7478dc0254
Phase 6.4 - Modular Architecture: - Add lewooogo-brain adapters for LLM providers - Add lewooogo-data dual memory (Redis + PostgreSQL) - Implement consensus engine for multi-agent decisions - Add incident memory service for historical context Phase 9 - Agent Teams (Claude Agent SDK): - Add base agent class with Claude Sonnet 4 integration - Implement action planner, blast radius, and security agents - Add agent API endpoints and proposal workflow - Integrate ADR-009 OpenClaw Agent Teams architecture DevOps & CI/CD: - Add GitHub Actions CI/CD workflows (ci.yaml, cd.yaml) - Add pre-commit hooks and secrets baseline - Add docker-compose for local development - Update Kubernetes network policies Frontend Improvements: - Add auto-healing error boundary component - Update i18n messages for agent features - Enhance dual-state incident card with execution feedback Documentation: - Add 7 ADRs covering MCP, design system, architecture decisions - Update ARCHITECTURE_MEMORY.md with modular design - Add GLOBAL_RULES.md and SOUL.md for project identity Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
146 lines
4.0 KiB
JSON
146 lines
4.0 KiB
JSON
{
|
||
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
||
"name": "OpenClaw Capabilities",
|
||
"version": "5.0.0",
|
||
"description": "OpenClaw AI Agent 允許調用的工具與操作權限定義",
|
||
"updated_at": "2026-03-21",
|
||
|
||
"kubernetes": {
|
||
"allowed_operations": [
|
||
{
|
||
"name": "RESTART_DEPLOYMENT",
|
||
"command": "kubectl rollout restart deployment/{name} -n {namespace}",
|
||
"risk_level": "medium",
|
||
"requires_approval": true,
|
||
"description": "重啟 Deployment,觸發 Rolling Update"
|
||
},
|
||
{
|
||
"name": "DELETE_POD",
|
||
"command": "kubectl delete pod {name} -n {namespace}",
|
||
"risk_level": "medium",
|
||
"requires_approval": true,
|
||
"description": "刪除 Pod,由 ReplicaSet 自動重建"
|
||
},
|
||
{
|
||
"name": "SCALE_DEPLOYMENT",
|
||
"command": "kubectl scale deployment/{name} --replicas={count} -n {namespace}",
|
||
"risk_level": "low",
|
||
"requires_approval": false,
|
||
"description": "水平擴展 Deployment 副本數"
|
||
},
|
||
{
|
||
"name": "GET_LOGS",
|
||
"command": "kubectl logs {pod} -n {namespace} --tail={lines}",
|
||
"risk_level": "low",
|
||
"requires_approval": false,
|
||
"description": "查看 Pod 日誌"
|
||
},
|
||
{
|
||
"name": "DESCRIBE_RESOURCE",
|
||
"command": "kubectl describe {resource_type} {name} -n {namespace}",
|
||
"risk_level": "low",
|
||
"requires_approval": false,
|
||
"description": "查看資源詳細狀態"
|
||
}
|
||
],
|
||
"forbidden_operations": [
|
||
{
|
||
"pattern": "kubectl delete namespace *",
|
||
"reason": "影響範圍過大,可能導致整個命名空間被刪除"
|
||
},
|
||
{
|
||
"pattern": "kubectl delete pvc *",
|
||
"reason": "可能導致持久化資料遺失"
|
||
},
|
||
{
|
||
"pattern": "kubectl apply -f *",
|
||
"reason": "未審核的 YAML 可能引入惡意配置"
|
||
},
|
||
{
|
||
"pattern": "* --force",
|
||
"reason": "強制操作繞過安全檢查"
|
||
},
|
||
{
|
||
"pattern": "kubectl exec *",
|
||
"reason": "直接進入容器可能造成安全風險"
|
||
}
|
||
],
|
||
"namespaces": {
|
||
"allowed": ["awoooi-prod", "default", "kube-system"],
|
||
"forbidden": ["kube-public", "cert-manager"]
|
||
}
|
||
},
|
||
|
||
"notifications": {
|
||
"channels": [
|
||
{
|
||
"name": "telegram",
|
||
"enabled": true,
|
||
"config_key": "OPENCLAW_TG_BOT_TOKEN",
|
||
"features": ["alerts", "approvals", "status_updates"]
|
||
},
|
||
{
|
||
"name": "discord",
|
||
"enabled": true,
|
||
"config_key": "DISCORD_WEBHOOK_URL",
|
||
"features": ["execution_reports"]
|
||
},
|
||
{
|
||
"name": "sse",
|
||
"enabled": true,
|
||
"endpoint": "/api/v1/stream",
|
||
"features": ["real_time_updates", "approvals"]
|
||
}
|
||
]
|
||
},
|
||
|
||
"ai_providers": {
|
||
"fallback_order": ["ollama", "gemini", "claude"],
|
||
"providers": [
|
||
{
|
||
"name": "ollama",
|
||
"endpoint": "http://192.168.0.188:11434",
|
||
"model": "llama3.2:3b",
|
||
"cost_per_1k_tokens": 0,
|
||
"timeout_seconds": 90
|
||
},
|
||
{
|
||
"name": "gemini",
|
||
"endpoint": "https://generativelanguage.googleapis.com/v1beta",
|
||
"model": "gemini-1.5-flash",
|
||
"cost_per_1k_tokens": 0.001,
|
||
"timeout_seconds": 30
|
||
},
|
||
{
|
||
"name": "claude",
|
||
"endpoint": "https://api.anthropic.com/v1",
|
||
"model": "claude-3-haiku-20240307",
|
||
"cost_per_1k_tokens": 0.008,
|
||
"timeout_seconds": 30
|
||
}
|
||
]
|
||
},
|
||
|
||
"security": {
|
||
"telegram_whitelist": {
|
||
"description": "允許透過 Telegram 簽核的 user_id 清單",
|
||
"users": []
|
||
},
|
||
"webhook_hmac": {
|
||
"algorithm": "sha256",
|
||
"header": "X-Signature-256"
|
||
},
|
||
"nonce_ttl_seconds": 300
|
||
},
|
||
|
||
"limits": {
|
||
"max_concurrent_approvals": 10,
|
||
"max_daily_operations": 100,
|
||
"token_budget": {
|
||
"gemini_daily": 70000,
|
||
"claude_daily": 35000,
|
||
"monthly_cost_limit_usd": 10
|
||
}
|
||
}
|
||
}
|