feat(web): add IwoooS queue review checklist
This commit is contained in:
@@ -2198,6 +2198,54 @@
|
||||
"field": "not authorization; action buttons=false"
|
||||
}
|
||||
}
|
||||
},
|
||||
"hostOwnerDecisionRecordFormalRecordQueueReview": {
|
||||
"title": "Host Owner Decision Record Formal Record Queue Review Checklist",
|
||||
"subtitle": "The formal record queue review checklist only confirms whether queue packets are readable for a future human formal-record review. It does not mark review passed, enqueue, create decision records, create approval records, or open runtime gates.",
|
||||
"checkLabel": "Queue review",
|
||||
"guardLabel": "Guardrail",
|
||||
"items": {
|
||||
"queueIdentityTraceable": {
|
||||
"title": "Queue identity traceable",
|
||||
"body": "Confirms queue identity can trace candidate record, version, owner, review scope, and source without treating traceability as formal enqueue.",
|
||||
"guard": "trace only; queue enqueued=0"
|
||||
},
|
||||
"queueDecisionSummaryReadable": {
|
||||
"title": "Queue decision summary readable",
|
||||
"body": "Confirms the decision summary and no-execution statement are readable without creating a formal decision record.",
|
||||
"guard": "summary only; record created=false"
|
||||
},
|
||||
"queueScopeExpiryFresh": {
|
||||
"title": "Queue scope and expiry fresh",
|
||||
"body": "Confirms host, network, service, exclusion, observation intent, and expiry are not stale or outside the original scope.",
|
||||
"guard": "scope check only; finalized=0"
|
||||
},
|
||||
"queueScanLimitsNotAuthorization": {
|
||||
"title": "Queue scan limits not authorization",
|
||||
"body": "Confirms observe-only, future active scan, and credentialed scan limits remain constraints, not scan approval.",
|
||||
"guard": "scan authorized=false"
|
||||
},
|
||||
"queueCredentialBoundaryMetadataOnly": {
|
||||
"title": "Queue credential boundary metadata-only",
|
||||
"body": "Confirms credential boundary keeps only metadata, owner, retention, and masking boundary without requesting sensitive material.",
|
||||
"guard": "secret collection=false"
|
||||
},
|
||||
"queueMaintenanceRollbackLinked": {
|
||||
"title": "Queue maintenance and rollback linked",
|
||||
"body": "Confirms maintenance window, constraints, rollback owner, recovery path, and human contact have pointers without allowing host package changes or tuning.",
|
||||
"guard": "host change=false"
|
||||
},
|
||||
"queueValidationGateSeparate": {
|
||||
"title": "Queue validation gate separate",
|
||||
"body": "Confirms validation evidence, post-check metrics, and baseline pointer still route to a separate runtime gate.",
|
||||
"guard": "active gates=0"
|
||||
},
|
||||
"queueNoExecutionAttestationPresent": {
|
||||
"title": "Queue no-execution attestation present",
|
||||
"body": "Confirms the no-execution, no-approval, and no-runtime-gate statement remains present so the checklist cannot become an action entry.",
|
||||
"guard": "action buttons=false"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"tickets": {
|
||||
|
||||
@@ -2199,6 +2199,54 @@
|
||||
"field": "not authorization;action buttons=false"
|
||||
}
|
||||
}
|
||||
},
|
||||
"hostOwnerDecisionRecordFormalRecordQueueReview": {
|
||||
"title": "主機 Owner Decision Record Formal Record Queue Review Checklist",
|
||||
"subtitle": "Formal record queue review checklist 只確認佇列資料包是否可供未來人工正式紀錄審查。不標記 review passed、不 enqueue、不建立 decision record、不建立 approval record、不開 runtime gate。",
|
||||
"checkLabel": "Queue review",
|
||||
"guardLabel": "保護邊界",
|
||||
"items": {
|
||||
"queueIdentityTraceable": {
|
||||
"title": "Queue identity traceable",
|
||||
"body": "確認 queue identity 能回溯 candidate record、版本、owner、review scope 與來源,不把可追蹤性當成正式入列。",
|
||||
"guard": "trace only;queue enqueued=0"
|
||||
},
|
||||
"queueDecisionSummaryReadable": {
|
||||
"title": "Queue decision summary readable",
|
||||
"body": "確認 decision summary 與 no-execution statement 可讀,但不產生正式 decision record。",
|
||||
"guard": "summary only;record created=false"
|
||||
},
|
||||
"queueScopeExpiryFresh": {
|
||||
"title": "Queue scope and expiry fresh",
|
||||
"body": "確認 host、network、service、exclusion、觀察目的與 expiry 沒有過期或超出原始 scope。",
|
||||
"guard": "scope check only;finalized=0"
|
||||
},
|
||||
"queueScanLimitsNotAuthorization": {
|
||||
"title": "Queue scan limits not authorization",
|
||||
"body": "確認 observe-only、future active scan 與 credentialed scan limits 仍只是限制描述,不是掃描批准。",
|
||||
"guard": "scan authorized=false"
|
||||
},
|
||||
"queueCredentialBoundaryMetadataOnly": {
|
||||
"title": "Queue credential boundary metadata-only",
|
||||
"body": "確認 credential boundary 只保留 metadata、owner、retention 與 masking 邊界,不要求敏感素材。",
|
||||
"guard": "secret collection=false"
|
||||
},
|
||||
"queueMaintenanceRollbackLinked": {
|
||||
"title": "Queue maintenance and rollback linked",
|
||||
"body": "確認維護窗口、限制條件、rollback owner、復原路徑與人工聯絡點都有 pointer,但不代表可以做主機套件變更或調校。",
|
||||
"guard": "host change=false"
|
||||
},
|
||||
"queueValidationGateSeparate": {
|
||||
"title": "Queue validation gate separate",
|
||||
"body": "確認 validation evidence、post-check metrics 與 baseline pointer 仍導向獨立 runtime gate。",
|
||||
"guard": "active gates=0"
|
||||
},
|
||||
"queueNoExecutionAttestationPresent": {
|
||||
"title": "Queue no-execution attestation present",
|
||||
"body": "確認 no-execution / no-approval / no-runtime-gate 聲明仍在,避免 checklist 被當成 action entry。",
|
||||
"guard": "action buttons=false"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"tickets": {
|
||||
|
||||
@@ -229,6 +229,13 @@ type HostOwnerDecisionRecordFormalRecordQueuePacket = {
|
||||
tone: 'steady' | 'warn' | 'locked'
|
||||
}
|
||||
|
||||
type HostOwnerDecisionRecordFormalRecordQueueReviewItem = {
|
||||
key: string
|
||||
check: string
|
||||
icon: typeof ShieldCheck
|
||||
tone: 'steady' | 'warn' | 'locked'
|
||||
}
|
||||
|
||||
const postureMetrics: PostureMetric[] = [
|
||||
{ key: 'overall', value: '58%', tone: 'warn' },
|
||||
{ key: 'framework', value: '80-85%', tone: 'steady' },
|
||||
@@ -542,6 +549,17 @@ const hostOwnerDecisionRecordFormalRecordQueuePackets: HostOwnerDecisionRecordFo
|
||||
{ key: 'queueNoExecutionAttestationPacket', packet: 'FQ8', icon: FileWarning, tone: 'locked' },
|
||||
]
|
||||
|
||||
const hostOwnerDecisionRecordFormalRecordQueueReviewItems: HostOwnerDecisionRecordFormalRecordQueueReviewItem[] = [
|
||||
{ key: 'queueIdentityTraceable', check: 'FQC1', icon: FileText, tone: 'warn' },
|
||||
{ key: 'queueDecisionSummaryReadable', check: 'FQC2', icon: ClipboardCheck, tone: 'warn' },
|
||||
{ key: 'queueScopeExpiryFresh', check: 'FQC3', icon: Radar, tone: 'warn' },
|
||||
{ key: 'queueScanLimitsNotAuthorization', check: 'FQC4', icon: Activity, tone: 'locked' },
|
||||
{ key: 'queueCredentialBoundaryMetadataOnly', check: 'FQC5', icon: Lock, tone: 'locked' },
|
||||
{ key: 'queueMaintenanceRollbackLinked', check: 'FQC6', icon: Clock3, tone: 'warn' },
|
||||
{ key: 'queueValidationGateSeparate', check: 'FQC7', icon: ShieldCheck, tone: 'locked' },
|
||||
{ key: 'queueNoExecutionAttestationPresent', check: 'FQC8', icon: FileWarning, tone: 'locked' },
|
||||
]
|
||||
|
||||
const evidenceItems = [
|
||||
'iwooos-posture-projection.snapshot.json',
|
||||
'security-rollout-policy.snapshot.json',
|
||||
@@ -1428,6 +1446,38 @@ function HostOwnerDecisionRecordFormalRecordQueueCard({
|
||||
)
|
||||
}
|
||||
|
||||
function HostOwnerDecisionRecordFormalRecordQueueReviewCard({
|
||||
item,
|
||||
}: {
|
||||
item: HostOwnerDecisionRecordFormalRecordQueueReviewItem
|
||||
}) {
|
||||
const t = useTranslations('iwooos.hostOwnerDecisionRecordFormalRecordQueueReview')
|
||||
const Icon = item.icon
|
||||
return (
|
||||
<div style={{ ...band, minHeight: 190, padding: 16 }}>
|
||||
<div style={{ display: 'flex', alignItems: 'center', justifyContent: 'space-between', gap: 12 }}>
|
||||
<div style={{ display: 'flex', alignItems: 'center', gap: 9 }}>
|
||||
<Icon size={18} color={toneColors[item.tone]} />
|
||||
<span style={{ fontSize: 11, color: '#87867f' }}>{t('checkLabel')}</span>
|
||||
</div>
|
||||
<span style={{ fontSize: 11, color: '#9b978b' }}>{item.check}</span>
|
||||
</div>
|
||||
<h2 style={{ fontSize: 14, margin: '12px 0 6px', color: '#141413' }}>
|
||||
{t(`items.${item.key}.title` as never)}
|
||||
</h2>
|
||||
<p style={{ fontSize: 12, lineHeight: 1.55, color: '#6f6d66', margin: 0 }}>
|
||||
{t(`items.${item.key}.body` as never)}
|
||||
</p>
|
||||
<div style={{ marginTop: 10, display: 'grid', gap: 5 }}>
|
||||
<div style={{ fontSize: 11, color: '#87867f' }}>{t('guardLabel')}</div>
|
||||
<div style={{ fontSize: 11, color: toneColors[item.tone], lineHeight: 1.45 }}>
|
||||
{t(`items.${item.key}.guard` as never)}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
)
|
||||
}
|
||||
|
||||
export default function IwoooSPage({ params }: { params: { locale: string } }) {
|
||||
const t = useTranslations('iwooos')
|
||||
|
||||
@@ -1940,6 +1990,26 @@ export default function IwoooSPage({ params }: { params: { locale: string } }) {
|
||||
</div>
|
||||
</section>
|
||||
|
||||
<section style={{ marginBottom: 14 }}>
|
||||
<div style={{ marginBottom: 14 }}>
|
||||
<h2 style={{ fontSize: 16, margin: 0 }}>{t('hostOwnerDecisionRecordFormalRecordQueueReview.title')}</h2>
|
||||
<p style={{ fontSize: 12, color: '#6f6d66', margin: '6px 0 0', lineHeight: 1.55 }}>
|
||||
{t('hostOwnerDecisionRecordFormalRecordQueueReview.subtitle')}
|
||||
</p>
|
||||
</div>
|
||||
<div
|
||||
style={{
|
||||
display: 'grid',
|
||||
gridTemplateColumns: 'repeat(auto-fit, minmax(210px, 1fr))',
|
||||
gap: 12,
|
||||
}}
|
||||
>
|
||||
{hostOwnerDecisionRecordFormalRecordQueueReviewItems.map(item => (
|
||||
<HostOwnerDecisionRecordFormalRecordQueueReviewCard key={item.key} item={item} />
|
||||
))}
|
||||
</div>
|
||||
</section>
|
||||
|
||||
<section
|
||||
style={{
|
||||
display: 'grid',
|
||||
|
||||
Reference in New Issue
Block a user