feat(governance): 新增操作類別權限模型
All checks were successful
Code Review / ai-code-review (push) Successful in 16s
CD Pipeline / tests (push) Successful in 1m24s
CD Pipeline / build-and-deploy (push) Successful in 4m45s
CD Pipeline / post-deploy-checks (push) Successful in 1m46s

This commit is contained in:
Your Name
2026-06-12 15:04:51 +08:00
parent b5112ccf65
commit 7c8bb3645b
14 changed files with 1994 additions and 10 deletions

View File

@@ -20,9 +20,9 @@ AI Agent 自動化工作包目前完成度:**92%**。本工作清單文件本
三 Agent 佈建布局目前完成度:**45%**。第一波已完成只讀 schema / snapshot / API / 測試 / 報告,第二波已接入治理頁自動化盤點 UI正式 runtime 佈署、Telegram E2E 發送與 AgentSession 工作流仍需逐項 gate。
三 Agent 主動溝通、學習與成長證據目前完成度:**100%**。已完成只讀契約、互動 / 接手 / 學習 / 成長證據面板、P2-403B live read model gate、P2-403C Redis dry-run gate、P2-403D learning writeback approval package、P2-403E Telegram receipt approval package、P2-403F owner-approved learning dry-run preview、人工操作選項與 fixture-only dry-run 總包、P2-403G runtime write gate review、P2-403H post-write verifier implementation package、P2-403I runtime verifier evidence implementation review、P2-403J 報表真相 / 告警有效性 / 日週月報 / Agent 工作量 / 圖表化報告 / AI 建議 / 風險自動化政策審查、P2-403K SRE 戰情室路由程式收斂、P2-403L 報表派送 / Telegram queue / 讀報回執 / AI 讀報分析 / 中低風險自動處理 / 高風險審核啟動前閘門、P2-403M no-write dry-run / SRE 戰情室 Gateway queue 草案 / readback verifier、P2-403N fixture smoke / queue preview readback / verifier dry-run,以及 P2-404 runtime worker shadow / no-write execution evidence gate目前 live AgentSession、Agent message、handoff、learning write、Telegram receipt、Gateway queue write、runtime verifier execution、report delivery、AI analysis runtime、中低風險 auto worker、Telegram 實發、shadow worker live 與 delivery receipt E2E 仍全部為 `0`,下一步依優先順序推 `P2-101` 操作類別權限模型,但在批准前仍不得啟動 runtime loop。
三 Agent 主動溝通、學習與成長證據目前完成度:**100%**。已完成只讀契約、互動 / 接手 / 學習 / 成長證據面板、P2-403B live read model gate、P2-403C Redis dry-run gate、P2-403D learning writeback approval package、P2-403E Telegram receipt approval package、P2-403F owner-approved learning dry-run preview、人工操作選項與 fixture-only dry-run 總包、P2-403G runtime write gate review、P2-403H post-write verifier implementation package、P2-403I runtime verifier evidence implementation review、P2-403J 報表真相 / 告警有效性 / 日週月報 / Agent 工作量 / 圖表化報告 / AI 建議 / 風險自動化政策審查、P2-403K SRE 戰情室路由程式收斂、P2-403L 報表派送 / Telegram queue / 讀報回執 / AI 讀報分析 / 中低風險自動處理 / 高風險審核啟動前閘門、P2-403M no-write dry-run / SRE 戰情室 Gateway queue 草案 / readback verifier、P2-403N fixture smoke / queue preview readback / verifier dry-runP2-404 runtime worker shadow / no-write execution evidence gate,以及 P2-101 操作類別權限模型;目前 live AgentSession、Agent message、handoff、learning write、Telegram receipt、Gateway queue write、runtime verifier execution、report delivery、AI analysis runtime、中低風險 auto worker、Telegram 實發、shadow worker live 與 delivery receipt E2E 仍全部為 `0`,下一步依優先順序推 `P2-102` 候選操作 dry-run 證據,但在批准前仍不得啟動 runtime loop。
AI Agent 主動營運委派與版本生命週期目前完成度:**100%**。已完成 12 類版本 domain、24 類可委派能力、5 種 cadence、8 類 MCP、4 類 RAG memory、只讀 API、`P2-402B` repo-only daily version freshness snapshot、`P2-402C` Renovate / OSV-Scanner / Trivy / Syft / Grype 工具採用批准包、`P2-402D` Telegram action-required digest policy、`P2-402E` Gitea PR 草案 lane、`P2-402F` host OS / K3s / stateful services 版本只讀盤點,以及 `P2-402G` governance UI 顯示可委派能力;`P2-403A``P2-404` 已先補互動、學習證據面、live read model gate、Redis dry-run gate、learning writeback approval package、Telegram receipt approval package、owner-approved learning dry-run preview、runtime write gate review、post-write verifier package、runtime verifier evidence review、報表真相、TG 戰情室收斂、日週月報、Agent 工作量、圖表化報告、風險自動化政策、報表 runtime 啟動前閘門、no-write dry-run 證據包、fixture/readback/verifier dry-run 證據包shadow/no-write execution gate。下一步是 `P2-101` 操作類別權限模型,外部 registry / package source / host probe / SSH / kubectl / 工具安裝 / CI 變更 / 實際 PR creation / Telegram 實發與 learning write 仍需 gate。
AI Agent 主動營運委派與版本生命週期目前完成度:**100%**。已完成 12 類版本 domain、24 類可委派能力、5 種 cadence、8 類 MCP、4 類 RAG memory、只讀 API、`P2-402B` repo-only daily version freshness snapshot、`P2-402C` Renovate / OSV-Scanner / Trivy / Syft / Grype 工具採用批准包、`P2-402D` Telegram action-required digest policy、`P2-402E` Gitea PR 草案 lane、`P2-402F` host OS / K3s / stateful services 版本只讀盤點,以及 `P2-402G` governance UI 顯示可委派能力;`P2-403A``P2-404` 已先補互動、學習證據面、live read model gate、Redis dry-run gate、learning writeback approval package、Telegram receipt approval package、owner-approved learning dry-run preview、runtime write gate review、post-write verifier package、runtime verifier evidence review、報表真相、TG 戰情室收斂、日週月報、Agent 工作量、圖表化報告、風險自動化政策、報表 runtime 啟動前閘門、no-write dry-run 證據包、fixture/readback/verifier dry-run 證據包shadow/no-write execution gate 與 P2-101 操作類別權限模型。下一步是 `P2-102` 候選操作 dry-run 證據,外部 registry / package source / host probe / SSH / kubectl / 工具安裝 / CI 變更 / 實際 PR creation / Telegram 實發與 learning write 仍需 gate。
完成度計算模型:
@@ -973,7 +973,7 @@ UI
| P2-403M | 完成 | 91 | OpenClaw + Hermes + NemoTron | 報表 runtime no-write dry-run、SRE 戰情室 Gateway queue 草案、readback verifier 草案 | `ai_agent_report_runtime_dry_run_v1` / snapshot / 只讀 API / governance UI5 個 dry-run artifact、3 個 queue digest 草案、4 個 readback verifier case、3 個 Agent dry-run role、6 個 operator checkpointlive delivery / queue write / Bot API / receipt write / AI runtime / 中低風險 auto worker / verifier live readback 全部 `0` | 不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不寫 delivery receipt、不啟動 AI runtime worker、不啟動中低風險 auto worker、不執行 verifier live readback、不讀 secret、不顯示內部對話內容 |
| P2-403N | 完成 | 94 | Hermes + NemoTron + OpenClaw | fixture smoke / queue preview readback / verifier dry-run | `ai_agent_report_runtime_fixture_readback_v1` / snapshot / 只讀 API / governance UI5 個 fixture smoke、3 個 queue preview readback、4 個 verifier dry-run case、3 個 Agent fixture role、5 個 operator checkpointlive delivery / queue write / Telegram send / Bot API / receipt write / AI runtime / 中低風險 auto worker / verifier live readback 全部 `0` | 仍不得 live send / live write中低風險自動處理與高風險審核需另行批准 |
| P2-404 | 完成 | 96 | OpenClaw + Hermes + NemoTron | runtime worker shadow / no-write execution evidence gate | `ai_agent_runtime_worker_shadow_gate_v1` / snapshot / 只讀 API / governance UI5 個 shadow candidate、4 個 no-write replay、4 個 verifier shadow case、3 個 Agent shadow role、6 個 operator checkpointshadow live / Gateway queue write / Telegram send / Bot API / receipt write / AI runtime / 中低風險 auto worker / verifier live readback / production write 全部 `0` | 下一步 P2-101 操作類別權限模型;未完成前不得 live worker、queue write、Telegram send 或 production write |
| P2-101 | 待辦 | 0 | OpenClaw | 定義操作類別權限模型 | 操作政策 schema | HITL 關卡 |
| P2-101 | 完成 | 97 | OpenClaw + Hermes + NemoTron | 定義操作類別權限模型 | `ai_agent_operation_permission_model_v1` / snapshot / 只讀 API / governance UI5 條 permission lane、13 類操作、3 個 Agent permission role、8 個 gate transition、5 個人工操作模板runtime execution / Gateway queue write / Telegram send / Bot API / receipt write / AI runtime worker / 中低風險 auto worker / verifier live readback / production write / secret read / paid provider / host command / destructive action 全部 `0` | 下一步 P2-102 候選操作 dry-run 證據;未完成前不得 live worker、queue write、Telegram send 或 production write |
| P2-102 | 待辦 | 0 | OpenClaw | 所有候選操作都要有 dry-run 證據 | dry-run 合約 | 不直接 apply |
| P2-103 | 待辦 | 0 | Hermes | 把任務結果接回 KM / LOGBOOK / 稽核軌跡 | 證據寫入器 | 不洩漏 secret |
| P2-104 | 待辦 | 0 | OpenClaw | 修復 `matched_playbook_id` 學習缺口 | playbook trust 更新 | 測試 + live 證據 |

View File

@@ -1,8 +1,8 @@
# AI Agent 互動、溝通、學習與成長證據報告
> 日期2026-06-11台北時間
> 文件定位P2-403A 證據面 + P2-403B AgentSession / Redis Streams live read model gate + P2-403C Redis dry-run gate + P2-403D learning writeback approval package + P2-403E Telegram receipt approval package + P2-403F owner-approved learning dry-run / fixture dry-run、P2-403G runtime write gate review、P2-403H post-write verifier package、P2-403I runtime verifier evidence implementation review、P2-403J 報表真相 / 日週月報 / Agent 工作量 / 風險自動化 review、P2-403L 報表派送與自動處理啟動前閘門、P2-403M 報表 runtime no-write dry-run 證據包、P2-403N fixture smoke / queue preview readback / verifier dry-run、P2-404 runtime worker shadow / no-write execution evidence gate、API 與治理頁 UI。
> 事實邊界本波只建立可見證據面、read model gate、報表治理 review、runtime readiness gate、no-write dry-run、fixture/readback/verifier dry-runshadow/no-write execution 證據包,不啟動 runtime worker、不建立 DB migration、不開 Redis consumer group、不發 Telegram、不寫 Gateway queue、不寫 delivery receipt、不排程實發報告、不啟動中低風險 auto worker、不執行 verifier live readback、不執行生產優化、不顯示工作視窗對話內容。
> 文件定位P2-403A 證據面 + P2-403B AgentSession / Redis Streams live read model gate + P2-403C Redis dry-run gate + P2-403D learning writeback approval package + P2-403E Telegram receipt approval package + P2-403F owner-approved learning dry-run / fixture dry-run、P2-403G runtime write gate review、P2-403H post-write verifier package、P2-403I runtime verifier evidence implementation review、P2-403J 報表真相 / 日週月報 / Agent 工作量 / 風險自動化 review、P2-403L 報表派送與自動處理啟動前閘門、P2-403M 報表 runtime no-write dry-run 證據包、P2-403N fixture smoke / queue preview readback / verifier dry-run、P2-404 runtime worker shadow / no-write execution evidence gate、P2-101 操作類別權限模型、API 與治理頁 UI。
> 事實邊界本波只建立可見證據面、read model gate、報表治理 review、runtime readiness gate、no-write dry-run、fixture/readback/verifier dry-runshadow/no-write execution 證據包與 operation permission lane,不啟動 runtime worker、不建立 DB migration、不開 Redis consumer group、不發 Telegram、不寫 Gateway queue、不寫 delivery receipt、不排程實發報告、不啟動中低風險 auto worker、不執行 verifier live readback、不執行生產優化、不顯示工作視窗對話內容。
## 0. P2-403J 補記:報表真相、日週月報與風險自動化 Review
@@ -34,9 +34,15 @@
本段把 P2-403N fixture/readback/verifier dry-run promotion 成 shadow worker no-write 證據5 個 shadow candidate、4 個 no-write replay、4 個 verifier shadow case、3 個 Agent shadow role 與 6 個 operator checkpoint。Hermes 負責日週月報與 SRE 戰情室 queue candidate previewOpenClaw 負責中低風險 no-op action 分類與 P2-101 操作權限模型 handoffNemoTron 負責 shadow candidate 的 verifier binding、failure lane 與 no-write replay hash。本段仍不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不寫 delivery receipt、不啟動 live AI runtime worker、不啟動中低風險 auto worker、不跑 verifier live readback、不讀 secret所有 live count 仍為 `0`
## 0.5 P2-101 補記:操作類別權限模型
2026-06-12 已新增 P2-101`ai_agent_operation_permission_model_v1``docs/evaluations/ai_agent_operation_permission_model_2026-06-12.json``GET /api/v1/agents/agent-operation-permission-model` 與治理頁區塊。
本段把 P2-404 的 shadow/no-write handoff 轉成 5 條 permission lane、13 類 operation category、3 個 Agent permission role、8 個 gate transition 與 5 個 operator decision template。OpenClaw 負責操作類別、風險層級、approval lane 與修復候選仲裁Hermes 負責 KM / Runbook / 報表 / SRE 戰情室 queue candidate 草案NemoTron 負責 no-write replay、verifier fixture、redaction / cost / secret boundary review。本段仍不啟動 runtime worker、不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不寫 delivery receipt、不跑 verifier live readback、不寫 production target、不讀 secret、不呼叫付費 provider、不執行 host / cluster / destructive action所有 live count 仍為 `0`
## 1. 結論
已完成 P2-403A、P2-403B、P2-403C、P2-403D、P2-403E、P2-403F、P2-403G、P2-403H、P2-403I、P2-403J、P2-403L、P2-403M、P2-403N 與 P2-404:讓統帥能在治理頁看到 OpenClaw / Hermes / NemoTron 的互動、接手、學習與成長是否真的有證據,並看到 live read model、Redis dry-run、handoff envelope、ack / dead-letter / replay、learning writeback approval、Telegram receipt approval、fixture dry-run、runtime write gate review、post-write verifier package、runtime verifier evidence review、報表真相、日週月報、Agent 工作量、圖表化報告、風險自動化政策、報表 runtime 啟動前閘門、no-write dry-run 證據包、fixture/readback/verifier dry-run 證據包shadow/no-write execution evidence gate 下一步要通過哪些 gate。
已完成 P2-403A、P2-403B、P2-403C、P2-403D、P2-403E、P2-403F、P2-403G、P2-403H、P2-403I、P2-403J、P2-403L、P2-403M、P2-403N、P2-404 與 P2-101:讓統帥能在治理頁看到 OpenClaw / Hermes / NemoTron 的互動、接手、學習與成長是否真的有證據,並看到 live read model、Redis dry-run、handoff envelope、ack / dead-letter / replay、learning writeback approval、Telegram receipt approval、fixture dry-run、runtime write gate review、post-write verifier package、runtime verifier evidence review、報表真相、日週月報、Agent 工作量、圖表化報告、風險自動化政策、報表 runtime 啟動前閘門、no-write dry-run 證據包、fixture/readback/verifier dry-run 證據包shadow/no-write execution evidence gate 與操作類別權限模型下一步要通過哪些 gate。
目前真相:
@@ -59,6 +65,7 @@
| P2-403M no-write dry-run package | 已完成,正式寫入 / 發送 / worker / verifier live readback 全為 `0` |
| P2-403N fixture readback package | 已完成queue write / Telegram send / Bot API / worker / verifier live readback 全為 `0` |
| P2-404 runtime worker shadow gate | 已完成shadow worker live / queue write / Telegram send / production write 全為 `0` |
| P2-101 operation permission model | 已完成13 類操作已歸入只讀 / no-write replay / 提案 / 人工批准 / 明確阻擋runtime execution / queue write / Telegram send / production write 全為 `0` |
這代表使用者現在可以看見「哪裡已準備好、哪裡仍未運作、被哪個 gate 阻擋、下一步要如何驗證」。但還不能宣稱三個 Agent 已經在 production runtime 主動互傳訊息或自主學習。
@@ -120,17 +127,20 @@
| `docs/schemas/ai_agent_runtime_worker_shadow_gate_v1.schema.json` | P2-404 runtime worker shadow / no-write execution evidence gate schema強制 shadow live worker、queue write、Telegram send、Bot API、receipt write、auto worker、verifier live readback、production write 與 secret read 維持未授權 |
| `docs/evaluations/ai_agent_runtime_worker_shadow_gate_2026-06-12.json` | P2-404 committed snapshot完成度 `96%`5 個 shadow candidate、4 個 no-write replay、4 個 verifier shadow case、3 個 Agent shadow role、6 個 operator checkpoint所有 live counts 全為 `0` |
| `GET /api/v1/agents/agent-runtime-worker-shadow-gate` | 只讀 API不啟動 live worker、不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不寫 production target |
| `docs/schemas/ai_agent_operation_permission_model_v1.schema.json` | P2-101 操作類別權限模型 schema強制 runtime execution、queue write、Telegram send、Bot API、receipt write、auto worker、verifier live readback、production write、secret / paid provider、host command 與 destructive action 維持未授權 |
| `docs/evaluations/ai_agent_operation_permission_model_2026-06-12.json` | P2-101 committed snapshot完成度 `97%`5 條 permission lane、13 類 operation category、3 個 Agent permission role、8 個 gate transition、5 個 operator decision template所有 live counts 全為 `0` |
| `GET /api/v1/agents/agent-operation-permission-model` | 只讀 API不啟動 runtime worker、不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不寫 production target、不讀 secret |
| `apps/api/src/services/ai_agent_interaction_learning_proof.py` | 只讀 loader 與安全驗證 |
| `apps/api/src/services/ai_agent_live_read_model_gate.py` | P2-403B 只讀 loader拒絕 live DB query、Redis consumer、unsafe fields、Telegram 與 writeback |
| `GET /api/v1/agents/agent-interaction-learning-proof` | 只讀 API不啟動 worker、不碰 Redis / DB runtime、不發 Telegram |
| `GET /api/v1/agents/agent-live-read-model-gate` | 只讀 API不連 DB、不讀寫 Redis、不發 Telegram |
| governance UI | 新增證據階梯、目前真相、P2-403B live read gate、P2-403C Redis dry-run gate、P2-403D learning writeback approval package、P2-403E Telegram receipt approval package、P2-403F owner-approved learning dry-run / fixture dry-run、P2-403G runtime write gate review、P2-403H post-write verifier package、P2-403I runtime verifier evidence review、P2-403J 報表真相 / 日週月報 / Agent 工作量 / 圖表 / AI 建議、P2-403L 報表 runtime readiness、P2-403M no-write dry-run、P2-403N fixture readback、P2-404 shadow gate、Agent lane、可觀測訊號、runtime gates、前端 redaction |
| governance UI | 新增證據階梯、目前真相、P2-403B live read gate、P2-403C Redis dry-run gate、P2-403D learning writeback approval package、P2-403E Telegram receipt approval package、P2-403F owner-approved learning dry-run / fixture dry-run、P2-403G runtime write gate review、P2-403H post-write verifier package、P2-403I runtime verifier evidence review、P2-403J 報表真相 / 日週月報 / Agent 工作量 / 圖表 / AI 建議、P2-403L 報表 runtime readiness、P2-403M no-write dry-run、P2-403N fixture readback、P2-404 shadow gate、P2-101 operation permission model、Agent lane、可觀測訊號、runtime gates、前端 redaction |
## 5. 後續優先順序
| 優先 | ID | 工作 | gate |
|---:|---|---|---|
| 1 | P2-101 | 定義操作類別權限模型 | HITL 關卡 |
| 1 | P2-102 | 所有候選操作都要有 dry-run 證據 | dry-run 合約 |
## 6. 紅線