feat(web): add IwoooS owner decision checklist
This commit is contained in:
@@ -51,6 +51,7 @@ IwoooS 首版只讀取或對齊以下已提交 evidence:
|
||||
19. 7 個主機 evidence reviewer checklist items,顯示 reviewer 看完 handoff packets 後仍需確認的只讀檢查。
|
||||
20. 7 個主機 evidence reviewer outcome lanes,顯示 reviewer checklist 後的只讀結果分流。
|
||||
21. 7 個 host owner decision candidate packets,顯示 reviewer outcome 進到 owner decision 前仍需要的人工決策範圍。
|
||||
22. 7 個 host owner decision review checklist items,顯示 owner decision candidate packets 後仍需人工核對的安全邊界。
|
||||
|
||||
## 3.1 既有前端資安頁面整合
|
||||
|
||||
@@ -290,6 +291,24 @@ S2.23 將 ready for owner decision 後的下一步拆成七個只讀 candidate p
|
||||
|
||||
這個 candidate board 不代表 owner decision 已收到、已接受、已批准或已建立後續 runtime gate。它只讓 IwoooS 把「要請 owner 人工判讀什麼」先說清楚。
|
||||
|
||||
## 3.15 Host Owner Decision Review Checklist
|
||||
|
||||
S2.24 將 owner decision candidate packets 後的人工核對項拆成七個只讀 checklist items。這一層只回答「owner 決策前還要逐項確認什麼安全邊界」,不建立 decision record、不標記 approved、不開 runtime gate。
|
||||
|
||||
| 順序 | Review check | 來源 candidate packet | Guard condition |
|
||||
|------|--------------|----------------------|-----------------|
|
||||
| 1 | Scope boundary readable | scope approval candidate | scope review only;owner decision received=0 |
|
||||
| 2 | Scan mode not authorization | scan mode candidate | active scan / credentialed scan authorized=false |
|
||||
| 3 | Credential boundary metadata only | credential handling candidate | secret value collection=false |
|
||||
| 4 | Maintenance window not change | maintenance window candidate | host update authorized=false |
|
||||
| 5 | Rollback owner readable | rollback owner candidate | owner approval record created=false |
|
||||
| 6 | Validation metrics predefined | validation metrics candidate | runtime gate opened=false |
|
||||
| 7 | Runtime gate still separate | runtime gate candidate | action buttons=false;runtime gate separate |
|
||||
|
||||
每個 check 都固定 `display_mode=owner_decision_review_checklist_only`、`owner_decision_received_count=0`、`owner_decision_accepted_count=0`、`owner_approval_record_created=false`、`runtime_gate_opened=false`、`raw_payload_allowed=false`、`secret_value_collection_allowed=false`、`runtime_execution_authorized=false`、`action_buttons_allowed=false`、`not_authorization=true`。
|
||||
|
||||
這個 checklist 不代表 owner 已完成決策、已批准、已建立 approval record 或已開 runtime gate。它只讓 IwoooS 把 owner 決策前的人工核對順序說清楚。
|
||||
|
||||
## 4. 仍禁止
|
||||
|
||||
IwoooS 不得提供下列輸出:
|
||||
@@ -310,7 +329,8 @@ IwoooS 不得提供下列輸出:
|
||||
14. 把 reviewer checklist 當成 approval、由前端標記 reviewer check passed,或從 reviewer check 開 runtime gate。
|
||||
15. 把 reviewer outcome 當成 approval、標記 reviewer outcome passed,或從 reviewer outcome 開 runtime gate。
|
||||
16. 把 owner decision candidate 當成 approval、標記 host owner decision approved,或從 owner decision candidate 開 runtime gate。
|
||||
17. 把 58% progress、contract count、mirror readiness 或前端可見狀態當成授權。
|
||||
17. 把 owner decision review checklist 當成 approval、標記 owner decision review passed,或從 owner decision review checklist 開 runtime gate。
|
||||
18. 把 58% progress、contract count、mirror readiness 或前端可見狀態當成授權。
|
||||
|
||||
## 5. 驗證
|
||||
|
||||
|
||||
@@ -35,7 +35,7 @@
|
||||
| Owner response validation | S4.13 已建立;四包 owner response 目前 received/accepted 皆為 0;4 條 missing response lanes、4 步 collection order、next collection candidate、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks 與 7 條 parallel session recovery outcome lanes 可供 AwoooP 直接顯示;下一個建議收件為 S4.9 Gitea owner attestation;latest local validation 為 `SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`,reviewer audit emitted 仍為 0,不代表 owner response 已收到或任何執行授權 |
|
||||
| Low-friction rollout policy | S1.3 已補 7 條 non-blocking escalation lanes;LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 初期只能 observe / warn;`owner_review_required_before_blocking=true`、`runtime_blocking_allowed=false` |
|
||||
| IwoooS frontend posture | S2.8 已新增 `/iwooos` read-only Information Security 入口;顯示 Security Posture / Exposure、source-control supply chain、Kali 112 Mesh、approval boundary、non-blocking lanes 與 evidence refs;不新增執行按鈕 |
|
||||
| IwoooS posture projection | S2.9 已新增 `iwooos_posture_projection_v1`;S2.10 已把 10 個既有前端資安相關頁面納入 projection;S2.11 已補 4 個 coverage groups 與 5 個 conflict controls;S2.12 已補 6 個只讀 operator journey steps;S2.13 已補 7 個 owner evidence readiness items;S2.14 已補 3 個 host coverage items:Kali 112、開發主機 168、開發主機 111;S2.15 已補 6 個 host action gate items;S2.16 已補 7 個 host evidence readiness items;S2.17 已補 7 個 host evidence collection order steps;S2.18 已補 7 個 host evidence intake preflight checks;S2.19 已補 7 個 host evidence review outcome lanes;S2.20 已補 7 個 host evidence review handoff packets;S2.21 已補 7 個 host evidence reviewer checklist items;S2.22 已補 7 個 host evidence reviewer outcome lanes;S2.23 已補 7 個 host owner decision candidate packets;仍不新增 action button |
|
||||
| IwoooS posture projection | S2.9 已新增 `iwooos_posture_projection_v1`;S2.10 已把 10 個既有前端資安相關頁面納入 projection;S2.11 已補 4 個 coverage groups 與 5 個 conflict controls;S2.12 已補 6 個只讀 operator journey steps;S2.13 已補 7 個 owner evidence readiness items;S2.14 已補 3 個 host coverage items:Kali 112、開發主機 168、開發主機 111;S2.15 已補 6 個 host action gate items;S2.16 已補 7 個 host evidence readiness items;S2.17 已補 7 個 host evidence collection order steps;S2.18 已補 7 個 host evidence intake preflight checks;S2.19 已補 7 個 host evidence review outcome lanes;S2.20 已補 7 個 host evidence review handoff packets;S2.21 已補 7 個 host evidence reviewer checklist items;S2.22 已補 7 個 host evidence reviewer outcome lanes;S2.23 已補 7 個 host owner decision candidate packets;S2.24 已補 7 個 host owner decision review checklist items;仍不新增 action button |
|
||||
| Dry-run | `contract_defined_not_executed`;已納入 `CHECK_PROGRESS_GUARD` 與 `CHECK_OWNER_RESPONSE_GUARD`,latest local validation 為 `repo_snapshot_guard_pass`,仍不代表 production ingestion |
|
||||
| Runtime actions | `false` |
|
||||
| Payload ingestion | `false` |
|
||||
@@ -107,6 +107,7 @@
|
||||
| S2.21 IwoooS host evidence reviewer checklist | framework detail | 0 | 只顯示 reviewer 在 handoff packets 後要確認的七個只讀檢查;received / accepted、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
|
||||
| S2.22 IwoooS host evidence reviewer outcome lanes | framework detail | 0 | 只顯示 reviewer checklist 後的七個只讀結果分流;checklist passed、received / accepted、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
|
||||
| S2.23 IwoooS host owner decision candidate packets | framework detail | 0 | 只顯示 owner 人工決策前需要的七個 candidate packets;decision record、approved count、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
|
||||
| S2.24 IwoooS host owner decision review checklist | framework detail | 0 | 只顯示 owner decision 前的七個只讀核對項;decision record、approved count、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
|
||||
|
||||
headline 進度要再往上,至少需要下列任一高層 gate 有實質 evidence:
|
||||
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
|------|------|
|
||||
| 日期 | 2026-05-17 |
|
||||
| 狀態 | S0/S1 read-only evidence 建置中 |
|
||||
| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Source Control Ref Truth Owner Response 收件包 + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + GitHub Target Owner Decision Response 收件包 + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Gitea Owner Attestation Approval Lane 對齊 + Gitea Owner Attestation Response 收件包 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Workflow / Secret Name Owner Response 收件包 + Source Control Owner Response Validation Rollup + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 + IwoooS 前端態勢入口 + IwoooS posture projection contract + IwoooS 既有前端資安頁面整合 + IwoooS 覆蓋與邊界矩陣 + IwoooS 只讀資安處理旅程 + IwoooS owner evidence readiness board + IwoooS host coverage view + IwoooS host action gate matrix + IwoooS host evidence readiness board + IwoooS host evidence collection order + IwoooS host evidence intake preflight + IwoooS host evidence review outcome lanes + IwoooS host evidence review handoff packets + IwoooS host evidence reviewer checklist + IwoooS host evidence reviewer outcome lanes + IwoooS host owner decision candidate packets |
|
||||
| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Source Control Ref Truth Owner Response 收件包 + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + GitHub Target Owner Decision Response 收件包 + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Gitea Owner Attestation Approval Lane 對齊 + Gitea Owner Attestation Response 收件包 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Workflow / Secret Name Owner Response 收件包 + Source Control Owner Response Validation Rollup + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 + IwoooS 前端態勢入口 + IwoooS posture projection contract + IwoooS 既有前端資安頁面整合 + IwoooS 覆蓋與邊界矩陣 + IwoooS 只讀資安處理旅程 + IwoooS owner evidence readiness board + IwoooS host coverage view + IwoooS host action gate matrix + IwoooS host evidence readiness board + IwoooS host evidence collection order + IwoooS host evidence intake preflight + IwoooS host evidence review outcome lanes + IwoooS host evidence review handoff packets + IwoooS host evidence reviewer checklist + IwoooS host evidence reviewer outcome lanes + IwoooS host owner decision candidate packets + IwoooS host owner decision review checklist |
|
||||
| 原則 | 低摩擦分階段;文件、schema、read-only evidence 優先;不做 runtime enforcement、不切 primary |
|
||||
|
||||
## 0. 本階段完成後整體進度
|
||||
@@ -83,6 +83,7 @@ python3 scripts/security/security-mirror-progress-guard.py
|
||||
| S2.21 IwoooS host evidence reviewer checklist | 已完成草案,將 scope boundary、owner decision、credential handling、redaction、maintenance / rollback、validation metrics 與 runtime gate separation 顯示成七個只讀 reviewer checks | 0 |
|
||||
| S2.22 IwoooS host evidence reviewer outcome lanes | 已完成草案,將 owner decision candidate、scope mismatch、owner expired、credential metadata failed、redaction failed、rollback missing 與 runtime gate required 顯示成七個只讀 outcome lanes | 0 |
|
||||
| S2.23 IwoooS host owner decision candidate packets | 已完成草案,將 scope approval、scan mode、credential handling、maintenance window、rollback owner、validation metrics 與 runtime gate 顯示成七個只讀 owner decision candidate packets | 0 |
|
||||
| S2.24 IwoooS host owner decision review checklist | 已完成草案,將 scope readable、scan mode not authorization、credential metadata-only、maintenance not change、rollback owner、validation metrics 與 runtime gate separation 顯示成七個只讀 owner review checks | 0 |
|
||||
|
||||
headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner response 收到並通過脫敏驗收,或人工批准後出現 active runtime gate、redacted payload ingestion、GitHub primary readiness 這類落地 evidence。
|
||||
|
||||
@@ -125,6 +126,7 @@ headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner respons
|
||||
| S2.21 IwoooS Host Evidence Reviewer Checklist | 完成草案 | `/iwooos` 新增主機 evidence reviewer checklist,顯示 scope boundary match、owner decision scope / expiry、credential metadata-only、redaction pass、maintenance / rollback、validation metrics、runtime gate separated 七個檢查 | 使用者能理解人審不是執行授權;仍不標記 passed / received / accepted、不建立 approval record、不開 runtime gate |
|
||||
| S2.22 IwoooS Host Evidence Reviewer Outcome Lanes | 完成草案 | `/iwooos` 新增主機 evidence reviewer outcome lanes,顯示 ready for owner decision、scope mismatch、owner decision expired、credential metadata failed、redaction failed、rollback missing、runtime gate required 七個分流 | 使用者能理解 checklist 後下一步;仍不標記 passed / accepted、不建立 approval record、不開 runtime gate、不執行主機動作 |
|
||||
| S2.23 IwoooS Host Owner Decision Candidate Packets | 完成草案 | `/iwooos` 新增主機 owner decision candidate packets,顯示 scope approval、scan mode、credential handling、maintenance window、rollback owner、validation metrics、runtime gate 七個候選包 | 使用者能理解 owner 人工決策需要看哪些素材;仍不建立 decision record、不標記 approved、不開 runtime gate、不執行主機動作 |
|
||||
| S2.24 IwoooS Host Owner Decision Review Checklist | 完成草案 | `/iwooos` 新增主機 owner decision review checklist,顯示 scope boundary readable、scan mode not authorization、credential boundary metadata only、maintenance window not change、rollback owner readable、validation metrics predefined、runtime gate still separate 七個檢查 | 使用者能理解 owner 決策前仍需核對哪些安全邊界;仍不建立 decision record、不標記 approved、不開 runtime gate、不執行主機動作 |
|
||||
| S3 approval gate | 進行中 | `security_approval_gate_v1` 已建立 8 個人工 gate items:7 pending、1 block candidate、0 approved | 不得繞過人工批准;批准後仍需 follow-up runtime gate |
|
||||
| S3.0 人工批准 Gate 契約 | 完成草案 | 定義批准範圍、決策選項、required reviewers、still forbidden 與 follow-up runtime gate | AwoooP 可記錄決策,不可執行 gate item |
|
||||
| S3.1 人工決策紀錄契約 | 完成草案 | `security_approval_decision_record_v1` 已建立;目前 0 筆 decision records、0 個 runtime action 授權 | AwoooP 可稽核決策,不可把決策當執行 |
|
||||
|
||||
@@ -49,7 +49,8 @@
|
||||
"host_evidence_review_handoff_packet_count": 7,
|
||||
"host_evidence_reviewer_checklist_item_count": 7,
|
||||
"host_evidence_reviewer_outcome_lane_count": 7,
|
||||
"host_owner_decision_candidate_packet_count": 7
|
||||
"host_owner_decision_candidate_packet_count": 7,
|
||||
"host_owner_decision_review_checklist_item_count": 7
|
||||
},
|
||||
"progress": {
|
||||
"overall_percent": 58,
|
||||
@@ -135,7 +136,8 @@
|
||||
"display_host_evidence_review_handoff_packets",
|
||||
"display_host_evidence_reviewer_checklist",
|
||||
"display_host_evidence_reviewer_outcome_lanes",
|
||||
"display_host_owner_decision_candidate_packets"
|
||||
"display_host_owner_decision_candidate_packets",
|
||||
"display_host_owner_decision_review_checklist"
|
||||
],
|
||||
"forbidden_frontend_outputs": [
|
||||
"add_scan_button",
|
||||
@@ -181,7 +183,10 @@
|
||||
"open_runtime_gate_from_reviewer_outcome",
|
||||
"treat_host_owner_decision_candidate_as_approval",
|
||||
"mark_host_owner_decision_approved",
|
||||
"open_runtime_gate_from_owner_decision_candidate"
|
||||
"open_runtime_gate_from_owner_decision_candidate",
|
||||
"treat_host_owner_decision_review_check_as_approval",
|
||||
"mark_host_owner_decision_review_passed",
|
||||
"open_runtime_gate_from_owner_decision_review_check"
|
||||
],
|
||||
"runtime_execution_authorized": false,
|
||||
"action_buttons_allowed": false,
|
||||
@@ -1865,5 +1870,140 @@
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
}
|
||||
],
|
||||
"host_owner_decision_review_checklist_items": [
|
||||
{
|
||||
"check_id": "host_scope_boundary_readable_review_check",
|
||||
"display_order": 1,
|
||||
"source_packet_ids": [
|
||||
"host_scope_approval_candidate_packet"
|
||||
],
|
||||
"review_check": "owner_can_read_scope_hosts_networks_services_exclusions",
|
||||
"guard_condition": "scope_review_only_owner_decision_received_zero",
|
||||
"display_mode": "owner_decision_review_checklist_only",
|
||||
"owner_decision_received_count": 0,
|
||||
"owner_decision_accepted_count": 0,
|
||||
"owner_approval_record_created": false,
|
||||
"runtime_gate_opened": false,
|
||||
"raw_payload_allowed": false,
|
||||
"secret_value_collection_allowed": false,
|
||||
"runtime_execution_authorized": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"check_id": "host_scan_mode_not_authorization_review_check",
|
||||
"display_order": 2,
|
||||
"source_packet_ids": [
|
||||
"host_scan_mode_candidate_packet"
|
||||
],
|
||||
"review_check": "scan_modes_are_descriptive_not_authorization",
|
||||
"guard_condition": "active_scan_and_credentialed_scan_authorized_false",
|
||||
"display_mode": "owner_decision_review_checklist_only",
|
||||
"owner_decision_received_count": 0,
|
||||
"owner_decision_accepted_count": 0,
|
||||
"owner_approval_record_created": false,
|
||||
"runtime_gate_opened": false,
|
||||
"raw_payload_allowed": false,
|
||||
"secret_value_collection_allowed": false,
|
||||
"runtime_execution_authorized": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"check_id": "host_credential_boundary_metadata_only_review_check",
|
||||
"display_order": 3,
|
||||
"source_packet_ids": [
|
||||
"host_credential_handling_candidate_packet"
|
||||
],
|
||||
"review_check": "credential_boundary_metadata_only_no_sensitive_material",
|
||||
"guard_condition": "secret_value_collection_allowed_false",
|
||||
"display_mode": "owner_decision_review_checklist_only",
|
||||
"owner_decision_received_count": 0,
|
||||
"owner_decision_accepted_count": 0,
|
||||
"owner_approval_record_created": false,
|
||||
"runtime_gate_opened": false,
|
||||
"raw_payload_allowed": false,
|
||||
"secret_value_collection_allowed": false,
|
||||
"runtime_execution_authorized": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"check_id": "host_maintenance_window_not_change_review_check",
|
||||
"display_order": 4,
|
||||
"source_packet_ids": [
|
||||
"host_maintenance_window_candidate_packet"
|
||||
],
|
||||
"review_check": "maintenance_window_candidate_not_host_update",
|
||||
"guard_condition": "host_update_authorized_false",
|
||||
"display_mode": "owner_decision_review_checklist_only",
|
||||
"owner_decision_received_count": 0,
|
||||
"owner_decision_accepted_count": 0,
|
||||
"owner_approval_record_created": false,
|
||||
"runtime_gate_opened": false,
|
||||
"raw_payload_allowed": false,
|
||||
"secret_value_collection_allowed": false,
|
||||
"runtime_execution_authorized": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"check_id": "host_rollback_owner_readable_review_check",
|
||||
"display_order": 5,
|
||||
"source_packet_ids": [
|
||||
"host_rollback_owner_candidate_packet"
|
||||
],
|
||||
"review_check": "rollback_owner_and_recovery_path_readable",
|
||||
"guard_condition": "owner_approval_record_created_false",
|
||||
"display_mode": "owner_decision_review_checklist_only",
|
||||
"owner_decision_received_count": 0,
|
||||
"owner_decision_accepted_count": 0,
|
||||
"owner_approval_record_created": false,
|
||||
"runtime_gate_opened": false,
|
||||
"raw_payload_allowed": false,
|
||||
"secret_value_collection_allowed": false,
|
||||
"runtime_execution_authorized": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"check_id": "host_validation_metrics_predefined_review_check",
|
||||
"display_order": 6,
|
||||
"source_packet_ids": [
|
||||
"host_validation_metrics_candidate_packet"
|
||||
],
|
||||
"review_check": "post_check_metrics_baseline_pointer_predefined",
|
||||
"guard_condition": "runtime_gate_opened_false",
|
||||
"display_mode": "owner_decision_review_checklist_only",
|
||||
"owner_decision_received_count": 0,
|
||||
"owner_decision_accepted_count": 0,
|
||||
"owner_approval_record_created": false,
|
||||
"runtime_gate_opened": false,
|
||||
"raw_payload_allowed": false,
|
||||
"secret_value_collection_allowed": false,
|
||||
"runtime_execution_authorized": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"check_id": "host_runtime_gate_still_separate_review_check",
|
||||
"display_order": 7,
|
||||
"source_packet_ids": [
|
||||
"host_runtime_gate_candidate_packet"
|
||||
],
|
||||
"review_check": "owner_decision_checklist_cannot_execute_host_action",
|
||||
"guard_condition": "action_buttons_allowed_false_runtime_gate_separate",
|
||||
"display_mode": "owner_decision_review_checklist_only",
|
||||
"owner_decision_received_count": 0,
|
||||
"owner_decision_accepted_count": 0,
|
||||
"owner_approval_record_created": false,
|
||||
"runtime_gate_opened": false,
|
||||
"raw_payload_allowed": false,
|
||||
"secret_value_collection_allowed": false,
|
||||
"runtime_execution_authorized": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@@ -790,6 +790,16 @@
|
||||
"runtime_delta": false,
|
||||
"execution_authorized": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"delta_id": "s2_24_iwooos_host_owner_decision_review_checklist",
|
||||
"display_order": 53,
|
||||
"progress_axis": "framework_detail",
|
||||
"headline_percent_delta": 0,
|
||||
"framework_delta_visible": true,
|
||||
"runtime_delta": false,
|
||||
"execution_authorized": false,
|
||||
"not_authorization": true
|
||||
}
|
||||
],
|
||||
"next_safe_actions": [
|
||||
|
||||
Reference in New Issue
Block a user