feat(governance): 接入 Agent live read model gate
This commit is contained in:
217
apps/api/src/services/ai_agent_live_read_model_gate.py
Normal file
217
apps/api/src/services/ai_agent_live_read_model_gate.py
Normal file
@@ -0,0 +1,217 @@
|
||||
"""
|
||||
AI Agent live read model gate snapshot.
|
||||
|
||||
Loads the latest committed, read-only P2-403B gate for the AgentSession /
|
||||
Redis Streams live read model. This module only validates the approval package;
|
||||
it never opens a database session, starts workers, creates migrations, reads
|
||||
Redis consumer groups, sends Telegram messages, or exposes raw Agent outputs.
|
||||
"""
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
import json
|
||||
from pathlib import Path
|
||||
from typing import Any
|
||||
|
||||
from src.services.snapshot_paths import default_evaluations_dir
|
||||
|
||||
_DEFAULT_EVALUATIONS_DIR = default_evaluations_dir(Path(__file__))
|
||||
_SNAPSHOT_PATTERN = "ai_agent_live_read_model_gate_*.json"
|
||||
_SCHEMA_VERSION = "ai_agent_live_read_model_gate_v1"
|
||||
|
||||
|
||||
def load_latest_ai_agent_live_read_model_gate(
|
||||
evaluations_dir: Path | None = None,
|
||||
) -> dict[str, Any]:
|
||||
"""Load the newest committed AI Agent live read model gate snapshot."""
|
||||
directory = evaluations_dir or _DEFAULT_EVALUATIONS_DIR
|
||||
candidates = sorted(directory.glob(_SNAPSHOT_PATTERN))
|
||||
if not candidates:
|
||||
raise FileNotFoundError(
|
||||
f"no AI Agent live read model gate snapshots found in {directory}"
|
||||
)
|
||||
|
||||
latest = candidates[-1]
|
||||
with latest.open(encoding="utf-8") as handle:
|
||||
payload = json.load(handle)
|
||||
|
||||
if not isinstance(payload, dict):
|
||||
raise ValueError(f"{latest}: expected JSON object")
|
||||
_require_schema(payload, _SCHEMA_VERSION, str(latest))
|
||||
_require_read_only_authority(payload, str(latest))
|
||||
_require_storage_safety(payload, str(latest))
|
||||
_require_redis_safety(payload, str(latest))
|
||||
_require_no_write_smoke(payload, str(latest))
|
||||
_require_rollup_consistency(payload, str(latest))
|
||||
return payload
|
||||
|
||||
|
||||
def _require_schema(payload: dict[str, Any], expected: str, label: str) -> None:
|
||||
actual = payload.get("schema_version")
|
||||
if actual != expected:
|
||||
raise ValueError(f"{label}: expected schema_version={expected}, got {actual!r}")
|
||||
|
||||
|
||||
def _require_read_only_authority(payload: dict[str, Any], label: str) -> None:
|
||||
program_status = payload.get("program_status") or {}
|
||||
if program_status.get("read_only_mode") is not True:
|
||||
raise ValueError(f"{label}: program_status.read_only_mode must be true")
|
||||
if program_status.get("runtime_authority") != "gate_plan_only_no_live_worker":
|
||||
raise ValueError(f"{label}: runtime_authority must stay gate_plan_only_no_live_worker")
|
||||
|
||||
boundaries = payload.get("approval_boundaries") or {}
|
||||
blocked_flags = {
|
||||
"db_migration_allowed",
|
||||
"live_db_query_allowed",
|
||||
"redis_xadd_allowed",
|
||||
"redis_consumer_group_allowed",
|
||||
"runtime_worker_allowed",
|
||||
"telegram_direct_send_allowed",
|
||||
"learning_writeback_allowed",
|
||||
"secret_plaintext_allowed",
|
||||
"conversation_transcript_display_allowed",
|
||||
"private_reasoning_display_allowed",
|
||||
"agent_raw_output_display_allowed",
|
||||
}
|
||||
allowed = sorted(flag for flag in blocked_flags if boundaries.get(flag) is not False)
|
||||
if allowed:
|
||||
raise ValueError(f"{label}: approval boundaries must remain false: {allowed}")
|
||||
|
||||
live_truth = payload.get("live_truth") or {}
|
||||
false_flags = {
|
||||
"live_agent_session_readback_enabled",
|
||||
"live_redis_stream_read_enabled",
|
||||
"runtime_worker_enabled",
|
||||
"telegram_receipt_send_enabled",
|
||||
"learning_writeback_enabled",
|
||||
}
|
||||
enabled = sorted(flag for flag in false_flags if live_truth.get(flag) is not False)
|
||||
if enabled:
|
||||
raise ValueError(f"{label}: live truth flags must remain false: {enabled}")
|
||||
|
||||
zero_counts = {
|
||||
"active_live_agent_sessions",
|
||||
"live_redis_events_24h",
|
||||
"live_handoffs_24h",
|
||||
"live_learning_writes_24h",
|
||||
"telegram_digest_receipts_24h",
|
||||
}
|
||||
non_zero = sorted(key for key in zero_counts if live_truth.get(key) != 0)
|
||||
if non_zero:
|
||||
raise ValueError(f"{label}: live truth counts must remain zero: {non_zero}")
|
||||
|
||||
|
||||
def _require_storage_safety(payload: dict[str, Any], label: str) -> None:
|
||||
storage = payload.get("existing_storage_contract") or {}
|
||||
if storage.get("db_table") != "agent_sessions":
|
||||
raise ValueError(f"{label}: existing_storage_contract.db_table must be agent_sessions")
|
||||
if storage.get("approved_for_live_query") is not False:
|
||||
raise ValueError(f"{label}: live DB query must remain unapproved")
|
||||
if storage.get("migration_delta_required") is not False:
|
||||
raise ValueError(f"{label}: migration delta must remain false for this gate")
|
||||
if storage.get("safe_read_query_defined") is not True:
|
||||
raise ValueError(f"{label}: safe read query contract must be defined")
|
||||
|
||||
selected_fields = set(storage.get("safe_selected_fields") or [])
|
||||
forbidden_selected = selected_fields.intersection(
|
||||
{
|
||||
"output_json",
|
||||
"prompt",
|
||||
"raw_prompt",
|
||||
"conversation_transcript",
|
||||
"private_reasoning",
|
||||
"chain_of_thought",
|
||||
"secret_plaintext",
|
||||
"credential_value",
|
||||
}
|
||||
)
|
||||
if forbidden_selected:
|
||||
raise ValueError(f"{label}: safe read query selects forbidden fields: {sorted(forbidden_selected)}")
|
||||
|
||||
|
||||
def _require_redis_safety(payload: dict[str, Any], label: str) -> None:
|
||||
redis_contract = payload.get("redis_stream_contract") or {}
|
||||
if redis_contract.get("consumer_group_allowed") is not False:
|
||||
raise ValueError(f"{label}: Redis consumer group must remain unapproved")
|
||||
if redis_contract.get("xadd_allowed") is not False:
|
||||
raise ValueError(f"{label}: Redis XADD must remain unapproved")
|
||||
if redis_contract.get("xreadgroup_allowed") is not False:
|
||||
raise ValueError(f"{label}: Redis XREADGROUP must remain unapproved")
|
||||
if not redis_contract.get("event_envelope_required_fields"):
|
||||
raise ValueError(f"{label}: Redis event envelope required fields must be defined")
|
||||
|
||||
|
||||
def _require_no_write_smoke(payload: dict[str, Any], label: str) -> None:
|
||||
smoke_steps = payload.get("no_write_smoke_plan") or []
|
||||
if not smoke_steps:
|
||||
raise ValueError(f"{label}: no_write_smoke_plan must not be empty")
|
||||
|
||||
unsafe_steps = [
|
||||
step.get("smoke_id")
|
||||
for step in smoke_steps
|
||||
if step.get("writes_allowed") is not False or step.get("status") != "defined"
|
||||
]
|
||||
if unsafe_steps:
|
||||
raise ValueError(f"{label}: no-write smoke steps must be defined and write-blocked: {unsafe_steps}")
|
||||
|
||||
redaction = payload.get("display_redaction_contract") or {}
|
||||
if redaction.get("redaction_required") is not True:
|
||||
raise ValueError(f"{label}: frontend redaction must be required")
|
||||
for flag in (
|
||||
"work_window_conversation_display_allowed",
|
||||
"agent_raw_output_display_allowed",
|
||||
"secret_value_display_allowed",
|
||||
):
|
||||
if redaction.get(flag) is not False:
|
||||
raise ValueError(f"{label}: {flag} must remain false")
|
||||
|
||||
|
||||
def _require_rollup_consistency(payload: dict[str, Any], label: str) -> None:
|
||||
rollups = payload.get("rollups") or {}
|
||||
expected_counts = {
|
||||
"source_ref_count": len(payload.get("source_refs") or []),
|
||||
"read_model_card_count": len(payload.get("read_model_cards") or []),
|
||||
"gate_count": len(payload.get("worker_gate_plan") or []),
|
||||
"rollback_step_count": len(payload.get("rollback_plan") or []),
|
||||
"no_write_smoke_count": len(payload.get("no_write_smoke_plan") or []),
|
||||
"forbidden_frontend_content_count": len(
|
||||
(payload.get("display_redaction_contract") or {}).get("forbidden_frontend_content") or []
|
||||
),
|
||||
}
|
||||
mismatched = {
|
||||
key: {"expected": expected, "actual": rollups.get(key)}
|
||||
for key, expected in expected_counts.items()
|
||||
if rollups.get(key) != expected
|
||||
}
|
||||
if mismatched:
|
||||
raise ValueError(f"{label}: rollup counts must match payload sections: {mismatched}")
|
||||
|
||||
approval_required_gate_ids = sorted(
|
||||
gate.get("gate_id")
|
||||
for gate in payload.get("worker_gate_plan") or []
|
||||
if gate.get("status") in {"approval_required", "blocked"}
|
||||
)
|
||||
if sorted(rollups.get("approval_required_gate_ids") or []) != approval_required_gate_ids:
|
||||
raise ValueError(f"{label}: rollups.approval_required_gate_ids mismatch")
|
||||
|
||||
ready_cards = sorted(
|
||||
card.get("card_id")
|
||||
for card in payload.get("read_model_cards") or []
|
||||
if card.get("readiness_status") == "query_contract_ready"
|
||||
)
|
||||
if sorted(rollups.get("query_contract_ready_card_ids") or []) != ready_cards:
|
||||
raise ValueError(f"{label}: rollups.query_contract_ready_card_ids mismatch")
|
||||
|
||||
live_truth = payload.get("live_truth") or {}
|
||||
live_count_total = sum(
|
||||
int(live_truth.get(key) or 0)
|
||||
for key in (
|
||||
"active_live_agent_sessions",
|
||||
"live_redis_events_24h",
|
||||
"live_handoffs_24h",
|
||||
"live_learning_writes_24h",
|
||||
"telegram_digest_receipts_24h",
|
||||
)
|
||||
)
|
||||
if rollups.get("live_truth_count_total") != live_count_total:
|
||||
raise ValueError(f"{label}: rollups.live_truth_count_total mismatch")
|
||||
Reference in New Issue
Block a user