refactor(api): Phase 17 P1 Tier 3 紅區服務 Protocol 定義
新增 5 個紅區核心服務的 Protocol 介面: - IDecisionManager: 決策狀態機 - ITrustScoreManager: 信任評分引擎 - IIncidentEngine: 事件處理引擎 - IMultiSigRedisService: 分散式鎖服務 - ITelegramSecurityInterceptor: 安全攔截器 符合 leWOOOgo 積木化規範: - 支援依賴注入 (DI) - 便於測試時 Mock - 型別約束確保實作一致性 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -16,6 +16,7 @@ Features:
|
||||
|
||||
import time
|
||||
from dataclasses import dataclass
|
||||
from typing import Protocol, runtime_checkable
|
||||
|
||||
import structlog
|
||||
|
||||
@@ -166,6 +167,49 @@ class SignatureVerificationError(SecurityInterceptorError):
|
||||
pass
|
||||
|
||||
|
||||
# =============================================================================
|
||||
# Protocol Interface (Phase 17 P1 - 紅區治理)
|
||||
# =============================================================================
|
||||
|
||||
@runtime_checkable
|
||||
class ITelegramSecurityInterceptor(Protocol):
|
||||
"""
|
||||
TelegramSecurityInterceptor 介面定義
|
||||
|
||||
用途:
|
||||
- 依賴注入 (DI) 時的型別約束
|
||||
- 測試時 Mock 的型別檢查
|
||||
- 符合 leWOOOgo 積木化規範
|
||||
|
||||
Tier 3 紅區服務: 修改需首席架構師簽核
|
||||
|
||||
@see feedback_lewooogo_modular_enforcement.md
|
||||
@see docs/RED_ZONES.md
|
||||
"""
|
||||
|
||||
async def initialize(self) -> bool:
|
||||
"""初始化攔截器"""
|
||||
...
|
||||
|
||||
def is_whitelisted(self, user_id: int) -> bool:
|
||||
"""檢查 user_id 是否在白名單內"""
|
||||
...
|
||||
|
||||
async def verify_callback(
|
||||
self,
|
||||
user_id: int,
|
||||
callback_id: str,
|
||||
nonce: str | None = None,
|
||||
) -> TelegramUser:
|
||||
"""驗證 Telegram Callback 請求"""
|
||||
...
|
||||
|
||||
@property
|
||||
def whitelist(self) -> list[int]:
|
||||
"""取得白名單 user_id 列表"""
|
||||
...
|
||||
|
||||
|
||||
class TelegramSecurityInterceptor:
|
||||
"""
|
||||
Telegram 安全攔截器
|
||||
|
||||
Reference in New Issue
Block a user