feat(governance): 新增 owner approved result capture readback
This commit is contained in:
@@ -88,6 +88,9 @@ from src.services.ai_agent_owner_approved_learning_dry_run import (
|
||||
from src.services.ai_agent_owner_approved_result_capture_dry_run import (
|
||||
load_latest_ai_agent_owner_approved_result_capture_dry_run,
|
||||
)
|
||||
from src.services.ai_agent_owner_approved_result_capture_readback import (
|
||||
load_latest_ai_agent_owner_approved_result_capture_readback,
|
||||
)
|
||||
from src.services.ai_agent_operation_permission_model import (
|
||||
load_latest_ai_agent_operation_permission_model,
|
||||
)
|
||||
@@ -1227,6 +1230,36 @@ async def get_agent_owner_approved_result_capture_dry_run() -> dict[str, Any]:
|
||||
) from exc
|
||||
|
||||
|
||||
@router.get(
|
||||
"/agent-owner-approved-result-capture-readback",
|
||||
response_model=dict[str, Any],
|
||||
summary="取得 AI Agent owner-approved result capture readback",
|
||||
description=(
|
||||
"讀取最新已提交的 P2-107 owner-approved result capture readback;"
|
||||
"此端點只回傳 result capture readback digest、promotion readiness review、failure lane、"
|
||||
"reviewer queue preview 與 operator action,"
|
||||
"不讀 canonical runtime target、不寫 score、不寫 result capture、不寫 learning、不更新 PlayBook trust、"
|
||||
"不寫 reviewer queue、不寫 Gateway queue、不送 Telegram、不呼叫 Bot API、不寫 production target、不讀 secret。"
|
||||
),
|
||||
)
|
||||
async def get_agent_owner_approved_result_capture_readback() -> dict[str, Any]:
|
||||
"""Return the latest read-only owner-approved result capture readback contract."""
|
||||
try:
|
||||
payload = await asyncio.to_thread(load_latest_ai_agent_owner_approved_result_capture_readback)
|
||||
return redact_public_lan_topology(payload)
|
||||
except FileNotFoundError as exc:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_404_NOT_FOUND,
|
||||
detail=str(exc),
|
||||
) from exc
|
||||
except (json.JSONDecodeError, ValueError) as exc:
|
||||
logger.error("ai_agent_owner_approved_result_capture_readback_invalid", error=str(exc))
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
|
||||
detail="AI Agent owner-approved result capture readback 無效",
|
||||
) from exc
|
||||
|
||||
|
||||
@router.get(
|
||||
"/agent-owner-approved-fixture-dry-run",
|
||||
response_model=dict[str, Any],
|
||||
|
||||
@@ -0,0 +1,391 @@
|
||||
"""
|
||||
AI Agent owner-approved result capture readback snapshot.
|
||||
|
||||
Loads the latest committed P2-107 owner-approved result capture readback
|
||||
contract. This module validates repo-committed evidence only; it never writes
|
||||
scores, result capture rows, learning state, PlayBook trust, reviewer queues,
|
||||
Gateway queues, Telegram messages, production targets, or secrets.
|
||||
"""
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
import json
|
||||
from pathlib import Path
|
||||
from typing import Any
|
||||
|
||||
from src.services.snapshot_paths import default_evaluations_dir
|
||||
|
||||
_DEFAULT_EVALUATIONS_DIR = default_evaluations_dir(Path(__file__))
|
||||
_SNAPSHOT_PATTERN = "ai_agent_owner_approved_result_capture_readback_*.json"
|
||||
_SCHEMA_VERSION = "ai_agent_owner_approved_result_capture_readback_v1"
|
||||
_RUNTIME_AUTHORITY = "owner_approved_result_capture_readback_only_no_live_write"
|
||||
|
||||
|
||||
def load_latest_ai_agent_owner_approved_result_capture_readback(
|
||||
evaluations_dir: Path | None = None,
|
||||
) -> dict[str, Any]:
|
||||
"""Load the newest committed owner-approved result capture readback contract."""
|
||||
directory = evaluations_dir or _DEFAULT_EVALUATIONS_DIR
|
||||
candidates = sorted(directory.glob(_SNAPSHOT_PATTERN))
|
||||
if not candidates:
|
||||
raise FileNotFoundError(
|
||||
f"no AI Agent owner-approved result capture readback snapshots found in {directory}"
|
||||
)
|
||||
|
||||
latest = candidates[-1]
|
||||
with latest.open(encoding="utf-8") as handle:
|
||||
payload = json.load(handle)
|
||||
|
||||
if not isinstance(payload, dict):
|
||||
raise ValueError(f"{latest}: expected JSON object")
|
||||
_require_schema(payload, str(latest))
|
||||
_require_prior_dry_run(payload, str(latest))
|
||||
_require_readback_truth(payload, str(latest))
|
||||
_require_readback_digests(payload, str(latest))
|
||||
_require_promotion_reviews(payload, str(latest))
|
||||
_require_failure_lanes(payload, str(latest))
|
||||
_require_reviewer_queue_preview(payload, str(latest))
|
||||
_require_operator_actions(payload, str(latest))
|
||||
_require_display_redaction(payload, str(latest))
|
||||
_require_no_forbidden_display_terms(payload, str(latest))
|
||||
_require_rollup_consistency(payload, str(latest))
|
||||
return payload
|
||||
|
||||
|
||||
def _require_schema(payload: dict[str, Any], label: str) -> None:
|
||||
if payload.get("schema_version") != _SCHEMA_VERSION:
|
||||
raise ValueError(f"{label}: expected schema_version={_SCHEMA_VERSION}")
|
||||
status = payload.get("program_status") or {}
|
||||
if status.get("read_only_mode") is not True:
|
||||
raise ValueError(f"{label}: program_status.read_only_mode must be true")
|
||||
if status.get("runtime_authority") != _RUNTIME_AUTHORITY:
|
||||
raise ValueError(f"{label}: runtime_authority must remain {_RUNTIME_AUTHORITY}")
|
||||
if status.get("current_task_id") != "P2-107":
|
||||
raise ValueError(f"{label}: current_task_id must be P2-107")
|
||||
if status.get("next_task_id") != "P2-108":
|
||||
raise ValueError(f"{label}: next_task_id must be P2-108")
|
||||
|
||||
|
||||
def _require_prior_dry_run(payload: dict[str, Any], label: str) -> None:
|
||||
prior = payload.get("prior_dry_run_readback") or {}
|
||||
if prior.get("source_schema_version") != "ai_agent_owner_approved_result_capture_dry_run_v1":
|
||||
raise ValueError(f"{label}: prior_dry_run_readback must chain from P2-106")
|
||||
required_counts = {
|
||||
"result_capture_template_count": 5,
|
||||
"score_fixture_count": 5,
|
||||
"dry_run_gate_count": 7,
|
||||
"operator_action_count": 5,
|
||||
"approval_required_gate_count": 2,
|
||||
"blocked_gate_count": 1,
|
||||
"approved_without_execution_meta_24h": 63,
|
||||
"execution_failed_with_matched_24h": 1,
|
||||
"owner_approval_received_count": 0,
|
||||
"dry_run_preview_generated_count": 0,
|
||||
"result_capture_write_count": 0,
|
||||
"score_write_count": 0,
|
||||
"learning_write_count": 0,
|
||||
"playbook_trust_write_count": 0,
|
||||
"gateway_queue_write_count": 0,
|
||||
"telegram_send_count": 0,
|
||||
"production_write_count": 0,
|
||||
}
|
||||
mismatches = {
|
||||
key: {"expected": expected, "actual": prior.get(key)}
|
||||
for key, expected in required_counts.items()
|
||||
if prior.get(key) != expected
|
||||
}
|
||||
if mismatches:
|
||||
raise ValueError(f"{label}: P2-106 prior dry-run counts mismatch: {mismatches}")
|
||||
|
||||
|
||||
def _require_readback_truth(payload: dict[str, Any], label: str) -> None:
|
||||
truth = payload.get("readback_truth") or {}
|
||||
required_true = {
|
||||
"p2_106_dry_run_loaded",
|
||||
"fixture_readback_allowed",
|
||||
"readback_digest_ready",
|
||||
"promotion_readiness_review_ready",
|
||||
"owner_review_required_before_promotion",
|
||||
}
|
||||
missing = sorted(field for field in required_true if truth.get(field) is not True)
|
||||
if missing:
|
||||
raise ValueError(f"{label}: readback readiness flags must remain true: {missing}")
|
||||
|
||||
required_false = {
|
||||
"canonical_runtime_readback_enabled",
|
||||
"runtime_result_capture_write_enabled",
|
||||
"runtime_score_write_enabled",
|
||||
"runtime_learning_write_enabled",
|
||||
"playbook_trust_write_enabled",
|
||||
"reviewer_queue_write_enabled",
|
||||
"gateway_queue_write_enabled",
|
||||
"telegram_send_enabled",
|
||||
"production_write_enabled",
|
||||
"secret_read_enabled",
|
||||
"destructive_operation_enabled",
|
||||
}
|
||||
unsafe = sorted(field for field in required_false if truth.get(field) is not False)
|
||||
if unsafe:
|
||||
raise ValueError(f"{label}: runtime read/write/send flags must remain false: {unsafe}")
|
||||
|
||||
zero_counts = {
|
||||
"owner_approval_received_count",
|
||||
"readback_digest_generated_count",
|
||||
"promotion_approved_count",
|
||||
"reviewer_queue_write_count",
|
||||
"result_capture_write_count_24h",
|
||||
"score_write_count_24h",
|
||||
"learning_write_count_24h",
|
||||
"playbook_trust_write_count_24h",
|
||||
"gateway_queue_write_count_24h",
|
||||
"telegram_send_count_24h",
|
||||
"production_write_count_24h",
|
||||
"secret_read_count_24h",
|
||||
"destructive_operation_count_24h",
|
||||
}
|
||||
non_zero = sorted(field for field in zero_counts if truth.get(field) != 0)
|
||||
if non_zero:
|
||||
raise ValueError(f"{label}: readback live counters must remain zero: {non_zero}")
|
||||
|
||||
|
||||
def _require_readback_digests(payload: dict[str, Any], label: str) -> None:
|
||||
digests = payload.get("result_capture_readback_digests") or []
|
||||
digest_ids = {digest.get("digest_id") for digest in digests}
|
||||
required = {
|
||||
"readback_digest_approved_execution_result",
|
||||
"readback_digest_execution_failed_candidate",
|
||||
"readback_digest_pending_human_gate",
|
||||
"readback_digest_manual_or_noop",
|
||||
"readback_digest_post_write_verifier_receipt",
|
||||
}
|
||||
if digest_ids != required:
|
||||
raise ValueError(f"{label}: readback digests must match {sorted(required)}")
|
||||
|
||||
valid_statuses = {"ready_for_owner_review", "approval_required", "blocked_by_policy"}
|
||||
for digest in digests:
|
||||
digest_id = digest.get("digest_id")
|
||||
if digest.get("status") not in valid_statuses:
|
||||
raise ValueError(f"{label}: digest {digest_id} status is invalid")
|
||||
if digest.get("fixture_only") is not True:
|
||||
raise ValueError(f"{label}: digest {digest_id} fixture_only must remain true")
|
||||
if digest.get("runtime_read_enabled") is not False:
|
||||
raise ValueError(f"{label}: digest {digest_id} runtime_read_enabled must remain false")
|
||||
if digest.get("write_enabled") is not False:
|
||||
raise ValueError(f"{label}: digest {digest_id} write_enabled must remain false")
|
||||
if not digest.get("readback_fields") or not digest.get("verifier_checks"):
|
||||
raise ValueError(f"{label}: digest {digest_id} must list fields and verifier checks")
|
||||
if not digest.get("promotion_blocker"):
|
||||
raise ValueError(f"{label}: digest {digest_id} must include promotion_blocker")
|
||||
if not _is_redacted_sha256(digest.get("evidence_hash")):
|
||||
raise ValueError(f"{label}: digest {digest_id} must expose evidence_hash")
|
||||
|
||||
|
||||
def _require_promotion_reviews(payload: dict[str, Any], label: str) -> None:
|
||||
reviews = payload.get("promotion_readiness_reviews") or []
|
||||
review_ids = {review.get("review_id") for review in reviews}
|
||||
required = {
|
||||
"promotion_review_owner_scope",
|
||||
"promotion_review_score_fixture_parity",
|
||||
"promotion_review_redaction_digest",
|
||||
"promotion_review_failure_candidate",
|
||||
"promotion_review_live_writer_gate",
|
||||
}
|
||||
if review_ids != required:
|
||||
raise ValueError(f"{label}: promotion reviews must match {sorted(required)}")
|
||||
|
||||
valid_states = {"ready_for_owner_review", "needs_owner_review", "blocked_by_policy"}
|
||||
valid_tiers = {"low", "medium", "high", "critical"}
|
||||
for review in reviews:
|
||||
review_id = review.get("review_id")
|
||||
if review.get("readiness_state") not in valid_states:
|
||||
raise ValueError(f"{label}: promotion review {review_id} readiness_state is invalid")
|
||||
if review.get("risk_tier") not in valid_tiers:
|
||||
raise ValueError(f"{label}: promotion review {review_id} risk_tier is invalid")
|
||||
if review.get("promotion_allowed") is not False:
|
||||
raise ValueError(f"{label}: promotion review {review_id} promotion_allowed must remain false")
|
||||
if review.get("creates_runtime_write") is not False:
|
||||
raise ValueError(f"{label}: promotion review {review_id} creates_runtime_write must remain false")
|
||||
if not review.get("required_before_promotion") or not review.get("failure_if_missing"):
|
||||
raise ValueError(f"{label}: promotion review {review_id} must list promotion requirements")
|
||||
|
||||
|
||||
def _require_failure_lanes(payload: dict[str, Any], label: str) -> None:
|
||||
lanes = payload.get("failure_lanes") or []
|
||||
lane_ids = {lane.get("lane_id") for lane in lanes}
|
||||
required = {
|
||||
"failure_lane_missing_owner_scope",
|
||||
"failure_lane_redaction_mismatch",
|
||||
"failure_lane_verifier_fixture_missing",
|
||||
"failure_lane_agent_disagreement",
|
||||
}
|
||||
if lane_ids != required:
|
||||
raise ValueError(f"{label}: failure lanes must match {sorted(required)}")
|
||||
|
||||
for lane in lanes:
|
||||
lane_id = lane.get("lane_id")
|
||||
if lane.get("status") not in {"ready_for_review", "blocked_by_policy"}:
|
||||
raise ValueError(f"{label}: failure lane {lane_id} status is invalid")
|
||||
if lane.get("aborts_promotion") is not True:
|
||||
raise ValueError(f"{label}: failure lane {lane_id} aborts_promotion must remain true")
|
||||
if lane.get("creates_runtime_write") is not False:
|
||||
raise ValueError(f"{label}: failure lane {lane_id} creates_runtime_write must remain false")
|
||||
if not lane.get("trigger_condition") or not lane.get("required_response"):
|
||||
raise ValueError(f"{label}: failure lane {lane_id} must include trigger and response")
|
||||
|
||||
|
||||
def _require_reviewer_queue_preview(payload: dict[str, Any], label: str) -> None:
|
||||
queue_items = payload.get("reviewer_queue_preview") or []
|
||||
queue_ids = {item.get("queue_id") for item in queue_items}
|
||||
required = {
|
||||
"review_queue_owner_scope",
|
||||
"review_queue_public_redaction",
|
||||
"review_queue_failure_candidate",
|
||||
"review_queue_live_writer_blocker",
|
||||
}
|
||||
if queue_ids != required:
|
||||
raise ValueError(f"{label}: reviewer queue preview must match {sorted(required)}")
|
||||
|
||||
for item in queue_items:
|
||||
queue_id = item.get("queue_id")
|
||||
if item.get("status") not in {"queued_for_owner_review", "blocked_by_policy"}:
|
||||
raise ValueError(f"{label}: reviewer queue {queue_id} status is invalid")
|
||||
if item.get("queue_write_enabled") is not False:
|
||||
raise ValueError(f"{label}: reviewer queue {queue_id} queue_write_enabled must remain false")
|
||||
if item.get("telegram_send_enabled") is not False:
|
||||
raise ValueError(f"{label}: reviewer queue {queue_id} telegram_send_enabled must remain false")
|
||||
if not item.get("required_inputs"):
|
||||
raise ValueError(f"{label}: reviewer queue {queue_id} must list required_inputs")
|
||||
if not _is_redacted_sha256(item.get("evidence_hash")):
|
||||
raise ValueError(f"{label}: reviewer queue {queue_id} must expose evidence_hash")
|
||||
|
||||
|
||||
def _require_operator_actions(payload: dict[str, Any], label: str) -> None:
|
||||
actions = payload.get("operator_actions") or []
|
||||
action_types = {action.get("action_type") for action in actions}
|
||||
required = {
|
||||
"review_readback",
|
||||
"compare_digest",
|
||||
"review_failure_lane",
|
||||
"reject_or_rework",
|
||||
"promote_to_next_gate",
|
||||
}
|
||||
if action_types != required:
|
||||
raise ValueError(f"{label}: operator actions must match {sorted(required)}")
|
||||
for action in actions:
|
||||
if action.get("runtime_write_allowed") is not False:
|
||||
raise ValueError(f"{label}: operator action {action.get('action_id')} must not allow runtime write")
|
||||
if not action.get("operator_instruction"):
|
||||
raise ValueError(f"{label}: operator action {action.get('action_id')} must include instruction")
|
||||
|
||||
|
||||
def _require_display_redaction(payload: dict[str, Any], label: str) -> None:
|
||||
contract = payload.get("display_redaction_contract") or {}
|
||||
if contract.get("redaction_required") is not True:
|
||||
raise ValueError(f"{label}: display redaction must remain required")
|
||||
required_false = {
|
||||
"raw_prompt_display_allowed",
|
||||
"private_reasoning_display_allowed",
|
||||
"secret_value_display_allowed",
|
||||
"raw_telegram_payload_display_allowed",
|
||||
"work_window_transcript_display_allowed",
|
||||
}
|
||||
unsafe = sorted(field for field in required_false if contract.get(field) is not False)
|
||||
if unsafe:
|
||||
raise ValueError(f"{label}: display redaction fields must remain false: {unsafe}")
|
||||
|
||||
|
||||
def _require_no_forbidden_display_terms(payload: dict[str, Any], label: str) -> None:
|
||||
forbidden_terms = {
|
||||
"工作視窗",
|
||||
"對話內容",
|
||||
"批准!繼續",
|
||||
"In app browser",
|
||||
"My request for Codex",
|
||||
"browser_context",
|
||||
"codex_user_message",
|
||||
"prompt_text",
|
||||
"raw prompt",
|
||||
"private reasoning",
|
||||
"chain of thought",
|
||||
"private_reasoning",
|
||||
"chain_of_thought",
|
||||
"authorization_header",
|
||||
"work window transcript",
|
||||
"internal collaboration transcript",
|
||||
}
|
||||
hits: list[str] = []
|
||||
|
||||
def walk(value: Any, path: str) -> None:
|
||||
if isinstance(value, dict):
|
||||
for key, nested in value.items():
|
||||
walk(nested, f"{path}.{key}" if path else str(key))
|
||||
return
|
||||
if isinstance(value, list):
|
||||
for index, nested in enumerate(value):
|
||||
walk(nested, f"{path}[{index}]")
|
||||
return
|
||||
if isinstance(value, str):
|
||||
matched = sorted(term for term in forbidden_terms if term in value)
|
||||
if matched:
|
||||
hits.append(f"{path}: {', '.join(matched)}")
|
||||
|
||||
walk(payload, "")
|
||||
if hits:
|
||||
raise ValueError(f"{label}: forbidden display terms found: {hits}")
|
||||
|
||||
|
||||
def _require_rollup_consistency(payload: dict[str, Any], label: str) -> None:
|
||||
rollups = payload.get("rollups") or {}
|
||||
truth = payload.get("readback_truth") or {}
|
||||
prior = payload.get("prior_dry_run_readback") or {}
|
||||
digests = payload.get("result_capture_readback_digests") or []
|
||||
reviews = payload.get("promotion_readiness_reviews") or []
|
||||
lanes = payload.get("failure_lanes") or []
|
||||
queue_items = payload.get("reviewer_queue_preview") or []
|
||||
actions = payload.get("operator_actions") or []
|
||||
expected = {
|
||||
"readback_digest_count": len(digests),
|
||||
"promotion_review_count": len(reviews),
|
||||
"failure_lane_count": len(lanes),
|
||||
"reviewer_queue_preview_count": len(queue_items),
|
||||
"operator_action_count": len(actions),
|
||||
"approval_required_digest_count": sum(1 for item in digests if item.get("status") == "approval_required"),
|
||||
"blocked_digest_count": sum(1 for item in digests if item.get("status") == "blocked_by_policy"),
|
||||
"ready_review_count": sum(1 for item in reviews if item.get("readiness_state") == "ready_for_owner_review"),
|
||||
"blocked_review_count": sum(1 for item in reviews if item.get("readiness_state") == "blocked_by_policy"),
|
||||
"blocked_failure_lane_count": sum(1 for item in lanes if item.get("status") == "blocked_by_policy"),
|
||||
"queued_reviewer_preview_count": sum(
|
||||
1 for item in queue_items if item.get("status") == "queued_for_owner_review"
|
||||
),
|
||||
"blocked_reviewer_preview_count": sum(1 for item in queue_items if item.get("status") == "blocked_by_policy"),
|
||||
"approved_without_execution_meta_24h": prior.get("approved_without_execution_meta_24h"),
|
||||
"execution_failed_with_matched_24h": prior.get("execution_failed_with_matched_24h"),
|
||||
"owner_approval_received_count": truth.get("owner_approval_received_count"),
|
||||
"readback_digest_generated_count": truth.get("readback_digest_generated_count"),
|
||||
"promotion_approved_count": truth.get("promotion_approved_count"),
|
||||
"reviewer_queue_write_count": truth.get("reviewer_queue_write_count"),
|
||||
"result_capture_write_count": truth.get("result_capture_write_count_24h"),
|
||||
"score_write_count": truth.get("score_write_count_24h"),
|
||||
"learning_write_count": truth.get("learning_write_count_24h"),
|
||||
"playbook_trust_write_count": truth.get("playbook_trust_write_count_24h"),
|
||||
"gateway_queue_write_count": truth.get("gateway_queue_write_count_24h"),
|
||||
"telegram_send_count": truth.get("telegram_send_count_24h"),
|
||||
"production_write_count": truth.get("production_write_count_24h"),
|
||||
"secret_read_count": truth.get("secret_read_count_24h"),
|
||||
"destructive_operation_count": truth.get("destructive_operation_count_24h"),
|
||||
}
|
||||
mismatches = {
|
||||
key: {"expected": expected_value, "actual": rollups.get(key)}
|
||||
for key, expected_value in expected.items()
|
||||
if rollups.get(key) != expected_value
|
||||
}
|
||||
if mismatches:
|
||||
raise ValueError(f"{label}: rollup counts mismatch: {mismatches}")
|
||||
|
||||
|
||||
def _is_redacted_sha256(value: Any) -> bool:
|
||||
if not isinstance(value, str):
|
||||
return False
|
||||
if not value.startswith("sha256:") or len(value) != 71:
|
||||
return False
|
||||
return all(char in "0123456789abcdef" for char in value.removeprefix("sha256:"))
|
||||
Reference in New Issue
Block a user