From ac0ca41b7ec50b11e2cad4f9bd539cac4a56fcaa Mon Sep 17 00:00:00 2001 From: AWOOOI CD Date: Sat, 27 Jun 2026 19:46:25 +0800 Subject: [PATCH 1/3] chore(cd): deploy 551227f [skip ci] --- k8s/awoooi-prod/kustomization.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/awoooi-prod/kustomization.yaml b/k8s/awoooi-prod/kustomization.yaml index 4353764c..4c2a8ef5 100644 --- a/k8s/awoooi-prod/kustomization.yaml +++ b/k8s/awoooi-prod/kustomization.yaml @@ -41,7 +41,7 @@ resources: images: - name: 192.168.0.110:5000/library/api:IMAGE_TAG_PLACEHOLDER newName: 192.168.0.110:5000/awoooi/api - newTag: 7406d229bb0b23167b494dfba719bbf06a678849 + newTag: 551227f3bbaa7e19a49b94d0719ac9ad8a7aba11 - name: 192.168.0.110:5000/library/web:IMAGE_TAG_PLACEHOLDER newName: 192.168.0.110:5000/awoooi/web - newTag: 7406d229bb0b23167b494dfba719bbf06a678849 + newTag: 551227f3bbaa7e19a49b94d0719ac9ad8a7aba11 From d42b8c72414255827f4974a1765b15c14b1a5036 Mon Sep 17 00:00:00 2001 From: Your Name Date: Sat, 27 Jun 2026 19:48:33 +0800 Subject: [PATCH 2/3] fix(agents): add autonomous runtime deploy marker --- .../api/src/services/ai_agent_autonomous_runtime_control.py | 6 +++++- apps/api/tests/test_ai_agent_autonomous_runtime_control.py | 4 ++++ .../tests/test_ai_agent_autonomous_runtime_control_api.py | 3 +++ apps/web/messages/en.json | 3 ++- apps/web/messages/zh-TW.json | 3 ++- .../[locale]/governance/tabs/automation-inventory-tab.tsx | 1 + apps/web/src/lib/api-client.ts | 1 + 7 files changed, 18 insertions(+), 3 deletions(-) diff --git a/apps/api/src/services/ai_agent_autonomous_runtime_control.py b/apps/api/src/services/ai_agent_autonomous_runtime_control.py index 504e68be..3d9d7e68 100644 --- a/apps/api/src/services/ai_agent_autonomous_runtime_control.py +++ b/apps/api/src/services/ai_agent_autonomous_runtime_control.py @@ -23,6 +23,7 @@ from src.services.report_generation_service import ( _SCHEMA_VERSION = "ai_agent_autonomous_runtime_control_v1" _RUNTIME_AUTHORITY = "current_owner_directive_controlled_ai_automation" +_DEPLOY_READBACK_MARKER = "p2_416_d1n_autonomous_runtime_control_prod_readback_v1" def _allowed_risk_levels() -> list[str]: @@ -137,8 +138,9 @@ def build_ai_agent_autonomous_runtime_control() -> dict[str, Any]: "current_task_id": "P2-416-D1N", "status": "current_directive_control_plane_active", "runtime_authority": _RUNTIME_AUTHORITY, + "deploy_readback_marker": _DEPLOY_READBACK_MARKER, "legacy_no_send_no_live_rules_overridden": True, - "implementation_completion_percent": 82, + "implementation_completion_percent": 88, "status_note": ( "目前有效規則:low / medium / high 風險由 AI Agent 在 allowlist、" "Ansible check-mode、verifier、rollback、KM 與 Telegram receipt 下受控自動處理。" @@ -246,6 +248,8 @@ def _validate_payload(payload: dict[str, Any]) -> None: status = payload.get("program_status") or {} if status.get("runtime_authority") != _RUNTIME_AUTHORITY: raise ValueError(f"runtime_authority must be {_RUNTIME_AUTHORITY}") + if status.get("deploy_readback_marker") != _DEPLOY_READBACK_MARKER: + raise ValueError(f"deploy_readback_marker must be {_DEPLOY_READBACK_MARKER}") policy = payload.get("current_policy") or {} for key in ( "low_risk_controlled_apply_allowed", diff --git a/apps/api/tests/test_ai_agent_autonomous_runtime_control.py b/apps/api/tests/test_ai_agent_autonomous_runtime_control.py index 59e060cb..7d4782d9 100644 --- a/apps/api/tests/test_ai_agent_autonomous_runtime_control.py +++ b/apps/api/tests/test_ai_agent_autonomous_runtime_control.py @@ -10,7 +10,11 @@ def test_ai_agent_autonomous_runtime_control_uses_current_owner_directive(): assert data["program_status"]["runtime_authority"] == ( "current_owner_directive_controlled_ai_automation" ) + assert data["program_status"]["deploy_readback_marker"] == ( + "p2_416_d1n_autonomous_runtime_control_prod_readback_v1" + ) assert data["program_status"]["legacy_no_send_no_live_rules_overridden"] is True + assert data["program_status"]["implementation_completion_percent"] == 88 assert data["current_policy"]["low_risk_controlled_apply_allowed"] is True assert data["current_policy"]["medium_risk_controlled_apply_allowed"] is True assert data["current_policy"]["high_risk_controlled_apply_allowed"] is True diff --git a/apps/api/tests/test_ai_agent_autonomous_runtime_control_api.py b/apps/api/tests/test_ai_agent_autonomous_runtime_control_api.py index 2831db7e..5ef67f1a 100644 --- a/apps/api/tests/test_ai_agent_autonomous_runtime_control_api.py +++ b/apps/api/tests/test_ai_agent_autonomous_runtime_control_api.py @@ -51,6 +51,9 @@ def test_get_ai_agent_autonomous_runtime_control_api(): assert data["program_status"]["runtime_authority"] == ( "current_owner_directive_controlled_ai_automation" ) + assert data["program_status"]["deploy_readback_marker"] == ( + "p2_416_d1n_autonomous_runtime_control_prod_readback_v1" + ) assert data["current_policy"]["owner_review_required_for_low_medium_high"] is False assert data["report_delivery"]["status"] == "telegram_gateway_delivery_enabled" assert data["rollups"]["report_cadence_enabled_count"] == 3 diff --git a/apps/web/messages/en.json b/apps/web/messages/en.json index 502ff97d..972b60db 100644 --- a/apps/web/messages/en.json +++ b/apps/web/messages/en.json @@ -3697,7 +3697,8 @@ "hardBlockerDetail": "需 break-glass 或專案級合約,不由一般自動化靜默執行。", "badges": { "override": "舊 no-send / no-live 已覆寫", - "gateway": "Telegram Gateway" + "gateway": "Telegram Gateway", + "deployMarker": "部署讀回" }, "metrics": { "completion": "目前完成度", diff --git a/apps/web/messages/zh-TW.json b/apps/web/messages/zh-TW.json index 502ff97d..972b60db 100644 --- a/apps/web/messages/zh-TW.json +++ b/apps/web/messages/zh-TW.json @@ -3697,7 +3697,8 @@ "hardBlockerDetail": "需 break-glass 或專案級合約,不由一般自動化靜默執行。", "badges": { "override": "舊 no-send / no-live 已覆寫", - "gateway": "Telegram Gateway" + "gateway": "Telegram Gateway", + "deployMarker": "部署讀回" }, "metrics": { "completion": "目前完成度", diff --git a/apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx b/apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx index c7edac74..128592a5 100644 --- a/apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx +++ b/apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx @@ -6354,6 +6354,7 @@ export function AutomationInventoryTab() { + diff --git a/apps/web/src/lib/api-client.ts b/apps/web/src/lib/api-client.ts index 28ccf97b..a2288117 100644 --- a/apps/web/src/lib/api-client.ts +++ b/apps/web/src/lib/api-client.ts @@ -1862,6 +1862,7 @@ export interface AiAgentAutonomousRuntimeControlSnapshot { current_task_id: 'P2-416-D1N' status: string runtime_authority: 'current_owner_directive_controlled_ai_automation' + deploy_readback_marker: string legacy_no_send_no_live_rules_overridden: true implementation_completion_percent: number status_note: string From 7bfb0ac83612a8f5b3bac20ca5e5dcf6cdf5b105 Mon Sep 17 00:00:00 2001 From: Your Name Date: Sat, 27 Jun 2026 19:53:17 +0800 Subject: [PATCH 3/3] fix(web): align approvals with controlled automation language --- apps/web/messages/en.json | 38 ++++++++++----------- apps/web/messages/zh-TW.json | 38 ++++++++++----------- docs/HARD_RULES.md | 65 ++++++++++++++++++++++++++++++++++++ 3 files changed, 103 insertions(+), 38 deletions(-) diff --git a/apps/web/messages/en.json b/apps/web/messages/en.json index 972b60db..97a8b34d 100644 --- a/apps/web/messages/en.json +++ b/apps/web/messages/en.json @@ -11618,22 +11618,22 @@ "genericLoadFailed": "載入失敗" }, "summary": { - "pending": "待人工決策", - "pendingDetail": "AwoooP {platform} / Legacy HITL {legacy}", + "pending": "待 AI 受控決策", + "pendingDetail": "AwoooP 受控佇列 {platform} / 舊 HITL 證據 {legacy}", "critical": "即將逾時", "criticalDetail": "5 分鐘內必須處置", "expired": "已逾時", - "expiredDetail": "不得再自動恢復" + "expiredDetail": "改排 AI retry / rollback / verifier,不預設人工結案" }, "decisionRail": { "eyebrow": "審批決策 Rail", - "title": "卡住的批准與人工接手判讀", - "subtitle": "先把狀態鏈、MCP 證據、Gate 5 投影與 Legacy HITL 收斂成一個判讀面板;使用者先看卡點與下一個安全入口,再下鑽完整表格。", - "boundary": "此面板只做審批判讀與安全導覽;不送 Telegram、不套用 PlayBook、不執行 Ansible、不重啟服務、不切換供應者,也不代表 runtime gate 已開。", + "title": "卡住的批准與 AI 受控處置判讀", + "subtitle": "先把狀態鏈、MCP 證據、Gate 5 投影與舊 HITL 證據收斂成一個判讀面板;使用者先看 AI 下一步、卡點與安全入口,再下鑽完整表格。", + "boundary": "此面板只做受控處置判讀與安全導覽;Telegram、PlayBook、Ansible、重啟、供應者切換都必須走 allowlist、check-mode、verifier 與 rollback,不提供繞過路徑。", "conclusion": { - "blocked": "有卡點需接手", + "blocked": "有卡點需 AI 補齊", "degraded": "資料載入需復核", - "watching": "等待人工決策", + "watching": "等待 AI 受控決策", "clear": "目前無待審" }, "status": { @@ -11653,11 +11653,11 @@ }, "decision": { "title": "決策", - "detail": "需要人工或已逾時的審批" + "detail": "需要 AI 補齊、retry、rollback 或 break-glass 的審批" }, "handoff": { "title": "接手", - "detail": "Gate 5、Legacy 與工作項接手" + "detail": "Gate 5、舊 HITL 證據與 AI 工作項補齊" }, "verifier": { "title": "驗證", @@ -11666,11 +11666,11 @@ }, "cards": { "stuck": { - "title": "阻塞與人工閘門", - "detail": "找出 learning_recorded、execution_failed、manual fix 或逾時的審批。", + "title": "阻塞與 AI 受控隊列", + "detail": "找出 learning_recorded、execution_failed、AI retry / rollback 或逾時的審批。", "cta": "查看卡點", "meta": { - "needsHuman": "需要人工", + "needsHuman": "需要 AI 補齊", "executionFailed": "執行失敗 / 降級", "learningRecorded": "卡在學習紀錄" } @@ -11686,18 +11686,18 @@ } }, "handoff": { - "title": "接手包與工作項", - "detail": "把 Gate 5 投影、Legacy HITL 與人工接手導回 Work Items。", + "title": "AI 處置包與工作項", + "detail": "把 Gate 5 投影、舊 HITL 證據與 AI 補齊任務導回 Work Items。", "cta": "查看工作項", "meta": { "gate5": "Gate 5 投影", "legacy": "Legacy HITL", - "manual": "人工接手" + "manual": "AI 補齊" } }, "guardrail": { - "title": "安全閘門仍關閉", - "detail": "批准頁不等於執行頁;所有高風險動作仍需獨立 owner 與 verifier。", + "title": "受控執行邊界", + "detail": "批准頁不等於繞過執行;低 / 中 / 高風險走 allowlist、check-mode、controlled apply、verifier 與 rollback;critical 才 break-glass。", "cta": "查看治理", "meta": { "runtimeGate": "runtime gate", @@ -11708,7 +11708,7 @@ } }, "badges": { - "humanGate": "人工閘門", + "humanGate": "AI 受控閘門", "gate5Projection": "Gate 5 投影", "executorHandoffPending": "等待 executor handoff" }, diff --git a/apps/web/messages/zh-TW.json b/apps/web/messages/zh-TW.json index 972b60db..97a8b34d 100644 --- a/apps/web/messages/zh-TW.json +++ b/apps/web/messages/zh-TW.json @@ -11618,22 +11618,22 @@ "genericLoadFailed": "載入失敗" }, "summary": { - "pending": "待人工決策", - "pendingDetail": "AwoooP {platform} / Legacy HITL {legacy}", + "pending": "待 AI 受控決策", + "pendingDetail": "AwoooP 受控佇列 {platform} / 舊 HITL 證據 {legacy}", "critical": "即將逾時", "criticalDetail": "5 分鐘內必須處置", "expired": "已逾時", - "expiredDetail": "不得再自動恢復" + "expiredDetail": "改排 AI retry / rollback / verifier,不預設人工結案" }, "decisionRail": { "eyebrow": "審批決策 Rail", - "title": "卡住的批准與人工接手判讀", - "subtitle": "先把狀態鏈、MCP 證據、Gate 5 投影與 Legacy HITL 收斂成一個判讀面板;使用者先看卡點與下一個安全入口,再下鑽完整表格。", - "boundary": "此面板只做審批判讀與安全導覽;不送 Telegram、不套用 PlayBook、不執行 Ansible、不重啟服務、不切換供應者,也不代表 runtime gate 已開。", + "title": "卡住的批准與 AI 受控處置判讀", + "subtitle": "先把狀態鏈、MCP 證據、Gate 5 投影與舊 HITL 證據收斂成一個判讀面板;使用者先看 AI 下一步、卡點與安全入口,再下鑽完整表格。", + "boundary": "此面板只做受控處置判讀與安全導覽;Telegram、PlayBook、Ansible、重啟、供應者切換都必須走 allowlist、check-mode、verifier 與 rollback,不提供繞過路徑。", "conclusion": { - "blocked": "有卡點需接手", + "blocked": "有卡點需 AI 補齊", "degraded": "資料載入需復核", - "watching": "等待人工決策", + "watching": "等待 AI 受控決策", "clear": "目前無待審" }, "status": { @@ -11653,11 +11653,11 @@ }, "decision": { "title": "決策", - "detail": "需要人工或已逾時的審批" + "detail": "需要 AI 補齊、retry、rollback 或 break-glass 的審批" }, "handoff": { "title": "接手", - "detail": "Gate 5、Legacy 與工作項接手" + "detail": "Gate 5、舊 HITL 證據與 AI 工作項補齊" }, "verifier": { "title": "驗證", @@ -11666,11 +11666,11 @@ }, "cards": { "stuck": { - "title": "阻塞與人工閘門", - "detail": "找出 learning_recorded、execution_failed、manual fix 或逾時的審批。", + "title": "阻塞與 AI 受控隊列", + "detail": "找出 learning_recorded、execution_failed、AI retry / rollback 或逾時的審批。", "cta": "查看卡點", "meta": { - "needsHuman": "需要人工", + "needsHuman": "需要 AI 補齊", "executionFailed": "執行失敗 / 降級", "learningRecorded": "卡在學習紀錄" } @@ -11686,18 +11686,18 @@ } }, "handoff": { - "title": "接手包與工作項", - "detail": "把 Gate 5 投影、Legacy HITL 與人工接手導回 Work Items。", + "title": "AI 處置包與工作項", + "detail": "把 Gate 5 投影、舊 HITL 證據與 AI 補齊任務導回 Work Items。", "cta": "查看工作項", "meta": { "gate5": "Gate 5 投影", "legacy": "Legacy HITL", - "manual": "人工接手" + "manual": "AI 補齊" } }, "guardrail": { - "title": "安全閘門仍關閉", - "detail": "批准頁不等於執行頁;所有高風險動作仍需獨立 owner 與 verifier。", + "title": "受控執行邊界", + "detail": "批准頁不等於繞過執行;低 / 中 / 高風險走 allowlist、check-mode、controlled apply、verifier 與 rollback;critical 才 break-glass。", "cta": "查看治理", "meta": { "runtimeGate": "runtime gate", @@ -11708,7 +11708,7 @@ } }, "badges": { - "humanGate": "人工閘門", + "humanGate": "AI 受控閘門", "gate5Projection": "Gate 5 投影", "executorHandoffPending": "等待 executor handoff" }, diff --git a/docs/HARD_RULES.md b/docs/HARD_RULES.md index 85f1a0d6..e426b8d8 100644 --- a/docs/HARD_RULES.md +++ b/docs/HARD_RULES.md @@ -68,6 +68,71 @@ | **🔴🔴🔴 IwoooS 資安治理** | **UI 可見 / AwoooP approval 當 runtime 授權** | **只讀證據 + allowlist + check-mode + controlled apply;critical 才 break-glass** | [→ IwoooS Security Governance](#iwooos-security-governance) | | **🔴🔴🔴 高價值配置** | **手改 Nginx / workflow / secret / runtime config 後直接 reload 或部署** | **source-of-truth + controlled gate + diff + rollback + verifier** | [→ High Value Config Control](#high-value-config-control) | | **🔴🔴🔴 AI Agent 執行** | **把告警丟回人工、或繞過 check-mode 亂寫** | **allowlist + check-mode + controlled apply + verifier + KM / PlayBook trust** | [→ AI Agent Controlled Runtime Authorization](#ai-agent-controlled-runtime-authorization) | +| **🔴🔴🔴 Codex 額度 / 上下文** | **在舊長視窗反覆餵長 log / 多支線除錯** | **context_budget_gate + 短 handoff + New Chat 分流** | [→ Codex Context Budget](#codex-context-budget) | + +--- + +## 🔴🔴🔴 Codex Context Budget + +> 2026-06-27 統帥要求:避免 Codex Pro 20x 額度因「重複讀取長上下文」暴跌。所有專案都必須把上下文預算視為工程資源;長 log、舊對話、多支線 debug 不得混在同一工作視窗反覆讀取。 + +### 開工必跑 `context_budget_gate` + +每個新任務、除錯支線、部署驗證或跨產品切換開始前,Codex 必須先列出: + +```text +context_budget_gate: +- new_chat_recommended: true|false +- reason: ... +- long_context_risks: ... +- token_spend_priority: goal_and_relevant_files_first +- safe_next_action: ... +- handoff_ready: true|false +``` + +### 必須建議 New Chat 的情況 + +1. 任務已切換產品、服務、錯誤類型、部署層或資料層。 +2. 目前視窗已累積 Playwright、SSH、CI、K8s、browser HTML、stack trace 或重複錯誤 log。 +3. 需要讀取 / 貼入超過約 200 行 log、20KB 輸出,或同一錯誤已重試 3 輪以上。 +4. 需要重新建模問題,而不是延續同一個 patch。 +5. 同一視窗已有多條未關閉支線,且使用者只說「繼續」或「下一步」。 + +### 正確做法 + +1. 長 log 必須落地成檔案,用 `rg` / 精準搜尋讀關鍵段,不得整段貼入對話。 +2. New Chat handoff 必須控制在 20 行內,包含目標、cwd、已確認事實、已改檔案、驗證結果、blocker、下一步命令。 +3. 只同步 handoff、治理 snapshot、repo 檔案與明確指定 log 檔;禁止讀取、複製、同步 raw Codex / ChatGPT conversations、sessions、SQLite、auth、`.env`、runtime volumes。 +4. 若判斷不需 New Chat,必須明確說明原因:同一主題、上下文仍短、可用檔案精準搜尋延續。 + +### Token 花費優先順序 + +1. 第一優先:任務目標、成功條件、相關檔案路徑、精準錯誤摘要。 +2. 第二優先:必要程式碼片段、測試名稱、route / component / function 名稱、最小可重現命令。 +3. 第三優先:用 `rg` 找出的關鍵 log 段落、diff、失敗 stack trace 的最短關鍵段。 +4. 第四優先:大型文件、完整 CI 輸出、browser HTML、長截圖 OCR、全量 JSON。 +5. 禁止優先花 Token 在 raw conversation、完整 sessions、整份 SQLite、整段重複 log、無關 repo 掃描。 + +### 官方做法對應 + +1. `AGENTS.md` 保持短、穩定、可重用;細節文件需要時才讀。 +2. 複雜任務先 plan / scope,再讀檔、跑測試或修改。 +3. 只提供相關檔案、選取範圍與摘要;不要把整包歷史當上下文。 +4. 長內容先 chunk / summarize / preprocess,再餵必要片段。 +5. 使用 progressive disclosure:先索引、再摘要、最後才完整內容。 +6. 重複錯誤才升級成永久規則,避免規範膨脹吃掉上下文。 +7. 多小時任務用 `PLANS.md` / execution plan / handoff 承接。 +8. 小任務用低推理 / 輕量模型;高風險架構、資安、跨系統才升級推理力。 + +### 禁止 + +```text +❌ 把 Playwright / SSH / CI / K8s 完整長 log 直接貼進同一視窗反覆分析 +❌ 為了接續任務讀 raw Codex sessions、ChatGPT conversations 或 SQLite +❌ 多產品、多部署層、多錯誤型態混在同一視窗追到底 +❌ 沒有 handoff 就要求下一個視窗靠舊對話記憶 +❌ 把一次性任務細節塞進全域 AGENTS.md 造成每次開工都重複讀取 +``` ---