From bc2665ef6b684e0f69451ca341766a0f933b47b2 Mon Sep 17 00:00:00 2001
From: OG T <ogt@WOOOMacMiniM4.local>
Date: Sun, 12 Apr 2026 19:12:20 +0800
Subject: [PATCH] =?UTF-8?q?feat(adr075):=20Step-5=20decision=5Fmanager=20T?=
 =?UTF-8?q?YPE-5S/TYPE-6B=20=E8=B7=AF=E7=94=B1=E5=88=86=E6=94=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 新增 secops elif：alert_category=secops → send_secops_card()
  (resource, threat_behavior 從 incident.signals labels 提取)
- 新增 business elif：alert_category=business → send_business_alert()
  (metric_name/current_value/threshold 從 Prometheus labels 提取)
- TYPE-7E escalation_monitor 標記 out-of-scope (ADR-075 範疇外)
- 兩分支均加 2026-04-12 ogt (ADR-075 Step-5) 變更標記

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 apps/api/src/services/decision_manager.py | 26 +++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/apps/api/src/services/decision_manager.py b/apps/api/src/services/decision_manager.py
index 150040e9..319981b2 100644
--- a/apps/api/src/services/decision_manager.py
+++ b/apps/api/src/services/decision_manager.py
@@ -261,6 +261,32 @@ async def _push_decision_to_telegram(
                 system_impact=description[:150] if description else "",
                 probable_cause=reasoning[:100] if reasoning else "",
             )
+        elif _alert_category == "secops":
+            # TYPE-5S：資安事件 — 隔離/封鎖審核卡，發到個人 DM (ADR-075 Step-5)
+            # 2026-04-12 ogt (ADR-075 Step-5)
+            _labels = incident.signals[0].labels if incident.signals else {}
+            _threat_level = _labels.get("threat_level", risk_level)
+            tg_result = await gateway.send_secops_card(
+                incident_id=incident.incident_id,
+                approval_id=approval_id,
+                alertname=_alertname,
+                threat_level=_threat_level,
+                resource=target[:60],
+                threat_behavior=reasoning[:150] if reasoning else description[:150],
+            )
+        elif _alert_category == "business":
+            # TYPE-6B：業務/FinOps 資訊告警 — 發到 SRE 群組（無審核按鈕）(ADR-075 Step-5)
+            # 2026-04-12 ogt (ADR-075 Step-5)
+            _labels = incident.signals[0].labels if incident.signals else {}
+            _business_domain = _labels.get("business_domain", "finops")
+            tg_result = await gateway.send_business_alert(
+                incident_id=incident.incident_id,
+                alertname=_alertname,
+                business_domain=_business_domain,
+                metric_name=_labels.get("metric_name", _alertname),
+                current_value=_labels.get("value", "--"),
+                threshold=_labels.get("threshold", "--"),
+            )
         else:
             # TYPE-2 / TYPE-3 / TYPE-4 都走 send_approval_card（按鈕組合由 alert_category 決定）
             tg_result = await gateway.send_approval_card(