{ "schema_version": "ai_agent_deployment_layout_v1", "generated_at": "2026-06-11T18:20:00+08:00", "program_status": { "overall_completion_percent": 45, "current_priority": "P1", "current_task_id": "P1-402", "next_task_id": "P1-403", "read_only_mode": true, "deployment_authority": "layout_only_no_runtime_deploy" }, "agent_contracts": [ { "agent_id": "openclaw", "display_name": "OpenClaw", "primary_specialty": "生產仲裁、風險判斷、HITL 關卡與執行前後驗證", "deployment_lane": "production_decision_core", "allowed_autonomy": [ "只讀診斷", "風險分級", "批准包審查", "Telegram action-required 分流", "批准後的 dry-run / 執行仲裁" ], "must_delegate_to": [ "Hermes 負責治理、文件、降噪與盤點彙整", "NemoTron 負責離線模型能力比較與 replay 評分" ], "blocked_actions": [ "未批准的生產寫入", "未批准的 destructive operation", "未批准的 provider route 切換", "未批准的 Telegram 直接發送", "未通過 replacement gate 前降級或取代自身生產角色" ], "learning_scope": [ "incident lifecycle", "approval outcome", "post-execution verification", "playbook trust score", "alert grouping quality" ] }, { "agent_id": "hermes", "display_name": "Hermes", "primary_specialty": "治理、知識管理、文件、套件/供應鏈、降噪與跨專案盤點", "deployment_lane": "governance_knowledge_and_reporting", "allowed_autonomy": [ "只讀盤點", "Runbook / KM 草稿", "市場與依賴漂移摘要", "告警降噪提案", "批准包起草" ], "must_delegate_to": [ "OpenClaw 仲裁任何生產、Telegram、host mutation 或 rollback", "NemoTron 評估模型/工具能力與 replay 結果" ], "blocked_actions": [ "直接改生產環境", "直接發送 Telegram 通知", "直接修改 Secret", "自行升級套件或 SDK", "自行切換 AI provider" ], "learning_scope": [ "runbook freshness", "docs drift", "dependency drift", "service health evidence gap", "operator review feedback" ] }, { "agent_id": "nemotron", "display_name": "NemoTron / Nemotron", "primary_specialty": "離線專家評估、模型工具能力比較、NIM/NVIDIA replay 與長任務 Agent 能力驗證", "deployment_lane": "offline_evaluator_and_specialist_candidate", "allowed_autonomy": [ "sanitized request pack 分析", "5-record smoke 評分", "50-record replay 結果比較", "工具呼叫輸出合約檢查", "候選模型能力矩陣更新" ], "must_delegate_to": [ "OpenClaw 仲裁生產風險與是否可進 shadow/canary", "Hermes 彙整市場來源、文件與 operator 報告" ], "blocked_actions": [ "直接讀取 production secret", "未批准的 paid API / NIM 呼叫", "未批准的 SDK 安裝", "未通過 smoke gate 前進 full replay", "自行進 shadow/canary 或生產路由" ], "learning_scope": [ "smoke gate failures", "output contract completeness", "latency budget", "tool calling reliability", "OpenClaw same-run baseline delta" ] } ], "domains": [ { "domain_id": "hosts", "display_name": "主機", "description": "110 / 111 / 112 / 120 / 121 / 188 的只讀監控、診斷、備份與批准後修復佈局。" }, { "domain_id": "packages", "display_name": "套件與建置", "description": "Python、pnpm/npm、Docker base image、CVE、license、digest 與 drift。" }, { "domain_id": "tools", "display_name": "工具", "description": "Gitea、Harbor、Prometheus、Alertmanager、SigNoz、Sentry、Open-WebUI、Telegram、Ansible。" }, { "domain_id": "services", "display_name": "服務", "description": "API、Web、AwoooP、IwoooS、PostgreSQL、Redis、K8s workload 與內部控制面。" }, { "domain_id": "projects", "display_name": "專案", "description": "AWOOOI 及已納入治理視野的外部/相鄰專案。" }, { "domain_id": "websites", "display_name": "網站前後台", "description": "公開站、治理後台、告警後台、AwoooP 後台、IwoooS 後台。" }, { "domain_id": "learning", "display_name": "學習與協作", "description": "AgentSession、KM、Playbook trust、market watch、replay harness。" } ], "deployment_targets": [ { "target_id": "host_110", "domain_id": "hosts", "display_name": "110 DevOps / Gitea runner / monitoring host", "target_type": "host", "primary_agent": "openclaw", "supporting_agents": ["hermes"], "deployment_state": "active_governed", "automation_level": "prepare_only", "capabilities": ["host health diagnosis", "runner health review", "backup freshness review", "approval package"], "telegram_policy": "action_required", "learning_inputs": ["Gitea workflow result", "runner evidence", "backup status", "Alertmanager route"], "communication_channels": ["AwoooP approval", "Telegram failure/action-required", "Prometheus metrics"], "approval_gate": "host mutation requires human approval", "evidence_refs": ["infra/ansible/inventory/hosts.yml", "docs/evaluations/gitea_workflow_runner_health_2026-06-05.json"], "next_action": "把 runner / backup / monitoring 狀態納入 Agent 協作節點,但只允許準備修復提案。" }, { "target_id": "host_188", "domain_id": "hosts", "display_name": "188 AI / Web / PostgreSQL / Redis / SigNoz host", "target_type": "host", "primary_agent": "openclaw", "supporting_agents": ["hermes", "nemotron"], "deployment_state": "active_governed", "automation_level": "prepare_only", "capabilities": ["AI provider health review", "database/cache health review", "observability review", "NemoTron candidate evidence"], "telegram_policy": "action_required", "learning_inputs": ["AI route matrix", "DB backup status", "SigNoz/ClickHouse evidence", "NemoTron smoke result"], "communication_channels": ["AwoooP approval", "Telegram failure/action-required", "Prometheus metrics"], "approval_gate": "host mutation, service restart, provider route change require explicit approval", "evidence_refs": ["infra/ansible/inventory/hosts.yml", "docs/evaluations/ai_provider_route_matrix_2026-06-05.json"], "next_action": "建立 OpenClaw 主仲裁、Hermes 彙整、NemoTron 離線評估的 host-188 協作節點。" }, { "target_id": "host_111", "domain_id": "hosts", "display_name": "111 Ollama fallback host", "target_type": "host", "primary_agent": "openclaw", "supporting_agents": ["hermes"], "deployment_state": "read_only_layout", "automation_level": "observe_only", "capabilities": ["fallback health observation", "route readiness review"], "telegram_policy": "failure_only", "learning_inputs": ["Ollama health", "provider failover evidence"], "communication_channels": ["Prometheus metrics", "Telegram failure-only"], "approval_gate": "SSH / service operation requires approval", "evidence_refs": ["infra/ansible/inventory/hosts.yml", "docs/runbooks/RUNBOOK-OLLAMA-FAILOVER.md"], "next_action": "保持只讀觀察,避免因 fallback 健康誤判而切換 provider。" }, { "target_id": "host_120", "domain_id": "hosts", "display_name": "120 K3s master / blocked recovery host", "target_type": "host", "primary_agent": "openclaw", "supporting_agents": ["hermes"], "deployment_state": "blocked_by_gate", "automation_level": "blocked", "capabilities": ["blocked-state tracking", "recovery checklist", "backup config capture blocker"], "telegram_policy": "action_required", "learning_inputs": ["cold-start scorecard", "backup config capture", "host reachability"], "communication_channels": ["Telegram action-required", "LOGBOOK", "cold-start runbook"], "approval_gate": "console/SSH recovery evidence required before any automation", "evidence_refs": ["docs/runbooks/BACKUP-STATUS.md", "docs/runbooks/FULL-STACK-COLD-START-SOP.md"], "next_action": "維持 blocked,不安排自動修復,等待 console / SSH 復原證據。" }, { "target_id": "host_121", "domain_id": "hosts", "display_name": "121 K3s peer host", "target_type": "host", "primary_agent": "openclaw", "supporting_agents": ["hermes"], "deployment_state": "active_governed", "automation_level": "observe_only", "capabilities": ["K3s readiness observation", "failover context", "backup/cold-start evidence"], "telegram_policy": "failure_only", "learning_inputs": ["K3s node readiness", "host connectivity", "cold-start scorecard"], "communication_channels": ["Prometheus metrics", "Telegram failure-only"], "approval_gate": "K3s mutation requires maintenance window approval", "evidence_refs": ["infra/ansible/inventory/hosts.yml", "docs/runbooks/K3S-OPTIMIZATION-RUNBOOK.md"], "next_action": "將 121 視為 K3s readiness 證據節點,不做未批准操作。" }, { "target_id": "host_112", "domain_id": "hosts", "display_name": "112 Kali / security evidence host", "target_type": "host", "primary_agent": "hermes", "supporting_agents": ["openclaw"], "deployment_state": "read_only_layout", "automation_level": "observe_only", "capabilities": ["security evidence catalog", "owner response package", "read-only posture projection"], "telegram_policy": "no_direct_notify", "learning_inputs": ["IwoooS posture projection", "owner response evidence"], "communication_channels": ["IwoooS read-only handoff", "operator review"], "approval_gate": "active scan / host update / credentialed scan require independent approval", "evidence_refs": ["docs/security/iwooos-posture-projection.snapshot.json", "infra/ansible/inventory/hosts.yml"], "next_action": "維持只讀安全證據,不啟用 active scan。" }, { "target_id": "pkg_python_api", "domain_id": "packages", "display_name": "API Python dependencies", "target_type": "package_set", "primary_agent": "hermes", "supporting_agents": ["openclaw"], "deployment_state": "active_governed", "automation_level": "observe_only", "capabilities": ["dependency inventory", "CVE/license drift review", "upgrade approval package"], "telegram_policy": "daily_summary_only", "learning_inputs": ["package inventory", "CVE policy", "dependency drift plan"], "communication_channels": ["governance UI", "daily summary only"], "approval_gate": "dependency upgrade requires approval package", "evidence_refs": ["docs/evaluations/package_supply_chain_inventory_2026-06-04.json"], "next_action": "Hermes 週期性彙整漂移,OpenClaw 只仲裁高風險升級。" }, { "target_id": "pkg_web_pnpm", "domain_id": "packages", "display_name": "Web pnpm/npm dependencies", "target_type": "package_set", "primary_agent": "hermes", "supporting_agents": ["openclaw"], "deployment_state": "active_governed", "automation_level": "observe_only", "capabilities": ["package inventory", "lockfile drift review", "upgrade proposal"], "telegram_policy": "daily_summary_only", "learning_inputs": ["javascript package inventory", "dependency drift plan"], "communication_channels": ["governance UI", "daily summary only"], "approval_gate": "package upgrade / install requires approval", "evidence_refs": ["docs/evaluations/javascript_package_inventory_2026-06-04.json"], "next_action": "只產生升級批准包,不自動 npm/pnpm install。" }, { "target_id": "docker_build_surface", "domain_id": "packages", "display_name": "Docker base image and build surface", "target_type": "container_image", "primary_agent": "hermes", "supporting_agents": ["openclaw"], "deployment_state": "active_governed", "automation_level": "prepare_only", "capabilities": ["digest drift review", "base image risk review", "build-surface proposal"], "telegram_policy": "action_required", "learning_inputs": ["docker build surface inventory", "CVE policy"], "communication_channels": ["governance UI", "Telegram action-required for critical drift"], "approval_gate": "image digest/base image change requires review and deploy gate", "evidence_refs": ["docs/evaluations/docker_build_surface_inventory_2026-06-04.json"], "next_action": "把 critical image drift 送 OpenClaw 仲裁,其他由 Hermes 月報。" }, { "target_id": "gitea_actions", "domain_id": "tools", "display_name": "Gitea Actions and host runner", "target_type": "workflow_tool", "primary_agent": "hermes", "supporting_agents": ["openclaw"], "deployment_state": "active_governed", "automation_level": "observe_only", "capabilities": ["workflow health matrix", "runner attestation", "notification hygiene"], "telegram_policy": "action_required", "learning_inputs": ["workflow results", "runner evidence", "CI failure classes"], "communication_channels": ["Gitea Actions summary", "Telegram actionable/failure only"], "approval_gate": "workflow modification requires review", "evidence_refs": ["docs/evaluations/gitea_workflow_runner_health_2026-06-05.json", ".gitea/workflows/"], "next_action": "Hermes 彙整 runner / workflow gaps;OpenClaw 只仲裁部署或 workflow 修改。" }, { "target_id": "harbor_registry", "domain_id": "tools", "display_name": "Harbor registry", "target_type": "registry", "primary_agent": "hermes", "supporting_agents": ["openclaw"], "deployment_state": "read_only_layout", "automation_level": "observe_only", "capabilities": ["backup freshness", "image inventory", "registry health summary"], "telegram_policy": "failure_only", "learning_inputs": ["backup target inventory", "registry backup evidence"], "communication_channels": ["backup policy", "Telegram failure-only"], "approval_gate": "registry cleanup / retention change requires approval", "evidence_refs": ["scripts/backup/backup-harbor.sh", "docs/evaluations/backup_dr_target_inventory_2026-06-04.json"], "next_action": "只監控 backup / freshness,不自動刪 image。" }, { "target_id": "prometheus_alertmanager", "domain_id": "tools", "display_name": "Prometheus / Alertmanager", "target_type": "observability", "primary_agent": "hermes", "supporting_agents": ["openclaw"], "deployment_state": "active_governed", "automation_level": "prepare_only", "capabilities": ["alert contract review", "noise reduction proposal", "E2E chain evidence"], "telegram_policy": "action_required", "learning_inputs": ["alert rules", "alert chain metrics", "notification outcome"], "communication_channels": ["Alertmanager webhook", "Telegram action-required"], "approval_gate": "alert rule deploy / silence requires approval", "evidence_refs": ["docs/evaluations/observability_contract_matrix_2026-06-05.json", "docs/adr/ADR-035-telegram-alert-chain-enforcement.md"], "next_action": "保持告警必到,成功訊息降噪,規則部署另走 deploy-alerts gate。" }, { "target_id": "signoz_clickhouse", "domain_id": "tools", "display_name": "SigNoz / ClickHouse", "target_type": "observability", "primary_agent": "hermes", "supporting_agents": ["openclaw"], "deployment_state": "active_governed", "automation_level": "observe_only", "capabilities": ["trace evidence", "log evidence", "storage health review"], "telegram_policy": "action_required", "learning_inputs": ["SigNoz alert", "ClickHouse health", "trace/log evidence"], "communication_channels": ["governance UI", "Telegram action-required"], "approval_gate": "query-heavy or retention change requires approval", "evidence_refs": ["docs/evaluations/observability_contract_matrix_2026-06-05.json", "ops/signoz"], "next_action": "Hermes 做證據摘要,OpenClaw 仲裁重大 storage / retention 風險。" }, { "target_id": "sentry", "domain_id": "tools", "display_name": "Sentry", "target_type": "observability", "primary_agent": "hermes", "supporting_agents": ["openclaw"], "deployment_state": "active_governed", "automation_level": "observe_only", "capabilities": ["issue summary", "frontend/backend error drift", "release evidence"], "telegram_policy": "action_required", "learning_inputs": ["Sentry issue class", "release marker", "frontend/backend route"], "communication_channels": ["governance UI", "Telegram action-required"], "approval_gate": "Sentry DSN / project setting change requires approval", "evidence_refs": ["apps/web/src/instrumentation.ts", "scripts/backup/backup-sentry.sh"], "next_action": "只讀錯誤分類,不讀 secret,不直接建立/修改 Sentry 設定。" }, { "target_id": "open_webui", "domain_id": "tools", "display_name": "Open-WebUI / AI workspace", "target_type": "ai_tool", "primary_agent": "nemotron", "supporting_agents": ["hermes", "openclaw"], "deployment_state": "candidate_only", "automation_level": "observe_only", "capabilities": ["model evaluation evidence", "AI artifact inventory", "offline specialist review"], "telegram_policy": "no_direct_notify", "learning_inputs": ["AI artifact backup", "model evaluation", "operator review"], "communication_channels": ["offline report", "governance UI"], "approval_gate": "external model call / NIM route requires cost and data-boundary approval", "evidence_refs": ["scripts/backup/backup-open-webui.sh", "docs/evaluations/agent_nemotron_contract_tuned_smoke_matrix_2026-06-02.json"], "next_action": "NemoTron 只做離線評估,不接 production route。" }, { "target_id": "telegram_gateway", "domain_id": "tools", "display_name": "Telegram Gateway / Bot alert chain", "target_type": "notification_gateway", "primary_agent": "openclaw", "supporting_agents": ["hermes"], "deployment_state": "active_governed", "automation_level": "hitl_execute_after_approval", "capabilities": ["failure-only routing", "approval card", "dedup", "E2E validation"], "telegram_policy": "approval_required", "learning_inputs": ["notification outcome", "dedup result", "operator button action"], "communication_channels": ["Telegram Bot", "AwoooP approval", "alert operation log"], "approval_gate": "direct send / bot token change / chat target change requires approval and E2E smoke", "evidence_refs": ["apps/api/src/services/telegram_gateway.py", "docs/adr/ADR-035-telegram-alert-chain-enforcement.md"], "next_action": "把三 Agent 的通知都收斂到 Gateway,不讓 Agent 直接持有 token 或直接發送。" }, { "target_id": "ansible_control", "domain_id": "tools", "display_name": "Ansible host control plane", "target_type": "host_iac", "primary_agent": "openclaw", "supporting_agents": ["hermes"], "deployment_state": "read_only_layout", "automation_level": "hitl_execute_after_approval", "capabilities": ["check-mode proposal", "host-state drift", "rollback plan"], "telegram_policy": "approval_required", "learning_inputs": ["Ansible check-mode", "host textfile exporter", "operator approval outcome"], "communication_channels": ["AwoooP approval", "Telegram approval-required"], "approval_gate": "any ansible apply requires independent human approval", "evidence_refs": ["docs/runbooks/ANSIBLE-OPERATING-MODEL.md", "infra/ansible/inventory/hosts.yml"], "next_action": "先建立 check-mode 證據;apply 仍必須人工批准。" }, { "target_id": "awoooi_api", "domain_id": "services", "display_name": "AWOOOI API backend", "target_type": "api", "primary_agent": "openclaw", "supporting_agents": ["hermes", "nemotron"], "deployment_state": "active_governed", "automation_level": "prepare_only", "capabilities": ["incident decision", "MCP context", "agent API snapshots", "post-execution verification"], "telegram_policy": "failure_only", "learning_inputs": ["incident", "timeline event", "approval record", "agent snapshot"], "communication_channels": ["API", "Redis stream", "Telegram failure-only"], "approval_gate": "runtime deploy / DB migration / provider route change requires CD gate", "evidence_refs": ["apps/api/src/api/v1/agents.py", "docs/evaluations/runtime_surface_inventory_2026-06-05.json"], "next_action": "把新佈建布局暴露為只讀 API,不新增執行端點。" }, { "target_id": "awoooi_web", "domain_id": "services", "display_name": "AWOOOI public web frontend", "target_type": "web", "primary_agent": "hermes", "supporting_agents": ["openclaw"], "deployment_state": "active_governed", "automation_level": "observe_only", "capabilities": ["frontend evidence display", "i18n review", "route health summary"], "telegram_policy": "failure_only", "learning_inputs": ["browser smoke", "Sentry issue", "i18n validation"], "communication_channels": ["governance UI", "Sentry", "Telegram failure-only"], "approval_gate": "frontend deploy requires CD validation and production smoke", "evidence_refs": ["apps/web/src/app/[locale]/governance/page.tsx", "docs/evaluations/runtime_surface_inventory_2026-06-05.json"], "next_action": "Hermes 維護 UI/文案與證據卡;OpenClaw 仲裁發布風險。" }, { "target_id": "governance_backoffice", "domain_id": "services", "display_name": "Governance backoffice", "target_type": "backoffice", "primary_agent": "hermes", "supporting_agents": ["openclaw"], "deployment_state": "active_governed", "automation_level": "observe_only", "capabilities": ["automation inventory", "agent market", "service health", "deployment layout display"], "telegram_policy": "action_required", "learning_inputs": ["snapshot freshness", "operator review", "blocked gate count"], "communication_channels": ["governance UI", "AwoooP work item"], "approval_gate": "UI display is not runtime authorization", "evidence_refs": ["apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx"], "next_action": "將本 layout 先接進只讀 API,再接治理 UI。" }, { "target_id": "awooop_control_plane", "domain_id": "services", "display_name": "AwoooP control plane", "target_type": "control_plane", "primary_agent": "openclaw", "supporting_agents": ["hermes"], "deployment_state": "active_governed", "automation_level": "hitl_execute_after_approval", "capabilities": ["work item", "approval", "truth chain", "run state"], "telegram_policy": "approval_required", "learning_inputs": ["approval decision", "run state", "operator timeline"], "communication_channels": ["AwoooP approvals", "Telegram approval card"], "approval_gate": "AwoooP work item is not security or production approval by itself", "evidence_refs": ["apps/web/src/app/[locale]/awooop/page.tsx", "docs/awooop/MASTER-WORKPLAN.md"], "next_action": "OpenClaw 只把 AwoooP 當批准/證據控制面,不讓候選 Agent 直接執行。" }, { "target_id": "iwooos_security_surface", "domain_id": "services", "display_name": "IwoooS security surface", "target_type": "security_surface", "primary_agent": "hermes", "supporting_agents": ["openclaw"], "deployment_state": "active_governed", "automation_level": "observe_only", "capabilities": ["read-only evidence", "owner response packet", "security posture"], "telegram_policy": "action_required", "learning_inputs": ["owner response gate", "redacted evidence refs", "scope handoff"], "communication_channels": ["IwoooS page", "operator review", "Telegram action-required only"], "approval_gate": "active runtime / scan / host update remains false until independent approval", "evidence_refs": ["apps/web/src/app/[locale]/iwooos/page.tsx", "docs/security/iwooos-posture-projection.snapshot.json"], "next_action": "Hermes 整理資安證據,OpenClaw 守住 active runtime gate。" }, { "target_id": "postgresql_primary", "domain_id": "services", "display_name": "PostgreSQL primary data layer", "target_type": "database", "primary_agent": "openclaw", "supporting_agents": ["hermes"], "deployment_state": "active_governed", "automation_level": "prepare_only", "capabilities": ["connection health", "backup freshness", "migration risk", "slow query evidence"], "telegram_policy": "failure_only", "learning_inputs": ["DB alert", "backup status", "migration outcome"], "communication_channels": ["Prometheus", "backup status", "Telegram failure-only"], "approval_gate": "migration / restore / schema change requires approval and backup evidence", "evidence_refs": ["apps/api/migrations/", "docs/evaluations/backup_dr_readiness_matrix_2026-06-04.json"], "next_action": "OpenClaw 仲裁 DB 風險;Hermes 產出備份與 migration 證據摘要。" }, { "target_id": "redis_cache", "domain_id": "services", "display_name": "Redis / Stream / cache layer", "target_type": "cache", "primary_agent": "openclaw", "supporting_agents": ["hermes"], "deployment_state": "active_governed", "automation_level": "prepare_only", "capabilities": ["stream backlog review", "cache health", "agent bus readiness"], "telegram_policy": "failure_only", "learning_inputs": ["Redis alert", "agent stream backlog", "approval outcome"], "communication_channels": ["Prometheus", "Agent stream", "Telegram failure-only"], "approval_gate": "flush / restart / data mutation requires approval", "evidence_refs": ["docs/evaluations/service_health_gap_matrix_2026-06-05.json", "docs/adr/ADR-082-multi-agent-collaboration.md"], "next_action": "用 Redis stream 作為 Agent 協作匯流,但不允許無批准清除資料。" }, { "target_id": "k8s_workloads", "domain_id": "services", "display_name": "K8s workloads / manifests", "target_type": "k8s", "primary_agent": "openclaw", "supporting_agents": ["hermes"], "deployment_state": "active_governed", "automation_level": "dry_run_only", "capabilities": ["manifest mapping", "rollout evidence", "drift interpretation", "dry-run proposal"], "telegram_policy": "action_required", "learning_inputs": ["runtime surface inventory", "drift report", "post-execution verifier"], "communication_channels": ["AwoooP approval", "Telegram action-required", "Prometheus"], "approval_gate": "kubectl apply / rollout / scale / delete requires approval", "evidence_refs": ["k8s/awoooi-prod/", "docs/evaluations/runtime_surface_inventory_2026-06-05.json"], "next_action": "OpenClaw 做乾跑仲裁,Hermes 彙整 manifest 與 runbook。" }, { "target_id": "project_awoooi", "domain_id": "projects", "display_name": "AWOOOI core project", "target_type": "project", "primary_agent": "openclaw", "supporting_agents": ["hermes", "nemotron"], "deployment_state": "active_governed", "automation_level": "prepare_only", "capabilities": ["incident governance", "agent market governance", "runtime truth", "deployment evidence"], "telegram_policy": "action_required", "learning_inputs": ["LOGBOOK", "HARD_RULES", "market watch", "runtime smoke"], "communication_channels": ["Gitea", "AwoooP", "Telegram", "governance UI"], "approval_gate": "production deploy and provider changes require existing CD/HITL gates", "evidence_refs": ["docs/HARD_RULES.md", "docs/LOGBOOK.md"], "next_action": "把三 Agent 佈局做成 AWOOOI 的正式只讀控制面資料。" }, { "target_id": "project_awooop", "domain_id": "projects", "display_name": "AwoooP operations project surface", "target_type": "project", "primary_agent": "openclaw", "supporting_agents": ["hermes"], "deployment_state": "active_governed", "automation_level": "hitl_execute_after_approval", "capabilities": ["work item", "approval queue", "run monitor", "contract governance"], "telegram_policy": "approval_required", "learning_inputs": ["work item status", "approval outcome", "truth chain"], "communication_channels": ["AwoooP UI", "Telegram approval card"], "approval_gate": "AwoooP approval is necessary but not sufficient for security or host mutation", "evidence_refs": ["docs/awooop/MASTER-WORKPLAN.md", "apps/web/src/app/[locale]/awooop/"], "next_action": "將 Agent 佈局轉為 AwoooP work item templates,但不自動簽核。" }, { "target_id": "project_iwooos", "domain_id": "projects", "display_name": "IwoooS security governance", "target_type": "project", "primary_agent": "hermes", "supporting_agents": ["openclaw"], "deployment_state": "active_governed", "automation_level": "observe_only", "capabilities": ["scope handoff", "owner response gate", "redacted evidence"], "telegram_policy": "action_required", "learning_inputs": ["IwoooS posture projection", "owner response state"], "communication_channels": ["IwoooS UI", "operator review"], "approval_gate": "UI-visible state must not be treated as runtime authorization", "evidence_refs": ["docs/security/iwooos-posture-projection.snapshot.json"], "next_action": "Hermes 維持只讀證據卡,OpenClaw 防止 runtime gate 被誤開。" }, { "target_id": "project_vibework", "domain_id": "projects", "display_name": "VibeWork adjacent product", "target_type": "adjacent_project", "primary_agent": "hermes", "supporting_agents": ["openclaw"], "deployment_state": "read_only_layout", "automation_level": "observe_only", "capabilities": ["boundary inventory", "release evidence summary", "alert routing expectation"], "telegram_policy": "no_direct_notify", "learning_inputs": ["cross-project handoff", "runtime evidence if explicitly supplied"], "communication_channels": ["operator report only"], "approval_gate": "separate repo/runtime approval required", "evidence_refs": ["docs/security/vibework-iwooos-onboarding-handoff.snapshot.json"], "next_action": "只保留治理視野,不跨 repo 自動部署。" }, { "target_id": "project_stockplatform", "domain_id": "projects", "display_name": "StockPlatform adjacent product", "target_type": "adjacent_project", "primary_agent": "hermes", "supporting_agents": ["nemotron", "openclaw"], "deployment_state": "read_only_layout", "automation_level": "observe_only", "capabilities": ["AI research governance", "dry-run review", "human-review boundary"], "telegram_policy": "no_direct_notify", "learning_inputs": ["research governance note", "operator-approved evidence"], "communication_channels": ["operator report only"], "approval_gate": "separate project approval required before any runtime work", "evidence_refs": ["docs/ai/AI_AGENT_AUTOMATION_WORKLIST_2026-06-04.md"], "next_action": "NemoTron 只可作研究乾跑,不作投資建議或生產推薦。" }, { "target_id": "project_tsenyang", "domain_id": "projects", "display_name": "TSENYANG website adjacent project", "target_type": "adjacent_project", "primary_agent": "hermes", "supporting_agents": ["openclaw"], "deployment_state": "read_only_layout", "automation_level": "observe_only", "capabilities": ["SEO/launch evidence summary", "analytics boundary review"], "telegram_policy": "no_direct_notify", "learning_inputs": ["operator-approved launch evidence"], "communication_channels": ["operator report only"], "approval_gate": "separate repo/runtime approval required", "evidence_refs": ["docs/security/iwooos-posture-projection.snapshot.json"], "next_action": "只保留跨產品治理視角,不直接改網站。" }, { "target_id": "project_bitan", "domain_id": "projects", "display_name": "Bitan Pharmacy adjacent project", "target_type": "adjacent_project", "primary_agent": "hermes", "supporting_agents": ["openclaw"], "deployment_state": "read_only_layout", "automation_level": "observe_only", "capabilities": ["production recovery evidence summary", "AI ops loop review"], "telegram_policy": "no_direct_notify", "learning_inputs": ["operator-approved recovery evidence"], "communication_channels": ["operator report only"], "approval_gate": "separate repo/runtime approval required", "evidence_refs": ["docs/security/iwooos-posture-projection.snapshot.json"], "next_action": "只列入相鄰產品治理,不跨專案部署。" }, { "target_id": "project_agent_bounty", "domain_id": "projects", "display_name": "agent-bounty-protocol onboarding surface", "target_type": "adjacent_project", "primary_agent": "hermes", "supporting_agents": ["openclaw"], "deployment_state": "read_only_layout", "automation_level": "observe_only", "capabilities": ["read-only security onboarding", "owner gate", "external agent boundary"], "telegram_policy": "no_direct_notify", "learning_inputs": ["agent bounty onboarding handoff", "owner response status"], "communication_channels": ["IwoooS read-only handoff", "operator report"], "approval_gate": "no runtime, repo, scan, cron, payout or contract action without explicit approval", "evidence_refs": ["docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json"], "next_action": "維持 IwoooS 只讀收件,不跨到 agent-bounty runtime。" }, { "target_id": "public_frontend", "domain_id": "websites", "display_name": "Public frontend routes", "target_type": "website_frontend", "primary_agent": "hermes", "supporting_agents": ["openclaw"], "deployment_state": "active_governed", "automation_level": "observe_only", "capabilities": ["browser smoke evidence", "i18n coverage", "route health"], "telegram_policy": "failure_only", "learning_inputs": ["browser smoke", "Sentry error", "route uptime"], "communication_channels": ["Sentry", "Prometheus", "Telegram failure-only"], "approval_gate": "frontend deploy requires build/typecheck/browser smoke", "evidence_refs": ["apps/web/src/app/[locale]/page.tsx"], "next_action": "Hermes 負責內容/顯示品質;OpenClaw 仲裁發布風險。" }, { "target_id": "governance_ui", "domain_id": "websites", "display_name": "Governance UI backoffice", "target_type": "website_backoffice", "primary_agent": "hermes", "supporting_agents": ["openclaw"], "deployment_state": "active_governed", "automation_level": "observe_only", "capabilities": ["agent market display", "automation inventory display", "deployment layout display"], "telegram_policy": "action_required", "learning_inputs": ["operator review", "snapshot freshness", "blocked gate count"], "communication_channels": ["governance UI", "AwoooP work item"], "approval_gate": "UI display does not authorize runtime action", "evidence_refs": ["apps/web/src/app/[locale]/governance/page.tsx"], "next_action": "新增只讀 layout 資料源後再接 UI 呈現。" }, { "target_id": "alerts_backoffice", "domain_id": "websites", "display_name": "Alerts and operation-log backoffice", "target_type": "website_backoffice", "primary_agent": "openclaw", "supporting_agents": ["hermes"], "deployment_state": "active_governed", "automation_level": "prepare_only", "capabilities": ["incident triage", "alert operation log", "operator action request"], "telegram_policy": "action_required", "learning_inputs": ["alert operation log", "incident timeline", "notification outcome"], "communication_channels": ["alert-operation-logs UI", "Telegram action-required"], "approval_gate": "alert action execution requires approval", "evidence_refs": ["apps/web/src/app/[locale]/alerts/page.tsx", "apps/web/src/app/[locale]/alert-operation-logs/page.tsx"], "next_action": "OpenClaw 產生 action proposal;Hermes 彙整趨勢與降噪。" }, { "target_id": "awooop_admin", "domain_id": "websites", "display_name": "AwoooP admin routes", "target_type": "website_backoffice", "primary_agent": "openclaw", "supporting_agents": ["hermes"], "deployment_state": "active_governed", "automation_level": "hitl_execute_after_approval", "capabilities": ["approval queue", "runs", "contracts", "tenants"], "telegram_policy": "approval_required", "learning_inputs": ["approval decision", "run evidence", "contract state"], "communication_channels": ["AwoooP UI", "Telegram approval card"], "approval_gate": "AwoooP UI action requires separate policy and human approval", "evidence_refs": ["apps/web/src/app/[locale]/awooop/"], "next_action": "將三 Agent 提案映射成 AwoooP work item,不讓候選 Agent 直接執行。" }, { "target_id": "iwooos_admin", "domain_id": "websites", "display_name": "IwoooS read-only security routes", "target_type": "website_backoffice", "primary_agent": "hermes", "supporting_agents": ["openclaw"], "deployment_state": "active_governed", "automation_level": "observe_only", "capabilities": ["security mirror", "scope card", "owner response gate"], "telegram_policy": "action_required", "learning_inputs": ["owner response", "security posture", "redacted refs"], "communication_channels": ["IwoooS UI", "operator review"], "approval_gate": "IwoooS visibility is not active runtime authorization", "evidence_refs": ["apps/web/src/app/[locale]/iwooos/page.tsx"], "next_action": "繼續維持低摩擦只讀資安治理。" }, { "target_id": "agent_session_bus", "domain_id": "learning", "display_name": "AgentSession / Redis Streams collaboration bus", "target_type": "learning_bus", "primary_agent": "openclaw", "supporting_agents": ["hermes", "nemotron"], "deployment_state": "planned", "automation_level": "observe_only", "capabilities": ["agent handoff", "turn audit", "replayable collaboration"], "telegram_policy": "no_direct_notify", "learning_inputs": ["agent session turn", "critic challenge", "coordinator decision"], "communication_channels": ["Redis stream", "agent_sessions audit"], "approval_gate": "new runtime worker or schema migration requires approval", "evidence_refs": ["docs/adr/ADR-082-multi-agent-collaboration.md"], "next_action": "先補只讀 layout;下一波才評估是否需要 migration / worker。" }, { "target_id": "km_playbook_learning", "domain_id": "learning", "display_name": "KM / Playbook trust learning loop", "target_type": "learning_loop", "primary_agent": "hermes", "supporting_agents": ["openclaw"], "deployment_state": "planned", "automation_level": "observe_only", "capabilities": ["runbook freshness", "playbook trust evidence", "negative reinforcement"], "telegram_policy": "daily_summary_only", "learning_inputs": ["execution result", "post verification", "operator review"], "communication_channels": ["KM", "LOGBOOK", "daily summary only"], "approval_gate": "playbook promotion requires review", "evidence_refs": ["docs/superpowers/specs/2026-04-15-MASTER-ai-autonomous-flywheel-v2.md"], "next_action": "Hermes 整理學習素材,OpenClaw 仲裁是否可升為 approved playbook。" }, { "target_id": "nemotron_replay_pipeline", "domain_id": "learning", "display_name": "NemoTron smoke / replay pipeline", "target_type": "model_replay", "primary_agent": "nemotron", "supporting_agents": ["openclaw", "hermes"], "deployment_state": "blocked_by_gate", "automation_level": "blocked", "capabilities": ["5-record smoke", "output contract review", "latency budget", "same-run baseline delta"], "telegram_policy": "approval_required", "learning_inputs": ["smoke gate", "external runner report", "OpenClaw baseline"], "communication_channels": ["offline report", "operator review", "Telegram approval-required after gate"], "approval_gate": "refresh source evidence, cost/data approval, then 5-record smoke only", "evidence_refs": ["docs/evaluations/agent_nemotron_contract_tuned_smoke_matrix_2026-06-02.json", "docs/runbooks/OPENCLAW-REPLACEMENT-EVALUATION.md"], "next_action": "新增 Nemotron 3 Ultra source evidence 後,先重跑 5-record smoke。" }, { "target_id": "agent_market_watch", "domain_id": "learning", "display_name": "AI Agent market watch", "target_type": "market_watch", "primary_agent": "hermes", "supporting_agents": ["openclaw", "nemotron"], "deployment_state": "active_governed", "automation_level": "observe_only", "capabilities": ["primary-source scan", "integration review", "discovery intake", "candidate scoring"], "telegram_policy": "action_required", "learning_inputs": ["official docs", "release metadata", "scorecard", "operator review"], "communication_channels": ["Gitea Actions", "governance UI", "Telegram actionable only"], "approval_gate": "market watch cannot approve SDK/API/replay/shadow/canary/production", "evidence_refs": [".gitea/workflows/agent-market-watch.yaml", "docs/evaluations/agent_market_governance_snapshot_2026-06-04.json"], "next_action": "把 Nemotron 3 Ultra 納入下一次 source refresh 和 scorecard review。" } ], "collaboration_contract": { "message_bus": "以 Redis Streams / AgentSession / timeline event 作為可回放協作總線;本快照只描述布局,不啟動新 worker。", "audit_trail": "所有 Agent 建議必須落到可查詢事件、批准包或 committed snapshot;不得只存在聊天視窗。", "handoff_rules": [ "OpenClaw 收斂生產風險、HITL 與 Telegram action-required。", "Hermes 收斂治理、文件、盤點、降噪與跨專案報告。", "NemoTron 收斂 sanitized 離線評估、模型比較與 replay score。", "任何 Agent 發現風險升級時必須轉交 OpenClaw 仲裁。", "任何 Agent 發現市場/依賴漂移時必須轉交 Hermes 彙整。", "任何候選模型能力聲稱必須先經 NemoTron 或 replay harness 產出同題證據。" ], "frontend_redaction": { "operator_conversation_display_allowed": false, "agent_private_reasoning_display_allowed": false, "display_policy": "前端只能顯示任務狀態、證據摘要、批准邊界與產物連結;不得顯示操作對話原文或 Agent 私有推理。" } }, "learning_contract": { "event_sources": [ "incident timeline", "approval outcome", "alert operation log", "service health snapshot", "backup / DR evidence", "dependency drift snapshot", "agent market watch", "NemoTron smoke / replay result" ], "feedback_loops": [ "成功/失敗/中性結果回寫 Playbook trust", "Critic / Reviewer 挑戰結果回寫 AgentSession", "Telegram 按鈕與 operator review 回寫 notification outcome", "Market watch source delta 進入 scorecard / replay gate", "NemoTron replay 失敗模式回寫 prompt / contract 改善清單" ], "growth_metrics": [ "playbook trust_score 有效更新數", "general fallback alert ratio", "agent handoff completion rate", "notification failure rate", "smoke gate pass rate", "operator-approved proposal precision" ], "retention_policy": "學習資料只保留 redacted evidence refs、hash、分類與結果;Secret、token、原始對話與私有推理不得進前端或告警。" }, "telegram_contract": { "primary_gateway": "apps/api/src/services/telegram_gateway.py", "bot_roles": [ "OpenClaw Bot:生產告警、批准、HITL 與 action-required。", "Hermes Bot lane:治理摘要、週期性報告與降噪候選,但仍經 Gateway。", "NemoTron lane:只在 smoke/replay gate 需要 operator review 時產生摘要,不能直接發送。" ], "notification_classes": [ "critical failure: immediate", "operator action required: immediate", "approval required: approval card", "success / healthy: suppressed or daily summary", "watch-only no-op: quiet" ], "redaction_policy": "不得在 Telegram 顯示 Secret、token、cookie、private key、原始 payload、操作對話原文或 Agent 私有推理;只顯示 evidence ref、狀態、影響範圍與下一步。", "e2e_validation": "沿用 ADR-035:部署前檢查 Secret、部署時注入 K8s Secret、部署後做 E2E 告警鏈路驗證;本布局不直接送測試通知。" }, "rollups": { "total_targets": 42, "by_domain": { "hosts": 6, "packages": 3, "tools": 8, "services": 8, "projects": 8, "websites": 5, "learning": 4 }, "by_primary_agent": { "openclaw": 17, "hermes": 23, "nemotron": 2 }, "by_deployment_state": { "active_governed": 28, "read_only_layout": 9, "blocked_by_gate": 2, "planned": 2, "candidate_only": 1 }, "by_telegram_policy": { "failure_only": 8, "action_required": 17, "approval_required": 6, "daily_summary_only": 3, "no_direct_notify": 8 }, "blocked_target_ids": [ "host_120", "nemotron_replay_pipeline" ], "approval_required_target_ids": [ "host_120", "telegram_gateway", "ansible_control", "awooop_control_plane", "project_awooop", "awooop_admin", "nemotron_replay_pipeline" ] }, "approval_boundaries": { "sdk_installation_allowed": false, "paid_api_call_allowed": false, "shadow_or_canary_allowed": false, "production_routing_allowed": false, "destructive_operation_allowed": false, "secret_plaintext_allowed": false, "autonomous_host_mutation_allowed": false, "telegram_direct_send_allowed": false } }