feat(auto-execute): CS3 alertmanager AI path 高信心自動執行(修法3擴展)
All checks were successful
CD Pipeline / build-and-deploy (push) Successful in 9m41s

- CS3(alertmanager AI path)補入與 CS1 相同的 5 safety gate 自動執行邏輯
  - confidence >= 0.85 + !CRITICAL + kubectl非空 + !NO_ACTION + !DESTRUCTIVE
  - 使用 _cs3_destr_patterns(from auto_approve)做破壞性指令攔截
  - 例外包覆 try/except,不影響主流程
- 新增 test_cs3_auto_execute.py,9 tests 全通過
- CS4(LLM fallback)action=OBSERVE/confidence=0.0 → 不需要 auto-execute,維持現狀

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Your Name
2026-04-27 19:46:56 +08:00
parent d0c24275d6
commit a0502b778e
2 changed files with 155 additions and 0 deletions

View File

@@ -1575,6 +1575,40 @@ async def _process_new_alert_background(
except Exception as _shadow_err_cs3:
logger.warning("shadow_auto_approve_failed", error=str(_shadow_err_cs3))
# 2026-04-27 Claude Sonnet 4.6: CS3 LLM 高信心自動執行修法3擴展
from src.services.auto_approve import _DESTRUCTIVE_PATTERNS as _cs3_destr_patterns # noqa: PLC0415
_cs3_kubectl = (analysis_result.kubectl_command or "").strip()
_cs3_can_auto = (
bool(_cs3_kubectl)
and analysis_result.confidence >= 0.85
and risk_level != RiskLevel.CRITICAL
and "NO_ACTION" not in (analysis_result.action_title or "")
and not any(p in _cs3_kubectl.lower() for p in _cs3_destr_patterns)
)
if _cs3_can_auto:
try:
_cs3_auto_approval = ApprovalRequest(
action=approval_create.action,
description=approval_create.description,
requested_by="auto_approve_llm_cs3",
required_signatures=0,
status=ApprovalStatus.APPROVED,
risk_level=risk_level.value,
matched_playbook_id=None,
)
_cs3_executor = ApprovalExecutionService()
_cs3_exec_success = await _cs3_executor.execute_approved_action(_cs3_auto_approval)
logger.info(
"cs3_llm_auto_executed",
approval_id=str(approval.id),
kubectl=_cs3_kubectl,
confidence=analysis_result.confidence,
success=_cs3_exec_success,
provider=ai_provider,
)
except Exception as _cs3_exec_err:
logger.warning("cs3_llm_auto_execute_failed", error=str(_cs3_exec_err))
incident_id = await create_incident_for_approval(
approval_id=str(approval.id),
risk_level=risk_level.value,