diff --git a/apps/api/src/services/openclaw.py b/apps/api/src/services/openclaw.py index 325da25e..fcb1ce1c 100644 --- a/apps/api/src/services/openclaw.py +++ b/apps/api/src/services/openclaw.py @@ -960,11 +960,15 @@ class OpenClawService: # 把 primary 移到首位 (保留原始 fallback) provider_order = [_primary] + [p for p in provider_order if p != _primary] # 過濾被停用的 Provider - _filtered = [p for p in provider_order if not await is_provider_disabled(p)] + # C2 修復 (2026-04-03 首席架構師審查): Python 3.11 不支援 list comprehension 中 await + _filtered = [] + for _p in provider_order: + if not await is_provider_disabled(_p): + _filtered.append(_p) if _filtered: provider_order = _filtered - except Exception: - pass + except Exception as _e: + logger.warning("ai_control_override_failed", error=str(_e)) # Step 3: D7 隱私 — DIAGNOSE/CODE_REVIEW 強制 local require_local = decision.intent in (IntentType.DIAGNOSE, IntentType.CODE_REVIEW) diff --git a/apps/api/src/services/telegram_gateway.py b/apps/api/src/services/telegram_gateway.py index 105fead3..d4aa86e2 100644 --- a/apps/api/src/services/telegram_gateway.py +++ b/apps/api/src/services/telegram_gateway.py @@ -2800,9 +2800,10 @@ class TelegramGateway: # 2. /ai 指令攔截 (Phase 24 C — 2026-04-03 ogt) # 白名單: OPENCLAW_TG_USER_WHITELIST (與審核白名單共用) if text.strip().lower().startswith("/ai"): + # C1 修復 (2026-04-03 首席架構師審查): Fail-Closed — 白名單空時拒絕所有人 whitelist = settings.get_tg_user_whitelist() - if whitelist and user_id not in whitelist: - logger.warning("telegram_ai_command_unauthorized", user_id=user_id) + if not whitelist or user_id not in whitelist: + logger.warning("telegram_ai_command_unauthorized", user_id=user_id, whitelist_empty=not whitelist) await self.send_notification( "⛔ 未授權:/ai 指令僅限白名單用戶", parse_mode="HTML",