feat(iwooos): add live security control plane
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Successful in 2m22s
CD Pipeline / post-deploy-checks (push) Has been cancelled
CD Pipeline / build-and-deploy (push) Has been cancelled

This commit is contained in:
ogt
2026-07-11 19:45:58 +08:00
parent 05a2ee7c32
commit 0107eae239
8 changed files with 2236 additions and 0 deletions

View File

@@ -25,6 +25,9 @@ from src.services.iwooos_owner_evidence_intake_preflight import (
from src.services.iwooos_runtime_security_readback import (
load_latest_iwooos_runtime_security_readback,
)
from src.services.iwooos_security_asset_control_plane import (
get_iwooos_security_asset_control_plane_service,
)
from src.services.iwooos_security_control_coverage import (
load_latest_iwooos_security_control_coverage,
)
@@ -1005,6 +1008,23 @@ async def get_iwooos_security_control_coverage() -> dict[str, Any]:
) from exc
@router.get(
"/api/v1/iwooos/security-asset-control-plane",
response_model=dict[str, Any],
summary="取得 IwoooS live 資產、SIEM、稽核與 AI 自動化控制平面",
description=(
"從 production DB 只讀聚合 asset inventory、coverage、compliance、SIEM rule/case、"
"AI operation receipts 與 audit trail輸出 NIST CSF、SIEM pipeline 與排序工作項。"
"端點不回傳資產名稱、主機、IP、event payload、target resource、prompt/output 或 secret"
"也不觸發掃描、告警、SOAR、Wazuh active response 或任何 runtime action。"
),
)
async def get_iwooos_security_asset_control_plane() -> dict[str, Any]:
"""回傳公開安全的 production security control-plane aggregate。"""
payload = await get_iwooos_security_asset_control_plane_service().get_snapshot()
return redact_public_lan_topology(payload)
@router.get(
"/api/v1/iwooos/high-value-config-control-coverage",
response_model=dict[str, Any],

File diff suppressed because it is too large Load Diff