diff --git a/apps/api/src/services/service_health_failure_notification_policy.py b/apps/api/src/services/service_health_failure_notification_policy.py index d8484fd7..86a96dc0 100644 --- a/apps/api/src/services/service_health_failure_notification_policy.py +++ b/apps/api/src/services/service_health_failure_notification_policy.py @@ -220,10 +220,10 @@ def _require_frontend_redaction_contract(payload: dict[str, Any], label: str) -> forbidden = set(contract.get("forbidden_frontend_content") or []) required_forbidden = { - "內部對話內容", - "Codex / 使用者訊息逐字稿", - "提示詞 / 思考鏈", - "工作階段識別碼 / 瀏覽器脈絡", + "未核准內部內容", + "未脫敏操作紀錄", + "未核准決策細節", + "工作階段脈絡", "機密 / 權杖 / 授權標頭", } if not required_forbidden.issubset(forbidden): diff --git a/apps/api/tests/test_service_health_failure_notification_policy.py b/apps/api/tests/test_service_health_failure_notification_policy.py index 405cbdca..110bac44 100644 --- a/apps/api/tests/test_service_health_failure_notification_policy.py +++ b/apps/api/tests/test_service_health_failure_notification_policy.py @@ -180,10 +180,10 @@ def _snapshot( "conversation_transcript_display_allowed": False, "redaction_required": True, "forbidden_frontend_content": [ - "內部對話內容", - "Codex / 使用者訊息逐字稿", - "提示詞 / 思考鏈", - "工作階段識別碼 / 瀏覽器脈絡", + "未核准內部內容", + "未脫敏操作紀錄", + "未核准決策細節", + "工作階段脈絡", "機密 / 權杖 / 授權標頭", ], "allowed_frontend_fields": ["已提交證據參照", "政策規則摘要"], diff --git a/apps/api/tests/test_service_health_failure_notification_policy_api.py b/apps/api/tests/test_service_health_failure_notification_policy_api.py index bb82be12..faadb07e 100644 --- a/apps/api/tests/test_service_health_failure_notification_policy_api.py +++ b/apps/api/tests/test_service_health_failure_notification_policy_api.py @@ -42,7 +42,7 @@ def test_service_health_failure_notification_policy_endpoint_returns_committed_s assert "work_window_transcript" in data["message_template_contract"]["forbidden_fields"] assert data["display_redaction_contract"]["conversation_transcript_display_allowed"] is False assert data["display_redaction_contract"]["redaction_required"] is True - assert "內部對話內容" in data["display_redaction_contract"]["forbidden_frontend_content"] + assert "未核准內部內容" in data["display_redaction_contract"]["forbidden_frontend_content"] assert all( rule["decision"] == "suppress_immediate_success" for rule in data["policy_rules"] diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index c7c2b399..771b737b 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -1,3 +1,26 @@ +## 2026-06-11|P2-403C 前端紅線語彙收斂 Hotfix + +**背景**:P2-403C 已完成 Redis Dry-run Gate 與正式部署驗證;正式治理頁再檢查時,service health failure-only 通知合約的 redaction 說明仍使用過於貼近內部工作流程的詞彙。這些文字不是實際內容外露,也沒有可點執行按鈕,但前端治理頁應只顯示產品化的抽象邊界。 + +**完成**: + +- 將 `service_health_failure_notification_policy_v1` 的前端 redaction policy 改為「未核准內部內容、未脫敏操作紀錄、未核准決策細節、工作階段脈絡」。 +- 同步 `ai_agent_telegram_action_required_digest_policy_v1` 的前端禁止顯示分類,避免治理頁或 API 消費端出現過度具體的內部工作語彙。 +- 更新 `service_health_failure_notification_policy` loader 與 API 測試期待值,確保新的抽象分類仍是強制 contract。 + +**本地驗證**: + +- JSON parse:`service_health_failure_notification_policy_2026-06-05.json`、`ai_agent_telegram_action_required_digest_policy_2026-06-11.json` 通過。 +- `python3 -m py_compile apps/api/src/services/service_health_failure_notification_policy.py apps/api/src/services/ai_agent_telegram_action_required_digest_policy.py` 通過。 +- `DATABASE_URL=sqlite+aiosqlite:///tmp/awoooi-test.db pytest apps/api/tests/test_service_health_failure_notification_policy.py apps/api/tests/test_service_health_failure_notification_policy_api.py apps/api/tests/test_ai_agent_telegram_action_required_digest_policy.py apps/api/tests/test_ai_agent_telegram_action_required_digest_policy_api.py -q`:`17 passed`。 +- 目標治理資料掃描:service health、Telegram digest、P2-403C Redis dry-run gate、P2-403 interaction proof、P2-403 proactive contract 未命中前端紅線語彙。 +- `python3 scripts/ops/doc-secrets-sanity-check.py docs .gitea`:`DOC_SECRET_SANITY_OK scanned_files=676`。 +- `git diff --check`:通過。 + +**完成度同步**:P2-403C 三 Agent 互動學習證據仍為 `65%`;本 hotfix 只收斂前端可見紅線語彙,Redis / Telegram / learning / worker runtime 仍全部維持 `0 / false`。 + +**邊界**:本段不連 Redis、不建立 consumer group、不 XADD / XREADGROUP / XACK、不 replay、不發 Telegram、不寫 learning、不啟動 worker、不 SSH、不 kubectl、不升級、不重啟、不讀取或輸出 secret、不新增任何前端執行按鈕。 + ## 2026-06-11|IwoooS 高價值配置控管覆蓋矩陣 **背景**:統帥要求所有重要配置都要先被資安控管,尤其 Nginx 常被手動變動;既有高價值配置 Gate 能判斷單次 diff,Owner Packet 能產生回覆草案,但仍缺一張可重跑、可被 guard 與前端消費的全域覆蓋矩陣。本段仍維持只讀證據、低摩擦框架與 `0 / false` 邊界;不 reload Nginx、不改 DNS / TLS、不改 workflow / secret、不 SSH、不 active scan、不啟動 `agent-bounty-protocol` runtime。 diff --git a/docs/evaluations/ai_agent_telegram_action_required_digest_policy_2026-06-11.json b/docs/evaluations/ai_agent_telegram_action_required_digest_policy_2026-06-11.json index b39eb903..db2e2d9f 100644 --- a/docs/evaluations/ai_agent_telegram_action_required_digest_policy_2026-06-11.json +++ b/docs/evaluations/ai_agent_telegram_action_required_digest_policy_2026-06-11.json @@ -309,10 +309,10 @@ "approval gate" ], "forbidden_frontend_content": [ - "內部對話內容", - "Codex / 使用者訊息逐字稿", - "提示詞 / 思考鏈", - "工作階段識別碼 / 瀏覽器脈絡", + "未核准內部內容", + "未脫敏操作紀錄", + "未核准決策細節", + "工作階段脈絡", "機密 / 權杖 / 授權標頭" ] }, diff --git a/docs/evaluations/service_health_failure_notification_policy_2026-06-05.json b/docs/evaluations/service_health_failure_notification_policy_2026-06-05.json index c01dae03..b5bcb07e 100644 --- a/docs/evaluations/service_health_failure_notification_policy_2026-06-05.json +++ b/docs/evaluations/service_health_failure_notification_policy_2026-06-05.json @@ -281,7 +281,7 @@ "runtime_execution_approved": false }, "display_redaction_contract": { - "frontend_display_policy": "前端只顯示已提交政策證據、規則摘要與已脫敏訊息合約;不得顯示內部對話、提示詞、工作階段識別碼或瀏覽器脈絡。", + "frontend_display_policy": "前端只顯示已提交政策證據、規則摘要與已脫敏訊息合約;不得顯示未核准內部內容、未脫敏操作紀錄或工作階段脈絡。", "allowed_frontend_fields": [ "已提交證據參照", "政策規則摘要", @@ -291,10 +291,10 @@ "阻擋操作摘要" ], "forbidden_frontend_content": [ - "內部對話內容", - "Codex / 使用者訊息逐字稿", - "提示詞 / 思考鏈", - "工作階段識別碼 / 瀏覽器脈絡", + "未核准內部內容", + "未脫敏操作紀錄", + "未核准決策細節", + "工作階段脈絡", "機密 / 權杖 / 授權標頭" ], "conversation_transcript_display_allowed": false,