{ "schema_version": "ai_agent_proactive_operations_contract_v1", "generated_at": "2026-06-11T23:20:00+08:00", "program_status": { "overall_completion_percent": 100, "current_priority": "P2", "current_task_id": "P2-403J", "next_task_id": "P2-403K", "read_only_mode": true, "runtime_authority": "contract_only_no_version_or_runtime_update", "status_note": "P2-403J 已把報表真相、告警可處置性、日報、週報、月報、Agent 工作量、圖表化報告、AI 分析建議與高/中/低風險自動化政策接入治理證據;全 0 週報視為低可信可處置異常,Telegram 正式告警必須收斂到 AwoooI SRE 戰情室。live report delivery、Telegram receipt、runtime worker、中低風險自動執行、verifier execution 與 route change 目前全為 0。" }, "external_source_evidence": [ { "id": "renovate_gitea_docs", "name": "Renovate Gitea platform docs", "url": "https://docs.renovatebot.com/modules/platform/gitea/", "decision_use": "列為 Gitea 版本更新 PR 自動化候選;本波不啟用 bot、不建立 workflow。" }, { "id": "osv_scanner_docs", "name": "OSV-Scanner usage docs", "url": "https://google.github.io/osv-scanner/usage/", "decision_use": "列為依賴漏洞掃描候選;本波只做契約,不執行外部 vulnerability query。" }, { "id": "trivy_docs", "name": "Trivy docs", "url": "https://trivy.dev/", "decision_use": "列為 repository / filesystem / container / Kubernetes 掃描候選;本波不安裝、不掃描 live cluster。" }, { "id": "syft_docs", "name": "Anchore Syft", "url": "https://github.com/anchore/syft", "decision_use": "列為 SBOM 產生候選;本波不安裝、不產生 live SBOM。" }, { "id": "grype_docs", "name": "Anchore Grype", "url": "https://github.com/anchore/grype", "decision_use": "列為 SBOM / filesystem / container vulnerability scanner 候選;本波不安裝。" }, { "id": "kubernetes_version_skew_policy", "name": "Kubernetes Version Skew Policy", "url": "https://kubernetes.io/releases/version-skew-policy/", "decision_use": "K3s / Kubernetes / kubectl / kubelet 版本更新必須先檢查 skew policy。" }, { "id": "docker_scout_docs", "name": "Docker Scout docs", "url": "https://docs.docker.com/scout/", "decision_use": "列為 container image SBOM / vulnerability platform 候選;若使用 managed service 需費用與 secret gate。" } ], "delegation_model": { "autonomy_levels": [ { "level": "L0_observe_only", "meaning": "Agent 可主動盤點、比對版本、產生風險摘要,不修改 repo、主機或服務。" }, { "level": "L1_report_only", "meaning": "Agent 可產生定期報告、KM 記錄、LOGBOOK 草稿與 Telegram action-required 摘要草稿。" }, { "level": "L2_approval_package_only", "meaning": "Agent 可產生升級批准包、rollback plan、smoke plan、owner packet;不得自行套用。" }, { "level": "L3_draft_change_after_gate", "meaning": "通過明確 gate 後,Agent 可建立 branch / PR 草案或 Renovate 類更新 PR;不得 auto merge。" }, { "level": "L4_execute_after_human_approval", "meaning": "只有低風險、可回滾、已驗證 dry-run 的操作可在人工批准後執行。" }, { "level": "L5_blocked", "meaning": "主機升級、K3s 版本升級、production route、secret rotation value、付費服務啟用等仍阻擋。" } ], "agent_responsibilities": [ { "agent_id": "hermes", "responsibility": "版本發現、changelog 摘要、SBOM / CVE / license / drift 證據、KM / runbook 更新草稿。" }, { "agent_id": "openclaw", "responsibility": "風險分級、相依性衝突、rollback / dry-run gate、Telegram action-required 與 HITL 仲裁。" }, { "agent_id": "nemotron", "responsibility": "AI Agent / 模型 / prompt / tool-call 變更的 sanitized replay、schema 合約與離線評分。" } ], "telegram_policy": { "allowed_now": "只產 action-required 摘要資料;不得直接送 Bot。", "failure_only": "版本 watch source 連續失敗、critical CVE、EOL approaching、production incompatibility risk 才可進 Telegram Gateway queue。", "success_spam": "禁止成功巡檢洗版。" } }, "version_lifecycle_domains": [ { "domain_id": "ai_agents_models", "display_name": "AI Agent / 模型 / prompt / SDK", "primary_owner": "nemotron", "cadence": "weekly + triggered_on_major_release", "current_allowed_autonomy": "L2_approval_package_only", "update_authority": "OpenClaw 仲裁 + replay / shadow / canary gate", "approval_gate": "market_scorecard_replay_and_cost_data_approval_required", "tracked_examples": [ "OpenClaw", "Hermes", "NemoTron", "LangGraph", "OpenAI Agents SDK", "Claude Agent SDK" ] }, { "domain_id": "python_packages", "display_name": "API Python 套件", "primary_owner": "hermes", "cadence": "daily_repo_only + weekly_external", "current_allowed_autonomy": "L2_approval_package_only", "update_authority": "dependency upgrade approval package", "approval_gate": "dependency_approval_required", "tracked_examples": [ "pyproject.toml", "requirements.txt" ] }, { "domain_id": "javascript_packages", "display_name": "Web pnpm / npm 套件", "primary_owner": "hermes", "cadence": "daily_repo_only + weekly_external", "current_allowed_autonomy": "L2_approval_package_only", "update_authority": "dependency upgrade approval package", "approval_gate": "dependency_approval_required", "tracked_examples": [ "package.json", "pnpm-lock.yaml" ] }, { "domain_id": "container_images", "display_name": "Docker base image / runtime image / digest", "primary_owner": "openclaw", "cadence": "weekly + triggered_on_critical_cve", "current_allowed_autonomy": "L2_approval_package_only", "update_authority": "image digest pin proposal + smoke plan", "approval_gate": "image_pull_build_push_approval_required", "tracked_examples": [ "Dockerfile", "Harbor image tags", "base image digest" ] }, { "domain_id": "kubernetes_k3s_components", "display_name": "K3s / Kubernetes / kubectl / kubelet", "primary_owner": "openclaw", "cadence": "monthly + triggered_on_eol_or_security", "current_allowed_autonomy": "L2_approval_package_only", "update_authority": "version skew report + maintenance window approval", "approval_gate": "k8s_upgrade_maintenance_window_required", "tracked_examples": [ "kube-apiserver", "kubelet", "kubectl", "CNI", "Ingress" ] }, { "domain_id": "host_os_packages", "display_name": "主機 OS / kernel / systemd / SSH / Nginx", "primary_owner": "openclaw", "cadence": "monthly + triggered_on_critical_cve", "current_allowed_autonomy": "L2_approval_package_only", "update_authority": "Ansible check-mode / maintenance plan only", "approval_gate": "host_update_approval_required", "tracked_examples": [ "Ubuntu packages", "kernel", "Nginx", "OpenSSH" ] }, { "domain_id": "observability_stack", "display_name": "Prometheus / Alertmanager / Grafana / SigNoz / OTEL / Sentry", "primary_owner": "hermes", "cadence": "weekly_freshness + monthly_upgrade_review", "current_allowed_autonomy": "L2_approval_package_only", "update_authority": "observability compatibility report", "approval_gate": "monitoring_route_receiver_write_blocked", "tracked_examples": [ "Prometheus", "Alertmanager", "Grafana", "SigNoz", "OpenTelemetry Collector", "Sentry" ] }, { "domain_id": "stateful_services", "display_name": "PostgreSQL / Redis / MinIO / Harbor / Gitea", "primary_owner": "openclaw", "cadence": "monthly + triggered_on_security", "current_allowed_autonomy": "L2_approval_package_only", "update_authority": "backup freshness + rollback + compatibility gate", "approval_gate": "stateful_upgrade_approval_required", "tracked_examples": [ "PostgreSQL", "Redis", "MinIO", "Harbor", "Gitea" ] }, { "domain_id": "backup_dr_tooling", "display_name": "Backup / DR / restore 工具", "primary_owner": "openclaw", "cadence": "weekly_freshness + monthly_drill_readiness", "current_allowed_autonomy": "L2_approval_package_only", "update_authority": "restore drill approval package", "approval_gate": "restore_or_prune_approval_required", "tracked_examples": [ "restic", "Velero", "backup scripts", "offsite escrow" ] }, { "domain_id": "ci_cd_and_runner_tools", "display_name": "Gitea Actions / runner / deploy tooling", "primary_owner": "hermes", "cadence": "weekly_freshness + triggered_on_runner_failure", "current_allowed_autonomy": "L2_approval_package_only", "update_authority": "workflow / runner owner packet", "approval_gate": "workflow_modification_approval_required", "tracked_examples": [ "Gitea workflow", "runner labels", "deploy scripts" ] }, { "domain_id": "mcp_tools_integrations", "display_name": "MCP tools / A2A / external integrations", "primary_owner": "hermes", "cadence": "weekly_contract_review", "current_allowed_autonomy": "L2_approval_package_only", "update_authority": "MCP schema compatibility report", "approval_gate": "new_tool_or_secret_approval_required", "tracked_examples": [ "K8s MCP", "Prometheus MCP", "Sentry MCP", "Telegram Gateway" ] }, { "domain_id": "public_web_admin_surfaces", "display_name": "網站前後台 / route / UI smoke", "primary_owner": "hermes", "cadence": "daily_smoke + triggered_on_release", "current_allowed_autonomy": "L1_report_only", "update_authority": "UI smoke report only", "approval_gate": "code_change_required_for_fix", "tracked_examples": [ "awoooi.wooo.work", "AwoooP", "IwoooS", "governance tabs" ] } ], "delegable_capabilities": [ { "capability_id": "version_discovery_freshness", "display_name": "版本發現與新鮮度盤點", "primary_owner": "hermes", "risk_tier": "low", "automation_level": "L1_report_only", "outputs": [ "version_delta_report", "freshness_score", "stale_source_list" ], "approval_gate": "read_only_allowed", "telegram_policy": "failure_or_action_required_only" }, { "capability_id": "upgrade_approval_package", "display_name": "升級批准包與 rollback plan", "primary_owner": "openclaw", "risk_tier": "medium", "automation_level": "L2_approval_package_only", "outputs": [ "risk_matrix", "rollback_plan", "smoke_plan", "owner_packet" ], "approval_gate": "human_approval_required", "telegram_policy": "action_required" }, { "capability_id": "renovate_pr_proposal", "display_name": "Renovate / Gitea PR 草案候選", "primary_owner": "hermes", "risk_tier": "medium", "automation_level": "L3_draft_change_after_gate", "outputs": [ "pr_plan", "grouping_policy", "automerge_false_policy" ], "approval_gate": "workflow_and_bot_approval_required", "telegram_policy": "action_required" }, { "capability_id": "sbom_generation_plan", "display_name": "SBOM 產生與保存策略", "primary_owner": "hermes", "risk_tier": "medium", "automation_level": "L2_approval_package_only", "outputs": [ "sbom_plan", "retention_policy", "tool_choice_matrix" ], "approval_gate": "tool_install_or_ci_change_approval_required", "telegram_policy": "failure_only" }, { "capability_id": "vulnerability_triage", "display_name": "CVE / OSV / container vulnerability triage", "primary_owner": "openclaw", "risk_tier": "high", "automation_level": "L2_approval_package_only", "outputs": [ "vulnerability_report", "blast_radius", "patch_priority" ], "approval_gate": "external_scan_and_dependency_approval_required", "telegram_policy": "critical_or_action_required" }, { "capability_id": "license_policy_review", "display_name": "License / copyleft 風險檢查", "primary_owner": "hermes", "risk_tier": "medium", "automation_level": "L1_report_only", "outputs": [ "license_delta_report", "owner_review_queue" ], "approval_gate": "legal_owner_review_required", "telegram_policy": "action_required_only" }, { "capability_id": "kubernetes_version_skew_review", "display_name": "Kubernetes / K3s version skew 檢查", "primary_owner": "openclaw", "risk_tier": "high", "automation_level": "L2_approval_package_only", "outputs": [ "skew_report", "upgrade_order", "rollback_window" ], "approval_gate": "maintenance_window_required", "telegram_policy": "action_required" }, { "capability_id": "host_patch_advisory", "display_name": "主機 patch advisory / Ansible check-mode 計畫", "primary_owner": "openclaw", "risk_tier": "high", "automation_level": "L2_approval_package_only", "outputs": [ "host_patch_plan", "affected_service_map", "reboot_risk" ], "approval_gate": "host_update_approval_required", "telegram_policy": "action_required" }, { "capability_id": "config_drift_owner_packet", "display_name": "高價值配置 drift 與 owner packet", "primary_owner": "hermes", "risk_tier": "medium", "automation_level": "L2_approval_package_only", "outputs": [ "drift_report", "owner_packet", "rollback_refs" ], "approval_gate": "owner_response_required", "telegram_policy": "action_required" }, { "capability_id": "service_health_staleness", "display_name": "服務健康缺口與過期端點", "primary_owner": "openclaw", "risk_tier": "medium", "automation_level": "L1_report_only", "outputs": [ "stale_endpoint_report", "health_gap_list" ], "approval_gate": "restart_or_endpoint_change_requires_approval", "telegram_policy": "failure_only" }, { "capability_id": "observability_noise_review", "display_name": "告警噪音、路由與 silence 建議", "primary_owner": "hermes", "risk_tier": "medium", "automation_level": "L2_approval_package_only", "outputs": [ "noise_report", "rule_change_proposal" ], "approval_gate": "alert_rule_write_approval_required", "telegram_policy": "action_required_only" }, { "capability_id": "telegram_delivery_audit", "display_name": "Telegram 告警送達與 fallback 稽核", "primary_owner": "openclaw", "risk_tier": "high", "automation_level": "L1_report_only", "outputs": [ "delivery_report", "silent_route_alert", "fallback_gap" ], "approval_gate": "telegram_send_or_route_change_requires_approval", "telegram_policy": "failure_or_action_required" }, { "capability_id": "backup_dr_readiness", "display_name": "備份 / DR / restore readiness", "primary_owner": "openclaw", "risk_tier": "high", "automation_level": "L2_approval_package_only", "outputs": [ "readiness_matrix", "restore_drill_package", "offsite_gap" ], "approval_gate": "restore_or_prune_approval_required", "telegram_policy": "failure_or_action_required" }, { "capability_id": "cost_and_capacity_review", "display_name": "成本、容量與資源優化建議", "primary_owner": "openclaw", "risk_tier": "medium", "automation_level": "L2_approval_package_only", "outputs": [ "capacity_forecast", "cost_delta", "resource_limit_proposal" ], "approval_gate": "cost_or_runtime_change_approval_required", "telegram_policy": "action_required_only" }, { "capability_id": "ai_provider_route_review", "display_name": "AI provider / model route / fallback 成本與品質檢查", "primary_owner": "openclaw", "risk_tier": "high", "automation_level": "L2_approval_package_only", "outputs": [ "provider_scorecard", "fallback_gap", "cost_boundary_report" ], "approval_gate": "cost_data_and_route_approval_required", "telegram_policy": "action_required" }, { "capability_id": "nemotron_replay_and_model_eval", "display_name": "NemoTron replay / model eval / prompt eval", "primary_owner": "nemotron", "risk_tier": "medium", "automation_level": "L2_approval_package_only", "outputs": [ "sanitized_replay_score", "schema_pass_rate", "tool_call_quality" ], "approval_gate": "cost_data_and_sanitized_fixture_approval_required", "telegram_policy": "action_required_only" }, { "capability_id": "rag_km_freshness", "display_name": "RAG / KM stale cleanup 與知識壓縮草案", "primary_owner": "hermes", "risk_tier": "medium", "automation_level": "L2_approval_package_only", "outputs": [ "stale_km_report", "merge_draft", "owner_review_queue" ], "approval_gate": "owner_review_required", "telegram_policy": "digest_only" }, { "capability_id": "ui_smoke_and_accessibility", "display_name": "前後台 UI smoke / mobile / overflow / a11y", "primary_owner": "hermes", "risk_tier": "low", "automation_level": "L1_report_only", "outputs": [ "browser_smoke_report", "overflow_report", "route_health" ], "approval_gate": "code_change_required_for_fix", "telegram_policy": "failure_only" }, { "capability_id": "data_quality_and_schema_drift", "display_name": "資料品質、schema drift、RLS / tenant context 稽核", "primary_owner": "openclaw", "risk_tier": "high", "automation_level": "L2_approval_package_only", "outputs": [ "schema_drift_report", "rls_context_gap", "migration_plan" ], "approval_gate": "db_migration_approval_required", "telegram_policy": "action_required" }, { "capability_id": "incident_postmortem_and_learning", "display_name": "Incident postmortem、學習回寫與週報", "primary_owner": "hermes", "risk_tier": "medium", "automation_level": "L1_report_only", "outputs": [ "postmortem_draft", "learning_delta", "weekly_digest" ], "approval_gate": "km_write_owner_review_required", "telegram_policy": "digest_only" }, { "capability_id": "secret_rotation_metadata", "display_name": "Secret rotation metadata 與到期提醒", "primary_owner": "openclaw", "risk_tier": "high", "automation_level": "L1_report_only", "outputs": [ "secret_name_inventory", "rotation_due_report", "owner_packet" ], "approval_gate": "secret_value_handling_forbidden", "telegram_policy": "action_required_only" }, { "capability_id": "compliance_and_evidence_pack", "display_name": "合規、稽核證據包、owner response 完整度", "primary_owner": "hermes", "risk_tier": "medium", "automation_level": "L1_report_only", "outputs": [ "evidence_pack", "missing_owner_response", "audit_gap" ], "approval_gate": "read_only_allowed", "telegram_policy": "digest_only" }, { "capability_id": "market_watch_and_candidate_intake", "display_name": "市場主流 AI Agent / 工具候選追蹤", "primary_owner": "hermes", "risk_tier": "medium", "automation_level": "L2_approval_package_only", "outputs": [ "market_watch_report", "candidate_queue", "integration_review" ], "approval_gate": "market_scorecard_and_replay_gate_required", "telegram_policy": "action_required_only" }, { "capability_id": "release_train_digest", "display_name": "Release train 風險整理與分批升級建議", "primary_owner": "openclaw", "risk_tier": "medium", "automation_level": "L2_approval_package_only", "outputs": [ "release_train_plan", "batching_policy", "blast_radius_map" ], "approval_gate": "operator_release_window_required", "telegram_policy": "action_required" } ], "cadence_matrix": [ { "cadence_id": "hourly_failure_signals", "frequency": "hourly", "scope": "只看既有 monitoring / Telegram / workflow failure signal,不查外部 registry。", "allowed_now": true, "next_gate": "已存在監控資料;不發成功訊息" }, { "cadence_id": "daily_repo_only", "frequency": "daily", "scope": "manifest / lockfile / Dockerfile / K8s YAML / runbook / snapshot freshness repo-only 巡檢。", "allowed_now": true, "next_gate": "排程 workflow 仍需獨立批准" }, { "cadence_id": "weekly_external_primary_sources", "frequency": "weekly", "scope": "PyPI / npm / GitHub release / Docker registry / Kubernetes / tool official docs primary source version watch。", "allowed_now": false, "next_gate": "external_source_and_workflow_approval_required" }, { "cadence_id": "monthly_upgrade_planning", "frequency": "monthly", "scope": "host OS、K3s、stateful services、observability stack、backup tooling 升級批次規劃。", "allowed_now": false, "next_gate": "maintenance_window_and_owner_approval_required" }, { "cadence_id": "triggered_critical_security", "frequency": "triggered", "scope": "critical CVE、EOL notice、重大版本、watch source failure、Telegram silence、production incompatibility。", "allowed_now": false, "next_gate": "critical_alert_route_and_human_gate_required" } ], "mcp_tool_requirements": [ { "tool_id": "gitea_release_pr_mcp", "display_name": "Gitea / PR / workflow MCP", "purpose": "查 commit、workflow、PR、runner、release train;未批准不得寫 workflow、建 PR 或 merge。", "owner_agent": "hermes", "status": "planned_read_only_first", "approval_gate": "write_requires_human_gate" }, { "tool_id": "package_registry_mcp", "display_name": "PyPI / npm / GitHub release / Docker registry MCP", "purpose": "查官方版本與 changelog;重大版本進 approval package。", "owner_agent": "hermes", "status": "planned_external_source", "approval_gate": "external_source_approval_required" }, { "tool_id": "sbom_sca_mcp", "display_name": "SBOM / SCA MCP", "purpose": "連接 Syft / Grype / OSV / Trivy 類工具;只產報告與批准包。", "owner_agent": "openclaw", "status": "tool_candidate", "approval_gate": "tool_install_or_ci_change_approval_required" }, { "tool_id": "k8s_version_mcp", "display_name": "K8s / K3s version MCP", "purpose": "只讀檢查 kubectl / kubelet / apiserver / CNI version skew 與升級順序。", "owner_agent": "openclaw", "status": "planned_read_only", "approval_gate": "cluster_write_blocked" }, { "tool_id": "host_os_readonly_mcp", "display_name": "Host OS read-only MCP", "purpose": "讀 OS / kernel / package version metadata;不 apt upgrade、不 reboot、不 restart。", "owner_agent": "openclaw", "status": "planned_read_only", "approval_gate": "ssh_or_host_probe_approval_required" }, { "tool_id": "observability_context_mcp", "display_name": "Prometheus / Alertmanager / SigNoz / Sentry MCP", "purpose": "把版本變更與 metrics / trace / issue regression 串起來。", "owner_agent": "hermes", "status": "partially_existing", "approval_gate": "route_receiver_write_blocked" }, { "tool_id": "backup_dr_mcp", "display_name": "Backup / DR readiness MCP", "purpose": "升級前檢查備份新鮮度、restore readiness、rollback evidence。", "owner_agent": "openclaw", "status": "snapshot_existing", "approval_gate": "restore_execution_blocked" }, { "tool_id": "telegram_gateway_mcp", "display_name": "Telegram Gateway MCP", "purpose": "只送 action-required、failure-only、critical security;禁止 direct send 與成功洗版。", "owner_agent": "openclaw", "status": "policy_existing", "approval_gate": "telegram_direct_send_blocked" } ], "rag_memory_contract": [ { "memory_id": "version_history", "display_name": "Version History Memory", "storage": "PostgreSQL + pgvector + committed snapshots", "owner_agent": "hermes", "purpose": "保存每個 Agent、套件、工具、服務、主機的版本歷史、source ref、freshness 與升級結果。", "redaction_policy": "不得保存 secret、token、private key、registry credential、未脫敏內部內容。" }, { "memory_id": "compatibility_matrix", "display_name": "Compatibility Matrix Memory", "storage": "knowledge_entries + runbooks + docs/evaluations", "owner_agent": "openclaw", "purpose": "保存 K8s skew、service compatibility、DB migration、provider fallback 與 rollback constraints。", "redaction_policy": "只保存版本、風險、證據 ref,不保存 secret payload。" }, { "memory_id": "upgrade_outcomes", "display_name": "Upgrade Outcomes Memory", "storage": "timeline_events + audit_logs + LOGBOOK", "owner_agent": "openclaw", "purpose": "把每次升級成功、失敗、回滾、延遲、Telegram outcome 回寫,讓下次分批更聰明。", "redaction_policy": "只保存 decision envelope、evidence refs、redacted summary。" }, { "memory_id": "delegation_playbooks", "display_name": "Delegation Playbooks Memory", "storage": "playbooks + KM + docs/runbooks", "owner_agent": "hermes", "purpose": "把可委派工作轉成標準化 playbook、owner packet 與 approval package 模板。", "redaction_policy": "owner response 只保存 redacted evidence refs。" } ], "rollout_tasks": [ { "task_id": "P2-402A", "priority": "P2", "status": "done", "completion_percent": 100, "owner_agent": "Hermes + OpenClaw + NemoTron", "summary": "定義 AI Agent 主動營運委派與版本生命週期契約、schema、snapshot、只讀 API 與文件同步。", "next_gate": "正式部署驗證" }, { "task_id": "P2-402B", "priority": "P2", "status": "done", "completion_percent": 100, "owner_agent": "Hermes", "summary": "建立 repo-only daily version freshness snapshot schema、committed snapshot、只讀 API 與測試;不查外部 registry、不改 workflow。", "next_gate": "P2-402C_completed" }, { "task_id": "P2-402C", "priority": "P2", "status": "done", "completion_percent": 100, "owner_agent": "OpenClaw", "summary": "建立 Renovate / OSV-Scanner / Trivy / Syft / Grype 工具採用批准包、官方來源 evidence、採用 lane、批准欄位、schema、snapshot、只讀 API 與測試。", "next_gate": "P2-402D_completed" }, { "task_id": "P2-402D", "priority": "P2", "status": "done", "completion_percent": 100, "owner_agent": "OpenClaw", "summary": "建立 Telegram action-required digest policy、schema、snapshot、只讀 API 與測試;定義 critical / action-required / failure-only digest 草案、成功降噪、redaction 與 fallback gap 邊界。", "next_gate": "P2-402E_completed" }, { "task_id": "P2-402E", "priority": "P2", "status": "done", "completion_percent": 100, "owner_agent": "Hermes", "summary": "建立 Gitea PR 草案 lane、schema、snapshot、只讀 API 與測試;定義 grouping、automerge=false、測試證據、rollback、owner response 與 redaction policy。", "next_gate": "P2-402F_completed" }, { "task_id": "P2-402F", "priority": "P2", "status": "done", "completion_percent": 100, "owner_agent": "OpenClaw", "summary": "建立 host OS / K3s / stateful services 版本只讀盤點、maintenance window 批准包、schema、snapshot、只讀 API 與測試;所有 SSH / kubectl / upgrade / drain / reboot / restart gate 維持 false。", "next_gate": "P2-402G_completed" }, { "task_id": "P2-402G", "priority": "P2", "status": "done", "completion_percent": 100, "owner_agent": "Hermes", "summary": "把可委派能力、版本生命週期、Host / K3s / stateful 只讀盤點、maintenance window 批准包與 Telegram / redaction gate 接入 governance UI;不顯示敏感端點或工作對話內容。", "next_gate": "P2-403A_completed" }, { "task_id": "P2-403A", "priority": "P2", "status": "done", "completion_percent": 100, "owner_agent": "Hermes + OpenClaw", "summary": "建立 Agent 互動、接手、學習、成長與 Telegram receipt 證據面;治理頁顯示目前真相、證據階梯、Agent lanes、可觀測訊號、runtime gates 與 redaction policy。", "next_gate": "P2-403B_completed" }, { "task_id": "P2-403B", "priority": "P2", "status": "done", "completion_percent": 100, "owner_agent": "OpenClaw + Hermes", "summary": "建立 AgentSession / Redis Streams live read model gate;定義既有表安全欄位、Redis envelope、worker gate、rollback plan、no-write smoke 與 governance UI 顯示。", "next_gate": "P2-403C_completed" }, { "task_id": "P2-403C", "priority": "P2", "status": "done", "completion_percent": 100, "owner_agent": "Hermes + OpenClaw + Nemotron", "summary": "建立 Redis Streams consumer group dry-run、handoff envelope、ack / dead-letter / replay idempotency gate、只讀 API 與 governance UI 顯示;不連 Redis、不建立 consumer group、不 XADD、不 ACK、不 replay、不發 Telegram。", "next_gate": "P2-403D_learning_writeback_approval_package" }, { "task_id": "P2-403D", "priority": "P2", "status": "done", "completion_percent": 100, "owner_agent": "Hermes + OpenClaw + Nemotron", "summary": "建立 learning writeback approval package;固定 KM、PlayBook trust、timeline learning 與 replay score 回寫前的 owner review、redaction、rollback 與 blocked write actions。", "next_gate": "P2-403E_telegram_receipt_approval_package" }, { "task_id": "P2-403E", "sequence": 8, "display_name": "Telegram receipt approval package", "status": "done", "owner_agent": "openclaw", "completion_percent": 100, "runtime_authority": "approval_package_only_no_telegram_send", "blocked_runtime_actions": [ "telegram_gateway_queue_write", "telegram_direct_bot_api_call", "telegram_delivery_receipt_write", "telegram_retry_worker_start" ] }, { "task_id": "P2-403F", "sequence": 9, "display_name": "Owner-approved learning dry-run preview", "status": "done", "owner_agent": "hermes", "completion_percent": 100, "runtime_authority": "owner_approved_dry_run_only_no_learning_write", "blocked_runtime_actions": [ "canonical_learning_write", "playbook_trust_update", "timeline_learning_write", "telegram_send_or_receipt_write" ] }, { "task_id": "P2-403G", "sequence": 10, "display_name": "Runtime write gate review", "status": "done", "owner_agent": "openclaw", "completion_percent": 100, "runtime_authority": "write_gate_review_only_no_runtime_write", "blocked_runtime_actions": [ "runtime_learning_write", "knowledge_entries_canonical_write", "playbook_trust_history_write", "incident_timeline_learning_write", "agent_replay_score_write", "telegram_send_or_receipt_write" ] }, { "task_id": "P2-403H", "sequence": 11, "display_name": "Post-write verifier package", "status": "done", "owner_agent": "openclaw", "completion_percent": 100, "runtime_authority": "post_write_verifier_package_only_no_runtime_write", "blocked_runtime_actions": [ "canonical_readback_query", "rollback_work_item_write", "telegram_send_or_receipt_write", "knowledge_entries_readback_and_write", "playbook_trust_history_write", "incident_timeline_learning_write", "agent_replay_score_write" ] }, { "task_id": "P2-403I", "sequence": 12, "display_name": "Runtime verifier evidence implementation review", "status": "done", "owner_agent": "openclaw", "completion_percent": 100, "runtime_authority": "runtime_verifier_evidence_review_only_no_live_execution", "blocked_runtime_actions": [ "runtime_verifier_implementation", "post_write_verifier_runtime_execution", "canonical_readback_query_execution", "rollback_work_item_write", "telegram_send_or_receipt_write", "runtime_learning_write", "agent_replay_score_write" ] }, { "task_id": "P2-403J", "sequence": 13, "display_name": "Report truth, periodic reporting, and risk automation review", "status": "done", "owner_agent": "hermes", "completion_percent": 100, "runtime_authority": "reporting_and_actionability_policy_review_only_no_live_execution", "blocked_runtime_actions": [ "telegram_weekly_report_send_as_normal", "telegram_route_change", "direct_telegram_send_to_legacy_chat", "report_truth_runtime_write", "work_item_write", "heartbeat_to_auto_repair", "scheduled_report_delivery", "telegram_gateway_queue_write", "ai_analysis_runtime_after_report", "low_risk_auto_action_worker", "medium_risk_auto_action_worker", "high_risk_auto_execute", "production_optimization_write" ] } ], "approval_boundaries": { "runtime_version_update_allowed": false, "package_upgrade_allowed": false, "host_upgrade_allowed": false, "container_pull_allowed": false, "workflow_schedule_enabled": false, "auto_merge_allowed": false, "telegram_direct_send_allowed": false, "secret_plaintext_allowed": false, "paid_external_service_allowed": false, "production_route_change_allowed": false }, "rollups": { "version_domain_count": 12, "delegable_capability_count": 24, "cadence_count": 5, "mcp_tool_count": 8, "rag_memory_count": 4, "rollout_task_count": 17, "auto_execute_allowed_count": 0, "approval_required_capability_count": 23, "blocked_update_domain_ids": [ "ai_agents_models", "python_packages", "javascript_packages", "container_images", "kubernetes_k3s_components", "host_os_packages", "observability_stack", "stateful_services", "backup_dr_tooling", "ci_cd_and_runner_tools", "mcp_tools_integrations", "public_web_admin_surfaces" ], "telegram_action_required_capability_ids": [ "ai_provider_route_review", "backup_dr_readiness", "config_drift_owner_packet", "cost_and_capacity_review", "data_quality_and_schema_drift", "host_patch_advisory", "kubernetes_version_skew_review", "license_policy_review", "market_watch_and_candidate_intake", "nemotron_replay_and_model_eval", "observability_noise_review", "release_train_digest", "renovate_pr_proposal", "secret_rotation_metadata", "upgrade_approval_package", "version_discovery_freshness", "vulnerability_triage", "telegram_delivery_audit" ] } }