feat(governance): 新增 matched PlayBook 學習缺口
All checks were successful
Code Review / ai-code-review (push) Successful in 13s
CD Pipeline / tests (push) Successful in 1m24s
CD Pipeline / build-and-deploy (push) Successful in 4m48s
CD Pipeline / post-deploy-checks (push) Successful in 1m49s

This commit is contained in:
Your Name
2026-06-13 01:05:48 +08:00
parent f9619b137e
commit 3928e3ae67
14 changed files with 1548 additions and 9 deletions

View File

@@ -0,0 +1,273 @@
"""
AI Agent matched PlayBook learning gap snapshot.
Loads the latest committed P2-104 matched_playbook_id learning gap contract.
This module validates repo-committed evidence only; it never reads live DB rows,
updates PlayBook trust, writes KM, writes timelines, writes Gateway queues,
sends Telegram messages, reads secrets, or starts runtime work.
"""
from __future__ import annotations
import json
from pathlib import Path
from typing import Any
from src.services.snapshot_paths import default_evaluations_dir
_DEFAULT_EVALUATIONS_DIR = default_evaluations_dir(Path(__file__))
_SNAPSHOT_PATTERN = "ai_agent_matched_playbook_learning_gap_*.json"
_SCHEMA_VERSION = "ai_agent_matched_playbook_learning_gap_v1"
_RUNTIME_AUTHORITY = "matched_playbook_learning_gap_contract_only_no_live_trust_write"
def load_latest_ai_agent_matched_playbook_learning_gap(
evaluations_dir: Path | None = None,
) -> dict[str, Any]:
"""Load the newest committed matched PlayBook learning gap contract."""
directory = evaluations_dir or _DEFAULT_EVALUATIONS_DIR
candidates = sorted(directory.glob(_SNAPSHOT_PATTERN))
if not candidates:
raise FileNotFoundError(f"no AI Agent matched PlayBook learning gap snapshots found in {directory}")
latest = candidates[-1]
with latest.open(encoding="utf-8") as handle:
payload = json.load(handle)
if not isinstance(payload, dict):
raise ValueError(f"{latest}: expected JSON object")
_require_schema(payload, str(latest))
_require_no_live_boundaries(payload, str(latest))
_require_learning_checkpoints(payload, str(latest))
_require_gap_items(payload, str(latest))
_require_test_contracts(payload, str(latest))
_require_owner_gates(payload, str(latest))
_require_redaction_contract(payload, str(latest))
_require_rollup_consistency(payload, str(latest))
return payload
def _require_schema(payload: dict[str, Any], label: str) -> None:
if payload.get("schema_version") != _SCHEMA_VERSION:
raise ValueError(f"{label}: expected schema_version={_SCHEMA_VERSION}")
status = payload.get("program_status") or {}
if status.get("read_only_mode") is not True:
raise ValueError(f"{label}: program_status.read_only_mode must be true")
if status.get("runtime_authority") != _RUNTIME_AUTHORITY:
raise ValueError(f"{label}: runtime_authority must remain {_RUNTIME_AUTHORITY}")
if status.get("current_task_id") != "P2-104":
raise ValueError(f"{label}: current_task_id must be P2-104")
if status.get("next_task_id") != "P2-105":
raise ValueError(f"{label}: next_task_id must be P2-105")
def _require_no_live_boundaries(payload: dict[str, Any], label: str) -> None:
truth = payload.get("learning_gap_truth") or {}
required_true = {
"p2_103_result_audit_loaded",
"matched_playbook_source_contract_ready",
"approval_record_contract_ready",
"learning_service_contract_ready",
"execution_learning_await_contract_ready",
"e2e_test_contract_ready",
"owner_gate_contract_ready",
"all_checkpoints_have_evidence_ref",
}
missing = sorted(field for field in required_true if truth.get(field) is not True)
if missing:
raise ValueError(f"{label}: learning gap readiness flags must remain true: {missing}")
required_false = {
"runtime_execution_enabled",
"live_db_read_enabled",
"playbook_trust_write_enabled",
"km_write_enabled",
"timeline_write_enabled",
"gateway_queue_write_enabled",
"telegram_send_enabled",
"production_write_enabled",
"secret_value_read_enabled",
"host_or_cluster_command_enabled",
"destructive_operation_enabled",
}
unsafe = sorted(field for field in required_false if truth.get(field) is not False)
if unsafe:
raise ValueError(f"{label}: live read/write/send/execution flags must remain false: {unsafe}")
zero_counts = {
"runtime_execution_count_24h",
"live_db_read_count_24h",
"playbook_trust_write_count_24h",
"km_write_count_24h",
"timeline_write_count_24h",
"gateway_queue_write_count_24h",
"telegram_send_count_24h",
"production_write_count_24h",
"secret_value_read_count_24h",
"host_or_cluster_command_count_24h",
"destructive_operation_count_24h",
}
non_zero = sorted(field for field in zero_counts if truth.get(field) != 0)
if non_zero:
raise ValueError(f"{label}: live read/write/send/execution counts must remain zero: {non_zero}")
def _require_learning_checkpoints(payload: dict[str, Any], label: str) -> None:
checkpoints = payload.get("learning_checkpoints") or []
checkpoint_ids = {checkpoint.get("checkpoint_id") for checkpoint in checkpoints}
required = {
"checkpoint_proposal_playbook_match",
"checkpoint_approval_record_serialization",
"checkpoint_learning_service_update",
"checkpoint_execution_await_learning",
"checkpoint_repair_candidate_playbook_id",
"checkpoint_webhook_source_correlation",
"checkpoint_live_null_rate_gate",
}
if checkpoint_ids != required:
raise ValueError(f"{label}: learning checkpoints must match {sorted(required)}")
valid_status = {
"covered_by_test",
"covered_by_existing_tests",
"source_guarded",
"blocked_until_live_evidence",
}
for checkpoint in checkpoints:
checkpoint_id = checkpoint.get("checkpoint_id")
if checkpoint.get("current_status") not in valid_status:
raise ValueError(f"{label}: checkpoint {checkpoint_id} current_status is invalid")
if checkpoint.get("writes_live_state") is not False:
raise ValueError(f"{label}: checkpoint {checkpoint_id} writes_live_state must remain false")
if not isinstance(checkpoint.get("requires_owner_review"), bool):
raise ValueError(f"{label}: checkpoint {checkpoint_id} requires_owner_review must be boolean")
for field in {"source_component", "evidence_ref", "expected_signal", "gap_if_missing"}:
if not checkpoint.get(field):
raise ValueError(f"{label}: checkpoint {checkpoint_id} must list {field}")
if not _is_redacted_sha256(checkpoint.get("evidence_hash")):
raise ValueError(f"{label}: checkpoint {checkpoint_id} must expose evidence_hash")
def _require_gap_items(payload: dict[str, Any], label: str) -> None:
gaps = payload.get("gap_items") or []
if not gaps:
raise ValueError(f"{label}: gap_items must not be empty")
for gap in gaps:
gap_id = gap.get("gap_id")
if gap.get("severity") not in {"critical", "high", "medium", "low"}:
raise ValueError(f"{label}: gap {gap_id} severity is invalid")
if not isinstance(gap.get("blocks_trust_write"), bool):
raise ValueError(f"{label}: gap {gap_id} blocks_trust_write must be boolean")
for field in {"display_name", "current_state", "required_evidence", "owner_next_action"}:
if not gap.get(field):
raise ValueError(f"{label}: gap {gap_id} must list {field}")
def _require_test_contracts(payload: dict[str, Any], label: str) -> None:
tests = payload.get("test_contracts") or []
if len(tests) < 5:
raise ValueError(f"{label}: test_contracts must include at least five tests")
for test in tests:
test_id = test.get("test_id")
if test.get("live_execution_required") is not False:
raise ValueError(f"{label}: test {test_id} live_execution_required must remain false")
if not test.get("test_ref") or "::" not in test.get("test_ref", ""):
raise ValueError(f"{label}: test {test_id} must expose test_ref")
if not test.get("expected_result"):
raise ValueError(f"{label}: test {test_id} must list expected_result")
def _require_owner_gates(payload: dict[str, Any], label: str) -> None:
gates = payload.get("owner_gates") or []
gate_ids = {gate.get("gate_id") for gate in gates}
required = {
"gate_read_only_live_null_rate",
"gate_playbook_trust_write",
"gate_km_timeline_write",
}
if gate_ids != required:
raise ValueError(f"{label}: owner gates must match {sorted(required)}")
for gate in gates:
gate_id = gate.get("gate_id")
if gate.get("approval_required") is not True:
raise ValueError(f"{label}: gate {gate_id} approval_required must remain true")
if gate.get("runtime_write_allowed") is not False:
raise ValueError(f"{label}: gate {gate_id} runtime_write_allowed must remain false")
if not gate.get("blocked_reason"):
raise ValueError(f"{label}: gate {gate_id} must list blocked_reason")
def _require_redaction_contract(payload: dict[str, Any], label: str) -> None:
contract = payload.get("display_redaction_contract") or {}
required_false = {
"raw_prompt_display_allowed",
"private_reasoning_display_allowed",
"secret_value_display_allowed",
"raw_telegram_payload_display_allowed",
"work_window_transcript_display_allowed",
}
if contract.get("redaction_required") is not True:
raise ValueError(f"{label}: redaction_required must be true")
unsafe = sorted(field for field in required_false if contract.get(field) is not False)
if unsafe:
raise ValueError(f"{label}: redaction flags must remain false: {unsafe}")
if not contract.get("allowed_display_fields"):
raise ValueError(f"{label}: allowed_display_fields must not be empty")
if not contract.get("blocked_display_fields"):
raise ValueError(f"{label}: blocked_display_fields must not be empty")
def _require_rollup_consistency(payload: dict[str, Any], label: str) -> None:
rollups = payload.get("rollups") or {}
checkpoints = payload.get("learning_checkpoints") or []
gaps = payload.get("gap_items") or []
tests = payload.get("test_contracts") or []
gates = payload.get("owner_gates") or []
expected = {
"learning_checkpoint_count": len(checkpoints),
"covered_by_test_count": sum(
1
for item in checkpoints
if item.get("current_status") in {"covered_by_test", "covered_by_existing_tests"}
),
"source_guarded_count": sum(1 for item in checkpoints if item.get("current_status") == "source_guarded"),
"blocked_until_live_evidence_count": sum(1 for item in checkpoints if item.get("current_status") == "blocked_until_live_evidence"),
"gap_item_count": len(gaps),
"high_severity_gap_count": sum(1 for item in gaps if item.get("severity") == "high"),
"test_contract_count": len(tests),
"owner_gate_count": len(gates),
"approval_required_gate_count": sum(1 for item in gates if item.get("approval_required") is True),
}
mismatches = {
key: {"expected": value, "actual": rollups.get(key)}
for key, value in expected.items()
if rollups.get(key) != value
}
if mismatches:
raise ValueError(f"{label}: rollup counts mismatch: {mismatches}")
zero_rollups = {
"runtime_execution_count",
"live_db_read_count",
"playbook_trust_write_count",
"km_write_count",
"timeline_write_count",
"gateway_queue_write_count",
"telegram_send_count",
"production_write_count",
"secret_value_read_count",
"destructive_operation_count",
}
non_zero = sorted(field for field in zero_rollups if rollups.get(field) != 0)
if non_zero:
raise ValueError(f"{label}: rollup live read/write/send/execution counts must remain zero: {non_zero}")
def _is_redacted_sha256(value: Any) -> bool:
if not isinstance(value, str):
return False
if not value.startswith("sha256:"):
return False
digest = value.removeprefix("sha256:")
return len(digest) == 64 and all(char in "0123456789abcdef" for char in digest)