{ "$schema": "https://json-schema.org/draft/2020-12/schema", "name": "OpenClaw Capabilities", "version": "5.6.0", "description": "OpenClaw AI Agent 允許調用的工具與操作權限定義", "updated_at": "2026-04-10", "kubernetes": { "allowed_operations": [ { "name": "RESTART_DEPLOYMENT", "command": "kubectl rollout restart deployment/{name} -n {namespace}", "risk_level": "medium", "requires_approval": true, "description": "重啟 Deployment,觸發 Rolling Update" }, { "name": "DELETE_POD", "command": "kubectl delete pod {name} -n {namespace}", "risk_level": "medium", "requires_approval": true, "description": "刪除 Pod,由 ReplicaSet 自動重建" }, { "name": "DELETE_PODS_BY_LABEL", "command": "kubectl delete pods -l {selector} -n {namespace}", "risk_level": "medium", "requires_approval": true, "description": "依 Label 批量刪除 Pod" }, { "name": "SCALE_DEPLOYMENT", "command": "kubectl scale deployment/{name} --replicas={count} -n {namespace}", "risk_level": "low", "requires_approval": false, "description": "水平擴展 Deployment 副本數" }, { "name": "GET_LOGS", "command": "kubectl logs {pod} -n {namespace} --tail={lines}", "risk_level": "low", "requires_approval": false, "description": "查看 Pod 日誌" }, { "name": "GET_STATUS", "command": "kubectl get pods/deployments/services -n {namespace}", "risk_level": "low", "requires_approval": false, "description": "查看資源狀態列表" }, { "name": "DESCRIBE_RESOURCE", "command": "kubectl describe {resource_type} {name} -n {namespace}", "risk_level": "low", "requires_approval": false, "description": "查看資源詳細狀態" } ], "forbidden_operations": [ { "pattern": "kubectl delete namespace *", "reason": "影響範圍過大,可能導致整個命名空間被刪除" }, { "pattern": "kubectl delete pvc *", "reason": "可能導致持久化資料遺失" }, { "pattern": "kubectl apply -f *", "reason": "未審核的 YAML 可能引入惡意配置" }, { "pattern": "* --force", "reason": "強制操作繞過安全檢查" }, { "pattern": "kubectl exec *", "reason": "直接進入容器可能造成安全風險" } ], "namespaces": { "allowed": ["awoooi-prod", "default", "kube-system"], "forbidden": ["kube-public", "cert-manager"] }, "api_server": { "in_cluster_override": "K8S_API_SERVER_URL", "fallback_url": "https://192.168.0.120:6443", "reason": "ADR-059: ClusterIP 10.43.0.1 不可達時使用節點 IP" } }, "notifications": { "channels": [ { "name": "telegram", "enabled": true, "config_key": "OPENCLAW_TG_BOT_TOKEN", "features": ["alerts", "approvals", "status_updates"], "format": { "max_total_chars": 500, "show_model_name": true, "show_backend": true, "dedup_ttl_seconds": 600 } }, { "name": "sse", "enabled": true, "endpoint": "/api/v1/stream", "features": ["real_time_updates", "approvals"] } ] }, "ai_providers": { "fallback_order": ["ollama_tool", "openclaw_nemo", "gemini", "nvidia"], "router_toggle": "USE_AI_ROUTER", "providers": [ { "name": "ollama_tool", "endpoint": "http://192.168.0.188:11434", "model": "llama3.1:8b", "cost_per_1k_tokens": 0, "timeout_seconds": 30, "description": "OllamaToolProvider — 本地 tool calling,最優先" }, { "name": "openclaw_nemo", "endpoint": "http://192.168.0.188:11434", "model": "nemotron-mini", "cost_per_1k_tokens": 0, "timeout_seconds": 60, "description": "Nemotron via Ollama — 本地 RCA 分析" }, { "name": "gemini", "endpoint": "https://generativelanguage.googleapis.com/v1beta", "model": "gemini-1.5-flash", "cost_per_1k_tokens": 0.001, "timeout_seconds": 30, "description": "Gemini Flash — 雲端備援" }, { "name": "nvidia", "endpoint": "https://integrate.api.nvidia.com/v1", "model": "nvidia/llama-3.1-nemotron-ultra-253b-v1", "cost_per_1k_tokens": 0.002, "timeout_seconds": 30, "description": "NVIDIA NIM — 最後備援" } ] }, "guardrail": { "block_layer": { "enabled": true, "description": "Sprint 5.1 — Stateful 服務永久封鎖,優先於所有審核流程", "blocked_services": ["postgres", "redis", "velero", "etcd"], "blocked_patterns": ["DROP", "DELETE FROM", "TRUNCATE", "pvc", "backup"], "heartbeat_exclusions": ["NoAlertsReceived", "Watchdog", "DeadManSwitch"], "on_block": "log_to_alert_operation_log + notify_telegram + abort" }, "risk_levels": { "LOW": { "action": "auto_execute", "signatures": 0 }, "STANDARD_HITL": { "action": "single_approval", "signatures": 1 }, "CRITICAL_HITL": { "action": "multi_sig", "signatures": 2 }, "BLOCK": { "action": "permanent_block", "signatures": null } } }, "adr067_ollama_applications": { "description": "ADR-067 五大 Ollama 本地 AI 應用 (Phase 30-34),全部使用 Ollama 111:11434", "ollama_endpoint": "http://192.168.0.111:11434", "applications": [ { "phase": 30, "name": "drift_summary", "model": "qwen2.5:7b-instruct", "timeout_seconds": 90, "trigger": "Config Drift 偵測後自動觸發", "output": "中文摘要 Telegram 通知", "status": "active" }, { "phase": 31, "name": "log_anomaly_summary", "model": "deepseek-r1:14b", "timeout_seconds": 120, "trigger": "Alertmanager 告警到達後觸發 NemoTron log 摘要", "output": "異常 log 中文摘要 Telegram 通知", "status": "active" }, { "phase": 32, "name": "pr_code_review", "model": "qwen2.5-coder:7b", "timeout_seconds": 120, "trigger": "Gitea PR webhook", "output": "PR 審查意見 + 風險評估", "status": "active" }, { "phase": 33, "name": "rag_knowledge_base", "embed_model": "nomic-embed-text", "embed_dimensions": 768, "gen_model": "qwen2.5:7b-instruct", "timeout_seconds": 30, "storage": "pgvector rag_chunks table (ivfflat cosine_ops lists=100)", "chunks_count": 5814, "sources": ["docs/runbooks", "docs/adr", "docs", ".agents/skills"], "api_endpoints": { "index": "POST /api/v1/rag/index", "query": "POST /api/v1/rag/query", "stats": "GET /api/v1/rag/stats", "optimize": "POST /api/v1/rag/optimize" }, "telegram_command": "/rag <問題>", "status": "active" }, { "phase": 34, "name": "image_analysis", "model": "llava:latest", "timeout_seconds": 60, "trigger": "Telegram 圖片上傳 或 API 呼叫", "output": "圖片內容中文描述", "status": "active" } ] }, "phase25_capabilities": { "config_drift_detection": { "enabled": true, "schedule": "0 * * * *", "description": "每小時比對 Git YAML vs K8s 實際狀態" }, "auto_harvesting": { "enabled": true, "dedup_key": "symptoms_hash", "description": "Anti-Pattern 閉環攔截,symptoms_hash 去重" }, "sensor_agent": { "enabled": true, "stream_key": "awoooi:signals", "redis_db": 10, "dedup_ttl_seconds": 600, "collectors": ["node_metrics", "journal_errors", "service_probes"], "hosts": { "188": { "role": "AI/Web 中心", "services": ["PostgreSQL", "Redis", "Ollama", "Nginx", "SigNoz"] }, "110": { "role": "基礎設施金庫", "services": ["Harbor", "Gitea", "GH-Runner"] } }, "thresholds": { "cpu_pct_high": 85.0, "mem_pct_high": 90.0, "disk_pct_high": 85.0, "load_factor": 2.0, "journal_err_min": 10 } } }, "security": { "telegram_whitelist": { "description": "允許透過 Telegram 簽核的 user_id 清單", "users": [] }, "webhook_hmac": { "algorithm": "sha256", "header": "X-Signature-256" }, "nonce_ttl_seconds": 300, "trust_engine": { "risk_levels": { "LOW": "auto_execute", "MEDIUM": "single_approval", "CRITICAL": "multi_sig_2" } } }, "limits": { "max_concurrent_approvals": 10, "max_daily_operations": 100, "token_budget": { "gemini_daily": 70000, "nvidia_daily": 35000, "monthly_cost_limit_usd": 10 } } }