6baa5054bc
Some checks failed
CD Pipeline / build-and-deploy (push) Has been cancelled
問題 1:_ALLOWED_KUBECTL_PATTERN 不允許 resource type keyword
根因:LLM 輸出 "kubectl rollout restart deployment clickhouse"
但 pattern 只允許 "kubectl rollout restart clickhouse"(無 deployment 關鍵字)
結果:_action_safe=False → auto_execute_blocked_unresolved_placeholder
→ 所有 low/medium risk 告警降為人工審核,飛輪完全停轉
修法:pattern 新增可選的 resource type group(deployment/pod/service/...)
+ re.ASCII flag 防 unicode bypass,12/12 test cases 通過
問題 2:auto_execute 路徑 KM 寫入斷鏈
根因:_write_execution_result_to_km 只在人工審核路徑呼叫
修法:auto_execute 完成後補 _fire_and_forget(executor._write_execution_result_to_km)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>