fix(governance): tighten P2-105 redaction value guard

2026-06-13 02:45:37 +08:00
parent 85e89e6a62
commit 5b73e58470
3 changed files with 32 additions and 9 deletions
--- a/apps/api/src/services/ai_agent_critic_reviewer_result_capture.py
+++ b/apps/api/src/services/ai_agent_critic_reviewer_result_capture.py
@@ -270,6 +270,15 @@ def _require_no_forbidden_display_terms(payload: dict[str, Any], label: str) ->
        "批准！繼續",
        "In app browser",
        "My request for Codex",
+        "browser_context",
+        "codex_user_message",
+        "prompt_text",
+        "raw prompt",
+        "private reasoning",
+        "chain of thought",
+        "private_reasoning",
+        "chain_of_thought",
+        "authorization_header",
        "work window transcript",
        "internal collaboration transcript",
    }
--- a/apps/api/tests/test_ai_agent_critic_reviewer_result_capture.py
+++ b/apps/api/tests/test_ai_agent_critic_reviewer_result_capture.py
@@ -122,6 +122,20 @@ def test_rejects_forbidden_display_terms(tmp_path):
        load_latest_ai_agent_critic_reviewer_result_capture(tmp_path)


+def test_rejects_forbidden_private_reasoning_terms(tmp_path):
+    data = load_latest_ai_agent_critic_reviewer_result_capture()
+    bad = copy.deepcopy(data)
+    bad["display_redaction_contract"]["blocked_display_fields"] = [
+        "raw prompt",
+        "private reasoning",
+        "chain of thought",
+    ]
+    _write_snapshot(tmp_path, bad)
+
+    with pytest.raises(ValueError, match="forbidden display terms"):
+        load_latest_ai_agent_critic_reviewer_result_capture(tmp_path)
+
+
 def test_rejects_rollup_mismatch(tmp_path):
    data = load_latest_ai_agent_critic_reviewer_result_capture()
    bad = copy.deepcopy(data)
--- a/docs/evaluations/ai_agent_critic_reviewer_result_capture_2026-06-13.json
+++ b/docs/evaluations/ai_agent_critic_reviewer_result_capture_2026-06-13.json
@@ -122,7 +122,7 @@
        "operator_next_action",
        "evidence_hash"
      ],
-      "failure_if_missing": "缺 redaction 報告時，前端或 Telegram 可能誤顯示 prompt、私有推理、secret 或未脫敏背景內容。",
+      "failure_if_missing": "缺 redaction 報告時，前端或 Telegram 可能誤顯示未脫敏提示內容、私有推理內容、機密明文或未脫敏背景內容。",
      "runtime_score_enabled": false,
      "evidence_hash": "sha256:8989898989898989898989898989898989898989898989898989898989898989"
    },
@@ -306,7 +306,7 @@
      "owner_agent": "hermes",
      "status": "ready",
      "required_before": "governance UI / Telegram digest",
-      "failure_if_missing": "不得顯示 prompt、private reasoning、secret、raw Telegram payload 或未脫敏背景內容。",
+      "failure_if_missing": "不得顯示未脫敏提示內容、私有推理內容、secret、原始 Telegram 載荷或未脫敏背景內容。",
      "creates_runtime_write": false
    },
    {
@@ -394,13 +394,13 @@
      "rollups"
    ],
    "blocked_display_fields": [
-      "raw prompt",
-      "private reasoning",
-      "chain of thought",
-      "secret value",
-      "raw Telegram payload",
-      "unredacted operator context",
-      "unredacted private context"
+      "未脫敏提示內容",
+      "私有推理內容",
+      "推理鏈內容",
+      "機密明文",
+      "原始 Telegram 載荷",
+      "未脫敏操作背景",
+      "未脫敏私有背景"
    ]
  },
  "rollups": {