refactor(api): Phase 17 P1 Tier 3 紅區服務 Protocol 定義

新增 5 個紅區核心服務的 Protocol 介面:
- IDecisionManager: 決策狀態機
- ITrustScoreManager: 信任評分引擎
- IIncidentEngine: 事件處理引擎
- IMultiSigRedisService: 分散式鎖服務
- ITelegramSecurityInterceptor: 安全攔截器

符合 leWOOOgo 積木化規範:
- 支援依賴注入 (DI)
- 便於測試時 Mock
- 型別約束確保實作一致性

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
OG T
2026-03-26 12:49:30 +08:00
parent 702e9a9634
commit d1f0bbfbcd
5 changed files with 237 additions and 3 deletions

View File

@@ -16,6 +16,7 @@ Features:
import time
from dataclasses import dataclass
from typing import Protocol, runtime_checkable
import structlog
@@ -166,6 +167,49 @@ class SignatureVerificationError(SecurityInterceptorError):
pass
# =============================================================================
# Protocol Interface (Phase 17 P1 - 紅區治理)
# =============================================================================
@runtime_checkable
class ITelegramSecurityInterceptor(Protocol):
"""
TelegramSecurityInterceptor 介面定義
用途:
- 依賴注入 (DI) 時的型別約束
- 測試時 Mock 的型別檢查
- 符合 leWOOOgo 積木化規範
Tier 3 紅區服務: 修改需首席架構師簽核
@see feedback_lewooogo_modular_enforcement.md
@see docs/RED_ZONES.md
"""
async def initialize(self) -> bool:
"""初始化攔截器"""
...
def is_whitelisted(self, user_id: int) -> bool:
"""檢查 user_id 是否在白名單內"""
...
async def verify_callback(
self,
user_id: int,
callback_id: str,
nonce: str | None = None,
) -> TelegramUser:
"""驗證 Telegram Callback 請求"""
...
@property
def whitelist(self) -> list[int]:
"""取得白名單 user_id 列表"""
...
class TelegramSecurityInterceptor:
"""
Telegram 安全攔截器