fix(awooop): route workflow telegram alerts through ai receipts
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / build-and-deploy (push) Has been cancelled
CD Pipeline / post-deploy-checks (push) Has been cancelled
CD Pipeline / tests (push) Has been cancelled

This commit is contained in:
Your Name
2026-07-02 14:38:09 +08:00
parent 8e2637f15f
commit ed31bed5c8
18 changed files with 482 additions and 4743 deletions

View File

@@ -53,10 +53,7 @@ jobs:
scripts/ci/notify-awoooi-cicd.sh; then
echo "Dev deploy start notification mirrored through AWOOI API"
else
printf '%b' "$MSG" | curl -fS -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
-d "chat_id=${{ env.SRE_GROUP_CHAT_ID }}" \
-d "parse_mode=HTML" \
--data-urlencode "text@-"
echo "AWOOI API notify failed; direct Telegram fallback disabled to preserve AwoooP receipt chain"
fi
# API 測試 (同 prod CI確保 dev 也通過)
@@ -243,10 +240,7 @@ jobs:
scripts/ci/notify-awoooi-cicd.sh; then
echo "Dev deploy success notification mirrored through AWOOI API"
else
printf '%b' "$MSG" | curl -fS -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
-d "chat_id=${{ env.SRE_GROUP_CHAT_ID }}" \
-d "parse_mode=HTML" \
--data-urlencode "text@-"
echo "AWOOI API notify failed; direct Telegram fallback disabled to preserve AwoooP receipt chain"
fi
- name: Notify Dev Deploy Failure
@@ -266,8 +260,5 @@ jobs:
scripts/ci/notify-awoooi-cicd.sh; then
echo "Dev deploy failure notification mirrored through AWOOI API"
else
printf '%b' "$MSG" | curl -fS -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
-d "chat_id=${{ env.SRE_GROUP_CHAT_ID }}" \
-d "parse_mode=HTML" \
--data-urlencode "text@-"
echo "AWOOI API notify failed; direct Telegram fallback disabled to preserve AwoooP receipt chain"
fi

View File

@@ -148,10 +148,7 @@ jobs:
scripts/ci/notify-awoooi-cicd.sh; then
echo "✅ CI/CD start notification mirrored through AWOOI API"
else
curl -fS -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
-d "chat_id=${{ env.SRE_GROUP_CHAT_ID }}" \
-d "parse_mode=HTML" \
--data-urlencode "text=${MSG}" || echo "TG notify failed (non-fatal): exit=$?"
echo "AWOOI API notify failed; direct Telegram fallback disabled to preserve AwoooP receipt chain"
fi
@@ -1094,10 +1091,7 @@ jobs:
scripts/ci/notify-awoooi-cicd.sh; then
echo "✅ CI/CD tests failure notification mirrored through AWOOI API"
else
curl -fS -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
-d "chat_id=${{ env.SRE_GROUP_CHAT_ID }}" \
-d "parse_mode=HTML" \
--data-urlencode "text=${MSG}" || echo "TG notify failed (non-fatal): exit=$?"
echo "AWOOI API notify failed; direct Telegram fallback disabled to preserve AwoooP receipt chain"
fi
build-and-deploy:
@@ -2289,10 +2283,7 @@ jobs:
scripts/ci/notify-awoooi-cicd.sh; then
echo "✅ CI/CD build failure notification mirrored through AWOOI API"
else
curl -fS -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
-d "chat_id=${{ env.SRE_GROUP_CHAT_ID }}" \
-d "parse_mode=HTML" \
--data-urlencode "text=${MSG}" || echo "TG notify failed (non-fatal): exit=$?"
echo "AWOOI API notify failed; direct Telegram fallback disabled to preserve AwoooP receipt chain"
fi
post-deploy-checks:
@@ -2683,9 +2674,7 @@ jobs:
scripts/ci/notify-awoooi-cicd.sh; then
echo "✅ CI/CD success notification mirrored through AWOOI API"
else
printf '%b' "$TG_MSG" | curl -fS -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
-d "chat_id=${{ env.SRE_GROUP_CHAT_ID }}" \
--data-urlencode "text@-" || echo "TG notify warning (non-fatal)"
echo "AWOOI API notify failed; direct Telegram fallback disabled to preserve AwoooP receipt chain"
fi
- name: Notify Pipeline Failure
@@ -2708,10 +2697,7 @@ jobs:
scripts/ci/notify-awoooi-cicd.sh; then
echo "✅ CI/CD post-deploy failure notification mirrored through AWOOI API"
else
curl -fS -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
-d "chat_id=${{ env.SRE_GROUP_CHAT_ID }}" \
-d "parse_mode=HTML" \
--data-urlencode "text=${MSG}" || echo "TG notify failed (non-fatal): exit=$?"
echo "AWOOI API notify failed; direct Telegram fallback disabled to preserve AwoooP receipt chain"
fi
- name: Clean Post-Deploy Workspace Artifacts

View File

@@ -125,14 +125,7 @@ jobs:
scripts/ci/notify-awoooi-cicd.sh; then
echo "Code review start notification mirrored through AWOOI API"
else
if [ -z "${TG_BOT_TOKEN:-}" ] || [ -z "${SRE_GROUP_CHAT_ID:-}" ]; then
echo "Telegram secret missing and AWOOI API notify failed; skip start notification"
exit 0
fi
curl -fsS -X POST "https://api.telegram.org/bot${TG_BOT_TOKEN}/sendMessage" \
-H "Content-Type: application/json" \
-d "$(jq -n --arg c "$SRE_GROUP_CHAT_ID" --arg t "$MSG" '{chat_id:$c,text:$t,parse_mode:"HTML",disable_web_page_preview:true}')" \
>/dev/null
echo "AWOOI API notify failed; direct Telegram fallback disabled to preserve AwoooP receipt chain"
fi
- name: Run Deterministic Review
@@ -201,12 +194,5 @@ jobs:
scripts/ci/notify-awoooi-cicd.sh; then
echo "Code review completion notification mirrored through AWOOI API"
else
if [ -z "${TG_BOT_TOKEN:-}" ] || [ -z "${SRE_GROUP_CHAT_ID:-}" ]; then
echo "Telegram secret missing and AWOOI API notify failed; skip completion notification"
exit 0
fi
curl -fsS -X POST "https://api.telegram.org/bot${TG_BOT_TOKEN}/sendMessage" \
-H "Content-Type: application/json" \
-d "$(jq -n --arg c "$SRE_GROUP_CHAT_ID" --arg t "$MSG" '{chat_id:$c,text:$t,parse_mode:"HTML",disable_web_page_preview:true}')" \
>/dev/null
echo "AWOOI API notify failed; direct Telegram fallback disabled to preserve AwoooP receipt chain"
fi

View File

@@ -67,7 +67,5 @@ jobs:
scripts/ci/notify-awoooi-cicd.sh; then
echo "Alert rule deploy notification mirrored through AWOOI API"
else
curl -fS -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
-d "chat_id=${{ env.SRE_GROUP_CHAT_ID }}" \
--data-urlencode "text=${MSG}" || true
echo "AWOOI API notify failed; direct Telegram fallback disabled to preserve AwoooP receipt chain"
fi

View File

@@ -95,8 +95,5 @@ jobs:
scripts/ci/notify-awoooi-cicd.sh; then
echo "E2E failure notification mirrored through AWOOI API"
else
curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
-d chat_id="${{ env.SRE_GROUP_CHAT_ID }}" \
-d parse_mode="HTML" \
-d text="🔴 <b>[E2E Health Check]</b> 失敗%0A%0A📅 $(TZ=Asia/Taipei date '+%Y-%m-%d %H:%M')%0A🔗 API 健康檢查未通過%0A%0A請檢查 K3s 叢集狀態"
echo "AWOOI API notify failed; direct Telegram fallback disabled to preserve AwoooP receipt chain"
fi

View File

@@ -196,10 +196,4 @@ jobs:
echo "Migration notification mirrored through AWOOI API"
exit 0
fi
if [ -n "$TG_TOKEN" ] && [ -n "${SRE_GROUP_CHAT_ID:-}" ]; then
MSG="🗄️ Migration CI: \`${STATUS}\` — commit ${{ github.sha }}"
curl -s -X POST "https://api.telegram.org/bot${TG_TOKEN}/sendMessage" \
-d chat_id="${SRE_GROUP_CHAT_ID}" \
-d parse_mode="Markdown" \
-d text="${MSG}" || true
fi
echo "AWOOI API notify failed; direct Telegram fallback disabled to preserve AwoooP receipt chain"

View File

@@ -37,18 +37,18 @@ def test_load_latest_ai_agent_report_truth_actionability_review():
assert data["telegram_routing_consolidation"]["direct_telegram_api_send_allowed"] is False
assert data["rollups"]["telegram_route_finding_count"] == len(data["telegram_route_findings"])
assert data["telegram_egress_guard"]["status"] == "pass_no_new_bypass"
assert data["telegram_egress_guard"]["summary"]["live_direct_bot_api_call_count"] == 18
assert data["telegram_egress_guard"]["summary"]["live_direct_bot_api_call_count"] == 5
assert data["telegram_egress_guard"]["summary"]["new_bypass_count"] == 0
assert data["telegram_egress_guard"]["summary"]["gitea_workflow_direct_bot_api_call_count"] == 13
assert data["telegram_egress_guard"]["summary"]["gitea_workflow_direct_bot_api_call_count"] == 0
assert data["telegram_egress_guard"]["summary"]["ops_script_direct_bot_api_call_count"] == 4
assert data["telegram_egress_guard"]["summary"]["api_direct_bot_api_call_count"] == 1
assert (
data["telegram_egress_guard"]["summary"]["direct_bot_api_awooop_db_receipt_missing_count"]
== 18
== 5
)
assert (
data["telegram_egress_guard"]["summary"]["direct_bot_api_ai_controlled_route_missing_count"]
== 18
== 5
)
assert (
data["telegram_egress_guard"]["telegram_receipt_coverage"]["coverage_status"]
@@ -72,17 +72,16 @@ def test_load_latest_ai_agent_report_truth_actionability_review():
]
is False
)
assert data["rollups"]["telegram_route_finding_count"] == 22
assert data["rollups"]["legacy_or_direct_route_count"] == 22
assert data["rollups"]["telegram_route_finding_count"] == 9
assert data["rollups"]["legacy_or_direct_route_count"] == 9
assert sum(
1
for route in data["telegram_route_findings"]
if route["route_id"].startswith("telegram_direct_bot_api_")
) == 18
) == 5
assert {
item["surface_kind"] for item in data["telegram_egress_guard"]["current_direct_bot_api_calls"]
} == {
"gitea_workflow_direct_bot_api",
"ops_script_direct_bot_api",
"api_direct_bot_api",
}

View File

@@ -34,18 +34,18 @@ def test_get_ai_agent_report_truth_actionability_review_api():
assert data["telegram_routing_consolidation"]["canonical_room_env"] == "SRE_GROUP_CHAT_ID"
assert data["telegram_routing_consolidation"]["other_bot_or_group_alerts_allowed"] is False
assert data["telegram_routing_consolidation"]["direct_telegram_api_send_allowed"] is False
assert data["telegram_egress_guard"]["summary"]["live_direct_bot_api_call_count"] == 18
assert data["telegram_egress_guard"]["summary"]["live_direct_bot_api_call_count"] == 5
assert data["telegram_egress_guard"]["summary"]["new_bypass_count"] == 0
assert data["telegram_egress_guard"]["summary"]["gitea_workflow_direct_bot_api_call_count"] == 13
assert data["telegram_egress_guard"]["summary"]["gitea_workflow_direct_bot_api_call_count"] == 0
assert data["telegram_egress_guard"]["summary"]["ops_script_direct_bot_api_call_count"] == 4
assert data["telegram_egress_guard"]["summary"]["api_direct_bot_api_call_count"] == 1
assert (
data["telegram_egress_guard"]["summary"]["direct_bot_api_awooop_db_receipt_missing_count"]
== 18
== 5
)
assert (
data["telegram_egress_guard"]["summary"]["direct_bot_api_ai_controlled_route_missing_count"]
== 18
== 5
)
assert (
data["telegram_egress_guard"]["telegram_receipt_coverage"][
@@ -57,6 +57,6 @@ def test_get_ai_agent_report_truth_actionability_review_api():
data["telegram_egress_guard"]["telegram_receipt_coverage"]["all_telegram_alerts_ai_controlled"]
is False
)
assert data["rollups"]["telegram_route_finding_count"] == 22
assert data["rollups"]["legacy_or_direct_route_count"] == 22
assert data["rollups"]["telegram_route_finding_count"] == 9
assert data["rollups"]["legacy_or_direct_route_count"] == 9
assert data["rollups"]["operator_action_count"] == 5

View File

@@ -229,7 +229,7 @@
},
"credential_escrow": {
"title": "P0-005 credential escrow",
"description": "已收斂 non-secret evidence refs 與 reviewer acceptance readback不寫 credential marker、不收 secret。",
"description": "已收斂 non-secret evidence 參照 與 reviewer acceptance readback不寫 credential marker、不收 secret。",
"metric": "evidence {accepted}/{required}"
},
"gitea": {
@@ -251,7 +251,7 @@
"boundaries": {
"secret": "不收機密明文、授權憑證、瀏覽器憑證或私有存取材料。",
"production": "不直接改 production runtime、public gateway、Nginx、Docker、K8s 或 firewall。",
"repo": "不直接建立 repo、改 visibility、sync refs、force push 或 trigger workflowGitHub 維持 stopped / do_not_use。",
"repo": "不直接建立 repo、改 visibility、sync 參照、force push 或 trigger workflowGitHub 維持 stopped / do_not_use。",
"data": "不直接做資料庫、backup、restore 或 migration 寫操作。",
"security": "不啟動 Wazuh / Kali 主動回應流程、active scan 或 host containment。"
},
@@ -978,7 +978,7 @@
},
"sourceDossier": {
"title": "Sentry / SigNoz 來源卷宗證據",
"detail": "最近來源 {sources} 筆Sentry refs {sentry}、SigNoz refs {signoz},用 provider 篩選驗證,不再被整體樣本誤判。"
"detail": "最近來源 {sources} 筆Sentry 參照 {sentry}、SigNoz 參照 {signoz},用 provider 篩選驗證,不再被整體樣本誤判。"
},
"callbackEvidence": {
"title": "Telegram 詳情 / 歷史 DB 真相鏈",
@@ -1212,8 +1212,8 @@
"kmBurndown": "/api/v1/ai/governance/km-stale-owner-review-burndown"
},
"signal": {
"metric": "來源 {sources} / refs {refs}",
"detail": "missing refs {missing}duplicates {duplicates}Alert {alert} / Sentry(provider) {sentry} / SigNoz(provider) {signoz}"
"metric": "來源 {sources} / 參照 {參照}",
"detail": "missing 參照 {missing}duplicates {duplicates}Alert {alert} / Sentry(provider) {sentry} / SigNoz(provider) {signoz}"
},
"intake": {
"metric": "Runs {runs} / linked {linked}",
@@ -1347,47 +1347,47 @@
"messageOk": "所有系統運作正常,無需處理。",
"messageWarning": "{host} 狀態異常,建議檢查相關服務。",
"liveOpsSpace": {
"title": "Live Ops Space",
"title": "OpenClaw 持續工作室",
"status": {
"loading": "Loading scene",
"ready": "Scene connected",
"degraded": "Waiting for readback"
"loading": "讀取場景中",
"ready": "場景已連線",
"degraded": "等待讀回"
},
"actions": {
"refresh": "Refresh"
"refresh": "重新讀取"
},
"source": {
"marker": "marker",
"updated": "updated"
"marker": "部署 marker",
"updated": "更新"
},
"animation": {
"loop": "loop",
"on": "on",
"off": "off"
"loop": "動畫迴圈",
"on": "開啟",
"off": "關閉"
},
"panels": {
"rollups": "Scene metrics",
"boundaries": "Safety boundaries",
"workItems": "Work items"
"rollups": "場景指標",
"boundaries": "安全邊界",
"workItems": "工作項目"
},
"metrics": {
"agents": "Agents",
"workItems": "Work items",
"animated": "Animated",
"blocked": "Blocked"
"agents": "Agent",
"workItems": "工作項",
"animated": "動畫物件",
"blocked": "阻擋"
},
"boundary": {
"closed": "closed",
"open": "open"
"closed": "關閉",
"open": "開啟"
},
"states": {
"working": "working",
"verified": "verified",
"blocked": "blocked",
"waiting": "waiting",
"idle": "idle"
"working": "工作中",
"verified": "已驗證",
"blocked": "阻擋",
"waiting": "等待",
"idle": "待命"
},
"empty": "Scene state is not available yet."
"empty": "尚未取得場景狀態。"
}
},
"ai": {
@@ -2078,7 +2078,7 @@
"openNavigation": "開啟導航選單",
"closeNavigation": "關閉導航選單",
"iwooos": "IwoooS",
"iwooosSecurityCompliance": "IwoooS Security Compliance"
"iwooosSecurityCompliance": "IwoooS 安全合規"
},
"settings": {
"title": "系統設定",
@@ -3013,11 +3013,11 @@
"repairLock": "冪等鎖",
"riskMediumDesc": "操作不可即時撤銷,但有備份保護",
"confirmExec": "長按 5 秒確認授權執行",
"rejectApproval": "Reject authorization - route to AI controlled completion",
"rejectApproval": "拒絕授權 — 轉 AI 受控補齊",
"approvalGranted": "授權已核准",
"approvalGrantedDesc": "NemoTron 正在執行 ansible-playbook...",
"approvalRejected": "授權已拒絕",
"approvalRejectedDesc": "Routed into the AI controlled completion flow",
"approvalRejectedDesc": "已轉入 AI 受控補齊流程",
"noHistory": "尚無修復紀錄",
"noActiveAlerts": "目前無活躍告警",
"noPlaybooks": "尚無 Playbook 紀錄",
@@ -3391,7 +3391,7 @@
"ready_for_reverify": "可重驗",
"needs_target_mapping": "待補目標",
"needs_playbook_ticket": "待建 Ticket",
"manual_review": "Controlled review",
"manual_review": "受控檢查",
"unknown": "待分類"
},
"remediationAction": {
@@ -3404,12 +3404,12 @@
}
},
"legacyHitl": {
"title": "Legacy HITL Evidence Queue",
"subtitle": "These rows come from approval_records and are not AwoooP run approvals; keep them as historical evidence and route follow-up into AI controlled work items.",
"title": "Legacy HITL 歷史證據佇列",
"subtitle": "這批來自 批准_records不屬於 AwoooP run 批准;以歷史證據保留,後續導回 AI 受控工作項。",
"openAuthorizations": "開啟授權中心",
"loadFailed": "Legacy HITL backlog 載入失敗:{error}",
"tableLabel": "Legacy HITL Evidence Queue",
"moreRows": "Only the latest 8 rows are shown; track the remaining {count} in the authorization center.",
"tableLabel": "Legacy HITL 歷史證據佇列",
"moreRows": "只顯示最新 8 筆,其餘 {count} 筆請到授權中心追蹤。",
"noTelegram": "no TG",
"telegramRef": "TG #{id}",
"summary": {
@@ -3855,7 +3855,7 @@
"cockpit": {
"liveLabel": "LIVE PRODUCTION",
"title": "AI Agent Cockpit",
"subtitle": "Production readback for the active control layer, closed loop, receipts, and hard boundaries.",
"subtitle": "用 production readback 呈現控制層、閉環、收據與硬邊界。",
"production": "Production",
"dbOk": "DB readback OK",
"dbReview": "DB readback review",
@@ -3878,8 +3878,8 @@
"riskTitle": "Controlled risk lanes",
"on": "ON",
"off": "OFF",
"ownerRequired": "Controlled evidence review required",
"ownerNotRequired": "Controlled evidence review cleared",
"ownerRequired": "受控證據複核需要補齊",
"ownerNotRequired": "受控證據複核已免除",
"criticalBreakGlass": "critical break-glass",
"criticalReview": "critical review"
},
@@ -3898,7 +3898,7 @@
"executorDetail": "post verifier {verifier} · KM {km} · Telegram {telegram}",
"loop": "latest flow closed",
"loopDetail": "MCP {mcp} · RAG {rag} · PlayBook {playbook}",
"ledger": "operation-id loop ledger",
"ledger": "operation-id 閉環總帳",
"ledgerDetail": "{state} · stages {stages} · missing {missing}",
"stageLedger": "candidate → check-mode → apply → verifier → KM → Telegram"
},
@@ -6016,13 +6016,13 @@
"legacyRoutesDetail": "direct send / legacy chat / multi bot 必須收斂",
"ttl": "TTL: {value}",
"requiredAssets": "必填資產 {count} 項",
"guardCalls": "Direct scan {count}",
"newBypass": "New bypass {count}",
"dbReceiptMissing": "DB receipt gap {count}",
"aiRouteMissing": "AI route gap {count}",
"workflowDirect": "workflow direct {count}",
"opsDirect": "ops direct {count}",
"apiDirect": "API direct {count}"
"guardCalls": "直送掃描 {count}",
"newBypass": "新增旁路 {count}",
"dbReceiptMissing": "DB receipt 缺口 {count}",
"aiRouteMissing": "AI route 缺口 {count}",
"workflowDirect": "workflow 直送 {count}",
"opsDirect": "ops 直送 {count}",
"apiDirect": "API 直送 {count}"
}
},
"reportAutomationReview": {
@@ -9081,35 +9081,35 @@
"blocked": "阻塞"
},
"aiLoopLogSources": {
"eyebrow": "P0 visual state",
"title": "Current blocker and repair intake",
"subtitle": "Shows the blocker, blocker diagnosis, and receipt contract first; technical fields are collapsed so the workbench does not read like a long text list.",
"loading": "Loading LOG source labels",
"empty": "No LOG source labels read back yet.",
"blocker": "Current blocker: {value}",
"boundary": "Metadata-only labels; no raw log read, no secret display, no writeback, and no runtime apply from this panel.",
"details": "Expand technical fields",
"eyebrow": "P0 視覺狀態",
"title": "目前卡點與修復收件",
"subtitle": "先顯示目前真正卡住的 blocker、阻塞診斷與收件契約技術欄位收在展開區避免把工作台變成長文字清單。",
"loading": "讀取 LOG 來源貼標中",
"empty": "尚未讀回 LOG 來源貼標。",
"blocker": "Current blocker{value}",
"boundary": "只顯示 metadata-only 標籤;不讀 raw log、不顯示 secret、不觸發寫入或 runtime apply。",
"details": "展開技術欄位",
"visual": {
"blocker": "Current blocker",
"diagnosis": "Blocker diagnosis",
"receipt": "Receipt contract",
"blocker": "目前卡點",
"diagnosis": "阻塞診斷",
"receipt": "收件契約",
"receiptValue": "{inputs} inputs / {outputs} outputs",
"currentCd": "Latest CD run",
"currentCd": "最新 CD run",
"currentCdValue": "#{run} · {status}",
"currentCdDetail": "closure: {state}",
"resolvedByProductionReadback": "Closed by production readback",
"noActionRequired": "Do not reopen this queue"
"currentCdDetail": "closure{state}",
"resolvedByProductionReadback": "已由 production readback 關閉",
"noActionRequired": "不需重開此 queue"
},
"rootCause": {
"sessionTimeout": "Key accepted, session timeout",
"sessionTimeout": "Key acceptedsession timeout",
"offerTimeout": "Publickey offer timeout",
"controlledCdLaneGuardrails": "SSH control path and Harbor v2 are readable; controlled CD lane guardrails are still blocked.",
"productionReadbackResolved": "Latest production readback verified this queue item; it is no longer the current blocker.",
"unknown": "Waiting for queue diagnosis"
"controlledCdLaneGuardrails": "SSH 控制通道與 Harbor v2 已可讀;目前卡在 controlled CD lane guardrails",
"productionReadbackResolved": "最新 production readback 已驗證此 queue item不再當作目前卡點。",
"unknown": "等待 queue 診斷"
},
"phases": {
"ssh": {
"label": "SSH control path",
"label": "SSH 控制通道",
"value": "ready"
},
"harbor": {
@@ -9124,12 +9124,12 @@
},
"liveMetrics": {
"enforcer": "110 enforcer",
"ready": "metric fresh",
"missing": "metric missing",
"ready": "metric 已更新",
"missing": "metric 未讀回",
"enforcerDetail": "apply={apply} · metadata-only={metadata}",
"drainGuard": "Drain guard",
"drainGuardValue": "active={active} / staging={staging}",
"blockers": "blockers={count}",
"blockers": "阻塞項={count}",
"jobs": "Jobs / lane",
"jobsValue": "jobs={jobs} / lane={lane}",
"restoreSources": "restore sources={count}",
@@ -9139,56 +9139,56 @@
},
"metrics": {
"tags": "Tags",
"groups": "Groups",
"groups": "分群鍵",
"contract": "Contract",
"queue": "Queue fields"
},
"queueFields": "Queue normalizer fields",
"safeNextAction": "Next AI action",
"safeNextStage": "Stage: {stage} · local console: {local}",
"safeNextCommand": "Command: {command}",
"safeNextAction": "下一步 AI action",
"safeNextStage": "Stage{stage} · local console{local}",
"safeNextCommand": "Command{command}",
"receipt": {
"inputs": "Receipt inputs",
"outputs": "Receipt outputs"
},
"tagLabels": {
"projectId": "Project",
"product": "Product",
"siteOrRoute": "Site / route",
"service": "Service",
"package": "Package",
"tool": "Tool",
"sourceSystem": "Source system",
"projectId": "專案",
"product": "產品",
"siteOrRoute": "網站 / 路由",
"service": "服務",
"package": "套件",
"tool": "工具",
"sourceSystem": "來源系統",
"runtimeComponent": "Runtime",
"signalLane": "Signal lane",
"evidenceBoundary": "Evidence boundary"
"signalLane": "訊號 Lane",
"evidenceBoundary": "證據邊界"
}
},
"commanderInsertedRequirements": {
"eyebrow": "Mainline priority",
"title": "Commander inserted requirement work items",
"subtitle": "Turns the requirements inserted during this run into ordered work items with P0/P1/P2/P3 priority, status, acceptance criteria, and next action.",
"total": "Total work items",
"next": "Current priority",
"nextAction": "Next action",
"acceptance": "Acceptance",
"rowNextAction": "Next action",
"spotlight": "Mainline spotlight",
"spotlightSubtitle": "Surfaces the current P0, OpenClaw Live Ops, and non-text-wall UX directly instead of burying them in the long ledger.",
"fullLedger": "Full ledger: {count} items",
"loading": "Loading inserted requirement work items",
"empty": "No inserted requirement work items read back yet.",
"eyebrow": "主線優先序",
"title": "統帥插入需求工作項",
"subtitle": "把本輪中途插入的要求收成正式工作項,依 P0/P1/P2/P3 排序,並顯示狀態、驗收條件與下一步。",
"total": "總工作項",
"next": "目前優先項",
"nextAction": "下一步",
"acceptance": "驗收條件",
"rowNextAction": "下一步",
"spotlight": "主線焦點",
"spotlightSubtitle": "直接露出目前 P0OpenClaw Live Ops 與非文字牆 UX避免工作項藏在長清單裡。",
"fullLedger": "完整總帳 {count} ",
"loading": "讀取插入需求工作項",
"empty": "尚未讀回插入需求工作項。",
"order": "order={order}",
"source": "source={source}",
"metrics": {
"active": "active"
},
"statuses": {
"done": "Done",
"inProgress": "In progress",
"pending": "Not started",
"blocked": "Blocked",
"deferred": "Deferred"
"done": "已完成",
"inProgress": "進行中",
"pending": "未開始",
"blocked": "阻塞",
"deferred": "延後"
}
},
"operatorSop": {
@@ -9214,7 +9214,7 @@
},
"inProgress": {
"title": "自動化資產正在補齊,仍需追蹤候選品質",
"detail": "優先確認候選是否有證據 refs、安全路由、回滾計畫與修復後驗證。"
"detail": "優先確認候選是否有證據 參照、安全路由、回滾計畫與修復後驗證。"
},
"watching": {
"title": "目前沒有明顯 AI 受控卡點,持續觀察資料新鮮度",
@@ -9525,7 +9525,7 @@
}
},
"gates": {
"sourceDossier": "入站告警必須能查到 received / incident_linked / 來源 refs",
"sourceDossier": "入站告警必須能查到 received / incident_linked / 來源 參照",
"autoRepair": "必須同時有 auto_repair、verification_result=success與KM 回寫",
"recurrenceWorkItems": "Run 完成無修復、修復失敗與 AI 受控佇列必須進入可追蹤工作項",
"aiRouteRepairWorkItem": "Provider lane 降級時必須顯示 evidence、owner、PlayBook候選與是否可自動修復",
@@ -9632,7 +9632,7 @@
"githubPrimaryReadiness": "候選專案庫={candidates};範圍內={inScope};主要來源就緒={ready}",
"githubPrimaryOwnerResponses": "負責人回覆仍為 0/22請求可送出不等於已接受",
"githubPrimaryWorkflowNames": "工作流程 / 機密名稱清冊完成=0/7只收名稱不收機密明文值",
"githubPrimaryBoundary": "未核准建立專案庫、同步 refs、切換 GitHub primary 或停用 Gitea。",
"githubPrimaryBoundary": "未核准建立專案庫、同步 參照、切換 GitHub primary 或停用 Gitea。",
"ownerResponseValidation": "回覆包={packets};範本={templates};已收到={received};已接受={accepted};已拒收={rejected}",
"ownerResponseValidationChecks": "跨包驗收={crossPacket};證據路由={routing};顯示區塊={sections}",
"ownerResponseValidationBoundary": "不建立審批紀錄、不切主要來源、不開執行期閘門"
@@ -10243,7 +10243,7 @@
},
"fields": {
"target_selector": "Target selector",
"mcp_evidence_refs": "MCP 證據",
"mcp_evidence_參照": "MCP 證據",
"route_id": "Route",
"repair_command_template": "修復模板",
"rollback_command_template": "Rollback",
@@ -10297,7 +10297,7 @@
"required": {
"alertname": "告警名稱與觸發條件,避免把不同服務的症狀混用。",
"target_selector": "命名空間、Pod、Deployment、host 或服務選擇器。",
"mcp_evidence_refs": "MCP / Sentry / SigNoz / K8s / log 證據參照。",
"mcp_evidence_參照": "MCP / Sentry / SigNoz / K8s / log 證據參照。",
"repair_command": "受控修復命令或 Ansible playbook不能是純診斷命令。",
"rollback_command": "修復失敗時的回滾或安全停止方案。",
"verifier_plan": "修復後如何驗證成功、失敗與是否要升級 AI 補齊或 break-glass。",
@@ -10380,10 +10380,10 @@
"matchedIncident": "配對目標:{incident}",
"stage": "階段:{stage}",
"sourceEvent": "來源事件:{event}",
"sourceRefs": "來源 refs{refs}Sentry {sentry} / SignOz {signoz}",
"sourceRefs": "來源 參照:{參照}Sentry {sentry} / SignOz {signoz}",
"sourceFlow": {
"label": "來源流程:{status}",
"detail": "參照={refs}Sentry={sentry}SigNoz={signoz};事件={event}",
"detail": "參照={參照}Sentry={sentry}SigNoz={signoz};事件={event}",
"statuses": {
"applied": "已套用",
"reviewed": "覆核已記錄",
@@ -10633,15 +10633,15 @@
"refs": "關聯索引",
"missingRefs": "缺關聯",
"duplicates": "重複事件",
"sentry": "Sentry refs",
"signoz": "SignOz refs"
"sentry": "Sentry 參照",
"signoz": "SignOz 參照"
},
"details": {
"latest": "最新 {time}",
"withRefs": "{count} 筆含 來源 refs",
"withRefs": "{count} 筆含 來源 參照",
"missingEnvelope": "{count} 筆缺 來源 envelope",
"redacted": "{count} 筆已 redacted",
"alertRefs": "{count} 個 alert refs",
"alertRefs": "{count} 個 alert 參照",
"limit": "最近 {count} 筆視窗"
},
"provider": {
@@ -10770,8 +10770,8 @@
"error": "Callback evidence 載入失敗:{error}",
"summary": {
"outbound": "出站鏡像",
"outboundDetail": "來源_refs {sourceRefs}trace refs {traceRefs}incident refs {incidentRefs};覆蓋 {coverage}",
"outboundReplyMarkupDetail": "reply_markup {replyMarkup};缺 trace refs {missingTraceRefs};缺 incident refs {missingIncidentRefs}",
"outboundDetail": "來源_參照 {sourceRefs}trace 參照 {traceRefs}incident 參照 {incidentRefs};覆蓋 {coverage}",
"outboundReplyMarkupDetail": "reply_markup {replyMarkup};缺 trace 參照 {missingTraceRefs};缺 incident 參照 {missingIncidentRefs}",
"outboundReplyMarkupTraceFreshness": "缺 trace 活躍度1h {recent1h} / 24h {recent24h} / 最新 {latest}",
"outboundReplyMarkupTraceDecision": "缺 trace 判讀:{status};下一步:{action}",
"outboundReplyMarkupTraceRecovery": "缺 trace 復原訊號:{status}gap 後 traced {count};首筆 {first};最新 {latest}",
@@ -10806,7 +10806,7 @@
},
"traceGapNextActions": {
"none": "不需補動作",
"inspect_recent_outbound_source_refs": "檢查近 1 小時 outbound 來源_refs",
"inspect_recent_outbound_source_參照": "檢查近 1 小時 outbound 來源_參照",
"watch_24h_decay": "觀察 24 小時窗口自然歸零",
"backfill_or_archive_legacy_callbacks": "歸檔或回補舊 callback 缺口",
"observed": "等待下一次 outbound evidence"
@@ -10833,7 +10833,7 @@
"press_telegram_detail_or_history": "按一次 Telegram 詳情 / 歷史產生 callback evidence",
"press_telegram_detail_or_history_after_rollout": "重新按 Telegram 詳情 / 歷史補新版 snapshot",
"review_legacy_callback_snapshot_gap": "新版已捕捉;舊 callback 缺 snapshot不需重複按",
"review_outbound_source_refs": "檢查 outbound 來源_refs 缺口",
"review_outbound_source_參照": "檢查 outbound 來源_參照 缺口",
"observed": "等待下一次 callback evidence"
}
},
@@ -11157,7 +11157,7 @@
"incidentRef": "Incident 參照",
"routeId": "受控路由",
"dryRunEvidence": "乾跑證據",
"mcpEvidenceRefs": "MCP 證據 refs",
"mcpEvidenceRefs": "MCP 證據 參照",
"ownerApprovalReceipt": "Owner 放行回執",
"maintenanceWindow": "維護窗口",
"rollbackOwner": "Rollback Owner",
@@ -11484,11 +11484,11 @@
"unknown": "待負責人補證"
},
"sourceActions": {
"refsParity": "先取得分支 / 標籤參照一致性、部署真相來源與 rollback owner 的脫敏證據;未接受前不得同步 refs 或切主來源。",
"refsParity": "先取得分支 / 標籤參照一致性、部署真相來源與 rollback owner 的脫敏證據;未接受前不得同步 參照 或切主來源。",
"targetDecision": "先取得 GitHub 目標、可見性、標準負責人與後續 owner 的脫敏回覆;未接受前不得建立專案庫或改可見性。",
"internalRemoteDecision": "先確認內部 remote 用途、維運 owner、移除或保留理由與 rollback 方式;未接受前不得改 remote、workflow 或 secret。",
"scopeReview": "先確認是否納入 IwoooS 管控範圍;未接受前只保留觀測,不升級為主來源候選。",
"unknown": "先補 owner role / team、decision、decision reason、affected scope 與 redacted evidence refs。"
"unknown": "先補 owner role / team、decision、decision reason、affected scope 與 redacted evidence 參照。"
}
},
"securityTenantScopeCandidate": {
@@ -11560,7 +11560,7 @@
"sourceScopeWaiting": "租戶原始碼範圍仍等待正式負責人回覆。",
"ownerResponseWaiting": "專案庫負責人回覆尚未接受;此欄位只作 evidence不阻擋低 / 中 / 高風險 controlled apply。",
"repoCreationLocked": "未取得正式決策前,不建立 GitHub 專案庫或修改可見性。",
"refsMutationLocked": "未取得分支 / 標籤真相證據前,不同步或修改 refs。",
"refsMutationLocked": "未取得分支 / 標籤真相證據前,不同步或修改 參照。",
"githubPrimaryLocked": "GitHub primary 尚未核准切換。",
"giteaDisableLocked": "Gitea 不得停用,仍是目前 CI/CD 來源。",
"tenantPolicyLocked": "租戶政策與遷移模式不得因就緒度顯示而改變。",
@@ -11630,17 +11630,17 @@
}
},
"autonomousRuntime": {
"title": "AI Controlled Execution Loop",
"refresh": "Refresh",
"completion": "{percent}% complete",
"completionLoading": "Completion reading",
"title": "AI 受控執行閉環",
"refresh": "重新整理",
"completion": "完成 {percent}%",
"completionLoading": "完成度讀取中",
"detail": "Incident {incident} / op {op} / {catalog}",
"states": {
"loading": "Reading production readback",
"closed": "Loop closed",
"open": "Loop open",
"degraded": "Read degraded",
"unavailable": "Read failed"
"loading": "讀取正式 readback",
"closed": "閉環完成",
"open": "閉環中",
"degraded": "讀取降級",
"unavailable": "讀取失敗"
},
"metrics": {
"loop": "Loop",
@@ -11658,18 +11658,18 @@
"telegram": "Telegram"
},
"proof": {
"deploy": "Production deploy",
"deployDetail": "CD / readback: {status}",
"deploy": "正式部署",
"deployDetail": "CD / readback{status}",
"runtime": "Runtime DB",
"runtimeDetail": "marker: {marker}",
"workItems": "Work complete",
"workItemsDetail": "{percent}% complete",
"sources": "Log sources",
"sourcesDetail": "Project, product, site, service, package, and tool",
"events": "Classified events",
"eventsDetail": "24h {recent}",
"consumer": "Consumer writeback",
"consumerDetail": "{targets} targets ready",
"runtimeDetail": "marker{marker}",
"workItems": "工作完成",
"workItemsDetail": "完成度 {percent}%",
"sources": "Log 來源",
"sourcesDetail": "專案 / 產品 / 網站 / 服務 / 套件 / 工具",
"events": "分類事件",
"eventsDetail": "24h {recent}",
"consumer": "Consumer 回寫",
"consumerDetail": "{targets} target ready",
"ok": "ok",
"degraded": "degraded"
},
@@ -11685,7 +11685,7 @@
"contextWrites": "Context receipts",
"contextWritesDetail": "target writeback receipts",
"blockers": "Active blockers",
"noBlockers": "No active blocker",
"noBlockers": " active blocker",
"targetDetail": "context writes / bindings",
"targetsMap": {
"km": "KM",
@@ -11696,22 +11696,22 @@
"aiAgent": "AI Agent"
}
},
"recent": "24h {count}",
"missing": "{count} missing",
"recent": "24h {count}",
"missing": "{count} 節點",
"closedDetail": "required stages ok",
"traceCaption": "{count} stages / {missing} missing",
"traceCaption": "{count} 節點 / {missing}",
"taxonomy": {
"sources": "Log sources",
"products": "Product scopes",
"labels": "Label dimensions",
"events": "Classified events",
"learning": "Learning sources",
"workItems": "Work items",
"productsDetail": "adapter active {active} / missing dimensions {missing}",
"workItemsDetail": "Active {active} / pending {pending} / blocked {blocked}"
"sources": "Log 來源",
"products": "產品範圍",
"labels": "貼標維度",
"events": "分類事件",
"learning": "學習來源",
"workItems": "工作項目",
"productsDetail": "adapter active {active} / 缺維度 {missing}",
"workItemsDetail": "進行 {active} / 待辦 {pending} / 阻塞 {blocked}"
},
"policy": {
"label": "Controlled risk tiers",
"label": "受控風險層",
"critical": "Critical",
"breakGlass": "break-glass"
},
@@ -11720,35 +11720,35 @@
"medium": "medium",
"high": "high"
},
"nextAction": "Next action",
"nextAction": "下一步",
"workBoard": {
"title": "Priority Work Board",
"subtitle": "{ordered} mainline items; {sources} log source families.",
"completedOfTotal": "{completed}/{total} completed",
"sourceCoverage": "Source coverage",
"sourceCoverageDetail": "Project, product, site, service, package, and tool logs are classified and labeled.",
"empty": "No work items match this filter.",
"title": "優先工作板",
"subtitle": "主線 {ordered} Log 來源 {sources} 組。",
"completedOfTotal": "完成 {completed}/{total}",
"sourceCoverage": "來源覆蓋",
"sourceCoverageDetail": "專案 / 產品 / 網站 / 服務 / 套件 / 工具 Log 已分類貼標。",
"empty": "此篩選目前沒有工作項。",
"filters": {
"all": "All",
"completed": "Completed",
"active": "Active",
"pending": "Pending",
"blocked": "Blocked"
"all": "全部",
"completed": "已完成",
"active": "進行中",
"pending": "待推進",
"blocked": "阻塞"
},
"statuses": {
"completed": "Completed",
"in_progress": "In progress",
"pending": "Pending",
"blocked": "Blocked",
"not_started": "Not started",
"unknown": "Unknown"
"completed": "已完成",
"in_progress": "進行中",
"pending": "待推進",
"blocked": "阻塞",
"not_started": "未開始",
"unknown": "未知"
}
}
},
"alerts": {
"aiLoop": {
"title": "Alert AI Loop",
"subtitle": "Alert signals are aligned to LOG / KM / RAG / MCP / PlayBook / Verifier runtime receipts.",
"title": "告警 AI Loop",
"subtitle": "告警訊號直接對齊 LOG / KM / RAG / MCP / PlayBook / Verifier runtime receipt",
"badge": "controlled automation",
"runs": "Runs",
"workItems": "Work Items",
@@ -12079,32 +12079,32 @@
"expiredDetail": "改排 AI retry / rollback / verifier不預設人工結案"
},
"logAutomation": {
"eyebrow": "LOG / KM / RAG / MCP / PlayBook Mainline",
"title": "AI Automation Writeback And Executor Queue",
"subtitle": "Reads the production executor readback directly and connects service log labels, feedback receipts, post-write verifier, controlled plan, and AI Agent next action queue into one trackable mainline.",
"refresh": "Refresh mainline",
"loadFailed": "AI automation mainline readback failed to load",
"emptyBatches": "No executor batches returned yet",
"boundary": "This panel shows the low / medium / high metadata writeback queue available to AI controlled apply. Runtime dispatch truth still comes from production readback; critical remains break-glass.",
"errorDetail": "AI automation mainline read failed: {error}",
"eyebrow": "LOG / KM / RAG / MCP / PlayBook 主線",
"title": "AI 自動化回寫與執行器隊列",
"subtitle": "直接讀取正式 API 的 executor readback把服務日誌貼標、feedback receiptpost-write verifiercontrolled plan AI Agent next action queue 串成同一條可追蹤主線。",
"refresh": "刷新主線",
"loadFailed": "AI 自動化主線 readback 載入失敗",
"emptyBatches": "尚未取得 executor batch",
"boundary": "此面板顯示 AI controlled apply 已具備的低 / 中 / 高風險 metadata writeback 隊列runtime dispatch 是否已執行仍以正式 readback 為準,critical 維持 break-glass",
"errorDetail": "AI 自動化主線讀取失敗:{error}",
"status": {
"loading": "Loading mainline",
"loading": "讀取主線",
"ready": "executor ready",
"waiting": "waiting readback",
"waiting": "等待 readback",
"error": "readback failed"
},
"metrics": {
"plans": "Writeback plans",
"plansDetail": "Verified KM / RAG / MCP / PlayBook / Agent plans.",
"batches": "Executor batches",
"batchesDetail": "ready / total batches consumable by AI Agent controlled apply.",
"selectors": "Target selectors",
"selectorsDetail": "Every writeback binds project, service, package, and tool.",
"verifiers": "Post-apply verifiers",
"verifiersDetail": "Every target batch must carry a verifier ref."
"plans": "回寫計畫",
"plansDetail": "已驗證的 KM / RAG / MCP / PlayBook / Agent plan",
"batches": "Executor 批次",
"batchesDetail": "ready / total,供 AI Agent controlled apply 消費。",
"selectors": "目標 selector",
"selectorsDetail": "每筆回寫都要綁 projectservicepackagetool",
"verifiers": "Post-apply verifier",
"verifiersDetail": "每個 target batch 都必須有 verifier ref"
},
"stages": {
"logs": "LOG labels",
"logs": "LOG 貼標",
"receipts": "Feedback receipts",
"verifier": "Post-write verifier",
"plan": "Controlled plan",
@@ -12120,20 +12120,20 @@
"unknown": "Unknown"
},
"policy": {
"controlledApply": "L/M/H controlled apply",
"ownerReview": "L/M/H controlled review",
"controlledApply": "低中高風險 controlled apply",
"ownerReview": "低中高受控審查",
"critical": "Critical",
"runtime": "Runtime dispatch",
"queue": "Next action queue",
"evidence": "Evidence chain"
},
"values": {
"on": "on",
"off": "off",
"required": "required",
"notRequired": "not required",
"performed": "performed",
"notPerformed": "not performed"
"on": "開啟",
"off": "關閉",
"required": "必要",
"notRequired": "不必要",
"performed": "已執行",
"notPerformed": "未執行"
}
},
"decisionRail": {
@@ -12167,8 +12167,8 @@
"detail": "需要 AI 補齊、retry、rollback 或 break-glass 的審批"
},
"handoff": {
"title": "Action Packages",
"detail": "Gate 5 projections, historical evidence, and AI work item backfill"
"title": "處置包",
"detail": "Gate 5、歷史證據與 AI 工作項補齊"
},
"verifier": {
"title": "驗證",
@@ -12181,7 +12181,7 @@
"detail": "找出 learning_recorded、execution_failed、AI retry / rollback 或逾時的審批。",
"cta": "查看卡點",
"meta": {
"controlledAction": "AI action package",
"controlledAction": "AI 處置包",
"executionFailed": "執行失敗 / 降級",
"learningRecorded": "卡在學習紀錄"
}
@@ -12203,7 +12203,7 @@
"meta": {
"gate5": "Gate 5 投影",
"legacy": "Legacy HITL",
"controlledAction": "AI backfill"
"controlledAction": "AI 補齊"
}
},
"guardrail": {
@@ -12218,8 +12218,8 @@
}
},
"controlledProof": {
"title": "Low / Medium / High default to AI controlled apply",
"detail": "AI action packages {packages}; Gate 5 {gate5}; historical HITL evidence {legacy}. Only critical / break-glass goes to incident-grade authorization; the rest is completed by AI selectors, check-mode, rollback, and verifiers."
"title": "低 / 中 / 高風險預設 AI controlled apply",
"detail": "AI 處置包 {packages}Gate 5 {gate5};既有 HITL 歷史證據 {legacy}critical / break-glass 才進事故級授權,其餘由 AI 補齊 selectorcheck-moderollback verifier"
}
},
"badges": {
@@ -12270,7 +12270,7 @@
"openTickets": "Tickets",
"empty": "無",
"flowTitle": "處理流程",
"handoffTitle": "Approvals And AI Action Packages",
"handoffTitle": "審批與 AI 處置包",
"timelineEmpty": "尚未取得 Incident timeline。",
"linkedExplanation": "此 Incident 已有受控決策 / timeline 關聯;若下方 AI 受控清單為空,代表它可能已完成、過期、拒絕,或已轉成 verifier / rollback / AI 補齊。",
"unlinkedExplanation": "目前沒有對應 批准 id這代表此 Incident不是等待批准的狀態應從 Work Items / Runs 追下一步。",
@@ -12279,15 +12279,15 @@
"no": "不需 AI 補齊"
},
"controlledAction": {
"yes": "AI action package pending",
"no": "AI action package clear"
"yes": "AI 處置包待補齊",
"no": "AI 處置包已清空"
},
"metrics": {
"approvals": "關聯審批",
"stage": "目前階段",
"repair": "修復狀態",
"verification": "驗證",
"handoff": "AI Action Package"
"handoff": "AI 處置包"
},
"handoff": {
"approvalIds": "Approval IDs",
@@ -12330,12 +12330,12 @@
}
},
"legacyHitl": {
"title": "Existing HITL Evidence Queue",
"subtitle": "These rows come from approval_records and are not AwoooP run approvals; keep them as historical evidence and route follow-up into AI controlled work items.",
"title": "既有 HITL 歷史證據佇列",
"subtitle": "這批來自 批准_records不屬於 AwoooP run 批准;以歷史證據保留,後續導回 AI 受控工作項。",
"openAuthorizations": "開啟授權中心",
"loadFailed": "既有 HITL backlog 載入失敗:{error}",
"tableLabel": "Existing HITL Evidence Queue",
"moreRows": "Only the latest 8 rows are shown; track the remaining {count} in the authorization center.",
"tableLabel": "既有 HITL 歷史證據佇列",
"moreRows": "只顯示最新 8 筆,其餘 {count} 筆請到授權中心追蹤。",
"noTelegram": "無 Telegram",
"telegramRef": "Telegram #{id}",
"summary": {
@@ -13236,7 +13236,7 @@
"boundary": {
"label": "目前邊界",
"state": "AI 受控推進 / critical break-glass",
"detail": "低 / 中 / 高風險走 selector、dry-run、rollback 與 verifiersecret、破壞性 DB、重啟、付費 provider 與 refs 破壞維持 break-glass。"
"detail": "低 / 中 / 高風險走 selector、dry-run、rollback 與 verifiersecret、破壞性 DB、重啟、付費 provider 與 參照 破壞維持 break-glass。"
},
"commandRail": {
"eyebrow": "控制面",
@@ -17322,7 +17322,7 @@
"handoffRuntimeGatePointer": {
"title": "執行期閘門指標包",
"body": "任何掃描、修復、主機更新或阻擋控制都必須留在獨立執行期閘門。",
"handoff": "Only mark which controlled runtime gate may be needed later.",
"handoff": "只標記後續可能需要哪一種受控執行期閘門。",
"guard": "不呼叫 Kali、不開 SSH、不更新主機、不執行修復。"
},
"handoffSourceControlPointer": {
@@ -17334,8 +17334,8 @@
}
},
"ownerResponseFormalRecordOwnerHandoffReviewBoard": {
"title": "Controlled Decision Record Handoff Checklist",
"subtitle": "Before a handoff packet enters controlled review, seven read-only acceptance checks confirm whether the data is sufficient; this is still not record-owner assignment, a formal record, break-glass approval, or execution authorization. Checks=7, passed=0, assigned=0, runtime gates=0.",
"title": "受控決策正式紀錄交接驗收清單",
"subtitle": "交接包進入受控檢查前先用七個只讀驗收項確認資料是否足夠這仍不是紀錄負責人指派、正式紀錄、break-glass 批准或執行授權。現在驗收項=7、通過=0、已指派=0、執行期閘門=0",
"checkLabel": "驗收項",
"reviewLabel": "檢查方式",
"guardLabel": "仍不會做",
@@ -17361,14 +17361,14 @@
"items": {
"packetCompleteness": {
"title": "交接包完整性",
"body": "Check whether all seven handoff packets include source, summary, limits, gaps, and follow-up controlled confirmation fields.",
"body": "檢查七個交接包是否都有來源、摘要、限制、缺口與後續受控確認欄位。",
"review": "只列出缺漏欄位與待補項目。",
"guard": "不補寫正式紀錄、不自動產生批准文字。"
},
"recordOwnerIdentityScope": {
"title": "負責人身分範圍",
"body": "檢查交接包是否說明未來紀錄負責人的角色範圍、責任邊界與可聯絡依據。",
"review": "Only confirm whether identity fields are sufficient for controlled interpretation.",
"review": "只確認身分欄位是否足夠受控判讀。",
"guard": "不代填姓名、不查外部帳號、不自動指派。"
},
"authorityBoundaryMatch": {
@@ -17385,7 +17385,7 @@
},
"reviewerNoteConfirm": {
"title": "審查備註確認",
"body": "Check whether return reasons, evidence-completion status, review notes, and unresolved items are sufficient for the next reviewer.",
"body": "檢查退回理由、補證狀態、審查備註與未決事項是否足夠讓下一位審查者接手。",
"review": "只整理既有備註是否完整。",
"guard": "不建立外部任務、不自動通知、不改審查結論。"
},
@@ -17404,8 +17404,8 @@
}
},
"ownerResponseFormalRecordOwnerHandoffReviewOutcomeBoard": {
"title": "Controlled Decision Record Handoff Outcome Routing",
"subtitle": "After handoff acceptance, outcomes only land in eight read-only routes; this is still not record-owner assignment, a formal record, break-glass approval, or execution authorization. Routes=8, ready for controlled review=0, assigned=0, runtime gates=0.",
"title": "受控決策正式紀錄交接驗收結果分流",
"subtitle": "交接驗收後只會落到八條只讀結果分流這仍不是紀錄負責人指派、正式紀錄、break-glass 批准或執行授權。現在分流=8、可進負責人檢查=0、已指派=0、執行期閘門=0",
"laneLabel": "結果分流",
"resultLabel": "分流結果",
"guardLabel": "仍不會做",
@@ -17431,7 +17431,7 @@
"items": {
"remainReviewWaiting": {
"title": "維持驗收等待",
"body": "If the handoff packet is still waiting for controlled review, the result can only remain in a waiting state.",
"body": "若交接包仍在等待受控檢查,結果只能維持等待狀態。",
"result": "只顯示仍待驗收與缺少哪一類檢查。",
"guard": "不自動通過、不建立正式紀錄、不指派負責人。"
},
@@ -17443,7 +17443,7 @@
},
"requestOwnerScopeClarification": {
"title": "要求負責人範圍說明",
"body": "If the future record owner's role, authority, or contact basis is unclear, request controlled clarification.",
"body": "若未來紀錄負責人的角色、權責或聯絡依據不清,必須要求受控說明。",
"result": "只標記需要補充哪一類負責人範圍。",
"guard": "不查外部帳號、不代填姓名、不自動指派。"
},
@@ -17454,9 +17454,9 @@
"guard": "不讀取機密明文、不保存原始載荷、不抓外部系統。"
},
"readyForRecordOwnerReview": {
"title": "Ready for Controlled Record Review",
"body": "If all acceptance checks are sufficient, the handoff packet can enter controlled record review, but this is still not an assignment.",
"result": "Only mark it ready for controlled review and wait for controlled review confirmation.",
"title": "可進受控負責人檢查",
"body": "若驗收項都足夠,交接包可以進入受控紀錄負責人檢查,但仍不是指派。",
"result": "只標記可進受控檢查,等待 controlled review 確認。",
"guard": "不自動升格、不建立正式紀錄、不建立審批紀錄。"
},
"quarantineSensitivePayload": {
@@ -17480,8 +17480,8 @@
}
},
"ownerResponseFormalRecordOwnerReviewPreparationBoard": {
"title": "Controlled Decision Record Owner Review Preparation Packets",
"subtitle": "If the handoff outcome can enter controlled review, only eight preparation packets are assembled before controlled review; this is not record-owner assignment, a formal record, break-glass approval, or execution authorization. Packets=8, review-ready=0, assigned=0, runtime gates=0.",
"title": "受控決策正式紀錄負責人檢查準備包",
"subtitle": "交接驗收結果若可進負責人檢查仍只能整理受控檢查前需要看的八個準備包這不是紀錄負責人指派、正式紀錄、break-glass 批准或執行授權。現在準備包=8、可檢查=0、已指派=0、執行期閘門=0",
"packetLabel": "準備包",
"prepareLabel": "準備方式",
"guardLabel": "仍不會做",
@@ -20849,7 +20849,7 @@
"sourceRepo": {
"title": "版本來源與 dirty workspace 判定",
"missing": "本機 repo 有 51 個修改或未追蹤項目;尚未判定 WIP、release candidate 與 canonical remote。",
"next": "先收 refs truth 與 dirty workspace disposition不得 push、rebase、同步 refs 或改 workflow。"
"next": "先收 參照 truth 與 dirty workspace disposition不得 push、rebase、同步 參照 或改 workflow。"
},
"deployBoundary": {
"title": "部署邊界與回復條件",
@@ -21279,7 +21279,7 @@
"waiting_redacted_counts": "待脫敏計數",
"waiting_per_host_matrix": "待逐主機矩陣",
"waiting_time_window": "待時間窗",
"waiting_health_refs": "待健康參照",
"waiting_health_參照": "待健康參照",
"reject_sensitive_payloads": "拒收敏感內容",
"waiting_owner_decision": "待負責人決策",
"runtime_closed": "執行期關閉"
@@ -21409,7 +21409,7 @@
"wazuhManagerRegistryReviewerValidation": {
"eyebrow": "Wazuh manager registry reviewer validation",
"title": "Owner export 進來後,先由 reviewer 驗收脫敏清單",
"subtitle": "這張卡固定 Wazuh manager registry owner export 的驗收規則欄位、計數、公開別名矩陣、Dashboard API 修復讀回、唯讀 credential metadata、拒收內容與下一個 Gate 都先可視化;目前已有一筆脫敏 evidence refs 通過 reviewer validation但仍不開 runtime。",
"subtitle": "這張卡固定 Wazuh manager registry owner export 的驗收規則欄位、計數、公開別名矩陣、Dashboard API 修復讀回、唯讀 credential metadata、拒收內容與下一個 Gate 都先可視化;目前已有一筆脫敏 evidence 參照 通過 reviewer validation但仍不開 runtime。",
"loadingBoundary": "正在讀取 Wazuh manager registry reviewer validation API",
"validationEndpointLabel": "脫敏 owner export 驗證端點",
"validationModeLabel": "驗證模式",
@@ -21423,7 +21423,7 @@
"checksLoading": "正在讀取 reviewer checks。",
"checksFallback": "Reviewer checks 尚未由正式 API 讀回,維持 fallback 停止線。",
"boundaryTitle": "Reviewer validation 停止線",
"boundaryIntro": "以下鍵值固定reviewer validation passed 只代表脫敏 evidence refs 通過 no-persist 驗證accepted 不代表 manager registry accepted、主動回應流程、agent restart、主機變更、機密輪替或 runtime gate 已授權。",
"boundaryIntro": "以下鍵值固定reviewer validation passed 只代表脫敏 evidence 參照 通過 no-persist 驗證accepted 不代表 manager registry accepted、主動回應流程、agent restart、主機變更、機密輪替或 runtime gate 已授權。",
"status": {
"loading": "正在讀取 Wazuh manager registry reviewer validation",
"failed": "Wazuh manager registry reviewer validation API 尚未部署或讀取失敗",
@@ -21444,7 +21444,7 @@
},
"passed": {
"label": "Reviewer passed",
"detail": "一筆脫敏 owner export refs 已通過 no-persist reviewer validation。"
"detail": "一筆脫敏 owner export 參照 已通過 no-persist reviewer validation。"
},
"postEnable": {
"label": "Post-enable",
@@ -21464,7 +21464,7 @@
},
"received": {
"label": "已收 export",
"detail": "已收到一筆 owner-provided redacted registry export refs。"
"detail": "已收到一筆 owner-provided redacted registry export 參照。"
},
"accepted": {
"label": "已接受",
@@ -21647,7 +21647,7 @@
},
"signals": {
"label": "訊號源",
"detail": "12 條訊號源等待 owner 提供脫敏 evidence refs。"
"detail": "12 條訊號源等待 owner 提供脫敏 evidence 參照。"
},
"runtimeGate": {
"label": "執行期",
@@ -21661,7 +21661,7 @@
},
"wazuhSiem": {
"title": "Wazuh SIEM 待收件",
"body": "manager、agent、FIM、rule、decoder 與 event refs 只能用脫敏參照進入 IwoooS不接 raw payload。"
"body": "manager、agent、FIM、rule、decoder 與 event 參照 只能用脫敏參照進入 IwoooS不接 raw payload。"
},
"kali112": {
"title": "資安觀測節點 維持只讀",
@@ -21734,7 +21734,7 @@
},
"hostForensics": {
"title": "主機入侵不能只靠宣稱",
"body": "需要 Wazuh event、auth、process、network、FIM、package、persistence、containment 與 recovery proof refs。"
"body": "需要 Wazuh event、auth、process、network、FIM、package、persistence、containment 與 recovery proof 參照。"
},
"gatewayNginx": {
"title": "Nginx 入口先收 live diff",
@@ -21746,7 +21746,7 @@
},
"hostRuntime": {
"title": "Docker 與 systemd 要收 runtime 證據",
"body": "需要 daemon、unit、process、port binding、dependency、recovery proof 與 postcheck refs,避免只靠 route 回 200 誤判。"
"body": "需要 daemon、unit、process、port binding、dependency、recovery proof 與 postcheck 參照,避免只靠 route 回 200 誤判。"
},
"alertReceipt": {
"title": "告警要能收件與行動",
@@ -21765,7 +21765,7 @@
"securityAssetControlLedger": {
"eyebrow": "P0-A 資安資產控制總帳",
"title": "把主機、入口、版本來源、監控、Wazuh、Kali 與供應鏈收成一張總帳",
"subtitle": "這張卡把 16 個資安資產群組、64 個 evidence refs 與 24 個 owner 必填欄位收成 P0-A 只讀總帳;目前只顯示脫敏群組、缺口與 0/false 邊界,不讀 live 主機、不呼叫 Wazuh / Kali、不執行掃描、封鎖、reload 或部署。",
"subtitle": "這張卡把 16 個資安資產群組、64 個 evidence 參照 與 24 個 owner 必填欄位收成 P0-A 只讀總帳;目前只顯示脫敏群組、缺口與 0/false 邊界,不讀 live 主機、不呼叫 Wazuh / Kali、不執行掃描、封鎖、reload 或部署。",
"checkLabel": "檢核",
"stateLabel": "狀態",
"boundaryTitle": "資安資產總帳邊界",
@@ -21781,7 +21781,7 @@
},
"evidenceRefs": {
"label": "證據參照",
"detail": "64 個 committed evidence refs 全部存在,缺失為 0。"
"detail": "64 個 committed evidence 參照 全部存在,缺失為 0。"
},
"runtimeGate": {
"label": "執行期",
@@ -21803,7 +21803,7 @@
},
"wazuhKali": {
"title": "Wazuh / Kali 維持證據收件",
"body": "Wazuh event refs、Kali scope、health 與 finding envelope 仍待補主動回應流程、active scan 與 /execute 仍未授權。"
"body": "Wazuh event 參照、Kali scope、health 與 finding envelope 仍待補主動回應流程、active scan 與 /execute 仍未授權。"
},
"alertBackup": {
"title": "告警與復原避免假綠燈",
@@ -21972,7 +21972,7 @@
},
"canonicalFields": {
"title": "欄位對齊 S4.9 envelope",
"body": "owner role / team、decision、decision reason、affected scope、redacted evidence refs、followup owner、rollback owner、maintenance window 與 validation plan 已成為 packet 欄位。"
"body": "owner role / team、decision、decision reason、affected scope、redacted evidence 參照、followup owner、rollback owner、maintenance window 與 validation plan 已成為 packet 欄位。"
},
"requestState": {
"title": "尚未送出 owner request",

View File

@@ -229,7 +229,7 @@
},
"credential_escrow": {
"title": "P0-005 credential escrow",
"description": "已收斂 non-secret evidence refs 與 reviewer acceptance readback不寫 credential marker、不收 secret。",
"description": "已收斂 non-secret evidence 參照 與 reviewer acceptance readback不寫 credential marker、不收 secret。",
"metric": "evidence {accepted}/{required}"
},
"gitea": {
@@ -251,7 +251,7 @@
"boundaries": {
"secret": "不收機密明文、授權憑證、瀏覽器憑證或私有存取材料。",
"production": "不直接改 production runtime、public gateway、Nginx、Docker、K8s 或 firewall。",
"repo": "不直接建立 repo、改 visibility、sync refs、force push 或 trigger workflowGitHub 維持 stopped / do_not_use。",
"repo": "不直接建立 repo、改 visibility、sync 參照、force push 或 trigger workflowGitHub 維持 stopped / do_not_use。",
"data": "不直接做資料庫、backup、restore 或 migration 寫操作。",
"security": "不啟動 Wazuh / Kali 主動回應流程、active scan 或 host containment。"
},
@@ -978,7 +978,7 @@
},
"sourceDossier": {
"title": "Sentry / SigNoz 來源卷宗證據",
"detail": "最近來源 {sources} 筆Sentry refs {sentry}、SigNoz refs {signoz},用 provider 篩選驗證,不再被整體樣本誤判。"
"detail": "最近來源 {sources} 筆Sentry 參照 {sentry}、SigNoz 參照 {signoz},用 provider 篩選驗證,不再被整體樣本誤判。"
},
"callbackEvidence": {
"title": "Telegram 詳情 / 歷史 DB 真相鏈",
@@ -1212,8 +1212,8 @@
"kmBurndown": "/api/v1/ai/governance/km-stale-owner-review-burndown"
},
"signal": {
"metric": "來源 {sources} / refs {refs}",
"detail": "missing refs {missing}duplicates {duplicates}Alert {alert} / Sentry(provider) {sentry} / SigNoz(provider) {signoz}"
"metric": "來源 {sources} / 參照 {參照}",
"detail": "missing 參照 {missing}duplicates {duplicates}Alert {alert} / Sentry(provider) {sentry} / SigNoz(provider) {signoz}"
},
"intake": {
"metric": "Runs {runs} / linked {linked}",
@@ -9129,7 +9129,7 @@
"enforcerDetail": "apply={apply} · metadata-only={metadata}",
"drainGuard": "Drain guard",
"drainGuardValue": "active={active} / staging={staging}",
"blockers": "阻塞={count}",
"blockers": "阻塞={count}",
"jobs": "Jobs / lane",
"jobsValue": "jobs={jobs} / lane={lane}",
"restoreSources": "restore sources={count}",
@@ -9214,7 +9214,7 @@
},
"inProgress": {
"title": "自動化資產正在補齊,仍需追蹤候選品質",
"detail": "優先確認候選是否有證據 refs、安全路由、回滾計畫與修復後驗證。"
"detail": "優先確認候選是否有證據 參照、安全路由、回滾計畫與修復後驗證。"
},
"watching": {
"title": "目前沒有明顯 AI 受控卡點,持續觀察資料新鮮度",
@@ -9525,7 +9525,7 @@
}
},
"gates": {
"sourceDossier": "入站告警必須能查到 received / incident_linked / 來源 refs",
"sourceDossier": "入站告警必須能查到 received / incident_linked / 來源 參照",
"autoRepair": "必須同時有 auto_repair、verification_result=success與KM 回寫",
"recurrenceWorkItems": "Run 完成無修復、修復失敗與 AI 受控佇列必須進入可追蹤工作項",
"aiRouteRepairWorkItem": "Provider lane 降級時必須顯示 evidence、owner、PlayBook候選與是否可自動修復",
@@ -9632,7 +9632,7 @@
"githubPrimaryReadiness": "候選專案庫={candidates};範圍內={inScope};主要來源就緒={ready}",
"githubPrimaryOwnerResponses": "負責人回覆仍為 0/22請求可送出不等於已接受",
"githubPrimaryWorkflowNames": "工作流程 / 機密名稱清冊完成=0/7只收名稱不收機密明文值",
"githubPrimaryBoundary": "未核准建立專案庫、同步 refs、切換 GitHub primary 或停用 Gitea。",
"githubPrimaryBoundary": "未核准建立專案庫、同步 參照、切換 GitHub primary 或停用 Gitea。",
"ownerResponseValidation": "回覆包={packets};範本={templates};已收到={received};已接受={accepted};已拒收={rejected}",
"ownerResponseValidationChecks": "跨包驗收={crossPacket};證據路由={routing};顯示區塊={sections}",
"ownerResponseValidationBoundary": "不建立審批紀錄、不切主要來源、不開執行期閘門"
@@ -10243,7 +10243,7 @@
},
"fields": {
"target_selector": "Target selector",
"mcp_evidence_refs": "MCP 證據",
"mcp_evidence_參照": "MCP 證據",
"route_id": "Route",
"repair_command_template": "修復模板",
"rollback_command_template": "Rollback",
@@ -10297,7 +10297,7 @@
"required": {
"alertname": "告警名稱與觸發條件,避免把不同服務的症狀混用。",
"target_selector": "命名空間、Pod、Deployment、host 或服務選擇器。",
"mcp_evidence_refs": "MCP / Sentry / SigNoz / K8s / log 證據參照。",
"mcp_evidence_參照": "MCP / Sentry / SigNoz / K8s / log 證據參照。",
"repair_command": "受控修復命令或 Ansible playbook不能是純診斷命令。",
"rollback_command": "修復失敗時的回滾或安全停止方案。",
"verifier_plan": "修復後如何驗證成功、失敗與是否要升級 AI 補齊或 break-glass。",
@@ -10380,10 +10380,10 @@
"matchedIncident": "配對目標:{incident}",
"stage": "階段:{stage}",
"sourceEvent": "來源事件:{event}",
"sourceRefs": "來源 refs{refs}Sentry {sentry} / SignOz {signoz}",
"sourceRefs": "來源 參照:{參照}Sentry {sentry} / SignOz {signoz}",
"sourceFlow": {
"label": "來源流程:{status}",
"detail": "參照={refs}Sentry={sentry}SigNoz={signoz};事件={event}",
"detail": "參照={參照}Sentry={sentry}SigNoz={signoz};事件={event}",
"statuses": {
"applied": "已套用",
"reviewed": "覆核已記錄",
@@ -10633,15 +10633,15 @@
"refs": "關聯索引",
"missingRefs": "缺關聯",
"duplicates": "重複事件",
"sentry": "Sentry refs",
"signoz": "SignOz refs"
"sentry": "Sentry 參照",
"signoz": "SignOz 參照"
},
"details": {
"latest": "最新 {time}",
"withRefs": "{count} 筆含 來源 refs",
"withRefs": "{count} 筆含 來源 參照",
"missingEnvelope": "{count} 筆缺 來源 envelope",
"redacted": "{count} 筆已 redacted",
"alertRefs": "{count} 個 alert refs",
"alertRefs": "{count} 個 alert 參照",
"limit": "最近 {count} 筆視窗"
},
"provider": {
@@ -10770,8 +10770,8 @@
"error": "Callback evidence 載入失敗:{error}",
"summary": {
"outbound": "出站鏡像",
"outboundDetail": "來源_refs {sourceRefs}trace refs {traceRefs}incident refs {incidentRefs};覆蓋 {coverage}",
"outboundReplyMarkupDetail": "reply_markup {replyMarkup};缺 trace refs {missingTraceRefs};缺 incident refs {missingIncidentRefs}",
"outboundDetail": "來源_參照 {sourceRefs}trace 參照 {traceRefs}incident 參照 {incidentRefs};覆蓋 {coverage}",
"outboundReplyMarkupDetail": "reply_markup {replyMarkup};缺 trace 參照 {missingTraceRefs};缺 incident 參照 {missingIncidentRefs}",
"outboundReplyMarkupTraceFreshness": "缺 trace 活躍度1h {recent1h} / 24h {recent24h} / 最新 {latest}",
"outboundReplyMarkupTraceDecision": "缺 trace 判讀:{status};下一步:{action}",
"outboundReplyMarkupTraceRecovery": "缺 trace 復原訊號:{status}gap 後 traced {count};首筆 {first};最新 {latest}",
@@ -10806,7 +10806,7 @@
},
"traceGapNextActions": {
"none": "不需補動作",
"inspect_recent_outbound_source_refs": "檢查近 1 小時 outbound 來源_refs",
"inspect_recent_outbound_source_參照": "檢查近 1 小時 outbound 來源_參照",
"watch_24h_decay": "觀察 24 小時窗口自然歸零",
"backfill_or_archive_legacy_callbacks": "歸檔或回補舊 callback 缺口",
"observed": "等待下一次 outbound evidence"
@@ -10833,7 +10833,7 @@
"press_telegram_detail_or_history": "按一次 Telegram 詳情 / 歷史產生 callback evidence",
"press_telegram_detail_or_history_after_rollout": "重新按 Telegram 詳情 / 歷史補新版 snapshot",
"review_legacy_callback_snapshot_gap": "新版已捕捉;舊 callback 缺 snapshot不需重複按",
"review_outbound_source_refs": "檢查 outbound 來源_refs 缺口",
"review_outbound_source_參照": "檢查 outbound 來源_參照 缺口",
"observed": "等待下一次 callback evidence"
}
},
@@ -11157,7 +11157,7 @@
"incidentRef": "Incident 參照",
"routeId": "受控路由",
"dryRunEvidence": "乾跑證據",
"mcpEvidenceRefs": "MCP 證據 refs",
"mcpEvidenceRefs": "MCP 證據 參照",
"ownerApprovalReceipt": "Owner 放行回執",
"maintenanceWindow": "維護窗口",
"rollbackOwner": "Rollback Owner",
@@ -11484,11 +11484,11 @@
"unknown": "待負責人補證"
},
"sourceActions": {
"refsParity": "先取得分支 / 標籤參照一致性、部署真相來源與 rollback owner 的脫敏證據;未接受前不得同步 refs 或切主來源。",
"refsParity": "先取得分支 / 標籤參照一致性、部署真相來源與 rollback owner 的脫敏證據;未接受前不得同步 參照 或切主來源。",
"targetDecision": "先取得 GitHub 目標、可見性、標準負責人與後續 owner 的脫敏回覆;未接受前不得建立專案庫或改可見性。",
"internalRemoteDecision": "先確認內部 remote 用途、維運 owner、移除或保留理由與 rollback 方式;未接受前不得改 remote、workflow 或 secret。",
"scopeReview": "先確認是否納入 IwoooS 管控範圍;未接受前只保留觀測,不升級為主來源候選。",
"unknown": "先補 owner role / team、decision、decision reason、affected scope 與 redacted evidence refs。"
"unknown": "先補 owner role / team、decision、decision reason、affected scope 與 redacted evidence 參照。"
}
},
"securityTenantScopeCandidate": {
@@ -11560,7 +11560,7 @@
"sourceScopeWaiting": "租戶原始碼範圍仍等待正式負責人回覆。",
"ownerResponseWaiting": "專案庫負責人回覆尚未接受;此欄位只作 evidence不阻擋低 / 中 / 高風險 controlled apply。",
"repoCreationLocked": "未取得正式決策前,不建立 GitHub 專案庫或修改可見性。",
"refsMutationLocked": "未取得分支 / 標籤真相證據前,不同步或修改 refs。",
"refsMutationLocked": "未取得分支 / 標籤真相證據前,不同步或修改 參照。",
"githubPrimaryLocked": "GitHub primary 尚未核准切換。",
"giteaDisableLocked": "Gitea 不得停用,仍是目前 CI/CD 來源。",
"tenantPolicyLocked": "租戶政策與遷移模式不得因就緒度顯示而改變。",
@@ -13236,7 +13236,7 @@
"boundary": {
"label": "目前邊界",
"state": "AI 受控推進 / critical break-glass",
"detail": "低 / 中 / 高風險走 selector、dry-run、rollback 與 verifiersecret、破壞性 DB、重啟、付費 provider 與 refs 破壞維持 break-glass。"
"detail": "低 / 中 / 高風險走 selector、dry-run、rollback 與 verifiersecret、破壞性 DB、重啟、付費 provider 與 參照 破壞維持 break-glass。"
},
"commandRail": {
"eyebrow": "控制面",
@@ -20849,7 +20849,7 @@
"sourceRepo": {
"title": "版本來源與 dirty workspace 判定",
"missing": "本機 repo 有 51 個修改或未追蹤項目;尚未判定 WIP、release candidate 與 canonical remote。",
"next": "先收 refs truth 與 dirty workspace disposition不得 push、rebase、同步 refs 或改 workflow。"
"next": "先收 參照 truth 與 dirty workspace disposition不得 push、rebase、同步 參照 或改 workflow。"
},
"deployBoundary": {
"title": "部署邊界與回復條件",
@@ -21279,7 +21279,7 @@
"waiting_redacted_counts": "待脫敏計數",
"waiting_per_host_matrix": "待逐主機矩陣",
"waiting_time_window": "待時間窗",
"waiting_health_refs": "待健康參照",
"waiting_health_參照": "待健康參照",
"reject_sensitive_payloads": "拒收敏感內容",
"waiting_owner_decision": "待負責人決策",
"runtime_closed": "執行期關閉"
@@ -21409,7 +21409,7 @@
"wazuhManagerRegistryReviewerValidation": {
"eyebrow": "Wazuh manager registry reviewer validation",
"title": "Owner export 進來後,先由 reviewer 驗收脫敏清單",
"subtitle": "這張卡固定 Wazuh manager registry owner export 的驗收規則欄位、計數、公開別名矩陣、Dashboard API 修復讀回、唯讀 credential metadata、拒收內容與下一個 Gate 都先可視化;目前已有一筆脫敏 evidence refs 通過 reviewer validation但仍不開 runtime。",
"subtitle": "這張卡固定 Wazuh manager registry owner export 的驗收規則欄位、計數、公開別名矩陣、Dashboard API 修復讀回、唯讀 credential metadata、拒收內容與下一個 Gate 都先可視化;目前已有一筆脫敏 evidence 參照 通過 reviewer validation但仍不開 runtime。",
"loadingBoundary": "正在讀取 Wazuh manager registry reviewer validation API",
"validationEndpointLabel": "脫敏 owner export 驗證端點",
"validationModeLabel": "驗證模式",
@@ -21423,7 +21423,7 @@
"checksLoading": "正在讀取 reviewer checks。",
"checksFallback": "Reviewer checks 尚未由正式 API 讀回,維持 fallback 停止線。",
"boundaryTitle": "Reviewer validation 停止線",
"boundaryIntro": "以下鍵值固定reviewer validation passed 只代表脫敏 evidence refs 通過 no-persist 驗證accepted 不代表 manager registry accepted、主動回應流程、agent restart、主機變更、機密輪替或 runtime gate 已授權。",
"boundaryIntro": "以下鍵值固定reviewer validation passed 只代表脫敏 evidence 參照 通過 no-persist 驗證accepted 不代表 manager registry accepted、主動回應流程、agent restart、主機變更、機密輪替或 runtime gate 已授權。",
"status": {
"loading": "正在讀取 Wazuh manager registry reviewer validation",
"failed": "Wazuh manager registry reviewer validation API 尚未部署或讀取失敗",
@@ -21444,7 +21444,7 @@
},
"passed": {
"label": "Reviewer passed",
"detail": "一筆脫敏 owner export refs 已通過 no-persist reviewer validation。"
"detail": "一筆脫敏 owner export 參照 已通過 no-persist reviewer validation。"
},
"postEnable": {
"label": "Post-enable",
@@ -21464,7 +21464,7 @@
},
"received": {
"label": "已收 export",
"detail": "已收到一筆 owner-provided redacted registry export refs。"
"detail": "已收到一筆 owner-provided redacted registry export 參照。"
},
"accepted": {
"label": "已接受",
@@ -21647,7 +21647,7 @@
},
"signals": {
"label": "訊號源",
"detail": "12 條訊號源等待 owner 提供脫敏 evidence refs。"
"detail": "12 條訊號源等待 owner 提供脫敏 evidence 參照。"
},
"runtimeGate": {
"label": "執行期",
@@ -21661,7 +21661,7 @@
},
"wazuhSiem": {
"title": "Wazuh SIEM 待收件",
"body": "manager、agent、FIM、rule、decoder 與 event refs 只能用脫敏參照進入 IwoooS不接 raw payload。"
"body": "manager、agent、FIM、rule、decoder 與 event 參照 只能用脫敏參照進入 IwoooS不接 raw payload。"
},
"kali112": {
"title": "資安觀測節點 維持只讀",
@@ -21734,7 +21734,7 @@
},
"hostForensics": {
"title": "主機入侵不能只靠宣稱",
"body": "需要 Wazuh event、auth、process、network、FIM、package、persistence、containment 與 recovery proof refs。"
"body": "需要 Wazuh event、auth、process、network、FIM、package、persistence、containment 與 recovery proof 參照。"
},
"gatewayNginx": {
"title": "Nginx 入口先收 live diff",
@@ -21746,7 +21746,7 @@
},
"hostRuntime": {
"title": "Docker 與 systemd 要收 runtime 證據",
"body": "需要 daemon、unit、process、port binding、dependency、recovery proof 與 postcheck refs,避免只靠 route 回 200 誤判。"
"body": "需要 daemon、unit、process、port binding、dependency、recovery proof 與 postcheck 參照,避免只靠 route 回 200 誤判。"
},
"alertReceipt": {
"title": "告警要能收件與行動",
@@ -21765,7 +21765,7 @@
"securityAssetControlLedger": {
"eyebrow": "P0-A 資安資產控制總帳",
"title": "把主機、入口、版本來源、監控、Wazuh、Kali 與供應鏈收成一張總帳",
"subtitle": "這張卡把 16 個資安資產群組、64 個 evidence refs 與 24 個 owner 必填欄位收成 P0-A 只讀總帳;目前只顯示脫敏群組、缺口與 0/false 邊界,不讀 live 主機、不呼叫 Wazuh / Kali、不執行掃描、封鎖、reload 或部署。",
"subtitle": "這張卡把 16 個資安資產群組、64 個 evidence 參照 與 24 個 owner 必填欄位收成 P0-A 只讀總帳;目前只顯示脫敏群組、缺口與 0/false 邊界,不讀 live 主機、不呼叫 Wazuh / Kali、不執行掃描、封鎖、reload 或部署。",
"checkLabel": "檢核",
"stateLabel": "狀態",
"boundaryTitle": "資安資產總帳邊界",
@@ -21781,7 +21781,7 @@
},
"evidenceRefs": {
"label": "證據參照",
"detail": "64 個 committed evidence refs 全部存在,缺失為 0。"
"detail": "64 個 committed evidence 參照 全部存在,缺失為 0。"
},
"runtimeGate": {
"label": "執行期",
@@ -21803,7 +21803,7 @@
},
"wazuhKali": {
"title": "Wazuh / Kali 維持證據收件",
"body": "Wazuh event refs、Kali scope、health 與 finding envelope 仍待補主動回應流程、active scan 與 /execute 仍未授權。"
"body": "Wazuh event 參照、Kali scope、health 與 finding envelope 仍待補主動回應流程、active scan 與 /execute 仍未授權。"
},
"alertBackup": {
"title": "告警與復原避免假綠燈",
@@ -21972,7 +21972,7 @@
},
"canonicalFields": {
"title": "欄位對齊 S4.9 envelope",
"body": "owner role / team、decision、decision reason、affected scope、redacted evidence refs、followup owner、rollback owner、maintenance window 與 validation plan 已成為 packet 欄位。"
"body": "owner role / team、decision、decision reason、affected scope、redacted evidence 參照、followup owner、rollback owner、maintenance window 與 validation plan 已成為 packet 欄位。"
},
"requestState": {
"title": "尚未送出 owner request",

View File

@@ -70,8 +70,10 @@ export function CommandPalette() {
setOpen(false)
}
const productNavigationItems = PRODUCT_NAV_SECTIONS.flatMap(section => section.items)
const navigationSources: PaletteNavSource[] = [
...PRODUCT_NAV_SECTIONS.flatMap(section => section.items.flatMap(item => [
...productNavigationItems.flatMap(item => [
item,
...(item.children ?? []).map(child => ({
...child,
@@ -80,7 +82,7 @@ export function CommandPalette() {
parentId: item.id,
surface: 'secondary' as const,
})),
])),
]),
...PRODUCT_BOTTOM_NAV_ITEMS,
]

View File

@@ -129,6 +129,18 @@
**下一步**
- commit / push Gitea `main` 後讀回 CD接續目前 active P0110 Stock/Postgres hot pressure 的 read-only evidence / source freshness / query attribution。
## 2026-07-02 — 14:08 Telegram workflow 直送 fallback 收斂到 AWOOI API / AwoooP
**完成內容**
- 6 個 Gitea workflow 的 Telegram direct fallback 已移除:`.gitea/workflows/cd.yaml``cd-dev.yaml``code-review.yaml``deploy-alerts.yaml``e2e-health.yaml``run-migration.yml`
- workflow 通知仍先走 `scripts/ci/notify-awoooi-cicd.sh` → AWOOI Alertmanager webhook → TelegramGateway / AwoooP若 AWOOI API 通知失敗,只留下 CI log evidence不再旁路直打 Telegram Bot API。
- Telegram egress scanner 讀回已從 `direct_bot_api_call_count=18` / `workflow_direct_bot_api_call_count=13` 收斂為 `direct_bot_api_call_count=5` / `workflow_direct_bot_api_call_count=0`;剩餘缺口為 ops script `4` 與 API direct `1`
- `agent-report-truth-actionability-review` regression 更新為 direct `5`、workflow `0`、ops `4`、API `1`、route finding `9`,避免 UI/API 繼續展示舊 18 條 workflow 旁路。
**仍維持**
- 未使用 GitHub / `gh` / GitHub API未讀 secret / token / `.env` / raw sessions / SQLite / auth未送 Telegram未觸發 workflow未對 production DB 寫入。
- 剩餘 5 個 direct Bot API path 尚未宣告完成:必須下一批收斂到 AWOOI API / TelegramGateway 或建立 redacted DB receipt、AI controlled route、KM / PlayBook / verifier writeback。
## 2026-07-02 — 13:34 統帥插入需求升級為 API/UI 工作項讀回
**完成內容**

View File

@@ -1,29 +1,29 @@
{
"schema_version": "telegram_notification_egress_migration_plan_draft_v1",
"generated_at": "2026-06-18T23:00:00+08:00",
"git_commit": "f171ffc2",
"generated_at": "2026-07-02T14:24:46+08:00",
"git_commit": "f9469bcc2",
"status": "migration_plan_draft_ready_no_runtime_action",
"mode": "metadata_only_no_workflow_script_api_change_no_telegram_send",
"source_snapshot": "docs/security/telegram-notification-egress-owner-request-draft.snapshot.json",
"source_schema_version": "telegram_notification_egress_owner_request_draft_v1",
"source_status": "owner_request_draft_ready_no_dispatch_no_runtime_action",
"summary": {
"source_request_draft_count": 11,
"source_direct_bot_api_call_count": 18,
"migration_candidate_count": 11,
"workflow_migration_candidate_count": 6,
"source_request_draft_count": 5,
"source_direct_bot_api_call_count": 5,
"migration_candidate_count": 5,
"workflow_migration_candidate_count": 0,
"ops_script_migration_candidate_count": 4,
"api_direct_migration_candidate_count": 1,
"proposed_wave_count": 3,
"proposed_wave_count": 2,
"plan_field_count": 17,
"reviewer_check_count": 15,
"outcome_lane_count": 9,
"blocked_action_count": 21,
"owner_response_required_count": 11,
"maintenance_window_required_count": 11,
"rollback_owner_required_count": 11,
"postcheck_required_count": 11,
"delivery_receipt_required_count": 11,
"owner_response_required_count": 5,
"maintenance_window_required_count": 5,
"rollback_owner_required_count": 5,
"postcheck_required_count": 5,
"delivery_receipt_required_count": 5,
"owner_response_received_count": 0,
"owner_response_accepted_count": 0,
"migration_authorized_count": 0,
@@ -52,605 +52,10 @@
"not_authorization": true
},
"proposed_waves": [
"wave_1_workflow_notification_wrapper",
"wave_2_ops_notification_wrapper",
"wave_3_api_sender_gateway"
],
"migration_candidates": [
{
"migration_candidate_id": "telegram_notification_egress_migration:.gitea/workflows/cd-dev.yaml",
"source_request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_cd_dev_yaml",
"source_path": ".gitea/workflows/cd-dev.yaml",
"surface_kind": "gitea_workflow_direct_bot_api",
"direct_call_count": 3,
"proposed_wave": "wave_1_workflow_notification_wrapper",
"proposed_target": "scripts/ci/notify-awoooi-cicd.sh or AWOOI Alertmanager webhook",
"proposed_change_summary": "Replace direct workflow Bot API send with normalized CI/CD notification wrapper after owner approval.",
"plan_fields": [
"migration_candidate_id",
"source_request_draft_id",
"source_path",
"surface_kind",
"direct_call_count",
"proposed_wave",
"proposed_target",
"proposed_change_summary",
"required_owner_response_ref",
"required_maintenance_window",
"required_rollback_owner",
"required_postcheck_ref",
"required_delivery_receipt_ref",
"required_no_secret_value_attestation",
"required_no_raw_payload_attestation",
"required_no_false_green_attestation",
"not_authorization"
],
"reviewer_checks": [
"source_owner_request_draft_current",
"owner_response_required_before_change",
"maintenance_window_required_before_change",
"rollback_owner_required_before_change",
"delivery_receipt_plan_required",
"postcheck_plan_required",
"redaction_contract_required",
"break_glass_fallback_explicit",
"no_secret_value_required",
"no_raw_payload_required",
"no_false_green_required",
"workflow_changes_separate_from_docs",
"script_changes_separate_from_docs",
"api_sender_refactor_separate_from_docs",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"draft_waiting_owner_response",
"ready_for_workflow_migration_review",
"ready_for_ops_script_migration_review",
"ready_for_api_sender_migration_review",
"request_missing_owner_response",
"request_missing_maintenance_or_rollback",
"reject_secret_or_raw_payload",
"reject_false_green_claim",
"waiting_runtime_gate"
],
"blocked_actions": [
"modify_workflow",
"modify_ops_script",
"refactor_api_sender",
"send_telegram",
"call_bot_api",
"dispatch_workflow",
"trigger_cd",
"deploy_production",
"read_secret_store",
"collect_secret_value",
"collect_secret_hash",
"collect_partial_token",
"store_raw_payload",
"store_unredacted_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"accept_cd_success_as_delivery_receipt",
"accept_route_200_as_notification_delivery",
"open_runtime_gate",
"add_action_button"
],
"owner_response_required": true,
"maintenance_window_required": true,
"rollback_owner_required": true,
"postcheck_required": true,
"delivery_receipt_required": true,
"owner_response_received": false,
"owner_response_accepted": false,
"migration_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"api_sender_refactor_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"migration_candidate_id": "telegram_notification_egress_migration:.gitea/workflows/cd.yaml",
"source_request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_cd_yaml",
"source_path": ".gitea/workflows/cd.yaml",
"surface_kind": "gitea_workflow_direct_bot_api",
"direct_call_count": 5,
"proposed_wave": "wave_1_workflow_notification_wrapper",
"proposed_target": "scripts/ci/notify-awoooi-cicd.sh or AWOOI Alertmanager webhook",
"proposed_change_summary": "Replace direct workflow Bot API send with normalized CI/CD notification wrapper after owner approval.",
"plan_fields": [
"migration_candidate_id",
"source_request_draft_id",
"source_path",
"surface_kind",
"direct_call_count",
"proposed_wave",
"proposed_target",
"proposed_change_summary",
"required_owner_response_ref",
"required_maintenance_window",
"required_rollback_owner",
"required_postcheck_ref",
"required_delivery_receipt_ref",
"required_no_secret_value_attestation",
"required_no_raw_payload_attestation",
"required_no_false_green_attestation",
"not_authorization"
],
"reviewer_checks": [
"source_owner_request_draft_current",
"owner_response_required_before_change",
"maintenance_window_required_before_change",
"rollback_owner_required_before_change",
"delivery_receipt_plan_required",
"postcheck_plan_required",
"redaction_contract_required",
"break_glass_fallback_explicit",
"no_secret_value_required",
"no_raw_payload_required",
"no_false_green_required",
"workflow_changes_separate_from_docs",
"script_changes_separate_from_docs",
"api_sender_refactor_separate_from_docs",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"draft_waiting_owner_response",
"ready_for_workflow_migration_review",
"ready_for_ops_script_migration_review",
"ready_for_api_sender_migration_review",
"request_missing_owner_response",
"request_missing_maintenance_or_rollback",
"reject_secret_or_raw_payload",
"reject_false_green_claim",
"waiting_runtime_gate"
],
"blocked_actions": [
"modify_workflow",
"modify_ops_script",
"refactor_api_sender",
"send_telegram",
"call_bot_api",
"dispatch_workflow",
"trigger_cd",
"deploy_production",
"read_secret_store",
"collect_secret_value",
"collect_secret_hash",
"collect_partial_token",
"store_raw_payload",
"store_unredacted_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"accept_cd_success_as_delivery_receipt",
"accept_route_200_as_notification_delivery",
"open_runtime_gate",
"add_action_button"
],
"owner_response_required": true,
"maintenance_window_required": true,
"rollback_owner_required": true,
"postcheck_required": true,
"delivery_receipt_required": true,
"owner_response_received": false,
"owner_response_accepted": false,
"migration_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"api_sender_refactor_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"migration_candidate_id": "telegram_notification_egress_migration:.gitea/workflows/code-review.yaml",
"source_request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_code_review_yaml",
"source_path": ".gitea/workflows/code-review.yaml",
"surface_kind": "gitea_workflow_direct_bot_api",
"direct_call_count": 2,
"proposed_wave": "wave_1_workflow_notification_wrapper",
"proposed_target": "scripts/ci/notify-awoooi-cicd.sh or AWOOI Alertmanager webhook",
"proposed_change_summary": "Replace direct workflow Bot API send with normalized CI/CD notification wrapper after owner approval.",
"plan_fields": [
"migration_candidate_id",
"source_request_draft_id",
"source_path",
"surface_kind",
"direct_call_count",
"proposed_wave",
"proposed_target",
"proposed_change_summary",
"required_owner_response_ref",
"required_maintenance_window",
"required_rollback_owner",
"required_postcheck_ref",
"required_delivery_receipt_ref",
"required_no_secret_value_attestation",
"required_no_raw_payload_attestation",
"required_no_false_green_attestation",
"not_authorization"
],
"reviewer_checks": [
"source_owner_request_draft_current",
"owner_response_required_before_change",
"maintenance_window_required_before_change",
"rollback_owner_required_before_change",
"delivery_receipt_plan_required",
"postcheck_plan_required",
"redaction_contract_required",
"break_glass_fallback_explicit",
"no_secret_value_required",
"no_raw_payload_required",
"no_false_green_required",
"workflow_changes_separate_from_docs",
"script_changes_separate_from_docs",
"api_sender_refactor_separate_from_docs",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"draft_waiting_owner_response",
"ready_for_workflow_migration_review",
"ready_for_ops_script_migration_review",
"ready_for_api_sender_migration_review",
"request_missing_owner_response",
"request_missing_maintenance_or_rollback",
"reject_secret_or_raw_payload",
"reject_false_green_claim",
"waiting_runtime_gate"
],
"blocked_actions": [
"modify_workflow",
"modify_ops_script",
"refactor_api_sender",
"send_telegram",
"call_bot_api",
"dispatch_workflow",
"trigger_cd",
"deploy_production",
"read_secret_store",
"collect_secret_value",
"collect_secret_hash",
"collect_partial_token",
"store_raw_payload",
"store_unredacted_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"accept_cd_success_as_delivery_receipt",
"accept_route_200_as_notification_delivery",
"open_runtime_gate",
"add_action_button"
],
"owner_response_required": true,
"maintenance_window_required": true,
"rollback_owner_required": true,
"postcheck_required": true,
"delivery_receipt_required": true,
"owner_response_received": false,
"owner_response_accepted": false,
"migration_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"api_sender_refactor_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"migration_candidate_id": "telegram_notification_egress_migration:.gitea/workflows/deploy-alerts.yaml",
"source_request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_deploy_alerts_yaml",
"source_path": ".gitea/workflows/deploy-alerts.yaml",
"surface_kind": "gitea_workflow_direct_bot_api",
"direct_call_count": 1,
"proposed_wave": "wave_1_workflow_notification_wrapper",
"proposed_target": "scripts/ci/notify-awoooi-cicd.sh or AWOOI Alertmanager webhook",
"proposed_change_summary": "Replace direct workflow Bot API send with normalized CI/CD notification wrapper after owner approval.",
"plan_fields": [
"migration_candidate_id",
"source_request_draft_id",
"source_path",
"surface_kind",
"direct_call_count",
"proposed_wave",
"proposed_target",
"proposed_change_summary",
"required_owner_response_ref",
"required_maintenance_window",
"required_rollback_owner",
"required_postcheck_ref",
"required_delivery_receipt_ref",
"required_no_secret_value_attestation",
"required_no_raw_payload_attestation",
"required_no_false_green_attestation",
"not_authorization"
],
"reviewer_checks": [
"source_owner_request_draft_current",
"owner_response_required_before_change",
"maintenance_window_required_before_change",
"rollback_owner_required_before_change",
"delivery_receipt_plan_required",
"postcheck_plan_required",
"redaction_contract_required",
"break_glass_fallback_explicit",
"no_secret_value_required",
"no_raw_payload_required",
"no_false_green_required",
"workflow_changes_separate_from_docs",
"script_changes_separate_from_docs",
"api_sender_refactor_separate_from_docs",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"draft_waiting_owner_response",
"ready_for_workflow_migration_review",
"ready_for_ops_script_migration_review",
"ready_for_api_sender_migration_review",
"request_missing_owner_response",
"request_missing_maintenance_or_rollback",
"reject_secret_or_raw_payload",
"reject_false_green_claim",
"waiting_runtime_gate"
],
"blocked_actions": [
"modify_workflow",
"modify_ops_script",
"refactor_api_sender",
"send_telegram",
"call_bot_api",
"dispatch_workflow",
"trigger_cd",
"deploy_production",
"read_secret_store",
"collect_secret_value",
"collect_secret_hash",
"collect_partial_token",
"store_raw_payload",
"store_unredacted_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"accept_cd_success_as_delivery_receipt",
"accept_route_200_as_notification_delivery",
"open_runtime_gate",
"add_action_button"
],
"owner_response_required": true,
"maintenance_window_required": true,
"rollback_owner_required": true,
"postcheck_required": true,
"delivery_receipt_required": true,
"owner_response_received": false,
"owner_response_accepted": false,
"migration_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"api_sender_refactor_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"migration_candidate_id": "telegram_notification_egress_migration:.gitea/workflows/e2e-health.yaml",
"source_request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_e2e_health_yaml",
"source_path": ".gitea/workflows/e2e-health.yaml",
"surface_kind": "gitea_workflow_direct_bot_api",
"direct_call_count": 1,
"proposed_wave": "wave_1_workflow_notification_wrapper",
"proposed_target": "scripts/ci/notify-awoooi-cicd.sh or AWOOI Alertmanager webhook",
"proposed_change_summary": "Replace direct workflow Bot API send with normalized CI/CD notification wrapper after owner approval.",
"plan_fields": [
"migration_candidate_id",
"source_request_draft_id",
"source_path",
"surface_kind",
"direct_call_count",
"proposed_wave",
"proposed_target",
"proposed_change_summary",
"required_owner_response_ref",
"required_maintenance_window",
"required_rollback_owner",
"required_postcheck_ref",
"required_delivery_receipt_ref",
"required_no_secret_value_attestation",
"required_no_raw_payload_attestation",
"required_no_false_green_attestation",
"not_authorization"
],
"reviewer_checks": [
"source_owner_request_draft_current",
"owner_response_required_before_change",
"maintenance_window_required_before_change",
"rollback_owner_required_before_change",
"delivery_receipt_plan_required",
"postcheck_plan_required",
"redaction_contract_required",
"break_glass_fallback_explicit",
"no_secret_value_required",
"no_raw_payload_required",
"no_false_green_required",
"workflow_changes_separate_from_docs",
"script_changes_separate_from_docs",
"api_sender_refactor_separate_from_docs",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"draft_waiting_owner_response",
"ready_for_workflow_migration_review",
"ready_for_ops_script_migration_review",
"ready_for_api_sender_migration_review",
"request_missing_owner_response",
"request_missing_maintenance_or_rollback",
"reject_secret_or_raw_payload",
"reject_false_green_claim",
"waiting_runtime_gate"
],
"blocked_actions": [
"modify_workflow",
"modify_ops_script",
"refactor_api_sender",
"send_telegram",
"call_bot_api",
"dispatch_workflow",
"trigger_cd",
"deploy_production",
"read_secret_store",
"collect_secret_value",
"collect_secret_hash",
"collect_partial_token",
"store_raw_payload",
"store_unredacted_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"accept_cd_success_as_delivery_receipt",
"accept_route_200_as_notification_delivery",
"open_runtime_gate",
"add_action_button"
],
"owner_response_required": true,
"maintenance_window_required": true,
"rollback_owner_required": true,
"postcheck_required": true,
"delivery_receipt_required": true,
"owner_response_received": false,
"owner_response_accepted": false,
"migration_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"api_sender_refactor_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"migration_candidate_id": "telegram_notification_egress_migration:.gitea/workflows/run-migration.yml",
"source_request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_run_migration_yml",
"source_path": ".gitea/workflows/run-migration.yml",
"surface_kind": "gitea_workflow_direct_bot_api",
"direct_call_count": 1,
"proposed_wave": "wave_1_workflow_notification_wrapper",
"proposed_target": "scripts/ci/notify-awoooi-cicd.sh or AWOOI Alertmanager webhook",
"proposed_change_summary": "Replace direct workflow Bot API send with normalized CI/CD notification wrapper after owner approval.",
"plan_fields": [
"migration_candidate_id",
"source_request_draft_id",
"source_path",
"surface_kind",
"direct_call_count",
"proposed_wave",
"proposed_target",
"proposed_change_summary",
"required_owner_response_ref",
"required_maintenance_window",
"required_rollback_owner",
"required_postcheck_ref",
"required_delivery_receipt_ref",
"required_no_secret_value_attestation",
"required_no_raw_payload_attestation",
"required_no_false_green_attestation",
"not_authorization"
],
"reviewer_checks": [
"source_owner_request_draft_current",
"owner_response_required_before_change",
"maintenance_window_required_before_change",
"rollback_owner_required_before_change",
"delivery_receipt_plan_required",
"postcheck_plan_required",
"redaction_contract_required",
"break_glass_fallback_explicit",
"no_secret_value_required",
"no_raw_payload_required",
"no_false_green_required",
"workflow_changes_separate_from_docs",
"script_changes_separate_from_docs",
"api_sender_refactor_separate_from_docs",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"draft_waiting_owner_response",
"ready_for_workflow_migration_review",
"ready_for_ops_script_migration_review",
"ready_for_api_sender_migration_review",
"request_missing_owner_response",
"request_missing_maintenance_or_rollback",
"reject_secret_or_raw_payload",
"reject_false_green_claim",
"waiting_runtime_gate"
],
"blocked_actions": [
"modify_workflow",
"modify_ops_script",
"refactor_api_sender",
"send_telegram",
"call_bot_api",
"dispatch_workflow",
"trigger_cd",
"deploy_production",
"read_secret_store",
"collect_secret_value",
"collect_secret_hash",
"collect_partial_token",
"store_raw_payload",
"store_unredacted_log",
"change_chat_route",
"change_bot_token",
"rotate_secret",
"accept_cd_success_as_delivery_receipt",
"accept_route_200_as_notification_delivery",
"open_runtime_gate",
"add_action_button"
],
"owner_response_required": true,
"maintenance_window_required": true,
"rollback_owner_required": true,
"postcheck_required": true,
"delivery_receipt_required": true,
"owner_response_received": false,
"owner_response_accepted": false,
"migration_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"api_sender_refactor_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"migration_candidate_id": "telegram_notification_egress_migration:apps/api/src/services/channel_hub.py",
"source_request_draft_id": "telegram_notification_egress_owner_request:apps_api_src_services_channel_hub_py",

View File

@@ -1,96 +1,5 @@
{
"current_direct_bot_api_calls": [
{
"line": 54,
"method": "sendMessage",
"path": ".gitea/workflows/cd-dev.yaml",
"sanitized_excerpt": "printf '%b' \"$MSG\" | curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"signature": ".gitea/workflows/cd-dev.yaml::sendmessage::printf '%b' \"$MSG\" | curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
},
{
"line": 241,
"method": "sendMessage",
"path": ".gitea/workflows/cd-dev.yaml",
"sanitized_excerpt": "printf '%b' \"$MSG\" | curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"signature": ".gitea/workflows/cd-dev.yaml::sendmessage::printf '%b' \"$MSG\" | curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
},
{
"line": 262,
"method": "sendMessage",
"path": ".gitea/workflows/cd-dev.yaml",
"sanitized_excerpt": "printf '%b' \"$MSG\" | curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"signature": ".gitea/workflows/cd-dev.yaml::sendmessage::printf '%b' \"$MSG\" | curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
},
{
"line": 113,
"method": "sendMessage",
"path": ".gitea/workflows/cd.yaml",
"sanitized_excerpt": "curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"signature": ".gitea/workflows/cd.yaml::sendmessage::curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
},
{
"line": 305,
"method": "sendMessage",
"path": ".gitea/workflows/cd.yaml",
"sanitized_excerpt": "curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"signature": ".gitea/workflows/cd.yaml::sendmessage::curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
},
{
"line": 1203,
"method": "sendMessage",
"path": ".gitea/workflows/cd.yaml",
"sanitized_excerpt": "curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"signature": ".gitea/workflows/cd.yaml::sendmessage::curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
},
{
"line": 1552,
"method": "sendMessage",
"path": ".gitea/workflows/cd.yaml",
"sanitized_excerpt": "printf '%b' \"$TG_MSG\" | curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"signature": ".gitea/workflows/cd.yaml::sendmessage::printf '%b' \"$TG_MSG\" | curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
},
{
"line": 1575,
"method": "sendMessage",
"path": ".gitea/workflows/cd.yaml",
"sanitized_excerpt": "curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"signature": ".gitea/workflows/cd.yaml::sendmessage::curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
},
{
"line": 137,
"method": "sendMessage",
"path": ".gitea/workflows/code-review.yaml",
"sanitized_excerpt": "curl -fsS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"signature": ".gitea/workflows/code-review.yaml::sendmessage::curl -fsS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
},
{
"line": 216,
"method": "sendMessage",
"path": ".gitea/workflows/code-review.yaml",
"sanitized_excerpt": "curl -fsS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"signature": ".gitea/workflows/code-review.yaml::sendmessage::curl -fsS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
},
{
"line": 69,
"method": "sendMessage",
"path": ".gitea/workflows/deploy-alerts.yaml",
"sanitized_excerpt": "curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"signature": ".gitea/workflows/deploy-alerts.yaml::sendmessage::curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
},
{
"line": 98,
"method": "sendMessage",
"path": ".gitea/workflows/e2e-health.yaml",
"sanitized_excerpt": "curl -s -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"signature": ".gitea/workflows/e2e-health.yaml::sendmessage::curl -s -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
},
{
"line": 210,
"method": "sendMessage",
"path": ".gitea/workflows/run-migration.yml",
"sanitized_excerpt": "curl -s -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
"signature": ".gitea/workflows/run-migration.yml::sendmessage::curl -s -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
},
{
"line": 1138,
"method": "sendMessage",
@@ -106,7 +15,7 @@
"signature": "scripts/ops/backup-from-110.sh::sendmessage::curl -s -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
},
{
"line": 90,
"line": 120,
"method": "sendMessage",
"path": "scripts/ops/docker-health-monitor.sh",
"sanitized_excerpt": "curl -s -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
@@ -144,8 +53,8 @@
"telegram_send_authorized": false,
"workflow_modification_authorized": false
},
"generated_at": "2026-06-19T09:40:00+08:00",
"git_commit": "4d0150e1",
"generated_at": "2026-07-02T14:24:46+08:00",
"git_commit": "f9469bcc2",
"guarded_bot_methods": [
"sendMessage",
"sendDocument",
@@ -177,9 +86,9 @@
"status": "pass_no_new_bypass",
"summary": {
"action_button_count": 0,
"baseline_signature_count": 18,
"current_direct_bot_api_call_count": 18,
"current_direct_bot_api_file_count": 11,
"baseline_signature_count": 5,
"current_direct_bot_api_call_count": 5,
"current_direct_bot_api_file_count": 5,
"editMessageText_call_count": 0,
"guarded_method_count": 9,
"new_bypass_count": 0,
@@ -189,9 +98,9 @@
"runtime_gate_count": 0,
"sendDocument_call_count": 0,
"sendMediaGroup_call_count": 0,
"sendMessage_call_count": 18,
"sendMessage_call_count": 5,
"sendPhoto_call_count": 0,
"source_direct_bot_api_call_count": 18,
"source_direct_bot_api_file_count": 11
"source_direct_bot_api_call_count": 5,
"source_direct_bot_api_file_count": 5
}
}

View File

@@ -1,17 +1,17 @@
{
"schema_version": "telegram_notification_egress_owner_request_draft_v1",
"generated_at": "2026-06-18T22:45:00+08:00",
"git_commit": "8cbedfe4",
"generated_at": "2026-07-02T14:24:46+08:00",
"git_commit": "f9469bcc2",
"status": "owner_request_draft_ready_no_dispatch_no_runtime_action",
"mode": "metadata_only_no_secret_value_no_telegram_send_no_workflow_change",
"source_snapshot": "docs/security/telegram-notification-egress-inventory.snapshot.json",
"source_schema_version": "telegram_notification_egress_inventory_v1",
"source_status": "inventory_ready_no_runtime_action",
"summary": {
"source_direct_bot_api_call_count": 18,
"source_direct_bot_api_file_count": 11,
"request_draft_count": 11,
"workflow_request_draft_count": 6,
"source_direct_bot_api_call_count": 5,
"source_direct_bot_api_file_count": 5,
"request_draft_count": 5,
"workflow_request_draft_count": 0,
"ops_script_request_draft_count": 4,
"ci_script_request_draft_count": 0,
"api_direct_request_draft_count": 1,
@@ -59,962 +59,6 @@
"not_authorization": true
},
"request_drafts": [
{
"request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_cd_dev_yaml",
"source_inventory_schema_version": "telegram_notification_egress_inventory_v1",
"source_path": ".gitea/workflows/cd-dev.yaml",
"surface_kind": "gitea_workflow_direct_bot_api",
"direct_call_count": 3,
"line_refs": [
54,
241,
262
],
"line_hash_refs": [
"f503c2c0f61100a9",
"c41f88fbca91a4b9",
"eaa9a6cb8326dc79"
],
"request_fields": [
"request_draft_id",
"source_inventory_schema_version",
"source_path",
"surface_kind",
"direct_call_count",
"line_refs",
"line_hash_refs",
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_decision",
"gateway_or_alertmanager_target",
"break_glass_fallback_decision",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation",
"not_authorization"
],
"required_owner_fields": [
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_decision",
"gateway_or_alertmanager_target",
"break_glass_fallback_decision",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation"
],
"preflight_checks": [
"source_inventory_current",
"owner_role_present",
"route_purpose_present",
"message_shape_contract_present",
"redaction_contract_present",
"formatter_convergence_decision_present",
"break_glass_fallback_explicit",
"delivery_receipt_metadata_present",
"dedup_or_fingerprint_present",
"maintenance_window_present_for_change",
"rollback_owner_present",
"postcheck_evidence_present",
"no_secret_value_attested",
"no_raw_payload_attested",
"no_false_green_attested",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"draft_waiting_owner_dispatch",
"request_owner_route_supplement",
"request_formatter_convergence_supplement",
"request_break_glass_fallback_supplement",
"request_redaction_or_receipt_supplement",
"quarantine_secret_or_raw_payload",
"reject_false_green_claim",
"ready_for_manual_dispatch",
"waiting_runtime_gate"
],
"forbidden_payloads": [
"bot_token_value",
"chat_secret_value",
"secret_hash",
"partial_token",
"masked_token",
"authorization_header",
"raw_message_payload",
"raw_workflow_log",
"raw_action_log",
"raw_screenshot_with_secret",
"internal_work_window_transcript",
"private_namespace",
"unredacted_internal_path",
"unredacted_private_ip"
],
"blocked_actions": [
"send_owner_request",
"confirm_recipient",
"emit_audit_event",
"telegram_send",
"bot_api_call",
"workflow_modification",
"script_modification",
"api_sender_refactor",
"change_chat_route",
"change_bot_token",
"read_secret_store",
"collect_secret_value",
"collect_secret_hash",
"collect_partial_token",
"collect_chat_id_secret",
"store_raw_message_payload",
"store_unredacted_log",
"workflow_dispatch",
"production_deploy",
"accept_cd_success_as_delivery_receipt",
"accept_route_200_as_notification_delivery",
"accept_ui_visible_as_notification_acceptance",
"skip_formatter_convergence",
"skip_redaction_contract",
"open_runtime_gate",
"add_action_button"
],
"request_sent": false,
"recipient_confirmed": false,
"audit_event_emitted": false,
"owner_response_received": false,
"owner_response_accepted": false,
"formatter_convergence_accepted": false,
"redaction_contract_accepted": false,
"delivery_receipt_accepted": false,
"break_glass_fallback_accepted": false,
"direct_bot_api_migration_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"api_sender_refactor_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_cd_yaml",
"source_inventory_schema_version": "telegram_notification_egress_inventory_v1",
"source_path": ".gitea/workflows/cd.yaml",
"surface_kind": "gitea_workflow_direct_bot_api",
"direct_call_count": 5,
"line_refs": [
113,
305,
1203,
1552,
1575
],
"line_hash_refs": [
"b57e6587a106976b",
"19c1de8d67af874a",
"6ef020c2b6eac91f",
"d029b95242f39c03",
"d62c45a8595984fc"
],
"request_fields": [
"request_draft_id",
"source_inventory_schema_version",
"source_path",
"surface_kind",
"direct_call_count",
"line_refs",
"line_hash_refs",
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_decision",
"gateway_or_alertmanager_target",
"break_glass_fallback_decision",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation",
"not_authorization"
],
"required_owner_fields": [
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_decision",
"gateway_or_alertmanager_target",
"break_glass_fallback_decision",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation"
],
"preflight_checks": [
"source_inventory_current",
"owner_role_present",
"route_purpose_present",
"message_shape_contract_present",
"redaction_contract_present",
"formatter_convergence_decision_present",
"break_glass_fallback_explicit",
"delivery_receipt_metadata_present",
"dedup_or_fingerprint_present",
"maintenance_window_present_for_change",
"rollback_owner_present",
"postcheck_evidence_present",
"no_secret_value_attested",
"no_raw_payload_attested",
"no_false_green_attested",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"draft_waiting_owner_dispatch",
"request_owner_route_supplement",
"request_formatter_convergence_supplement",
"request_break_glass_fallback_supplement",
"request_redaction_or_receipt_supplement",
"quarantine_secret_or_raw_payload",
"reject_false_green_claim",
"ready_for_manual_dispatch",
"waiting_runtime_gate"
],
"forbidden_payloads": [
"bot_token_value",
"chat_secret_value",
"secret_hash",
"partial_token",
"masked_token",
"authorization_header",
"raw_message_payload",
"raw_workflow_log",
"raw_action_log",
"raw_screenshot_with_secret",
"internal_work_window_transcript",
"private_namespace",
"unredacted_internal_path",
"unredacted_private_ip"
],
"blocked_actions": [
"send_owner_request",
"confirm_recipient",
"emit_audit_event",
"telegram_send",
"bot_api_call",
"workflow_modification",
"script_modification",
"api_sender_refactor",
"change_chat_route",
"change_bot_token",
"read_secret_store",
"collect_secret_value",
"collect_secret_hash",
"collect_partial_token",
"collect_chat_id_secret",
"store_raw_message_payload",
"store_unredacted_log",
"workflow_dispatch",
"production_deploy",
"accept_cd_success_as_delivery_receipt",
"accept_route_200_as_notification_delivery",
"accept_ui_visible_as_notification_acceptance",
"skip_formatter_convergence",
"skip_redaction_contract",
"open_runtime_gate",
"add_action_button"
],
"request_sent": false,
"recipient_confirmed": false,
"audit_event_emitted": false,
"owner_response_received": false,
"owner_response_accepted": false,
"formatter_convergence_accepted": false,
"redaction_contract_accepted": false,
"delivery_receipt_accepted": false,
"break_glass_fallback_accepted": false,
"direct_bot_api_migration_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"api_sender_refactor_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_code_review_yaml",
"source_inventory_schema_version": "telegram_notification_egress_inventory_v1",
"source_path": ".gitea/workflows/code-review.yaml",
"surface_kind": "gitea_workflow_direct_bot_api",
"direct_call_count": 2,
"line_refs": [
137,
216
],
"line_hash_refs": [
"a7ebbd735dad5ab2",
"f10f7782dc7c8125"
],
"request_fields": [
"request_draft_id",
"source_inventory_schema_version",
"source_path",
"surface_kind",
"direct_call_count",
"line_refs",
"line_hash_refs",
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_decision",
"gateway_or_alertmanager_target",
"break_glass_fallback_decision",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation",
"not_authorization"
],
"required_owner_fields": [
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_decision",
"gateway_or_alertmanager_target",
"break_glass_fallback_decision",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation"
],
"preflight_checks": [
"source_inventory_current",
"owner_role_present",
"route_purpose_present",
"message_shape_contract_present",
"redaction_contract_present",
"formatter_convergence_decision_present",
"break_glass_fallback_explicit",
"delivery_receipt_metadata_present",
"dedup_or_fingerprint_present",
"maintenance_window_present_for_change",
"rollback_owner_present",
"postcheck_evidence_present",
"no_secret_value_attested",
"no_raw_payload_attested",
"no_false_green_attested",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"draft_waiting_owner_dispatch",
"request_owner_route_supplement",
"request_formatter_convergence_supplement",
"request_break_glass_fallback_supplement",
"request_redaction_or_receipt_supplement",
"quarantine_secret_or_raw_payload",
"reject_false_green_claim",
"ready_for_manual_dispatch",
"waiting_runtime_gate"
],
"forbidden_payloads": [
"bot_token_value",
"chat_secret_value",
"secret_hash",
"partial_token",
"masked_token",
"authorization_header",
"raw_message_payload",
"raw_workflow_log",
"raw_action_log",
"raw_screenshot_with_secret",
"internal_work_window_transcript",
"private_namespace",
"unredacted_internal_path",
"unredacted_private_ip"
],
"blocked_actions": [
"send_owner_request",
"confirm_recipient",
"emit_audit_event",
"telegram_send",
"bot_api_call",
"workflow_modification",
"script_modification",
"api_sender_refactor",
"change_chat_route",
"change_bot_token",
"read_secret_store",
"collect_secret_value",
"collect_secret_hash",
"collect_partial_token",
"collect_chat_id_secret",
"store_raw_message_payload",
"store_unredacted_log",
"workflow_dispatch",
"production_deploy",
"accept_cd_success_as_delivery_receipt",
"accept_route_200_as_notification_delivery",
"accept_ui_visible_as_notification_acceptance",
"skip_formatter_convergence",
"skip_redaction_contract",
"open_runtime_gate",
"add_action_button"
],
"request_sent": false,
"recipient_confirmed": false,
"audit_event_emitted": false,
"owner_response_received": false,
"owner_response_accepted": false,
"formatter_convergence_accepted": false,
"redaction_contract_accepted": false,
"delivery_receipt_accepted": false,
"break_glass_fallback_accepted": false,
"direct_bot_api_migration_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"api_sender_refactor_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_deploy_alerts_yaml",
"source_inventory_schema_version": "telegram_notification_egress_inventory_v1",
"source_path": ".gitea/workflows/deploy-alerts.yaml",
"surface_kind": "gitea_workflow_direct_bot_api",
"direct_call_count": 1,
"line_refs": [
69
],
"line_hash_refs": [
"79e83190f68f27c9"
],
"request_fields": [
"request_draft_id",
"source_inventory_schema_version",
"source_path",
"surface_kind",
"direct_call_count",
"line_refs",
"line_hash_refs",
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_decision",
"gateway_or_alertmanager_target",
"break_glass_fallback_decision",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation",
"not_authorization"
],
"required_owner_fields": [
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_decision",
"gateway_or_alertmanager_target",
"break_glass_fallback_decision",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation"
],
"preflight_checks": [
"source_inventory_current",
"owner_role_present",
"route_purpose_present",
"message_shape_contract_present",
"redaction_contract_present",
"formatter_convergence_decision_present",
"break_glass_fallback_explicit",
"delivery_receipt_metadata_present",
"dedup_or_fingerprint_present",
"maintenance_window_present_for_change",
"rollback_owner_present",
"postcheck_evidence_present",
"no_secret_value_attested",
"no_raw_payload_attested",
"no_false_green_attested",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"draft_waiting_owner_dispatch",
"request_owner_route_supplement",
"request_formatter_convergence_supplement",
"request_break_glass_fallback_supplement",
"request_redaction_or_receipt_supplement",
"quarantine_secret_or_raw_payload",
"reject_false_green_claim",
"ready_for_manual_dispatch",
"waiting_runtime_gate"
],
"forbidden_payloads": [
"bot_token_value",
"chat_secret_value",
"secret_hash",
"partial_token",
"masked_token",
"authorization_header",
"raw_message_payload",
"raw_workflow_log",
"raw_action_log",
"raw_screenshot_with_secret",
"internal_work_window_transcript",
"private_namespace",
"unredacted_internal_path",
"unredacted_private_ip"
],
"blocked_actions": [
"send_owner_request",
"confirm_recipient",
"emit_audit_event",
"telegram_send",
"bot_api_call",
"workflow_modification",
"script_modification",
"api_sender_refactor",
"change_chat_route",
"change_bot_token",
"read_secret_store",
"collect_secret_value",
"collect_secret_hash",
"collect_partial_token",
"collect_chat_id_secret",
"store_raw_message_payload",
"store_unredacted_log",
"workflow_dispatch",
"production_deploy",
"accept_cd_success_as_delivery_receipt",
"accept_route_200_as_notification_delivery",
"accept_ui_visible_as_notification_acceptance",
"skip_formatter_convergence",
"skip_redaction_contract",
"open_runtime_gate",
"add_action_button"
],
"request_sent": false,
"recipient_confirmed": false,
"audit_event_emitted": false,
"owner_response_received": false,
"owner_response_accepted": false,
"formatter_convergence_accepted": false,
"redaction_contract_accepted": false,
"delivery_receipt_accepted": false,
"break_glass_fallback_accepted": false,
"direct_bot_api_migration_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"api_sender_refactor_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_e2e_health_yaml",
"source_inventory_schema_version": "telegram_notification_egress_inventory_v1",
"source_path": ".gitea/workflows/e2e-health.yaml",
"surface_kind": "gitea_workflow_direct_bot_api",
"direct_call_count": 1,
"line_refs": [
98
],
"line_hash_refs": [
"d73ce94678f970a9"
],
"request_fields": [
"request_draft_id",
"source_inventory_schema_version",
"source_path",
"surface_kind",
"direct_call_count",
"line_refs",
"line_hash_refs",
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_decision",
"gateway_or_alertmanager_target",
"break_glass_fallback_decision",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation",
"not_authorization"
],
"required_owner_fields": [
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_decision",
"gateway_or_alertmanager_target",
"break_glass_fallback_decision",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation"
],
"preflight_checks": [
"source_inventory_current",
"owner_role_present",
"route_purpose_present",
"message_shape_contract_present",
"redaction_contract_present",
"formatter_convergence_decision_present",
"break_glass_fallback_explicit",
"delivery_receipt_metadata_present",
"dedup_or_fingerprint_present",
"maintenance_window_present_for_change",
"rollback_owner_present",
"postcheck_evidence_present",
"no_secret_value_attested",
"no_raw_payload_attested",
"no_false_green_attested",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"draft_waiting_owner_dispatch",
"request_owner_route_supplement",
"request_formatter_convergence_supplement",
"request_break_glass_fallback_supplement",
"request_redaction_or_receipt_supplement",
"quarantine_secret_or_raw_payload",
"reject_false_green_claim",
"ready_for_manual_dispatch",
"waiting_runtime_gate"
],
"forbidden_payloads": [
"bot_token_value",
"chat_secret_value",
"secret_hash",
"partial_token",
"masked_token",
"authorization_header",
"raw_message_payload",
"raw_workflow_log",
"raw_action_log",
"raw_screenshot_with_secret",
"internal_work_window_transcript",
"private_namespace",
"unredacted_internal_path",
"unredacted_private_ip"
],
"blocked_actions": [
"send_owner_request",
"confirm_recipient",
"emit_audit_event",
"telegram_send",
"bot_api_call",
"workflow_modification",
"script_modification",
"api_sender_refactor",
"change_chat_route",
"change_bot_token",
"read_secret_store",
"collect_secret_value",
"collect_secret_hash",
"collect_partial_token",
"collect_chat_id_secret",
"store_raw_message_payload",
"store_unredacted_log",
"workflow_dispatch",
"production_deploy",
"accept_cd_success_as_delivery_receipt",
"accept_route_200_as_notification_delivery",
"accept_ui_visible_as_notification_acceptance",
"skip_formatter_convergence",
"skip_redaction_contract",
"open_runtime_gate",
"add_action_button"
],
"request_sent": false,
"recipient_confirmed": false,
"audit_event_emitted": false,
"owner_response_received": false,
"owner_response_accepted": false,
"formatter_convergence_accepted": false,
"redaction_contract_accepted": false,
"delivery_receipt_accepted": false,
"break_glass_fallback_accepted": false,
"direct_bot_api_migration_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"api_sender_refactor_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_run_migration_yml",
"source_inventory_schema_version": "telegram_notification_egress_inventory_v1",
"source_path": ".gitea/workflows/run-migration.yml",
"surface_kind": "gitea_workflow_direct_bot_api",
"direct_call_count": 1,
"line_refs": [
210
],
"line_hash_refs": [
"934a8dd69fca99b3"
],
"request_fields": [
"request_draft_id",
"source_inventory_schema_version",
"source_path",
"surface_kind",
"direct_call_count",
"line_refs",
"line_hash_refs",
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_decision",
"gateway_or_alertmanager_target",
"break_glass_fallback_decision",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation",
"not_authorization"
],
"required_owner_fields": [
"owner_role_or_team",
"routing_purpose",
"current_sender",
"target_chat_route",
"message_shape_contract",
"redaction_contract",
"formatter_convergence_decision",
"gateway_or_alertmanager_target",
"break_glass_fallback_decision",
"delivery_receipt_ref",
"dedup_or_fingerprint_plan",
"fallback_or_degraded_mode",
"migration_or_exception_reason",
"maintenance_window",
"rollback_owner",
"postcheck_evidence_ref",
"no_secret_value_attestation",
"no_raw_payload_attestation",
"no_false_green_attestation"
],
"preflight_checks": [
"source_inventory_current",
"owner_role_present",
"route_purpose_present",
"message_shape_contract_present",
"redaction_contract_present",
"formatter_convergence_decision_present",
"break_glass_fallback_explicit",
"delivery_receipt_metadata_present",
"dedup_or_fingerprint_present",
"maintenance_window_present_for_change",
"rollback_owner_present",
"postcheck_evidence_present",
"no_secret_value_attested",
"no_raw_payload_attested",
"no_false_green_attested",
"runtime_gate_stays_zero"
],
"outcome_lanes": [
"draft_waiting_owner_dispatch",
"request_owner_route_supplement",
"request_formatter_convergence_supplement",
"request_break_glass_fallback_supplement",
"request_redaction_or_receipt_supplement",
"quarantine_secret_or_raw_payload",
"reject_false_green_claim",
"ready_for_manual_dispatch",
"waiting_runtime_gate"
],
"forbidden_payloads": [
"bot_token_value",
"chat_secret_value",
"secret_hash",
"partial_token",
"masked_token",
"authorization_header",
"raw_message_payload",
"raw_workflow_log",
"raw_action_log",
"raw_screenshot_with_secret",
"internal_work_window_transcript",
"private_namespace",
"unredacted_internal_path",
"unredacted_private_ip"
],
"blocked_actions": [
"send_owner_request",
"confirm_recipient",
"emit_audit_event",
"telegram_send",
"bot_api_call",
"workflow_modification",
"script_modification",
"api_sender_refactor",
"change_chat_route",
"change_bot_token",
"read_secret_store",
"collect_secret_value",
"collect_secret_hash",
"collect_partial_token",
"collect_chat_id_secret",
"store_raw_message_payload",
"store_unredacted_log",
"workflow_dispatch",
"production_deploy",
"accept_cd_success_as_delivery_receipt",
"accept_route_200_as_notification_delivery",
"accept_ui_visible_as_notification_acceptance",
"skip_formatter_convergence",
"skip_redaction_contract",
"open_runtime_gate",
"add_action_button"
],
"request_sent": false,
"recipient_confirmed": false,
"audit_event_emitted": false,
"owner_response_received": false,
"owner_response_accepted": false,
"formatter_convergence_accepted": false,
"redaction_contract_accepted": false,
"delivery_receipt_accepted": false,
"break_glass_fallback_accepted": false,
"direct_bot_api_migration_authorized": false,
"telegram_send_authorized": false,
"bot_api_call_authorized": false,
"workflow_modification_authorized": false,
"script_modification_authorized": false,
"api_sender_refactor_authorized": false,
"secret_value_collection_allowed": false,
"raw_payload_storage_allowed": false,
"production_write_authorized": false,
"runtime_gate": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"request_draft_id": "telegram_notification_egress_owner_request:apps_api_src_services_channel_hub_py",
"source_inventory_schema_version": "telegram_notification_egress_inventory_v1",
@@ -1336,10 +380,10 @@
"surface_kind": "ops_script_direct_bot_api",
"direct_call_count": 1,
"line_refs": [
90
120
],
"line_hash_refs": [
"6611406903bc7d65"
"283499ad28d35d6a"
],
"request_fields": [
"request_draft_id",

View File

@@ -21645,13 +21645,13 @@ def validate(root: Path) -> None:
"repo_only_scan_no_secret_value_no_telegram_send",
)
expected_telegram_notification_egress_summary = {
"direct_bot_api_file_count": 11,
"direct_bot_api_call_count": 18,
"workflow_direct_bot_api_call_count": 13,
"direct_bot_api_file_count": 5,
"direct_bot_api_call_count": 5,
"workflow_direct_bot_api_call_count": 0,
"ops_script_direct_bot_api_call_count": 4,
"ci_script_direct_bot_api_call_count": 0,
"api_direct_bot_api_call_count": 1,
"gateway_normalized_callsite_count": 56,
"gateway_normalized_callsite_count": 57,
"gateway_final_exit_formatter_present_count": 1,
"required_owner_field_count": 18,
"reviewer_check_count": 14,
@@ -21680,12 +21680,6 @@ def validate(root: Path) -> None:
expected,
)
expected_telegram_direct_path_counts = {
".gitea/workflows/cd-dev.yaml": 3,
".gitea/workflows/cd.yaml": 5,
".gitea/workflows/code-review.yaml": 2,
".gitea/workflows/deploy-alerts.yaml": 1,
".gitea/workflows/e2e-health.yaml": 1,
".gitea/workflows/run-migration.yml": 1,
"apps/api/src/services/channel_hub.py": 1,
"scripts/ops/backup-from-110.sh": 1,
"scripts/ops/docker-health-monitor.sh": 1,
@@ -21767,10 +21761,10 @@ def validate(root: Path) -> None:
"metadata_only_no_secret_value_no_telegram_send_no_workflow_change",
)
expected_telegram_egress_owner_request_summary = {
"source_direct_bot_api_call_count": 18,
"source_direct_bot_api_file_count": 11,
"request_draft_count": 11,
"workflow_request_draft_count": 6,
"source_direct_bot_api_call_count": 5,
"source_direct_bot_api_file_count": 5,
"request_draft_count": 5,
"workflow_request_draft_count": 0,
"ops_script_request_draft_count": 4,
"ci_script_request_draft_count": 0,
"api_direct_request_draft_count": 1,
@@ -21808,12 +21802,6 @@ def validate(root: Path) -> None:
expected,
)
expected_telegram_egress_request_paths = [
".gitea/workflows/cd-dev.yaml",
".gitea/workflows/cd.yaml",
".gitea/workflows/code-review.yaml",
".gitea/workflows/deploy-alerts.yaml",
".gitea/workflows/e2e-health.yaml",
".gitea/workflows/run-migration.yml",
"apps/api/src/services/channel_hub.py",
"scripts/ops/backup-from-110.sh",
"scripts/ops/docker-health-monitor.sh",
@@ -21907,22 +21895,22 @@ def validate(root: Path) -> None:
"metadata_only_no_workflow_script_api_change_no_telegram_send",
)
expected_telegram_egress_migration_plan_summary = {
"source_request_draft_count": 11,
"source_direct_bot_api_call_count": 18,
"migration_candidate_count": 11,
"workflow_migration_candidate_count": 6,
"source_request_draft_count": 5,
"source_direct_bot_api_call_count": 5,
"migration_candidate_count": 5,
"workflow_migration_candidate_count": 0,
"ops_script_migration_candidate_count": 4,
"api_direct_migration_candidate_count": 1,
"proposed_wave_count": 3,
"proposed_wave_count": 2,
"plan_field_count": 17,
"reviewer_check_count": 15,
"outcome_lane_count": 9,
"blocked_action_count": 21,
"owner_response_required_count": 11,
"maintenance_window_required_count": 11,
"rollback_owner_required_count": 11,
"postcheck_required_count": 11,
"delivery_receipt_required_count": 11,
"owner_response_required_count": 5,
"maintenance_window_required_count": 5,
"rollback_owner_required_count": 5,
"postcheck_required_count": 5,
"delivery_receipt_required_count": 5,
"owner_response_received_count": 0,
"owner_response_accepted_count": 0,
"migration_authorized_count": 0,
@@ -21947,7 +21935,6 @@ def validate(root: Path) -> None:
"telegram_notification_egress_migration_plan_draft.proposed_waves",
telegram_notification_egress_migration_plan_draft["proposed_waves"],
[
"wave_1_workflow_notification_wrapper",
"wave_2_ops_notification_wrapper",
"wave_3_api_sender_gateway",
],
@@ -22025,13 +22012,13 @@ def validate(root: Path) -> None:
"repo_source_scan_no_secret_value_no_telegram_send",
)
expected_telegram_egress_no_new_bypass_summary = {
"source_direct_bot_api_call_count": 18,
"source_direct_bot_api_file_count": 11,
"baseline_signature_count": 18,
"current_direct_bot_api_call_count": 18,
"current_direct_bot_api_file_count": 11,
"source_direct_bot_api_call_count": 5,
"source_direct_bot_api_file_count": 5,
"baseline_signature_count": 5,
"current_direct_bot_api_call_count": 5,
"current_direct_bot_api_file_count": 5,
"guarded_method_count": 9,
"sendMessage_call_count": 18,
"sendMessage_call_count": 5,
"sendDocument_call_count": 0,
"sendPhoto_call_count": 0,
"sendMediaGroup_call_count": 0,
@@ -22053,19 +22040,6 @@ def validate(root: Path) -> None:
"telegram_notification_egress_no_new_bypass_guard.current_paths",
[item["path"] for item in telegram_notification_egress_no_new_bypass_guard["current_direct_bot_api_calls"]],
[
".gitea/workflows/cd-dev.yaml",
".gitea/workflows/cd-dev.yaml",
".gitea/workflows/cd-dev.yaml",
".gitea/workflows/cd.yaml",
".gitea/workflows/cd.yaml",
".gitea/workflows/cd.yaml",
".gitea/workflows/cd.yaml",
".gitea/workflows/cd.yaml",
".gitea/workflows/code-review.yaml",
".gitea/workflows/code-review.yaml",
".gitea/workflows/deploy-alerts.yaml",
".gitea/workflows/e2e-health.yaml",
".gitea/workflows/run-migration.yml",
"apps/api/src/services/channel_hub.py",
"scripts/ops/backup-from-110.sh",
"scripts/ops/docker-health-monitor.sh",
@@ -22104,11 +22078,11 @@ def validate(root: Path) -> None:
"metadata_only_no_secret_value_no_telegram_send_no_workflow_script_api_change",
)
expected_telegram_egress_owner_response_acceptance_summary = {
"source_request_draft_count": 11,
"source_migration_candidate_count": 11,
"source_direct_bot_api_call_count": 18,
"acceptance_candidate_count": 11,
"workflow_acceptance_candidate_count": 6,
"source_request_draft_count": 5,
"source_migration_candidate_count": 5,
"source_direct_bot_api_call_count": 5,
"acceptance_candidate_count": 5,
"workflow_acceptance_candidate_count": 0,
"ops_script_acceptance_candidate_count": 4,
"api_direct_acceptance_candidate_count": 1,
"acceptance_field_count": 33,