auto-sync: tudo-para-ia-mais-humana 2026-05-02 04:14:46

src/mais_humana/mcp_publication_gate.py

@@ -29,6 +29,7 @@ from .mcp_contract import (
     CURRENT_PROJECT_ID,
     MCP_CONTROL_PLANE_ID,
     MCP_EXECUTE_ENDPOINT,
+    MCP_TRANSIT_FIELDS,
     PROVIDER_ID,
     PROVIDER_TOOL_ID,
     stable_hash,
@@ -41,6 +42,7 @@ DEFAULT_GATEWAY_TOOLS = (
     "mais_humana.rulebook.compact",
     "mais_humana.admin_ui.same_source",
     "mais_humana.mcp_transit.ledger",
+    "mais_humana.admin_routes.acceptance",
 )
 
 EXPECTED_GATEWAY_SNIPPETS = (
@@ -50,6 +52,7 @@ EXPECTED_GATEWAY_SNIPPETS = (
     "mais_humana.rulebook.compact",
     "mais_humana.admin_ui.same_source",
     "mais_humana.mcp_transit.ledger",
+    "mais_humana.admin_routes.acceptance",
 )
 
 DEFAULT_OWNER_PLATFORM_ID = "tudo-para-ia-mais-humana-platform"
@@ -143,12 +146,14 @@ class LiveToolProbe:
     evidence_id: str
     source_payload_hash: str
     source_records_hash: str
+    transit_fields_present: tuple[str, ...]
+    missing_transit_fields: tuple[str, ...]
     response_excerpt: Mapping[str, Any]
     observed_at: str
 
     @property
     def live_ready(self) -> bool:
-        return self.status == ProbeStatus.OK and self.ok
+        return self.status == ProbeStatus.OK and self.ok and not self.missing_transit_fields
 
     def to_dict(self) -> dict[str, Any]:
         return as_plain_data(self)
@@ -279,6 +284,20 @@ def _safe_excerpt(value: object, *, max_items: int = 16) -> dict[str, Any]:
     return {"value": redact_sensitive_text(str(value))[:600]}
 
 
+def _transit_fields(payload: Mapping[str, Any]) -> tuple[tuple[str, ...], tuple[str, ...]]:
+    result = payload.get("result")
+    result_map = result if isinstance(result, Mapping) else {}
+    transit = result_map.get("transit")
+    transit_map = transit if isinstance(transit, Mapping) else {}
+    present = tuple(
+        field
+        for field in MCP_TRANSIT_FIELDS
+        if field in transit_map and transit_map[field] not in ("", None, {}, [])
+    )
+    missing = tuple(field for field in MCP_TRANSIT_FIELDS if field not in present)
+    return present, missing
+
+
 def _status_from_http(status: int | None, payload: Mapping[str, Any]) -> ProbeStatus:
     if status is None:
         return ProbeStatus.NETWORK_ERROR
@@ -365,7 +384,7 @@ def build_wrangler_runner_evidence(
     blockers: list[str] = []
     if spawn_blocked:
         blockers.append("runner_node_esbuild_spawn_eperm")
-    if not authenticated:
+    if attempted and not authenticated:
         blockers.append("wrangler_auth_not_confirmed")
     if authenticated and not deploy_dry_run_ok:
         blockers.append("wrangler_deploy_dry_run_not_confirmed")
@@ -437,6 +456,7 @@ def execute_live_tool_probe(
         error_code = str(error_value or payload.get("code") or "").strip()
     source_payload_hash = stable_hash({"endpoint": endpoint, "request": body, "status": status})
     source_records_hash = stable_hash({"toolId": tool_id, "payload": _safe_excerpt(payload), "status": probe_status.value})
+    transit_present, transit_missing = _transit_fields(payload)
     return LiveToolProbe(
         tool_id=tool_id,
         endpoint=endpoint,
@@ -449,6 +469,8 @@ def execute_live_tool_probe(
         evidence_id=f"evidence-{source_records_hash[:24]}",
         source_payload_hash=source_payload_hash,
         source_records_hash=source_records_hash,
+        transit_fields_present=transit_present,
+        missing_transit_fields=transit_missing,
         response_excerpt=_safe_excerpt(payload),
         observed_at=utc_now(),
     )
@@ -471,6 +493,8 @@ def build_not_run_probe(tool_id: str, reason: str, *, endpoint: str = MCP_EXECUT
         evidence_id=f"evidence-{source_records_hash[:24]}",
         source_payload_hash=source_payload_hash,
         source_records_hash=source_records_hash,
+        transit_fields_present=(),
+        missing_transit_fields=MCP_TRANSIT_FIELDS,
         response_excerpt={"reason": reason},
         observed_at=utc_now(),
     )
@@ -644,7 +668,16 @@ def build_publication_gate_report(
         (
             *gateway.missing_snippets,
             *wrangler.blockers,
-            *(f"{probe.tool_id}:{probe.status.value}:{probe.error_code}" for probe in probes if not probe.live_ready),
+            *(
+                f"{probe.tool_id}:{probe.status.value}:{probe.error_code}"
+                for probe in probes
+                if probe.status != ProbeStatus.OK or probe.error_code
+            ),
+            *(
+                f"{probe.tool_id}:missing_transit:{','.join(probe.missing_transit_fields)}"
+                for probe in probes
+                if probe.missing_transit_fields and probe.status == ProbeStatus.OK
+            ),
             *alias.blockers,
             *(("git_sync_blocked" if "SEC_E_NO_CREDENTIALS" in git_sync_status else ""),),
         )
@@ -653,6 +686,7 @@ def build_publication_gate_report(
         f"Provider local Mais Humana pronto: {gateway.ready}.",
         f"Wrangler autenticado: {wrangler.authenticated}; deploy dry-run OK: {wrangler.deploy_dry_run_ok}.",
         f"Tools live prontas: {sum(1 for item in probes if item.live_ready)}/{len(probes)}.",
+        f"Probes live com envelope MCP completo: {sum(1 for item in probes if not item.missing_transit_fields)}/{len(probes)}.",
         f"Nome atual: {CURRENT_PROJECT_ID}; canonico recomendado: {CANONICAL_PROJECT_ID}; ownerPlatformId MCP: {DEFAULT_OWNER_PLATFORM_ID}.",
         f"Decisoes de OS avaliadas: {len(decisions)}.",
     )
@@ -762,6 +796,8 @@ def publication_gate_markdown(report: McpPublicationGateReport) -> str:
                 f"  - evidenceId: `{probe.evidence_id}`",
                 f"  - traceId: `{probe.trace_id}`",
                 f"  - auditId: `{probe.audit_id}`",
+                f"  - transit_fields_present: `{', '.join(probe.transit_fields_present) or 'none'}`",
+                f"  - missing_transit_fields: `{', '.join(probe.missing_transit_fields) or 'none'}`",
             ]
         )
     lines.extend(["", "## Politica de nome canonico e aliases", ""])