Operate the CMS Platform with evidence in view.

Production deployment status — GCP Cloud Run live, RLS wired (no new screenshots)

The platform now has a managed production deployment path: GCP Cloud Run for backend, CMS, and web; Cloud SQL PG17 via Auth-Proxy unix socket; Upstash Valkey over TLS; Google Secret Manager; and Cloud Run domain mappings for api, www, and admin. This manual update records the deployment state and operator boundary; it does not replace the existing local/manual screenshots.

Resilience & fail-closed hardening (no new screenshots)

A run of backend/test-tier prod-readiness lanes shipped as PRs against dev (#107/#108/#110/#111/#112/#113), hardening the platform's failure behavior with executable chaos & fail-closed coverage and one real wire-up fix. These change backend behavior, not operator screens, so the screenshots below still stand; this is a spec/PR-cited content note, not a fresh-runtime regen. For operators the practical effect is: ingest/payment webhooks dedup safely under concurrent floods, asset upload & AI generation fail closed (no orphan records, no leaked DB connections), and AI-quota enforcement is proven on the real transaction path.

• Webhook-flood dedup under race (REQ-RCC-006, PR #113) — proven on governed PostgreSQL: 8 concurrent IngestMessage for the same provider message → exactly one draft + one log persist; the rest dedup with no orphan. Closes the last adjacent-dependency chaos gap.
• AI-generation transaction leak fixed (PR #110) — an invalid generation type used to return without rolling back its open transaction, slowly leaking pooled DB connections; now fixed and regression-guarded.
• Fail-closed coverage locked (PRs #104/#107/#108) — transaction-scoped AI-quota enforcement, GraphRAG degrade-when-embedding-provider-down, and asset storage-down fail-closed (no orphan asset record).
• Decision-logic coverage (PRs #111/#112) — recommendation ranking (behavior-weight × time-decay) and MCP connection-pool LRU eviction, both previously unguarded.

Production-readiness hardening (no new screenshots)

A backend/config-tier hardening lane shipped as PR #71 against dev, promoted from a repo-wide mock/stub/false-green audit (prod-readiness-wireup-hardening). It changes security/wire-up behavior, not operator screens, so the screenshots below still stand; this is a spec/PR-cited content note, not a fresh-runtime regen.

• Per-tenant DB connections now fail closed in production. Site (tenant) database connections previously could fall back to default credentials and non-TLS in production; they now reject default user/password and require TLS (require/verify-ca/verify-full) when ENV=production, matching the platform-DB validation. Dev/local behavior unchanged.
• AI provider keys are server-only. The CMS no longer reads NEXT_PUBLIC_*_API_KEY (which would ship secrets in the browser bundle); generation routes through the backend BYOK path, and the admin endpoint fallback now fails closed on Vercel-style production markers.
• Real-dependency health proof. An empty placeholder test was replaced with a real chaos/resilience test proving a downed Postgres surfaces as HTTP 503 (unhealthy), bounded (no hang).
• Docs reconciled. Module guides that under-stated implemented OAuth (Google/Facebook/Microsoft/Cognito + SAML + LDAP), storage (S3/GCS/Azure/R2/local), and real data-binding maturity were corrected.
• Reliability proven under fault injection (PRs #72–#74). New chaos/resilience tests prove the platform degrades gracefully and bounded, never hangs: connection-pool exhaustion stays within its limit and recovers; a transient tenant-database outage is not cached and routing self-heals when the DB returns; and a hung AI provider fails with a bounded, typed error (finite client timeout).
• Input sanitizer + fail-closed guards locked (PRs #75–#77). The name→tenant-ID/database-name sanitizer and the production credential/TLS fail-closed guards gained property-based + wiring tests so a future change can't silently weaken the only thing standing between user input and a database name, or re-open an insecure connection path.

Payments / Donations / E-commerce (browser-proven)

A generic, site-scoped payment / donation / e-commerce module shipped as PR #86 against dev (payment-plugin). Donation is one purpose preset of a generic Payment* core. Below is the live donor page rendered from DB-driven page data against the real backend.

Public donor form — PaymentForm (DB-driven)

The seeded NAELT /site/naelt/support/donate page renders the generic PaymentForm (the donation-form manifest preset) entirely from DB page data: preset amounts, custom amount, payer fields, and a provider-driven submit (Stripe redirect / 藍新金流 NewebPay form-post). No secrets touch the browser — the server resolves the site's BYOK provider by siteID.

Evidence Source: governed multi-tenant web env, real backend (MSW off), Playwright 2/2. Coverage Tier: browser-full-integration. Readiness State: PASS for DB→manifest→PaymentForm render + live seeded presets; NO live external-provider settlement.

CMS admin — Donation & Payment + Products & Services

The CMS Settings page gains a Donation & Payment tab (provider catalog, guided setup wizard, masked BYOK secret rotate, donation/order list + ezPay 電子發票 status) and a Products & Services tab (catalog CRUD, SKU variations, Udemy-style digital-content authoring: public preview vs paid). Admin GraphQL is RBAC-gated (site.payment.* / site.catalog.*).

Evidence Source: governed cms-e2e bundle, real /api/auth/login + real GraphQL (MSW off), Playwright 3/3 (live provider catalog, catalog tab, viewer-denied). Coverage Tier: browser-full-integration. Readiness State: PASS for admin tabs; admin-initiated refund + live settlement are residual (ISSUE_LOG.md PAY-REFUND-001).

Capability 8 — Payments / Donations / E-commerce. Generic public createPaymentCheckout(purpose) + provider-registry drivers (Stripe Checkout one-time + subscription; 藍新金流 NewebPay MPG 2.0 + 定期定額) + ezPay 電子發票 auto-issue + BYOK per-site secrets + product/service catalog + digital entitlements (auto-grant on paid, fail-closed access); the donation-form page-builder component renders the generic PaymentForm; one mount switch PAYMENT_MODULE_ENABLED. Authority: .agents/specs/payment-plugin/review.md, PR #86.

Platform Capabilities — End-to-End Examples

Detailed, contract-grounded worked examples for the platform's authoring & runtime capabilities, using the showcase tenant as the canonical example (its home + a /components gallery page exercise all 11 page-builder components). Evidence tier: illustrative worked examples grounded in real GraphQL/route/manifest contracts — backend/CLI-lane evidence (commands & payloads), not live-demo screenshots; claim-cap per capability below. Authority for readiness remains each spec's review.md.

1. Page Builder (manifest-driven, DB-backed, no rebuild)

Pages are arrays of sections; each section names a component from the component-manifest SSOT (componentManifests GraphQL ← backend/internal/componentmanifest/manifests.json) plus its props. The CMS Pages builder edits sections and saves the whole section array via updatePageSections(id, sections: [JSON!]!). Public routes are force-dynamic, so adding an already-registered component to a page is DB-data-only — no image rebuild.

# Showcase home is built from these manifest-backed sections (backend/seeds/showcase-pages.json):
HeroSection · FeatureGrid · ContentList · EventSection · ImpactStats · CTASection
# The /components gallery page additionally demonstrates:
ResourceGrid · ContentSection · EnhancedContentList · EnhancedEventCalendar

# Save an edited page (full-array replace) — from the CMS page builder:
mutation { updatePageSections(id: "<pageId>", sections: [ /* the full ordered section array */ ]) { id } }

Claim-cap: manifest-validated section authoring; adding registered components is runtime-proven DB-only. NOT a new-component rebuild path. Authority: shadcn-component-library-a2ui-authoring/review.md.

2. AI Content Generation (backend BYOK)

Generation runs server-side through generateAIContent(prompt, providerId); the CMS never holds provider secrets in the browser (see the 2026-06-18 security hardening). Each site declares its own provider profiles (Google Vertex/Gemini, AWS Bedrock, Azure AI/OpenAI, OpenAI, Anthropic, TensorZero, OpenCode) with BYOK secret metadata + a usage ledger.

mutation { generateAIContent(prompt: "Draft a launch blog post about our new studio", providerId: "") { content model tokensUsed } }
# providerId "" = use the site's default profile; the backend resolves the BYOK key, never the browser.

Claim-cap: backend-routed generation contract; NO live external-provider call in this manual. Authority: site-byok-ai-provider-settings/review.md.

3. Content Management (types · draft/publish · submissions · RBAC)

Content is modeled by content types and moves through a draft → published → unpublished status lifecycle (status-scoped listing). Public forms submit into a governed submission workflow (submit → approve/reject) reviewed in the CMS. Every operation is permission-checked (e.g. site.content.*, site.social.read/manage).

# Public site form section (showcase /contact) → backend-issued submissionId → CMS review queue (approve/reject).
# Content list/detail pages render DB content by contentType (article/event) via ContentList/ContentSection.

Claim-cap: draft/publish breadth + submission workflow proven at unit/backend tier (LAUNCH-007); CMS review is backend-backed where the governed bundle runs.

4. MCP & Agent-Friendly Surfaces

Each site exposes agent-friendly read surfaces: a Model Context Protocol endpoint at /mcp (list/get/search contents), an MCP discovery doc at /.well-known/mcp.json, and per-site + platform llms.txt. Non-VIP tenants' reads are confined by D2 Row-Level Security (routed non-superuser role) when SCHEMA_TIER_APP_USER is enabled.

# Discover + read a site over MCP (HTTP/JSON-RPC):
GET /.well-known/mcp.json        # server description
POST /mcp  → tools: list_contents(site) · get_content(site, slug) · search_contents(site)
GET /site/showcase/llms.txt      # agent-friendly site summary

Claim-cap: /mcp read path is backend-backed on the full local stack + RLS-confined as a non-superuser role on governed PG; cloud-deploy/UAT remains owner/infra (SPTR-LIVE-WIRING-001). Authority: schema-per-tenant-routing-rls/review.md.

5. Agent Skills (per-site declarative skill templates)

Sites define declarative skill/prompt templates (internal/skilltmpl; seeds skills-platform.json/skills-naelt.json) used to convert/optimize content — no script/code execution, no sandbox. Templates are versioned and managed via upsertSkillTemplate (create ⇒ v1; update ⇒ version bump; published templates immutable; cross-site fail-closed; @requirePermission("site.social.manage")).

mutation { upsertSkillTemplate(input: { id: 0, kind: "post-conversion", name: "LINE→blog", body: "..." }) { id version kind } }
# id:0 → creates version 1; id>0 → updates + bumps version.

Claim-cap: declarative template contract (no code execution); service + RBAC proven at enttest tier. Authority: messaging-ingest-social-publishing/review.md.

6. A2UI (agent-authored pages via the manifest)

The A2UI agent (backend/internal/adk) authors page-builder sections from the same component-manifest catalog, gated by a manifest-validation step + a design-contract no-invented-facts honesty boundary + an untrusted-content boundary. It proposes manifest-valid sections that you save through the normal updatePageSections path — so agent output is held to the exact same contract as human page-builder edits.

# A2UI flow: catalog prompt (componentManifests) → agent proposes sections → manifest validation gate
#            → design-contract honesty check → human review → updatePageSections(save).

Claim-cap: manifest-validated authoring + honesty boundary proven at unit/contract + dev-web browser tier; NO live-LLM round-trip claim. Authority: shadcn-component-library-a2ui-authoring/review.md.

7. Social Media — Complete Flow (ingest → AI convert → review → publish)

A platform-agnostic, integration-first pipeline (messaging-ingest-social-publishing): inbound messages arrive on a single canonical webhook, are normalized, converted to a post draft via the site's AI provider + a declarative skill template, queued for review, then published through pluggable publisher drivers. Site-scoped RBAC throughout (site.social.read/manage/publish/secret); secrets are site-BYOK.

# 1) INGEST — providers self-register; one canonical inbound route per platform/site:
POST /api/webhooks/messaging/{platform}/{site}    # e.g. line, telegram, whatsapp (signature-verified, fail-closed)

# 2) CONVERT — normalized message → post draft via SiteAIProviderResolver + per-site skill template (no sandbox).
# 3) REVIEW — draft sits in the CMS "Messaging & Social" review queue:
mutation { updatePostDraft(input: { id: "<draftId>", blocks: [...], metadata: {...} }) { id status version } }   # published drafts are immutable
# 4) PUBLISH — through a pluggable SocialPublisher driver (e.g. Facebook Graph):
mutation { publishPostDraft(id: "<draftId>") { id status } }   # @requirePermission("site.social.publish")

Claim-cap: repo-local integrated feature + governed cms-e2e backend-backed Messaging & Social browser smoke (T16.6); NO real LINE/Telegram/WhatsApp delivery, real Facebook publish, real OAuth, or live-AI quality. Authority: messaging-ingest-social-publishing/review.md.

Backend lanes shipped since this pass (no new screenshots)

Two backend/API-tier lanes shipped as PRs against dev after the 2026-06-16 runtime capture below. They add backend behavior, not new operator screens, so the screenshots on this page still stand; this is a spec/PR-cited content note, not a fresh-runtime regen.

• Spawn now provisions the VIP database (PR #68). Previously a spawned VIP site was a control-plane record pointing at a database that did not exist (which is why earlier backup proofs had to hand-create cms_showcase). SpawnSite now creates the physical cms_<slug> database and migrates the schema into it for VIP sites; a non-VIP (SCHEMA/D2) site stays record-only by design. Fail-closed: if provisioning fails the site record is rolled back, so no dangling registry entry is left.
• Messaging & Social draft/template editing API (PR #69). The updatePostDraft (edit a draft's blocks/metadata before publish — a published post is immutable) and upsertSkillTemplate (create, or update + version-bump, a skill template) GraphQL operations are now implemented, both gated on the site.social.manage permission. The in-CMS editor UI for these is a tracked follow-up.