feat(compliance): add content compliance detection across tenant, ops, and clients

Implements the Revision 8/9 compliance design: tenant + ops backends, ops-web
content-safety pages, admin-web editor/publish gate integration, desktop publish
block surfacing, and supporting migrations / shared types / config plumbing.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-05-05 20:48:14 +08:00
parent 81577b6154
commit 745cdd79cf
73 changed files with 12747 additions and 1892 deletions
+17
View File
@@ -52,6 +52,12 @@ rabbitmq:
template_assist_dlx: template.assist.dlx
template_assist_dlq: template.assist.run.dlq
template_assist_dlq_routing_key: template.assist.run.dlq
compliance_review_exchange: compliance.review
compliance_review_routing_key: compliance.review.run
compliance_review_queue: compliance.review.run
compliance_review_dlx: compliance.review.dlx
compliance_review_dlq: compliance.review.run.dlq
compliance_review_dlq_routing_key: compliance.review.run.dlq
consumer_prefetch: 10
publish_channel_pool_size: 32
# Prefer environment override when needed:
@@ -159,6 +165,17 @@ llm:
# Prefer environment override for secrets:
# export LLM_API_KEY=your-api-key
compliance:
enabled: true
llm_judge_enabled: false
snapshot_reload_interval: 30s
publish_gate_timeout: 800ms
review_worker_concurrency: 1
review_worker_timeout: 45s
review_max_attempts: 3
# Emergency deployment kill switch:
# export COMPLIANCE_ENABLED=false
retrieval:
provider: siliconflow
base_url: https://api.siliconflow.cn/v1