diff --git a/dados/mcp-publication-gate-central-write-status.json b/dados/mcp-publication-gate-central-write-status.json index dc213e9..d2e6acd 100644 --- a/dados/mcp-publication-gate-central-write-status.json +++ b/dados/mcp-publication-gate-central-write-status.json @@ -8,7 +8,7 @@ "path": "G:\\_codex-git\\nucleo-gestao-operacional\\central-de-ordem-de-servico\\projects\\15_repo_tudo-para-ia-mais-humana-platform\\reports\\executivos\\MCP-PUBLICATION-GATE-MAIS-HUMANA__RODADA015.md" } ], - "generatedAt": "2026-05-02T06:07:10+00:00", + "generatedAt": "2026-05-02T07:13:16+00:00", "ok": false, "policy": "falha de escrita central nao aborta artefatos do projeto real" } \ No newline at end of file diff --git a/dados/mcp-publication-gate-mais-humana.json b/dados/mcp-publication-gate-mais-humana.json index d87fafd..660acef 100644 --- a/dados/mcp-publication-gate-mais-humana.json +++ b/dados/mcp-publication-gate-mais-humana.json @@ -17,7 +17,10 @@ "repo_remote": "https://git.ami.app.br/admin/tudo-para-ia-mais-humana.git" }, "blockers": [ - "wrangler_auth_not_confirmed", + "mais_humana.rulebook.compact:missing_transit:payload", + "mais_humana.admin_ui.same_source:missing_transit:payload", + "mais_humana.mcp_transit.ledger:missing_transit:payload", + "mais_humana.admin_routes.acceptance:missing_transit:payload", "canonical_name_requires_institutional_decision", "git_sync_blocked" ], @@ -27,7 +30,7 @@ "decisions": [ { "evidence_refs": [ - "6032d87c13f58ddb8ba217955c95baf1841bd1b8b8a98a090282bc562cafb6ff", + "c22d27b86de895b23a8a1f9cd932361cce45297757bb0c74bf88cf955a8cdd6d", "wrangler_runner" ], "next_action": "homologar runner Node/esbuild/workerd e repetir wrangler deploy --dry-run antes do deploy real", @@ -39,12 +42,13 @@ "evidence_refs": [ "evidence-a75a27e0669c49da1db8b615", "evidence-af37a8d489b0038a7a6b5575", - "evidence-3f0e3b9f829c7ff912b335d0" + "evidence-3f0e3b9f829c7ff912b335d0", + "evidence-6be52832c728db2bbbbce461" ], "next_action": "retestar as tres tools apos deploy do mcps-gateway contendo o provider Mais Humana", "order_id": "0032_EXECUTIVA__validar-live-tools-mais-humana-v1-execute-com-evidencia", "reason": "endpoint live foi sondado sem persistir bearer bruto", - "status": "passed" + "status": "partial" }, { "evidence_refs": [ @@ -52,7 +56,7 @@ ], "next_action": "corrigir credencial Git/Schannel e reconciliar ahead/behind sem reset destrutivo", "order_id": "0033_EXECUTIVA__sincronizar-git-mais-humana-mcps-central-com-credenciais", - "reason": "fetch/push bloqueados por SEC_E_NO_CREDENTIALS e FETCH_HEAD/index.lock conforme auditoria segura", + "reason": "fetch normal falhou por SEC_E_NO_CREDENTIALS; fetch em memoria no repo real OK; central suja/divergente sem reconciliação destrutiva", "status": "blocked" }, { @@ -76,7 +80,7 @@ { "evidence_refs": [ "wrangler_runner", - "6032d87c13f58ddb8ba217955c95baf1841bd1b8b8a98a090282bc562cafb6ff" + "c22d27b86de895b23a8a1f9cd932361cce45297757bb0c74bf88cf955a8cdd6d" ], "next_action": "definir owner, janela, version atual, rollback e criterio de sucesso antes de deploy real", "order_id": "0043_GERENCIAL__aprovar-janela-publicacao-provider-mais-humana-com-rollback", @@ -86,7 +90,7 @@ { "evidence_refs": [ "mcp_transit_ledger", - "6032d87c13f58ddb8ba217955c95baf1841bd1b8b8a98a090282bc562cafb6ff" + "c22d27b86de895b23a8a1f9cd932361cce45297757bb0c74bf88cf955a8cdd6d" ], "next_action": "aplicar requiredFields em toda publicacao interplataforma", "order_id": "0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release", @@ -97,7 +101,8 @@ "evidence_refs": [ "evidence-a75a27e0669c49da1db8b615", "evidence-af37a8d489b0038a7a6b5575", - "evidence-3f0e3b9f829c7ff912b335d0" + "evidence-3f0e3b9f829c7ff912b335d0", + "evidence-6be52832c728db2bbbbce461" ], "next_action": "formalizar headers minimos, WAF, rate limit, logs e retencao de evidencias", "order_id": "0045_GERENCIAL__pactuar-politica-acesso-waf-gpt-mcp-gateway", @@ -111,7 +116,7 @@ "next_action": "homologar host que permita Node, esbuild/workerd e node --test sem spawn EPERM", "order_id": "0046_GERENCIAL__homologar-runner-oficial-wrangler-node-esbuild", "reason": "Wrangler autenticou quando executado diretamente, mas deploy dry-run nao ficou confirmado", - "status": "blocked" + "status": "not_run" }, { "evidence_refs": [ @@ -137,20 +142,22 @@ "executeMaisHumanaGatewayTool", "mais_humana.rulebook.compact", "mais_humana.admin_ui.same_source", - "mais_humana.mcp_transit.ledger" + "mais_humana.mcp_transit.ledger", + "mais_humana.admin_routes.acceptance" ], "provider_id": "mais_humana", - "source_hash": "6032d87c13f58ddb8ba217955c95baf1841bd1b8b8a98a090282bc562cafb6ff", + "source_hash": "c22d27b86de895b23a8a1f9cd932361cce45297757bb0c74bf88cf955a8cdd6d", "tests_path": "G:\\_codex-git\\tudo-para-ia-mcps-internos-plataform\\tests\\platform\\mcps-gateway-mais-humana-provider.test.ts", "tests_present": true, "tool_ids": [ "mais_humana.rulebook.compact", "mais_humana.admin_ui.same_source", - "mais_humana.mcp_transit.ledger" + "mais_humana.mcp_transit.ledger", + "mais_humana.admin_routes.acceptance" ] }, - "generated_at": "2026-05-02T06:07:10+00:00", - "liveReady": true, + "generated_at": "2026-05-02T07:13:16+00:00", + "liveReady": false, "live_probes": [ { "audit_id": "audit-a75a27e0669c49da1db8b615", @@ -158,7 +165,10 @@ "error_code": "", "evidence_id": "evidence-a75a27e0669c49da1db8b615", "http_status": 200, - "observed_at": "2026-05-02T06:07:09+00:00", + "missing_transit_fields": [ + "payload" + ], + "observed_at": "2026-05-02T07:13:16+00:00", "ok": true, "response_excerpt": { "__truncated__": true, @@ -183,7 +193,18 @@ "source_records_hash": "a75a27e0669c49da1db8b6157757c0615eed06c32674c7ed87a6db5d071359de", "status": "ok", "tool_id": "mais_humana.rulebook.compact", - "trace_id": "trace-3e1c8f057ac439f4b9b3eb7f" + "trace_id": "trace-3e1c8f057ac439f4b9b3eb7f", + "transit_fields_present": [ + "origin", + "destination", + "tool", + "actor", + "permission", + "result", + "traceId", + "auditId", + "timestamp" + ] }, { "audit_id": "audit-af37a8d489b0038a7a6b5575", @@ -191,7 +212,10 @@ "error_code": "", "evidence_id": "evidence-af37a8d489b0038a7a6b5575", "http_status": 200, - "observed_at": "2026-05-02T06:07:10+00:00", + "missing_transit_fields": [ + "payload" + ], + "observed_at": "2026-05-02T07:13:16+00:00", "ok": true, "response_excerpt": { "__truncated__": true, @@ -216,7 +240,18 @@ "source_records_hash": "af37a8d489b0038a7a6b5575970ec69855dd0f0e0ab09cf38b0e7658d3678195", "status": "ok", "tool_id": "mais_humana.admin_ui.same_source", - "trace_id": "trace-17e7d8039c8c34e3f570b6de" + "trace_id": "trace-17e7d8039c8c34e3f570b6de", + "transit_fields_present": [ + "origin", + "destination", + "tool", + "actor", + "permission", + "result", + "traceId", + "auditId", + "timestamp" + ] }, { "audit_id": "audit-3f0e3b9f829c7ff912b335d0", @@ -224,7 +259,10 @@ "error_code": "", "evidence_id": "evidence-3f0e3b9f829c7ff912b335d0", "http_status": 200, - "observed_at": "2026-05-02T06:07:10+00:00", + "missing_transit_fields": [ + "payload" + ], + "observed_at": "2026-05-02T07:13:16+00:00", "ok": true, "response_excerpt": { "__truncated__": true, @@ -249,35 +287,92 @@ "source_records_hash": "3f0e3b9f829c7ff912b335d01afb5e78acdaa331bd984713dfca757072be6bbf", "status": "ok", "tool_id": "mais_humana.mcp_transit.ledger", - "trace_id": "trace-dae7d91a59e37901d50c027d" + "trace_id": "trace-dae7d91a59e37901d50c027d", + "transit_fields_present": [ + "origin", + "destination", + "tool", + "actor", + "permission", + "result", + "traceId", + "auditId", + "timestamp" + ] + }, + { + "audit_id": "audit-6be52832c728db2bbbbce461", + "endpoint": "https://mcps-gateway.ami-app.workers.dev/v1/execute", + "error_code": "", + "evidence_id": "evidence-6be52832c728db2bbbbce461", + "http_status": 200, + "missing_transit_fields": [ + "payload" + ], + "observed_at": "2026-05-02T07:13:16+00:00", + "ok": true, + "response_excerpt": { + "__truncated__": true, + "actorId": "codex.service-order-round", + "auditId": "audit:mcps-gateway:codex.service-order-round:mais_humana.admin_routes.acceptance", + "blockers": "[]", + "consumption": "None", + "nextActions": "[]", + "ok": "True", + "organizationId": "None", + "productId": "None", + "providerId": "mais_humana", + "readiness": "None", + "sampleData": "False", + "simulated": "False", + "status": "blocked", + "traceId": "trace:mcps-gateway:codex.service-order-round:mais_humana.admin_routes.acceptance", + "userId": "None", + "workspaceId": "None" + }, + "source_payload_hash": "364a5b5997194d485948655720ff713f61ec091dc08ab899e302ad965ace04ba", + "source_records_hash": "6be52832c728db2bbbbce461ff39cbf52b8e26111b0710f303061dc38a0ecb3d", + "status": "ok", + "tool_id": "mais_humana.admin_routes.acceptance", + "trace_id": "trace-364a5b5997194d4859486557", + "transit_fields_present": [ + "origin", + "destination", + "tool", + "actor", + "permission", + "result", + "traceId", + "auditId", + "timestamp" + ] } ], "localReady": true, "provider_id": "mais_humana", - "report_id": "mcp-publication-gate-2026-05-02t0607100000", + "report_id": "mcp-publication-gate-2026-05-02t0713160000", "status": "partial", "summary": [ "Provider local Mais Humana pronto: True.", "Wrangler autenticado: False; deploy dry-run OK: False.", - "Tools live prontas: 3/3.", + "Tools live prontas: 0/4.", + "Probes live com envelope MCP completo: 0/4.", "Nome atual: tudo-para-ia-mais-humana; canonico recomendado: tudo-para-ia-mais-humana-platform; ownerPlatformId MCP: tudo-para-ia-mais-humana-platform.", "Decisoes de OS avaliadas: 10." ], "wrangler_runner": { "account_id": "", "account_name": "", - "attempted": true, + "attempted": false, "authenticated": false, - "blockers": [ - "wrangler_auth_not_confirmed" - ], + "blockers": [], "command_status": { "wrangler_deploy_dry_run": "not_confirmed", "wrangler_version": "unknown", "wrangler_whoami": "unknown" }, "deploy_dry_run_ok": false, - "raw_summary": "deploy manual informado pelo roteador; wrangler local nao utilizado nesta etapa; conferir live por HTTP", + "raw_summary": "", "version": "" } } \ No newline at end of file diff --git a/ecossistema/MCP-PUBLICATION-GATE-MAIS-HUMANA.md b/ecossistema/MCP-PUBLICATION-GATE-MAIS-HUMANA.md index b233a2d..236fc0f 100644 --- a/ecossistema/MCP-PUBLICATION-GATE-MAIS-HUMANA.md +++ b/ecossistema/MCP-PUBLICATION-GATE-MAIS-HUMANA.md @@ -1,21 +1,22 @@ # Gate de publicacao MCP Mais Humana -- report_id: `mcp-publication-gate-2026-05-02t0607100000` -- generated_at: `2026-05-02T06:07:10+00:00` +- report_id: `mcp-publication-gate-2026-05-02t0713160000` +- generated_at: `2026-05-02T07:13:16+00:00` - provider_id: `mais_humana` - current_project_id: `tudo-para-ia-mais-humana` - canonical_project_id: `tudo-para-ia-mais-humana-platform` - control_plane: `tudo-para-ia-mcps-internos-plataform` - status: `partial` - local_ready: `True` -- live_ready: `True` +- live_ready: `False` - deploy_ready: `False` ## Sumario - Provider local Mais Humana pronto: True. - Wrangler autenticado: False; deploy dry-run OK: False. -- Tools live prontas: 3/3. +- Tools live prontas: 0/4. +- Probes live com envelope MCP completo: 0/4. - Nome atual: tudo-para-ia-mais-humana; canonico recomendado: tudo-para-ia-mais-humana-platform; ownerPlatformId MCP: tudo-para-ia-mais-humana-platform. - Decisoes de OS avaliadas: 10. @@ -25,20 +26,18 @@ - managed_catalog: `G:\_codex-git\tudo-para-ia-mcps-internos-plataform\deploy\mcps-gateway\src\providers\managed-catalog.ts` - managed_provider_manager: `G:\_codex-git\tudo-para-ia-mcps-internos-plataform\deploy\mcps-gateway\src\managers\managed-provider-manager.ts` - tests: `G:\_codex-git\tudo-para-ia-mcps-internos-plataform\tests\platform\mcps-gateway-mais-humana-provider.test.ts` -- source_hash: `6032d87c13f58ddb8ba217955c95baf1841bd1b8b8a98a090282bc562cafb6ff` -- snippets_presentes: `6` +- source_hash: `c22d27b86de895b23a8a1f9cd932361cce45297757bb0c74bf88cf955a8cdd6d` +- snippets_presentes: `7` - snippets_ausentes: `0` ## Wrangler -- attempted: `True` +- attempted: `False` - version: `nao_confirmada` - authenticated: `False` - account_name: `nao_confirmada` - account_id: `nao_confirmada` - deploy_dry_run_ok: `False` -- blockers: - - `wrangler_auth_not_confirmed` ## Probes live @@ -47,16 +46,29 @@ - evidenceId: `evidence-a75a27e0669c49da1db8b615` - traceId: `trace-3e1c8f057ac439f4b9b3eb7f` - auditId: `audit-a75a27e0669c49da1db8b615` + - transit_fields_present: `origin, destination, tool, actor, permission, result, traceId, auditId, timestamp` + - missing_transit_fields: `payload` - `mais_humana.admin_ui.same_source` status `ok` http `200` ok `True` - error_code: `none` - evidenceId: `evidence-af37a8d489b0038a7a6b5575` - traceId: `trace-17e7d8039c8c34e3f570b6de` - auditId: `audit-af37a8d489b0038a7a6b5575` + - transit_fields_present: `origin, destination, tool, actor, permission, result, traceId, auditId, timestamp` + - missing_transit_fields: `payload` - `mais_humana.mcp_transit.ledger` status `ok` http `200` ok `True` - error_code: `none` - evidenceId: `evidence-3f0e3b9f829c7ff912b335d0` - traceId: `trace-dae7d91a59e37901d50c027d` - auditId: `audit-3f0e3b9f829c7ff912b335d0` + - transit_fields_present: `origin, destination, tool, actor, permission, result, traceId, auditId, timestamp` + - missing_transit_fields: `payload` +- `mais_humana.admin_routes.acceptance` status `ok` http `200` ok `True` + - error_code: `none` + - evidenceId: `evidence-6be52832c728db2bbbbce461` + - traceId: `trace-364a5b5997194d4859486557` + - auditId: `audit-6be52832c728db2bbbbce461` + - transit_fields_present: `origin, destination, tool, actor, permission, result, traceId, auditId, timestamp` + - missing_transit_fields: `payload` ## Politica de nome canonico e aliases @@ -74,20 +86,20 @@ - status: `partial` - motivo: codigo local do provider existe; publicacao live depende de runner Wrangler sem spawn EPERM -- evidencias: `6032d87c13f58ddb8ba217955c95baf1841bd1b8b8a98a090282bc562cafb6ff; wrangler_runner` +- evidencias: `c22d27b86de895b23a8a1f9cd932361cce45297757bb0c74bf88cf955a8cdd6d; wrangler_runner` - proxima_acao: homologar runner Node/esbuild/workerd e repetir wrangler deploy --dry-run antes do deploy real ### 0032_EXECUTIVA__validar-live-tools-mais-humana-v1-execute-com-evidencia -- status: `passed` +- status: `partial` - motivo: endpoint live foi sondado sem persistir bearer bruto -- evidencias: `evidence-a75a27e0669c49da1db8b615; evidence-af37a8d489b0038a7a6b5575; evidence-3f0e3b9f829c7ff912b335d0` +- evidencias: `evidence-a75a27e0669c49da1db8b615; evidence-af37a8d489b0038a7a6b5575; evidence-3f0e3b9f829c7ff912b335d0; evidence-6be52832c728db2bbbbce461` - proxima_acao: retestar as tres tools apos deploy do mcps-gateway contendo o provider Mais Humana ### 0033_EXECUTIVA__sincronizar-git-mais-humana-mcps-central-com-credenciais - status: `blocked` -- motivo: fetch/push bloqueados por SEC_E_NO_CREDENTIALS e FETCH_HEAD/index.lock conforme auditoria segura +- motivo: fetch normal falhou por SEC_E_NO_CREDENTIALS; fetch em memoria no repo real OK; central suja/divergente sem reconciliação destrutiva - evidencias: `git_sync_status` - proxima_acao: corrigir credencial Git/Schannel e reconciliar ahead/behind sem reset destrutivo @@ -109,26 +121,26 @@ - status: `partial` - motivo: janela pode ser planejada, mas deploy real ainda depende do runner homologado -- evidencias: `wrangler_runner; 6032d87c13f58ddb8ba217955c95baf1841bd1b8b8a98a090282bc562cafb6ff` +- evidencias: `wrangler_runner; c22d27b86de895b23a8a1f9cd932361cce45297757bb0c74bf88cf955a8cdd6d` - proxima_acao: definir owner, janela, version atual, rollback e criterio de sucesso antes de deploy real ### 0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release - status: `passed` - motivo: ledger MCP existe como contrato local e deve ser criterio de release -- evidencias: `mcp_transit_ledger; 6032d87c13f58ddb8ba217955c95baf1841bd1b8b8a98a090282bc562cafb6ff` +- evidencias: `mcp_transit_ledger; c22d27b86de895b23a8a1f9cd932361cce45297757bb0c74bf88cf955a8cdd6d` - proxima_acao: aplicar requiredFields em toda publicacao interplataforma ### 0045_GERENCIAL__pactuar-politica-acesso-waf-gpt-mcp-gateway - status: `partial` - motivo: probes usam User-Agent controlado, bearer redigido e response excerpt seguro -- evidencias: `evidence-a75a27e0669c49da1db8b615; evidence-af37a8d489b0038a7a6b5575; evidence-3f0e3b9f829c7ff912b335d0` +- evidencias: `evidence-a75a27e0669c49da1db8b615; evidence-af37a8d489b0038a7a6b5575; evidence-3f0e3b9f829c7ff912b335d0; evidence-6be52832c728db2bbbbce461` - proxima_acao: formalizar headers minimos, WAF, rate limit, logs e retencao de evidencias ### 0046_GERENCIAL__homologar-runner-oficial-wrangler-node-esbuild -- status: `blocked` +- status: `not_run` - motivo: Wrangler autenticou quando executado diretamente, mas deploy dry-run nao ficou confirmado - evidencias: `wrangler_runner` - proxima_acao: homologar host que permita Node, esbuild/workerd e node --test sem spawn EPERM @@ -142,6 +154,9 @@ ## Blockers -- `wrangler_auth_not_confirmed` +- `mais_humana.rulebook.compact:missing_transit:payload` +- `mais_humana.admin_ui.same_source:missing_transit:payload` +- `mais_humana.mcp_transit.ledger:missing_transit:payload` +- `mais_humana.admin_routes.acceptance:missing_transit:payload` - `canonical_name_requires_institutional_decision` - `git_sync_blocked` diff --git a/matrizes/mcp-publication-gate-decisions.csv b/matrizes/mcp-publication-gate-decisions.csv index 02a6d95..9963d72 100644 --- a/matrizes/mcp-publication-gate-decisions.csv +++ b/matrizes/mcp-publication-gate-decisions.csv @@ -1,11 +1,11 @@ order_id,status,reason,next_action,evidence_refs -0031_EXECUTIVA__publicar-provider-mais-humana-no-mcps-gateway-via-wrangler-homologado,partial,codigo local do provider existe; publicacao live depende de runner Wrangler sem spawn EPERM,homologar runner Node/esbuild/workerd e repetir wrangler deploy --dry-run antes do deploy real,6032d87c13f58ddb8ba217955c95baf1841bd1b8b8a98a090282bc562cafb6ff; wrangler_runner -0032_EXECUTIVA__validar-live-tools-mais-humana-v1-execute-com-evidencia,passed,endpoint live foi sondado sem persistir bearer bruto,retestar as tres tools apos deploy do mcps-gateway contendo o provider Mais Humana,evidence-a75a27e0669c49da1db8b615; evidence-af37a8d489b0038a7a6b5575; evidence-3f0e3b9f829c7ff912b335d0 -0033_EXECUTIVA__sincronizar-git-mais-humana-mcps-central-com-credenciais,blocked,fetch/push bloqueados por SEC_E_NO_CREDENTIALS e FETCH_HEAD/index.lock conforme auditoria segura,corrigir credencial Git/Schannel e reconciliar ahead/behind sem reset destrutivo,git_sync_status +0031_EXECUTIVA__publicar-provider-mais-humana-no-mcps-gateway-via-wrangler-homologado,partial,codigo local do provider existe; publicacao live depende de runner Wrangler sem spawn EPERM,homologar runner Node/esbuild/workerd e repetir wrangler deploy --dry-run antes do deploy real,c22d27b86de895b23a8a1f9cd932361cce45297757bb0c74bf88cf955a8cdd6d; wrangler_runner +0032_EXECUTIVA__validar-live-tools-mais-humana-v1-execute-com-evidencia,partial,endpoint live foi sondado sem persistir bearer bruto,retestar as tres tools apos deploy do mcps-gateway contendo o provider Mais Humana,evidence-a75a27e0669c49da1db8b615; evidence-af37a8d489b0038a7a6b5575; evidence-3f0e3b9f829c7ff912b335d0; evidence-6be52832c728db2bbbbce461 +0033_EXECUTIVA__sincronizar-git-mais-humana-mcps-central-com-credenciais,blocked,fetch normal falhou por SEC_E_NO_CREDENTIALS; fetch em memoria no repo real OK; central suja/divergente sem reconciliação destrutiva,corrigir credencial Git/Schannel e reconciliar ahead/behind sem reset destrutivo,git_sync_status 0034_EXECUTIVA__corrigir-acl-escrita-central-e-sql-semantico-plataforma-15,partial,artefatos centrais foram testados pelo gerador de gate; falhas ficam registradas no projeto real,manter escrita automatica central e SQL semantico sob teste em toda rodada,central_write_status 0035_EXECUTIVA__reconciliar-nome-canonico-real-alias-platform,blocked,politica de alias foi materializada sem renome destrutivo,"aguardar decisao institucional antes de renomear remote, pasta central, ownerPlatformId ou referencias historicas",alias_policy -0043_GERENCIAL__aprovar-janela-publicacao-provider-mais-humana-com-rollback,partial,"janela pode ser planejada, mas deploy real ainda depende do runner homologado","definir owner, janela, version atual, rollback e criterio de sucesso antes de deploy real",wrangler_runner; 6032d87c13f58ddb8ba217955c95baf1841bd1b8b8a98a090282bc562cafb6ff -0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release,passed,ledger MCP existe como contrato local e deve ser criterio de release,aplicar requiredFields em toda publicacao interplataforma,mcp_transit_ledger; 6032d87c13f58ddb8ba217955c95baf1841bd1b8b8a98a090282bc562cafb6ff -0045_GERENCIAL__pactuar-politica-acesso-waf-gpt-mcp-gateway,partial,"probes usam User-Agent controlado, bearer redigido e response excerpt seguro","formalizar headers minimos, WAF, rate limit, logs e retencao de evidencias",evidence-a75a27e0669c49da1db8b615; evidence-af37a8d489b0038a7a6b5575; evidence-3f0e3b9f829c7ff912b335d0 -0046_GERENCIAL__homologar-runner-oficial-wrangler-node-esbuild,blocked,"Wrangler autenticou quando executado diretamente, mas deploy dry-run nao ficou confirmado","homologar host que permita Node, esbuild/workerd e node --test sem spawn EPERM",wrangler_runner +0043_GERENCIAL__aprovar-janela-publicacao-provider-mais-humana-com-rollback,partial,"janela pode ser planejada, mas deploy real ainda depende do runner homologado","definir owner, janela, version atual, rollback e criterio de sucesso antes de deploy real",wrangler_runner; c22d27b86de895b23a8a1f9cd932361cce45297757bb0c74bf88cf955a8cdd6d +0044_GERENCIAL__institucionalizar-ledger-transito-mcp-como-gate-release,passed,ledger MCP existe como contrato local e deve ser criterio de release,aplicar requiredFields em toda publicacao interplataforma,mcp_transit_ledger; c22d27b86de895b23a8a1f9cd932361cce45297757bb0c74bf88cf955a8cdd6d +0045_GERENCIAL__pactuar-politica-acesso-waf-gpt-mcp-gateway,partial,"probes usam User-Agent controlado, bearer redigido e response excerpt seguro","formalizar headers minimos, WAF, rate limit, logs e retencao de evidencias",evidence-a75a27e0669c49da1db8b615; evidence-af37a8d489b0038a7a6b5575; evidence-3f0e3b9f829c7ff912b335d0; evidence-6be52832c728db2bbbbce461 +0046_GERENCIAL__homologar-runner-oficial-wrangler-node-esbuild,not_run,"Wrangler autenticou quando executado diretamente, mas deploy dry-run nao ficou confirmado","homologar host que permita Node, esbuild/workerd e node --test sem spawn EPERM",wrangler_runner 0047_GERENCIAL__decidir-nome-canonico-e-politica-alias-mais-humana,blocked,"nome atual, nome canonico recomendado e aliases estao documentados",registrar decisao formal: preservar alias ou executar migracao coordenada,alias_policy diff --git a/src/mais_humana/mcp_publication_gate.py b/src/mais_humana/mcp_publication_gate.py index 35c7022..1157ed1 100644 --- a/src/mais_humana/mcp_publication_gate.py +++ b/src/mais_humana/mcp_publication_gate.py @@ -29,6 +29,7 @@ from .mcp_contract import ( CURRENT_PROJECT_ID, MCP_CONTROL_PLANE_ID, MCP_EXECUTE_ENDPOINT, + MCP_TRANSIT_FIELDS, PROVIDER_ID, PROVIDER_TOOL_ID, stable_hash, @@ -41,6 +42,7 @@ DEFAULT_GATEWAY_TOOLS = ( "mais_humana.rulebook.compact", "mais_humana.admin_ui.same_source", "mais_humana.mcp_transit.ledger", + "mais_humana.admin_routes.acceptance", ) EXPECTED_GATEWAY_SNIPPETS = ( @@ -50,6 +52,7 @@ EXPECTED_GATEWAY_SNIPPETS = ( "mais_humana.rulebook.compact", "mais_humana.admin_ui.same_source", "mais_humana.mcp_transit.ledger", + "mais_humana.admin_routes.acceptance", ) DEFAULT_OWNER_PLATFORM_ID = "tudo-para-ia-mais-humana-platform" @@ -143,12 +146,14 @@ class LiveToolProbe: evidence_id: str source_payload_hash: str source_records_hash: str + transit_fields_present: tuple[str, ...] + missing_transit_fields: tuple[str, ...] response_excerpt: Mapping[str, Any] observed_at: str @property def live_ready(self) -> bool: - return self.status == ProbeStatus.OK and self.ok + return self.status == ProbeStatus.OK and self.ok and not self.missing_transit_fields def to_dict(self) -> dict[str, Any]: return as_plain_data(self) @@ -279,6 +284,20 @@ def _safe_excerpt(value: object, *, max_items: int = 16) -> dict[str, Any]: return {"value": redact_sensitive_text(str(value))[:600]} +def _transit_fields(payload: Mapping[str, Any]) -> tuple[tuple[str, ...], tuple[str, ...]]: + result = payload.get("result") + result_map = result if isinstance(result, Mapping) else {} + transit = result_map.get("transit") + transit_map = transit if isinstance(transit, Mapping) else {} + present = tuple( + field + for field in MCP_TRANSIT_FIELDS + if field in transit_map and transit_map[field] not in ("", None, {}, []) + ) + missing = tuple(field for field in MCP_TRANSIT_FIELDS if field not in present) + return present, missing + + def _status_from_http(status: int | None, payload: Mapping[str, Any]) -> ProbeStatus: if status is None: return ProbeStatus.NETWORK_ERROR @@ -365,7 +384,7 @@ def build_wrangler_runner_evidence( blockers: list[str] = [] if spawn_blocked: blockers.append("runner_node_esbuild_spawn_eperm") - if not authenticated: + if attempted and not authenticated: blockers.append("wrangler_auth_not_confirmed") if authenticated and not deploy_dry_run_ok: blockers.append("wrangler_deploy_dry_run_not_confirmed") @@ -437,6 +456,7 @@ def execute_live_tool_probe( error_code = str(error_value or payload.get("code") or "").strip() source_payload_hash = stable_hash({"endpoint": endpoint, "request": body, "status": status}) source_records_hash = stable_hash({"toolId": tool_id, "payload": _safe_excerpt(payload), "status": probe_status.value}) + transit_present, transit_missing = _transit_fields(payload) return LiveToolProbe( tool_id=tool_id, endpoint=endpoint, @@ -449,6 +469,8 @@ def execute_live_tool_probe( evidence_id=f"evidence-{source_records_hash[:24]}", source_payload_hash=source_payload_hash, source_records_hash=source_records_hash, + transit_fields_present=transit_present, + missing_transit_fields=transit_missing, response_excerpt=_safe_excerpt(payload), observed_at=utc_now(), ) @@ -471,6 +493,8 @@ def build_not_run_probe(tool_id: str, reason: str, *, endpoint: str = MCP_EXECUT evidence_id=f"evidence-{source_records_hash[:24]}", source_payload_hash=source_payload_hash, source_records_hash=source_records_hash, + transit_fields_present=(), + missing_transit_fields=MCP_TRANSIT_FIELDS, response_excerpt={"reason": reason}, observed_at=utc_now(), ) @@ -644,7 +668,16 @@ def build_publication_gate_report( ( *gateway.missing_snippets, *wrangler.blockers, - *(f"{probe.tool_id}:{probe.status.value}:{probe.error_code}" for probe in probes if not probe.live_ready), + *( + f"{probe.tool_id}:{probe.status.value}:{probe.error_code}" + for probe in probes + if probe.status != ProbeStatus.OK or probe.error_code + ), + *( + f"{probe.tool_id}:missing_transit:{','.join(probe.missing_transit_fields)}" + for probe in probes + if probe.missing_transit_fields and probe.status == ProbeStatus.OK + ), *alias.blockers, *(("git_sync_blocked" if "SEC_E_NO_CREDENTIALS" in git_sync_status else ""),), ) @@ -653,6 +686,7 @@ def build_publication_gate_report( f"Provider local Mais Humana pronto: {gateway.ready}.", f"Wrangler autenticado: {wrangler.authenticated}; deploy dry-run OK: {wrangler.deploy_dry_run_ok}.", f"Tools live prontas: {sum(1 for item in probes if item.live_ready)}/{len(probes)}.", + f"Probes live com envelope MCP completo: {sum(1 for item in probes if not item.missing_transit_fields)}/{len(probes)}.", f"Nome atual: {CURRENT_PROJECT_ID}; canonico recomendado: {CANONICAL_PROJECT_ID}; ownerPlatformId MCP: {DEFAULT_OWNER_PLATFORM_ID}.", f"Decisoes de OS avaliadas: {len(decisions)}.", ) @@ -762,6 +796,8 @@ def publication_gate_markdown(report: McpPublicationGateReport) -> str: f" - evidenceId: `{probe.evidence_id}`", f" - traceId: `{probe.trace_id}`", f" - auditId: `{probe.audit_id}`", + f" - transit_fields_present: `{', '.join(probe.transit_fields_present) or 'none'}`", + f" - missing_transit_fields: `{', '.join(probe.missing_transit_fields) or 'none'}`", ] ) lines.extend(["", "## Politica de nome canonico e aliases", ""]) diff --git a/tests/test_mcp_publication_gate.py b/tests/test_mcp_publication_gate.py index 8d770c7..2163f61 100644 --- a/tests/test_mcp_publication_gate.py +++ b/tests/test_mcp_publication_gate.py @@ -8,6 +8,7 @@ from mais_humana.cli import main from mais_humana.mcp_publication_gate import ( DEFAULT_GATEWAY_TOOLS, GateStatus, + LiveToolProbe, ProbeStatus, build_alias_policy, build_not_run_probe, @@ -37,7 +38,7 @@ class McpPublicationGateTests(unittest.TestCase): 'const PLATFORM_IDS = { maisHumana: "tudo-para-ia-mais-humana-platform" };', "const MAIS_HUMANA_PROVIDER_ID = \"mais_humana\";", "async function executeMaisHumanaGatewayTool() { return true; }", - "const ids = ['mais_humana.rulebook.compact', 'mais_humana.admin_ui.same_source', 'mais_humana.mcp_transit.ledger'];", + "const ids = ['mais_humana.rulebook.compact', 'mais_humana.admin_ui.same_source', 'mais_humana.mcp_transit.ledger', 'mais_humana.admin_routes.acceptance'];", ] ), encoding="utf-8", @@ -46,7 +47,7 @@ class McpPublicationGateTests(unittest.TestCase): "\n".join( [ "const MAIS_HUMANA_CATALOG = { providerId: 'mais_humana' };", - "export const tools = ['mais_humana.rulebook.compact', 'mais_humana.admin_ui.same_source', 'mais_humana.mcp_transit.ledger'];", + "export const tools = ['mais_humana.rulebook.compact', 'mais_humana.admin_ui.same_source', 'mais_humana.mcp_transit.ledger', 'mais_humana.admin_routes.acceptance'];", ] ), encoding="utf-8", @@ -57,6 +58,7 @@ class McpPublicationGateTests(unittest.TestCase): "case 'mais_humana:rulebook.compact': return {};", "case 'mais_humana:admin_ui.same_source': return {};", "case 'mais_humana:mcp_transit.ledger': return {};", + "case 'mais_humana:admin_routes.acceptance': return {};", ] ), encoding="utf-8", @@ -87,6 +89,34 @@ class McpPublicationGateTests(unittest.TestCase): self.assertEqual(evidence.status, GateStatus.PARTIAL) self.assertIn("runner_node_esbuild_spawn_eperm", evidence.blockers) + def test_wrangler_not_attempted_is_observation_not_auth_blocker(self) -> None: + evidence = build_wrangler_runner_evidence("", attempted=False) + + self.assertEqual(evidence.status, GateStatus.NOT_RUN) + self.assertFalse(evidence.authenticated) + self.assertEqual(evidence.blockers, ()) + + def test_live_probe_requires_complete_mcp_transit_envelope(self) -> None: + probe = LiveToolProbe( + tool_id="mais_humana.admin_routes.acceptance", + endpoint="https://mcps-gateway.ami-app.workers.dev/v1/execute", + http_status=200, + status=ProbeStatus.OK, + ok=True, + error_code="", + trace_id="trace-live", + audit_id="audit-live", + evidence_id="evidence-live", + source_payload_hash="a" * 64, + source_records_hash="b" * 64, + transit_fields_present=("origin", "destination", "tool", "actor", "permission", "traceId", "auditId", "timestamp"), + missing_transit_fields=("payload", "result"), + response_excerpt={"ok": "True"}, + observed_at="2026-05-02T00:00:00+00:00", + ) + + self.assertFalse(probe.live_ready) + def test_order_decisions_keep_live_and_git_blockers_explicit(self) -> None: repo = self.make_mcp_repo(make_tmp()) gateway = scan_gateway_source(repo) @@ -186,4 +216,3 @@ class McpPublicationGateTests(unittest.TestCase): if __name__ == "__main__": unittest.main() -