From d66effe62e689a6ea2a1376b763cf4a46c6d1357 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 5 Jun 2026 15:50:55 +0800 Subject: [PATCH] =?UTF-8?q?fix(governance):=20=E5=90=8C=E6=AD=A5=E6=9C=8D?= =?UTF-8?q?=E5=8B=99=E5=81=A5=E5=BA=B7=E9=80=9A=E7=9F=A5=E7=B4=85=E7=B7=9A?= =?UTF-8?q?=E5=A5=91=E7=B4=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...vice_health_failure_notification_policy.py | 14 +++++------ ...vice_health_failure_notification_policy.py | 12 +++++----- ..._health_failure_notification_policy_api.py | 2 +- ...ailure_notification_policy_2026-06-05.json | 24 +++++++++---------- 4 files changed, 26 insertions(+), 26 deletions(-) diff --git a/apps/api/src/services/service_health_failure_notification_policy.py b/apps/api/src/services/service_health_failure_notification_policy.py index c94ea3d6..d8484fd7 100644 --- a/apps/api/src/services/service_health_failure_notification_policy.py +++ b/apps/api/src/services/service_health_failure_notification_policy.py @@ -6,7 +6,7 @@ policy defines success-noise suppression, failure/action-required escalation, message redaction, and frontend display limits. It never sends Telegram or AwoooP notifications, writes operator events, probes live systems, restarts services, changes endpoints, triggers workflows, reads secrets, or displays -work-window conversation transcripts. +internal conversation transcripts. """ from __future__ import annotations @@ -220,17 +220,17 @@ def _require_frontend_redaction_contract(payload: dict[str, Any], label: str) -> forbidden = set(contract.get("forbidden_frontend_content") or []) required_forbidden = { - "工作視窗對話內容", - "Codex / user 訊息逐字稿", - "prompt / chain-of-thought", - "session id / browser context", - "secret / token / authorization header", + "內部對話內容", + "Codex / 使用者訊息逐字稿", + "提示詞 / 思考鏈", + "工作階段識別碼 / 瀏覽器脈絡", + "機密 / 權杖 / 授權標頭", } if not required_forbidden.issubset(forbidden): raise ValueError(f"{label}: display_redaction_contract is missing required forbidden content") allowed_fields = set(contract.get("allowed_frontend_fields") or []) - if "committed evidence ref" not in allowed_fields or "policy rule summary" not in allowed_fields: + if "已提交證據參照" not in allowed_fields or "政策規則摘要" not in allowed_fields: raise ValueError(f"{label}: display_redaction_contract must limit frontend to committed policy evidence") diff --git a/apps/api/tests/test_service_health_failure_notification_policy.py b/apps/api/tests/test_service_health_failure_notification_policy.py index 8bca2a77..405cbdca 100644 --- a/apps/api/tests/test_service_health_failure_notification_policy.py +++ b/apps/api/tests/test_service_health_failure_notification_policy.py @@ -180,13 +180,13 @@ def _snapshot( "conversation_transcript_display_allowed": False, "redaction_required": True, "forbidden_frontend_content": [ - "工作視窗對話內容", - "Codex / user 訊息逐字稿", - "prompt / chain-of-thought", - "session id / browser context", - "secret / token / authorization header", + "內部對話內容", + "Codex / 使用者訊息逐字稿", + "提示詞 / 思考鏈", + "工作階段識別碼 / 瀏覽器脈絡", + "機密 / 權杖 / 授權標頭", ], - "allowed_frontend_fields": ["committed evidence ref", "policy rule summary"], + "allowed_frontend_fields": ["已提交證據參照", "政策規則摘要"], }, "agent_roles": [], "operation_boundaries": { diff --git a/apps/api/tests/test_service_health_failure_notification_policy_api.py b/apps/api/tests/test_service_health_failure_notification_policy_api.py index 0739ebc3..bb82be12 100644 --- a/apps/api/tests/test_service_health_failure_notification_policy_api.py +++ b/apps/api/tests/test_service_health_failure_notification_policy_api.py @@ -42,7 +42,7 @@ def test_service_health_failure_notification_policy_endpoint_returns_committed_s assert "work_window_transcript" in data["message_template_contract"]["forbidden_fields"] assert data["display_redaction_contract"]["conversation_transcript_display_allowed"] is False assert data["display_redaction_contract"]["redaction_required"] is True - assert "工作視窗對話內容" in data["display_redaction_contract"]["forbidden_frontend_content"] + assert "內部對話內容" in data["display_redaction_contract"]["forbidden_frontend_content"] assert all( rule["decision"] == "suppress_immediate_success" for rule in data["policy_rules"] diff --git a/docs/evaluations/service_health_failure_notification_policy_2026-06-05.json b/docs/evaluations/service_health_failure_notification_policy_2026-06-05.json index 1abde677..c01dae03 100644 --- a/docs/evaluations/service_health_failure_notification_policy_2026-06-05.json +++ b/docs/evaluations/service_health_failure_notification_policy_2026-06-05.json @@ -281,21 +281,21 @@ "runtime_execution_approved": false }, "display_redaction_contract": { - "frontend_display_policy": "前端只顯示 committed policy evidence、規則摘要與 sanitized message contract;不得顯示內部對話、prompt、session 或 browser context。", + "frontend_display_policy": "前端只顯示已提交政策證據、規則摘要與已脫敏訊息合約;不得顯示內部對話、提示詞、工作階段識別碼或瀏覽器脈絡。", "allowed_frontend_fields": [ - "committed evidence ref", - "policy rule summary", - "decision rollup", - "channel boundary", - "next action", - "blocked operation summary" + "已提交證據參照", + "政策規則摘要", + "決策彙總", + "通道邊界", + "下一步", + "阻擋操作摘要" ], "forbidden_frontend_content": [ - "工作視窗對話內容", - "Codex / user 訊息逐字稿", - "prompt / chain-of-thought", - "session id / browser context", - "secret / token / authorization header" + "內部對話內容", + "Codex / 使用者訊息逐字稿", + "提示詞 / 思考鏈", + "工作階段識別碼 / 瀏覽器脈絡", + "機密 / 權杖 / 授權標頭" ], "conversation_transcript_display_allowed": false, "redaction_required": true