898114ff6b
Some checks failed
Code Review / ai-code-review (push) Successful in 13s
CD Pipeline / build-and-deploy (push) Has been cancelled
CD Pipeline / post-deploy-checks (push) Has been cancelled
CD Pipeline / tests (push) Has been cancelled
Ansible / Reboot Recovery Contract / validate (push) Has been cancelled
833 lines
30 KiB
JSON
833 lines
30 KiB
JSON
{
|
||
"schema_version": "ai_agent_version_lifecycle_update_proposal_v1",
|
||
"generated_at": "2026-06-26T18:20:00+08:00",
|
||
"program_status": {
|
||
"overall_completion_percent": 78,
|
||
"current_priority": "P2",
|
||
"current_task_id": "P2-413",
|
||
"next_task_id": "P2-414",
|
||
"read_only_mode": true,
|
||
"runtime_authority": "version_lifecycle_update_proposal_only_no_write_or_upgrade",
|
||
"status_note": "P2-413 將 AI Agent、套件、工具、服務、主機、K3s、stateful、Telegram 與 MCP/RAG 的版本生命週期統一整理成更新提案佇列。Agent 可主動分析、排序、產生批准包與回滾驗證計畫;實際升級、外查、PR、排程、Telegram 發送、主機操作與生產路由變更仍全部關閉。"
|
||
},
|
||
"source_refs": [
|
||
"docs/evaluations/ai_agent_proactive_operations_contract_2026-06-11.json",
|
||
"docs/evaluations/ai_agent_host_stateful_version_inventory_2026-06-11.json",
|
||
"docs/evaluations/dependency_supply_chain_drift_monitor_2026-06-18.json",
|
||
"docs/evaluations/ai_agent_market_radar_readback_2026-06-26.json",
|
||
"docs/evaluations/ai_technology_radar_readback_2026-06-26.json",
|
||
"docs/ai/AI_AGENT_AUTOMATION_WORKLIST_2026-06-04.md"
|
||
],
|
||
"agent_roles": [
|
||
{
|
||
"agent_id": "openclaw",
|
||
"role": "仲裁者",
|
||
"responsibility": "高風險版本變更、主機/K3s/stateful 維護窗、OpenClaw challenger 評估、回滾與最終 gate 判斷。"
|
||
},
|
||
{
|
||
"agent_id": "hermes",
|
||
"role": "營運與知識執行者",
|
||
"responsibility": "套件/CI/觀測/Telegram 版本差異整理、報告化、runbook 草稿、批准包欄位完整性。"
|
||
},
|
||
{
|
||
"agent_id": "nemotron",
|
||
"role": "AI 技術評測執行者",
|
||
"responsibility": "AI Agent/模型/SDK/MCP/RAG 候選的市場資料摘要、離線 replay 評估設計、schema 與工具鏈兼容性檢查。"
|
||
}
|
||
],
|
||
"lifecycle_domains": [
|
||
{
|
||
"domain_id": "ai_agents_models",
|
||
"display_name": "AI Agent / 模型 / SDK",
|
||
"owner_agent": "nemotron",
|
||
"risk_tier": "high",
|
||
"cadence": "weekly_primary_source + triggered_on_major_release",
|
||
"decision_policy": "市場 scorecard、replay、shadow、canary、成本、安全與可觀測性證據不足時只保留提案。",
|
||
"current_authority": "L2_approval_package_only"
|
||
},
|
||
{
|
||
"domain_id": "backend_python_packages",
|
||
"display_name": "FastAPI / Python 套件",
|
||
"owner_agent": "hermes",
|
||
"risk_tier": "high",
|
||
"cadence": "daily_repo_manifest + weekly_primary_source",
|
||
"decision_policy": "只產生 dependency approval packet;不得寫 lockfile、不得安裝或升級。",
|
||
"current_authority": "L2_approval_package_only"
|
||
},
|
||
{
|
||
"domain_id": "frontend_javascript_packages",
|
||
"display_name": "Next.js / pnpm 套件",
|
||
"owner_agent": "hermes",
|
||
"risk_tier": "medium",
|
||
"cadence": "daily_repo_manifest + weekly_primary_source",
|
||
"decision_policy": "只整理 UI/runtime 相容性、lockfile 差異與煙測計畫;不得改 lockfile。",
|
||
"current_authority": "L2_approval_package_only"
|
||
},
|
||
{
|
||
"domain_id": "container_images",
|
||
"display_name": "Docker base image / image digest",
|
||
"owner_agent": "openclaw",
|
||
"risk_tier": "high",
|
||
"cadence": "weekly_digest_review + triggered_on_security",
|
||
"decision_policy": "只產 SBOM/digest pin 提案;不得 pull/build/push image。",
|
||
"current_authority": "L2_approval_package_only"
|
||
},
|
||
{
|
||
"domain_id": "host_os_packages",
|
||
"display_name": "主機 OS / kernel / Nginx / SSH",
|
||
"owner_agent": "openclaw",
|
||
"risk_tier": "critical",
|
||
"cadence": "monthly_maintenance_review + triggered_on_security",
|
||
"decision_policy": "必須先有維護窗、備份、rollback owner、smoke plan;不得執行主機指令。",
|
||
"current_authority": "L2_approval_package_only"
|
||
},
|
||
{
|
||
"domain_id": "k3s_kubernetes_components",
|
||
"display_name": "K3s / Kubernetes / CNI / Ingress",
|
||
"owner_agent": "openclaw",
|
||
"risk_tier": "critical",
|
||
"cadence": "monthly_skew_policy_review + triggered_on_eol",
|
||
"decision_policy": "先做 version skew 與節點維護窗批准包;不得 kubectl、drain、restart。",
|
||
"current_authority": "L2_approval_package_only"
|
||
},
|
||
{
|
||
"domain_id": "stateful_services",
|
||
"display_name": "PostgreSQL / Redis / MinIO / Harbor / Gitea",
|
||
"owner_agent": "openclaw",
|
||
"risk_tier": "critical",
|
||
"cadence": "monthly_stateful_review + triggered_on_security",
|
||
"decision_policy": "任何更新前必須證明備份新鮮、restore drill 與資料相容性;不得 restart/migration。",
|
||
"current_authority": "L2_approval_package_only"
|
||
},
|
||
{
|
||
"domain_id": "observability_stack",
|
||
"display_name": "Prometheus / Alertmanager / Grafana / OTEL / Sentry",
|
||
"owner_agent": "hermes",
|
||
"risk_tier": "medium",
|
||
"cadence": "weekly_freshness + monthly_upgrade_review",
|
||
"decision_policy": "只提出 route/receiver/collector 相容性矩陣;不得寫告警路由。",
|
||
"current_authority": "L2_approval_package_only"
|
||
},
|
||
{
|
||
"domain_id": "telegram_bot_gateway",
|
||
"display_name": "Telegram Bot / Gateway / digest policy",
|
||
"owner_agent": "hermes",
|
||
"risk_tier": "high",
|
||
"cadence": "weekly_policy_review + triggered_on_delivery_failure",
|
||
"decision_policy": "只產 no-send digest 與收斂策略;不得直送 Bot 或寫 Gateway queue。",
|
||
"current_authority": "L2_approval_package_only"
|
||
},
|
||
{
|
||
"domain_id": "mcp_rag_tool_registry",
|
||
"display_name": "MCP / RAG / tool registry",
|
||
"owner_agent": "nemotron",
|
||
"risk_tier": "medium",
|
||
"cadence": "weekly_contract_review + triggered_on_tool_release",
|
||
"decision_policy": "只整理工具能力、資料保留、redaction 與審核需求;不得啟用新工具或外部服務。",
|
||
"current_authority": "L2_approval_package_only"
|
||
},
|
||
{
|
||
"domain_id": "ci_cd_runner_tools",
|
||
"display_name": "Gitea Actions / runner / deploy tooling",
|
||
"owner_agent": "hermes",
|
||
"risk_tier": "high",
|
||
"cadence": "weekly_runner_health + triggered_on_ci_failure",
|
||
"decision_policy": "只產 workflow/runner owner packet;不得修改 workflow 或自動 merge。",
|
||
"current_authority": "L2_approval_package_only"
|
||
},
|
||
{
|
||
"domain_id": "backup_dr_tooling",
|
||
"display_name": "Backup / DR / restore tooling",
|
||
"owner_agent": "openclaw",
|
||
"risk_tier": "critical",
|
||
"cadence": "weekly_backup_freshness + monthly_restore_readiness",
|
||
"decision_policy": "只整理 restore drill 與 escrow readiness;不得刪備份、restore 或 prune。",
|
||
"current_authority": "L2_approval_package_only"
|
||
}
|
||
],
|
||
"update_proposals": [
|
||
{
|
||
"proposal_id": "ai_agent_market_primary_source_radar",
|
||
"domain_id": "ai_agents_models",
|
||
"display_name": "AI Agent 市場主流版本雷達",
|
||
"owner_agent": "nemotron",
|
||
"priority": "P2",
|
||
"risk_tier": "high",
|
||
"status": "proposal_ready_owner_review_required",
|
||
"summary": "持續把 OpenClaw、Hermes、NemoTron 與市場主流 Agent/SDK/MCP/A2A 能力放入 scorecard;只產生候選與差距,不切換 provider。",
|
||
"evidence_refs": [
|
||
"docs/evaluations/ai_agent_market_radar_readback_2026-06-26.json",
|
||
"docs/evaluations/ai_technology_radar_readback_2026-06-26.json"
|
||
],
|
||
"approval_gate": "market_replay_shadow_canary_review",
|
||
"requires_owner_approval": true,
|
||
"direct_update_allowed": false,
|
||
"auto_execution_allowed": false,
|
||
"validation_plan": [
|
||
"primary source freshness readback",
|
||
"candidate scorecard replay fixture",
|
||
"成本/延遲/安全/可觀測性欄位完整性檢查"
|
||
],
|
||
"rollback_plan": [
|
||
"維持 incumbent route",
|
||
"撤回候選標籤",
|
||
"保留舊 scorecard 作為比較基線"
|
||
],
|
||
"blocked_runtime_actions": [
|
||
"provider route switch",
|
||
"paid API call",
|
||
"OpenClaw replacement"
|
||
],
|
||
"telegram_policy": "action_required_digest_draft_only"
|
||
},
|
||
{
|
||
"proposal_id": "openclaw_challenger_replay_bench",
|
||
"domain_id": "ai_agents_models",
|
||
"display_name": "OpenClaw challenger replay 評測台",
|
||
"owner_agent": "openclaw",
|
||
"priority": "P1",
|
||
"risk_tier": "critical",
|
||
"status": "blocked_until_replay_shadow_canary_evidence",
|
||
"summary": "建立可讓 NemoTron 或其他 challenger 用相同任務集比較仲裁品質的 replay 評測台;未完成 shadow/canary 前不得替換 OpenClaw。",
|
||
"evidence_refs": [
|
||
"docs/HARD_RULES.md",
|
||
"docs/evaluations/ai_provider_route_matrix_2026-06-04.json"
|
||
],
|
||
"approval_gate": "market_replay_shadow_canary_review",
|
||
"requires_owner_approval": true,
|
||
"direct_update_allowed": false,
|
||
"auto_execution_allowed": false,
|
||
"validation_plan": [
|
||
"sanitized historical task replay",
|
||
"shadow decision disagreement review",
|
||
"canary stop condition table"
|
||
],
|
||
"rollback_plan": [
|
||
"OpenClaw remains arbitration default",
|
||
"disable challenger route flag",
|
||
"archive failed challenger scorecard"
|
||
],
|
||
"blocked_runtime_actions": [
|
||
"OpenClaw replacement",
|
||
"production routing",
|
||
"runtime agent arbitration switch"
|
||
],
|
||
"telegram_policy": "critical_owner_review_draft_only"
|
||
},
|
||
{
|
||
"proposal_id": "python_dependency_authority_alignment",
|
||
"domain_id": "backend_python_packages",
|
||
"display_name": "Python dependency authority 對齊",
|
||
"owner_agent": "hermes",
|
||
"priority": "P2",
|
||
"risk_tier": "high",
|
||
"status": "action_required_dependency_packet",
|
||
"summary": "把 API Python manifest、套件風險、測試矩陣與 rollback plan 收成一份 owner packet;本階段不安裝、不升級。",
|
||
"evidence_refs": [
|
||
"docs/evaluations/dependency_supply_chain_drift_monitor_2026-06-18.json",
|
||
"apps/api/pyproject.toml"
|
||
],
|
||
"approval_gate": "dependency_upgrade_owner_review",
|
||
"requires_owner_approval": true,
|
||
"direct_update_allowed": false,
|
||
"auto_execution_allowed": false,
|
||
"validation_plan": [
|
||
"pytest target matrix",
|
||
"API smoke plan",
|
||
"dependency conflict review"
|
||
],
|
||
"rollback_plan": [
|
||
"restore previous lock snapshot",
|
||
"revert dependency PR branch",
|
||
"rerun API smoke"
|
||
],
|
||
"blocked_runtime_actions": [
|
||
"package upgrade",
|
||
"lockfile write",
|
||
"workflow trigger"
|
||
],
|
||
"telegram_policy": "failure_or_owner_action_draft_only"
|
||
},
|
||
{
|
||
"proposal_id": "frontend_pnpm_freshness_plan",
|
||
"domain_id": "frontend_javascript_packages",
|
||
"display_name": "前端 pnpm / Next.js 新鮮度計畫",
|
||
"owner_agent": "hermes",
|
||
"priority": "P3",
|
||
"risk_tier": "medium",
|
||
"status": "proposal_ready_owner_review_required",
|
||
"summary": "整理前端套件、i18n、瀏覽器煙測與 build/typecheck gate,低中風險也先形成可審核草案。",
|
||
"evidence_refs": [
|
||
"apps/web/package.json",
|
||
"apps/web/pnpm-lock.yaml",
|
||
"docs/evaluations/dependency_supply_chain_drift_monitor_2026-06-18.json"
|
||
],
|
||
"approval_gate": "dependency_upgrade_owner_review",
|
||
"requires_owner_approval": true,
|
||
"direct_update_allowed": false,
|
||
"auto_execution_allowed": false,
|
||
"validation_plan": [
|
||
"pnpm typecheck",
|
||
"eslint target files",
|
||
"desktop/mobile governance smoke"
|
||
],
|
||
"rollback_plan": [
|
||
"revert package update branch",
|
||
"restore previous lockfile",
|
||
"re-run production smoke after deploy marker"
|
||
],
|
||
"blocked_runtime_actions": [
|
||
"package upgrade",
|
||
"lockfile write",
|
||
"auto merge"
|
||
],
|
||
"telegram_policy": "weekly_digest_draft_only"
|
||
},
|
||
{
|
||
"proposal_id": "container_digest_sbom_pin_packet",
|
||
"domain_id": "container_images",
|
||
"display_name": "Container digest / SBOM pin 批准包",
|
||
"owner_agent": "openclaw",
|
||
"priority": "P2",
|
||
"risk_tier": "high",
|
||
"status": "blocked_until_sbom_and_image_gate",
|
||
"summary": "為 base image 與 runtime image 建立 digest pin、SBOM、漏洞摘要與部署煙測計畫;不 pull/build/push image。",
|
||
"evidence_refs": [
|
||
"docs/evaluations/dependency_supply_chain_drift_monitor_2026-06-18.json",
|
||
"docs/evaluations/docker_build_surface_inventory_2026-06-04.json"
|
||
],
|
||
"approval_gate": "container_sbom_digest_owner_review",
|
||
"requires_owner_approval": true,
|
||
"direct_update_allowed": false,
|
||
"auto_execution_allowed": false,
|
||
"validation_plan": [
|
||
"SBOM source plan",
|
||
"image digest diff review",
|
||
"deployment smoke plan"
|
||
],
|
||
"rollback_plan": [
|
||
"retain previous image digest",
|
||
"revert manifest proposal",
|
||
"block rollout until smoke passes"
|
||
],
|
||
"blocked_runtime_actions": [
|
||
"image pull",
|
||
"docker build",
|
||
"registry push"
|
||
],
|
||
"telegram_policy": "critical_image_digest_draft_only"
|
||
},
|
||
{
|
||
"proposal_id": "k3s_skew_maintenance_window_packet",
|
||
"domain_id": "k3s_kubernetes_components",
|
||
"display_name": "K3s version skew 維護窗批准包",
|
||
"owner_agent": "openclaw",
|
||
"priority": "P1",
|
||
"risk_tier": "critical",
|
||
"status": "blocked_until_maintenance_window",
|
||
"summary": "將 K3s/Kubernetes skew policy、節點順序、備援與煙測列成批准包;不得 kubectl、drain、restart。",
|
||
"evidence_refs": [
|
||
"docs/evaluations/ai_agent_host_stateful_version_inventory_2026-06-11.json",
|
||
"https://kubernetes.io/releases/version-skew-policy/"
|
||
],
|
||
"approval_gate": "k3s_version_skew_owner_review",
|
||
"requires_owner_approval": true,
|
||
"direct_update_allowed": false,
|
||
"auto_execution_allowed": false,
|
||
"validation_plan": [
|
||
"version skew table",
|
||
"node-by-node maintenance sequence",
|
||
"public route smoke plan"
|
||
],
|
||
"rollback_plan": [
|
||
"pause node sequence",
|
||
"restore previous control-plane state",
|
||
"run post-check readback"
|
||
],
|
||
"blocked_runtime_actions": [
|
||
"kubectl command",
|
||
"node drain",
|
||
"k3s upgrade"
|
||
],
|
||
"telegram_policy": "critical_owner_review_draft_only"
|
||
},
|
||
{
|
||
"proposal_id": "host_os_security_maintenance_packet",
|
||
"domain_id": "host_os_packages",
|
||
"display_name": "Host OS 安全維護窗批准包",
|
||
"owner_agent": "openclaw",
|
||
"priority": "P1",
|
||
"risk_tier": "critical",
|
||
"status": "blocked_until_host_maintenance_window",
|
||
"summary": "把 OS/kernel/Nginx/OpenSSH 更新變成維護窗提案;本階段只用既有 inventory,不 SSH、不 apt、不 reboot。",
|
||
"evidence_refs": [
|
||
"docs/evaluations/ai_agent_host_stateful_version_inventory_2026-06-11.json",
|
||
"docs/runbooks/K3S-OPTIMIZATION-RUNBOOK.md"
|
||
],
|
||
"approval_gate": "host_maintenance_window_owner_review",
|
||
"requires_owner_approval": true,
|
||
"direct_update_allowed": false,
|
||
"auto_execution_allowed": false,
|
||
"validation_plan": [
|
||
"host impact matrix",
|
||
"pre-change backup check",
|
||
"post-change service smoke plan"
|
||
],
|
||
"rollback_plan": [
|
||
"maintenance abort condition",
|
||
"service restore sequence",
|
||
"owner communication plan"
|
||
],
|
||
"blocked_runtime_actions": [
|
||
"host command",
|
||
"os package upgrade",
|
||
"reboot"
|
||
],
|
||
"telegram_policy": "critical_owner_review_draft_only"
|
||
},
|
||
{
|
||
"proposal_id": "stateful_backup_first_upgrade_packet",
|
||
"domain_id": "stateful_services",
|
||
"display_name": "Stateful backup-first 升級批准包",
|
||
"owner_agent": "openclaw",
|
||
"priority": "P1",
|
||
"risk_tier": "critical",
|
||
"status": "blocked_until_backup_and_restore_evidence",
|
||
"summary": "PostgreSQL/Redis/MinIO/Harbor/Gitea 更新前先要求備份新鮮度、restore drill 與資料相容性;不 restart、不 migration。",
|
||
"evidence_refs": [
|
||
"docs/evaluations/ai_agent_host_stateful_version_inventory_2026-06-11.json",
|
||
"docs/evaluations/backup_dr_readiness_matrix_2026-06-04.json"
|
||
],
|
||
"approval_gate": "stateful_backup_restore_owner_review",
|
||
"requires_owner_approval": true,
|
||
"direct_update_allowed": false,
|
||
"auto_execution_allowed": false,
|
||
"validation_plan": [
|
||
"backup freshness readback",
|
||
"restore drill owner packet",
|
||
"data compatibility smoke"
|
||
],
|
||
"rollback_plan": [
|
||
"restore snapshot selection",
|
||
"service-level rollback owner",
|
||
"read-only consistency check"
|
||
],
|
||
"blocked_runtime_actions": [
|
||
"stateful restart",
|
||
"database migration",
|
||
"restore execution"
|
||
],
|
||
"telegram_policy": "critical_owner_review_draft_only"
|
||
},
|
||
{
|
||
"proposal_id": "observability_agentops_stack_freshness",
|
||
"domain_id": "observability_stack",
|
||
"display_name": "AgentOps 觀測堆疊新鮮度",
|
||
"owner_agent": "hermes",
|
||
"priority": "P3",
|
||
"risk_tier": "medium",
|
||
"status": "proposal_ready_owner_review_required",
|
||
"summary": "追蹤 Prometheus、Alertmanager、Grafana、OTEL、Sentry 與 GenAI telemetry 更新,只產相容性矩陣與告警降噪提案。",
|
||
"evidence_refs": [
|
||
"docs/evaluations/observability_contract_matrix_2026-06-04.json",
|
||
"docs/evaluations/service_health_gap_matrix_2026-06-04.json"
|
||
],
|
||
"approval_gate": "workflow_runner_owner_review",
|
||
"requires_owner_approval": true,
|
||
"direct_update_allowed": false,
|
||
"auto_execution_allowed": false,
|
||
"validation_plan": [
|
||
"alert route compatibility matrix",
|
||
"dashboard readback smoke",
|
||
"noise reduction acceptance criteria"
|
||
],
|
||
"rollback_plan": [
|
||
"retain previous alert route",
|
||
"disable candidate dashboard flag",
|
||
"restore previous receiver policy"
|
||
],
|
||
"blocked_runtime_actions": [
|
||
"alert route write",
|
||
"workflow write",
|
||
"production write"
|
||
],
|
||
"telegram_policy": "failure_only_digest_draft"
|
||
},
|
||
{
|
||
"proposal_id": "telegram_bot_gateway_policy_refresh",
|
||
"domain_id": "telegram_bot_gateway",
|
||
"display_name": "Telegram Bot / Gateway policy refresh",
|
||
"owner_agent": "hermes",
|
||
"priority": "P2",
|
||
"risk_tier": "high",
|
||
"status": "blocked_until_no_send_receipt_gate",
|
||
"summary": "把日報、週報、月報與 action-required 告警收斂成 no-send digest、receipt readback 與 owner review;不得實發 Telegram。",
|
||
"evidence_refs": [
|
||
"docs/evaluations/ai_agent_telegram_action_required_digest_policy_2026-06-04.json",
|
||
"docs/evaluations/ai_agent_report_live_delivery_approval_package_2026-06-04.json"
|
||
],
|
||
"approval_gate": "telegram_gateway_owner_review",
|
||
"requires_owner_approval": true,
|
||
"direct_update_allowed": false,
|
||
"auto_execution_allowed": false,
|
||
"validation_plan": [
|
||
"sanitized message preview",
|
||
"dedup key review",
|
||
"receipt readback dry-run"
|
||
],
|
||
"rollback_plan": [
|
||
"mute candidate digest type",
|
||
"restore previous no-send policy",
|
||
"owner-visible failure receipt"
|
||
],
|
||
"blocked_runtime_actions": [
|
||
"Telegram direct send",
|
||
"Gateway queue write",
|
||
"Bot API call"
|
||
],
|
||
"telegram_policy": "no_send_owner_review_required"
|
||
},
|
||
{
|
||
"proposal_id": "mcp_rag_tool_registry_freshness",
|
||
"domain_id": "mcp_rag_tool_registry",
|
||
"display_name": "MCP / RAG / tool registry 新鮮度",
|
||
"owner_agent": "nemotron",
|
||
"priority": "P3",
|
||
"risk_tier": "medium",
|
||
"status": "proposal_ready_owner_review_required",
|
||
"summary": "整理 MCP server、RAG memory、tool permission 與 redaction policy 版本差異;不得啟用新外部工具或寫入記憶。",
|
||
"evidence_refs": [
|
||
"docs/evaluations/ai_agent_proactive_operations_contract_2026-06-11.json",
|
||
"docs/evaluations/ai_agent_interaction_learning_proof_2026-06-04.json"
|
||
],
|
||
"approval_gate": "mcp_rag_tool_registry_review",
|
||
"requires_owner_approval": true,
|
||
"direct_update_allowed": false,
|
||
"auto_execution_allowed": false,
|
||
"validation_plan": [
|
||
"tool permission matrix",
|
||
"RAG retention and redaction review",
|
||
"sandbox replay for tool-call changes"
|
||
],
|
||
"rollback_plan": [
|
||
"remove candidate tool from registry draft",
|
||
"retain previous memory contract",
|
||
"mark replay pack rejected"
|
||
],
|
||
"blocked_runtime_actions": [
|
||
"new external tool activation",
|
||
"memory write",
|
||
"paid external service"
|
||
],
|
||
"telegram_policy": "weekly_digest_draft_only"
|
||
},
|
||
{
|
||
"proposal_id": "gitea_runner_deploy_tooling_refresh",
|
||
"domain_id": "ci_cd_runner_tools",
|
||
"display_name": "Gitea runner / deploy tooling refresh",
|
||
"owner_agent": "hermes",
|
||
"priority": "P2",
|
||
"risk_tier": "high",
|
||
"status": "blocked_until_workflow_owner_packet",
|
||
"summary": "整理 Gitea runner、deploy marker、workflow attestation 與 smoke gate 更新提案;不得改 workflow、建立 PR 或 auto merge。",
|
||
"evidence_refs": [
|
||
"docs/evaluations/gitea_workflow_runner_health_2026-06-04.json",
|
||
"docs/LOGBOOK.md"
|
||
],
|
||
"approval_gate": "workflow_runner_owner_review",
|
||
"requires_owner_approval": true,
|
||
"direct_update_allowed": false,
|
||
"auto_execution_allowed": false,
|
||
"validation_plan": [
|
||
"runner attestation readback",
|
||
"deploy marker verification plan",
|
||
"public smoke route list"
|
||
],
|
||
"rollback_plan": [
|
||
"keep previous workflow",
|
||
"pause candidate deploy marker",
|
||
"manual owner review before merge"
|
||
],
|
||
"blocked_runtime_actions": [
|
||
"workflow write",
|
||
"PR creation",
|
||
"auto merge"
|
||
],
|
||
"telegram_policy": "deployment_failure_digest_draft_only"
|
||
}
|
||
],
|
||
"cadence_matrix": [
|
||
{
|
||
"cadence_id": "daily_repo_manifest_readback",
|
||
"frequency": "daily",
|
||
"scope": "repo-only manifests and committed snapshots",
|
||
"allowed_now": true,
|
||
"owner_agent": "hermes",
|
||
"output": "只讀差異摘要與過期來源標記"
|
||
},
|
||
{
|
||
"cadence_id": "weekly_primary_source_market_review",
|
||
"frequency": "weekly",
|
||
"scope": "AI Agent / SDK / MCP / RAG primary source review",
|
||
"allowed_now": false,
|
||
"owner_agent": "nemotron",
|
||
"output": "外部來源批准包,未批准不得 live lookup"
|
||
},
|
||
{
|
||
"cadence_id": "weekly_dependency_supply_chain_review",
|
||
"frequency": "weekly",
|
||
"scope": "dependency, image, SBOM, license, CVE proposal",
|
||
"allowed_now": false,
|
||
"owner_agent": "hermes",
|
||
"output": "dependency owner packet"
|
||
},
|
||
{
|
||
"cadence_id": "monthly_host_k3s_maintenance_review",
|
||
"frequency": "monthly",
|
||
"scope": "host OS, kernel, K3s, Kubernetes skew",
|
||
"allowed_now": false,
|
||
"owner_agent": "openclaw",
|
||
"output": "maintenance window proposal"
|
||
},
|
||
{
|
||
"cadence_id": "monthly_stateful_backup_restore_review",
|
||
"frequency": "monthly",
|
||
"scope": "PostgreSQL, Redis, MinIO, Harbor, Gitea, backup/restore",
|
||
"allowed_now": false,
|
||
"owner_agent": "openclaw",
|
||
"output": "backup-first approval package"
|
||
},
|
||
{
|
||
"cadence_id": "triggered_critical_security_or_eol_review",
|
||
"frequency": "triggered",
|
||
"scope": "critical vulnerability, EOL, runner failure, delivery failure",
|
||
"allowed_now": false,
|
||
"owner_agent": "openclaw",
|
||
"output": "urgent owner review packet"
|
||
}
|
||
],
|
||
"approval_gate_matrix": [
|
||
{
|
||
"gate_id": "market_replay_shadow_canary_review",
|
||
"risk_tier": "critical",
|
||
"owner_approval_required": true,
|
||
"auto_execute_allowed": false,
|
||
"required_evidence": [
|
||
"market scorecard",
|
||
"sanitized replay fixture",
|
||
"shadow/canary stop conditions",
|
||
"cost and latency comparison"
|
||
]
|
||
},
|
||
{
|
||
"gate_id": "dependency_upgrade_owner_review",
|
||
"risk_tier": "high",
|
||
"owner_approval_required": true,
|
||
"auto_execute_allowed": false,
|
||
"required_evidence": [
|
||
"manifest diff",
|
||
"test matrix",
|
||
"rollback branch plan"
|
||
]
|
||
},
|
||
{
|
||
"gate_id": "container_sbom_digest_owner_review",
|
||
"risk_tier": "high",
|
||
"owner_approval_required": true,
|
||
"auto_execute_allowed": false,
|
||
"required_evidence": [
|
||
"SBOM plan",
|
||
"digest diff",
|
||
"deployment smoke"
|
||
]
|
||
},
|
||
{
|
||
"gate_id": "host_maintenance_window_owner_review",
|
||
"risk_tier": "critical",
|
||
"owner_approval_required": true,
|
||
"auto_execute_allowed": false,
|
||
"required_evidence": [
|
||
"maintenance window",
|
||
"affected hosts",
|
||
"rollback owner",
|
||
"service smoke"
|
||
]
|
||
},
|
||
{
|
||
"gate_id": "k3s_version_skew_owner_review",
|
||
"risk_tier": "critical",
|
||
"owner_approval_required": true,
|
||
"auto_execute_allowed": false,
|
||
"required_evidence": [
|
||
"version skew policy",
|
||
"node sequence",
|
||
"cluster health readback"
|
||
]
|
||
},
|
||
{
|
||
"gate_id": "stateful_backup_restore_owner_review",
|
||
"risk_tier": "critical",
|
||
"owner_approval_required": true,
|
||
"auto_execute_allowed": false,
|
||
"required_evidence": [
|
||
"backup freshness",
|
||
"restore drill",
|
||
"data compatibility"
|
||
]
|
||
},
|
||
{
|
||
"gate_id": "telegram_gateway_owner_review",
|
||
"risk_tier": "high",
|
||
"owner_approval_required": true,
|
||
"auto_execute_allowed": false,
|
||
"required_evidence": [
|
||
"sanitized preview",
|
||
"dedup key",
|
||
"receipt dry-run"
|
||
]
|
||
},
|
||
{
|
||
"gate_id": "workflow_runner_owner_review",
|
||
"risk_tier": "high",
|
||
"owner_approval_required": true,
|
||
"auto_execute_allowed": false,
|
||
"required_evidence": [
|
||
"runner attestation",
|
||
"workflow diff",
|
||
"deploy smoke plan"
|
||
]
|
||
},
|
||
{
|
||
"gate_id": "mcp_rag_tool_registry_review",
|
||
"risk_tier": "medium",
|
||
"owner_approval_required": true,
|
||
"auto_execute_allowed": false,
|
||
"required_evidence": [
|
||
"tool permission matrix",
|
||
"retention policy",
|
||
"redaction review"
|
||
]
|
||
}
|
||
],
|
||
"telegram_digest_contract": {
|
||
"status": "draft_only_no_send",
|
||
"direct_send_allowed": false,
|
||
"gateway_queue_write_allowed": false,
|
||
"bot_api_call_allowed": false,
|
||
"success_noise_suppression": true,
|
||
"draft_outputs": [
|
||
"日報版本候選摘要",
|
||
"週報市場與依賴漂移摘要",
|
||
"月報維護窗與高風險 gate 摘要",
|
||
"action-required owner review 草稿"
|
||
],
|
||
"redaction_required": true
|
||
},
|
||
"runtime_boundaries": {
|
||
"read_only_update_proposal_allowed": true,
|
||
"schedule_activation_allowed": false,
|
||
"external_market_lookup_allowed": false,
|
||
"external_registry_lookup_allowed": false,
|
||
"external_cve_lookup_allowed": false,
|
||
"package_upgrade_allowed": false,
|
||
"lockfile_write_allowed": false,
|
||
"host_upgrade_allowed": false,
|
||
"os_package_upgrade_allowed": false,
|
||
"kernel_upgrade_allowed": false,
|
||
"k3s_upgrade_allowed": false,
|
||
"kubectl_command_allowed": false,
|
||
"node_drain_allowed": false,
|
||
"reboot_allowed": false,
|
||
"stateful_restart_allowed": false,
|
||
"database_migration_allowed": false,
|
||
"image_pull_allowed": false,
|
||
"docker_build_allowed": false,
|
||
"registry_push_allowed": false,
|
||
"workflow_write_allowed": false,
|
||
"pr_creation_allowed": false,
|
||
"auto_merge_allowed": false,
|
||
"provider_route_switch_allowed": false,
|
||
"openclaw_replacement_allowed": false,
|
||
"paid_api_call_allowed": false,
|
||
"secret_read_allowed": false,
|
||
"telegram_direct_send_allowed": false,
|
||
"telegram_gateway_queue_write_allowed": false,
|
||
"production_write_allowed": false,
|
||
"conversation_transcript_display_allowed": false
|
||
},
|
||
"rollups": {
|
||
"domain_count": 12,
|
||
"proposal_count": 12,
|
||
"cadence_count": 6,
|
||
"approval_gate_count": 9,
|
||
"read_only_proposal_count": 12,
|
||
"approval_required_count": 12,
|
||
"critical_candidate_count": 4,
|
||
"high_candidate_count": 5,
|
||
"false_runtime_boundary_count": 29,
|
||
"auto_execution_allowed_count": 0,
|
||
"telegram_direct_send_count": 0,
|
||
"telegram_gateway_queue_write_count": 0,
|
||
"production_write_count": 0,
|
||
"update_allowed_count": 0,
|
||
"domain_ids": [
|
||
"ai_agents_models",
|
||
"backend_python_packages",
|
||
"backup_dr_tooling",
|
||
"ci_cd_runner_tools",
|
||
"container_images",
|
||
"frontend_javascript_packages",
|
||
"host_os_packages",
|
||
"k3s_kubernetes_components",
|
||
"mcp_rag_tool_registry",
|
||
"observability_stack",
|
||
"stateful_services",
|
||
"telegram_bot_gateway"
|
||
],
|
||
"proposal_ids": [
|
||
"ai_agent_market_primary_source_radar",
|
||
"container_digest_sbom_pin_packet",
|
||
"frontend_pnpm_freshness_plan",
|
||
"gitea_runner_deploy_tooling_refresh",
|
||
"host_os_security_maintenance_packet",
|
||
"k3s_skew_maintenance_window_packet",
|
||
"mcp_rag_tool_registry_freshness",
|
||
"observability_agentops_stack_freshness",
|
||
"openclaw_challenger_replay_bench",
|
||
"python_dependency_authority_alignment",
|
||
"stateful_backup_first_upgrade_packet",
|
||
"telegram_bot_gateway_policy_refresh"
|
||
]
|
||
},
|
||
"next_actions": [
|
||
{
|
||
"task_id": "P2-414",
|
||
"priority": "P2",
|
||
"owner_agent": "hermes",
|
||
"summary": "把日報、週報、月報的版本生命週期欄位與 P2-413 proposal queue 對齊。",
|
||
"gate": "report_schema_update_no_send"
|
||
},
|
||
{
|
||
"task_id": "P2-415",
|
||
"priority": "P1",
|
||
"owner_agent": "openclaw",
|
||
"summary": "設計 OpenClaw challenger replay bench 的 sanitized task set 與評分欄位。",
|
||
"gate": "market_replay_shadow_canary_review"
|
||
},
|
||
{
|
||
"task_id": "P2-416",
|
||
"priority": "P2",
|
||
"owner_agent": "nemotron",
|
||
"summary": "把 MCP/RAG/tool registry 的保留、遮罩與權限欄位轉成 owner packet。",
|
||
"gate": "mcp_rag_tool_registry_review"
|
||
},
|
||
{
|
||
"task_id": "P2-417",
|
||
"priority": "P1",
|
||
"owner_agent": "openclaw",
|
||
"summary": "建立 host/K3s/stateful 維護窗批准包的 owner review readback。",
|
||
"gate": "maintenance_window_owner_review"
|
||
}
|
||
]
|
||
}
|