diff --git a/apps/api/src/api/v1/agents.py b/apps/api/src/api/v1/agents.py
index 553d2a71..c6f51abc 100644
--- a/apps/api/src/api/v1/agents.py
+++ b/apps/api/src/api/v1/agents.py
@@ -85,6 +85,9 @@ from src.services.ai_agent_live_read_model_gate import (
 from src.services.ai_agent_12_agent_war_room import (
     load_latest_ai_agent_12_agent_war_room,
 )
+from src.services.ai_agent_professional_task_expansion import (
+    load_latest_ai_agent_professional_task_expansion,
+)
 from src.services.ai_agent_matched_playbook_learning_gap import (
     load_latest_ai_agent_matched_playbook_learning_gap,
 )
@@ -760,6 +763,36 @@ async def get_agent_12_agent_war_room() -> dict[str, Any]:
         ) from exc
 
 
+@router.get(
+    "/agent-professional-task-expansion",
+    response_model=dict[str, Any],
+    summary="取得 AI Agent 專業任務擴展與 Telegram Runtime Bridge 快照",
+    description=(
+        "讀取最新已提交的 P2-405A AI Agent 專業任務擴展與 Telegram Runtime Bridge 只讀快照；"
+        "此端點只呈現 OpenClaw、Hermes、NemoTron 與專責 Agent 可承接的專業任務、MCP/RAG、"
+        "風險分層、Telegram no-send preview 與後續 canary gate，"
+        "不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不讀 secret、不執行 production write、"
+        "不改主機、不執行 kubectl。"
+    ),
+)
+async def get_agent_professional_task_expansion() -> dict[str, Any]:
+    """回傳最新 AI Agent 專業任務擴展與 Telegram Runtime Bridge 只讀快照。"""
+    try:
+        payload = await asyncio.to_thread(load_latest_ai_agent_professional_task_expansion)
+        return redact_public_lan_topology(payload)
+    except FileNotFoundError as exc:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=str(exc),
+        ) from exc
+    except (json.JSONDecodeError, ValueError) as exc:
+        logger.error("ai_agent_professional_task_expansion_invalid", error=str(exc))
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="AI Agent 專業任務擴展與 Telegram Runtime Bridge 快照無效",
+        ) from exc
+
+
 @router.get(
     "/agent-communication-learning-contract",
     response_model=dict[str, Any],
diff --git a/apps/api/src/services/ai_agent_professional_task_expansion.py b/apps/api/src/services/ai_agent_professional_task_expansion.py
new file mode 100644
index 00000000..da658fcc
--- /dev/null
+++ b/apps/api/src/services/ai_agent_professional_task_expansion.py
@@ -0,0 +1,241 @@
+"""
+AI Agent professional task expansion and Telegram runtime bridge snapshot.
+
+Loads the latest committed P2-405A read-only contract. The contract expands
+professional AI Agent work and defines Telegram bridge stages, but it does not
+write Telegram Gateway queues, send Telegram messages, call the Bot API, read
+secrets, or execute production changes.
+"""
+
+from __future__ import annotations
+
+import copy
+import json
+from pathlib import Path
+from typing import Any
+
+from src.services.snapshot_paths import default_evaluations_dir
+
+_DEFAULT_EVALUATIONS_DIR = default_evaluations_dir(Path(__file__))
+_SNAPSHOT_PATTERN = "ai_agent_professional_task_expansion_*.json"
+_SCHEMA_VERSION = "ai_agent_professional_task_expansion_v1"
+_RUNTIME_AUTHORITY = "professional_task_expansion_and_telegram_bridge_read_only_no_send"
+_EXPECTED_TASK_COUNT = 24
+_EXPECTED_DOMAIN_COUNT = 8
+_EXPECTED_STAGE_COUNT = 5
+_EXPECTED_MESSAGE_TYPE_COUNT = 6
+_ZERO_ROLLUP_FIELDS = {
+    "current_live_count",
+    "gateway_queue_write_count",
+    "telegram_send_count",
+    "bot_api_call_count",
+    "delivery_receipt_write_count",
+    "production_write_count",
+    "secret_read_count",
+    "paid_api_call_count",
+    "host_write_count",
+    "kubectl_action_count",
+}
+_FORBIDDEN_PUBLIC_TERMS = {
+    "work_window_transcript",
+    "raw prompt",
+    "private reasoning",
+    "chain-of-thought",
+    "telegram token",
+    "authorization header",
+    "secret value",
+}
+
+
+def load_latest_ai_agent_professional_task_expansion(
+    evaluations_dir: Path | None = None,
+) -> dict[str, Any]:
+    """Load the newest committed AI Agent professional task expansion snapshot."""
+    directory = evaluations_dir or _DEFAULT_EVALUATIONS_DIR
+    candidates = sorted(directory.glob(_SNAPSHOT_PATTERN))
+    if not candidates:
+        raise FileNotFoundError(
+            f"no AI Agent professional task expansion snapshots found in {directory}"
+        )
+
+    latest = candidates[-1]
+    with latest.open(encoding="utf-8") as handle:
+        payload = json.load(handle)
+
+    if not isinstance(payload, dict):
+        raise ValueError(f"{latest}: expected JSON object")
+
+    label = str(latest)
+    _require_schema(payload, label)
+    _require_telegram_bridge(payload, label)
+    _require_professional_tasks(payload, label)
+    _require_reporting_and_redaction(payload, label)
+    _require_rollups(payload, label)
+    _require_no_forbidden_public_terms(payload, label)
+    return payload
+
+
+def _require_schema(payload: dict[str, Any], label: str) -> None:
+    if payload.get("schema_version") != _SCHEMA_VERSION:
+        raise ValueError(f"{label}: expected schema_version={_SCHEMA_VERSION}")
+
+    status = payload.get("program_status") or {}
+    expected = {
+        "current_priority": "P2",
+        "current_task_id": "P2-405A",
+        "next_task_id": "P2-405B",
+        "read_only_mode": True,
+        "runtime_authority": _RUNTIME_AUTHORITY,
+        "overall_completion_percent": 82,
+    }
+    mismatches = _mismatches(status, expected)
+    if mismatches:
+        raise ValueError(f"{label}: program_status mismatch: {mismatches}")
+    if not status.get("status_note"):
+        raise ValueError(f"{label}: program_status.status_note is required")
+
+
+def _require_telegram_bridge(payload: dict[str, Any], label: str) -> None:
+    bridge = payload.get("telegram_runtime_bridge") or {}
+    expected = {
+        "canonical_room": "AwoooI SRE 戰情室",
+        "canonical_room_env": "SRE_GROUP_CHAT_ID",
+        "gateway_required": True,
+        "no_send_preview_ready": True,
+        "queue_preview_readback_ready": True,
+        "approved_canary_required": True,
+        "direct_bot_api_allowed": False,
+        "bot_api_call_enabled": False,
+        "gateway_queue_write_enabled": False,
+        "telegram_send_enabled": False,
+        "delivery_receipt_write_enabled": False,
+    }
+    mismatches = _mismatches(bridge, expected)
+    if mismatches:
+        raise ValueError(f"{label}: telegram_runtime_bridge mismatch: {mismatches}")
+
+    stages = bridge.get("stages") or []
+    if len(stages) != _EXPECTED_STAGE_COUNT:
+        raise ValueError(f"{label}: expected {_EXPECTED_STAGE_COUNT} Telegram stages")
+    if any(stage.get("live_send_enabled") is not False for stage in stages):
+        raise ValueError(f"{label}: Telegram stages must keep live_send_enabled false")
+
+    message_types = bridge.get("message_types") or []
+    if len(message_types) != _EXPECTED_MESSAGE_TYPE_COUNT:
+        raise ValueError(f"{label}: expected {_EXPECTED_MESSAGE_TYPE_COUNT} message types")
+
+
+def _require_professional_tasks(payload: dict[str, Any], label: str) -> None:
+    domains = payload.get("professional_task_domains") or []
+    if len(domains) != _EXPECTED_DOMAIN_COUNT:
+        raise ValueError(f"{label}: expected {_EXPECTED_DOMAIN_COUNT} professional task domains")
+    domain_ids = {domain.get("domain_id") for domain in domains}
+
+    tasks = payload.get("professional_tasks") or []
+    if len(tasks) != _EXPECTED_TASK_COUNT:
+        raise ValueError(f"{label}: expected {_EXPECTED_TASK_COUNT} professional tasks")
+
+    task_ids = [task.get("task_id") for task in tasks]
+    if len(set(task_ids)) != len(task_ids):
+        raise ValueError(f"{label}: task_id values must be unique")
+
+    owners = {task.get("owner_agent") for task in tasks}
+    required_owners = {
+        "openclaw",
+        "hermes",
+        "nemotron",
+        "telegram_ops_liaison",
+        "security_sentinel",
+        "sre_sentinel",
+        "devops_commander",
+    }
+    if not required_owners.issubset(owners):
+        raise ValueError(f"{label}: professional tasks must include owners {sorted(required_owners)}")
+
+    for task in tasks:
+        task_id = task.get("task_id")
+        if task.get("domain_id") not in domain_ids:
+            raise ValueError(f"{label}: {task_id}.domain_id must reference a known domain")
+        if task.get("current_live_count_24h") != 0:
+            raise ValueError(f"{label}: {task_id}.current_live_count_24h must remain zero")
+        if not task.get("required_mcp"):
+            raise ValueError(f"{label}: {task_id}.required_mcp must not be empty")
+        if not task.get("required_rag"):
+            raise ValueError(f"{label}: {task_id}.required_rag must not be empty")
+        if not task.get("blocked_actions"):
+            raise ValueError(f"{label}: {task_id}.blocked_actions must not be empty")
+
+        risk = task.get("risk_tier")
+        if risk in {"high", "critical"} and task.get("approval_required") is not True:
+            raise ValueError(f"{label}: {task_id} high/critical tasks must require approval")
+        if risk == "critical" and task.get("automation_mode") not in {
+            "approval_required_before_execution",
+            "blocked_until_owner_response",
+        }:
+            raise ValueError(f"{label}: {task_id} critical tasks must stay approval/blocker gated")
+
+
+def _require_reporting_and_redaction(payload: dict[str, Any], label: str) -> None:
+    reporting = payload.get("reporting_contract") or {}
+    for cadence in ("daily", "weekly", "monthly", "action_required"):
+        if (reporting.get(cadence) or {}).get("required") is not True:
+            raise ValueError(f"{label}: reporting_contract.{cadence}.required must be true")
+
+    redaction = payload.get("redaction_contract") or {}
+    expected = {
+        "redaction_required": True,
+        "conversation_transcript_display_allowed": False,
+        "raw_prompt_display_allowed": False,
+        "private_reasoning_display_allowed": False,
+        "secret_value_display_allowed": False,
+        "raw_runtime_payload_display_allowed": False,
+        "telegram_message_must_be_sanitized": True,
+    }
+    mismatches = _mismatches(redaction, expected)
+    if mismatches:
+        raise ValueError(f"{label}: redaction_contract mismatch: {mismatches}")
+
+
+def _require_rollups(payload: dict[str, Any], label: str) -> None:
+    rollups = payload.get("rollups") or {}
+    tasks = payload.get("professional_tasks") or []
+    domains = payload.get("professional_task_domains") or []
+    bridge = payload.get("telegram_runtime_bridge") or {}
+
+    expected = {
+        "professional_task_count": len(tasks),
+        "domain_count": len(domains),
+        "telegram_stage_count": len(bridge.get("stages") or []),
+        "telegram_message_type_count": len(bridge.get("message_types") or []),
+        "approval_required_count": sum(1 for task in tasks if task.get("approval_required") is True),
+        "low_risk_task_count": sum(1 for task in tasks if task.get("risk_tier") == "low"),
+        "medium_risk_task_count": sum(1 for task in tasks if task.get("risk_tier") == "medium"),
+        "high_risk_task_count": sum(1 for task in tasks if task.get("risk_tier") == "high"),
+        "critical_risk_task_count": sum(1 for task in tasks if task.get("risk_tier") == "critical"),
+    }
+    mismatches = _mismatches(rollups, expected)
+    if mismatches:
+        raise ValueError(f"{label}: rollups mismatch: {mismatches}")
+
+    for field in _ZERO_ROLLUP_FIELDS:
+        if rollups.get(field) != 0:
+            raise ValueError(f"{label}: rollups.{field} must remain zero")
+
+
+def _require_no_forbidden_public_terms(payload: dict[str, Any], label: str) -> None:
+    scrubbed = copy.deepcopy(payload)
+    redaction = scrubbed.get("redaction_contract")
+    if isinstance(redaction, dict):
+        redaction["forbidden_terms"] = []
+    public_text = json.dumps(scrubbed, ensure_ascii=False).lower()
+    leaked = sorted(term for term in _FORBIDDEN_PUBLIC_TERMS if term.lower() in public_text)
+    if leaked:
+        raise ValueError(f"{label}: forbidden public terms leaked: {leaked}")
+
+
+def _mismatches(payload: dict[str, Any], expected: dict[str, Any]) -> dict[str, dict[str, Any]]:
+    return {
+        key: {"expected": expected_value, "actual": payload.get(key)}
+        for key, expected_value in expected.items()
+        if payload.get(key) != expected_value
+    }
diff --git a/apps/api/tests/test_ai_agent_professional_task_expansion.py b/apps/api/tests/test_ai_agent_professional_task_expansion.py
new file mode 100644
index 00000000..d20c6430
--- /dev/null
+++ b/apps/api/tests/test_ai_agent_professional_task_expansion.py
@@ -0,0 +1,126 @@
+from __future__ import annotations
+
+import copy
+import json
+import os
+from pathlib import Path
+
+import pytest
+
+os.environ.setdefault("DATABASE_URL", "postgresql+asyncpg://test:test@localhost/test")
+
+from src.services.ai_agent_professional_task_expansion import (
+    load_latest_ai_agent_professional_task_expansion,
+)
+
+
+def test_load_latest_ai_agent_professional_task_expansion_snapshot() -> None:
+    snapshot = load_latest_ai_agent_professional_task_expansion()
+
+    assert snapshot["schema_version"] == "ai_agent_professional_task_expansion_v1"
+    assert snapshot["program_status"]["current_task_id"] == "P2-405A"
+    assert snapshot["program_status"]["next_task_id"] == "P2-405B"
+    assert snapshot["program_status"]["overall_completion_percent"] == 82
+    assert snapshot["program_status"]["runtime_authority"] == (
+        "professional_task_expansion_and_telegram_bridge_read_only_no_send"
+    )
+
+    bridge = snapshot["telegram_runtime_bridge"]
+    assert bridge["canonical_room"] == "AwoooI SRE 戰情室"
+    assert bridge["canonical_room_env"] == "SRE_GROUP_CHAT_ID"
+    assert bridge["no_send_preview_ready"] is True
+    assert bridge["queue_preview_readback_ready"] is True
+    assert bridge["direct_bot_api_allowed"] is False
+    assert bridge["bot_api_call_enabled"] is False
+    assert bridge["gateway_queue_write_enabled"] is False
+    assert bridge["telegram_send_enabled"] is False
+    assert len(bridge["stages"]) == 5
+    assert len(bridge["message_types"]) == 6
+
+    rollups = snapshot["rollups"]
+    assert rollups["professional_task_count"] == 24
+    assert rollups["domain_count"] == 8
+    assert rollups["telegram_stage_count"] == 5
+    assert rollups["telegram_message_type_count"] == 6
+    assert rollups["approval_required_count"] == 19
+    assert rollups["low_risk_task_count"] == 3
+    assert rollups["medium_risk_task_count"] == 10
+    assert rollups["high_risk_task_count"] == 6
+    assert rollups["critical_risk_task_count"] == 5
+    assert rollups["current_live_count"] == 0
+    assert rollups["gateway_queue_write_count"] == 0
+    assert rollups["telegram_send_count"] == 0
+    assert rollups["bot_api_call_count"] == 0
+    assert rollups["delivery_receipt_write_count"] == 0
+    assert rollups["production_write_count"] == 0
+    assert rollups["secret_read_count"] == 0
+    assert rollups["paid_api_call_count"] == 0
+    assert rollups["host_write_count"] == 0
+    assert rollups["kubectl_action_count"] == 0
+
+
+def test_professional_tasks_cover_required_agents_and_reporting() -> None:
+    snapshot = load_latest_ai_agent_professional_task_expansion()
+
+    owners = {task["owner_agent"] for task in snapshot["professional_tasks"]}
+    assert {
+        "openclaw",
+        "hermes",
+        "nemotron",
+        "telegram_ops_liaison",
+        "security_sentinel",
+        "sre_sentinel",
+        "devops_commander",
+    }.issubset(owners)
+
+    assert snapshot["reporting_contract"]["daily"]["required"] is True
+    assert snapshot["reporting_contract"]["weekly"]["required"] is True
+    assert snapshot["reporting_contract"]["monthly"]["required"] is True
+    assert snapshot["reporting_contract"]["action_required"]["required"] is True
+    assert snapshot["redaction_contract"]["conversation_transcript_display_allowed"] is False
+    assert snapshot["redaction_contract"]["raw_prompt_display_allowed"] is False
+    assert snapshot["redaction_contract"]["private_reasoning_display_allowed"] is False
+    assert snapshot["redaction_contract"]["secret_value_display_allowed"] is False
+
+
+def test_rejects_telegram_send_enabled(tmp_path: Path) -> None:
+    snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion())
+    snapshot["telegram_runtime_bridge"]["telegram_send_enabled"] = True
+    _write_snapshot(tmp_path, snapshot)
+
+    with pytest.raises(ValueError, match="telegram_runtime_bridge mismatch"):
+        load_latest_ai_agent_professional_task_expansion(tmp_path)
+
+
+def test_rejects_gateway_queue_write_count(tmp_path: Path) -> None:
+    snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion())
+    snapshot["rollups"]["gateway_queue_write_count"] = 1
+    _write_snapshot(tmp_path, snapshot)
+
+    with pytest.raises(ValueError, match="must remain zero"):
+        load_latest_ai_agent_professional_task_expansion(tmp_path)
+
+
+def test_rejects_high_risk_without_approval(tmp_path: Path) -> None:
+    snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion())
+    high_task = next(task for task in snapshot["professional_tasks"] if task["risk_tier"] == "high")
+    high_task["approval_required"] = False
+    snapshot["rollups"]["approval_required_count"] -= 1
+    _write_snapshot(tmp_path, snapshot)
+
+    with pytest.raises(ValueError, match="high/critical tasks must require approval"):
+        load_latest_ai_agent_professional_task_expansion(tmp_path)
+
+
+def test_rejects_forbidden_public_terms_outside_policy_list(tmp_path: Path) -> None:
+    snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion())
+    snapshot["professional_tasks"][0]["title"] = "raw prompt leakage candidate"
+    _write_snapshot(tmp_path, snapshot)
+
+    with pytest.raises(ValueError, match="forbidden public terms leaked"):
+        load_latest_ai_agent_professional_task_expansion(tmp_path)
+
+
+def _write_snapshot(directory: Path, payload: dict) -> None:
+    path = directory / "ai_agent_professional_task_expansion_2099-01-01.json"
+    path.write_text(json.dumps(payload, ensure_ascii=False), encoding="utf-8")
diff --git a/apps/api/tests/test_ai_agent_professional_task_expansion_api.py b/apps/api/tests/test_ai_agent_professional_task_expansion_api.py
new file mode 100644
index 00000000..28d1fa2f
--- /dev/null
+++ b/apps/api/tests/test_ai_agent_professional_task_expansion_api.py
@@ -0,0 +1,39 @@
+from __future__ import annotations
+
+import os
+
+from fastapi.testclient import TestClient
+
+os.environ.setdefault("DATABASE_URL", "postgresql+asyncpg://test:test@localhost/test")
+
+from src.main import app
+
+
+def test_ai_agent_professional_task_expansion_endpoint() -> None:
+    client = TestClient(app)
+
+    response = client.get("/api/v1/agents/agent-professional-task-expansion")
+
+    assert response.status_code == 200
+    payload = response.json()
+    assert payload["schema_version"] == "ai_agent_professional_task_expansion_v1"
+    assert payload["program_status"]["current_task_id"] == "P2-405A"
+    assert payload["program_status"]["next_task_id"] == "P2-405B"
+    assert payload["program_status"]["overall_completion_percent"] == 82
+    assert payload["program_status"]["runtime_authority"] == (
+        "professional_task_expansion_and_telegram_bridge_read_only_no_send"
+    )
+    assert payload["telegram_runtime_bridge"]["canonical_room"] == "AwoooI SRE 戰情室"
+    assert payload["telegram_runtime_bridge"]["direct_bot_api_allowed"] is False
+    assert payload["telegram_runtime_bridge"]["gateway_queue_write_enabled"] is False
+    assert payload["telegram_runtime_bridge"]["telegram_send_enabled"] is False
+    assert payload["telegram_runtime_bridge"]["bot_api_call_enabled"] is False
+    assert payload["rollups"]["professional_task_count"] == 24
+    assert payload["rollups"]["domain_count"] == 8
+    assert payload["rollups"]["approval_required_count"] == 19
+    assert payload["rollups"]["high_risk_task_count"] == 6
+    assert payload["rollups"]["critical_risk_task_count"] == 5
+    assert payload["rollups"]["gateway_queue_write_count"] == 0
+    assert payload["rollups"]["telegram_send_count"] == 0
+    assert payload["rollups"]["bot_api_call_count"] == 0
+    assert payload["rollups"]["production_write_count"] == 0
diff --git a/apps/web/messages/en.json b/apps/web/messages/en.json
index e6da4568..48c5bf1e 100644
--- a/apps/web/messages/en.json
+++ b/apps/web/messages/en.json
@@ -6447,6 +6447,43 @@
           "monthly": "月報"
         }
       },
+      "professionalTaskExpansion": {
+        "title": "P2-405A AI Agent 專業任務擴展",
+        "source": "產生 {generated}；目前 {current}；下一步 {next}",
+        "runtime": "runtime={value}",
+        "telegramTitle": "Telegram Runtime Bridge",
+        "redactionTitle": "脫敏與實發邊界",
+        "tasksTitle": "首批專業任務",
+        "metrics": {
+          "overall": "契約進度",
+          "tasks": "專業任務",
+          "domains": "任務領域",
+          "telegramStages": "TG bridge",
+          "messageTypes": "訊息類型",
+          "approvals": "需批准",
+          "highCritical": "高風險 / critical",
+          "liveWrites": "live / send / write"
+        },
+        "labels": {
+          "gateway": "Gateway required={value}",
+          "noSend": "no-send preview={value}",
+          "queuePreview": "queue preview={value}",
+          "directBot": "direct Bot API={value}",
+          "send": "Telegram send={value}",
+          "redaction": "脫敏鎖定={value}",
+          "gatewayWrites": "Gateway 寫入={value}",
+          "botCalls": "Bot API={value}",
+          "productionWrites": "正式寫入={value}",
+          "approval": "需批准={value}",
+          "liveCount": "live={value}"
+        },
+        "riskTiers": {
+          "low": "低風險",
+          "medium": "中風險",
+          "high": "高風險",
+          "critical": "Critical"
+        }
+      },
       "resultCaptureReleaseVerifierOwnerReviewPacket": {
         "title": "P2-137 釋出驗證器負責人審查包",
         "source": "產生 {generated}；目前 {current}；下一步 {next}",
diff --git a/apps/web/messages/zh-TW.json b/apps/web/messages/zh-TW.json
index e6da4568..48c5bf1e 100644
--- a/apps/web/messages/zh-TW.json
+++ b/apps/web/messages/zh-TW.json
@@ -6447,6 +6447,43 @@
           "monthly": "月報"
         }
       },
+      "professionalTaskExpansion": {
+        "title": "P2-405A AI Agent 專業任務擴展",
+        "source": "產生 {generated}；目前 {current}；下一步 {next}",
+        "runtime": "runtime={value}",
+        "telegramTitle": "Telegram Runtime Bridge",
+        "redactionTitle": "脫敏與實發邊界",
+        "tasksTitle": "首批專業任務",
+        "metrics": {
+          "overall": "契約進度",
+          "tasks": "專業任務",
+          "domains": "任務領域",
+          "telegramStages": "TG bridge",
+          "messageTypes": "訊息類型",
+          "approvals": "需批准",
+          "highCritical": "高風險 / critical",
+          "liveWrites": "live / send / write"
+        },
+        "labels": {
+          "gateway": "Gateway required={value}",
+          "noSend": "no-send preview={value}",
+          "queuePreview": "queue preview={value}",
+          "directBot": "direct Bot API={value}",
+          "send": "Telegram send={value}",
+          "redaction": "脫敏鎖定={value}",
+          "gatewayWrites": "Gateway 寫入={value}",
+          "botCalls": "Bot API={value}",
+          "productionWrites": "正式寫入={value}",
+          "approval": "需批准={value}",
+          "liveCount": "live={value}"
+        },
+        "riskTiers": {
+          "low": "低風險",
+          "medium": "中風險",
+          "high": "高風險",
+          "critical": "Critical"
+        }
+      },
       "resultCaptureReleaseVerifierOwnerReviewPacket": {
         "title": "P2-137 釋出驗證器負責人審查包",
         "source": "產生 {generated}；目前 {current}；下一步 {next}",
diff --git a/apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx b/apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx
index c6ab801b..5d0e9649 100644
--- a/apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx
+++ b/apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx
@@ -41,6 +41,7 @@ import { redactPublicIdentifier } from '@/lib/public-security-redaction'
 import {
   apiClient,
   type AiAgent12AgentWarRoomSnapshot,
+  type AiAgentProfessionalTaskExpansionSnapshot,
   type AiAgentCandidateOperationDryRunEvidenceSnapshot,
   type AiAgentCriticReviewerResultCaptureSnapshot,
   type AiAgentDeploymentLayoutSnapshot,
@@ -463,6 +464,7 @@ export function AutomationInventoryTab() {
   const [providerRouteMatrix, setProviderRouteMatrix] = useState<AiProviderRouteMatrixSnapshot | null>(null)
   const [deploymentLayout, setDeploymentLayout] = useState<AiAgentDeploymentLayoutSnapshot | null>(null)
   const [warRoom, setWarRoom] = useState<AiAgent12AgentWarRoomSnapshot | null>(null)
+  const [professionalTaskExpansion, setProfessionalTaskExpansion] = useState<AiAgentProfessionalTaskExpansionSnapshot | null>(null)
   const [proactiveOperations, setProactiveOperations] = useState<AiAgentProactiveOperationsContractSnapshot | null>(null)
   const [interactionLearningProof, setInteractionLearningProof] = useState<AiAgentInteractionLearningProofSnapshot | null>(null)
   const [liveReadModelGate, setLiveReadModelGate] = useState<AiAgentLiveReadModelGateSnapshot | null>(null)
@@ -545,6 +547,7 @@ export function AutomationInventoryTab() {
       apiClient.getAiProviderRouteMatrix(),
       apiClient.getAiAgentDeploymentLayout(),
       apiClient.getAiAgent12AgentWarRoom(),
+      apiClient.getAiAgentProfessionalTaskExpansion(),
       apiClient.getAiAgentProactiveOperationsContract(),
       apiClient.getAiAgentInteractionLearningProof(),
       apiClient.getAiAgentLiveReadModelGate(),
@@ -626,6 +629,7 @@ export function AutomationInventoryTab() {
           providerRouteMatrixResult,
           deploymentLayoutResult,
           warRoomResult,
+          professionalTaskExpansionResult,
           proactiveOperationsResult,
           interactionLearningProofResult,
           liveReadModelGateResult,
@@ -704,6 +708,7 @@ export function AutomationInventoryTab() {
         setProviderRouteMatrix(providerRouteMatrixResult.status === 'fulfilled' ? providerRouteMatrixResult.value : null)
         setDeploymentLayout(deploymentLayoutResult.status === 'fulfilled' ? deploymentLayoutResult.value : null)
         setWarRoom(warRoomResult.status === 'fulfilled' ? warRoomResult.value : null)
+        setProfessionalTaskExpansion(professionalTaskExpansionResult.status === 'fulfilled' ? professionalTaskExpansionResult.value : null)
         setProactiveOperations(proactiveOperationsResult.status === 'fulfilled' ? proactiveOperationsResult.value : null)
         setInteractionLearningProof(interactionLearningProofResult.status === 'fulfilled' ? interactionLearningProofResult.value : null)
         setLiveReadModelGate(liveReadModelGateResult.status === 'fulfilled' ? liveReadModelGateResult.value : null)
@@ -780,6 +785,7 @@ export function AutomationInventoryTab() {
           providerRouteMatrixResult,
           deploymentLayoutResult,
           warRoomResult,
+          professionalTaskExpansionResult,
           proactiveOperationsResult,
           interactionLearningProofResult,
           liveReadModelGateResult,
@@ -2094,7 +2100,7 @@ export function AutomationInventoryTab() {
     )
   }
 
-  if (error || !snapshot || !backlog || !backupTargets || !backupReadiness || !backupPolicy || !offsiteEscrow || !giteaHealth || !observabilityMatrix || !providerRouteMatrix || !deploymentLayout || !warRoom || !proactiveOperations || !interactionLearningProof || !liveReadModelGate || !redisDryRunGate || !learningWritebackPackage || !telegramReceiptPackage || !ownerApprovedLearningDryRun || !runtimeWriteGateReview || !postWriteVerifierPackage || !runtimeVerifierEvidenceReview || !reportAutomationReview || !reportStatusBoard || !reportRuntimeReadiness || !reportRuntimeDryRun || !reportRuntimeFixtureReadback || !runtimeWorkerShadowGate || !operationPermissionModel || !candidateOperationDryRunEvidence || !taskResultAuditTrail || !matchedPlaybookLearningGap || !criticReviewerResultCapture || !ownerApprovedResultCaptureDryRun || !ownerApprovedResultCaptureReadback || !runtimeReadbackApprovalPackage || !runtimeReadbackImplementationReview || !reportLiveDeliveryApprovalPackage || !runtimeReadbackFixtureApproval || !runtimeReadbackPromotionGate || !ownerApprovedFixturePromotionGate || !canonicalRuntimeReadbackOwnerAcceptance || !failureReceiptNoSendReplay || !reviewerQueueNoWriteReadback || !resultCaptureNoWriteReadback || !resultCapturePromotionApprovalGate || !ownerApprovedResultCapturePromotionDryRun || !resultCaptureWriteGateReview || !resultCaptureWriterImplementationReview || !resultCaptureWriterDryRunFixture || !resultCaptureWriterDryRunReadback || !resultCaptureOwnerPromotionReview || !resultCaptureOwnerApprovedExecutionRehearsal || !resultCaptureOwnerAcceptanceMaintenanceGate || !resultCaptureOwnerAcceptanceReadbackPreflightHold || !resultCaptureOwnerApprovedPreflightReleasePackage || !resultCaptureOwnerApprovedReleaseReadinessReadback || !resultCaptureOwnerReleaseApprovalGate || !resultCapturePostReleaseVerifierRollbackGate || !resultCaptureFinalReleaseCandidateReadback || !resultCaptureReleaseAuthorizationHold || !resultCaptureReleaseAuthorizationReadbackGate || !resultCaptureReleaseVerifierPreflightGate || !resultCaptureReleaseVerifierOwnerReviewPacket || !resultCaptureReleaseDecisionHold || !resultCaptureReleaseDecisionReadback || !resultCaptureReleaseDecisionNextHandoff || !resultCaptureReleaseDecisionInputPrep || !resultCaptureReleaseDecisionOwnerResponsePreflight || !resultCaptureReleaseDecisionOwnerResponseReadback || !resultCaptureReleaseDecisionOwnerResponseAcceptanceGate || !reportTruthActionabilityReview || !ownerDryRunPackage || !hostStatefulInventory || !serviceHealthGapMatrix || !serviceHealthNotificationPolicy) {
+  if (error || !snapshot || !backlog || !backupTargets || !backupReadiness || !backupPolicy || !offsiteEscrow || !giteaHealth || !observabilityMatrix || !providerRouteMatrix || !deploymentLayout || !warRoom || !professionalTaskExpansion || !proactiveOperations || !interactionLearningProof || !liveReadModelGate || !redisDryRunGate || !learningWritebackPackage || !telegramReceiptPackage || !ownerApprovedLearningDryRun || !runtimeWriteGateReview || !postWriteVerifierPackage || !runtimeVerifierEvidenceReview || !reportAutomationReview || !reportStatusBoard || !reportRuntimeReadiness || !reportRuntimeDryRun || !reportRuntimeFixtureReadback || !runtimeWorkerShadowGate || !operationPermissionModel || !candidateOperationDryRunEvidence || !taskResultAuditTrail || !matchedPlaybookLearningGap || !criticReviewerResultCapture || !ownerApprovedResultCaptureDryRun || !ownerApprovedResultCaptureReadback || !runtimeReadbackApprovalPackage || !runtimeReadbackImplementationReview || !reportLiveDeliveryApprovalPackage || !runtimeReadbackFixtureApproval || !runtimeReadbackPromotionGate || !ownerApprovedFixturePromotionGate || !canonicalRuntimeReadbackOwnerAcceptance || !failureReceiptNoSendReplay || !reviewerQueueNoWriteReadback || !resultCaptureNoWriteReadback || !resultCapturePromotionApprovalGate || !ownerApprovedResultCapturePromotionDryRun || !resultCaptureWriteGateReview || !resultCaptureWriterImplementationReview || !resultCaptureWriterDryRunFixture || !resultCaptureWriterDryRunReadback || !resultCaptureOwnerPromotionReview || !resultCaptureOwnerApprovedExecutionRehearsal || !resultCaptureOwnerAcceptanceMaintenanceGate || !resultCaptureOwnerAcceptanceReadbackPreflightHold || !resultCaptureOwnerApprovedPreflightReleasePackage || !resultCaptureOwnerApprovedReleaseReadinessReadback || !resultCaptureOwnerReleaseApprovalGate || !resultCapturePostReleaseVerifierRollbackGate || !resultCaptureFinalReleaseCandidateReadback || !resultCaptureReleaseAuthorizationHold || !resultCaptureReleaseAuthorizationReadbackGate || !resultCaptureReleaseVerifierPreflightGate || !resultCaptureReleaseVerifierOwnerReviewPacket || !resultCaptureReleaseDecisionHold || !resultCaptureReleaseDecisionReadback || !resultCaptureReleaseDecisionNextHandoff || !resultCaptureReleaseDecisionInputPrep || !resultCaptureReleaseDecisionOwnerResponsePreflight || !resultCaptureReleaseDecisionOwnerResponseReadback || !resultCaptureReleaseDecisionOwnerResponseAcceptanceGate || !reportTruthActionabilityReview || !ownerDryRunPackage || !hostStatefulInventory || !serviceHealthGapMatrix || !serviceHealthNotificationPolicy) {
     return (
       <div style={{ padding: 20 }}>
         <GlassCard variant="subtle" padding="lg">
@@ -3666,6 +3672,34 @@ export function AutomationInventoryTab() {
     warRoom.display_redaction_contract.conversation_transcript_display_allowed === false
     && warRoom.display_redaction_contract.redaction_required === true
   )
+  const professionalTaskOverall = professionalTaskExpansion.program_status.overall_completion_percent
+  const professionalTaskTotal = professionalTaskExpansion.rollups.professional_task_count
+  const professionalTaskDomains = professionalTaskExpansion.rollups.domain_count
+  const professionalTaskTelegramStages = professionalTaskExpansion.rollups.telegram_stage_count
+  const professionalTaskMessageTypes = professionalTaskExpansion.rollups.telegram_message_type_count
+  const professionalTaskApprovals = professionalTaskExpansion.rollups.approval_required_count
+  const professionalTaskHighCritical = (
+    professionalTaskExpansion.rollups.high_risk_task_count
+    + professionalTaskExpansion.rollups.critical_risk_task_count
+  )
+  const professionalTaskLiveWrites = (
+    professionalTaskExpansion.rollups.current_live_count
+    + professionalTaskExpansion.rollups.gateway_queue_write_count
+    + professionalTaskExpansion.rollups.telegram_send_count
+    + professionalTaskExpansion.rollups.bot_api_call_count
+    + professionalTaskExpansion.rollups.delivery_receipt_write_count
+    + professionalTaskExpansion.rollups.production_write_count
+    + professionalTaskExpansion.rollups.secret_read_count
+    + professionalTaskExpansion.rollups.paid_api_call_count
+    + professionalTaskExpansion.rollups.host_write_count
+    + professionalTaskExpansion.rollups.kubectl_action_count
+  )
+  const professionalTaskRedactionLocked = (
+    professionalTaskExpansion.redaction_contract.conversation_transcript_display_allowed === false
+    && professionalTaskExpansion.redaction_contract.telegram_message_must_be_sanitized === true
+    && professionalTaskExpansion.redaction_contract.redaction_required === true
+  )
+  const visibleProfessionalTasks = professionalTaskExpansion.professional_tasks.slice(0, 8)
   const backlogProgressPercent = backlog.progress_summary.overall_percent
   const explicitApprovalItemCount = backlog.item_approval_boundary_rollup.items_requiring_explicit_approval.length
   const taskBoundaryCount = snapshot.task_approval_boundary_rollup.total_tasks
@@ -4052,6 +4086,98 @@ export function AutomationInventoryTab() {
         </div>
       </GlassCard>
 
+      <GlassCard variant="subtle" padding="md">
+        <div style={{ display: 'flex', flexDirection: 'column', gap: 13, minWidth: 0 }}>
+          <div style={{ display: 'flex', alignItems: 'center', justifyContent: 'space-between', gap: 12, flexWrap: 'wrap' }}>
+            <div style={{ display: 'flex', alignItems: 'center', gap: 8, minWidth: 0 }}>
+              <Boxes size={15} style={{ color: '#176d8a' }} />
+              <span style={{ fontFamily: 'Syne, sans-serif', fontSize: 14, fontWeight: 700, color: '#141413' }}>
+                {t('professionalTaskExpansion.title')}
+              </span>
+            </div>
+            <div style={{ display: 'flex', flexWrap: 'wrap', gap: 6, justifyContent: 'flex-end' }}>
+              <Chip
+                value={t('professionalTaskExpansion.source', {
+                  generated: formatDateTime(professionalTaskExpansion.generated_at),
+                  current: professionalTaskExpansion.program_status.current_task_id,
+                  next: professionalTaskExpansion.program_status.next_task_id,
+                })}
+                muted
+              />
+              <Chip value={t('professionalTaskExpansion.runtime', { value: professionalTaskExpansion.program_status.runtime_authority })} muted />
+            </div>
+          </div>
+
+          <p style={{ margin: 0, fontFamily: "'DM Mono', monospace", fontSize: 11, lineHeight: 1.55, color: '#5c5a55', overflowWrap: 'anywhere' }}>
+            {professionalTaskExpansion.program_status.status_note}
+          </p>
+
+          <div style={{ display: 'grid', gridTemplateColumns: 'repeat(auto-fit, minmax(128px, 1fr))', gap: 10 }} className="automation-inventory-live-read-kpi-grid">
+            <MetricCard label={t('professionalTaskExpansion.metrics.overall')} value={`${professionalTaskOverall}%`} tone="warn" icon={<Gauge size={16} />} />
+            <MetricCard label={t('professionalTaskExpansion.metrics.tasks')} value={professionalTaskTotal} tone="neutral" icon={<Boxes size={16} />} />
+            <MetricCard label={t('professionalTaskExpansion.metrics.domains')} value={professionalTaskDomains} tone="neutral" icon={<Layers3 size={16} />} />
+            <MetricCard label={t('professionalTaskExpansion.metrics.telegramStages')} value={professionalTaskTelegramStages} tone="warn" icon={<BellRing size={16} />} />
+            <MetricCard label={t('professionalTaskExpansion.metrics.messageTypes')} value={professionalTaskMessageTypes} tone="neutral" icon={<FileText size={16} />} />
+            <MetricCard label={t('professionalTaskExpansion.metrics.approvals')} value={professionalTaskApprovals} tone="warn" icon={<ShieldAlert size={16} />} />
+            <MetricCard label={t('professionalTaskExpansion.metrics.highCritical')} value={professionalTaskHighCritical} tone="danger" icon={<AlertTriangle size={16} />} />
+            <MetricCard label={t('professionalTaskExpansion.metrics.liveWrites')} value={professionalTaskLiveWrites} tone={professionalTaskLiveWrites === 0 ? 'ok' : 'danger'} icon={<BellOff size={16} />} />
+          </div>
+
+          <div style={{ display: 'grid', gridTemplateColumns: 'repeat(auto-fit, minmax(260px, 1fr))', gap: 10 }}>
+            <div style={{ padding: 10, border: '0.5px solid #c8d2e3', borderRadius: 7, background: '#fff', minWidth: 0 }}>
+              <SmallLabel>{t('professionalTaskExpansion.telegramTitle')}</SmallLabel>
+              <p style={{ margin: '6px 0 8px', fontFamily: "'DM Mono', monospace", fontSize: 10, lineHeight: 1.5, color: '#5c5a55', overflowWrap: 'anywhere' }}>
+                {professionalTaskExpansion.telegram_runtime_bridge.canonical_room}
+              </p>
+              <div style={{ display: 'flex', flexWrap: 'wrap', gap: 6 }}>
+                <Chip value={t('professionalTaskExpansion.labels.gateway', { value: String(professionalTaskExpansion.telegram_runtime_bridge.gateway_required) })} />
+                <Chip value={t('professionalTaskExpansion.labels.noSend', { value: String(professionalTaskExpansion.telegram_runtime_bridge.no_send_preview_ready) })} muted />
+                <Chip value={t('professionalTaskExpansion.labels.queuePreview', { value: String(professionalTaskExpansion.telegram_runtime_bridge.queue_preview_readback_ready) })} muted />
+                <Chip value={t('professionalTaskExpansion.labels.directBot', { value: String(professionalTaskExpansion.telegram_runtime_bridge.direct_bot_api_allowed) })} muted />
+                <Chip value={t('professionalTaskExpansion.labels.send', { value: String(professionalTaskExpansion.telegram_runtime_bridge.telegram_send_enabled) })} muted />
+              </div>
+            </div>
+
+            <div style={{ padding: 10, border: '0.5px solid #c8d2e3', borderRadius: 7, background: '#fff', minWidth: 0 }}>
+              <SmallLabel>{t('professionalTaskExpansion.redactionTitle')}</SmallLabel>
+              <p style={{ margin: '6px 0 8px', fontFamily: "'DM Mono', monospace", fontSize: 10, lineHeight: 1.5, color: '#5c5a55', overflowWrap: 'anywhere' }}>
+                {redactPublicText(professionalTaskExpansion.redaction_contract.frontend_display_policy)}
+              </p>
+              <div style={{ display: 'flex', flexWrap: 'wrap', gap: 6 }}>
+                <Chip value={t('professionalTaskExpansion.labels.redaction', { value: String(professionalTaskRedactionLocked) })} />
+                <Chip value={t('professionalTaskExpansion.labels.gatewayWrites', { value: String(professionalTaskExpansion.rollups.gateway_queue_write_count) })} muted />
+                <Chip value={t('professionalTaskExpansion.labels.botCalls', { value: String(professionalTaskExpansion.rollups.bot_api_call_count) })} muted />
+                <Chip value={t('professionalTaskExpansion.labels.productionWrites', { value: String(professionalTaskExpansion.rollups.production_write_count) })} muted />
+              </div>
+            </div>
+          </div>
+
+          <SmallLabel>{t('professionalTaskExpansion.tasksTitle')}</SmallLabel>
+          <div style={{ display: 'grid', gridTemplateColumns: 'repeat(auto-fit, minmax(220px, 1fr))', gap: 10 }} className="automation-inventory-live-read-card-grid">
+            {visibleProfessionalTasks.map(task => {
+              const taskTone = task.risk_tier === 'critical' ? 'danger' : task.risk_tier === 'high' ? 'warn' : 'neutral'
+              const taskColor = toneColor(taskTone)
+              return (
+                <div key={task.task_id} style={{ padding: 10, border: `0.5px solid ${taskColor}55`, borderRadius: 7, background: '#fff', display: 'flex', flexDirection: 'column', gap: 7, minWidth: 0 }}>
+                  <div style={{ display: 'flex', justifyContent: 'space-between', gap: 8, alignItems: 'center', minWidth: 0 }}>
+                    <span style={{ fontFamily: 'Syne, sans-serif', fontSize: 12, fontWeight: 700, color: '#141413', overflowWrap: 'anywhere' }}>
+                      {task.title}
+                    </span>
+                    <Chip value={t(`professionalTaskExpansion.riskTiers.${task.risk_tier}` as never)} muted={task.risk_tier !== 'critical'} />
+                  </div>
+                  <div style={{ display: 'flex', flexWrap: 'wrap', gap: 6 }}>
+                    <Chip value={task.owner_agent} muted />
+                    <Chip value={t('professionalTaskExpansion.labels.approval', { value: String(task.approval_required) })} muted />
+                    <Chip value={t('professionalTaskExpansion.labels.liveCount', { value: String(task.current_live_count_24h) })} muted />
+                    <Chip value={task.telegram_policy} muted />
+                  </div>
+                </div>
+              )
+            })}
+          </div>
+        </div>
+      </GlassCard>
+
       <div style={{ display: 'grid', gridTemplateColumns: 'minmax(0, 1.05fr) minmax(0, 0.95fr)', gap: 12 }} className="automation-inventory-command-grid">
         <GlassCard variant="subtle" padding="md">
           <div style={{ display: 'flex', flexDirection: 'column', gap: 13, minWidth: 0 }}>
diff --git a/apps/web/src/lib/api-client.ts b/apps/web/src/lib/api-client.ts
index 4c678022..e3bd6681 100644
--- a/apps/web/src/lib/api-client.ts
+++ b/apps/web/src/lib/api-client.ts
@@ -334,6 +334,11 @@ export const apiClient = {
     return handleResponse<AiAgent12AgentWarRoomSnapshot>(res)
   },
 
+  async getAiAgentProfessionalTaskExpansion() {
+    const res = await fetch(`${API_BASE_URL}/agents/agent-professional-task-expansion`)
+    return handleResponse<AiAgentProfessionalTaskExpansionSnapshot>(res)
+  },
+
   async getAiAgentProactiveOperationsContract() {
     const res = await fetch(`${API_BASE_URL}/agents/agent-proactive-operations-contract`)
     return handleResponse<AiAgentProactiveOperationsContractSnapshot>(res)
@@ -1418,6 +1423,110 @@ export interface AiAgent12AgentWarRoomSnapshot {
   }
 }
 
+export interface AiAgentProfessionalTaskExpansionSnapshot {
+  schema_version: 'ai_agent_professional_task_expansion_v1'
+  generated_at: string
+  program_status: {
+    overall_completion_percent: number
+    current_priority: 'P0' | 'P1' | 'P2' | 'P3'
+    current_task_id: 'P2-405A'
+    next_task_id: 'P2-405B'
+    read_only_mode: true
+    runtime_authority: 'professional_task_expansion_and_telegram_bridge_read_only_no_send'
+    status_note: string
+  }
+  source_refs: string[]
+  telegram_runtime_bridge: {
+    canonical_room: string
+    canonical_room_env: string
+    gateway_required: boolean
+    gateway_owner: string
+    arbiter: string
+    receipt_owner: string
+    replay_owner: string
+    no_send_preview_ready: boolean
+    queue_preview_readback_ready: boolean
+    approved_canary_required: boolean
+    direct_bot_api_allowed: boolean
+    bot_api_call_enabled: boolean
+    gateway_queue_write_enabled: boolean
+    telegram_send_enabled: boolean
+    delivery_receipt_write_enabled: boolean
+    stages: Array<{
+      stage_id: string
+      title: string
+      status: string
+      allowed_output: string
+      live_send_enabled: boolean
+      exit_condition: string
+    }>
+    message_types: Array<{
+      message_type_id: string
+      title: string
+      cadence: string
+      risk_scope: string
+      delivery_gate: string
+    }>
+  }
+  professional_task_domains: Array<{
+    domain_id: string
+    title: string
+    summary: string
+    primary_owner: string
+    task_count: number
+  }>
+  professional_tasks: Array<{
+    task_id: string
+    title: string
+    domain_id: string
+    owner_agent: string
+    risk_tier: 'low' | 'medium' | 'high' | 'critical'
+    automation_mode: string
+    telegram_policy: string
+    required_mcp: string[]
+    required_rag: string[]
+    approval_required: boolean
+    current_live_count_24h: number
+    blocked_actions: string[]
+  }>
+  reporting_contract: Record<'daily' | 'weekly' | 'monthly' | 'action_required', {
+    required: boolean
+    delivery_mode: string
+    sections: string[]
+  }>
+  redaction_contract: {
+    redaction_required: boolean
+    conversation_transcript_display_allowed: boolean
+    raw_prompt_display_allowed: boolean
+    private_reasoning_display_allowed: boolean
+    secret_value_display_allowed: boolean
+    raw_runtime_payload_display_allowed: boolean
+    telegram_message_must_be_sanitized: boolean
+    frontend_display_policy: string
+  }
+  rollups: {
+    professional_task_count: number
+    domain_count: number
+    telegram_stage_count: number
+    telegram_message_type_count: number
+    approval_required_count: number
+    low_risk_task_count: number
+    medium_risk_task_count: number
+    high_risk_task_count: number
+    critical_risk_task_count: number
+    current_live_count: number
+    gateway_queue_write_count: number
+    telegram_send_count: number
+    bot_api_call_count: number
+    delivery_receipt_write_count: number
+    production_write_count: number
+    secret_read_count: number
+    paid_api_call_count: number
+    host_write_count: number
+    kubectl_action_count: number
+  }
+}
+
 export interface AiAgentProactiveOperationsContractSnapshot {
   schema_version: 'ai_agent_proactive_operations_contract_v1'
   generated_at: string
diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md
index f4c80d2b..b3661655 100644
--- a/docs/LOGBOOK.md
+++ b/docs/LOGBOOK.md
@@ -83,6 +83,39 @@
 - S4.9 owner response、source-control owner acceptance、Nginx reload、host restart、firewall change、active scan、secret collection、runtime execution、action button 全部維持 `0 / false`。
 - 本輪未 SSH、未讀 live conf、未改主機、未重啟 Docker / Nginx、未修改 firewall / iptables、未收 secrets 明文、未執行 active scan、未 force push。
 
+## 2026-06-15｜AI Agent 專業任務擴展與 Telegram Runtime Bridge 只讀契約
+
+**背景**：統帥要求繼續盤點 AI Agent 還可以承接哪些專業工作，並質疑 Telegram 群組 / TG Bot 尚未整合到 AI Agent 報表、告警、審核與自動化作業鏈。既有 12-Agent War Room 已定義 OpenClaw / Hermes / NemoTron / SRE / Security / DevOps / Data / Supply Chain / Product / QA / Market / Telegram Ops 分工，但仍需要一份可由 API 讀回、可測試、可被 guard 阻擋誤啟用的專業任務擴展契約。
+
+**完成項目**：
+- 新增 `ai_agent_professional_task_expansion_v1` schema、committed snapshot、API loader 與 `GET /api/v1/agents/agent-professional-task-expansion`。
+- `/zh-TW/governance?tab=automation-inventory` 已接入 P2-405A 卡片，顯示 24 類專業任務、8 個領域、5 段 Telegram bridge、6 種訊息、需批准 19、高風險 / critical 11 與 live / send / write = 0。
+- 新增 `docs/ai/AI_AGENT_PROFESSIONAL_TASK_EXPANSION_2026-06-15.md`，把 AI Agent 可承接的專業工作固定成 24 類任務、8 個領域、MCP/RAG 需求、風險層級、Telegram policy 與 blocked actions。
+- Telegram Runtime Bridge 已拆成 5 段：no-send preview、queue preview readback、approved canary、日報 / 週報 / 月報 digest、action-required digest。
+- 任務 rollup 固定：professional task `24`、domain `8`、Telegram stage `5`、message type `6`、需批准 `19`、low / medium / high / critical = `3 / 10 / 6 / 5`。
+- 邊界固定：Gateway queue write、Telegram send、Bot API call、delivery receipt write、production write、secret read、paid API、host write、kubectl action 全部 `0 / false`。
+
+**完成度與狀態**：
+- P2-405A 專業任務擴展契約：`82%`。
+- 專業任務定義 / MCP-RAG / 風險分層：`100%`。
+- Telegram no-send bridge contract：`100%`。
+- Telegram 實發、Gateway queue 寫入、Bot API call、delivery receipt E2E：`0%`，全部仍需後續批准包與 canary gate。
+- 下一步：P2-405B 只允許把完整 no-send message preview、dedup key、receipt expectation 與 canary approval package 顯示到治理頁；本輪卡片只顯示 bridge / rollup，不代表 Telegram 實發。
+
+**本地驗證**：
+- `python3 -m json.tool docs/evaluations/ai_agent_professional_task_expansion_2026-06-15.json` 通過。
+- `python3 -m json.tool docs/schemas/ai_agent_professional_task_expansion_v1.schema.json` 通過。
+- `python3 -m json.tool apps/web/messages/zh-TW.json` 與 `python3 -m json.tool apps/web/messages/en.json` 通過。
+- `python3 -m py_compile apps/api/src/services/ai_agent_professional_task_expansion.py apps/api/src/api/v1/agents.py` 通過。
+- `DATABASE_URL=postgresql+asyncpg://test:test@localhost/test pytest -q apps/api/tests/test_ai_agent_professional_task_expansion.py apps/api/tests/test_ai_agent_professional_task_expansion_api.py` → `7 passed`。
+- `pnpm --filter @awoooi/web typecheck` 通過。
+- `NEXT_PUBLIC_API_URL=https://awoooi.wooo.work pnpm --filter @awoooi/web build` 通過；`/zh-TW/governance` First Load JS `451 kB`。
+- `python3 scripts/security/security-mirror-progress-guard.py --root .` → `SECURITY_MIRROR_PROGRESS_GUARD_OK`。
+- `python3 scripts/ops/doc-secrets-sanity-check.py docs .gitea apps/web/messages/zh-TW.json apps/web/messages/en.json 'apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx' apps/web/src/lib/api-client.ts` → `DOC_SECRET_SANITY_OK scanned_files=872`。
+- `git diff --check` 通過。
+
+**邊界**：本輪未 SSH、未讀 live conf、未改主機、未修改 Telegram Bot、未發 Telegram、未寫 Gateway queue、未呼叫 Bot API、未讀 secret、未啟用 paid API、未跑 kubectl、未做 production write，也沒有把工作視窗對話內容放到前端。
+
 ## 2026-06-15｜Monitoring / Alerting / Observability owner response acceptance 只讀帳本
 
 **背景**：Monitoring / Alerting / Observability 已有 repo-only 清冊與 owner request draft，但仍缺少「owner 回覆收件後如何驗收、哪些欄位必填、哪些證據可接受、哪些動作必須阻擋」的固定帳本。這會讓 Prometheus / Alertmanager / Grafana / SigNoz / Sentry / Langfuse / OTEL / Telegram 告警鏈路在後續收件時，可能被誤判成 reload、receiver route change、silence change、Telegram send 或 alert chain smoke 授權。
diff --git a/docs/ai/AI_AGENT_12_AGENT_WAR_ROOM_2026-06-14.md b/docs/ai/AI_AGENT_12_AGENT_WAR_ROOM_2026-06-14.md
index c14b9b58..8f835d17 100644
--- a/docs/ai/AI_AGENT_12_AGENT_WAR_ROOM_2026-06-14.md
+++ b/docs/ai/AI_AGENT_12_AGENT_WAR_ROOM_2026-06-14.md
@@ -184,5 +184,5 @@ Telegram Ops 工位負責 Telegram Gateway、Channel Hub、日報/週報/月報
 狀態變更：12 位 Agent 只讀審查全部回收並彙整；已建立 `ai_agent_12_agent_war_room_v1` schema / committed snapshot / API / tests / governance UI 區塊。
 證據：`docs/schemas/ai_agent_12_agent_war_room_v1.schema.json`、`docs/evaluations/ai_agent_12_agent_war_room_2026-06-14.json`、`GET /api/v1/agents/agent-12-agent-war-room`、治理頁 12-Agent War Room 區塊、12 位 Agent 只讀回饋。
 阻擋：runtime writer、Telegram send、Bot API、production write、SDK 安裝、付費 API、shadow/canary、host update、DB migration、restore 仍未批准。
-下一步：本地驗證、推送 Gitea CD、production API readback 與 desktop / mobile Browser smoke；P2-143 承接 report receipt / 月報 / Agent 工作量 runtime data model。
+下一步：P2-405B 承接 Telegram no-send preview UI；讓統帥先看見 TG 訊息、dedup、receipt 與風險標籤長相。P2-146 owner response receipt preview 仍屬另一條 release gate 主線；兩者都不得直接打開 Gateway queue、Telegram send、Bot API 或 production write。
 ```
diff --git a/docs/ai/AI_AGENT_AUTOMATION_WORKLIST_2026-06-04.md b/docs/ai/AI_AGENT_AUTOMATION_WORKLIST_2026-06-04.md
index ade3cdb8..d86ca41e 100644
--- a/docs/ai/AI_AGENT_AUTOMATION_WORKLIST_2026-06-04.md
+++ b/docs/ai/AI_AGENT_AUTOMATION_WORKLIST_2026-06-04.md
@@ -15,6 +15,7 @@
 | OpenClaw / Hermes / NemoTron 主動溝通、學習與成長證據 | 100% | P2-401A 到 P2-144 已完成只讀證據面、runtime / report / result-capture gates、no-write readback、promotion review、writer implementation review、writer dry-run fixture、writer dry-run readback、owner promotion execution gate、owner-approved execution rehearsal、owner acceptance / maintenance window gate、owner acceptance readback / preflight hold、owner-approved preflight release package、owner-approved release readiness readback、owner release approval gate、post-release verifier / rollback gate、final release candidate readback、release authorization hold / readback gate、release verifier preflight / owner review packet、release decision hold / readback、release decision next handoff、release decision input prep、12-Agent War Room、owner response 預檢與 owner response 回讀；P2-141 基線與 S4.9 owner release packet 補強皆已正式驗證，P2-142 12-Agent War Room 已完成 production readback 與 desktop / mobile smoke，P2-143 owner response 預檢已完成 production readback 與 in-app browser smoke，P2-144 owner response 回讀已完成 production API readback 與 desktop / mobile smoke。runtime worker、DB migration、production Redis consumer group、canonical runtime readback、live query、runtime score、result capture write、Telegram 實發、delivery receipt E2E、live report delivery、reviewer queue write、Gateway queue write、AI analysis runtime、中低風險 auto worker、KM / LOGBOOK / audit DB / timeline / PlayBook trust 寫入、SDK / 付費服務仍未開 gate | `ai_agent_result_capture_release_decision_owner_response_readback_v1`、`GET /api/v1/agents/agent-result-capture-release-decision-owner-response-readback`、`docs/evaluations/ai_agent_result_capture_release_decision_owner_response_readback_2026-06-14.json`、feature commit `8795f100`、deploy marker `ac938037`、Gitea code-review `2965` / CD `2964` success、5 個回覆讀回 lane、18 個 owner 必填欄位、6 個 readback validation check、6 個 rejection guard、5 個 operator action、等待外部回覆 `5`、未收件 lane `5`、正式寫入 / 發送 `0`；P2-142 feature commit `5de4b3f3`、deploy marker `1a2c9e36`、Gitea CD run `4232` success、production API readback、desktop / mobile in-app browser smoke；P2-143 feature commit `755b0a8d`、deploy marker `667d6329`、Gitea code-review `2961` / CD `2960` success、production API readback、desktop / mobile in-app browser smoke；MASTER §3.2.1b / §3.2.1d / §3.4.3 |
 | AI Agent 主動營運委派與版本生命週期 | 100% | P2-402A / P2-402B / P2-402C / P2-402D / P2-402E / P2-402F / P2-402G 已完成；已建立 repo-only 版本新鮮度快照、工具採用批准包、Telegram action-required digest policy、Gitea PR 草案 lane、host / K3s / stateful 版本只讀盤點、API 與 governance UI。定期排程、外部版本查詢、工具安裝、CI 變更、套件升級、主機更新、container pull、實際 PR creation、auto merge、Telegram 實發、SSH、kubectl、重啟仍未開 gate | `ai_agent_proactive_operations_contract_v1`、`ai_agent_version_freshness_snapshot_v1`、`ai_agent_tool_adoption_approval_package_v1`、`ai_agent_telegram_action_required_digest_policy_v1`、`ai_agent_gitea_pr_draft_lane_v1`、`ai_agent_host_stateful_version_inventory_v1`、`GET /api/v1/agents/agent-proactive-operations-contract`、`GET /api/v1/agents/agent-version-freshness-snapshot`、`GET /api/v1/agents/agent-tool-adoption-approval-package`、`GET /api/v1/agents/agent-telegram-action-required-digest-policy`、`GET /api/v1/agents/agent-gitea-pr-draft-lane`、`GET /api/v1/agents/agent-host-stateful-version-inventory`、`/zh-TW/governance?tab=automation-inventory`、MASTER §3.2.1c |
 | 12-Agent War Room 編組 | 72% | 12 個邏輯工位與分批派工規則已正式部署；OpenClaw / Hermes / NemoTron / SRE / Security / DevOps / Data/DR / Supply Chain / Product/UI / QA / Market / Telegram 共 12 份只讀審查已回收；schema / committed snapshot / API / tests / governance UI 區塊 / production API readback / desktop + mobile in-app browser smoke 已完成；runtime writer、Telegram send、Bot API、production write 仍未批准 | `ai_agent_12_agent_war_room_v1`、`docs/evaluations/ai_agent_12_agent_war_room_2026-06-14.json`、`GET /api/v1/agents/agent-12-agent-war-room`、feature commit `5de4b3f3`、deploy marker `1a2c9e36`、Gitea CD run `4232` success、`/zh-TW/governance?tab=automation-inventory`、12 份 Codex sub-agent 只讀回饋 |
+| AI Agent 專業任務擴展與 Telegram Runtime Bridge | 84% | P2-405A 已完成本地只讀契約與治理頁 P2-405A 卡片；24 類專業任務、8 個領域、5 段 Telegram bridge、6 種訊息類型、MCP/RAG stack、日報 / 週報 / 月報 / action-required 報告契約已固定；Telegram 實發、Gateway queue、Bot API、delivery receipt、production write、secret read、paid API、host write、kubectl action 仍全部關閉 | `ai_agent_professional_task_expansion_v1`、`docs/evaluations/ai_agent_professional_task_expansion_2026-06-15.json`、`GET /api/v1/agents/agent-professional-task-expansion`、`/zh-TW/governance?tab=automation-inventory`、`docs/ai/AI_AGENT_PROFESSIONAL_TASK_EXPANSION_2026-06-15.md`、需批准任務 `19`、low / medium / high / critical = `3 / 10 / 6 / 5`；下一步 P2-405B 完整 no-send message preview / canary approval package |
 | Owner response 預檢與拒收邊界 | 100% | P2-143 已完成正式部署與 production readback；承接 P2-141 input prep 與 P2-142 War Room，只建立 owner / verifier / rollback / maintenance / live-apply 五類外部回覆的 intake 預檢、必填欄位與拒收規則；正式 owner response 尚未收到、未接受、未寫入 | `ai_agent_result_capture_release_decision_owner_response_preflight_v1`、`GET /api/v1/agents/agent-result-capture-release-decision-owner-response-preflight`、feature commit `755b0a8d`、deploy marker `667d6329`、Gitea code-review `2961` / CD `2960` success、5 個 response intake lane、18 個 required owner field、6 個 validation check、6 個 rejection guard、5 個 operator action；owner response received / accepted / redacted payload / reviewer queue / Gateway / Telegram / Bot API / production write / secret read / destructive operation 全為 `0` |
 | Owner response 回讀狀態 | 100% | P2-144 已完成正式部署與 production readback；承接 P2-143 preflight，只讀回五類外部回覆仍未收到、未接受、未拒絕、未保存 | `ai_agent_result_capture_release_decision_owner_response_readback_v1`、`GET /api/v1/agents/agent-result-capture-release-decision-owner-response-readback`、feature commit `8795f100`、deploy marker `ac938037`、Gitea code-review `2965` / CD `2964` success、5 個 response readback lane、18 個 required owner field、6 個 readback validation check、6 個 readback rejection guard、5 個 operator action、waiting external response `5`、no external response received `5`；owner response received / accepted / redacted payload / reviewer queue / Gateway / Telegram / Bot API / production write / secret read / destructive operation 全為 `0` |
 | 本工作清單與分析報告 | 100% | 已完成 | 本 MD 文件 |
@@ -1416,7 +1417,8 @@ UI：
 ## 13. 立即執行順序
 
 1. P2-004：依賴 / 供應鏈漂移監控，保持只讀觀察與批准包邊界。
-2. P3-001：外部 Agent / SDK / API 相關能力仍需證據、費用批准與 shadow / canary 關卡。
+2. P2-405B：AI Agent Telegram 完整 no-send message preview / canary approval package，先讓統帥看見未來 TG 訊息、dedup、receipt 與風險標籤長相；仍不得實發。
+3. P3-001：外部 Agent / SDK / API 相關能力仍需證據、費用批准與 shadow / canary 關卡。
 
 ## 14. 目前風險
 
diff --git a/docs/ai/AI_AGENT_PROFESSIONAL_TASK_EXPANSION_2026-06-15.md b/docs/ai/AI_AGENT_PROFESSIONAL_TASK_EXPANSION_2026-06-15.md
new file mode 100644
index 00000000..c8a428e4
--- /dev/null
+++ b/docs/ai/AI_AGENT_PROFESSIONAL_TASK_EXPANSION_2026-06-15.md
@@ -0,0 +1,78 @@
+# AI Agent 專業任務擴展與 Telegram Runtime Bridge 工作報告
+
+> 日期：2026-06-15（台北時間）
+> 狀態：P2-405A 已完成只讀契約、snapshot、API、測試與治理頁卡片；Telegram 實發仍未啟用。
+> 事實來源：`ai_agent_professional_task_expansion_v1`
+
+## 1. 結論
+
+本輪把「AI Agent 還能處理哪些專業工作」正式產品化成 24 類專業任務，並把 Telegram 群組 / TG Bot 整合拆成 5 段啟動前閘門。
+
+這不是直接讓 AI Agent 發 Telegram 或改 production；目前只允許 no-send preview、queue preview readback、owner review 與批准包。真正送到 **AwoooI SRE 戰情室** 必須先通過 approved canary、dedup、receipt、redaction、OpenClaw 仲裁、Security gate 與 QA verifier。
+
+## 2. 完成度
+
+| 範圍 | 完成度 | 狀態 |
+|---|---:|---|
+| 專業任務擴展契約 | 100% | 24 類任務已定義 owner、風險、MCP、RAG、Telegram policy 與 blocked actions |
+| Telegram Runtime Bridge 契約 | 100% | no-send preview、queue preview、approved canary、日週月報、action-required digest 已分段 |
+| API / loader | 100% | `GET /api/v1/agents/agent-professional-task-expansion` 只讀輸出 |
+| 治理頁可視化 | 100% | `/zh-TW/governance?tab=automation-inventory` 顯示任務、風險、TG bridge 與 live/send/write=0 |
+| Telegram 實發 | 0% | `telegram_send_count=0`、`bot_api_call_count=0`、`gateway_queue_write_count=0` |
+| Runtime 自動優化 | 0% | production write、host write、kubectl、paid API、secret read 全部維持 0 |
+
+## 3. Telegram Bridge
+
+| 階段 | 狀態 | 可做 | 不可做 |
+|---|---|---|---|
+| no-send preview | ready for owner review | 產生脫敏 TG 訊息預覽、dedup key、風險層級 | 不送 Telegram、不寫 queue |
+| queue preview readback | ready for owner review | 讀回 queue envelope hash、receipt expectation | 不寫 production queue |
+| approved canary | blocked until approval | 單一 canary 訊息與 receipt 驗證 | 未批准不得 Bot API send |
+| 日週月報 digest | blocked until canary receipt | Agent 工作量、完成度、阻擋項、圖表摘要 | 不洗版、不發成功噪音 |
+| action-required digest | blocked until dual gate | 高風險審核卡、failure-only escalation | 不取代 runtime authorization |
+
+## 4. 專業任務總覽
+
+| 領域 | 任務數 | 代表任務 | 主責 |
+|---|---:|---|---|
+| SRE / Observability | 4 | incident correlation、告警降噪、synthetic check、DB slow query triage | SRE Sentinel / QA |
+| Security / IwoooS | 3 | public bundle redaction、secret metadata parity、owner response completeness | Security Sentinel |
+| DevOps / Release | 4 | image digest pin、GitOps diff、gateway route impact、candidate PR draft | DevOps Commander |
+| Data / Backup / DR | 3 | backup readiness、escrow evidence、data freshness | Data DR / Hermes |
+| Supply Chain | 2 | CVE triage、SBOM/license drift | Supply Chain Scout |
+| Product / UI / QA | 1 | mobile overflow、console、a11y regression | Product UI / QA |
+| AI Governance / Replay / Market | 4 | market watch、NemoTron replay、cost forecast、runbook/postmortem | OpenClaw / NemoTron / Hermes |
+| Telegram / Reports / Receipts | 3 | digest preview、report truth gate、post-action verifier | Telegram Ops / Hermes / OpenClaw |
+
+## 5. 專業能力層級
+
+| 層級 | AI Agent 可自動做 | Gate |
+|---|---|---|
+| 低風險 | 文件、報表、UI smoke、只讀摘要、truth gate | guard 後自動摘要 |
+| 中風險 | proposal、no-write dry-run、PR 草案、Telegram preview | QA + OpenClaw 或 owner review |
+| 高風險 | 只產批准包、rollback plan、failure-only digest 草案 | 統帥批准 |
+| Critical | production write、kubectl、ArgoCD sync、Telegram 實發、secret、restore、host write | 預設 blocked |
+
+## 6. MCP / RAG
+
+首批 MCP：Gitea、Browser、Observability、Telegram Gateway、Package Registry、Database Readonly、Backup Status、ArgoCD Readonly、HTTP Probe、Fixture Store。
+
+首批 RAG：LOGBOOK chunks、HARD_RULES / ADR chunks、Runbook chunks、Incident / alert traces、Agent market evidence、Owner response templates。
+
+成長指標：KM entries、PlayBook updates、recommendations、replay score delta、blocked action prevented count、receipt missing count。
+
+## 7. 邊界
+
+- 不直接發 Telegram。
+- 不寫 Telegram Gateway queue。
+- 不呼叫 Bot API。
+- 不讀 `TELEGRAM_BOT_TOKEN` 或任何機密明文。
+- 不把工作視窗對話、未遮罩提示、私人推理或未遮罩 runtime payload 放進前端或 Telegram。
+- 不做 production write、host write、kubectl、ArgoCD sync、restore、rollback、paid API、SDK install。
+
+## 8. 下一步
+
+1. P2-405B：把完整 no-send message preview、dedup key、receipt expectation 與 canary approval package 顯示到治理頁，讓統帥先看 TG 訊息會長什麼樣。
+2. P2-405C：產生 approved canary approval package，明確列出發送時間窗、目標群組、dedup、receipt 與 rollback / mute plan。
+3. P2-405D：canary 通過後才開日報 / 週報 / 月報 digest delivery。
+4. P2-405E：Action-required digest 只對 failure / high-risk / approval-required 事件開啟。
diff --git a/docs/evaluations/ai_agent_professional_task_expansion_2026-06-15.json b/docs/evaluations/ai_agent_professional_task_expansion_2026-06-15.json
new file mode 100644
index 00000000..3447ad62
--- /dev/null
+++ b/docs/evaluations/ai_agent_professional_task_expansion_2026-06-15.json
@@ -0,0 +1,244 @@
+{
+  "schema_version": "ai_agent_professional_task_expansion_v1",
+  "generated_at": "2026-06-15T10:40:00+08:00",
+  "program_status": {
+    "current_priority": "P2",
+    "current_task_id": "P2-405A",
+    "next_task_id": "P2-405B",
+    "overall_completion_percent": 82,
+    "read_only_mode": true,
+    "runtime_authority": "professional_task_expansion_and_telegram_bridge_read_only_no_send",
+    "status_note": "AI Agent 專業任務擴展與 Telegram Runtime Bridge 已產品化為只讀契約；目前只允許 no-send preview、queue preview readback 與 owner review，不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不讀 secret、不做 production write。"
+  },
+  "source_refs": [
+    "docs/ai/AI_AGENT_12_AGENT_WAR_ROOM_2026-06-14.md",
+    "docs/ai/AI_AGENT_PROACTIVE_OPERATIONS_2026-06-11.md",
+    "docs/ai/AI_AGENT_INTERACTION_LEARNING_PROOF_2026-06-11.md",
+    "docs/ai/AI_AGENT_TELEGRAM_ACTION_REQUIRED_DIGEST_POLICY_2026-06-11.md",
+    "docs/ai/AI_AGENT_DEPLOYMENT_LAYOUT_2026-06-11.md",
+    "docs/security/MONITORING-OWNER-RESPONSE-ACCEPTANCE.md",
+    "apps/api/src/services/telegram_gateway.py",
+    ".gitea/workflows/cd.yaml",
+    ".gitea/workflows/code-review.yaml"
+  ],
+  "telegram_runtime_bridge": {
+    "canonical_room": "AwoooI SRE 戰情室",
+    "canonical_room_env": "SRE_GROUP_CHAT_ID",
+    "gateway_required": true,
+    "gateway_owner": "telegram_ops_liaison",
+    "arbiter": "openclaw",
+    "receipt_owner": "hermes",
+    "replay_owner": "nemotron",
+    "no_send_preview_ready": true,
+    "queue_preview_readback_ready": true,
+    "approved_canary_required": true,
+    "direct_bot_api_allowed": false,
+    "bot_api_call_enabled": false,
+    "gateway_queue_write_enabled": false,
+    "telegram_send_enabled": false,
+    "delivery_receipt_write_enabled": false,
+    "stages": [
+      {
+        "stage_id": "tg_bridge_01_no_send_preview",
+        "title": "Telegram no-send preview",
+        "status": "ready_for_owner_review",
+        "allowed_output": "脫敏訊息預覽、dedup key、目標群組 metadata、風險層級、需審核選項",
+        "live_send_enabled": false,
+        "exit_condition": "OpenClaw + Security + QA 確認不含 secret、raw payload、工作視窗內容與誤導性執行按鈕。"
+      },
+      {
+        "stage_id": "tg_bridge_02_queue_preview_readback",
+        "title": "Gateway queue preview readback",
+        "status": "ready_for_owner_review",
+        "allowed_output": "queue envelope hash、message type、receipt expectation、rate-limit / dedup plan",
+        "live_send_enabled": false,
+        "exit_condition": "Hermes 讀回 preview hash，QA 確認不會寫入 production queue。"
+      },
+      {
+        "stage_id": "tg_bridge_03_approved_canary",
+        "title": "Approved canary delivery",
+        "status": "blocked_until_explicit_approval",
+        "allowed_output": "單一 approved canary 訊息與 receipt 驗證",
+        "live_send_enabled": false,
+        "exit_condition": "統帥明確批准 canary、指定時間窗與 rollback / mute plan。"
+      },
+      {
+        "stage_id": "tg_bridge_04_daily_weekly_monthly_digest",
+        "title": "日報 / 週報 / 月報 digest delivery",
+        "status": "blocked_until_canary_receipt",
+        "allowed_output": "Agent 工作量、完成度、阻擋項、圖表摘要與 low-noise digest",
+        "live_send_enabled": false,
+        "exit_condition": "canary receipt 正常、dedup 有效、成功訊息壓制策略通過。"
+      },
+      {
+        "stage_id": "tg_bridge_05_action_required_digest",
+        "title": "Action-required / high-risk approval digest",
+        "status": "blocked_until_dual_gate",
+        "allowed_output": "高風險審核卡、owner response 缺口、failure-only escalation",
+        "live_send_enabled": false,
+        "exit_condition": "OpenClaw 仲裁、Security gate、QA verifier 與 Telegram receipt 全通過。"
+      }
+    ],
+    "message_types": [
+      {
+        "message_type": "daily_agent_workload_digest",
+        "cadence": "daily",
+        "risk_tier": "low",
+        "owner_agent": "hermes",
+        "send_policy": "send_after_canary_and_dedup_gate"
+      },
+      {
+        "message_type": "weekly_governance_summary",
+        "cadence": "weekly",
+        "risk_tier": "medium",
+        "owner_agent": "hermes",
+        "send_policy": "send_after_canary_and_truth_gate"
+      },
+      {
+        "message_type": "monthly_growth_report",
+        "cadence": "monthly",
+        "risk_tier": "medium",
+        "owner_agent": "hermes",
+        "send_policy": "send_after_owner_review"
+      },
+      {
+        "message_type": "high_risk_approval_card",
+        "cadence": "event",
+        "risk_tier": "high",
+        "owner_agent": "openclaw",
+        "send_policy": "approval_required_before_send"
+      },
+      {
+        "message_type": "failure_only_escalation",
+        "cadence": "event",
+        "risk_tier": "critical",
+        "owner_agent": "sre_sentinel",
+        "send_policy": "failure_only_after_route_lock"
+      },
+      {
+        "message_type": "report_receipt_gap_alert",
+        "cadence": "event",
+        "risk_tier": "medium",
+        "owner_agent": "telegram_ops_liaison",
+        "send_policy": "no_send_preview_until_receipt_contract"
+      }
+    ]
+  },
+  "professional_task_domains": [
+    {"domain_id": "sre_observability", "label": "SRE / Observability", "owner_agent": "sre_sentinel"},
+    {"domain_id": "security_iwooos", "label": "Security / IwoooS", "owner_agent": "security_sentinel"},
+    {"domain_id": "devops_release", "label": "DevOps / Release", "owner_agent": "devops_commander"},
+    {"domain_id": "data_dr", "label": "Data / Backup / DR", "owner_agent": "data_dr_guardian"},
+    {"domain_id": "supply_chain", "label": "Supply Chain / Versions", "owner_agent": "supply_chain_scout"},
+    {"domain_id": "product_quality", "label": "Product / UI / QA", "owner_agent": "product_ui_curator"},
+    {"domain_id": "ai_governance", "label": "AI Governance / Replay / Market", "owner_agent": "openclaw"},
+    {"domain_id": "telegram_reporting", "label": "Telegram / Reports / Receipts", "owner_agent": "telegram_ops_liaison"}
+  ],
+  "professional_tasks": [
+    {"task_id": "pro_task_001_incident_correlation", "title": "跨來源 incident correlation 與根因候選排序", "domain_id": "sre_observability", "owner_agent": "sre_sentinel", "supporting_agents": ["openclaw", "hermes"], "risk_tier": "medium", "automation_mode": "no_write_dry_run", "telegram_policy": "action_required_preview", "required_mcp": ["observability", "gitea", "browser"], "required_rag": ["incident_traces", "runbooks"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["alert_rule_change", "silence_change", "restart_service"]},
+    {"task_id": "pro_task_002_alert_noise_budget", "title": "告警噪音預算與降噪提案", "domain_id": "sre_observability", "owner_agent": "sre_sentinel", "supporting_agents": ["hermes", "openclaw"], "risk_tier": "medium", "automation_mode": "proposal_only", "telegram_policy": "weekly_digest", "required_mcp": ["prometheus", "alertmanager"], "required_rag": ["alert_traces", "runbooks"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["receiver_route_change", "silence_policy_change", "prometheus_reload"]},
+    {"task_id": "pro_task_003_synthetic_check_plan", "title": "公開路由 synthetic check 與失敗分類計畫", "domain_id": "sre_observability", "owner_agent": "qa_verifier", "supporting_agents": ["product_ui_curator", "sre_sentinel"], "risk_tier": "low", "automation_mode": "auto_summary_after_guard", "telegram_policy": "daily_digest", "required_mcp": ["browser", "http_probe"], "required_rag": ["route_runbooks"], "approval_required": false, "current_live_count_24h": 0, "blocked_actions": ["active_scan", "production_write"]},
+    {"task_id": "pro_task_004_backup_restore_readiness", "title": "備份 freshness、restore drill 與 DR readiness 報告", "domain_id": "data_dr", "owner_agent": "data_dr_guardian", "supporting_agents": ["hermes", "openclaw"], "risk_tier": "high", "automation_mode": "approval_required_before_execution", "telegram_policy": "action_required_preview", "required_mcp": ["backup_status", "gitea"], "required_rag": ["dr_runbooks"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["restore_run", "offsite_sync", "credential_escrow_marker_write"]},
+    {"task_id": "pro_task_005_non_secret_escrow_evidence", "title": "credential escrow 非敏感證據補件路由", "domain_id": "data_dr", "owner_agent": "data_dr_guardian", "supporting_agents": ["security_sentinel", "hermes"], "risk_tier": "critical", "automation_mode": "blocked_until_owner_response", "telegram_policy": "action_required_preview", "required_mcp": ["gitea"], "required_rag": ["dr_runbooks", "hard_rules"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["secret_value_collection", "credential_read", "marker_write_without_owner"]},
+    {"task_id": "pro_task_006_dependency_cve_triage", "title": "依賴 CVE / EOL / license 風險分流", "domain_id": "supply_chain", "owner_agent": "supply_chain_scout", "supporting_agents": ["openclaw", "security_sentinel"], "risk_tier": "medium", "automation_mode": "proposal_only", "telegram_policy": "weekly_digest", "required_mcp": ["package_registry", "osv"], "required_rag": ["dependency_policy"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["package_upgrade", "lockfile_write", "external_scan_without_approval"]},
+    {"task_id": "pro_task_007_sbom_license_drift", "title": "SBOM / license / Docker surface drift 批准包", "domain_id": "supply_chain", "owner_agent": "supply_chain_scout", "supporting_agents": ["hermes", "security_sentinel"], "risk_tier": "medium", "automation_mode": "proposal_only", "telegram_policy": "weekly_digest", "required_mcp": ["syft", "trivy"], "required_rag": ["supply_chain_runbooks"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["tool_install", "image_pull", "sbom_upload"]},
+    {"task_id": "pro_task_008_image_digest_pin_plan", "title": "Docker image digest pinning 與 rollback 計畫", "domain_id": "supply_chain", "owner_agent": "devops_commander", "supporting_agents": ["supply_chain_scout", "qa_verifier"], "risk_tier": "high", "automation_mode": "approval_required_before_execution", "telegram_policy": "action_required_preview", "required_mcp": ["registry", "gitea"], "required_rag": ["release_runbooks"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["image_pull", "image_push", "kustomization_write_without_review"]},
+    {"task_id": "pro_task_009_gitops_diff_review", "title": "K8s / ArgoCD manifest diff 與 blast-radius review", "domain_id": "devops_release", "owner_agent": "devops_commander", "supporting_agents": ["openclaw", "qa_verifier"], "risk_tier": "critical", "automation_mode": "approval_required_before_execution", "telegram_policy": "action_required_preview", "required_mcp": ["gitea", "argocd"], "required_rag": ["gitops_runbooks"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["argocd_sync", "kubectl_apply", "helm_upgrade"]},
+    {"task_id": "pro_task_010_gateway_route_impact", "title": "Nginx / public gateway route impact analysis", "domain_id": "devops_release", "owner_agent": "devops_commander", "supporting_agents": ["security_sentinel", "qa_verifier"], "risk_tier": "critical", "automation_mode": "approval_required_before_execution", "telegram_policy": "action_required_preview", "required_mcp": ["gitea", "browser"], "required_rag": ["gateway_runbooks"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["nginx_reload", "route_change", "certbot_renew"]},
+    {"task_id": "pro_task_011_public_bundle_redaction", "title": "前台 bundle / DOM / i18n 敏感資訊防洩漏掃描", "domain_id": "security_iwooos", "owner_agent": "security_sentinel", "supporting_agents": ["product_ui_curator", "qa_verifier"], "risk_tier": "medium", "automation_mode": "no_write_dry_run", "telegram_policy": "daily_digest", "required_mcp": ["browser", "gitea"], "required_rag": ["hard_rules"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["frontend_deploy_without_smoke", "secret_storage"]},
+    {"task_id": "pro_task_012_secret_metadata_parity", "title": "Secret name parity、injection route 與 redaction gate", "domain_id": "security_iwooos", "owner_agent": "security_sentinel", "supporting_agents": ["devops_commander", "openclaw"], "risk_tier": "critical", "automation_mode": "blocked_until_owner_response", "telegram_policy": "action_required_preview", "required_mcp": ["gitea"], "required_rag": ["secret_runbooks"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["secret_value_read", "secret_rotation", "workflow_modification"]},
+    {"task_id": "pro_task_013_telegram_digest_preview", "title": "AI Agent 日週月報 Telegram no-send preview", "domain_id": "telegram_reporting", "owner_agent": "telegram_ops_liaison", "supporting_agents": ["hermes", "qa_verifier"], "risk_tier": "medium", "automation_mode": "no_write_dry_run", "telegram_policy": "no_direct_telegram", "required_mcp": ["telegram_gateway"], "required_rag": ["logbook_chunks"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["telegram_send", "bot_api_call", "gateway_queue_write"]},
+    {"task_id": "pro_task_014_report_truth_gate", "title": "日報 / 週報 / 月報 truth gate 與可處置性審查", "domain_id": "telegram_reporting", "owner_agent": "hermes", "supporting_agents": ["openclaw", "sre_sentinel"], "risk_tier": "medium", "automation_mode": "auto_summary_after_guard", "telegram_policy": "weekly_digest", "required_mcp": ["gitea", "observability"], "required_rag": ["logbook_chunks", "incident_traces"], "approval_required": false, "current_live_count_24h": 0, "blocked_actions": ["false_green_report", "report_send_without_truth_gate"]},
+    {"task_id": "pro_task_015_agent_market_watch", "title": "主流 AI Agent / SDK / 模型版本市場雷達", "domain_id": "ai_governance", "owner_agent": "market_scout", "supporting_agents": ["openclaw", "nemotron"], "risk_tier": "medium", "automation_mode": "proposal_only", "telegram_policy": "weekly_digest", "required_mcp": ["web_primary_sources", "gitea"], "required_rag": ["agent_market_evidence"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["sdk_install", "paid_api_call", "production_route_change"]},
+    {"task_id": "pro_task_016_model_replay_scorecard", "title": "NemoTron / 候選模型 replay scorecard 與 failure mode 分析", "domain_id": "ai_governance", "owner_agent": "nemotron", "supporting_agents": ["openclaw", "qa_verifier"], "risk_tier": "high", "automation_mode": "no_write_dry_run", "telegram_policy": "action_required_preview", "required_mcp": ["fixture_store", "gitea"], "required_rag": ["replay_fixtures"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["shadow_route", "canary_route", "full_replay_without_approval"]},
+    {"task_id": "pro_task_017_cost_capacity_forecast", "title": "AI provider、主機、K3s 與外部服務成本 / 容量預測", "domain_id": "ai_governance", "owner_agent": "openclaw", "supporting_agents": ["supply_chain_scout", "sre_sentinel"], "risk_tier": "high", "automation_mode": "proposal_only", "telegram_policy": "monthly_digest", "required_mcp": ["observability", "billing_metadata"], "required_rag": ["cost_policy"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["paid_provider_switch", "limit_increase", "paid_api_call"]},
+    {"task_id": "pro_task_018_db_query_triage", "title": "PostgreSQL 慢查詢、索引與資料新鮮度異常 triage", "domain_id": "sre_observability", "owner_agent": "sre_sentinel", "supporting_agents": ["data_dr_guardian", "openclaw"], "risk_tier": "high", "automation_mode": "proposal_only", "telegram_policy": "action_required_preview", "required_mcp": ["database_readonly", "observability"], "required_rag": ["db_runbooks"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["migration", "reindex", "write_query"]},
+    {"task_id": "pro_task_019_data_freshness_source_reliability", "title": "資料來源新鮮度、fallback 與來源可信度監控", "domain_id": "data_dr", "owner_agent": "hermes", "supporting_agents": ["sre_sentinel", "qa_verifier"], "risk_tier": "medium", "automation_mode": "auto_summary_after_guard", "telegram_policy": "daily_digest", "required_mcp": ["http_probe", "database_readonly"], "required_rag": ["data_quality_runbooks"], "approval_required": false, "current_live_count_24h": 0, "blocked_actions": ["source_switch_without_owner", "data_write"]},
+    {"task_id": "pro_task_020_ui_accessibility_regression", "title": "前後台 mobile overflow、console error、可讀性與 a11y regression", "domain_id": "product_quality", "owner_agent": "product_ui_curator", "supporting_agents": ["qa_verifier", "security_sentinel"], "risk_tier": "low", "automation_mode": "auto_summary_after_guard", "telegram_policy": "daily_digest", "required_mcp": ["browser"], "required_rag": ["frontend_guidelines"], "approval_required": false, "current_live_count_24h": 0, "blocked_actions": ["unrelated_redesign", "public_secret_display"]},
+    {"task_id": "pro_task_021_runbook_postmortem_draft", "title": "Runbook、postmortem 與 owner handoff 草稿", "domain_id": "ai_governance", "owner_agent": "hermes", "supporting_agents": ["openclaw", "sre_sentinel"], "risk_tier": "low", "automation_mode": "auto_summary_after_guard", "telegram_policy": "weekly_digest", "required_mcp": ["gitea"], "required_rag": ["logbook_chunks", "runbooks"], "approval_required": false, "current_live_count_24h": 0, "blocked_actions": ["canonical_km_write_without_review", "secret_in_doc"]},
+    {"task_id": "pro_task_022_owner_response_completeness", "title": "Owner response 欄位完整性、補件與拒收分流", "domain_id": "security_iwooos", "owner_agent": "security_sentinel", "supporting_agents": ["hermes", "openclaw"], "risk_tier": "high", "automation_mode": "proposal_only", "telegram_policy": "action_required_preview", "required_mcp": ["gitea"], "required_rag": ["owner_response_templates"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["mark_accepted_without_reviewer", "runtime_gate_open"]},
+    {"task_id": "pro_task_023_candidate_pr_draft_packaging", "title": "低 / 中風險候選 PR 草案、測試與 rollback 封包", "domain_id": "devops_release", "owner_agent": "devops_commander", "supporting_agents": ["qa_verifier", "openclaw"], "risk_tier": "medium", "automation_mode": "proposal_only", "telegram_policy": "action_required_preview", "required_mcp": ["gitea"], "required_rag": ["release_runbooks"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["branch_push_without_approval", "auto_merge", "workflow_trigger"]},
+    {"task_id": "pro_task_024_post_action_verifier", "title": "Post-action verifier、rollback trigger 與 receipt reconciliation", "domain_id": "telegram_reporting", "owner_agent": "openclaw", "supporting_agents": ["telegram_ops_liaison", "qa_verifier"], "risk_tier": "critical", "automation_mode": "approval_required_before_execution", "telegram_policy": "failure_only_preview", "required_mcp": ["telegram_gateway", "observability", "gitea"], "required_rag": ["verification_runbooks"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["verifier_live_readback_without_gate", "rollback_without_owner", "telegram_send_without_receipt"] }
+  ],
+  "mcp_rag_stack": {
+    "mcp_connectors": [
+      "gitea",
+      "browser",
+      "observability",
+      "telegram_gateway",
+      "package_registry",
+      "database_readonly",
+      "backup_status",
+      "argocd_readonly",
+      "http_probe",
+      "fixture_store"
+    ],
+    "rag_sources": [
+      "LOGBOOK chunks",
+      "HARD_RULES / ADR chunks",
+      "runbook chunks",
+      "incident / alert traces",
+      "agent market evidence",
+      "owner response templates"
+    ],
+    "growth_metrics": [
+      "km_entries_created",
+      "playbook_updates",
+      "recommendations_created",
+      "replay_score_delta",
+      "blocked_action_prevented_count",
+      "receipt_missing_count"
+    ]
+  },
+  "risk_policy": {
+    "low": "文件、報表、UI smoke 與只讀摘要可在 guard 後自動處理並進每日 digest。",
+    "medium": "中風險只能先產 proposal、no-write dry-run 或 PR 草案；涉及設定、外部服務、成本、路由或未知狀態時升級審核。",
+    "high": "高風險必須 OpenClaw 仲裁、QA / Security gate 與統帥批准；不得自動執行。",
+    "critical": "production write、kubectl、ArgoCD sync、Telegram 實發、secret、付費 API、restore、rollback、host write 均維持 blocked until explicit approval。"
+  },
+  "reporting_contract": {
+    "daily": {"required": true, "owner_agent": "hermes", "telegram_stage": "tg_bridge_04_daily_weekly_monthly_digest"},
+    "weekly": {"required": true, "owner_agent": "hermes", "telegram_stage": "tg_bridge_04_daily_weekly_monthly_digest"},
+    "monthly": {"required": true, "owner_agent": "hermes", "telegram_stage": "tg_bridge_04_daily_weekly_monthly_digest"},
+    "action_required": {"required": true, "owner_agent": "openclaw", "telegram_stage": "tg_bridge_05_action_required_digest"}
+  },
+  "redaction_contract": {
+    "redaction_required": true,
+    "conversation_transcript_display_allowed": false,
+    "raw_prompt_display_allowed": false,
+    "private_reasoning_display_allowed": false,
+    "secret_value_display_allowed": false,
+    "raw_runtime_payload_display_allowed": false,
+    "telegram_message_must_be_sanitized": true,
+    "forbidden_terms": [
+      "work_window_transcript",
+      "raw prompt",
+      "private reasoning",
+      "chain-of-thought",
+      "telegram token",
+      "authorization header",
+      "secret value"
+    ]
+  },
+  "rollups": {
+    "professional_task_count": 24,
+    "domain_count": 8,
+    "telegram_stage_count": 5,
+    "telegram_message_type_count": 6,
+    "approval_required_count": 19,
+    "low_risk_task_count": 3,
+    "medium_risk_task_count": 10,
+    "high_risk_task_count": 6,
+    "critical_risk_task_count": 5,
+    "current_live_count": 0,
+    "gateway_queue_write_count": 0,
+    "telegram_send_count": 0,
+    "bot_api_call_count": 0,
+    "delivery_receipt_write_count": 0,
+    "production_write_count": 0,
+    "secret_read_count": 0,
+    "paid_api_call_count": 0,
+    "host_write_count": 0,
+    "kubectl_action_count": 0
+  }
+}
diff --git a/docs/schemas/ai_agent_professional_task_expansion_v1.schema.json b/docs/schemas/ai_agent_professional_task_expansion_v1.schema.json
new file mode 100644
index 00000000..c7dedfb3
--- /dev/null
+++ b/docs/schemas/ai_agent_professional_task_expansion_v1.schema.json
@@ -0,0 +1,329 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://awoooi.wooo.work/schemas/ai_agent_professional_task_expansion_v1.schema.json",
+  "title": "AI Agent Professional Task Expansion And Telegram Runtime Bridge",
+  "type": "object",
+  "required": [
+    "schema_version",
+    "generated_at",
+    "program_status",
+    "source_refs",
+    "telegram_runtime_bridge",
+    "professional_task_domains",
+    "professional_tasks",
+    "mcp_rag_stack",
+    "risk_policy",
+    "reporting_contract",
+    "redaction_contract",
+    "rollups"
+  ],
+  "properties": {
+    "schema_version": {
+      "const": "ai_agent_professional_task_expansion_v1"
+    },
+    "generated_at": {
+      "type": "string",
+      "format": "date-time"
+    },
+    "program_status": {
+      "type": "object",
+      "required": [
+        "current_priority",
+        "current_task_id",
+        "next_task_id",
+        "overall_completion_percent",
+        "read_only_mode",
+        "runtime_authority",
+        "status_note"
+      ],
+      "properties": {
+        "current_priority": {
+          "enum": ["P0", "P1", "P2", "P3"]
+        },
+        "current_task_id": {
+          "const": "P2-405A"
+        },
+        "next_task_id": {
+          "const": "P2-405B"
+        },
+        "overall_completion_percent": {
+          "type": "integer",
+          "minimum": 0,
+          "maximum": 100
+        },
+        "read_only_mode": {
+          "const": true
+        },
+        "runtime_authority": {
+          "const": "professional_task_expansion_and_telegram_bridge_read_only_no_send"
+        },
+        "status_note": {
+          "type": "string",
+          "minLength": 1
+        }
+      },
+      "additionalProperties": true
+    },
+    "source_refs": {
+      "type": "array",
+      "minItems": 1,
+      "items": {
+        "type": "string"
+      }
+    },
+    "telegram_runtime_bridge": {
+      "type": "object",
+      "required": [
+        "canonical_room",
+        "canonical_room_env",
+        "gateway_required",
+        "no_send_preview_ready",
+        "queue_preview_readback_ready",
+        "approved_canary_required",
+        "direct_bot_api_allowed",
+        "bot_api_call_enabled",
+        "gateway_queue_write_enabled",
+        "telegram_send_enabled",
+        "delivery_receipt_write_enabled",
+        "stages",
+        "message_types"
+      ],
+      "properties": {
+        "canonical_room": {
+          "const": "AwoooI SRE 戰情室"
+        },
+        "canonical_room_env": {
+          "const": "SRE_GROUP_CHAT_ID"
+        },
+        "gateway_required": {
+          "const": true
+        },
+        "no_send_preview_ready": {
+          "const": true
+        },
+        "queue_preview_readback_ready": {
+          "const": true
+        },
+        "approved_canary_required": {
+          "const": true
+        },
+        "direct_bot_api_allowed": {
+          "const": false
+        },
+        "bot_api_call_enabled": {
+          "const": false
+        },
+        "gateway_queue_write_enabled": {
+          "const": false
+        },
+        "telegram_send_enabled": {
+          "const": false
+        },
+        "delivery_receipt_write_enabled": {
+          "const": false
+        },
+        "stages": {
+          "type": "array",
+          "minItems": 5,
+          "items": {
+            "type": "object"
+          }
+        },
+        "message_types": {
+          "type": "array",
+          "minItems": 6,
+          "items": {
+            "type": "object"
+          }
+        }
+      },
+      "additionalProperties": true
+    },
+    "professional_task_domains": {
+      "type": "array",
+      "minItems": 8,
+      "items": {
+        "type": "object"
+      }
+    },
+    "professional_tasks": {
+      "type": "array",
+      "minItems": 24,
+      "items": {
+        "type": "object",
+        "required": [
+          "task_id",
+          "title",
+          "domain_id",
+          "owner_agent",
+          "risk_tier",
+          "automation_mode",
+          "telegram_policy",
+          "required_mcp",
+          "required_rag",
+          "approval_required",
+          "current_live_count_24h",
+          "blocked_actions"
+        ],
+        "properties": {
+          "task_id": {
+            "type": "string"
+          },
+          "title": {
+            "type": "string"
+          },
+          "domain_id": {
+            "type": "string"
+          },
+          "owner_agent": {
+            "type": "string"
+          },
+          "risk_tier": {
+            "enum": ["low", "medium", "high", "critical"]
+          },
+          "automation_mode": {
+            "enum": [
+              "auto_summary_after_guard",
+              "no_write_dry_run",
+              "proposal_only",
+              "approval_required_before_execution",
+              "blocked_until_owner_response"
+            ]
+          },
+          "telegram_policy": {
+            "enum": [
+              "daily_digest",
+              "weekly_digest",
+              "monthly_digest",
+              "action_required_preview",
+              "failure_only_preview",
+              "no_direct_telegram"
+            ]
+          },
+          "required_mcp": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "required_rag": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          },
+          "approval_required": {
+            "type": "boolean"
+          },
+          "current_live_count_24h": {
+            "const": 0
+          },
+          "blocked_actions": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          }
+        },
+        "additionalProperties": true
+      }
+    },
+    "mcp_rag_stack": {
+      "type": "object"
+    },
+    "risk_policy": {
+      "type": "object"
+    },
+    "reporting_contract": {
+      "type": "object"
+    },
+    "redaction_contract": {
+      "type": "object"
+    },
+    "rollups": {
+      "type": "object",
+      "required": [
+        "professional_task_count",
+        "domain_count",
+        "telegram_stage_count",
+        "telegram_message_type_count",
+        "approval_required_count",
+        "low_risk_task_count",
+        "medium_risk_task_count",
+        "high_risk_task_count",
+        "critical_risk_task_count",
+        "current_live_count",
+        "gateway_queue_write_count",
+        "telegram_send_count",
+        "bot_api_call_count",
+        "delivery_receipt_write_count",
+        "production_write_count",
+        "secret_read_count",
+        "paid_api_call_count",
+        "host_write_count",
+        "kubectl_action_count"
+      ],
+      "properties": {
+        "professional_task_count": {
+          "const": 24
+        },
+        "domain_count": {
+          "const": 8
+        },
+        "telegram_stage_count": {
+          "const": 5
+        },
+        "telegram_message_type_count": {
+          "const": 6
+        },
+        "approval_required_count": {
+          "const": 19
+        },
+        "low_risk_task_count": {
+          "const": 3
+        },
+        "medium_risk_task_count": {
+          "const": 10
+        },
+        "high_risk_task_count": {
+          "const": 6
+        },
+        "critical_risk_task_count": {
+          "const": 5
+        },
+        "current_live_count": {
+          "const": 0
+        },
+        "gateway_queue_write_count": {
+          "const": 0
+        },
+        "telegram_send_count": {
+          "const": 0
+        },
+        "bot_api_call_count": {
+          "const": 0
+        },
+        "delivery_receipt_write_count": {
+          "const": 0
+        },
+        "production_write_count": {
+          "const": 0
+        },
+        "secret_read_count": {
+          "const": 0
+        },
+        "paid_api_call_count": {
+          "const": 0
+        },
+        "host_write_count": {
+          "const": 0
+        },
+        "kubectl_action_count": {
+          "const": 0
+        }
+      },
+      "additionalProperties": true
+    }
+  },
+  "additionalProperties": true
+}
diff --git a/docs/superpowers/specs/2026-04-15-MASTER-ai-autonomous-flywheel-v2.md b/docs/superpowers/specs/2026-04-15-MASTER-ai-autonomous-flywheel-v2.md
index a719dc34..cb65970f 100644
--- a/docs/superpowers/specs/2026-04-15-MASTER-ai-autonomous-flywheel-v2.md
+++ b/docs/superpowers/specs/2026-04-15-MASTER-ai-autonomous-flywheel-v2.md
@@ -638,6 +638,7 @@ Alert / Sentry / SigNoz / Gitea / Market Watch / Operator
 | `docs/evaluations/ai_agent_report_runtime_dry_run_2026-06-12.json` + `GET /api/v1/agents/agent-report-runtime-dry-run` | P2-403M 報表 runtime no-write dry-run 證據包；建立 5 個 dry-run artifact、3 個 SRE 戰情室 queue digest 草案、4 個 readback verifier case、3 個 Agent dry-run role 與 6 個 operator checkpoint；不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不寫 delivery receipt、不啟動 worker、不跑 verifier live readback、不讀 secret，已由 P2-403N fixture readback 承接 |
 | `docs/evaluations/ai_agent_report_runtime_fixture_readback_2026-06-12.json` + `GET /api/v1/agents/agent-report-runtime-fixture-readback` | P2-403N fixture smoke / queue preview readback / verifier dry-run 證據包；建立 5 個 fixture smoke、3 個 SRE 戰情室 queue preview readback、4 個 verifier dry-run case、3 個 Agent fixture role 與 5 個 operator checkpoint；不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不寫 delivery receipt、不啟動 worker、不跑 verifier live readback、不讀 secret，下一步 P2-404 |
 | `docs/evaluations/ai_agent_runtime_worker_shadow_gate_2026-06-12.json` + `GET /api/v1/agents/agent-runtime-worker-shadow-gate` | P2-404 runtime worker shadow / no-write execution evidence gate；建立 5 個 shadow candidate、4 個 no-write replay、4 個 verifier shadow case、3 個 Agent shadow role 與 6 個 operator checkpoint；shadow live worker、Gateway queue write、Telegram send、Bot API、delivery receipt、auto worker、verifier live readback、production write 與 secret read 全部 `0 / false`，下一步 P2-101 |
+| `docs/evaluations/ai_agent_professional_task_expansion_2026-06-15.json` + `GET /api/v1/agents/agent-professional-task-expansion` | P2-405A AI Agent 專業任務擴展與 Telegram Runtime Bridge；承接 12-Agent War Room、P2-403 report/runtime 鏈與 monitoring owner response acceptance，固定 24 類專業任務、8 個任務領域、5 段 Telegram bridge、6 種訊息類型、MCP/RAG stack、日報 / 週報 / 月報 / action-required 報告契約，並接入 governance automation inventory 卡片；需批准任務 `19`、low / medium / high / critical = `3 / 10 / 6 / 5`；Gateway queue write、Telegram send、Bot API、delivery receipt、production write、secret read、paid API、host write 與 kubectl action 全部 `0 / false`，下一步 P2-405B 完整 no-send message preview / canary approval package |
 | `docs/evaluations/ai_agent_operation_permission_model_2026-06-12.json` + `GET /api/v1/agents/agent-operation-permission-model` | P2-101 操作類別權限模型；建立 5 條 permission lane、13 類 operation category、3 個 Agent permission role、8 個 gate transition 與 5 個 operator decision template；runtime execution、Gateway queue write、Telegram send、Bot API、delivery receipt、auto worker、verifier live readback、production write、secret / paid provider、host command 與 destructive action 全部 `0 / false`，已由 P2-102 承接 |
 | `docs/evaluations/ai_agent_candidate_operation_dry_run_evidence_2026-06-12.json` + `GET /api/v1/agents/agent-candidate-operation-dry-run-evidence` | P2-102 候選操作 dry-run 證據；13 類候選操作全部具備 input / output evidence hash、side-effect count、verifier plan、rollback/no-op plan 與人工 handoff；6 個 verifier plan、7 個 gate evidence requirement、5 個 operator handoff；runtime、Gateway queue、Telegram、production write、secret / paid provider 與 destructive action 全部 `0 / false`，已由 P2-103 承接 |
 | `docs/evaluations/ai_agent_task_result_audit_trail_2026-06-13.json` + `GET /api/v1/agents/agent-task-result-audit-trail` | P2-103 任務結果稽核軌跡；8 條 result route、6 個 writeback contract、7 個 audit checkpoint、5 個 operator handoff；把 diagnostic-only、repair candidate、execution failed、provider unmatched、report zero-signal 等結果固定到 KM 草稿、LOGBOOK 證據、audit trail、timeline 與人工下一步；KM / LOGBOOK / audit DB / timeline / PlayBook trust / Gateway queue / Telegram 寫入全為 `0 / false`，已由 P2-104 承接 |
@@ -840,6 +841,7 @@ Repo / registry / release notes / K8s / host / observability / backup evidence
 64. 建立 owner response preflight 與拒收邊界。✅ P2-143 已完成正式驗證；承接 P2-141 decision input prep 與 P2-142 War Room 基線，固定 response intake lane `5`、required owner field `18`、intake validation check `6`、rejection guard `6`、operator action `5`、waiting external response `5`；owner response received / accepted / rejected、redacted payload ingested、reviewer queue write、Gateway queue write、Telegram send、Bot API、result capture、learning、PlayBook trust、production write、secret read、destructive operation 仍為 `0 / false`；feature commit `755b0a8d`、deploy marker `667d6329`、Gitea code-review `2961` / CD `2960` success、本地 P2-142 War Room + P2-139 至 P2-143 regression `37 passed`、JSON parse、Python compile、Web typecheck、guard、doc secret sanity、禁用外露值掃描、production API readback 與 desktop / mobile smoke 通過。下一步 P2-144 owner response readback。
 65. 建立 owner response readback。✅ P2-144 已完成正式驗證；承接 P2-143 preflight，固定 response readback lane `5`、required owner field `18`、readback validation check `6`、readback rejection guard `6`、operator action `5`、waiting external response `5`、no external response received lane `5`；owner response received / accepted / rejected、redacted payload ingested、reviewer queue write、Gateway queue write、Telegram send、Bot API、result capture、learning、PlayBook trust、production write、secret read、destructive operation 仍為 `0 / false`；feature commit `8795f100`、deploy marker `ac938037`、Gitea code-review `2965` / CD `2964` success；本地 P2-139 至 P2-144 regression `45 passed`，rebase 後含 tenants regression 的推送前回歸 `47 passed`、JSON parse、Python compile、Web typecheck、guard、doc secret sanity、value-only 禁用外露值掃描、i18n key parity 與 diff check 通過；production API readback、desktop / mobile smoke、水平溢位 `0`、危險控制 `0`、工作溝通片語命中 `0` 已完成。下一步 P2-145 owner response acceptance gate。
 66. 建立 owner response acceptance gate。✅ P2-145 已完成並正式驗證；承接 P2-144 readback，固定 acceptance gate lane `5`、required owner field `18`、acceptance validation check `6`、acceptance rejection guard `6`、operator action `5`、blocked no external response `5`、no acceptable external response `5`；owner response received / accepted / rejected、redacted payload ingested、reviewer queue write、Gateway queue write、Telegram send、Bot API、result capture、learning、PlayBook trust、production write、secret read、destructive operation 仍為 `0 / false`；feature commit `386dbd07`、deploy marker `36fbfc6b`、Gitea code-review `2969` / CD `2968` success；P2-144 + P2-145 regression `16 passed`、JSON parse、Python compile、Web typecheck、guard、doc secret sanity、顯示值工作視窗污染掃描、i18n key parity、diff check、production API readback、in-app browser smoke、desktop / mobile smoke、水平溢位 `0`、P2-145 卡片操作控制 `0`、工作溝通片語命中 `0` 已完成。下一步 P2-146 acceptance receipt preview，且必須等合格、遮罩、欄位完整、可驗證來源的外部正式回覆後才能建立 receipt preview。
+66a. 建立 AI Agent 專業任務擴展與 Telegram Runtime Bridge。✅ P2-405A 本地完成；承接 12-Agent War Room、P2-403 report/runtime 鏈與 monitoring owner response acceptance，固定 24 類專業任務、8 個領域、5 段 Telegram bridge、6 種訊息類型與 MCP/RAG stack，並接入 governance automation inventory 卡片；需批准任務 `19`、low / medium / high / critical = `3 / 10 / 6 / 5`；Gateway queue write、Telegram send、Bot API、delivery receipt、production write、secret read、paid API、host write、kubectl action 仍為 `0 / false`。下一步 P2-405B 完整 no-send message preview / canary approval package；這不占用 P2-146 owner response receipt preview。
 67. 新增 P0 配置控管優先序前台可視化。✅ 正式驗證完成；`/zh-TW/iwooos` 已集中顯示 Nginx public gateway、DNS / TLS / certbot、K8s / ArgoCD / production manifests、Workflow / runner / secret metadata、Public / admin / API runtime config、agent-bounty runtime / treasury 六類即時風險配置；owner response `0 / 0`、live evidence `0`、執行期 `0`、操作按鈕 `0`；feature commit `e992af89`、deploy marker `ed651a98`、Gitea code-review `2971` / CD `2970` success；本地與正式 in-app browser、desktop `1440x1100`、mobile `390x844` smoke 通過。這不是 Nginx live conf 讀取、`nginx -t`、reload、DNS / TLS probe、certbot renew、ArgoCD sync、kubectl、workflow / secret 修改、public route change、agent-bounty runtime、payout / withdrawal、production write 或 runtime gate。
 68. 補強 P0 高價值配置 Gate path pattern、工作樹 preflight、owner packet 與 coverage snapshot。✅ 本地完成；`k8s/nginx/**`、`scripts/ops/**/*cert*`、`scripts/ops/**/*tls*` 已納入 high-value config classification，Nginx public gateway 與 DNS / TLS / certbot sample 從 `matched=0 / C0=0` 收斂到 `matched=3 / C0=2`；gate snapshot 顯示 `changed_files=6`、`matched=6`、`categories=3`、`c0=2`、`c1=0`；預設模式已可讀取 staged / unstaged / untracked，臨時 `k8s/nginx/*` smoke 命中 C0；owner packet snapshot `packets=3 / c0=2 / runtime_gate=0`；coverage snapshot `categories=14 / c0=8 / avg=67 / runtime_gate=0`；owner evidence 仍 `provided=false / complete=false`，runtime execution 仍 `false`。這不是 live config read、`nginx -t`、reload、certbot renew、DNS / TLS probe、host write、active scan、workflow 修改、secret 收集、production write 或 runtime gate。
 69. 同步高價值配置 Owner Packet 前台 projection。✅ 已完成並正式驗證；`/zh-TW/iwooos` 與 `/zh-TW/awooop` 已顯示 owner packet snapshot `packet=3 / c0=2`、最高命中 `C0 / P0`、Nginx public gateway、DNS / TLS / certbot 與 security tooling 影響範圍；feature commit `e999c16b`、deploy marker `16c6b983`、Gitea code-review `2973` / CD `2972` success；request sent、received、accepted、runtime gate 與 action buttons 仍為 `0`；本地與正式 desktop / mobile / in-app browser smoke 已通過，水平溢位 `0`、卡片內操作控制 `0`、危險連結 `0`、工作溝通片語命中 `0`。不得因此調高 IwoooS headline。
@@ -892,6 +894,7 @@ Repo / registry / release notes / K8s / host / observability / backup evidence
 | `docs/evaluations/ai_agent_report_runtime_dry_run_2026-06-12.json` + `GET /api/v1/agents/agent-report-runtime-dry-run` | P2-403M 報表 runtime no-write dry-run 證據包；5 個 dry-run artifact、3 個 queue digest 草案、4 個 readback verifier case、3 個 Agent dry-run role、6 個 operator checkpoint；不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不寫 delivery receipt、不啟動 worker、不跑 verifier live readback |
 | `docs/evaluations/ai_agent_report_runtime_fixture_readback_2026-06-12.json` + `GET /api/v1/agents/agent-report-runtime-fixture-readback` | P2-403N fixture smoke / queue preview readback / verifier dry-run 證據包；5 個 fixture smoke、3 個 queue preview readback、4 個 verifier dry-run case、3 個 Agent fixture role、5 個 operator checkpoint；不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不寫 delivery receipt、不啟動 worker、不跑 verifier live readback |
 | `docs/evaluations/ai_agent_runtime_worker_shadow_gate_2026-06-12.json` + `GET /api/v1/agents/agent-runtime-worker-shadow-gate` | P2-404 runtime worker shadow / no-write execution evidence gate；5 個 shadow candidate、4 個 no-write replay、4 個 verifier shadow case、3 個 Agent shadow role、6 個 operator checkpoint；不啟動 live worker、不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不寫 production target |
+| `docs/evaluations/ai_agent_professional_task_expansion_2026-06-15.json` + `GET /api/v1/agents/agent-professional-task-expansion` | P2-405A AI Agent 專業任務擴展與 Telegram Runtime Bridge；24 類專業任務、8 個領域、5 段 Telegram bridge、6 種訊息類型、MCP/RAG stack、治理頁 P2-405A 卡片；不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不寫 production target、不讀 secret、不用 paid API |
 | `docs/evaluations/ai_agent_operation_permission_model_2026-06-12.json` + `GET /api/v1/agents/agent-operation-permission-model` | P2-101 操作類別權限模型；5 條 permission lane、13 類 operation category、3 個 Agent permission role、8 個 gate transition、5 個 operator decision template；不啟動 runtime worker、不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不寫 production target、不讀 secret |
 | `docs/evaluations/ai_agent_candidate_operation_dry_run_evidence_2026-06-12.json` + `GET /api/v1/agents/agent-candidate-operation-dry-run-evidence` | P2-102 候選操作 dry-run 證據；13 類候選操作、13 組 dry-run evidence、6 個 verifier plan、7 個 gate evidence requirement、5 個 operator handoff；不啟動 runtime worker、不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不寫 production target、不讀 secret、不執行 destructive action |
 | `docs/evaluations/ai_agent_task_result_audit_trail_2026-06-13.json` + `GET /api/v1/agents/agent-task-result-audit-trail` | P2-103 任務結果稽核軌跡；8 條 result route、6 個 writeback contract、7 個 audit checkpoint、5 個 operator handoff；不寫 KM、不 runtime append LOGBOOK、不寫 audit DB、不寫 timeline、不更新 PlayBook trust、不寫 Gateway queue、不送 Telegram |
@@ -4977,3 +4980,16 @@ Trigger commit `f5cd37b7` 與 deploy marker `0ba92357` 已把 governance UI 的
 - `iwooos-config-control-guard.py`、`security-mirror-progress-guard.py` 與高價值配置 coverage 已鎖住新 artifact；`monitoring_alerting_observability` 只讀治理成熟度 `62% -> 66%`，高價值配置平均只讀治理成熟度 `68% -> 69%`。
 
 **裁決：** 這是 owner response acceptance 只讀帳本，不是 owner response received / accepted / rejected、live evidence、Prometheus reload、Alertmanager reload、Grafana import、SigNoz apply、Sentry deploy、Langfuse config change、OTEL reload、receiver route change、silence change、Telegram send、live alert fire、alert chain smoke、secret collection、host write、production write 或 runtime gate；IwoooS headline 仍維持 `64%`，active runtime gate 仍 `0`。
+
+### 2026-06-15 10:40 (台北) — §3.2 / §5 — 新增 AI Agent 專業任務擴展與 Telegram Runtime Bridge — 把專業委派與 TG 群組整合前置門檻固定成 no-send guard artifact
+
+**觸發**：統帥要求繼續專業評估 AI Agent 還可以承接哪些工作，並指出 Telegram 群組 / TG Bot 需要真正納入整體監控、報表、告警與審核路徑。既有 12-Agent War Room 已定義分工，但還缺一份可由 API 讀回、可測試、可禁止誤啟用的專業任務擴展契約。
+
+**已推進：**
+- 新增 `docs/schemas/ai_agent_professional_task_expansion_v1.schema.json`、`docs/evaluations/ai_agent_professional_task_expansion_2026-06-15.json`、`apps/api/src/services/ai_agent_professional_task_expansion.py` 與 `GET /api/v1/agents/agent-professional-task-expansion`。
+- 新增 `docs/ai/AI_AGENT_PROFESSIONAL_TASK_EXPANSION_2026-06-15.md`，把 24 類專業任務拆成 SRE / Observability、Security / IwoooS、DevOps / Release、Data / Backup / DR、Supply Chain、Product / UI / QA、AI Governance / Replay / Market、Telegram / Reports / Receipts 8 個領域。
+- `/zh-TW/governance?tab=automation-inventory` 新增 P2-405A 卡片，顯示任務數、風險分層、Telegram bridge、脫敏狀態與 live / send / write = 0。
+- Telegram Runtime Bridge 固定 5 段：no-send preview、queue preview readback、approved canary、日週月報 digest、action-required digest；所有 live send / queue write / Bot API call / receipt write 仍為 `0 / false`。
+- 任務風險 rollup 固定：總任務 `24`、需批准 `19`、low / medium / high / critical = `3 / 10 / 6 / 5`；高風險與 critical 任務必須保留 approval gate。
+
+**裁決：** 這是專業任務與 Telegram 整合的只讀擴展契約，不是 Telegram send、Gateway queue write、Bot API call、delivery receipt write、production write、host write、kubectl action、secret read、paid API call 或 runtime authorization；下一步 P2-405B 只能做完整 no-send message preview 與 canary approval package，可讓統帥看到將來 TG 訊息長相，但仍不得實發。