From 68a3858ae4eb37066c5c21b25b3f2963a69b79ed Mon Sep 17 00:00:00 2001 From: OG T Date: Sat, 11 Apr 2026 01:13:24 +0800 Subject: [PATCH] =?UTF-8?q?fix(auto=5Fexecute):=20=E5=AE=88=E8=A1=9B?= =?UTF-8?q?=E5=8A=A0=E5=85=A5=20target=3D=3Dalertname=20=E6=AA=A2=E6=9F=A5?= =?UTF-8?q?=EF=BC=8C=E9=98=B2=E6=AD=A2=20LLM=20=E6=8A=8A=E5=91=8A=E8=AD=A6?= =?UTF-8?q?=E5=90=8D=E7=A8=B1=E7=95=B6=20deployment=20=E5=90=8D=E7=A8=B1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit HostHighCpuLoad 等主機告警,NemoTron Tool Calling 可能把 alertname 填入 deployment_name,導致執行 'kubectl rollout restart deployment HostHighCpuLoad'。 新增守衛: _target == _alertname 時拒絕執行並通知人工介入。 Co-Authored-By: Claude Sonnet 4.6 --- apps/api/src/services/decision_manager.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/apps/api/src/services/decision_manager.py b/apps/api/src/services/decision_manager.py index c5187065..10a4edc9 100644 --- a/apps/api/src/services/decision_manager.py +++ b/apps/api/src/services/decision_manager.py @@ -679,14 +679,16 @@ class DecisionManager: action = _re.sub(r"<[^>]+>", _target, action) # 安全守衛: 替換後仍含 "unknown" 或未替換的 <...>/{...} → 拒絕執行 - # 主機層告警(HostHighCpuLoad 等)沒有 deployment 名稱,不應盲目執行 - if "unknown" in action or _re.search(r"[<{][^>}]+[>}]", action): + # 另外:若 target 等於 alertname,代表 LLM 把告警名稱填入 deployment_name,也拒絕 + _alertname = incident.signals[0].labels.get("alertname", "") if incident.signals else "" + _target_is_alertname = bool(_alertname and _target == _alertname) + if "unknown" in action or _re.search(r"[<{][^>}]+[>}]", action) or _target_is_alertname: logger.warning( "auto_execute_blocked_unresolved_placeholder", incident_id=incident.incident_id, action=action, target=_target, - reason="action 含未解析的 placeholder 或 unknown,拒絕執行", + reason="action 含未解析的 placeholder、unknown、或 target==alertname,拒絕執行", ) token.state = DecisionState.ERROR token.error = f"Auto-execute blocked: unresolved placeholder in action: {action[:80]}"