吸收数字员工管理端治理执行安全壳

This commit is contained in:
baiyanyun
2026-06-13 14:56:54 +08:00
parent f08b0c39d9
commit 95838dba04
7 changed files with 297 additions and 4 deletions

View File

@@ -1643,6 +1643,100 @@ function checkDigitalAdminPolicySchedulerWorkbenches() {
console.log("[DigitalEmployeeCheck] admin policy center and scheduler operation hooks OK");
}
function checkDigitalAdminPlanGovernanceWorkbenches() {
console.log("\n[DigitalEmployeeCheck] Verify admin plan governance and revision workbench hooks");
const backendRoot = path.resolve(packageRoot, "..", "..", "..", "qiming-backend");
const qimingRoot = path.resolve(packageRoot, "..", "..", "..", "qiming");
const servicePath = path.join(
backendRoot,
"app-platform-modules",
"app-platform-agent",
"app-platform-agent-core-application",
"src",
"main",
"java",
"com",
"xspaceagi",
"agent",
"core",
"application",
"service",
"DigitalEmployeeSyncApplicationServiceImpl.java",
);
const dtoPath = path.join(
backendRoot,
"app-platform-modules",
"app-platform-agent",
"app-platform-agent-core-adapter",
"src",
"main",
"java",
"com",
"xspaceagi",
"agent",
"core",
"adapter",
"dto",
"digital",
"DigitalEmployeeAdminWorkbenchRowDto.java",
);
const testPath = path.join(
backendRoot,
"app-platform-modules",
"app-platform-agent",
"app-platform-agent-core-application",
"src",
"test",
"java",
"com",
"xspaceagi",
"agent",
"core",
"application",
"service",
"DigitalEmployeeSyncApplicationServiceImplTest.java",
);
const qimingOpsPath = path.join(qimingRoot, "src", "pages", "SystemManagement", "Content", "DigitalEmployeeOps", "index.tsx");
const qimingTypesPath = path.join(qimingRoot, "src", "types", "interfaces", "systemManage.ts");
const docsPath = path.resolve(packageRoot, "..", "..", "docs", "digital-employee-frontend-integration-plan.md");
const service = fs.readFileSync(servicePath, "utf8");
const dto = fs.readFileSync(dtoPath, "utf8");
const test = fs.readFileSync(testPath, "utf8");
const qimingOps = fs.readFileSync(qimingOpsPath, "utf8");
const qimingTypes = fs.readFileSync(qimingTypesPath, "utf8");
const docs = fs.readFileSync(docsPath, "utf8");
const requiredSnippets = [
[service, "plan_governance", "backend plan governance view"],
[service, "plan_revisions", "backend plan revisions view"],
[service, "isPlanGovernanceRow", "backend plan governance matcher"],
[service, "isPlanRevisionRow", "backend plan revision matcher"],
[service, "record_escalation", "backend plan escalation action"],
[service, "hard_interrupt_disabled", "backend hard interrupt disabled reason"],
[service, "high_risk_governance_action_disabled", "backend high risk governance disabled reason"],
[dto, "revision_id", "backend revision id row field"],
[test, "queryAdminWorkbenchPlanGovernanceReturnsGovernanceEscalationRowsOnly", "backend plan governance test"],
[test, "queryAdminWorkbenchPlanRevisionsReturnsRevisionRowsOnly", "backend plan revisions test"],
[qimingTypes, "plan_governance", "qiming plan governance view type"],
[qimingTypes, "plan_revisions", "qiming plan revisions view type"],
[qimingTypes, "revision_id", "qiming revision id field"],
[qimingOps, "计划治理", "qiming plan governance tab"],
[qimingOps, "计划版本", "qiming plan revisions tab"],
[qimingOps, "请求版本复核", "qiming revision review action"],
[qimingOps, "记录升级", "qiming escalation action"],
[qimingOps, "不开放 hard interrupt", "qiming hard interrupt guard copy"],
[qimingOps, "不自动激活计划", "qiming high risk execution guard copy"],
[docs, "正式管理端治理执行安全壳预览", "docs plan governance absorption"],
[docs, "正式管理端计划版本预览", "docs plan revision absorption"],
];
const missing = requiredSnippets
.filter(([content, snippet]) => !content.includes(snippet))
.map(([, , label]) => label);
if (missing.length > 0) {
throw new Error(`Missing admin plan governance and revision hooks: ${missing.join(", ")}`);
}
console.log("[DigitalEmployeeCheck] admin plan governance and revision hooks OK");
}
function checkDigitalAdminServiceOperationsWorkbench() {
console.log("\n[DigitalEmployeeCheck] Verify admin service operations workbench hooks");
const backendRoot = path.resolve(packageRoot, "..", "..", "..", "qiming-backend");
@@ -2249,6 +2343,7 @@ function main() {
checkDigitalAdminApprovalGovernanceWorkbench();
checkDigitalAdminMemorySkillWorkbench();
checkDigitalAdminPolicySchedulerWorkbenches();
checkDigitalAdminPlanGovernanceWorkbenches();
checkDigitalAdminServiceOperationsWorkbench();
checkDigitalAdminRouteGovernanceWorkbench();
checkDigitalAdminNotificationWorkbench();

View File

@@ -568,9 +568,9 @@ GET /api/digital-employee/approvals
4. **治理命令完整生命周期**
- 已吸收:`create_plan``submit_plan``approve_plan``activate_plan` 等基础命令可记录本地运行事实;任务级 `retry_task``skip_task``pause_task``resume_task``provide_task_input``cancel_task``start_run``cancel_run` 已具备本地事实闭环embedded plan / task action endpoint 已开始映射为正式 governance command治理审计链和低风险 action policy 已开始吸收route decision 自动映射 governance command 前会先经过低风险/受保护高风险 action guard未命中的动作写入 `route_action_policy_blocked`,所有 `governance_*` event 的同步 `business_view` 会提炼 command、route、实体目标、风险等级和结果字段`provide_task_input` 只同步 `input_length`
- 当前能力:`/api/plan/:id/submit``/api/debug/plan/:id/:action``/api/task/:id/:action` 会进入 qimingclaw 本地治理记录plan revision v1 可从 `governance_*` 事件投影只读时间线;数字员工首页会展示“治理审计/治理拦截”摘要,管理端通用 sync record 可通过 `business_view.category = governance` 消费治理命令审计字段。正式管理端治理命令预览已开始吸收qiming-backend 的 `governance_commands` 运营台视图会聚合治理命令记录、拒绝和低风险输入审计qiming“数字员工运营台”的“治理命令”tab 只开放标记已看和忽略意图,不开放 ACP 硬中断或高风险执行。
- 缺口:`escalate`正式计划 revision 表、正式管理端治理工作台和对真实 ACP 执行流的硬中断仍不完整。
- 建议:下一轮围绕正式管理端治理工作台和 ACP 硬中断,把本地治理审计推进到完整跨端裁决与执行控制。
- 当前能力:`/api/plan/:id/submit``/api/debug/plan/:id/:action``/api/task/:id/:action` 会进入 qimingclaw 本地治理记录plan revision v1 可从 `governance_*` 事件投影只读时间线;数字员工首页会展示“治理审计/治理拦截”摘要,管理端通用 sync record 可通过 `business_view.category = governance` 消费治理命令审计字段。正式管理端治理命令预览已开始吸收qiming-backend 的 `governance_commands` 运营台视图会聚合治理命令记录、拒绝和低风险输入审计qiming“数字员工运营台”的“治理命令”tab 只开放标记已看和忽略意图,不开放 ACP 硬中断或高风险执行。正式管理端治理执行安全壳预览和正式管理端计划版本预览已开始吸收qiming-backend 新增 `plan_governance` / `plan_revisions` 视图聚合治理动作、升级请求、人工介入和版本复核摘要qiming“数字员工运营台”的“计划治理”“计划版本”tab 只记录标记已看、忽略、请求版本复核和记录升级等低风险意图;`hard_interrupt``activate_plan``cancel_run``cancel_task``accept_remote_approval_batch` 继续返回明确禁用 reason。
- 缺口:正式计划 revision 物理表、治理策略编辑 UI 和对真实 ACP 执行流的硬中断仍不完整。
- 建议:下一轮围绕正式管理端治理策略和 ACP 硬中断安全设计,把本地治理审计推进到完整跨端裁决与执行控制。
5. **ManagedService 控制面**
- 已吸收Agent、MCP、Computer Server、Lanproxy、File Server、GUI Server 状态已进入 snapshot / projectionFile Server 与 GUI Server 已开放白名单式 restart bridge并会写入 `managed_service_restart` / `managed_service_restart_rejected` 事件,安全服务 restart bridge 已开始闭环。完整人机介入入口已开始吸收embedded 新增“处置台”聚合服务异常、诊断风险、审计风险和策略拉取错误支持批量标记已看、忽略、策略重拉和白名单服务安全重启。正式外部管理端服务运营台预览已开始吸收qiming-backend 新增 `service_operations` 运营台视图聚合 managed service 快照、服务诊断和重启审计qiming“数字员工运营台”新增“服务运营” tab并只开放复核/忽略等低风险动作意图,不开放 start/stop。