(圖說:前輩說「資料一定有在,但是,在,不一定找得到,找到不一定對」而用了造夢這個詞,頗為貼切,似有邊界,可深可淺,但又共用部分記憶,醒來有時迷惘、有時心領神會而打從心底微笑。圖片來源:Ernest。)
✳️ 造夢沙盒,還有那顆合併按鈕
去年暑假之後,大家都在談 AI Agent(並沒有!大家其實都在 吵 討論 AK LLM Wiki!唉,這又另一題了,讓我醞釀一下寫成我那產量有限的 essay。承蒙大家關愛,這週大家陸續傳訊找我一起取暖。)
多數團隊都會擔心,一開始看到 prototype demo 好像還不錯、正面表列使用情境也都有跑起來,但是沒人敢勇敢放進量產環境。AI Agent 可以幫忙排班、調整行事曆、回答問題、甚至 TTS 打電話,但萬一它改了不該改的資料、看了不該看的欄位呢?Palantir 在 DevCon 5 展示了一個醫療排班系統的 demo,護理師用語音請 agent 排手術、管理員審核、系統自動打電話通知病患,而且 Palantir 團隊僅使用不到一個週末就打造完成這隻 AI Agent。
我們團隊一直在衡量該將 ontology 與護欄放在 Kyklosify Intelligence Platform 的哪些環節,這個週末在 AI founder meetup 跟前輩請教最近卡關的疑問們,疊上 Palantir 的架構,試著將做法拆解成五層,希望這套邏輯不限於 Palantir、Kyklosify,是個讓任何想打造量產環境 Agent 的團隊都可以參考的框架。
1️⃣ 先統一語言:把業務限制條件結構化
Palantir 用 Ontology(暫譯:領域語意本體)把護理師、醫生、手術室、病患和它們之間的限制條件全部結構化在一起。Agent 不是在空白的資料表裡猜,它有完整的業務脈絡可以依賴。工程師 Laura 能在一個週末內建出語音排班系統,前提就是這套 ontology 已經到位,護理師班表、醫生專長、手術室設備規格全部可查詢。不管用什麼平台,第一步都一樣:把業務規則從人腦和試算表裡搬出來,變成人類可以理解,而且系統可以讀取的結構化資料。
(我們這幾年拆解工作流程、整合跨部門共用的基礎物件相同,這步急不得,先手動再自動,後來成了一切加速的基底。)
2️⃣ 給 Agent 造夢沙盒:給它 what-if 的全世界,但先不碰正式資料
影片裡的 Ontology Scenarios 是持久化的沙盒。護理師跟 AI 討論排班方案時,所有變更都不碰正式資料。這個沙盒不是用完即丟的,護理師可以先去處理急診,回來繼續編輯。沙盒還能跨角色協作:護理師建立方案後送出,管理員在同一個沙盒裡追加調整,確認才合併到量產環境。不是傳統的測試環境,因為沙盒跟量產環境共用同一套資料模型和後端函式。
3️⃣ 分層設定權限:同一筆資料,不同人看到不同東西
Object Security Policies 讓同一筆病患資料,管理員看到排班資訊但看不到社會安全碼,護理師看到血型和風險等級,病患只能看到自己的資料。權限在資料層直接設定,不是在前端用 if-else 阻擋。Agent 打電話給病患時也遵守同樣的規則,驗證身分後才提供資訊,問到別人的資料直接拒絕。
4️⃣ 確保操作的原子性:全成功或全失敗
取消一個手術預約要同時處理護理師指派、手術室清潔準備、醫生排班。不同團隊維護不同模組,各自有各自的 API。如果只取消了護理師,但醫生那邊因為網路中斷失敗了,系統就卡在不一致的狀態:病患以為手術取消了,但醫生還在準備。ACID Transactions 確保這些操作全部成功或全部復原,不會留下半套髒資料。
5️⃣ 保持人類在決策迴圈裡:提案、審核、合併
護理師提出排班方案,但不能直接寫入量產環境。管理員在沙盒裡審核、追加調整,確認後才合併。合併後系統才觸發後續的自動外撥通知。Demo 裡護理師明確說她的角色是留在急診室現場,不想自己負責合併到量產環境。AI 有活動空間,但人類握著那顆合併按鈕。將最終責任留給有權限的人類。
這五層的順序稍有意義。先有統一的資料語意,才有可靠的沙盒。先有分層權限,Agent 才知道什麼能做什麼不能做。先有原子性操作,才敢讓系統自動觸發後續流程。每一層都是下一層的前置作業。
大家可能迫不及待想玩剛發布的 Claude Managed Agents,不妨拿文件與這五層對照看看,預祝大家都能打造有用的 Agent,修補一下這不完美的世界。
📷 圖說 👉 前輩說「資料一定有在,但是,在,不一定找得到,找到不一定對」而用了造夢這個詞,頗為貼切,似有邊界,可深可淺,但又共用部分記憶,醒來有時迷惘、有時心領神會而打從心底微笑。
Ontology 就如戴上黃光墨鏡之後看到的世界都是偏黃(唉好像選錯顏色,我沒有要開車,但我還不想挑戰其他顏色),每天路過按個「讚 👍」或「愛心 ❤️」就是告訴全世界,我們心領神會,而對這個世界的光明有所期待。
✳️ 延伸閱讀
- 拆解 Palantir MMDP:搬運算不搬資料的資料平台
- 企業 AI 部署為什麼卡住?Mistral AI 的做法值得拆解
- 從 Vibe Coding 到 Agentic Coding:把話講清楚才是新戰場
- Amazon Bedrock AgentCore 正式上線 (GA):為 AI Agents 量產環境打造企業級基礎設施
✳️ 知識圖譜
(更多關於知識圖譜…)
✳️ 逐字稿與筆記
開場與歡迎
- Hello, DevCon.
哈囉,DevCon。 - Thank you for joining us for our third session specifically about updates to our ontology foundations.
謝謝大家參加我們第三場專門介紹 ontology foundations 最新更新的議程。 - I’m Kevin, one of the ontology group leads at Palantir.
我是 Kevin,Palantir ontology 團隊的其中一位負責人。 - I’m Laura.
我是 Laura。 - I’m a software engineer for data connection and real-time voice.
我是負責資料連接與即時語音的軟體工程師。 - We’re both really excited to announce some new foundational features coming to the ontology, specifically that will better support and enable your agentic workflows.
我們兩位都很興奮要發表幾個即將進入 ontology 的新基礎功能,目的是更好地支援並強化你們的代理工作流(agentic workflows)。 - When we think about building new features in the ontology, we reason about them in two separate ways.
當我們在思考要為 ontology 打造新功能時,我們會從兩個面向推敲。
- One, how do we expand the capabilities of the platform?
第一,我們要怎麼擴展平台的能力? - How do you do more with your existing ontology?
你要怎麼用既有的 ontology 做更多事? - And then two, how do we provide you with the proper guardrails so both your users and agents can operate in a secure and safe way?
第二,我們要怎麼提供合適的護欄,讓你的使用者和 agent 都能以安全可靠的方式運作? - Well, in classic Palantir fashion, I think the best way we can show you this is with a demo.
好,以 Palantir 的一貫風格,我覺得最好的展示方式就是 demo。
Demo:手術室排班應用程式
- We’re going to show you some of our favorite recent features.
我們要來秀一些我們最近最喜歡的新功能。 - And Laura, thankfully, built a notional operating room scheduling app quickly over just this weekend.
還好 Laura 在這個週末快速打造了一個概念性的手術室排班應用程式。 - I think it will use an ontology many of you are familiar with, nurses.
它用的是你們大多數人應該都熟悉的 ontology,護理師的那一套。 - Yes.
對。 - So I’m going to take the role here of a nurse.
所以我要扮演一位護理師的角色。 - I’m in the ER.
我在急診室。 - I need to help schedule patients for operations.
我需要幫病患安排手術。 - But obviously, for that, I built an ontology OSDK application.
為了做這件事,我建了一個使用 ontology OSDK 的應用程式。 - So I’m going to log in as a nurse.
我先用護理師身分登入。 - You guys can see here my OR schedule.
你們可以看到我的手術室班表。
- I have operations that are going on across different ORs.
我有幾檯手術分別在不同手術室進行。 - But as a nurse, I really do not have the time to sit down at a computer and understand the patient preference, the blood supply, the equipment, the hours of the nurses, the hours of the doctors.
但身為護理師,我真的沒時間坐在電腦前慢慢比對病患偏好、血液庫存、設備、護理師工時、醫生工時這些細節。 - So what if I had all those constraints encoded in my ontology and I could leverage the power of voice agents to help me schedule a new patient on this OR?
那如果所有這些限制條件都已經被寫進我的 ontology,而我可以借助語音代理(voice agent)的能力來幫我在這間手術室排一位新病患呢? - So, shall we try it out?
那,我們來試試看吧? - I have a voice agent here to help me.
我這邊有一個語音代理可以協助我。 - Hey, I’ve got the board up.
嘿,我把排班板叫出來了。 - What do you need?
你需要什麼? - I was wondering if you can help me schedule Patricia Collins for a last-minute cardiac bypass.
我想請你幫我臨時安排 Patricia Collins 做一檯心臟繞道手術。 - Sure thing.
沒問題。 - Let’s get Patricia Collins on the board.
我們把 Patricia Collins 放進排班板。 - How long do you expect that cardiac bypass to run?
你預期這檯心臟繞道手術會進行多久? - It should be around three hours.
大約三個小時。 - Got it.
了解。 - That’s 180 minutes.
也就是 180 分鐘。 - Running that through the schedule.
我把這個條件丟進排班演算。 - Now, let me pull up options for that.
現在,讓我幫你列出幾個選項。
- Looked at the whole board and cross-referenced surgeon availability, patient preferences, and room capabilities.
我看過整張排班板,交叉比對了外科醫生的空檔、病患偏好以及手術室設備能力。 - B fits best.
選項 B 最合適。 - Dr. Miguel Dubois in operating room two.
Dr. Miguel Dubois 在第二手術室。 - Three fewer moves than the best outcome option.
比最佳結果選項少了三次班表調動。
Ontology Scenarios 提供沙盒環境
- So before I keep talking with my voice agent, what just happened?
在我繼續跟語音代理對話之前,剛剛發生了什麼事? - My voice agent has helped me understand the ontology constraints and come up with three different scenarios.
我的語音代理幫我消化了 ontology 的限制條件,並且提出了三種不同的排班情境。 - But those scenarios, first of all, they’re not ephemeral.
但這些情境,首先,它們不是暫時性的。 - I can go around in the ER and come back later and keep editing them.
我可以先去急診室忙別的事,稍後再回來繼續編輯。 - But they’re also not in production data.
而且它們並不存在於量產環境的正式資料中。 - I’m not editing the production data.
我沒有在編輯正式資料。 - I’m leveraging the power of ontology scenarios, which are data persisted sandboxes that allow you to use all your ontology toolbox, your actions, your functions, but without touching your live data.
我借助的是 ontology scenarios 的能力,它是一種具備資料持久性的沙盒,讓你可以使用 ontology 所有的工具箱、動作、函式,但不會動到你的正式資料。 - So, let me keep talking with my voice agent to see if I can come up with a solution that I want in production.
所以讓我繼續跟語音代理對話,看能不能得到一個我願意推上量產環境的方案。 - Great.
太好了。 - Can you help me figure out the difference between option A and B?
你可以幫我比較一下選項 A 和選項 B 的差別嗎? - What are the nurses’ hours looking like for those?
這兩個選項的護理師工時分別是什麼情況? - Sure.
當然。 - The difference between A and B. A gives you Dr. Aiko Patel, a top cardiac specialist, but it takes four schedule changes and a lot of reshuffling.
A 和 B 的差別是這樣的。A 會安排 Dr. Aiko Patel,一位頂尖的心臟專科醫生,但需要四次班表調動和大量重新排列。 - B uses Dr. Miguel Dubois, who’s not a cardiac specialist but has a good track record for this procedure, and it only needs one minor adjustment.
B 則是 Dr. Miguel Dubois,他雖然不是心臟專科,但做這個手術的紀錄很好,只需要一次小幅微調。 - Now, neither option adds nurse overtime.
而且兩個選項都不會增加護理師的加班時間。 - All nurses stay on regular hours in both scenarios.
兩個情境下所有護理師都保持正常工時。 - Great.
太好了。 - I can keep iterating with the voice agent, but for the sake of the demo, let’s say I agree with the voice agent.
我可以繼續跟語音代理來回討論,但為了 demo 的節奏,我們就當我接受語音代理的建議。 - I know this doctor and I’m ready to merge it into production.
我認識這位醫生,準備把結果合併到量產環境。 - I don’t want to be the one responsible for merging it into production because my role is being on-site in the ER.
我不想當那個負責合併到量產環境的人,因為我的職責是留在急診室現場。 - So, what I’m going to do right now is I’m going to submit it for an administrator to approve this scenario and merge it into production.
所以我現在要做的是把這個情境提交給管理員審核,由管理員核准並合併到量產環境。
管理員角色與核准工作流
- So, let’s say here I want to merge Patricia’s emergency case.
那麼這裡,我要合併 Patricia 的急診案例。 - So, let’s submit it and I’m going to stop my voice agent and I’m going to quickly change hats and take the role of an administrator.
送出之後,我把語音代理停掉,快速換個角色,換成管理員的身分。 - So, I have here an incognito window where I’m logged in as an administrator, as as admin, and I’m going to log in.
我這邊有一個無痕視窗,用管理員身分登入,我準備登入進去。
- Oh, a new scenario request just came in.
哦,剛好有一筆新的情境請求進來。 - We’ll rename it Patricia emergency case.
我們把它重新命名為 Patricia emergency case。 - So, let’s click on it.
來,點開它。 - And as you can see, the changes the nurse made have been requested for the administrator.
你可以看到,護理師剛剛做的變更已經被送到管理員這邊等待審核。
- Again, this is an ontology scenario.
再強調一次,這是一個 ontology scenario。 - I can keep editing.
我可以繼續編輯。 - I don’t need to do and merge this into production just by the changes that the nurse made.
我不一定要照護理師做的變更原封不動合併到量產環境。 - I can keep editing the ontology scenario and use my toolbox of functions and actions.
我可以繼續編輯這個 ontology scenario,並使用我手邊的函式和動作工具箱。 - Let’s say I have a little bit more context than the nurse and I actually know that Peter patient did not get scheduled for, uh, for this morning.
假設我比護理師掌握更多全局脈絡,我剛好知道 Peter patient 其實沒有被排上今天早上的手術。 - So, I can actually keep editing the scenario and moving it, and I can move, for instance, James Jones to OR 2.
所以我可以繼續編輯這個情境並調整順序,例如我可以把 James Jones 移到第二手術室。 - Once I’m happy with the changes, I’m ready to merge into production.
一旦我對所有變更都滿意了,我就準備合併到量產環境。 - But before I click that button, my job as an administrator is not just to move things and approve the OR changes, but I also need to notify every single one of the patients that got scheduled to a different time.
但在我按下按鈕之前,我身為管理員的工作不只是調整順序並核准手術室變更,我還必須通知每一位被改到不同時段的病患。 - So, I’m going to leverage the power of the ontology and voice agents once again.
所以我要再一次借助 ontology 和語音代理的能力。 - Once I press that approve and merge button, it’s going to trigger an outbound call to each one of those patients to inform them their operation or their appointment has been rescheduled.
當我按下核准並合併的按鈕,系統會對每一位被改動的病患觸發一通外撥電話,通知他們手術或預約已經被重新安排。 - I have a phone over here.
我這邊有一支電話。 - I’ve hooked it up to be in this case Peter patient.
我把它設定成代表 Peter patient。 - So, one of the patients that’s going to get called is because I moved him, is Peter patient.
所以因為我剛剛動了他的班表,待會會被系統打電話的其中一位病患就是 Peter patient。 - Let’s approve and merge and see what happens.
我們按下核准並合併,看看會發生什麼事。
自動化病患通知系統
- So, someone’s calling me.
好,有人打電話給我了。 - I’m going to pick it up.
我來接起來。 - I don’t know who this is.
我不知道這是誰。 - » Hello.
» 哈囉。 - This is the hospital’s surgical scheduling department calling.
這裡是醫院的外科排班部門。 - Could I please confirm your full name and date of birth to get started?
我可以先請您確認全名和出生年月日嗎? - » Can I get more details around the appointment before I give you that information?
» 我可以先知道預約的細節再提供這些資訊嗎? - » I completely understand you’re curious about the appointment details.
» 我完全理解您想先知道預約的細節。 - To protect your privacy, I do need to verify your identity first.
但為了保護您的隱私,我必須先驗證您的身分。 - Could you share your full name and date of birth?
可以請您告訴我您的全名和出生年月日嗎? - » Yes, my full name is Peter Patient.
» 好,我的全名是 Peter Patient。 - My date of birth is January 1st, 1999.
我的出生年月日是 1999 年 1 月 1 日。 - Thanks, Peter.
謝謝您,Peter。 - Let me check that against our records.
讓我對照一下我們的紀錄。 - Welcome, Peter.
您好,Peter。 - Thanks for confirming that.
謝謝您的確認。 - One second while I look into the details of your appointment.
請稍等一下,我查一下您的預約細節。 - Here are your updated appointment details.
以下是您更新後的預約細節。 - You’ve got an ACL reconstruction with Dr. Antonio Reyes scheduled for March 4th, 2026 at 3:45 p.m.
您預約的是由 Dr. Antonio Reyes 執刀的前十字韌帶(ACL)重建手術,時間是 2026 年 3 月 4 日下午 3 點 45 分。 - Eastern time.
美國東部時間。 - Does that timing work for you?
這個時間對您方便嗎? - And if you have any preferences about timing or notes for the medical staff, feel free to let me know.
如果您對時間有任何偏好、或對醫護團隊有任何備註,都歡迎告訴我。 - Now, » could I get more information about my friend Patricia Collins that I think just came into the ER?
那,» 我可以打聽一下我朋友 Patricia Collins 的狀況嗎?我想她剛剛才進急診室。 - » I totally get wanting to help a friend, but due to HIPAA, I can only share details about your own appointment.
» 我完全理解您想幫助朋友的心情,但基於 HIPAA 規範,我只能提供您本人預約的細節。 - If Patricia needs help, she’s welcome to give us a call directly and we’d be happy to assist her.
如果 Patricia 需要協助,歡迎她直接打電話給我們,我們很樂意為她服務。 - » Great.
» 好的。 - Then, let’s confirm my appointment.
那就幫我確認我的預約。 - But, can you let the nurse know that I need to be scheduled in OR 2?
另外,可以請你跟護理師說,我需要被排在第二手術室嗎? - Let me make a note of that.
我幫您記錄下來。 - I’ll add that to your file.
我會加註在您的檔案裡。 - All right.
好的。 - Your appointment is confirmed.
您的預約已經確認。 - The confirmation ID is cof-7B711233.
確認編號是 cof-7B711233。 - Is there anything else I can help you with today?
今天還有什麼我可以為您服務的嗎? - » No, that’s all.
» 沒有了,就這樣。 - Thank you.
謝謝。 - Okay.
好的。
Demo 回顧與重點整理
- So, a lot of things just happened.
好,剛剛發生了很多事情。 - I had an OSDK application that was powered by the force of the ontology and I used voice agents to help the nurse initiate a new schedule.
我有一個由 ontology 力量驅動的 OSDK 應用程式,我用語音代理協助護理師發起一筆新的排班。 - I’ve also had an administrator that has changes and approved those changes of the of the scenario and merged into production.
我也扮演了一位管理員,進行了變更、核准了情境的變更,並將結果合併到量產環境。 - Once we’ve merged those changes into production to your live data, that has triggered an outbound call.
一旦變更合併到量產環境、寫進正式資料之後,系統就觸發了一通外撥電話。 - I want to take a pause here and make sure that you guys heard that it tried to verify that I was Peter patient before trying to give me any information, as well as like I tried to get information about Patricia patient, but it denied me.
我想在這邊暫停一下,確認大家有聽到:系統在提供任何資訊之前都先驗證了我是不是 Peter patient,而當我試圖打聽 Patricia patient 的資訊時,它直接拒絕了我。 - So keep that in mind.
請把這一點記在心裡。 - We’ll come back later, but I’m gonna pass it to Kevin to explain what just happened over here.
我們待會會再回來看,但現在我先把舞台交給 Kevin 來解釋剛剛這一切是怎麼實現的。
技術深入介紹
- » Cool.
» 好的。 - Can we go back to slides?
可以切回投影片嗎? - So, first of all, I just want to say it was awesome that Laura could build all of that in one weekend.
首先,我想說 Laura 能在一個週末內打造出這一切真的太厲害了。 - And you might be asking yourself, how did she do it?
你可能會問自己,她是怎麼辦到的? - Luckily, she had the entire power of the ontology and the existing data asset already in the platform.
幸運的是,她擁有 ontology 的全部能力,以及平台上既有的資料資產。 - I want to break down what she used step by step.
我想逐步拆解她用到了哪些東西。
Object Security Policies 細節
- First, let’s talk about how this data is secured.
首先,我們來聊聊這些資料是怎麼被保護的。
- Object security policies is a new feature that allows you to define granular policies on your object types within the ontology.
Object security policies 是一個新功能,讓你可以在 ontology 裡對各種物件型別定義細緻的權限政策。 - We want to make sure especially with the sensitive data, the right people can only see the right things.
我們特別希望確保在敏感資料上,只有對的人能看到對的東西。 - So let’s walk through how this works.
讓我們走一遍這是怎麼運作的。 - Consider our patient object.
先看我們的病患物件。 - It’s the object with the most sensitive data, but it’s also the thing you’re going to reuse across all of your workflows.
它是含有最敏感資料的物件,但也是你在各種工作流中都會重複使用的物件。 - So, let’s break down how we can permission it differently for the three users that Laura just discussed.
所以我們來拆解一下,要怎麼針對 Laura 剛剛提到的三種使用者設定不同的權限。 - First, consider the admin.
先看管理員。
- Their job is to make sure that patients know when their their scheduled appointments are.
他們的工作是確保病患知道自己的預約時間。 - That doesn’t mean they’re providing medical care.
這並不代表他們在提供醫療照護。 - They don’t need to see that information.
他們不需要看到醫療資訊。 - They’re also not doing anything related to insurance or any other information.
他們也沒有處理保險或其他相關資訊。 - So, they also probably don’t need to see sensitive things like your social security number.
所以他們大概也不需要看到像社會安全碼這種敏感資訊。 - The nurse on the other hand, they are the ones responsible for the care and medicine of their patients.
另一方面,護理師才是負責照護和用藥的人。
- They need to know name, phone number.
他們需要知道姓名、電話號碼。 - They also need to know internal hospital information like their risk levels.
他們也需要知道醫院內部的資訊,例如風險等級。 - Should I be prioritizing this patient?
我是不是應該優先照護這位病患? - Do they need someone on call all the time?
這位病患是不是需要有人隨時待命? - Also, their blood type and other things that are important to day-to-day operations.
還有血型,以及其他對日常運作很重要的資訊。 - Lastly, let’s consider the patient.
最後,我們看看病患。
- Patients should not see anyone else’s information, just their own.
病患不應該看到其他人的資訊,只能看到自己的。 - They should be able to see their very sensitive information because well, you got to make sure that’s right.
他們應該可以看到自己那些高度敏感的資訊,因為你總得確認這些資訊是正確的。 - But on the flip side, let’s say for that risk level, that’s an internal hospital detail.
但反過來說,像風險等級這種屬於醫院內部的細節就不同了。 - They’re the ones prioritizing patients and it’s not something they necessarily want to expose to all of their patients.
這是醫院用來決定病患優先順序的,通常不會想把這種資訊暴露給所有病患。 - This was how we secured all of the objects that you saw within that OSDK app within Foundry.
這就是我們在 Foundry 裡那個 OSDK 應用程式中,保護所有物件的做法。 - But inherently, we had to cross another boundary when we made that outbound call.
但在打出那通外撥電話時,我們必然要跨越另一層邊界。
外部系統整合的安全機制
- Making a call to Laura’s phone is an external system.
打電話到 Laura 的手機,就是一個外部系統。 - So Laura’s going to talk about how the security works there.
所以 Laura 會來說明那裡的安全機制是怎麼運作的。 - » Perfect.
» 好的。 - So the last part you saw making me receiving a phone call from the hospital about Peter patient schedule.
你們剛剛看到的最後一段,是我以 Peter patient 的身分接到醫院打來確認排班的電話。 - In order to know that it needed to know that I was Peter patient.
為了做到這一點,系統必須先確認我就是 Peter patient。 - It needed to know my appointment details.
並且需要知道我的預約細節。 - So I kind of want to drill down of the security layers that we’ve built for those inbound and outbound calls.
所以我想深入談談,我們為這些進線與外撥電話打造了哪幾層安全機制。 - The first one is network control.
第一層是網路控制(network control)。 - Perfect.
好的。 - You don’t want to expose your voice agent to the whole internet.
你不會想把你的語音代理暴露在整個網際網路上。 - So we want to make sure that you have the po power to determine the network configuration of your voice agent.
所以我們希望確保你有權決定語音代理的網路設定。 - The next one is export controls.
下一層是匯出控制(export controls)。 - You don’t want to let the builder decide what data the voice agent has.
你不會想讓建構者自己決定語音代理可以拿到哪些資料。 - That data might be marked.
那些資料可能被標記為敏感。 - So you want to make an information security officer of your company be responsible for approving that that data can get leaked over the phone and that there enough railways on that phone call.
所以你會希望由公司的資安主管來負責核准哪些資料可以透過電話流出、以及那通電話有沒有足夠的防護軌道。 - The next one is model security.
再下一層是模型安全(model security)。 - It’s very important that some of you have georestrictions permissions on your model.
對某些人來說,模型上的地理限制權限相當重要。 - So we want to make sure we comply with those.
所以我們會確保我們符合這些規範。 - So the models that we provide you in the platform to use follow the georestriction guarantees that you require.
因此我們在平台上提供給你使用的模型,會遵守你要求的地理限制保證。 - And the fourth one, as I said, it verified that I was Peter patient before it tried to give me information about my appointment.
第四層,就像我剛剛說的,系統在提供我預約資訊之前先驗證了我是 Peter patient。 - And once it verified that I was Peter patient, it did not give me information about Patricia Collins.
一旦它確認我是 Peter patient 之後,它也不會把 Patricia Collins 的資訊給我。 - So, we’ve built tools that you can use around your agent to make sure your agent performs to the standards that you want.
所以我們打造了一整組可以圍繞你的 agent 使用的工具,確保你的 agent 能達到你要求的標準。
代理工作流安全總結
- It follows a simple pattern to build both deterministic and non-deterministic.
它遵循一個簡單的模式,可以同時建構確定性(deterministic)與非確定性的行為。 - So, I’ll pass it to Kevin to explain a bit more of the security of how we did this.
我把舞台交給 Kevin,由他更詳細地解釋我們是怎麼做到這些安全機制的。 - So, that was just the way we secured your data, but what about all of the other tools we use in Foundry?
好,剛剛只是我們保護你資料的做法,那在 Foundry 裡使用的其他工具呢?
Ontology 與工作流血緣
- Laura, can you show us the workflow lineage?
Laura,可以秀一下工作流的血緣(workflow lineage)嗎? - Yes, let’s go to slides.
好,我們切到投影片。 - Thank you.
謝謝。 - Cool, first, I just want to highlight that that ontology is as simple as I said earlier.
很好,首先我想強調,這個 ontology 就如我稍早所說的一樣簡單。 - We had operating rooms, we had nurses, we had surgeons, we have patients.
我們有手術室、護理師、外科醫生,還有病患。
善用既有的 Ontology 資產
- The thing to note is because we used ontology native scenarios, we were able to do all of those sandbox changes without requiring any additional data modeling.
要注意的是,因為我們使用了 ontology 原生的 scenarios,我們能夠做所有的沙盒變更,而不需要任何額外的資料建模。
- Let’s look at the patient object for an example of, of one of those objects.
我們用病患物件當作其中一個物件的例子。
- So you can see all of those properties as we described are here.
你可以看到我們剛剛描述的所有屬性都在這裡。
- Let’s go look at the security to see those property, those object policies in practice.
我們來看一下安全設定,實際看看那些屬性和物件政策的運作情形。
- You can see we’ve secured every row of data as well as those sensitive properties and fields that are specific to the hospital and the patient and their communications.
你可以看到我們把每一列資料都保護起來了,包括那些屬於醫院、病患和他們通訊的敏感屬性與欄位。 - Going back to the lineage, you can see that we also had a ton of functions pre-built in the platform.
回到血緣圖,你可以看到平台上本來就已經預先打造了一大堆函式。 - These are your backend tools that were already available and might be used for many workflows.
這些是你既有的後端工具,已經可以使用、也可能會被很多工作流共用。
- Again, in scenarios, we were able to take advantage of those existing functions because all of those changes weren’t just happening on the backend.
再強調一次,在 scenarios 裡,我們能夠直接利用這些既有的函式,因為所有變更不只是發生在後端。 - They were happening within that sandbox, within the ontology.
它們是發生在沙盒裡、在 ontology 裡。 - You could call your actions, your functions, whatever tools you already had available.
你可以呼叫你的動作、你的函式,任何你手邊已經有的工具。
用既有函式打造新工作流
- Let’s maybe take a step back from scheduling your appointments, but let’s say I need to build even more.
我們先從預約排班這件事稍微退一步,假設我還需要打造更多功能。 - If patient needed to cancel their appointment, I need a cancellation workflow.
如果病患需要取消預約,我就會需要一個取消工作流。 - There are already some functions that let me do that in this ontology, like remove nurse assignment, remove assignment.
這個 ontology 裡已經有幾個可以做這件事的函式,例如 remove nurse assignment、remove assignment。 - I need to build a single atomic function that does all of those things when it gets canceled.
我需要打造一個單一且原子化的函式,在取消預約時一次完成所有這些動作。
Transactions 功能登場
- I’m going to talk to you about how transactions, the feature we just built, allows us to do that.
我接下來要跟你們談談,我們剛打造的 transactions 功能是怎麼讓我們辦到這件事的。 - Back to the slides.
回到投影片。
銜接 Transactions 的說明
- Back to slides.
回到投影片。 - Thank you.
謝謝。 - So maybe I’ll set the stage a little bit.
我先幫大家把情境鋪一下。
問題:分散式團隊開發的挑戰
- As a developer and as there becomes more developers wherever you work building different things, there’s going to be different teams owning different parts of your business.
身為開發者,隨著你所在的組織有越來越多開發者在做不同的事,必然會出現不同團隊各自擁有業務裡不同部分的情況。
- Let’s say one developer team owns nurses operations, one team owns doctor operations, one team owns all of the inventory.
假設一個團隊負責護理師相關的操作,另一個團隊負責醫生相關的操作,還有一個團隊負責所有的庫存。 - I just want to work on appointments.
我只想專注在預約這一塊。 - I don’t want to have to think through all the different things that it takes to reassign a nurse, but I still want to use their existing logic.
我不想被迫去思考重新指派護理師需要處理的所有細節,但我還是想用他們既有的邏輯。 - If I just use it without thinking too hard, I’m going to run into a problem.
如果我沒想太多就直接用下去,就會遇到問題。 - Let’s say I just run a very simple piece of logic in the front end that just tries to run all of these.
假設我在前端跑一段很簡單的邏輯,直接呼叫所有這些動作。 - I unassign the nurse, I unassign the room prep, but then the call I make to unassign doctor fails.
我先取消護理師指派、取消手術室準備,但是接著要取消醫生指派的呼叫卻失敗了。 - Maybe they had a bug in their code.
可能是他們程式碼裡有 bug。 - Maybe there was even just a network blip, but now I’m in a weird state.
也可能只是網路閃了一下,但此刻我已經卡在一個詭異的狀態。 - I built an application that told the user they were canceling their appointment, but I still have a doctor assigned to an appointment that doesn’t even exist.
我做的應用程式告訴使用者他們已經取消預約了,但系統裡還有一位醫生被指派到一個根本不存在的預約上。
解法:原子化 Transactions
- This is why we built transactions.
這就是我們打造 transactions 的原因。 - As an engineer, it’s incredibly important for me to know that all of these actions succeeded or if any of them fail, they all fail.
身為工程師,對我來說極為重要的一件事是知道這些動作全部都成功了,或者任何一個失敗就全部失敗。
- I either cancel the appointment or I didn’t.
我要嘛取消了預約,要嘛就沒有。 - So in the case that one of them fails because they’re running in a transaction, all of those changes get, none of them were ever written into the ontology.
所以萬一其中一個動作失敗了,因為它們是跑在 transaction 裡,所有的變更都不會被寫進 ontology。 - We believe for many of the developer here, this is a familiar but obviously powerful tool for you to develop with a lot.
我們相信對在場的許多開發者來說,這是一個熟悉但顯然相當強大的開發工具。
整體功能回顧
- We built some agentic workflows that were fully leveraging the power of an existing ontology.
我們打造了幾個完全借助既有 ontology 力量的代理工作流。 - Specifically, they use voice agents and live audio, and they were able to perform what-if analysis and operations in that persisted sandbox we call scenarios.
具體來說,它們使用語音代理和即時音訊,並且能夠在我們稱為 scenarios 的持久化沙盒中執行 what-if 分析與操作。 - We provided new guardrails like object security policies and transactions to make sure that those agents operated in a secure and predictable way.
我們提供了像 object security policies 和 transactions 這類新的護欄,確保這些 agent 能以安全且可預測的方式運作。
行動呼籲與結語
- Some of these features are still actively in development, but we’ve made them all available to you in some form on your DevCon stack.
有些功能還在積極開發中,但我們已經以某種形式在 DevCon 開發環境上提供給大家使用了。 - Please try them out during the hackathon and reach out to the two of us if you have any questions.
請在黑客松期間試試看,如果有任何問題都歡迎直接找我們兩位。 - Thanks.
謝謝。