7478dc0254
Phase 6.4 - Modular Architecture: - Add lewooogo-brain adapters for LLM providers - Add lewooogo-data dual memory (Redis + PostgreSQL) - Implement consensus engine for multi-agent decisions - Add incident memory service for historical context Phase 9 - Agent Teams (Claude Agent SDK): - Add base agent class with Claude Sonnet 4 integration - Implement action planner, blast radius, and security agents - Add agent API endpoints and proposal workflow - Integrate ADR-009 OpenClaw Agent Teams architecture DevOps & CI/CD: - Add GitHub Actions CI/CD workflows (ci.yaml, cd.yaml) - Add pre-commit hooks and secrets baseline - Add docker-compose for local development - Update Kubernetes network policies Frontend Improvements: - Add auto-healing error boundary component - Update i18n messages for agent features - Enhance dual-state incident card with execution feedback Documentation: - Add 7 ADRs covering MCP, design system, architecture decisions - Update ARCHITECTURE_MEMORY.md with modular design - Add GLOBAL_RULES.md and SOUL.md for project identity Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
115 lines
3.7 KiB
Bash
Executable File
115 lines
3.7 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# HITL Multi-Sig Demo Flow
|
|
# ========================
|
|
# 展示完整的 CRITICAL 簽核流程
|
|
#
|
|
# 使用方式:
|
|
# 1. 確保 API 和 Web 都已啟動
|
|
# 2. 執行此腳本
|
|
#
|
|
|
|
set -e
|
|
|
|
API_URL="${API_URL:-http://localhost:8000}"
|
|
|
|
echo "=============================================="
|
|
echo " HITL Multi-Sig Demo Flow"
|
|
echo "=============================================="
|
|
echo ""
|
|
echo "API URL: $API_URL"
|
|
echo ""
|
|
|
|
# Step 1: Create a CRITICAL approval
|
|
echo "Step 1: Creating CRITICAL approval..."
|
|
echo ""
|
|
|
|
APPROVAL_RESPONSE=$(curl -s -X POST "$API_URL/api/v1/approvals" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{
|
|
"action": "DROP TABLE user_sessions",
|
|
"description": "清除所有用戶 session 以強制重新登入。此操作將影響所有線上用戶。",
|
|
"risk_level": "critical",
|
|
"blast_radius": {
|
|
"affected_pods": 0,
|
|
"estimated_downtime": "0",
|
|
"related_services": ["auth-service", "api-gateway", "user-service"],
|
|
"data_impact": "destructive"
|
|
},
|
|
"dry_run_checks": [
|
|
{"name": "RBAC Check", "passed": true, "message": "db-admin"},
|
|
{"name": "Syntax Check", "passed": true},
|
|
{"name": "Backup Available", "passed": false, "message": "No recent backup!"}
|
|
],
|
|
"requested_by": "ClawBot"
|
|
}')
|
|
|
|
APPROVAL_ID=$(echo "$APPROVAL_RESPONSE" | jq -r '.id')
|
|
echo "Created approval: $APPROVAL_ID"
|
|
echo "Status: $(echo "$APPROVAL_RESPONSE" | jq -r '.status')"
|
|
echo "Required signatures: $(echo "$APPROVAL_RESPONSE" | jq -r '.required_signatures')"
|
|
echo "Current signatures: $(echo "$APPROVAL_RESPONSE" | jq -r '.current_signatures')"
|
|
echo ""
|
|
|
|
# Step 2: First signature
|
|
echo "Step 2: First signer (Alice CTO) signs..."
|
|
echo ""
|
|
|
|
SIGN1_RESPONSE=$(curl -s -X POST "$API_URL/api/v1/approvals/$APPROVAL_ID/sign" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{
|
|
"signer_id": "alice-001",
|
|
"signer_name": "Alice Chen (CTO)",
|
|
"comment": "已確認風險,建議在低流量時段執行"
|
|
}')
|
|
|
|
echo "Sign result: $(echo "$SIGN1_RESPONSE" | jq -r '.message')"
|
|
echo "Status: $(echo "$SIGN1_RESPONSE" | jq -r '.approval.status')"
|
|
echo "Signatures: $(echo "$SIGN1_RESPONSE" | jq -r '.approval.current_signatures')/$(echo "$SIGN1_RESPONSE" | jq -r '.approval.required_signatures')"
|
|
echo "Execution triggered: $(echo "$SIGN1_RESPONSE" | jq -r '.execution_triggered')"
|
|
echo ""
|
|
|
|
# Step 3: Check pending
|
|
echo "Step 3: Check pending approvals..."
|
|
echo ""
|
|
|
|
PENDING_RESPONSE=$(curl -s "$API_URL/api/v1/approvals/pending")
|
|
echo "Pending count: $(echo "$PENDING_RESPONSE" | jq -r '.count')"
|
|
echo ""
|
|
|
|
# Step 4: Second signature
|
|
echo "Step 4: Second signer (Bob CISO) signs..."
|
|
echo ""
|
|
|
|
SIGN2_RESPONSE=$(curl -s -X POST "$API_URL/api/v1/approvals/$APPROVAL_ID/sign" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{
|
|
"signer_id": "bob-002",
|
|
"signer_name": "Bob Wu (CISO)",
|
|
"comment": "CISO 核准。已通知 DBA 團隊待命。"
|
|
}')
|
|
|
|
echo "Sign result: $(echo "$SIGN2_RESPONSE" | jq -r '.message')"
|
|
echo "Status: $(echo "$SIGN2_RESPONSE" | jq -r '.approval.status')"
|
|
echo "Signatures: $(echo "$SIGN2_RESPONSE" | jq -r '.approval.current_signatures')/$(echo "$SIGN2_RESPONSE" | jq -r '.approval.required_signatures')"
|
|
echo "Execution triggered: $(echo "$SIGN2_RESPONSE" | jq -r '.execution_triggered')"
|
|
echo ""
|
|
|
|
# Step 5: Final check
|
|
echo "Step 5: Final check - pending approvals..."
|
|
echo ""
|
|
|
|
FINAL_PENDING=$(curl -s "$API_URL/api/v1/approvals/pending")
|
|
echo "Pending count: $(echo "$FINAL_PENDING" | jq -r '.count')"
|
|
echo ""
|
|
|
|
echo "=============================================="
|
|
echo " Multi-Sig Demo Complete!"
|
|
echo "=============================================="
|
|
echo ""
|
|
echo "✅ CRITICAL approval created"
|
|
echo "✅ First signature (1/2) - still PENDING"
|
|
echo "✅ Second signature (2/2) - APPROVED"
|
|
echo "✅ Execution triggered"
|
|
echo ""
|