fix(security): 補高價值配置 Gate P0 路徑覆蓋 [skip ci]
This commit is contained in:
@@ -74,6 +74,7 @@
|
||||
| P0-7 | Telegram 批准後執行真相鏈止血 | 100% | no-action approval 不再顯示批准 / 執行中;可執行修復 approval 會寫入 `auto_repair_executions`、KM 與 verifier;下一步補 MCP evidence / PlayBook trust 產生真正修復候選 | 目標 pytest `125 passed`、py_compile、guard、production health、API / worker rollout、production pod classifier readback |
|
||||
| P0-8 | Telegram no-action 人工處置包與操作入口 | 100% | no-action 卡片已新增人工處置包、證據補齊清單、AwoooP 修復候選建立步驟、verifier / KM / PlayBook 回寫提醒,並改成 `處置包`、`重診`、`歷史`、`靜默`、`真相鏈`、`Runs` 鍵盤;舊訊息不 retroactive 改寫 | 目標 pytest `64 passed + 44 passed`、py_compile、guard、production health、API / worker rollout、production pod render / keyboard smoke |
|
||||
| P0-9 | MCP evidence -> PlayBook 修復候選產生 | D5 `88%` | 已補 webhook fallback 先建立 incident,再收 MCP evidence、查 approved PlayBook、檢查 trust / command safety、產生 medium approval candidate 與 verifier plan;D1 追加通用兜底 PlayBook / 診斷型命令不可誤當修復、阻擋理由繁中化;D2 在缺候選時產生 `repair_candidate_draft_package_v1`、`playbook_draft_required`、下一步與必填欄位;D3 新增 `awooop_repair_candidate_draft_work_item_v1` read-only projection 與 Telegram `工作項目` deeplink;D4 讓 AwoooP Work Items 詳細呈現 PlayBook 草案處置板、必填欄位、阻擋原因、下一步、Runs / 審批連結;D5 新增 `repair_candidate_coverage_gap_v1`,讓 blocked result 帶出 coverage key、target kind、blocking stage、必收 MCP evidence refs、PlayBook template fields 與 runtime 0 / false 邊界;下一步要補 MCP tool call/result 詳細證據面與真實告警 approval -> execution -> verifier -> KM / PlayBook 回寫 | 目標 pytest `7 passed`、py_compile、guard、diff check;後續部署後需補 production health、API / worker rollout 與 production pod metadata render smoke;status-chain 後續仍必須看到 tool call、PlayBook id、risk gate、repair candidate、verifier plan |
|
||||
| P0-10 | 高價值配置 Gate path coverage 補強 | 100% | 已將 `k8s/nginx/**`、`scripts/ops/**/*cert*`、`scripts/ops/**/*tls*` 納入 `high-value-config-change-gate.py`,讓 Nginx public gateway 與 DNS / TLS / certbot 既有路徑命中 P0 / C0;owner evidence 仍未提供,runtime execution 仍 false | `high-value-config-change-gate.py` sample:補強後 `changed_files=6 matched=6 categories=3 c0=2 c1=0`;`py_compile`、snapshot JSON parse、progress guard、owner response guard、doc secret sanity、diff check |
|
||||
|
||||
## 3. S4.9 Owner Response Gate 規範
|
||||
|
||||
|
||||
Reference in New Issue
Block a user