Your Name
|
a18e2f9c3f
|
fix(security): 停用 GitHub production deploy
|
2026-05-12 16:22:16 +08:00 |
|
Your Name
|
439c432c7c
|
security: 清除 .claude/settings.json 洩漏的 Gitea API token
Code Review / ai-code-review (push) Successful in 54s
問題:
.claude/settings.json 被 git 追蹤,內含 15 處 Gitea API token
(2fa33d4e...,由 Claude Code bash history 自動記錄產生)
修復:
1. 將 token 全數替換為 REDACTED_GITEA_TOKEN(15 處)
2. 將 .claude/settings.json 加入 .gitignore,防止再次追蹤
需要同步行動:
- 請在 Gitea 撤銷 token 2fa33d4e6d8ef1806c18875ed6fec216c8a10e78
- 歷史 commit 中仍含 token(無法 rewrite 公開 history)
2026-05-04 ogt + Claude Sonnet 4.6
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-05-04 14:08:08 +08:00 |
|
Your Name
|
d0591c54b0
|
fix(security): 體健修復 — 7項 Critical/Major 安全問題全修
CD Pipeline / build-and-deploy (push) Failing after 35s
## Critical 修復 (C1-C5)
- C1: git rm --cached 03-secrets.yaml(CHANGE_ME 模板不再追蹤)
- C2: git rm --cached awoooi.db + .gitignore 加 *.db(SQLite HARD_RULES 違規)
- C3: sentry-tunnel SENTRY_HOST 改為 process.env fallback
- C4: config.py DATABASE_URL 移除 changeme default,改為必填
- C5: run_migration.py 改為 os.environ["DATABASE_URL"]
## Major 修復 (M1-M4)
- M1: auto_repair /execute 加 CSRF 保護 + AutoRepairPanel.tsx 同步
- M2: drift /rollback /adopt 加 CSRF 保護(/internal/scan 保持無 CSRF)
- M3: terminal /intent 加 CSRF 保護 + terminal.store.ts 同步
- M4: live-dashboard HOST_IPS + host-grid VIP 改為 env var
## 其他
- 新增 apps/web/.env.example(6 個 env var 說明)
- K8s deployment-web 補入 3 個新 env var
- 整合測試:新增 aider_event_repository + ai_router_feedback 真實 DB 測試
- test_terminal.py CSRF dependency override 修復
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-04-22 01:27:39 +08:00 |
|
Your Name
|
dbd4470b6d
|
chore(aider): 新增 .aiderignore 縮小 repo-map 並開放追蹤
大型 repo(1,165 檔)讓 Aider 啟動即吃 267K tokens。加入 .aiderignore
排除 docs/k8s/infra/ops/media 後,repo-map 從 1,165 → ~782 檔案(-33%)。
同步在 .gitignore 加 !.aiderignore 例外,讓本檔可被追蹤共享給團隊。
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
2026-04-20 04:04:13 +08:00 |
|
OG T
|
9cf73bda4f
|
feat(llmops): 啟用 Langfuse LLMOps 追蹤 + CD 自動注入 Keys
CD Pipeline / build-and-deploy (push) Successful in 7m6s
E2E Health Check / e2e-health (push) Successful in 18s
- 04-configmap.yaml: LANGFUSE_ENABLED=true (Phase 15.1 Key 已在 K8s Secret)
- cd.yaml: 補齊 Langfuse keys CD 自動注入 (LANGFUSE_PUBLIC/SECRET_KEY)
- LOGBOOK.md: ClawBot → OpenClaw 命名修正
- .gitignore: 加入 tsconfig.tsbuildinfo + .superpowers/
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-04-01 22:19:22 +08:00 |
|
OG T
|
9913f5dc6d
|
feat(infra): 開發環境分離 + BuildKit cache 修復 + circuit breaker 優化
CD Pipeline / build-and-deploy (push) Successful in 6m52s
E2E Health Check / e2e-health (push) Successful in 17s
CD Pipeline (Dev) / build-and-deploy-dev (push) Failing after 9s
1. k8s/awoooi-dev/: 新建 dev namespace (01-05 配置)
- Namespace + ResourceQuota (cpu 2/4, mem 4Gi/8Gi)
- ConfigMap: ENVIRONMENT=dev, LOG_LEVEL=DEBUG, SHADOW_MODE=false
- Deployment: 1 replica, NodePort 32344, image dev-latest
- RBAC: awoooi-executor-dev ServiceAccount
2. .gitea/workflows/cd-dev.yaml: dev branch CD pipeline
- 觸發: dev branch push
- Build: --no-cache (防 cache poisoning)
- Tag: dev-{sha} / dev-latest
- Deploy: awoooi-dev namespace, health check 32344
- Telegram: [DEV] 前綴通知
3. apps/api/Dockerfile: ARG CACHE_BUST=none (防 BuildKit cache 毒化)
- deps 層 (pip install) 仍可 cache
- src/ 和 models.json 層每次重建
4. .gitea/workflows/cd.yaml: 正式環境 API build 加入 CACHE_BUST=git_sha
- 確保 models.json 等配置變更正確進入 image
5. apps/api/src/services/nvidia_provider.py: timeout 不計入 circuit breaker
- TimeoutException → 只 log,不 record_failure()
- 只有硬性錯誤 (auth/rate limit/exception) 才斷路
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-04-01 16:22:21 +08:00 |
|
OG T
|
60b461df50
|
feat(e2e): Wave 4 E2E Hardening
E2E Health Check / e2e-health (push) Successful in 15s
- playwright.config.ts: ignoreHTTPSErrors + deviceScaleFactor + maxDiffPixelRatio
- global.setup.ts: 環境連通性驗證 + Storage State 結構
- .gitignore: 排除 .auth/ 目錄
支援:
- 自簽憑證環境測試
- Visual Baseline 一致性 (deviceScaleFactor: 1)
- 5% 比對容差 (避免字體渲染差異)
- 未來 Auth 擴展點
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
2026-03-31 16:18:36 +08:00 |
|
OG T
|
179e659f14
|
chore: 清理 Playwright 產物 + kube-state-metrics 告警擴充
清理工作:
- .gitignore 新增 playwright-report/ 和 test-results/ 排除
- 保留 phase19/ 參考截圖目錄
kube-state-metrics 告警擴充 (P3):
- CronJobLastRunFailed: Job 執行失敗
- DaemonSetMissingPods: DaemonSet 缺少 Pod
- StatefulSetReplicasMismatch: StatefulSet 副本不足
- ContainerWaiting: ImagePullBackOff/CrashLoopBackOff 偵測
- PDBViolation: PDB 健康 Pod 數不足
- NodeUnschedulable: 節點標記為不可排程
新增:
- apps/api/scripts/test_nemotron_tool_calling.py (E2E 比較測試)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
2026-03-29 01:28:35 +08:00 |
|
OG T
|
663b80ab29
|
chore: 加強 .gitignore 防止 Claude Code 干擾 CI/CD
新增忽略:
- .claude/scheduled_tasks.lock
- .cursor/
- .agents/memory/
防止 worktrees 等 AI 工具暫存檔干擾 checkout
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
2026-03-25 22:17:08 +08:00 |
|
OG T
|
75ef8fee0c
|
feat(api): Phase 16 R3.3 Repository 實作 + CI 修復
新增:
- ApprovalDBRepository: Approval CRUD 操作
- IncidentDBRepository: Incident CRUD 操作
- get_approval_repository/get_incident_repository 函數
修復:
- .gitignore 新增 .claude/worktrees/ (防止 CI 失敗)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
2026-03-25 21:22:02 +08:00 |
|
OG T
|
7478dc0254
|
feat(phase6-9): Complete modular architecture and Agent Teams
Phase 6.4 - Modular Architecture:
- Add lewooogo-brain adapters for LLM providers
- Add lewooogo-data dual memory (Redis + PostgreSQL)
- Implement consensus engine for multi-agent decisions
- Add incident memory service for historical context
Phase 9 - Agent Teams (Claude Agent SDK):
- Add base agent class with Claude Sonnet 4 integration
- Implement action planner, blast radius, and security agents
- Add agent API endpoints and proposal workflow
- Integrate ADR-009 OpenClaw Agent Teams architecture
DevOps & CI/CD:
- Add GitHub Actions CI/CD workflows (ci.yaml, cd.yaml)
- Add pre-commit hooks and secrets baseline
- Add docker-compose for local development
- Update Kubernetes network policies
Frontend Improvements:
- Add auto-healing error boundary component
- Update i18n messages for agent features
- Enhance dual-state incident card with execution feedback
Documentation:
- Add 7 ADRs covering MCP, design system, architecture decisions
- Update ARCHITECTURE_MEMORY.md with modular design
- Add GLOBAL_RULES.md and SOUL.md for project identity
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
2026-03-23 18:40:36 +08:00 |
|
OG T
|
d96bd03128
|
fix: add root monorepo config files (pnpm-workspace.yaml)
|
2026-03-22 19:00:45 +08:00 |
|
OG T
|
ccdf757edd
|
chore: initial commit for AWOOOI project
Phase 0 Day 1 - Project initialization:
- Independent repository (Option A)
- .awoooi-agent-rules.md (AI development contract)
- Project skeleton (apps/web, apps/api, packages, docs)
- ADR template for architecture decisions
- LOGBOOK for progress tracking
Strategic decision: 2026-03-19 Operation Cyber-Shell
Reference: /wooo-aiops/docs/meetings/2026-03-19_FRONTEND_RESTRUCTURE_STRATEGY.md
Co-Authored-By: Claude Code <noreply@anthropic.com>
|
2026-03-19 19:16:12 +08:00 |
|