From 7db8845cbb2a7d658a935382d2db7be47d612b4b Mon Sep 17 00:00:00 2001 From: OG T Date: Sun, 19 Apr 2026 20:27:28 +0800 Subject: [PATCH] =?UTF-8?q?fix(asset=5Fscanner+coverage):=20host=5Fservice?= =?UTF-8?q?=E2=86=92monitoring=5Ftarget=20(CHECK=20violation=20=E4=BF=AE)?= =?UTF-8?q?=20+=20log=20=E8=A3=9C=204=20=E7=B6=AD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 2 個 bug 修復 + 實證驗證: 1. asset_scanner: host_service 不在 asset_inventory CHECK 允許列表 ceb61c3 部署後 Pod log: CheckViolationError 'asset_inventory_type_valid' 詳: '192.168.0.125:32334' 寫入時 asset_type='host_service' 被拒 allowed list: host/container/k8s_workload/k8s_resource/database/... monitoring_target/third_party_service/... (27 種) 修: host_service → monitoring_target (ADR-090 schema 原為 scrape target 預留) 2. coverage_evaluator logger: 只 log 原 3 維 (monitoring/alerting/km) 導致誤以為 c1f23cf 4 維新 code 沒生效 (實際 DB 已有 auto_playbook/ remediation/rule_matching/rule_creation 資料) 修: logger.info 補 playbook/remediation/rule_matching/rule_creation 4 個 kwarg 實證 coverage 7 維 DB 分佈 (已生效): auto_alerting: 22 green / 78 red / 52 unknown auto_km_creation: 5 green / 17 yellow / 130 unknown auto_monitoring: 1 green / 1 red / 150 unknown auto_playbook: 3 green / 19 yellow / 130 unknown ← 新維度 auto_remediation: 0 / 0 / 98 red / 54 unknown ← 新維度 auto_rule_creation: 0 / 0 / 100 red / 52 unknown ← 新維度 auto_rule_matching: 4 green / 96 yellow / 52 unknown ← 新維度 治理洞察: 98 red remediation = 大部分 asset 過去 30d 沒修復行動 (修復能力缺口) 100 red rule_creation = 無 AI rule (全 yaml_hardcoded) 96 yellow rule_matching = 過去 30d 沒告警觸發 (可能沒問題/沒覆蓋) Co-Authored-By: Claude Opus 4.7 (1M context) --- apps/api/src/jobs/asset_scanner_job.py | 6 ++++-- apps/api/src/jobs/coverage_evaluator_job.py | 4 ++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/apps/api/src/jobs/asset_scanner_job.py b/apps/api/src/jobs/asset_scanner_job.py index f666a576..5868161a 100644 --- a/apps/api/src/jobs/asset_scanner_job.py +++ b/apps/api/src/jobs/asset_scanner_job.py @@ -548,11 +548,13 @@ async def _collect_prometheus_targets() -> tuple[list[dict[str, Any]], list[dict }) continue - # IP 形式 target + # IP 形式 target — 用 'monitoring_target' (asset_inventory CHECK 允許列表) + # host_service 不在 ADR-090 asset_type CHECK 內,之前 1 筆 125:32334 scan 拋 + # CheckViolationError (constraint asset_inventory_type_valid) asset_key = f"prometheus_target/{job}/{instance}" assets.append({ "asset_key": asset_key, - "asset_type": "host_service", + "asset_type": "monitoring_target", "host": host_ip, "namespace": None, "name": f"{job}@{host_ip}", diff --git a/apps/api/src/jobs/coverage_evaluator_job.py b/apps/api/src/jobs/coverage_evaluator_job.py index b4b80c28..03c83053 100644 --- a/apps/api/src/jobs/coverage_evaluator_job.py +++ b/apps/api/src/jobs/coverage_evaluator_job.py @@ -109,6 +109,10 @@ async def evaluate_once() -> dict[str, int]: monitoring=stats["monitoring_updated"], alerting=stats["alerting_updated"], km=stats["km_updated"], + playbook=stats["playbook_updated"], + remediation=stats["remediation_updated"], + rule_matching=stats["rule_matching_updated"], + rule_creation=stats["rule_creation_updated"], duration_ms=duration_ms, ) return stats