Personal Production v1 business workflow

[Marvinxtuc]

目标

• Deliver SignalForge Personal Production v1 business workflow from onboarding to report export.
• Keep Settings as an env-status workspace only: no secret persistence, no credential CRUD, no new encryption dependency.
• Stabilize mock data so local workflow does not depend on real platform tokens or real LLM calls.
• Add validator and Playwright evidence for project -> keywords -> mock collection -> processing -> signals -> opportunities -> reports.

非目标

• No production SaaS launch approval.
• No automatic merge.
• No branch deletion.
• No credential encryption/storage migration.
• No secret CRUD or writes to PlatformCredential.encrypted_payload.
• No use of old Cloudflare/token URLs as release evidence.

E2E 结果

Local business workflow: PASS.

• docker compose -f infra/docker-compose.yml config: PASS
• docker compose -f infra/docker-compose.yml build: PASS with non-blocking buildx warning
• docker compose -f infra/docker-compose.yml up -d: PASS
• python3 scripts/wait_for_services.py: PASS
• docker compose -f infra/docker-compose.yml run --rm api alembic upgrade head: PASS
• docker compose -f infra/docker-compose.yml run --rm api pytest: PASS, 128 passed
• docker compose -f infra/docker-compose.yml run --rm web npm run build: PASS
• python3 scripts/validate_no_secrets.py: PASS
• python3 scripts/validate_frontend_mvp.py --require-http: PASS
• python3 scripts/validate_personal_workflow.py: PASS
• python3 scripts/validate_report_business_value.py: PASS
• python3 scripts/validate_source_traceability.py: PASS
• docker compose -f infra/docker-compose.yml run --rm api python /app/scripts/validate_connector_abstraction.py: PASS
• docker compose -f infra/docker-compose.yml run --rm api python /app/scripts/validate_backend_api.py: PASS after CSV header validator alignment
• python3 scripts/validate_release_freeze.py --mode ci: PASS after GitHub checkout history fix
• cd apps/web && npx playwright install --with-deps chromium: PASS
• cd apps/web && npm run test:e2e: PASS, 1 passed
• python3 scripts/validate_external_smoke.py --url "$SIGNALFORGE_EXTERNAL_SMOKE_URL" --check-api: PASS using a current temporary Cloudflare Tunnel URL with no sf_token

GitHub CI on latest head 110ccf2: PASS.

• docker-smoke: PASS
• docs-sop: PASS
• phase-1-data-model: PASS
• phase-6-frontend-mvp: PASS
• phase-7-release-readiness: PASS

External smoke: PASS.

• External page reachable through current temporary Cloudflare Tunnel.
• Same-origin /api/health returned HTTP 200.
• Same-origin /api/projects?page_size=1 returned HTTP 200.
• Same-origin /api/settings/platforms returned HTTP 200.
• Smoke URL contained no sf_token or secret query value.
• Temporary tunnel evidence is readiness smoke only, not production hosting approval.

Subagent 报告清单

• implementation_scope.md: PASS, PM scope evidence complete.
• architecture_plan.md: PASS with external smoke now satisfied by final release evidence.
• backend_change_report.md: PASS.
• frontend_change_report.md: PASS.
• data_workflow_report.md: PASS after mock expectation alignment.
• qa_test_report.md: PASS for local workflow.
• security_review.md: PASS for local personal production scope and no secret exposure.
• external_smoke_report.md: PASS.
• blocking_issue.md: PPV1-BLOCKER-001 RESOLVED.
• known_limitations.md: reviewed.
• git_release_report.md: PASS for PR/CI/external smoke evidence.
• cto_review_report.md: final decision GO_FOR_PERSONAL_PRODUCTION_V1_READY_TO_MERGE.

READY_TO_MERGE

READY_TO_MERGE: true

Final decision: GO_FOR_PERSONAL_PRODUCTION_V1_READY_TO_MERGE.