refactor(api): Phase A P1 快速勝利 (3 項)
Some checks failed
CD Pipeline / build-and-deploy (push) Has been cancelled
E2E Health Check / e2e-health (push) Has been cancelled

1. 常數提取: SSE_DELAY_SECONDS, MAX_APPROVAL_DISPLAY
2. 錯誤訊息安全化: sanitize_error_message() 移除敏感資訊
3. CI/CD alertname 配置化: is_cicd_alertname() 函數

首席架構師審查 P1 改進 (非阻塞)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
OG T
2026-03-30 01:44:42 +08:00
parent 5a3f539fe5
commit bb85d89874
3 changed files with 121 additions and 18 deletions

View File

@@ -43,3 +43,107 @@ APPROVAL_TO_INCIDENT_STATUS = {
# Incident 狀態 → 是否活躍
INCIDENT_ACTIVE_STATUSES = frozenset({"investigating", "mitigating"})
# =============================================================================
# Terminal Service Settings (Phase 19.4 P1)
# 2026-03-30 Claude Code: 首席架構師審查 - 常數提取
# =============================================================================
# SSE 事件間隔 (秒) - 避免前端過載
SSE_DELAY_SECONDS = 0.3
# Approval 清單顯示上限
MAX_APPROVAL_DISPLAY = 5
# 錯誤訊息截斷長度 (安全性)
ERROR_MESSAGE_MAX_LENGTH = 100
ERROR_MESSAGE_DISPLAY_LENGTH = 50
# =============================================================================
# CI/CD Alert Detection (2026-03-30 P1 配置化)
# =============================================================================
# CI/CD 告警 alertname 前綴
CICD_ALERT_PREFIXES = (
"CD_",
"CI_",
"E2E_",
"SmokeTest",
"Build_",
"Test_",
"Deploy_",
)
# CI/CD 告警 alertname 後綴
CICD_ALERT_SUFFIXES = (
"_Build",
"_Test",
"_Deploy",
"_E2E",
)
# CI/CD 告警關鍵字 (不區分大小寫)
CICD_ALERT_KEYWORDS = ("CI/CD", "cicd")
def is_cicd_alertname(alertname: str) -> bool:
"""
判斷 alertname 是否為 CI/CD 告警
Args:
alertname: Alertmanager alertname 標籤值
Returns:
True 如果是 CI/CD 告警
"""
return (
alertname.startswith(CICD_ALERT_PREFIXES)
or alertname.endswith(CICD_ALERT_SUFFIXES)
or any(kw in alertname for kw in CICD_ALERT_KEYWORDS)
or "cicd" in alertname.lower()
)
def sanitize_error_message(error: str, max_length: int = ERROR_MESSAGE_MAX_LENGTH) -> str:
"""
安全化錯誤訊息 - 截斷並移除敏感資訊
2026-03-30 Claude Code: 首席架構師審查 - 錯誤訊息安全化
Args:
error: 原始錯誤訊息
max_length: 最大長度 (預設 100)
Returns:
安全化後的錯誤訊息
"""
if not error:
return "Unknown error"
# 移除可能的敏感資訊模式
sensitive_patterns = [
"password",
"token",
"secret",
"api_key",
"apikey",
"credential",
"bearer",
]
sanitized = error
for pattern in sensitive_patterns:
# 不區分大小寫替換
import re
sanitized = re.sub(
rf"({pattern})\s*[:=]\s*\S+",
f"{pattern}=[REDACTED]",
sanitized,
flags=re.IGNORECASE,
)
# 截斷
if len(sanitized) > max_length:
return sanitized[:max_length - 3] + "..."
return sanitized