fix(ai): 首席架構師審查修復 C1+C2 (Phase 24 C)

C1 — telegram_gateway.py Fail-Closed 白名單: 白名單為空時 'if whitelist and ...' 為 False → 任何人可執行 /ai 修復: 'if not whitelist or user_id not in whitelist' Fail-Closed 加入 whitelist_empty 欄位到 warning log C2 — openclaw.py list comprehension await 語法錯誤: Python 3.11 不支援 list comprehension 中使用 await 'if not await is_provider_disabled(p)' → SyntaxError 修復: 改為 for loop 明確 await I4: 靜默 except 改為 logger.warning Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-03 00:42:02 +08:00
parent 8bc086af58
commit b6105b8214
2 changed files with 10 additions and 5 deletions
--- a/apps/api/src/services/openclaw.py
+++ b/apps/api/src/services/openclaw.py
@@ -960,11 +960,15 @@ class OpenClawService:
                        # 把 primary 移到首位 (保留原始 fallback)
                        provider_order = [_primary] + [p for p in provider_order if p != _primary]
                    # 過濾被停用的 Provider
-                    _filtered = [p for p in provider_order if not await is_provider_disabled(p)]
+                    # C2 修復 (2026-04-03 首席架構師審查): Python 3.11 不支援 list comprehension 中 await
+                    _filtered = []
+                    for _p in provider_order:
+                        if not await is_provider_disabled(_p):
+                            _filtered.append(_p)
                    if _filtered:
                        provider_order = _filtered
-                except Exception:
-                    pass
+                except Exception as _e:
+                    logger.warning("ai_control_override_failed", error=str(_e))

                # Step 3: D7 隱私 — DIAGNOSE/CODE_REVIEW 強制 local
                require_local = decision.intent in (IntentType.DIAGNOSE, IntentType.CODE_REVIEW)
--- a/apps/api/src/services/telegram_gateway.py
+++ b/apps/api/src/services/telegram_gateway.py
@@ -2800,9 +2800,10 @@ class TelegramGateway:
        # 2. /ai 指令攔截 (Phase 24 C — 2026-04-03 ogt)
        # 白名單: OPENCLAW_TG_USER_WHITELIST (與審核白名單共用)
        if text.strip().lower().startswith("/ai"):
+            # C1 修復 (2026-04-03 首席架構師審查): Fail-Closed — 白名單空時拒絕所有人
            whitelist = settings.get_tg_user_whitelist()
-            if whitelist and user_id not in whitelist:
-                logger.warning("telegram_ai_command_unauthorized", user_id=user_id)
+            if not whitelist or user_id not in whitelist:
+                logger.warning("telegram_ai_command_unauthorized", user_id=user_id, whitelist_empty=not whitelist)
                await self.send_notification(
                    "⛔ 未授權：/ai 指令僅限白名單用戶",
                    parse_mode="HTML",