wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 3 Packages Projects Releases Wiki Activity
4,726 Commits 178 Branches 2 Tags
main
Commit Graph

14 Commits

Author SHA1 Message Date
Your Name
a18e2f9c3f fix(security): 停用 GitHub production deploy 2026-05-12 16:22:16 +08:00
Your Name
439c432c7c security: 清除 .claude/settings.json 洩漏的 Gitea API token
All checks were successful
Code Review / ai-code-review (push) Successful in 54s
Details 
問題:
.claude/settings.json 被 git 追蹤,內含 15 處 Gitea API token
(2fa33d4e...,由 Claude Code bash history 自動記錄產生)

修復:
1. 將 token 全數替換為 REDACTED_GITEA_TOKEN(15 處)
2. 將 .claude/settings.json 加入 .gitignore,防止再次追蹤

需要同步行動:
- 請在 Gitea 撤銷 token 2fa33d4e6d8ef1806c18875ed6fec216c8a10e78
- 歷史 commit 中仍含 token(無法 rewrite 公開 history)

2026-05-04 ogt + Claude Sonnet 4.6

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-04 14:08:08 +08:00
Your Name
c58bdd0c38 chore(cd-trigger): production PG migration p2_decision_fusion_columns 已執行 
統帥授權執行於 192.168.0.188:5432/awoooi_prod via K8s pod exec:
- composite_score REAL
- complexity_tier VARCHAR(16) + CHECK ('low','medium','high','critical')
- decision_fusion_details JSONB
- ix_approval_composite_score (partial, WHERE composite_score IS NOT NULL)
- ix_approval_complexity_tier (partial, WHERE complexity_tier IS NOT NULL)

Pre-existing CI integration test 阻塞解,全部 25+ commits 應一次部署。

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-27 08:29:57 +08:00
Your Name
cc547736ab feat(wave6-8): P2.1 fusion + P2.2 governance + P2.4 consensus + Wave 7/8 BLOCKER 修復 
承接 Wave 6/7/8 多 engineer 在 agent 限額前完成的代碼,補 commit 解 production
HEAD 隱性 import error(decision_fusion 已被 decision_manager 引用但檔案 untracked)。

新增(後端核心):
- decision_fusion.py (562 行) — P2.1 方法 III(OpenClaw + Hermes + Elephant 三 LLM 融合)
- aiops_timeline.py + aiops_timeline_service.py — critic B4 修復
  /api/v1/aiops/timeline endpoint,DB 存取抽到 service 層遵守 leWOOOgo 積木化
- migrations/p2_decision_fusion_columns.sql + rollback — approval_records fusion 欄位

修改(後端整合):
- decision_manager.py — fusion 三斷鏈修補(critic B1+B2+B3):
  · B1: 寫 _evidence_snapshot_ref 到 token.proposal_data
  · B2: fusion 前計算 complexity_score 並寫 token
  · B3: fusion composite 寫 token.proposal_data["decision_fusion"]
- auto_approve.py — fusion + consensus 認識(critic B3+B5):
  · composite > 0.7 → auto_execute_eligible bypass min_confidence
  · source=consensus_engine + score>=0.6 → 規則可信路徑
- consensus_engine.py — db-fix _save_consensus 重用 agent_sessions
- governance_agent.py — db-fix _alert PG 寫入 ai_governance_events
- approval_db.py — fusion 3 欄位 + 2 partial index + CheckConstraint
- db/models.py — schema 對齊 migration
- core/config.py — vuln #1 修復:OLLAMA_URL/_FALLBACK_URL field_validator
  拒絕公網 IP + 外部域名,僅允許私網/loopback/K8s SVC 白名單
- core/feature_flags.py — P2 fusion + consensus flags
- main.py — governance_agent lifespan 啟動
- failover_alerter.py — Wave8-X2: in-memory dedup fallback(Redis 拒絕後不 fail-open)
- ollama_*.py — metrics 整合 + recovery 改善
- auto_repair_service.py — verifier 接線

新增(測試 2438 行):
- test_decision_fusion.py / test_governance_agent.py / test_consensus_integration.py
- test_p2_db_fixes.py / test_wave8_fusion_fixes.py
- test_config_url_validation.py(vuln #1 12 tests)
- test_failover_alerter.py +Wave8-X2 in-memory dedup 補測

驗收: 116 tests pass (decision_fusion + wave8_fusion + config_url + consensus +
                      governance + p2_db_fixes + failover_alerter)

Conflict resolution:
- 3 檔(config.py + auto_approve.py + decision_manager.py)git stash pop 衝突
  保留 stashed (engineer 最終版),補回 ValueError 「公網 IP」字樣對齊 test

Note: 此 commit 解 production HEAD 隱性 import error
仍未修: vuln #4 prompt injection / debugger B14 quota fail-closed
       / B25-B26 drain_pending_tasks / B8 governance fail alert

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-Authored-By: Multiple Engineers (Wave 6/7/8) <noreply@anthropic.com>
 2026-04-27 08:11:40 +08:00
Your Name
cbd28e29a0 fix(solver+incident): 兩組 P0 配置修復 - Gitea 非K8s 過濾 + 備份告警年齡升級
All checks were successful
CD Pipeline / build-and-deploy (push) Successful in 8m57s
Details 
L3 修復總結(2026-04-25):

【修復 1】Gitea 跨域界限 kubectl 過濾(solver_agent.py)
根因:GiteaMemoryPressure 告警觸發 Solver → LLM 生成 'kubectl scale deployment gitea'
      Gitea 在主機 docker-compose,不在 awoooi-prod K8s namespace → 執行必然失敗

變更:
- 添加 _filter_non_k8s_targets() 函數,對 scale/restart/delete/patch 指令驗證 target
- 添加 _KUBECTL_MUTATING_VERBS / _KUBECTL_ROLLOUT_MUTATING_SUBVERBS 常數
- 在 _solve() 呼叫 _fetch_k8s_inventory() 獲取實際部署清單
- 後置過濾:candidates 中若 target 不在 inventory 且屬寫入動詞 → 丟棄 + 警告

預期行為:GiteaMemoryPressure → Solver 現生成調查類 kubectl(get/describe),而非 scale

【修復 2】HostBackupFailed 誤判升級(incident_service.py + webhooks.py)
根因:備份失敗 >24h 被標記 TYPE-1(純資訊),導致靜默發送無按鈕卡片,未觸發自動修復

變更:
- incident_service.py classify_alert_early() 添加 age_hours 參數
- 添加 _BACKUP_AGE_UPGRADE_NAMES + _BACKUP_AGE_THRESHOLD_HOURS=24.0
- 若 alertname in (HostBackupFailed/Stale/Missing) 且 age > 24h → TYPE-3 升級
- webhooks.py 計算 alert.startsAt → age_hours,並傳遞給 classify_alert_early()

預期行為:HostBackupFailed 25h+ → 升級為 TYPE-3,觸發 LLM 分析 + P0 自動修復建議

測試結果:
- solver_agent: 35/35 tests PASSED 
- incident_service: 11/11 tests PASSED 
- incident_api integration: 7/7 tests PASSED 

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-25 09:48:04 +08:00
Your Name
3dbb3d70b4 feat(claude): 新增 awoooi-guard.js 守衛 hook 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-22 00:24:18 +08:00
Your Name
8f15c57019 feat(claude): 套用 ty-ai-standards Global-Local 架構 
- 新增 .claude/agents/:12 個標準化 subagents(critic / debugger / planner 等)
- 新增 .claude/hooks/secrets.local.json:AWOOOI 專屬 Token 偵測 patterns
- 新增 .claude/hooks/branch-protection.local.json:保護 production 分支
- 更新 .claude/settings.json:加入 hooks 區段(全域 hooks 疊加執行)
- 更新 CLAUDE.md:加入全域參照行 + 安全架構說明

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-22 00:18:14 +08:00
OG T
22de22c989 refactor(phase-s): Phase S 技術債清理 - 五項架構改善 
S-01: generate_alert_fingerprint() 移至 alert_analyzer_service (Router→Service)
S-02: 移除廢棄 USE_NEW_ENGINE config (Phase R 已完成歷史使命)
S-03: github_webhook.py linter 清理 (Field unused + delivery_id noqa)
S-04: Pydantic v2 遷移 - approval/incident models (class Config → ConfigDict)
S-05: Skill 09 v1.1 更新 (USE_NEW_ENGINE 廢棄說明)

測試: 393 passed, 零失敗

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-01 13:12:02 +08:00
OG T
04bfff9d19 refactor(ai): 模組化重構 - NVIDIA chat 移至 NvidiaProvider 
符合 feedback_lewooogo_modular_enforcement.md 規範:
- 移除 openclaw.py 中的 _call_nvidia() (重複邏輯)
- 新增 NvidiaProvider.chat() 方法
- 更新 INvidiaProvider Protocol
- openclaw.py 改用 get_nvidia_provider().chat()
- 測試移至 test_nvidia_chat.py

架構層次:
- Router → Service → Provider (正確)
- 禁止 Service 層重複實作已存在的 Provider 功能

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-03-29 20:49:23 +08:00
OG T
27f20f4155 fix(git): 移除誤提交的 .claude/worktrees 目錄 
此目錄已在 .gitignore 中,但之前被意外 commit
這導致 CI/CD 的 checkout 步驟出現 submodule 錯誤

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-03-25 22:12:54 +08:00
OG T
749b8bc554 fix(api): 修復時區 import 排序與未使用變數 lint 錯誤 
- 修正 import 順序 (standard → third-party → local)
- 修復 datetime/timedelta 未定義錯誤
- 移除未使用的 imports

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-03-25 09:26:58 +08:00
OG T
3b8638b350 feat(api): Add sync-from-approvals endpoint for incident backfill 
Fixes existing approvals created before b645981 that lack
corresponding incidents. Ensures "活躍事件" count matches
"待簽核" count.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-03-25 00:09:44 +08:00
OG T
9bff46a1b0 feat: integrate Sentry + fix CI/CD issues 
Sentry Integration (補強 SignOz):
- Add @sentry/nextjs for frontend error tracking + session replay
- Add sentry-sdk[fastapi] for backend error tracking
- Create sentry.client/server/edge.config.ts
- Integrate with next.config.js + instrumentation.ts
- Add Sentry exception capture in FastAPI error handler
- Create deployment scripts for Self-Hosted @ 192.168.0.110

CI/CD Fixes:
- Fix F821 Undefined name 'Field' in incidents.py
- Add NEXT_PUBLIC_API_URL env var to CI build step
- Add build-arg to Docker build verification

E2E Test Improvements:
- Fix strict mode violations in dashboard-acceptance tests
- Add timeout increase for Phase 4 demo tests
- Make tests more resilient to UI variations

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-03-24 15:19:52 +08:00
OG T
7478dc0254 feat(phase6-9): Complete modular architecture and Agent Teams 
Phase 6.4 - Modular Architecture:
- Add lewooogo-brain adapters for LLM providers
- Add lewooogo-data dual memory (Redis + PostgreSQL)
- Implement consensus engine for multi-agent decisions
- Add incident memory service for historical context

Phase 9 - Agent Teams (Claude Agent SDK):
- Add base agent class with Claude Sonnet 4 integration
- Implement action planner, blast radius, and security agents
- Add agent API endpoints and proposal workflow
- Integrate ADR-009 OpenClaw Agent Teams architecture

DevOps & CI/CD:
- Add GitHub Actions CI/CD workflows (ci.yaml, cd.yaml)
- Add pre-commit hooks and secrets baseline
- Add docker-compose for local development
- Update Kubernetes network policies

Frontend Improvements:
- Add auto-healing error boundary component
- Update i18n messages for agent features
- Enhance dual-state incident card with execution feedback

Documentation:
- Add 7 ADRs covering MCP, design system, architecture decisions
- Update ARCHITECTURE_MEMORY.md with modular design
- Add GLOBAL_RULES.md and SOUL.md for project identity

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-03-23 18:40:36 +08:00