fix(agent): auto-authorize noncritical alert control
All checks were successful
CD Pipeline / workflow-shape (push) Successful in 1s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Successful in 2m38s
CD Pipeline / build-and-deploy (push) Successful in 6m58s
CD Pipeline / post-deploy-checks (push) Successful in 1m42s

This commit is contained in:
ogt
2026-07-11 11:46:38 +08:00
parent 044c8c732a
commit d3fa6feef4
10 changed files with 542 additions and 97 deletions

View File

@@ -5,8 +5,8 @@ CISO-101: 授權請求與簽核資料模型
Features:
- 狀態機 (PENDING → APPROVED/REJECTED/EXPIRED)
- 風險等級判定 (LOW/MEDIUM/CRITICAL)
- Multi-Sig 簽核追蹤
- 風險等級判定 (LOW/MEDIUM/HIGH/CRITICAL)
- Controlled-apply / break-glass 簽核追蹤
- Pydantic 強型別驗證
"""
@@ -41,10 +41,9 @@ class RiskLevel(str, Enum):
"""
風險等級 - 決定所需簽核人數
- LOW: 0 人,自動放行
- MEDIUM: 需 1 人簽核
- HIGH: 需 1 人簽核 (信任引擎可降級至 MEDIUM)
- CRITICAL: 需 2 人 Multi-Sig 雙重簽核 (永不降級)
- LOW/MEDIUM/HIGH: current owner policy 自動授權,後續仍須
check-mode、bounded execution、獨立 verifier 與 rollback receipt
- CRITICAL: break-glass 人工授權 (永不自動降級)
變更紀錄:
- 2026-03-25: 新增 HIGH (Phase 16 R2 合併自 trust_engine.py)