Add plain-language status doc and minimal decision store contract

2026-05-08 13:08:50 +08:00
parent e13355cd40
commit 354c00dea1
9 changed files with 531 additions and 1 deletions
--- a/docs/roadmaps/reporting-governance-plugin-status-plain-language.md
+++ b/docs/roadmaps/reporting-governance-plugin-status-plain-language.md
@@ -0,0 +1,231 @@
+# Reporting Governance Plugin：現在做到哪、為什麼這樣切、還沒做到什麼
+
+這份文件是給**不想先看程式碼的人**看的。
+
+一句話先講白：
+**這個 plugin 在做的事，是把「代理有沒有老實回報、有没有卡住不講、有没有把該交接的事真的交出去」這些規則，從口頭要求，慢慢做成可驗證的程式與紀錄。**
+
+---
+
+## 1) 目前已經做了什麼
+
+現在不是只有概念，而是已經有一條**可以跑、會留下痕跡、能被測試證明**的最小鏈路。
+
+### 已經有的骨架
+
+`plugins/reporting-governance/` 這個 package 已經拉出基本邊界：
+
+- `core/`：放規則判斷與決策邏輯
+- `adapters/`：接現有 runtime / script
+- `storage/`：放可保存的 artifact 與 store contract
+- `profiles/`：放部署設定 artifact
+- `capabilities/`：放能力描述
+
+這很重要，因為它代表這件事開始不是散在 repo 各角落，而是有自己的 package 家。
+
+### 已經有的決策能力
+
+目前已經有最小可跑的：
+
+- policy evaluator：根據事件/證據判斷要不要出手
+- decision runner：把判斷結果轉成可執行意圖
+- compatibility preflight：先檢查輸入/相容性，不對就 fail closed
+
+白話講，就是：
+**系統已經不只是「看到問題」，而是能把問題翻成明確決策，例如要不要強制 checkpoint、要不要擋下某動作。**
+
+### 已經有的 OpenClaw 參考鏈
+
+目前 repo 裡最真實的一條鏈，是 watchdog 逾時告警路徑：
+
+`watchdog -> queue -> dispatcher -> bridge -> sender -> receipt`
+
+這條鏈已經能做到：
+
+- 產生 canonical event
+- 進 queue / spool
+- 經過 bridge / sender binding
+- 留下 receipt
+- 在不能真的送出的情況下，誠實標示成 `pending_external_send`，不是假裝已送達
+
+這件事的價值很實際：
+**它已經能防止「其實沒送到，卻說送到了」這種黑箱假成功。**
+
+### 已經有的 package-owned profile artifact
+
+目前已經有一個 package 自己擁有的部署設定 artifact：
+
+- `plugins/reporting-governance/profiles/strict-manager-mode.profile.json`
+
+而且不是擺著好看，已經有：
+
+- loader
+- validator
+- binding contract projector
+- 測試
+
+白話講：
+**這個 plugin 已經開始自己宣告：我依賴哪些腳本、哪些 artifact 目錄、哪些 runtime 邊界。**
+
+不是再靠「大家心裡知道」或 README 暗示。
+
+### 這一輪新補的最小 storage contract slice
+
+這輪再往前推了一小刀：
+
+- 定義 `DecisionRecordArtifact`
+- 定義 decision artifact validator / filename contract
+- 落一個最小 file-based decision store
+- 用測試證明 decision 可以被寫入、讀回、驗證，而且不能亂寫出 repo root
+
+白話講：
+**決策紀錄開始有 package 自己的保存格式，而不是每次臨時拼 JSON。**
+
+---
+
+## 2) 為什麼要這樣設計 / 為什麼要這樣切 slices
+
+### 原因一：這題太大，不能一口氣抽乾淨
+
+Reporting governance 牽到的東西很多：
+
+- 事件模型
+- 證據模型
+- 決策模型
+- queue / spool / receipt
+- runtime adapter
+- 真正外送通知
+- 未來的 audit/export
+
+如果一次硬做成完整 framework，很容易出現兩種壞事：
+
+1. 做很大，但沒有任何一塊真的可驗證
+2. 名字切漂亮，實際上還是靠舊 repo 腳本在撐
+
+所以現在的主線策略是：
+**每次只切一塊最小、能被測試證明、而且不會假裝完成的 slice。**
+
+### 原因二：先把「誠實邊界」做出來
+
+這個 plugin 的核心不是炫技，而是**不能說謊**。
+
+所以設計上優先做的是：
+
+- capability descriptor：先講清楚 runtime 有什麼能力
+- compatibility preflight：能力不夠就 fail，不硬裝能做
+- truthful receipt states：沒送到就是沒送到，不能灌水成 acked
+- package-owned artifacts：讓輸入/輸出有固定契約
+
+這就是為什麼現在會先看到 profile artifact、receipt truth model、decision record 這些東西，而不是先衝一個很大的「全能治理引擎」。
+
+### 原因三：把 package 真正養成自己的邊界
+
+如果 `core`、`adapters`、`storage` 不分開，未來就會很難回答：
+
+- 哪些是可重用的治理邏輯？
+- 哪些只是 OpenClaw 這個 runtime 的接線？
+- 哪些是資料保存契約？
+
+現在這樣切，是為了讓未來能逐步達到：
+
+- `core` 不依賴特定 runtime
+- `adapters` 負責接現場
+- `storage` 擁有 artifact contract
+
+這樣才有機會從「repo 內一套特殊腳本」長成「可攜的 plugin」。
+
+---
+
+## 3) 這些工作帶來什麼實際好處
+
+### 好處一：比較不容易再發生黑箱失聯
+
+watchdog / queue / receipt 這條鏈已經讓「任務太久沒回報」有一條比較正式的處理路。
+
+不是再靠人記得盯。
+
+### 好處二：可以區分「真的做到」和「只是說做到」
+
+receipt truth model 的意義很直接：
+
+- 有證據送出，才叫 acked
+- 沒證據，就停在 pending / blocked / dispatched 等誠實狀態
+
+這會直接降低假完成、假外送、假交接。
+
+### 好處三：未來比較能換 runtime，不用整組重寫
+
+先把 core / adapter / storage 切開，未來若不是 OpenClaw，也比較有機會重用核心規則。
+
+### 好處四：決策開始可保存、可追查
+
+這輪 decision store slice 的實際價值是：
+
+- 決策不只存在記憶體
+- 可落成 artifact
+- 檔名與內容有固定 contract
+- 可追 policy、decision、receipt、source event
+
+這對 audit、debug、回放都很關鍵。
+
+---
+
+## 4) 目前明確還沒做到什麼
+
+這裡要講老實話。
+
+### 還沒做到完整 storage framework
+
+現在只有先落一個最小 decision store slice。
+
+**還沒有**完整抽成：
+
+- event store
+- evidence store
+- queue store
+- spool store
+- receipt store
+- 統一 manifest / audit export
+
+### 還沒做到所有決策都能真的執行
+
+目前 package `core` 已經能做判斷與規劃，
+但很多實際 side effects 還是 adapter / runtime 責任。
+
+例如：
+
+- 真正 inline 攔截所有訊息/狀態變更
+- 完整 rewrite / placeholder / review / downgrade_status 執行
+- 非 watchdog 路徑的全面治理攔截
+
+### 還沒完全脫離 repo 既有 scripts
+
+現在 adapter 仍大量包既有 scripts。
+這代表 package 邊界雖然成形，但 runtime 實作還在過渡期。
+
+### 還沒形成完整對外穩定 API
+
+現在還是 `0.1.0-mainline`，屬於 pre-1.0。
+
+意思是：
+
+- package surface 還在收斂
+- 深層 `src/` import 不算穩定公開 API
+- 現在能跑，不代表介面已經定版
+
+---
+
+## 現在最準確的定位
+
+如果要一句話描述現在狀態：
+
+**它已經不是只有規格文件；已經有最小可跑、可測、會留痕跡的治理鏈。**
+
+但同時：
+
+**它也還不是完整成熟的 reporting-governance framework。**
+
+現在主線是在做一件對的事：
+**把最重要、最容易說謊、最需要證據的那幾刀，先變成 package-owned contracts。**
+
+這樣後面每往前一步，才比較不會變成另一個大而空的治理殼。
--- a/plugins/reporting-governance/package.json
+++ b/plugins/reporting-governance/package.json
@@ -14,7 +14,7 @@
    "./adapters/orchestrator": "./src/adapters/orchestrator.mjs"
  },
  "scripts": {
-    "test": "node --test test/package-structure.test.mjs test/policy-evaluator.test.mjs test/compatibility-preflight.test.mjs test/profile-artifact.test.mjs test/profile-generator.test.mjs test/decision-runner.test.mjs test/governance-contract.integration.test.mjs test/watchdog-chain.integration.test.mjs test/runtime-integrated.integration.test.mjs test/exports-boundary.integration.test.mjs"
+    "test": "node --test test/package-structure.test.mjs test/policy-evaluator.test.mjs test/compatibility-preflight.test.mjs test/profile-artifact.test.mjs test/profile-generator.test.mjs test/decision-runner.test.mjs test/decision-store.test.mjs test/governance-contract.integration.test.mjs test/watchdog-chain.integration.test.mjs test/runtime-integrated.integration.test.mjs test/exports-boundary.integration.test.mjs"
  },
  "dependencies": {
    "ajv": "^8.20.0",
--- a/plugins/reporting-governance/src/index.mjs
+++ b/plugins/reporting-governance/src/index.mjs
@@ -1,6 +1,11 @@
 export const packageName = '@openclaw/plugin-reporting-governance';
 export const packageVersion = '0.1.0-mainline';

+export const artifactKinds = {
+  deploymentProfile: 'DeploymentProfileArtifact',
+  decisionRecord: 'DecisionRecordArtifact',
+};
+
 export const packageBoundaries = {
  core: [
    'event normalization',
@@ -46,3 +51,9 @@ export {
  runOrchestratorAdapter,
 } from './adapters/index.mjs';
 export { runOrchestratorAdapter as runWatchdogChain } from './adapters/orchestrator.mjs';
+export {
+  createDecisionRecordArtifact,
+  createDecisionRecordFileName,
+  createFileDecisionStore,
+  validateDecisionRecordArtifact,
+} from './storage/index.mjs';
--- a/plugins/reporting-governance/src/storage/decision-artifact.mjs
+++ b/plugins/reporting-governance/src/storage/decision-artifact.mjs
@@ -0,0 +1,95 @@
+import crypto from 'node:crypto';
+
+const EXPECTED_KIND = 'DecisionRecordArtifact';
+const EXPECTED_API_VERSION = 'reporting-governance/v1alpha1';
+
+function assertNonEmptyString(value, label) {
+  if (typeof value !== 'string' || value.trim() === '') {
+    throw new Error(`${label} must be a non-empty string`);
+  }
+  return value.trim();
+}
+
+function assertObjectRecord(value, label) {
+  if (!value || typeof value !== 'object' || Array.isArray(value)) {
+    throw new Error(`${label} must be an object record`);
+  }
+  return value;
+}
+
+function sanitizeFileSegment(value, fallback) {
+  const normalized = String(value ?? '').trim().replace(/[^a-zA-Z0-9._-]+/g, '-').replace(/^-+|-+$/g, '');
+  return normalized || fallback;
+}
+
+export function validateDecisionRecordArtifact(artifact) {
+  if (!artifact || typeof artifact !== 'object' || Array.isArray(artifact)) {
+    throw new Error('decision record artifact must be an object');
+  }
+  if (artifact.kind !== EXPECTED_KIND) {
+    throw new Error(`decision record artifact kind must be ${EXPECTED_KIND}`);
+  }
+  if (artifact.apiVersion !== EXPECTED_API_VERSION) {
+    throw new Error(`decision record artifact apiVersion must be ${EXPECTED_API_VERSION}`);
+  }
+
+  const metadata = assertObjectRecord(artifact.metadata, 'decision record artifact metadata');
+  const spec = assertObjectRecord(artifact.spec, 'decision record artifact spec');
+  const decision = assertObjectRecord(spec.decision, 'decision record artifact spec.decision');
+  const receipt = assertObjectRecord(spec.receipt, 'decision record artifact spec.receipt');
+
+  assertNonEmptyString(metadata.recorded_at, 'decision record artifact metadata.recorded_at');
+  assertNonEmptyString(metadata.policy_id, 'decision record artifact metadata.policy_id');
+  assertNonEmptyString(metadata.decision, 'decision record artifact metadata.decision');
+  assertNonEmptyString(decision.policy_id, 'decision record artifact spec.decision.policy_id');
+  assertNonEmptyString(decision.decision, 'decision record artifact spec.decision.decision');
+  assertNonEmptyString(receipt.delivery_state, 'decision record artifact spec.receipt.delivery_state');
+
+  return artifact;
+}
+
+export function createDecisionRecordArtifact({ decision, receipt, recordedAt = new Date().toISOString(), source = {} } = {}) {
+  const normalizedDecision = assertObjectRecord(decision, 'decision');
+  const normalizedReceipt = assertObjectRecord(receipt, 'receipt');
+  const policyId = assertNonEmptyString(normalizedDecision.policy_id, 'decision.policy_id');
+  const decisionName = assertNonEmptyString(normalizedDecision.decision, 'decision.decision');
+
+  return validateDecisionRecordArtifact({
+    kind: EXPECTED_KIND,
+    apiVersion: EXPECTED_API_VERSION,
+    metadata: {
+      record_id: `dec_${crypto.randomUUID()}`,
+      recorded_at: assertNonEmptyString(recordedAt, 'recordedAt'),
+      policy_id: policyId,
+      decision: decisionName,
+      correlation_id: source.correlation_id ?? null,
+      task_id: source.task_id ?? null,
+      event_id: source.event_id ?? null,
+    },
+    spec: {
+      decision: normalizedDecision,
+      receipt: normalizedReceipt,
+      source: {
+        event_id: source.event_id ?? null,
+        task_id: source.task_id ?? null,
+        correlation_id: source.correlation_id ?? null,
+      },
+    },
+  });
+}
+
+export function createDecisionRecordFileName(artifact) {
+  const validatedArtifact = validateDecisionRecordArtifact(artifact);
+  return [
+    validatedArtifact.metadata.recorded_at.replace(/[.:]/g, '-'),
+    sanitizeFileSegment(validatedArtifact.metadata.policy_id, 'policy'),
+    sanitizeFileSegment(validatedArtifact.metadata.decision, 'decision'),
+    `${validatedArtifact.metadata.record_id}.json`,
+  ].join('-');
+}
+
+export const __testables = {
+  EXPECTED_KIND,
+  EXPECTED_API_VERSION,
+  sanitizeFileSegment,
+};
--- a/plugins/reporting-governance/src/storage/decision-store.mjs
+++ b/plugins/reporting-governance/src/storage/decision-store.mjs
@@ -0,0 +1,43 @@
+import fs from 'node:fs';
+import path from 'node:path';
+
+import {
+  createDecisionRecordArtifact,
+  createDecisionRecordFileName,
+  validateDecisionRecordArtifact,
+} from './decision-artifact.mjs';
+import { assertUseTimePathWithinRepoRoot } from './profile-artifact.mjs';
+
+export function createFileDecisionStore({ decisionsDir, repoRootOverride } = {}) {
+  const resolvedDecisionsDir = assertUseTimePathWithinRepoRoot(
+    path.resolve(decisionsDir ?? 'state/reporting-governance-decisions'),
+    'decision store decisionsDir',
+    { repoRootOverride, allowMissingLeaf: true }
+  );
+
+  return {
+    decisionsDir: resolvedDecisionsDir,
+    write({ decision, receipt, recordedAt, source } = {}) {
+      fs.mkdirSync(resolvedDecisionsDir, { recursive: true });
+      const artifact = createDecisionRecordArtifact({ decision, receipt, recordedAt, source });
+      const artifactPath = path.join(resolvedDecisionsDir, createDecisionRecordFileName(artifact));
+      fs.writeFileSync(artifactPath, `${JSON.stringify(artifact, null, 2)}\n`, 'utf8');
+      return {
+        artifact,
+        artifactPath,
+      };
+    },
+    load(artifactPath) {
+      const resolvedPath = assertUseTimePathWithinRepoRoot(
+        path.resolve(artifactPath),
+        'decision store artifactPath',
+        { repoRootOverride }
+      );
+      const artifact = validateDecisionRecordArtifact(JSON.parse(fs.readFileSync(resolvedPath, 'utf8')));
+      return {
+        artifact,
+        artifactPath: resolvedPath,
+      };
+    },
+  };
+}
--- a/plugins/reporting-governance/src/storage/index.mjs
+++ b/plugins/reporting-governance/src/storage/index.mjs
@@ -8,3 +8,9 @@ export {
  generateDeploymentProfileArtifact,
  generateDeploymentProfileArtifactFromFile,
 } from './profile-generator.mjs';
+export {
+  createDecisionRecordArtifact,
+  createDecisionRecordFileName,
+  validateDecisionRecordArtifact,
+} from './decision-artifact.mjs';
+export { createFileDecisionStore } from './decision-store.mjs';
--- a/plugins/reporting-governance/test/decision-store.test.mjs
+++ b/plugins/reporting-governance/test/decision-store.test.mjs
@@ -0,0 +1,133 @@
+import test from 'node:test';
+import assert from 'node:assert/strict';
+import fs from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+
+import {
+  createDecisionRecordArtifact,
+  createDecisionRecordFileName,
+  createFileDecisionStore,
+  validateDecisionRecordArtifact,
+} from '../src/storage/index.mjs';
+import { planDecisionExecution } from '../src/core/decision-runner.mjs';
+
+const packageRoot = path.resolve(import.meta.dirname, '..');
+const repoRoot = path.resolve(packageRoot, '..', '..');
+
+const capabilityDescriptor = {
+  capabilities: {
+    enforcement: {
+      force_checkpoint: { supported: true, level: 'partial' },
+      escalate: { supported: true, level: 'full' }
+    },
+    notification_path: {
+      queue_items: { supported: true, level: 'full' },
+      spool_handoff: { supported: true, level: 'full' },
+      sender_binding: { supported: true, level: 'full' },
+      direct_send: { supported: false, level: 'none' },
+      truth_model: {
+        delivery_states: ['prepared', 'queued', 'dispatched', 'pending_external_send', 'acked', 'blocked'],
+        ack_requires_proven_send: true,
+        pending_external_send_supported: true
+      }
+    }
+  }
+};
+
+function createPlannedDecision() {
+  return planDecisionExecution({
+    decision: {
+      decision: 'force_checkpoint',
+      policy_id: 'no-silence.missed-checkpoint',
+      severity: 'high',
+      reason: 'checkpoint overdue',
+      required_actions: [
+        { action: 'notify_operator', target: 'operator_channel', mandatory: true },
+        { action: 'emit_event', target: 'event_stream', mandatory: true }
+      ],
+      operator_notice: {
+        required: true,
+        channel: 'telegram',
+        urgency: 'high',
+        message: 'Required update.',
+        deadline: '2026-01-01T00:00:00.000Z'
+      }
+    },
+    capabilityDescriptor,
+  });
+}
+
+test('decision artifact validates minimal package-owned contract', () => {
+  const planned = createPlannedDecision();
+  const artifact = createDecisionRecordArtifact({
+    decision: planned.decision,
+    receipt: planned.receipt,
+    recordedAt: '2026-05-08T04:00:00.000Z',
+    source: {
+      event_id: 'evt_watchdog_001',
+      task_id: 'task-reporting-governance',
+      correlation_id: 'corr-001',
+    },
+  });
+
+  assert.equal(artifact.kind, 'DecisionRecordArtifact');
+  assert.equal(artifact.apiVersion, 'reporting-governance/v1alpha1');
+  assert.equal(artifact.metadata.policy_id, 'no-silence.missed-checkpoint');
+  assert.equal(artifact.spec.receipt.delivery_state, 'pending_external_send');
+  assert.equal(validateDecisionRecordArtifact(artifact), artifact);
+});
+
+test('decision artifact filename is stable and readable', () => {
+  const planned = createPlannedDecision();
+  const artifact = createDecisionRecordArtifact({
+    decision: planned.decision,
+    receipt: planned.receipt,
+    recordedAt: '2026-05-08T04:00:00.000Z',
+  });
+
+  const fileName = createDecisionRecordFileName(artifact);
+  assert.match(fileName, /^2026-05-08T04-00-00-000Z-no-silence\.missed-checkpoint-force_checkpoint-dec_[a-f0-9-]+\.json$/);
+});
+
+test('file decision store writes and reloads a validated decision artifact inside repo root', async (t) => {
+  const sandbox = fs.mkdtempSync(path.join(os.tmpdir(), 'reporting-governance-decision-store-'));
+  t.after(() => fs.rmSync(sandbox, { recursive: true, force: true }));
+
+  const fakeRepoRoot = path.join(sandbox, 'repo');
+  fs.mkdirSync(fakeRepoRoot, { recursive: true });
+
+  const planned = createPlannedDecision();
+  const store = createFileDecisionStore({
+    decisionsDir: path.join(fakeRepoRoot, 'state', 'decisions'),
+    repoRootOverride: fakeRepoRoot,
+  });
+
+  const written = store.write({
+    decision: planned.decision,
+    receipt: planned.receipt,
+    recordedAt: '2026-05-08T04:00:00.000Z',
+    source: {
+      event_id: 'evt_watchdog_001',
+      task_id: 'task-reporting-governance',
+      correlation_id: 'corr-001',
+    },
+  });
+
+  assert.equal(fs.existsSync(written.artifactPath), true);
+  assert.match(path.basename(written.artifactPath), /^2026-05-08T04-00-00-000Z-no-silence\.missed-checkpoint-force_checkpoint-dec_[a-f0-9-]+\.json$/);
+
+  const loaded = store.load(written.artifactPath);
+  assert.equal(loaded.artifact.metadata.event_id, 'evt_watchdog_001');
+  assert.equal(loaded.artifact.spec.receipt.delivery_state, 'pending_external_send');
+});
+
+test('file decision store rejects decision directory escaping repo root', () => {
+  assert.throws(
+    () => createFileDecisionStore({
+      decisionsDir: path.resolve(repoRoot, '..', 'escape'),
+      repoRootOverride: repoRoot,
+    }),
+    /decision store decisionsDir must stay within repo root/
+  );
+});
--- a/plugins/reporting-governance/test/exports-boundary.integration.test.mjs
+++ b/plugins/reporting-governance/test/exports-boundary.integration.test.mjs
@@ -66,18 +66,27 @@ test('package root export resolves public package surface only', () => {
      import * as plugin from '@openclaw/plugin-reporting-governance';
      process.stdout.write(JSON.stringify({
        packageName: plugin.packageName,
+        artifactKinds: plugin.artifactKinds,
        hasRunWatchdogChain: typeof plugin.runWatchdogChain,
        hasPlanDecisionExecution: typeof plugin.planDecisionExecution,
        hasExecuteGovernanceContract: typeof plugin.executeGovernanceContract,
        hasExecuteRuntimeIntegratedGovernance: typeof plugin.executeRuntimeIntegratedGovernance,
+        hasCreateDecisionRecordArtifact: typeof plugin.createDecisionRecordArtifact,
+        hasCreateFileDecisionStore: typeof plugin.createFileDecisionStore,
      }));
    `);

    assert.equal(result.packageName, '@openclaw/plugin-reporting-governance');
+    assert.deepEqual(result.artifactKinds, {
+      deploymentProfile: 'DeploymentProfileArtifact',
+      decisionRecord: 'DecisionRecordArtifact',
+    });
    assert.equal(result.hasRunWatchdogChain, 'function');
    assert.equal(result.hasPlanDecisionExecution, 'function');
    assert.equal(result.hasExecuteGovernanceContract, 'function');
    assert.equal(result.hasExecuteRuntimeIntegratedGovernance, 'function');
+    assert.equal(result.hasCreateDecisionRecordArtifact, 'function');
+    assert.equal(result.hasCreateFileDecisionStore, 'function');
  } finally {
    fs.rmSync(root, { recursive: true, force: true });
  }
--- a/plugins/reporting-governance/test/package-structure.test.mjs
+++ b/plugins/reporting-governance/test/package-structure.test.mjs
@@ -20,6 +20,8 @@ const requiredPaths = [
  'src/adapters/orchestrator.mjs',
  'src/storage',
  'src/storage/profile-artifact.mjs',
+  'src/storage/decision-artifact.mjs',
+  'src/storage/decision-store.mjs',
  'src/reference/openclaw-watchdog-chain.md',
  'capabilities/openclaw-watchdog-reference.json',
  'examples/openclaw-watchdog-reference.descriptor.example.json',