docs(iwooos): 記錄 tenants 脫敏與配置控管驗證 [skip ci]
This commit is contained in:
@@ -1,3 +1,55 @@
|
||||
## 2026-06-14|Tenants 公開識別外洩修正、IwoooS 高價值配置控管與 production 驗證完成
|
||||
|
||||
**背景**:使用者指出 `/zh-TW/awooop/tenants` 的「原始碼 / 專案庫範圍」不應在前台直接顯示 raw owner / repository namespace,也不應把仍待處理的風險只做成展示卡。這次依照 IwoooS 低摩擦資安原則,先關閉公開頁面與瀏覽器 API 的識別外洩面,並補齊 Host / Docker / systemd / repair-bot / Ansible 類 high-value config owner response acceptance 的只讀驗收帳本;未有真實 owner evidence 前,所有 request / accepted / runtime gate / action button 仍維持 `0 / false`。
|
||||
|
||||
**完成項目**:
|
||||
- `GET /api/v1/platform/tenants` 對外 `asset_inventory.source_repos` 已改為 `PRD-###` / `SRC-###` 與繁中產品名;public payload 不再輸出 raw owner namespace、raw repository slug 或內部專案庫識別。
|
||||
- Tenants public boundaries 新增並鎖定 `public_product_identity_redacted=true`、`public_api_raw_project_slug_allowed=false`、`repo_owner_namespace_redacted=true`、`public_api_raw_repo_namespace_allowed=false`。
|
||||
- `/zh-TW/awooop/tenants` 前端欄位改成「脫敏原始碼範圍 / 範圍代號」,表格只顯示範圍代號、繁中產品名、風險與阻塞狀態。
|
||||
- `/zh-TW/iwooos` 與繁中文案已移除殘留英文產品稱呼,公開頁面改用「任務媒合產品」、「代理賞金協議」、「股票研究平台」、「官方形象網站」、「藥局網站」、「直播角色網站」等繁中識別;產品專名只保留在導覽與系統品牌語境,不再作為 source owner / repo scope 顯示。
|
||||
- 新增 `scripts/security/host-service-owner-response-acceptance.py`、`docs/security/HOST-SERVICE-OWNER-RESPONSE-ACCEPTANCE.md` 與 `docs/security/host-service-owner-response-acceptance.snapshot.json`,固定 9 份 host-service acceptance candidates、3 份 write-capable candidates、12 個必填 owner 欄位、14 個 reviewer checks、7 條 outcome lanes、20 個 blocked actions。
|
||||
- `high-value-config-control-coverage.snapshot.json` 已同步 Docker / systemd maturity `50% -> 54%`,高價值配置平均只讀成熟度 `67% -> 68%`;IwoooS headline 仍維持 `64%`,active runtime gate 維持 `0`。
|
||||
- `security-mirror-progress-guard.py` 已鎖住 Tenants public identity redaction、host-service acceptance snapshot、coverage 數字、candidate ids、false flags 與前端必要繁中文案。
|
||||
|
||||
**本地驗證**:
|
||||
- Host-service acceptance 產生器:`HOST_SERVICE_OWNER_RESPONSE_ACCEPTANCE_OK candidates=9 write_capable=3 checks=14 lanes=7 accepted=0 runtime_gate=0`。
|
||||
- high-value config coverage 重產:`HIGH_VALUE_CONFIG_CONTROL_COVERAGE_OK categories=14 c0=8 avg=68 runtime_gate=0`。
|
||||
- `python3 -m py_compile scripts/security/host-service-owner-response-acceptance.py scripts/security/high-value-config-control-coverage.py scripts/security/security-mirror-progress-guard.py` 通過。
|
||||
- JSON parse:host-service acceptance snapshot、high-value coverage snapshot、IwoooS posture snapshot 與前端 messages 通過。
|
||||
- `DATABASE_URL=postgresql+asyncpg://test:test@127.0.0.1:5432/test PYTHONPATH=apps/api /Users/ogt/.pyenv/shims/python3 -m pytest apps/api/tests/test_awooop_tenant_asset_inventory.py -q` → `2 passed`。
|
||||
- `python3 scripts/security/security-mirror-progress-guard.py --root .` → `SECURITY_MIRROR_PROGRESS_GUARD_OK`。
|
||||
- `python3 scripts/security/source-control-owner-response-guard.py --root .` → `SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`。
|
||||
- `python3 scripts/ops/doc-secrets-sanity-check.py docs .gitea` → `DOC_SECRET_SANITY_OK`。
|
||||
- `pnpm --dir apps/web typecheck` 通過。
|
||||
- `NEXT_PUBLIC_API_URL=https://awoooi.wooo.work SENTRY_SUPPRESS_GLOBAL_ERROR_HANDLER_FILE_WARNING=1 pnpm --dir apps/web build` 通過。
|
||||
- local build artifact scan:Tenants 與 IwoooS server bundle 均未命中 raw owner namespace、raw repository slug、舊英文產品稱呼或工作視窗溝通片語。
|
||||
|
||||
**Gitea / CD**:
|
||||
- Code commit:`8a6be1a1 fix(iwooos): 脫敏 tenants public identity`;Code Review `#4256` Success;CD `#4255` Success;deploy marker `6753dcf0 chore(cd): deploy 8a6be1a [skip ci]`。
|
||||
- Code commit:`225c4313 fix(iwooos): 收斂前端產品識別文案`;Code Review `#4258` Success;CD `#4257` Success;deploy marker `7a06b9ab chore(cd): deploy 225c431 [skip ci]`。
|
||||
- Code commit:`1f2309a4 fix(iwooos): 移除前端殘留英文產品稱呼`;Code Review `#4260` Success;CD `#4259` Success,jobs `6212 tests`、`6213 build-and-deploy`、`6214 post-deploy-checks` 全部 Success;deploy marker `f37167a3 chore(cd): deploy 1f2309a [skip ci]`。
|
||||
- CD `#4259` build-and-deploy 期間曾回報 ArgoCD health `Degraded / OutOfSync` 類 rollout risk,但 rollout、API health 與 post-deploy checks 已成功;此訊號保留為風險證據,不視為 runtime 授權。
|
||||
|
||||
**Production 只讀驗證(deploy marker `f37167a3`)**:
|
||||
- API:`https://awoooi.wooo.work/api/v1/platform/tenants?_v=1f2309a4-final-prod-api` HTTP `200`;可見 `PRD-001`、`核心營運平台`、`代理賞金協議`、`public_product_identity_redacted`;raw owner namespace、raw repository slug、舊英文產品稱呼與工作視窗溝通片語均未命中。
|
||||
- HTML:`https://awoooi.wooo.work/zh-TW/awooop/tenants?_v=1f2309a4-final-prod-html` HTTP `200`;可見 `代理賞金協議`;raw owner namespace、raw repository slug、舊英文產品稱呼與工作視窗溝通片語均未命中。
|
||||
- HTML:`https://awoooi.wooo.work/zh-TW/iwooos?_v=1f2309a4-final-prod-html` HTTP `200`;可見 `代理賞金協議`、`高價值配置`、`68%`、`54%`;raw owner namespace、raw repository slug、舊英文產品稱呼與工作視窗溝通片語均未命中。
|
||||
- In-app browser desktop:`/zh-TW/awooop/tenants?_v=1f2309a4-final-desktop` 可見 `PRD-001`、`核心營運平台`、`代理賞金協議` 與阻塞狀態;`innerWidth=1006`、`scrollWidth=1000`、`horizontalOverflow=false`;forbidden markers `0`。
|
||||
- In-app browser desktop:`/zh-TW/iwooos?_v=1f2309a4-final-desktop` 可見 `高價值配置`、`54%`、`68%`、`runtime gate`、`代理賞金協議`;`innerWidth=1006`、`scrollWidth=1000`、`horizontalOverflow=false`;forbidden markers `0`。
|
||||
- In-app browser mobile `390x844`:`/zh-TW/awooop/tenants?_v=1f2309a4-final-mobile` 可見 `PRD-001`、`核心營運平台`、`代理賞金協議`;`innerWidth=390`、`scrollWidth=384`、`horizontalOverflow=false`;forbidden markers `0`。
|
||||
- In-app browser mobile `390x844`:`/zh-TW/iwooos?_v=1f2309a4-final-mobile` 可見 `高價值配置`、`54%`、`68%`、`runtime gate`、`代理賞金協議`;`innerWidth=390`、`scrollWidth=384`、`horizontalOverflow=false`;forbidden markers `0`。
|
||||
|
||||
**完成度與邊界**:
|
||||
- Tenants public identity redaction:`100%`。
|
||||
- 前端產品識別繁中收斂:`100%`。
|
||||
- Host-service owner response acceptance artifact:`100%`。
|
||||
- Production API / HTML / desktop / mobile verification:`100%`。
|
||||
- Docker / systemd high-value config maturity:`50% -> 54%`。
|
||||
- 高價值配置平均只讀成熟度:`67% -> 68%`。
|
||||
- IwoooS headline:維持 `64%`;active runtime gate:維持 `0`。
|
||||
- request sent、recipient confirmed、owner response received、owner response accepted、live host read、Docker / systemctl / repair-bot / Ansible action、host write、production write、active scan、runtime gate、action button 全部維持 `0 / false`。
|
||||
- 這次完成的是 public information disclosure 修補與只讀資安控管框架,不代表 GitHub primary 切換、repo creation、refs sync、workflow 修改、secret value collection、Nginx / firewall / Docker / host 寫操作或任何 runtime 修復已授權。
|
||||
|
||||
## 2026-06-14|DNS / TLS / certbot owner response acceptance 只讀帳本完成
|
||||
|
||||
**背景**:DNS / TLS / certbot 已被列為 C0 公開入口風險配置,既有 owner confirmation request 已指出 4 個 domain / certificate path 關係需 owner 確認。若缺少 owner response acceptance 帳本,後續容易把 SAN / wildcard / 共用憑證覆蓋確認、憑證到期 metadata、renewal owner 或 ACME route owner 誤判成 DNS query、live TLS probe、certbot renew、Nginx reload 或 route smoke 授權。
|
||||
|
||||
Reference in New Issue
Block a user