feat(phase6-9): Complete modular architecture and Agent Teams

Phase 6.4 - Modular Architecture:
- Add lewooogo-brain adapters for LLM providers
- Add lewooogo-data dual memory (Redis + PostgreSQL)
- Implement consensus engine for multi-agent decisions
- Add incident memory service for historical context

Phase 9 - Agent Teams (Claude Agent SDK):
- Add base agent class with Claude Sonnet 4 integration
- Implement action planner, blast radius, and security agents
- Add agent API endpoints and proposal workflow
- Integrate ADR-009 OpenClaw Agent Teams architecture

DevOps & CI/CD:
- Add GitHub Actions CI/CD workflows (ci.yaml, cd.yaml)
- Add pre-commit hooks and secrets baseline
- Add docker-compose for local development
- Update Kubernetes network policies

Frontend Improvements:
- Add auto-healing error boundary component
- Update i18n messages for agent features
- Enhance dual-state incident card with execution feedback

Documentation:
- Add 7 ADRs covering MCP, design system, architecture decisions
- Update ARCHITECTURE_MEMORY.md with modular design
- Add GLOBAL_RULES.md and SOUL.md for project identity

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
OG T
2026-03-23 18:40:36 +08:00
parent 6eccb45757
commit 7478dc0254
169 changed files with 24613 additions and 247 deletions

94
.github/workflows/cd.yaml vendored Normal file
View File

@@ -0,0 +1,94 @@
name: CD
on:
push:
branches: [main]
paths-ignore:
- 'docs/**'
- '*.md'
env:
REGISTRY: 192.168.0.110:5000
IMAGE_PREFIX: library/awoooi
jobs:
# ==================== Build & Push Images ====================
build-images:
name: Build & Push Images
runs-on: self-hosted
strategy:
matrix:
app: [web, api]
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to WOOO Harbor
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.HARBOR_USER }}
password: ${{ secrets.HARBOR_PASSWORD }}
- name: Generate image tag
id: tag
run: |
SHA=$(git rev-parse --short HEAD)
RUN_ID=${{ github.run_id }}
echo "tag=${SHA}-${RUN_ID}" >> $GITHUB_OUTPUT
- name: Build & Push to Harbor
uses: docker/build-push-action@v5
with:
context: .
file: apps/${{ matrix.app }}/Dockerfile
push: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-${{ matrix.app }}:${{ steps.tag.outputs.tag }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Output image tag
run: |
echo "::notice::Image pushed: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-${{ matrix.app }}:${{ steps.tag.outputs.tag }}"
# ==================== Deploy to UAT ====================
deploy-uat:
name: Deploy to UAT
runs-on: self-hosted
needs: build-images
environment: uat
steps:
- uses: actions/checkout@v4
- name: Setup Kubeconfig
run: |
mkdir -p ~/.kube
echo "${{ secrets.KUBE_CONFIG_UAT }}" | base64 -d > ~/.kube/config
chmod 600 ~/.kube/config
- name: Generate image tag
id: tag
run: |
SHA=$(git rev-parse --short HEAD)
RUN_ID=${{ github.run_id }}
echo "tag=${SHA}-${RUN_ID}" >> $GITHUB_OUTPUT
- name: Deploy with Kustomize
run: |
cd k8s/overlays/uat
kustomize edit set image \
awoooi-web=${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-web:${{ steps.tag.outputs.tag }} \
awoooi-api=${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api:${{ steps.tag.outputs.tag }}
kubectl apply -k .
- name: Wait for rollout
run: |
kubectl rollout status deployment/awoooi-web -n awoooi-uat --timeout=300s
kubectl rollout status deployment/awoooi-api -n awoooi-uat --timeout=300s
- name: Health check
run: |
sleep 10
curl -f https://api-uat.awoooi.wooo.work/v1/health || exit 1

230
.github/workflows/ci.yaml vendored Normal file
View File

@@ -0,0 +1,230 @@
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_VERSION: '20'
PNPM_VERSION: '9'
PYTHON_VERSION: '3.11'
jobs:
# ==================== Lint & Type Check ====================
lint:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v3
with:
version: ${{ env.PNPM_VERSION }}
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'pnpm'
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Lint
run: pnpm lint
- name: Type check
run: pnpm typecheck
- name: ADR Compliance Check
run: |
echo "🔍 正在檢查是否違反 ADR 規定..."
# 檢查 1: 前端禁止直連資料庫 (違反 ADR-005 BFF 原則)
if grep -rE "psycopg2|asyncpg|redis|sqlalchemy|pg|ioredis" apps/web/src/ 2>/dev/null; then
echo "❌ 嚴重違規 (ADR-005): 前端程式碼中發現直連資料庫的套件!"
exit 1
fi
# 檢查 2: 狀態管理嚴禁使用 Redux (違反 ADR-004 必須用 Zustand)
if grep -rE "@reduxjs/toolkit|react-redux" apps/web/package.json 2>/dev/null; then
echo "❌ 違規 (ADR-004): 發現 Redux請全面改用 Zustand"
exit 1
fi
# 檢查 3: 禁止 import 舊專案 (違反 .awoooi-agent-rules.md)
if grep -rE "from ['\"].*wooo-aiops" apps/ packages/ 2>/dev/null; then
echo "❌ 嚴重違規: 禁止 import 舊專案 wooo-aiops"
exit 1
fi
# 檢查 4: 禁止硬編碼機密
if grep -rE "(sk-[a-zA-Z0-9]{20,}|password\s*=\s*['\"][^'\"]+['\"])" apps/ packages/ 2>/dev/null; then
echo "❌ 嚴重違規: 發現硬編碼機密!"
exit 1
fi
echo "✅ ADR 規範檢查通過!"
# ==================== Test ====================
test:
name: Test
runs-on: ubuntu-latest
needs: lint
steps:
- uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v3
with:
version: ${{ env.PNPM_VERSION }}
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'pnpm'
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Run tests
run: pnpm test --coverage
- name: Upload coverage
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
fail_ci_if_error: false
# ==================== Build ====================
build:
name: Build
runs-on: ubuntu-latest
needs: lint
steps:
- uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v3
with:
version: ${{ env.PNPM_VERSION }}
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'pnpm'
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Setup Turborepo Cache
uses: dtinth/setup-github-actions-caching-for-turbo@v1
- name: Build packages
run: pnpm turbo build
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: build-artifacts
path: |
apps/*/dist
packages/*/dist
retention-days: 7
# ==================== API (Python) ====================
api-lint:
name: API Lint (Python)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Install uv
uses: astral-sh/setup-uv@v3
- name: Install dependencies
working-directory: apps/api
run: uv sync
- name: Lint with ruff
working-directory: apps/api
run: uv run ruff check .
- name: Type check with mypy
working-directory: apps/api
run: uv run mypy .
api-test:
name: API Test (Python)
runs-on: ubuntu-latest
needs: api-lint
steps:
- uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Install uv
uses: astral-sh/setup-uv@v3
- name: Install dependencies
working-directory: apps/api
run: uv sync
- name: Run tests
working-directory: apps/api
run: uv run pytest --cov=src --cov-report=xml
# ==================== OpenAPI Validation ====================
openapi-validate:
name: Validate OpenAPI Spec
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: Install spectral
run: npm install -g @stoplight/spectral-cli
- name: Validate OpenAPI
run: spectral lint docs/api/api-contract.yaml
# ==================== Docker Build (驗證 Dockerfile) ====================
docker-build:
name: Docker Build Verify
runs-on: ubuntu-latest
needs: [test, api-test, build]
strategy:
matrix:
app: [web, api]
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build image (no push)
uses: docker/build-push-action@v5
with:
context: .
file: apps/${{ matrix.app }}/Dockerfile
push: false
tags: awoooi-${{ matrix.app }}:test
cache-from: type=gha
cache-to: type=gha,mode=max