From 18cf52631cc8fc0079b1307e82e438348c6257ed Mon Sep 17 00:00:00 2001 From: Your Name Date: Mon, 15 Jun 2026 20:17:44 +0800 Subject: [PATCH] =?UTF-8?q?docs(iwooos):=20=E8=A8=98=E9=8C=84=E4=B8=BB?= =?UTF-8?q?=E6=A9=9F=E6=9C=8D=E5=8B=99=E4=BA=8B=E6=95=85=E5=9B=9E=E8=AE=80?= =?UTF-8?q?=20gate=20[skip=20ci]?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/LOGBOOK.md | 56 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index f48940b5e..9188c4372 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -1,3 +1,59 @@ +## 2026-06-15|Docker / systemd / Host Service 事故後回讀 Gate + +**背景**:110 / 188 類主機服務事故證明,Docker daemon、compose、systemd、repair-bot、Ansible、host config backup、port binding、public / admin route、AI provider 與 monitoring 可能互相影響。IwoooS 不能把「容器起來」、「route 200」、「服務健康」或「頁面可見」誤判成主機服務事故已驗收;本階段補上 host service post-incident readback plan,只建立事故後回讀候選、必填欄位、reviewer checks、outcome lanes、blocked actions 與前台 marker;不 SSH、不讀 live host、不碰 Docker / systemd / repair-bot / Ansible / Nginx / firewall、不做 route smoke、不收 secrets 明文。 + +**完成項目**: +- 新增 `scripts/security/host-service-post-incident-readback-plan.py` 與 `docs/security/host-service-post-incident-readback-plan.snapshot.json`。 +- 新增 `docs/security/HOST-SERVICE-POST-INCIDENT-READBACK-PLAN.md`,把 9 個 Docker / systemd / host service surface 轉成事故後回讀計畫。 +- Post-incident readback plan 固定為 candidates `9`、write-capable candidates `3`、live-evidence required `8`、readback fields `36`、required readback fields `28`、reviewer checks `28`、outcome lanes `10`、blocked actions `41`。 +- 必填回讀欄位包含 actor、boot time、restart / recovery window、before / after、Docker daemon、compose、systemd、failed unit、port binding、dependency impact、public / admin route recovery、AI provider health、monitoring alert、operator notification、cross-project sync、restoration evidence、post-check、recurrence guard 與 no-false-green attestation。 +- 所有 post-incident readback received / accepted、Docker daemon accepted、compose accepted、systemd accepted、failed unit accepted、port binding accepted、route recovery accepted、AI provider accepted、monitoring accepted、cross-project sync accepted、recurrence guard accepted、runtime gate 與 action button 仍為 `0 / false`。 +- `docker_compose_systemd_host_config` 只讀成熟度從 `62%` 推進到 `64%`,狀態為 `post_incident_readback_plan_ready_needs_host_service_owner_evidence`。 +- 高價值配置平均成熟度從 `70%` 推進到 `71%`;needs-live-evidence 類別從 `10` 降為 `9`。 +- `/zh-TW/iwooos` 前台高價值配置卡片更新為:Docker / systemd 主機服務 `64%`、SSH / network / firewall `64%`、AI provider / model routing `64%`、K8s / ArgoCD GitOps `64%`;`en.json` 維持繁中鏡像。 +- `/zh-TW/awooop/tenants` 正式站與 API 已確認不顯示 raw repo namespace、個人 namespace、raw blocker 狀態或內部協作語句;前台只顯示產品 / 專案代號、脫敏來源代號與控管狀態。 + +**本地驗證**: +- JSON parse 驗證 `docs/security/host-service-post-incident-readback-plan.snapshot.json`、`docs/security/high-value-config-control-coverage.snapshot.json`、`docs/security/iwooos-posture-projection.snapshot.json`、`docs/schemas/iwooos_posture_projection_v1.schema.json`、`apps/web/messages/zh-TW.json`、`apps/web/messages/en.json` 通過。 +- `python3 -m py_compile scripts/security/host-service-post-incident-readback-plan.py scripts/security/high-value-config-control-coverage.py scripts/security/iwooos-config-control-guard.py scripts/security/security-mirror-progress-guard.py` 通過。 +- `python3 scripts/security/iwooos-config-control-guard.py --root .` → `IWOOOS_CONFIG_CONTROL_GUARD_OK`。 +- `python3 scripts/security/security-mirror-progress-guard.py --root .` → `SECURITY_MIRROR_PROGRESS_GUARD_OK`。 +- `python3 scripts/security/public-frontend-env-guard.py --root .` → `OK public frontend sensitive surface guard files=225 patterns=12 allowlisted=2 violations=0 runtime_gate=0`。 +- `python3 scripts/security/source-control-owner-response-guard.py --root .` → `SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`。 +- `python3 scripts/security/package-supply-chain-owner-policy-guard.py --root .` → `PACKAGE_SUPPLY_CHAIN_OWNER_POLICY_GUARD_OK`。 +- `python3 scripts/ops/doc-secrets-sanity-check.py docs .gitea` → `DOC_SECRET_SANITY_OK scanned_files=880`。 +- `pnpm --filter @awoooi/web typecheck` 通過;`apps/web/tsconfig.tsbuildinfo` 只屬 typecheck 快取副作用,未納入提交。 +- `git diff --check` 通過。 + +**Gitea / CD**: +- Code commit:`abda0ef6 feat(iwooos): 新增主機服務事故回讀 gate`。 +- Code-review run:`3057`,公開 Actions 頁顯示成功。 +- CD run:`3056`,tests job `3182 passed / 23 skipped`,B5 integration `5 passed`,build-and-deploy job 成功。 +- Deploy marker:`d547dc5f chore(cd): deploy abda0ef [skip ci]`。 +- CD log 顯示 ArgoCD `Synced / Healthy`、`awoooi-api` / `awoooi-web` / `awoooi-worker` rollout 成功、API health 通過、`AWOOOI_ROLLOUT_RISK=0`、CI/CD notification 已送出。 + +**Production 驗證**: +- 內建瀏覽器 attach 逾時,改用本機 Google Chrome headless 對相同 production URL 做只讀 smoke;未使用登入 token、未讀 secrets、未進行寫操作。 +- Chrome desktop `1440x1100`:`/zh-TW/iwooos?_v=d547dc5f-host-service-readback-prod-desktop` 回 `200`,必要 marker 缺漏 `0`,敏感 / 內部協作片語命中 `0`,`horizontalOverflow=false`,`scrollWidth=1440`,`clientWidth=1440`。 +- Chrome mobile `390x844`:`/zh-TW/iwooos?_v=d547dc5f-host-service-readback-prod-mobile` 回 `200`,必要 marker 缺漏 `0`,敏感 / 內部協作片語命中 `0`,`horizontalOverflow=false`,`scrollWidth=390`,`clientWidth=390`。 +- Chrome desktop `1440x1000`:`/zh-TW/awooop/tenants?_v=d547dc5f-tenant-redaction-prod-desktop` 回 `200`,必要文案缺漏 `0`,敏感 / 內部協作片語命中 `0`,`horizontalOverflow=false`,`scrollWidth=1440`,`clientWidth=1440`。 +- Chrome mobile `390x844`:`/zh-TW/awooop/tenants?_v=d547dc5f-tenant-redaction-prod-mobile` 回 `200`,必要文案缺漏 `0`,敏感 / 內部協作片語命中 `0`,`horizontalOverflow=false`,`scrollWidth=390`,`clientWidth=390`。 +- API readback:`/api/v1/platform/tenants` 回 `200`,raw repo namespace、個人 namespace、raw blocker 狀態與內部協作語句命中 `0`;response 目前為 `tenants=2`、`asset_inventory.products=16`、`public_route_count=31`、`source_candidate_repo_count=10`、`runtime_gate_count=0`。 +- Chrome 截圖: + - `/tmp/iwooos-desktop-d547dc5f.png` + - `/tmp/iwooos-mobile-d547dc5f.png` + - `/tmp/tenants-desktop-d547dc5f.png` + - `/tmp/tenants-mobile-d547dc5f.png` + +**完成度與邊界**: +- Docker / systemd / Host Service post-incident readback plan:`0% -> 100%`。 +- Docker / systemd / Host Service 只讀成熟度:`62% -> 64%`。 +- 高價值配置平均成熟度:`70% -> 71%`;needs-live-evidence 類別:`10 -> 9`。 +- IwoooS headline 維持 `64%`;active runtime gate 維持 `0`。 +- post-incident readback received / accepted、actor attribution、before / after、Docker daemon、compose、systemd、failed unit、port binding、route recovery、AI provider、monitoring、operator notification、cross-project sync、restoration evidence、post-check、recurrence guard、no-false-green accepted、runtime gate 與 action button 全部維持 `0 / false`。 +- 本輪未 SSH、未讀 live host / raw compose / raw systemd / raw docker logs / raw journal / raw env、未重啟 Docker / systemd / host、未執行 repair-bot / Ansible、未 reload Nginx、未改 firewall / port、未做 active scan、未收 secrets 明文、未 force push。 +- 下一優先:收 Host Service 事故後回讀包與 owner evidence;同時推進 K8s / ArgoCD、Backup / Restore / Escrow、Monitoring / Alerting / Observability 的 owner evidence,不得用 route 200、container up、UI 可見或 CD success 當成資安 runtime 授權。 + ## 2026-06-15|SSH / network / firewall 事故後回讀 Gate **背景**:端口、防火牆、NetworkPolicy、NodePort、WireGuard、deploy SSH、sudo 或 alert action 異動可能同時影響 public route、AI provider、monitoring 與跨產品部署。IwoooS 不能把「服務後來恢復」或「頁面可見」誤判成事故已驗收;本階段補上 post-incident readback plan,只建立只讀事故後回讀候選、必填欄位、reviewer checks、outcome lanes、blocked actions 與前台可視化;不 SSH、不讀 live firewall、不改 port / route / Nginx / Docker / systemd、不重啟、不做 active scan、不打 provider endpoint。