Some checks failed
Code Review / ai-code-review (push) Successful in 13s
CD Pipeline / tests (push) Successful in 1m39s
Ansible / Reboot Recovery Contract / validate (push) Has been cancelled
CD Pipeline / post-deploy-checks (push) Has been cancelled
CD Pipeline / build-and-deploy (push) Has been cancelled
496 lines
22 KiB
JSON
496 lines
22 KiB
JSON
{
|
||
"schema_version": "dependency_supply_chain_drift_monitor_v1",
|
||
"generated_at": "2026-06-18T23:05:00+08:00",
|
||
"program_status": {
|
||
"overall_completion_percent": 100,
|
||
"current_priority": "P2",
|
||
"current_task_id": "P2-004",
|
||
"next_task_id": "P2-406B",
|
||
"read_only_mode": true,
|
||
"runtime_authority": "repo_only_dependency_supply_chain_drift_monitor_no_external_lookup_or_write",
|
||
"status_note": "P2-004 將既有 Python / JavaScript / Docker / policy / version freshness 快照收斂為依賴與供應鏈漂移監控讀回;本輪只產生 committed snapshot 與 API,不啟用外部查詢、排程、升級、Telegram 實發或 production write。"
|
||
},
|
||
"source_refs": [
|
||
"docs/evaluations/package_supply_chain_inventory_2026-06-04.json",
|
||
"docs/evaluations/javascript_package_inventory_2026-06-04.json",
|
||
"docs/evaluations/docker_build_surface_inventory_2026-06-04.json",
|
||
"docs/evaluations/dependency_risk_policy_2026-06-04.json",
|
||
"docs/evaluations/dependency_drift_check_plan_2026-06-04.json",
|
||
"docs/evaluations/dependency_upgrade_approval_package_template_2026-06-04.json",
|
||
"docs/evaluations/ai_agent_version_freshness_snapshot_2026-06-11.json"
|
||
],
|
||
"rollups": {
|
||
"source_snapshot_count": 6,
|
||
"stale_source_snapshot_count": 5,
|
||
"monitor_check_count": 7,
|
||
"drift_candidate_count": 9,
|
||
"action_required_candidate_count": 9,
|
||
"owner_action_count": 9,
|
||
"blocked_operation_count": 20,
|
||
"by_domain": {
|
||
"python": 2,
|
||
"javascript": 2,
|
||
"docker": 3,
|
||
"external_source": 1,
|
||
"agent_market": 1
|
||
},
|
||
"action_required_drift_candidate_ids": [
|
||
"api_python_manifest_drift",
|
||
"python_lockfile_absence",
|
||
"apps_web_caret_range_exposure",
|
||
"shared_types_publish_boundary",
|
||
"docker_base_images_not_digest_pinned",
|
||
"api_kubectl_binary_without_checksum_policy",
|
||
"docker_build_time_network_fetches_present",
|
||
"external_cve_license_registry_lookup_not_approved",
|
||
"agent_market_source_lookup_not_approved"
|
||
]
|
||
},
|
||
"source_snapshot_readbacks": [
|
||
{
|
||
"snapshot_id": "package_supply_chain_inventory",
|
||
"source_ref": "docs/evaluations/package_supply_chain_inventory_2026-06-04.json",
|
||
"source_schema_version": "package_supply_chain_inventory_v1",
|
||
"generated_at": "2026-06-04T21:06:22+08:00",
|
||
"freshness_status": "stale_action_required",
|
||
"evidence_status": "action_required_surfaces_present",
|
||
"next_action": "以 repo-only 方式刷新 Python / JS / Docker source rollup;未批准前不得查 registry 或升級。"
|
||
},
|
||
{
|
||
"snapshot_id": "javascript_package_inventory",
|
||
"source_ref": "docs/evaluations/javascript_package_inventory_2026-06-04.json",
|
||
"source_schema_version": "javascript_package_inventory_v1",
|
||
"generated_at": "2026-06-04T20:22:00+08:00",
|
||
"freshness_status": "stale_action_required",
|
||
"evidence_status": "caret_range_and_workspace_boundary_present",
|
||
"next_action": "建立高影響前端套件與 workspace publish boundary 批准包;不得寫 pnpm-lock.yaml。"
|
||
},
|
||
{
|
||
"snapshot_id": "docker_build_surface_inventory",
|
||
"source_ref": "docs/evaluations/docker_build_surface_inventory_2026-06-04.json",
|
||
"source_schema_version": "docker_build_surface_inventory_v1",
|
||
"generated_at": "2026-06-04T19:23:03+08:00",
|
||
"freshness_status": "stale_action_required",
|
||
"evidence_status": "digest_and_network_fetch_risk_present",
|
||
"next_action": "產生 digest pin、checksum、network source policy 批准包;未批准前不得 build 或 pull image。"
|
||
},
|
||
{
|
||
"snapshot_id": "dependency_risk_policy",
|
||
"source_ref": "docs/evaluations/dependency_risk_policy_2026-06-04.json",
|
||
"source_schema_version": "dependency_risk_policy_v1",
|
||
"generated_at": "2026-06-04T21:40:00+08:00",
|
||
"freshness_status": "stale_action_required",
|
||
"evidence_status": "policy_defined_no_external_lookup",
|
||
"next_action": "將 policy hit 轉成 owner packet 與 Telegram failure-only digest draft;不得自動套用。"
|
||
},
|
||
{
|
||
"snapshot_id": "dependency_drift_check_plan",
|
||
"source_ref": "docs/evaluations/dependency_drift_check_plan_2026-06-04.json",
|
||
"source_schema_version": "dependency_drift_check_plan_v1",
|
||
"generated_at": "2026-06-04T22:15:00+08:00",
|
||
"freshness_status": "stale_action_required",
|
||
"evidence_status": "cadence_design_only",
|
||
"next_action": "下一輪若要定期化,必須先送 schedule / workflow / external source approval packet。"
|
||
},
|
||
{
|
||
"snapshot_id": "ai_agent_version_freshness_snapshot",
|
||
"source_ref": "docs/evaluations/ai_agent_version_freshness_snapshot_2026-06-11.json",
|
||
"source_schema_version": "ai_agent_version_freshness_snapshot_v1",
|
||
"generated_at": "2026-06-11T22:45:00+08:00",
|
||
"freshness_status": "recent_action_required",
|
||
"evidence_status": "repo_only_version_sources_present",
|
||
"next_action": "把 stale source refs 與 P2-004 drift candidates 串接到 P2-406B / P2-407 報表讀回,不啟用外部 lookup。"
|
||
}
|
||
],
|
||
"monitor_checks": [
|
||
{
|
||
"check_id": "python_manifest_authority_drift_readback",
|
||
"domain": "python",
|
||
"owner_agent": "hermes",
|
||
"status": "action_required",
|
||
"current_signal": "apps/api/pyproject.toml 與 apps/api/requirements.txt 權威性仍未決;Dockerfile 目前以 pyproject + uv 為建置來源。",
|
||
"evidence_refs": [
|
||
"apps/api/pyproject.toml",
|
||
"apps/api/requirements.txt",
|
||
"apps/api/Dockerfile",
|
||
"docs/evaluations/package_supply_chain_inventory_2026-06-04.json"
|
||
],
|
||
"blocked_now": ["delete requirements", "install packages", "write lockfile"],
|
||
"next_action": "prepare_python_manifest_authority_packet"
|
||
},
|
||
{
|
||
"check_id": "python_lockfile_absence_readback",
|
||
"domain": "python",
|
||
"owner_agent": "openclaw",
|
||
"status": "action_required",
|
||
"current_signal": "Python manifests 仍無 uv.lock / poetry.lock / constraints authority;重現性策略需要人工批准。",
|
||
"evidence_refs": [
|
||
"apps/api/pyproject.toml",
|
||
"packages/lewooogo-data/pyproject.toml",
|
||
"docs/evaluations/package_supply_chain_inventory_2026-06-04.json"
|
||
],
|
||
"blocked_now": ["generate lockfile", "pin all versions", "upgrade dependencies"],
|
||
"next_action": "prepare_python_lockfile_strategy_packet"
|
||
},
|
||
{
|
||
"check_id": "javascript_importer_lockfile_readback",
|
||
"domain": "javascript",
|
||
"owner_agent": "hermes",
|
||
"status": "read_only_passed",
|
||
"current_signal": "P1-202 已確認 pnpm importers 與 lockfile specifier 沒有 mismatch;仍需處理 high-impact caret range。",
|
||
"evidence_refs": [
|
||
"package.json",
|
||
"apps/web/package.json",
|
||
"pnpm-lock.yaml",
|
||
"docs/evaluations/javascript_package_inventory_2026-06-04.json"
|
||
],
|
||
"blocked_now": ["pnpm install", "npm audit", "lockfile write"],
|
||
"next_action": "prepare_js_high_impact_upgrade_packet"
|
||
},
|
||
{
|
||
"check_id": "javascript_caret_range_exposure_readback",
|
||
"domain": "javascript",
|
||
"owner_agent": "openclaw",
|
||
"status": "action_required",
|
||
"current_signal": "apps/web 仍有大量 caret range;Next / React / Sentry / Playwright 等高影響套件需要升級批准包與 rollback plan。",
|
||
"evidence_refs": [
|
||
"apps/web/package.json",
|
||
"pnpm-lock.yaml",
|
||
"docs/evaluations/javascript_package_inventory_2026-06-04.json"
|
||
],
|
||
"blocked_now": ["package upgrade", "lockfile write", "external registry lookup"],
|
||
"next_action": "prepare_js_high_impact_upgrade_packet"
|
||
},
|
||
{
|
||
"check_id": "docker_digest_pin_readback",
|
||
"domain": "docker",
|
||
"owner_agent": "openclaw",
|
||
"status": "action_required",
|
||
"current_signal": "API / Web Dockerfile 的 base image 與 uv image tag-pinned 但未 digest-pinned。",
|
||
"evidence_refs": [
|
||
"apps/api/Dockerfile",
|
||
"apps/web/Dockerfile",
|
||
"docs/evaluations/docker_build_surface_inventory_2026-06-04.json"
|
||
],
|
||
"blocked_now": ["docker build", "image pull", "registry push"],
|
||
"next_action": "prepare_docker_digest_pin_packet"
|
||
},
|
||
{
|
||
"check_id": "docker_binary_checksum_readback",
|
||
"domain": "docker",
|
||
"owner_agent": "hermes",
|
||
"status": "action_required",
|
||
"current_signal": "API image build 下載 kubectl v1.29.0,但 checksum / signature policy 尚未固定。",
|
||
"evidence_refs": [
|
||
"apps/api/Dockerfile",
|
||
"docs/evaluations/docker_build_surface_inventory_2026-06-04.json"
|
||
],
|
||
"blocked_now": ["curl new binary", "edit Dockerfile", "image rebuild"],
|
||
"next_action": "prepare_kubectl_checksum_packet"
|
||
},
|
||
{
|
||
"check_id": "external_source_activation_readback",
|
||
"domain": "external_source",
|
||
"owner_agent": "nemotron",
|
||
"status": "blocked_until_approval",
|
||
"current_signal": "OSV / Trivy / Syft / Grype / PyPI / npm / Docker Hub / Agent market primary sources 都仍是候選來源,尚未批准外部查詢。",
|
||
"evidence_refs": [
|
||
"docs/evaluations/dependency_drift_check_plan_2026-06-04.json",
|
||
"docs/evaluations/ai_agent_version_freshness_snapshot_2026-06-11.json"
|
||
],
|
||
"blocked_now": ["external CVE lookup", "license lookup", "registry lookup", "agent market lookup"],
|
||
"next_action": "prepare_external_source_activation_packet"
|
||
}
|
||
],
|
||
"drift_candidates": [
|
||
{
|
||
"candidate_id": "api_python_manifest_drift",
|
||
"domain": "python",
|
||
"severity": "high",
|
||
"status": "action_required",
|
||
"owner_agent": "openclaw",
|
||
"summary": "API pyproject 與 legacy requirements 仍未決定權威來源;若直接刪除或改寫會影響 build / local tool / rollback 判斷。",
|
||
"evidence_refs": [
|
||
"apps/api/pyproject.toml",
|
||
"apps/api/requirements.txt",
|
||
"docs/evaluations/package_supply_chain_inventory_2026-06-04.json"
|
||
],
|
||
"next_owner_action": "prepare_python_manifest_authority_packet"
|
||
},
|
||
{
|
||
"candidate_id": "python_lockfile_absence",
|
||
"domain": "python",
|
||
"severity": "medium",
|
||
"status": "action_required",
|
||
"owner_agent": "openclaw",
|
||
"summary": "Python 依賴仍缺 committed lockfile 或 constraints authority;可先產策略批准包,不得直接生成。",
|
||
"evidence_refs": [
|
||
"apps/api/pyproject.toml",
|
||
"packages/lewooogo-data/pyproject.toml",
|
||
"docs/evaluations/dependency_risk_policy_2026-06-04.json"
|
||
],
|
||
"next_owner_action": "prepare_python_lockfile_strategy_packet"
|
||
},
|
||
{
|
||
"candidate_id": "apps_web_caret_range_exposure",
|
||
"domain": "javascript",
|
||
"severity": "medium",
|
||
"status": "action_required",
|
||
"owner_agent": "openclaw",
|
||
"summary": "apps/web 仍有 high-impact caret ranges;下一步是升級批准包與 smoke matrix,不是直接 pnpm install。",
|
||
"evidence_refs": [
|
||
"apps/web/package.json",
|
||
"pnpm-lock.yaml",
|
||
"docs/evaluations/javascript_package_inventory_2026-06-04.json"
|
||
],
|
||
"next_owner_action": "prepare_js_high_impact_upgrade_packet"
|
||
},
|
||
{
|
||
"candidate_id": "shared_types_publish_boundary",
|
||
"domain": "javascript",
|
||
"severity": "medium",
|
||
"status": "action_required",
|
||
"owner_agent": "hermes",
|
||
"summary": "shared-types 類 workspace 需要 publish / version / compatibility boundary;應以批准包定義,不由 Agent 自行 publish。",
|
||
"evidence_refs": [
|
||
"packages/shared-types/package.json",
|
||
"pnpm-lock.yaml",
|
||
"docs/evaluations/javascript_package_inventory_2026-06-04.json"
|
||
],
|
||
"next_owner_action": "prepare_shared_types_publish_boundary_packet"
|
||
},
|
||
{
|
||
"candidate_id": "docker_base_images_not_digest_pinned",
|
||
"domain": "docker",
|
||
"severity": "high",
|
||
"status": "action_required",
|
||
"owner_agent": "openclaw",
|
||
"summary": "python:3.11-slim、node:20-alpine、ghcr.io/astral-sh/uv:0.6.9 尚未 digest-pinned;需要 digest、rollback 與 rebuild approval。",
|
||
"evidence_refs": [
|
||
"apps/api/Dockerfile",
|
||
"apps/web/Dockerfile",
|
||
"docs/evaluations/docker_build_surface_inventory_2026-06-04.json"
|
||
],
|
||
"next_owner_action": "prepare_docker_digest_pin_packet"
|
||
},
|
||
{
|
||
"candidate_id": "api_kubectl_binary_without_checksum_policy",
|
||
"domain": "docker",
|
||
"severity": "high",
|
||
"status": "action_required",
|
||
"owner_agent": "hermes",
|
||
"summary": "API image build 以 curl 下載 kubectl v1.29.0,但 checksum / signature policy 尚未固定。",
|
||
"evidence_refs": [
|
||
"apps/api/Dockerfile",
|
||
"docs/evaluations/docker_build_surface_inventory_2026-06-04.json"
|
||
],
|
||
"next_owner_action": "prepare_kubectl_checksum_packet"
|
||
},
|
||
{
|
||
"candidate_id": "docker_build_time_network_fetches_present",
|
||
"domain": "docker",
|
||
"severity": "medium",
|
||
"status": "action_required",
|
||
"owner_agent": "hermes",
|
||
"summary": "API build 的 apt-get / curl 與 Web build 的 corepack / pnpm install 都是 build-time network fetch,需要 source policy 與 failure-only digest。",
|
||
"evidence_refs": [
|
||
"apps/api/Dockerfile",
|
||
"apps/web/Dockerfile",
|
||
"pnpm-lock.yaml",
|
||
"docs/evaluations/docker_build_surface_inventory_2026-06-04.json"
|
||
],
|
||
"next_owner_action": "prepare_build_time_network_source_packet"
|
||
},
|
||
{
|
||
"candidate_id": "external_cve_license_registry_lookup_not_approved",
|
||
"domain": "external_source",
|
||
"severity": "medium",
|
||
"status": "blocked_until_approval",
|
||
"owner_agent": "openclaw",
|
||
"summary": "CVE、license、PyPI、npm、Docker manifest freshness 尚未批准外部查詢;只能保留 repo-only drift 與批准包。",
|
||
"evidence_refs": [
|
||
"docs/evaluations/dependency_drift_check_plan_2026-06-04.json",
|
||
"docs/evaluations/dependency_risk_policy_2026-06-04.json"
|
||
],
|
||
"next_owner_action": "prepare_external_source_activation_packet"
|
||
},
|
||
{
|
||
"candidate_id": "agent_market_source_lookup_not_approved",
|
||
"domain": "agent_market",
|
||
"severity": "medium",
|
||
"status": "blocked_until_approval",
|
||
"owner_agent": "nemotron",
|
||
"summary": "主流 AI Agent / SDK / model watch 已納入工作清單,但定期外部 primary-source lookup 尚未批准;NemoTron 只能先做 committed snapshot freshness 與離線 scorecard 草案。",
|
||
"evidence_refs": [
|
||
"docs/ai/AI_AGENT_AUTOMATION_WORKLIST_2026-06-04.md",
|
||
"docs/evaluations/ai_agent_version_freshness_snapshot_2026-06-11.json"
|
||
],
|
||
"next_owner_action": "prepare_agent_market_source_activation_packet"
|
||
}
|
||
],
|
||
"owner_actions": [
|
||
{
|
||
"action_id": "prepare_python_manifest_authority_packet",
|
||
"priority": "P2",
|
||
"owner_agent": "openclaw",
|
||
"approval_gate": "human_review_required_before_manifest_delete_or_generation",
|
||
"summary": "判定 pyproject / requirements 權威來源、生成或退場策略、rollback 與測試矩陣。",
|
||
"blocked_until": "Owner Gate + build/test/smoke plan + rollback owner"
|
||
},
|
||
{
|
||
"action_id": "prepare_python_lockfile_strategy_packet",
|
||
"priority": "P2",
|
||
"owner_agent": "openclaw",
|
||
"approval_gate": "dependency_lock_strategy_approval_required",
|
||
"summary": "提出 uv.lock / constraints / no-lock exception 三路策略與風險評分。",
|
||
"blocked_until": "Owner Gate + package install approval + rollback plan"
|
||
},
|
||
{
|
||
"action_id": "prepare_js_high_impact_upgrade_packet",
|
||
"priority": "P2",
|
||
"owner_agent": "openclaw",
|
||
"approval_gate": "frontend_high_impact_upgrade_approval_required",
|
||
"summary": "針對 Next / React / Sentry / Playwright 等 high-impact 套件產生升級、測試、rollback 與 cache busting 批准包。",
|
||
"blocked_until": "Owner Gate + pnpm lockfile write approval + browser smoke matrix"
|
||
},
|
||
{
|
||
"action_id": "prepare_shared_types_publish_boundary_packet",
|
||
"priority": "P2",
|
||
"owner_agent": "hermes",
|
||
"approval_gate": "workspace_publish_boundary_approval_required",
|
||
"summary": "定義 shared-types version / publish / consumer compatibility 邊界與不自動 publish 規則。",
|
||
"blocked_until": "Owner Gate + package publish policy"
|
||
},
|
||
{
|
||
"action_id": "prepare_docker_digest_pin_packet",
|
||
"priority": "P2",
|
||
"owner_agent": "openclaw",
|
||
"approval_gate": "image_digest_pin_and_rebuild_approval_required",
|
||
"summary": "產生 base image digest pin、重建、rollout、rollback 與 registry promotion 批准包。",
|
||
"blocked_until": "Owner Gate + docker build/pull/push approval + rollout window"
|
||
},
|
||
{
|
||
"action_id": "prepare_kubectl_checksum_packet",
|
||
"priority": "P2",
|
||
"owner_agent": "hermes",
|
||
"approval_gate": "binary_checksum_policy_approval_required",
|
||
"summary": "定義 kubectl binary checksum / signature policy 與替換方案。",
|
||
"blocked_until": "Owner Gate + Dockerfile write approval"
|
||
},
|
||
{
|
||
"action_id": "prepare_build_time_network_source_packet",
|
||
"priority": "P2",
|
||
"owner_agent": "hermes",
|
||
"approval_gate": "build_network_source_policy_approval_required",
|
||
"summary": "把 apt / curl / corepack / pnpm install 來源與失敗限定 digest policy 固定成批准包。",
|
||
"blocked_until": "Owner Gate + workflow and registry policy approval"
|
||
},
|
||
{
|
||
"action_id": "prepare_external_source_activation_packet",
|
||
"priority": "P2",
|
||
"owner_agent": "openclaw",
|
||
"approval_gate": "external_cve_license_registry_lookup_approval_required",
|
||
"summary": "列出 OSV / Trivy / Syft / Grype / PyPI / npm / Docker registry lookup 的費用、頻率、rate limit、資料保存與 redaction 條件。",
|
||
"blocked_until": "Owner Gate + cost/rate-limit/privacy approval"
|
||
},
|
||
{
|
||
"action_id": "prepare_agent_market_source_activation_packet",
|
||
"priority": "P2",
|
||
"owner_agent": "nemotron",
|
||
"approval_gate": "agent_market_primary_source_lookup_approval_required",
|
||
"summary": "把主流 AI Agent / SDK / model watch 來源、scorecard、回放基準與 OpenClaw 替代決策門檻固定成批准包。",
|
||
"blocked_until": "Owner Gate + primary-source refresh approval + replay policy"
|
||
}
|
||
],
|
||
"telegram_policy": {
|
||
"status": "draft_only_no_send",
|
||
"direct_send_allowed": false,
|
||
"gateway_queue_write_allowed": false,
|
||
"success_quiet": true,
|
||
"failure_digest_after_approval": true,
|
||
"draft_only_outputs": [
|
||
"P2-004 dependency drift action-required digest draft",
|
||
"Owner packet summary",
|
||
"failure-only schema mismatch digest draft"
|
||
]
|
||
},
|
||
"agent_roles": [
|
||
{
|
||
"agent_id": "openclaw",
|
||
"role": "仲裁 high / critical supply-chain drift、升級風險、費用與 HITL gate;不得自行批准套件或 provider 變更。",
|
||
"autonomy_level": "L2_approval_package_only",
|
||
"approval_gate": "human_review_required_before_any_update_or_external_lookup",
|
||
"outputs": [
|
||
"risk arbitration",
|
||
"owner action packet",
|
||
"blocked operation verification"
|
||
]
|
||
},
|
||
{
|
||
"agent_id": "hermes",
|
||
"role": "彙整 repo-only manifest / lockfile / Dockerfile / committed snapshot 證據,產出報表與 KM 草稿。",
|
||
"autonomy_level": "L1_report_only",
|
||
"approval_gate": "read_only_repo_monitor_allowed",
|
||
"outputs": [
|
||
"drift evidence packet",
|
||
"report section",
|
||
"Telegram digest draft"
|
||
]
|
||
},
|
||
{
|
||
"agent_id": "nemotron",
|
||
"role": "進行離線長任務比對、版本 / Agent market freshness 草案與 replay scorecard 草案;不得替換 OpenClaw 或接 production route。",
|
||
"autonomy_level": "L1_offline_comparison_only",
|
||
"approval_gate": "offline_scorecard_only_until_market_lookup_and_replay_gate",
|
||
"outputs": [
|
||
"agent market source activation packet",
|
||
"offline comparison note",
|
||
"replay candidate list"
|
||
]
|
||
}
|
||
],
|
||
"next_actions": [
|
||
{
|
||
"task_id": "P2-406B",
|
||
"priority": "P2",
|
||
"summary": "把 P2-004 drift monitor 與日週月報 / Telegram receipt readback owner review 串接成同一個只讀審核視圖。",
|
||
"gate": "Telegram send、Gateway queue write、Bot API、receipt production write 仍必須全部為 0。"
|
||
},
|
||
{
|
||
"task_id": "P2-407",
|
||
"priority": "P2",
|
||
"summary": "讓 OpenClaw / Hermes / NemoTron 讀取日週月報與 P2-004 drift monitor 後產生 無寫入 分析與建議。",
|
||
"gate": "只寫 committed snapshot / 草稿;不得 production optimization write。"
|
||
},
|
||
{
|
||
"task_id": "P2-412",
|
||
"priority": "P2",
|
||
"summary": "準備外部主流 Agent / SDK / model watch 的 primary-source refresh 批准包。",
|
||
"gate": "未批准前不得外部查詢、不得宣稱 latest、不得替換 OpenClaw。"
|
||
}
|
||
],
|
||
"monitor_boundaries": {
|
||
"read_only_repo_monitor_allowed": true,
|
||
"schedule_activation_allowed": false,
|
||
"workflow_write_allowed": false,
|
||
"external_cve_lookup_allowed": false,
|
||
"external_license_lookup_allowed": false,
|
||
"registry_lookup_allowed": false,
|
||
"agent_market_external_lookup_allowed": false,
|
||
"package_installation_allowed": false,
|
||
"package_upgrade_allowed": false,
|
||
"lockfile_write_allowed": false,
|
||
"docker_build_allowed": false,
|
||
"image_pull_allowed": false,
|
||
"image_rebuild_allowed": false,
|
||
"registry_push_allowed": false,
|
||
"pr_creation_allowed": false,
|
||
"telegram_send_allowed": false,
|
||
"production_write_allowed": false,
|
||
"paid_external_service_allowed": false,
|
||
"secret_read_allowed": false,
|
||
"host_probe_allowed": false,
|
||
"npm_audit_allowed": false
|
||
}
|
||
}
|