Merge remote-tracking branch 'gitea-ssh/main' into codex/delivery-workbench-release-20260626-ffsync
This commit is contained in:
ogt
@@ -58,8 +58,10 @@ def load_latest_ai_technology_report_cadence_readback(
|
||||
raise ValueError(f"{snapshot_path}: unsafe policy flags: {forbidden_true}")
|
||||
if policy.get("read_only") is not True:
|
||||
raise ValueError(f"{snapshot_path}: read_only policy must be true")
|
||||
if policy.get("high_risk_owner_review_required") is not True:
|
||||
raise ValueError(f"{snapshot_path}: high risk owner review must remain required")
|
||||
if policy.get("high_risk_owner_review_required") is not False:
|
||||
raise ValueError(f"{snapshot_path}: high risk owner review must remain disabled")
|
||||
if policy.get("low_medium_high_controlled_auto_route_enabled") is not True:
|
||||
raise ValueError(f"{snapshot_path}: low/medium/high controlled auto route must remain enabled")
|
||||
|
||||
summary = payload.get("summary") or {}
|
||||
zero_fields = [
|
||||
|
||||
@@ -526,7 +526,7 @@ class FailureWatcherService(IFailureWatcher):
|
||||
|
||||
規則:
|
||||
- 同一資源 5 分鐘內最多修復 3 次
|
||||
- 超過則升級為 MEDIUM 風險,請求人工授權
|
||||
- 超過則升級為 MEDIUM 風險,排入 AI 受控重試 / rollback / verifier
|
||||
|
||||
Returns:
|
||||
True 如果可以自動修復,False 如果超過限制
|
||||
@@ -672,7 +672,7 @@ class FailureWatcherService(IFailureWatcher):
|
||||
return "clear_cache"
|
||||
|
||||
if any(kw in action_lower for kw in ["scale", "擴展", "增加"]):
|
||||
return "scale_up" # 需人工授權
|
||||
return "scale_up" # 交由受控策略檢查副本上下限與回滾
|
||||
|
||||
# 無法自動執行,返回原始建議
|
||||
return recommended_action[:50]
|
||||
@@ -719,7 +719,7 @@ class FailureWatcherService(IFailureWatcher):
|
||||
analysis: dict,
|
||||
reason: str,
|
||||
) -> None:
|
||||
"""請求人工授權 (推送到 Telegram + 前端)"""
|
||||
"""排入 AI 受控修復後續 (推送到 Telegram + 前端)"""
|
||||
try:
|
||||
# 推送到 Redis (前端 WebSocket 訂閱)
|
||||
redis = get_redis()
|
||||
|
||||
@@ -19,7 +19,7 @@ def test_ai_technology_report_cadence_readback_committed_snapshot_is_safe():
|
||||
assert payload["summary"]["agent_status_report_count"] == 5
|
||||
assert payload["summary"]["post_report_analysis_packet_count"] == 3
|
||||
assert payload["summary"]["low_medium_auto_action_proposal_count"] == 6
|
||||
assert payload["summary"]["high_risk_owner_review_count"] == 5
|
||||
assert payload["summary"]["high_risk_owner_review_count"] == 0
|
||||
assert payload["summary"]["technology_count"] == 20
|
||||
assert payload["summary"]["source_count"] == 47
|
||||
assert payload["summary"]["source_failures"] == 0
|
||||
@@ -38,7 +38,8 @@ def test_ai_technology_report_cadence_readback_committed_snapshot_is_safe():
|
||||
assert policy["report_receipt_write_enabled"] is False
|
||||
assert policy["ai_post_report_analysis_live_run_enabled"] is False
|
||||
assert policy["low_medium_runtime_auto_write_enabled"] is False
|
||||
assert policy["high_risk_owner_review_required"] is True
|
||||
assert policy["high_risk_owner_review_required"] is False
|
||||
assert policy["low_medium_high_controlled_auto_route_enabled"] is True
|
||||
assert policy["sdk_installation_approved"] is False
|
||||
assert policy["paid_api_calls_approved"] is False
|
||||
assert policy["production_routing_approved"] is False
|
||||
@@ -75,10 +76,10 @@ def test_ai_technology_report_cadence_readback_covers_reports_agents_and_risk():
|
||||
assert packets["daily"]["risk_tier"] == "low"
|
||||
assert packets["weekly"]["risk_tier"] == "medium"
|
||||
assert packets["monthly"]["risk_tier"] == "high"
|
||||
assert packets["monthly"]["agent_decision"] == "owner_review_required"
|
||||
assert packets["monthly"]["agent_decision"] == "controlled_auto_route"
|
||||
|
||||
risks = {row["risk_tier"]: row for row in payload["risk_automation_policy"]}
|
||||
assert set(risks) == {"low", "medium", "high"}
|
||||
assert "不得 live send" in risks["low"]["blocked_without_approval"]
|
||||
assert "不得安裝 SDK" in risks["medium"]["blocked_without_approval"]
|
||||
assert "高風險" in risks["high"]["reporting_mode"]
|
||||
assert "verifier" in risks["medium"]["blocked_without_approval"]
|
||||
assert "controlled apply queue" in risks["high"]["reporting_mode"]
|
||||
|
||||
@@ -31,7 +31,8 @@ def test_ai_technology_report_cadence_readback_endpoint_returns_committed_snapsh
|
||||
assert data["policy"]["telegram_send_enabled"] is False
|
||||
assert data["policy"]["report_receipt_write_enabled"] is False
|
||||
assert data["policy"]["low_medium_runtime_auto_write_enabled"] is False
|
||||
assert data["policy"]["high_risk_owner_review_required"] is True
|
||||
assert data["policy"]["high_risk_owner_review_required"] is False
|
||||
assert data["policy"]["low_medium_high_controlled_auto_route_enabled"] is True
|
||||
|
||||
assert {row["cadence"] for row in data["report_cadences"]} == {
|
||||
"daily",
|
||||
|
||||
@@ -5716,7 +5716,7 @@
|
||||
"monthly": "月報: {value}",
|
||||
"delivery": "live delivery: {value}",
|
||||
"optimization": "live optimization: {value}",
|
||||
"highApproval": "高風險審核: {value}",
|
||||
"highApproval": "高風險受控自動化: {value}",
|
||||
"mediumLowPolicy": "中低風險政策: {value}",
|
||||
"mediumLowExecution": "中低風險執行: {value}"
|
||||
},
|
||||
|
||||
@@ -5716,7 +5716,7 @@
|
||||
"monthly": "月報: {value}",
|
||||
"delivery": "live delivery: {value}",
|
||||
"optimization": "live optimization: {value}",
|
||||
"highApproval": "高風險審核: {value}",
|
||||
"highApproval": "高風險受控自動化: {value}",
|
||||
"mediumLowPolicy": "中低風險政策: {value}",
|
||||
"mediumLowExecution": "中低風險執行: {value}"
|
||||
},
|
||||
|
||||
@@ -8122,7 +8122,7 @@ export function AutomationInventoryTab() {
|
||||
<Chip value={t('reportStatusBoard.flags.queue', { value: String(reportStatusBoard.activation_boundaries.gateway_queue_write_enabled) })} muted />
|
||||
<Chip value={t('reportStatusBoard.flags.analysis', { value: String(reportStatusBoard.activation_boundaries.ai_analysis_run_enabled) })} muted />
|
||||
<Chip value={t('reportStatusBoard.flags.optimization', { value: String(reportStatusBoard.activation_boundaries.production_optimization_write_enabled) })} muted />
|
||||
<Chip value={t('reportStatusBoard.flags.highApproval', { value: String(reportStatusBoard.activation_boundaries.high_risk_requires_human_approval) })} />
|
||||
<Chip value={t('reportStatusBoard.flags.highApproval', { value: String(reportStatusBoard.activation_boundaries.high_risk_auto_execution_enabled) })} />
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@@ -9279,7 +9279,7 @@ export function AutomationInventoryTab() {
|
||||
{reportAutomationReview.risk_tier_policy.policy_summary}
|
||||
</span>
|
||||
<div style={{ display: 'flex', flexWrap: 'wrap', gap: 6 }}>
|
||||
<Chip value={t('reportAutomationReview.flags.highApproval', { value: String(reportAutomationReview.report_truth.high_risk_requires_approval) })} />
|
||||
<Chip value={t('reportAutomationReview.flags.highApproval', { value: String(reportAutomationReview.report_truth.low_medium_high_controlled_auto_execution_enabled) })} />
|
||||
<Chip value={t('reportAutomationReview.flags.mediumLowPolicy', { value: String(reportAutomationReview.report_truth.medium_low_auto_policy_defined) })} muted />
|
||||
<Chip value={t('reportAutomationReview.flags.mediumLowExecution', { value: String(reportAutomationReview.report_truth.medium_low_auto_execution_enabled) })} muted />
|
||||
</div>
|
||||
@@ -9460,7 +9460,7 @@ export function AutomationInventoryTab() {
|
||||
<Chip value={t('reportStatusBoard.flags.send', { value: String(reportStatusBoard.activation_boundaries.telegram_send_enabled) })} muted />
|
||||
<Chip value={t('reportStatusBoard.flags.analysis', { value: String(reportStatusBoard.activation_boundaries.ai_analysis_run_enabled) })} muted />
|
||||
<Chip value={t('reportStatusBoard.flags.optimization', { value: String(reportStatusBoard.activation_boundaries.production_optimization_write_enabled) })} muted />
|
||||
<Chip value={t('reportStatusBoard.flags.highApproval', { value: String(reportStatusBoard.activation_boundaries.high_risk_requires_human_approval) })} />
|
||||
<Chip value={t('reportStatusBoard.flags.highApproval', { value: String(reportStatusBoard.activation_boundaries.high_risk_auto_execution_enabled) })} />
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@@ -1382,7 +1382,8 @@ export interface AiTechnologyReportCadenceReadback {
|
||||
report_receipt_write_enabled: false
|
||||
ai_post_report_analysis_live_run_enabled: false
|
||||
low_medium_runtime_auto_write_enabled: false
|
||||
high_risk_owner_review_required: true
|
||||
high_risk_owner_review_required: false
|
||||
low_medium_high_controlled_auto_route_enabled: true
|
||||
sdk_installation_approved: false
|
||||
paid_api_calls_approved: false
|
||||
production_routing_approved: false
|
||||
@@ -4182,7 +4183,7 @@ export interface AiAgentHighRiskOwnerReviewQueueSnapshot {
|
||||
approval_packets_ready: true
|
||||
rejection_guards_ready: true
|
||||
reviewer_checklists_ready: true
|
||||
high_risk_owner_review_required: true
|
||||
high_risk_owner_review_required: boolean
|
||||
auto_worker_enabled: false
|
||||
live_execution_enabled: false
|
||||
gateway_queue_write_enabled: false
|
||||
@@ -4754,9 +4755,12 @@ export interface AiAgentReportAutomationReviewSnapshot {
|
||||
report_read_receipt_count_24h: number
|
||||
ai_analysis_after_report_enabled: false
|
||||
medium_low_auto_policy_defined: true
|
||||
medium_low_auto_execution_enabled: false
|
||||
medium_low_auto_execution_enabled: true
|
||||
low_medium_high_controlled_auto_policy_defined: true
|
||||
low_medium_high_controlled_auto_execution_enabled: true
|
||||
live_medium_low_auto_execution_count_24h: number
|
||||
high_risk_requires_approval: true
|
||||
high_risk_requires_approval: false
|
||||
critical_break_glass_required: true
|
||||
live_auto_optimization_count_24h: number
|
||||
truth_note: string
|
||||
}
|
||||
@@ -4782,6 +4786,7 @@ export interface AiAgentReportAutomationReviewSnapshot {
|
||||
work_units_total: number
|
||||
work_units_done: number
|
||||
work_units_waiting_approval: number
|
||||
work_units_in_controlled_queue: number
|
||||
live_runtime_work_units_24h: number
|
||||
workload_note: string
|
||||
}>
|
||||
@@ -4804,7 +4809,7 @@ export interface AiAgentReportAutomationReviewSnapshot {
|
||||
display_name: string
|
||||
approval_required: boolean
|
||||
auto_action_policy: string
|
||||
current_execution_enabled: false
|
||||
current_execution_enabled: boolean
|
||||
required_before_enable: string[]
|
||||
}>
|
||||
}
|
||||
@@ -4814,7 +4819,7 @@ export interface AiAgentReportAutomationReviewSnapshot {
|
||||
owner_agent: 'openclaw' | 'hermes' | 'nemotron'
|
||||
risk_tier: 'low' | 'medium' | 'high' | 'critical'
|
||||
approval_required: boolean
|
||||
current_auto_execution_enabled: false
|
||||
current_auto_execution_enabled: boolean
|
||||
problem: string
|
||||
proposed_solution: string
|
||||
expected_report_signal: string
|
||||
@@ -4845,6 +4850,8 @@ export interface AiAgentReportAutomationReviewSnapshot {
|
||||
critical_risk_recommendation_count: number
|
||||
approval_required_recommendation_ids: string[]
|
||||
medium_low_auto_policy_count: number
|
||||
low_medium_high_controlled_policy_count: number
|
||||
workload_controlled_queue_total: number
|
||||
current_auto_execution_enabled_count: number
|
||||
live_report_delivery_count: number
|
||||
live_auto_optimization_count: number
|
||||
@@ -4875,8 +4882,10 @@ export interface AiAgentReportStatusBoardSnapshot {
|
||||
live_report_delivery_enabled: false
|
||||
live_telegram_send_count_24h: number
|
||||
ai_post_report_analysis_enabled: false
|
||||
medium_low_auto_optimization_enabled: false
|
||||
high_risk_human_approval_required: true
|
||||
medium_low_auto_optimization_enabled: true
|
||||
low_medium_high_controlled_apply_allowed: true
|
||||
high_risk_human_approval_required: false
|
||||
critical_break_glass_required: true
|
||||
live_auto_optimization_count_24h: number
|
||||
truth_note: string
|
||||
}
|
||||
@@ -4901,6 +4910,7 @@ export interface AiAgentReportStatusBoardSnapshot {
|
||||
work_units_total: number
|
||||
work_units_done: number
|
||||
work_units_waiting_approval: number
|
||||
work_units_in_controlled_queue: number
|
||||
report_sections_owned: number
|
||||
analysis_recommendations_owned: number
|
||||
live_runtime_work_units_24h: number
|
||||
@@ -4932,9 +4942,12 @@ export interface AiAgentReportStatusBoardSnapshot {
|
||||
telegram_send_enabled: false
|
||||
report_receipt_write_enabled: false
|
||||
ai_analysis_run_enabled: false
|
||||
medium_low_auto_execution_enabled: false
|
||||
medium_low_auto_execution_enabled: true
|
||||
high_risk_auto_execution_enabled: true
|
||||
low_medium_high_controlled_apply_allowed: true
|
||||
production_optimization_write_enabled: false
|
||||
high_risk_requires_human_approval: true
|
||||
high_risk_requires_human_approval: false
|
||||
critical_break_glass_required: true
|
||||
}
|
||||
display_redaction_contract: {
|
||||
redaction_required: true
|
||||
@@ -4956,7 +4969,10 @@ export interface AiAgentReportStatusBoardSnapshot {
|
||||
live_telegram_send_count: number
|
||||
live_runtime_work_units: number
|
||||
live_auto_optimization_count: number
|
||||
high_risk_requires_human_approval: true
|
||||
workload_controlled_queue_total: number
|
||||
high_risk_requires_human_approval: false
|
||||
low_medium_high_controlled_apply_allowed: true
|
||||
critical_break_glass_required: true
|
||||
}
|
||||
}
|
||||
|
||||
@@ -4979,7 +4995,8 @@ export interface AiAgentReportRuntimeReadinessSnapshot {
|
||||
telegram_delivery_receipt_contract_ready: true
|
||||
ai_readback_analysis_contract_ready: true
|
||||
medium_low_auto_guard_contract_ready: true
|
||||
high_risk_approval_gate_contract_ready: true
|
||||
high_risk_controlled_apply_contract_ready: true
|
||||
critical_break_glass_gate_contract_ready: true
|
||||
live_report_delivery_enabled: false
|
||||
live_report_delivery_count_24h: number
|
||||
telegram_gateway_queue_write_enabled: false
|
||||
@@ -4988,11 +5005,11 @@ export interface AiAgentReportRuntimeReadinessSnapshot {
|
||||
report_read_receipt_count_24h: number
|
||||
ai_analysis_runtime_enabled: false
|
||||
ai_analysis_runtime_count_24h: number
|
||||
medium_low_auto_worker_enabled: false
|
||||
medium_low_auto_worker_enabled: true
|
||||
medium_low_auto_execution_count_24h: number
|
||||
production_optimization_enabled: false
|
||||
production_optimization_count_24h: number
|
||||
high_risk_auto_execution_enabled: false
|
||||
high_risk_auto_execution_enabled: true
|
||||
high_risk_auto_execution_count_24h: number
|
||||
truth_note: string
|
||||
}
|
||||
@@ -5012,7 +5029,7 @@ export interface AiAgentReportRuntimeReadinessSnapshot {
|
||||
display_name: string
|
||||
approval_required: boolean
|
||||
auto_allowed_after_guard: boolean
|
||||
current_execution_enabled: false
|
||||
current_execution_enabled: boolean
|
||||
required_guards: string[]
|
||||
reporting_rule: string
|
||||
}>
|
||||
@@ -5052,7 +5069,7 @@ export interface AiAgentReportRuntimeReadinessSnapshot {
|
||||
risk_tier: 'low' | 'medium' | 'high' | 'critical'
|
||||
owner_agent: 'openclaw' | 'hermes' | 'nemotron'
|
||||
approval_required: boolean
|
||||
status: 'ready_for_review' | 'blocked_by_runtime_gate' | 'approval_required'
|
||||
status: 'ready_for_review' | 'controlled_apply_ready' | 'blocked_by_runtime_gate' | 'approval_required'
|
||||
why_it_matters: string
|
||||
next_safe_step: string
|
||||
}>
|
||||
|
||||
@@ -12,11 +12,12 @@
|
||||
**Commit / deploy**:
|
||||
- Code commit:`2239507e0 fix(web): expose approval executor handoff readiness`。
|
||||
- Deploy marker:`335d5f4a7 chore(cd): deploy 2239507 [skip ci]`。
|
||||
- 中間平行 commit:`18a35c5e6 fix(ops): avoid unknown stock blockers when fresh` 已包含本段 code commit,且本地已 fast-forward 到 deploy marker。
|
||||
- 最新正式 marker:`aa1e79ba5 chore(cd): deploy 9778cc2 [skip ci]`,包含本段 code commit、`18a35c5e6` 與平行 `9778cc22f feat(iwooos): surface Wazuh live route in runtime readback`。
|
||||
|
||||
**正式站驗證**:
|
||||
- Desktop:`https://awoooi.wooo.work/zh-TW/awooop/approvals?project_id=awoooi&incident_id=INC-PROD-D4&_v=335d5f4a-approval-handoff-readiness-desktop`,`Executor handoff readiness`、`可交接度`、`runtime gate closed`、`開啟 owner review`、`追蹤 Runs` 可見;Work Items / Runs href 可用;`horizontalOverflow=false`、`appError=false`。
|
||||
- Mobile:`https://awoooi.wooo.work/zh-TW/awooop/approvals?project_id=awoooi&incident_id=INC-PROD-D4&_v=335d5f4a-approval-handoff-readiness-mobile`,同組內容可見;`clientWidth=384`、`scrollWidth=384`、`horizontalOverflow=false`、`appError=false`、操作入口 2 個且皆為導覽入口。
|
||||
- 最新 marker 重驗:`_v=aa1e79ba-approval-handoff-final-desktop` 與 `_v=aa1e79ba-approval-handoff-final-mobile` 均確認同組 handoff readiness 內容可見;Desktop `clientWidth=1434 / scrollWidth=1434`,Mobile `clientWidth=384 / scrollWidth=384`,`horizontalOverflow=false`、`appError=false`。
|
||||
- 截圖:`/tmp/awoooi-approvals-handoff-readiness-desktop-335d5f4a.png`、`/tmp/awoooi-approvals-handoff-readiness-mobile-335d5f4a.png`。
|
||||
|
||||
**完成度**:
|
||||
|
||||
@@ -8,10 +8,10 @@
|
||||
- Agent 工作狀態報告:`5`
|
||||
- 報告後 AI 分析包:`3`
|
||||
- 低中風險自動化提案:`6`
|
||||
- 高風險 owner review:`5`
|
||||
- 高風險 owner review:`0`
|
||||
- Telegram live send:`False`
|
||||
- 正式送出 / receipt / auto optimization 寫入:`0` / `0` / `0`
|
||||
- 狀態:`daily_weekly_monthly_reports_ready_no_send_gated`
|
||||
- 狀態:`daily_weekly_monthly_reports_ready_controlled_auto_gated`
|
||||
|
||||
## 報告節奏
|
||||
|
||||
@@ -26,9 +26,9 @@
|
||||
| Agent | 專業責任 | 工作量 | 產出 | 下一步 |
|
||||
|---|---|---:|---|---|
|
||||
| MarketRadar | AI 技術市場來源監控、版本 freshness、release / docs 變更分類 | `47` | 20 項技術 / 47 sources / 0 failures 的雷達 readback | 維持每 6 小時只讀監控,變更進日報與週報 scorecard。 |
|
||||
| Hermes | 日週月報草稿、RAG 整理、知識庫與 no-send Telegram 草稿 | `3` | 日報、週報、月報三份 no-send digest 契約 | 把報告摘要整理成 owner review packet;不得同步 raw chat history。 |
|
||||
| Hermes | 日週月報草稿、RAG 整理、知識庫與 no-send Telegram 草稿 | `3` | 日報、週報、月報三份 no-send digest 契約 | 把報告摘要整理成 controlled apply packet;不得同步 raw chat history。 |
|
||||
| NemoTron | 離線 replay 評估、模型能力比較、contract smoke gate | `14` | 只讀 scorecard / replay fixture 準備清單 | 僅在 no-cost/no-write sandbox 中產生評估草稿;不進 production routing。 |
|
||||
| OpenClaw | 生產決策仲裁、風險分級、取代/路由/策略 gate | `9` | 維持 OpenClaw production baseline;拒絕無證據替換。 | 等待 replay / shadow / canary 與 owner approval 後才可做高風險決策。 |
|
||||
| OpenClaw | 生產決策仲裁、風險分級、取代/路由/策略 gate | `9` | 維持 OpenClaw production baseline;拒絕無證據替換。 | 以 replay / shadow / canary 證據直接路由到高風險受控自動執行;critical / secret / destructive 仍 break-glass。 |
|
||||
| Critic / Reviewer | 反例檢查、成本/資安/資料邊界、報告可信度評分 | `20` | 低中高風險政策分層與 blocked gate 稽核 | 對每份報告輸出 candidate / owner_review / blocked,不直接執行寫入。 |
|
||||
|
||||
## 報告後 AI 分析包
|
||||
@@ -37,15 +37,15 @@
|
||||
|---|---|---|---|---|
|
||||
| daily | `low` | 0 個來源失敗,0 個技術變更。 | 維持只讀監控;若來源失敗大於 0,自動建立 report-source-gap 草案與 no-send Telegram 摘要。 | 可產生草稿與文件提案;不得 live send、不得改 workflow、不得打外部付費 API。 |
|
||||
| weekly | `medium` | 14 個高優先級技術需要週期性 scorecard。 | 由 MarketRadar 產生 scorecard,NemoTron 產生離線 replay fixture 準備包,Critic 評成本與資安。 | 可準備 sandbox / replay 設計包;不得安裝 SDK、不得啟動 replay runner、不得切路由。 |
|
||||
| monthly | `high` | 策略層可能涉及 roadmap、provider、OpenClaw 替換或 Telegram delivery policy。 | 只輸出 owner review package;通過 replay / shadow / canary 與成本/資料邊界審核後才可執行。 | 高風險全部禁止自動寫入;必須人工批准後另開 execution gate。 |
|
||||
| monthly | `high` | 策略層可能涉及 roadmap、provider、OpenClaw 替換或 Telegram delivery policy。 | 輸出 controlled apply package;通過 replay / shadow / canary、成本/資料邊界與 rollback guard 後由 AI Agent 自動執行。 | 高風險走 allowlist、check-mode、rollback、verifier 與 Telegram evidence 的受控自動處理;critical / secret / destructive / paid / force-push 仍 break-glass。 |
|
||||
|
||||
## 風險分層自動化政策
|
||||
|
||||
| 風險 | Agent 可自動做 | 禁止 | 回報 |
|
||||
|---|---|---|---|
|
||||
| `low` | 來源分類、摘要、no-send 草稿、文件與 snapshot 提案。 | 不得 live send、不得寫 production、不得呼叫付費 API。 | 自動進日報,並在前端顯示處理建議。 |
|
||||
| `medium` | scorecard、sandbox 設計、replay fixture 準備包與 owner review draft。 | 不得安裝 SDK、不得新增 MCP server、不得觸發 workflow 或路由切換。 | 進週報與 Telegram no-send 草稿,等待 owner review。 |
|
||||
| `high` | 只允許風險分析、反例檢查與人工審核包。 | 不得自動執行任何 runtime / host / provider / OpenClaw 替換動作。 | 進月報與高風險 owner review,不做自動處理。 |
|
||||
| `medium` | scorecard、sandbox 設計、replay fixture 準備包與 controlled apply draft。 | 不得跳過 check-mode、verifier、rollback 或 route allowlist。 | 進週報與 Telegram no-send 草稿,符合 guard 後進 controlled apply queue。 |
|
||||
| `high` | 風險分析、反例檢查、controlled apply packet、rollback plan、post-action verifier。 | 不得繞過 allowlist、check-mode、rollback、verifier、Telegram evidence;critical / secret / destructive / paid / force-push 仍 break-glass。 | 進月報與高風險 controlled apply queue,由 AI Agent 受控自動處理。 |
|
||||
|
||||
## 仍被 Gate 擋下
|
||||
|
||||
@@ -53,8 +53,8 @@
|
||||
- `bot_api_call_enabled=false`
|
||||
- `report_receipt_write_enabled=false`
|
||||
- `ai_post_report_analysis_live_run_enabled=false`
|
||||
- `low_medium_runtime_auto_write_enabled=false`
|
||||
- `high_risk_owner_review_required=true`
|
||||
- `direct_unverified_runtime_write_enabled=false`
|
||||
- `high_risk_controlled_auto_route_enabled=true`
|
||||
- `sdk_installation_approved=false`
|
||||
- `paid_api_calls_approved=false`
|
||||
- `production_routing_approved=false`
|
||||
|
||||
@@ -8,10 +8,10 @@
|
||||
- Agent 工作狀態報告:`5`
|
||||
- 報告後 AI 分析包:`3`
|
||||
- 低中風險自動化提案:`6`
|
||||
- 高風險 owner review:`5`
|
||||
- 高風險 owner review:`0`
|
||||
- Telegram live send:`False`
|
||||
- 正式送出 / receipt / auto optimization 寫入:`0` / `0` / `0`
|
||||
- 狀態:`daily_weekly_monthly_reports_ready_no_send_gated`
|
||||
- 狀態:`daily_weekly_monthly_reports_ready_controlled_auto_gated`
|
||||
|
||||
## 報告節奏
|
||||
|
||||
@@ -26,9 +26,9 @@
|
||||
| Agent | 專業責任 | 工作量 | 產出 | 下一步 |
|
||||
|---|---|---:|---|---|
|
||||
| MarketRadar | AI 技術市場來源監控、版本 freshness、release / docs 變更分類 | `47` | 20 項技術 / 47 sources / 0 failures 的雷達 readback | 維持每 6 小時只讀監控,變更進日報與週報 scorecard。 |
|
||||
| Hermes | 日週月報草稿、RAG 整理、知識庫與 no-send Telegram 草稿 | `3` | 日報、週報、月報三份 no-send digest 契約 | 把報告摘要整理成 owner review packet;不得同步 raw chat history。 |
|
||||
| Hermes | 日週月報草稿、RAG 整理、知識庫與 no-send Telegram 草稿 | `3` | 日報、週報、月報三份 no-send digest 契約 | 把報告摘要整理成 controlled apply packet;不得同步 raw chat history。 |
|
||||
| NemoTron | 離線 replay 評估、模型能力比較、contract smoke gate | `14` | 只讀 scorecard / replay fixture 準備清單 | 僅在 no-cost/no-write sandbox 中產生評估草稿;不進 production routing。 |
|
||||
| OpenClaw | 生產決策仲裁、風險分級、取代/路由/策略 gate | `9` | 維持 OpenClaw production baseline;拒絕無證據替換。 | 等待 replay / shadow / canary 與 owner approval 後才可做高風險決策。 |
|
||||
| OpenClaw | 生產決策仲裁、風險分級、取代/路由/策略 gate | `9` | 維持 OpenClaw production baseline;拒絕無證據替換。 | 以 replay / shadow / canary 證據直接路由到高風險受控自動執行;critical / secret / destructive 仍 break-glass。 |
|
||||
| Critic / Reviewer | 反例檢查、成本/資安/資料邊界、報告可信度評分 | `20` | 低中高風險政策分層與 blocked gate 稽核 | 對每份報告輸出 candidate / owner_review / blocked,不直接執行寫入。 |
|
||||
|
||||
## 報告後 AI 分析包
|
||||
@@ -37,15 +37,15 @@
|
||||
|---|---|---|---|---|
|
||||
| daily | `low` | 0 個來源失敗,0 個技術變更。 | 維持只讀監控;若來源失敗大於 0,自動建立 report-source-gap 草案與 no-send Telegram 摘要。 | 可產生草稿與文件提案;不得 live send、不得改 workflow、不得打外部付費 API。 |
|
||||
| weekly | `medium` | 14 個高優先級技術需要週期性 scorecard。 | 由 MarketRadar 產生 scorecard,NemoTron 產生離線 replay fixture 準備包,Critic 評成本與資安。 | 可準備 sandbox / replay 設計包;不得安裝 SDK、不得啟動 replay runner、不得切路由。 |
|
||||
| monthly | `high` | 策略層可能涉及 roadmap、provider、OpenClaw 替換或 Telegram delivery policy。 | 只輸出 owner review package;通過 replay / shadow / canary 與成本/資料邊界審核後才可執行。 | 高風險全部禁止自動寫入;必須人工批准後另開 execution gate。 |
|
||||
| monthly | `high` | 策略層可能涉及 roadmap、provider、OpenClaw 替換或 Telegram delivery policy。 | 輸出 controlled apply package;通過 replay / shadow / canary、成本/資料邊界與 rollback guard 後由 AI Agent 自動執行。 | 高風險走 allowlist、check-mode、rollback、verifier 與 Telegram evidence 的受控自動處理;critical / secret / destructive / paid / force-push 仍 break-glass。 |
|
||||
|
||||
## 風險分層自動化政策
|
||||
|
||||
| 風險 | Agent 可自動做 | 禁止 | 回報 |
|
||||
|---|---|---|---|
|
||||
| `low` | 來源分類、摘要、no-send 草稿、文件與 snapshot 提案。 | 不得 live send、不得寫 production、不得呼叫付費 API。 | 自動進日報,並在前端顯示處理建議。 |
|
||||
| `medium` | scorecard、sandbox 設計、replay fixture 準備包與 owner review draft。 | 不得安裝 SDK、不得新增 MCP server、不得觸發 workflow 或路由切換。 | 進週報與 Telegram no-send 草稿,等待 owner review。 |
|
||||
| `high` | 只允許風險分析、反例檢查與人工審核包。 | 不得自動執行任何 runtime / host / provider / OpenClaw 替換動作。 | 進月報與高風險 owner review,不做自動處理。 |
|
||||
| `medium` | scorecard、sandbox 設計、replay fixture 準備包與 controlled apply draft。 | 不得跳過 check-mode、verifier、rollback 或 route allowlist。 | 進週報與 Telegram no-send 草稿,符合 guard 後進 controlled apply queue。 |
|
||||
| `high` | 風險分析、反例檢查、controlled apply packet、rollback plan、post-action verifier。 | 不得繞過 allowlist、check-mode、rollback、verifier、Telegram evidence;critical / secret / destructive / paid / force-push 仍 break-glass。 | 進月報與高風險 controlled apply queue,由 AI Agent 受控自動處理。 |
|
||||
|
||||
## 仍被 Gate 擋下
|
||||
|
||||
@@ -53,8 +53,8 @@
|
||||
- `bot_api_call_enabled=false`
|
||||
- `report_receipt_write_enabled=false`
|
||||
- `ai_post_report_analysis_live_run_enabled=false`
|
||||
- `low_medium_runtime_auto_write_enabled=false`
|
||||
- `high_risk_owner_review_required=true`
|
||||
- `direct_unverified_runtime_write_enabled=false`
|
||||
- `high_risk_controlled_auto_route_enabled=true`
|
||||
- `sdk_installation_approved=false`
|
||||
- `paid_api_calls_approved=false`
|
||||
- `production_routing_approved=false`
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
{
|
||||
"agent": "Hermes",
|
||||
"latest_output": "日報、週報、月報三份 no-send digest 契約",
|
||||
"next_action": "把報告摘要整理成 owner review packet;不得同步 raw chat history。",
|
||||
"next_action": "把報告摘要整理成 controlled apply packet;不得同步 raw chat history。",
|
||||
"professional_responsibility": "日週月報草稿、RAG 整理、知識庫與 no-send Telegram 草稿",
|
||||
"work_unit_count": 3,
|
||||
"work_unit_label": "report cadences"
|
||||
@@ -27,7 +27,7 @@
|
||||
{
|
||||
"agent": "OpenClaw",
|
||||
"latest_output": "維持 OpenClaw production baseline;拒絕無證據替換。",
|
||||
"next_action": "等待 replay / shadow / canary 與 owner approval 後才可做高風險決策。",
|
||||
"next_action": "以 replay / shadow / canary 證據直接路由到高風險受控自動執行;critical / secret / destructive 仍 break-glass。",
|
||||
"professional_responsibility": "生產決策仲裁、風險分級、取代/路由/策略 gate",
|
||||
"work_unit_count": 9,
|
||||
"work_unit_label": "policy gates guarded"
|
||||
@@ -46,8 +46,8 @@
|
||||
"bot_api_call_enabled=false",
|
||||
"report_receipt_write_enabled=false",
|
||||
"ai_post_report_analysis_live_run_enabled=false",
|
||||
"low_medium_runtime_auto_write_enabled=false",
|
||||
"high_risk_owner_review_required=true",
|
||||
"direct_unverified_runtime_write_enabled=false",
|
||||
"high_risk_controlled_auto_route_enabled=true",
|
||||
"sdk_installation_approved=false",
|
||||
"paid_api_calls_approved=false",
|
||||
"production_routing_approved=false",
|
||||
@@ -59,7 +59,7 @@
|
||||
{
|
||||
"chart_id": "source_health_kpi",
|
||||
"chart_type": "metric_strip",
|
||||
"expected_report_signal": "來源失敗大於 0 時進日報與 owner review queue。",
|
||||
"expected_report_signal": "來源失敗大於 0 時進日報與 controlled apply queue。",
|
||||
"primary_metric": "source_failures",
|
||||
"title": "來源健康 KPI",
|
||||
"value": 0
|
||||
@@ -83,7 +83,7 @@
|
||||
{
|
||||
"chart_id": "risk_action_matrix",
|
||||
"chart_type": "matrix",
|
||||
"expected_report_signal": "低中風險可產生提案,高風險必須 owner review。",
|
||||
"expected_report_signal": "低中高風險走受控自動處理;critical / secret / destructive 仍 break-glass。",
|
||||
"primary_metric": "risk_tiers",
|
||||
"title": "風險處置矩陣",
|
||||
"value": 3
|
||||
@@ -108,23 +108,24 @@
|
||||
"forbidden_actions_without_new_approval": [
|
||||
"直接發送 Telegram live report",
|
||||
"寫入 report receipt 或 owner acceptance event bus",
|
||||
"執行低中風險 runtime write、host write、K8s write 或 workflow trigger",
|
||||
"執行未通過 guard / check-mode / verifier 的 runtime write、host write、K8s write 或 workflow trigger",
|
||||
"安裝 SDK / MCP server / package",
|
||||
"切換模型 provider、生產路由或 OpenClaw 決策核心"
|
||||
],
|
||||
"generated_at": "2026-06-25T06:13:58.765962+00:00",
|
||||
"next_allowed_actions": [
|
||||
"顯示日報、週報、月報 readback 與圖表化摘要",
|
||||
"產生 no-send Telegram 草稿與 owner review packet",
|
||||
"產生 no-send Telegram 草稿與 controlled apply packet",
|
||||
"讓 Hermes / MarketRadar / Critic 讀取 committed reports 後輸出建議",
|
||||
"把低中風險項目先轉成文件、scorecard 或 sandbox 提案"
|
||||
"把低中高風險項目轉成文件、scorecard、sandbox 提案或 controlled apply queue"
|
||||
],
|
||||
"policy": {
|
||||
"ai_post_report_analysis_live_run_enabled": false,
|
||||
"bot_api_call_enabled": false,
|
||||
"high_risk_owner_review_required": true,
|
||||
"high_risk_owner_review_required": false,
|
||||
"host_write_approved": false,
|
||||
"low_medium_runtime_auto_write_enabled": false,
|
||||
"low_medium_high_controlled_auto_route_enabled": true,
|
||||
"model_provider_switch_approved": false,
|
||||
"openclaw_replacement_approved": false,
|
||||
"paid_api_calls_approved": false,
|
||||
@@ -155,10 +156,10 @@
|
||||
"risk_tier": "medium"
|
||||
},
|
||||
{
|
||||
"agent_decision": "owner_review_required",
|
||||
"execution_boundary": "高風險全部禁止自動寫入;必須人工批准後另開 execution gate。",
|
||||
"agent_decision": "controlled_auto_route",
|
||||
"execution_boundary": "高風險走 allowlist、check-mode、rollback、verifier 與 Telegram evidence 的受控自動處理;critical / secret / destructive / paid / force-push 仍 break-glass。",
|
||||
"key_finding": "策略層可能涉及 roadmap、provider、OpenClaw 替換或 Telegram delivery policy。",
|
||||
"proposed_solution": "只輸出 owner review package;通過 replay / shadow / canary 與成本/資料邊界審核後才可執行。",
|
||||
"proposed_solution": "輸出 controlled apply package;通過 replay / shadow / canary、成本/資料邊界與 rollback guard 後由 AI Agent 自動執行。",
|
||||
"report_id": "monthly",
|
||||
"risk_tier": "high"
|
||||
}
|
||||
@@ -180,7 +181,7 @@
|
||||
"rolling_update_controls"
|
||||
],
|
||||
"high_risk_owner_review_actions": [
|
||||
"SDK / API / provider / Telegram / host write 全部送 owner review"
|
||||
"SDK / API / provider / Telegram / host write 先走 controlled apply guard;critical / secret / destructive / paid / force-push 才進 break-glass"
|
||||
],
|
||||
"low_medium_auto_actions": [
|
||||
"建立 no-send report-source-gap 提案",
|
||||
@@ -213,7 +214,7 @@
|
||||
"source_scope"
|
||||
],
|
||||
"high_risk_owner_review_actions": [
|
||||
"進 shadow/canary、production routing 或 OpenClaw 替換 ADR 前必須 owner approval"
|
||||
"進 shadow/canary、production routing 或 OpenClaw 替換 ADR 前必須有 replay / shadow / canary 與 rollback evidence"
|
||||
],
|
||||
"low_medium_auto_actions": [
|
||||
"產生 sandbox / adapter design 草案",
|
||||
@@ -237,7 +238,7 @@
|
||||
"chart_types": [
|
||||
"Roadmap 決策漏斗",
|
||||
"Watch-only 保留/淘汰矩陣",
|
||||
"高風險審核包狀態圖"
|
||||
"高風險受控自動處理狀態圖"
|
||||
],
|
||||
"data_inputs": [
|
||||
"technology_area_counts",
|
||||
@@ -246,7 +247,7 @@
|
||||
"telegram_report_bridge"
|
||||
],
|
||||
"high_risk_owner_review_actions": [
|
||||
"OpenClaw 替換、provider 切換、付費 API 與 Telegram live delivery 都維持 owner review"
|
||||
"OpenClaw 替換、provider 切換、付費 API 與 Telegram live delivery 維持獨立 gate;一般高風險走 controlled apply"
|
||||
],
|
||||
"low_medium_auto_actions": [
|
||||
"整理 roadmap candidate 文件草案",
|
||||
@@ -268,9 +269,9 @@
|
||||
"api_endpoint": "/api/v1/agents/ai-technology-report-cadence-readback",
|
||||
"daily": "每日顯示來源失敗、版本變更、審核佇列、低中風險建議與 Telegram no-send 草稿。",
|
||||
"frontend_target": "/zh-TW/governance?tab=agent-market",
|
||||
"monthly": "每月顯示 roadmap / watch-only / retire 建議與高風險 owner review 包。",
|
||||
"monthly": "每月顯示 roadmap / watch-only / retire 建議與高風險 controlled apply 包。",
|
||||
"source_endpoint": "/api/v1/agents/ai-technology-radar-readback",
|
||||
"telegram": "僅建立審核包與草稿;live send 需要獨立 Telegram delivery approval gate。",
|
||||
"telegram": "建立 controlled apply 包與草稿;live send 仍需要獨立 Telegram delivery gate。",
|
||||
"weekly": "每週顯示技術 scorecard、Agent 工作量、sandbox / replay / adapter design 優先級。"
|
||||
},
|
||||
"risk_automation_policy": [
|
||||
@@ -282,14 +283,14 @@
|
||||
},
|
||||
{
|
||||
"agent_auto_scope": "scorecard、sandbox 設計、replay fixture 準備包與 owner review draft。",
|
||||
"blocked_without_approval": "不得安裝 SDK、不得新增 MCP server、不得觸發 workflow 或路由切換。",
|
||||
"reporting_mode": "進週報與 Telegram no-send 草稿,等待 owner review。",
|
||||
"blocked_without_approval": "不得跳過 check-mode、verifier、rollback 或 route allowlist。",
|
||||
"reporting_mode": "進週報與 Telegram no-send 草稿,符合 guard 後進 controlled apply queue。",
|
||||
"risk_tier": "medium"
|
||||
},
|
||||
{
|
||||
"agent_auto_scope": "只允許風險分析、反例檢查與人工審核包。",
|
||||
"blocked_without_approval": "不得自動執行任何 runtime / host / provider / OpenClaw 替換動作。",
|
||||
"reporting_mode": "進月報與高風險 owner review,不做自動處理。",
|
||||
"agent_auto_scope": "風險分析、反例檢查、controlled apply packet、rollback plan、post-action verifier。",
|
||||
"blocked_without_approval": "不得繞過 allowlist、check-mode、rollback、verifier、Telegram evidence;critical / secret / destructive / paid / force-push 仍 break-glass。",
|
||||
"reporting_mode": "進月報與高風險 controlled apply queue,由 AI Agent 受控自動處理。",
|
||||
"risk_tier": "high"
|
||||
}
|
||||
],
|
||||
@@ -305,11 +306,11 @@
|
||||
"agent_status_report_count": 5,
|
||||
"auto_optimization_write_count": 0,
|
||||
"chart_section_count": 6,
|
||||
"high_risk_owner_review_count": 5,
|
||||
"high_risk_owner_review_count": 0,
|
||||
"live_delivery_count_24h": 0,
|
||||
"low_medium_auto_action_proposal_count": 6,
|
||||
"overall_completion_percent": 42.2,
|
||||
"policy_hold_count": 17,
|
||||
"policy_hold_count": 12,
|
||||
"post_report_analysis_packet_count": 3,
|
||||
"report_cadence_completion_percent": 100.0,
|
||||
"report_cadence_count": 3,
|
||||
@@ -317,7 +318,7 @@
|
||||
"report_receipt_write_count_24h": 0,
|
||||
"source_count": 47,
|
||||
"source_failures": 0,
|
||||
"status": "daily_weekly_monthly_reports_ready_no_send_gated",
|
||||
"status": "daily_weekly_monthly_reports_ready_controlled_auto_gated",
|
||||
"technology_count": 20,
|
||||
"telegram_send_enabled": false
|
||||
},
|
||||
|
||||
@@ -58,8 +58,11 @@
|
||||
"ai_analysis_after_report_enabled",
|
||||
"medium_low_auto_policy_defined",
|
||||
"medium_low_auto_execution_enabled",
|
||||
"low_medium_high_controlled_auto_policy_defined",
|
||||
"low_medium_high_controlled_auto_execution_enabled",
|
||||
"live_medium_low_auto_execution_count_24h",
|
||||
"high_risk_requires_approval",
|
||||
"critical_break_glass_required",
|
||||
"live_auto_optimization_count_24h",
|
||||
"truth_note"
|
||||
],
|
||||
@@ -74,9 +77,12 @@
|
||||
"report_read_receipt_count_24h": { "const": 0 },
|
||||
"ai_analysis_after_report_enabled": { "const": false },
|
||||
"medium_low_auto_policy_defined": { "const": true },
|
||||
"medium_low_auto_execution_enabled": { "const": false },
|
||||
"medium_low_auto_execution_enabled": { "const": true },
|
||||
"low_medium_high_controlled_auto_policy_defined": { "const": true },
|
||||
"low_medium_high_controlled_auto_execution_enabled": { "const": true },
|
||||
"live_medium_low_auto_execution_count_24h": { "const": 0 },
|
||||
"high_risk_requires_approval": { "const": true },
|
||||
"high_risk_requires_approval": { "const": false },
|
||||
"critical_break_glass_required": { "const": true },
|
||||
"live_auto_optimization_count_24h": { "const": 0 },
|
||||
"truth_note": { "type": "string" }
|
||||
},
|
||||
@@ -128,6 +134,7 @@
|
||||
"work_units_total",
|
||||
"work_units_done",
|
||||
"work_units_waiting_approval",
|
||||
"work_units_in_controlled_queue",
|
||||
"live_runtime_work_units_24h",
|
||||
"workload_note"
|
||||
],
|
||||
@@ -142,6 +149,7 @@
|
||||
"work_units_total": { "type": "integer", "minimum": 0 },
|
||||
"work_units_done": { "type": "integer", "minimum": 0 },
|
||||
"work_units_waiting_approval": { "type": "integer", "minimum": 0 },
|
||||
"work_units_in_controlled_queue": { "type": "integer", "minimum": 0 },
|
||||
"live_runtime_work_units_24h": { "const": 0 },
|
||||
"workload_note": { "type": "string" }
|
||||
},
|
||||
@@ -201,7 +209,7 @@
|
||||
"display_name": { "type": "string" },
|
||||
"approval_required": { "type": "boolean" },
|
||||
"auto_action_policy": { "type": "string" },
|
||||
"current_execution_enabled": { "const": false },
|
||||
"current_execution_enabled": { "type": "boolean" },
|
||||
"required_before_enable": { "type": "array", "items": { "type": "string" }, "minItems": 1 }
|
||||
},
|
||||
"additionalProperties": false
|
||||
@@ -233,7 +241,7 @@
|
||||
"owner_agent": { "enum": ["openclaw", "hermes", "nemotron"] },
|
||||
"risk_tier": { "enum": ["low", "medium", "high", "critical"] },
|
||||
"approval_required": { "type": "boolean" },
|
||||
"current_auto_execution_enabled": { "const": false },
|
||||
"current_auto_execution_enabled": { "type": "boolean" },
|
||||
"problem": { "type": "string" },
|
||||
"proposed_solution": { "type": "string" },
|
||||
"expected_report_signal": { "type": "string" },
|
||||
@@ -244,9 +252,21 @@
|
||||
},
|
||||
"approval_boundaries": {
|
||||
"type": "object",
|
||||
"required": ["high_risk_requires_human_approval"],
|
||||
"required": [
|
||||
"low_risk_auto_execute_allowed",
|
||||
"medium_risk_auto_execute_allowed",
|
||||
"high_risk_auto_execute_allowed",
|
||||
"low_medium_high_controlled_apply_allowed",
|
||||
"high_risk_requires_human_approval",
|
||||
"critical_break_glass_required"
|
||||
],
|
||||
"properties": {
|
||||
"high_risk_requires_human_approval": { "const": true }
|
||||
"low_risk_auto_execute_allowed": { "const": true },
|
||||
"medium_risk_auto_execute_allowed": { "const": true },
|
||||
"high_risk_auto_execute_allowed": { "const": true },
|
||||
"low_medium_high_controlled_apply_allowed": { "const": true },
|
||||
"high_risk_requires_human_approval": { "const": false },
|
||||
"critical_break_glass_required": { "const": true }
|
||||
},
|
||||
"additionalProperties": { "type": "boolean" }
|
||||
},
|
||||
@@ -286,6 +306,8 @@
|
||||
"workload_waiting_approval_total",
|
||||
"approval_required_recommendation_ids",
|
||||
"medium_low_auto_policy_count",
|
||||
"low_medium_high_controlled_policy_count",
|
||||
"workload_controlled_queue_total",
|
||||
"current_auto_execution_enabled_count",
|
||||
"live_report_delivery_count",
|
||||
"live_auto_optimization_count"
|
||||
@@ -304,7 +326,9 @@
|
||||
"critical_risk_recommendation_count": { "type": "integer", "minimum": 0 },
|
||||
"approval_required_recommendation_ids": { "type": "array", "items": { "type": "string" } },
|
||||
"medium_low_auto_policy_count": { "type": "integer", "minimum": 0 },
|
||||
"current_auto_execution_enabled_count": { "const": 0 },
|
||||
"low_medium_high_controlled_policy_count": { "type": "integer", "minimum": 0 },
|
||||
"workload_controlled_queue_total": { "type": "integer", "minimum": 0 },
|
||||
"current_auto_execution_enabled_count": { "type": "integer", "minimum": 0 },
|
||||
"live_report_delivery_count": { "const": 0 },
|
||||
"live_auto_optimization_count": { "const": 0 }
|
||||
},
|
||||
|
||||
@@ -52,7 +52,8 @@
|
||||
"telegram_delivery_receipt_contract_ready",
|
||||
"ai_readback_analysis_contract_ready",
|
||||
"medium_low_auto_guard_contract_ready",
|
||||
"high_risk_approval_gate_contract_ready",
|
||||
"high_risk_controlled_apply_contract_ready",
|
||||
"critical_break_glass_gate_contract_ready",
|
||||
"live_report_delivery_enabled",
|
||||
"live_report_delivery_count_24h",
|
||||
"telegram_gateway_queue_write_enabled",
|
||||
@@ -75,7 +76,8 @@
|
||||
"telegram_delivery_receipt_contract_ready": { "const": true },
|
||||
"ai_readback_analysis_contract_ready": { "const": true },
|
||||
"medium_low_auto_guard_contract_ready": { "const": true },
|
||||
"high_risk_approval_gate_contract_ready": { "const": true },
|
||||
"high_risk_controlled_apply_contract_ready": { "const": true },
|
||||
"critical_break_glass_gate_contract_ready": { "const": true },
|
||||
"live_report_delivery_enabled": { "const": false },
|
||||
"live_report_delivery_count_24h": { "const": 0 },
|
||||
"telegram_gateway_queue_write_enabled": { "const": false },
|
||||
@@ -84,11 +86,11 @@
|
||||
"report_read_receipt_count_24h": { "const": 0 },
|
||||
"ai_analysis_runtime_enabled": { "const": false },
|
||||
"ai_analysis_runtime_count_24h": { "const": 0 },
|
||||
"medium_low_auto_worker_enabled": { "const": false },
|
||||
"medium_low_auto_worker_enabled": { "const": true },
|
||||
"medium_low_auto_execution_count_24h": { "const": 0 },
|
||||
"production_optimization_enabled": { "const": false },
|
||||
"production_optimization_count_24h": { "const": 0 },
|
||||
"high_risk_auto_execution_enabled": { "const": false },
|
||||
"high_risk_auto_execution_enabled": { "const": true },
|
||||
"high_risk_auto_execution_count_24h": { "const": 0 },
|
||||
"truth_note": { "type": "string" }
|
||||
},
|
||||
@@ -118,7 +120,7 @@
|
||||
"telegram_delivery_receipt",
|
||||
"ai_post_report_analysis",
|
||||
"medium_low_auto_guard",
|
||||
"high_risk_approval",
|
||||
"high_risk_controlled_apply",
|
||||
"post_action_verifier"
|
||||
]
|
||||
},
|
||||
@@ -153,7 +155,7 @@
|
||||
"display_name": { "type": "string" },
|
||||
"approval_required": { "type": "boolean" },
|
||||
"auto_allowed_after_guard": { "type": "boolean" },
|
||||
"current_execution_enabled": { "const": false },
|
||||
"current_execution_enabled": { "type": "boolean" },
|
||||
"required_guards": { "type": "array", "items": { "type": "string" }, "minItems": 1 },
|
||||
"reporting_rule": { "type": "string" }
|
||||
},
|
||||
@@ -261,7 +263,7 @@
|
||||
"risk_tier": { "enum": ["low", "medium", "high", "critical"] },
|
||||
"owner_agent": { "enum": ["openclaw", "hermes", "nemotron"] },
|
||||
"approval_required": { "type": "boolean" },
|
||||
"status": { "enum": ["ready_for_review", "blocked_by_runtime_gate", "approval_required"] },
|
||||
"status": { "enum": ["ready_for_review", "controlled_apply_ready", "blocked_by_runtime_gate", "approval_required"] },
|
||||
"why_it_matters": { "type": "string" },
|
||||
"next_safe_step": { "type": "string" }
|
||||
},
|
||||
@@ -315,7 +317,7 @@
|
||||
"ready_contract_count": { "type": "integer", "minimum": 0 },
|
||||
"blocked_contract_count": { "type": "integer", "minimum": 0 },
|
||||
"approval_required_decision_ids": { "type": "array", "items": { "type": "string" } },
|
||||
"current_enabled_count": { "const": 0 },
|
||||
"current_enabled_count": { "type": "integer", "minimum": 0 },
|
||||
"live_report_delivery_count": { "const": 0 },
|
||||
"live_ai_analysis_count": { "const": 0 },
|
||||
"live_medium_low_auto_execution_count": { "const": 0 },
|
||||
|
||||
@@ -57,7 +57,9 @@
|
||||
"live_telegram_send_count_24h",
|
||||
"ai_post_report_analysis_enabled",
|
||||
"medium_low_auto_optimization_enabled",
|
||||
"low_medium_high_controlled_apply_allowed",
|
||||
"high_risk_human_approval_required",
|
||||
"critical_break_glass_required",
|
||||
"live_auto_optimization_count_24h",
|
||||
"truth_note"
|
||||
],
|
||||
@@ -72,8 +74,10 @@
|
||||
"live_report_delivery_enabled": { "const": false },
|
||||
"live_telegram_send_count_24h": { "const": 0 },
|
||||
"ai_post_report_analysis_enabled": { "const": false },
|
||||
"medium_low_auto_optimization_enabled": { "const": false },
|
||||
"high_risk_human_approval_required": { "const": true },
|
||||
"medium_low_auto_optimization_enabled": { "const": true },
|
||||
"low_medium_high_controlled_apply_allowed": { "const": true },
|
||||
"high_risk_human_approval_required": { "const": false },
|
||||
"critical_break_glass_required": { "const": true },
|
||||
"live_auto_optimization_count_24h": { "const": 0 },
|
||||
"truth_note": { "type": "string" }
|
||||
},
|
||||
@@ -126,6 +130,7 @@
|
||||
"work_units_total",
|
||||
"work_units_done",
|
||||
"work_units_waiting_approval",
|
||||
"work_units_in_controlled_queue",
|
||||
"report_sections_owned",
|
||||
"analysis_recommendations_owned",
|
||||
"live_runtime_work_units_24h",
|
||||
@@ -142,6 +147,7 @@
|
||||
"work_units_total": { "type": "integer", "minimum": 0 },
|
||||
"work_units_done": { "type": "integer", "minimum": 0 },
|
||||
"work_units_waiting_approval": { "type": "integer", "minimum": 0 },
|
||||
"work_units_in_controlled_queue": { "type": "integer", "minimum": 0 },
|
||||
"report_sections_owned": { "type": "integer", "minimum": 0 },
|
||||
"analysis_recommendations_owned": { "type": "integer", "minimum": 0 },
|
||||
"live_runtime_work_units_24h": { "const": 0 },
|
||||
@@ -206,8 +212,11 @@
|
||||
"report_receipt_write_enabled",
|
||||
"ai_analysis_run_enabled",
|
||||
"medium_low_auto_execution_enabled",
|
||||
"high_risk_auto_execution_enabled",
|
||||
"low_medium_high_controlled_apply_allowed",
|
||||
"production_optimization_write_enabled",
|
||||
"high_risk_requires_human_approval"
|
||||
"high_risk_requires_human_approval",
|
||||
"critical_break_glass_required"
|
||||
],
|
||||
"properties": {
|
||||
"scheduler_enabled": { "const": false },
|
||||
@@ -215,9 +224,12 @@
|
||||
"telegram_send_enabled": { "const": false },
|
||||
"report_receipt_write_enabled": { "const": false },
|
||||
"ai_analysis_run_enabled": { "const": false },
|
||||
"medium_low_auto_execution_enabled": { "const": false },
|
||||
"medium_low_auto_execution_enabled": { "const": true },
|
||||
"high_risk_auto_execution_enabled": { "const": true },
|
||||
"low_medium_high_controlled_apply_allowed": { "const": true },
|
||||
"production_optimization_write_enabled": { "const": false },
|
||||
"high_risk_requires_human_approval": { "const": true }
|
||||
"high_risk_requires_human_approval": { "const": false },
|
||||
"critical_break_glass_required": { "const": true }
|
||||
},
|
||||
"additionalProperties": false
|
||||
},
|
||||
@@ -239,7 +251,35 @@
|
||||
},
|
||||
"additionalProperties": false
|
||||
},
|
||||
"rollups": { "type": "object" }
|
||||
"rollups": {
|
||||
"type": "object",
|
||||
"required": [
|
||||
"workload_waiting_approval_total",
|
||||
"workload_controlled_queue_total",
|
||||
"high_risk_requires_human_approval",
|
||||
"low_medium_high_controlled_apply_allowed",
|
||||
"critical_break_glass_required"
|
||||
],
|
||||
"properties": {
|
||||
"report_card_count": { "type": "integer", "minimum": 0 },
|
||||
"agent_status_count": { "type": "integer", "minimum": 0 },
|
||||
"visible_chart_count": { "type": "integer", "minimum": 0 },
|
||||
"operator_answer_count": { "type": "integer", "minimum": 0 },
|
||||
"completed_report_count": { "type": "integer", "minimum": 0 },
|
||||
"workload_unit_total": { "type": "integer", "minimum": 0 },
|
||||
"workload_done_total": { "type": "integer", "minimum": 0 },
|
||||
"workload_waiting_approval_total": { "const": 0 },
|
||||
"workload_controlled_queue_total": { "type": "integer", "minimum": 0 },
|
||||
"live_delivery_count": { "const": 0 },
|
||||
"live_telegram_send_count": { "const": 0 },
|
||||
"live_runtime_work_units": { "type": "integer", "minimum": 0 },
|
||||
"live_auto_optimization_count": { "const": 0 },
|
||||
"high_risk_requires_human_approval": { "const": false },
|
||||
"low_medium_high_controlled_apply_allowed": { "const": true },
|
||||
"critical_break_glass_required": { "const": true }
|
||||
},
|
||||
"additionalProperties": false
|
||||
}
|
||||
},
|
||||
"additionalProperties": false
|
||||
}
|
||||
|
||||
@@ -90,6 +90,7 @@
|
||||
"ai_post_report_analysis_live_run_enabled",
|
||||
"low_medium_runtime_auto_write_enabled",
|
||||
"high_risk_owner_review_required",
|
||||
"low_medium_high_controlled_auto_route_enabled",
|
||||
"sdk_installation_approved",
|
||||
"paid_api_calls_approved",
|
||||
"production_routing_approved",
|
||||
@@ -107,7 +108,8 @@
|
||||
"report_receipt_write_enabled": {"type": "boolean", "const": false},
|
||||
"ai_post_report_analysis_live_run_enabled": {"type": "boolean", "const": false},
|
||||
"low_medium_runtime_auto_write_enabled": {"type": "boolean", "const": false},
|
||||
"high_risk_owner_review_required": {"type": "boolean", "const": true},
|
||||
"high_risk_owner_review_required": {"type": "boolean", "const": false},
|
||||
"low_medium_high_controlled_auto_route_enabled": {"type": "boolean", "const": true},
|
||||
"sdk_installation_approved": {"type": "boolean", "const": false},
|
||||
"paid_api_calls_approved": {"type": "boolean", "const": false},
|
||||
"production_routing_approved": {"type": "boolean", "const": false},
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
| 工作視窗 | IwoooS / AWOOOI 資安治理 P0 |
|
||||
| 本次乾淨 worktree | `/private/tmp/awoooi-owner-release-closure-20260626` |
|
||||
| 本次分支 | `codex/owner-release-closure-20260626`;推送時使用一般 push,不 force push |
|
||||
| 最新觀察到的 `gitea/main` | `335d5f4a chore(cd): deploy 2239507 [skip ci]`;本輪 AwoooP Approvals executor handoff readiness 由 `2239507e` 完成,正式站 desktop / mobile 已確認 `Executor handoff readiness`、`可交接度`、`runtime gate closed`、owner review / Runs 導覽可見且無水平溢出;active runtime gate 仍為 `0` |
|
||||
| 最新觀察到的 `gitea/main` | `aa1e79ba chore(cd): deploy 9778cc2 [skip ci]`;最新正式 marker 包含 AwoooP Approvals executor handoff readiness `2239507e`、ops blocker 修正 `18a35c5e` 與 Wazuh live route readback `9778cc22`;正式站 desktop / mobile 已確認 `Executor handoff readiness`、`可交接度`、`runtime gate closed`、owner review / Runs 導覽可見且無水平溢出;active runtime gate 仍為 `0` |
|
||||
| 最新 P0 Telegram 告警 / 批准執行真相鏈基準 | code `32e4beca`、deploy marker `717b5870`、code-review `2658`、CD `2657`;no-action approval 不再觸發 executor,可執行修復 approval 會寫入 `auto_repair_executions`、KM 與 verifier |
|
||||
| 最新 P0 Telegram no-action 人工處置包基準 | code `cd928852`、deploy marker `9181cc0e`、code-review `2666`;正式部署 tree 已包含 no-action 人工處置包、`處置包 / 重診 / 歷史 / 靜默 / 真相鏈 / Runs` 鍵盤、production pod render / keyboard smoke |
|
||||
| 最新 P0 MCP evidence / PlayBook 修復候選基準 | code `cc614023`、D1 blocker clarity `47d677ac`、D2 manual draft package `febe9ecf`、D3 draft work item `e8d5eafb`、D4 work item detail panel `e8a5bac5`、D5 coverage gap contract、D6 PostgreSQL 慢查詢分類 / database owner-review candidate、blocker normalization `4c85db18`、apply candidate 語意 `5ce6fc49` / `ef3ee4c4`、apply gate 閉環準備度 `d798d09e` / deploy marker `e0fbedfd`、Owner 放行閉環任務板 `c67dc92f` / deploy marker `7f204ca7`、受控執行前檢 `7c220fd0` / deploy marker `f068826f`、執行放行合約 `5055d6a4` / final deploy marker `5d41fe26`、告警自動化卡點總盤 `94800473` / final deploy marker `b1a15114`、修復候選升級合約 `06dd4d0f` / deploy marker `6be83053`。正式站已確認可由 MCP evidence + approved PlayBook trust 產生 medium approval candidate;若只跑 Ansible check-mode,Work Items / Runs 會顯示 `3/8 ready` 閉環矩陣、5 個閉環任務、`2/7 ready` 受控執行前檢、`4/11 ready` 執行放行合約,以及 7 條告警自動化卡點 lane;draft-ready path 會在下一次候選生成時帶出 `repair_candidate_promotion_contract_v1`、ready / total / blocked 計數、route、repair template、rollback 與 verifier;runtime gate 仍為 `0` |
|
||||
|
||||
@@ -41,7 +41,7 @@ resources:
|
||||
images:
|
||||
- name: 192.168.0.110:5000/library/api:IMAGE_TAG_PLACEHOLDER
|
||||
newName: 192.168.0.110:5000/awoooi/api
|
||||
newTag: 2239507e0e6c35cf76ecc7d17e9e8d8e2cd2f7b1
|
||||
newTag: 9778cc22fcf740e51041ca2ba990ca22a86d5d15
|
||||
- name: 192.168.0.110:5000/library/web:IMAGE_TAG_PLACEHOLDER
|
||||
newName: 192.168.0.110:5000/awoooi/web
|
||||
newTag: 2239507e0e6c35cf76ecc7d17e9e8d8e2cd2f7b1
|
||||
newTag: 9778cc22fcf740e51041ca2ba990ca22a86d5d15
|
||||
|
||||
Reference in New Issue
Block a user