{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "name": "OpenClaw Capabilities",
  "version": "5.0.0",
  "description": "OpenClaw AI Agent 允許調用的工具與操作權限定義",
  "updated_at": "2026-03-21",

  "kubernetes": {
    "allowed_operations": [
      {
        "name": "RESTART_DEPLOYMENT",
        "command": "kubectl rollout restart deployment/{name} -n {namespace}",
        "risk_level": "medium",
        "requires_approval": true,
        "description": "重啟 Deployment，觸發 Rolling Update"
      },
      {
        "name": "DELETE_POD",
        "command": "kubectl delete pod {name} -n {namespace}",
        "risk_level": "medium",
        "requires_approval": true,
        "description": "刪除 Pod，由 ReplicaSet 自動重建"
      },
      {
        "name": "SCALE_DEPLOYMENT",
        "command": "kubectl scale deployment/{name} --replicas={count} -n {namespace}",
        "risk_level": "low",
        "requires_approval": false,
        "description": "水平擴展 Deployment 副本數"
      },
      {
        "name": "GET_LOGS",
        "command": "kubectl logs {pod} -n {namespace} --tail={lines}",
        "risk_level": "low",
        "requires_approval": false,
        "description": "查看 Pod 日誌"
      },
      {
        "name": "DESCRIBE_RESOURCE",
        "command": "kubectl describe {resource_type} {name} -n {namespace}",
        "risk_level": "low",
        "requires_approval": false,
        "description": "查看資源詳細狀態"
      }
    ],
    "forbidden_operations": [
      {
        "pattern": "kubectl delete namespace *",
        "reason": "影響範圍過大，可能導致整個命名空間被刪除"
      },
      {
        "pattern": "kubectl delete pvc *",
        "reason": "可能導致持久化資料遺失"
      },
      {
        "pattern": "kubectl apply -f *",
        "reason": "未審核的 YAML 可能引入惡意配置"
      },
      {
        "pattern": "* --force",
        "reason": "強制操作繞過安全檢查"
      },
      {
        "pattern": "kubectl exec *",
        "reason": "直接進入容器可能造成安全風險"
      }
    ],
    "namespaces": {
      "allowed": ["awoooi-prod", "default", "kube-system"],
      "forbidden": ["kube-public", "cert-manager"]
    }
  },

  "notifications": {
    "channels": [
      {
        "name": "telegram",
        "enabled": true,
        "config_key": "OPENCLAW_TG_BOT_TOKEN",
        "features": ["alerts", "approvals", "status_updates"]
      },
      {
        "name": "discord",
        "enabled": true,
        "config_key": "DISCORD_WEBHOOK_URL",
        "features": ["execution_reports"]
      },
      {
        "name": "sse",
        "enabled": true,
        "endpoint": "/api/v1/stream",
        "features": ["real_time_updates", "approvals"]
      }
    ]
  },

  "ai_providers": {
    "fallback_order": ["ollama", "gemini", "claude"],
    "providers": [
      {
        "name": "ollama",
        "endpoint": "http://192.168.0.188:11434",
        "model": "llama3.2:3b",
        "cost_per_1k_tokens": 0,
        "timeout_seconds": 90
      },
      {
        "name": "gemini",
        "endpoint": "https://generativelanguage.googleapis.com/v1beta",
        "model": "gemini-1.5-flash",
        "cost_per_1k_tokens": 0.001,
        "timeout_seconds": 30
      },
      {
        "name": "claude",
        "endpoint": "https://api.anthropic.com/v1",
        "model": "claude-3-haiku-20240307",
        "cost_per_1k_tokens": 0.008,
        "timeout_seconds": 30
      }
    ]
  },

  "security": {
    "telegram_whitelist": {
      "description": "允許透過 Telegram 簽核的 user_id 清單",
      "users": []
    },
    "webhook_hmac": {
      "algorithm": "sha256",
      "header": "X-Signature-256"
    },
    "nonce_ttl_seconds": 300
  },

  "limits": {
    "max_concurrent_approvals": 10,
    "max_daily_operations": 100,
    "token_budget": {
      "gemini_daily": 70000,
      "claude_daily": 35000,
      "monthly_cost_limit_usd": 10
    }
  }
}