1435, + CONTRACT_1436, + CONTRACT_1437, + CONTRACT_1438, + CONTRACT_1439, + CONTRACT_1440, + CONTRACT_1441, + CONTRACT_1442, + CONTRACT_1443, + CONTRACT_1444, + CONTRACT_1445, + CONTRACT_1446, + CONTRACT_1447, + CONTRACT_1448, + CONTRACT_1449, + CONTRACT_1450, + CONTRACT_1451, + CONTRACT_1452, + CONTRACT_1453, + CONTRACT_1454, + CONTRACT_1455, + CONTRACT_1456, + CONTRACT_1457, + CONTRACT_1458, + CONTRACT_1459, + CONTRACT_1460, + CONTRACT_1461, + CONTRACT_1462, + CONTRACT_1463, + CONTRACT_1464, + CONTRACT_1465, + CONTRACT_1466, + CONTRACT_1467, + CONTRACT_1468, + CONTRACT_1469, + CONTRACT_1470, + CONTRACT_1471, + CONTRACT_1472, + CONTRACT_1473, + CONTRACT_1474, + CONTRACT_1475, + CONTRACT_1476, + CONTRACT_1477, + CONTRACT_1478, + CONTRACT_1479, + CONTRACT_1480, + CONTRACT_1481, + CONTRACT_1482, + CONTRACT_1483, + CONTRACT_1484, + CONTRACT_1485, + CONTRACT_1486, + CONTRACT_1487, + CONTRACT_1488, + CONTRACT_1489, + CONTRACT_1490, + CONTRACT_1491, + CONTRACT_1492, + CONTRACT_1493, + CONTRACT_1494, + CONTRACT_1495, + CONTRACT_1496, + CONTRACT_1497, + CONTRACT_1498, + CONTRACT_1499, + CONTRACT_1500, + CONTRACT_1501, + CONTRACT_1502, + CONTRACT_1503, + CONTRACT_1504, + CONTRACT_1505, + CONTRACT_1506, + CONTRACT_1507, + CONTRACT_1508, + CONTRACT_1509, + CONTRACT_1510, + CONTRACT_1511, + CONTRACT_1512, + CONTRACT_1513, + CONTRACT_1514, + CONTRACT_1515, + CONTRACT_1516, + CONTRACT_1517, + CONTRACT_1518, + CONTRACT_1519, + CONTRACT_1520, + CONTRACT_1521, + CONTRACT_1522, + CONTRACT_1523, + CONTRACT_1524, + CONTRACT_1525, + CONTRACT_1526, + CONTRACT_1527, + CONTRACT_1528, + CONTRACT_1529, + CONTRACT_1530, + CONTRACT_1531, + CONTRACT_1532, + CONTRACT_1533, + CONTRACT_1534, + CONTRACT_1535, + CONTRACT_1536, + CONTRACT_1537, + CONTRACT_1538, + CONTRACT_1539, + CONTRACT_1540, + CONTRACT_1541, + CONTRACT_1542, + CONTRACT_1543, + CONTRACT_1544, + CONTRACT_1545, + CONTRACT_1546, + CONTRACT_1547, + CONTRACT_1548, + CONTRACT_1549, + CONTRACT_1550, + CONTRACT_1551, + CONTRACT_1552, + CONTRACT_1553, + CONTRACT_1554, + CONTRACT_1555, + CONTRACT_1556, + CONTRACT_1557, + CONTRACT_1558, + CONTRACT_1559, + CONTRACT_1560, + CONTRACT_1561, + CONTRACT_1562, + CONTRACT_1563, + CONTRACT_1564, + CONTRACT_1565, + CONTRACT_1566, + CONTRACT_1567, + CONTRACT_1568, + CONTRACT_1569, + CONTRACT_1570, + CONTRACT_1571, + CONTRACT_1572, + CONTRACT_1573, + CONTRACT_1574, + CONTRACT_1575, + CONTRACT_1576, + CONTRACT_1577, + CONTRACT_1578, + CONTRACT_1579, + CONTRACT_1580, + CONTRACT_1581, + CONTRACT_1582, + CONTRACT_1583, + CONTRACT_1584, + CONTRACT_1585, + CONTRACT_1586, + CONTRACT_1587, + CONTRACT_1588, + CONTRACT_1589, + CONTRACT_1590, + CONTRACT_1591, + CONTRACT_1592, + CONTRACT_1593, + CONTRACT_1594, + CONTRACT_1595, + CONTRACT_1596, + CONTRACT_1597, + CONTRACT_1598, + CONTRACT_1599, + CONTRACT_1600, + CONTRACT_1601, + CONTRACT_1602, + CONTRACT_1603, + CONTRACT_1604, + CONTRACT_1605, + CONTRACT_1606, + CONTRACT_1607, + CONTRACT_1608, + CONTRACT_1609, + CONTRACT_1610, + CONTRACT_1611, + CONTRACT_1612, + CONTRACT_1613, + CONTRACT_1614, + CONTRACT_1615, + CONTRACT_1616, + CONTRACT_1617, + CONTRACT_1618, + CONTRACT_1619, + CONTRACT_1620, + CONTRACT_1621, + CONTRACT_1622, + CONTRACT_1623, + CONTRACT_1624, + CONTRACT_1625, + CONTRACT_1626, + CONTRACT_1627, + CONTRACT_1628, + CONTRACT_1629, + CONTRACT_1630, + CONTRACT_1631, + CONTRACT_1632, + CONTRACT_1633, + CONTRACT_1634, + CONTRACT_1635, + CONTRACT_1636, + CONTRACT_1637, + CONTRACT_1638, + CONTRACT_1639, + CONTRACT_1640, + CONTRACT_1641, + CONTRACT_1642, + CONTRACT_1643, + CONTRACT_1644, + CONTRACT_1645, + CONTRACT_1646, + CONTRACT_1647, + CONTRACT_1648, + CONTRACT_1649, + CONTRACT_1650, + CONTRACT_1651, + CONTRACT_1652, + CONTRACT_1653, + CONTRACT_1654, + CONTRACT_1655, + CONTRACT_1656, + CONTRACT_1657, + CONTRACT_1658, + CONTRACT_1659, + CONTRACT_1660, + CONTRACT_1661, + CONTRACT_1662, + CONTRACT_1663, + CONTRACT_1664, + CONTRACT_1665, + CONTRACT_1666, + CONTRACT_1667, + CONTRACT_1668, + CONTRACT_1669, + CONTRACT_1670, + CONTRACT_1671, + CONTRACT_1672, + CONTRACT_1673, + CONTRACT_1674, + CONTRACT_1675, + CONTRACT_1676, + CONTRACT_1677, + CONTRACT_1678, + CONTRACT_1679, + CONTRACT_1680, + CONTRACT_1681, + CONTRACT_1682, + CONTRACT_1683, + CONTRACT_1684, + CONTRACT_1685, + CONTRACT_1686, + CONTRACT_1687, + CONTRACT_1688, + CONTRACT_1689, + CONTRACT_1690, + CONTRACT_1691, + CONTRACT_1692, + CONTRACT_1693, + CONTRACT_1694, + CONTRACT_1695, + CONTRACT_1696, + CONTRACT_1697, + CONTRACT_1698, + CONTRACT_1699, + CONTRACT_1700, + CONTRACT_1701, + CONTRACT_1702, + CONTRACT_1703, + CONTRACT_1704, + CONTRACT_1705, + CONTRACT_1706, + CONTRACT_1707, + CONTRACT_1708, + CONTRACT_1709, + CONTRACT_1710, + CONTRACT_1711, + CONTRACT_1712, + CONTRACT_1713, + CONTRACT_1714, + CONTRACT_1715, + CONTRACT_1716, + CONTRACT_1717, + CONTRACT_1718, + CONTRACT_1719, + CONTRACT_1720, + CONTRACT_1721, + CONTRACT_1722, + CONTRACT_1723, + CONTRACT_1724, + CONTRACT_1725, + CONTRACT_1726, + CONTRACT_1727, + CONTRACT_1728, + CONTRACT_1729, + CONTRACT_1730, + CONTRACT_1731, + CONTRACT_1732, + CONTRACT_1733, + CONTRACT_1734, + CONTRACT_1735, + CONTRACT_1736, + CONTRACT_1737, + CONTRACT_1738, + CONTRACT_1739, + CONTRACT_1740, + CONTRACT_1741, + CONTRACT_1742, + CONTRACT_1743, + CONTRACT_1744, + CONTRACT_1745, + CONTRACT_1746, + CONTRACT_1747, + CONTRACT_1748, + CONTRACT_1749, + CONTRACT_1750, + CONTRACT_1751, + CONTRACT_1752, + CONTRACT_1753, + CONTRACT_1754, + CONTRACT_1755, + CONTRACT_1756, + CONTRACT_1757, + CONTRACT_1758, + CONTRACT_1759, + CONTRACT_1760, + CONTRACT_1761, + CONTRACT_1762, + CONTRACT_1763, + CONTRACT_1764, + CONTRACT_1765, + CONTRACT_1766, + CONTRACT_1767, + CONTRACT_1768, + CONTRACT_1769, + CONTRACT_1770, + CONTRACT_1771, + CONTRACT_1772, + CONTRACT_1773, + CONTRACT_1774, + CONTRACT_1775, + CONTRACT_1776, + CONTRACT_1777, + CONTRACT_1778, + CONTRACT_1779, + CONTRACT_1780, + CONTRACT_1781, + CONTRACT_1782, + CONTRACT_1783, + CONTRACT_1784, + CONTRACT_1785, + CONTRACT_1786, + CONTRACT_1787, + CONTRACT_1788, + CONTRACT_1789, + CONTRACT_1790, + CONTRACT_1791, + CONTRACT_1792, + CONTRACT_1793, + CONTRACT_1794, + CONTRACT_1795, + CONTRACT_1796, + CONTRACT_1797, + CONTRACT_1798, + CONTRACT_1799, + CONTRACT_1800, + CONTRACT_1801, + CONTRACT_1802, + CONTRACT_1803, + CONTRACT_1804, + CONTRACT_1805, + CONTRACT_1806, + CONTRACT_1807, + CONTRACT_1808, + CONTRACT_1809, + CONTRACT_1810, + CONTRACT_1811, + CONTRACT_1812, + CONTRACT_1813, + CONTRACT_1814, + CONTRACT_1815, + CONTRACT_1816, + CONTRACT_1817, + CONTRACT_1818, + CONTRACT_1819, + CONTRACT_1820, + CONTRACT_1821, + CONTRACT_1822, + CONTRACT_1823, + CONTRACT_1824, + CONTRACT_1825, + CONTRACT_1826, + CONTRACT_1827, + CONTRACT_1828, + CONTRACT_1829, + CONTRACT_1830, + CONTRACT_1831, + CONTRACT_1832, + CONTRACT_1833, + CONTRACT_1834, + CONTRACT_1835, + CONTRACT_1836, + CONTRACT_1837, + CONTRACT_1838, + CONTRACT_1839, + CONTRACT_1840, + CONTRACT_1841, + CONTRACT_1842, + CONTRACT_1843, + CONTRACT_1844, + CONTRACT_1845, + CONTRACT_1846, + CONTRACT_1847, + CONTRACT_1848, + CONTRACT_1849, + CONTRACT_1850, + CONTRACT_1851, + CONTRACT_1852, + CONTRACT_1853, + CONTRACT_1854, + CONTRACT_1855, + CONTRACT_1856, + CONTRACT_1857, + CONTRACT_1858, + CONTRACT_1859, + CONTRACT_1860, + CONTRACT_1861, + CONTRACT_1862, + CONTRACT_1863, + CONTRACT_1864, + CONTRACT_1865, + CONTRACT_1866, + CONTRACT_1867, + CONTRACT_1868, + CONTRACT_1869, + CONTRACT_1870, + CONTRACT_1871, + CONTRACT_1872, + CONTRACT_1873, + CONTRACT_1874, + CONTRACT_1875, + CONTRACT_1876, + CONTRACT_1877, + CONTRACT_1878, + CONTRACT_1879, + CONTRACT_1880, + CONTRACT_1881, + CONTRACT_1882, + CONTRACT_1883, + CONTRACT_1884, + CONTRACT_1885, + CONTRACT_1886, + CONTRACT_1887, + CONTRACT_1888, + CONTRACT_1889, + CONTRACT_1890, + CONTRACT_1891, + CONTRACT_1892, + CONTRACT_1893, + CONTRACT_1894, + CONTRACT_1895, + CONTRACT_1896, + CONTRACT_1897, + CONTRACT_1898, + CONTRACT_1899, + CONTRACT_1900, + CONTRACT_1901, + CONTRACT_1902, + CONTRACT_1903, + CONTRACT_1904, + CONTRACT_1905, + CONTRACT_1906, + CONTRACT_1907, + CONTRACT_1908, + CONTRACT_1909, + CONTRACT_1910, + CONTRACT_1911, + CONTRACT_1912, + CONTRACT_1913, + CONTRACT_1914, + CONTRACT_1915, + CONTRACT_1916, + CONTRACT_1917, + CONTRACT_1918, + CONTRACT_1919, + CONTRACT_1920, + CONTRACT_1921, + CONTRACT_1922, + CONTRACT_1923, + CONTRACT_1924, + CONTRACT_1925, + CONTRACT_1926, + CONTRACT_1927, + CONTRACT_1928, + CONTRACT_1929, + CONTRACT_1930, + CONTRACT_1931, + CONTRACT_1932, + CONTRACT_1933, + CONTRACT_1934, + CONTRACT_1935, + CONTRACT_1936, + CONTRACT_1937, + CONTRACT_1938, + CONTRACT_1939, + CONTRACT_1940, + CONTRACT_1941, + CONTRACT_1942, + CONTRACT_1943, + CONTRACT_1944, + CONTRACT_1945, + CONTRACT_1946, + CONTRACT_1947, + CONTRACT_1948, + CONTRACT_1949, + CONTRACT_1950, + CONTRACT_1951, + CONTRACT_1952, + CONTRACT_1953, + CONTRACT_1954, + CONTRACT_1955, + CONTRACT_1956, + CONTRACT_1957, + CONTRACT_1958, + CONTRACT_1959, + CONTRACT_1960, + CONTRACT_1961, + CONTRACT_1962, + CONTRACT_1963, + CONTRACT_1964, + CONTRACT_1965, + CONTRACT_1966, + CONTRACT_1967, + CONTRACT_1968, + CONTRACT_1969, + CONTRACT_1970, + CONTRACT_1971, + CONTRACT_1972, + CONTRACT_1973, + CONTRACT_1974, + CONTRACT_1975, + CONTRACT_1976, + CONTRACT_1977, + CONTRACT_1978, + CONTRACT_1979, + CONTRACT_1980, + CONTRACT_1981, + CONTRACT_1982, + CONTRACT_1983, + CONTRACT_1984, + CONTRACT_1985, + CONTRACT_1986, + CONTRACT_1987, + CONTRACT_1988, + CONTRACT_1989, + CONTRACT_1990, + CONTRACT_1991, + CONTRACT_1992, + CONTRACT_1993, + CONTRACT_1994, + CONTRACT_1995, + CONTRACT_1996, + CONTRACT_1997, + CONTRACT_1998, + CONTRACT_1999, + CONTRACT_2000, + CONTRACT_2001, + CONTRACT_2002, + CONTRACT_2003, + CONTRACT_2004, + CONTRACT_2005, + CONTRACT_2006, + CONTRACT_2007, + CONTRACT_2008, + CONTRACT_2009, + CONTRACT_2010, + CONTRACT_2011, + CONTRACT_2012, + CONTRACT_2013, + CONTRACT_2014, + CONTRACT_2015, + CONTRACT_2016, ) __all__ = [ diff --git a/src/mais_humana/mcp_contract.py b/src/mais_humana/mcp_contract.py index 4514df9..ea8b577 100644 --- a/src/mais_humana/mcp_contract.py +++ b/src/mais_humana/mcp_contract.py @@ -46,6 +46,7 @@ class McpContractKind(str, Enum): UI_SCREEN = "ui_screen" REPORT_MODEL = "report_model" TRANSIT_POLICY = "transit_policy" + ADMINISTRATION_ROUTE = "administration_route" REDACTION_POLICY = "redaction_policy" ACCESS_POLICY = "access_policy" DOCS_EXCEPTION = "docs_exception" @@ -309,6 +310,56 @@ def contracts_for_profile(profile_id: str) -> tuple[McpControlContract, ...]: return tuple(contract for contract in iter_contracts() if contract.profile_id == profile_id) +def administration_route_contracts( + *, + platform_id: str | None = None, + profile_id: str | None = None, +) -> tuple[McpControlContract, ...]: + """Return MCP-only administration route contracts, optionally filtered.""" + + contracts = contracts_for_kind(McpContractKind.ADMINISTRATION_ROUTE) + if platform_id is not None: + contracts = tuple(contract for contract in contracts if contract.platform_id == platform_id) + if profile_id is not None: + contracts = tuple(contract for contract in contracts if contract.profile_id == profile_id) + return contracts + + +def administration_route_readiness_payload( + *, + platform_id: str | None = None, + profile_id: str | None = None, +) -> dict[str, Any]: + """Build a compact readiness payload for MCP administration coverage.""" + + contracts = administration_route_contracts(platform_id=platform_id, profile_id=profile_id) + operation_counts: dict[str, int] = {} + platform_counts: dict[str, int] = {} + profile_counts: dict[str, int] = {} + blocked: list[str] = [] + for contract in contracts: + operation = contract.contract_id.split(".")[-2] if contract.contract_id.count(".") >= 2 else contract.contract_id + operation_counts[operation] = operation_counts.get(operation, 0) + 1 + platform_counts[contract.platform_id] = platform_counts.get(contract.platform_id, 0) + 1 + profile_counts[contract.profile_id] = profile_counts.get(contract.profile_id, 0) + 1 + if not contract.same_source_ready: + blocked.append(contract.contract_id) + return { + "providerId": PROVIDER_ID, + "controlPlaneId": MCP_CONTROL_PLANE_ID, + "kind": McpContractKind.ADMINISTRATION_ROUTE.value, + "contractsCount": len(contracts), + "platformsCount": len(platform_counts), + "profilesCount": len(profile_counts), + "operations": dict(sorted(operation_counts.items())), + "platforms": dict(sorted(platform_counts.items())), + "profiles": dict(sorted(profile_counts.items())), + "allRoutesSameSourceReady": not blocked and bool(contracts), + "blockedRoutes": blocked[:40], + "evidenceId": f"evidence-{stable_hash({'adminRoutes': [contract.source_records_hash for contract in contracts]})[:24]}", + } + + def _rulebook_platform_truth(rulebook: RulebookReport | None) -> dict[str, TruthState]: if rulebook is None: return {} diff --git a/tests/test_mcp_provider_contract.py b/tests/test_mcp_provider_contract.py index eb7a8ae..bcb5812 100644 --- a/tests/test_mcp_provider_contract.py +++ b/tests/test_mcp_provider_contract.py @@ -12,6 +12,8 @@ from mais_humana.mcp_contract import ( CANONICAL_PROJECT_ID, MCP_CONTROL_PLANE_ID, McpContractKind, + administration_route_contracts, + administration_route_readiness_payload, build_mcp_contract_report, build_mcp_execute_probe, contracts_for_kind, @@ -122,6 +124,21 @@ class McpProviderContractTests(unittest.TestCase): self.assertTrue(any("WAF" in step or "waf" in step for step in sample.validation_steps)) self.assertTrue(all("0045_GERENCIAL__pactuar-politica-acesso-waf-gpt-mcp-gateway" in item.order_ids for item in access_contracts)) + def test_administration_route_contracts_cover_mcp_only_operations(self) -> None: + routes = administration_route_contracts() + self.assertGreater(len(routes), 900) + operations = {contract.contract_id.split(".")[-2] for contract in routes} + self.assertEqual(operations, {"acao", "auditoria", "consulta", "diagnostico", "explicacao"}) + sample = routes[0] + self.assertIn("mcpOnlyAdministration", sample.required_payload_fields) + self.assertIn("directPlatformBypassBlocked", sample.required_payload_fields) + self.assertIn("permissionScope", sample.required_payload_fields) + self.assertIn("0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release", sample.order_ids) + readiness = administration_route_readiness_payload(platform_id=sample.platform_id) + self.assertEqual(readiness["kind"], "administration_route") + self.assertEqual(set(readiness["operations"].keys()), operations) + self.assertTrue(readiness["evidenceId"].startswith("evidence-")) + def test_cli_mcp_provider_returns_json(self) -> None: root = make_tmp() self.make_repo( diff --git a/tests/test_repository_mesh.py b/tests/test_repository_mesh.py index e4f0a05..5611d32 100644 --- a/tests/test_repository_mesh.py +++ b/tests/test_repository_mesh.py @@ -413,6 +413,36 @@ class RepositoryMeshTests(unittest.TestCase): self.assertEqual(summary["pluginAuthAttempt"], "user rejected MCP tool call") self.assertEqual(summary["targets"], len(default_repository_targets())) + def test_cli_repo_mesh_falls_back_when_central_write_probe_fails(self) -> None: + tmp = make_tmp() + ecosystem = tmp / "eco" + project = tmp / "human" + central = tmp / "central" / "projects" / "15_repo_tudo-para-ia-mais-humana-platform" + ecosystem.mkdir() + project.mkdir() + central.mkdir(parents=True) + (central / "reports").write_text("not a directory\n", encoding="utf-8") + code = main( + [ + "repo-mesh", + "--ecosystem-root", + str(ecosystem), + "--project-root", + str(project), + "--central-platform-folder", + str(central), + "--plugin-auth-attempt", + "mcp_tool_call_rejected_before_router", + ] + ) + self.assertEqual(code, 0) + status = json.loads((project / "dados" / "repository-mesh-central-write-status.json").read_text(encoding="utf-8")) + self.assertIn("error", status) + self.assertTrue(status["error"]) + self.assertEqual(status["used"], "") + payload = json.loads((project / "dados" / "repository-mesh-readiness.json").read_text(encoding="utf-8")) + self.assertIn("status", payload) + if __name__ == "__main__": unittest.main() diff --git a/tools/generate_mcp_control_contracts.py b/tools/generate_mcp_control_contracts.py index 82f4139..4f59c74 100644 --- a/tools/generate_mcp_control_contracts.py +++ b/tools/generate_mcp_control_contracts.py @@ -147,6 +147,14 @@ ACCESS_POLICY_SURFACES = ( ("automation-smoke", "observability", "mais_humana.gateway.access_policy.smoke"), ) +ADMINISTRATION_OPERATIONS = ( + ("consulta", "query", "mcp.admin.readonly", "mais_humana.admin.consulta"), + ("diagnostico", "diagnostic", "mcp.admin.diagnostic", "mais_humana.admin.diagnostico"), + ("acao", "action", "mcp.admin.action.request", "mais_humana.admin.acao"), + ("auditoria", "audit", "mcp.admin.audit", "mais_humana.admin.auditoria"), + ("explicacao", "explanation", "mcp.admin.explain", "mais_humana.admin.explicacao"), +) + def unique_tuple(values: Iterable[object]) -> tuple[str, ...]: seen: set[str] = set() @@ -183,6 +191,46 @@ def access_policy_payload_fields(platform_id: str, profile_id: str, surface: str ) +def administration_route_payload_fields( + platform_id: str, + profile_id: str, + operation: str, + route_family: str, + permission: str, + category: str, +) -> tuple[str, ...]: + return unique_tuple( + payload_fields(platform_id, profile_id, operation, category) + + ( + "adminRouteId", + "adminRouteKind", + "controlPlaneId", + "ownerPlatformId", + "targetPlatformId", + "routeFamily", + "permissionScope", + "executionMode", + "capabilityId", + "capabilityVersion", + "policyDecision", + "policyReason", + "inputSchemaHash", + "outputSchemaHash", + "operatorIntent", + "approvalRequired", + "dryRunSupported", + "rollbackSupported", + "humanExplanation", + "auditRetentionPolicy", + "mcpOnlyAdministration", + "directPlatformBypassBlocked", + f"{operation}Route", + f"{route_family}Family", + permission.replace(".", "_"), + ) + ) + + def validation_steps(platform_id: str, profile_id: str, surface: str, kind: str) -> tuple[str, ...]: return ( f"chamar {platform_id} somente via tudo-para-ia-mcps-internos-plataform", @@ -205,6 +253,17 @@ def access_policy_validations(platform_id: str, profile_id: str, surface: str) - ) +def administration_route_validations(platform_id: str, profile_id: str, operation: str, permission: str) -> tuple[str, ...]: + return ( + f"executar rota administrativa {operation} para {platform_id}/{profile_id} exclusivamente pelo MCPs Internos", + "confirmar origin, destination, tool, payload, actor, permission, result, traceId, auditId e timestamp", + f"validar permissionScope={permission} e bloquear bypass direto da plataforma", + "registrar inputSchemaHash, outputSchemaHash, sourcePayloadHash e sourceRecordsHash", + "confirmar que acao mutavel exige approvalRequired ou dryRunSupported conforme contrato", + "gerar humanExplanation para auditoria da IA administradora", + ) + + def contract_block( name: str, *, @@ -418,6 +477,60 @@ def build_contracts() -> tuple[list[str], list[str]]: ) index += 1 + for profile in HUMAN_PROFILES: + profile_categories = category_values(profile.priority_needs) + category = platform_categories[0] if platform_categories else "governance" + audience = audience_for_profile(profile.profile_id, profile_categories) + for operation, route_family, permission, tool_id in ADMINISTRATION_OPERATIONS: + route_id = f"{platform.platform_id}.{profile.profile_id}.{operation}.administration-route" + name = f"CONTRACT_{index:04d}" + names.append(name) + blocks.append( + contract_block( + name, + contract_id=route_id, + kind="ADMINISTRATION_ROUTE", + platform_id=platform.platform_id, + profile_id=profile.profile_id, + tool_id=tool_id, + title=f"Rota administrativa {operation} de {platform.title} para {profile.name}", + purpose=( + f"Expor {operation} de {platform.title} para {profile.name} somente pelo MCP control plane, " + "com decisao de permissao, auditoria, explicacao humana e bloqueio de bypass direto." + ), + source_tool_id="mais_humana.mcp_transit.ledger", + payload=administration_route_payload_fields( + platform.platform_id, + profile.profile_id, + operation, + route_family, + permission, + category, + ), + truth=truth, + panel_ready=panel_ready, + gpt_explainable=True, + report_model_id=f"admin-route.{platform.platform_id}.{profile.profile_id}.{operation}", + audience=audience, + redaction=redaction_requirements(platform.platform_id) + + ( + "bloquear administracao direta fora do MCPs Internos", + "persistir apenas hashes e referencias opacas de credencial", + ), + validations=administration_route_validations(platform.platform_id, profile.profile_id, operation, permission), + pending=f"homologar rota administrativa {operation} para {platform.platform_id}/{profile.profile_id}", + order_ids=( + "0029_GERENCIAL__pactuar-mcp-como-caminho-unico-administrativo", + "0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release", + "0048_GERENCIAL__homologar-politica-acesso-gpt-mcp-como-gate-institucional", + ), + policy_tags=("administration_route", "mcp_only", route_family, operation, permission), + maturity=max(7, maturity), + generated_from="platform_profile_administration_route_contract", + ) + ) + index += 1 + for ref_kind in ("credentialRef", "tokenRef", "secretRef", "cfat"): name = f"CONTRACT_{index:04d}" names.append(name)