fix(security): align alert guards with controlled apply
Some checks failed
Code Review / ai-code-review (push) Successful in 13s
CD Pipeline / tests (push) Successful in 1m38s
CD Pipeline / build-and-deploy (push) Successful in 5m32s
CD Pipeline / post-deploy-checks (push) Successful in 1m30s
Ansible / Reboot Recovery Contract / validate (push) Has been cancelled
Some checks failed
Code Review / ai-code-review (push) Successful in 13s
CD Pipeline / tests (push) Successful in 1m38s
CD Pipeline / build-and-deploy (push) Successful in 5m32s
CD Pipeline / post-deploy-checks (push) Successful in 1m30s
Ansible / Reboot Recovery Contract / validate (push) Has been cancelled
This commit is contained in:
@@ -1007,7 +1007,7 @@ ARTIFACT_SPECS = [
|
||||
"ai_signal_lanes": 7,
|
||||
"host_resource_lanes": 6,
|
||||
"blocked_raw_output_markers": 12,
|
||||
"required_output_markers": 6,
|
||||
"required_output_markers": 7,
|
||||
},
|
||||
"summary_counts": {
|
||||
"source_formatter_marker_count": 11,
|
||||
@@ -1016,7 +1016,7 @@ ARTIFACT_SPECS = [
|
||||
"ai_signal_lane_count": 7,
|
||||
"host_resource_lane_count": 6,
|
||||
"blocked_raw_output_marker_count": 12,
|
||||
"required_output_marker_count": 6,
|
||||
"required_output_marker_count": 7,
|
||||
"telegram_send_authorized_count": 0,
|
||||
"bot_api_call_authorized_count": 0,
|
||||
"raw_payload_storage_allowed_count": 0,
|
||||
|
||||
@@ -15596,13 +15596,14 @@ def validate(root: Path) -> None:
|
||||
assert_text_contains("code_review_page.codex_handoff_structure", code_review_page, text)
|
||||
for text in [
|
||||
"審查後 Coding 工作橋接",
|
||||
"Codex 工作草稿",
|
||||
"Codex 工作候選分類",
|
||||
"可交給 Codex 起草",
|
||||
"需人工批准後接手",
|
||||
"受控自動接手",
|
||||
"禁止自動轉工作",
|
||||
"前端體驗、測試補洞、文件同步、低風險重構",
|
||||
"Kali 更新、掃描、GitHub primary、正式部署",
|
||||
"維持只讀候選與人工閘門",
|
||||
"Kali 主機變更、掃描、正式推版、主要來源切換、執行期閘門",
|
||||
"allowlist 內由 AI 受控修補與驗證",
|
||||
"auto merge、secret、force push 與 destructive action 仍硬封鎖",
|
||||
]:
|
||||
assert_text_contains("code_review_page.codex_handoff_read_only", code_review_surface_text, text)
|
||||
assert_text_contains("iwooos_page.surface_connection_board", iwooos_projection_page, "surfaceConnectionStatuses")
|
||||
|
||||
@@ -127,10 +127,11 @@ BLOCKED_RAW_OUTPUT_MARKERS = [
|
||||
REQUIRED_OUTPUT_MARKERS = [
|
||||
"ai_automation_alert_card_v1",
|
||||
"AI 自動化判讀",
|
||||
"runtime_write_gate=0",
|
||||
"candidate_only",
|
||||
"controlled_playbook_queue",
|
||||
"runtime_write_gate=controlled",
|
||||
"Top evidence",
|
||||
"禁止事項",
|
||||
"allowlisted PlayBook",
|
||||
]
|
||||
|
||||
EXECUTION_BOUNDARIES = {
|
||||
|
||||
Reference in New Issue
Block a user