Merge remote-tracking branch 'origin/main' into codex/ai-automation-codebase-review-20260710

This commit is contained in:
ogt
2026-07-17 10:29:09 +08:00
6 changed files with 121 additions and 12 deletions

View File

@@ -34,6 +34,60 @@ _RECURRENCE_REQUIRED_PROPOSAL_SOURCES = frozenset(
"iwooos_wazuh_alert_ingress_scheduler",
}
)
_CONTROLLED_CORRELATION_RE = re.compile(
r"^[A-Za-z0-9](?:[A-Za-z0-9_.:-]{0,158}[A-Za-z0-9])?$"
)
def _controlled_correlation(
incident: dict[str, Any],
proposal: dict[str, Any],
*,
project_id: str,
incident_id: str,
) -> dict[str, str]:
"""Preserve safe source correlation or generate one bounded run identity."""
signal_labels = [
signal.get("labels")
for signal in incident.get("signals") or []
if isinstance(signal, dict) and isinstance(signal.get("labels"), dict)
]
def first_safe(key: str) -> str:
for source in (proposal, incident, *signal_labels):
value = str(source.get(key) or "").strip()
if (
value
and value not in {".", ".."}
and _CONTROLLED_CORRELATION_RE.fullmatch(value)
):
return value
return ""
safe_project = re.sub(r"[^A-Za-z0-9_.:-]", "-", project_id).strip("-.")
safe_incident = re.sub(r"[^A-Za-z0-9_.:-]", "-", incident_id).strip("-.")
generated_run = f"ansible:{safe_project or 'awoooi'}:{safe_incident or 'incident'}"
generated_run = generated_run[:160].rstrip("_.:-")
trace_id = first_safe("trace_id")
run_id = first_safe("run_id")
if not trace_id and not run_id:
trace_id = run_id = generated_run
elif not trace_id:
trace_id = run_id
elif not run_id:
run_id = trace_id
work_item_id = first_safe("work_item_id") or (
f"ansible-controlled:{safe_project or 'awoooi'}:"
f"{safe_incident or 'incident'}"
)[:160].rstrip("_.:-")
return {
"trace_id": trace_id,
"run_id": run_id,
"work_item_id": work_item_id,
"run_namespace": first_safe("run_namespace") or safe_project or "awoooi",
"source_receipt_ref": first_safe("source_receipt_ref"),
}
def _source_fingerprint(incident: dict[str, Any], proposal: dict[str, Any]) -> str:
@@ -1684,6 +1738,12 @@ def build_ansible_decision_audit_payload(
incident_id = str(incident_payload.get("incident_id") or "")
project_id = str(incident_payload.get("project_id") or "awoooi")
correlation = _controlled_correlation(
incident_payload,
proposal_data,
project_id=project_id,
incident_id=incident_id,
)
affected_services = [
str(value)
for value in incident_payload.get("affected_services") or []
@@ -1746,11 +1806,11 @@ def build_ansible_decision_audit_payload(
input_payload = {
"incident_id": incident_id,
"project_id": project_id,
"trace_id": str(incident_payload.get("trace_id") or ""),
"run_id": str(incident_payload.get("run_id") or ""),
"work_item_id": str(incident_payload.get("work_item_id") or ""),
"run_namespace": str(incident_payload.get("run_namespace") or ""),
"source_receipt_ref": str(incident_payload.get("source_receipt_ref") or ""),
"trace_id": correlation["trace_id"],
"run_id": correlation["run_id"],
"work_item_id": correlation["work_item_id"],
"run_namespace": correlation["run_namespace"],
"source_receipt_ref": correlation["source_receipt_ref"],
"asset_scope_aliases": [
str(alias)
for alias in incident_payload.get("asset_scope_aliases") or []