feat(governance): 新增 AI Provider 路由矩陣
This commit is contained in:
254
apps/api/src/services/ai_provider_route_matrix.py
Normal file
254
apps/api/src/services/ai_provider_route_matrix.py
Normal file
@@ -0,0 +1,254 @@
|
||||
"""
|
||||
AI provider route matrix snapshot.
|
||||
|
||||
Loads the latest committed, read-only AI Router / Ollama / OpenClaw /
|
||||
Nemotron / Gemini provider route matrix. This module never switches providers,
|
||||
calls paid APIs, probes external providers, reads secrets, changes runtime
|
||||
routes, enters shadow/canary, triggers workflows, or executes runtime actions.
|
||||
"""
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
import json
|
||||
from pathlib import Path
|
||||
from typing import Any
|
||||
|
||||
from src.services.snapshot_paths import default_evaluations_dir
|
||||
|
||||
_DEFAULT_EVALUATIONS_DIR = default_evaluations_dir(Path(__file__))
|
||||
_SNAPSHOT_PATTERN = "ai_provider_route_matrix_*.json"
|
||||
_SCHEMA_VERSION = "ai_provider_route_matrix_v1"
|
||||
|
||||
|
||||
def load_latest_ai_provider_route_matrix(
|
||||
evaluations_dir: Path | None = None,
|
||||
) -> dict[str, Any]:
|
||||
"""Load the newest committed AI provider route matrix snapshot."""
|
||||
directory = evaluations_dir or _DEFAULT_EVALUATIONS_DIR
|
||||
candidates = sorted(directory.glob(_SNAPSHOT_PATTERN))
|
||||
if not candidates:
|
||||
raise FileNotFoundError(f"no AI provider route matrix snapshots found in {directory}")
|
||||
|
||||
latest = candidates[-1]
|
||||
with latest.open(encoding="utf-8") as handle:
|
||||
payload = json.load(handle)
|
||||
|
||||
if not isinstance(payload, dict):
|
||||
raise ValueError(f"{latest}: expected JSON object")
|
||||
_require_schema(payload, _SCHEMA_VERSION, str(latest))
|
||||
_require_read_only_boundaries(payload, str(latest))
|
||||
_require_operation_boundaries(payload, str(latest))
|
||||
_require_rollup_consistency(payload, str(latest))
|
||||
_require_route_evidence(payload, str(latest))
|
||||
_require_candidate_gates(payload, str(latest))
|
||||
_require_operator_denials(payload, str(latest))
|
||||
_require_no_plaintext_secret_payload_keys(payload, str(latest))
|
||||
return payload
|
||||
|
||||
|
||||
def _require_schema(payload: dict[str, Any], expected: str, label: str) -> None:
|
||||
actual = payload.get("schema_version")
|
||||
if actual != expected:
|
||||
raise ValueError(f"{label}: expected schema_version={expected}, got {actual!r}")
|
||||
|
||||
|
||||
def _require_read_only_boundaries(payload: dict[str, Any], label: str) -> None:
|
||||
program_status = payload.get("program_status") or {}
|
||||
if program_status.get("read_only_mode") is not True:
|
||||
raise ValueError(f"{label}: program_status.read_only_mode must be true")
|
||||
|
||||
approval_boundaries = payload.get("approval_boundaries") or {}
|
||||
allowed = sorted(key for key, value in approval_boundaries.items() if value is not False)
|
||||
if allowed:
|
||||
raise ValueError(f"{label}: approval boundaries must remain false: {allowed}")
|
||||
|
||||
|
||||
def _require_operation_boundaries(payload: dict[str, Any], label: str) -> None:
|
||||
boundaries = payload.get("operation_boundaries") or {}
|
||||
if boundaries.get("read_only_api_allowed") is not True:
|
||||
raise ValueError(f"{label}: read_only_api_allowed must be true")
|
||||
|
||||
blocked_flags = {
|
||||
"provider_switch_allowed",
|
||||
"production_routing_change_allowed",
|
||||
"use_ai_router_toggle_allowed",
|
||||
"fallback_order_change_allowed",
|
||||
"ollama_endpoint_change_allowed",
|
||||
"paid_api_call_allowed",
|
||||
"paid_api_frequency_increase_allowed",
|
||||
"external_provider_probe_allowed",
|
||||
"live_benchmark_allowed",
|
||||
"shadow_or_canary_allowed",
|
||||
"openclaw_replacement_allowed",
|
||||
"nemotron_shadow_allowed",
|
||||
"gemini_direct_call_allowed",
|
||||
"secret_read_allowed",
|
||||
"secret_plaintext_allowed",
|
||||
"notification_send_allowed",
|
||||
"workflow_trigger_allowed",
|
||||
"deploy_trigger_allowed",
|
||||
"reload_trigger_allowed",
|
||||
"runtime_execution_allowed",
|
||||
}
|
||||
allowed = sorted(flag for flag in blocked_flags if boundaries.get(flag) is not False)
|
||||
if allowed:
|
||||
raise ValueError(f"{label}: operation boundaries must remain false: {allowed}")
|
||||
|
||||
|
||||
def _require_rollup_consistency(payload: dict[str, Any], label: str) -> None:
|
||||
routes = payload.get("provider_routes") or []
|
||||
gates = payload.get("candidate_gates") or []
|
||||
gaps = payload.get("source_gaps") or []
|
||||
rollups = payload.get("rollups") or {}
|
||||
|
||||
if rollups.get("total_routes") != len(routes):
|
||||
raise ValueError(f"{label}: rollups.total_routes must match provider_routes")
|
||||
if rollups.get("by_kind") != _count_by(routes, "kind"):
|
||||
raise ValueError(f"{label}: rollups.by_kind must match provider_routes")
|
||||
if rollups.get("by_status") != _count_by(routes, "status"):
|
||||
raise ValueError(f"{label}: rollups.by_status must match provider_routes")
|
||||
if rollups.get("by_route_gate") != _count_by(routes, "route_gate"):
|
||||
raise ValueError(f"{label}: rollups.by_route_gate must match provider_routes")
|
||||
|
||||
requiring_action = sorted(
|
||||
route.get("route_id")
|
||||
for route in routes
|
||||
if route.get("status") == "action_required"
|
||||
)
|
||||
if sorted(rollups.get("route_ids_requiring_action") or []) != requiring_action:
|
||||
raise ValueError(f"{label}: rollups.route_ids_requiring_action must match routes")
|
||||
|
||||
approval_gates = sorted(
|
||||
gate.get("gate_id")
|
||||
for gate in gates
|
||||
if gate.get("approval_required") is True
|
||||
)
|
||||
if sorted(rollups.get("candidate_gate_ids_requiring_approval") or []) != approval_gates:
|
||||
raise ValueError(
|
||||
f"{label}: rollups.candidate_gate_ids_requiring_approval must match candidate_gates"
|
||||
)
|
||||
|
||||
if sorted(rollups.get("source_gap_ids") or []) != sorted(gap.get("gap_id") for gap in gaps):
|
||||
raise ValueError(f"{label}: rollups.source_gap_ids must match source_gaps")
|
||||
|
||||
zero_count_fields = {
|
||||
"provider_switch_allowed_count",
|
||||
"paid_api_call_allowed_count",
|
||||
"shadow_or_canary_allowed_count",
|
||||
"runtime_route_change_allowed_count",
|
||||
}
|
||||
non_zero = sorted(field for field in zero_count_fields if rollups.get(field) != 0)
|
||||
if non_zero:
|
||||
raise ValueError(f"{label}: route permission rollup counts must remain 0: {non_zero}")
|
||||
|
||||
|
||||
def _require_route_evidence(payload: dict[str, Any], label: str) -> None:
|
||||
routes = payload.get("provider_routes") or []
|
||||
missing = sorted(
|
||||
route.get("route_id")
|
||||
for route in routes
|
||||
if not route.get("current_policy")
|
||||
or not route.get("provider_order")
|
||||
or not route.get("fallback_policy")
|
||||
or not route.get("evidence_refs")
|
||||
or not route.get("next_action")
|
||||
)
|
||||
if missing:
|
||||
raise ValueError(f"{label}: provider_routes must include policy, order, evidence, next_action: {missing}")
|
||||
|
||||
required_route_ids = {
|
||||
"ai_router_execution_policy",
|
||||
"ollama_global_endpoint_order",
|
||||
"alert_ai_ollama_first_lane",
|
||||
"openclaw_nemo_rca_lane",
|
||||
"nemotron_tool_calling_candidate",
|
||||
"gemini_final_fallback_policy",
|
||||
}
|
||||
present = {route.get("route_id") for route in routes}
|
||||
missing_required = sorted(required_route_ids - present)
|
||||
if missing_required:
|
||||
raise ValueError(f"{label}: missing required provider routes: {missing_required}")
|
||||
|
||||
blocked_candidates = sorted(
|
||||
route.get("route_id")
|
||||
for route in routes
|
||||
if route.get("kind") == "nemotron_candidate" and route.get("status") != "blocked"
|
||||
)
|
||||
if blocked_candidates:
|
||||
raise ValueError(f"{label}: Nemotron candidates must remain blocked: {blocked_candidates}")
|
||||
|
||||
|
||||
def _require_candidate_gates(payload: dict[str, Any], label: str) -> None:
|
||||
gates = payload.get("candidate_gates") or []
|
||||
required_ids = {
|
||||
"provider_switch_gate",
|
||||
"nemotron_replay_gate",
|
||||
"paid_provider_call_gate",
|
||||
}
|
||||
present = {gate.get("gate_id") for gate in gates}
|
||||
missing = sorted(required_ids - present)
|
||||
if missing:
|
||||
raise ValueError(f"{label}: missing required candidate gates: {missing}")
|
||||
|
||||
not_approval_required = sorted(
|
||||
gate.get("gate_id")
|
||||
for gate in gates
|
||||
if gate.get("approval_required") is not True
|
||||
)
|
||||
if not_approval_required:
|
||||
raise ValueError(f"{label}: candidate gates must require approval: {not_approval_required}")
|
||||
|
||||
|
||||
def _require_operator_denials(payload: dict[str, Any], label: str) -> None:
|
||||
contract = payload.get("operator_contract") or {}
|
||||
must_not_interpret_as = set(contract.get("must_not_interpret_as") or [])
|
||||
required_denials = {
|
||||
"provider 切換批准",
|
||||
"production routing change 批准",
|
||||
"Gemini / Claude / NVIDIA 付費呼叫批准",
|
||||
"OpenClaw 取代或降級批准",
|
||||
"Nemotron 進 shadow / canary 批准",
|
||||
"fallback order 修改批准",
|
||||
"Ollama endpoint / ConfigMap 修改批准",
|
||||
"Secret payload 已讀取或可輸出",
|
||||
"外部 live probe 或 benchmark 批准",
|
||||
"workflow / deploy / reload 觸發批准",
|
||||
"runtime execution 授權",
|
||||
}
|
||||
if not required_denials.issubset(must_not_interpret_as):
|
||||
raise ValueError(f"{label}: operator_contract.must_not_interpret_as is missing required denials")
|
||||
|
||||
provider_switch_policy = str(contract.get("provider_switch_policy") or "")
|
||||
if "P1-004" not in provider_switch_policy or "只能盤點與顯示" not in provider_switch_policy:
|
||||
raise ValueError(f"{label}: provider_switch_policy must preserve P1-004 read-only boundary")
|
||||
|
||||
|
||||
def _require_no_plaintext_secret_payload_keys(value: Any, label: str, path: str = "$") -> None:
|
||||
if isinstance(value, dict):
|
||||
forbidden_key_fragments = {
|
||||
"secret_value",
|
||||
"token_value",
|
||||
"authorization_header",
|
||||
"private_key",
|
||||
"webhook_secret",
|
||||
"runner_token",
|
||||
"gemini_api_key_value",
|
||||
"nvidia_api_key_value",
|
||||
"claude_api_key_value",
|
||||
}
|
||||
for key, nested in value.items():
|
||||
lowered = str(key).lower()
|
||||
if any(fragment in lowered for fragment in forbidden_key_fragments):
|
||||
raise ValueError(f"{label}: forbidden secret payload key at {path}.{key}")
|
||||
_require_no_plaintext_secret_payload_keys(nested, label, f"{path}.{key}")
|
||||
elif isinstance(value, list):
|
||||
for index, nested in enumerate(value):
|
||||
_require_no_plaintext_secret_payload_keys(nested, label, f"{path}[{index}]")
|
||||
|
||||
|
||||
def _count_by(items: list[dict[str, Any]], key: str) -> dict[str, int]:
|
||||
counts: dict[str, int] = {}
|
||||
for item in items:
|
||||
value = item.get(key)
|
||||
counts[value] = counts.get(value, 0) + 1
|
||||
return counts
|
||||
Reference in New Issue
Block a user