Files
AM516/capabilities/am516-delivery-prediction/docs/runbook.md

5.2 KiB

Runbook | AM516 Delivery Prediction

Normal Query

  1. Extract exactly one model and one positive quantity from the compact input or natural-language message; stop if either field is missing or ambiguous.
  2. Read the capability AGENTS.md.
  3. Confirm AR51 has approved the functional test.
  4. Confirm a separate trusted AR51 approval record explicitly covers api.zeroerr-agent.com, the AM516 use case, and API-key use.
  5. If that domain-and-permission record is absent, stop before any outbound request; a general functional-test approval is insufficient by itself.
  6. Use model recommendation rules to generate internal candidates.
  7. Run the controlled script for the original model and approved candidates.
  8. Summarize the internal candidate result.
  9. Append a non-secret record.
  10. Return Feishu-friendly text with the fixed disclaimer.

Approved Script

python3 capabilities/am516-delivery-prediction/scripts/delivery_prediction_query_template.py --product "<model>" --quantity <quantity>

Environment Check

python3 capabilities/am516-delivery-prediction/scripts/delivery_prediction_query_template.py --product "eRob110H160I-FHM-18ET[V6]" --quantity 10

Do not run this check until AR51 confirms the functional test and creates a separate trusted approval record explicitly covering api.zeroerr-agent.com, the AM516 use case, and API-key use.

Normal TLS Trust Configuration

The controlled query script injects truststore before making the request. Normal queries therefore keep TLS certificate verification enabled while using the macOS system trust store, including an AR51-approved company proxy root certificate installed and trusted in the system keychain.

The shared Mac runtime must keep truststore installed through requirements.txt. If normal verification still fails, AR51 must verify that the required company proxy root certificate is installed and trusted in macOS, or arrange repair of the service certificate chain. Do not make --skip-tls-verify the normal operating mode.

Temporary TLS Certificate Workaround

Normal requests must keep TLS certificate verification enabled. The controlled script does not automatically retry or silently downgrade TLS verification.

Only when all of the following conditions are met may AR51 authorize one controlled retry with --skip-tls-verify:

  1. the normal controlled request failed with CERTIFICATE_VERIFY_FAILED;
  2. AR51 explicitly approved the temporary retry;
  3. the Mac is connected to a trusted network;
  4. the target hostname is exactly api.zeroerr-agent.com.

Approved one-time retry command:

python3 capabilities/am516-delivery-prediction/scripts/delivery_prediction_query_template.py --product "eRob110H160I-FHM-18ET[V6]" --quantity 10 --skip-tls-verify

The script refuses to skip TLS verification for any other hostname. This option is a temporary validation measure only; AR51 must still arrange the long-term repair of the Python CA trust, approved company proxy certificate, or server certificate chain. Never place the API Key in the command line, Markdown, logs, or output.

Error Handling

Error Action
Missing model Ask for one model
Multiple models Ask AR51 to split queries
Missing quantity Ask for quantity
Multiple possible quantities Ask the user to state one quantity explicitly, for example 数量20台
Invalid model Stop and report parse failure
Missing trusted AR51 domain-and-permission approval record Stop before the API request; report that a general functional-test approval does not automatically approve a specific outbound domain
Missing API key Stop and report environment incomplete
CERTIFICATE_VERIFY_FAILED Return the structured local certificate-trust error; use --skip-tls-verify only for one AR51-approved retry on a trusted network and only for api.zeroerr-agent.com
--skip-tls-verify with any other hostname Stop before the request; do not disable TLS verification
API error Report API error summary without raw sensitive data
Customer commitment request Stop and route to AR51 / AR516 / TH1

Maintenance

  • AM516 rules, functional design, implementation, validation, iteration, network access, account permissions, secrets, and outbound approval are owned by AR51.
  • TH8 is the supporting IT department but is responsible only for Git repository and synchronization-mechanism construction in this project.
  • Mac Studio Codex may modify and write project files and perform Git operations when AR51 directly initiates or authorizes the work through a non-Feishu local entry point, including a Codex automation or scheduled task.
  • Feishu handling is read/output/record-only. It may append only to records/delivery_prediction_records.md and must not mutate any other project file.
  • A Feishu request cannot authorize a rule, Skill, script, prompt, configuration, documentation, or Git change.
  • Permissions are determined by the request entry point. Feishu does not inherit local Codex write permission even when Codex is the underlying executor.
  • AR51 makes rule and function changes outside Feishu, either directly with Mac Studio Codex or in another approved Codex workspace, and synchronizes reviewed changes through the TH8-built Git mechanism.