diff --git a/apps/api/src/services/ai_agent_professional_task_expansion.py b/apps/api/src/services/ai_agent_professional_task_expansion.py index 27be1b91..cb44f974 100644 --- a/apps/api/src/services/ai_agent_professional_task_expansion.py +++ b/apps/api/src/services/ai_agent_professional_task_expansion.py @@ -1,7 +1,7 @@ """ AI Agent professional task expansion and Telegram runtime bridge snapshot. -Loads the latest committed P2-405C read-only contract. The contract expands +Loads the latest committed P2-405D read-only contract. The contract expands professional AI Agent work and defines Telegram no-send previews, but it does not write Telegram Gateway queues, send Telegram messages, call the Bot API, read secrets, or execute production changes. @@ -29,6 +29,7 @@ _EXPECTED_DEDUP_KEY_COUNT = 6 _EXPECTED_RECEIPT_EXPECTATION_COUNT = 6 _EXPECTED_CANARY_PACKAGE_COUNT = 1 _EXPECTED_CANARY_APPROVAL_PACKET_COUNT = 1 +_EXPECTED_CANARY_DELIVERY_GATE_COUNT = 1 _ZERO_ROLLUP_FIELDS = { "current_live_count", "gateway_queue_write_count", @@ -53,6 +54,14 @@ _ZERO_ROLLUP_FIELDS = { "canary_bot_api_call_enabled_count", "canary_delivery_receipt_write_enabled_count", "canary_secret_read_enabled_count", + "canary_delivery_approved_count", + "canary_delivery_attempt_allowed_count", + "canary_delivery_live_send_enabled_count", + "canary_delivery_gateway_queue_write_enabled_count", + "canary_delivery_bot_api_call_enabled_count", + "canary_delivery_receipt_write_enabled_count", + "canary_delivery_secret_read_enabled_count", + "canary_delivery_paid_api_enabled_count", } _FORBIDDEN_PUBLIC_TERMS = { "work_window_transcript", @@ -100,11 +109,11 @@ def _require_schema(payload: dict[str, Any], label: str) -> None: status = payload.get("program_status") or {} expected = { "current_priority": "P2", - "current_task_id": "P2-405C", - "next_task_id": "P2-405D", + "current_task_id": "P2-405D", + "next_task_id": "P2-405E", "read_only_mode": True, "runtime_authority": _RUNTIME_AUTHORITY, - "overall_completion_percent": 92, + "overall_completion_percent": 96, } mismatches = _mismatches(status, expected) if mismatches: @@ -145,6 +154,7 @@ def _require_telegram_bridge(payload: dict[str, Any], label: str) -> None: _require_no_send_previews(bridge, label) _require_receipt_and_canary_package(bridge, label) _require_canary_send_approval_packet(bridge, label) + _require_canary_delivery_gate(bridge, label) def _require_no_send_previews(bridge: dict[str, Any], label: str) -> None: @@ -325,6 +335,98 @@ def _require_canary_send_approval_packet(bridge: dict[str, Any], label: str) -> raise ValueError(f"{label}: canary send approval_decision_log must remain empty") +def _require_canary_delivery_gate(bridge: dict[str, Any], label: str) -> None: + gate = bridge.get("canary_delivery_gate") or {} + expected_gate = { + "status": "blocked_waiting_commander_delivery_fields", + "gate_ready": True, + "delivery_approved": False, + "delivery_attempt_allowed": False, + "selected_message_type": "not_selected", + "target_room_env": "SRE_GROUP_CHAT_ID", + "target_room_value_visible": False, + "target_room_verified": False, + "proposed_time_window": "waiting_commander_input", + "approved_time_window": "not_approved", + } + mismatches = _mismatches(gate, expected_gate) + if mismatches: + raise ValueError(f"{label}: canary_delivery_gate mismatch: {mismatches}") + if not gate: + raise ValueError( + f"{label}: expected {_EXPECTED_CANARY_DELIVERY_GATE_COUNT} canary delivery gate" + ) + + fields = gate.get("required_delivery_fields") or [] + required_field_ids = { + "commander_delivery_approval", + "selected_message_type", + "delivery_time_window", + "target_room_env_ref", + "receipt_readback_owner", + "mute_rollback_plan", + "failure_stop_condition", + "dry_run_readback_ref", + } + field_ids = {field.get("field_id") for field in fields} + if field_ids != required_field_ids: + raise ValueError(f"{label}: canary delivery required fields mismatch") + for field in fields: + field_id = field.get("field_id") + if field.get("required") is not True: + raise ValueError(f"{label}: {field_id}.required must be true") + if field.get("current_value_status") != "waiting_input": + raise ValueError(f"{label}: {field_id}.current_value_status must be waiting_input") + if field.get("value_display_allowed") is not False: + raise ValueError(f"{label}: {field_id}.value_display_allowed must remain false") + + attempt_plan = gate.get("delivery_attempt_plan") or {} + expected_attempt = { + "max_messages": 1, + "send_mode": "blocked_no_send", + "live_delivery_enabled": False, + "gateway_queue_write_enabled": False, + "bot_api_call_enabled": False, + "delivery_receipt_write_enabled": False, + "production_write_enabled": False, + "secret_read_enabled": False, + "paid_api_enabled": False, + } + mismatches = _mismatches(attempt_plan, expected_attempt) + if mismatches: + raise ValueError(f"{label}: canary delivery attempt plan mismatch: {mismatches}") + + execution_flags = gate.get("execution_flags") or {} + expected_execution = { + "live_delivery_enabled": False, + "gateway_queue_write_enabled": False, + "bot_api_call_enabled": False, + "delivery_receipt_write_enabled": False, + "production_write_enabled": False, + "secret_read_enabled": False, + "paid_api_enabled": False, + } + mismatches = _mismatches(execution_flags, expected_execution) + if mismatches: + raise ValueError(f"{label}: canary delivery execution flags mismatch: {mismatches}") + + readback_plan = gate.get("readback_after_approval_plan") or {} + if readback_plan.get("enabled_before_delivery") is not False: + raise ValueError(f"{label}: canary delivery readback must stay disabled before delivery") + if readback_plan.get("production_receipt_write_enabled") is not False: + raise ValueError(f"{label}: canary delivery production receipt write must remain false") + if not readback_plan.get("required_checks"): + raise ValueError(f"{label}: canary delivery readback required_checks are required") + if not gate.get("preflight_checks"): + raise ValueError(f"{label}: canary delivery preflight_checks are required") + if not gate.get("hold_reasons"): + raise ValueError(f"{label}: canary delivery hold_reasons are required") + if not gate.get("rollback_mute_controls"): + raise ValueError(f"{label}: canary delivery rollback_mute_controls are required") + if gate.get("delivery_decision_log") != []: + raise ValueError(f"{label}: canary delivery decision log must remain empty") + + def _require_professional_tasks(payload: dict[str, Any], label: str) -> None: domains = payload.get("professional_task_domains") or [] if len(domains) != _EXPECTED_DOMAIN_COUNT: @@ -438,6 +540,28 @@ def _require_rollups(payload: dict[str, Any], label: str) -> None: ).get("required_checks") or [] ), + "canary_delivery_gate_count": 1 + if bridge.get("canary_delivery_gate") + else 0, + "canary_delivery_required_field_count": len( + (bridge.get("canary_delivery_gate") or {}).get("required_delivery_fields") or [] + ), + "canary_delivery_preflight_check_count": len( + (bridge.get("canary_delivery_gate") or {}).get("preflight_checks") or [] + ), + "canary_delivery_hold_reason_count": len( + (bridge.get("canary_delivery_gate") or {}).get("hold_reasons") or [] + ), + "canary_delivery_readback_check_count": len( + ( + (bridge.get("canary_delivery_gate") or {}).get("readback_after_approval_plan") + or {} + ).get("required_checks") + or [] + ), + "canary_delivery_rollback_mute_control_count": len( + (bridge.get("canary_delivery_gate") or {}).get("rollback_mute_controls") or [] + ), } mismatches = _mismatches(rollups, expected) if mismatches: diff --git a/apps/api/tests/test_ai_agent_professional_task_expansion.py b/apps/api/tests/test_ai_agent_professional_task_expansion.py index d1676287..597df2e5 100644 --- a/apps/api/tests/test_ai_agent_professional_task_expansion.py +++ b/apps/api/tests/test_ai_agent_professional_task_expansion.py @@ -18,9 +18,9 @@ def test_load_latest_ai_agent_professional_task_expansion_snapshot() -> None: snapshot = load_latest_ai_agent_professional_task_expansion() assert snapshot["schema_version"] == "ai_agent_professional_task_expansion_v1" - assert snapshot["program_status"]["current_task_id"] == "P2-405C" - assert snapshot["program_status"]["next_task_id"] == "P2-405D" - assert snapshot["program_status"]["overall_completion_percent"] == 92 + assert snapshot["program_status"]["current_task_id"] == "P2-405D" + assert snapshot["program_status"]["next_task_id"] == "P2-405E" + assert snapshot["program_status"]["overall_completion_percent"] == 96 assert snapshot["program_status"]["runtime_authority"] == ( "professional_task_expansion_and_telegram_bridge_read_only_no_send" ) @@ -46,6 +46,9 @@ def test_load_latest_ai_agent_professional_task_expansion_snapshot() -> None: assert bridge["canary_send_approval_packet"]["approval_granted"] is False assert bridge["canary_send_approval_packet"]["selected_message_type"] == "not_selected" assert bridge["canary_send_approval_packet"]["proposed_time_window"] == "waiting_commander_input" + assert bridge["canary_delivery_gate"]["status"] == "blocked_waiting_commander_delivery_fields" + assert bridge["canary_delivery_gate"]["delivery_approved"] is False + assert bridge["canary_delivery_gate"]["delivery_attempt_allowed"] is False rollups = snapshot["rollups"] assert rollups["professional_task_count"] == 24 @@ -89,6 +92,20 @@ def test_load_latest_ai_agent_professional_task_expansion_snapshot() -> None: assert rollups["canary_bot_api_call_enabled_count"] == 0 assert rollups["canary_delivery_receipt_write_enabled_count"] == 0 assert rollups["canary_secret_read_enabled_count"] == 0 + assert rollups["canary_delivery_gate_count"] == 1 + assert rollups["canary_delivery_required_field_count"] == 8 + assert rollups["canary_delivery_preflight_check_count"] == 8 + assert rollups["canary_delivery_hold_reason_count"] == 7 + assert rollups["canary_delivery_readback_check_count"] == 7 + assert rollups["canary_delivery_rollback_mute_control_count"] == 5 + assert rollups["canary_delivery_approved_count"] == 0 + assert rollups["canary_delivery_attempt_allowed_count"] == 0 + assert rollups["canary_delivery_live_send_enabled_count"] == 0 + assert rollups["canary_delivery_gateway_queue_write_enabled_count"] == 0 + assert rollups["canary_delivery_bot_api_call_enabled_count"] == 0 + assert rollups["canary_delivery_receipt_write_enabled_count"] == 0 + assert rollups["canary_delivery_secret_read_enabled_count"] == 0 + assert rollups["canary_delivery_paid_api_enabled_count"] == 0 def test_professional_tasks_cover_required_agents_and_reporting() -> None: @@ -196,6 +213,38 @@ def test_canary_send_approval_packet_waits_for_explicit_approval() -> None: assert all(value is False for value in packet["execution_flags"].values()) +def test_canary_delivery_gate_waits_for_explicit_delivery_fields() -> None: + snapshot = load_latest_ai_agent_professional_task_expansion() + gate = snapshot["telegram_runtime_bridge"]["canary_delivery_gate"] + + assert gate["gate_ready"] is True + assert gate["delivery_approved"] is False + assert gate["delivery_attempt_allowed"] is False + assert gate["selected_message_type"] == "not_selected" + assert gate["target_room_env"] == "SRE_GROUP_CHAT_ID" + assert gate["target_room_value_visible"] is False + assert gate["target_room_verified"] is False + assert gate["proposed_time_window"] == "waiting_commander_input" + assert gate["approved_time_window"] == "not_approved" + assert len(gate["required_delivery_fields"]) == 8 + assert len(gate["preflight_checks"]) == 8 + assert len(gate["hold_reasons"]) == 7 + assert len(gate["rollback_mute_controls"]) == 5 + assert len(gate["readback_after_approval_plan"]["required_checks"]) == 7 + assert gate["delivery_decision_log"] == [] + + for field in gate["required_delivery_fields"]: + assert field["required"] is True + assert field["current_value_status"] == "waiting_input" + assert field["value_display_allowed"] is False + + assert gate["delivery_attempt_plan"]["max_messages"] == 1 + assert gate["delivery_attempt_plan"]["send_mode"] == "blocked_no_send" + assert gate["readback_after_approval_plan"]["enabled_before_delivery"] is False + assert gate["readback_after_approval_plan"]["production_receipt_write_enabled"] is False + assert all(value is False for value in gate["execution_flags"].values()) + + def test_rejects_telegram_send_enabled(tmp_path: Path) -> None: snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion()) snapshot["telegram_runtime_bridge"]["telegram_send_enabled"] = True @@ -277,6 +326,39 @@ def test_rejects_selected_canary_message_type_without_approval(tmp_path: Path) - load_latest_ai_agent_professional_task_expansion(tmp_path) +def test_rejects_canary_delivery_approved(tmp_path: Path) -> None: + snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion()) + gate = snapshot["telegram_runtime_bridge"]["canary_delivery_gate"] + gate["delivery_approved"] = True + snapshot["rollups"]["canary_delivery_approved_count"] = 1 + _write_snapshot(tmp_path, snapshot) + + with pytest.raises(ValueError, match="canary_delivery_gate mismatch"): + load_latest_ai_agent_professional_task_expansion(tmp_path) + + +def test_rejects_canary_delivery_attempt_allowed(tmp_path: Path) -> None: + snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion()) + gate = snapshot["telegram_runtime_bridge"]["canary_delivery_gate"] + gate["delivery_attempt_allowed"] = True + snapshot["rollups"]["canary_delivery_attempt_allowed_count"] = 1 + _write_snapshot(tmp_path, snapshot) + + with pytest.raises(ValueError, match="canary_delivery_gate mismatch"): + load_latest_ai_agent_professional_task_expansion(tmp_path) + + +def test_rejects_canary_delivery_gateway_queue_write_enabled(tmp_path: Path) -> None: + snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion()) + gate = snapshot["telegram_runtime_bridge"]["canary_delivery_gate"] + gate["delivery_attempt_plan"]["gateway_queue_write_enabled"] = True + snapshot["rollups"]["canary_delivery_gateway_queue_write_enabled_count"] = 1 + _write_snapshot(tmp_path, snapshot) + + with pytest.raises(ValueError, match="canary delivery attempt plan mismatch"): + load_latest_ai_agent_professional_task_expansion(tmp_path) + + def test_rejects_high_risk_without_approval(tmp_path: Path) -> None: snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion()) high_task = next(task for task in snapshot["professional_tasks"] if task["risk_tier"] == "high") diff --git a/apps/api/tests/test_ai_agent_professional_task_expansion_api.py b/apps/api/tests/test_ai_agent_professional_task_expansion_api.py index 83419bf7..91804420 100644 --- a/apps/api/tests/test_ai_agent_professional_task_expansion_api.py +++ b/apps/api/tests/test_ai_agent_professional_task_expansion_api.py @@ -17,9 +17,9 @@ def test_ai_agent_professional_task_expansion_endpoint() -> None: assert response.status_code == 200 payload = response.json() assert payload["schema_version"] == "ai_agent_professional_task_expansion_v1" - assert payload["program_status"]["current_task_id"] == "P2-405C" - assert payload["program_status"]["next_task_id"] == "P2-405D" - assert payload["program_status"]["overall_completion_percent"] == 92 + assert payload["program_status"]["current_task_id"] == "P2-405D" + assert payload["program_status"]["next_task_id"] == "P2-405E" + assert payload["program_status"]["overall_completion_percent"] == 96 assert payload["program_status"]["runtime_authority"] == ( "professional_task_expansion_and_telegram_bridge_read_only_no_send" ) @@ -48,11 +48,20 @@ def test_ai_agent_professional_task_expansion_endpoint() -> None: assert payload["rollups"]["canary_send_execution_enabled_count"] == 0 assert payload["rollups"]["canary_gateway_queue_write_enabled_count"] == 0 assert payload["rollups"]["canary_bot_api_call_enabled_count"] == 0 + assert payload["rollups"]["canary_delivery_gate_count"] == 1 + assert payload["rollups"]["canary_delivery_required_field_count"] == 8 + assert payload["rollups"]["canary_delivery_approved_count"] == 0 + assert payload["rollups"]["canary_delivery_attempt_allowed_count"] == 0 + assert payload["rollups"]["canary_delivery_gateway_queue_write_enabled_count"] == 0 + assert payload["rollups"]["canary_delivery_bot_api_call_enabled_count"] == 0 assert payload["telegram_runtime_bridge"]["canary_approval_package"]["live_send_enabled"] is False assert payload["telegram_runtime_bridge"]["canary_send_approval_packet"]["approval_granted"] is False assert ( payload["telegram_runtime_bridge"]["canary_send_approval_packet"]["selected_message_type"] == "not_selected" ) + assert payload["telegram_runtime_bridge"]["canary_delivery_gate"]["delivery_approved"] is False + assert payload["telegram_runtime_bridge"]["canary_delivery_gate"]["delivery_attempt_allowed"] is False + assert payload["telegram_runtime_bridge"]["canary_delivery_gate"]["target_room_value_visible"] is False assert len(payload["telegram_runtime_bridge"]["no_send_message_previews"]) == 6 assert len(payload["telegram_runtime_bridge"]["receipt_expectations"]) == 6 diff --git a/apps/web/messages/en.json b/apps/web/messages/en.json index f0af61db..8a1bf855 100644 --- a/apps/web/messages/en.json +++ b/apps/web/messages/en.json @@ -6448,7 +6448,7 @@ } }, "professionalTaskExpansion": { - "title": "P2-405C AI Agent TG Canary 批准包", + "title": "P2-405D AI Agent TG Canary Delivery Gate", "source": "產生 {generated};目前 {current};下一步 {next}", "runtime": "runtime={value}", "telegramTitle": "Telegram Runtime Bridge", @@ -6470,7 +6470,11 @@ "canaryPacket": "canary 批准包", "canaryFields": "批准欄位", "stopConditions": "停止條件", - "canaryApprovalGaps": "已批准 / 選擇 / 時間窗" + "canaryApprovalGaps": "已批准 / 選擇 / 時間窗", + "deliveryGate": "delivery gate", + "deliveryFields": "交付欄位", + "deliveryPreflight": "交付 preflight", + "deliveryHoldReasons": "hold reason" }, "previewTitle": "Telegram no-send 訊息預覽", "canaryTitle": "Canary 批准包", @@ -6503,14 +6507,20 @@ "timeWindow": "時間窗={value}", "required": "必填={value}", "inputStatus": "輸入狀態={value}", - "valueVisible": "值可見={value}" + "valueVisible": "值可見={value}", + "gateReady": "gate ready={value}", + "deliveryApproved": "delivery approved={value}", + "attemptAllowed": "attempt allowed={value}", + "targetVerified": "target verified={value}", + "holdReason": "hold={value}" }, "riskTiers": { "low": "低風險", "medium": "中風險", "high": "高風險", "critical": "Critical" - } + }, + "canaryDeliveryGateTitle": "P2-405D Canary Delivery Gate" }, "resultCaptureReleaseVerifierOwnerReviewPacket": { "title": "P2-137 釋出驗證器負責人審查包", diff --git a/apps/web/messages/zh-TW.json b/apps/web/messages/zh-TW.json index f0af61db..8a1bf855 100644 --- a/apps/web/messages/zh-TW.json +++ b/apps/web/messages/zh-TW.json @@ -6448,7 +6448,7 @@ } }, "professionalTaskExpansion": { - "title": "P2-405C AI Agent TG Canary 批准包", + "title": "P2-405D AI Agent TG Canary Delivery Gate", "source": "產生 {generated};目前 {current};下一步 {next}", "runtime": "runtime={value}", "telegramTitle": "Telegram Runtime Bridge", @@ -6470,7 +6470,11 @@ "canaryPacket": "canary 批准包", "canaryFields": "批准欄位", "stopConditions": "停止條件", - "canaryApprovalGaps": "已批准 / 選擇 / 時間窗" + "canaryApprovalGaps": "已批准 / 選擇 / 時間窗", + "deliveryGate": "delivery gate", + "deliveryFields": "交付欄位", + "deliveryPreflight": "交付 preflight", + "deliveryHoldReasons": "hold reason" }, "previewTitle": "Telegram no-send 訊息預覽", "canaryTitle": "Canary 批准包", @@ -6503,14 +6507,20 @@ "timeWindow": "時間窗={value}", "required": "必填={value}", "inputStatus": "輸入狀態={value}", - "valueVisible": "值可見={value}" + "valueVisible": "值可見={value}", + "gateReady": "gate ready={value}", + "deliveryApproved": "delivery approved={value}", + "attemptAllowed": "attempt allowed={value}", + "targetVerified": "target verified={value}", + "holdReason": "hold={value}" }, "riskTiers": { "low": "低風險", "medium": "中風險", "high": "高風險", "critical": "Critical" - } + }, + "canaryDeliveryGateTitle": "P2-405D Canary Delivery Gate" }, "resultCaptureReleaseVerifierOwnerReviewPacket": { "title": "P2-137 釋出驗證器負責人審查包", diff --git a/apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx b/apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx index 9100eb76..25eddbe5 100644 --- a/apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx +++ b/apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx @@ -3716,12 +3716,20 @@ export function AutomationInventoryTab() { + professionalTaskExpansion.rollups.canary_bot_api_call_enabled_count + professionalTaskExpansion.rollups.canary_delivery_receipt_write_enabled_count + professionalTaskExpansion.rollups.canary_secret_read_enabled_count + + professionalTaskExpansion.rollups.canary_delivery_live_send_enabled_count + + professionalTaskExpansion.rollups.canary_delivery_gateway_queue_write_enabled_count + + professionalTaskExpansion.rollups.canary_delivery_bot_api_call_enabled_count + + professionalTaskExpansion.rollups.canary_delivery_secret_read_enabled_count + + professionalTaskExpansion.rollups.canary_delivery_paid_api_enabled_count ) const professionalTaskCanarySendPacket = professionalTaskExpansion.telegram_runtime_bridge.canary_send_approval_packet + const professionalTaskCanaryDeliveryGate = professionalTaskExpansion.telegram_runtime_bridge.canary_delivery_gate const professionalTaskCanaryApprovalGaps = ( professionalTaskExpansion.rollups.canary_approval_granted_count + professionalTaskExpansion.rollups.canary_selected_message_type_count + professionalTaskExpansion.rollups.canary_approved_time_window_count + + professionalTaskExpansion.rollups.canary_delivery_approved_count + + professionalTaskExpansion.rollups.canary_delivery_attempt_allowed_count ) const backlogProgressPercent = backlog.progress_summary.overall_percent const explicitApprovalItemCount = backlog.item_approval_boundary_rollup.items_requiring_explicit_approval.length @@ -4152,6 +4160,10 @@ export function AutomationInventoryTab() { } /> } /> } /> + } /> + } /> + } /> + } />
@@ -4276,6 +4288,52 @@ export function AutomationInventoryTab() {
+
+ {t('professionalTaskExpansion.canaryDeliveryGateTitle')} +

+ {professionalTaskCanaryDeliveryGate.gate_id} · {professionalTaskCanaryDeliveryGate.status} +

+
+ + + + + + + + + +
+
+ {professionalTaskCanaryDeliveryGate.required_delivery_fields.map(field => ( +
+ + {field.label} + +
+ + + +
+
+ ))} +
+
+ {professionalTaskCanaryDeliveryGate.preflight_checks.slice(0, 8).map(check => ( +
+ {check} +
+ ))} +
+
+ {professionalTaskCanaryDeliveryGate.hold_reasons.slice(0, 7).map(reason => ( +
+ {t('professionalTaskExpansion.labels.holdReason', { value: reason })} +
+ ))} +
+
+ {t('professionalTaskExpansion.tasksTitle')}
{visibleProfessionalTasks.map(task => { diff --git a/apps/web/src/lib/api-client.ts b/apps/web/src/lib/api-client.ts index 9d4ac032..91085347 100644 --- a/apps/web/src/lib/api-client.ts +++ b/apps/web/src/lib/api-client.ts @@ -1429,8 +1429,8 @@ export interface AiAgentProfessionalTaskExpansionSnapshot { program_status: { overall_completion_percent: number current_priority: 'P0' | 'P1' | 'P2' | 'P3' - current_task_id: 'P2-405C' - next_task_id: 'P2-405D' + current_task_id: 'P2-405D' + next_task_id: 'P2-405E' read_only_mode: true runtime_authority: 'professional_task_expansion_and_telegram_bridge_read_only_no_send' status_note: string @@ -1588,12 +1588,73 @@ export interface AiAgentProfessionalTaskExpansionSnapshot { } approval_decision_log: unknown[] } + canary_delivery_gate: { + gate_id: string + status: string + gate_ready: boolean + delivery_approved: boolean + delivery_attempt_allowed: boolean + selected_message_type: string + selected_message_type_source: string + target_room_alias: string + target_room_env: string + target_room_value_visible: boolean + target_room_verified: boolean + proposed_time_window: string + approved_time_window: string + owner_agent: string + arbiter: string + reviewers: string[] + required_delivery_fields: Array<{ + field_id: string + label: string + required: boolean + current_value_status: string + value_display_allowed: boolean + }> + preflight_checks: string[] + hold_reasons: string[] + delivery_attempt_plan: { + max_messages: number + dry_run_message_type: string + dedup_key_template: string + send_mode: string + live_delivery_enabled: boolean + gateway_queue_write_enabled: boolean + bot_api_call_enabled: boolean + delivery_receipt_write_enabled: boolean + production_write_enabled: boolean + secret_read_enabled: boolean + paid_api_enabled: boolean + } + readback_after_approval_plan: { + owner_agent: string + enabled_before_delivery: boolean + production_receipt_write_enabled: boolean + required_checks: string[] + } + rollback_mute_controls: string[] + execution_flags: { + live_delivery_enabled: boolean + gateway_queue_write_enabled: boolean + bot_api_call_enabled: boolean + delivery_receipt_write_enabled: boolean + production_write_enabled: boolean + secret_read_enabled: boolean + paid_api_enabled: boolean + } + delivery_decision_log: unknown[] + } no_send_preview_completion_percent: number canary_approval_package_completion_percent: number canary_send_approval_packet_ready: boolean canary_send_approval_granted: boolean canary_send_execution_enabled: boolean canary_send_approval_packet_completion_percent: number + canary_delivery_gate_ready: boolean + canary_delivery_approved: boolean + canary_delivery_attempt_allowed: boolean + canary_delivery_gate_completion_percent: number } professional_task_domains: Array<{ domain_id: string @@ -1630,6 +1691,7 @@ export interface AiAgentProfessionalTaskExpansionSnapshot { frontend_display_policy: string message_preview_redaction_checks: string[] canary_packet_redaction_checks: string[] + canary_delivery_redaction_checks: string[] } rollups: { professional_task_count: number @@ -1676,6 +1738,19 @@ export interface AiAgentProfessionalTaskExpansionSnapshot { canary_bot_api_call_enabled_count: number canary_delivery_receipt_write_enabled_count: number canary_secret_read_enabled_count: number + canary_delivery_gate_count: number + canary_delivery_required_field_count: number + canary_delivery_preflight_check_count: number + canary_delivery_hold_reason_count: number + canary_delivery_readback_check_count: number + canary_delivery_rollback_mute_control_count: number + canary_delivery_approved_count: number + canary_delivery_attempt_allowed_count: number + canary_delivery_live_send_enabled_count: number + canary_delivery_gateway_queue_write_enabled_count: number + canary_delivery_bot_api_call_enabled_count: number + canary_delivery_secret_read_enabled_count: number + canary_delivery_paid_api_enabled_count: number } } diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index 1adfdf11..ef3cd457 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -166,6 +166,34 @@ - 本輪未連 live ArgoCD、未 `kubectl`、未 `helm`、未讀 live Secret、未改 NetworkPolicy / RBAC / NodePort / Ingress / route、未手動 sync、未 patch live manifest、未 active scan、未收 secrets 明文、未 force push。 - 下一優先:收 K8s / ArgoCD owner evidence 與事故後回讀包;同時把 Backup / Restore / Escrow、Monitoring / Alerting / Observability、Public gateway / Nginx、Gitea workflow / runner / deploy secret injection 的 owner evidence gate 往前推,且不得用 route 200、pod up、UI 可見或 CD success 當成資安 runtime 授權。 +## 2026-06-16|P2-405D AI Agent TG Canary Delivery Gate + +**背景**:P2-405C 已把第一次 TG canary 實發前的批准欄位、停止條件、mute / rollback 與 receipt readback plan 固定成只讀 artifact;下一步需要把「已可進入 delivery gate 但仍不得送出」的最後交付欄位、preflight、hold reason 與 readback 控制產品化,避免批准包就緒被誤解成可寫 Gateway queue 或可呼叫 Bot API。 + +**完成項目**: +- 新增 `docs/evaluations/ai_agent_professional_task_expansion_2026-06-16_1108_p2_405d.json`,`current_task_id=P2-405D`、`next_task_id=P2-405E`、整體完成度 `96%`。 +- `telegram_runtime_bridge.canary_delivery_gate` 已固定 `gate_ready=true`、`delivery_approved=false`、`delivery_attempt_allowed=false`、`status=blocked_waiting_commander_delivery_fields`。 +- Canary delivery gate 要求 8 個統帥 / operator 必填欄位:統帥批准本次 delivery、單一訊息類型、交付時間窗、目標 env ref、receipt readback owner、mute / rollback plan、failure stop condition、dry-run readback evidence ref。 +- Canary delivery gate 固定 8 個 preflight check、7 個 hold reason、7 個 readback check、5 個 rollback / mute control;所有欄位值維持不可公開顯示。 +- 後端 loader / schema / 測試已要求 delivery approved、delivery attempt allowed、live delivery、Gateway queue write、Bot API call、delivery receipt write、secret read、paid API 全部維持 `false / 0`。 +- `/zh-TW/governance?tab=automation-inventory` 的 AI Agent 專業任務卡片已顯示 P2-405D delivery gate、交付欄位、preflight、hold reason 與批准缺口,並把 delivery 實發 / queue / Bot API / secret / paid API 全部納入 live write 計數。 +- `zh-TW.json` 與 `en.json` 維持繁中鏡像;治理頁不顯示工作視窗對話、未遮罩 runtime payload、機密值或可直接執行的 Telegram 操作。 + +**本地驗證**: +- JSON parse 驗證 `docs/evaluations/ai_agent_professional_task_expansion_2026-06-16_1108_p2_405d.json`、`docs/schemas/ai_agent_professional_task_expansion_v1.schema.json`、`apps/web/messages/zh-TW.json`、`apps/web/messages/en.json` 通過。 +- `python3 -m py_compile apps/api/src/services/ai_agent_professional_task_expansion.py apps/api/src/api/v1/agents.py` 通過。 +- `DATABASE_URL=postgresql+asyncpg://test:test@localhost/test pytest -q apps/api/tests/test_ai_agent_professional_task_expansion.py apps/api/tests/test_ai_agent_professional_task_expansion_api.py` → `20 passed`。 +- `pnpm --filter @awoooi/web typecheck` 通過。 +- `python3 scripts/security/security-mirror-progress-guard.py --root .` → `SECURITY_MIRROR_PROGRESS_GUARD_OK`。 +- `python3 scripts/ops/doc-secrets-sanity-check.py docs .gitea apps/web/messages/zh-TW.json apps/web/messages/en.json 'apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx' apps/web/src/lib/api-client.ts` → `DOC_SECRET_SANITY_OK scanned_files=886`。 +- `git diff --check` 通過。 + +**完成度與邊界**: +- AI Agent 專業任務擴展與 Telegram Runtime Bridge:`92% -> 96%`。 +- Telegram no-send preview、dedup、receipt expectation、canary approval package、canary send approval packet、canary delivery gate:皆為 `100%`。 +- Telegram 實發、Gateway queue write、Bot API call、delivery receipt production write、secret read、paid API、host write、kubectl action、production write 全部仍為 `0 / false`。 +- 下一步:P2-405E 只能在統帥明確提供 canary delivery 欄位後,才進入受控 dry-run delivery rehearsal;未批准前不得實發。 + ## 2026-06-16|P2-405C AI Agent TG Canary 發送批准包 **背景**:P2-405B 已讓治理頁看見 Telegram no-send 訊息預覽、dedup key、receipt expectation 與 canary approval package;下一步需要把第一次 TG canary 實發前的人工批准輸入、停止條件、mute / rollback 與回執讀回要求固定成可測試 artifact,但不能因「批准包已就緒」就打開 Telegram 實發或 Gateway queue。 diff --git a/docs/ai/AI_AGENT_12_AGENT_WAR_ROOM_2026-06-14.md b/docs/ai/AI_AGENT_12_AGENT_WAR_ROOM_2026-06-14.md index 8c9609dd..2419e38b 100644 --- a/docs/ai/AI_AGENT_12_AGENT_WAR_ROOM_2026-06-14.md +++ b/docs/ai/AI_AGENT_12_AGENT_WAR_ROOM_2026-06-14.md @@ -184,5 +184,5 @@ Telegram Ops 工位負責 Telegram Gateway、Channel Hub、日報/週報/月報 狀態變更:12 位 Agent 只讀審查全部回收並彙整;已建立 `ai_agent_12_agent_war_room_v1` schema / committed snapshot / API / tests / governance UI 區塊。 證據:`docs/schemas/ai_agent_12_agent_war_room_v1.schema.json`、`docs/evaluations/ai_agent_12_agent_war_room_2026-06-14.json`、`GET /api/v1/agents/agent-12-agent-war-room`、治理頁 12-Agent War Room 區塊、12 位 Agent 只讀回饋。 阻擋:runtime writer、Telegram send、Bot API、production write、SDK 安裝、付費 API、shadow/canary、host update、DB migration、restore 仍未批准。 -下一步:P2-405D 承接 Telegram canary delivery gate;只有在統帥明確批准發送時間窗、單一訊息類型、目標 env ref、receipt readback owner、mute / rollback plan 與停止條件後,才可進入受控 canary delivery。P2-146 owner response receipt preview 仍屬另一條 release gate 主線;兩者都不得直接打開 Gateway queue、Telegram send、Bot API 或 production write。 +下一步:P2-405E 承接 Telegram canary dry-run delivery rehearsal;只有在統帥明確批准 delivery 欄位、單一訊息類型、目標 env ref、receipt readback owner、mute / rollback plan 與停止條件後,才可進入受控 dry-run rehearsal。P2-146 owner response receipt preview 仍屬另一條 release gate 主線;兩者都不得直接打開 Gateway queue、Telegram send、Bot API 或 production write。 ``` diff --git a/docs/ai/AI_AGENT_AUTOMATION_WORKLIST_2026-06-04.md b/docs/ai/AI_AGENT_AUTOMATION_WORKLIST_2026-06-04.md index b521f174..0bbab187 100644 --- a/docs/ai/AI_AGENT_AUTOMATION_WORKLIST_2026-06-04.md +++ b/docs/ai/AI_AGENT_AUTOMATION_WORKLIST_2026-06-04.md @@ -15,11 +15,19 @@ | OpenClaw / Hermes / NemoTron 主動溝通、學習與成長證據 | 100% | P2-401A 到 P2-144 已完成只讀證據面、runtime / report / result-capture gates、no-write readback、promotion review、writer implementation review、writer dry-run fixture、writer dry-run readback、owner promotion execution gate、owner-approved execution rehearsal、owner acceptance / maintenance window gate、owner acceptance readback / preflight hold、owner-approved preflight release package、owner-approved release readiness readback、owner release approval gate、post-release verifier / rollback gate、final release candidate readback、release authorization hold / readback gate、release verifier preflight / owner review packet、release decision hold / readback、release decision next handoff、release decision input prep、12-Agent War Room、owner response 預檢與 owner response 回讀;P2-141 基線與 S4.9 owner release packet 補強皆已正式驗證,P2-142 12-Agent War Room 已完成 production readback 與 desktop / mobile smoke,P2-143 owner response 預檢已完成 production readback 與 in-app browser smoke,P2-144 owner response 回讀已完成 production API readback 與 desktop / mobile smoke。runtime worker、DB migration、production Redis consumer group、canonical runtime readback、live query、runtime score、result capture write、Telegram 實發、delivery receipt E2E、live report delivery、reviewer queue write、Gateway queue write、AI analysis runtime、中低風險 auto worker、KM / LOGBOOK / audit DB / timeline / PlayBook trust 寫入、SDK / 付費服務仍未開 gate | `ai_agent_result_capture_release_decision_owner_response_readback_v1`、`GET /api/v1/agents/agent-result-capture-release-decision-owner-response-readback`、`docs/evaluations/ai_agent_result_capture_release_decision_owner_response_readback_2026-06-14.json`、feature commit `8795f100`、deploy marker `ac938037`、Gitea code-review `2965` / CD `2964` success、5 個回覆讀回 lane、18 個 owner 必填欄位、6 個 readback validation check、6 個 rejection guard、5 個 operator action、等待外部回覆 `5`、未收件 lane `5`、正式寫入 / 發送 `0`;P2-142 feature commit `5de4b3f3`、deploy marker `1a2c9e36`、Gitea CD run `4232` success、production API readback、desktop / mobile in-app browser smoke;P2-143 feature commit `755b0a8d`、deploy marker `667d6329`、Gitea code-review `2961` / CD `2960` success、production API readback、desktop / mobile in-app browser smoke;MASTER §3.2.1b / §3.2.1d / §3.4.3 | | AI Agent 主動營運委派與版本生命週期 | 100% | P2-402A / P2-402B / P2-402C / P2-402D / P2-402E / P2-402F / P2-402G 已完成;已建立 repo-only 版本新鮮度快照、工具採用批准包、Telegram action-required digest policy、Gitea PR 草案 lane、host / K3s / stateful 版本只讀盤點、API 與 governance UI。定期排程、外部版本查詢、工具安裝、CI 變更、套件升級、主機更新、container pull、實際 PR creation、auto merge、Telegram 實發、SSH、kubectl、重啟仍未開 gate | `ai_agent_proactive_operations_contract_v1`、`ai_agent_version_freshness_snapshot_v1`、`ai_agent_tool_adoption_approval_package_v1`、`ai_agent_telegram_action_required_digest_policy_v1`、`ai_agent_gitea_pr_draft_lane_v1`、`ai_agent_host_stateful_version_inventory_v1`、`GET /api/v1/agents/agent-proactive-operations-contract`、`GET /api/v1/agents/agent-version-freshness-snapshot`、`GET /api/v1/agents/agent-tool-adoption-approval-package`、`GET /api/v1/agents/agent-telegram-action-required-digest-policy`、`GET /api/v1/agents/agent-gitea-pr-draft-lane`、`GET /api/v1/agents/agent-host-stateful-version-inventory`、`/zh-TW/governance?tab=automation-inventory`、MASTER §3.2.1c | | 12-Agent War Room 編組 | 72% | 12 個邏輯工位與分批派工規則已正式部署;OpenClaw / Hermes / NemoTron / SRE / Security / DevOps / Data/DR / Supply Chain / Product/UI / QA / Market / Telegram 共 12 份只讀審查已回收;schema / committed snapshot / API / tests / governance UI 區塊 / production API readback / desktop + mobile in-app browser smoke 已完成;runtime writer、Telegram send、Bot API、production write 仍未批准 | `ai_agent_12_agent_war_room_v1`、`docs/evaluations/ai_agent_12_agent_war_room_2026-06-14.json`、`GET /api/v1/agents/agent-12-agent-war-room`、feature commit `5de4b3f3`、deploy marker `1a2c9e36`、Gitea CD run `4232` success、`/zh-TW/governance?tab=automation-inventory`、12 份 Codex sub-agent 只讀回饋 | -| AI Agent 專業任務擴展與 Telegram Runtime Bridge | 92% | P2-405C 已完成只讀契約、正式 API、治理頁 P2-405C 卡片、6 種 Telegram no-send preview、6 個 dedup key、6 組 receipt expectation、1 份 canary approval package、1 份 canary send approval packet、7 個批准欄位、6 個停止條件、5 步 mute / rollback 與 6 個 receipt readback check;24 類專業任務、8 個領域、5 段 Telegram bridge、6 種訊息類型、MCP/RAG stack、日報 / 週報 / 月報 / action-required 報告契約已固定;Telegram 實發、Gateway queue、Bot API、delivery receipt production write、secret read、paid API、host write、kubectl action 仍全部關閉 | `ai_agent_professional_task_expansion_v1`、`docs/evaluations/ai_agent_professional_task_expansion_2026-06-16_1015_p2_405c.json`、`GET /api/v1/agents/agent-professional-task-expansion`、`/zh-TW/governance?tab=automation-inventory`、`docs/ai/AI_AGENT_PROFESSIONAL_TASK_EXPANSION_2026-06-15.md`、需批准任務 `19`、no-send preview `6`、dedup key `6`、receipt expectation `6`、canary package `1`、canary send approval packet `1`、批准欄位 `7`、停止條件 `6`、preview / canary live write `0`;下一步 P2-405D canary delivery gate | +| AI Agent 專業任務擴展與 Telegram Runtime Bridge | 96% | P2-405D 已完成只讀契約、正式 API、治理頁 P2-405D 卡片、6 種 Telegram no-send preview、6 個 dedup key、6 組 receipt expectation、1 份 canary approval package、1 份 canary send approval packet、1 份 canary delivery gate、8 個交付必填欄位、8 個 preflight check、7 個 hold reason、7 個 readback check、5 個 rollback / mute control;24 類專業任務、8 個領域、5 段 Telegram bridge、6 種訊息類型、MCP/RAG stack、日報 / 週報 / 月報 / action-required 報告契約已固定;Telegram 實發、Gateway queue、Bot API、delivery receipt production write、secret read、paid API、host write、kubectl action 仍全部關閉 | `ai_agent_professional_task_expansion_v1`、`docs/evaluations/ai_agent_professional_task_expansion_2026-06-16_1108_p2_405d.json`、`GET /api/v1/agents/agent-professional-task-expansion`、`/zh-TW/governance?tab=automation-inventory`、`docs/ai/AI_AGENT_PROFESSIONAL_TASK_EXPANSION_2026-06-15.md`、需批准任務 `19`、no-send preview `6`、dedup key `6`、receipt expectation `6`、canary package `1`、canary send approval packet `1`、delivery gate `1`、交付欄位 `8`、preflight `8`、hold reason `7`、preview / canary / delivery live write `0`;下一步 P2-405E canary dry-run delivery rehearsal | | Owner response 預檢與拒收邊界 | 100% | P2-143 已完成正式部署與 production readback;承接 P2-141 input prep 與 P2-142 War Room,只建立 owner / verifier / rollback / maintenance / live-apply 五類外部回覆的 intake 預檢、必填欄位與拒收規則;正式 owner response 尚未收到、未接受、未寫入 | `ai_agent_result_capture_release_decision_owner_response_preflight_v1`、`GET /api/v1/agents/agent-result-capture-release-decision-owner-response-preflight`、feature commit `755b0a8d`、deploy marker `667d6329`、Gitea code-review `2961` / CD `2960` success、5 個 response intake lane、18 個 required owner field、6 個 validation check、6 個 rejection guard、5 個 operator action;owner response received / accepted / redacted payload / reviewer queue / Gateway / Telegram / Bot API / production write / secret read / destructive operation 全為 `0` | | Owner response 回讀狀態 | 100% | P2-144 已完成正式部署與 production readback;承接 P2-143 preflight,只讀回五類外部回覆仍未收到、未接受、未拒絕、未保存 | `ai_agent_result_capture_release_decision_owner_response_readback_v1`、`GET /api/v1/agents/agent-result-capture-release-decision-owner-response-readback`、feature commit `8795f100`、deploy marker `ac938037`、Gitea code-review `2965` / CD `2964` success、5 個 response readback lane、18 個 required owner field、6 個 readback validation check、6 個 readback rejection guard、5 個 operator action、waiting external response `5`、no external response received `5`;owner response received / accepted / redacted payload / reviewer queue / Gateway / Telegram / Bot API / production write / secret read / destructive operation 全為 `0` | | 本工作清單與分析報告 | 100% | 已完成 | 本 MD 文件 | +### 2026-06-16 11:08 狀態同步 + +- `P2-405D` AI Agent TG Canary Delivery Gate 已本地完成:新增 `docs/evaluations/ai_agent_professional_task_expansion_2026-06-16_1108_p2_405d.json`,current `P2-405D`、next `P2-405E`、completion `96`。 +- P2-405D 固定 1 份 canary delivery gate、8 個 required delivery field、8 個 preflight check、7 個 hold reason、7 個 readback check、5 個 rollback / mute control。 +- 治理頁 `automation-inventory` 已顯示 P2-405D delivery gate、交付必填欄位、preflight、hold reason、delivery approved / attempt allowed / queue / Bot API 狀態。 +- 本地證據:JSON parse、Python compile、AI Agent professional task expansion API/service regression `20 passed`、Web typecheck、安全掃描與 diff check 通過。 +- Telegram send、Gateway queue write、Bot API call、delivery receipt production write、secret read、paid API、host write、kubectl action、production write 全部仍為 `0 / false`;P2-405E 才能進入受控 dry-run delivery rehearsal,且不得實發。 + ### 2026-06-16 10:15 狀態同步 - `P2-405C` AI Agent TG Canary 發送批准包已本地完成:新增 `docs/evaluations/ai_agent_professional_task_expansion_2026-06-16_1015_p2_405c.json`,current `P2-405C`、next `P2-405D`、completion `92`。 @@ -1425,7 +1433,7 @@ UI: ## 13. 立即執行順序 1. P2-004:依賴 / 供應鏈漂移監控,保持只讀觀察與批准包邊界。 -2. P2-405D:AI Agent Telegram canary delivery gate;只有統帥明確批准發送時間窗、單一訊息類型、目標 env ref、receipt readback owner、mute / rollback plan 與停止條件後,才可進入受控 canary delivery;未批准前仍不得實發。 +2. P2-405E:AI Agent Telegram canary dry-run delivery rehearsal;只有統帥明確批准 delivery 欄位、單一訊息類型、目標 env ref、receipt readback owner、mute / rollback plan 與停止條件後,才可進入受控 dry-run rehearsal;未批准前仍不得實發。 3. P3-001:外部 Agent / SDK / API 相關能力仍需證據、費用批准與 shadow / canary 關卡。 ## 14. 目前風險 diff --git a/docs/ai/AI_AGENT_PROFESSIONAL_TASK_EXPANSION_2026-06-15.md b/docs/ai/AI_AGENT_PROFESSIONAL_TASK_EXPANSION_2026-06-15.md index 6b1a15b3..faa86cb0 100644 --- a/docs/ai/AI_AGENT_PROFESSIONAL_TASK_EXPANSION_2026-06-15.md +++ b/docs/ai/AI_AGENT_PROFESSIONAL_TASK_EXPANSION_2026-06-15.md @@ -1,14 +1,14 @@ # AI Agent 專業任務擴展與 Telegram Runtime Bridge 工作報告 > 日期:2026-06-16(台北時間) -> 狀態:P2-405C 已完成 Canary 發送批准包、7 個必填批准欄位、6 個停止條件、5 步 mute / rollback、6 個 receipt readback check、API guard、測試與治理頁可視化;Telegram 實發仍未啟用。 +> 狀態:P2-405D 已完成 Telegram Canary Delivery Gate、8 個交付必填欄位、8 個 preflight check、7 個 hold reason、7 個 readback check、5 個 rollback / mute 控制、API guard、測試與治理頁可視化;Telegram 實發仍未啟用。 > 事實來源:`ai_agent_professional_task_expansion_v1` ## 1. 結論 -本輪把「AI Agent 還能處理哪些專業工作」正式產品化成 24 類專業任務,並把 Telegram 群組 / TG Bot 整合拆成 5 段啟動前閘門。P2-405C 進一步把第一次 Canary 發送前必須由統帥確認的批准欄位、停止條件、mute / rollback 與 receipt readback plan 顯示到治理頁。 +本輪把「AI Agent 還能處理哪些專業工作」正式產品化成 24 類專業任務,並把 Telegram 群組 / TG Bot 整合拆成 5 段啟動前閘門。P2-405D 進一步把第一次 Canary delivery 前必須由統帥確認的交付欄位、preflight、hold reason、rollback / mute 與 readback plan 顯示到治理頁。 -這不是直接讓 AI Agent 發 Telegram 或改 production;目前只允許 no-send preview、queue preview readback、owner review、canary approval package 與 canary send approval packet。真正送到 **AwoooI SRE 戰情室** 必須先通過統帥明確批准、approved canary、dedup、receipt、redaction、OpenClaw 仲裁、Security gate 與 QA verifier。 +這不是直接讓 AI Agent 發 Telegram 或改 production;目前只允許 no-send preview、queue preview readback、owner review、canary approval package、canary send approval packet 與 canary delivery gate。真正送到 **AwoooI SRE 戰情室** 必須先通過統帥明確批准、approved canary、dedup、receipt、redaction、OpenClaw 仲裁、Security gate 與 QA verifier。 ## 2. 完成度 @@ -18,8 +18,9 @@ | Telegram Runtime Bridge 契約 | 100% | no-send preview、queue preview、approved canary、日週月報、action-required digest 已分段 | | Telegram no-send 訊息預覽 | 100% | 6 種訊息預覽、6 個 dedup key、6 組 receipt expectation、1 份 canary approval package 已固定 | | Canary 發送批准包 | 100% | 1 份 canary send approval packet、7 個批准欄位、6 個停止條件、5 步 mute / rollback、6 個 receipt readback check 已固定 | +| Canary Delivery Gate | 100% | 1 份 delivery gate、8 個交付必填欄位、8 個 preflight、7 個 hold reason、7 個 readback check、5 個 rollback / mute 控制已固定 | | API / loader | 100% | `GET /api/v1/agents/agent-professional-task-expansion` 只讀輸出 | -| 治理頁可視化 | 100% | `/zh-TW/governance?tab=automation-inventory` 顯示任務、風險、TG bridge、preview、dedup、receipt、canary 與 live/send/write=0 | +| 治理頁可視化 | 100% | `/zh-TW/governance?tab=automation-inventory` 顯示任務、風險、TG bridge、preview、dedup、receipt、canary、delivery gate 與 live/send/write=0 | | Telegram 實發 | 0% | `telegram_send_count=0`、`bot_api_call_count=0`、`gateway_queue_write_count=0` | | Runtime 自動優化 | 0% | production write、host write、kubectl、paid API、secret read 全部維持 0 | @@ -74,7 +75,24 @@ Canary 發送批准包固定 6 個停止條件、5 步 mute / rollback plan、6 個 receipt readback check;`canary_send_execution_enabled`、`gateway_queue_write_enabled`、`bot_api_call_enabled`、`delivery_receipt_write_enabled`、`production_write_enabled`、`secret_read_enabled`、`paid_api_enabled` 全部仍為 `false`。 -## 7. 專業任務總覽 +## 7. P2-405D Canary Delivery Gate + +目前 canary delivery gate 狀態為 `blocked_waiting_commander_delivery_fields`,`gate_ready=true`,但 `delivery_approved=false`、`delivery_attempt_allowed=false`、`selected_message_type=not_selected`、`approved_time_window=not_approved`、`target_room_verified=false`。 + +| 必填交付欄位 | 目前狀態 | 邊界 | +|---|---|---| +| 統帥批准本次 delivery | waiting input | 未批准不得交付 | +| 單一訊息類型 | waiting input | 不允許多訊息型別同時交付 | +| 交付時間窗 | waiting input | 無時間窗即 hold | +| 目標 env ref | waiting input | 只顯示 env ref,不顯示 room value | +| receipt readback owner | waiting input | 未指定 owner 即 hold | +| mute / rollback plan | waiting input | 錯誤時必須可停用 | +| failure stop condition | waiting input | 任一失敗停止,不重試洗版 | +| dry-run readback evidence ref | waiting input | 必須先有只讀證據 | + +Canary delivery gate 固定 8 個 preflight check、7 個 hold reason、7 個 readback check 與 5 個 rollback / mute control;`live_delivery_enabled`、`gateway_queue_write_enabled`、`bot_api_call_enabled`、`delivery_receipt_write_enabled`、`production_write_enabled`、`secret_read_enabled`、`paid_api_enabled` 全部仍為 `false`。 + +## 8. 專業任務總覽 | 領域 | 任務數 | 代表任務 | 主責 | |---|---:|---|---| @@ -87,7 +105,7 @@ Canary 發送批准包固定 6 個停止條件、5 步 mute / rollback plan、6 | AI Governance / Replay / Market | 4 | market watch、NemoTron replay、cost forecast、runbook/postmortem | OpenClaw / NemoTron / Hermes | | Telegram / Reports / Receipts | 3 | digest preview、report truth gate、post-action verifier | Telegram Ops / Hermes / OpenClaw | -## 8. 專業能力層級 +## 9. 專業能力層級 | 層級 | AI Agent 可自動做 | Gate | |---|---|---| @@ -96,7 +114,7 @@ Canary 發送批准包固定 6 個停止條件、5 步 mute / rollback plan、6 | 高風險 | 只產批准包、rollback plan、failure-only digest 草案 | 統帥批准 | | Critical | production write、kubectl、ArgoCD sync、Telegram 實發、secret、restore、host write | 預設 blocked | -## 9. MCP / RAG +## 10. MCP / RAG 首批 MCP:Gitea、Browser、Observability、Telegram Gateway、Package Registry、Database Readonly、Backup Status、ArgoCD Readonly、HTTP Probe、Fixture Store。 @@ -104,7 +122,7 @@ Canary 發送批准包固定 6 個停止條件、5 步 mute / rollback plan、6 成長指標:KM entries、PlayBook updates、recommendations、replay score delta、blocked action prevented count、receipt missing count。 -## 10. 邊界 +## 11. 邊界 - 不直接發 Telegram。 - 不寫 Telegram Gateway queue。 @@ -113,9 +131,9 @@ Canary 發送批准包固定 6 個停止條件、5 步 mute / rollback plan、6 - 不把工作視窗對話、未遮罩提示、私人推理或未遮罩 runtime payload 放進前端或 Telegram。 - 不做 production write、host write、kubectl、ArgoCD sync、restore、rollback、paid API、SDK install。 -## 11. 下一步 +## 12. 下一步 -1. P2-405D:統帥明確批准 canary 發送時間窗、單一訊息類型、目標 env ref、receipt readback owner 與停止條件後,才進入受控 canary delivery gate。 -2. P2-405E:canary 通過後才開日報 / 週報 / 月報 digest delivery。 -3. P2-405F:Action-required digest 只對 failure / high-risk / approval-required 事件開啟。 +1. P2-405E:統帥明確批准 canary delivery 欄位、單一訊息類型、時間窗、目標 env ref、receipt readback owner 與停止條件後,才進入受控 dry-run delivery rehearsal。 +2. P2-405F:canary 通過後才開日報 / 週報 / 月報 digest delivery。 +3. P2-405G:Action-required digest 只對 failure / high-risk / approval-required 事件開啟。 4. P2-405G:把 receipt readback 與 report status board 串起來,但仍需 canary gate 後才能寫正式 receipt。 diff --git a/docs/evaluations/ai_agent_professional_task_expansion_2026-06-16_1108_p2_405d.json b/docs/evaluations/ai_agent_professional_task_expansion_2026-06-16_1108_p2_405d.json new file mode 100644 index 00000000..d17b056b --- /dev/null +++ b/docs/evaluations/ai_agent_professional_task_expansion_2026-06-16_1108_p2_405d.json @@ -0,0 +1,1655 @@ +{ + "schema_version": "ai_agent_professional_task_expansion_v1", + "generated_at": "2026-06-16T11:08:00+08:00", + "program_status": { + "current_priority": "P2", + "current_task_id": "P2-405D", + "next_task_id": "P2-405E", + "overall_completion_percent": 96, + "read_only_mode": true, + "runtime_authority": "professional_task_expansion_and_telegram_bridge_read_only_no_send", + "status_note": "P2-405D 已建立 Telegram Canary Delivery Gate:固定交付前必填欄位、preflight、hold reason、readback 與 rollback/mute 控制;仍維持 read-only / no-send,不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不寫 production receipt、不讀 secret、不用 paid API。" + }, + "source_refs": [ + "docs/ai/AI_AGENT_12_AGENT_WAR_ROOM_2026-06-14.md", + "docs/ai/AI_AGENT_PROACTIVE_OPERATIONS_2026-06-11.md", + "docs/ai/AI_AGENT_INTERACTION_LEARNING_PROOF_2026-06-11.md", + "docs/ai/AI_AGENT_TELEGRAM_ACTION_REQUIRED_DIGEST_POLICY_2026-06-11.md", + "docs/ai/AI_AGENT_DEPLOYMENT_LAYOUT_2026-06-11.md", + "docs/security/MONITORING-OWNER-RESPONSE-ACCEPTANCE.md", + "apps/api/src/services/telegram_gateway.py", + ".gitea/workflows/cd.yaml", + ".gitea/workflows/code-review.yaml" + ], + "telegram_runtime_bridge": { + "canonical_room": "AwoooI SRE 戰情室", + "canonical_room_env": "SRE_GROUP_CHAT_ID", + "gateway_required": true, + "gateway_owner": "telegram_ops_liaison", + "arbiter": "openclaw", + "receipt_owner": "hermes", + "replay_owner": "nemotron", + "no_send_preview_ready": true, + "queue_preview_readback_ready": true, + "approved_canary_required": true, + "direct_bot_api_allowed": false, + "bot_api_call_enabled": false, + "gateway_queue_write_enabled": false, + "telegram_send_enabled": false, + "delivery_receipt_write_enabled": false, + "stages": [ + { + "stage_id": "tg_bridge_01_no_send_preview", + "title": "Telegram no-send preview", + "status": "ready_for_owner_review", + "allowed_output": "脫敏訊息預覽、dedup key、目標群組 metadata、風險層級、需審核選項", + "live_send_enabled": false, + "exit_condition": "OpenClaw + Security + QA 確認不含 secret、raw payload、工作視窗內容與誤導性執行按鈕。" + }, + { + "stage_id": "tg_bridge_02_queue_preview_readback", + "title": "Gateway queue preview readback", + "status": "ready_for_owner_review", + "allowed_output": "queue envelope hash、message type、receipt expectation、rate-limit / dedup plan", + "live_send_enabled": false, + "exit_condition": "Hermes 讀回 preview hash,QA 確認不會寫入 production queue。" + }, + { + "stage_id": "tg_bridge_03_approved_canary", + "title": "Approved canary delivery", + "status": "blocked_until_explicit_approval", + "allowed_output": "單一 approved canary 訊息與 receipt 驗證", + "live_send_enabled": false, + "exit_condition": "統帥明確批准 canary、指定時間窗與 rollback / mute plan。" + }, + { + "stage_id": "tg_bridge_04_daily_weekly_monthly_digest", + "title": "日報 / 週報 / 月報 digest delivery", + "status": "blocked_until_canary_receipt", + "allowed_output": "Agent 工作量、完成度、阻擋項、圖表摘要與 low-noise digest", + "live_send_enabled": false, + "exit_condition": "canary receipt 正常、dedup 有效、成功訊息壓制策略通過。" + }, + { + "stage_id": "tg_bridge_05_action_required_digest", + "title": "Action-required / high-risk approval digest", + "status": "blocked_until_dual_gate", + "allowed_output": "高風險審核卡、owner response 缺口、failure-only escalation", + "live_send_enabled": false, + "exit_condition": "OpenClaw 仲裁、Security gate、QA verifier 與 Telegram receipt 全通過。" + } + ], + "message_types": [ + { + "message_type": "daily_agent_workload_digest", + "cadence": "daily", + "risk_tier": "low", + "owner_agent": "hermes", + "send_policy": "send_after_canary_and_dedup_gate" + }, + { + "message_type": "weekly_governance_summary", + "cadence": "weekly", + "risk_tier": "medium", + "owner_agent": "hermes", + "send_policy": "send_after_canary_and_truth_gate" + }, + { + "message_type": "monthly_growth_report", + "cadence": "monthly", + "risk_tier": "medium", + "owner_agent": "hermes", + "send_policy": "send_after_owner_review" + }, + { + "message_type": "high_risk_approval_card", + "cadence": "event", + "risk_tier": "high", + "owner_agent": "openclaw", + "send_policy": "approval_required_before_send" + }, + { + "message_type": "failure_only_escalation", + "cadence": "event", + "risk_tier": "critical", + "owner_agent": "sre_sentinel", + "send_policy": "failure_only_after_route_lock" + }, + { + "message_type": "report_receipt_gap_alert", + "cadence": "event", + "risk_tier": "medium", + "owner_agent": "telegram_ops_liaison", + "send_policy": "no_send_preview_until_receipt_contract" + } + ], + "no_send_message_previews": [ + { + "preview_id": "p2_405b_preview_daily_agent_workload_digest_v1", + "message_type": "daily_agent_workload_digest", + "title": "AI Agent 日報 no-send 預覽", + "target_room_alias": "awoooi_sre_war_room_env_ref", + "target_room_env": "SRE_GROUP_CHAT_ID", + "owner_agent": "hermes", + "risk_tier": "low", + "status": "preview_ready_no_send", + "dedup_key": "awoooi:agent-report:daily:{yyyy-mm-dd}:v1", + "receipt_expectation_id": "p2_405b_receipt_daily_agent_workload_digest_v1", + "approval_required_before_send": false, + "canary_required_before_live": true, + "send_enabled": false, + "gateway_queue_write_enabled": false, + "bot_api_call_enabled": false, + "delivery_receipt_write_enabled": false, + "sanitized_body_lines": [ + "AWOOOI AI Agent 日報", + "今日完成度、工作量、阻擋項與低風險自動處理摘要。", + "所有成功煙霧訊號只彙整,不逐筆洗版。", + "live / send / write 計數維持 0,等待 canary gate。" + ], + "redaction_checks": [ + "不含機密明文", + "不含未遮罩工作上下文", + "不含未遮罩 runtime payload", + "不含可執行修復指令", + "不含誤導性成功宣告" + ] + }, + { + "preview_id": "p2_405b_preview_weekly_governance_summary_v1", + "message_type": "weekly_governance_summary", + "title": "AI Agent 週報 no-send 預覽", + "target_room_alias": "awoooi_sre_war_room_env_ref", + "target_room_env": "SRE_GROUP_CHAT_ID", + "owner_agent": "hermes", + "risk_tier": "medium", + "status": "preview_ready_no_send", + "dedup_key": "awoooi:agent-report:weekly:{iso-week}:v1", + "receipt_expectation_id": "p2_405b_receipt_weekly_governance_summary_v1", + "approval_required_before_send": false, + "canary_required_before_live": true, + "send_enabled": false, + "gateway_queue_write_enabled": false, + "bot_api_call_enabled": false, + "delivery_receipt_write_enabled": false, + "sanitized_body_lines": [ + "AWOOOI AI Agent 週報", + "本週專業任務、模型市場 watch、治理 gate 與未完成 owner response 摘要。", + "中風險項目只列 proposal / dry-run,不列正式執行結果。", + "任何需要批准的項目改送 action-required digest 草案。" + ], + "redaction_checks": [ + "不含機密明文", + "不含未遮罩工作上下文", + "不含未遮罩 runtime payload", + "不含可執行修復指令", + "不含誤導性成功宣告" + ] + }, + { + "preview_id": "p2_405b_preview_monthly_growth_report_v1", + "message_type": "monthly_growth_report", + "title": "AI Agent 月報 no-send 預覽", + "target_room_alias": "awoooi_sre_war_room_env_ref", + "target_room_env": "SRE_GROUP_CHAT_ID", + "owner_agent": "hermes", + "risk_tier": "medium", + "status": "preview_ready_no_send", + "dedup_key": "awoooi:agent-report:monthly:{yyyy-mm}:v1", + "receipt_expectation_id": "p2_405b_receipt_monthly_growth_report_v1", + "approval_required_before_send": true, + "canary_required_before_live": true, + "send_enabled": false, + "gateway_queue_write_enabled": false, + "bot_api_call_enabled": false, + "delivery_receipt_write_enabled": false, + "sanitized_body_lines": [ + "AWOOOI AI Agent 月報", + "智慧成長指標、PlayBook 更新、replay 分數變化與 blocked action 防護數。", + "成本、容量、版本更新與外部 Agent 市場候選以審核建議呈現。", + "月報首次實發前需要 owner review 與 canary receipt。" + ], + "redaction_checks": [ + "不含機密明文", + "不含未遮罩工作上下文", + "不含未遮罩 runtime payload", + "不含可執行修復指令", + "不含誤導性成功宣告" + ] + }, + { + "preview_id": "p2_405b_preview_high_risk_approval_card_v1", + "message_type": "high_risk_approval_card", + "title": "高風險審核卡 no-send 預覽", + "target_room_alias": "awoooi_sre_war_room_env_ref", + "target_room_env": "SRE_GROUP_CHAT_ID", + "owner_agent": "openclaw", + "risk_tier": "high", + "status": "preview_ready_no_send", + "dedup_key": "awoooi:agent-approval:{risk}:{work-item-id}:v1", + "receipt_expectation_id": "p2_405b_receipt_high_risk_approval_card_v1", + "approval_required_before_send": true, + "canary_required_before_live": true, + "send_enabled": false, + "gateway_queue_write_enabled": false, + "bot_api_call_enabled": false, + "delivery_receipt_write_enabled": false, + "sanitized_body_lines": [ + "AWOOOI 高風險 AI Agent 審核卡", + "列出候選動作、風險、rollback plan、verifier plan 與 owner 缺口。", + "審核卡不等於 runtime authorization,按鈕與指令預設不顯示。", + "OpenClaw 仲裁、Security gate 與 QA verifier 必須全部通過。" + ], + "redaction_checks": [ + "不含機密明文", + "不含未遮罩工作上下文", + "不含未遮罩 runtime payload", + "不含可執行修復指令", + "不含誤導性成功宣告" + ] + }, + { + "preview_id": "p2_405b_preview_failure_only_escalation_v1", + "message_type": "failure_only_escalation", + "title": "Failure-only 升級 no-send 預覽", + "target_room_alias": "awoooi_sre_war_room_env_ref", + "target_room_env": "SRE_GROUP_CHAT_ID", + "owner_agent": "sre_sentinel", + "risk_tier": "critical", + "status": "preview_ready_no_send", + "dedup_key": "awoooi:agent-failure:{alertname}:{target}:{window}:v1", + "receipt_expectation_id": "p2_405b_receipt_failure_only_escalation_v1", + "approval_required_before_send": true, + "canary_required_before_live": true, + "send_enabled": false, + "gateway_queue_write_enabled": false, + "bot_api_call_enabled": false, + "delivery_receipt_write_enabled": false, + "sanitized_body_lines": [ + "AWOOOI failure-only 升級通知", + "只在失敗、阻擋或高風險審核缺口時產生,不發成功噪音。", + "包含 blocker summary、下一步、owner 欄位與 verifier plan。", + "任何修復執行仍需獨立批准與 post-action verifier。" + ], + "redaction_checks": [ + "不含機密明文", + "不含未遮罩工作上下文", + "不含未遮罩 runtime payload", + "不含可執行修復指令", + "不含誤導性成功宣告" + ] + }, + { + "preview_id": "p2_405b_preview_report_receipt_gap_alert_v1", + "message_type": "report_receipt_gap_alert", + "title": "報表回執缺口 no-send 預覽", + "target_room_alias": "awoooi_sre_war_room_env_ref", + "target_room_env": "SRE_GROUP_CHAT_ID", + "owner_agent": "telegram_ops_liaison", + "risk_tier": "medium", + "status": "preview_ready_no_send", + "dedup_key": "awoooi:agent-receipt-gap:{message-type}:{window}:v1", + "receipt_expectation_id": "p2_405b_receipt_report_receipt_gap_alert_v1", + "approval_required_before_send": true, + "canary_required_before_live": true, + "send_enabled": false, + "gateway_queue_write_enabled": false, + "bot_api_call_enabled": false, + "delivery_receipt_write_enabled": false, + "sanitized_body_lines": [ + "AWOOOI 報表回執缺口提示", + "用來指出 preview hash、dedup key、canary receipt 或 readback evidence 不完整。", + "此提示本身仍是 no-send preview,不寫 delivery receipt。", + "修復方向只產生 owner review 項目,不自動改 Gateway。" + ], + "redaction_checks": [ + "不含機密明文", + "不含未遮罩工作上下文", + "不含未遮罩 runtime payload", + "不含可執行修復指令", + "不含誤導性成功宣告" + ] + } + ], + "dedup_policy": { + "required": true, + "key_count": 6, + "collision_policy": "drop_duplicate_and_raise_preview_gap_without_send", + "preview_hash_algorithm": "sha256_preview_only", + "live_cache_write_enabled": false, + "keys": [ + { + "message_type": "daily_agent_workload_digest", + "key_template": "awoooi:agent-report:daily:{yyyy-mm-dd}:v1", + "owner_agent": "hermes", + "risk_tier": "low", + "window": "daily", + "live_cache_write_enabled": false + }, + { + "message_type": "weekly_governance_summary", + "key_template": "awoooi:agent-report:weekly:{iso-week}:v1", + "owner_agent": "hermes", + "risk_tier": "medium", + "window": "event_or_cadence_window", + "live_cache_write_enabled": false + }, + { + "message_type": "monthly_growth_report", + "key_template": "awoooi:agent-report:monthly:{yyyy-mm}:v1", + "owner_agent": "hermes", + "risk_tier": "medium", + "window": "event_or_cadence_window", + "live_cache_write_enabled": false + }, + { + "message_type": "high_risk_approval_card", + "key_template": "awoooi:agent-approval:{risk}:{work-item-id}:v1", + "owner_agent": "openclaw", + "risk_tier": "high", + "window": "event_or_cadence_window", + "live_cache_write_enabled": false + }, + { + "message_type": "failure_only_escalation", + "key_template": "awoooi:agent-failure:{alertname}:{target}:{window}:v1", + "owner_agent": "sre_sentinel", + "risk_tier": "critical", + "window": "event_or_cadence_window", + "live_cache_write_enabled": false + }, + { + "message_type": "report_receipt_gap_alert", + "key_template": "awoooi:agent-receipt-gap:{message-type}:{window}:v1", + "owner_agent": "telegram_ops_liaison", + "risk_tier": "medium", + "window": "event_or_cadence_window", + "live_cache_write_enabled": false + } + ] + }, + "queue_preview_readback": { + "enabled": true, + "preview_only": true, + "write_enabled": false, + "readback_enabled": true, + "envelope_fields": [ + "message_type", + "dedup_key", + "sanitized_preview_hash", + "target_room_env_ref", + "risk_tier", + "approval_gate" + ], + "readback_checks": [ + "preview hash 必須與治理頁顯示一致", + "dedup key 必須唯一", + "target room 只能顯示 env ref", + "所有 send / queue / bot flags 必須為 false" + ] + }, + "receipt_expectations": [ + { + "receipt_id": "p2_405b_receipt_daily_agent_workload_digest_v1", + "message_type": "daily_agent_workload_digest", + "preview_id": "p2_405b_preview_daily_agent_workload_digest_v1", + "expected_signal": "preview_hash_and_dedup_key_match_after_approved_canary", + "required_evidence_refs": [ + "sanitized_preview_hash", + "dedup_key", + "target_room_env_ref", + "canary_window_ref", + "gateway_preview_readback_ref" + ], + "receipt_write_enabled": false, + "production_receipt_readback_enabled": false, + "missing_receipt_policy": "create_report_receipt_gap_alert_preview_only" + }, + { + "receipt_id": "p2_405b_receipt_weekly_governance_summary_v1", + "message_type": "weekly_governance_summary", + "preview_id": "p2_405b_preview_weekly_governance_summary_v1", + "expected_signal": "preview_hash_and_dedup_key_match_after_approved_canary", + "required_evidence_refs": [ + "sanitized_preview_hash", + "dedup_key", + "target_room_env_ref", + "canary_window_ref", + "gateway_preview_readback_ref" + ], + "receipt_write_enabled": false, + "production_receipt_readback_enabled": false, + "missing_receipt_policy": "create_report_receipt_gap_alert_preview_only" + }, + { + "receipt_id": "p2_405b_receipt_monthly_growth_report_v1", + "message_type": "monthly_growth_report", + "preview_id": "p2_405b_preview_monthly_growth_report_v1", + "expected_signal": "preview_hash_and_dedup_key_match_after_approved_canary", + "required_evidence_refs": [ + "sanitized_preview_hash", + "dedup_key", + "target_room_env_ref", + "canary_window_ref", + "gateway_preview_readback_ref" + ], + "receipt_write_enabled": false, + "production_receipt_readback_enabled": false, + "missing_receipt_policy": "create_report_receipt_gap_alert_preview_only" + }, + { + "receipt_id": "p2_405b_receipt_high_risk_approval_card_v1", + "message_type": "high_risk_approval_card", + "preview_id": "p2_405b_preview_high_risk_approval_card_v1", + "expected_signal": "preview_hash_and_dedup_key_match_after_approved_canary", + "required_evidence_refs": [ + "sanitized_preview_hash", + "dedup_key", + "target_room_env_ref", + "canary_window_ref", + "gateway_preview_readback_ref" + ], + "receipt_write_enabled": false, + "production_receipt_readback_enabled": false, + "missing_receipt_policy": "create_report_receipt_gap_alert_preview_only" + }, + { + "receipt_id": "p2_405b_receipt_failure_only_escalation_v1", + "message_type": "failure_only_escalation", + "preview_id": "p2_405b_preview_failure_only_escalation_v1", + "expected_signal": "preview_hash_and_dedup_key_match_after_approved_canary", + "required_evidence_refs": [ + "sanitized_preview_hash", + "dedup_key", + "target_room_env_ref", + "canary_window_ref", + "gateway_preview_readback_ref" + ], + "receipt_write_enabled": false, + "production_receipt_readback_enabled": false, + "missing_receipt_policy": "create_report_receipt_gap_alert_preview_only" + }, + { + "receipt_id": "p2_405b_receipt_report_receipt_gap_alert_v1", + "message_type": "report_receipt_gap_alert", + "preview_id": "p2_405b_preview_report_receipt_gap_alert_v1", + "expected_signal": "preview_hash_and_dedup_key_match_after_approved_canary", + "required_evidence_refs": [ + "sanitized_preview_hash", + "dedup_key", + "target_room_env_ref", + "canary_window_ref", + "gateway_preview_readback_ref" + ], + "receipt_write_enabled": false, + "production_receipt_readback_enabled": false, + "missing_receipt_policy": "create_report_receipt_gap_alert_preview_only" + } + ], + "canary_approval_package": { + "package_id": "p2_405b_telegram_canary_approval_package_v1", + "status": "blocked_until_explicit_approval", + "package_ready": true, + "approval_required": true, + "target_room_alias": "awoooi_sre_war_room_env_ref", + "target_room_env": "SRE_GROUP_CHAT_ID", + "arbiter": "openclaw", + "owner_agent": "telegram_ops_liaison", + "reviewers": [ + "security_sentinel", + "qa_verifier", + "hermes" + ], + "message_type_scope": [ + "daily_agent_workload_digest", + "weekly_governance_summary", + "monthly_growth_report", + "high_risk_approval_card", + "failure_only_escalation", + "report_receipt_gap_alert" + ], + "required_approval_inputs": [ + "統帥批准 canary 時間窗", + "可接受的單一訊息類型", + "mute / rollback plan", + "receipt readback owner", + "失敗時停止條件" + ], + "approval_checklist": [ + "OpenClaw 仲裁通過", + "Security redaction gate 通過", + "QA verifier 確認 no-send preview 與 receipt expectation", + "Hermes 確認報告真實性 gate", + "Telegram Ops 確認 dedup 與 rate-limit plan" + ], + "live_send_enabled": false, + "gateway_queue_write_enabled": false, + "bot_api_call_enabled": false, + "delivery_receipt_write_enabled": false, + "production_write_enabled": false + }, + "no_send_preview_completion_percent": 100, + "canary_approval_package_completion_percent": 100, + "canary_send_approval_packet": { + "packet_id": "p2_405c_approved_canary_send_approval_packet_v1", + "status": "waiting_explicit_commander_approval", + "packet_ready": true, + "approval_required": true, + "approval_granted": false, + "recommended_first_message_type": "daily_agent_workload_digest", + "selected_message_type": "not_selected", + "eligible_message_types": [ + "daily_agent_workload_digest", + "weekly_governance_summary", + "monthly_growth_report", + "high_risk_approval_card", + "failure_only_escalation", + "report_receipt_gap_alert" + ], + "target_room_alias": "awoooi_sre_war_room_env_ref", + "target_room_env": "SRE_GROUP_CHAT_ID", + "target_room_value_visible": false, + "proposed_time_window": "waiting_commander_input", + "owner_agent": "telegram_ops_liaison", + "arbiter": "openclaw", + "reviewers": [ + "security_sentinel", + "qa_verifier", + "hermes" + ], + "operator_approval_fields": [ + { + "field_id": "commander_approval", + "label": "統帥批准 canary 實發", + "required": true, + "current_value_status": "waiting_input", + "value_display_allowed": false + }, + { + "field_id": "selected_message_type", + "label": "單一訊息類型", + "required": true, + "current_value_status": "waiting_input", + "value_display_allowed": false + }, + { + "field_id": "scheduled_window", + "label": "發送時間窗", + "required": true, + "current_value_status": "waiting_input", + "value_display_allowed": false + }, + { + "field_id": "target_room_env_ref", + "label": "目標群組 env ref", + "required": true, + "current_value_status": "waiting_input", + "value_display_allowed": false + }, + { + "field_id": "mute_rollback_plan", + "label": "mute / rollback plan", + "required": true, + "current_value_status": "waiting_input", + "value_display_allowed": false + }, + { + "field_id": "receipt_readback_owner", + "label": "receipt readback owner", + "required": true, + "current_value_status": "waiting_input", + "value_display_allowed": false + }, + { + "field_id": "failure_stop_condition", + "label": "失敗停止條件", + "required": true, + "current_value_status": "waiting_input", + "value_display_allowed": false + } + ], + "rate_limit_plan": { + "max_messages": 1, + "window": "single_canary_only", + "cooldown_after_attempt_minutes": 60, + "duplicate_policy": "dedup_key_must_drop_duplicate_before_send", + "live_rate_limit_write_enabled": false + }, + "mute_rollback_plan": [ + "若 preview hash 與 approval packet 不一致,停止 canary。", + "若 dedup key collision 或 receipt expectation 缺欄位,停止 canary。", + "若 Telegram Gateway 回報未知錯誤,停止後只產 report_receipt_gap_alert preview。", + "若訊息內容被 Security / QA 判定含敏感或誤導語意,停止 canary。", + "若超過指定時間窗未發送,批准自動過期。" + ], + "receipt_readback_plan": { + "owner_agent": "hermes", + "required_checks": [ + "preview_id 對應已批准 message_type", + "dedup_key 對應 approved packet", + "target_room 只以 env ref 比對", + "gateway envelope hash 對應 no-send preview hash", + "delivery receipt 不含 token 或 chat id value", + "failure path 只產 no-send receipt gap preview" + ], + "production_receipt_write_enabled": false, + "receipt_readback_enabled_before_send": false + }, + "stop_conditions": [ + "未取得統帥明確批准", + "未選定單一訊息類型", + "未指定時間窗", + "redaction / QA / OpenClaw 任一 gate 失敗", + "dedup key 不唯一或 preview hash 不一致", + "Gateway、Bot API 或 receipt write 任一 flag 不是 false" + ], + "execution_flags": { + "canary_send_execution_enabled": false, + "gateway_queue_write_enabled": false, + "bot_api_call_enabled": false, + "delivery_receipt_write_enabled": false, + "production_write_enabled": false, + "secret_read_enabled": false, + "paid_api_enabled": false + }, + "approval_decision_log": [] + }, + "canary_send_approval_packet_ready": true, + "canary_send_approval_granted": false, + "canary_send_execution_enabled": false, + "canary_send_approval_packet_completion_percent": 100, + "canary_delivery_gate": { + "gate_id": "p2_405d_canary_delivery_gate_v1", + "status": "blocked_waiting_commander_delivery_fields", + "gate_ready": true, + "delivery_approved": false, + "delivery_attempt_allowed": false, + "selected_message_type": "not_selected", + "selected_message_type_source": "waiting_commander_input", + "target_room_alias": "AwoooI SRE 戰情室", + "target_room_env": "SRE_GROUP_CHAT_ID", + "target_room_value_visible": false, + "target_room_verified": false, + "proposed_time_window": "waiting_commander_input", + "approved_time_window": "not_approved", + "owner_agent": "telegram_ops_liaison", + "arbiter": "openclaw", + "reviewers": [ + "security_sentinel", + "qa_verifier", + "hermes", + "sre_sentinel" + ], + "required_delivery_fields": [ + { + "field_id": "commander_delivery_approval", + "label": "統帥批准本次 canary delivery", + "required": true, + "current_value_status": "waiting_input", + "value_display_allowed": false + }, + { + "field_id": "selected_message_type", + "label": "單一訊息類型", + "required": true, + "current_value_status": "waiting_input", + "value_display_allowed": false + }, + { + "field_id": "delivery_time_window", + "label": "交付時間窗", + "required": true, + "current_value_status": "waiting_input", + "value_display_allowed": false + }, + { + "field_id": "target_room_env_ref", + "label": "目標群組 env ref", + "required": true, + "current_value_status": "waiting_input", + "value_display_allowed": false + }, + { + "field_id": "receipt_readback_owner", + "label": "receipt readback owner", + "required": true, + "current_value_status": "waiting_input", + "value_display_allowed": false + }, + { + "field_id": "mute_rollback_plan", + "label": "mute / rollback plan", + "required": true, + "current_value_status": "waiting_input", + "value_display_allowed": false + }, + { + "field_id": "failure_stop_condition", + "label": "失敗停止條件", + "required": true, + "current_value_status": "waiting_input", + "value_display_allowed": false + }, + { + "field_id": "dry_run_readback_ref", + "label": "dry-run readback evidence ref", + "required": true, + "current_value_status": "waiting_input", + "value_display_allowed": false + } + ], + "preflight_checks": [ + "packet_ready_true", + "approval_fields_complete", + "single_message_type_selected", + "time_window_approved", + "target_room_env_ref_only", + "dedup_key_reserved_preview_only", + "receipt_readback_owner_assigned", + "stop_condition_confirmed" + ], + "hold_reasons": [ + "commander_delivery_approval_missing", + "selected_message_type_missing", + "delivery_time_window_missing", + "receipt_readback_owner_missing", + "target_room_value_hidden", + "gateway_queue_write_disabled", + "bot_api_call_disabled" + ], + "delivery_attempt_plan": { + "max_messages": 1, + "dry_run_message_type": "daily_agent_workload_digest", + "dedup_key_template": "awoooi:agent-report:daily:{yyyy-mm-dd}:v1", + "send_mode": "blocked_no_send", + "live_delivery_enabled": false, + "gateway_queue_write_enabled": false, + "bot_api_call_enabled": false, + "delivery_receipt_write_enabled": false, + "production_write_enabled": false, + "secret_read_enabled": false, + "paid_api_enabled": false + }, + "readback_after_approval_plan": { + "owner_agent": "hermes", + "enabled_before_delivery": false, + "production_receipt_write_enabled": false, + "required_checks": [ + "approved_packet_id_matches_delivery_gate", + "selected_message_type_matches_preview", + "dedup_key_matches_reserved_template", + "target_room_checked_by_env_ref_only", + "gateway_envelope_hash_matches_preview", + "receipt_owner_acknowledged", + "failure_path_keeps_no_send_receipt_gap_preview" + ] + }, + "rollback_mute_controls": [ + "approval_expires_outside_time_window", + "mute_if_gateway_error_unknown", + "mute_if_receipt_missing_after_window", + "rollback_to_no_send_preview_only", + "escalate_action_required_preview_only" + ], + "execution_flags": { + "live_delivery_enabled": false, + "gateway_queue_write_enabled": false, + "bot_api_call_enabled": false, + "delivery_receipt_write_enabled": false, + "production_write_enabled": false, + "secret_read_enabled": false, + "paid_api_enabled": false + }, + "delivery_decision_log": [] + }, + "canary_delivery_gate_ready": true, + "canary_delivery_approved": false, + "canary_delivery_attempt_allowed": false, + "canary_delivery_gate_completion_percent": 100 + }, + "professional_task_domains": [ + { + "domain_id": "sre_observability", + "label": "SRE / Observability", + "owner_agent": "sre_sentinel" + }, + { + "domain_id": "security_iwooos", + "label": "Security / IwoooS", + "owner_agent": "security_sentinel" + }, + { + "domain_id": "devops_release", + "label": "DevOps / Release", + "owner_agent": "devops_commander" + }, + { + "domain_id": "data_dr", + "label": "Data / Backup / DR", + "owner_agent": "data_dr_guardian" + }, + { + "domain_id": "supply_chain", + "label": "Supply Chain / Versions", + "owner_agent": "supply_chain_scout" + }, + { + "domain_id": "product_quality", + "label": "Product / UI / QA", + "owner_agent": "product_ui_curator" + }, + { + "domain_id": "ai_governance", + "label": "AI Governance / Replay / Market", + "owner_agent": "openclaw" + }, + { + "domain_id": "telegram_reporting", + "label": "Telegram / Reports / Receipts", + "owner_agent": "telegram_ops_liaison" + } + ], + "professional_tasks": [ + { + "task_id": "pro_task_001_incident_correlation", + "title": "跨來源 incident correlation 與根因候選排序", + "domain_id": "sre_observability", + "owner_agent": "sre_sentinel", + "supporting_agents": [ + "openclaw", + "hermes" + ], + "risk_tier": "medium", + "automation_mode": "no_write_dry_run", + "telegram_policy": "action_required_preview", + "required_mcp": [ + "observability", + "gitea", + "browser" + ], + "required_rag": [ + "incident_traces", + "runbooks" + ], + "approval_required": true, + "current_live_count_24h": 0, + "blocked_actions": [ + "alert_rule_change", + "silence_change", + "restart_service" + ] + }, + { + "task_id": "pro_task_002_alert_noise_budget", + "title": "告警噪音預算與降噪提案", + "domain_id": "sre_observability", + "owner_agent": "sre_sentinel", + "supporting_agents": [ + "hermes", + "openclaw" + ], + "risk_tier": "medium", + "automation_mode": "proposal_only", + "telegram_policy": "weekly_digest", + "required_mcp": [ + "prometheus", + "alertmanager" + ], + "required_rag": [ + "alert_traces", + "runbooks" + ], + "approval_required": true, + "current_live_count_24h": 0, + "blocked_actions": [ + "receiver_route_change", + "silence_policy_change", + "prometheus_reload" + ] + }, + { + "task_id": "pro_task_003_synthetic_check_plan", + "title": "公開路由 synthetic check 與失敗分類計畫", + "domain_id": "sre_observability", + "owner_agent": "qa_verifier", + "supporting_agents": [ + "product_ui_curator", + "sre_sentinel" + ], + "risk_tier": "low", + "automation_mode": "auto_summary_after_guard", + "telegram_policy": "daily_digest", + "required_mcp": [ + "browser", + "http_probe" + ], + "required_rag": [ + "route_runbooks" + ], + "approval_required": false, + "current_live_count_24h": 0, + "blocked_actions": [ + "active_scan", + "production_write" + ] + }, + { + "task_id": "pro_task_004_backup_restore_readiness", + "title": "備份 freshness、restore drill 與 DR readiness 報告", + "domain_id": "data_dr", + "owner_agent": "data_dr_guardian", + "supporting_agents": [ + "hermes", + "openclaw" + ], + "risk_tier": "high", + "automation_mode": "approval_required_before_execution", + "telegram_policy": "action_required_preview", + "required_mcp": [ + "backup_status", + "gitea" + ], + "required_rag": [ + "dr_runbooks" + ], + "approval_required": true, + "current_live_count_24h": 0, + "blocked_actions": [ + "restore_run", + "offsite_sync", + "credential_escrow_marker_write" + ] + }, + { + "task_id": "pro_task_005_non_secret_escrow_evidence", + "title": "credential escrow 非敏感證據補件路由", + "domain_id": "data_dr", + "owner_agent": "data_dr_guardian", + "supporting_agents": [ + "security_sentinel", + "hermes" + ], + "risk_tier": "critical", + "automation_mode": "blocked_until_owner_response", + "telegram_policy": "action_required_preview", + "required_mcp": [ + "gitea" + ], + "required_rag": [ + "dr_runbooks", + "hard_rules" + ], + "approval_required": true, + "current_live_count_24h": 0, + "blocked_actions": [ + "secret_value_collection", + "credential_read", + "marker_write_without_owner" + ] + }, + { + "task_id": "pro_task_006_dependency_cve_triage", + "title": "依賴 CVE / EOL / license 風險分流", + "domain_id": "supply_chain", + "owner_agent": "supply_chain_scout", + "supporting_agents": [ + "openclaw", + "security_sentinel" + ], + "risk_tier": "medium", + "automation_mode": "proposal_only", + "telegram_policy": "weekly_digest", + "required_mcp": [ + "package_registry", + "osv" + ], + "required_rag": [ + "dependency_policy" + ], + "approval_required": true, + "current_live_count_24h": 0, + "blocked_actions": [ + "package_upgrade", + "lockfile_write", + "external_scan_without_approval" + ] + }, + { + "task_id": "pro_task_007_sbom_license_drift", + "title": "SBOM / license / Docker surface drift 批准包", + "domain_id": "supply_chain", + "owner_agent": "supply_chain_scout", + "supporting_agents": [ + "hermes", + "security_sentinel" + ], + "risk_tier": "medium", + "automation_mode": "proposal_only", + "telegram_policy": "weekly_digest", + "required_mcp": [ + "syft", + "trivy" + ], + "required_rag": [ + "supply_chain_runbooks" + ], + "approval_required": true, + "current_live_count_24h": 0, + "blocked_actions": [ + "tool_install", + "image_pull", + "sbom_upload" + ] + }, + { + "task_id": "pro_task_008_image_digest_pin_plan", + "title": "Docker image digest pinning 與 rollback 計畫", + "domain_id": "supply_chain", + "owner_agent": "devops_commander", + "supporting_agents": [ + "supply_chain_scout", + "qa_verifier" + ], + "risk_tier": "high", + "automation_mode": "approval_required_before_execution", + "telegram_policy": "action_required_preview", + "required_mcp": [ + "registry", + "gitea" + ], + "required_rag": [ + "release_runbooks" + ], + "approval_required": true, + "current_live_count_24h": 0, + "blocked_actions": [ + "image_pull", + "image_push", + "kustomization_write_without_review" + ] + }, + { + "task_id": "pro_task_009_gitops_diff_review", + "title": "K8s / ArgoCD manifest diff 與 blast-radius review", + "domain_id": "devops_release", + "owner_agent": "devops_commander", + "supporting_agents": [ + "openclaw", + "qa_verifier" + ], + "risk_tier": "critical", + "automation_mode": "approval_required_before_execution", + "telegram_policy": "action_required_preview", + "required_mcp": [ + "gitea", + "argocd" + ], + "required_rag": [ + "gitops_runbooks" + ], + "approval_required": true, + "current_live_count_24h": 0, + "blocked_actions": [ + "argocd_sync", + "kubectl_apply", + "helm_upgrade" + ] + }, + { + "task_id": "pro_task_010_gateway_route_impact", + "title": "Nginx / public gateway route impact analysis", + "domain_id": "devops_release", + "owner_agent": "devops_commander", + "supporting_agents": [ + "security_sentinel", + "qa_verifier" + ], + "risk_tier": "critical", + "automation_mode": "approval_required_before_execution", + "telegram_policy": "action_required_preview", + "required_mcp": [ + "gitea", + "browser" + ], + "required_rag": [ + "gateway_runbooks" + ], + "approval_required": true, + "current_live_count_24h": 0, + "blocked_actions": [ + "nginx_reload", + "route_change", + "certbot_renew" + ] + }, + { + "task_id": "pro_task_011_public_bundle_redaction", + "title": "前台 bundle / DOM / i18n 敏感資訊防洩漏掃描", + "domain_id": "security_iwooos", + "owner_agent": "security_sentinel", + "supporting_agents": [ + "product_ui_curator", + "qa_verifier" + ], + "risk_tier": "medium", + "automation_mode": "no_write_dry_run", + "telegram_policy": "daily_digest", + "required_mcp": [ + "browser", + "gitea" + ], + "required_rag": [ + "hard_rules" + ], + "approval_required": true, + "current_live_count_24h": 0, + "blocked_actions": [ + "frontend_deploy_without_smoke", + "secret_storage" + ] + }, + { + "task_id": "pro_task_012_secret_metadata_parity", + "title": "Secret name parity、injection route 與 redaction gate", + "domain_id": "security_iwooos", + "owner_agent": "security_sentinel", + "supporting_agents": [ + "devops_commander", + "openclaw" + ], + "risk_tier": "critical", + "automation_mode": "blocked_until_owner_response", + "telegram_policy": "action_required_preview", + "required_mcp": [ + "gitea" + ], + "required_rag": [ + "secret_runbooks" + ], + "approval_required": true, + "current_live_count_24h": 0, + "blocked_actions": [ + "secret_value_read", + "secret_rotation", + "workflow_modification" + ] + }, + { + "task_id": "pro_task_013_telegram_digest_preview", + "title": "AI Agent 日週月報 Telegram no-send preview", + "domain_id": "telegram_reporting", + "owner_agent": "telegram_ops_liaison", + "supporting_agents": [ + "hermes", + "qa_verifier" + ], + "risk_tier": "medium", + "automation_mode": "no_write_dry_run", + "telegram_policy": "no_direct_telegram", + "required_mcp": [ + "telegram_gateway" + ], + "required_rag": [ + "logbook_chunks" + ], + "approval_required": true, + "current_live_count_24h": 0, + "blocked_actions": [ + "telegram_send", + "bot_api_call", + "gateway_queue_write" + ] + }, + { + "task_id": "pro_task_014_report_truth_gate", + "title": "日報 / 週報 / 月報 truth gate 與可處置性審查", + "domain_id": "telegram_reporting", + "owner_agent": "hermes", + "supporting_agents": [ + "openclaw", + "sre_sentinel" + ], + "risk_tier": "medium", + "automation_mode": "auto_summary_after_guard", + "telegram_policy": "weekly_digest", + "required_mcp": [ + "gitea", + "observability" + ], + "required_rag": [ + "logbook_chunks", + "incident_traces" + ], + "approval_required": false, + "current_live_count_24h": 0, + "blocked_actions": [ + "false_green_report", + "report_send_without_truth_gate" + ] + }, + { + "task_id": "pro_task_015_agent_market_watch", + "title": "主流 AI Agent / SDK / 模型版本市場雷達", + "domain_id": "ai_governance", + "owner_agent": "market_scout", + "supporting_agents": [ + "openclaw", + "nemotron" + ], + "risk_tier": "medium", + "automation_mode": "proposal_only", + "telegram_policy": "weekly_digest", + "required_mcp": [ + "web_primary_sources", + "gitea" + ], + "required_rag": [ + "agent_market_evidence" + ], + "approval_required": true, + "current_live_count_24h": 0, + "blocked_actions": [ + "sdk_install", + "paid_api_call", + "production_route_change" + ] + }, + { + "task_id": "pro_task_016_model_replay_scorecard", + "title": "NemoTron / 候選模型 replay scorecard 與 failure mode 分析", + "domain_id": "ai_governance", + "owner_agent": "nemotron", + "supporting_agents": [ + "openclaw", + "qa_verifier" + ], + "risk_tier": "high", + "automation_mode": "no_write_dry_run", + "telegram_policy": "action_required_preview", + "required_mcp": [ + "fixture_store", + "gitea" + ], + "required_rag": [ + "replay_fixtures" + ], + "approval_required": true, + "current_live_count_24h": 0, + "blocked_actions": [ + "shadow_route", + "canary_route", + "full_replay_without_approval" + ] + }, + { + "task_id": "pro_task_017_cost_capacity_forecast", + "title": "AI provider、主機、K3s 與外部服務成本 / 容量預測", + "domain_id": "ai_governance", + "owner_agent": "openclaw", + "supporting_agents": [ + "supply_chain_scout", + "sre_sentinel" + ], + "risk_tier": "high", + "automation_mode": "proposal_only", + "telegram_policy": "monthly_digest", + "required_mcp": [ + "observability", + "billing_metadata" + ], + "required_rag": [ + "cost_policy" + ], + "approval_required": true, + "current_live_count_24h": 0, + "blocked_actions": [ + "paid_provider_switch", + "limit_increase", + "paid_api_call" + ] + }, + { + "task_id": "pro_task_018_db_query_triage", + "title": "PostgreSQL 慢查詢、索引與資料新鮮度異常 triage", + "domain_id": "sre_observability", + "owner_agent": "sre_sentinel", + "supporting_agents": [ + "data_dr_guardian", + "openclaw" + ], + "risk_tier": "high", + "automation_mode": "proposal_only", + "telegram_policy": "action_required_preview", + "required_mcp": [ + "database_readonly", + "observability" + ], + "required_rag": [ + "db_runbooks" + ], + "approval_required": true, + "current_live_count_24h": 0, + "blocked_actions": [ + "migration", + "reindex", + "write_query" + ] + }, + { + "task_id": "pro_task_019_data_freshness_source_reliability", + "title": "資料來源新鮮度、fallback 與來源可信度監控", + "domain_id": "data_dr", + "owner_agent": "hermes", + "supporting_agents": [ + "sre_sentinel", + "qa_verifier" + ], + "risk_tier": "medium", + "automation_mode": "auto_summary_after_guard", + "telegram_policy": "daily_digest", + "required_mcp": [ + "http_probe", + "database_readonly" + ], + "required_rag": [ + "data_quality_runbooks" + ], + "approval_required": false, + "current_live_count_24h": 0, + "blocked_actions": [ + "source_switch_without_owner", + "data_write" + ] + }, + { + "task_id": "pro_task_020_ui_accessibility_regression", + "title": "前後台 mobile overflow、console error、可讀性與 a11y regression", + "domain_id": "product_quality", + "owner_agent": "product_ui_curator", + "supporting_agents": [ + "qa_verifier", + "security_sentinel" + ], + "risk_tier": "low", + "automation_mode": "auto_summary_after_guard", + "telegram_policy": "daily_digest", + "required_mcp": [ + "browser" + ], + "required_rag": [ + "frontend_guidelines" + ], + "approval_required": false, + "current_live_count_24h": 0, + "blocked_actions": [ + "unrelated_redesign", + "public_secret_display" + ] + }, + { + "task_id": "pro_task_021_runbook_postmortem_draft", + "title": "Runbook、postmortem 與 owner handoff 草稿", + "domain_id": "ai_governance", + "owner_agent": "hermes", + "supporting_agents": [ + "openclaw", + "sre_sentinel" + ], + "risk_tier": "low", + "automation_mode": "auto_summary_after_guard", + "telegram_policy": "weekly_digest", + "required_mcp": [ + "gitea" + ], + "required_rag": [ + "logbook_chunks", + "runbooks" + ], + "approval_required": false, + "current_live_count_24h": 0, + "blocked_actions": [ + "canonical_km_write_without_review", + "secret_in_doc" + ] + }, + { + "task_id": "pro_task_022_owner_response_completeness", + "title": "Owner response 欄位完整性、補件與拒收分流", + "domain_id": "security_iwooos", + "owner_agent": "security_sentinel", + "supporting_agents": [ + "hermes", + "openclaw" + ], + "risk_tier": "high", + "automation_mode": "proposal_only", + "telegram_policy": "action_required_preview", + "required_mcp": [ + "gitea" + ], + "required_rag": [ + "owner_response_templates" + ], + "approval_required": true, + "current_live_count_24h": 0, + "blocked_actions": [ + "mark_accepted_without_reviewer", + "runtime_gate_open" + ] + }, + { + "task_id": "pro_task_023_candidate_pr_draft_packaging", + "title": "低 / 中風險候選 PR 草案、測試與 rollback 封包", + "domain_id": "devops_release", + "owner_agent": "devops_commander", + "supporting_agents": [ + "qa_verifier", + "openclaw" + ], + "risk_tier": "medium", + "automation_mode": "proposal_only", + "telegram_policy": "action_required_preview", + "required_mcp": [ + "gitea" + ], + "required_rag": [ + "release_runbooks" + ], + "approval_required": true, + "current_live_count_24h": 0, + "blocked_actions": [ + "branch_push_without_approval", + "auto_merge", + "workflow_trigger" + ] + }, + { + "task_id": "pro_task_024_post_action_verifier", + "title": "Post-action verifier、rollback trigger 與 receipt reconciliation", + "domain_id": "telegram_reporting", + "owner_agent": "openclaw", + "supporting_agents": [ + "telegram_ops_liaison", + "qa_verifier" + ], + "risk_tier": "critical", + "automation_mode": "approval_required_before_execution", + "telegram_policy": "failure_only_preview", + "required_mcp": [ + "telegram_gateway", + "observability", + "gitea" + ], + "required_rag": [ + "verification_runbooks" + ], + "approval_required": true, + "current_live_count_24h": 0, + "blocked_actions": [ + "verifier_live_readback_without_gate", + "rollback_without_owner", + "telegram_send_without_receipt" + ] + } + ], + "mcp_rag_stack": { + "mcp_connectors": [ + "gitea", + "browser", + "observability", + "telegram_gateway", + "package_registry", + "database_readonly", + "backup_status", + "argocd_readonly", + "http_probe", + "fixture_store" + ], + "rag_sources": [ + "LOGBOOK chunks", + "HARD_RULES / ADR chunks", + "runbook chunks", + "incident / alert traces", + "agent market evidence", + "owner response templates" + ], + "growth_metrics": [ + "km_entries_created", + "playbook_updates", + "recommendations_created", + "replay_score_delta", + "blocked_action_prevented_count", + "receipt_missing_count" + ] + }, + "risk_policy": { + "low": "文件、報表、UI smoke 與只讀摘要可在 guard 後自動處理並進每日 digest。", + "medium": "中風險只能先產 proposal、no-write dry-run 或 PR 草案;涉及設定、外部服務、成本、路由或未知狀態時升級審核。", + "high": "高風險必須 OpenClaw 仲裁、QA / Security gate 與統帥批准;不得自動執行。", + "critical": "production write、kubectl、ArgoCD sync、Telegram 實發、secret、付費 API、restore、rollback、host write 均維持 blocked until explicit approval。" + }, + "reporting_contract": { + "daily": { + "required": true, + "owner_agent": "hermes", + "telegram_stage": "tg_bridge_04_daily_weekly_monthly_digest" + }, + "weekly": { + "required": true, + "owner_agent": "hermes", + "telegram_stage": "tg_bridge_04_daily_weekly_monthly_digest" + }, + "monthly": { + "required": true, + "owner_agent": "hermes", + "telegram_stage": "tg_bridge_04_daily_weekly_monthly_digest" + }, + "action_required": { + "required": true, + "owner_agent": "openclaw", + "telegram_stage": "tg_bridge_05_action_required_digest" + } + }, + "redaction_contract": { + "redaction_required": true, + "conversation_transcript_display_allowed": false, + "raw_prompt_display_allowed": false, + "private_reasoning_display_allowed": false, + "secret_value_display_allowed": false, + "raw_runtime_payload_display_allowed": false, + "telegram_message_must_be_sanitized": true, + "forbidden_terms": [ + "work_window_transcript", + "raw prompt", + "private reasoning", + "chain-of-thought", + "telegram token", + "authorization header", + "secret value" + ], + "frontend_display_policy": "前端與 Telegram preview 只顯示脫敏摘要、env ref、dedup key、preview hash 與審核狀態;不得顯示工作視窗對話、未遮罩提示、私有推理、機密明文或未遮罩 runtime payload。", + "message_preview_redaction_checks": [ + "conversation_context_redacted", + "prompt_surface_redacted", + "runtime_payload_redacted", + "credential_material_absent", + "action_button_absent", + "execution_claim_absent" + ], + "canary_packet_redaction_checks": [ + "target_room_value_hidden", + "bot_token_absent", + "operator_input_value_hidden", + "no_runtime_payload", + "collaboration_context_redacted", + "no_action_button" + ], + "canary_delivery_redaction_checks": [ + "target_room_value_hidden", + "operator_input_value_hidden", + "runtime_payload_redacted", + "collaboration_context_redacted", + "credential_material_absent", + "action_button_absent" + ] + }, + "rollups": { + "professional_task_count": 24, + "domain_count": 8, + "telegram_stage_count": 5, + "telegram_message_type_count": 6, + "approval_required_count": 19, + "low_risk_task_count": 3, + "medium_risk_task_count": 10, + "high_risk_task_count": 6, + "critical_risk_task_count": 5, + "current_live_count": 0, + "gateway_queue_write_count": 0, + "telegram_send_count": 0, + "bot_api_call_count": 0, + "delivery_receipt_write_count": 0, + "production_write_count": 0, + "secret_read_count": 0, + "paid_api_call_count": 0, + "host_write_count": 0, + "kubectl_action_count": 0, + "no_send_preview_count": 6, + "dedup_key_count": 6, + "receipt_expectation_count": 6, + "canary_approval_package_count": 1, + "queue_preview_envelope_field_count": 6, + "canary_required_preview_count": 6, + "approval_required_preview_count": 4, + "preview_send_enabled_count": 0, + "preview_queue_write_enabled_count": 0, + "preview_bot_api_call_enabled_count": 0, + "receipt_live_write_enabled_count": 0, + "canary_live_send_enabled_count": 0, + "canary_send_approval_packet_count": 1, + "canary_operator_approval_field_count": 7, + "canary_stop_condition_count": 6, + "canary_rollback_mute_step_count": 5, + "canary_receipt_readback_check_count": 6, + "canary_approval_granted_count": 0, + "canary_selected_message_type_count": 0, + "canary_approved_time_window_count": 0, + "canary_send_execution_enabled_count": 0, + "canary_gateway_queue_write_enabled_count": 0, + "canary_bot_api_call_enabled_count": 0, + "canary_delivery_receipt_write_enabled_count": 0, + "canary_secret_read_enabled_count": 0, + "canary_delivery_gate_count": 1, + "canary_delivery_required_field_count": 8, + "canary_delivery_preflight_check_count": 8, + "canary_delivery_hold_reason_count": 7, + "canary_delivery_readback_check_count": 7, + "canary_delivery_rollback_mute_control_count": 5, + "canary_delivery_approved_count": 0, + "canary_delivery_attempt_allowed_count": 0, + "canary_delivery_live_send_enabled_count": 0, + "canary_delivery_gateway_queue_write_enabled_count": 0, + "canary_delivery_bot_api_call_enabled_count": 0, + "canary_delivery_secret_read_enabled_count": 0, + "canary_delivery_paid_api_enabled_count": 0 + } +} diff --git a/docs/schemas/ai_agent_professional_task_expansion_v1.schema.json b/docs/schemas/ai_agent_professional_task_expansion_v1.schema.json index 81176a59..7df3afe6 100644 --- a/docs/schemas/ai_agent_professional_task_expansion_v1.schema.json +++ b/docs/schemas/ai_agent_professional_task_expansion_v1.schema.json @@ -38,13 +38,18 @@ ], "properties": { "current_priority": { - "enum": ["P0", "P1", "P2", "P3"] + "enum": [ + "P0", + "P1", + "P2", + "P3" + ] }, "current_task_id": { - "const": "P2-405C" + "const": "P2-405D" }, "next_task_id": { - "const": "P2-405D" + "const": "P2-405E" }, "overall_completion_percent": { "type": "integer", @@ -92,7 +97,8 @@ "queue_preview_readback", "receipt_expectations", "canary_approval_package", - "canary_send_approval_packet" + "canary_send_approval_packet", + "canary_delivery_gate" ], "properties": { "canonical_room": { @@ -201,7 +207,12 @@ }, "dedup_policy": { "type": "object", - "required": ["required", "key_count", "live_cache_write_enabled", "keys"], + "required": [ + "required", + "key_count", + "live_cache_write_enabled", + "keys" + ], "properties": { "required": { "const": true @@ -222,7 +233,12 @@ }, "queue_preview_readback": { "type": "object", - "required": ["enabled", "preview_only", "write_enabled", "readback_enabled"], + "required": [ + "enabled", + "preview_only", + "write_enabled", + "readback_enabled" + ], "properties": { "enabled": { "const": true @@ -435,6 +451,169 @@ } }, "additionalProperties": true + }, + "canary_delivery_gate": { + "type": "object", + "required": [ + "gate_id", + "status", + "gate_ready", + "delivery_approved", + "delivery_attempt_allowed", + "selected_message_type", + "selected_message_type_source", + "target_room_alias", + "target_room_env", + "target_room_value_visible", + "target_room_verified", + "proposed_time_window", + "approved_time_window", + "owner_agent", + "arbiter", + "reviewers", + "required_delivery_fields", + "preflight_checks", + "hold_reasons", + "delivery_attempt_plan", + "readback_after_approval_plan", + "rollback_mute_controls", + "execution_flags", + "delivery_decision_log" + ], + "properties": { + "status": { + "const": "blocked_waiting_commander_delivery_fields" + }, + "gate_ready": { + "const": true + }, + "delivery_approved": { + "const": false + }, + "delivery_attempt_allowed": { + "const": false + }, + "selected_message_type": { + "const": "not_selected" + }, + "target_room_env": { + "const": "SRE_GROUP_CHAT_ID" + }, + "target_room_value_visible": { + "const": false + }, + "target_room_verified": { + "const": false + }, + "proposed_time_window": { + "const": "waiting_commander_input" + }, + "approved_time_window": { + "const": "not_approved" + }, + "required_delivery_fields": { + "type": "array", + "minItems": 8, + "maxItems": 8 + }, + "preflight_checks": { + "type": "array", + "minItems": 8, + "maxItems": 8 + }, + "hold_reasons": { + "type": "array", + "minItems": 7, + "maxItems": 7 + }, + "delivery_attempt_plan": { + "type": "object", + "properties": { + "max_messages": { + "const": 1 + }, + "send_mode": { + "const": "blocked_no_send" + }, + "live_delivery_enabled": { + "const": false + }, + "gateway_queue_write_enabled": { + "const": false + }, + "bot_api_call_enabled": { + "const": false + }, + "delivery_receipt_write_enabled": { + "const": false + }, + "production_write_enabled": { + "const": false + }, + "secret_read_enabled": { + "const": false + }, + "paid_api_enabled": { + "const": false + } + }, + "additionalProperties": true + }, + "readback_after_approval_plan": { + "type": "object", + "properties": { + "enabled_before_delivery": { + "const": false + }, + "production_receipt_write_enabled": { + "const": false + }, + "required_checks": { + "type": "array", + "minItems": 7, + "maxItems": 7 + } + }, + "additionalProperties": true + }, + "rollback_mute_controls": { + "type": "array", + "minItems": 5, + "maxItems": 5 + }, + "execution_flags": { + "type": "object", + "properties": { + "live_delivery_enabled": { + "const": false + }, + "gateway_queue_write_enabled": { + "const": false + }, + "bot_api_call_enabled": { + "const": false + }, + "delivery_receipt_write_enabled": { + "const": false + }, + "production_write_enabled": { + "const": false + }, + "secret_read_enabled": { + "const": false + }, + "paid_api_enabled": { + "const": false + } + }, + "additionalProperties": true + }, + "delivery_decision_log": { + "type": "array", + "maxItems": 0 + } + }, + "additionalProperties": true } }, "additionalProperties": true @@ -479,7 +658,12 @@ "type": "string" }, "risk_tier": { - "enum": ["low", "medium", "high", "critical"] + "enum": [ + "low", + "medium", + "high", + "critical" + ] }, "automation_mode": { "enum": [ @@ -583,7 +767,20 @@ "canary_gateway_queue_write_enabled_count", "canary_bot_api_call_enabled_count", "canary_delivery_receipt_write_enabled_count", - "canary_secret_read_enabled_count" + "canary_secret_read_enabled_count", + "canary_delivery_gate_count", + "canary_delivery_required_field_count", + "canary_delivery_preflight_check_count", + "canary_delivery_hold_reason_count", + "canary_delivery_readback_check_count", + "canary_delivery_rollback_mute_control_count", + "canary_delivery_approved_count", + "canary_delivery_attempt_allowed_count", + "canary_delivery_live_send_enabled_count", + "canary_delivery_gateway_queue_write_enabled_count", + "canary_delivery_bot_api_call_enabled_count", + "canary_delivery_secret_read_enabled_count", + "canary_delivery_paid_api_enabled_count" ], "properties": { "professional_task_count": { @@ -708,6 +905,45 @@ }, "canary_secret_read_enabled_count": { "const": 0 + }, + "canary_delivery_gate_count": { + "const": 1 + }, + "canary_delivery_required_field_count": { + "const": 8 + }, + "canary_delivery_preflight_check_count": { + "const": 8 + }, + "canary_delivery_hold_reason_count": { + "const": 7 + }, + "canary_delivery_readback_check_count": { + "const": 7 + }, + "canary_delivery_rollback_mute_control_count": { + "const": 5 + }, + "canary_delivery_approved_count": { + "const": 0 + }, + "canary_delivery_attempt_allowed_count": { + "const": 0 + }, + "canary_delivery_live_send_enabled_count": { + "const": 0 + }, + "canary_delivery_gateway_queue_write_enabled_count": { + "const": 0 + }, + "canary_delivery_bot_api_call_enabled_count": { + "const": 0 + }, + "canary_delivery_secret_read_enabled_count": { + "const": 0 + }, + "canary_delivery_paid_api_enabled_count": { + "const": 0 } }, "additionalProperties": true diff --git a/docs/superpowers/specs/2026-04-15-MASTER-ai-autonomous-flywheel-v2.md b/docs/superpowers/specs/2026-04-15-MASTER-ai-autonomous-flywheel-v2.md index c14dcf0e..6384c057 100644 --- a/docs/superpowers/specs/2026-04-15-MASTER-ai-autonomous-flywheel-v2.md +++ b/docs/superpowers/specs/2026-04-15-MASTER-ai-autonomous-flywheel-v2.md @@ -638,7 +638,7 @@ Alert / Sentry / SigNoz / Gitea / Market Watch / Operator | `docs/evaluations/ai_agent_report_runtime_dry_run_2026-06-12.json` + `GET /api/v1/agents/agent-report-runtime-dry-run` | P2-403M 報表 runtime no-write dry-run 證據包;建立 5 個 dry-run artifact、3 個 SRE 戰情室 queue digest 草案、4 個 readback verifier case、3 個 Agent dry-run role 與 6 個 operator checkpoint;不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不寫 delivery receipt、不啟動 worker、不跑 verifier live readback、不讀 secret,已由 P2-403N fixture readback 承接 | | `docs/evaluations/ai_agent_report_runtime_fixture_readback_2026-06-12.json` + `GET /api/v1/agents/agent-report-runtime-fixture-readback` | P2-403N fixture smoke / queue preview readback / verifier dry-run 證據包;建立 5 個 fixture smoke、3 個 SRE 戰情室 queue preview readback、4 個 verifier dry-run case、3 個 Agent fixture role 與 5 個 operator checkpoint;不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不寫 delivery receipt、不啟動 worker、不跑 verifier live readback、不讀 secret,下一步 P2-404 | | `docs/evaluations/ai_agent_runtime_worker_shadow_gate_2026-06-12.json` + `GET /api/v1/agents/agent-runtime-worker-shadow-gate` | P2-404 runtime worker shadow / no-write execution evidence gate;建立 5 個 shadow candidate、4 個 no-write replay、4 個 verifier shadow case、3 個 Agent shadow role 與 6 個 operator checkpoint;shadow live worker、Gateway queue write、Telegram send、Bot API、delivery receipt、auto worker、verifier live readback、production write 與 secret read 全部 `0 / false`,下一步 P2-101 | -| `docs/evaluations/ai_agent_professional_task_expansion_2026-06-16_1015_p2_405c.json` + `GET /api/v1/agents/agent-professional-task-expansion` | P2-405C AI Agent 專業任務擴展與 Telegram Runtime Bridge;承接 12-Agent War Room、P2-403 report/runtime 鏈與 monitoring owner response acceptance,固定 24 類專業任務、8 個任務領域、5 段 Telegram bridge、6 種訊息類型、6 個 no-send preview、6 個 dedup key、6 組 receipt expectation、1 份 canary approval package、1 份 canary send approval packet、7 個批准欄位、6 個停止條件、5 步 mute / rollback、6 個 receipt readback check、MCP/RAG stack、日報 / 週報 / 月報 / action-required 報告契約,並接入 governance automation inventory 卡片;需批准任務 `19`、preview / canary live write `0`;Gateway queue write、Telegram send、Bot API、delivery receipt production write、production write、secret read、paid API、host write 與 kubectl action 全部 `0 / false`,下一步 P2-405D canary delivery gate | +| `docs/evaluations/ai_agent_professional_task_expansion_2026-06-16_1108_p2_405d.json` + `GET /api/v1/agents/agent-professional-task-expansion` | P2-405D AI Agent 專業任務擴展與 Telegram Runtime Bridge;承接 12-Agent War Room、P2-403 report/runtime 鏈與 monitoring owner response acceptance,固定 24 類專業任務、8 個任務領域、5 段 Telegram bridge、6 種訊息類型、6 個 no-send preview、6 個 dedup key、6 組 receipt expectation、1 份 canary approval package、1 份 canary send approval packet、1 份 canary delivery gate、8 個交付必填欄位、8 個 preflight check、7 個 hold reason、7 個 readback check、5 個 rollback / mute control、MCP/RAG stack、日報 / 週報 / 月報 / action-required 報告契約,並接入 governance automation inventory 卡片;需批准任務 `19`、preview / canary / delivery live write `0`;Gateway queue write、Telegram send、Bot API、delivery receipt production write、production write、secret read、paid API、host write 與 kubectl action 全部 `0 / false`,下一步 P2-405E canary dry-run delivery rehearsal | | `docs/evaluations/ai_agent_operation_permission_model_2026-06-12.json` + `GET /api/v1/agents/agent-operation-permission-model` | P2-101 操作類別權限模型;建立 5 條 permission lane、13 類 operation category、3 個 Agent permission role、8 個 gate transition 與 5 個 operator decision template;runtime execution、Gateway queue write、Telegram send、Bot API、delivery receipt、auto worker、verifier live readback、production write、secret / paid provider、host command 與 destructive action 全部 `0 / false`,已由 P2-102 承接 | | `docs/evaluations/ai_agent_candidate_operation_dry_run_evidence_2026-06-12.json` + `GET /api/v1/agents/agent-candidate-operation-dry-run-evidence` | P2-102 候選操作 dry-run 證據;13 類候選操作全部具備 input / output evidence hash、side-effect count、verifier plan、rollback/no-op plan 與人工 handoff;6 個 verifier plan、7 個 gate evidence requirement、5 個 operator handoff;runtime、Gateway queue、Telegram、production write、secret / paid provider 與 destructive action 全部 `0 / false`,已由 P2-103 承接 | | `docs/evaluations/ai_agent_task_result_audit_trail_2026-06-13.json` + `GET /api/v1/agents/agent-task-result-audit-trail` | P2-103 任務結果稽核軌跡;8 條 result route、6 個 writeback contract、7 個 audit checkpoint、5 個 operator handoff;把 diagnostic-only、repair candidate、execution failed、provider unmatched、report zero-signal 等結果固定到 KM 草稿、LOGBOOK 證據、audit trail、timeline 與人工下一步;KM / LOGBOOK / audit DB / timeline / PlayBook trust / Gateway queue / Telegram 寫入全為 `0 / false`,已由 P2-104 承接 | @@ -841,7 +841,7 @@ Repo / registry / release notes / K8s / host / observability / backup evidence 64. 建立 owner response preflight 與拒收邊界。✅ P2-143 已完成正式驗證;承接 P2-141 decision input prep 與 P2-142 War Room 基線,固定 response intake lane `5`、required owner field `18`、intake validation check `6`、rejection guard `6`、operator action `5`、waiting external response `5`;owner response received / accepted / rejected、redacted payload ingested、reviewer queue write、Gateway queue write、Telegram send、Bot API、result capture、learning、PlayBook trust、production write、secret read、destructive operation 仍為 `0 / false`;feature commit `755b0a8d`、deploy marker `667d6329`、Gitea code-review `2961` / CD `2960` success、本地 P2-142 War Room + P2-139 至 P2-143 regression `37 passed`、JSON parse、Python compile、Web typecheck、guard、doc secret sanity、禁用外露值掃描、production API readback 與 desktop / mobile smoke 通過。下一步 P2-144 owner response readback。 65. 建立 owner response readback。✅ P2-144 已完成正式驗證;承接 P2-143 preflight,固定 response readback lane `5`、required owner field `18`、readback validation check `6`、readback rejection guard `6`、operator action `5`、waiting external response `5`、no external response received lane `5`;owner response received / accepted / rejected、redacted payload ingested、reviewer queue write、Gateway queue write、Telegram send、Bot API、result capture、learning、PlayBook trust、production write、secret read、destructive operation 仍為 `0 / false`;feature commit `8795f100`、deploy marker `ac938037`、Gitea code-review `2965` / CD `2964` success;本地 P2-139 至 P2-144 regression `45 passed`,rebase 後含 tenants regression 的推送前回歸 `47 passed`、JSON parse、Python compile、Web typecheck、guard、doc secret sanity、value-only 禁用外露值掃描、i18n key parity 與 diff check 通過;production API readback、desktop / mobile smoke、水平溢位 `0`、危險控制 `0`、工作溝通片語命中 `0` 已完成。下一步 P2-145 owner response acceptance gate。 66. 建立 owner response acceptance gate。✅ P2-145 已完成並正式驗證;承接 P2-144 readback,固定 acceptance gate lane `5`、required owner field `18`、acceptance validation check `6`、acceptance rejection guard `6`、operator action `5`、blocked no external response `5`、no acceptable external response `5`;owner response received / accepted / rejected、redacted payload ingested、reviewer queue write、Gateway queue write、Telegram send、Bot API、result capture、learning、PlayBook trust、production write、secret read、destructive operation 仍為 `0 / false`;feature commit `386dbd07`、deploy marker `36fbfc6b`、Gitea code-review `2969` / CD `2968` success;P2-144 + P2-145 regression `16 passed`、JSON parse、Python compile、Web typecheck、guard、doc secret sanity、顯示值工作視窗污染掃描、i18n key parity、diff check、production API readback、in-app browser smoke、desktop / mobile smoke、水平溢位 `0`、P2-145 卡片操作控制 `0`、工作溝通片語命中 `0` 已完成。下一步 P2-146 acceptance receipt preview,且必須等合格、遮罩、欄位完整、可驗證來源的外部正式回覆後才能建立 receipt preview。 -66a. 建立 AI Agent 專業任務擴展與 Telegram Runtime Bridge。✅ P2-405C 本地完成;承接 12-Agent War Room、P2-403 report/runtime 鏈與 monitoring owner response acceptance,固定 24 類專業任務、8 個領域、5 段 Telegram bridge、6 種訊息類型、6 個 no-send preview、6 個 dedup key、6 組 receipt expectation、1 份 canary approval package、1 份 canary send approval packet、7 個批准欄位、6 個停止條件、5 步 mute / rollback、6 個 receipt readback check 與 MCP/RAG stack,並接入 governance automation inventory 卡片;需批准任務 `19`、low / medium / high / critical = `3 / 10 / 6 / 5`;Gateway queue write、Telegram send、Bot API、delivery receipt production write、production write、secret read、paid API、host write、kubectl action 仍為 `0 / false`。下一步 P2-405D canary delivery gate;這不占用 P2-146 owner response receipt preview。 +66a. 建立 AI Agent 專業任務擴展與 Telegram Runtime Bridge。✅ P2-405D 本地完成;承接 12-Agent War Room、P2-403 report/runtime 鏈與 monitoring owner response acceptance,固定 24 類專業任務、8 個領域、5 段 Telegram bridge、6 種訊息類型、6 個 no-send preview、6 個 dedup key、6 組 receipt expectation、1 份 canary approval package、1 份 canary send approval packet、1 份 canary delivery gate、8 個交付必填欄位、8 個 preflight check、7 個 hold reason、7 個 readback check、5 個 rollback / mute control 與 MCP/RAG stack,並接入 governance automation inventory 卡片;需批准任務 `19`、low / medium / high / critical = `3 / 10 / 6 / 5`;Gateway queue write、Telegram send、Bot API、delivery receipt production write、production write、secret read、paid API、host write、kubectl action 仍為 `0 / false`。下一步 P2-405E canary dry-run delivery rehearsal;這不占用 P2-146 owner response receipt preview。 67. 新增 P0 配置控管優先序前台可視化。✅ 正式驗證完成;`/zh-TW/iwooos` 已集中顯示 Nginx public gateway、DNS / TLS / certbot、K8s / ArgoCD / production manifests、Workflow / runner / secret metadata、Public / admin / API runtime config、agent-bounty runtime / treasury 六類即時風險配置;owner response `0 / 0`、live evidence `0`、執行期 `0`、操作按鈕 `0`;feature commit `e992af89`、deploy marker `ed651a98`、Gitea code-review `2971` / CD `2970` success;本地與正式 in-app browser、desktop `1440x1100`、mobile `390x844` smoke 通過。這不是 Nginx live conf 讀取、`nginx -t`、reload、DNS / TLS probe、certbot renew、ArgoCD sync、kubectl、workflow / secret 修改、public route change、agent-bounty runtime、payout / withdrawal、production write 或 runtime gate。 68. 補強 P0 高價值配置 Gate path pattern、工作樹 preflight、owner packet 與 coverage snapshot。✅ 本地完成;`k8s/nginx/**`、`scripts/ops/**/*cert*`、`scripts/ops/**/*tls*` 已納入 high-value config classification,Nginx public gateway 與 DNS / TLS / certbot sample 從 `matched=0 / C0=0` 收斂到 `matched=3 / C0=2`;gate snapshot 顯示 `changed_files=6`、`matched=6`、`categories=3`、`c0=2`、`c1=0`;預設模式已可讀取 staged / unstaged / untracked,臨時 `k8s/nginx/*` smoke 命中 C0;owner packet snapshot `packets=3 / c0=2 / runtime_gate=0`;coverage snapshot `categories=14 / c0=8 / avg=67 / runtime_gate=0`;owner evidence 仍 `provided=false / complete=false`,runtime execution 仍 `false`。這不是 live config read、`nginx -t`、reload、certbot renew、DNS / TLS probe、host write、active scan、workflow 修改、secret 收集、production write 或 runtime gate。 69. 同步高價值配置 Owner Packet 前台 projection。✅ 已完成並正式驗證;`/zh-TW/iwooos` 與 `/zh-TW/awooop` 已顯示 owner packet snapshot `packet=3 / c0=2`、最高命中 `C0 / P0`、Nginx public gateway、DNS / TLS / certbot 與 security tooling 影響範圍;feature commit `e999c16b`、deploy marker `16c6b983`、Gitea code-review `2973` / CD `2972` success;request sent、received、accepted、runtime gate 與 action buttons 仍為 `0`;本地與正式 desktop / mobile / in-app browser smoke 已通過,水平溢位 `0`、卡片內操作控制 `0`、危險連結 `0`、工作溝通片語命中 `0`。不得因此調高 IwoooS headline。 @@ -894,7 +894,7 @@ Repo / registry / release notes / K8s / host / observability / backup evidence | `docs/evaluations/ai_agent_report_runtime_dry_run_2026-06-12.json` + `GET /api/v1/agents/agent-report-runtime-dry-run` | P2-403M 報表 runtime no-write dry-run 證據包;5 個 dry-run artifact、3 個 queue digest 草案、4 個 readback verifier case、3 個 Agent dry-run role、6 個 operator checkpoint;不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不寫 delivery receipt、不啟動 worker、不跑 verifier live readback | | `docs/evaluations/ai_agent_report_runtime_fixture_readback_2026-06-12.json` + `GET /api/v1/agents/agent-report-runtime-fixture-readback` | P2-403N fixture smoke / queue preview readback / verifier dry-run 證據包;5 個 fixture smoke、3 個 queue preview readback、4 個 verifier dry-run case、3 個 Agent fixture role、5 個 operator checkpoint;不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不寫 delivery receipt、不啟動 worker、不跑 verifier live readback | | `docs/evaluations/ai_agent_runtime_worker_shadow_gate_2026-06-12.json` + `GET /api/v1/agents/agent-runtime-worker-shadow-gate` | P2-404 runtime worker shadow / no-write execution evidence gate;5 個 shadow candidate、4 個 no-write replay、4 個 verifier shadow case、3 個 Agent shadow role、6 個 operator checkpoint;不啟動 live worker、不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不寫 production target | -| `docs/evaluations/ai_agent_professional_task_expansion_2026-06-16_1015_p2_405c.json` + `GET /api/v1/agents/agent-professional-task-expansion` | P2-405C AI Agent 專業任務擴展與 Telegram Runtime Bridge;24 類專業任務、8 個領域、5 段 Telegram bridge、6 種訊息類型、6 個 no-send preview、6 個 dedup key、6 組 receipt expectation、1 份 canary approval package、1 份 canary send approval packet、7 個批准欄位、6 個停止條件、5 步 mute / rollback、6 個 receipt readback check、MCP/RAG stack、治理頁 P2-405C 卡片;不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不寫 production target、不讀 secret、不用 paid API | +| `docs/evaluations/ai_agent_professional_task_expansion_2026-06-16_1108_p2_405d.json` + `GET /api/v1/agents/agent-professional-task-expansion` | P2-405D AI Agent 專業任務擴展與 Telegram Runtime Bridge;24 類專業任務、8 個領域、5 段 Telegram bridge、6 種訊息類型、6 個 no-send preview、6 個 dedup key、6 組 receipt expectation、1 份 canary approval package、1 份 canary send approval packet、1 份 canary delivery gate、8 個交付必填欄位、8 個 preflight check、7 個 hold reason、7 個 readback check、5 個 rollback / mute control、MCP/RAG stack、治理頁 P2-405D 卡片;不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不寫 production target、不讀 secret、不用 paid API | | `docs/evaluations/ai_agent_operation_permission_model_2026-06-12.json` + `GET /api/v1/agents/agent-operation-permission-model` | P2-101 操作類別權限模型;5 條 permission lane、13 類 operation category、3 個 Agent permission role、8 個 gate transition、5 個 operator decision template;不啟動 runtime worker、不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不寫 production target、不讀 secret | | `docs/evaluations/ai_agent_candidate_operation_dry_run_evidence_2026-06-12.json` + `GET /api/v1/agents/agent-candidate-operation-dry-run-evidence` | P2-102 候選操作 dry-run 證據;13 類候選操作、13 組 dry-run evidence、6 個 verifier plan、7 個 gate evidence requirement、5 個 operator handoff;不啟動 runtime worker、不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不寫 production target、不讀 secret、不執行 destructive action | | `docs/evaluations/ai_agent_task_result_audit_trail_2026-06-13.json` + `GET /api/v1/agents/agent-task-result-audit-trail` | P2-103 任務結果稽核軌跡;8 條 result route、6 個 writeback contract、7 個 audit checkpoint、5 個 operator handoff;不寫 KM、不 runtime append LOGBOOK、不寫 audit DB、不寫 timeline、不更新 PlayBook trust、不寫 Gateway queue、不送 Telegram | @@ -5017,3 +5017,15 @@ Trigger commit `f5cd37b7` 與 deploy marker `0ba92357` 已把 governance UI 的 - 新增 / 更新測試,明確拒絕 canary approval granted、selected message type、canary execution enabled、Gateway queue write、Bot API call、delivery receipt production write、secret read 或 paid API 被提前打開。 **裁決:** 這是 canary send approval packet,不是 Telegram send、Gateway queue write、Bot API call、delivery receipt production write、approved canary delivery、production write、secret read、host write、kubectl action 或 runtime authorization;下一步 P2-405D 只能在統帥明確填入 canary 發送批准欄位後進入受控 delivery gate,未批准前不得實發。 + +### 2026-06-16 11:08 (台北) — §3.2 / §5 — 新增 P2-405D Canary Delivery Gate — 把 TG canary 交付前最後欄位與 preflight 固定成 no-send gate + +**觸發**:P2-405C 已建立 canary send approval packet,但仍需要一層 delivery gate 明確呈現哪些交付欄位未填、哪些 preflight 未通過、哪些 hold reason 仍阻擋,避免把「批准包就緒」誤判成 Gateway queue write、Bot API call 或 Telegram 實發授權。 + +**已推進:** +- 新增 `docs/evaluations/ai_agent_professional_task_expansion_2026-06-16_1108_p2_405d.json`,`current_task_id=P2-405D`、`next_task_id=P2-405E`、overall `96%`。 +- `ai_agent_professional_task_expansion_v1` schema 與 API loader 已要求 1 份 canary delivery gate、8 個 required delivery field、8 個 preflight check、7 個 hold reason、7 個 readback check、5 個 rollback / mute control。 +- `/zh-TW/governance?tab=automation-inventory` P2-405D 卡片顯示 delivery gate、交付必填欄位、preflight、hold reason 與批准缺口;preview / canary / delivery live write 計數仍為 `0`。 +- 新增 / 更新測試,明確拒絕 delivery approved、delivery attempt allowed、Gateway queue write、Bot API call、delivery receipt write、secret read 或 paid API 被提前打開。 + +**裁決:** 這是 canary delivery gate,不是 Telegram send、Gateway queue write、Bot API call、delivery receipt production write、approved canary delivery、production write、secret read、host write、kubectl action 或 runtime authorization;下一步 P2-405E 只能在統帥明確填入 canary delivery 欄位後進入受控 dry-run delivery rehearsal,未批准前不得實發。