From 32fdce4cd92c5705abe6865ac7ce4bccf04dcaac Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 12 Jun 2026 01:09:47 +0800 Subject: [PATCH] =?UTF-8?q?fix(web):=20=E4=BF=AE=E6=AD=A3=20P2-403G=20?= =?UTF-8?q?=E6=B2=BB=E7=90=86=E9=A0=81=E6=AC=84=E4=BD=8D=E5=B0=8D=E9=BD=8A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/web/messages/en.json | 13 +++++++++- apps/web/messages/zh-TW.json | 13 +++++++++- .../tabs/automation-inventory-tab.tsx | 16 +++++++++--- apps/web/src/lib/api-client.ts | 12 ++------- docs/LOGBOOK.md | 25 +++++++++++++++++++ 5 files changed, 63 insertions(+), 16 deletions(-) diff --git a/apps/web/messages/en.json b/apps/web/messages/en.json index ae8246ad..3eeb9ffb 100644 --- a/apps/web/messages/en.json +++ b/apps/web/messages/en.json @@ -3228,6 +3228,16 @@ "L1_report_only": "L1 僅報告", "L2_approval_package_only": "L2 僅批准包", "L3_draft_change_after_gate": "L3 批准後草案" + }, + "approvalGates": { + "read_only_allowed": "只讀允許", + "km_write_owner_review_required": "KM 寫入需 owner 審查", + "secret_value_handling_forbidden": "機密值處理禁止", + "owner_review_required": "需 owner 審查", + "runtime_worker_gate_required": "需 runtime worker 關卡", + "db_migration_required": "需 DB migration 關卡", + "replay_shadow_canary_gate_required": "需 replay / shadow / canary 關卡", + "cost_data_approval_required": "需費用與資料邊界批准" } }, "hostStateful": { @@ -3847,7 +3857,8 @@ }, "labels": { "requiredFields": "必填欄位 {count}", - "forbiddenFields": "禁止欄位 {count}" + "forbiddenFields": "禁止欄位 {count}", + "reviewOnly": "只讀審查" } }, "ownerDryRunPackage": { diff --git a/apps/web/messages/zh-TW.json b/apps/web/messages/zh-TW.json index ae8246ad..3eeb9ffb 100644 --- a/apps/web/messages/zh-TW.json +++ b/apps/web/messages/zh-TW.json @@ -3228,6 +3228,16 @@ "L1_report_only": "L1 僅報告", "L2_approval_package_only": "L2 僅批准包", "L3_draft_change_after_gate": "L3 批准後草案" + }, + "approvalGates": { + "read_only_allowed": "只讀允許", + "km_write_owner_review_required": "KM 寫入需 owner 審查", + "secret_value_handling_forbidden": "機密值處理禁止", + "owner_review_required": "需 owner 審查", + "runtime_worker_gate_required": "需 runtime worker 關卡", + "db_migration_required": "需 DB migration 關卡", + "replay_shadow_canary_gate_required": "需 replay / shadow / canary 關卡", + "cost_data_approval_required": "需費用與資料邊界批准" } }, "hostStateful": { @@ -3847,7 +3857,8 @@ }, "labels": { "requiredFields": "必填欄位 {count}", - "forbiddenFields": "禁止欄位 {count}" + "forbiddenFields": "禁止欄位 {count}", + "reviewOnly": "只讀審查" } }, "ownerDryRunPackage": { diff --git a/apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx b/apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx index f556bde3..74a5d55d 100644 --- a/apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx +++ b/apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx @@ -1249,6 +1249,14 @@ export function AutomationInventoryTab() { } } + const proactiveApprovalGateLabel = (value: string) => { + try { + return t(`proactiveOperations.approvalGates.${value}` as never) + } catch { + return value + } + } + const proofValueLabel = (group: string, value: string) => { try { return t(`interactionProof.${group}.${value}` as never) @@ -1666,7 +1674,7 @@ export function AutomationInventoryTab() {
- +
@@ -1708,11 +1716,11 @@ export function AutomationInventoryTab() { {target.display_name} - {target.operator_instruction} + {target.required_before_write}
- +
))} @@ -2583,7 +2591,7 @@ export function AutomationInventoryTab() {
- +
{t('proactiveOperations.labels.telegram')} diff --git a/apps/web/src/lib/api-client.ts b/apps/web/src/lib/api-client.ts index 9ad6bc5c..c7fe8920 100644 --- a/apps/web/src/lib/api-client.ts +++ b/apps/web/src/lib/api-client.ts @@ -1630,10 +1630,6 @@ export interface AiAgentRuntimeWriteGateReviewSnapshot { truth_note: string } write_gate_review: { - review_id: string - display_name: string - owner_agent: 'openclaw' | 'hermes' | 'nemotron' - status: string operator_meaning: string required_fields: string[] forbidden_fields: string[] @@ -1641,12 +1637,10 @@ export interface AiAgentRuntimeWriteGateReviewSnapshot { write_targets: Array<{ target_id: string display_name: string - target_surface: string status: string owner_agent: 'openclaw' | 'hermes' | 'nemotron' - required_approval: string - blocked_runtime_action: string - operator_instruction: string + required_before_write: string + blocked_write_action: string }> approval_gates: Array<{ gate_id: string @@ -1654,13 +1648,11 @@ export interface AiAgentRuntimeWriteGateReviewSnapshot { status: string required_evidence: string blocked_runtime_action: string - operator_instruction: string }> post_write_verification: { verification_required: true rollback_required: true verification_steps: string[] - failure_escalation: string } approval_boundaries: Record display_redaction_contract: { diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index d713a3ec..200af909 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -1,3 +1,28 @@ +## 2026-06-12|P2-403G Governance UI 欄位對齊與紅線顯示修補 + +**背景**:P2-403G Runtime Write Gate Review 已正式部署後,正式治理頁 live DOM 檢查發現 `write_gate_review.owner_agent` 與 snapshot 實際 schema 不一致,導致前端 i18n 產生 `agents.undefined` console error;同時 P2-402 主動營運能力卡仍直接顯示 `secret_value_handling_forbidden` 原始 gate id。這兩者都不影響 runtime gate 真相,但治理頁應顯示可讀狀態與安全標籤,不應讓 operator 看到 undefined 或看似內部欄位名的 raw id。 + +**完成**: + +- `AiAgentRuntimeWriteGateReviewSnapshot` 前端型別已對齊 committed snapshot:`write_gate_review` 不再宣告不存在的 `owner_agent` / `review_id` / `display_name` / `status`;`write_targets` 改用實際欄位 `required_before_write` 與 `blocked_write_action`。 +- Governance automation inventory 的 P2-403G review chip 改為 `只讀審查`,不再讀不存在的 agent 欄位。 +- P2-403G write target 內容改顯示 `required_before_write` 與 `blocked_write_action`,避免空白 / undefined。 +- P2-402 proactive approval gate 顯示改走 i18n label,`secret_value_handling_forbidden` 顯示為 `機密值處理禁止`。 +- `zh-TW.json` / `en.json` 維持繁中鏡像,同步新增 proactive approval gate 與 runtime write gate review label。 + +**本地驗證**: + +- `python3 -m json.tool apps/web/messages/zh-TW.json` / `apps/web/messages/en.json`:通過。 +- zh-TW / en message mirror:`True`。 +- 靜態 grep:`write_gate_review.owner_agent`、`target.operator_instruction`、`target.blocked_runtime_action`、`agents.undefined` 命中 `0`。 +- `pnpm --filter @awoooi/web typecheck`:通過。 +- `NEXT_PUBLIC_API_URL=https://awoooi.wooo.work NEXT_PRIVATE_BUILD_WORKER_COUNT=1 SENTRY_SUPPRESS_GLOBAL_ERROR_HANDLER_FILE_WARNING=1 pnpm --filter @awoooi/web build`:通過;`92/92` static pages,`/zh-TW/governance` First Load JS `397 kB`。 +- 本機 `next start` 可載入治理 route,但 local origin 對正式 API / SSE 仍停在 `無法載入自動化盤點快照`;正式 DOM 驗證需 deploy 後以 `https://awoooi.wooo.work` 重跑。 + +**正式站驗證**:待 code commit 觸發 Gitea CD 後補。 + +**邊界**:本段未寫 KM、未更新 PlayBook trust、未寫 timeline learning、未寫 replay score、未發 Telegram、未寫 Gateway queue、未啟動 runtime worker、未讀 secret value、未 SSH、未 kubectl、未 active scan、未新增任何前端執行按鈕。 + ## 2026-06-12|IwoooS P1-4 Monitoring / alerting / observability repo-only 清冊 **背景**:統帥要求所有重要配置都要被資安控管;Prometheus / Alertmanager / Grafana / SigNoz / Sentry / Langfuse / OTEL / Telegram notification route 會直接影響即時資安事件是否能被發現、路由、降噪與送達。本段延續「先建立框架、只讀證據、低摩擦流程,再階段性收攏」原則,只做 repo-only 清冊,不碰 live monitoring stack、不 reload、不發 Telegram、不建立 silence。