{
 "reviewed": "2026-07-15",
 "disclosure": "ALLinAI 編輯決策輔助資料，不是法定變更程序、完整資安控制、供應商保證或自動發布批准。請依實際系統、資料、契約、法規與錯誤後果增修。",
 "categories": {
  "model": "模型與路由",
  "prompt": "提示與政策",
  "retrieval": "RAG 與檢索",
  "data": "資料與權限",
  "tools": "工具與流程",
  "platform": "平台與營運"
 },
 "systems": {
  "generation": "文字生成",
  "rag": "RAG 知識庫",
  "extraction": "擷取／結構化",
  "classification": "分類／預測",
  "agent": "AI Agent"
 },
 "levels": {
  "routine": "例行",
  "significant": "重要",
  "critical": "重大"
 },
 "sources": {
  "nist_rmf": "https://airc.nist.gov/airmf-resources/airmf/5-sec-core/",
  "nist_playbook": "https://airc.nist.gov/airmf-resources/playbook/manage/",
  "nist_ssdf_ai": "https://csrc.nist.gov/pubs/sp/800/218/a/final",
  "nist_ai_800_2": "https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.800-2.ipd.pdf",
  "nist_monitoring": "https://www.nist.gov/news-events/news/2026/03/new-report-challenges-monitoring-deployed-ai-systems",
  "cisa_secure_ai": "https://www.cisa.gov/news-events/alerts/2023/11/26/cisa-and-uk-ncsc-unveil-joint-guidelines-secure-ai-system-development"
 },
 "changes": [
  {
   "slug": "model-or-provider-version",
   "category": "model",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "level": "critical",
   "name": "模型或供應商版本更換",
   "trigger": "模型名稱、版本、端點或供應商公告改變。",
   "risks": "能力、拒答、語氣、格式、延遲、成本與資料處理條件可能同時改變。",
   "retest": "完整代表集、高風險阻斷、格式契約、延遲／成本、人工抽查與供應商條款。",
   "rollback": "保留原模型與路由設定；確認回切端點、相容參數與資料版本。",
   "evidence": "前後版本、逐題差異、分群結果、已知限制、批准與回切演練。",
   "owners": "產品、ML／工程、資安、採購／法務"
  },
  {
   "slug": "decoding-parameter",
   "category": "model",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "level": "significant",
   "name": "temperature、top-p 或輸出上限調整",
   "trigger": "生成參數、最大輸出或重跑次數改變。",
   "risks": "一致性、截斷、格式、成本與尾端延遲可能退步。",
   "retest": "重複測試一致性、超長輸入、格式契約、完整度、成本與延遲。",
   "rollback": "版本化參數並保留前一組設定；能以設定切換回復。",
   "evidence": "參數 diff、重跑次數、輸出變異、截斷率與回切結果。",
   "owners": "ML／工程、產品、品質"
  },
  {
   "slug": "embedding-model",
   "category": "model",
   "systems": [
    "rag",
    "agent"
   ],
   "level": "critical",
   "name": "Embedding 模型更換",
   "trigger": "向量模型、維度、正規化或距離算法改變。",
   "risks": "舊向量可能不相容，檢索召回與排序會整體漂移。",
   "retest": "重新建索引、已知答案命中、無答案、新舊版本衝突、分群召回與引用。",
   "rollback": "保留舊索引與查詢路由；新版索引用獨立版本完成驗收後切換。",
   "evidence": "模型與維度、索引版本、建置清單、逐題前 k 筆與回切時間。",
   "owners": "資料／ML、平台、內容 Owner"
  },
  {
   "slug": "model-routing-fallback",
   "category": "model",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "level": "critical",
   "name": "模型路由或降級策略改變",
   "trigger": "新增備援模型、成本路由、區域路由或自動降級。",
   "risks": "使用者可能在不知情下得到不同能力、政策、資料區域或格式。",
   "retest": "每條路由的代表集、降級觸發、格式相容、資料邊界、告知與回復。",
   "rollback": "可關閉新路由；故障時回到核准模型或安全停止。",
   "evidence": "路由規則、觸發日誌、模型身分、降級結果與資料流。",
   "owners": "平台、ML、資安、產品"
  },
  {
   "slug": "system-prompt",
   "category": "prompt",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "level": "significant",
   "name": "System prompt 或角色指令修改",
   "trigger": "任務、語氣、限制、優先序或背景指令改變。",
   "risks": "可能修好一類輸出卻破壞其他任務、拒答或安全邊界。",
   "retest": "代表集、衝突指令、等價問法、禁止內容、格式與重大錯誤。",
   "rollback": "保存不可變 prompt 版本與前一版；設定層可快速回切。",
   "evidence": "prompt diff、版本 ID、測試集、逐題結果與批准理由。",
   "owners": "產品、內容 Owner、ML／工程"
  },
  {
   "slug": "output-schema",
   "category": "prompt",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "level": "critical",
   "name": "輸出 schema 或欄位契約修改",
   "trigger": "JSON schema、欄位、類型、列舉值或必要條件改變。",
   "risks": "下游解析、分類、報表或寫入可能靜默錯置。",
   "retest": "契約測試、缺欄、多欄、舊客戶端、邊界值、解析失敗與回復。",
   "rollback": "保留相容版本或轉換層；不可相容時使用版本化端點。",
   "evidence": "schema diff、consumer 清冊、golden cases、解析錯誤與回切。",
   "owners": "工程、資料、下游系統 Owner"
  },
  {
   "slug": "safety-policy",
   "category": "prompt",
   "systems": [
    "generation",
    "rag",
    "classification",
    "agent"
   ],
   "level": "critical",
   "name": "安全政策或內容限制修改",
   "trigger": "允許／禁止類別、拒答、升級或人工覆核規則改變。",
   "risks": "可能過度阻擋正常工作，或放行原本應停止的高風險內容。",
   "retest": "允許／拒絕邊界、誤阻擋、漏阻擋、轉人工、提示注入與重大案例。",
   "rollback": "保留前一政策版本；重大漏阻擋時立即限縮用途或停止。",
   "evidence": "政策 diff、案例標註、混淆矩陣、人工裁決與例外核准。",
   "owners": "政策 Owner、資安、法務／合規、產品"
  },
  {
   "slug": "tool-description",
   "category": "prompt",
   "systems": [
    "agent"
   ],
   "level": "critical",
   "name": "Agent 工具描述或呼叫提示修改",
   "trigger": "工具名稱、描述、參數說明、選擇規則或範例改變。",
   "risks": "Agent 可能選錯工具、填錯參數或繞過批准流程。",
   "retest": "工具選擇、參數契約、未批准動作、重複副作用、停止與回復。",
   "rollback": "版本化工具描述；可停用新工具並回復上一組工具清單。",
   "evidence": "描述 diff、工具軌跡、參數、外部狀態與批准紀錄。",
   "owners": "Agent 工程、工具 Owner、資安"
  },
  {
   "slug": "knowledge-document",
   "category": "retrieval",
   "systems": [
    "rag",
    "agent"
   ],
   "level": "significant",
   "name": "知識文件新增、更新或下架",
   "trigger": "核准文件、版本、生效日或文件 owner 改變。",
   "risks": "新舊規則衝突、已刪內容殘留、答案無法追溯或權限錯置。",
   "retest": "已知答案、舊版失效、無答案、引用支持、文件刪除與權限。",
   "rollback": "版本化文件清單與索引；可回到上一份核准 manifest。",
   "evidence": "文件 hash、版本／生效日、owner、索引批次與引用差異。",
   "owners": "內容 Owner、資料／ML、法務／合規"
  },
  {
   "slug": "chunking-index",
   "category": "retrieval",
   "systems": [
    "rag",
    "agent"
   ],
   "level": "critical",
   "name": "切塊、索引或前處理改變",
   "trigger": "chunk 大小、重疊、OCR、表格解析、正規化或索引器改變。",
   "risks": "答案內容沒變，檢索命中、段落完整與引用位置仍可能大幅漂移。",
   "retest": "前 k 命中、排序、跨頁表格、長文件、引用定位、無答案與舊版比較。",
   "rollback": "新舊索引並存；先影子測試，切換失敗可回舊索引。",
   "evidence": "pipeline 版本、索引 manifest、文件數、失敗清單與逐題差異。",
   "owners": "資料／ML、平台、內容 Owner"
  },
  {
   "slug": "retrieval-ranking-filter",
   "category": "retrieval",
   "systems": [
    "rag",
    "agent"
   ],
   "level": "critical",
   "name": "檢索排序、filter 或 top-k 修改",
   "trigger": "hybrid search、reranker、metadata filter、top-k 或 threshold 改變。",
   "risks": "可能漏掉必要文件、跨權限取回資料或提高延遲成本。",
   "retest": "分群召回、權限邊界、新舊版本、無答案、尾端延遲與引用。",
   "rollback": "設定版本化並保留前一排序器與門檻；權限失敗立即回切。",
   "evidence": "查詢、候選清單、分數、filter、前 k、延遲與權限結果。",
   "owners": "資料／ML、資安、平台"
  },
  {
   "slug": "citation-postprocess",
   "category": "retrieval",
   "systems": [
    "rag",
    "generation",
    "agent"
   ],
   "level": "significant",
   "name": "引用或回答後處理修改",
   "trigger": "引用格式、去重、摘要、段落合併或答案模板改變。",
   "risks": "引用看似存在但無法支持主張，或關鍵限制被後處理刪除。",
   "retest": "主張—來源對照、部分證據、無答案、格式、長答案與人工抽查。",
   "rollback": "保留原始檢索與未後處理答案；後處理可獨立停用。",
   "evidence": "原始／處理後輸出、引用段落、程式版本與差異。",
   "owners": "工程、內容 Owner、品質"
  },
  {
   "slug": "input-distribution",
   "category": "data",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "level": "significant",
   "name": "輸入族群或工作分布改變",
   "trigger": "新部門、語言、文件格式、通路、地區或大量新使用者進入。",
   "risks": "原測試集不再代表實際工作，整體平均可能掩蓋新族群退步。",
   "retest": "依新分布補案例，分群成功率、重大錯誤、工作負荷與人工理解。",
   "rollback": "限縮新族群或分階段開放；保留原適用範圍設定。",
   "evidence": "流量分布、分群指標、新案例來源、限制與開放紀錄。",
   "owners": "產品、資料分析、業務 Owner"
  },
  {
   "slug": "label-taxonomy",
   "category": "data",
   "systems": [
    "extraction",
    "classification",
    "agent"
   ],
   "level": "critical",
   "name": "標籤、分類或業務規則改版",
   "trigger": "類別名稱、定義、優先序、門檻或規則生效日改變。",
   "risks": "舊標籤與新版不可比，邊界案件可能被錯誤路由或影響權益。",
   "retest": "邊界值、舊新映射、混淆矩陣、轉人工、申訴與下游相容。",
   "rollback": "保留映射表與舊規則；提供雙寫／雙讀或版本化結果。",
   "evidence": "規則 diff、生效日、標註指南、映射、golden cases 與批准。",
   "owners": "業務 Owner、資料、法務／合規"
  },
  {
   "slug": "access-permission",
   "category": "data",
   "systems": [
    "rag",
    "agent"
   ],
   "level": "critical",
   "name": "資料權限或租戶邊界調整",
   "trigger": "角色、群組、ACL、租戶、資料區域或繼承規則改變。",
   "risks": "可能在檢索、快取、引用、日誌或錯誤訊息洩漏受限資料。",
   "retest": "跨角色、跨租戶、撤權後存取、快取、日誌、引用與工具參數。",
   "rollback": "立即撤回新權限設定；必要時停用檢索並清理受影響快取。",
   "evidence": "權限矩陣、身分、查詢結果、快取／日誌檢查與撤回時間。",
   "owners": "資料 Owner、IAM、資安、平台"
  },
  {
   "slug": "retention-logging",
   "category": "data",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "level": "critical",
   "name": "保存、日誌或供應商資料使用設定改變",
   "trigger": "保存期間、訓練使用、追蹤欄位、遮罩或資料區域改變。",
   "risks": "可能過度收集、無法稽核、敏感資料進日誌或違反既定用途。",
   "retest": "敏感資料遮罩、必要追蹤、刪除／保存、供應商設定與存取權限。",
   "rollback": "回復核准設定；停止新增資料，依程序處理已受影響紀錄。",
   "evidence": "設定快照、資料流、欄位清單、保存測試、刪除證據與批准。",
   "owners": "隱私、資安、平台、法務／合規"
  },
  {
   "slug": "tool-api-contract",
   "category": "tools",
   "systems": [
    "agent"
   ],
   "level": "critical",
   "name": "工具 API 或參數契約改版",
   "trigger": "endpoint、欄位、錯誤碼、回傳型別或語意改變。",
   "risks": "Agent 可能把失敗當成功、錯填欄位或對錯誤對象執行。",
   "retest": "契約、錯誤碼、空值、舊新版本、dry-run、外部狀態與回復。",
   "rollback": "版本化 API 或 adapter；保留舊端點直到新流程驗收。",
   "evidence": "OpenAPI／schema diff、請求回應、工具軌跡與副作用。",
   "owners": "工具 Owner、Agent 工程、品質"
  },
  {
   "slug": "tool-auth-scope",
   "category": "tools",
   "systems": [
    "agent"
   ],
   "level": "critical",
   "name": "工具認證或授權 scope 改變",
   "trigger": "憑證、服務帳號、OAuth scope 或代理身分改變。",
   "risks": "權限過大可能擴張影響面；權限不足則造成靜默失敗或繞路。",
   "retest": "最小權限、禁止動作、跨角色、失效憑證、輪替與稽核。",
   "rollback": "撤銷新 scope 或憑證；回到核准服務帳號並查核已執行動作。",
   "evidence": "scope diff、身分、工具呼叫、授權決策、外部狀態與撤銷。",
   "owners": "IAM、資安、工具 Owner"
  },
  {
   "slug": "side-effect-idempotency",
   "category": "tools",
   "systems": [
    "agent"
   ],
   "level": "critical",
   "name": "寫入、副作用或冪等機制改變",
   "trigger": "寄送、刪除、付款、寫入、重試或 idempotency key 邏輯改變。",
   "risks": "可能重複執行、部分成功、回應遺失後再次寫入或無法回復。",
   "retest": "重送、逾時、回應遺失、部分成功、重複 key、取消與補償。",
   "rollback": "先停寫或切 dry-run；保留人工補償與逐筆回復程序。",
   "evidence": "idempotency key、工具軌跡、前後狀態、重試與補償結果。",
   "owners": "工具 Owner、平台、財務／營運、資安"
  },
  {
   "slug": "human-approval-workflow",
   "category": "tools",
   "systems": [
    "agent",
    "classification"
   ],
   "level": "critical",
   "name": "人工批准或覆核流程調整",
   "trigger": "批准角色、門檻、介面、逾時、代理或 escalation 規則改變。",
   "risks": "系統可能把沉默當批准、跳過適任人員或讓覆核只剩形式。",
   "retest": "無批准、拒絕、逾時、代理、撤回、人工置入錯誤與申訴。",
   "rollback": "回復原批准流程；高影響工作在流程異常時 fail closed。",
   "evidence": "批准事件、角色、時間線、逐次工具狀態與人工裁決。",
   "owners": "業務 Owner、產品、資安、法務／合規"
  },
  {
   "slug": "runtime-dependency",
   "category": "platform",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "level": "significant",
   "name": "Runtime、SDK 或依賴套件更新",
   "trigger": "語言 runtime、AI SDK、解析器、資料庫驅動或容器映像改變。",
   "risks": "序列化、重試、timeout、連線、字元處理或安全性可能改變。",
   "retest": "契約、錯誤路徑、長輸入、Unicode、重試、效能與安全掃描。",
   "rollback": "鎖定版本與可重現 artifact；保留前一映像與依賴鎖檔。",
   "evidence": "lockfile、SBOM／依賴清單、artifact hash、測試與回切。",
   "owners": "平台、工程、資安"
  },
  {
   "slug": "rate-limit-timeout",
   "category": "platform",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "level": "significant",
   "name": "Rate limit、timeout 或重試策略調整",
   "trigger": "併發、配額、退避、timeout、重試次數或 queue 改變。",
   "risks": "可能增加尾端延遲、成本、重複副作用或在尖峰大量失敗。",
   "retest": "負載、P95／P99、限流、逾時、降級、重試與重複副作用。",
   "rollback": "回復前一組營運參數；超載時安全降級或停止外部動作。",
   "evidence": "參數、負載模型、時間線、成功率、成本與副作用。",
   "owners": "SRE／平台、工具 Owner、產品"
  },
  {
   "slug": "monitoring-alert",
   "category": "platform",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "level": "significant",
   "name": "監控、追蹤或告警規則修改",
   "trigger": "指標、分母、門檻、取樣、告警路由或 trace 欄位改變。",
   "risks": "真正退步可能漏報，或大量誤報使團隊忽略事故。",
   "retest": "合成事故、漏報／誤報、trace 完整、告警送達、分群與 runbook。",
   "rollback": "保留舊規則與雙跑期；新規則失效時回舊告警。",
   "evidence": "規則 diff、測試事件、告警時間線、接收者與處理結果。",
   "owners": "SRE／平台、品質、風險 Owner"
  },
  {
   "slug": "incident-hotfix-rollback",
   "category": "platform",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "level": "critical",
   "name": "事故修補、緊急設定或回復機制改變",
   "trigger": "為事故快速修改模型、提示、工具、資料或功能旗標。",
   "risks": "急修可能缺少完整測試，回復也可能回到含已知漏洞的舊狀態。",
   "retest": "原事故重現、修補案例、重大回歸、權限、外部狀態、監控與回復演練。",
   "rollback": "先限縮影響面；定義可接受的安全版本、資料相容與回復後補測。",
   "evidence": "事故時間線、變更 diff、批准、測試、監控、回復與事後改善。",
   "owners": "事件指揮、工程、資安、業務 Owner"
  }
 ]
}