wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 4 Packages Projects Releases Wiki Activity
Files
e3bad588425c8a4805c033261a8ff96ebaf61ba8
awoooi/apps/api/migrations/sprint51_approval_multisig.sql
OG T 88696dba9b
Some checks failed
CD Pipeline / build-and-deploy (push) Failing after 1m33s
Details
Type Sync Check / check-type-sync (push) Failing after 58s
Details
feat(sprint5.1): Data Safety Guardrails 全鏈路整合 (L1-L5) 
Layer 0 - K8s RBAC:
  - k8s/rbac/api-velero-reader.yaml: awoooi-executor SA Velero backup reader

Layer 1 - DB Migration (已在 188 執行):
  - M-002: approval_records 新增 approval_level/votes/required_votes
  - M-003: alert_event_type ENUM 新增 8 個值

Layer 2 - IaC:
  - ops/config/service-registry.yaml: 全服務 Stateful 分級清單 (BLOCK/CRITICAL_HITL/STANDARD_HITL/AUTO)

Layer 3 - Python Services:
  - service_registry.py: 讀取 YAML,提供 is_blocked/requires_multisig/get_required_votes
  - velero_client.py: kubectl 查詢 Velero 備份年齡,失敗 fallback 999h
  - preflight_service.py: Pre-flight 安全檢查 (Q2/Q4 決策)

Layer 1-M001 - Playbook model:
  - playbook.py: 新增 requires_approval_level/stateful_targets/requires_pre_backup

Layer 4 - 業務邏輯:
  - alert_operation_log_repository.py: 新增 8 個 event_type (Guardrail/Pre-flight/MultiSig/備份)
  - auto_repair_service.py: 注入 Service Registry Guardrail 檢查 (BLOCK → 直接拒絕)
  - webhooks.py: ALERT_RECEIVED 溯源記錄 + auto_repair flag Q9 + Langfuse trace_id Q10
  - db/models.py: ApprovalRecord 同步 approval_level/votes/required_votes 欄位
  - docker-health-monitor.sh: 純感知層改造(移除所有 docker restart 邏輯)

Layer 5 - Telegram 通知:
  - telegram_gateway.py: T1-T6 六個新通知方法 (Guardrail/Pre-flight/Backup/MultiSig/ChangeApplied)

參考: ADR-062 Data Safety Guardrails, ADR-063 Service Registry IaC

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-08 16:24:09 +08:00

32 lines
1.0 KiB
PL/PgSQL
Raw Blame History

-- apps/api/migrations/sprint51_approval_multisig.sql
-- Sprint 5.1 M-002: MultiSig 雙簽核支援
-- 執行者: Claude Sonnet 4.6 / 2026-04-08 Asia/Taipei
-- 說明: approval_records 新增 approval_level / approval_votes / required_votes
BEGIN;
ALTER TABLE approval_records
ADD COLUMN IF NOT EXISTS approval_level VARCHAR(20)
DEFAULT 'standard'
CHECK (approval_level IN ('standard', 'critical')),
ADD COLUMN IF NOT EXISTS approval_votes JSONB
DEFAULT '[]'::jsonb,
ADD COLUMN IF NOT EXISTS required_votes INTEGER
DEFAULT 1;
COMMENT ON COLUMN approval_records.approval_level IS
'standard=1票審核, critical=2票MultiSig';
COMMENT ON COLUMN approval_records.approval_votes IS
'JSON array: [{"user_id": "123", "voted_at": "2026-04-08T...", "action": "approve"}]';
COMMENT ON COLUMN approval_records.required_votes IS
'standard=1, critical=2';
-- 現有記錄回填(向後相容)
UPDATE approval_records
SET approval_level = 'standard',
required_votes = 1,
approval_votes = '[]'::jsonb
WHERE approval_level IS NULL;
COMMIT;
Reference in New Issue View Git Blame Copy Permalink