feat: 风险支持自然语言搜索和智能分析功能-NL2JSON 相关接口开发 --story=132059048#1409
Open
0RAJA wants to merge 518 commits into
Open
Conversation
0RAJA
commented
Mar 10, 2026
0RAJA
commented
Collaborator
- 新增 NL2RiskFilter 接口,自然语言转风险筛选条件,支持多轮对话
- 新增通用 AI Agent 模块,枚举驱动路由 + 3 层 URL 优先级 + 统一认证
- 新增 APIGW MCP Server 配置(audit-report + risk-search)及同步命令
- 新增简化版事件字段接口,供 AI MCP 工具调用
0RAJA
force-pushed
the
feat/risk_ai_search
branch
from
7807027 to
e52dd5f
Compare
0RAJA
force-pushed
the
feat/risk_ai_search
branch
from
e52dd5f to
18eca74
Compare
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## feat/ai_risk #1409 +/- ##
================================================
- Coverage 86.81% 86.73% -0.08%
================================================
Files 835 845 +10
Lines 51014 51870 +856
================================================
+ Hits 44287 44990 +703
- Misses 6727 6880 +153 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
0RAJA
force-pushed
the
feat/risk_ai_search
branch
2 times, most recently
from
5820084 to
0383b4e
Compare
# Reviewed, transaction id: 79696
# Reviewed, transaction id: 79726
…有才显示这个 --bug=157640269 # Reviewed, transaction id: 79731
# Reviewed, transaction id: 79735
# Reviewed, transaction id: 79745
# Reviewed, transaction id: 79786
# Reviewed, transaction id: 79805
# Reviewed, transaction id: 79838
# Reviewed, transaction id: 79853
1. nl2risk_filter 系统提示词优化,评测集优化 Signed-off-by: raja <1647193241@qq.com>
Signed-off-by: raja <1647193241@qq.com>
- 分页COUNT加Redis缓存并优化权限过滤提升查询性能 Signed-off-by: raja <1647193241@qq.com>
1. 优化接口返回字段 Signed-off-by: raja <1647193241@qq.com>
1. 取消分页缓存 Signed-off-by: raja <1647193241@qq.com>
1. 更新 README.md Signed-off-by: raja <1647193241@qq.com>
1. 提示词调优 Signed-off-by: raja <1647193241@qq.com> # Conflicts: # src/backend/services/web/risk/serializers.py
Signed-off-by: raja <1647193241@qq.com>
0RAJA
force-pushed
the
feat/risk_ai_search
branch
from
f11ab95 to
9e4918b
Compare
- 支持 NL2RiskFilter 透传场景列表和当前视角信息,用于当前场景与 scope 条件生成 - 更新 NL2RiskFilter 系统提示词、接口文档和评估用例,覆盖场景参数检索链路 - 增强 AI 返回 message 包裹 JSON 时的解析能力,避免有效筛选条件被当作失败消息
1. 代码合并 Signed-off-by: raja <1647193241@qq.com>
1. 修复代码依赖导入问题 Signed-off-by: raja <1647193241@qq.com>
- 收紧分析报告访问与关联风险权限,避免跨用户访问 - 按报告创建人过滤后台关联风险范围 - 隔离审计报告与分析 Agent 凭据配置并复用通用对话能力 - 补充权限边界和凭据优先级回归测试
- 限制分析报告列表排序字段范围,避免非法字段触发服务端异常 - 补充非法排序字段校验回归测试
- 绑定分析报告任务查询归属,列表支持按状态筛选且默认返回当前用户全部报告 - 复用风险列表筛选与权限范围关联报告风险,并通过配置限制关联数量 - 调整报告生成重试失败状态记录,补充分析报告模型后台管理 - 补充任务归属、风险筛选、数量限制、重试状态和 admin 回归测试
- 收紧报告关联风险列表单页返回上限,避免分页参数拉取过多数据 - 支持按前端明确选择的风险 ID 生成报告,并保留筛选条件生成能力 - 复用风险列表公共检索能力生成报告关联风险,减少任务侧重复解析逻辑 - 补充分页限制、子查询关联和显式风险 ID 生成回归测试
- 收敛 AI 分析报告生成参数,统一按风险筛选条件生成与关联风险 - 修正 AI 分析报告任务最终重试失败后的状态落库 - 调整显式风险 ID 相关测试契约并覆盖失败状态回归
- 兼容 AG-UI TEXT_MESSAGE_CONTENT 正文流式片段,恢复智能体报告内容返回 - 统一按 UTF-8 解码 SSE 原始字节,避免中文内容乱码 - 补充 AG-UI 正文拼接与中文解码回归测试
Signed-off-by: raja <1647193241@qq.com>
- 收敛 AI 分析报告生成参数,统一按风险筛选条件生成与关联风险 - 修正 AI 分析报告任务最终重试失败后的状态落库 - 调整显式风险 ID 相关测试契约并覆盖失败状态回归
- 调整 AI 分析报告列表默认返回范围,未指定状态时返回当前用户全部报告 - 保留 status 参数显式筛选能力,由前端按需过滤展示 - 补充默认返回生成中报告的回归测试
- 强化 NL2RiskFilter 提示词输出约束,要求模型仅返回裸 JSON 对象 - 同步更新提示词维护说明并重新生成系统提示词 - 通过 promptfoo 全量评估验证多模型输出表现 Signed-off-by: raja <1647193241@qq.com>
- 收敛报告风险 APIGW 请求和响应序列化器,保持 schema 与返回结构一致 - 将 audit-report MCP 工具切换为报告绑定风险查询资源,并验证真实路由地址 - 补充 APIGW 配置、HTTP 链路和筛选参数归一化测试 - 调整分析报告生成任务队列配置,匹配风险渲染队列
- 收敛 AI 分析报告生成输入,只向 Agent 传递 report_id 和报告绑定风险查询规则 - 将报告风险查询指令沉淀为风险模块常量,避免 Agent 使用原始筛选条件 - 通过 migration 快照更新内置场景 prompt,并同步模型与接口文案 - 补充报告生成 prompt 回归测试
- 记录 AI 报告生成时传给 Agent 的请求信息,便于后续回顾分析上下文 - 记录报告生成任务起止时间和耗时,并在最终失败时保留结构化错误信息 - 补充 extra_info 结构化 schema 和报告生成任务回归测试
- 在报告生成任务开始和调用 Agent 前分别记录已确定的生成上下文 - 支持执行中 extra_info 只包含开始时间,完成后再补充结束时间、耗时和错误信息 - 补充分阶段落库回归测试,覆盖调用 Agent 前的数据库状态
1. 默认 AI 分析报告30分钟超时 Signed-off-by: raja <1647193241@qq.com>
1. 报告详情增加错误信息返回 Signed-off-by: raja <1647193241@qq.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.