6cad59f83e
All checks were successful
CD Pipeline / deploy (push) Successful in 2m23s
post-deploy code review pipeline 改為「任何 finding 一律觸發 AiderHeal」,
局部覆寫 ADR-012 L3 HITL(不影響 schema migration / 流量切換 /
customer-facing 廣播 / AIOps prod SSH 等其他 L3 場景)。安全網改為
Git revert + Gitea CI/CD 健康檢查 + 主開關 CODE_REVIEW_AUTO_FIX_ENABLED。
實作:
• _ea_orchestrate / _guard_ea_decision / rule fallback 三條路徑統一為
has_findings AND AUTO_FIX_ENABLED → auto_fix=true
• _guard 強制 LLM 即使回 auto_fix=False 也升級為 true(核心保證)
• CODE_REVIEW_AUTO_FIX_ENABLED 預設 false → true
• Telegram 文案移除「需人工審查」,改顯示主開關狀態
• action_plan status pending_review → auto_disabled(語意對齊)
• aider_heal_executor 標頭 ADR-014 → ADR-020、補「直推 main」分支策略
文件:
• 新增 docs/adr/ADR-020-code-review-full-autoheal.md
• ADR-012 加 Note 行反向引用 ADR-020
• README 索引收錄
測試:tests/test_code_review_pipeline_security.py 反轉 HITL 期望,
新增 5 case(含 LLM 降級被 guard 拒絕、LLM human_review_needed=true 被改 false)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
316 lines
14 KiB
Plaintext
316 lines
14 KiB
Plaintext
# ==========================================
|
||
# MOMO 監控系統 - 環境變數配置模板
|
||
# ==========================================
|
||
# 複製此檔案為 .env 並填入實際值
|
||
# 注意:.env 檔案已加入 .gitignore,不會被提交到版本控制
|
||
|
||
# ==========================================
|
||
# 安全設定
|
||
# ==========================================
|
||
# [必填] 登入密碼(弱密碼會被 LoginManager 拒絕)
|
||
LOGIN_PASSWORD=your_strong_password_here
|
||
|
||
# [必填] Flask session 簽章密鑰(建議 openssl rand -hex 32)
|
||
SECRET_KEY=your_flask_secret_key_here
|
||
|
||
# [預設 false] 開發測試用:設 true 可繞過所有 @login_required(生產環境嚴禁開啟)
|
||
DISABLE_LOGIN=false
|
||
|
||
# ==========================================
|
||
# Telegram Bot 設定
|
||
# ==========================================
|
||
TELEGRAM_BOT_TOKEN=your_telegram_bot_token
|
||
TELEGRAM_CHAT_IDS=["chat_id_1","chat_id_2","chat_id_3"]
|
||
# [選填] 舊腳本 fallback;新流程優先使用 TELEGRAM_CHAT_IDS JSON 陣列
|
||
TELEGRAM_CHAT_ID=chat_id_1
|
||
|
||
# ==========================================
|
||
# Line Notify 設定
|
||
# ==========================================
|
||
LINE_ENABLED=false
|
||
LINE_CHANNEL_ACCESS_TOKEN=your_line_channel_access_token
|
||
LINE_GROUP_ID=your_line_group_id
|
||
|
||
# ==========================================
|
||
# Email (SMTP) 設定
|
||
# ==========================================
|
||
EMAIL_HOST=smtp.gmail.com
|
||
EMAIL_PORT=587
|
||
EMAIL_HOST_USER=your_email@gmail.com
|
||
EMAIL_HOST_PASSWORD=your_email_app_password
|
||
EMAIL_SENDER=your_email@gmail.com
|
||
EMAIL_RECEIVER=receiver_email@gmail.com
|
||
|
||
# ==========================================
|
||
# 網路設定
|
||
# ==========================================
|
||
PUBLIC_URL=http://your_server_ip:port
|
||
NGROK_AUTH_TOKEN=your_ngrok_auth_token
|
||
|
||
# ==========================================
|
||
# 通訊模組設定(從環境變數讀取)
|
||
# ==========================================
|
||
|
||
# --- Alert Webhook ---
|
||
ALERT_WEBHOOK_USER=alertmanager
|
||
ALERT_WEBHOOK_PASSWORD=your_secure_webhook_password_here
|
||
# [預設 true] Alertmanager 告警自動修復開關;正式環境需配合 cooldown 與 allowlist
|
||
AUTO_FIX_ENABLED=true
|
||
|
||
# --- GitLab CI/CD ---
|
||
GITLAB_URL=http://192.168.0.110:8929
|
||
GITLAB_TOKEN=your_gitlab_token_here
|
||
GITLAB_PROJECT_ID=1
|
||
|
||
# --- Telegram Bot ---
|
||
|
||
# ==========================================
|
||
# HTTPS 設定(生產環境)
|
||
# ==========================================
|
||
# 如果部署在 HTTPS 環境,設為 true
|
||
USE_HTTPS=false
|
||
|
||
# ==========================================
|
||
# Gunicorn Runtime 設定
|
||
# ==========================================
|
||
# [預設 4] Web worker 數;正式環境需配合 PostgreSQL pool 上限
|
||
WEB_CONCURRENCY=4
|
||
# [預設 gthread] Thread worker 讓 /health 不會被 Dashboard 長查詢完全排隊
|
||
GUNICORN_WORKER_CLASS=gthread
|
||
# [預設 4] 每個 worker 的 threads;正式環境需配合 DB pool 與 CPU 上限
|
||
GUNICORN_THREADS=4
|
||
# [預設 300] 長查詢 / 報表匯出 timeout 秒數
|
||
GUNICORN_TIMEOUT=300
|
||
|
||
# ==========================================
|
||
# Database Settings
|
||
# ==========================================
|
||
# PostgreSQL Configuration (Production)
|
||
POSTGRES_HOST=momo-postgres
|
||
POSTGRES_PORT=5432
|
||
POSTGRES_USER=momo
|
||
POSTGRES_PASSWORD=your_secure_postgres_password_here
|
||
POSTGRES_DB=momo_analytics
|
||
|
||
# SQLite Configuration (Development/Backup)
|
||
SQLITE_PATH=data/momo_database.db
|
||
|
||
# Database Type Selection (postgresql or sqlite)
|
||
USE_POSTGRESQL=true
|
||
|
||
# ==========================================
|
||
# Google Drive 自動匯入設定
|
||
# ==========================================
|
||
# 說明:系統會自動從 Google Drive 下載、匯入並刪除當日業績 Excel 檔案
|
||
# 設定方式:請參考 GOOGLE_DRIVE_SETUP.md
|
||
# 認證檔案位置:config/google_credentials.json
|
||
# Token 檔案位置:config/google_token.pickle(首次認證後自動產生)
|
||
GDRIVE_FOLDER_PATH=業績報表/當日業績
|
||
GDRIVE_FILE_PATTERN=即時業績_當日
|
||
|
||
# ==========================================
|
||
# Hermes 3 競價情報分析(Module 2 / ADR-012)
|
||
# ==========================================
|
||
# [預設 http://192.168.0.111:11434] Hermes Ollama 端點(內網免認證)
|
||
HERMES_URL=http://192.168.0.111:11434
|
||
|
||
# [預設 120] Hermes 推理 timeout(秒);批量 300 筆預估 ~90s
|
||
HERMES_TIMEOUT=120
|
||
|
||
# [預設 HERMES_URL] Embedding 服務主機(ADR-003 對齊:embedding 走 Hermes 主機)
|
||
EMBEDDING_HOST=http://192.168.0.111:11434
|
||
# [預設 45] Embedding API timeout;優先使用 Ollama /api/embed,舊節點 fallback /api/embeddings
|
||
EMBEDDING_TIMEOUT=45
|
||
|
||
# ==========================================
|
||
# Elephant Alpha AI Agent Super Orchestrator Settings
|
||
# ==========================================
|
||
# Description: Elephant Alpha (100B parameter model) for autonomous AI agent coordination
|
||
# Provider: NVIDIA NIM hosted OpenAI-compatible API
|
||
# Documentation: https://docs.nvidia.com/nim/large-language-models/latest/reference/api-reference.html
|
||
|
||
# OpenRouter key 保留給舊流程;ElephantService 目前使用 NVIDIA_API_KEY。
|
||
OPENROUTER_API_KEY=sk-or-v1-your-openrouter-api-key-here
|
||
# NVIDIA NIM hosted model;Ultra 253B 可能需帳號權限,預設用已驗證可呼叫的 Super 49B。
|
||
ELEPHANT_ALPHA_MODEL=nvidia/llama-3.3-nemotron-super-49b-v1.5
|
||
ELEPHANT_ALPHA_FALLBACK_MODELS=nvidia/llama-3.3-nemotron-super-49b-v1.5,nvidia/llama-3.1-nemotron-70b-instruct,meta/llama-3.1-8b-instruct
|
||
|
||
# Elephant Alpha Behavior Configuration
|
||
ELEPHANT_ALPHA_CONFIDENCE_THRESHOLD=0.7
|
||
ELEPHANT_ALPHA_MAX_AUTONOMOUS_DECISIONS_PER_HOUR=10
|
||
ELEPHANT_ALPHA_TIMEOUT_SECONDS=180
|
||
ELEPHANT_ALPHA_CONTEXT_WINDOW=256000
|
||
|
||
# Autonomous Engine Settings
|
||
ELEPHANT_ALPHA_LEARNING_RATE=0.1
|
||
ELEPHANT_ALPHA_PERFORMANCE_TRACKING=true
|
||
ELEPHANT_ALPHA_AUTO_ESCALATION_ENABLED=true
|
||
|
||
# Integration Settings
|
||
ELEPHANT_ALPHA_HERMES_URL=http://192.168.0.111:11434
|
||
ELEPHANT_ALPHA_HERMES_MODEL=hermes3:latest
|
||
ELEPHANT_ALPHA_NEMOTRON_NIM_ENDPOINT=https://integrate.api.nvidia.com/v1
|
||
ELEPHANT_ALPHA_URL=https://integrate.api.nvidia.com/v1/chat/completions
|
||
ELEPHANT_ALPHA_OPENCLAW_GEMINI_ENDPOINT=https://generativelanguage.googleapis.com/v1beta
|
||
|
||
# ── Google Gemini API ───────────────────────────────────────────────────────
|
||
# OpenClaw 策略師 / MCP Collector / Code Review Pipeline 共用金鑰
|
||
# 取得方式:https://aistudio.google.com/app/apikey
|
||
# 注意:Gemini 2.0 Flash 將於 2026-06-01 關閉,後續需遷移至 2.5 Flash
|
||
GEMINI_API_KEY=<change-me>
|
||
GEMINI_MODEL=gemini-1.5-flash
|
||
OPENCLAW_MODEL=gemini-2.5-flash-preview-05-20
|
||
|
||
# Debug and Monitoring
|
||
ELEPHANT_ALPHA_DEBUG_MODE=false
|
||
ELEPHANT_ALPHA_METRICS_ENABLED=true
|
||
ELEPHANT_ALPHA_AUDIT_LOGGING=true
|
||
|
||
# ── System Maintenance API ──────────────────────────────────────────────────
|
||
# X-Internal-Key 標頭認證金鑰(必填)
|
||
# 用於 /api/system/cleanup/* 和 /api/system/health 等維護路由。
|
||
# 建議使用 openssl rand -hex 32 生成。
|
||
INTERNAL_API_KEY=your-secret-internal-key-here
|
||
|
||
# ──────────────────────────────────────────────────────────────────────────
|
||
# 初始管理員 / Bot API / SSH Jump(Phase 1-3 後新增的必需變數)
|
||
# ──────────────────────────────────────────────────────────────────────────
|
||
|
||
# [必填於首次部署] 初始管理員密碼(services/user_service.py create_initial_admin 用)
|
||
INITIAL_ADMIN_PASSWORD=your_initial_admin_password_here
|
||
|
||
# [選填] Bot API 端點認證 Token(routes/bot_api_routes.py)
|
||
# 不設則所有 /bot/api/* 端點拒絕請求
|
||
BOT_API_TOKEN=your_bot_api_token_here
|
||
|
||
# [必填] Post-deploy AI code review pipeline 自動修復主開關
|
||
# ADR-020 規定預設 true(任何 finding 一律自動觸發 AiderHeal,安全網=Git+CI/CD 回滾)
|
||
# 僅在需要短期關閉自動修復鏈時設為 false
|
||
CODE_REVIEW_AUTO_FIX_ENABLED=true
|
||
|
||
# [選填] 僅本機開發可設 true;正式環境不得允許不安全 internal webhook
|
||
MOMO_ALLOW_INSECURE_INTERNAL_WEBHOOK_FOR_DEV=false
|
||
|
||
# [選填] AIOps SSH Jump 跳板設定(services/jump_executor.py)
|
||
SSH_JUMP_HOST=192.168.0.110
|
||
SSH_JUMP_USER=wooo
|
||
SSH_TARGET_HOST=192.168.0.188
|
||
SSH_TARGET_USER=ollama
|
||
|
||
# ──────────────────────────────────────────────────────────────────────────
|
||
# AIOps / Autonomous Code Repair(ADR-014)
|
||
# ──────────────────────────────────────────────────────────────────────────
|
||
|
||
# [選填] Aider 自動修復執行所在 SSH 主機(預設 110 Gateway)
|
||
HEAL_SSH_HOST=192.168.0.110
|
||
HEAL_SSH_USER=wooo
|
||
HEAL_SSH_PORT=22
|
||
|
||
# [選填] SSH private key 路徑;未設定則使用 services/aider_heal_executor.py 預設值
|
||
DEPLOY_SSH_KEY_PATH=/home/wooo/.ssh/id_ed25519
|
||
|
||
# [選填] 110 主機上的 repo 路徑
|
||
AIDER_REPO_PATH=/home/wooo/ewoooc
|
||
|
||
# [選填] Aider 使用的模型與 Ollama API endpoint
|
||
AIDER_MODEL=ollama/qwen2.5-coder:7b
|
||
OLLAMA_API_BASE=http://192.168.0.111:11434
|
||
|
||
# [選填] 自動修復安全閥
|
||
AIDER_MAX_DIFF_LINES=50
|
||
AIDER_MAX_HOURLY_FIX=5
|
||
MOMO_BASE_URL=https://mo.wooo.work
|
||
|
||
# ──────────────────────────────────────────────────────────────────────────
|
||
# Elephant Alpha / AutoHeal SSH 控制
|
||
# ──────────────────────────────────────────────────────────────────────────
|
||
|
||
# [選填] AutoHeal/Elephant Alpha SSH 跳板設定
|
||
ELEPHANT_ALPHA_JUMP_HOST=192.168.0.110
|
||
ELEPHANT_ALPHA_JUMP_USER=wooo
|
||
ELEPHANT_ALPHA_SSH_KEY_PATH=config/autoheal_id_ed25519
|
||
ELEPHANT_ALPHA_SSH_PORT=22
|
||
ELEPHANT_ALPHA_SSH_CONNECT_TIMEOUT=10
|
||
ELEPHANT_ALPHA_SSH_COMMAND_TIMEOUT=60
|
||
ELEPHANT_ALPHA_ALLOWED_SSH_HOSTS=192.168.0.188
|
||
|
||
# [選填] 自愈節流與狀態快取
|
||
ELEPHANT_ALPHA_CACHE_DB=:memory:
|
||
ELEPHANT_ALPHA_ESCALATION_COOLDOWN_MIN=30
|
||
ELEPHANT_TIMEOUT=120
|
||
|
||
# ──────────────────────────────────────────────────────────────────────────
|
||
# NVIDIA NIM / OpenClaw / Internal Webhook
|
||
# ──────────────────────────────────────────────────────────────────────────
|
||
|
||
# [選填] NemoTron / NIM / OpenClaw 相關服務共用
|
||
NVIDIA_API_KEY=your_nvidia_api_key_here
|
||
INTERNAL_WEBHOOK_TOKEN=your_internal_webhook_token_here
|
||
|
||
# [選填] EventRouter 失敗佇列與重播策略
|
||
MOMO_EVENT_ROUTER_QUEUE=/app/data/event_router_failed_deliveries.jsonl
|
||
MOMO_EVENT_ROUTER_DEFAULT_DEDUP_SEC=0
|
||
MOMO_EVENT_ROUTER_REPLAY_ON_SUCCESS=true
|
||
MOMO_EVENT_ROUTER_REPLAY_LIMIT=3
|
||
|
||
# [選填] AI 自動化 Smoke 歷史保存
|
||
MOMO_AI_AUTOMATION_SMOKE_HISTORY=/app/data/ai_automation_smoke_history.jsonl
|
||
MOMO_AI_AUTOMATION_SMOKE_HISTORY_LIMIT=200
|
||
|
||
# [選填] OpenClaw Telegram bot
|
||
OPENCLAW_BOT_TOKEN=your_openclaw_bot_token_here
|
||
OPENCLAW_GROUP_ID=-1003940688311
|
||
OPENCLAW_ALLOWED_USERS=
|
||
|
||
# [選填] AI provider 選擇與外部資料源
|
||
AI_PROVIDER=ollama
|
||
YOUTUBE_API_KEY=
|
||
GEMINI_TIMEOUT=60
|
||
|
||
# ──────────────────────────────────────────────────────────────────────────
|
||
# Ollama / MCP / 密碼政策
|
||
# ──────────────────────────────────────────────────────────────────────────
|
||
|
||
OLLAMA_HOST=https://ollama.wooo.work/ollama
|
||
OLLAMA_MODEL=gemma3:4b
|
||
OLLAMA_TIMEOUT=120
|
||
OLLAMA_COPY_TIMEOUT=180
|
||
OLLAMA_EMBED_TIMEOUT=45
|
||
MCP_CACHE_TTL_HOURS=24
|
||
MCP_GEMINI_MODEL=gemini-2.0-flash
|
||
|
||
PASSWORD_MIN_LENGTH=8
|
||
PASSWORD_REQUIRE_UPPERCASE=true
|
||
PASSWORD_REQUIRE_LOWERCASE=true
|
||
PASSWORD_REQUIRE_DIGIT=true
|
||
PASSWORD_REQUIRE_SPECIAL=false
|
||
PASSWORD_SPECIAL_CHARS='!@#$%^&*()_+-=[]{}|;:,.<>?'
|
||
PASSWORD_EXPIRY_DAYS=90
|
||
|
||
# ──────────────────────────────────────────────────────────────────────────
|
||
# 備份 / 報表 / 同步
|
||
# ──────────────────────────────────────────────────────────────────────────
|
||
|
||
BACKUP_DIR=/app/data/db_backups
|
||
BACKUP_RETENTION_DAYS=7
|
||
DB_CONTAINER=momo-db
|
||
REPORTS_DIR=/app/data/reports
|
||
DATABASE_PATH=data/momo_database.db
|
||
|
||
PG_SYNC_ENABLED=false
|
||
PG_SYNC_INTERVAL=300
|
||
|
||
# [選填] 外部 BI 連結(模板全域變數)
|
||
METABASE_URL=https://mo.wooo.work/metabase
|
||
GRIST_URL=https://grist.wooo.work
|
||
|
||
# ──────────────────────────────────────────────────────────────────────────
|
||
# n8n Workflow Automation(monitoring profile)
|
||
# ──────────────────────────────────────────────────────────────────────────
|
||
|
||
N8N_HOST=192.168.0.110
|
||
N8N_PROTOCOL=http
|
||
N8N_WEBHOOK_BASE_URL=http://192.168.0.110:5678/
|
||
N8N_USER=admin
|
||
N8N_PASSWORD=change-me
|