wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 4 Packages Projects Releases Wiki Activity

feat(governance): 新增 AI Agent 專業任務擴展
All checks were successful
Code Review / ai-code-review (push) Successful in 15s
Details
CD Pipeline / tests (push) Successful in 1m38s
Details
CD Pipeline / build-and-deploy (push) Successful in 6m8s
Details
CD Pipeline / post-deploy-checks (push) Successful in 1m40s
Details

Browse Source
This commit is contained in:
Your Name
2026-06-15 14:19:23 +08:00
parent a923e89017
commit e101931efb
15 changed files with 1453 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

244
docs/evaluations/ai_agent_professional_task_expansion_2026-06-15.json Normal file
View File

@@ -0,0 +1,244 @@
{
"schema_version": "ai_agent_professional_task_expansion_v1",
"generated_at": "2026-06-15T10:40:00+08:00",
"program_status": {
"current_priority": "P2",
"current_task_id": "P2-405A",
"next_task_id": "P2-405B",
"overall_completion_percent": 82,
"read_only_mode": true,
"runtime_authority": "professional_task_expansion_and_telegram_bridge_read_only_no_send",
"status_note": "AI Agent 專業任務擴展與 Telegram Runtime Bridge 已產品化為只讀契約;目前只允許 no-send preview、queue preview readback 與 owner review不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不讀 secret、不做 production write。"
},
"source_refs": [
"docs/ai/AI_AGENT_12_AGENT_WAR_ROOM_2026-06-14.md",
"docs/ai/AI_AGENT_PROACTIVE_OPERATIONS_2026-06-11.md",
"docs/ai/AI_AGENT_INTERACTION_LEARNING_PROOF_2026-06-11.md",
"docs/ai/AI_AGENT_TELEGRAM_ACTION_REQUIRED_DIGEST_POLICY_2026-06-11.md",
"docs/ai/AI_AGENT_DEPLOYMENT_LAYOUT_2026-06-11.md",
"docs/security/MONITORING-OWNER-RESPONSE-ACCEPTANCE.md",
"apps/api/src/services/telegram_gateway.py",
".gitea/workflows/cd.yaml",
".gitea/workflows/code-review.yaml"
],
"telegram_runtime_bridge": {
"canonical_room": "AwoooI SRE 戰情室",
"canonical_room_env": "SRE_GROUP_CHAT_ID",
"gateway_required": true,
"gateway_owner": "telegram_ops_liaison",
"arbiter": "openclaw",
"receipt_owner": "hermes",
"replay_owner": "nemotron",
"no_send_preview_ready": true,
"queue_preview_readback_ready": true,
"approved_canary_required": true,
"direct_bot_api_allowed": false,
"bot_api_call_enabled": false,
"gateway_queue_write_enabled": false,
"telegram_send_enabled": false,
"delivery_receipt_write_enabled": false,
"stages": [
{
"stage_id": "tg_bridge_01_no_send_preview",
"title": "Telegram no-send preview",
"status": "ready_for_owner_review",
"allowed_output": "脫敏訊息預覽、dedup key、目標群組 metadata、風險層級、需審核選項",
"live_send_enabled": false,
"exit_condition": "OpenClaw + Security + QA 確認不含 secret、raw payload、工作視窗內容與誤導性執行按鈕。"
},
{
"stage_id": "tg_bridge_02_queue_preview_readback",
"title": "Gateway queue preview readback",
"status": "ready_for_owner_review",
"allowed_output": "queue envelope hash、message type、receipt expectation、rate-limit / dedup plan",
"live_send_enabled": false,
"exit_condition": "Hermes 讀回 preview hashQA 確認不會寫入 production queue。"
},
{
"stage_id": "tg_bridge_03_approved_canary",
"title": "Approved canary delivery",
"status": "blocked_until_explicit_approval",
"allowed_output": "單一 approved canary 訊息與 receipt 驗證",
"live_send_enabled": false,
"exit_condition": "統帥明確批准 canary、指定時間窗與 rollback / mute plan。"
},
{
"stage_id": "tg_bridge_04_daily_weekly_monthly_digest",
"title": "日報 / 週報 / 月報 digest delivery",
"status": "blocked_until_canary_receipt",
"allowed_output": "Agent 工作量、完成度、阻擋項、圖表摘要與 low-noise digest",
"live_send_enabled": false,
"exit_condition": "canary receipt 正常、dedup 有效、成功訊息壓制策略通過。"
},
{
"stage_id": "tg_bridge_05_action_required_digest",
"title": "Action-required / high-risk approval digest",
"status": "blocked_until_dual_gate",
"allowed_output": "高風險審核卡、owner response 缺口、failure-only escalation",
"live_send_enabled": false,
"exit_condition": "OpenClaw 仲裁、Security gate、QA verifier 與 Telegram receipt 全通過。"
}
],
"message_types": [
{
"message_type": "daily_agent_workload_digest",
"cadence": "daily",
"risk_tier": "low",
"owner_agent": "hermes",
"send_policy": "send_after_canary_and_dedup_gate"
},
{
"message_type": "weekly_governance_summary",
"cadence": "weekly",
"risk_tier": "medium",
"owner_agent": "hermes",
"send_policy": "send_after_canary_and_truth_gate"
},
{
"message_type": "monthly_growth_report",
"cadence": "monthly",
"risk_tier": "medium",
"owner_agent": "hermes",
"send_policy": "send_after_owner_review"
},
{
"message_type": "high_risk_approval_card",
"cadence": "event",
"risk_tier": "high",
"owner_agent": "openclaw",
"send_policy": "approval_required_before_send"
},
{
"message_type": "failure_only_escalation",
"cadence": "event",
"risk_tier": "critical",
"owner_agent": "sre_sentinel",
"send_policy": "failure_only_after_route_lock"
},
{
"message_type": "report_receipt_gap_alert",
"cadence": "event",
"risk_tier": "medium",
"owner_agent": "telegram_ops_liaison",
"send_policy": "no_send_preview_until_receipt_contract"
}
]
},
"professional_task_domains": [
{"domain_id": "sre_observability", "label": "SRE / Observability", "owner_agent": "sre_sentinel"},
{"domain_id": "security_iwooos", "label": "Security / IwoooS", "owner_agent": "security_sentinel"},
{"domain_id": "devops_release", "label": "DevOps / Release", "owner_agent": "devops_commander"},
{"domain_id": "data_dr", "label": "Data / Backup / DR", "owner_agent": "data_dr_guardian"},
{"domain_id": "supply_chain", "label": "Supply Chain / Versions", "owner_agent": "supply_chain_scout"},
{"domain_id": "product_quality", "label": "Product / UI / QA", "owner_agent": "product_ui_curator"},
{"domain_id": "ai_governance", "label": "AI Governance / Replay / Market", "owner_agent": "openclaw"},
{"domain_id": "telegram_reporting", "label": "Telegram / Reports / Receipts", "owner_agent": "telegram_ops_liaison"}
],
"professional_tasks": [
{"task_id": "pro_task_001_incident_correlation", "title": "跨來源 incident correlation 與根因候選排序", "domain_id": "sre_observability", "owner_agent": "sre_sentinel", "supporting_agents": ["openclaw", "hermes"], "risk_tier": "medium", "automation_mode": "no_write_dry_run", "telegram_policy": "action_required_preview", "required_mcp": ["observability", "gitea", "browser"], "required_rag": ["incident_traces", "runbooks"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["alert_rule_change", "silence_change", "restart_service"]},
{"task_id": "pro_task_002_alert_noise_budget", "title": "告警噪音預算與降噪提案", "domain_id": "sre_observability", "owner_agent": "sre_sentinel", "supporting_agents": ["hermes", "openclaw"], "risk_tier": "medium", "automation_mode": "proposal_only", "telegram_policy": "weekly_digest", "required_mcp": ["prometheus", "alertmanager"], "required_rag": ["alert_traces", "runbooks"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["receiver_route_change", "silence_policy_change", "prometheus_reload"]},
{"task_id": "pro_task_003_synthetic_check_plan", "title": "公開路由 synthetic check 與失敗分類計畫", "domain_id": "sre_observability", "owner_agent": "qa_verifier", "supporting_agents": ["product_ui_curator", "sre_sentinel"], "risk_tier": "low", "automation_mode": "auto_summary_after_guard", "telegram_policy": "daily_digest", "required_mcp": ["browser", "http_probe"], "required_rag": ["route_runbooks"], "approval_required": false, "current_live_count_24h": 0, "blocked_actions": ["active_scan", "production_write"]},
{"task_id": "pro_task_004_backup_restore_readiness", "title": "備份 freshness、restore drill 與 DR readiness 報告", "domain_id": "data_dr", "owner_agent": "data_dr_guardian", "supporting_agents": ["hermes", "openclaw"], "risk_tier": "high", "automation_mode": "approval_required_before_execution", "telegram_policy": "action_required_preview", "required_mcp": ["backup_status", "gitea"], "required_rag": ["dr_runbooks"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["restore_run", "offsite_sync", "credential_escrow_marker_write"]},
{"task_id": "pro_task_005_non_secret_escrow_evidence", "title": "credential escrow 非敏感證據補件路由", "domain_id": "data_dr", "owner_agent": "data_dr_guardian", "supporting_agents": ["security_sentinel", "hermes"], "risk_tier": "critical", "automation_mode": "blocked_until_owner_response", "telegram_policy": "action_required_preview", "required_mcp": ["gitea"], "required_rag": ["dr_runbooks", "hard_rules"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["secret_value_collection", "credential_read", "marker_write_without_owner"]},
{"task_id": "pro_task_006_dependency_cve_triage", "title": "依賴 CVE / EOL / license 風險分流", "domain_id": "supply_chain", "owner_agent": "supply_chain_scout", "supporting_agents": ["openclaw", "security_sentinel"], "risk_tier": "medium", "automation_mode": "proposal_only", "telegram_policy": "weekly_digest", "required_mcp": ["package_registry", "osv"], "required_rag": ["dependency_policy"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["package_upgrade", "lockfile_write", "external_scan_without_approval"]},
{"task_id": "pro_task_007_sbom_license_drift", "title": "SBOM / license / Docker surface drift 批准包", "domain_id": "supply_chain", "owner_agent": "supply_chain_scout", "supporting_agents": ["hermes", "security_sentinel"], "risk_tier": "medium", "automation_mode": "proposal_only", "telegram_policy": "weekly_digest", "required_mcp": ["syft", "trivy"], "required_rag": ["supply_chain_runbooks"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["tool_install", "image_pull", "sbom_upload"]},
{"task_id": "pro_task_008_image_digest_pin_plan", "title": "Docker image digest pinning 與 rollback 計畫", "domain_id": "supply_chain", "owner_agent": "devops_commander", "supporting_agents": ["supply_chain_scout", "qa_verifier"], "risk_tier": "high", "automation_mode": "approval_required_before_execution", "telegram_policy": "action_required_preview", "required_mcp": ["registry", "gitea"], "required_rag": ["release_runbooks"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["image_pull", "image_push", "kustomization_write_without_review"]},
{"task_id": "pro_task_009_gitops_diff_review", "title": "K8s / ArgoCD manifest diff 與 blast-radius review", "domain_id": "devops_release", "owner_agent": "devops_commander", "supporting_agents": ["openclaw", "qa_verifier"], "risk_tier": "critical", "automation_mode": "approval_required_before_execution", "telegram_policy": "action_required_preview", "required_mcp": ["gitea", "argocd"], "required_rag": ["gitops_runbooks"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["argocd_sync", "kubectl_apply", "helm_upgrade"]},
{"task_id": "pro_task_010_gateway_route_impact", "title": "Nginx / public gateway route impact analysis", "domain_id": "devops_release", "owner_agent": "devops_commander", "supporting_agents": ["security_sentinel", "qa_verifier"], "risk_tier": "critical", "automation_mode": "approval_required_before_execution", "telegram_policy": "action_required_preview", "required_mcp": ["gitea", "browser"], "required_rag": ["gateway_runbooks"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["nginx_reload", "route_change", "certbot_renew"]},
{"task_id": "pro_task_011_public_bundle_redaction", "title": "前台 bundle / DOM / i18n 敏感資訊防洩漏掃描", "domain_id": "security_iwooos", "owner_agent": "security_sentinel", "supporting_agents": ["product_ui_curator", "qa_verifier"], "risk_tier": "medium", "automation_mode": "no_write_dry_run", "telegram_policy": "daily_digest", "required_mcp": ["browser", "gitea"], "required_rag": ["hard_rules"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["frontend_deploy_without_smoke", "secret_storage"]},
{"task_id": "pro_task_012_secret_metadata_parity", "title": "Secret name parity、injection route 與 redaction gate", "domain_id": "security_iwooos", "owner_agent": "security_sentinel", "supporting_agents": ["devops_commander", "openclaw"], "risk_tier": "critical", "automation_mode": "blocked_until_owner_response", "telegram_policy": "action_required_preview", "required_mcp": ["gitea"], "required_rag": ["secret_runbooks"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["secret_value_read", "secret_rotation", "workflow_modification"]},
{"task_id": "pro_task_013_telegram_digest_preview", "title": "AI Agent 日週月報 Telegram no-send preview", "domain_id": "telegram_reporting", "owner_agent": "telegram_ops_liaison", "supporting_agents": ["hermes", "qa_verifier"], "risk_tier": "medium", "automation_mode": "no_write_dry_run", "telegram_policy": "no_direct_telegram", "required_mcp": ["telegram_gateway"], "required_rag": ["logbook_chunks"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["telegram_send", "bot_api_call", "gateway_queue_write"]},
{"task_id": "pro_task_014_report_truth_gate", "title": "日報 / 週報 / 月報 truth gate 與可處置性審查", "domain_id": "telegram_reporting", "owner_agent": "hermes", "supporting_agents": ["openclaw", "sre_sentinel"], "risk_tier": "medium", "automation_mode": "auto_summary_after_guard", "telegram_policy": "weekly_digest", "required_mcp": ["gitea", "observability"], "required_rag": ["logbook_chunks", "incident_traces"], "approval_required": false, "current_live_count_24h": 0, "blocked_actions": ["false_green_report", "report_send_without_truth_gate"]},
{"task_id": "pro_task_015_agent_market_watch", "title": "主流 AI Agent / SDK / 模型版本市場雷達", "domain_id": "ai_governance", "owner_agent": "market_scout", "supporting_agents": ["openclaw", "nemotron"], "risk_tier": "medium", "automation_mode": "proposal_only", "telegram_policy": "weekly_digest", "required_mcp": ["web_primary_sources", "gitea"], "required_rag": ["agent_market_evidence"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["sdk_install", "paid_api_call", "production_route_change"]},
{"task_id": "pro_task_016_model_replay_scorecard", "title": "NemoTron / 候選模型 replay scorecard 與 failure mode 分析", "domain_id": "ai_governance", "owner_agent": "nemotron", "supporting_agents": ["openclaw", "qa_verifier"], "risk_tier": "high", "automation_mode": "no_write_dry_run", "telegram_policy": "action_required_preview", "required_mcp": ["fixture_store", "gitea"], "required_rag": ["replay_fixtures"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["shadow_route", "canary_route", "full_replay_without_approval"]},
{"task_id": "pro_task_017_cost_capacity_forecast", "title": "AI provider、主機、K3s 與外部服務成本 / 容量預測", "domain_id": "ai_governance", "owner_agent": "openclaw", "supporting_agents": ["supply_chain_scout", "sre_sentinel"], "risk_tier": "high", "automation_mode": "proposal_only", "telegram_policy": "monthly_digest", "required_mcp": ["observability", "billing_metadata"], "required_rag": ["cost_policy"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["paid_provider_switch", "limit_increase", "paid_api_call"]},
{"task_id": "pro_task_018_db_query_triage", "title": "PostgreSQL 慢查詢、索引與資料新鮮度異常 triage", "domain_id": "sre_observability", "owner_agent": "sre_sentinel", "supporting_agents": ["data_dr_guardian", "openclaw"], "risk_tier": "high", "automation_mode": "proposal_only", "telegram_policy": "action_required_preview", "required_mcp": ["database_readonly", "observability"], "required_rag": ["db_runbooks"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["migration", "reindex", "write_query"]},
{"task_id": "pro_task_019_data_freshness_source_reliability", "title": "資料來源新鮮度、fallback 與來源可信度監控", "domain_id": "data_dr", "owner_agent": "hermes", "supporting_agents": ["sre_sentinel", "qa_verifier"], "risk_tier": "medium", "automation_mode": "auto_summary_after_guard", "telegram_policy": "daily_digest", "required_mcp": ["http_probe", "database_readonly"], "required_rag": ["data_quality_runbooks"], "approval_required": false, "current_live_count_24h": 0, "blocked_actions": ["source_switch_without_owner", "data_write"]},
{"task_id": "pro_task_020_ui_accessibility_regression", "title": "前後台 mobile overflow、console error、可讀性與 a11y regression", "domain_id": "product_quality", "owner_agent": "product_ui_curator", "supporting_agents": ["qa_verifier", "security_sentinel"], "risk_tier": "low", "automation_mode": "auto_summary_after_guard", "telegram_policy": "daily_digest", "required_mcp": ["browser"], "required_rag": ["frontend_guidelines"], "approval_required": false, "current_live_count_24h": 0, "blocked_actions": ["unrelated_redesign", "public_secret_display"]},
{"task_id": "pro_task_021_runbook_postmortem_draft", "title": "Runbook、postmortem 與 owner handoff 草稿", "domain_id": "ai_governance", "owner_agent": "hermes", "supporting_agents": ["openclaw", "sre_sentinel"], "risk_tier": "low", "automation_mode": "auto_summary_after_guard", "telegram_policy": "weekly_digest", "required_mcp": ["gitea"], "required_rag": ["logbook_chunks", "runbooks"], "approval_required": false, "current_live_count_24h": 0, "blocked_actions": ["canonical_km_write_without_review", "secret_in_doc"]},
{"task_id": "pro_task_022_owner_response_completeness", "title": "Owner response 欄位完整性、補件與拒收分流", "domain_id": "security_iwooos", "owner_agent": "security_sentinel", "supporting_agents": ["hermes", "openclaw"], "risk_tier": "high", "automation_mode": "proposal_only", "telegram_policy": "action_required_preview", "required_mcp": ["gitea"], "required_rag": ["owner_response_templates"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["mark_accepted_without_reviewer", "runtime_gate_open"]},
{"task_id": "pro_task_023_candidate_pr_draft_packaging", "title": "低 / 中風險候選 PR 草案、測試與 rollback 封包", "domain_id": "devops_release", "owner_agent": "devops_commander", "supporting_agents": ["qa_verifier", "openclaw"], "risk_tier": "medium", "automation_mode": "proposal_only", "telegram_policy": "action_required_preview", "required_mcp": ["gitea"], "required_rag": ["release_runbooks"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["branch_push_without_approval", "auto_merge", "workflow_trigger"]},
{"task_id": "pro_task_024_post_action_verifier", "title": "Post-action verifier、rollback trigger 與 receipt reconciliation", "domain_id": "telegram_reporting", "owner_agent": "openclaw", "supporting_agents": ["telegram_ops_liaison", "qa_verifier"], "risk_tier": "critical", "automation_mode": "approval_required_before_execution", "telegram_policy": "failure_only_preview", "required_mcp": ["telegram_gateway", "observability", "gitea"], "required_rag": ["verification_runbooks"], "approval_required": true, "current_live_count_24h": 0, "blocked_actions": ["verifier_live_readback_without_gate", "rollback_without_owner", "telegram_send_without_receipt"] }
],
"mcp_rag_stack": {
"mcp_connectors": [
"gitea",
"browser",
"observability",
"telegram_gateway",
"package_registry",
"database_readonly",
"backup_status",
"argocd_readonly",
"http_probe",
"fixture_store"
],
"rag_sources": [
"LOGBOOK chunks",
"HARD_RULES / ADR chunks",
"runbook chunks",
"incident / alert traces",
"agent market evidence",
"owner response templates"
],
"growth_metrics": [
"km_entries_created",
"playbook_updates",
"recommendations_created",
"replay_score_delta",
"blocked_action_prevented_count",
"receipt_missing_count"
]
},
"risk_policy": {
"low": "文件、報表、UI smoke 與只讀摘要可在 guard 後自動處理並進每日 digest。",
"medium": "中風險只能先產 proposal、no-write dry-run 或 PR 草案;涉及設定、外部服務、成本、路由或未知狀態時升級審核。",
"high": "高風險必須 OpenClaw 仲裁、QA / Security gate 與統帥批准;不得自動執行。",
"critical": "production write、kubectl、ArgoCD sync、Telegram 實發、secret、付費 API、restore、rollback、host write 均維持 blocked until explicit approval。"
},
"reporting_contract": {
"daily": {"required": true, "owner_agent": "hermes", "telegram_stage": "tg_bridge_04_daily_weekly_monthly_digest"},
"weekly": {"required": true, "owner_agent": "hermes", "telegram_stage": "tg_bridge_04_daily_weekly_monthly_digest"},
"monthly": {"required": true, "owner_agent": "hermes", "telegram_stage": "tg_bridge_04_daily_weekly_monthly_digest"},
"action_required": {"required": true, "owner_agent": "openclaw", "telegram_stage": "tg_bridge_05_action_required_digest"}
},
"redaction_contract": {
"redaction_required": true,
"conversation_transcript_display_allowed": false,
"raw_prompt_display_allowed": false,
"private_reasoning_display_allowed": false,
"secret_value_display_allowed": false,
"raw_runtime_payload_display_allowed": false,
"telegram_message_must_be_sanitized": true,
"forbidden_terms": [
"work_window_transcript",
"raw prompt",
"private reasoning",
"chain-of-thought",
"telegram token",
"authorization header",
"secret value"
]
},
"rollups": {
"professional_task_count": 24,
"domain_count": 8,
"telegram_stage_count": 5,
"telegram_message_type_count": 6,
"approval_required_count": 19,
"low_risk_task_count": 3,
"medium_risk_task_count": 10,
"high_risk_task_count": 6,
"critical_risk_task_count": 5,
"current_live_count": 0,
"gateway_queue_write_count": 0,
"telegram_send_count": 0,
"bot_api_call_count": 0,
"delivery_receipt_write_count": 0,
"production_write_count": 0,
"secret_read_count": 0,
"paid_api_call_count": 0,
"host_write_count": 0,
"kubectl_action_count": 0
}
}