{ "ok": true, "scope": "deployment_readiness_repository_preview", "status": "blocked_before_live_deployment_readiness_repository", "date": "2026-06-18", "repository": { "code": "deployment_readiness_repository", "status": "preview_deployment_readiness_repository_ready", "repositoryKind": "admin_readiness_read_model", "readMethods": [ "listDomainRecords", "getHttpsCertificatePlan", "getSubdomainRoutingPlan", "getPaymentCallbackUrls", "getDomesticAccessCheckPlan", "getServerEnvironmentReadiness", "getRollbackReadiness" ], "writeMethods": [ "recordDnsVerificationFuture", "recordHttpsVerificationFuture", "attachDomesticAccessEvidenceFuture", "recordRollbackDrillFuture" ], "liveTables": [ "deployment_domain_records_future", "deployment_https_certificates_future", "deployment_access_checks_future", "deployment_release_events_future", "deployment_rollback_drills_future" ], "transactionBoundary": "deployment_evidence_can_only_upgrade_after_dns_https_server_and_callback_checks_pass", "idempotencyKey": "deploymentTarget:verificationKind:evidenceId", "promotionGate": "dns_https_subdomains_callbacks_domestic_access_and_rollback_evidence_ready" }, "request": { "focus": "dns_https", "primaryDomain": "wfais.com" }, "accessContext": { "cloudflareAccountPermissionStatus": "partial_collaboration_granted_2026_06_18_dns_related_permissions", "dnsPermissionMeaning": "can_prepare_or_verify_dns_records_after_login_but_records_are_not_proven_ready_here", "serverTarget": "hong_kong_cvm_reference_from_deploy_docs", "domesticUserAccessGoal": "hong_kong_server_plus_overseas_domain_should_be_smoked_from_cn_networks_before_claiming_ready" }, "domainRecordReadModel": { "method": "listDomainRecords", "source": "cloudflare_dns_records_future", "rows": [ { "code": "main", "hostname": "wfais.com", "intendedSurface": "public_marketing_and_pay_review", "recordType": "A_or_CNAME_after_cloudflare_review", "targetRef": "wanfeng_hk_cvm_public_ip_reference", "targetValueStatus": "redacted_from_public_preview", "status": "ready_requires_manual_evidence" }, { "code": "chat", "hostname": "chat.wfais.com", "intendedSurface": "h5_role_chat", "recordType": "A_or_CNAME_after_cloudflare_review", "targetRef": "wanfeng_hk_cvm_public_ip_reference", "targetValueStatus": "redacted_from_public_preview", "status": "blocked_before_chat_subdomain_verification" }, { "code": "admin", "hostname": "admin.wfais.com", "intendedSurface": "admin_console", "recordType": "A_or_CNAME_after_cloudflare_review", "targetRef": "wanfeng_hk_cvm_public_ip_reference", "targetValueStatus": "redacted_from_public_preview", "status": "blocked_before_admin_subdomain_and_auth_smoke" }, { "code": "api", "hostname": "api.wfais.com", "intendedSurface": "server_api_and_payment_notify", "recordType": "A_or_CNAME_after_cloudflare_review", "targetRef": "wanfeng_hk_cvm_public_ip_reference", "targetValueStatus": "redacted_from_public_preview", "status": "blocked_before_api_subdomain_and_callback_smoke" } ] }, "httpsCertificatePlan": { "method": "getHttpsCertificatePlan", "status": "ready_requires_manual_evidence", "certificateStrategy": "letsencrypt_san_or_cloudflare_origin_cert_after_dns_records_verify", "hostnames": [ "wfais.com", "chat.wfais.com", "admin.wfais.com", "api.wfais.com" ], "expectedServerFiles": [ "/etc/letsencrypt/live/wfais.com/fullchain.pem", "/etc/letsencrypt/live/wfais.com/privkey.pem" ], "requiredEvidence": [ "dns_records_resolve_to_target_from_public_network", "https_200_or_expected_auth_status_for_main_chat_admin_api", "certificate_chain_valid_in_browser", "renewal_or_reissue_runbook_reviewed" ], "blockers": [ "https_certificate_not_issued_or_not_verified", "renewal_smoke_not_run", "admin_https_auth_smoke_not_passed" ], "boundaries": [ "does_not_issue_certificate", "does_not_write_nginx_config", "does_not_open_public_admin_without_auth" ] }, "subdomainRoutingPlan": { "method": "getSubdomainRoutingPlan", "status": "blocked_before_nginx_and_public_smoke", "source": "server/deploy/nginx-wanfeng.conf.example", "routes": [ { "hostname": "wfais.com", "expectedPath": "/", "expectedResult": "public_site_200" }, { "hostname": "chat.wfais.com", "expectedPath": "/chat", "expectedResult": "h5_shell_200" }, { "hostname": "admin.wfais.com", "expectedPath": "/admin", "expectedResult": "admin_shell_200_but_api_protected" }, { "hostname": "api.wfais.com", "expectedPath": "/api/healthz", "expectedResult": "api_health_200" } ], "blockers": [ "nginx_live_config_not_verified", "public_subdomain_smoke_not_run", "admin_api_auth_status_not_verified_on_https" ] }, "paymentCallbackPlan": { "method": "getPaymentCallbackUrls", "status": "blocked_before_payment_provider_domain_and_https_review", "candidateUrls": [ { "provider": "kacapa_damayi", "purpose": "notify_url", "url": "https://api.wfais.com/api/v1/payments/kacapa/notify", "status": "route_gate_ready_but_provider_not_configured_and_live_payment_blocked" }, { "provider": "kacapa_damayi", "purpose": "return_url", "url": "https://chat.wfais.com/pay/result", "status": "candidate_result_page_not_payment_proof" }, { "provider": "kacapa_damayi", "purpose": "server_create_gate", "url": "https://api.wfais.com/api/v1/payments/kacapa/create", "status": "route_gate_ready_but_does_not_call_provider" }, { "provider": "kacapa_damayi", "purpose": "server_query_gate", "url": "https://api.wfais.com/api/v1/payments/kacapa/query", "status": "route_gate_ready_but_does_not_call_provider" }, { "provider": "alipay_h5", "purpose": "notify_url", "url": "https://api.wfais.com/api/v1/payments/alipay-h5/notify", "status": "candidate_not_configured_at_provider" }, { "provider": "alipay_h5", "purpose": "return_url", "url": "https://chat.wfais.com/payment/result", "status": "candidate_not_configured_at_provider" }, { "provider": "shangfutong_or_shouyinbei", "purpose": "notify_url", "url": "https://api.wfais.com/api/v1/payments/provider/notify", "status": "reserved_until_provider_docs_and_credentials_arrive" } ], "requiredEvidence": [ "provider_appid_or_merchant_id", "provider_callback_domain_review_result", "https_notify_endpoint_publicly_reachable", "signature_or_query_verification_smoke", "idempotent_entitlement_grant_test" ], "blockers": [ "payment_provider_credentials_missing", "callback_domain_not_registered_or_not_reviewed_at_provider", "https_notify_url_not_verified", "provider_notify_signature_test_not_run" ], "boundaries": [ "return_url_is_not_payment_proof", "does_not_create_real_payment_order", "does_not_call_payment_provider" ] }, "domesticAccessPlan": { "method": "getDomesticAccessCheckPlan", "status": "blocked_before_multi_network_smoke", "hostingAssumption": "hong_kong_server_plus_overseas_domain_for_domestic_user_access", "checkTargets": [ "https://wfais.com/", "https://chat.wfais.com/chat", "https://admin.wfais.com/admin", "https://api.wfais.com/api/healthz" ], "networksToSample": [ "china_mobile_or_phone_hotspot", "china_unicom_or_phone_hotspot", "china_telecom_or_home_broadband", "frank_local_browser", "server_localhost_health" ], "requiredEvidence": [ "status_code_or_browser_screenshot", "dns_resolve_time", "https_handshake_result", "first_screen_visible_for_main_and_chat", "admin_api_stays_protected" ], "blockers": [ "domestic_access_smoke_not_run", "dns_resolution_from_cn_network_not_verified", "mobile_browser_h5_first_screen_not_verified", "admin_auth_public_exposure_not_checked" ], "boundaries": [ "does_not_claim_icp_or_mainland_hosting_ready", "does_not_bypass_required_compliance_review", "does_not_mark_site_launch_complete" ] }, "serverEnvironmentPlan": { "method": "getServerEnvironmentReadiness", "status": "ready_requires_manual_evidence", "deployTargets": [ { "code": "app_dir", "path": "/opt/wanfeng/current/server", "status": "expected_not_verified_in_this_preview" }, { "code": "shared_env", "ref": "server_secret_env_file_reference", "status": "expected_not_read_or_returned" }, { "code": "systemd_service", "name": "wanfeng-ai.service", "status": "expected_not_verified_in_this_preview" }, { "code": "nginx_site", "source": "server/deploy/nginx-wanfeng.conf.example", "status": "template_only_not_live_config" } ], "requiredEvidence": [ "server_healthz_on_localhost", "systemd_active_status", "nginx_config_test_passed", "public_https_smoke", "redacted_env_key_presence_check" ], "blockers": [ "production_release_not_deployed", "server_env_key_presence_not_verified", "systemd_and_nginx_live_status_not_verified", "public_health_smoke_not_run" ], "boundaries": [ "does_not_read_env_file", "does_not_return_database_url_or_api_keys", "does_not_restart_service" ] }, "rollbackPlan": { "method": "getRollbackReadiness", "status": "blocked_before_live_rollback_drill", "rollbackTargets": [ "previous_server_release_directory", "nginx_previous_config_or_backup", "database_backup_snapshot_before_migration", "payment_provider_disable_or_safe_block_switch", "model_provider_disable_or_safe_block_switch" ], "requiredEvidence": [ "release_version_recorded", "backup_snapshot_id_recorded_without_secret", "rollback_command_dry_run_or_drill", "post_rollback_health_check", "manual_approval_actor_and_reason" ], "blockers": [ "rollback_runbook_not_verified_against_live_stack", "database_backup_snapshot_missing", "payment_and_model_safe_block_switch_not_verified", "post_rollback_health_check_not_defined" ], "boundaries": [ "does_not_run_rollback", "does_not_touch_live_database", "does_not_change_provider_status" ] }, "evidenceRules": { "cannotUpgradeWithout": [ "cloudflare_dns_records_verified_for_main_chat_admin_api", "https_certificate_valid_for_all_public_hosts", "nginx_public_routing_smoke_passed", "payment_notify_domain_verified_before_real_payment", "domestic_access_smoke_evidence_attached", "production_env_key_presence_checked_without_returning_secrets", "rollback_drill_or_review_evidence_attached" ], "customerVisibleBoundary": "do_not_present_dns_permission_or_preview_contract_as_site_launched" }, "blockers": [ "dns_records_not_verified", "https_certificate_not_issued_or_not_verified", "chat_admin_api_subdomains_not_verified", "payment_callback_domain_not_verified", "domestic_access_smoke_not_run", "production_release_not_deployed", "rollback_drill_not_verified", "renewal_smoke_not_run", "admin_https_auth_smoke_not_passed", "nginx_live_config_not_verified", "public_subdomain_smoke_not_run", "admin_api_auth_status_not_verified_on_https", "payment_provider_credentials_missing", "callback_domain_not_registered_or_not_reviewed_at_provider", "https_notify_url_not_verified", "provider_notify_signature_test_not_run", "dns_resolution_from_cn_network_not_verified", "mobile_browser_h5_first_screen_not_verified", "admin_auth_public_exposure_not_checked", "server_env_key_presence_not_verified", "systemd_and_nginx_live_status_not_verified", "public_health_smoke_not_run", "rollback_runbook_not_verified_against_live_stack", "database_backup_snapshot_missing", "payment_and_model_safe_block_switch_not_verified", "post_rollback_health_check_not_defined" ], "nextStep": "use Cloudflare DNS access to verify records, then run HTTPS, subdomain, payment callback, domestic access, server health, and rollback evidence checks before any launch status upgrade", "boundaries": [ "deployment_readiness_repository_preview_only", "does_not_write_cloudflare_dns", "does_not_issue_https_certificate", "does_not_deploy_production_business", "does_not_open_public_admin", "does_not_call_payment_provider", "does_not_call_model_provider", "does_not_write_production_database", "does_not_return_server_secrets_or_env_values", "does_not_mark_customer_acceptance_complete" ] }