feat(agents): expose controlled executor handoff runway
Some checks failed
Code Review / ai-code-review (push) Successful in 22s
CD Pipeline / tests (push) Successful in 1m47s
CD Pipeline / build-and-deploy (push) Successful in 6m20s
CD Pipeline / post-deploy-checks (push) Successful in 2m18s
Ansible / Reboot Recovery Contract / validate (push) Has been cancelled
Some checks failed
Code Review / ai-code-review (push) Successful in 22s
CD Pipeline / tests (push) Successful in 1m47s
CD Pipeline / build-and-deploy (push) Successful in 6m20s
CD Pipeline / post-deploy-checks (push) Successful in 2m18s
Ansible / Reboot Recovery Contract / validate (push) Has been cancelled
This commit is contained in:
@@ -0,0 +1,617 @@
|
||||
{
|
||||
"schema_version": "ai_agent_controlled_executor_handoff_v1",
|
||||
"generated_at": "2026-06-27T01:20:00+08:00",
|
||||
"program_status": {
|
||||
"overall_completion_percent": 100,
|
||||
"current_priority": "P0",
|
||||
"current_task_id": "P2-415",
|
||||
"next_task_id": "P2-416",
|
||||
"read_only_mode": true,
|
||||
"runtime_authority": "controlled_executor_handoff_readback_no_live_apply",
|
||||
"status_note": "P2-415 承接 P2-409 controlled apply queue,把 high 風險候選整理成可交給 executor 的 handoff packet:allowlist、Ansible check-mode、rollback、post-action verifier、Telegram evidence、KM / PlayBook trust 回寫全部要可讀。此 readback 不直接執行 live apply。"
|
||||
},
|
||||
"source_refs": [
|
||||
"docs/evaluations/ai_agent_high_risk_owner_review_queue_2026-06-19.json",
|
||||
"docs/evaluations/ai_agent_action_audit_ledger_2026-06-19.json",
|
||||
"docs/evaluations/ai_agent_action_owner_acceptance_event_bus_2026-06-19.json",
|
||||
"docs/evaluations/ai_agent_report_runtime_readiness_2026-06-12.json",
|
||||
"docs/evaluations/ai_agent_runtime_write_gate_review_2026-06-12.json",
|
||||
"docs/evaluations/ai_agent_post_write_verifier_package_2026-06-12.json",
|
||||
"docs/evaluations/ai_agent_learning_writeback_approval_package_2026-06-11.json",
|
||||
"docs/evaluations/ai_agent_telegram_receipt_approval_package_2026-06-11.json"
|
||||
],
|
||||
"source_readbacks": [
|
||||
{
|
||||
"readback_id": "p2_409_controlled_apply_queue",
|
||||
"source_schema_version": "ai_agent_high_risk_owner_review_queue_v1",
|
||||
"source_ref": "docs/evaluations/ai_agent_high_risk_owner_review_queue_2026-06-19.json",
|
||||
"endpoint": "GET /api/v1/agents/agent-high-risk-owner-review-queue",
|
||||
"owner_agent": "openclaw",
|
||||
"status": "loaded",
|
||||
"key_readback": "high 風險已轉 controlled_apply_queue;critical / secret / destructive / paid / force-push 維持 break-glass。",
|
||||
"next_action": "將 5 個 high packet 映射到 executor handoff route。"
|
||||
},
|
||||
{
|
||||
"readback_id": "p2_410_action_audit_ledger",
|
||||
"source_schema_version": "ai_agent_action_audit_ledger_v1",
|
||||
"source_ref": "docs/evaluations/ai_agent_action_audit_ledger_2026-06-19.json",
|
||||
"endpoint": "GET /api/v1/agents/agent-action-audit-ledger",
|
||||
"owner_agent": "hermes",
|
||||
"status": "loaded",
|
||||
"key_readback": "審計事件模板、redacted evidence refs、verifier receipt gate 已可讀。",
|
||||
"next_action": "讓 executor handoff packet 帶入 immutable audit fields。"
|
||||
},
|
||||
{
|
||||
"readback_id": "p2_411_handoff_event_bus",
|
||||
"source_schema_version": "ai_agent_action_owner_acceptance_event_bus_v1",
|
||||
"source_ref": "docs/evaluations/ai_agent_action_owner_acceptance_event_bus_2026-06-19.json",
|
||||
"endpoint": "GET /api/v1/agents/agent-action-owner-acceptance-event-bus",
|
||||
"owner_agent": "hermes",
|
||||
"status": "loaded",
|
||||
"key_readback": "交接事件、RAG proposal 與 verifier gate 已建好,但舊語意仍偏 no-write。",
|
||||
"next_action": "把 high 風險 handoff 從 owner hold 改成 controlled executor runway。"
|
||||
},
|
||||
{
|
||||
"readback_id": "runtime_readiness_low_medium_high",
|
||||
"source_schema_version": "ai_agent_report_runtime_readiness_v1",
|
||||
"source_ref": "docs/evaluations/ai_agent_report_runtime_readiness_2026-06-12.json",
|
||||
"endpoint": "GET /api/v1/agents/agent-report-runtime-readiness",
|
||||
"owner_agent": "openclaw",
|
||||
"status": "loaded",
|
||||
"key_readback": "low / medium / high policy 已允許 auto after guard,critical 才需要 break-glass。",
|
||||
"next_action": "把 policy 轉成 executor handoff allowlist 與 post-action verifier binding。"
|
||||
},
|
||||
{
|
||||
"readback_id": "runtime_write_gate_review",
|
||||
"source_schema_version": "ai_agent_runtime_write_gate_review_v1",
|
||||
"source_ref": "docs/evaluations/ai_agent_runtime_write_gate_review_2026-06-12.json",
|
||||
"endpoint": "GET /api/v1/agents/agent-runtime-write-gate-review",
|
||||
"owner_agent": "sre",
|
||||
"status": "loaded",
|
||||
"key_readback": "runtime write gate 已定義 dry-run hash、post-write verifier、redaction 欄位。",
|
||||
"next_action": "高風險 handoff packet 必須引用 check-mode 與 post-write verifier ref。"
|
||||
},
|
||||
{
|
||||
"readback_id": "post_write_verifier_package",
|
||||
"source_schema_version": "ai_agent_post_write_verifier_package_v1",
|
||||
"source_ref": "docs/evaluations/ai_agent_post_write_verifier_package_2026-06-12.json",
|
||||
"endpoint": "GET /api/v1/agents/agent-post-write-verifier-package",
|
||||
"owner_agent": "nemotron",
|
||||
"status": "loaded",
|
||||
"key_readback": "post-write verifier package、rollback lane 與 failure lane 已可讀。",
|
||||
"next_action": "每個 controlled executor packet 必須綁定 verifier 與 rollback lane。"
|
||||
},
|
||||
{
|
||||
"readback_id": "learning_writeback_package",
|
||||
"source_schema_version": "ai_agent_learning_writeback_approval_package_v1",
|
||||
"source_ref": "docs/evaluations/ai_agent_learning_writeback_approval_package_2026-06-11.json",
|
||||
"endpoint": "GET /api/v1/agents/agent-learning-writeback-approval-package",
|
||||
"owner_agent": "hermes",
|
||||
"status": "loaded",
|
||||
"key_readback": "KM、timeline learning、PlayBook trust 與 replay score 回寫欄位已定義。",
|
||||
"next_action": "讓 executor handoff packet 產出可回寫的 learning receipt preview。"
|
||||
},
|
||||
{
|
||||
"readback_id": "telegram_receipt_package",
|
||||
"source_schema_version": "ai_agent_telegram_receipt_approval_package_v1",
|
||||
"source_ref": "docs/evaluations/ai_agent_telegram_receipt_approval_package_2026-06-11.json",
|
||||
"endpoint": "GET /api/v1/agents/agent-telegram-receipt-approval-package",
|
||||
"owner_agent": "hermes",
|
||||
"status": "loaded",
|
||||
"key_readback": "Telegram receipt、queue、delivery、ack、failure、retry 欄位已定義;不得包含 token 或原始 chat id。",
|
||||
"next_action": "handoff 成功 / verifier 失敗 / rollback queued 都要能生成脫敏 Telegram evidence。"
|
||||
}
|
||||
],
|
||||
"handoff_truth": {
|
||||
"p2_409_controlled_apply_queue_loaded": true,
|
||||
"p2_410_audit_ledger_loaded": true,
|
||||
"p2_411_handoff_event_bus_loaded": true,
|
||||
"runtime_readiness_loaded": true,
|
||||
"runtime_write_gate_loaded": true,
|
||||
"post_write_verifier_loaded": true,
|
||||
"learning_writeback_loaded": true,
|
||||
"telegram_receipt_loaded": true,
|
||||
"high_risk_controlled_executor_handoff_ready": true,
|
||||
"high_risk_owner_review_required": false,
|
||||
"critical_break_glass_required": true,
|
||||
"allowlist_route_required": true,
|
||||
"ansible_check_mode_required": true,
|
||||
"rollback_plan_required": true,
|
||||
"post_action_verifier_required": true,
|
||||
"telegram_evidence_required": true,
|
||||
"km_writeback_required": true,
|
||||
"playbook_trust_writeback_required": true,
|
||||
"controlled_executor_dispatch_enabled": false,
|
||||
"live_apply_enabled": false,
|
||||
"critical_auto_bypass_allowed": false,
|
||||
"gateway_queue_write_enabled": false,
|
||||
"telegram_send_enabled": false,
|
||||
"bot_api_call_enabled": false,
|
||||
"km_write_enabled": false,
|
||||
"playbook_trust_write_enabled": false,
|
||||
"production_write_enabled": false,
|
||||
"secret_read_enabled": false,
|
||||
"paid_api_call_enabled": false,
|
||||
"host_write_enabled": false,
|
||||
"kubectl_action_enabled": false,
|
||||
"destructive_operation_enabled": false,
|
||||
"controlled_executor_dispatch_count_24h": 0,
|
||||
"live_apply_count_24h": 0,
|
||||
"gateway_queue_write_count_24h": 0,
|
||||
"telegram_send_count_24h": 0,
|
||||
"bot_api_call_count_24h": 0,
|
||||
"km_write_count_24h": 0,
|
||||
"playbook_trust_write_count_24h": 0,
|
||||
"production_write_count_24h": 0,
|
||||
"secret_read_count_24h": 0,
|
||||
"paid_api_call_count_24h": 0,
|
||||
"host_write_count_24h": 0,
|
||||
"kubectl_action_count_24h": 0,
|
||||
"destructive_operation_count_24h": 0,
|
||||
"truth_note": "high 風險不再停在人工佇列;5 個 high packet 已具備 controlled executor handoff 條件。此端點只讀回 handoff runway,實際 dispatch / live apply / Telegram send / KM writeback 仍由 executor 與 verifier 計數回報。"
|
||||
},
|
||||
"executor_handoff_packets": [
|
||||
{
|
||||
"packet_id": "handoff_high_security_response",
|
||||
"source_queue_item_id": "high_security_response_queue",
|
||||
"display_name": "資安回應受控 executor 交接",
|
||||
"risk_tier": "high",
|
||||
"owner_agent": "openclaw",
|
||||
"executor_agent": "security",
|
||||
"executor_type": "ansible_playbook",
|
||||
"handoff_status": "ready_for_controlled_executor",
|
||||
"controlled_route_id": "allowlisted_security_response_controlled_apply",
|
||||
"playbook_ref": "infra/ansible/playbooks/security-controlled-response.yml",
|
||||
"mcp_tool_ref": "mcp://security/readiness-and-diff",
|
||||
"check_mode_ref": "ansible-check/security-controlled-response",
|
||||
"verifier_ref": "verifier://security-post-action-readback",
|
||||
"rollback_ref": "rollback://security-no-secret-restore-plan",
|
||||
"telegram_evidence_ref": "telegram-evidence://security-controlled-apply-redacted",
|
||||
"km_writeback_ref": "km://security-controlled-apply-learning",
|
||||
"playbook_trust_ref": "playbook-trust://security-controlled-response",
|
||||
"allowlist_match": true,
|
||||
"check_mode_passed": true,
|
||||
"rollback_plan_ready": true,
|
||||
"post_action_verifier_ready": true,
|
||||
"telegram_evidence_ready": true,
|
||||
"km_writeback_ready": true,
|
||||
"playbook_trust_writeback_ready": true,
|
||||
"owner_response_required": false,
|
||||
"break_glass_required": false,
|
||||
"controlled_executor_handoff_allowed": true,
|
||||
"live_apply_performed": false,
|
||||
"side_effect_count": 0,
|
||||
"blocked_runtime_actions": ["secret read", "credentialed exploit", "active response without verifier"],
|
||||
"next_gate": "dispatch worker 從此 packet 取 check-mode receipt、執行 controlled apply,並把 verifier 結果回寫 KM / PlayBook trust。"
|
||||
},
|
||||
{
|
||||
"packet_id": "handoff_high_data_config_apply",
|
||||
"source_queue_item_id": "high_data_config_apply_queue",
|
||||
"display_name": "資料與設定受控 executor 交接",
|
||||
"risk_tier": "high",
|
||||
"owner_agent": "sre",
|
||||
"executor_agent": "devops",
|
||||
"executor_type": "ansible_playbook",
|
||||
"handoff_status": "ready_for_controlled_executor",
|
||||
"controlled_route_id": "allowlisted_config_drift_controlled_apply",
|
||||
"playbook_ref": "infra/ansible/playbooks/config-drift-controlled-apply.yml",
|
||||
"mcp_tool_ref": "mcp://config/rendered-diff",
|
||||
"check_mode_ref": "ansible-check/config-drift-controlled-apply",
|
||||
"verifier_ref": "verifier://config-route-smoke",
|
||||
"rollback_ref": "rollback://config-source-of-truth-revert",
|
||||
"telegram_evidence_ref": "telegram-evidence://config-apply-redacted",
|
||||
"km_writeback_ref": "km://config-drift-learning",
|
||||
"playbook_trust_ref": "playbook-trust://config-controlled-apply",
|
||||
"allowlist_match": true,
|
||||
"check_mode_passed": true,
|
||||
"rollback_plan_ready": true,
|
||||
"post_action_verifier_ready": true,
|
||||
"telegram_evidence_ready": true,
|
||||
"km_writeback_ready": true,
|
||||
"playbook_trust_writeback_ready": true,
|
||||
"owner_response_required": false,
|
||||
"break_glass_required": false,
|
||||
"controlled_executor_handoff_allowed": true,
|
||||
"live_apply_performed": false,
|
||||
"side_effect_count": 0,
|
||||
"blocked_runtime_actions": ["DB DROP", "restore apply", "retention prune"],
|
||||
"next_gate": "dispatch worker 只能對 source-of-truth diff 執行 check-mode 通過的 controlled apply。"
|
||||
},
|
||||
{
|
||||
"packet_id": "handoff_high_live_telegram_gateway_send",
|
||||
"source_queue_item_id": "high_live_telegram_gateway_send_queue",
|
||||
"display_name": "Telegram Gateway 受控 executor 交接",
|
||||
"risk_tier": "high",
|
||||
"owner_agent": "hermes",
|
||||
"executor_agent": "hermes",
|
||||
"executor_type": "telegram_gateway_queue",
|
||||
"handoff_status": "ready_for_controlled_executor",
|
||||
"controlled_route_id": "allowlisted_failure_only_telegram_gateway",
|
||||
"playbook_ref": "infra/ansible/playbooks/telegram-gateway-route-check.yml",
|
||||
"mcp_tool_ref": "mcp://telegram-gateway/no-secret-preview",
|
||||
"check_mode_ref": "gateway-check/failure-only-dedupe-preview",
|
||||
"verifier_ref": "verifier://telegram-receipt-redacted-readback",
|
||||
"rollback_ref": "rollback://telegram-dedupe-and-silence-revert",
|
||||
"telegram_evidence_ref": "telegram-evidence://gateway-message-shape-redacted",
|
||||
"km_writeback_ref": "km://telegram-delivery-learning",
|
||||
"playbook_trust_ref": "playbook-trust://telegram-gateway-controlled-send",
|
||||
"allowlist_match": true,
|
||||
"check_mode_passed": true,
|
||||
"rollback_plan_ready": true,
|
||||
"post_action_verifier_ready": true,
|
||||
"telegram_evidence_ready": true,
|
||||
"km_writeback_ready": true,
|
||||
"playbook_trust_writeback_ready": true,
|
||||
"owner_response_required": false,
|
||||
"break_glass_required": false,
|
||||
"controlled_executor_handoff_allowed": true,
|
||||
"live_apply_performed": false,
|
||||
"side_effect_count": 0,
|
||||
"blocked_runtime_actions": ["direct Bot API", "token read", "raw chat id display"],
|
||||
"next_gate": "dispatch worker 必須走 Gateway、dedupe key 與 redacted receipt;不得直接 Bot API。"
|
||||
},
|
||||
{
|
||||
"packet_id": "handoff_high_report_source_gap_work_item_write",
|
||||
"source_queue_item_id": "high_report_source_gap_work_item_write_queue",
|
||||
"display_name": "報表缺口與 KM 回寫 executor 交接",
|
||||
"risk_tier": "high",
|
||||
"owner_agent": "hermes",
|
||||
"executor_agent": "nemotron",
|
||||
"executor_type": "km_playbook_writer",
|
||||
"handoff_status": "ready_for_controlled_executor",
|
||||
"controlled_route_id": "allowlisted_report_gap_learning_writeback",
|
||||
"playbook_ref": "playbooks/report-source-gap-learning.yml",
|
||||
"mcp_tool_ref": "mcp://knowledge/redacted-learning-packet",
|
||||
"check_mode_ref": "writer-check/report-gap-learning-preview",
|
||||
"verifier_ref": "verifier://km-playbook-trust-receipt",
|
||||
"rollback_ref": "rollback://km-learning-entry-revert-preview",
|
||||
"telegram_evidence_ref": "telegram-evidence://learning-writeback-summary",
|
||||
"km_writeback_ref": "km://report-source-gap-learning",
|
||||
"playbook_trust_ref": "playbook-trust://report-gap-remediation",
|
||||
"allowlist_match": true,
|
||||
"check_mode_passed": true,
|
||||
"rollback_plan_ready": true,
|
||||
"post_action_verifier_ready": true,
|
||||
"telegram_evidence_ready": true,
|
||||
"km_writeback_ready": true,
|
||||
"playbook_trust_writeback_ready": true,
|
||||
"owner_response_required": false,
|
||||
"break_glass_required": false,
|
||||
"controlled_executor_handoff_allowed": true,
|
||||
"live_apply_performed": false,
|
||||
"side_effect_count": 0,
|
||||
"blocked_runtime_actions": ["raw report payload write", "private reasoning write", "unbounded embedding write"],
|
||||
"next_gate": "dispatch worker 只寫 redacted learning packet,並以 verifier receipt 更新 trust delta。"
|
||||
},
|
||||
{
|
||||
"packet_id": "handoff_high_host_kubectl_orchestrated_change",
|
||||
"source_queue_item_id": "high_host_kubectl_orchestrated_change_queue",
|
||||
"display_name": "主機與 K8s 受控 executor 交接",
|
||||
"risk_tier": "high",
|
||||
"owner_agent": "sre",
|
||||
"executor_agent": "sre",
|
||||
"executor_type": "ansible_playbook",
|
||||
"handoff_status": "ready_for_controlled_executor",
|
||||
"controlled_route_id": "allowlisted_host_k8s_check_mode_apply",
|
||||
"playbook_ref": "infra/ansible/playbooks/host-k8s-controlled-apply.yml",
|
||||
"mcp_tool_ref": "mcp://sre/topology-and-health-readback",
|
||||
"check_mode_ref": "ansible-check/host-k8s-controlled-apply",
|
||||
"verifier_ref": "verifier://host-k8s-health-postcheck",
|
||||
"rollback_ref": "rollback://host-k8s-controlled-revert",
|
||||
"telegram_evidence_ref": "telegram-evidence://host-k8s-apply-summary",
|
||||
"km_writeback_ref": "km://host-k8s-remediation-learning",
|
||||
"playbook_trust_ref": "playbook-trust://host-k8s-controlled-apply",
|
||||
"allowlist_match": true,
|
||||
"check_mode_passed": true,
|
||||
"rollback_plan_ready": true,
|
||||
"post_action_verifier_ready": true,
|
||||
"telegram_evidence_ready": true,
|
||||
"km_writeback_ready": true,
|
||||
"playbook_trust_writeback_ready": true,
|
||||
"owner_response_required": false,
|
||||
"break_glass_required": false,
|
||||
"controlled_executor_handoff_allowed": true,
|
||||
"live_apply_performed": false,
|
||||
"side_effect_count": 0,
|
||||
"blocked_runtime_actions": ["reboot", "node drain", "force rollout without verifier"],
|
||||
"next_gate": "dispatch worker 必須先完成 target selector、check-mode、blast-radius guard 與 rollback stop condition。"
|
||||
},
|
||||
{
|
||||
"packet_id": "handoff_critical_model_cost_provider_change",
|
||||
"source_queue_item_id": "critical_model_cost_provider_change_queue",
|
||||
"display_name": "模型角色與費用 break-glass",
|
||||
"risk_tier": "critical",
|
||||
"owner_agent": "openclaw",
|
||||
"executor_agent": "openclaw",
|
||||
"executor_type": "break_glass_only",
|
||||
"handoff_status": "critical_break_glass_only",
|
||||
"controlled_route_id": "blocked_critical_model_cost_provider_boundary",
|
||||
"playbook_ref": "adr://market-replay-shadow-canary-required",
|
||||
"mcp_tool_ref": "mcp://agent-market/scorecard-readback",
|
||||
"check_mode_ref": "not-applicable-critical-break-glass",
|
||||
"verifier_ref": "verifier://agent-market-replay-shadow-canary",
|
||||
"rollback_ref": "rollback://provider-route-fallback",
|
||||
"telegram_evidence_ref": "telegram-evidence://critical-cost-provider-summary",
|
||||
"km_writeback_ref": "km://agent-market-decision-learning",
|
||||
"playbook_trust_ref": "playbook-trust://agent-provider-role-decision",
|
||||
"allowlist_match": false,
|
||||
"check_mode_passed": false,
|
||||
"rollback_plan_ready": true,
|
||||
"post_action_verifier_ready": true,
|
||||
"telegram_evidence_ready": true,
|
||||
"km_writeback_ready": true,
|
||||
"playbook_trust_writeback_ready": true,
|
||||
"owner_response_required": true,
|
||||
"break_glass_required": true,
|
||||
"controlled_executor_handoff_allowed": false,
|
||||
"live_apply_performed": false,
|
||||
"side_effect_count": 0,
|
||||
"blocked_runtime_actions": ["OpenClaw replacement", "paid provider switch", "cost quota change"],
|
||||
"next_gate": "必須先有市場分數、replay、shadow、canary 與費用邊界,不能由一般 high 風險自動化覆蓋。"
|
||||
},
|
||||
{
|
||||
"packet_id": "handoff_critical_secret_paid_provider_boundary",
|
||||
"source_queue_item_id": "critical_secret_paid_provider_boundary_queue",
|
||||
"display_name": "secret 與付費 provider break-glass",
|
||||
"risk_tier": "critical",
|
||||
"owner_agent": "security",
|
||||
"executor_agent": "security",
|
||||
"executor_type": "break_glass_only",
|
||||
"handoff_status": "critical_break_glass_only",
|
||||
"controlled_route_id": "blocked_critical_secret_paid_provider_boundary",
|
||||
"playbook_ref": "policy://secret-paid-provider-break-glass",
|
||||
"mcp_tool_ref": "mcp://security/secret-metadata-only",
|
||||
"check_mode_ref": "not-applicable-critical-break-glass",
|
||||
"verifier_ref": "verifier://secret-boundary-and-cost-cap",
|
||||
"rollback_ref": "rollback://provider-secret-metadata-revert",
|
||||
"telegram_evidence_ref": "telegram-evidence://critical-secret-boundary-summary",
|
||||
"km_writeback_ref": "km://secret-boundary-learning",
|
||||
"playbook_trust_ref": "playbook-trust://secret-provider-boundary",
|
||||
"allowlist_match": false,
|
||||
"check_mode_passed": false,
|
||||
"rollback_plan_ready": true,
|
||||
"post_action_verifier_ready": true,
|
||||
"telegram_evidence_ready": true,
|
||||
"km_writeback_ready": true,
|
||||
"playbook_trust_writeback_ready": true,
|
||||
"owner_response_required": true,
|
||||
"break_glass_required": true,
|
||||
"controlled_executor_handoff_allowed": false,
|
||||
"live_apply_performed": false,
|
||||
"side_effect_count": 0,
|
||||
"blocked_runtime_actions": ["secret value read", "paid API expansion", "privacy egress change"],
|
||||
"next_gate": "只允許 metadata 與 evidence ref;secret value、付費 provider 擴張與隱私外送必須 break-glass。"
|
||||
}
|
||||
],
|
||||
"executor_routes": [
|
||||
{
|
||||
"route_id": "ansible_check_mode_controlled_apply",
|
||||
"display_name": "Ansible check-mode controlled apply",
|
||||
"executor_agent": "sre",
|
||||
"route_status": "ready_for_handoff",
|
||||
"required_inputs": ["target selector", "source-of-truth ref", "check-mode receipt", "rollback owner", "post-action verifier"],
|
||||
"blocked_actions": ["reboot", "node drain", "destructive DB operation"],
|
||||
"live_apply_allowed_by_this_readback": false
|
||||
},
|
||||
{
|
||||
"route_id": "mcp_tool_registry_preflight",
|
||||
"display_name": "MCP tool registry preflight",
|
||||
"executor_agent": "openclaw",
|
||||
"route_status": "ready_for_handoff",
|
||||
"required_inputs": ["tool scope", "risk tier", "allowed action", "blocked action", "redacted evidence ref"],
|
||||
"blocked_actions": ["unregistered tool call", "raw secret volume access"],
|
||||
"live_apply_allowed_by_this_readback": false
|
||||
},
|
||||
{
|
||||
"route_id": "telegram_gateway_redacted_evidence",
|
||||
"display_name": "Telegram Gateway redacted evidence",
|
||||
"executor_agent": "hermes",
|
||||
"route_status": "ready_for_handoff",
|
||||
"required_inputs": ["canonical room env", "dedupe key", "message shape", "receipt expectation", "redaction proof"],
|
||||
"blocked_actions": ["direct Bot API", "raw chat id display", "token read"],
|
||||
"live_apply_allowed_by_this_readback": false
|
||||
},
|
||||
{
|
||||
"route_id": "km_playbook_trust_writer",
|
||||
"display_name": "KM / PlayBook trust writer",
|
||||
"executor_agent": "nemotron",
|
||||
"route_status": "ready_for_handoff",
|
||||
"required_inputs": ["redacted learning packet", "matched playbook id", "verifier receipt", "rollback criteria", "trust delta"],
|
||||
"blocked_actions": ["private reasoning write", "unbounded embedding write"],
|
||||
"live_apply_allowed_by_this_readback": false
|
||||
},
|
||||
{
|
||||
"route_id": "post_action_verifier_and_rollback",
|
||||
"display_name": "Post-action verifier and rollback lane",
|
||||
"executor_agent": "sre",
|
||||
"route_status": "ready_for_handoff",
|
||||
"required_inputs": ["pre-state ref", "post-state ref", "failure threshold", "rollback stop condition"],
|
||||
"blocked_actions": ["verifier without baseline", "rollback without stop condition"],
|
||||
"live_apply_allowed_by_this_readback": false
|
||||
}
|
||||
],
|
||||
"verifier_bindings": [
|
||||
{
|
||||
"binding_id": "binding_ansible_check_mode",
|
||||
"display_name": "Ansible check-mode receipt binding",
|
||||
"owner_agent": "sre",
|
||||
"required_before_dispatch": true,
|
||||
"ready_count": 5,
|
||||
"blocked_count": 0,
|
||||
"failure_if_missing": "缺 check-mode receipt 時不得 dispatch controlled executor。"
|
||||
},
|
||||
{
|
||||
"binding_id": "binding_rollback_owner",
|
||||
"display_name": "Rollback owner and stop condition binding",
|
||||
"owner_agent": "sre",
|
||||
"required_before_dispatch": true,
|
||||
"ready_count": 5,
|
||||
"blocked_count": 0,
|
||||
"failure_if_missing": "缺 rollback owner 或 stop condition 時不得 apply。"
|
||||
},
|
||||
{
|
||||
"binding_id": "binding_post_action_verifier",
|
||||
"display_name": "Post-action verifier binding",
|
||||
"owner_agent": "nemotron",
|
||||
"required_before_dispatch": true,
|
||||
"ready_count": 5,
|
||||
"blocked_count": 0,
|
||||
"failure_if_missing": "缺 verifier ref 時不得視為自動化閉環。"
|
||||
},
|
||||
{
|
||||
"binding_id": "binding_learning_writeback",
|
||||
"display_name": "KM / PlayBook trust writeback binding",
|
||||
"owner_agent": "hermes",
|
||||
"required_before_dispatch": true,
|
||||
"ready_count": 5,
|
||||
"blocked_count": 0,
|
||||
"failure_if_missing": "缺 learning receipt 時不得更新完成度。"
|
||||
},
|
||||
{
|
||||
"binding_id": "binding_telegram_evidence",
|
||||
"display_name": "Telegram redacted evidence binding",
|
||||
"owner_agent": "hermes",
|
||||
"required_before_dispatch": true,
|
||||
"ready_count": 5,
|
||||
"blocked_count": 0,
|
||||
"failure_if_missing": "缺 redacted Telegram evidence 時不得對外宣稱已處理。"
|
||||
}
|
||||
],
|
||||
"learning_writeback_contracts": [
|
||||
{
|
||||
"contract_id": "km_execution_receipt",
|
||||
"display_name": "KM execution receipt",
|
||||
"owner_agent": "hermes",
|
||||
"target_store": "knowledge_entries",
|
||||
"writeback_status": "ready_for_executor_receipt",
|
||||
"required_fields": ["decision id", "executor route", "verifier result", "redacted evidence refs", "rollback outcome"],
|
||||
"runtime_write_performed": false
|
||||
},
|
||||
{
|
||||
"contract_id": "playbook_trust_delta",
|
||||
"display_name": "PlayBook trust delta",
|
||||
"owner_agent": "openclaw",
|
||||
"target_store": "playbooks",
|
||||
"writeback_status": "ready_for_executor_receipt",
|
||||
"required_fields": ["matched playbook id", "success or failure", "verifier confidence", "negative reinforcement reason"],
|
||||
"runtime_write_performed": false
|
||||
},
|
||||
{
|
||||
"contract_id": "timeline_event_append",
|
||||
"display_name": "Timeline event append",
|
||||
"owner_agent": "hermes",
|
||||
"target_store": "timeline_events",
|
||||
"writeback_status": "ready_for_executor_receipt",
|
||||
"required_fields": ["agent role", "affected scope", "decision reason", "executor status", "post-check result"],
|
||||
"runtime_write_performed": false
|
||||
}
|
||||
],
|
||||
"activation_boundaries": {
|
||||
"committed_snapshot_read_allowed": true,
|
||||
"controlled_executor_handoff_preview_allowed": true,
|
||||
"ansible_check_mode_receipt_preview_allowed": true,
|
||||
"mcp_tool_registry_route_preview_allowed": true,
|
||||
"post_action_verifier_binding_preview_allowed": true,
|
||||
"telegram_evidence_preview_allowed": true,
|
||||
"km_playbook_trust_writeback_preview_allowed": true,
|
||||
"controlled_executor_dispatch_enabled": false,
|
||||
"live_apply_enabled": false,
|
||||
"gateway_queue_write_enabled": false,
|
||||
"telegram_send_enabled": false,
|
||||
"bot_api_call_enabled": false,
|
||||
"km_write_enabled": false,
|
||||
"playbook_trust_write_enabled": false,
|
||||
"production_write_enabled": false,
|
||||
"secret_read_enabled": false,
|
||||
"paid_api_call_enabled": false,
|
||||
"host_write_enabled": false,
|
||||
"kubectl_action_enabled": false,
|
||||
"destructive_operation_enabled": false
|
||||
},
|
||||
"display_redaction_contract": {
|
||||
"redaction_required": true,
|
||||
"raw_tool_output_display_allowed": false,
|
||||
"raw_runtime_payload_display_allowed": false,
|
||||
"raw_telegram_payload_display_allowed": false,
|
||||
"private_reasoning_display_allowed": false,
|
||||
"secret_value_display_allowed": false,
|
||||
"work_window_transcript_display_allowed": false,
|
||||
"allowed_display_fields": [
|
||||
"packet_id",
|
||||
"display_name",
|
||||
"risk_tier",
|
||||
"owner_agent",
|
||||
"executor_agent",
|
||||
"executor_type",
|
||||
"handoff_status",
|
||||
"controlled_route_id",
|
||||
"check_mode_ref",
|
||||
"verifier_ref",
|
||||
"rollback_ref",
|
||||
"telegram_evidence_ref",
|
||||
"km_writeback_ref",
|
||||
"playbook_trust_ref",
|
||||
"rollups"
|
||||
],
|
||||
"blocked_display_fields": [
|
||||
"raw tool output",
|
||||
"raw runtime payload",
|
||||
"raw Telegram payload",
|
||||
"private reasoning",
|
||||
"secret value",
|
||||
"authorization header",
|
||||
"work window transcript"
|
||||
]
|
||||
},
|
||||
"rollups": {
|
||||
"source_readback_count": 8,
|
||||
"handoff_packet_count": 7,
|
||||
"ready_for_controlled_executor_count": 5,
|
||||
"critical_break_glass_count": 2,
|
||||
"high_risk_packet_count": 5,
|
||||
"critical_packet_count": 2,
|
||||
"ansible_check_mode_packet_count": 3,
|
||||
"mcp_tool_route_count": 7,
|
||||
"post_action_verifier_binding_count": 5,
|
||||
"telegram_evidence_binding_count": 5,
|
||||
"km_writeback_binding_count": 5,
|
||||
"playbook_trust_writeback_binding_count": 5,
|
||||
"owner_response_required_count": 2,
|
||||
"blocked_by_critical_boundary_count": 2,
|
||||
"missing_check_mode_count": 0,
|
||||
"missing_rollback_count": 0,
|
||||
"missing_verifier_count": 0,
|
||||
"missing_telegram_evidence_count": 0,
|
||||
"missing_learning_writeback_count": 0,
|
||||
"executor_route_count": 5,
|
||||
"verifier_binding_count": 5,
|
||||
"learning_writeback_contract_count": 3,
|
||||
"controlled_executor_dispatch_count": 0,
|
||||
"live_apply_count": 0,
|
||||
"gateway_queue_write_count": 0,
|
||||
"telegram_send_count": 0,
|
||||
"bot_api_call_count": 0,
|
||||
"km_write_count": 0,
|
||||
"playbook_trust_write_count": 0,
|
||||
"production_write_count": 0,
|
||||
"secret_read_count": 0,
|
||||
"paid_api_call_count": 0,
|
||||
"host_write_count": 0,
|
||||
"kubectl_action_count": 0,
|
||||
"destructive_operation_count": 0
|
||||
},
|
||||
"next_actions": [
|
||||
{
|
||||
"task_id": "P2-416",
|
||||
"priority": "P0",
|
||||
"summary": "建立 controlled executor dispatch worker dry-run,從 P2-415 handoff packet 產生 executor run preview、idempotency key、failure lane 與 verifier queue。",
|
||||
"gate": "dispatch worker 必須只接受 ready_for_controlled_executor,critical_break_glass_only 仍拒收。"
|
||||
},
|
||||
{
|
||||
"task_id": "P2-417",
|
||||
"priority": "P0",
|
||||
"summary": "把 executor receipt 寫回 AwoooP status-chain、日 / 週 / 月報與 Telegram redacted evidence,讓使用者看到每個 Agent 的實際處理量。",
|
||||
"gate": "receipt 必須有 verifier result、rollback outcome、KM / PlayBook trust writeback ref。"
|
||||
}
|
||||
]
|
||||
}
|
||||
Reference in New Issue
Block a user