- add batch-scoped reconcile_runs persistence and queries - route batch detail and reconcile writes through batch_id/host_id - refresh production boards with host-scope acceptance artifacts - include latest real-host acceptance evidence for self_service and subscription
32 lines
2.0 KiB
Markdown
32 lines
2.0 KiB
Markdown
# 2026-05-18 redeploy host validation
|
|
|
|
Host redeploy
|
|
- Host root: /tmp/sub2api-host-validation-redeploy
|
|
- Secure credentials file: /tmp/sub2api-host-validation-redeploy/credentials.env
|
|
- Secure init note: /tmp/sub2api-host-validation-redeploy/INIT.md
|
|
- App URL: http://127.0.0.1:18087
|
|
- CRM validation server URLs: http://127.0.0.1:18088 and http://127.0.0.1:18089
|
|
|
|
Initialization facts
|
|
- Admin email is fixed as admin@sub2api.local
|
|
- This redeploy used an explicit ADMIN_PASSWORD (stored only in credentials.env), not auto-generated-once logging
|
|
- Fresh host init did not create normal users; Hermes created dedicated relay-self / relay-sub ordinary users after admin login
|
|
|
|
Verification matrix
|
|
1. Fresh self_service import with ordinary user key still failed initially
|
|
- Evidence: 01-self-import-initial.json / 02-self-access-preview-initial.json / 03-self-access-status-initial.json
|
|
- Result: /v1/models returned 403 while the key had no group binding and the user had zero balance
|
|
2. After binding the ordinary self key to the imported standard group and setting user balance=10
|
|
- Evidence: 04-self-after-balance.headers.txt / 05-self-after-balance.body.json
|
|
- Result: /v1/models returned 200
|
|
3. For subscription validation, Hermes created a dedicated subscription-type group by copying accounts from the imported openai group, assigned a subscription to the ordinary relay-sub user, then bound the relay-sub key to that group
|
|
- Evidence: 08-subscription-group-state.json
|
|
- Result: /v1/models returned 200 with zero user balance
|
|
- Evidence: 06-subscription-after-assign.headers.txt / 07-subscription-after-assign.body.json
|
|
|
|
Conclusion
|
|
- Fresh host initialization alone is insufficient; ordinary users and their keys must be created explicitly
|
|
- Probe success depends on the full tuple: ordinary user + key/group binding + a valid billing path
|
|
- For standard/self_service groups, a funded user balance was required in this redeploy
|
|
- For subscription groups, an active user subscription plus key/group binding was sufficient in this redeploy
|