docs(iwooos): 記錄 tenants 脫敏與配置控管驗證 [skip ci]

This commit is contained in:
Your Name
2026-06-14 23:59:10 +08:00
parent f37167a355
commit 22876ee143

View File

@@ -1,3 +1,55 @@
## 2026-06-14Tenants 公開識別外洩修正、IwoooS 高價值配置控管與 production 驗證完成
**背景**:使用者指出 `/zh-TW/awooop/tenants` 的「原始碼 / 專案庫範圍」不應在前台直接顯示 raw owner / repository namespace也不應把仍待處理的風險只做成展示卡。這次依照 IwoooS 低摩擦資安原則,先關閉公開頁面與瀏覽器 API 的識別外洩面,並補齊 Host / Docker / systemd / repair-bot / Ansible 類 high-value config owner response acceptance 的只讀驗收帳本;未有真實 owner evidence 前,所有 request / accepted / runtime gate / action button 仍維持 `0 / false`
**完成項目**
- `GET /api/v1/platform/tenants` 對外 `asset_inventory.source_repos` 已改為 `PRD-###` / `SRC-###` 與繁中產品名public payload 不再輸出 raw owner namespace、raw repository slug 或內部專案庫識別。
- Tenants public boundaries 新增並鎖定 `public_product_identity_redacted=true``public_api_raw_project_slug_allowed=false``repo_owner_namespace_redacted=true``public_api_raw_repo_namespace_allowed=false`
- `/zh-TW/awooop/tenants` 前端欄位改成「脫敏原始碼範圍 / 範圍代號」,表格只顯示範圍代號、繁中產品名、風險與阻塞狀態。
- `/zh-TW/iwooos` 與繁中文案已移除殘留英文產品稱呼,公開頁面改用「任務媒合產品」、「代理賞金協議」、「股票研究平台」、「官方形象網站」、「藥局網站」、「直播角色網站」等繁中識別;產品專名只保留在導覽與系統品牌語境,不再作為 source owner / repo scope 顯示。
- 新增 `scripts/security/host-service-owner-response-acceptance.py``docs/security/HOST-SERVICE-OWNER-RESPONSE-ACCEPTANCE.md``docs/security/host-service-owner-response-acceptance.snapshot.json`,固定 9 份 host-service acceptance candidates、3 份 write-capable candidates、12 個必填 owner 欄位、14 個 reviewer checks、7 條 outcome lanes、20 個 blocked actions。
- `high-value-config-control-coverage.snapshot.json` 已同步 Docker / systemd maturity `50% -> 54%`,高價值配置平均只讀成熟度 `67% -> 68%`IwoooS headline 仍維持 `64%`active runtime gate 維持 `0`
- `security-mirror-progress-guard.py` 已鎖住 Tenants public identity redaction、host-service acceptance snapshot、coverage 數字、candidate ids、false flags 與前端必要繁中文案。
**本地驗證**
- Host-service acceptance 產生器:`HOST_SERVICE_OWNER_RESPONSE_ACCEPTANCE_OK candidates=9 write_capable=3 checks=14 lanes=7 accepted=0 runtime_gate=0`
- high-value config coverage 重產:`HIGH_VALUE_CONFIG_CONTROL_COVERAGE_OK categories=14 c0=8 avg=68 runtime_gate=0`
- `python3 -m py_compile scripts/security/host-service-owner-response-acceptance.py scripts/security/high-value-config-control-coverage.py scripts/security/security-mirror-progress-guard.py` 通過。
- JSON parsehost-service acceptance snapshot、high-value coverage snapshot、IwoooS posture snapshot 與前端 messages 通過。
- `DATABASE_URL=postgresql+asyncpg://test:test@127.0.0.1:5432/test PYTHONPATH=apps/api /Users/ogt/.pyenv/shims/python3 -m pytest apps/api/tests/test_awooop_tenant_asset_inventory.py -q``2 passed`
- `python3 scripts/security/security-mirror-progress-guard.py --root .``SECURITY_MIRROR_PROGRESS_GUARD_OK`
- `python3 scripts/security/source-control-owner-response-guard.py --root .``SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`
- `python3 scripts/ops/doc-secrets-sanity-check.py docs .gitea``DOC_SECRET_SANITY_OK`
- `pnpm --dir apps/web typecheck` 通過。
- `NEXT_PUBLIC_API_URL=https://awoooi.wooo.work SENTRY_SUPPRESS_GLOBAL_ERROR_HANDLER_FILE_WARNING=1 pnpm --dir apps/web build` 通過。
- local build artifact scanTenants 與 IwoooS server bundle 均未命中 raw owner namespace、raw repository slug、舊英文產品稱呼或工作視窗溝通片語。
**Gitea / CD**
- Code commit`8a6be1a1 fix(iwooos): 脫敏 tenants public identity`Code Review `#4256` SuccessCD `#4255` Successdeploy marker `6753dcf0 chore(cd): deploy 8a6be1a [skip ci]`
- Code commit`225c4313 fix(iwooos): 收斂前端產品識別文案`Code Review `#4258` SuccessCD `#4257` Successdeploy marker `7a06b9ab chore(cd): deploy 225c431 [skip ci]`
- Code commit`1f2309a4 fix(iwooos): 移除前端殘留英文產品稱呼`Code Review `#4260` SuccessCD `#4259` Successjobs `6212 tests``6213 build-and-deploy``6214 post-deploy-checks` 全部 Successdeploy marker `f37167a3 chore(cd): deploy 1f2309a [skip ci]`
- CD `#4259` build-and-deploy 期間曾回報 ArgoCD health `Degraded / OutOfSync` 類 rollout risk但 rollout、API health 與 post-deploy checks 已成功;此訊號保留為風險證據,不視為 runtime 授權。
**Production 只讀驗證deploy marker `f37167a3`**
- API`https://awoooi.wooo.work/api/v1/platform/tenants?_v=1f2309a4-final-prod-api` HTTP `200`;可見 `PRD-001``核心營運平台``代理賞金協議``public_product_identity_redacted`raw owner namespace、raw repository slug、舊英文產品稱呼與工作視窗溝通片語均未命中。
- HTML`https://awoooi.wooo.work/zh-TW/awooop/tenants?_v=1f2309a4-final-prod-html` HTTP `200`;可見 `代理賞金協議`raw owner namespace、raw repository slug、舊英文產品稱呼與工作視窗溝通片語均未命中。
- HTML`https://awoooi.wooo.work/zh-TW/iwooos?_v=1f2309a4-final-prod-html` HTTP `200`;可見 `代理賞金協議``高價值配置``68%``54%`raw owner namespace、raw repository slug、舊英文產品稱呼與工作視窗溝通片語均未命中。
- In-app browser desktop`/zh-TW/awooop/tenants?_v=1f2309a4-final-desktop` 可見 `PRD-001``核心營運平台``代理賞金協議` 與阻塞狀態;`innerWidth=1006``scrollWidth=1000``horizontalOverflow=false`forbidden markers `0`
- In-app browser desktop`/zh-TW/iwooos?_v=1f2309a4-final-desktop` 可見 `高價值配置``54%``68%``runtime gate``代理賞金協議``innerWidth=1006``scrollWidth=1000``horizontalOverflow=false`forbidden markers `0`
- In-app browser mobile `390x844``/zh-TW/awooop/tenants?_v=1f2309a4-final-mobile` 可見 `PRD-001``核心營運平台``代理賞金協議``innerWidth=390``scrollWidth=384``horizontalOverflow=false`forbidden markers `0`
- In-app browser mobile `390x844``/zh-TW/iwooos?_v=1f2309a4-final-mobile` 可見 `高價值配置``54%``68%``runtime gate``代理賞金協議``innerWidth=390``scrollWidth=384``horizontalOverflow=false`forbidden markers `0`
**完成度與邊界**
- Tenants public identity redaction`100%`
- 前端產品識別繁中收斂:`100%`
- Host-service owner response acceptance artifact`100%`
- Production API / HTML / desktop / mobile verification`100%`
- Docker / systemd high-value config maturity`50% -> 54%`
- 高價值配置平均只讀成熟度:`67% -> 68%`
- IwoooS headline維持 `64%`active runtime gate維持 `0`
- request sent、recipient confirmed、owner response received、owner response accepted、live host read、Docker / systemctl / repair-bot / Ansible action、host write、production write、active scan、runtime gate、action button 全部維持 `0 / false`
- 這次完成的是 public information disclosure 修補與只讀資安控管框架,不代表 GitHub primary 切換、repo creation、refs sync、workflow 修改、secret value collection、Nginx / firewall / Docker / host 寫操作或任何 runtime 修復已授權。
## 2026-06-14DNS / TLS / certbot owner response acceptance 只讀帳本完成
**背景**DNS / TLS / certbot 已被列為 C0 公開入口風險配置,既有 owner confirmation request 已指出 4 個 domain / certificate path 關係需 owner 確認。若缺少 owner response acceptance 帳本,後續容易把 SAN / wildcard / 共用憑證覆蓋確認、憑證到期 metadata、renewal owner 或 ACME route owner 誤判成 DNS query、live TLS probe、certbot renew、Nginx reload 或 route smoke 授權。