cdccc7e826
capabilities.json: - 版本升至 5.6.0 - 新增 guardrail.block_layer (Sprint 5.1): Stateful服務封鎖、心跳排除 - 新增 adr067_ollama_applications: Phase 30-34五大應用完整描述 - RAG: 5814 chunks, ivfflat cosine_ops, /rag Telegram指令 - 明確 Ollama 111:11434 (ADR-067) vs 188:11434 (主模型) 分工 SOUL.md: - 更新主模型欄位: 區分 Ollama 188(主模型) vs 111(ADR-067五大應用) - 新增「圖片分析」到專長列表 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
300 lines
9.1 KiB
JSON
300 lines
9.1 KiB
JSON
{
|
||
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
||
"name": "OpenClaw Capabilities",
|
||
"version": "5.6.0",
|
||
"description": "OpenClaw AI Agent 允許調用的工具與操作權限定義",
|
||
"updated_at": "2026-04-10",
|
||
|
||
"kubernetes": {
|
||
"allowed_operations": [
|
||
{
|
||
"name": "RESTART_DEPLOYMENT",
|
||
"command": "kubectl rollout restart deployment/{name} -n {namespace}",
|
||
"risk_level": "medium",
|
||
"requires_approval": true,
|
||
"description": "重啟 Deployment,觸發 Rolling Update"
|
||
},
|
||
{
|
||
"name": "DELETE_POD",
|
||
"command": "kubectl delete pod {name} -n {namespace}",
|
||
"risk_level": "medium",
|
||
"requires_approval": true,
|
||
"description": "刪除 Pod,由 ReplicaSet 自動重建"
|
||
},
|
||
{
|
||
"name": "DELETE_PODS_BY_LABEL",
|
||
"command": "kubectl delete pods -l {selector} -n {namespace}",
|
||
"risk_level": "medium",
|
||
"requires_approval": true,
|
||
"description": "依 Label 批量刪除 Pod"
|
||
},
|
||
{
|
||
"name": "SCALE_DEPLOYMENT",
|
||
"command": "kubectl scale deployment/{name} --replicas={count} -n {namespace}",
|
||
"risk_level": "low",
|
||
"requires_approval": false,
|
||
"description": "水平擴展 Deployment 副本數"
|
||
},
|
||
{
|
||
"name": "GET_LOGS",
|
||
"command": "kubectl logs {pod} -n {namespace} --tail={lines}",
|
||
"risk_level": "low",
|
||
"requires_approval": false,
|
||
"description": "查看 Pod 日誌"
|
||
},
|
||
{
|
||
"name": "GET_STATUS",
|
||
"command": "kubectl get pods/deployments/services -n {namespace}",
|
||
"risk_level": "low",
|
||
"requires_approval": false,
|
||
"description": "查看資源狀態列表"
|
||
},
|
||
{
|
||
"name": "DESCRIBE_RESOURCE",
|
||
"command": "kubectl describe {resource_type} {name} -n {namespace}",
|
||
"risk_level": "low",
|
||
"requires_approval": false,
|
||
"description": "查看資源詳細狀態"
|
||
}
|
||
],
|
||
"forbidden_operations": [
|
||
{
|
||
"pattern": "kubectl delete namespace *",
|
||
"reason": "影響範圍過大,可能導致整個命名空間被刪除"
|
||
},
|
||
{
|
||
"pattern": "kubectl delete pvc *",
|
||
"reason": "可能導致持久化資料遺失"
|
||
},
|
||
{
|
||
"pattern": "kubectl apply -f *",
|
||
"reason": "未審核的 YAML 可能引入惡意配置"
|
||
},
|
||
{
|
||
"pattern": "* --force",
|
||
"reason": "強制操作繞過安全檢查"
|
||
},
|
||
{
|
||
"pattern": "kubectl exec *",
|
||
"reason": "直接進入容器可能造成安全風險"
|
||
}
|
||
],
|
||
"namespaces": {
|
||
"allowed": ["awoooi-prod", "default", "kube-system"],
|
||
"forbidden": ["kube-public", "cert-manager"]
|
||
},
|
||
"api_server": {
|
||
"in_cluster_override": "K8S_API_SERVER_URL",
|
||
"fallback_url": "https://192.168.0.120:6443",
|
||
"reason": "ADR-059: ClusterIP 10.43.0.1 不可達時使用節點 IP"
|
||
}
|
||
},
|
||
|
||
"notifications": {
|
||
"channels": [
|
||
{
|
||
"name": "telegram",
|
||
"enabled": true,
|
||
"config_key": "OPENCLAW_TG_BOT_TOKEN",
|
||
"features": ["alerts", "approvals", "status_updates"],
|
||
"format": {
|
||
"max_total_chars": 500,
|
||
"show_model_name": true,
|
||
"show_backend": true,
|
||
"dedup_ttl_seconds": 600
|
||
}
|
||
},
|
||
{
|
||
"name": "sse",
|
||
"enabled": true,
|
||
"endpoint": "/api/v1/stream",
|
||
"features": ["real_time_updates", "approvals"]
|
||
}
|
||
]
|
||
},
|
||
|
||
"ai_providers": {
|
||
"fallback_order": ["ollama_tool", "openclaw_nemo", "gemini", "nvidia"],
|
||
"router_toggle": "USE_AI_ROUTER",
|
||
"providers": [
|
||
{
|
||
"name": "ollama_tool",
|
||
"endpoint": "http://192.168.0.188:11434",
|
||
"model": "llama3.1:8b",
|
||
"cost_per_1k_tokens": 0,
|
||
"timeout_seconds": 30,
|
||
"description": "OllamaToolProvider — 本地 tool calling,最優先"
|
||
},
|
||
{
|
||
"name": "openclaw_nemo",
|
||
"endpoint": "http://192.168.0.188:11434",
|
||
"model": "nemotron-mini",
|
||
"cost_per_1k_tokens": 0,
|
||
"timeout_seconds": 60,
|
||
"description": "Nemotron via Ollama — 本地 RCA 分析"
|
||
},
|
||
{
|
||
"name": "gemini",
|
||
"endpoint": "https://generativelanguage.googleapis.com/v1beta",
|
||
"model": "gemini-1.5-flash",
|
||
"cost_per_1k_tokens": 0.001,
|
||
"timeout_seconds": 30,
|
||
"description": "Gemini Flash — 雲端備援"
|
||
},
|
||
{
|
||
"name": "nvidia",
|
||
"endpoint": "https://integrate.api.nvidia.com/v1",
|
||
"model": "nvidia/llama-3.1-nemotron-ultra-253b-v1",
|
||
"cost_per_1k_tokens": 0.002,
|
||
"timeout_seconds": 30,
|
||
"description": "NVIDIA NIM — 最後備援"
|
||
}
|
||
]
|
||
},
|
||
|
||
"guardrail": {
|
||
"block_layer": {
|
||
"enabled": true,
|
||
"description": "Sprint 5.1 — Stateful 服務永久封鎖,優先於所有審核流程",
|
||
"blocked_services": ["postgres", "redis", "velero", "etcd"],
|
||
"blocked_patterns": ["DROP", "DELETE FROM", "TRUNCATE", "pvc", "backup"],
|
||
"heartbeat_exclusions": ["NoAlertsReceived", "Watchdog", "DeadManSwitch"],
|
||
"on_block": "log_to_alert_operation_log + notify_telegram + abort"
|
||
},
|
||
"risk_levels": {
|
||
"LOW": { "action": "auto_execute", "signatures": 0 },
|
||
"STANDARD_HITL": { "action": "single_approval", "signatures": 1 },
|
||
"CRITICAL_HITL": { "action": "multi_sig", "signatures": 2 },
|
||
"BLOCK": { "action": "permanent_block", "signatures": null }
|
||
}
|
||
},
|
||
|
||
"adr067_ollama_applications": {
|
||
"description": "ADR-067 五大 Ollama 本地 AI 應用 (Phase 30-34),全部使用 Ollama 111:11434",
|
||
"ollama_endpoint": "http://192.168.0.111:11434",
|
||
"applications": [
|
||
{
|
||
"phase": 30,
|
||
"name": "drift_summary",
|
||
"model": "qwen2.5:7b-instruct",
|
||
"timeout_seconds": 90,
|
||
"trigger": "Config Drift 偵測後自動觸發",
|
||
"output": "中文摘要 Telegram 通知",
|
||
"status": "active"
|
||
},
|
||
{
|
||
"phase": 31,
|
||
"name": "log_anomaly_summary",
|
||
"model": "deepseek-r1:14b",
|
||
"timeout_seconds": 120,
|
||
"trigger": "Alertmanager 告警到達後觸發 NemoTron log 摘要",
|
||
"output": "異常 log 中文摘要 Telegram 通知",
|
||
"status": "active"
|
||
},
|
||
{
|
||
"phase": 32,
|
||
"name": "pr_code_review",
|
||
"model": "qwen2.5-coder:7b",
|
||
"timeout_seconds": 120,
|
||
"trigger": "Gitea PR webhook",
|
||
"output": "PR 審查意見 + 風險評估",
|
||
"status": "active"
|
||
},
|
||
{
|
||
"phase": 33,
|
||
"name": "rag_knowledge_base",
|
||
"embed_model": "nomic-embed-text",
|
||
"embed_dimensions": 768,
|
||
"gen_model": "qwen2.5:7b-instruct",
|
||
"timeout_seconds": 30,
|
||
"storage": "pgvector rag_chunks table (ivfflat cosine_ops lists=100)",
|
||
"chunks_count": 5814,
|
||
"sources": ["docs/runbooks", "docs/adr", "docs", ".agents/skills"],
|
||
"api_endpoints": {
|
||
"index": "POST /api/v1/rag/index",
|
||
"query": "POST /api/v1/rag/query",
|
||
"stats": "GET /api/v1/rag/stats",
|
||
"optimize": "POST /api/v1/rag/optimize"
|
||
},
|
||
"telegram_command": "/rag <問題>",
|
||
"status": "active"
|
||
},
|
||
{
|
||
"phase": 34,
|
||
"name": "image_analysis",
|
||
"model": "llava:latest",
|
||
"timeout_seconds": 60,
|
||
"trigger": "Telegram 圖片上傳 或 API 呼叫",
|
||
"output": "圖片內容中文描述",
|
||
"status": "active"
|
||
}
|
||
]
|
||
},
|
||
|
||
"phase25_capabilities": {
|
||
"config_drift_detection": {
|
||
"enabled": true,
|
||
"schedule": "0 * * * *",
|
||
"description": "每小時比對 Git YAML vs K8s 實際狀態"
|
||
},
|
||
"auto_harvesting": {
|
||
"enabled": true,
|
||
"dedup_key": "symptoms_hash",
|
||
"description": "Anti-Pattern 閉環攔截,symptoms_hash 去重"
|
||
},
|
||
"sensor_agent": {
|
||
"enabled": true,
|
||
"stream_key": "awoooi:signals",
|
||
"redis_db": 10,
|
||
"dedup_ttl_seconds": 600,
|
||
"collectors": ["node_metrics", "journal_errors", "service_probes"],
|
||
"hosts": {
|
||
"188": {
|
||
"role": "AI/Web 中心",
|
||
"services": ["PostgreSQL", "Redis", "Ollama", "Nginx", "SigNoz"]
|
||
},
|
||
"110": {
|
||
"role": "基礎設施金庫",
|
||
"services": ["Harbor", "Gitea", "GH-Runner"]
|
||
}
|
||
},
|
||
"thresholds": {
|
||
"cpu_pct_high": 85.0,
|
||
"mem_pct_high": 90.0,
|
||
"disk_pct_high": 85.0,
|
||
"load_factor": 2.0,
|
||
"journal_err_min": 10
|
||
}
|
||
}
|
||
},
|
||
|
||
"security": {
|
||
"telegram_whitelist": {
|
||
"description": "允許透過 Telegram 簽核的 user_id 清單",
|
||
"users": []
|
||
},
|
||
"webhook_hmac": {
|
||
"algorithm": "sha256",
|
||
"header": "X-Signature-256"
|
||
},
|
||
"nonce_ttl_seconds": 300,
|
||
"trust_engine": {
|
||
"risk_levels": {
|
||
"LOW": "auto_execute",
|
||
"MEDIUM": "single_approval",
|
||
"CRITICAL": "multi_sig_2"
|
||
}
|
||
}
|
||
},
|
||
|
||
"limits": {
|
||
"max_concurrent_approvals": 10,
|
||
"max_daily_operations": 100,
|
||
"token_budget": {
|
||
"gemini_daily": 70000,
|
||
"nvidia_daily": 35000,
|
||
"monthly_cost_limit_usd": 10
|
||
}
|
||
}
|
||
}
|