fix(telegram): sanitize failover alert errors
All checks were successful
Code Review / ai-code-review (push) Successful in 10s
CD Pipeline / tests (push) Successful in 1m5s
CD Pipeline / build-and-deploy (push) Successful in 3m25s
CD Pipeline / post-deploy-checks (push) Successful in 1m16s

This commit is contained in:
Your Name
2026-05-06 16:45:29 +08:00
parent a94435f143
commit 8f715fd3f2
5 changed files with 101 additions and 11 deletions

View File

@@ -3825,3 +3825,35 @@ ruff check apps/api/tests/test_approval_execution_mcp_audit.py
- 本次是「先補 durable audit + legacy 標記」,不是直接硬切 MCP Gateway enforcement原因是 AwoooP project / agent / grant contract 尚未覆蓋所有 legacy 修復路徑,硬切會中斷現有 approved execution。
- 下一步應將 `decision_manager.py``pre_decision_investigator.py``post_execution_verifier.py``callback_dispatcher.py` 的 direct MCP caller 逐步套同一種可追蹤 wrapper最後再切到 `McpGateway.call()` enforcement。
---
## 2026-05-06台北— Telegram failover 告警 400 與 token log 外洩修補
**觸發**production API log 顯示 `telegram_failover_send_failed`Telegram `sendMessage` 回 400同時 chained traceback 內含 Telegram Bot URL會把 token 形式的敏感資訊寫入 log / trace。
### 已修正
| 範圍 | 結果 |
|------|------|
| `failover_alerter.py` | 失敗時不再使用 `logger.exception()` 輸出 chained traceback改記錄已遮蔽的錯誤文字與錯誤類型 |
| MarkdownV2 | `_lines_from_list()` 將編號句點改為 `1\\.`,並補上 compact 省略文字的 MarkdownV2 escape避免治理告警清單觸發 Telegram parse 400 |
| `telegram_gateway.py` | HTTPStatusError 不再 `raise ... from e`OTel span 也只記 sanitized gateway error避免 httpx exception 字串帶出 Bot URL |
| 測試 | 新增 Telegram error sanitizer 與 MarkdownV2 編號 escape 回歸測試 |
### 驗證
```text
pytest apps/api/tests/test_failover_alerter.py apps/api/tests/test_telegram_gateway_error_sanitizer.py apps/api/tests/test_heartbeat_dedup_p0_4.py -q
# 17 passed
py_compile apps/api/src/services/failover_alerter.py apps/api/src/services/telegram_gateway.py apps/api/tests/test_failover_alerter.py apps/api/tests/test_telegram_gateway_error_sanitizer.py
# 通過
ruff check apps/api/src/services/failover_alerter.py apps/api/tests/test_failover_alerter.py apps/api/tests/test_telegram_gateway_error_sanitizer.py
# All checks passed
```
### 注意
- `telegram_gateway.py` 全檔仍有大量既有 ruff 債,本次只針對 token 外洩與 MarkdownV2 400 風險做最小安全修補,避免在 6000+ 行 gateway 巨檔混入無關機械改動。