feat(governance): 新增操作類別權限模型
All checks were successful
Code Review / ai-code-review (push) Successful in 16s
CD Pipeline / tests (push) Successful in 1m24s
CD Pipeline / build-and-deploy (push) Successful in 4m45s
CD Pipeline / post-deploy-checks (push) Successful in 1m46s

This commit is contained in:
Your Name
2026-06-12 15:04:51 +08:00
parent b5112ccf65
commit 7c8bb3645b
14 changed files with 1994 additions and 10 deletions

View File

@@ -347,6 +347,11 @@ export const apiClient = {
return handleResponse<AiAgentRuntimeWorkerShadowGateSnapshot>(res)
},
async getAiAgentOperationPermissionModel() {
const res = await fetch(`${API_BASE_URL}/agents/agent-operation-permission-model`)
return handleResponse<AiAgentOperationPermissionModelSnapshot>(res)
},
async getAiAgentOwnerApprovedFixtureDryRun() {
const res = await fetch(`${API_BASE_URL}/agents/agent-owner-approved-fixture-dry-run`)
return handleResponse<AiAgentOwnerApprovedFixtureDryRunSnapshot>(res)
@@ -2602,6 +2607,147 @@ export interface AiAgentRuntimeWorkerShadowGateSnapshot {
}
}
export interface AiAgentOperationPermissionModelSnapshot {
schema_version: 'ai_agent_operation_permission_model_v1'
generated_at: string
program_status: {
overall_completion_percent: number
current_priority: 'P0' | 'P1' | 'P2' | 'P3'
current_task_id: 'P2-101'
next_task_id: 'P2-102'
read_only_mode: true
runtime_authority: 'operation_permission_model_only_no_live_execution_or_send'
status_note: string
}
source_refs: string[]
operation_permission_truth: {
permission_model_ready: true
operation_category_matrix_ready: true
risk_tier_mapping_ready: true
agent_responsibility_mapping_ready: true
approval_gate_mapping_ready: true
manual_sop_lane_ready: true
p2_404_shadow_gate_handoff_ready: true
runtime_execution_enabled: false
gateway_queue_write_enabled: false
telegram_send_enabled: false
telegram_bot_api_call_enabled: false
delivery_receipt_write_enabled: false
ai_runtime_worker_enabled: false
medium_low_auto_worker_enabled: false
post_action_verifier_live_readback_enabled: false
production_write_enabled: false
secret_value_read_enabled: false
paid_provider_call_enabled: false
host_or_cluster_command_enabled: false
destructive_operation_enabled: false
work_window_transcript_display_allowed: false
runtime_execution_count_24h: number
gateway_queue_write_count_24h: number
telegram_send_count_24h: number
telegram_bot_api_call_count_24h: number
delivery_receipt_write_count_24h: number
ai_runtime_worker_run_count_24h: number
medium_low_auto_execution_count_24h: number
post_action_verifier_live_readback_count_24h: number
production_write_count_24h: number
secret_value_read_count_24h: number
paid_provider_call_count_24h: number
host_or_cluster_command_count_24h: number
destructive_operation_count_24h: number
truth_note: string
}
permission_lanes: Array<{
lane_id: 'observe_only' | 'no_write_replay_allowed' | 'proposal_only' | 'human_approval_required' | 'explicitly_blocked'
display_name: string
summary: string
allowed_outputs: string[]
required_gate_before_promotion: string
live_execution_allowed: false
production_write_allowed: false
}>
operation_categories: Array<{
category_id: string
display_name: string
risk_tier: 'low' | 'medium' | 'high' | 'critical'
permission_lane: 'observe_only' | 'no_write_replay_allowed' | 'proposal_only' | 'human_approval_required' | 'explicitly_blocked'
primary_agent: 'openclaw' | 'hermes' | 'nemotron'
allowed_outputs: string[]
blocked_actions: string[]
required_evidence: string[]
next_gate: string
queue_write_allowed: false
telegram_send_allowed: false
production_write_allowed: false
secret_value_read_allowed: false
destructive_action_allowed: false
live_execution_allowed: false
evidence_hash: string
}>
agent_permission_roles: Array<{
agent_id: 'openclaw' | 'hermes' | 'nemotron'
display_name: string
permission_responsibility: string
allowed_lanes: string[]
blocked_now: string[]
self_approval_allowed: false
live_action_count_24h: number
}>
gate_transitions: Array<{
gate_id: string
display_name: string
current_status: 'ready_for_review' | 'blocked_until_evidence' | 'blocked_by_policy'
required_before: string
next_safe_step: string
opens_live_execution: false
}>
operator_decision_templates: Array<{
template_id: string
display_name: string
when_to_use: string
human_instruction: string
creates_runtime_action: false
requires_human_review: true
}>
display_redaction_contract: {
redaction_required: true
raw_prompt_display_allowed: false
private_reasoning_display_allowed: false
secret_value_display_allowed: false
raw_telegram_payload_display_allowed: false
work_window_transcript_display_allowed: false
allowed_display_fields: string[]
blocked_display_fields: string[]
}
rollups: {
permission_lane_count: number
operation_category_count: number
observe_only_category_count: number
no_write_replay_allowed_category_count: number
proposal_only_category_count: number
human_approval_required_category_count: number
explicitly_blocked_category_count: number
human_approval_required_category_ids: string[]
explicitly_blocked_category_ids: string[]
agent_role_count: number
gate_transition_count: number
operator_decision_template_count: number
runtime_execution_count: number
gateway_queue_write_count: number
telegram_send_count: number
telegram_bot_api_call_count: number
delivery_receipt_write_count: number
ai_runtime_worker_run_count: number
medium_low_auto_execution_count: number
post_action_verifier_live_readback_count: number
production_write_count: number
secret_value_read_count: number
paid_provider_call_count: number
host_or_cluster_command_count: number
destructive_operation_count: number
}
}
export interface AiAgentOwnerApprovedFixtureDryRunSnapshot {
schema_version: 'ai_agent_owner_approved_fixture_dry_run_v1'
generated_at: string