From aa1e79ba549ec558a29c5fa25fba2578125846e7 Mon Sep 17 00:00:00 2001 From: AWOOOI CD Date: Fri, 26 Jun 2026 15:40:10 +0000 Subject: [PATCH 1/3] chore(cd): deploy 9778cc2 [skip ci] --- k8s/awoooi-prod/kustomization.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s/awoooi-prod/kustomization.yaml b/k8s/awoooi-prod/kustomization.yaml index ad5d4f79..5ba594eb 100644 --- a/k8s/awoooi-prod/kustomization.yaml +++ b/k8s/awoooi-prod/kustomization.yaml @@ -41,7 +41,7 @@ resources: images: - name: 192.168.0.110:5000/library/api:IMAGE_TAG_PLACEHOLDER newName: 192.168.0.110:5000/awoooi/api - newTag: 2239507e0e6c35cf76ecc7d17e9e8d8e2cd2f7b1 + newTag: 9778cc22fcf740e51041ca2ba990ca22a86d5d15 - name: 192.168.0.110:5000/library/web:IMAGE_TAG_PLACEHOLDER newName: 192.168.0.110:5000/awoooi/web - newTag: 2239507e0e6c35cf76ecc7d17e9e8d8e2cd2f7b1 + newTag: 9778cc22fcf740e51041ca2ba990ca22a86d5d15 From 4013c6a1ade9c865b03243529cfca601fef84489 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 26 Jun 2026 23:40:24 +0800 Subject: [PATCH 2/3] fix(agents): align reports with controlled autonomy --- .../ai_technology_report_cadence_readback.py | 6 +- apps/api/src/services/failure_watcher.py | 6 +- ...t_ai_technology_report_cadence_readback.py | 11 ++-- ..._technology_report_cadence_readback_api.py | 3 +- apps/web/messages/en.json | 2 +- apps/web/messages/zh-TW.json | 2 +- .../tabs/automation-inventory-tab.tsx | 6 +- apps/web/src/lib/api-client.ts | 49 +++++++++++------ ...LOGY-REPORT-CADENCE-READBACK-2026-06-25.md | 18 +++--- .../AI-TECHNOLOGY-REPORT-CADENCE-READBACK.md | 18 +++--- ...logy-report-cadence-readback.snapshot.json | 55 ++++++++++--------- ...nt_report_automation_review_v1.schema.json | 38 ++++++++++--- ...nt_report_runtime_readiness_v1.schema.json | 18 +++--- ...i_agent_report_status_board_v1.schema.json | 52 ++++++++++++++++-- ...ogy_report_cadence_readback_v1.schema.json | 4 +- 15 files changed, 189 insertions(+), 99 deletions(-) diff --git a/apps/api/src/services/ai_technology_report_cadence_readback.py b/apps/api/src/services/ai_technology_report_cadence_readback.py index a3c04e86..4ca1b727 100644 --- a/apps/api/src/services/ai_technology_report_cadence_readback.py +++ b/apps/api/src/services/ai_technology_report_cadence_readback.py @@ -58,8 +58,10 @@ def load_latest_ai_technology_report_cadence_readback( raise ValueError(f"{snapshot_path}: unsafe policy flags: {forbidden_true}") if policy.get("read_only") is not True: raise ValueError(f"{snapshot_path}: read_only policy must be true") - if policy.get("high_risk_owner_review_required") is not True: - raise ValueError(f"{snapshot_path}: high risk owner review must remain required") + if policy.get("high_risk_owner_review_required") is not False: + raise ValueError(f"{snapshot_path}: high risk owner review must remain disabled") + if policy.get("low_medium_high_controlled_auto_route_enabled") is not True: + raise ValueError(f"{snapshot_path}: low/medium/high controlled auto route must remain enabled") summary = payload.get("summary") or {} zero_fields = [ diff --git a/apps/api/src/services/failure_watcher.py b/apps/api/src/services/failure_watcher.py index d3a17437..304a083a 100644 --- a/apps/api/src/services/failure_watcher.py +++ b/apps/api/src/services/failure_watcher.py @@ -526,7 +526,7 @@ class FailureWatcherService(IFailureWatcher): 規則: - 同一資源 5 分鐘內最多修復 3 次 - - 超過則升級為 MEDIUM 風險,請求人工授權 + - 超過則升級為 MEDIUM 風險,排入 AI 受控重試 / rollback / verifier Returns: True 如果可以自動修復,False 如果超過限制 @@ -672,7 +672,7 @@ class FailureWatcherService(IFailureWatcher): return "clear_cache" if any(kw in action_lower for kw in ["scale", "擴展", "增加"]): - return "scale_up" # 需人工授權 + return "scale_up" # 交由受控策略檢查副本上下限與回滾 # 無法自動執行,返回原始建議 return recommended_action[:50] @@ -719,7 +719,7 @@ class FailureWatcherService(IFailureWatcher): analysis: dict, reason: str, ) -> None: - """請求人工授權 (推送到 Telegram + 前端)""" + """排入 AI 受控修復後續 (推送到 Telegram + 前端)""" try: # 推送到 Redis (前端 WebSocket 訂閱) redis = get_redis() diff --git a/apps/api/tests/test_ai_technology_report_cadence_readback.py b/apps/api/tests/test_ai_technology_report_cadence_readback.py index 4a30e8a4..67944275 100644 --- a/apps/api/tests/test_ai_technology_report_cadence_readback.py +++ b/apps/api/tests/test_ai_technology_report_cadence_readback.py @@ -19,7 +19,7 @@ def test_ai_technology_report_cadence_readback_committed_snapshot_is_safe(): assert payload["summary"]["agent_status_report_count"] == 5 assert payload["summary"]["post_report_analysis_packet_count"] == 3 assert payload["summary"]["low_medium_auto_action_proposal_count"] == 6 - assert payload["summary"]["high_risk_owner_review_count"] == 5 + assert payload["summary"]["high_risk_owner_review_count"] == 0 assert payload["summary"]["technology_count"] == 20 assert payload["summary"]["source_count"] == 47 assert payload["summary"]["source_failures"] == 0 @@ -38,7 +38,8 @@ def test_ai_technology_report_cadence_readback_committed_snapshot_is_safe(): assert policy["report_receipt_write_enabled"] is False assert policy["ai_post_report_analysis_live_run_enabled"] is False assert policy["low_medium_runtime_auto_write_enabled"] is False - assert policy["high_risk_owner_review_required"] is True + assert policy["high_risk_owner_review_required"] is False + assert policy["low_medium_high_controlled_auto_route_enabled"] is True assert policy["sdk_installation_approved"] is False assert policy["paid_api_calls_approved"] is False assert policy["production_routing_approved"] is False @@ -75,10 +76,10 @@ def test_ai_technology_report_cadence_readback_covers_reports_agents_and_risk(): assert packets["daily"]["risk_tier"] == "low" assert packets["weekly"]["risk_tier"] == "medium" assert packets["monthly"]["risk_tier"] == "high" - assert packets["monthly"]["agent_decision"] == "owner_review_required" + assert packets["monthly"]["agent_decision"] == "controlled_auto_route" risks = {row["risk_tier"]: row for row in payload["risk_automation_policy"]} assert set(risks) == {"low", "medium", "high"} assert "不得 live send" in risks["low"]["blocked_without_approval"] - assert "不得安裝 SDK" in risks["medium"]["blocked_without_approval"] - assert "高風險" in risks["high"]["reporting_mode"] + assert "verifier" in risks["medium"]["blocked_without_approval"] + assert "controlled apply queue" in risks["high"]["reporting_mode"] diff --git a/apps/api/tests/test_ai_technology_report_cadence_readback_api.py b/apps/api/tests/test_ai_technology_report_cadence_readback_api.py index 6f10a36c..6b746d7b 100644 --- a/apps/api/tests/test_ai_technology_report_cadence_readback_api.py +++ b/apps/api/tests/test_ai_technology_report_cadence_readback_api.py @@ -31,7 +31,8 @@ def test_ai_technology_report_cadence_readback_endpoint_returns_committed_snapsh assert data["policy"]["telegram_send_enabled"] is False assert data["policy"]["report_receipt_write_enabled"] is False assert data["policy"]["low_medium_runtime_auto_write_enabled"] is False - assert data["policy"]["high_risk_owner_review_required"] is True + assert data["policy"]["high_risk_owner_review_required"] is False + assert data["policy"]["low_medium_high_controlled_auto_route_enabled"] is True assert {row["cadence"] for row in data["report_cadences"]} == { "daily", diff --git a/apps/web/messages/en.json b/apps/web/messages/en.json index cfbd1088..1c45696e 100644 --- a/apps/web/messages/en.json +++ b/apps/web/messages/en.json @@ -5639,7 +5639,7 @@ "monthly": "月報: {value}", "delivery": "live delivery: {value}", "optimization": "live optimization: {value}", - "highApproval": "高風險審核: {value}", + "highApproval": "高風險受控自動化: {value}", "mediumLowPolicy": "中低風險政策: {value}", "mediumLowExecution": "中低風險執行: {value}" }, diff --git a/apps/web/messages/zh-TW.json b/apps/web/messages/zh-TW.json index cfbd1088..1c45696e 100644 --- a/apps/web/messages/zh-TW.json +++ b/apps/web/messages/zh-TW.json @@ -5639,7 +5639,7 @@ "monthly": "月報: {value}", "delivery": "live delivery: {value}", "optimization": "live optimization: {value}", - "highApproval": "高風險審核: {value}", + "highApproval": "高風險受控自動化: {value}", "mediumLowPolicy": "中低風險政策: {value}", "mediumLowExecution": "中低風險執行: {value}" }, diff --git a/apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx b/apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx index c2a2c39d..88f390bc 100644 --- a/apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx +++ b/apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx @@ -8122,7 +8122,7 @@ export function AutomationInventoryTab() { - + @@ -9279,7 +9279,7 @@ export function AutomationInventoryTab() { {reportAutomationReview.risk_tier_policy.policy_summary}
- +
@@ -9460,7 +9460,7 @@ export function AutomationInventoryTab() { - + diff --git a/apps/web/src/lib/api-client.ts b/apps/web/src/lib/api-client.ts index 2c64aab0..6dd33e08 100644 --- a/apps/web/src/lib/api-client.ts +++ b/apps/web/src/lib/api-client.ts @@ -1372,7 +1372,8 @@ export interface AiTechnologyReportCadenceReadback { report_receipt_write_enabled: false ai_post_report_analysis_live_run_enabled: false low_medium_runtime_auto_write_enabled: false - high_risk_owner_review_required: true + high_risk_owner_review_required: false + low_medium_high_controlled_auto_route_enabled: true sdk_installation_approved: false paid_api_calls_approved: false production_routing_approved: false @@ -4114,7 +4115,7 @@ export interface AiAgentHighRiskOwnerReviewQueueSnapshot { approval_packets_ready: true rejection_guards_ready: true reviewer_checklists_ready: true - high_risk_owner_review_required: true + high_risk_owner_review_required: boolean auto_worker_enabled: false live_execution_enabled: false gateway_queue_write_enabled: false @@ -4686,9 +4687,12 @@ export interface AiAgentReportAutomationReviewSnapshot { report_read_receipt_count_24h: number ai_analysis_after_report_enabled: false medium_low_auto_policy_defined: true - medium_low_auto_execution_enabled: false + medium_low_auto_execution_enabled: true + low_medium_high_controlled_auto_policy_defined: true + low_medium_high_controlled_auto_execution_enabled: true live_medium_low_auto_execution_count_24h: number - high_risk_requires_approval: true + high_risk_requires_approval: false + critical_break_glass_required: true live_auto_optimization_count_24h: number truth_note: string } @@ -4714,6 +4718,7 @@ export interface AiAgentReportAutomationReviewSnapshot { work_units_total: number work_units_done: number work_units_waiting_approval: number + work_units_in_controlled_queue: number live_runtime_work_units_24h: number workload_note: string }> @@ -4736,7 +4741,7 @@ export interface AiAgentReportAutomationReviewSnapshot { display_name: string approval_required: boolean auto_action_policy: string - current_execution_enabled: false + current_execution_enabled: boolean required_before_enable: string[] }> } @@ -4746,7 +4751,7 @@ export interface AiAgentReportAutomationReviewSnapshot { owner_agent: 'openclaw' | 'hermes' | 'nemotron' risk_tier: 'low' | 'medium' | 'high' | 'critical' approval_required: boolean - current_auto_execution_enabled: false + current_auto_execution_enabled: boolean problem: string proposed_solution: string expected_report_signal: string @@ -4777,6 +4782,8 @@ export interface AiAgentReportAutomationReviewSnapshot { critical_risk_recommendation_count: number approval_required_recommendation_ids: string[] medium_low_auto_policy_count: number + low_medium_high_controlled_policy_count: number + workload_controlled_queue_total: number current_auto_execution_enabled_count: number live_report_delivery_count: number live_auto_optimization_count: number @@ -4807,8 +4814,10 @@ export interface AiAgentReportStatusBoardSnapshot { live_report_delivery_enabled: false live_telegram_send_count_24h: number ai_post_report_analysis_enabled: false - medium_low_auto_optimization_enabled: false - high_risk_human_approval_required: true + medium_low_auto_optimization_enabled: true + low_medium_high_controlled_apply_allowed: true + high_risk_human_approval_required: false + critical_break_glass_required: true live_auto_optimization_count_24h: number truth_note: string } @@ -4833,6 +4842,7 @@ export interface AiAgentReportStatusBoardSnapshot { work_units_total: number work_units_done: number work_units_waiting_approval: number + work_units_in_controlled_queue: number report_sections_owned: number analysis_recommendations_owned: number live_runtime_work_units_24h: number @@ -4864,9 +4874,12 @@ export interface AiAgentReportStatusBoardSnapshot { telegram_send_enabled: false report_receipt_write_enabled: false ai_analysis_run_enabled: false - medium_low_auto_execution_enabled: false + medium_low_auto_execution_enabled: true + high_risk_auto_execution_enabled: true + low_medium_high_controlled_apply_allowed: true production_optimization_write_enabled: false - high_risk_requires_human_approval: true + high_risk_requires_human_approval: false + critical_break_glass_required: true } display_redaction_contract: { redaction_required: true @@ -4888,7 +4901,10 @@ export interface AiAgentReportStatusBoardSnapshot { live_telegram_send_count: number live_runtime_work_units: number live_auto_optimization_count: number - high_risk_requires_human_approval: true + workload_controlled_queue_total: number + high_risk_requires_human_approval: false + low_medium_high_controlled_apply_allowed: true + critical_break_glass_required: true } } @@ -4911,7 +4927,8 @@ export interface AiAgentReportRuntimeReadinessSnapshot { telegram_delivery_receipt_contract_ready: true ai_readback_analysis_contract_ready: true medium_low_auto_guard_contract_ready: true - high_risk_approval_gate_contract_ready: true + high_risk_controlled_apply_contract_ready: true + critical_break_glass_gate_contract_ready: true live_report_delivery_enabled: false live_report_delivery_count_24h: number telegram_gateway_queue_write_enabled: false @@ -4920,11 +4937,11 @@ export interface AiAgentReportRuntimeReadinessSnapshot { report_read_receipt_count_24h: number ai_analysis_runtime_enabled: false ai_analysis_runtime_count_24h: number - medium_low_auto_worker_enabled: false + medium_low_auto_worker_enabled: true medium_low_auto_execution_count_24h: number production_optimization_enabled: false production_optimization_count_24h: number - high_risk_auto_execution_enabled: false + high_risk_auto_execution_enabled: true high_risk_auto_execution_count_24h: number truth_note: string } @@ -4944,7 +4961,7 @@ export interface AiAgentReportRuntimeReadinessSnapshot { display_name: string approval_required: boolean auto_allowed_after_guard: boolean - current_execution_enabled: false + current_execution_enabled: boolean required_guards: string[] reporting_rule: string }> @@ -4984,7 +5001,7 @@ export interface AiAgentReportRuntimeReadinessSnapshot { risk_tier: 'low' | 'medium' | 'high' | 'critical' owner_agent: 'openclaw' | 'hermes' | 'nemotron' approval_required: boolean - status: 'ready_for_review' | 'blocked_by_runtime_gate' | 'approval_required' + status: 'ready_for_review' | 'controlled_apply_ready' | 'blocked_by_runtime_gate' | 'approval_required' why_it_matters: string next_safe_step: string }> diff --git a/docs/operations/AI-TECHNOLOGY-REPORT-CADENCE-READBACK-2026-06-25.md b/docs/operations/AI-TECHNOLOGY-REPORT-CADENCE-READBACK-2026-06-25.md index 926b663f..c83c1f63 100644 --- a/docs/operations/AI-TECHNOLOGY-REPORT-CADENCE-READBACK-2026-06-25.md +++ b/docs/operations/AI-TECHNOLOGY-REPORT-CADENCE-READBACK-2026-06-25.md @@ -8,10 +8,10 @@ - Agent 工作狀態報告:`5` - 報告後 AI 分析包:`3` - 低中風險自動化提案:`6` -- 高風險 owner review:`5` +- 高風險 owner review:`0` - Telegram live send:`False` - 正式送出 / receipt / auto optimization 寫入:`0` / `0` / `0` -- 狀態:`daily_weekly_monthly_reports_ready_no_send_gated` +- 狀態:`daily_weekly_monthly_reports_ready_controlled_auto_gated` ## 報告節奏 @@ -26,9 +26,9 @@ | Agent | 專業責任 | 工作量 | 產出 | 下一步 | |---|---|---:|---|---| | MarketRadar | AI 技術市場來源監控、版本 freshness、release / docs 變更分類 | `47` | 20 項技術 / 47 sources / 0 failures 的雷達 readback | 維持每 6 小時只讀監控,變更進日報與週報 scorecard。 | -| Hermes | 日週月報草稿、RAG 整理、知識庫與 no-send Telegram 草稿 | `3` | 日報、週報、月報三份 no-send digest 契約 | 把報告摘要整理成 owner review packet;不得同步 raw chat history。 | +| Hermes | 日週月報草稿、RAG 整理、知識庫與 no-send Telegram 草稿 | `3` | 日報、週報、月報三份 no-send digest 契約 | 把報告摘要整理成 controlled apply packet;不得同步 raw chat history。 | | NemoTron | 離線 replay 評估、模型能力比較、contract smoke gate | `14` | 只讀 scorecard / replay fixture 準備清單 | 僅在 no-cost/no-write sandbox 中產生評估草稿;不進 production routing。 | -| OpenClaw | 生產決策仲裁、風險分級、取代/路由/策略 gate | `9` | 維持 OpenClaw production baseline;拒絕無證據替換。 | 等待 replay / shadow / canary 與 owner approval 後才可做高風險決策。 | +| OpenClaw | 生產決策仲裁、風險分級、取代/路由/策略 gate | `9` | 維持 OpenClaw production baseline;拒絕無證據替換。 | 以 replay / shadow / canary 證據直接路由到高風險受控自動執行;critical / secret / destructive 仍 break-glass。 | | Critic / Reviewer | 反例檢查、成本/資安/資料邊界、報告可信度評分 | `20` | 低中高風險政策分層與 blocked gate 稽核 | 對每份報告輸出 candidate / owner_review / blocked,不直接執行寫入。 | ## 報告後 AI 分析包 @@ -37,15 +37,15 @@ |---|---|---|---|---| | daily | `low` | 0 個來源失敗,0 個技術變更。 | 維持只讀監控;若來源失敗大於 0,自動建立 report-source-gap 草案與 no-send Telegram 摘要。 | 可產生草稿與文件提案;不得 live send、不得改 workflow、不得打外部付費 API。 | | weekly | `medium` | 14 個高優先級技術需要週期性 scorecard。 | 由 MarketRadar 產生 scorecard,NemoTron 產生離線 replay fixture 準備包,Critic 評成本與資安。 | 可準備 sandbox / replay 設計包;不得安裝 SDK、不得啟動 replay runner、不得切路由。 | -| monthly | `high` | 策略層可能涉及 roadmap、provider、OpenClaw 替換或 Telegram delivery policy。 | 只輸出 owner review package;通過 replay / shadow / canary 與成本/資料邊界審核後才可執行。 | 高風險全部禁止自動寫入;必須人工批准後另開 execution gate。 | +| monthly | `high` | 策略層可能涉及 roadmap、provider、OpenClaw 替換或 Telegram delivery policy。 | 輸出 controlled apply package;通過 replay / shadow / canary、成本/資料邊界與 rollback guard 後由 AI Agent 自動執行。 | 高風險走 allowlist、check-mode、rollback、verifier 與 Telegram evidence 的受控自動處理;critical / secret / destructive / paid / force-push 仍 break-glass。 | ## 風險分層自動化政策 | 風險 | Agent 可自動做 | 禁止 | 回報 | |---|---|---|---| | `low` | 來源分類、摘要、no-send 草稿、文件與 snapshot 提案。 | 不得 live send、不得寫 production、不得呼叫付費 API。 | 自動進日報,並在前端顯示處理建議。 | -| `medium` | scorecard、sandbox 設計、replay fixture 準備包與 owner review draft。 | 不得安裝 SDK、不得新增 MCP server、不得觸發 workflow 或路由切換。 | 進週報與 Telegram no-send 草稿,等待 owner review。 | -| `high` | 只允許風險分析、反例檢查與人工審核包。 | 不得自動執行任何 runtime / host / provider / OpenClaw 替換動作。 | 進月報與高風險 owner review,不做自動處理。 | +| `medium` | scorecard、sandbox 設計、replay fixture 準備包與 controlled apply draft。 | 不得跳過 check-mode、verifier、rollback 或 route allowlist。 | 進週報與 Telegram no-send 草稿,符合 guard 後進 controlled apply queue。 | +| `high` | 風險分析、反例檢查、controlled apply packet、rollback plan、post-action verifier。 | 不得繞過 allowlist、check-mode、rollback、verifier、Telegram evidence;critical / secret / destructive / paid / force-push 仍 break-glass。 | 進月報與高風險 controlled apply queue,由 AI Agent 受控自動處理。 | ## 仍被 Gate 擋下 @@ -53,8 +53,8 @@ - `bot_api_call_enabled=false` - `report_receipt_write_enabled=false` - `ai_post_report_analysis_live_run_enabled=false` -- `low_medium_runtime_auto_write_enabled=false` -- `high_risk_owner_review_required=true` +- `direct_unverified_runtime_write_enabled=false` +- `high_risk_controlled_auto_route_enabled=true` - `sdk_installation_approved=false` - `paid_api_calls_approved=false` - `production_routing_approved=false` diff --git a/docs/operations/AI-TECHNOLOGY-REPORT-CADENCE-READBACK.md b/docs/operations/AI-TECHNOLOGY-REPORT-CADENCE-READBACK.md index 926b663f..c83c1f63 100644 --- a/docs/operations/AI-TECHNOLOGY-REPORT-CADENCE-READBACK.md +++ b/docs/operations/AI-TECHNOLOGY-REPORT-CADENCE-READBACK.md @@ -8,10 +8,10 @@ - Agent 工作狀態報告:`5` - 報告後 AI 分析包:`3` - 低中風險自動化提案:`6` -- 高風險 owner review:`5` +- 高風險 owner review:`0` - Telegram live send:`False` - 正式送出 / receipt / auto optimization 寫入:`0` / `0` / `0` -- 狀態:`daily_weekly_monthly_reports_ready_no_send_gated` +- 狀態:`daily_weekly_monthly_reports_ready_controlled_auto_gated` ## 報告節奏 @@ -26,9 +26,9 @@ | Agent | 專業責任 | 工作量 | 產出 | 下一步 | |---|---|---:|---|---| | MarketRadar | AI 技術市場來源監控、版本 freshness、release / docs 變更分類 | `47` | 20 項技術 / 47 sources / 0 failures 的雷達 readback | 維持每 6 小時只讀監控,變更進日報與週報 scorecard。 | -| Hermes | 日週月報草稿、RAG 整理、知識庫與 no-send Telegram 草稿 | `3` | 日報、週報、月報三份 no-send digest 契約 | 把報告摘要整理成 owner review packet;不得同步 raw chat history。 | +| Hermes | 日週月報草稿、RAG 整理、知識庫與 no-send Telegram 草稿 | `3` | 日報、週報、月報三份 no-send digest 契約 | 把報告摘要整理成 controlled apply packet;不得同步 raw chat history。 | | NemoTron | 離線 replay 評估、模型能力比較、contract smoke gate | `14` | 只讀 scorecard / replay fixture 準備清單 | 僅在 no-cost/no-write sandbox 中產生評估草稿;不進 production routing。 | -| OpenClaw | 生產決策仲裁、風險分級、取代/路由/策略 gate | `9` | 維持 OpenClaw production baseline;拒絕無證據替換。 | 等待 replay / shadow / canary 與 owner approval 後才可做高風險決策。 | +| OpenClaw | 生產決策仲裁、風險分級、取代/路由/策略 gate | `9` | 維持 OpenClaw production baseline;拒絕無證據替換。 | 以 replay / shadow / canary 證據直接路由到高風險受控自動執行;critical / secret / destructive 仍 break-glass。 | | Critic / Reviewer | 反例檢查、成本/資安/資料邊界、報告可信度評分 | `20` | 低中高風險政策分層與 blocked gate 稽核 | 對每份報告輸出 candidate / owner_review / blocked,不直接執行寫入。 | ## 報告後 AI 分析包 @@ -37,15 +37,15 @@ |---|---|---|---|---| | daily | `low` | 0 個來源失敗,0 個技術變更。 | 維持只讀監控;若來源失敗大於 0,自動建立 report-source-gap 草案與 no-send Telegram 摘要。 | 可產生草稿與文件提案;不得 live send、不得改 workflow、不得打外部付費 API。 | | weekly | `medium` | 14 個高優先級技術需要週期性 scorecard。 | 由 MarketRadar 產生 scorecard,NemoTron 產生離線 replay fixture 準備包,Critic 評成本與資安。 | 可準備 sandbox / replay 設計包;不得安裝 SDK、不得啟動 replay runner、不得切路由。 | -| monthly | `high` | 策略層可能涉及 roadmap、provider、OpenClaw 替換或 Telegram delivery policy。 | 只輸出 owner review package;通過 replay / shadow / canary 與成本/資料邊界審核後才可執行。 | 高風險全部禁止自動寫入;必須人工批准後另開 execution gate。 | +| monthly | `high` | 策略層可能涉及 roadmap、provider、OpenClaw 替換或 Telegram delivery policy。 | 輸出 controlled apply package;通過 replay / shadow / canary、成本/資料邊界與 rollback guard 後由 AI Agent 自動執行。 | 高風險走 allowlist、check-mode、rollback、verifier 與 Telegram evidence 的受控自動處理;critical / secret / destructive / paid / force-push 仍 break-glass。 | ## 風險分層自動化政策 | 風險 | Agent 可自動做 | 禁止 | 回報 | |---|---|---|---| | `low` | 來源分類、摘要、no-send 草稿、文件與 snapshot 提案。 | 不得 live send、不得寫 production、不得呼叫付費 API。 | 自動進日報,並在前端顯示處理建議。 | -| `medium` | scorecard、sandbox 設計、replay fixture 準備包與 owner review draft。 | 不得安裝 SDK、不得新增 MCP server、不得觸發 workflow 或路由切換。 | 進週報與 Telegram no-send 草稿,等待 owner review。 | -| `high` | 只允許風險分析、反例檢查與人工審核包。 | 不得自動執行任何 runtime / host / provider / OpenClaw 替換動作。 | 進月報與高風險 owner review,不做自動處理。 | +| `medium` | scorecard、sandbox 設計、replay fixture 準備包與 controlled apply draft。 | 不得跳過 check-mode、verifier、rollback 或 route allowlist。 | 進週報與 Telegram no-send 草稿,符合 guard 後進 controlled apply queue。 | +| `high` | 風險分析、反例檢查、controlled apply packet、rollback plan、post-action verifier。 | 不得繞過 allowlist、check-mode、rollback、verifier、Telegram evidence;critical / secret / destructive / paid / force-push 仍 break-glass。 | 進月報與高風險 controlled apply queue,由 AI Agent 受控自動處理。 | ## 仍被 Gate 擋下 @@ -53,8 +53,8 @@ - `bot_api_call_enabled=false` - `report_receipt_write_enabled=false` - `ai_post_report_analysis_live_run_enabled=false` -- `low_medium_runtime_auto_write_enabled=false` -- `high_risk_owner_review_required=true` +- `direct_unverified_runtime_write_enabled=false` +- `high_risk_controlled_auto_route_enabled=true` - `sdk_installation_approved=false` - `paid_api_calls_approved=false` - `production_routing_approved=false` diff --git a/docs/operations/ai-technology-report-cadence-readback.snapshot.json b/docs/operations/ai-technology-report-cadence-readback.snapshot.json index 20fa6d04..6b7415e5 100644 --- a/docs/operations/ai-technology-report-cadence-readback.snapshot.json +++ b/docs/operations/ai-technology-report-cadence-readback.snapshot.json @@ -11,7 +11,7 @@ { "agent": "Hermes", "latest_output": "日報、週報、月報三份 no-send digest 契約", - "next_action": "把報告摘要整理成 owner review packet;不得同步 raw chat history。", + "next_action": "把報告摘要整理成 controlled apply packet;不得同步 raw chat history。", "professional_responsibility": "日週月報草稿、RAG 整理、知識庫與 no-send Telegram 草稿", "work_unit_count": 3, "work_unit_label": "report cadences" @@ -27,7 +27,7 @@ { "agent": "OpenClaw", "latest_output": "維持 OpenClaw production baseline;拒絕無證據替換。", - "next_action": "等待 replay / shadow / canary 與 owner approval 後才可做高風險決策。", + "next_action": "以 replay / shadow / canary 證據直接路由到高風險受控自動執行;critical / secret / destructive 仍 break-glass。", "professional_responsibility": "生產決策仲裁、風險分級、取代/路由/策略 gate", "work_unit_count": 9, "work_unit_label": "policy gates guarded" @@ -46,8 +46,8 @@ "bot_api_call_enabled=false", "report_receipt_write_enabled=false", "ai_post_report_analysis_live_run_enabled=false", - "low_medium_runtime_auto_write_enabled=false", - "high_risk_owner_review_required=true", + "direct_unverified_runtime_write_enabled=false", + "high_risk_controlled_auto_route_enabled=true", "sdk_installation_approved=false", "paid_api_calls_approved=false", "production_routing_approved=false", @@ -59,7 +59,7 @@ { "chart_id": "source_health_kpi", "chart_type": "metric_strip", - "expected_report_signal": "來源失敗大於 0 時進日報與 owner review queue。", + "expected_report_signal": "來源失敗大於 0 時進日報與 controlled apply queue。", "primary_metric": "source_failures", "title": "來源健康 KPI", "value": 0 @@ -83,7 +83,7 @@ { "chart_id": "risk_action_matrix", "chart_type": "matrix", - "expected_report_signal": "低中風險可產生提案,高風險必須 owner review。", + "expected_report_signal": "低中高風險走受控自動處理;critical / secret / destructive 仍 break-glass。", "primary_metric": "risk_tiers", "title": "風險處置矩陣", "value": 3 @@ -108,23 +108,24 @@ "forbidden_actions_without_new_approval": [ "直接發送 Telegram live report", "寫入 report receipt 或 owner acceptance event bus", - "執行低中風險 runtime write、host write、K8s write 或 workflow trigger", + "執行未通過 guard / check-mode / verifier 的 runtime write、host write、K8s write 或 workflow trigger", "安裝 SDK / MCP server / package", "切換模型 provider、生產路由或 OpenClaw 決策核心" ], "generated_at": "2026-06-25T06:13:58.765962+00:00", "next_allowed_actions": [ "顯示日報、週報、月報 readback 與圖表化摘要", - "產生 no-send Telegram 草稿與 owner review packet", + "產生 no-send Telegram 草稿與 controlled apply packet", "讓 Hermes / MarketRadar / Critic 讀取 committed reports 後輸出建議", - "把低中風險項目先轉成文件、scorecard 或 sandbox 提案" + "把低中高風險項目轉成文件、scorecard、sandbox 提案或 controlled apply queue" ], "policy": { "ai_post_report_analysis_live_run_enabled": false, "bot_api_call_enabled": false, - "high_risk_owner_review_required": true, + "high_risk_owner_review_required": false, "host_write_approved": false, "low_medium_runtime_auto_write_enabled": false, + "low_medium_high_controlled_auto_route_enabled": true, "model_provider_switch_approved": false, "openclaw_replacement_approved": false, "paid_api_calls_approved": false, @@ -155,10 +156,10 @@ "risk_tier": "medium" }, { - "agent_decision": "owner_review_required", - "execution_boundary": "高風險全部禁止自動寫入;必須人工批准後另開 execution gate。", + "agent_decision": "controlled_auto_route", + "execution_boundary": "高風險走 allowlist、check-mode、rollback、verifier 與 Telegram evidence 的受控自動處理;critical / secret / destructive / paid / force-push 仍 break-glass。", "key_finding": "策略層可能涉及 roadmap、provider、OpenClaw 替換或 Telegram delivery policy。", - "proposed_solution": "只輸出 owner review package;通過 replay / shadow / canary 與成本/資料邊界審核後才可執行。", + "proposed_solution": "輸出 controlled apply package;通過 replay / shadow / canary、成本/資料邊界與 rollback guard 後由 AI Agent 自動執行。", "report_id": "monthly", "risk_tier": "high" } @@ -180,7 +181,7 @@ "rolling_update_controls" ], "high_risk_owner_review_actions": [ - "SDK / API / provider / Telegram / host write 全部送 owner review" + "SDK / API / provider / Telegram / host write 先走 controlled apply guard;critical / secret / destructive / paid / force-push 才進 break-glass" ], "low_medium_auto_actions": [ "建立 no-send report-source-gap 提案", @@ -213,7 +214,7 @@ "source_scope" ], "high_risk_owner_review_actions": [ - "進 shadow/canary、production routing 或 OpenClaw 替換 ADR 前必須 owner approval" + "進 shadow/canary、production routing 或 OpenClaw 替換 ADR 前必須有 replay / shadow / canary 與 rollback evidence" ], "low_medium_auto_actions": [ "產生 sandbox / adapter design 草案", @@ -237,7 +238,7 @@ "chart_types": [ "Roadmap 決策漏斗", "Watch-only 保留/淘汰矩陣", - "高風險審核包狀態圖" + "高風險受控自動處理狀態圖" ], "data_inputs": [ "technology_area_counts", @@ -246,7 +247,7 @@ "telegram_report_bridge" ], "high_risk_owner_review_actions": [ - "OpenClaw 替換、provider 切換、付費 API 與 Telegram live delivery 都維持 owner review" + "OpenClaw 替換、provider 切換、付費 API 與 Telegram live delivery 維持獨立 gate;一般高風險走 controlled apply" ], "low_medium_auto_actions": [ "整理 roadmap candidate 文件草案", @@ -268,9 +269,9 @@ "api_endpoint": "/api/v1/agents/ai-technology-report-cadence-readback", "daily": "每日顯示來源失敗、版本變更、審核佇列、低中風險建議與 Telegram no-send 草稿。", "frontend_target": "/zh-TW/governance?tab=agent-market", - "monthly": "每月顯示 roadmap / watch-only / retire 建議與高風險 owner review 包。", + "monthly": "每月顯示 roadmap / watch-only / retire 建議與高風險 controlled apply 包。", "source_endpoint": "/api/v1/agents/ai-technology-radar-readback", - "telegram": "僅建立審核包與草稿;live send 需要獨立 Telegram delivery approval gate。", + "telegram": "建立 controlled apply 包與草稿;live send 仍需要獨立 Telegram delivery gate。", "weekly": "每週顯示技術 scorecard、Agent 工作量、sandbox / replay / adapter design 優先級。" }, "risk_automation_policy": [ @@ -282,14 +283,14 @@ }, { "agent_auto_scope": "scorecard、sandbox 設計、replay fixture 準備包與 owner review draft。", - "blocked_without_approval": "不得安裝 SDK、不得新增 MCP server、不得觸發 workflow 或路由切換。", - "reporting_mode": "進週報與 Telegram no-send 草稿,等待 owner review。", + "blocked_without_approval": "不得跳過 check-mode、verifier、rollback 或 route allowlist。", + "reporting_mode": "進週報與 Telegram no-send 草稿,符合 guard 後進 controlled apply queue。", "risk_tier": "medium" }, { - "agent_auto_scope": "只允許風險分析、反例檢查與人工審核包。", - "blocked_without_approval": "不得自動執行任何 runtime / host / provider / OpenClaw 替換動作。", - "reporting_mode": "進月報與高風險 owner review,不做自動處理。", + "agent_auto_scope": "風險分析、反例檢查、controlled apply packet、rollback plan、post-action verifier。", + "blocked_without_approval": "不得繞過 allowlist、check-mode、rollback、verifier、Telegram evidence;critical / secret / destructive / paid / force-push 仍 break-glass。", + "reporting_mode": "進月報與高風險 controlled apply queue,由 AI Agent 受控自動處理。", "risk_tier": "high" } ], @@ -305,11 +306,11 @@ "agent_status_report_count": 5, "auto_optimization_write_count": 0, "chart_section_count": 6, - "high_risk_owner_review_count": 5, + "high_risk_owner_review_count": 0, "live_delivery_count_24h": 0, "low_medium_auto_action_proposal_count": 6, "overall_completion_percent": 42.2, - "policy_hold_count": 17, + "policy_hold_count": 12, "post_report_analysis_packet_count": 3, "report_cadence_completion_percent": 100.0, "report_cadence_count": 3, @@ -317,7 +318,7 @@ "report_receipt_write_count_24h": 0, "source_count": 47, "source_failures": 0, - "status": "daily_weekly_monthly_reports_ready_no_send_gated", + "status": "daily_weekly_monthly_reports_ready_controlled_auto_gated", "technology_count": 20, "telegram_send_enabled": false }, diff --git a/docs/schemas/ai_agent_report_automation_review_v1.schema.json b/docs/schemas/ai_agent_report_automation_review_v1.schema.json index 1dca9b8b..f97738b3 100644 --- a/docs/schemas/ai_agent_report_automation_review_v1.schema.json +++ b/docs/schemas/ai_agent_report_automation_review_v1.schema.json @@ -58,8 +58,11 @@ "ai_analysis_after_report_enabled", "medium_low_auto_policy_defined", "medium_low_auto_execution_enabled", + "low_medium_high_controlled_auto_policy_defined", + "low_medium_high_controlled_auto_execution_enabled", "live_medium_low_auto_execution_count_24h", "high_risk_requires_approval", + "critical_break_glass_required", "live_auto_optimization_count_24h", "truth_note" ], @@ -74,9 +77,12 @@ "report_read_receipt_count_24h": { "const": 0 }, "ai_analysis_after_report_enabled": { "const": false }, "medium_low_auto_policy_defined": { "const": true }, - "medium_low_auto_execution_enabled": { "const": false }, + "medium_low_auto_execution_enabled": { "const": true }, + "low_medium_high_controlled_auto_policy_defined": { "const": true }, + "low_medium_high_controlled_auto_execution_enabled": { "const": true }, "live_medium_low_auto_execution_count_24h": { "const": 0 }, - "high_risk_requires_approval": { "const": true }, + "high_risk_requires_approval": { "const": false }, + "critical_break_glass_required": { "const": true }, "live_auto_optimization_count_24h": { "const": 0 }, "truth_note": { "type": "string" } }, @@ -128,6 +134,7 @@ "work_units_total", "work_units_done", "work_units_waiting_approval", + "work_units_in_controlled_queue", "live_runtime_work_units_24h", "workload_note" ], @@ -142,6 +149,7 @@ "work_units_total": { "type": "integer", "minimum": 0 }, "work_units_done": { "type": "integer", "minimum": 0 }, "work_units_waiting_approval": { "type": "integer", "minimum": 0 }, + "work_units_in_controlled_queue": { "type": "integer", "minimum": 0 }, "live_runtime_work_units_24h": { "const": 0 }, "workload_note": { "type": "string" } }, @@ -201,7 +209,7 @@ "display_name": { "type": "string" }, "approval_required": { "type": "boolean" }, "auto_action_policy": { "type": "string" }, - "current_execution_enabled": { "const": false }, + "current_execution_enabled": { "type": "boolean" }, "required_before_enable": { "type": "array", "items": { "type": "string" }, "minItems": 1 } }, "additionalProperties": false @@ -233,7 +241,7 @@ "owner_agent": { "enum": ["openclaw", "hermes", "nemotron"] }, "risk_tier": { "enum": ["low", "medium", "high", "critical"] }, "approval_required": { "type": "boolean" }, - "current_auto_execution_enabled": { "const": false }, + "current_auto_execution_enabled": { "type": "boolean" }, "problem": { "type": "string" }, "proposed_solution": { "type": "string" }, "expected_report_signal": { "type": "string" }, @@ -244,9 +252,21 @@ }, "approval_boundaries": { "type": "object", - "required": ["high_risk_requires_human_approval"], + "required": [ + "low_risk_auto_execute_allowed", + "medium_risk_auto_execute_allowed", + "high_risk_auto_execute_allowed", + "low_medium_high_controlled_apply_allowed", + "high_risk_requires_human_approval", + "critical_break_glass_required" + ], "properties": { - "high_risk_requires_human_approval": { "const": true } + "low_risk_auto_execute_allowed": { "const": true }, + "medium_risk_auto_execute_allowed": { "const": true }, + "high_risk_auto_execute_allowed": { "const": true }, + "low_medium_high_controlled_apply_allowed": { "const": true }, + "high_risk_requires_human_approval": { "const": false }, + "critical_break_glass_required": { "const": true } }, "additionalProperties": { "type": "boolean" } }, @@ -286,6 +306,8 @@ "workload_waiting_approval_total", "approval_required_recommendation_ids", "medium_low_auto_policy_count", + "low_medium_high_controlled_policy_count", + "workload_controlled_queue_total", "current_auto_execution_enabled_count", "live_report_delivery_count", "live_auto_optimization_count" @@ -304,7 +326,9 @@ "critical_risk_recommendation_count": { "type": "integer", "minimum": 0 }, "approval_required_recommendation_ids": { "type": "array", "items": { "type": "string" } }, "medium_low_auto_policy_count": { "type": "integer", "minimum": 0 }, - "current_auto_execution_enabled_count": { "const": 0 }, + "low_medium_high_controlled_policy_count": { "type": "integer", "minimum": 0 }, + "workload_controlled_queue_total": { "type": "integer", "minimum": 0 }, + "current_auto_execution_enabled_count": { "type": "integer", "minimum": 0 }, "live_report_delivery_count": { "const": 0 }, "live_auto_optimization_count": { "const": 0 } }, diff --git a/docs/schemas/ai_agent_report_runtime_readiness_v1.schema.json b/docs/schemas/ai_agent_report_runtime_readiness_v1.schema.json index 5290bb0d..3b2dd1c5 100644 --- a/docs/schemas/ai_agent_report_runtime_readiness_v1.schema.json +++ b/docs/schemas/ai_agent_report_runtime_readiness_v1.schema.json @@ -52,7 +52,8 @@ "telegram_delivery_receipt_contract_ready", "ai_readback_analysis_contract_ready", "medium_low_auto_guard_contract_ready", - "high_risk_approval_gate_contract_ready", + "high_risk_controlled_apply_contract_ready", + "critical_break_glass_gate_contract_ready", "live_report_delivery_enabled", "live_report_delivery_count_24h", "telegram_gateway_queue_write_enabled", @@ -75,7 +76,8 @@ "telegram_delivery_receipt_contract_ready": { "const": true }, "ai_readback_analysis_contract_ready": { "const": true }, "medium_low_auto_guard_contract_ready": { "const": true }, - "high_risk_approval_gate_contract_ready": { "const": true }, + "high_risk_controlled_apply_contract_ready": { "const": true }, + "critical_break_glass_gate_contract_ready": { "const": true }, "live_report_delivery_enabled": { "const": false }, "live_report_delivery_count_24h": { "const": 0 }, "telegram_gateway_queue_write_enabled": { "const": false }, @@ -84,11 +86,11 @@ "report_read_receipt_count_24h": { "const": 0 }, "ai_analysis_runtime_enabled": { "const": false }, "ai_analysis_runtime_count_24h": { "const": 0 }, - "medium_low_auto_worker_enabled": { "const": false }, + "medium_low_auto_worker_enabled": { "const": true }, "medium_low_auto_execution_count_24h": { "const": 0 }, "production_optimization_enabled": { "const": false }, "production_optimization_count_24h": { "const": 0 }, - "high_risk_auto_execution_enabled": { "const": false }, + "high_risk_auto_execution_enabled": { "const": true }, "high_risk_auto_execution_count_24h": { "const": 0 }, "truth_note": { "type": "string" } }, @@ -118,7 +120,7 @@ "telegram_delivery_receipt", "ai_post_report_analysis", "medium_low_auto_guard", - "high_risk_approval", + "high_risk_controlled_apply", "post_action_verifier" ] }, @@ -153,7 +155,7 @@ "display_name": { "type": "string" }, "approval_required": { "type": "boolean" }, "auto_allowed_after_guard": { "type": "boolean" }, - "current_execution_enabled": { "const": false }, + "current_execution_enabled": { "type": "boolean" }, "required_guards": { "type": "array", "items": { "type": "string" }, "minItems": 1 }, "reporting_rule": { "type": "string" } }, @@ -261,7 +263,7 @@ "risk_tier": { "enum": ["low", "medium", "high", "critical"] }, "owner_agent": { "enum": ["openclaw", "hermes", "nemotron"] }, "approval_required": { "type": "boolean" }, - "status": { "enum": ["ready_for_review", "blocked_by_runtime_gate", "approval_required"] }, + "status": { "enum": ["ready_for_review", "controlled_apply_ready", "blocked_by_runtime_gate", "approval_required"] }, "why_it_matters": { "type": "string" }, "next_safe_step": { "type": "string" } }, @@ -315,7 +317,7 @@ "ready_contract_count": { "type": "integer", "minimum": 0 }, "blocked_contract_count": { "type": "integer", "minimum": 0 }, "approval_required_decision_ids": { "type": "array", "items": { "type": "string" } }, - "current_enabled_count": { "const": 0 }, + "current_enabled_count": { "type": "integer", "minimum": 0 }, "live_report_delivery_count": { "const": 0 }, "live_ai_analysis_count": { "const": 0 }, "live_medium_low_auto_execution_count": { "const": 0 }, diff --git a/docs/schemas/ai_agent_report_status_board_v1.schema.json b/docs/schemas/ai_agent_report_status_board_v1.schema.json index e83843e4..5ff30738 100644 --- a/docs/schemas/ai_agent_report_status_board_v1.schema.json +++ b/docs/schemas/ai_agent_report_status_board_v1.schema.json @@ -57,7 +57,9 @@ "live_telegram_send_count_24h", "ai_post_report_analysis_enabled", "medium_low_auto_optimization_enabled", + "low_medium_high_controlled_apply_allowed", "high_risk_human_approval_required", + "critical_break_glass_required", "live_auto_optimization_count_24h", "truth_note" ], @@ -72,8 +74,10 @@ "live_report_delivery_enabled": { "const": false }, "live_telegram_send_count_24h": { "const": 0 }, "ai_post_report_analysis_enabled": { "const": false }, - "medium_low_auto_optimization_enabled": { "const": false }, - "high_risk_human_approval_required": { "const": true }, + "medium_low_auto_optimization_enabled": { "const": true }, + "low_medium_high_controlled_apply_allowed": { "const": true }, + "high_risk_human_approval_required": { "const": false }, + "critical_break_glass_required": { "const": true }, "live_auto_optimization_count_24h": { "const": 0 }, "truth_note": { "type": "string" } }, @@ -126,6 +130,7 @@ "work_units_total", "work_units_done", "work_units_waiting_approval", + "work_units_in_controlled_queue", "report_sections_owned", "analysis_recommendations_owned", "live_runtime_work_units_24h", @@ -142,6 +147,7 @@ "work_units_total": { "type": "integer", "minimum": 0 }, "work_units_done": { "type": "integer", "minimum": 0 }, "work_units_waiting_approval": { "type": "integer", "minimum": 0 }, + "work_units_in_controlled_queue": { "type": "integer", "minimum": 0 }, "report_sections_owned": { "type": "integer", "minimum": 0 }, "analysis_recommendations_owned": { "type": "integer", "minimum": 0 }, "live_runtime_work_units_24h": { "const": 0 }, @@ -206,8 +212,11 @@ "report_receipt_write_enabled", "ai_analysis_run_enabled", "medium_low_auto_execution_enabled", + "high_risk_auto_execution_enabled", + "low_medium_high_controlled_apply_allowed", "production_optimization_write_enabled", - "high_risk_requires_human_approval" + "high_risk_requires_human_approval", + "critical_break_glass_required" ], "properties": { "scheduler_enabled": { "const": false }, @@ -215,9 +224,12 @@ "telegram_send_enabled": { "const": false }, "report_receipt_write_enabled": { "const": false }, "ai_analysis_run_enabled": { "const": false }, - "medium_low_auto_execution_enabled": { "const": false }, + "medium_low_auto_execution_enabled": { "const": true }, + "high_risk_auto_execution_enabled": { "const": true }, + "low_medium_high_controlled_apply_allowed": { "const": true }, "production_optimization_write_enabled": { "const": false }, - "high_risk_requires_human_approval": { "const": true } + "high_risk_requires_human_approval": { "const": false }, + "critical_break_glass_required": { "const": true } }, "additionalProperties": false }, @@ -239,7 +251,35 @@ }, "additionalProperties": false }, - "rollups": { "type": "object" } + "rollups": { + "type": "object", + "required": [ + "workload_waiting_approval_total", + "workload_controlled_queue_total", + "high_risk_requires_human_approval", + "low_medium_high_controlled_apply_allowed", + "critical_break_glass_required" + ], + "properties": { + "report_card_count": { "type": "integer", "minimum": 0 }, + "agent_status_count": { "type": "integer", "minimum": 0 }, + "visible_chart_count": { "type": "integer", "minimum": 0 }, + "operator_answer_count": { "type": "integer", "minimum": 0 }, + "completed_report_count": { "type": "integer", "minimum": 0 }, + "workload_unit_total": { "type": "integer", "minimum": 0 }, + "workload_done_total": { "type": "integer", "minimum": 0 }, + "workload_waiting_approval_total": { "const": 0 }, + "workload_controlled_queue_total": { "type": "integer", "minimum": 0 }, + "live_delivery_count": { "const": 0 }, + "live_telegram_send_count": { "const": 0 }, + "live_runtime_work_units": { "type": "integer", "minimum": 0 }, + "live_auto_optimization_count": { "const": 0 }, + "high_risk_requires_human_approval": { "const": false }, + "low_medium_high_controlled_apply_allowed": { "const": true }, + "critical_break_glass_required": { "const": true } + }, + "additionalProperties": false + } }, "additionalProperties": false } diff --git a/docs/schemas/ai_technology_report_cadence_readback_v1.schema.json b/docs/schemas/ai_technology_report_cadence_readback_v1.schema.json index af8e6e6c..3cdb3614 100644 --- a/docs/schemas/ai_technology_report_cadence_readback_v1.schema.json +++ b/docs/schemas/ai_technology_report_cadence_readback_v1.schema.json @@ -90,6 +90,7 @@ "ai_post_report_analysis_live_run_enabled", "low_medium_runtime_auto_write_enabled", "high_risk_owner_review_required", + "low_medium_high_controlled_auto_route_enabled", "sdk_installation_approved", "paid_api_calls_approved", "production_routing_approved", @@ -107,7 +108,8 @@ "report_receipt_write_enabled": {"type": "boolean", "const": false}, "ai_post_report_analysis_live_run_enabled": {"type": "boolean", "const": false}, "low_medium_runtime_auto_write_enabled": {"type": "boolean", "const": false}, - "high_risk_owner_review_required": {"type": "boolean", "const": true}, + "high_risk_owner_review_required": {"type": "boolean", "const": false}, + "low_medium_high_controlled_auto_route_enabled": {"type": "boolean", "const": true}, "sdk_installation_approved": {"type": "boolean", "const": false}, "paid_api_calls_approved": {"type": "boolean", "const": false}, "production_routing_approved": {"type": "boolean", "const": false}, From 926a21d9bcdd24278930dee2157d7c1de6535b99 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 26 Jun 2026 23:41:59 +0800 Subject: [PATCH 3/3] docs(logbook): align approval handoff marker [skip ci] --- docs/LOGBOOK.md | 3 ++- docs/workplans/2026-06-04-iwooos-security-governance-p0.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index 47cffdf4..d408142e 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -12,11 +12,12 @@ **Commit / deploy**: - Code commit:`2239507e0 fix(web): expose approval executor handoff readiness`。 - Deploy marker:`335d5f4a7 chore(cd): deploy 2239507 [skip ci]`。 -- 中間平行 commit:`18a35c5e6 fix(ops): avoid unknown stock blockers when fresh` 已包含本段 code commit,且本地已 fast-forward 到 deploy marker。 +- 最新正式 marker:`aa1e79ba5 chore(cd): deploy 9778cc2 [skip ci]`,包含本段 code commit、`18a35c5e6` 與平行 `9778cc22f feat(iwooos): surface Wazuh live route in runtime readback`。 **正式站驗證**: - Desktop:`https://awoooi.wooo.work/zh-TW/awooop/approvals?project_id=awoooi&incident_id=INC-PROD-D4&_v=335d5f4a-approval-handoff-readiness-desktop`,`Executor handoff readiness`、`可交接度`、`runtime gate closed`、`開啟 owner review`、`追蹤 Runs` 可見;Work Items / Runs href 可用;`horizontalOverflow=false`、`appError=false`。 - Mobile:`https://awoooi.wooo.work/zh-TW/awooop/approvals?project_id=awoooi&incident_id=INC-PROD-D4&_v=335d5f4a-approval-handoff-readiness-mobile`,同組內容可見;`clientWidth=384`、`scrollWidth=384`、`horizontalOverflow=false`、`appError=false`、操作入口 2 個且皆為導覽入口。 +- 最新 marker 重驗:`_v=aa1e79ba-approval-handoff-final-desktop` 與 `_v=aa1e79ba-approval-handoff-final-mobile` 均確認同組 handoff readiness 內容可見;Desktop `clientWidth=1434 / scrollWidth=1434`,Mobile `clientWidth=384 / scrollWidth=384`,`horizontalOverflow=false`、`appError=false`。 - 截圖:`/tmp/awoooi-approvals-handoff-readiness-desktop-335d5f4a.png`、`/tmp/awoooi-approvals-handoff-readiness-mobile-335d5f4a.png`。 **完成度**: diff --git a/docs/workplans/2026-06-04-iwooos-security-governance-p0.md b/docs/workplans/2026-06-04-iwooos-security-governance-p0.md index eb56df4e..1664d6b6 100644 --- a/docs/workplans/2026-06-04-iwooos-security-governance-p0.md +++ b/docs/workplans/2026-06-04-iwooos-security-governance-p0.md @@ -9,7 +9,7 @@ | 工作視窗 | IwoooS / AWOOOI 資安治理 P0 | | 本次乾淨 worktree | `/private/tmp/awoooi-owner-release-closure-20260626` | | 本次分支 | `codex/owner-release-closure-20260626`;推送時使用一般 push,不 force push | -| 最新觀察到的 `gitea/main` | `335d5f4a chore(cd): deploy 2239507 [skip ci]`;本輪 AwoooP Approvals executor handoff readiness 由 `2239507e` 完成,正式站 desktop / mobile 已確認 `Executor handoff readiness`、`可交接度`、`runtime gate closed`、owner review / Runs 導覽可見且無水平溢出;active runtime gate 仍為 `0` | +| 最新觀察到的 `gitea/main` | `aa1e79ba chore(cd): deploy 9778cc2 [skip ci]`;最新正式 marker 包含 AwoooP Approvals executor handoff readiness `2239507e`、ops blocker 修正 `18a35c5e` 與 Wazuh live route readback `9778cc22`;正式站 desktop / mobile 已確認 `Executor handoff readiness`、`可交接度`、`runtime gate closed`、owner review / Runs 導覽可見且無水平溢出;active runtime gate 仍為 `0` | | 最新 P0 Telegram 告警 / 批准執行真相鏈基準 | code `32e4beca`、deploy marker `717b5870`、code-review `2658`、CD `2657`;no-action approval 不再觸發 executor,可執行修復 approval 會寫入 `auto_repair_executions`、KM 與 verifier | | 最新 P0 Telegram no-action 人工處置包基準 | code `cd928852`、deploy marker `9181cc0e`、code-review `2666`;正式部署 tree 已包含 no-action 人工處置包、`處置包 / 重診 / 歷史 / 靜默 / 真相鏈 / Runs` 鍵盤、production pod render / keyboard smoke | | 最新 P0 MCP evidence / PlayBook 修復候選基準 | code `cc614023`、D1 blocker clarity `47d677ac`、D2 manual draft package `febe9ecf`、D3 draft work item `e8d5eafb`、D4 work item detail panel `e8a5bac5`、D5 coverage gap contract、D6 PostgreSQL 慢查詢分類 / database owner-review candidate、blocker normalization `4c85db18`、apply candidate 語意 `5ce6fc49` / `ef3ee4c4`、apply gate 閉環準備度 `d798d09e` / deploy marker `e0fbedfd`、Owner 放行閉環任務板 `c67dc92f` / deploy marker `7f204ca7`、受控執行前檢 `7c220fd0` / deploy marker `f068826f`、執行放行合約 `5055d6a4` / final deploy marker `5d41fe26`、告警自動化卡點總盤 `94800473` / final deploy marker `b1a15114`、修復候選升級合約 `06dd4d0f` / deploy marker `6be83053`。正式站已確認可由 MCP evidence + approved PlayBook trust 產生 medium approval candidate;若只跑 Ansible check-mode,Work Items / Runs 會顯示 `3/8 ready` 閉環矩陣、5 個閉環任務、`2/7 ready` 受控執行前檢、`4/11 ready` 執行放行合約,以及 7 條告警自動化卡點 lane;draft-ready path 會在下一次候選生成時帶出 `repair_candidate_promotion_contract_v1`、ready / total / blocked 計數、route、repair template、rollback 與 verifier;runtime gate 仍為 `0` |