wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 6 Packages Projects Releases Wiki Activity
Files
2a2cb16c135fd7e5b159d94de9b5ff04f6cf31f5
awoooi/docs/evaluations/ai_agent_deployment_layout_2026-06-11.json
Your Name e427af3cb2
All checks were successful
CD Pipeline / tests (push) Successful in 1m24s
Details
Code Review / ai-code-review (push) Successful in 15s
Details
CD Pipeline / build-and-deploy (push) Successful in 6m5s
Details
CD Pipeline / post-deploy-checks (push) Successful in 1m37s
Details
feat(governance): 接入三 Agent 佈建布局
2026-06-11 11:27:50 +08:00

977 lines
47 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"schema_version": "ai_agent_deployment_layout_v1",
"generated_at": "2026-06-11T18:20:00+08:00",
"program_status": {
"overall_completion_percent": 45,
"current_priority": "P1",
"current_task_id": "P1-402",
"next_task_id": "P1-403",
"read_only_mode": true,
"deployment_authority": "layout_only_no_runtime_deploy"
},
"agent_contracts": [
{
"agent_id": "openclaw",
"display_name": "OpenClaw",
"primary_specialty": "生產仲裁、風險判斷、HITL 關卡與執行前後驗證",
"deployment_lane": "production_decision_core",
"allowed_autonomy": [
"只讀診斷",
"風險分級",
"批准包審查",
"Telegram action-required 分流",
"批准後的 dry-run / 執行仲裁"
],
"must_delegate_to": [
"Hermes 負責治理、文件、降噪與盤點彙整",
"NemoTron 負責離線模型能力比較與 replay 評分"
],
"blocked_actions": [
"未批准的生產寫入",
"未批准的 destructive operation",
"未批准的 provider route 切換",
"未批准的 Telegram 直接發送",
"未通過 replacement gate 前降級或取代自身生產角色"
],
"learning_scope": [
"incident lifecycle",
"approval outcome",
"post-execution verification",
"playbook trust score",
"alert grouping quality"
]
},
{
"agent_id": "hermes",
"display_name": "Hermes",
"primary_specialty": "治理、知識管理、文件、套件/供應鏈、降噪與跨專案盤點",
"deployment_lane": "governance_knowledge_and_reporting",
"allowed_autonomy": [
"只讀盤點",
"Runbook / KM 草稿",
"市場與依賴漂移摘要",
"告警降噪提案",
"批准包起草"
],
"must_delegate_to": [
"OpenClaw 仲裁任何生產、Telegram、host mutation 或 rollback",
"NemoTron 評估模型/工具能力與 replay 結果"
],
"blocked_actions": [
"直接改生產環境",
"直接發送 Telegram 通知",
"直接修改 Secret",
"自行升級套件或 SDK",
"自行切換 AI provider"
],
"learning_scope": [
"runbook freshness",
"docs drift",
"dependency drift",
"service health evidence gap",
"operator review feedback"
]
},
{
"agent_id": "nemotron",
"display_name": "NemoTron / Nemotron",
"primary_specialty": "離線專家評估、模型工具能力比較、NIM/NVIDIA replay 與長任務 Agent 能力驗證",
"deployment_lane": "offline_evaluator_and_specialist_candidate",
"allowed_autonomy": [
"sanitized request pack 分析",
"5-record smoke 評分",
"50-record replay 結果比較",
"工具呼叫輸出合約檢查",
"候選模型能力矩陣更新"
],
"must_delegate_to": [
"OpenClaw 仲裁生產風險與是否可進 shadow/canary",
"Hermes 彙整市場來源、文件與 operator 報告"
],
"blocked_actions": [
"直接讀取 production secret",
"未批准的 paid API / NIM 呼叫",
"未批准的 SDK 安裝",
"未通過 smoke gate 前進 full replay",
"自行進 shadow/canary 或生產路由"
],
"learning_scope": [
"smoke gate failures",
"output contract completeness",
"latency budget",
"tool calling reliability",
"OpenClaw same-run baseline delta"
]
}
],
"domains": [
{
"domain_id": "hosts",
"display_name": "主機",
"description": "110 / 111 / 112 / 120 / 121 / 188 的只讀監控、診斷、備份與批准後修復佈局。"
},
{
"domain_id": "packages",
"display_name": "套件與建置",
"description": "Python、pnpm/npm、Docker base image、CVE、license、digest 與 drift。"
},
{
"domain_id": "tools",
"display_name": "工具",
"description": "Gitea、Harbor、Prometheus、Alertmanager、SigNoz、Sentry、Open-WebUI、Telegram、Ansible。"
},
{
"domain_id": "services",
"display_name": "服務",
"description": "API、Web、AwoooP、IwoooS、PostgreSQL、Redis、K8s workload 與內部控制面。"
},
{
"domain_id": "projects",
"display_name": "專案",
"description": "AWOOOI 及已納入治理視野的外部/相鄰專案。"
},
{
"domain_id": "websites",
"display_name": "網站前後台",
"description": "公開站、治理後台、告警後台、AwoooP 後台、IwoooS 後台。"
},
{
"domain_id": "learning",
"display_name": "學習與協作",
"description": "AgentSession、KM、Playbook trust、market watch、replay harness。"
}
],
"deployment_targets": [
{
"target_id": "host_110",
"domain_id": "hosts",
"display_name": "110 DevOps / Gitea runner / monitoring host",
"target_type": "host",
"primary_agent": "openclaw",
"supporting_agents": ["hermes"],
"deployment_state": "active_governed",
"automation_level": "prepare_only",
"capabilities": ["host health diagnosis", "runner health review", "backup freshness review", "approval package"],
"telegram_policy": "action_required",
"learning_inputs": ["Gitea workflow result", "runner evidence", "backup status", "Alertmanager route"],
"communication_channels": ["AwoooP approval", "Telegram failure/action-required", "Prometheus metrics"],
"approval_gate": "host mutation requires human approval",
"evidence_refs": ["infra/ansible/inventory/hosts.yml", "docs/evaluations/gitea_workflow_runner_health_2026-06-05.json"],
"next_action": "把 runner / backup / monitoring 狀態納入 Agent 協作節點,但只允許準備修復提案。"
},
{
"target_id": "host_188",
"domain_id": "hosts",
"display_name": "188 AI / Web / PostgreSQL / Redis / SigNoz host",
"target_type": "host",
"primary_agent": "openclaw",
"supporting_agents": ["hermes", "nemotron"],
"deployment_state": "active_governed",
"automation_level": "prepare_only",
"capabilities": ["AI provider health review", "database/cache health review", "observability review", "NemoTron candidate evidence"],
"telegram_policy": "action_required",
"learning_inputs": ["AI route matrix", "DB backup status", "SigNoz/ClickHouse evidence", "NemoTron smoke result"],
"communication_channels": ["AwoooP approval", "Telegram failure/action-required", "Prometheus metrics"],
"approval_gate": "host mutation, service restart, provider route change require explicit approval",
"evidence_refs": ["infra/ansible/inventory/hosts.yml", "docs/evaluations/ai_provider_route_matrix_2026-06-05.json"],
"next_action": "建立 OpenClaw 主仲裁、Hermes 彙整、NemoTron 離線評估的 host-188 協作節點。"
},
{
"target_id": "host_111",
"domain_id": "hosts",
"display_name": "111 Ollama fallback host",
"target_type": "host",
"primary_agent": "openclaw",
"supporting_agents": ["hermes"],
"deployment_state": "read_only_layout",
"automation_level": "observe_only",
"capabilities": ["fallback health observation", "route readiness review"],
"telegram_policy": "failure_only",
"learning_inputs": ["Ollama health", "provider failover evidence"],
"communication_channels": ["Prometheus metrics", "Telegram failure-only"],
"approval_gate": "SSH / service operation requires approval",
"evidence_refs": ["infra/ansible/inventory/hosts.yml", "docs/runbooks/RUNBOOK-OLLAMA-FAILOVER.md"],
"next_action": "保持只讀觀察,避免因 fallback 健康誤判而切換 provider。"
},
{
"target_id": "host_120",
"domain_id": "hosts",
"display_name": "120 K3s master / blocked recovery host",
"target_type": "host",
"primary_agent": "openclaw",
"supporting_agents": ["hermes"],
"deployment_state": "blocked_by_gate",
"automation_level": "blocked",
"capabilities": ["blocked-state tracking", "recovery checklist", "backup config capture blocker"],
"telegram_policy": "action_required",
"learning_inputs": ["cold-start scorecard", "backup config capture", "host reachability"],
"communication_channels": ["Telegram action-required", "LOGBOOK", "cold-start runbook"],
"approval_gate": "console/SSH recovery evidence required before any automation",
"evidence_refs": ["docs/runbooks/BACKUP-STATUS.md", "docs/runbooks/FULL-STACK-COLD-START-SOP.md"],
"next_action": "維持 blocked不安排自動修復等待 console / SSH 復原證據。"
},
{
"target_id": "host_121",
"domain_id": "hosts",
"display_name": "121 K3s peer host",
"target_type": "host",
"primary_agent": "openclaw",
"supporting_agents": ["hermes"],
"deployment_state": "active_governed",
"automation_level": "observe_only",
"capabilities": ["K3s readiness observation", "failover context", "backup/cold-start evidence"],
"telegram_policy": "failure_only",
"learning_inputs": ["K3s node readiness", "host connectivity", "cold-start scorecard"],
"communication_channels": ["Prometheus metrics", "Telegram failure-only"],
"approval_gate": "K3s mutation requires maintenance window approval",
"evidence_refs": ["infra/ansible/inventory/hosts.yml", "docs/runbooks/K3S-OPTIMIZATION-RUNBOOK.md"],
"next_action": "將 121 視為 K3s readiness 證據節點,不做未批准操作。"
},
{
"target_id": "host_112",
"domain_id": "hosts",
"display_name": "112 Kali / security evidence host",
"target_type": "host",
"primary_agent": "hermes",
"supporting_agents": ["openclaw"],
"deployment_state": "read_only_layout",
"automation_level": "observe_only",
"capabilities": ["security evidence catalog", "owner response package", "read-only posture projection"],
"telegram_policy": "no_direct_notify",
"learning_inputs": ["IwoooS posture projection", "owner response evidence"],
"communication_channels": ["IwoooS read-only handoff", "operator review"],
"approval_gate": "active scan / host update / credentialed scan require independent approval",
"evidence_refs": ["docs/security/iwooos-posture-projection.snapshot.json", "infra/ansible/inventory/hosts.yml"],
"next_action": "維持只讀安全證據,不啟用 active scan。"
},
{
"target_id": "pkg_python_api",
"domain_id": "packages",
"display_name": "API Python dependencies",
"target_type": "package_set",
"primary_agent": "hermes",
"supporting_agents": ["openclaw"],
"deployment_state": "active_governed",
"automation_level": "observe_only",
"capabilities": ["dependency inventory", "CVE/license drift review", "upgrade approval package"],
"telegram_policy": "daily_summary_only",
"learning_inputs": ["package inventory", "CVE policy", "dependency drift plan"],
"communication_channels": ["governance UI", "daily summary only"],
"approval_gate": "dependency upgrade requires approval package",
"evidence_refs": ["docs/evaluations/package_supply_chain_inventory_2026-06-04.json"],
"next_action": "Hermes 週期性彙整漂移OpenClaw 只仲裁高風險升級。"
},
{
"target_id": "pkg_web_pnpm",
"domain_id": "packages",
"display_name": "Web pnpm/npm dependencies",
"target_type": "package_set",
"primary_agent": "hermes",
"supporting_agents": ["openclaw"],
"deployment_state": "active_governed",
"automation_level": "observe_only",
"capabilities": ["package inventory", "lockfile drift review", "upgrade proposal"],
"telegram_policy": "daily_summary_only",
"learning_inputs": ["javascript package inventory", "dependency drift plan"],
"communication_channels": ["governance UI", "daily summary only"],
"approval_gate": "package upgrade / install requires approval",
"evidence_refs": ["docs/evaluations/javascript_package_inventory_2026-06-04.json"],
"next_action": "只產生升級批准包,不自動 npm/pnpm install。"
},
{
"target_id": "docker_build_surface",
"domain_id": "packages",
"display_name": "Docker base image and build surface",
"target_type": "container_image",
"primary_agent": "hermes",
"supporting_agents": ["openclaw"],
"deployment_state": "active_governed",
"automation_level": "prepare_only",
"capabilities": ["digest drift review", "base image risk review", "build-surface proposal"],
"telegram_policy": "action_required",
"learning_inputs": ["docker build surface inventory", "CVE policy"],
"communication_channels": ["governance UI", "Telegram action-required for critical drift"],
"approval_gate": "image digest/base image change requires review and deploy gate",
"evidence_refs": ["docs/evaluations/docker_build_surface_inventory_2026-06-04.json"],
"next_action": "把 critical image drift 送 OpenClaw 仲裁,其他由 Hermes 月報。"
},
{
"target_id": "gitea_actions",
"domain_id": "tools",
"display_name": "Gitea Actions and host runner",
"target_type": "workflow_tool",
"primary_agent": "hermes",
"supporting_agents": ["openclaw"],
"deployment_state": "active_governed",
"automation_level": "observe_only",
"capabilities": ["workflow health matrix", "runner attestation", "notification hygiene"],
"telegram_policy": "action_required",
"learning_inputs": ["workflow results", "runner evidence", "CI failure classes"],
"communication_channels": ["Gitea Actions summary", "Telegram actionable/failure only"],
"approval_gate": "workflow modification requires review",
"evidence_refs": ["docs/evaluations/gitea_workflow_runner_health_2026-06-05.json", ".gitea/workflows/"],
"next_action": "Hermes 彙整 runner / workflow gapsOpenClaw 只仲裁部署或 workflow 修改。"
},
{
"target_id": "harbor_registry",
"domain_id": "tools",
"display_name": "Harbor registry",
"target_type": "registry",
"primary_agent": "hermes",
"supporting_agents": ["openclaw"],
"deployment_state": "read_only_layout",
"automation_level": "observe_only",
"capabilities": ["backup freshness", "image inventory", "registry health summary"],
"telegram_policy": "failure_only",
"learning_inputs": ["backup target inventory", "registry backup evidence"],
"communication_channels": ["backup policy", "Telegram failure-only"],
"approval_gate": "registry cleanup / retention change requires approval",
"evidence_refs": ["scripts/backup/backup-harbor.sh", "docs/evaluations/backup_dr_target_inventory_2026-06-04.json"],
"next_action": "只監控 backup / freshness不自動刪 image。"
},
{
"target_id": "prometheus_alertmanager",
"domain_id": "tools",
"display_name": "Prometheus / Alertmanager",
"target_type": "observability",
"primary_agent": "hermes",
"supporting_agents": ["openclaw"],
"deployment_state": "active_governed",
"automation_level": "prepare_only",
"capabilities": ["alert contract review", "noise reduction proposal", "E2E chain evidence"],
"telegram_policy": "action_required",
"learning_inputs": ["alert rules", "alert chain metrics", "notification outcome"],
"communication_channels": ["Alertmanager webhook", "Telegram action-required"],
"approval_gate": "alert rule deploy / silence requires approval",
"evidence_refs": ["docs/evaluations/observability_contract_matrix_2026-06-05.json", "docs/adr/ADR-035-telegram-alert-chain-enforcement.md"],
"next_action": "保持告警必到,成功訊息降噪,規則部署另走 deploy-alerts gate。"
},
{
"target_id": "signoz_clickhouse",
"domain_id": "tools",
"display_name": "SigNoz / ClickHouse",
"target_type": "observability",
"primary_agent": "hermes",
"supporting_agents": ["openclaw"],
"deployment_state": "active_governed",
"automation_level": "observe_only",
"capabilities": ["trace evidence", "log evidence", "storage health review"],
"telegram_policy": "action_required",
"learning_inputs": ["SigNoz alert", "ClickHouse health", "trace/log evidence"],
"communication_channels": ["governance UI", "Telegram action-required"],
"approval_gate": "query-heavy or retention change requires approval",
"evidence_refs": ["docs/evaluations/observability_contract_matrix_2026-06-05.json", "ops/signoz"],
"next_action": "Hermes 做證據摘要OpenClaw 仲裁重大 storage / retention 風險。"
},
{
"target_id": "sentry",
"domain_id": "tools",
"display_name": "Sentry",
"target_type": "observability",
"primary_agent": "hermes",
"supporting_agents": ["openclaw"],
"deployment_state": "active_governed",
"automation_level": "observe_only",
"capabilities": ["issue summary", "frontend/backend error drift", "release evidence"],
"telegram_policy": "action_required",
"learning_inputs": ["Sentry issue class", "release marker", "frontend/backend route"],
"communication_channels": ["governance UI", "Telegram action-required"],
"approval_gate": "Sentry DSN / project setting change requires approval",
"evidence_refs": ["apps/web/src/instrumentation.ts", "scripts/backup/backup-sentry.sh"],
"next_action": "只讀錯誤分類,不讀 secret不直接建立/修改 Sentry 設定。"
},
{
"target_id": "open_webui",
"domain_id": "tools",
"display_name": "Open-WebUI / AI workspace",
"target_type": "ai_tool",
"primary_agent": "nemotron",
"supporting_agents": ["hermes", "openclaw"],
"deployment_state": "candidate_only",
"automation_level": "observe_only",
"capabilities": ["model evaluation evidence", "AI artifact inventory", "offline specialist review"],
"telegram_policy": "no_direct_notify",
"learning_inputs": ["AI artifact backup", "model evaluation", "operator review"],
"communication_channels": ["offline report", "governance UI"],
"approval_gate": "external model call / NIM route requires cost and data-boundary approval",
"evidence_refs": ["scripts/backup/backup-open-webui.sh", "docs/evaluations/agent_nemotron_contract_tuned_smoke_matrix_2026-06-02.json"],
"next_action": "NemoTron 只做離線評估,不接 production route。"
},
{
"target_id": "telegram_gateway",
"domain_id": "tools",
"display_name": "Telegram Gateway / Bot alert chain",
"target_type": "notification_gateway",
"primary_agent": "openclaw",
"supporting_agents": ["hermes"],
"deployment_state": "active_governed",
"automation_level": "hitl_execute_after_approval",
"capabilities": ["failure-only routing", "approval card", "dedup", "E2E validation"],
"telegram_policy": "approval_required",
"learning_inputs": ["notification outcome", "dedup result", "operator button action"],
"communication_channels": ["Telegram Bot", "AwoooP approval", "alert operation log"],
"approval_gate": "direct send / bot token change / chat target change requires approval and E2E smoke",
"evidence_refs": ["apps/api/src/services/telegram_gateway.py", "docs/adr/ADR-035-telegram-alert-chain-enforcement.md"],
"next_action": "把三 Agent 的通知都收斂到 Gateway不讓 Agent 直接持有 token 或直接發送。"
},
{
"target_id": "ansible_control",
"domain_id": "tools",
"display_name": "Ansible host control plane",
"target_type": "host_iac",
"primary_agent": "openclaw",
"supporting_agents": ["hermes"],
"deployment_state": "read_only_layout",
"automation_level": "hitl_execute_after_approval",
"capabilities": ["check-mode proposal", "host-state drift", "rollback plan"],
"telegram_policy": "approval_required",
"learning_inputs": ["Ansible check-mode", "host textfile exporter", "operator approval outcome"],
"communication_channels": ["AwoooP approval", "Telegram approval-required"],
"approval_gate": "any ansible apply requires independent human approval",
"evidence_refs": ["docs/runbooks/ANSIBLE-OPERATING-MODEL.md", "infra/ansible/inventory/hosts.yml"],
"next_action": "先建立 check-mode 證據apply 仍必須人工批准。"
},
{
"target_id": "awoooi_api",
"domain_id": "services",
"display_name": "AWOOOI API backend",
"target_type": "api",
"primary_agent": "openclaw",
"supporting_agents": ["hermes", "nemotron"],
"deployment_state": "active_governed",
"automation_level": "prepare_only",
"capabilities": ["incident decision", "MCP context", "agent API snapshots", "post-execution verification"],
"telegram_policy": "failure_only",
"learning_inputs": ["incident", "timeline event", "approval record", "agent snapshot"],
"communication_channels": ["API", "Redis stream", "Telegram failure-only"],
"approval_gate": "runtime deploy / DB migration / provider route change requires CD gate",
"evidence_refs": ["apps/api/src/api/v1/agents.py", "docs/evaluations/runtime_surface_inventory_2026-06-05.json"],
"next_action": "把新佈建布局暴露為只讀 API不新增執行端點。"
},
{
"target_id": "awoooi_web",
"domain_id": "services",
"display_name": "AWOOOI public web frontend",
"target_type": "web",
"primary_agent": "hermes",
"supporting_agents": ["openclaw"],
"deployment_state": "active_governed",
"automation_level": "observe_only",
"capabilities": ["frontend evidence display", "i18n review", "route health summary"],
"telegram_policy": "failure_only",
"learning_inputs": ["browser smoke", "Sentry issue", "i18n validation"],
"communication_channels": ["governance UI", "Sentry", "Telegram failure-only"],
"approval_gate": "frontend deploy requires CD validation and production smoke",
"evidence_refs": ["apps/web/src/app/[locale]/governance/page.tsx", "docs/evaluations/runtime_surface_inventory_2026-06-05.json"],
"next_action": "Hermes 維護 UI/文案與證據卡OpenClaw 仲裁發布風險。"
},
{
"target_id": "governance_backoffice",
"domain_id": "services",
"display_name": "Governance backoffice",
"target_type": "backoffice",
"primary_agent": "hermes",
"supporting_agents": ["openclaw"],
"deployment_state": "active_governed",
"automation_level": "observe_only",
"capabilities": ["automation inventory", "agent market", "service health", "deployment layout display"],
"telegram_policy": "action_required",
"learning_inputs": ["snapshot freshness", "operator review", "blocked gate count"],
"communication_channels": ["governance UI", "AwoooP work item"],
"approval_gate": "UI display is not runtime authorization",
"evidence_refs": ["apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx"],
"next_action": "將本 layout 先接進只讀 API再接治理 UI。"
},
{
"target_id": "awooop_control_plane",
"domain_id": "services",
"display_name": "AwoooP control plane",
"target_type": "control_plane",
"primary_agent": "openclaw",
"supporting_agents": ["hermes"],
"deployment_state": "active_governed",
"automation_level": "hitl_execute_after_approval",
"capabilities": ["work item", "approval", "truth chain", "run state"],
"telegram_policy": "approval_required",
"learning_inputs": ["approval decision", "run state", "operator timeline"],
"communication_channels": ["AwoooP approvals", "Telegram approval card"],
"approval_gate": "AwoooP work item is not security or production approval by itself",
"evidence_refs": ["apps/web/src/app/[locale]/awooop/page.tsx", "docs/awooop/MASTER-WORKPLAN.md"],
"next_action": "OpenClaw 只把 AwoooP 當批准/證據控制面,不讓候選 Agent 直接執行。"
},
{
"target_id": "iwooos_security_surface",
"domain_id": "services",
"display_name": "IwoooS security surface",
"target_type": "security_surface",
"primary_agent": "hermes",
"supporting_agents": ["openclaw"],
"deployment_state": "active_governed",
"automation_level": "observe_only",
"capabilities": ["read-only evidence", "owner response packet", "security posture"],
"telegram_policy": "action_required",
"learning_inputs": ["owner response gate", "redacted evidence refs", "scope handoff"],
"communication_channels": ["IwoooS page", "operator review", "Telegram action-required only"],
"approval_gate": "active runtime / scan / host update remains false until independent approval",
"evidence_refs": ["apps/web/src/app/[locale]/iwooos/page.tsx", "docs/security/iwooos-posture-projection.snapshot.json"],
"next_action": "Hermes 整理資安證據OpenClaw 守住 active runtime gate。"
},
{
"target_id": "postgresql_primary",
"domain_id": "services",
"display_name": "PostgreSQL primary data layer",
"target_type": "database",
"primary_agent": "openclaw",
"supporting_agents": ["hermes"],
"deployment_state": "active_governed",
"automation_level": "prepare_only",
"capabilities": ["connection health", "backup freshness", "migration risk", "slow query evidence"],
"telegram_policy": "failure_only",
"learning_inputs": ["DB alert", "backup status", "migration outcome"],
"communication_channels": ["Prometheus", "backup status", "Telegram failure-only"],
"approval_gate": "migration / restore / schema change requires approval and backup evidence",
"evidence_refs": ["apps/api/migrations/", "docs/evaluations/backup_dr_readiness_matrix_2026-06-04.json"],
"next_action": "OpenClaw 仲裁 DB 風險Hermes 產出備份與 migration 證據摘要。"
},
{
"target_id": "redis_cache",
"domain_id": "services",
"display_name": "Redis / Stream / cache layer",
"target_type": "cache",
"primary_agent": "openclaw",
"supporting_agents": ["hermes"],
"deployment_state": "active_governed",
"automation_level": "prepare_only",
"capabilities": ["stream backlog review", "cache health", "agent bus readiness"],
"telegram_policy": "failure_only",
"learning_inputs": ["Redis alert", "agent stream backlog", "approval outcome"],
"communication_channels": ["Prometheus", "Agent stream", "Telegram failure-only"],
"approval_gate": "flush / restart / data mutation requires approval",
"evidence_refs": ["docs/evaluations/service_health_gap_matrix_2026-06-05.json", "docs/adr/ADR-082-multi-agent-collaboration.md"],
"next_action": "用 Redis stream 作為 Agent 協作匯流,但不允許無批准清除資料。"
},
{
"target_id": "k8s_workloads",
"domain_id": "services",
"display_name": "K8s workloads / manifests",
"target_type": "k8s",
"primary_agent": "openclaw",
"supporting_agents": ["hermes"],
"deployment_state": "active_governed",
"automation_level": "dry_run_only",
"capabilities": ["manifest mapping", "rollout evidence", "drift interpretation", "dry-run proposal"],
"telegram_policy": "action_required",
"learning_inputs": ["runtime surface inventory", "drift report", "post-execution verifier"],
"communication_channels": ["AwoooP approval", "Telegram action-required", "Prometheus"],
"approval_gate": "kubectl apply / rollout / scale / delete requires approval",
"evidence_refs": ["k8s/awoooi-prod/", "docs/evaluations/runtime_surface_inventory_2026-06-05.json"],
"next_action": "OpenClaw 做乾跑仲裁Hermes 彙整 manifest 與 runbook。"
},
{
"target_id": "project_awoooi",
"domain_id": "projects",
"display_name": "AWOOOI core project",
"target_type": "project",
"primary_agent": "openclaw",
"supporting_agents": ["hermes", "nemotron"],
"deployment_state": "active_governed",
"automation_level": "prepare_only",
"capabilities": ["incident governance", "agent market governance", "runtime truth", "deployment evidence"],
"telegram_policy": "action_required",
"learning_inputs": ["LOGBOOK", "HARD_RULES", "market watch", "runtime smoke"],
"communication_channels": ["Gitea", "AwoooP", "Telegram", "governance UI"],
"approval_gate": "production deploy and provider changes require existing CD/HITL gates",
"evidence_refs": ["docs/HARD_RULES.md", "docs/LOGBOOK.md"],
"next_action": "把三 Agent 佈局做成 AWOOOI 的正式只讀控制面資料。"
},
{
"target_id": "project_awooop",
"domain_id": "projects",
"display_name": "AwoooP operations project surface",
"target_type": "project",
"primary_agent": "openclaw",
"supporting_agents": ["hermes"],
"deployment_state": "active_governed",
"automation_level": "hitl_execute_after_approval",
"capabilities": ["work item", "approval queue", "run monitor", "contract governance"],
"telegram_policy": "approval_required",
"learning_inputs": ["work item status", "approval outcome", "truth chain"],
"communication_channels": ["AwoooP UI", "Telegram approval card"],
"approval_gate": "AwoooP approval is necessary but not sufficient for security or host mutation",
"evidence_refs": ["docs/awooop/MASTER-WORKPLAN.md", "apps/web/src/app/[locale]/awooop/"],
"next_action": "將 Agent 佈局轉為 AwoooP work item templates但不自動簽核。"
},
{
"target_id": "project_iwooos",
"domain_id": "projects",
"display_name": "IwoooS security governance",
"target_type": "project",
"primary_agent": "hermes",
"supporting_agents": ["openclaw"],
"deployment_state": "active_governed",
"automation_level": "observe_only",
"capabilities": ["scope handoff", "owner response gate", "redacted evidence"],
"telegram_policy": "action_required",
"learning_inputs": ["IwoooS posture projection", "owner response state"],
"communication_channels": ["IwoooS UI", "operator review"],
"approval_gate": "UI-visible state must not be treated as runtime authorization",
"evidence_refs": ["docs/security/iwooos-posture-projection.snapshot.json"],
"next_action": "Hermes 維持只讀證據卡OpenClaw 防止 runtime gate 被誤開。"
},
{
"target_id": "project_vibework",
"domain_id": "projects",
"display_name": "VibeWork adjacent product",
"target_type": "adjacent_project",
"primary_agent": "hermes",
"supporting_agents": ["openclaw"],
"deployment_state": "read_only_layout",
"automation_level": "observe_only",
"capabilities": ["boundary inventory", "release evidence summary", "alert routing expectation"],
"telegram_policy": "no_direct_notify",
"learning_inputs": ["cross-project handoff", "runtime evidence if explicitly supplied"],
"communication_channels": ["operator report only"],
"approval_gate": "separate repo/runtime approval required",
"evidence_refs": ["docs/security/vibework-iwooos-onboarding-handoff.snapshot.json"],
"next_action": "只保留治理視野,不跨 repo 自動部署。"
},
{
"target_id": "project_stockplatform",
"domain_id": "projects",
"display_name": "StockPlatform adjacent product",
"target_type": "adjacent_project",
"primary_agent": "hermes",
"supporting_agents": ["nemotron", "openclaw"],
"deployment_state": "read_only_layout",
"automation_level": "observe_only",
"capabilities": ["AI research governance", "dry-run review", "human-review boundary"],
"telegram_policy": "no_direct_notify",
"learning_inputs": ["research governance note", "operator-approved evidence"],
"communication_channels": ["operator report only"],
"approval_gate": "separate project approval required before any runtime work",
"evidence_refs": ["docs/ai/AI_AGENT_AUTOMATION_WORKLIST_2026-06-04.md"],
"next_action": "NemoTron 只可作研究乾跑,不作投資建議或生產推薦。"
},
{
"target_id": "project_tsenyang",
"domain_id": "projects",
"display_name": "TSENYANG website adjacent project",
"target_type": "adjacent_project",
"primary_agent": "hermes",
"supporting_agents": ["openclaw"],
"deployment_state": "read_only_layout",
"automation_level": "observe_only",
"capabilities": ["SEO/launch evidence summary", "analytics boundary review"],
"telegram_policy": "no_direct_notify",
"learning_inputs": ["operator-approved launch evidence"],
"communication_channels": ["operator report only"],
"approval_gate": "separate repo/runtime approval required",
"evidence_refs": ["docs/security/iwooos-posture-projection.snapshot.json"],
"next_action": "只保留跨產品治理視角,不直接改網站。"
},
{
"target_id": "project_bitan",
"domain_id": "projects",
"display_name": "Bitan Pharmacy adjacent project",
"target_type": "adjacent_project",
"primary_agent": "hermes",
"supporting_agents": ["openclaw"],
"deployment_state": "read_only_layout",
"automation_level": "observe_only",
"capabilities": ["production recovery evidence summary", "AI ops loop review"],
"telegram_policy": "no_direct_notify",
"learning_inputs": ["operator-approved recovery evidence"],
"communication_channels": ["operator report only"],
"approval_gate": "separate repo/runtime approval required",
"evidence_refs": ["docs/security/iwooos-posture-projection.snapshot.json"],
"next_action": "只列入相鄰產品治理,不跨專案部署。"
},
{
"target_id": "project_agent_bounty",
"domain_id": "projects",
"display_name": "agent-bounty-protocol onboarding surface",
"target_type": "adjacent_project",
"primary_agent": "hermes",
"supporting_agents": ["openclaw"],
"deployment_state": "read_only_layout",
"automation_level": "observe_only",
"capabilities": ["read-only security onboarding", "owner gate", "external agent boundary"],
"telegram_policy": "no_direct_notify",
"learning_inputs": ["agent bounty onboarding handoff", "owner response status"],
"communication_channels": ["IwoooS read-only handoff", "operator report"],
"approval_gate": "no runtime, repo, scan, cron, payout or contract action without explicit approval",
"evidence_refs": ["docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json"],
"next_action": "維持 IwoooS 只讀收件,不跨到 agent-bounty runtime。"
},
{
"target_id": "public_frontend",
"domain_id": "websites",
"display_name": "Public frontend routes",
"target_type": "website_frontend",
"primary_agent": "hermes",
"supporting_agents": ["openclaw"],
"deployment_state": "active_governed",
"automation_level": "observe_only",
"capabilities": ["browser smoke evidence", "i18n coverage", "route health"],
"telegram_policy": "failure_only",
"learning_inputs": ["browser smoke", "Sentry error", "route uptime"],
"communication_channels": ["Sentry", "Prometheus", "Telegram failure-only"],
"approval_gate": "frontend deploy requires build/typecheck/browser smoke",
"evidence_refs": ["apps/web/src/app/[locale]/page.tsx"],
"next_action": "Hermes 負責內容/顯示品質OpenClaw 仲裁發布風險。"
},
{
"target_id": "governance_ui",
"domain_id": "websites",
"display_name": "Governance UI backoffice",
"target_type": "website_backoffice",
"primary_agent": "hermes",
"supporting_agents": ["openclaw"],
"deployment_state": "active_governed",
"automation_level": "observe_only",
"capabilities": ["agent market display", "automation inventory display", "deployment layout display"],
"telegram_policy": "action_required",
"learning_inputs": ["operator review", "snapshot freshness", "blocked gate count"],
"communication_channels": ["governance UI", "AwoooP work item"],
"approval_gate": "UI display does not authorize runtime action",
"evidence_refs": ["apps/web/src/app/[locale]/governance/page.tsx"],
"next_action": "新增只讀 layout 資料源後再接 UI 呈現。"
},
{
"target_id": "alerts_backoffice",
"domain_id": "websites",
"display_name": "Alerts and operation-log backoffice",
"target_type": "website_backoffice",
"primary_agent": "openclaw",
"supporting_agents": ["hermes"],
"deployment_state": "active_governed",
"automation_level": "prepare_only",
"capabilities": ["incident triage", "alert operation log", "operator action request"],
"telegram_policy": "action_required",
"learning_inputs": ["alert operation log", "incident timeline", "notification outcome"],
"communication_channels": ["alert-operation-logs UI", "Telegram action-required"],
"approval_gate": "alert action execution requires approval",
"evidence_refs": ["apps/web/src/app/[locale]/alerts/page.tsx", "apps/web/src/app/[locale]/alert-operation-logs/page.tsx"],
"next_action": "OpenClaw 產生 action proposalHermes 彙整趨勢與降噪。"
},
{
"target_id": "awooop_admin",
"domain_id": "websites",
"display_name": "AwoooP admin routes",
"target_type": "website_backoffice",
"primary_agent": "openclaw",
"supporting_agents": ["hermes"],
"deployment_state": "active_governed",
"automation_level": "hitl_execute_after_approval",
"capabilities": ["approval queue", "runs", "contracts", "tenants"],
"telegram_policy": "approval_required",
"learning_inputs": ["approval decision", "run evidence", "contract state"],
"communication_channels": ["AwoooP UI", "Telegram approval card"],
"approval_gate": "AwoooP UI action requires separate policy and human approval",
"evidence_refs": ["apps/web/src/app/[locale]/awooop/"],
"next_action": "將三 Agent 提案映射成 AwoooP work item不讓候選 Agent 直接執行。"
},
{
"target_id": "iwooos_admin",
"domain_id": "websites",
"display_name": "IwoooS read-only security routes",
"target_type": "website_backoffice",
"primary_agent": "hermes",
"supporting_agents": ["openclaw"],
"deployment_state": "active_governed",
"automation_level": "observe_only",
"capabilities": ["security mirror", "scope card", "owner response gate"],
"telegram_policy": "action_required",
"learning_inputs": ["owner response", "security posture", "redacted refs"],
"communication_channels": ["IwoooS UI", "operator review"],
"approval_gate": "IwoooS visibility is not active runtime authorization",
"evidence_refs": ["apps/web/src/app/[locale]/iwooos/page.tsx"],
"next_action": "繼續維持低摩擦只讀資安治理。"
},
{
"target_id": "agent_session_bus",
"domain_id": "learning",
"display_name": "AgentSession / Redis Streams collaboration bus",
"target_type": "learning_bus",
"primary_agent": "openclaw",
"supporting_agents": ["hermes", "nemotron"],
"deployment_state": "planned",
"automation_level": "observe_only",
"capabilities": ["agent handoff", "turn audit", "replayable collaboration"],
"telegram_policy": "no_direct_notify",
"learning_inputs": ["agent session turn", "critic challenge", "coordinator decision"],
"communication_channels": ["Redis stream", "agent_sessions audit"],
"approval_gate": "new runtime worker or schema migration requires approval",
"evidence_refs": ["docs/adr/ADR-082-multi-agent-collaboration.md"],
"next_action": "先補只讀 layout下一波才評估是否需要 migration / worker。"
},
{
"target_id": "km_playbook_learning",
"domain_id": "learning",
"display_name": "KM / Playbook trust learning loop",
"target_type": "learning_loop",
"primary_agent": "hermes",
"supporting_agents": ["openclaw"],
"deployment_state": "planned",
"automation_level": "observe_only",
"capabilities": ["runbook freshness", "playbook trust evidence", "negative reinforcement"],
"telegram_policy": "daily_summary_only",
"learning_inputs": ["execution result", "post verification", "operator review"],
"communication_channels": ["KM", "LOGBOOK", "daily summary only"],
"approval_gate": "playbook promotion requires review",
"evidence_refs": ["docs/superpowers/specs/2026-04-15-MASTER-ai-autonomous-flywheel-v2.md"],
"next_action": "Hermes 整理學習素材OpenClaw 仲裁是否可升為 approved playbook。"
},
{
"target_id": "nemotron_replay_pipeline",
"domain_id": "learning",
"display_name": "NemoTron smoke / replay pipeline",
"target_type": "model_replay",
"primary_agent": "nemotron",
"supporting_agents": ["openclaw", "hermes"],
"deployment_state": "blocked_by_gate",
"automation_level": "blocked",
"capabilities": ["5-record smoke", "output contract review", "latency budget", "same-run baseline delta"],
"telegram_policy": "approval_required",
"learning_inputs": ["smoke gate", "external runner report", "OpenClaw baseline"],
"communication_channels": ["offline report", "operator review", "Telegram approval-required after gate"],
"approval_gate": "refresh source evidence, cost/data approval, then 5-record smoke only",
"evidence_refs": ["docs/evaluations/agent_nemotron_contract_tuned_smoke_matrix_2026-06-02.json", "docs/runbooks/OPENCLAW-REPLACEMENT-EVALUATION.md"],
"next_action": "新增 Nemotron 3 Ultra source evidence 後,先重跑 5-record smoke。"
},
{
"target_id": "agent_market_watch",
"domain_id": "learning",
"display_name": "AI Agent market watch",
"target_type": "market_watch",
"primary_agent": "hermes",
"supporting_agents": ["openclaw", "nemotron"],
"deployment_state": "active_governed",
"automation_level": "observe_only",
"capabilities": ["primary-source scan", "integration review", "discovery intake", "candidate scoring"],
"telegram_policy": "action_required",
"learning_inputs": ["official docs", "release metadata", "scorecard", "operator review"],
"communication_channels": ["Gitea Actions", "governance UI", "Telegram actionable only"],
"approval_gate": "market watch cannot approve SDK/API/replay/shadow/canary/production",
"evidence_refs": [".gitea/workflows/agent-market-watch.yaml", "docs/evaluations/agent_market_governance_snapshot_2026-06-04.json"],
"next_action": "把 Nemotron 3 Ultra 納入下一次 source refresh 和 scorecard review。"
}
],
"collaboration_contract": {
"message_bus": "以 Redis Streams / AgentSession / timeline event 作為可回放協作總線;本快照只描述布局,不啟動新 worker。",
"audit_trail": "所有 Agent 建議必須落到可查詢事件、批准包或 committed snapshot不得只存在聊天視窗。",
"handoff_rules": [
"OpenClaw 收斂生產風險、HITL 與 Telegram action-required。",
"Hermes 收斂治理、文件、盤點、降噪與跨專案報告。",
"NemoTron 收斂 sanitized 離線評估、模型比較與 replay score。",
"任何 Agent 發現風險升級時必須轉交 OpenClaw 仲裁。",
"任何 Agent 發現市場/依賴漂移時必須轉交 Hermes 彙整。",
"任何候選模型能力聲稱必須先經 NemoTron 或 replay harness 產出同題證據。"
],
"frontend_redaction": {
"operator_conversation_display_allowed": false,
"agent_private_reasoning_display_allowed": false,
"display_policy": "前端只能顯示任務狀態、證據摘要、批准邊界與產物連結;不得顯示操作對話原文或 Agent 私有推理。"
}
},
"learning_contract": {
"event_sources": [
"incident timeline",
"approval outcome",
"alert operation log",
"service health snapshot",
"backup / DR evidence",
"dependency drift snapshot",
"agent market watch",
"NemoTron smoke / replay result"
],
"feedback_loops": [
"成功/失敗/中性結果回寫 Playbook trust",
"Critic / Reviewer 挑戰結果回寫 AgentSession",
"Telegram 按鈕與 operator review 回寫 notification outcome",
"Market watch source delta 進入 scorecard / replay gate",
"NemoTron replay 失敗模式回寫 prompt / contract 改善清單"
],
"growth_metrics": [
"playbook trust_score 有效更新數",
"general fallback alert ratio",
"agent handoff completion rate",
"notification failure rate",
"smoke gate pass rate",
"operator-approved proposal precision"
],
"retention_policy": "學習資料只保留 redacted evidence refs、hash、分類與結果Secret、token、原始對話與私有推理不得進前端或告警。"
},
"telegram_contract": {
"primary_gateway": "apps/api/src/services/telegram_gateway.py",
"bot_roles": [
"OpenClaw Bot生產告警、批准、HITL 與 action-required。",
"Hermes Bot lane治理摘要、週期性報告與降噪候選但仍經 Gateway。",
"NemoTron lane只在 smoke/replay gate 需要 operator review 時產生摘要,不能直接發送。"
],
"notification_classes": [
"critical failure: immediate",
"operator action required: immediate",
"approval required: approval card",
"success / healthy: suppressed or daily summary",
"watch-only no-op: quiet"
],
"redaction_policy": "不得在 Telegram 顯示 Secret、token、cookie、private key、原始 payload、操作對話原文或 Agent 私有推理;只顯示 evidence ref、狀態、影響範圍與下一步。",
"e2e_validation": "沿用 ADR-035部署前檢查 Secret、部署時注入 K8s Secret、部署後做 E2E 告警鏈路驗證;本布局不直接送測試通知。"
},
"rollups": {
"total_targets": 42,
"by_domain": {
"hosts": 6,
"packages": 3,
"tools": 8,
"services": 8,
"projects": 8,
"websites": 5,
"learning": 4
},
"by_primary_agent": {
"openclaw": 17,
"hermes": 23,
"nemotron": 2
},
"by_deployment_state": {
"active_governed": 28,
"read_only_layout": 9,
"blocked_by_gate": 2,
"planned": 2,
"candidate_only": 1
},
"by_telegram_policy": {
"failure_only": 8,
"action_required": 17,
"approval_required": 6,
"daily_summary_only": 3,
"no_direct_notify": 8
},
"blocked_target_ids": [
"host_120",
"nemotron_replay_pipeline"
],
"approval_required_target_ids": [
"host_120",
"telegram_gateway",
"ansible_control",
"awooop_control_plane",
"project_awooop",
"awooop_admin",
"nemotron_replay_pipeline"
]
},
"approval_boundaries": {
"sdk_installation_allowed": false,
"paid_api_call_allowed": false,
"shadow_or_canary_allowed": false,
"production_routing_allowed": false,
"destructive_operation_allowed": false,
"secret_plaintext_allowed": false,
"autonomous_host_mutation_allowed": false,
"telegram_direct_send_allowed": false
}
}
Reference in New Issue View Git Blame Copy Permalink