945 Commits

Author	SHA1	Message	Date
Your Name	f7e5fc772e	feat(ai-models): ADR-110 GCP-A Primary + 全任務模型升級 (v1.4.0) ... models.json v1.3.0 → v1.4.0： - endpoint: 192.168.0.111 → GCP-A 34.143.170.20:11434 (ADR-110) - rca/drift_summary/playbook_draft/rag_generate: qwen2.5:7b → qwen3:14b - code_review: qwen2.5-coder:7b → qwen2.5-coder:32b (GCP SSD) - embedding: nomic-embed-text → bge-m3:latest (多語言更佳) - image_analysis: llava → minicpm-v:latest - 新增: trust_scoring/alert_triage/intent_classify/governance 四任務 config.py： - OLLAMA_REQUIRED_MODELS: 新增 qwen3:14b + hermes3:latest - OLLAMA_TOOL_MODEL: llama3.1:8b → hermes3:latest - OPENCLAW_DEFAULT_MODEL: qwen2.5:7b-instruct → qwen3:14b 111 背景安裝 minicpm-v + qwen3:14b (fallback 補齊) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-04 10:59:38 +08:00
Your Name	0068440388	fix(failover): Gemini 永遠附在 Ollama fallback 鏈尾（ADR-110 漏加） ... GCP-A HEALTHY → fallback=[GCP-B, Local, Gemini] GCP-B HEALTHY → fallback=[Local, Gemini] 與舊 111 HEALTHY → fallback=[Gemini] 行為一致，保留雲端最後防線。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-03 23:03:34 +08:00
Your Name	2409d861fa	fix(test): 更新 auto_recovery 測試斷言至 ADR-110（ollama_111 → ollama_gcp_a） ... - notify_recovery 斷言改為 "ollama_gcp_a"（3 處） - alert_recovery payload["to"] 改為 "ollama" - test_full_recovery_flow 改用 mock alerter 避免打真實 Telegram Bot API Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-03 22:57:58 +08:00
Your Name	4461c2778d	fix(model-probe): 補回 ollama_188 provider 判斷（ADR-110 漏刪） ... 188 CPU-only 主機雖移出 routing chain，但 probe 仍可被呼叫。 保留 192.168.0.188 → "ollama_188" 映射，避免 test_success_188_provider 失敗。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-03 22:52:24 +08:00
Your Name	b1ef05fa8c	feat(ollama): ADR-110 GCP 三層容災架構（GCP-A → GCP-B → Local → Gemini） ... ## 變更摘要 - Primary: http://34.143.170.20:11434 (GCP-A SSD, 9x 載速 + 2x 推理) - Secondary: http://34.21.145.224:11434 (GCP-B SSD) - Fallback: http://192.168.0.111:11434 (M1 Pro Local HDD，最後防線) - 廢止 ADR-105「111 唯一鐵律」，新建 ADR-110 ## 核心改動 - config.py: 新增 OLLAMA_SECONDARY_URL；validator 加 GCP IP 白名單（34.143.170.20, 34.21.145.224） - ollama_failover_manager.py: 三層 Ollama 決策矩陣；並行健康檢查三台；health_111 → health_gcp_a - ollama_health_monitor.py: host label 萃取改為通用版（支援 GCP 公網 IP） - failover_alerter.py: 故障/恢復主機動態顯示，不再硬編碼「Ollama 111 (GPU)」 - ollama_auto_recovery.py: notify_recovery 改為 ollama_gcp_a；recovered_host 動態 - k8s/awoooi-prod: configmap + deployment + network-policy 同步更新（egress 加 GCP /32） - 服務層: 10 個服務檔案硬編碼 192.168.0.111 改為讀 settings.OLLAMA_URL - 測試: URL 常數更新，新增三層容災場景，GCP IP 白名單驗證測試 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-03 22:49:23 +08:00
Your Name	e45b055e0e	feat(governance): AI 治理事件處理鏈四軌交付（C/D/B/A） ... 【十二人專家團隊全景掃描 + 並行四軌實施】 統帥質疑「有讓 12-agent 一起協作嗎」後，依照團隊規則完成全鏈路交付： onboarder + critic + db-expert + debugger + frontend-designer 並行掃描， 找到 6 大 Gap，再由 fullstack-engineer × 4、refactor-specialist 協作落地。 【Track C — trust_drift 雙寫整併】 兩條獨立寫 event_type=trust_drift 路徑互不呼叫，下游 consumer 拿到雙份資料 無法判定 source-of-truth。整併保留 governance_agent.check_trust_drift（功能 更全：auto-deprecate + Telegram + PG），TrustDriftDetector 降為純統計 lib， W-6 watchdog 改呼叫 governance_agent。新增 TestSinglePgWritePerDriftScenario 驗證同一 drift 場景只觸發一次 PG 寫入。 變更： - apps/api/src/services/trust_drift_detector.py（lib only，不再寫 PG） - apps/api/tests/test_trust_drift_watchdog.py（W-6 改 mock governance_agent） 【Track D — governance_remediation_dispatch 派遣表】 ai_governance_events 是不可變 Event Sourcing，不能塞執行狀態。新建派遣表 作為投影層：1 event → 0..N dispatches，狀態可變、可重試、可審計。 - PgEnum 5 種 event_type + 7 階段狀態機（pending → dispatched → executing → succeeded/failed/cancelled/skipped） - 失敗重試 INSERT 新 row（不改舊 row 的 status，保留審計痕跡） - Partial unique index ux_grd_one_active_per_event 強制「同事件唯一活躍」 - 4 個複合 index 支援 worker poll、去重查詢、觀測面板 - FK 對應 ai_governance_events / playbooks / incidents / approval_records 全部 SET NULL（avoid cascade lock，但 governance_event 用 RESTRICT） 變更： - apps/api/src/db/models.py（GovernanceRemediationDispatch ORM class） - apps/api/migrations/governance_remediation_dispatch_2026-05-03.sql - apps/api/src/repositories/governance_remediation_dispatch_repo.py （6 個 async 函式 + 3 個自訂例外：DispatchAlreadyActive / InvalidStatusTransition / DispatchNotFound） - apps/api/src/models/governance_dispatch.py（DecisionContextV1 等 4 schema） - apps/api/tests/test_governance_remediation_dispatch.py（29 tests） 【Track B — /governance 頁面】 後端 PR1 三個 endpoint + 前端 PR2-5 完整三 Tab。 PR1 後端： - GET /api/v1/ai/governance/events（events_tab，含 event_type/severity/ 狀態/時間範圍篩選 + 分頁） - GET /api/v1/ai/governance/queue（queue_tab，含 graceful fallback： dispatch 表不存在時回 table_pending=True 不拋 500） - GET /api/v1/ai/governance/summary（slo_tab 30d 違反時序圖） - severity 映射規則寫死（critic 建議未來移 settings） PR2-5 前端： - /governance 路由 + AppLayout + Compliance Badge 橫幅 + PageTabs - SLO Tab：3 KPI 卡片（Syne 28px + StatusOrb + 7d sparkline）+ 30d 違反 stacked BarChart - Events Tab：篩選列 + 表格 + inline 展開行（JSON / 修復建議 / 派遣記錄） - Queue Tab：HITL 待辦卡片 + 信任度進度條 + 批准/拒絕按鈕（本 PR console.log） - Sidebar 加入「AI 治理」入口（ShieldCheck icon） - i18n 雙語完整（governance namespace + nav.governance） - 7 個新元件：slo-kpi-card / slo-violation-chart / events-table / events-filter-bar / event-detail-drawer / queue-item-card / queue-history-tabs 變更： - apps/api/src/api/v1/ai_governance.py（router） - apps/api/src/services/governance_query_service.py - apps/api/src/models/governance.py（Pydantic V2 schemas） - apps/api/tests/test_ai_governance_endpoints.py（21 tests） - apps/web/src/app/[locale]/governance/（page + 3 tabs） - apps/web/src/components/governance/（7 元件） - apps/web/messages/{zh-TW,en}.json（governance namespace） - apps/web/src/components/layout/sidebar.tsx（+1 行） - apps/api/src/main.py（router include） 【Track A — GovernanceDispatcher 決策融合】 把治理事件接到 remediation 執行器，走北極星方向決策融合（LLM × Playbook trust × MCP），符合「禁寫死規則」鐵律。 - 設計鐵律：DecisionFusionAdapter 是新增 wrapper，**不修改任何 Tier 3 檔** （decision_manager / learning_service / trust_engine），只 consume 既有 API - 三維融合公式：confidence = 0.4×llm + 0.3×playbook_trust + 0.3×mcp_consistency （權重加 TODO 標明未來由 AI 自學調整） - 三分支決策路徑： confidence ≥ 0.85 → auto_dispatch（status=dispatched） 0.65 ≤ confidence < 0.85 → pending_approval（HITL） confidence < 0.65 → skip + log - decision_context JSONB 完整記錄三維輸入快照（給未來 fine-tune 用） - poll 30s 掃 unresolved 事件，仿 governance loop 模式 - 重複事件擋去重（呼叫 get_active_for_event） 變更： - apps/api/src/services/governance_dispatcher.py - apps/api/src/services/decision_fusion_adapter.py - apps/api/tests/test_governance_dispatcher.py（14 tests） - apps/api/src/main.py（lifespan task 接 run_governance_dispatcher_loop） 【驗證】 1836 個 unit test 全過（29 skipped 為既有 PG integration env 問題） 【調度教訓 — 已記入 memory】 - vuln-verifier 應在 fullstack-engineer **之前**跑（避免並行讀到已修代碼誤判） - critic 雙輪審查不可省（第二輪抓到 NaN sentinel + Prom rule 連鎖） - 北極星「禁寫死規則」搭配 decision-fusion 確實實施 【未動 Tier 3 — 已驗證】 git diff 確認本 commit 完全沒改 decision_manager.py / learning_service.py / trust_engine.py，只新增 wrapper service consume 既有 API。 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-03 12:42:40 +08:00
Your Name	577250a678	fix(governance): 修反消音化 W-3/W-4 守衛 + Prometheus 補資料缺失告警 ... 【統帥怒訓 — 違反 feedback_full_chain_first_then_fix.md 鐵律】 前次 commit f1362fcc 用 skip 條件把告警吞掉，是消音化解法： - W-3：total_exec<10 永遠 skip → Redis 永遠空也不會告警 - W-4：playbooks total==0 永遠 skip → 表被清空也不會告警 - Prometheus NaN sentinel + 既有 < 0.1 規則疊加後沒任何路徑會告警 統帥怒訓「又把告警給消失了」「已經這樣做幾次了」。本 commit 救回告警可見性。 【修法 — 啟動 30 分鐘寬限 + 過期改打資料管線斷新告警】 - ai_slo_watchdog_job.py 新增模組層 _PROCESS_START 與 _grace_active() 守衛： - W-3a：metric 有資料 + rate<0.30 → 既有「飛輪成功率過低」 - W-3b：rate=None 且 uptime>30min → 新告警「飛輪資料管線無流量」 - W-4a：playbooks total>0 + approved=0 → 既有「自動修復鏈路斷裂」 - W-4b：playbooks total=0 且 uptime>30min → 新告警「Playbook 表初始化失敗」 - 3 份 Prometheus rule（k8s/monitoring/flywheel-alerts.yaml、 ops/monitoring/alerts.yml、ops/monitoring/alerts-unified.yml）新增 FlywheelExecutionRateMissing：absent() 或 NaN 持續 30 分鐘 → 告警， 與 watchdog W-3b 雙保險 【已加入 memory】 feedback_silencing_alerts_recurring_violation.md 鎖入紅線鐵律： 「fresh deploy / init guard 用 skip 吞告警 = 結構性失職，必須分流寬限期 + 過期改打資料管線斷新告警」 【驗證】 106 個治理相關 unit test 全過： test_trust_drift_watchdog / test_governance_agent / test_failover_alerter / test_check_trust_drift_commit_outside_context_poc / test_governance_remediation_dispatch / test_ai_governance_endpoints / test_governance_dispatcher 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-03 12:39:46 +08:00
Your Name	8fb0c5df33	feat(heartbeat): noise reduction — silent 6h + warnings hash dedup ... P0 #4 (徹底長期修系列) — 統帥鐵證：「INFO | AWOOOI 系統報告」每 30 分鐘 推一次，一天 48 條同樣內容，即使我修了 P0 #3 假警報，每天的「全系統正常」 重複推送本身就是噪音，讓統帥誤以為告警還在重複。 修法（不違反「監控工具必須被監控」鐵律 — 健康狀態仍每 6h 推 1 次「我活著」）: | 狀況 | 推送行為 | |------|---------| | 健康（無 warnings）| 6h 內最多 1 次「我活著」訊號 | | 有 warnings 跟上次同 hash | 跳過 | | 有 warnings 跟上次不同 | 立即推送（新狀況不漏）| | 健康 ↔ 有事 切換 | 自動清掉相反 marker | Redis keys: - `heartbeat:silent_last_sent` — 健康狀態 silent marker, TTL=6h - `heartbeat:warnings_hash` — 上次 warnings 的 md5[:12], TTL=24h 效果：統帥每天從 48 條 heartbeat → ~4 條（健康狀態 4×6h），有事立即推。 Tests: 6 passed (test_heartbeat_dedup_p0_4.py) - healthy_first_send_goes_through - healthy_second_send_within_6h_skipped - warnings_unchanged_skipped - warnings_changed_pushes - warnings_to_healthy_clears_warnings_hash - healthy_to_warnings_clears_silent_marker Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-03 01:48:57 +08:00
Your Name	2ce722bda9	feat(heartbeat): full K8s pod lifecycle state machine + regression tests ... P0 #3 (徹底長期修系列) — 把 daily report 的 pod 健康判斷從「ready=False 一律告警」 升級到完整 K8s pod lifecycle state machine： | Phase | 行為 | |-------|------| | Succeeded / Completed | 跳過（CronJob/Job 跑完正常） | | Failed | 必告警 | | Unknown | 必告警 | | Pending <5min | 跳過（剛 schedule 合理） | | Pending >=5min | 告警「image pull / scheduling 卡住」| | Running ready=True | 健康，跳過 | | Running ready=False <2min | 跳過（剛起來 probe 還沒過）| | Running ready=False >=2min | 告警「readiness probe fail / 啟動異常」| | restarts >=3 | 必告警（無論 phase）| 實作： - PodInfo 加 start_time: Optional[str]（從 .status.startTime） - _get_pod_status kubectl custom-columns 加 STARTTIME - _build_warnings 完整 state machine + 閾值常數 regression test (test_heartbeat_pod_state_machine.py 13 個) 覆蓋每個 phase + 邊界條件，含 2026-05-02 統帥截圖鐵證重現（3 個 drift-scanner Succeeded pod 不該觸發「需關注 3 項」假警報）。 Tests: 13 passed (新增 test_heartbeat_pod_state_machine.py) 接續 a38d9112（單純 Succeeded skip），這次徹底處理 Pending/Failed/Unknown + 時間閾值 + 沒 start_time 的保守告警。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-03 01:44:58 +08:00
Your Name	f1362fcc8d	fix(governance): 修治理告警 4 個 silent failure + Prom sentinel 連鎖 ... 【全景檢測：12-agent 並行掃描定位 4 大 bug 與 1 個 P0 連鎖回歸】 Bug 1（P0 silent failure）— governance_agent.check_trust_drift 原 `await db.commit()` 縮排錯在 async with 區塊外（8 空格 vs 12）， session 已 auto-commit 關閉，二次 commit 拋 InvalidRequestError 被吞， governance_trust_drift_auto_deprecated log 從不出現。修：commit/log 移回 with 內。 附 AST regression guard test 擋退化。 Bug 2 — flywheel_stats_service / W-3 fresh deploy 假告警 Redis 空時 total_exec=0 → rate=0.0 → watchdog `< 0.30` 立即觸發 「飛輪成功率 0%」假告警。修：total_exec < FLYWHEEL_MIN_SAMPLE(10) 回 None， watchdog 判 None 跳過 W-3。Prometheus sentinel 用 NaN（非 -1.0） 避免觸發 ops/monitoring/alerts.yml:775 等 3 份 prom rule 的 `< 0.1` 條件造成 2h 後假告警連鎖。前端 type 同步 number | null。 Bug 3 — failover_alerter dedup key 原 key 只看 event_type 不看 payload，trust_drift 4→25 IDs 變動全被 1h dedup 吞掉。修：dedup key 加 sha256(impact subdict)[:8]，event_type sanitize 防特殊字元污染 Redis key。 Bug 4 — ai_slo_watchdog_job W-4 evolver 全封存初始化誤報 原邏輯 approved==0 即告警，未排除「playbooks 表初始化中」場景。 修：_count_approved_playbooks 回 (approved, total)，total==0 → skip。 【執行結果】 - 39 個相關 unit test 全過（test_failover_alerter / test_governance_agent / test_trust_drift_watchdog / test_check_trust_drift_commit_outside_context_poc） - 6 個關鍵路徑實測：NaN sentinel / float 渲染 / hash 區分性 / dedup 同 impact 相同 hash / datetime 容錯 / 4 檔 py_compile 全過 【調度教訓 — 留作未來改進】 - 12-agent 並行調度時，vuln-verifier 與 fullstack-engineer 競態 導致 vuln-verifier 讀到已修代碼誤判 NOT REPRODUCIBLE。 未來：vuln-verifier 應在 fullstack 之前執行，或用 git show HEAD~1 對比修復前。 - fullstack-engineer 引入 P0 regression（f-string 內嵌 ternary 非法 format spec）， critic 抓到 + Prom sentinel 連鎖 — 證明 critic 審查必要不可省。 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-03 00:18:57 +08:00
Your Name	314cb0e079	fix(test): align governance self_failure assertions with nested payload schema ... Codex commits dedb1208 + b710f3f3 (governance enrich + normalize) 把 _alert("governance_self_failure", ...) 的 payload structure 重構成嵌套： {status, impact: {failed_checks, total_checks, errors}, remediation, actionable} （governance_agent.py:604-624，2026-04-29 critic M6 修）， 但 3 個 test 還用舊路徑 `payload["total_checks"]` 直讀，KeyError 後 RuntimeError 模擬 cascading 失敗。 修法：3 個 assertion 改為讀正確嵌套路徑： - test_governance_agent.py:601 → payload["impact"]["total_checks"|"failed_checks"] - test_wave8_remaining_blockers.py:223 → 同 - test_wave8_remaining_blockers.py:268 → 同 Tests: 30 passed (test_governance_agent + test_wave8_remaining_blockers 全部) 效果：解開 dedb1208 / b710f3f3 / a38d9112 三個 commit 因 governance test fail 被擋在 build-and-deploy 之前的卡點，恢復 CD 鏈通暢。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-03 00:05:04 +08:00
Your Name	b710f3f38f	feat(governance): normalize AI治理告警輸出與元告警解析度	2026-05-02 23:49:59 +08:00
Your Name	a38d911213	fix(heartbeat): exclude Succeeded/Completed CronJob pods from warnings ... 統帥 23:30 截圖鐵證：每日系統報告永遠列「需關注 3 項： Pod drift-scanner-* 未就緒 (Succeeded)」，讓人誤以為告警重複。 實際上 Succeeded/Completed 是 CronJob/Job 跑完的成功狀態， ready=False 是設計（容器已退出）— 不該算 warning。 修法：heartbeat_report_service.py:704 加判斷跳過 Succeeded/Completed pods。 預期效果：今天 23:30 的「需關注 3 項」明天起會降為 0 項，daily report header 從「需關注 N 項」變回「全系統正常」。 Tests: 50 passed (heartbeat 相關) 注意：working tree 還有 statq Codex 未 commit 的 7 個檔案改動 (approval_execution.py 有 indentation error 半成品)，本 commit 只動 heartbeat_report_service.py 單檔，不誤碰其他。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-02 23:48:31 +08:00
Your Name	dedb12085b	chore(governance,watchdog): enrich alerts and enable prometheus multiproc	2026-05-02 23:44:12 +08:00
Your Name	b371edb70c	fix host alert auto-repair routing and backup false positives	2026-05-02 23:44:12 +08:00
Your Name	da772a1605	fix(decision): block kubectl actions on bare_metal host alerts ... When HostHighCpuLoad / HostOutOfMemory fire on a bare-metal host (192.168.0.110 et al, where Sentry / ClickHouse / Snuba are eating CPU), the LLM kept proposing "kubectl rollout restart awoooi-api", which is a wrong-domain action — restarting awoooi cannot fix a third-party process's CPU usage on the host. Auto-execute would then either run the no-op kubectl restart (wasted) or escalate after ssh_diagnose because no safe action was found, producing the "AI 自動修復失敗" Telegram noise the user just complained about. Adds a guard at the top of DecisionManager._auto_execute: if the incident's primary signal carries host_type=bare_metal AND the proposed action starts with "kubectl", refuse to execute. The incident is marked READY with a clear blocked_reason so human operators see why automation declined, and emergency_escalation records the event in AOL for audit. Also patches /home/wooo/monitoring/alerts.yml on 110 (and the new ops/monitoring/alerts.yml in repo) to add an explicit auto_repair_action annotation on HostHighCpuLoad / HostOutOfMemory that hints LLM toward `ssh ... ps aux` rather than kubectl restart. Prometheus reload returned 200. Tests: tests/test_decision_manager_bare_metal_kubectl_guard.py covers (1) bare_metal+kubectl blocked, (2) kubectl get also blocked, (3) bare_metal+ssh NOT blocked, (4) k8s host_type+kubectl NOT blocked, (5) missing host_type label NOT blocked. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-02 17:41:28 +08:00
Your Name	47342dfb34	fix(escalation): dedup escalation card by fingerprint + 24h TTL ... 接續 b3a0f0d7（decision card dedup）—— 統帥 17:35 鐵證：4 條 ESCALATION P0 連發（HostOutOfDiskSpace + 3×HostDiskUsageHigh，全 target=node-exporter-110， 全不同 INC ID C9CD6E/FB7944/559B54/C1BBF3）。 decision card 修了但 escalation card 走另一條路徑，根因相同： - emergency_escalation_service.py:31 dedup key 綁 incident_id (uuid4 隨機) - TTL 900s 比 sweeper 重觸週期 1h 短 修法： - escalate_auto_repair_unavailable() 改用 alertname+target fingerprint dedup - TTL 900s → 86400s，與 decision_manager.py:574 對齊 drift_auto_adopt 路徑暫不動（TTL 已 3600s + report_id 非隨機，非當前問題）。 Tests: 7 passed (escalation/emergency 相關用例) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-02 17:38:54 +08:00
Your Name	b3a0f0d766	fix(telegram): dedup by fingerprint + 24h TTL to stop repeat alerts ... Telegram 重複發告警鐵證（4 個 agent 真實數據）： - INC-6FE3BD (HostBackupFailed) 24h 內被推 15 次 - INC-FD6E21 (HostHighCpuLoad) 24h 內被推 6 次 - 06:44:18 同秒兩送 = pod 並發 race 根因： 1. `telegram_sent:{incident_id}` dedup key 綁 uuid4 隨機 INC ID， 同 fingerprint 換新 INC 完全不去重 2. dedup TTL=600s 比 incident_analysis_sweeper 重觸週期 1h、 alertmanager repeat_interval 4h 都短 → 每輪都過期通過 3. pod restart 走 _resend_unconfirmed_ready_tokens 用同一 incident_id key → 重啟必炸一波 修法（不消音、是「AI 認得這是同一事故」）： - decision_manager.py:207-225 dedup key 改 alertname+target fingerprint - decision_manager.py:573-578 TTL 600s → 86400s (蓋住 sweeper 1h × alertmanager 4h) - decision_manager.py:3189-3208 pod restart resend 路徑同步改 fingerprint - incident_analysis_sweeper.py:37-42 sweeper_done TTL 3600s → 86400s 預期：同症狀 24h 內最多發 1 張 decision card；resolved 後 line 220-226 status check 會 early return，不影響復發偵測。 Tests: 35 passed (test_telegram_adr050 + test_decision_manager_docker_prune_routing) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-02 16:25:48 +08:00
Your Name	84ba3216ee	feat(notifications): tag autonomous repair actions with [AUTO] prefix ... Per user request: every AI-driven repair must surface a Telegram trace even when it succeeds, so nobody can later deny what the autonomy did. Adds 🤖 [AUTO] markers and an explicit `Actor: leWOOOgo (autonomous)` line to both success and failure status messages emitted by _push_auto_repair_result, making them clearly distinguishable from human-clicked approval cards. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-02 12:49:43 +08:00
Your Name	3059897318	feat(governance): auto-deprecate low-trust unused playbooks (>30d) ... trust_drift previously fired alerts forever for playbooks stuck below the 0.2 threshold. With user authorization for governance-class auto-fixes, check_trust_drift now retires playbooks that have been unused for 30+ days (or never used and created 30+ days ago) by flipping status to 'deprecated' before alerting. Alerts now report drifted_count, auto_deprecated_count, and the kept playbook_ids that still need human review (those in their 30d trial window). Existing alert noise from the four currently-drifted playbooks should drop to whatever fraction is genuinely in trial. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-02 12:31:37 +08:00
Your Name	607358c4dd	fix(approval): route SSH actions through SSHProvider on manual approve ... parse_operation_from_action only knew kubectl and Chinese restart phrases, so any "ssh host '...'" action approved via Telegram fell through to "Could not parse operation type" and reported a fake failure even though the LLM had proposed a valid host repair. Adds OperationType.SSH_HOST, makes the parser detect ssh prefixes (with optional flags / user@host) before kubectl patterns, and routes the SSH_HOST branch in approval_execution.execute_in_background through SSHProvider with the same tool keywords decision_manager uses (ssh_docker_prune / ssh_docker_restart / ssh_systemctl_restart / ssh_diagnose). Unroutable SSH actions now fail loudly with a descriptive error instead of silently breaking. Trigger: 2026-05-02 incidents INC-20260502-D6D0B7 / E12EE4 / 557055 were approved by the user but executor reported "Could not parse" and left the alerts pending. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-02 12:31:37 +08:00
Your Name	3156ff1c69	feat(aiops): add ssh_docker_prune to auto-repair flywheel for disk-full alerts ... Adds Group B SSH MCP tool ssh_docker_prune (image+volume+builder prune with ≥75% disk usage gate) and routes "docker prune" actions through it. Flips HostDiskUsageHigh from auto_repair=false to true with mcp_provider routing labels so the flywheel can self-heal next disk-full event without hitting the emergency_channel Telegram path. Trigger: 2026-05-01 → 05-02 Telegram alert storm (peak 53/hr) caused by empty ssh-mcp-key/known_hosts secret rejecting all SSH and forcing every disk-full alert through "Host key is not trusted → escalate" loop. known_hosts patched live; this commit closes the playbook gap so the next occurrence resolves without manual intervention. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-02 12:31:37 +08:00
Your Name	7795f027d2	fix(aiops): persist emergency intervention traces	2026-05-01 20:34:33 +08:00
Your Name	433f7b068e	fix(aiops): close ssh and telegram remediation gaps	2026-05-01 16:53:02 +08:00
Your Name	b0da6da1e9	feat(aiops): structure agent loop shadow output	2026-05-01 15:09:57 +08:00
Your Name	f8e44971c1	feat(aiops): enable read-only agent loop canary	2026-05-01 14:20:16 +08:00
Your Name	b6cf616707	fix(aiops): harden agent tool permission names	2026-05-01 13:52:33 +08:00
Your Name	7e4d995e4b	feat(aiops): add mcp agent loop foundation	2026-05-01 13:21:19 +08:00
Your Name	9db87f177e	fix(aiops): suppress repeated llm alert loops	2026-05-01 13:02:07 +08:00
Your Name	11673d80ea	fix(aiops): route backup decisions through ssh	2026-05-01 12:50:01 +08:00
Your Name	337bcb912e	fix(db): tolerate knowledge enum owner mismatch	2026-05-01 11:08:21 +08:00
Your Name	3a6acae408	fix(km): add phase25 knowledge enum labels	2026-05-01 11:03:03 +08:00
Your Name	2c12bce135	fix(aiops): use existing escalation event type	2026-05-01 10:56:59 +08:00
Your Name	97be5dedd7	fix(aiops): escalate failed host verification	2026-05-01 10:47:42 +08:00
Your Name	e4aef6ac4e	fix(aiops): block k8s playbooks for host repair	2026-05-01 10:33:52 +08:00
Your Name	ca22ec2fd2	fix(aiops): route backup failures rule-first	2026-05-01 10:11:10 +08:00
Your Name	f154ac022e	feat(playbook): version generated playbooks	2026-04-30 23:59:39 +08:00
Your Name	474b913ac9	chore(db): add playbook versioning migration	2026-04-30 23:53:19 +08:00
Your Name	f0d14ab6c4	fix(aiops): escalate blocked auto repair	2026-04-30 23:49:17 +08:00
Your Name	6e04fe9c8a	feat(playbook): generate drafts with local llm	2026-04-30 23:04:58 +08:00
Your Name	95110971f3	fix(telegram): close remaining DM alert routes	2026-04-30 23:02:17 +08:00
Your Name	61f5a6a419	fix(telegram): route alerts to SRE war room	2026-04-30 15:01:23 +08:00
Your Name	80defbed7c	fix(aiops): fallback and escalate automation blockers	2026-04-30 14:13:57 +08:00
Your Name	ed2a4838f2	fix(auto): use action parser for repair gates	2026-04-30 14:06:09 +08:00
Your Name	639bb64788	feat(flywheel): surface ai automation and code review	2026-04-30 00:09:25 +08:00
Your Name	4a57c2d04f	feat(flywheel): expose incident processing timeline	2026-04-29 23:38:30 +08:00
Your Name	d845d53257	fix(security): keep Gemini key out of request URLs	2026-04-29 22:56:12 +08:00
Your Name	fe2b8f4571	fix(flywheel): fallback on OpenClaw degraded responses	2026-04-29 22:38:57 +08:00
Your Name	dccdcdbaf5	fix(flywheel): unblock action safety and Claude fallback	2026-04-29 21:51:18 +08:00
Your Name	4115ddde48	fix(cd-blocker-2): setup_test_schema.sql 補 KM 欄位（解 CD 真實 root cause） ... ## 之前 c5b18101 修錯地方 我加 db/base.py:init_db() ALTER 沒解問題。**CI 不跑 init_db()**。 ## 真實 CD 流程 `.gitea/workflows/cd.yaml` Integration Tests step： 1. 啟動臨時 `pg-test-b5` 容器（fresh PG） 2. `psql -f tests/integration/setup_test_schema.sql` 建表 3. 跑 pytest tests/integration/test_b5_core_flows.py setup_test_schema.sql 的 `knowledge_entries` 表沒有 `related_approval_id` + `path_type` 欄位 → INSERT 失敗。 ## 修法 setup_test_schema.sql:110 `CREATE TABLE knowledge_entries` 補： - related_approval_id VARCHAR(64) - path_type VARCHAR(50) - uix_knowledge_incident_path partial unique index - ix_knowledge_related_approval partial index ## 預期效果 CD #1119 (本 commit) 應該成功。 解鎖 4 個 stuck commit (1114-1118) 的部署 backlog。 fb0c72db 推翻 A2 DIAGNOSE Ollama primary 終於上 prod。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-29 20:54:54 +08:00