wooo/ewoooc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,320 Commits 6 Branches 0 Tags
main
Commit Graph

14 Commits

Author SHA1 Message Date
OoO
d6d8777e41 V10.601 收斂 Gemini 與密鑰治理
All checks were successful
CD Pipeline / deploy (push) Successful in 1m12s
Details
2026-06-06 14:52:46 +08:00
OoO
153e4c9734 fix(observability): revert unrelated quick review commit files
All checks were successful
CD Pipeline / deploy (push) Successful in 58s
Details
2026-05-06 19:50:52 +08:00
OoO
308efdce25 chore(observability): clarify quick review completion copy
All checks were successful
CD Pipeline / deploy (push) Successful in 1m4s
Details
2026-05-06 19:49:28 +08:00
OoO
4c6e4ca5fb style(ppt): align PPT palette perfectly with MOMO Pro v2 design tokens (Beige, Warm Ink, Caramel Orange) as per frontend upgrade roadmap 2026-05-02 15:01:55 +08:00
OoO
136e65b400 chore(hooks): momo-db 守門 9 PoC 強化(vuln-verifier 補丁)
All checks were successful
CD Pipeline / deploy (push) Successful in 1m8s
Details 
回應 vuln-verifier 對前版規則 3e 的 8/9 PoC 繞過警告。

新增/強化擋點:
- psql -f / heredoc / 重定向:hook 看不到 SQL 內容 → 一律擋
- multi-statement: ; 後接內容(去 -- 與 /* */ 註解後判斷)→ 擋
- writable CTE: WITH ... DELETE/INSERT/UPDATE → 擋
- /run/secrets, /proc/*/environ → 擋
- pg_read_file / pg_read_binary_file / lo_export / lo_import → 擋
- COPY ... FROM PROGRAM → 擋
- VACUUM FULL / REINDEX / REFRESH MATERIALIZED / CLUSTER 加入寫入黑名單
- env 加 (?!\\s+\\w+=) lookahead,避免誤殺 env VAR=value
- alias/function 包裝 docker exec:警告(無法靜態判斷後續呼叫)
- 白名單 prefix 不收 WITH(防 writable CTE 漏網),改收 SELECT/EXPLAIN/SHOW/VALUES/TABLE

settings.json: 累積本輪 session 的 read-only 工具放行(py_compile、python3)。
 2026-04-29 09:12:26 +08:00
ogt
fcac03379d [V10.4-A] 加強 commit-quality Hook + P9 文件歸檔 
新增 Edit/Write/MultiEdit 事件攔截(原僅攔截 git commit Bash 指令),
補齊 getenv fallback 模式偵測,防止 hardcoded Token 透過工具直寫入檔案。

- .claude/hooks/commit-quality.js: 改寫為 PreToolUse JSON 格式,覆蓋 Edit/Write/MultiEdit
- .claude/settings.json: 新增 Edit|Write|MultiEdit|Bash matcher 註冊
- .claude/hooks/__test__/commit-quality.test.sh: 4 case 自動化測試
- docs/guides/DISK_EXPANSION_GUIDE.md: 磁碟擴充 SOP 歸檔
- docs/p9_completion_report_*.md: P9-1 + P9-2 Sprint 完成報告
- docs/refactor/callback_prefix_proposal.md: 308 按鈕回呼前綴分析(Method C)
- docs/refactor/openclaw_bot_routes_split_plan.md: 5999 行神檔拆分計畫

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-25 01:42:40 +08:00
ogt
4cdf0793a4 fix(review): 修復 /review 機制的 7 個審查問題 
必修:
- 路由表新增 .sh → critic、.yaml/.yml → tool-expert 兩條規則
- refactor-specialist 改為並行(不取代 critic),確保 vuln-verifier 觸發條件正確
- Phase B 觸發條件從 'critic 含 🔴' 改為 '任一主審 Agent 含 🔴'

選修:
- Stage 0 新增 >2000 行 diff 保護(降級為 --stat 摘要)
- Stage 2.5 移除 '立即' 矛盾描述,改為 'Phase A 全回報後逐一發送'
- tg_notify.sh: 新增 CHAT_IDS 解析後空值守衛
- tg_notify.sh: 改用 printf | --data-urlencode 'text@-' 支援多行訊息

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-22 01:39:39 +08:00
ogt
a45b61f326 feat(review): 新增 /review pre-commit code review slash command 
- .claude/commands/review.md: 整合 12 Agent 的 pre-commit review 指令
  + 依 diff 類型路由:critic / db-expert / migration-engineer / tool-expert
  + Phase B 條件觸發 vuln-verifier(critic 發現 🔴 時)
  + ≥10 Python 檔案改派 refactor-specialist 主審
  + 最終判決:BLOCKED / CAUTION / APPROVED

- scripts/tg_notify.sh: Telegram 告警工具
  + 7 個流程節點全部發送告警(啟動/每個 Agent 完成/最終判決)
  + 支援 info/warn/error 三級別 + jq/bash 雙備案解析
  + token 未設定時 exit 0,不阻斷 review 流程

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-22 01:23:57 +08:00
ogt
0099543c05 fix(security): 全域健檢 — 40 項安全/Bug/品質修復
Some checks failed
CD Pipeline / deploy (push) Failing after 5m18s
Details 
🔴 Critical
- auto_heal_service: 補 import re + sqlalchemy.text + 修正 orchestrator 變數名
  + autoheal_playbook→playbooks 表名 + _alert_and_store cooldown 修復
- aider_heal_executor: shell injection 改 shell=False + list 參數
- docker-compose: DISABLE_LOGIN 改 env var + 移除密碼 fallback + POSTGRES_HOST 修正
- app.py: /api/backup /api/run_task 等 6 個管理 API 加 @login_required
- config.py + pg_sync + e2e_test: 移除 wooo_pg_2026 hardcoded 密碼 fallback
- pg_backup.sh: 移除 TELEGRAM_TOKEN= 中間變數,直接用 $TELEGRAM_BOT_TOKEN
- migration 014: trigger_pattern→match_pattern + 補 error_type NOT NULL 欄位

🟡 High
- telegram_bot_service: str(e) 改通用訊息 + session try/finally + 移除 pa:/pr: 舊 callback
- run_scheduler: ElephantAlpha thread 死亡監控 + 自動重啟 + Telegram 告警
  + agent_context 03:30 TTL 定時清理任務
- openclaw_learning_service: build_rag_context 兩路徑加 .limit(200)
- hooks: commit-quality + momo-prod-guard 空 catch 改 stderr+exit(1)
- scripts/code_review: auto_yes 預設改 false
- db_backup_service: PGPASSWORD 透過 env dict 傳遞

📦 Migrations
- 013_autoheal: 修正建表順序 playbooks→incidents(外鍵前向引用)
- 018_add_missing_indexes: heal_logs/incidents 外鍵索引 + cleanup_expired_agent_context()

🟢 Infrastructure
- requirements.txt: 加版本下界 Flask>=2.3 SQLAlchemy>=1.4 等
- cd.yaml: 新增 run_scheduler.py + run_telegram_bot.py 監聽路徑
- .gitignore: insert_playbook_local.py 加入忽略

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-22 01:12:23 +08:00
ogt
61a9c4c1e3 fix(hooks): 移除重複的 commit-quality.js 呼叫 
全域 ~/.claude/hooks/commit-quality.js 已透過 secrets.local.json
涵蓋 Telegram/Gemini/Gitea pattern,momo project 設定不需再執行一次
避免每次 commit 重複告警兩次

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-21 23:46:21 +08:00
ogt
a13683d655 refactor(claude): Phase B — momo CLAUDE.md 去重 + secrets.local.json 
- CLAUDE.md V12.0: 移除與全域重複的 P7/P9/P10、三紅線、委派表、PUA/Loop Mode
  保留 momo 專屬:環境索引、容器架構、診斷指令、CI/CD、PPT 系統、安全架構
- 新增 .claude/hooks/secrets.local.json: Telegram/Gemini/Gitea token 偵測 pattern
  由全域 commit-quality.js 自動載入,補充 momo 環境的專屬保護
- 新增 .claude/skills/telegram-bot-menu-restoration.py (已存在,補 track)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-21 23:13:18 +08:00
ogt
0c9a3cd875 fix(settings): 修正 Claude Code hook 格式為正確 schema 
- bypassPermissions -> permissions.defaultMode: "bypassPermissions"
- 移除無效的 thinking/effort 欄位
- Hook 改用 {matcher, hooks: [{type, command}]} 物件格式
- 新增 branch-protection.local.json: momo main 分支可直接 commit

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-21 23:09:00 +08:00
ogt
cac7303e46 feat(devteam): 引進 my-claude-devteam 架構 V11.0 
- CLAUDE.md 升版至 V11.0:整合 P7/P9/P10 工作模式、12 人專家團隊、
  委派鐵律、三條紅線(保留狙擊手模式精神)
- .claude/hooks/:新增 8 個 Hook(momo-prod-guard / commit-quality /
  large-file-warner / mcp-health / audit-log / suggest-compact /
  cost-tracker / session-summary)
- .claude/agents/:新增 11 個 Agent 定義(critic / debugger / db-expert /
  vuln-verifier / fullstack-engineer / planner / refactor-specialist /
  migration-engineer / onboarder / tool-expert / web-researcher)
- .claude/settings.json:啟用 bypassPermissions + Hook 自動政策架構
- .gitignore:加入 settings.local.json 防止 Secret 意外 commit

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-21 22:13:57 +08:00
ogt
1b4f3a7bbe feat: EwoooC 初始化 — 完整專案推版至 Gitea
Some checks failed
CD Pipeline / deploy (push) Failing after 59s
Details 
- 建立 Gitea Actions CD pipeline (.gitea/workflows/cd.yaml)
- 部署模式: rsync Python 檔案至 188 → docker restart (volume mount)
- Dockerfile/requirements 變動時自動重建 Docker image
- 部署通知: Telegram (開始/成功/失敗)
- 健康檢查: https://mo.wooo.work/health (最多 5 次重試)
- 同步最新 CLAUDE.md / ADR-008 / memory (2026-04-19)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-19 01:21:13 +08:00