wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 4 Packages Projects Releases Wiki Activity
Files
main
awoooi/docs/evaluations/ai_agent_proactive_operations_contract_2026-06-11.json
Your Name f2b7e8d66e
Some checks failed
Code Review / ai-code-review (push) Successful in 13s
Details
CD Pipeline / tests (push) Successful in 1m39s
Details
Ansible / Reboot Recovery Contract / validate (push) Has been cancelled
Details
CD Pipeline / post-deploy-checks (push) Has been cancelled
Details
CD Pipeline / build-and-deploy (push) Has been cancelled
Details
fix(web): 收斂治理頁繁中文案
2026-06-19 02:59:46 +08:00

1024 lines
37 KiB
JSON
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"schema_version": "ai_agent_proactive_operations_contract_v1",
"generated_at": "2026-06-11T23:20:00+08:00",
"program_status": {
"overall_completion_percent": 100,
"current_priority": "P2",
"current_task_id": "P2-403J",
"next_task_id": "P2-403K",
"read_only_mode": true,
"runtime_authority": "contract_only_no_version_or_runtime_update",
"status_note": "P2-403J 已把報表真相、告警可處置性、日報、週報、月報、Agent 工作量、圖表化報告、AI 分析建議與高/中/低風險自動化政策接入治理證據;全 0 週報視為低可信可處置異常Telegram 正式告警必須收斂到 AwoooI SRE 戰情室。live report delivery、Telegram receipt、runtime worker、中低風險自動執行、verifier execution 與 route change 目前全為 0。"
},
"external_source_evidence": [
{
"id": "renovate_gitea_docs",
"name": "Renovate Gitea platform docs",
"url": "https://docs.renovatebot.com/modules/platform/gitea/",
"decision_use": "列為 Gitea 版本更新 PR 自動化候選;本波不啟用 bot、不建立 workflow。"
},
{
"id": "osv_scanner_docs",
"name": "OSV-Scanner usage docs",
"url": "https://google.github.io/osv-scanner/usage/",
"decision_use": "列為依賴漏洞掃描候選;本波只做契約,不執行外部 vulnerability query。"
},
{
"id": "trivy_docs",
"name": "Trivy docs",
"url": "https://trivy.dev/",
"decision_use": "列為 repository / filesystem / container / Kubernetes 掃描候選;本波不安裝、不掃描 live cluster。"
},
{
"id": "syft_docs",
"name": "Anchore Syft",
"url": "https://github.com/anchore/syft",
"decision_use": "列為 SBOM 產生候選;本波不安裝、不產生 live SBOM。"
},
{
"id": "grype_docs",
"name": "Anchore Grype",
"url": "https://github.com/anchore/grype",
"decision_use": "列為 SBOM / filesystem / container vulnerability scanner 候選;本波不安裝。"
},
{
"id": "kubernetes_version_skew_policy",
"name": "Kubernetes Version Skew Policy",
"url": "https://kubernetes.io/releases/version-skew-policy/",
"decision_use": "K3s / Kubernetes / kubectl / kubelet 版本更新必須先檢查 skew policy。"
},
{
"id": "docker_scout_docs",
"name": "Docker Scout docs",
"url": "https://docs.docker.com/scout/",
"decision_use": "列為 container image SBOM / vulnerability platform 候選;若使用 managed service 需費用與 secret gate。"
}
],
"delegation_model": {
"autonomy_levels": [
{
"level": "L0_observe_only",
"meaning": "Agent 可主動盤點、比對版本、產生風險摘要,不修改 repo、主機或服務。"
},
{
"level": "L1_report_only",
"meaning": "Agent 可產生定期報告、KM 記錄、LOGBOOK 草稿與 Telegram action-required 摘要草稿。"
},
{
"level": "L2_approval_package_only",
"meaning": "Agent 可產生升級批准包、rollback plan、smoke plan、owner packet不得自行套用。"
},
{
"level": "L3_draft_change_after_gate",
"meaning": "通過明確 gate 後Agent 可建立 branch / PR 草案或 Renovate 類更新 PR不得 auto merge。"
},
{
"level": "L4_execute_after_human_approval",
"meaning": "只有低風險、可回滾、已驗證 dry-run 的操作可在人工批准後執行。"
},
{
"level": "L5_blocked",
"meaning": "主機升級、K3s 版本升級、production route、secret rotation value、付費服務啟用等仍阻擋。"
}
],
"agent_responsibilities": [
{
"agent_id": "hermes",
"responsibility": "版本發現、changelog 摘要、SBOM / CVE / license / drift 證據、KM / runbook 更新草稿。"
},
{
"agent_id": "openclaw",
"responsibility": "風險分級、相依性衝突、rollback / dry-run gate、Telegram action-required 與 HITL 仲裁。"
},
{
"agent_id": "nemotron",
"responsibility": "AI Agent / 模型 / prompt / tool-call 變更的 sanitized replay、schema 合約與離線評分。"
}
],
"telegram_policy": {
"allowed_now": "只產 action-required 摘要資料;不得直接送 Bot。",
"failure_only": "版本 watch source 連續失敗、critical CVE、EOL approaching、production incompatibility risk 才可進 Telegram Gateway queue。",
"success_spam": "禁止成功巡檢洗版。"
}
},
"version_lifecycle_domains": [
{
"domain_id": "ai_agents_models",
"display_name": "AI Agent / 模型 / prompt / SDK",
"primary_owner": "nemotron",
"cadence": "weekly + triggered_on_major_release",
"current_allowed_autonomy": "L2_approval_package_only",
"update_authority": "OpenClaw 仲裁 + replay / shadow / canary gate",
"approval_gate": "market_scorecard_replay_and_cost_data_approval_required",
"tracked_examples": [
"OpenClaw",
"Hermes",
"NemoTron",
"LangGraph",
"OpenAI Agents SDK",
"Claude Agent SDK"
]
},
{
"domain_id": "python_packages",
"display_name": "API Python 套件",
"primary_owner": "hermes",
"cadence": "daily_repo_only + weekly_external",
"current_allowed_autonomy": "L2_approval_package_only",
"update_authority": "dependency upgrade approval package",
"approval_gate": "dependency_approval_required",
"tracked_examples": [
"pyproject.toml",
"requirements.txt"
]
},
{
"domain_id": "javascript_packages",
"display_name": "Web pnpm / npm 套件",
"primary_owner": "hermes",
"cadence": "daily_repo_only + weekly_external",
"current_allowed_autonomy": "L2_approval_package_only",
"update_authority": "dependency upgrade approval package",
"approval_gate": "dependency_approval_required",
"tracked_examples": [
"package.json",
"pnpm-lock.yaml"
]
},
{
"domain_id": "container_images",
"display_name": "Docker base image / runtime image / digest",
"primary_owner": "openclaw",
"cadence": "weekly + triggered_on_critical_cve",
"current_allowed_autonomy": "L2_approval_package_only",
"update_authority": "image digest pin proposal + smoke plan",
"approval_gate": "image_pull_build_push_approval_required",
"tracked_examples": [
"Dockerfile",
"Harbor image tags",
"base image digest"
]
},
{
"domain_id": "kubernetes_k3s_components",
"display_name": "K3s / Kubernetes / kubectl / kubelet",
"primary_owner": "openclaw",
"cadence": "monthly + triggered_on_eol_or_security",
"current_allowed_autonomy": "L2_approval_package_only",
"update_authority": "version skew report + maintenance window approval",
"approval_gate": "k8s_upgrade_maintenance_window_required",
"tracked_examples": [
"kube-apiserver",
"kubelet",
"kubectl",
"CNI",
"Ingress"
]
},
{
"domain_id": "host_os_packages",
"display_name": "主機 OS / kernel / systemd / SSH / Nginx",
"primary_owner": "openclaw",
"cadence": "monthly + triggered_on_critical_cve",
"current_allowed_autonomy": "L2_approval_package_only",
"update_authority": "Ansible check-mode / maintenance plan only",
"approval_gate": "host_update_approval_required",
"tracked_examples": [
"Ubuntu packages",
"kernel",
"Nginx",
"OpenSSH"
]
},
{
"domain_id": "observability_stack",
"display_name": "Prometheus / Alertmanager / Grafana / SigNoz / OTEL / Sentry",
"primary_owner": "hermes",
"cadence": "weekly_freshness + monthly_upgrade_review",
"current_allowed_autonomy": "L2_approval_package_only",
"update_authority": "observability compatibility report",
"approval_gate": "monitoring_route_receiver_write_blocked",
"tracked_examples": [
"Prometheus",
"Alertmanager",
"Grafana",
"SigNoz",
"OpenTelemetry Collector",
"Sentry"
]
},
{
"domain_id": "stateful_services",
"display_name": "PostgreSQL / Redis / MinIO / Harbor / Gitea",
"primary_owner": "openclaw",
"cadence": "monthly + triggered_on_security",
"current_allowed_autonomy": "L2_approval_package_only",
"update_authority": "backup freshness + rollback + compatibility gate",
"approval_gate": "stateful_upgrade_approval_required",
"tracked_examples": [
"PostgreSQL",
"Redis",
"MinIO",
"Harbor",
"Gitea"
]
},
{
"domain_id": "backup_dr_tooling",
"display_name": "Backup / DR / restore 工具",
"primary_owner": "openclaw",
"cadence": "weekly_freshness + monthly_drill_readiness",
"current_allowed_autonomy": "L2_approval_package_only",
"update_authority": "restore drill approval package",
"approval_gate": "restore_or_prune_approval_required",
"tracked_examples": [
"restic",
"Velero",
"backup scripts",
"offsite escrow"
]
},
{
"domain_id": "ci_cd_and_runner_tools",
"display_name": "Gitea Actions / runner / deploy tooling",
"primary_owner": "hermes",
"cadence": "weekly_freshness + triggered_on_runner_failure",
"current_allowed_autonomy": "L2_approval_package_only",
"update_authority": "workflow / runner owner packet",
"approval_gate": "workflow_modification_approval_required",
"tracked_examples": [
"Gitea workflow",
"runner labels",
"deploy scripts"
]
},
{
"domain_id": "mcp_tools_integrations",
"display_name": "MCP tools / A2A / external integrations",
"primary_owner": "hermes",
"cadence": "weekly_contract_review",
"current_allowed_autonomy": "L2_approval_package_only",
"update_authority": "MCP schema compatibility report",
"approval_gate": "new_tool_or_secret_approval_required",
"tracked_examples": [
"K8s MCP",
"Prometheus MCP",
"Sentry MCP",
"Telegram Gateway"
]
},
{
"domain_id": "public_web_admin_surfaces",
"display_name": "網站前後台 / route / UI smoke",
"primary_owner": "hermes",
"cadence": "daily_smoke + triggered_on_release",
"current_allowed_autonomy": "L1_report_only",
"update_authority": "UI smoke report only",
"approval_gate": "code_change_required_for_fix",
"tracked_examples": [
"awoooi.wooo.work",
"AwoooP",
"IwoooS",
"governance tabs"
]
}
],
"delegable_capabilities": [
{
"capability_id": "version_discovery_freshness",
"display_name": "版本發現與新鮮度盤點",
"primary_owner": "hermes",
"risk_tier": "low",
"automation_level": "L1_report_only",
"outputs": [
"version_delta_report",
"freshness_score",
"stale_source_list"
],
"approval_gate": "read_only_allowed",
"telegram_policy": "failure_or_action_required_only"
},
{
"capability_id": "upgrade_approval_package",
"display_name": "升級批准包與 rollback plan",
"primary_owner": "openclaw",
"risk_tier": "medium",
"automation_level": "L2_approval_package_only",
"outputs": [
"risk_matrix",
"rollback_plan",
"smoke_plan",
"owner_packet"
],
"approval_gate": "human_approval_required",
"telegram_policy": "action_required"
},
{
"capability_id": "renovate_pr_proposal",
"display_name": "Renovate / Gitea PR 草案候選",
"primary_owner": "hermes",
"risk_tier": "medium",
"automation_level": "L3_draft_change_after_gate",
"outputs": [
"pr_plan",
"grouping_policy",
"automerge_false_policy"
],
"approval_gate": "workflow_and_bot_approval_required",
"telegram_policy": "action_required"
},
{
"capability_id": "sbom_generation_plan",
"display_name": "SBOM 產生與保存策略",
"primary_owner": "hermes",
"risk_tier": "medium",
"automation_level": "L2_approval_package_only",
"outputs": [
"sbom_plan",
"retention_policy",
"tool_choice_matrix"
],
"approval_gate": "tool_install_or_ci_change_approval_required",
"telegram_policy": "failure_only"
},
{
"capability_id": "vulnerability_triage",
"display_name": "CVE / OSV / container vulnerability triage",
"primary_owner": "openclaw",
"risk_tier": "high",
"automation_level": "L2_approval_package_only",
"outputs": [
"vulnerability_report",
"blast_radius",
"patch_priority"
],
"approval_gate": "external_scan_and_dependency_approval_required",
"telegram_policy": "critical_or_action_required"
},
{
"capability_id": "license_policy_review",
"display_name": "License / copyleft 風險檢查",
"primary_owner": "hermes",
"risk_tier": "medium",
"automation_level": "L1_report_only",
"outputs": [
"license_delta_report",
"owner_review_queue"
],
"approval_gate": "legal_owner_review_required",
"telegram_policy": "action_required_only"
},
{
"capability_id": "kubernetes_version_skew_review",
"display_name": "Kubernetes / K3s version skew 檢查",
"primary_owner": "openclaw",
"risk_tier": "high",
"automation_level": "L2_approval_package_only",
"outputs": [
"skew_report",
"upgrade_order",
"rollback_window"
],
"approval_gate": "maintenance_window_required",
"telegram_policy": "action_required"
},
{
"capability_id": "host_patch_advisory",
"display_name": "主機 patch advisory / Ansible check-mode 計畫",
"primary_owner": "openclaw",
"risk_tier": "high",
"automation_level": "L2_approval_package_only",
"outputs": [
"host_patch_plan",
"affected_service_map",
"reboot_risk"
],
"approval_gate": "host_update_approval_required",
"telegram_policy": "action_required"
},
{
"capability_id": "config_drift_owner_packet",
"display_name": "高價值配置 drift 與 owner packet",
"primary_owner": "hermes",
"risk_tier": "medium",
"automation_level": "L2_approval_package_only",
"outputs": [
"drift_report",
"owner_packet",
"rollback_refs"
],
"approval_gate": "owner_response_required",
"telegram_policy": "action_required"
},
{
"capability_id": "service_health_staleness",
"display_name": "服務健康缺口與過期端點",
"primary_owner": "openclaw",
"risk_tier": "medium",
"automation_level": "L1_report_only",
"outputs": [
"stale_endpoint_report",
"health_gap_list"
],
"approval_gate": "restart_or_endpoint_change_requires_approval",
"telegram_policy": "failure_only"
},
{
"capability_id": "observability_noise_review",
"display_name": "告警噪音、路由與 silence 建議",
"primary_owner": "hermes",
"risk_tier": "medium",
"automation_level": "L2_approval_package_only",
"outputs": [
"noise_report",
"rule_change_proposal"
],
"approval_gate": "alert_rule_write_approval_required",
"telegram_policy": "action_required_only"
},
{
"capability_id": "telegram_delivery_audit",
"display_name": "Telegram 告警送達與 fallback 稽核",
"primary_owner": "openclaw",
"risk_tier": "high",
"automation_level": "L1_report_only",
"outputs": [
"delivery_report",
"silent_route_alert",
"fallback_gap"
],
"approval_gate": "telegram_send_or_route_change_requires_approval",
"telegram_policy": "failure_or_action_required"
},
{
"capability_id": "backup_dr_readiness",
"display_name": "備份 / DR / restore readiness",
"primary_owner": "openclaw",
"risk_tier": "high",
"automation_level": "L2_approval_package_only",
"outputs": [
"readiness_matrix",
"restore_drill_package",
"offsite_gap"
],
"approval_gate": "restore_or_prune_approval_required",
"telegram_policy": "failure_or_action_required"
},
{
"capability_id": "cost_and_capacity_review",
"display_name": "成本、容量與資源優化建議",
"primary_owner": "openclaw",
"risk_tier": "medium",
"automation_level": "L2_approval_package_only",
"outputs": [
"capacity_forecast",
"cost_delta",
"resource_limit_proposal"
],
"approval_gate": "cost_or_runtime_change_approval_required",
"telegram_policy": "action_required_only"
},
{
"capability_id": "ai_provider_route_review",
"display_name": "AI provider / model route / fallback 成本與品質檢查",
"primary_owner": "openclaw",
"risk_tier": "high",
"automation_level": "L2_approval_package_only",
"outputs": [
"provider_scorecard",
"fallback_gap",
"cost_boundary_report"
],
"approval_gate": "cost_data_and_route_approval_required",
"telegram_policy": "action_required"
},
{
"capability_id": "nemotron_replay_and_model_eval",
"display_name": "NemoTron replay / model eval / prompt eval",
"primary_owner": "nemotron",
"risk_tier": "medium",
"automation_level": "L2_approval_package_only",
"outputs": [
"sanitized_replay_score",
"schema_pass_rate",
"tool_call_quality"
],
"approval_gate": "cost_data_and_sanitized_fixture_approval_required",
"telegram_policy": "action_required_only"
},
{
"capability_id": "rag_km_freshness",
"display_name": "RAG / KM stale cleanup 與知識壓縮草案",
"primary_owner": "hermes",
"risk_tier": "medium",
"automation_level": "L2_approval_package_only",
"outputs": [
"stale_km_report",
"merge_draft",
"owner_review_queue"
],
"approval_gate": "owner_review_required",
"telegram_policy": "digest_only"
},
{
"capability_id": "ui_smoke_and_accessibility",
"display_name": "前後台 UI smoke / mobile / overflow / a11y",
"primary_owner": "hermes",
"risk_tier": "low",
"automation_level": "L1_report_only",
"outputs": [
"browser_smoke_report",
"overflow_report",
"route_health"
],
"approval_gate": "code_change_required_for_fix",
"telegram_policy": "failure_only"
},
{
"capability_id": "data_quality_and_schema_drift",
"display_name": "資料品質、schema drift、RLS / tenant context 稽核",
"primary_owner": "openclaw",
"risk_tier": "high",
"automation_level": "L2_approval_package_only",
"outputs": [
"schema_drift_report",
"rls_context_gap",
"migration_plan"
],
"approval_gate": "db_migration_approval_required",
"telegram_policy": "action_required"
},
{
"capability_id": "incident_postmortem_and_learning",
"display_name": "Incident postmortem、學習回寫與週報",
"primary_owner": "hermes",
"risk_tier": "medium",
"automation_level": "L1_report_only",
"outputs": [
"postmortem_draft",
"learning_delta",
"weekly_digest"
],
"approval_gate": "km_write_owner_review_required",
"telegram_policy": "digest_only"
},
{
"capability_id": "secret_rotation_metadata",
"display_name": "Secret rotation metadata 與到期提醒",
"primary_owner": "openclaw",
"risk_tier": "high",
"automation_level": "L1_report_only",
"outputs": [
"secret_name_inventory",
"rotation_due_report",
"owner_packet"
],
"approval_gate": "secret_value_handling_forbidden",
"telegram_policy": "action_required_only"
},
{
"capability_id": "compliance_and_evidence_pack",
"display_name": "合規、稽核證據包、owner response 完整度",
"primary_owner": "hermes",
"risk_tier": "medium",
"automation_level": "L1_report_only",
"outputs": [
"evidence_pack",
"missing_owner_response",
"audit_gap"
],
"approval_gate": "read_only_allowed",
"telegram_policy": "digest_only"
},
{
"capability_id": "market_watch_and_candidate_intake",
"display_name": "市場主流 AI Agent / 工具候選追蹤",
"primary_owner": "hermes",
"risk_tier": "medium",
"automation_level": "L2_approval_package_only",
"outputs": [
"market_watch_report",
"candidate_queue",
"integration_review"
],
"approval_gate": "market_scorecard_and_replay_gate_required",
"telegram_policy": "action_required_only"
},
{
"capability_id": "release_train_digest",
"display_name": "Release train 風險整理與分批升級建議",
"primary_owner": "openclaw",
"risk_tier": "medium",
"automation_level": "L2_approval_package_only",
"outputs": [
"release_train_plan",
"batching_policy",
"blast_radius_map"
],
"approval_gate": "operator_release_window_required",
"telegram_policy": "action_required"
}
],
"cadence_matrix": [
{
"cadence_id": "hourly_failure_signals",
"frequency": "hourly",
"scope": "只看既有 monitoring / Telegram / workflow failure signal不查外部 registry。",
"allowed_now": true,
"next_gate": "已存在監控資料;不發成功訊息"
},
{
"cadence_id": "daily_repo_only",
"frequency": "daily",
"scope": "manifest / lockfile / Dockerfile / K8s YAML / runbook / snapshot freshness repo-only 巡檢。",
"allowed_now": true,
"next_gate": "排程 workflow 仍需獨立批准"
},
{
"cadence_id": "weekly_external_primary_sources",
"frequency": "weekly",
"scope": "PyPI / npm / GitHub release / Docker registry / Kubernetes / tool official docs primary source version watch。",
"allowed_now": false,
"next_gate": "external_source_and_workflow_approval_required"
},
{
"cadence_id": "monthly_upgrade_planning",
"frequency": "monthly",
"scope": "host OS、K3s、stateful services、observability stack、backup tooling 升級批次規劃。",
"allowed_now": false,
"next_gate": "maintenance_window_and_owner_approval_required"
},
{
"cadence_id": "triggered_critical_security",
"frequency": "triggered",
"scope": "critical CVE、EOL notice、重大版本、watch source failure、Telegram silence、production incompatibility。",
"allowed_now": false,
"next_gate": "critical_alert_route_and_human_gate_required"
}
],
"mcp_tool_requirements": [
{
"tool_id": "gitea_release_pr_mcp",
"display_name": "Gitea / PR / workflow MCP",
"purpose": "查 commit、workflow、PR、runner、release train未批准不得寫 workflow、建 PR 或 merge。",
"owner_agent": "hermes",
"status": "planned_read_only_first",
"approval_gate": "write_requires_human_gate"
},
{
"tool_id": "package_registry_mcp",
"display_name": "PyPI / npm / GitHub release / Docker registry MCP",
"purpose": "查官方版本與 changelog重大版本進 approval package。",
"owner_agent": "hermes",
"status": "planned_external_source",
"approval_gate": "external_source_approval_required"
},
{
"tool_id": "sbom_sca_mcp",
"display_name": "SBOM / SCA MCP",
"purpose": "連接 Syft / Grype / OSV / Trivy 類工具;只產報告與批准包。",
"owner_agent": "openclaw",
"status": "tool_candidate",
"approval_gate": "tool_install_or_ci_change_approval_required"
},
{
"tool_id": "k8s_version_mcp",
"display_name": "K8s / K3s version MCP",
"purpose": "只讀檢查 kubectl / kubelet / apiserver / CNI version skew 與升級順序。",
"owner_agent": "openclaw",
"status": "planned_read_only",
"approval_gate": "cluster_write_blocked"
},
{
"tool_id": "host_os_readonly_mcp",
"display_name": "Host OS read-only MCP",
"purpose": "讀 OS / kernel / package version metadata不 apt upgrade、不 reboot、不 restart。",
"owner_agent": "openclaw",
"status": "planned_read_only",
"approval_gate": "ssh_or_host_probe_approval_required"
},
{
"tool_id": "observability_context_mcp",
"display_name": "Prometheus / Alertmanager / SigNoz / Sentry MCP",
"purpose": "把版本變更與 metrics / trace / issue regression 串起來。",
"owner_agent": "hermes",
"status": "partially_existing",
"approval_gate": "route_receiver_write_blocked"
},
{
"tool_id": "backup_dr_mcp",
"display_name": "Backup / DR readiness MCP",
"purpose": "升級前檢查備份新鮮度、restore readiness、rollback evidence。",
"owner_agent": "openclaw",
"status": "snapshot_existing",
"approval_gate": "restore_execution_blocked"
},
{
"tool_id": "telegram_gateway_mcp",
"display_name": "Telegram Gateway MCP",
"purpose": "只送 action-required、failure-only、critical security禁止 direct send 與成功洗版。",
"owner_agent": "openclaw",
"status": "policy_existing",
"approval_gate": "telegram_direct_send_blocked"
}
],
"rag_memory_contract": [
{
"memory_id": "version_history",
"display_name": "Version History Memory",
"storage": "PostgreSQL + pgvector + committed snapshots",
"owner_agent": "hermes",
"purpose": "保存每個 Agent、套件、工具、服務、主機的版本歷史、source ref、freshness 與升級結果。",
"redaction_policy": "不得保存 secret、token、private key、registry credential、未脫敏內部內容。"
},
{
"memory_id": "compatibility_matrix",
"display_name": "Compatibility Matrix Memory",
"storage": "knowledge_entries + runbooks + docs/evaluations",
"owner_agent": "openclaw",
"purpose": "保存 K8s skew、service compatibility、DB migration、provider fallback 與 rollback constraints。",
"redaction_policy": "只保存版本、風險、證據 ref不保存 secret payload。"
},
{
"memory_id": "upgrade_outcomes",
"display_name": "Upgrade Outcomes Memory",
"storage": "timeline_events + audit_logs + LOGBOOK",
"owner_agent": "openclaw",
"purpose": "把每次升級成功、失敗、回滾、延遲、Telegram outcome 回寫,讓下次分批更聰明。",
"redaction_policy": "只保存 decision envelope、evidence refs、redacted summary。"
},
{
"memory_id": "delegation_playbooks",
"display_name": "Delegation Playbooks Memory",
"storage": "playbooks + KM + docs/runbooks",
"owner_agent": "hermes",
"purpose": "把可委派工作轉成標準化 playbook、owner packet 與 approval package 模板。",
"redaction_policy": "owner response 只保存 redacted evidence refs。"
}
],
"rollout_tasks": [
{
"task_id": "P2-402A",
"priority": "P2",
"status": "done",
"completion_percent": 100,
"owner_agent": "Hermes + OpenClaw + NemoTron",
"summary": "定義 AI Agent 主動營運委派與版本生命週期契約、schema、snapshot、只讀 API 與文件同步。",
"next_gate": "正式部署驗證"
},
{
"task_id": "P2-402B",
"priority": "P2",
"status": "done",
"completion_percent": 100,
"owner_agent": "Hermes",
"summary": "建立 repo-only daily version freshness snapshot schema、committed snapshot、只讀 API 與測試;不查外部 registry、不改 workflow。",
"next_gate": "P2-402C_completed"
},
{
"task_id": "P2-402C",
"priority": "P2",
"status": "done",
"completion_percent": 100,
"owner_agent": "OpenClaw",
"summary": "建立 Renovate / OSV-Scanner / Trivy / Syft / Grype 工具採用批准包、官方來源 evidence、採用 lane、批准欄位、schema、snapshot、只讀 API 與測試。",
"next_gate": "P2-402D_completed"
},
{
"task_id": "P2-402D",
"priority": "P2",
"status": "done",
"completion_percent": 100,
"owner_agent": "OpenClaw",
"summary": "建立 Telegram action-required digest policy、schema、snapshot、只讀 API 與測試;定義 critical / action-required / failure-only digest 草案、成功降噪、redaction 與 fallback gap 邊界。",
"next_gate": "P2-402E_completed"
},
{
"task_id": "P2-402E",
"priority": "P2",
"status": "done",
"completion_percent": 100,
"owner_agent": "Hermes",
"summary": "建立 Gitea PR 草案 lane、schema、snapshot、只讀 API 與測試;定義 grouping、automerge=false、測試證據、rollback、owner response 與 redaction policy。",
"next_gate": "P2-402F_completed"
},
{
"task_id": "P2-402F",
"priority": "P2",
"status": "done",
"completion_percent": 100,
"owner_agent": "OpenClaw",
"summary": "建立 host OS / K3s / stateful services 版本只讀盤點、maintenance window 批准包、schema、snapshot、只讀 API 與測試;所有 SSH / kubectl / upgrade / drain / reboot / restart gate 維持 false。",
"next_gate": "P2-402G_completed"
},
{
"task_id": "P2-402G",
"priority": "P2",
"status": "done",
"completion_percent": 100,
"owner_agent": "Hermes",
"summary": "把可委派能力、版本生命週期、Host / K3s / stateful 只讀盤點、maintenance window 批准包與 Telegram / redaction gate 接入 governance UI不顯示敏感端點或工作對話內容。",
"next_gate": "P2-403A_completed"
},
{
"task_id": "P2-403A",
"priority": "P2",
"status": "done",
"completion_percent": 100,
"owner_agent": "Hermes + OpenClaw",
"summary": "建立 Agent 互動、接手、學習、成長與 Telegram receipt 證據面治理頁顯示目前真相、證據階梯、Agent lanes、可觀測訊號、runtime gates 與 redaction policy。",
"next_gate": "P2-403B_completed"
},
{
"task_id": "P2-403B",
"priority": "P2",
"status": "done",
"completion_percent": 100,
"owner_agent": "OpenClaw + Hermes",
"summary": "建立 AgentSession / Redis Streams live read model gate定義既有表安全欄位、Redis envelope、worker gate、rollback plan、無寫入 smoke 與 governance UI 顯示。",
"next_gate": "P2-403C_completed"
},
{
"task_id": "P2-403C",
"priority": "P2",
"status": "done",
"completion_percent": 100,
"owner_agent": "Hermes + OpenClaw + Nemotron",
"summary": "建立 Redis Streams consumer group dry-run、handoff envelope、ack / dead-letter / replay idempotency gate、只讀 API 與 governance UI 顯示;不連 Redis、不建立 consumer group、不 XADD、不 ACK、不 replay、不發 Telegram。",
"next_gate": "P2-403D_learning_writeback_approval_package"
},
{
"task_id": "P2-403D",
"priority": "P2",
"status": "done",
"completion_percent": 100,
"owner_agent": "Hermes + OpenClaw + Nemotron",
"summary": "建立 learning writeback approval package固定 KM、PlayBook trust、timeline learning 與 replay score 回寫前的 owner review、redaction、rollback 與 blocked write actions。",
"next_gate": "P2-403E_telegram_receipt_approval_package"
},
{
"task_id": "P2-403E",
"sequence": 8,
"display_name": "Telegram receipt approval package",
"status": "done",
"owner_agent": "openclaw",
"completion_percent": 100,
"runtime_authority": "approval_package_only_no_telegram_send",
"blocked_runtime_actions": [
"telegram_gateway_queue_write",
"telegram_direct_bot_api_call",
"telegram_delivery_receipt_write",
"telegram_retry_worker_start"
]
},
{
"task_id": "P2-403F",
"sequence": 9,
"display_name": "Owner-approved learning dry-run preview",
"status": "done",
"owner_agent": "hermes",
"completion_percent": 100,
"runtime_authority": "owner_approved_dry_run_only_no_learning_write",
"blocked_runtime_actions": [
"canonical_learning_write",
"playbook_trust_update",
"timeline_learning_write",
"telegram_send_or_receipt_write"
]
},
{
"task_id": "P2-403G",
"sequence": 10,
"display_name": "Runtime write gate review",
"status": "done",
"owner_agent": "openclaw",
"completion_percent": 100,
"runtime_authority": "write_gate_review_only_no_runtime_write",
"blocked_runtime_actions": [
"runtime_learning_write",
"knowledge_entries_canonical_write",
"playbook_trust_history_write",
"incident_timeline_learning_write",
"agent_replay_score_write",
"telegram_send_or_receipt_write"
]
},
{
"task_id": "P2-403H",
"sequence": 11,
"display_name": "Post-write verifier package",
"status": "done",
"owner_agent": "openclaw",
"completion_percent": 100,
"runtime_authority": "post_write_verifier_package_only_no_runtime_write",
"blocked_runtime_actions": [
"canonical_readback_query",
"rollback_work_item_write",
"telegram_send_or_receipt_write",
"knowledge_entries_readback_and_write",
"playbook_trust_history_write",
"incident_timeline_learning_write",
"agent_replay_score_write"
]
},
{
"task_id": "P2-403I",
"sequence": 12,
"display_name": "Runtime verifier evidence implementation review",
"status": "done",
"owner_agent": "openclaw",
"completion_percent": 100,
"runtime_authority": "runtime_verifier_evidence_review_only_no_live_execution",
"blocked_runtime_actions": [
"runtime_verifier_implementation",
"post_write_verifier_runtime_execution",
"canonical_readback_query_execution",
"rollback_work_item_write",
"telegram_send_or_receipt_write",
"runtime_learning_write",
"agent_replay_score_write"
]
},
{
"task_id": "P2-403J",
"sequence": 13,
"display_name": "Report truth, periodic reporting, and risk automation review",
"status": "done",
"owner_agent": "hermes",
"completion_percent": 100,
"runtime_authority": "reporting_and_actionability_policy_review_only_no_live_execution",
"blocked_runtime_actions": [
"telegram_weekly_report_send_as_normal",
"telegram_route_change",
"direct_telegram_send_to_legacy_chat",
"report_truth_runtime_write",
"work_item_write",
"heartbeat_to_auto_repair",
"scheduled_report_delivery",
"telegram_gateway_queue_write",
"ai_analysis_runtime_after_report",
"low_risk_auto_action_worker",
"medium_risk_auto_action_worker",
"high_risk_auto_execute",
"production_optimization_write"
]
}
],
"approval_boundaries": {
"runtime_version_update_allowed": false,
"package_upgrade_allowed": false,
"host_upgrade_allowed": false,
"container_pull_allowed": false,
"workflow_schedule_enabled": false,
"auto_merge_allowed": false,
"telegram_direct_send_allowed": false,
"secret_plaintext_allowed": false,
"paid_external_service_allowed": false,
"production_route_change_allowed": false
},
"rollups": {
"version_domain_count": 12,
"delegable_capability_count": 24,
"cadence_count": 5,
"mcp_tool_count": 8,
"rag_memory_count": 4,
"rollout_task_count": 17,
"auto_execute_allowed_count": 0,
"approval_required_capability_count": 23,
"blocked_update_domain_ids": [
"ai_agents_models",
"python_packages",
"javascript_packages",
"container_images",
"kubernetes_k3s_components",
"host_os_packages",
"observability_stack",
"stateful_services",
"backup_dr_tooling",
"ci_cd_and_runner_tools",
"mcp_tools_integrations",
"public_web_admin_surfaces"
],
"telegram_action_required_capability_ids": [
"ai_provider_route_review",
"backup_dr_readiness",
"config_drift_owner_packet",
"cost_and_capacity_review",
"data_quality_and_schema_drift",
"host_patch_advisory",
"kubernetes_version_skew_review",
"license_policy_review",
"market_watch_and_candidate_intake",
"nemotron_replay_and_model_eval",
"observability_noise_review",
"release_train_digest",
"renovate_pr_proposal",
"secret_rotation_metadata",
"upgrade_approval_package",
"version_discovery_freshness",
"vulnerability_triage",
"telegram_delivery_audit"
]
}
}
Reference in New Issue View Git Blame Copy Permalink