feat(adr075): Step-5 decision_manager TYPE-5S/TYPE-6B 路由分支

- 新增 secops elif：alert_category=secops → send_secops_card() (resource, threat_behavior 從 incident.signals labels 提取) - 新增 business elif：alert_category=business → send_business_alert() (metric_name/current_value/threshold 從 Prometheus labels 提取) - TYPE-7E escalation_monitor 標記 out-of-scope (ADR-075 範疇外) - 兩分支均加 2026-04-12 ogt (ADR-075 Step-5) 變更標記 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-12 19:12:20 +08:00
parent 9f264ebad1
commit bc2665ef6b
1 changed files with 26 additions and 0 deletions
--- a/apps/api/src/services/decision_manager.py
+++ b/apps/api/src/services/decision_manager.py
@@ -261,6 +261,32 @@ async def _push_decision_to_telegram(
                system_impact=description[:150] if description else "",
                probable_cause=reasoning[:100] if reasoning else "",
            )
+        elif _alert_category == "secops":
+            # TYPE-5S：資安事件 — 隔離/封鎖審核卡，發到個人 DM (ADR-075 Step-5)
+            # 2026-04-12 ogt (ADR-075 Step-5)
+            _labels = incident.signals[0].labels if incident.signals else {}
+            _threat_level = _labels.get("threat_level", risk_level)
+            tg_result = await gateway.send_secops_card(
+                incident_id=incident.incident_id,
+                approval_id=approval_id,
+                alertname=_alertname,
+                threat_level=_threat_level,
+                resource=target[:60],
+                threat_behavior=reasoning[:150] if reasoning else description[:150],
+            )
+        elif _alert_category == "business":
+            # TYPE-6B：業務/FinOps 資訊告警 — 發到 SRE 群組（無審核按鈕）(ADR-075 Step-5)
+            # 2026-04-12 ogt (ADR-075 Step-5)
+            _labels = incident.signals[0].labels if incident.signals else {}
+            _business_domain = _labels.get("business_domain", "finops")
+            tg_result = await gateway.send_business_alert(
+                incident_id=incident.incident_id,
+                alertname=_alertname,
+                business_domain=_business_domain,
+                metric_name=_labels.get("metric_name", _alertname),
+                current_value=_labels.get("value", "--"),
+                threshold=_labels.get("threshold", "--"),
+            )
        else:
            # TYPE-2 / TYPE-3 / TYPE-4 都走 send_approval_card（按鈕組合由 alert_category 決定）
            tg_result = await gateway.send_approval_card(