wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 4 Packages Projects Releases Wiki Activity

feat(governance): 定義 Agent 主動營運委派契約
Some checks failed
CD Pipeline / tests (push) Successful in 1m26s
Details
Code Review / ai-code-review (push) Successful in 14s
Details
CD Pipeline / post-deploy-checks (push) Has been cancelled
Details
CD Pipeline / build-and-deploy (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Your Name
2026-06-11 12:18:23 +08:00
parent 4231fd3acf
commit 0f9f341afc
10 changed files with 1575 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
apps/api/src/api/v1/agents.py
View File

@@ -55,6 +55,9 @@ from src.services.ai_agent_communication_learning_contract import (
from src.services.ai_agent_deployment_layout import (
load_latest_ai_agent_deployment_layout,
)
from src.services.ai_agent_proactive_operations_contract import (
load_latest_ai_agent_proactive_operations_contract,
)
from src.services.ai_provider_route_matrix import (
load_latest_ai_provider_route_matrix,
)
@@ -554,6 +557,33 @@ async def get_agent_communication_learning_contract() -> dict[str, Any]:
) from exc
@router.get(
"/agent-proactive-operations-contract",
response_model=dict[str, Any],
summary="取得 AI Agent 主動營運委派與版本生命週期契約",
description=(
"讀取最新已提交的 AI Agent 主動營運、版本生命週期、可委派能力、MCP、RAG 與 Telegram 邊界契約;"
"此端點不啟用排程、不升級套件、不更新主機、不 pull image、不 auto merge、不送 Telegram、"
"不呼叫付費服務、不修改生產路由。"
),
)
async def get_agent_proactive_operations_contract() -> dict[str, Any]:
"""Return the latest read-only AI Agent proactive operations contract."""
try:
return await asyncio.to_thread(load_latest_ai_agent_proactive_operations_contract)
except FileNotFoundError as exc:
raise HTTPException(
status_code=status.HTTP_404_NOT_FOUND,
detail=str(exc),
) from exc
except (json.JSONDecodeError, ValueError) as exc:
logger.error("ai_agent_proactive_operations_contract_invalid", error=str(exc))
raise HTTPException(
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail="AI Agent 主動營運委派與版本生命週期契約無效",
) from exc
@router.get(
"/runtime-surface-inventory",
response_model=dict[str, Any],

154
apps/api/src/services/ai_agent_proactive_operations_contract.py Normal file
View File

@@ -0,0 +1,154 @@
"""
AI Agent proactive operations and version lifecycle contract snapshot.
Loads the latest committed, read-only contract for work that OpenClaw,
Hermes, and NemoTron may proactively perform across version lifecycle,
operations, security, backup, observability, cost, UI smoke, and learning
loops. This module never updates versions, installs tools, enables schedules,
sends Telegram messages, pulls images, mutates hosts, or changes production.
"""
from __future__ import annotations
import json
from pathlib import Path
from typing import Any
from src.services.snapshot_paths import default_evaluations_dir
_DEFAULT_EVALUATIONS_DIR = default_evaluations_dir(Path(__file__))
_SNAPSHOT_PATTERN = "ai_agent_proactive_operations_contract_*.json"
_SCHEMA_VERSION = "ai_agent_proactive_operations_contract_v1"
def load_latest_ai_agent_proactive_operations_contract(
evaluations_dir: Path | None = None,
) -> dict[str, Any]:
"""Load the newest committed AI Agent proactive operations contract."""
directory = evaluations_dir or _DEFAULT_EVALUATIONS_DIR
candidates = sorted(directory.glob(_SNAPSHOT_PATTERN))
if not candidates:
raise FileNotFoundError(
f"no AI Agent proactive operations contract snapshots found in {directory}"
)
latest = candidates[-1]
with latest.open(encoding="utf-8") as handle:
payload = json.load(handle)
if not isinstance(payload, dict):
raise ValueError(f"{latest}: expected JSON object")
_require_schema(payload, _SCHEMA_VERSION, str(latest))
_require_read_only_boundaries(payload, str(latest))
_require_rollup_consistency(payload, str(latest))
_require_delegation_safety(payload, str(latest))
return payload
def _require_schema(payload: dict[str, Any], expected: str, label: str) -> None:
actual = payload.get("schema_version")
if actual != expected:
raise ValueError(f"{label}: expected schema_version={expected}, got {actual!r}")
def _require_read_only_boundaries(payload: dict[str, Any], label: str) -> None:
program_status = payload.get("program_status") or {}
if program_status.get("read_only_mode") is not True:
raise ValueError(f"{label}: program_status.read_only_mode must be true")
if program_status.get("runtime_authority") != "contract_only_no_version_or_runtime_update":
raise ValueError(
f"{label}: runtime_authority must stay contract_only_no_version_or_runtime_update"
)
boundaries = payload.get("approval_boundaries") or {}
blocked_flags = {
"runtime_version_update_allowed",
"package_upgrade_allowed",
"host_upgrade_allowed",
"container_pull_allowed",
"workflow_schedule_enabled",
"auto_merge_allowed",
"telegram_direct_send_allowed",
"secret_plaintext_allowed",
"paid_external_service_allowed",
"production_route_change_allowed",
}
allowed = sorted(flag for flag in blocked_flags if boundaries.get(flag) is not False)
if allowed:
raise ValueError(f"{label}: approval boundaries must remain false: {allowed}")
def _require_rollup_consistency(payload: dict[str, Any], label: str) -> None:
rollups = payload.get("rollups") or {}
expected_counts = {
"version_domain_count": len(payload.get("version_lifecycle_domains") or []),
"delegable_capability_count": len(payload.get("delegable_capabilities") or []),
"cadence_count": len(payload.get("cadence_matrix") or []),
"mcp_tool_count": len(payload.get("mcp_tool_requirements") or []),
"rag_memory_count": len(payload.get("rag_memory_contract") or []),
"rollout_task_count": len(payload.get("rollout_tasks") or []),
}
mismatched = {
key: {"expected": expected, "actual": rollups.get(key)}
for key, expected in expected_counts.items()
if rollups.get(key) != expected
}
if mismatched:
raise ValueError(f"{label}: rollup counts must match payload sections: {mismatched}")
auto_execute_allowed_count = sum(
1
for capability in payload.get("delegable_capabilities") or []
if capability.get("automation_level") in {"L4_execute_after_human_approval", "L5_auto_execute"}
)
if rollups.get("auto_execute_allowed_count") != auto_execute_allowed_count:
raise ValueError(f"{label}: rollups.auto_execute_allowed_count mismatch")
blocked_domain_ids = sorted(
domain.get("domain_id")
for domain in payload.get("version_lifecycle_domains") or []
if domain.get("update_authority") != "auto_update_allowed"
)
if sorted(rollups.get("blocked_update_domain_ids") or []) != blocked_domain_ids:
raise ValueError(f"{label}: rollups.blocked_update_domain_ids mismatch")
telegram_action_required = sorted(
capability.get("capability_id")
for capability in payload.get("delegable_capabilities") or []
if "action_required" in str(capability.get("telegram_policy") or "")
)
if sorted(rollups.get("telegram_action_required_capability_ids") or []) != telegram_action_required:
raise ValueError(f"{label}: rollups.telegram_action_required_capability_ids mismatch")
def _require_delegation_safety(payload: dict[str, Any], label: str) -> None:
dangerous_levels = {"L5_auto_execute", "auto_update", "auto_merge"}
unsafe_capabilities = [
capability.get("capability_id")
for capability in payload.get("delegable_capabilities") or []
if capability.get("automation_level") in dangerous_levels
]
if unsafe_capabilities:
raise ValueError(f"{label}: capabilities must not auto execute: {unsafe_capabilities}")
missing_gates = [
item.get("capability_id") or item.get("domain_id") or item.get("tool_id")
for section in (
payload.get("delegable_capabilities") or [],
payload.get("version_lifecycle_domains") or [],
payload.get("mcp_tool_requirements") or [],
)
for item in section
if not item.get("approval_gate")
]
if missing_gates:
raise ValueError(f"{label}: all proactive operation items need approval gates: {missing_gates}")
external_cadence_enabled = [
cadence.get("cadence_id")
for cadence in payload.get("cadence_matrix") or []
if "external" in str(cadence.get("cadence_id"))
and cadence.get("allowed_now") is not False
]
if external_cadence_enabled:
raise ValueError(f"{label}: external cadence must stay disabled until approved")

184
apps/api/tests/test_ai_agent_proactive_operations_contract.py Normal file
View File

@@ -0,0 +1,184 @@
from __future__ import annotations
import json
import pytest
from src.services.ai_agent_proactive_operations_contract import (
load_latest_ai_agent_proactive_operations_contract,
)
def test_load_latest_ai_agent_proactive_operations_contract_reads_committed_snapshot():
data = load_latest_ai_agent_proactive_operations_contract()
assert data["schema_version"] == "ai_agent_proactive_operations_contract_v1"
assert data["program_status"]["overall_completion_percent"] == 30
assert data["program_status"]["current_task_id"] == "P2-402A"
assert data["program_status"]["next_task_id"] == "P2-402B"
assert data["program_status"]["read_only_mode"] is True
assert data["program_status"]["runtime_authority"] == "contract_only_no_version_or_runtime_update"
assert data["approval_boundaries"]["runtime_version_update_allowed"] is False
assert data["approval_boundaries"]["package_upgrade_allowed"] is False
assert data["approval_boundaries"]["host_upgrade_allowed"] is False
assert data["approval_boundaries"]["workflow_schedule_enabled"] is False
assert data["approval_boundaries"]["telegram_direct_send_allowed"] is False
assert data["rollups"]["version_domain_count"] == len(data["version_lifecycle_domains"]) == 12
assert data["rollups"]["delegable_capability_count"] == len(data["delegable_capabilities"]) == 24
assert data["rollups"]["auto_execute_allowed_count"] == 0
assert any(domain["domain_id"] == "ai_agents_models" for domain in data["version_lifecycle_domains"])
assert any(
capability["capability_id"] == "telegram_delivery_audit"
for capability in data["delegable_capabilities"]
)
def test_load_latest_ai_agent_proactive_operations_contract_rejects_version_update(tmp_path):
snapshot = _snapshot()
snapshot["approval_boundaries"]["package_upgrade_allowed"] = True
(tmp_path / "ai_agent_proactive_operations_contract_2026-06-11.json").write_text(
json.dumps(snapshot),
encoding="utf-8",
)
with pytest.raises(ValueError, match="approval boundaries"):
load_latest_ai_agent_proactive_operations_contract(tmp_path)
def test_load_latest_ai_agent_proactive_operations_contract_rejects_rollup_mismatch(tmp_path):
snapshot = _snapshot()
snapshot["rollups"]["delegable_capability_count"] = 99
(tmp_path / "ai_agent_proactive_operations_contract_2026-06-11.json").write_text(
json.dumps(snapshot),
encoding="utf-8",
)
with pytest.raises(ValueError, match="rollup counts"):
load_latest_ai_agent_proactive_operations_contract(tmp_path)
def test_load_latest_ai_agent_proactive_operations_contract_rejects_auto_execute(tmp_path):
snapshot = _snapshot()
snapshot["delegable_capabilities"][0]["automation_level"] = "L5_auto_execute"
snapshot["rollups"]["auto_execute_allowed_count"] = 1
(tmp_path / "ai_agent_proactive_operations_contract_2026-06-11.json").write_text(
json.dumps(snapshot),
encoding="utf-8",
)
with pytest.raises(ValueError, match="auto execute"):
load_latest_ai_agent_proactive_operations_contract(tmp_path)
def _snapshot() -> dict:
return {
"schema_version": "ai_agent_proactive_operations_contract_v1",
"generated_at": "2026-06-11T21:30:00+08:00",
"program_status": {
"overall_completion_percent": 30,
"current_priority": "P2",
"current_task_id": "P2-402A",
"next_task_id": "P2-402B",
"read_only_mode": True,
"runtime_authority": "contract_only_no_version_or_runtime_update",
},
"delegation_model": {
"autonomy_levels": [],
"agent_responsibilities": [],
"telegram_policy": {},
},
"version_lifecycle_domains": [
{
"domain_id": "python_packages",
"display_name": "Python",
"primary_owner": "hermes",
"cadence": "daily",
"current_allowed_autonomy": "L2_approval_package_only",
"update_authority": "dependency approval",
"approval_gate": "dependency_approval_required",
}
],
"delegable_capabilities": [
{
"capability_id": "version_discovery_freshness",
"display_name": "版本發現",
"primary_owner": "hermes",
"risk_tier": "low",
"automation_level": "L1_report_only",
"outputs": ["report"],
"approval_gate": "read_only_allowed",
"telegram_policy": "failure_only",
}
],
"cadence_matrix": [
{
"cadence_id": "daily_repo_only",
"frequency": "daily",
"scope": "repo",
"allowed_now": True,
"next_gate": "none",
},
{
"cadence_id": "weekly_external_primary_sources",
"frequency": "weekly",
"scope": "external",
"allowed_now": False,
"next_gate": "approval",
},
],
"mcp_tool_requirements": [
{
"tool_id": "gitea_release_pr_mcp",
"display_name": "Gitea",
"purpose": "測試。",
"owner_agent": "hermes",
"status": "planned",
"approval_gate": "write_requires_human_gate",
}
],
"rag_memory_contract": [
{
"memory_id": "version_history",
"display_name": "Version",
"storage": "PostgreSQL",
"owner_agent": "hermes",
"purpose": "測試。",
"redaction_policy": "no secrets",
}
],
"rollout_tasks": [
{
"task_id": "P2-402A",
"priority": "P2",
"status": "done",
"completion_percent": 100,
"owner_agent": "Hermes",
"summary": "測試。",
"next_gate": "deploy",
}
],
"approval_boundaries": {
"runtime_version_update_allowed": False,
"package_upgrade_allowed": False,
"host_upgrade_allowed": False,
"container_pull_allowed": False,
"workflow_schedule_enabled": False,
"auto_merge_allowed": False,
"telegram_direct_send_allowed": False,
"secret_plaintext_allowed": False,
"paid_external_service_allowed": False,
"production_route_change_allowed": False,
},
"rollups": {
"version_domain_count": 1,
"delegable_capability_count": 1,
"cadence_count": 2,
"mcp_tool_count": 1,
"rag_memory_count": 1,
"rollout_task_count": 1,
"auto_execute_allowed_count": 0,
"approval_required_capability_count": 1,
"blocked_update_domain_ids": ["python_packages"],
"telegram_action_required_capability_ids": [],
},
}

34
apps/api/tests/test_ai_agent_proactive_operations_contract_api.py Normal file
View File

@@ -0,0 +1,34 @@
from __future__ import annotations
from fastapi import FastAPI
from fastapi.testclient import TestClient
from src.api.v1.agents import router
def test_ai_agent_proactive_operations_contract_endpoint_returns_committed_snapshot():
app = FastAPI()
app.include_router(router, prefix="/api/v1")
client = TestClient(app)
response = client.get("/api/v1/agents/agent-proactive-operations-contract")
assert response.status_code == 200
data = response.json()
assert data["schema_version"] == "ai_agent_proactive_operations_contract_v1"
assert data["program_status"]["overall_completion_percent"] == 30
assert data["program_status"]["current_task_id"] == "P2-402A"
assert data["program_status"]["next_task_id"] == "P2-402B"
assert data["program_status"]["read_only_mode"] is True
assert data["approval_boundaries"]["runtime_version_update_allowed"] is False
assert data["approval_boundaries"]["package_upgrade_allowed"] is False
assert data["approval_boundaries"]["workflow_schedule_enabled"] is False
assert data["approval_boundaries"]["telegram_direct_send_allowed"] is False
assert data["rollups"]["version_domain_count"] == 12
assert data["rollups"]["delegable_capability_count"] == 24
assert data["rollups"]["auto_execute_allowed_count"] == 0
assert any(domain["domain_id"] == "host_os_packages" for domain in data["version_lifecycle_domains"])
assert any(
capability["capability_id"] == "market_watch_and_candidate_intake"
for capability in data["delegable_capabilities"]
)

20
docs/LOGBOOK.md
View File

@@ -1,3 +1,23 @@
## 2026-06-11AI Agent 主動營運委派與版本生命週期契約第一波
**背景**:統帥要求 AI Agent 不只要互相溝通與學習,也要定期更新所有 AI Agent、套件、服務、工具、主機等版本並專業評估還有哪些工作可交給 Agent 處理,納入整體架構執行。本波先建立只讀契約與 API避免把「主動」誤解為未授權自動升版、自動重啟、自動 pull image、自動 merge 或直接發 Telegram。
**完成內容:**
- 新增 `docs/schemas/ai_agent_proactive_operations_contract_v1.schema.json`定義主動營運委派、版本生命週期、可委派能力、cadence、MCP、RAG、rollout task 與 approval boundary。
- 新增 `docs/evaluations/ai_agent_proactive_operations_contract_2026-06-11.json`,覆蓋 12 類版本 domain、24 類可委派能力、5 種 cadence、8 類 MCP tool requirement、4 類 RAG memory contract。
- 新增 `apps/api/src/services/ai_agent_proactive_operations_contract.py`,強制驗證 runtime update、package upgrade、host upgrade、container pull、workflow schedule、auto merge、Telegram direct send、paid service、production route 皆維持 false。
- 新增 `GET /api/v1/agents/agent-proactive-operations-contract` 只讀端點;只回傳 committed snapshot不啟用排程、不升級套件、不更新主機、不 pull image、不 auto merge、不送 Telegram。
- 新增 `docs/ai/AI_AGENT_PROACTIVE_OPERATIONS_2026-06-11.md`,用繁體中文整理可交給 Agent 的工作分類、不可自動做的邊界與下一步 P2-402B~G。
- 更新 MASTER §3.2.1c / §5 / §8把版本生命週期、24 類可委派能力、工具採用順序與正式 API 納入權威藍圖。
- 更新 `docs/ai/AI_AGENT_AUTOMATION_WORKLIST_2026-06-04.md`,新增 P2-402A 完成與 P2-402B~G 優先順序。
- 新增 service / API tests覆蓋只讀邊界、rollup consistency、auto execute 禁止、正式 API readback。
**完成度與邊界:**
- P2-402A 主動營運委派與版本生命週期契約:`100%`
- 整體 AI Agent 主動營運與版本生命週期:`30%`
- repo-only daily version freshness snapshot、Renovate / OSV / Trivy / Syft / Grype 採用批准包、Telegram digest、Gitea PR lane、host / K3s / stateful version inventory、governance UI仍為後續 P2-402B~G。
- runtime version update、package upgrade、host upgrade、container pull、workflow schedule、auto merge、Telegram direct send、secret plaintext、paid external service、production route change全部仍 `false`
## 2026-06-11P0 Telegram 監控告警主鏈路修復
**背景**:使用者指出 Telegram 監控告警已異常很久、等同沒有任何告警訊息。即時盤點 production 後確認Telegram Bot token / chat id 仍設定完成CI/CD Telegram outbound 仍可送出;真正斷點在一般 Alertmanager webhook 進 API 後缺少 `project_id` tenant context導致 approval / incident 路徑被 RLS fail-closed 擋下API 又以 degraded accepted no-retry 吃掉告警Alertmanager 不會重送Telegram 因此沉默。

11
docs/ai/AI_AGENT_AUTOMATION_WORKLIST_2026-06-04.md
View File

@@ -13,6 +13,7 @@
| 工具 / 服務 / 套件 AI 自動化 | 92% | P0 已完成P1 服務 / runtime / 監控 / provider / service health / 備份 / DR / 套件與供應鏈只讀基線已完成P1-007 失敗限定通知合約與前端 redaction 合約已完成;下一主線是 P2-004 依賴 / 供應鏈漂移監控 | 狀態分類、盤點 schema、權限矩陣、靜態盤點種子、只讀 API、UI 骨架、驗證、自動化待辦 schema / 快照 / API / 分組 UI、Backup / DR 目標盤點、準備度矩陣、備份通知政策、Backup / DR 證據 UI、復原演練批准包模板、異地 / escrow 準備度狀態、任務批准邊界、確定性進度彙總、Python 套件 / 供應鏈只讀基線、JS pnpm/npm 只讀基線、Docker build surface 只讀基線、CVE / license / drift 嚴重度政策、定期依賴漂移與外部資料來源檢查設計、依賴升級批准包模板、runtime_surface_inventory_v1 schema / snapshot / API / UI、gitea_workflow_runner_health_v1 schema / snapshot / API / UI、observability_contract_matrix_v1 schema / snapshot / API / UI、ai_provider_route_matrix_v1 schema / snapshot / API / UI、service_health_gap_matrix_v1 schema / snapshot / API / UI、service health evidence cards UI、service_health_failure_notification_policy_v1 schema / snapshot / API / UI 已完成 |
| OpenClaw / Hermes / NemoTron 佈建布局 | 45% | P1-401 / P1-402 已完成;仍是只讀 layout 與治理頁顯示,不是 runtime deploy | `ai_agent_deployment_layout_v1` schema、`ai_agent_deployment_layout_2026-06-11.json``GET /api/v1/agents/agent-deployment-layout`、治理頁自動化盤點 UI、`AI_AGENT_DEPLOYMENT_LAYOUT_2026-06-11.md` |
| OpenClaw / Hermes / NemoTron 主動溝通與學習契約 | 35% | P2-401A 已完成只讀 contractruntime worker、DB migration、Telegram 實發、SDK / 付費服務仍未開 gate | `ai_agent_communication_learning_contract_v1` schema、`ai_agent_communication_learning_contract_2026-06-11.json``GET /api/v1/agents/agent-communication-learning-contract`、MASTER §3.2.1b / §3.4.3 |
| AI Agent 主動營運委派與版本生命週期 | 30% | P2-402A 已完成只讀 contract定期排程、外部版本查詢、套件升級、主機更新、container pull、auto merge、Telegram 實發仍未開 gate | `ai_agent_proactive_operations_contract_v1` schema、`ai_agent_proactive_operations_contract_2026-06-11.json``GET /api/v1/agents/agent-proactive-operations-contract`、MASTER §3.2.1c |
| 本工作清單與分析報告 | 100% | 已完成 | 本 MD 文件 |
AI Agent 自動化工作包目前完成度:**92%**。本工作清單文件本身完成度:**100%**。
@@ -21,6 +22,8 @@ AI Agent 自動化工作包目前完成度:**92%**。本工作清單文件本
三 Agent 主動溝通與學習契約目前完成度:**35%**。已完成只讀 schema / snapshot / API / 測試與 MASTER 同步;下一步依優先順序推 `P2-401B` AgentSession / Redis Streams migration 與 worker gate但在批准前仍不得啟動 runtime loop。
AI Agent 主動營運委派與版本生命週期目前完成度:**30%**。已完成 12 類版本 domain、24 類可委派能力、5 種 cadence、8 類 MCP、4 類 RAG memory 與只讀 API下一步是 `P2-402B` repo-only daily version freshness snapshot外部 registry / package source / host probe / Telegram 實發仍需 gate。
完成度計算模型:
```text
@@ -72,6 +75,7 @@ AI Agent 自動化工作包目前完成度:**92%**。本工作清單文件本
| Telegram 三 Agent lane E2E | 待辦P1-403必須沿用 Gateway / ADR-035不允許 Agent 直接發送 |
| AgentSession / Redis Streams runtime loop | 待辦P2-401需 migration / worker gate |
| 主動溝通與學習契約 | 已完成P2-401A`ai_agent_communication_learning_contract_v1` + `GET /api/v1/agents/agent-communication-learning-contract` |
| 主動營運委派與版本生命週期契約 | 已完成P2-402A`ai_agent_proactive_operations_contract_v1` + `GET /api/v1/agents/agent-proactive-operations-contract` |
| NemoTron 3 Ultra smoke | 待辦P3-401需 source refresh + cost/data approval |
## 4. 工作流總覽
@@ -947,6 +951,13 @@ UI
| P2-401C | 待辦 | 0 | Hermes | MCP Gateway audit matrixK8s / Prometheus / SigNoz / Sentry / Gitea / Backup / Package / Telegram | MCP 權限與 audit matrix | no-secret read-only smoke |
| P2-401D | 待辦 | 0 | Hermes | RAG Hot / Warm / Cold memory ingestion、dedupe、freshness、redaction policy | RAG 記憶治理提案 | schema migration + owner review |
| P2-401E | 待辦 | 0 | Nemotron | sanitized replay scorer 與 5-record smoke 設計 | NemoTron replay smoke 批准包 | cost / data approval |
| P2-402A | 完成 | 100 | Hermes + OpenClaw + Nemotron | 定義 AI Agent 主動營運委派與版本生命週期12 類版本 domain、24 類可委派能力、MCP/RAG/Telegram policy | `ai_agent_proactive_operations_contract_v1` / snapshot / 只讀 API / MASTER 同步 | 只讀;不啟用排程、不升級、不 host update、不 pull image、不 auto merge、不發 Telegram |
| P2-402B | 待辦 | 0 | Hermes | 建立 repo-only daily version freshness snapshot | manifest / lockfile / Dockerfile / K8s YAML / snapshot freshness | workflow schedule approval |
| P2-402C | 待辦 | 0 | OpenClaw | 建立 Renovate / OSV / Trivy / Syft / Grype 工具採用批准包 | 工具 / 費用 / secret / CI 變更批准包 | tool install + CI change approval |
| P2-402D | 待辦 | 0 | OpenClaw | 建立 Telegram action-required digest policy | critical / action-required / failure-only digest | Telegram Gateway E2E |
| P2-402E | 待辦 | 0 | Hermes | 設計 Gitea PR 草案 lane | grouping、automerge=false、tests、rollback、owner response | bot / branch policy approval |
| P2-402F | 待辦 | 0 | OpenClaw | 建立 host OS / K3s / stateful services 版本只讀盤點 | host / K3s / DB / Redis / MinIO / Gitea 版本矩陣 | host readonly probe + maintenance window approval |
| P2-402G | 待辦 | 0 | Hermes | 接入 governance UI 顯示可委派能力 | 自主等級、gate、owner、Telegram policy | frontend UI change approval |
| P2-101 | 待辦 | 0 | OpenClaw | 定義操作類別權限模型 | 操作政策 schema | HITL 關卡 |
| P2-102 | 待辦 | 0 | OpenClaw | 所有候選操作都要有 dry-run 證據 | dry-run 合約 | 不直接 apply |
| P2-103 | 待辦 | 0 | Hermes | 把任務結果接回 KM / LOGBOOK / 稽核軌跡 | 證據寫入器 | 不洩漏 secret |

56
docs/ai/AI_AGENT_PROACTIVE_OPERATIONS_2026-06-11.md Normal file
View File

@@ -0,0 +1,56 @@
# AI Agent 主動營運委派與版本生命週期分析報告
> 日期2026-06-11台北時間
> 文件定位P2-402A 只讀契約摘要。權威細節以 MASTER §3.2.1c 與 `ai_agent_proactive_operations_contract_v1` 為準。
## 1. 本波完成度
| 範圍 | 完成度 | 狀態 |
|---|---:|---|
| 主動營運委派契約 | 100% | 已完成 schema / snapshot / API / 測試 |
| 整體主動營運與版本生命週期 | 30% | 已完成架構與邊界runtime 排程與更新尚未開 gate |
## 2. 可交給 AI Agent 的工作分類
| 類別 | 可交給 Agent 主動做 | 不可自動做 |
|---|---|---|
| 版本與依賴 | 版本發現、新鮮度、changelog、升級批准包 | 套件升級、lockfile 寫入、auto merge |
| AI Agent / 模型 | 市場 watch、scorecard、sanitized replay 計畫 | SDK 安裝、付費 API、shadow/canary、生產路由 |
| 主機 / K3s | version skew、maintenance window 草案 | apt upgrade、kernel / K3s 升級、reboot |
| 資安 / SBOM | SBOM / CVE / license 工具採用評估 | 安裝掃描器、外部 live scan、修補套件 |
| 監控 / 告警 | 噪音分析、Telegram 送達稽核、fallback gap | 改 receiver、route、silence、直接發 Bot |
| 備份 / DR | freshness、restore readiness、DR 批准包 | restore、prune、offsite sync |
| 成本 / 容量 | resource / provider / cost delta 建議 | 增費、改 runtime limit、切付費 provider |
| 前後台 / 文件 | UI smoke、overflow、a11y、runbook / postmortem 草稿 | 修改 UI、發布文件、寫 canonical KM |
## 3. 已定義的正式契約
| 產物 | 用途 |
|---|---|
| `docs/schemas/ai_agent_proactive_operations_contract_v1.schema.json` | 主動營運委派與版本生命週期 schema |
| `docs/evaluations/ai_agent_proactive_operations_contract_2026-06-11.json` | 12 類版本 domain、24 類可委派能力、5 種 cadence、8 類 MCP、4 類 RAG memory |
| `GET /api/v1/agents/agent-proactive-operations-contract` | 只讀 API不啟用排程、不升級、不發 Telegram |
## 4. 下一步優先順序
| ID | 優先 | 任務 | 關卡 |
|---|---|---|---|
| P2-402B | 1 | repo-only daily version freshness snapshot | workflow schedule approval |
| P2-402C | 2 | Renovate / OSV / Trivy / Syft / Grype 採用批准包 | tool install / CI approval |
| P2-402D | 3 | Telegram action-required digest policy | Telegram Gateway E2E |
| P2-402E | 4 | Gitea PR 草案 lane | bot / branch policy approval |
| P2-402F | 5 | host OS / K3s / stateful services 版本只讀盤點 | host probe / maintenance approval |
| P2-402G | 6 | governance UI 顯示可委派能力 | frontend UI approval |
## 5. 仍維持 false 的安全邊界
- `runtime_version_update_allowed=false`
- `package_upgrade_allowed=false`
- `host_upgrade_allowed=false`
- `container_pull_allowed=false`
- `workflow_schedule_enabled=false`
- `auto_merge_allowed=false`
- `telegram_direct_send_allowed=false`
- `secret_plaintext_allowed=false`
- `paid_external_service_allowed=false`
- `production_route_change_allowed=false`

726
docs/evaluations/ai_agent_proactive_operations_contract_2026-06-11.json Normal file
View File

@@ -0,0 +1,726 @@
{
"schema_version": "ai_agent_proactive_operations_contract_v1",
"generated_at": "2026-06-11T21:30:00+08:00",
"program_status": {
"overall_completion_percent": 30,
"current_priority": "P2",
"current_task_id": "P2-402A",
"next_task_id": "P2-402B",
"read_only_mode": true,
"runtime_authority": "contract_only_no_version_or_runtime_update",
"status_note": "本快照定義 AI Agent 可主動處理的營運工作與版本生命週期;本波不啟用排程、不升級套件、不更新主機、不 pull image、不 auto merge、不發 Telegram。"
},
"external_source_evidence": [
{
"id": "renovate_gitea_docs",
"name": "Renovate Gitea platform docs",
"url": "https://docs.renovatebot.com/modules/platform/gitea/",
"decision_use": "列為 Gitea 版本更新 PR 自動化候選;本波不啟用 bot、不建立 workflow。"
},
{
"id": "osv_scanner_docs",
"name": "OSV-Scanner usage docs",
"url": "https://google.github.io/osv-scanner/usage/",
"decision_use": "列為依賴漏洞掃描候選;本波只做契約,不執行外部 vulnerability query。"
},
{
"id": "trivy_docs",
"name": "Trivy docs",
"url": "https://trivy.dev/",
"decision_use": "列為 repository / filesystem / container / Kubernetes 掃描候選;本波不安裝、不掃描 live cluster。"
},
{
"id": "syft_docs",
"name": "Anchore Syft",
"url": "https://github.com/anchore/syft",
"decision_use": "列為 SBOM 產生候選;本波不安裝、不產生 live SBOM。"
},
{
"id": "grype_docs",
"name": "Anchore Grype",
"url": "https://github.com/anchore/grype",
"decision_use": "列為 SBOM / filesystem / container vulnerability scanner 候選;本波不安裝。"
},
{
"id": "kubernetes_version_skew_policy",
"name": "Kubernetes Version Skew Policy",
"url": "https://kubernetes.io/releases/version-skew-policy/",
"decision_use": "K3s / Kubernetes / kubectl / kubelet 版本更新必須先檢查 skew policy。"
},
{
"id": "docker_scout_docs",
"name": "Docker Scout docs",
"url": "https://docs.docker.com/scout/",
"decision_use": "列為 container image SBOM / vulnerability platform 候選;若使用 managed service 需費用與 secret gate。"
}
],
"delegation_model": {
"autonomy_levels": [
{
"level": "L0_observe_only",
"meaning": "Agent 可主動盤點、比對版本、產生風險摘要,不修改 repo、主機或服務。"
},
{
"level": "L1_report_only",
"meaning": "Agent 可產生定期報告、KM 記錄、LOGBOOK 草稿與 Telegram action-required 摘要草稿。"
},
{
"level": "L2_approval_package_only",
"meaning": "Agent 可產生升級批准包、rollback plan、smoke plan、owner packet不得自行套用。"
},
{
"level": "L3_draft_change_after_gate",
"meaning": "通過明確 gate 後Agent 可建立 branch / PR 草案或 Renovate 類更新 PR不得 auto merge。"
},
{
"level": "L4_execute_after_human_approval",
"meaning": "只有低風險、可回滾、已驗證 dry-run 的操作可在人工批准後執行。"
},
{
"level": "L5_blocked",
"meaning": "主機升級、K3s 版本升級、production route、secret rotation value、付費服務啟用等仍阻擋。"
}
],
"agent_responsibilities": [
{
"agent_id": "hermes",
"responsibility": "版本發現、changelog 摘要、SBOM / CVE / license / drift 證據、KM / runbook 更新草稿。"
},
{
"agent_id": "openclaw",
"responsibility": "風險分級、相依性衝突、rollback / dry-run gate、Telegram action-required 與 HITL 仲裁。"
},
{
"agent_id": "nemotron",
"responsibility": "AI Agent / 模型 / prompt / tool-call 變更的 sanitized replay、schema 合約與離線評分。"
}
],
"telegram_policy": {
"allowed_now": "只產 action-required 摘要資料;不得直接送 Bot。",
"failure_only": "版本 watch source 連續失敗、critical CVE、EOL approaching、production incompatibility risk 才可進 Telegram Gateway queue。",
"success_spam": "禁止成功巡檢洗版。"
}
},
"version_lifecycle_domains": [
{
"domain_id": "ai_agents_models",
"display_name": "AI Agent / 模型 / prompt / SDK",
"primary_owner": "nemotron",
"cadence": "weekly + triggered_on_major_release",
"current_allowed_autonomy": "L2_approval_package_only",
"update_authority": "OpenClaw 仲裁 + replay / shadow / canary gate",
"approval_gate": "market_scorecard_replay_and_cost_data_approval_required",
"tracked_examples": ["OpenClaw", "Hermes", "NemoTron", "LangGraph", "OpenAI Agents SDK", "Claude Agent SDK"]
},
{
"domain_id": "python_packages",
"display_name": "API Python 套件",
"primary_owner": "hermes",
"cadence": "daily_repo_only + weekly_external",
"current_allowed_autonomy": "L2_approval_package_only",
"update_authority": "dependency upgrade approval package",
"approval_gate": "dependency_approval_required",
"tracked_examples": ["pyproject.toml", "requirements.txt"]
},
{
"domain_id": "javascript_packages",
"display_name": "Web pnpm / npm 套件",
"primary_owner": "hermes",
"cadence": "daily_repo_only + weekly_external",
"current_allowed_autonomy": "L2_approval_package_only",
"update_authority": "dependency upgrade approval package",
"approval_gate": "dependency_approval_required",
"tracked_examples": ["package.json", "pnpm-lock.yaml"]
},
{
"domain_id": "container_images",
"display_name": "Docker base image / runtime image / digest",
"primary_owner": "openclaw",
"cadence": "weekly + triggered_on_critical_cve",
"current_allowed_autonomy": "L2_approval_package_only",
"update_authority": "image digest pin proposal + smoke plan",
"approval_gate": "image_pull_build_push_approval_required",
"tracked_examples": ["Dockerfile", "Harbor image tags", "base image digest"]
},
{
"domain_id": "kubernetes_k3s_components",
"display_name": "K3s / Kubernetes / kubectl / kubelet",
"primary_owner": "openclaw",
"cadence": "monthly + triggered_on_eol_or_security",
"current_allowed_autonomy": "L2_approval_package_only",
"update_authority": "version skew report + maintenance window approval",
"approval_gate": "k8s_upgrade_maintenance_window_required",
"tracked_examples": ["kube-apiserver", "kubelet", "kubectl", "CNI", "Ingress"]
},
{
"domain_id": "host_os_packages",
"display_name": "主機 OS / kernel / systemd / SSH / Nginx",
"primary_owner": "openclaw",
"cadence": "monthly + triggered_on_critical_cve",
"current_allowed_autonomy": "L2_approval_package_only",
"update_authority": "Ansible check-mode / maintenance plan only",
"approval_gate": "host_update_approval_required",
"tracked_examples": ["Ubuntu packages", "kernel", "Nginx", "OpenSSH"]
},
{
"domain_id": "observability_stack",
"display_name": "Prometheus / Alertmanager / Grafana / SigNoz / OTEL / Sentry",
"primary_owner": "hermes",
"cadence": "weekly_freshness + monthly_upgrade_review",
"current_allowed_autonomy": "L2_approval_package_only",
"update_authority": "observability compatibility report",
"approval_gate": "monitoring_route_receiver_write_blocked",
"tracked_examples": ["Prometheus", "Alertmanager", "Grafana", "SigNoz", "OpenTelemetry Collector", "Sentry"]
},
{
"domain_id": "stateful_services",
"display_name": "PostgreSQL / Redis / MinIO / Harbor / Gitea",
"primary_owner": "openclaw",
"cadence": "monthly + triggered_on_security",
"current_allowed_autonomy": "L2_approval_package_only",
"update_authority": "backup freshness + rollback + compatibility gate",
"approval_gate": "stateful_upgrade_approval_required",
"tracked_examples": ["PostgreSQL", "Redis", "MinIO", "Harbor", "Gitea"]
},
{
"domain_id": "backup_dr_tooling",
"display_name": "Backup / DR / restore 工具",
"primary_owner": "openclaw",
"cadence": "weekly_freshness + monthly_drill_readiness",
"current_allowed_autonomy": "L2_approval_package_only",
"update_authority": "restore drill approval package",
"approval_gate": "restore_or_prune_approval_required",
"tracked_examples": ["restic", "Velero", "backup scripts", "offsite escrow"]
},
{
"domain_id": "ci_cd_and_runner_tools",
"display_name": "Gitea Actions / runner / deploy tooling",
"primary_owner": "hermes",
"cadence": "weekly_freshness + triggered_on_runner_failure",
"current_allowed_autonomy": "L2_approval_package_only",
"update_authority": "workflow / runner owner packet",
"approval_gate": "workflow_modification_approval_required",
"tracked_examples": ["Gitea workflow", "runner labels", "deploy scripts"]
},
{
"domain_id": "mcp_tools_integrations",
"display_name": "MCP tools / A2A / external integrations",
"primary_owner": "hermes",
"cadence": "weekly_contract_review",
"current_allowed_autonomy": "L2_approval_package_only",
"update_authority": "MCP schema compatibility report",
"approval_gate": "new_tool_or_secret_approval_required",
"tracked_examples": ["K8s MCP", "Prometheus MCP", "Sentry MCP", "Telegram Gateway"]
},
{
"domain_id": "public_web_admin_surfaces",
"display_name": "網站前後台 / route / UI smoke",
"primary_owner": "hermes",
"cadence": "daily_smoke + triggered_on_release",
"current_allowed_autonomy": "L1_report_only",
"update_authority": "UI smoke report only",
"approval_gate": "code_change_required_for_fix",
"tracked_examples": ["awoooi.wooo.work", "AwoooP", "IwoooS", "governance tabs"]
}
],
"delegable_capabilities": [
{
"capability_id": "version_discovery_freshness",
"display_name": "版本發現與新鮮度盤點",
"primary_owner": "hermes",
"risk_tier": "low",
"automation_level": "L1_report_only",
"outputs": ["version_delta_report", "freshness_score", "stale_source_list"],
"approval_gate": "read_only_allowed",
"telegram_policy": "failure_or_action_required_only"
},
{
"capability_id": "upgrade_approval_package",
"display_name": "升級批准包與 rollback plan",
"primary_owner": "openclaw",
"risk_tier": "medium",
"automation_level": "L2_approval_package_only",
"outputs": ["risk_matrix", "rollback_plan", "smoke_plan", "owner_packet"],
"approval_gate": "human_approval_required",
"telegram_policy": "action_required"
},
{
"capability_id": "renovate_pr_proposal",
"display_name": "Renovate / Gitea PR 草案候選",
"primary_owner": "hermes",
"risk_tier": "medium",
"automation_level": "L3_draft_change_after_gate",
"outputs": ["pr_plan", "grouping_policy", "automerge_false_policy"],
"approval_gate": "workflow_and_bot_approval_required",
"telegram_policy": "action_required"
},
{
"capability_id": "sbom_generation_plan",
"display_name": "SBOM 產生與保存策略",
"primary_owner": "hermes",
"risk_tier": "medium",
"automation_level": "L2_approval_package_only",
"outputs": ["sbom_plan", "retention_policy", "tool_choice_matrix"],
"approval_gate": "tool_install_or_ci_change_approval_required",
"telegram_policy": "failure_only"
},
{
"capability_id": "vulnerability_triage",
"display_name": "CVE / OSV / container vulnerability triage",
"primary_owner": "openclaw",
"risk_tier": "high",
"automation_level": "L2_approval_package_only",
"outputs": ["vulnerability_report", "blast_radius", "patch_priority"],
"approval_gate": "external_scan_and_dependency_approval_required",
"telegram_policy": "critical_or_action_required"
},
{
"capability_id": "license_policy_review",
"display_name": "License / copyleft 風險檢查",
"primary_owner": "hermes",
"risk_tier": "medium",
"automation_level": "L1_report_only",
"outputs": ["license_delta_report", "owner_review_queue"],
"approval_gate": "legal_owner_review_required",
"telegram_policy": "action_required_only"
},
{
"capability_id": "kubernetes_version_skew_review",
"display_name": "Kubernetes / K3s version skew 檢查",
"primary_owner": "openclaw",
"risk_tier": "high",
"automation_level": "L2_approval_package_only",
"outputs": ["skew_report", "upgrade_order", "rollback_window"],
"approval_gate": "maintenance_window_required",
"telegram_policy": "action_required"
},
{
"capability_id": "host_patch_advisory",
"display_name": "主機 patch advisory / Ansible check-mode 計畫",
"primary_owner": "openclaw",
"risk_tier": "high",
"automation_level": "L2_approval_package_only",
"outputs": ["host_patch_plan", "affected_service_map", "reboot_risk"],
"approval_gate": "host_update_approval_required",
"telegram_policy": "action_required"
},
{
"capability_id": "config_drift_owner_packet",
"display_name": "高價值配置 drift 與 owner packet",
"primary_owner": "hermes",
"risk_tier": "medium",
"automation_level": "L2_approval_package_only",
"outputs": ["drift_report", "owner_packet", "rollback_refs"],
"approval_gate": "owner_response_required",
"telegram_policy": "action_required"
},
{
"capability_id": "service_health_staleness",
"display_name": "服務健康缺口與過期端點",
"primary_owner": "openclaw",
"risk_tier": "medium",
"automation_level": "L1_report_only",
"outputs": ["stale_endpoint_report", "health_gap_list"],
"approval_gate": "restart_or_endpoint_change_requires_approval",
"telegram_policy": "failure_only"
},
{
"capability_id": "observability_noise_review",
"display_name": "告警噪音、路由與 silence 建議",
"primary_owner": "hermes",
"risk_tier": "medium",
"automation_level": "L2_approval_package_only",
"outputs": ["noise_report", "rule_change_proposal"],
"approval_gate": "alert_rule_write_approval_required",
"telegram_policy": "action_required_only"
},
{
"capability_id": "telegram_delivery_audit",
"display_name": "Telegram 告警送達與 fallback 稽核",
"primary_owner": "openclaw",
"risk_tier": "high",
"automation_level": "L1_report_only",
"outputs": ["delivery_report", "silent_route_alert", "fallback_gap"],
"approval_gate": "telegram_send_or_route_change_requires_approval",
"telegram_policy": "failure_or_action_required"
},
{
"capability_id": "backup_dr_readiness",
"display_name": "備份 / DR / restore readiness",
"primary_owner": "openclaw",
"risk_tier": "high",
"automation_level": "L2_approval_package_only",
"outputs": ["readiness_matrix", "restore_drill_package", "offsite_gap"],
"approval_gate": "restore_or_prune_approval_required",
"telegram_policy": "failure_or_action_required"
},
{
"capability_id": "cost_and_capacity_review",
"display_name": "成本、容量與資源優化建議",
"primary_owner": "openclaw",
"risk_tier": "medium",
"automation_level": "L2_approval_package_only",
"outputs": ["capacity_forecast", "cost_delta", "resource_limit_proposal"],
"approval_gate": "cost_or_runtime_change_approval_required",
"telegram_policy": "action_required_only"
},
{
"capability_id": "ai_provider_route_review",
"display_name": "AI provider / model route / fallback 成本與品質檢查",
"primary_owner": "openclaw",
"risk_tier": "high",
"automation_level": "L2_approval_package_only",
"outputs": ["provider_scorecard", "fallback_gap", "cost_boundary_report"],
"approval_gate": "cost_data_and_route_approval_required",
"telegram_policy": "action_required"
},
{
"capability_id": "nemotron_replay_and_model_eval",
"display_name": "NemoTron replay / model eval / prompt eval",
"primary_owner": "nemotron",
"risk_tier": "medium",
"automation_level": "L2_approval_package_only",
"outputs": ["sanitized_replay_score", "schema_pass_rate", "tool_call_quality"],
"approval_gate": "cost_data_and_sanitized_fixture_approval_required",
"telegram_policy": "action_required_only"
},
{
"capability_id": "rag_km_freshness",
"display_name": "RAG / KM stale cleanup 與知識壓縮草案",
"primary_owner": "hermes",
"risk_tier": "medium",
"automation_level": "L2_approval_package_only",
"outputs": ["stale_km_report", "merge_draft", "owner_review_queue"],
"approval_gate": "owner_review_required",
"telegram_policy": "digest_only"
},
{
"capability_id": "ui_smoke_and_accessibility",
"display_name": "前後台 UI smoke / mobile / overflow / a11y",
"primary_owner": "hermes",
"risk_tier": "low",
"automation_level": "L1_report_only",
"outputs": ["browser_smoke_report", "overflow_report", "route_health"],
"approval_gate": "code_change_required_for_fix",
"telegram_policy": "failure_only"
},
{
"capability_id": "data_quality_and_schema_drift",
"display_name": "資料品質、schema drift、RLS / tenant context 稽核",
"primary_owner": "openclaw",
"risk_tier": "high",
"automation_level": "L2_approval_package_only",
"outputs": ["schema_drift_report", "rls_context_gap", "migration_plan"],
"approval_gate": "db_migration_approval_required",
"telegram_policy": "action_required"
},
{
"capability_id": "incident_postmortem_and_learning",
"display_name": "Incident postmortem、學習回寫與週報",
"primary_owner": "hermes",
"risk_tier": "medium",
"automation_level": "L1_report_only",
"outputs": ["postmortem_draft", "learning_delta", "weekly_digest"],
"approval_gate": "km_write_owner_review_required",
"telegram_policy": "digest_only"
},
{
"capability_id": "secret_rotation_metadata",
"display_name": "Secret rotation metadata 與到期提醒",
"primary_owner": "openclaw",
"risk_tier": "high",
"automation_level": "L1_report_only",
"outputs": ["secret_name_inventory", "rotation_due_report", "owner_packet"],
"approval_gate": "secret_value_handling_forbidden",
"telegram_policy": "action_required_only"
},
{
"capability_id": "compliance_and_evidence_pack",
"display_name": "合規、稽核證據包、owner response 完整度",
"primary_owner": "hermes",
"risk_tier": "medium",
"automation_level": "L1_report_only",
"outputs": ["evidence_pack", "missing_owner_response", "audit_gap"],
"approval_gate": "read_only_allowed",
"telegram_policy": "digest_only"
},
{
"capability_id": "market_watch_and_candidate_intake",
"display_name": "市場主流 AI Agent / 工具候選追蹤",
"primary_owner": "hermes",
"risk_tier": "medium",
"automation_level": "L2_approval_package_only",
"outputs": ["market_watch_report", "candidate_queue", "integration_review"],
"approval_gate": "market_scorecard_and_replay_gate_required",
"telegram_policy": "action_required_only"
},
{
"capability_id": "release_train_digest",
"display_name": "Release train 風險整理與分批升級建議",
"primary_owner": "openclaw",
"risk_tier": "medium",
"automation_level": "L2_approval_package_only",
"outputs": ["release_train_plan", "batching_policy", "blast_radius_map"],
"approval_gate": "operator_release_window_required",
"telegram_policy": "action_required"
}
],
"cadence_matrix": [
{
"cadence_id": "hourly_failure_signals",
"frequency": "hourly",
"scope": "只看既有 monitoring / Telegram / workflow failure signal不查外部 registry。",
"allowed_now": true,
"next_gate": "已存在監控資料;不發成功訊息"
},
{
"cadence_id": "daily_repo_only",
"frequency": "daily",
"scope": "manifest / lockfile / Dockerfile / K8s YAML / runbook / snapshot freshness repo-only 巡檢。",
"allowed_now": true,
"next_gate": "排程 workflow 仍需獨立批准"
},
{
"cadence_id": "weekly_external_primary_sources",
"frequency": "weekly",
"scope": "PyPI / npm / GitHub release / Docker registry / Kubernetes / tool official docs primary source version watch。",
"allowed_now": false,
"next_gate": "external_source_and_workflow_approval_required"
},
{
"cadence_id": "monthly_upgrade_planning",
"frequency": "monthly",
"scope": "host OS、K3s、stateful services、observability stack、backup tooling 升級批次規劃。",
"allowed_now": false,
"next_gate": "maintenance_window_and_owner_approval_required"
},
{
"cadence_id": "triggered_critical_security",
"frequency": "triggered",
"scope": "critical CVE、EOL notice、重大版本、watch source failure、Telegram silence、production incompatibility。",
"allowed_now": false,
"next_gate": "critical_alert_route_and_human_gate_required"
}
],
"mcp_tool_requirements": [
{
"tool_id": "gitea_release_pr_mcp",
"display_name": "Gitea / PR / workflow MCP",
"purpose": "查 commit、workflow、PR、runner、release train未批准不得寫 workflow、建 PR 或 merge。",
"owner_agent": "hermes",
"status": "planned_read_only_first",
"approval_gate": "write_requires_human_gate"
},
{
"tool_id": "package_registry_mcp",
"display_name": "PyPI / npm / GitHub release / Docker registry MCP",
"purpose": "查官方版本與 changelog重大版本進 approval package。",
"owner_agent": "hermes",
"status": "planned_external_source",
"approval_gate": "external_source_approval_required"
},
{
"tool_id": "sbom_sca_mcp",
"display_name": "SBOM / SCA MCP",
"purpose": "連接 Syft / Grype / OSV / Trivy 類工具;只產報告與批准包。",
"owner_agent": "openclaw",
"status": "tool_candidate",
"approval_gate": "tool_install_or_ci_change_approval_required"
},
{
"tool_id": "k8s_version_mcp",
"display_name": "K8s / K3s version MCP",
"purpose": "只讀檢查 kubectl / kubelet / apiserver / CNI version skew 與升級順序。",
"owner_agent": "openclaw",
"status": "planned_read_only",
"approval_gate": "cluster_write_blocked"
},
{
"tool_id": "host_os_readonly_mcp",
"display_name": "Host OS read-only MCP",
"purpose": "讀 OS / kernel / package version metadata不 apt upgrade、不 reboot、不 restart。",
"owner_agent": "openclaw",
"status": "planned_read_only",
"approval_gate": "ssh_or_host_probe_approval_required"
},
{
"tool_id": "observability_context_mcp",
"display_name": "Prometheus / Alertmanager / SigNoz / Sentry MCP",
"purpose": "把版本變更與 metrics / trace / issue regression 串起來。",
"owner_agent": "hermes",
"status": "partially_existing",
"approval_gate": "route_receiver_write_blocked"
},
{
"tool_id": "backup_dr_mcp",
"display_name": "Backup / DR readiness MCP",
"purpose": "升級前檢查備份新鮮度、restore readiness、rollback evidence。",
"owner_agent": "openclaw",
"status": "snapshot_existing",
"approval_gate": "restore_execution_blocked"
},
{
"tool_id": "telegram_gateway_mcp",
"display_name": "Telegram Gateway MCP",
"purpose": "只送 action-required、failure-only、critical security禁止 direct send 與成功洗版。",
"owner_agent": "openclaw",
"status": "policy_existing",
"approval_gate": "telegram_direct_send_blocked"
}
],
"rag_memory_contract": [
{
"memory_id": "version_history",
"display_name": "Version History Memory",
"storage": "PostgreSQL + pgvector + committed snapshots",
"owner_agent": "hermes",
"purpose": "保存每個 Agent、套件、工具、服務、主機的版本歷史、source ref、freshness 與升級結果。",
"redaction_policy": "不得保存 secret、token、private key、registry credential、完整工作視窗對話。"
},
{
"memory_id": "compatibility_matrix",
"display_name": "Compatibility Matrix Memory",
"storage": "knowledge_entries + runbooks + docs/evaluations",
"owner_agent": "openclaw",
"purpose": "保存 K8s skew、service compatibility、DB migration、provider fallback 與 rollback constraints。",
"redaction_policy": "只保存版本、風險、證據 ref不保存 secret payload。"
},
{
"memory_id": "upgrade_outcomes",
"display_name": "Upgrade Outcomes Memory",
"storage": "timeline_events + audit_logs + LOGBOOK",
"owner_agent": "openclaw",
"purpose": "把每次升級成功、失敗、回滾、延遲、Telegram outcome 回寫,讓下次分批更聰明。",
"redaction_policy": "只保存 decision envelope、evidence refs、redacted summary。"
},
{
"memory_id": "delegation_playbooks",
"display_name": "Delegation Playbooks Memory",
"storage": "playbooks + KM + docs/runbooks",
"owner_agent": "hermes",
"purpose": "把可委派工作轉成標準化 playbook、owner packet 與 approval package 模板。",
"redaction_policy": "owner response 只保存 redacted evidence refs。"
}
],
"rollout_tasks": [
{
"task_id": "P2-402A",
"priority": "P2",
"status": "done",
"completion_percent": 100,
"owner_agent": "Hermes + OpenClaw + NemoTron",
"summary": "定義 AI Agent 主動營運委派與版本生命週期契約、schema、snapshot、只讀 API 與文件同步。",
"next_gate": "正式部署驗證"
},
{
"task_id": "P2-402B",
"priority": "P2",
"status": "planned",
"completion_percent": 0,
"owner_agent": "Hermes",
"summary": "建立 repo-only daily version freshness snapshot不查外部 registry、不改 workflow。",
"next_gate": "workflow_schedule_approval_required"
},
{
"task_id": "P2-402C",
"priority": "P2",
"status": "planned",
"completion_percent": 0,
"owner_agent": "OpenClaw",
"summary": "建立 Renovate / OSV / Trivy / Syft / Grype 工具採用批准包。",
"next_gate": "tool_install_ci_change_and_secret_approval_required"
},
{
"task_id": "P2-402D",
"priority": "P2",
"status": "planned",
"completion_percent": 0,
"owner_agent": "OpenClaw",
"summary": "建立 Telegram action-required digest policy只通知 critical / action-required不發成功洗版。",
"next_gate": "telegram_gateway_e2e_required"
},
{
"task_id": "P2-402E",
"priority": "P2",
"status": "planned",
"completion_percent": 0,
"owner_agent": "Hermes",
"summary": "設計 Gitea PR 草案 lanegrouping、automerge=false、tests、rollback、owner response。",
"next_gate": "gitea_bot_and_branch_policy_approval_required"
},
{
"task_id": "P2-402F",
"priority": "P2",
"status": "planned",
"completion_percent": 0,
"owner_agent": "OpenClaw",
"summary": "建立 host OS / K3s / stateful services 版本只讀盤點與 maintenance window 批准包。",
"next_gate": "host_readonly_probe_and_maintenance_window_approval_required"
},
{
"task_id": "P2-402G",
"priority": "P2",
"status": "planned",
"completion_percent": 0,
"owner_agent": "Hermes",
"summary": "把可委派能力接入 governance UI顯示自主等級、gate、owner、Telegram policy。",
"next_gate": "frontend_ui_change_approval_required"
}
],
"approval_boundaries": {
"runtime_version_update_allowed": false,
"package_upgrade_allowed": false,
"host_upgrade_allowed": false,
"container_pull_allowed": false,
"workflow_schedule_enabled": false,
"auto_merge_allowed": false,
"telegram_direct_send_allowed": false,
"secret_plaintext_allowed": false,
"paid_external_service_allowed": false,
"production_route_change_allowed": false
},
"rollups": {
"version_domain_count": 12,
"delegable_capability_count": 24,
"cadence_count": 5,
"mcp_tool_count": 8,
"rag_memory_count": 4,
"rollout_task_count": 7,
"auto_execute_allowed_count": 0,
"approval_required_capability_count": 23,
"blocked_update_domain_ids": [
"ai_agents_models",
"python_packages",
"javascript_packages",
"container_images",
"kubernetes_k3s_components",
"host_os_packages",
"observability_stack",
"stateful_services",
"backup_dr_tooling",
"ci_cd_and_runner_tools",
"mcp_tools_integrations",
"public_web_admin_surfaces"
],
"telegram_action_required_capability_ids": [
"ai_provider_route_review",
"backup_dr_readiness",
"config_drift_owner_packet",
"cost_and_capacity_review",
"data_quality_and_schema_drift",
"host_patch_advisory",
"kubernetes_version_skew_review",
"license_policy_review",
"market_watch_and_candidate_intake",
"nemotron_replay_and_model_eval",
"observability_noise_review",
"release_train_digest",
"renovate_pr_proposal",
"secret_rotation_metadata",
"upgrade_approval_package",
"version_discovery_freshness",
"vulnerability_triage",
"telegram_delivery_audit"
]
}
}

307
docs/schemas/ai_agent_proactive_operations_contract_v1.schema.json Normal file
View File

@@ -0,0 +1,307 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://awoooi.wooo.work/schemas/ai_agent_proactive_operations_contract_v1.schema.json",
"title": "AI Agent Proactive Operations Contract v1",
"type": "object",
"required": [
"schema_version",
"generated_at",
"program_status",
"delegation_model",
"version_lifecycle_domains",
"delegable_capabilities",
"cadence_matrix",
"mcp_tool_requirements",
"rag_memory_contract",
"rollout_tasks",
"approval_boundaries",
"rollups"
],
"properties": {
"schema_version": {
"const": "ai_agent_proactive_operations_contract_v1"
},
"generated_at": {
"type": "string"
},
"program_status": {
"type": "object",
"required": [
"overall_completion_percent",
"current_priority",
"current_task_id",
"next_task_id",
"read_only_mode",
"runtime_authority"
],
"properties": {
"overall_completion_percent": {
"type": "integer",
"minimum": 0,
"maximum": 100
},
"current_priority": {
"type": "string"
},
"current_task_id": {
"type": "string"
},
"next_task_id": {
"type": "string"
},
"read_only_mode": {
"const": true
},
"runtime_authority": {
"const": "contract_only_no_version_or_runtime_update"
}
},
"additionalProperties": true
},
"delegation_model": {
"type": "object",
"required": [
"autonomy_levels",
"agent_responsibilities",
"telegram_policy"
],
"additionalProperties": true
},
"version_lifecycle_domains": {
"type": "array",
"items": {
"$ref": "#/$defs/version_domain"
},
"minItems": 1
},
"delegable_capabilities": {
"type": "array",
"items": {
"$ref": "#/$defs/capability"
},
"minItems": 1
},
"cadence_matrix": {
"type": "array",
"items": {
"$ref": "#/$defs/cadence"
},
"minItems": 1
},
"mcp_tool_requirements": {
"type": "array",
"items": {
"$ref": "#/$defs/tool_requirement"
},
"minItems": 1
},
"rag_memory_contract": {
"type": "array",
"items": {
"$ref": "#/$defs/memory_layer"
},
"minItems": 1
},
"rollout_tasks": {
"type": "array",
"items": {
"$ref": "#/$defs/rollout_task"
},
"minItems": 1
},
"approval_boundaries": {
"type": "object",
"required": [
"runtime_version_update_allowed",
"package_upgrade_allowed",
"host_upgrade_allowed",
"container_pull_allowed",
"workflow_schedule_enabled",
"auto_merge_allowed",
"telegram_direct_send_allowed",
"secret_plaintext_allowed",
"paid_external_service_allowed",
"production_route_change_allowed"
],
"properties": {
"runtime_version_update_allowed": {
"const": false
},
"package_upgrade_allowed": {
"const": false
},
"host_upgrade_allowed": {
"const": false
},
"container_pull_allowed": {
"const": false
},
"workflow_schedule_enabled": {
"const": false
},
"auto_merge_allowed": {
"const": false
},
"telegram_direct_send_allowed": {
"const": false
},
"secret_plaintext_allowed": {
"const": false
},
"paid_external_service_allowed": {
"const": false
},
"production_route_change_allowed": {
"const": false
}
},
"additionalProperties": true
},
"rollups": {
"type": "object",
"required": [
"version_domain_count",
"delegable_capability_count",
"cadence_count",
"mcp_tool_count",
"rag_memory_count",
"rollout_task_count",
"auto_execute_allowed_count",
"approval_required_capability_count",
"blocked_update_domain_ids",
"telegram_action_required_capability_ids"
],
"additionalProperties": true
}
},
"$defs": {
"version_domain": {
"type": "object",
"required": [
"domain_id",
"display_name",
"primary_owner",
"cadence",
"current_allowed_autonomy",
"update_authority",
"approval_gate"
],
"properties": {
"domain_id": {
"type": "string"
},
"display_name": {
"type": "string"
},
"primary_owner": {
"type": "string"
},
"cadence": {
"type": "string"
},
"current_allowed_autonomy": {
"type": "string"
},
"update_authority": {
"type": "string"
},
"approval_gate": {
"type": "string"
}
},
"additionalProperties": true
},
"capability": {
"type": "object",
"required": [
"capability_id",
"display_name",
"primary_owner",
"risk_tier",
"automation_level",
"outputs",
"approval_gate",
"telegram_policy"
],
"properties": {
"capability_id": {
"type": "string"
},
"display_name": {
"type": "string"
},
"primary_owner": {
"type": "string"
},
"risk_tier": {
"type": "string"
},
"automation_level": {
"type": "string"
},
"outputs": {
"type": "array",
"items": {
"type": "string"
}
},
"approval_gate": {
"type": "string"
},
"telegram_policy": {
"type": "string"
}
},
"additionalProperties": true
},
"cadence": {
"type": "object",
"required": [
"cadence_id",
"frequency",
"scope",
"allowed_now",
"next_gate"
],
"additionalProperties": true
},
"tool_requirement": {
"type": "object",
"required": [
"tool_id",
"display_name",
"purpose",
"owner_agent",
"status",
"approval_gate"
],
"additionalProperties": true
},
"memory_layer": {
"type": "object",
"required": [
"memory_id",
"display_name",
"storage",
"owner_agent",
"purpose",
"redaction_policy"
],
"additionalProperties": true
},
"rollout_task": {
"type": "object",
"required": [
"task_id",
"priority",
"status",
"completion_percent",
"owner_agent",
"summary",
"next_gate"
],
"additionalProperties": true
}
},
"additionalProperties": true
}

53
docs/superpowers/specs/2026-04-15-MASTER-ai-autonomous-flywheel-v2.md
View File

@@ -635,6 +635,52 @@ Alert / Sentry / SigNoz / Gitea / Market Watch / Operator
| `apps/api/src/services/ai_agent_communication_learning_contract.py` | 只讀 loader強制驗證 runtime / migration / Telegram / SDK / route 權限都未開 |
| `GET /api/v1/agents/agent-communication-learning-contract` | 治理 API只回傳 committed contract不啟動 worker、不碰 DB/Redis、不呼叫外部服務 |
#### 3.2.1c 2026-06-11 AI Agent 主動營運委派與版本生命週期契約
**核心裁決**:所有 AI Agent、套件、服務、工具、主機與網站前後台都要進版本生命週期Agent 可以主動偵測、整理、評分、產生批准包但不得自行升版、重啟、pull image、auto merge、發 Telegram 或改 production route。
**版本生命週期資料流:**
```text
Repo / registry / release notes / K8s / host / observability / backup evidence
→ Hermes 建立 version delta + changelog + SBOM / CVE / license 證據
→ OpenClaw 仲裁風險、相依性、rollback、dry-run、Telegram action-required
→ NemoTron 對 AI Agent / model / prompt / tool-call 變更跑 sanitized replay
→ 產生 upgrade approval package / owner packet / PR plan
→ 人工批准後才可進 draft PR / dry-run / smoke / canary
→ 成功或失敗回寫 version_history / upgrade_outcomes / KM
```
**可委派給 Agent 的工作全景:**
| 類別 | 可主動做 | 需批准才可做 | 主責 |
|---|---|---|---|
| 版本與依賴 | 版本發現、新鮮度、changelog 摘要、升級批准包 | 套件升級、lockfile 寫入、PR 建立、auto merge | Hermes / OpenClaw |
| AI Agent / 模型 | 市場 watch、scorecard、sanitized replay 計畫 | SDK 安裝、付費 API、shadow/canary、生產路由 | NemoTron / OpenClaw |
| 主機 / K3s / stateful | version skew 報告、maintenance window 草案 | apt upgrade、kernel / K3s / DB 升級、reboot、restart | OpenClaw |
| 資安 / SBOM / CVE | SBOM/SCA 工具採用評估、CVE triage、license delta | 安裝 Trivy / OSV / Syft / Grype、外部掃描、修補套件 | Hermes / OpenClaw |
| 監控與告警 | 告警噪音分析、Telegram 送達稽核、fallback gap | 改 Alertmanager route、receiver、silence、直接發 Bot | Hermes / OpenClaw |
| 備份 / DR | 新鮮度、完整性、restore readiness、DR 批准包 | restore、prune、offsite sync、credential marker | OpenClaw |
| 成本 / 容量 | resource / provider / fallback / cost delta 建議 | 增費、切付費 provider、修改 runtime limit | OpenClaw |
| 前後台 / 文件 / KM | UI smoke、overflow、a11y、runbook / postmortem 草稿 | 修改 UI、寫 KM canonical、發布文件 | Hermes |
| 合規 / owner response | evidence pack、owner packet、audit gap | 接受 owner response、開 runtime gate | Hermes / OpenClaw |
**本波已建立的可執行契約(只讀,不授權更新):**
| 檔案 / API | 用途 |
|---|---|
| `docs/schemas/ai_agent_proactive_operations_contract_v1.schema.json` | 主動營運委派、版本生命週期、MCP、RAG、Telegram policy、approval boundary 契約 |
| `docs/evaluations/ai_agent_proactive_operations_contract_2026-06-11.json` | 12 類版本 domain、24 類可委派能力、5 種 cadence、8 類 MCP、4 類 RAG memory完成度 `30%` |
| `apps/api/src/services/ai_agent_proactive_operations_contract.py` | 只讀 loader強制 runtime update / package upgrade / host upgrade / workflow schedule / auto merge / Telegram direct send 全部 false |
| `GET /api/v1/agents/agent-proactive-operations-contract` | 治理 API只回傳 committed snapshot不啟用排程、不升級、不呼叫付費服務 |
**採用順序:**
1. 先做 repo-only daily freshnessmanifest / lockfile / Dockerfile / K8s YAML / runbook / snapshot。
2. 再評估 external primary source weekly watchRenovate、OSV-Scanner、Trivy、Syft、Grype、Kubernetes skew policy、Docker Scout。
3. 再進 Gitea PR 草案 lanegrouping、automerge=false、tests、rollback、owner response。
4. 最後才進人工批准後的 dry-run / smoke / canary / production rollout。
#### 3.2.2 核心缺口與災難場景
| 場景 | 現況 | 有 D2 協作後 |
@@ -1267,6 +1313,7 @@ Alert / Sentry / SigNoz / Gitea / Market Watch / Operator
| Agent Session 表 | DB migration | 新增 `agent_sessions`session_id / agent_role / input_hash / output / latency| L7×D2 |
| 決策路由 | `services/decision_manager.py` | 新路徑:收到 EvidenceSnapshot → 送 Orchestrator → 等 Coordinator 結果 | L4×D2 |
| 主動溝通與學習契約 | `docs/evaluations/ai_agent_communication_learning_contract_2026-06-11.json` + `GET /api/v1/agents/agent-communication-learning-contract` | 先固定 OpenClaw / Hermes / NemoTron 主動溝通、MCP、RAG、學習與 redaction 邊界;不啟動 runtime worker | L4×D2 / L7×D4 |
| 主動營運委派與版本生命週期契約 | `docs/evaluations/ai_agent_proactive_operations_contract_2026-06-11.json` + `GET /api/v1/agents/agent-proactive-operations-contract` | 先固定 12 類版本 domain、24 類可委派能力、MCP/RAG/Telegram 邊界;不啟用排程、不自動升版 | L4×D2 / L7×D4 / L6×D6 |
**退出條件(量化)**
@@ -1632,6 +1679,12 @@ Phase 6 完成後
- 新增 §3.4.3 智慧成長資料層補強,明確 Hot / Warm / Cold memory、MCP Gateway、PostgreSQL + pgvector、OpenTelemetry、Langfuse / Phoenix、Qdrant / Milvus 的採用順序。
- Phase 2 核心改造項加入 `ai_agent_communication_learning_contract_v1``GET /api/v1/agents/agent-communication-learning-contract`,本波只讀、完成度 35%,未授權 worker / migration / Telegram / SDK / production route。
### 2026-06-11 21:30 (台北) — §3.2 / §5 — 新增 AI Agent 主動營運委派與版本生命週期契約 — 回應統帥要求讓 Agent 定期更新版本情報並專業評估更多可委派工作
- 新增 §3.2.1c,定義 AI Agent 可主動處理的版本生命週期、營運能力委派、自主等級、MCP/RAG/Telegram policy 與採用順序。
- 新增 `ai_agent_proactive_operations_contract_v1` committed snapshot12 類版本 domain、24 類可委派能力、5 種 cadence、8 類 MCP、4 類 RAG memory。
- 新增 `GET /api/v1/agents/agent-proactive-operations-contract`;本波只讀,完成度 30%未授權排程、升級、host update、container pull、auto merge、Telegram direct send、付費服務或 production route。
### 2026-04-15 (台北) — 全檔 — 建立 v2 骨架§0/§1 完成 — 統帥批准「單 MASTER + 4 道閘門」結構
- 從 v1plans/2026-04-15-MASTER-ai-autonomous-flywheel.md繼承核心發現