From 8502bd9f17c763d2a436fced263fb5b32576c45a Mon Sep 17 00:00:00 2001 From: Svrnty Date: Fri, 19 Jun 2026 16:10:15 -0400 Subject: [PATCH] Record BTE provider gateway refresh proof --- ...ion-work-007-provider-gateway-refresh.json | 64 +++++++++++++++++ ...ision-work-007-provider-gateway-refresh.md | 24 +++++++ ...nty_vision_bte_provider_gateway_refresh.py | 71 +++++++++++++++++++ 3 files changed, 159 insertions(+) create mode 100644 docs/goal-runs/bte-product-ready-provider-gateway-refresh/svrnty-vision-work-007-provider-gateway-refresh.json create mode 100644 docs/goal-runs/bte-product-ready-provider-gateway-refresh/svrnty-vision-work-007-provider-gateway-refresh.md create mode 100644 tools/validate_svrnty_vision_bte_provider_gateway_refresh.py diff --git a/docs/goal-runs/bte-product-ready-provider-gateway-refresh/svrnty-vision-work-007-provider-gateway-refresh.json b/docs/goal-runs/bte-product-ready-provider-gateway-refresh/svrnty-vision-work-007-provider-gateway-refresh.json new file mode 100644 index 0000000..0dee318 --- /dev/null +++ b/docs/goal-runs/bte-product-ready-provider-gateway-refresh/svrnty-vision-work-007-provider-gateway-refresh.json @@ -0,0 +1,64 @@ +{ + "schema": "svrnty-vision.bte-product-ready-provider-gateway-refresh-proof.v1", + "timestamp": "2026-06-19T20:08:14Z", + "work_item_id": "SVRNTY-VISION-WORK-007", + "route": "svrnty-vision", + "goal": "Provide bounded provider-gateway health proof for the BTE Product Ready live-effect chain without claiming readiness.", + "approval": { + "name": "BTE Product Ready provider gateway proof refresh", + "expired": true, + "expiry_reason": "first_failed_blocked_effect:bte_provider_call_timeout" + }, + "precondition": { + "bte_expected_url": "http://localhost:8092/healthz", + "initial_host_health_status": "connection_refused" + }, + "gateway_refresh": { + "image": "cortex-os/vision:seed", + "host_port_container": { + "name": "svrnty-vision-bte-proof", + "container_id_prefix": "b25509d4d640", + "mapping": "0.0.0.0:8092->8094/tcp", + "healthz": { + "url": "http://localhost:8092/healthz", + "http_status": 200, + "body_status": "ok", + "version": "0.1.0" + } + }, + "bte_network_namespace_container": { + "name": "svrnty-vision-bte-net-proof", + "container_id_prefix": "a9a916ad2f5c", + "network": "container:bte-rest-mcp-readiness-api", + "env_override": "SVRNTY_VISION_PORT=8092", + "healthz_from_bte_runtime_namespace": { + "url": "http://localhost:8092/healthz", + "http_status": 200, + "body_status": "ok", + "version": "0.1.0" + } + } + }, + "downstream_bte_recheck": { + "readyz": { + "url": "http://localhost:6001/readyz", + "http_status": 200, + "body_status": "Healthy" + }, + "provider_call_result_ref": "../bte/docs/goal-runs/bte-product-ready-provider-gateway-refresh/bte-work-019-provider-gateway-refresh-and-provider-call.json" + }, + "route_validator": { + "command": "python3 tools/validate_svrnty_vision_child.py", + "status": "pass" + }, + "tool_effects": { + "gateway_runtime_started": true, + "provider_call_from_this_route": false, + "profile_exposure_changed": false, + "mcp_registered": false, + "archive_delete_performed": false, + "raw_payload_storage_created": false, + "product_ready_claim_made": false + }, + "status": "gateway_health_proven_provider_call_blocked_downstream" +} diff --git a/docs/goal-runs/bte-product-ready-provider-gateway-refresh/svrnty-vision-work-007-provider-gateway-refresh.md b/docs/goal-runs/bte-product-ready-provider-gateway-refresh/svrnty-vision-work-007-provider-gateway-refresh.md new file mode 100644 index 0000000..104f671 --- /dev/null +++ b/docs/goal-runs/bte-product-ready-provider-gateway-refresh/svrnty-vision-work-007-provider-gateway-refresh.md @@ -0,0 +1,24 @@ +# SVRNTY-VISION-WORK-007 Provider Gateway Refresh + +Status: gateway health proven; downstream BTE provider call blocked. + +Approval: `BTE Product Ready provider gateway proof refresh`. The approval expired after the first failed blocked effect: the bounded BTE provider call timed out at the local VLM backend. + +Proof: + +- `svrnty-vision-bte-proof` started from `cortex-os/vision:seed` and mapped host `8092` to container `8094`. +- `GET http://localhost:8092/healthz`: HTTP `200`, status `ok`, version `0.1.0`. +- `svrnty-vision-bte-net-proof` started from `cortex-os/vision:seed` in the BTE runtime network namespace with `SVRNTY_VISION_PORT=8092`. +- From `bte-rest-mcp-readiness-api`, `GET http://localhost:8092/healthz`: HTTP `200`, status `ok`, version `0.1.0`. +- BTE `GET http://localhost:6001/readyz`: HTTP `200`, status `Healthy`. + +Boundary: + +- No credentials or secrets were read or recorded. +- No Profile Exposure, MCP registration, archive/delete, raw payload storage, release claim, or Product Ready claim happened. +- This route did not call the VLM provider directly. The downstream bounded BTE provider-call result is recorded in BTE proof `bte-work-019`. + +Validator: + +- `python3 tools/validate_svrnty_vision_child.py`: PASS. +- `python3 tools/validate_svrnty_vision_bte_provider_gateway_refresh.py`: PASS. diff --git a/tools/validate_svrnty_vision_bte_provider_gateway_refresh.py b/tools/validate_svrnty_vision_bte_provider_gateway_refresh.py new file mode 100644 index 0000000..37e7ddd --- /dev/null +++ b/tools/validate_svrnty_vision_bte_provider_gateway_refresh.py @@ -0,0 +1,71 @@ +#!/usr/bin/env python3 +"""Validate the Svrnty Vision BTE provider-gateway refresh proof.""" + +from __future__ import annotations + +import json +from pathlib import Path + + +ROOT = Path(__file__).resolve().parents[1] +PROOF = ROOT / "docs/goal-runs/bte-product-ready-provider-gateway-refresh/svrnty-vision-work-007-provider-gateway-refresh.json" +MD = ROOT / "docs/goal-runs/bte-product-ready-provider-gateway-refresh/svrnty-vision-work-007-provider-gateway-refresh.md" + + +def require(condition: bool, errors: list[str], message: str) -> None: + if not condition: + errors.append(message) + + +def main() -> int: + errors: list[str] = [] + proof = json.loads(PROOF.read_text(encoding="utf-8")) + md = MD.read_text(encoding="utf-8") + + require(proof.get("schema") == "svrnty-vision.bte-product-ready-provider-gateway-refresh-proof.v1", errors, "schema") + require(proof.get("work_item_id") == "SVRNTY-VISION-WORK-007", errors, "work_item_id") + require(proof.get("route") == "svrnty-vision", errors, "route") + require(proof.get("approval", {}).get("expired") is True, errors, "approval_expired") + + refresh = proof.get("gateway_refresh", {}) + host = refresh.get("host_port_container", {}).get("healthz", {}) + bte_ns = refresh.get("bte_network_namespace_container", {}).get("healthz_from_bte_runtime_namespace", {}) + require(host.get("http_status") == 200 and host.get("body_status") == "ok", errors, "host_healthz") + require(bte_ns.get("http_status") == 200 and bte_ns.get("body_status") == "ok", errors, "bte_namespace_healthz") + + readyz = proof.get("downstream_bte_recheck", {}).get("readyz", {}) + require(readyz.get("http_status") == 200 and readyz.get("body_status") == "Healthy", errors, "bte_readyz") + + effects = proof.get("tool_effects", {}) + require(effects.get("gateway_runtime_started") is True, errors, "gateway_runtime_started") + for key in ( + "provider_call_from_this_route", + "profile_exposure_changed", + "mcp_registered", + "archive_delete_performed", + "raw_payload_storage_created", + "product_ready_claim_made", + ): + require(effects.get(key) is False, errors, f"forbidden_effect:{key}") + + for snippet in ( + "No credentials or secrets", + "No Profile Exposure", + "raw payload storage", + "Product Ready claim", + "bte-work-019", + ): + require(snippet in md, errors, f"md_missing:{snippet}") + + result = { + "ok": not errors, + "validator": "svrnty-vision-bte-provider-gateway-refresh-v1", + "checked": [str(PROOF.relative_to(ROOT)), str(MD.relative_to(ROOT))], + "errors": errors, + } + print(json.dumps(result, indent=2)) + return 0 if not errors else 1 + + +if __name__ == "__main__": + raise SystemExit(main())