feat(web): add IwoooS writeup review

This commit is contained in:
Your Name
2026-05-20 00:45:16 +08:00
parent 466c4ecd31
commit 35d72a8a68
11 changed files with 553 additions and 7 deletions

View File

@@ -1930,6 +1930,49 @@
"field": "runtime gate pointer; active gates=0"
}
}
},
"hostOwnerDecisionRecordWriteupReview": {
"title": "Host Owner Decision Record Write-Up Review Checklist",
"subtitle": "Write-up packets still require read-only review. This only shows whether formal decision record write-up fields are readable and does not mark write-up completed, create or accept decision records, or open runtime gates.",
"checkLabel": "Write-up review",
"guardLabel": "No upgrade",
"items": {
"decisionSummaryReadable": {
"title": "Decision summary readable",
"body": "Confirm the write-up only organizes the human owner decision, risk acceptance boundary, and no-execution statement without adding approval semantics.",
"guard": "write-up review only; completed=0"
},
"scopeExpiryComplete": {
"title": "Scope and expiry complete",
"body": "Confirm scope, exclusions, observation intent, and expiry are readable so the formal record scope is not ambiguous.",
"guard": "record created=false"
},
"scanModeLimitsExplicit": {
"title": "Scan mode limits explicit",
"body": "Confirm observe-only, future active scan, and credentialed scan limits are explicit while not becoming scan authorization.",
"guard": "scan authorized=false"
},
"credentialBoundaryMetadataOnly": {
"title": "Credential boundary metadata only",
"body": "Confirm credential handling still keeps only metadata, owner, and retention boundary without requesting or storing sensitive material.",
"guard": "secret collection=false"
},
"maintenanceRollbackLinked": {
"title": "Maintenance and rollback linked",
"body": "Confirm maintenance window candidates, constraints, rollback owner, recovery path, and human contact remain traceable.",
"guard": "host update=false"
},
"validationEvidenceLinked": {
"title": "Validation evidence linked",
"body": "Confirm post-check metrics, baseline, evidence pointer, and human acceptance condition are linked to the write-up.",
"guard": "accepted=0"
},
"runtimeGateStillSeparate": {
"title": "Runtime gate still separate",
"body": "Confirm the runtime gate pointer still points to a separate follow-up gate and write-up review does not open gates.",
"guard": "active runtime gates=0; action buttons=false"
}
}
}
},
"tickets": {

View File

@@ -1931,6 +1931,49 @@
"field": "runtime gate pointeractive gates=0"
}
}
},
"hostOwnerDecisionRecordWriteupReview": {
"title": "主機 Owner Decision Record Write-Up Review Checklist",
"subtitle": "Write-up packets 後仍需要只讀核對。這裡只顯示正式 decision record 撰寫欄位是否可讀,不會標記 write-up completed、不會建立或接受 decision record、不會開 runtime gate。",
"checkLabel": "Write-up review",
"guardLabel": "不可升級",
"items": {
"decisionSummaryReadable": {
"title": "Decision summary readable",
"body": "確認 write-up 只整理 owner 人工判斷、風險接受邊界與不執行聲明,不新增批准語義。",
"guard": "write-up review onlycompleted=0"
},
"scopeExpiryComplete": {
"title": "Scope and expiry complete",
"body": "確認 scope、排除範圍、觀察目的與到期時間可讀避免正式紀錄範圍不清。",
"guard": "record created=false"
},
"scanModeLimitsExplicit": {
"title": "Scan mode limits explicit",
"body": "確認 observe-only、future active scan 與 credentialed scan 的限制條件明確,且不代表掃描授權。",
"guard": "scan authorized=false"
},
"credentialBoundaryMetadataOnly": {
"title": "Credential boundary metadata only",
"body": "確認 credential handling 仍只保留 metadata、owner 與保存邊界,不要求或保存敏感素材。",
"guard": "secret collection=false"
},
"maintenanceRollbackLinked": {
"title": "Maintenance and rollback linked",
"body": "確認維護窗口候選、限制條件、rollback owner、復原路徑與人工聯絡點都可追。",
"guard": "host update=false"
},
"validationEvidenceLinked": {
"title": "Validation evidence linked",
"body": "確認 post-check metrics、baseline、evidence pointer 與人工驗收條件已連到 write-up。",
"guard": "accepted=0"
},
"runtimeGateStillSeparate": {
"title": "Runtime gate still separate",
"body": "確認 runtime gate pointer 仍指向獨立 follow-up gatewrite-up review 不會開 gate。",
"guard": "active runtime gates=0action buttons=false"
}
}
}
},
"tickets": {

View File

@@ -186,6 +186,13 @@ type HostOwnerDecisionRecordWriteupPacket = {
tone: 'steady' | 'warn' | 'locked'
}
type HostOwnerDecisionRecordWriteupReviewItem = {
key: string
check: string
icon: typeof ShieldCheck
tone: 'steady' | 'warn' | 'locked'
}
const postureMetrics: PostureMetric[] = [
{ key: 'overall', value: '58%', tone: 'warn' },
{ key: 'framework', value: '80-85%', tone: 'steady' },
@@ -437,6 +444,16 @@ const hostOwnerDecisionRecordWriteupPackets: HostOwnerDecisionRecordWriteupPacke
{ key: 'runtimeGatePointerWriteup', packet: 'WU7', icon: ShieldCheck, tone: 'locked' },
]
const hostOwnerDecisionRecordWriteupReviewItems: HostOwnerDecisionRecordWriteupReviewItem[] = [
{ key: 'decisionSummaryReadable', check: 'WR1', icon: ClipboardCheck, tone: 'warn' },
{ key: 'scopeExpiryComplete', check: 'WR2', icon: Radar, tone: 'warn' },
{ key: 'scanModeLimitsExplicit', check: 'WR3', icon: Activity, tone: 'locked' },
{ key: 'credentialBoundaryMetadataOnly', check: 'WR4', icon: Lock, tone: 'locked' },
{ key: 'maintenanceRollbackLinked', check: 'WR5', icon: Clock3, tone: 'warn' },
{ key: 'validationEvidenceLinked', check: 'WR6', icon: CheckCircle2, tone: 'warn' },
{ key: 'runtimeGateStillSeparate', check: 'WR7', icon: ShieldCheck, tone: 'locked' },
]
const evidenceItems = [
'iwooos-posture-projection.snapshot.json',
'security-rollout-policy.snapshot.json',
@@ -1135,6 +1152,34 @@ function HostOwnerDecisionRecordWriteupCard({ item }: { item: HostOwnerDecisionR
)
}
function HostOwnerDecisionRecordWriteupReviewCard({ item }: { item: HostOwnerDecisionRecordWriteupReviewItem }) {
const t = useTranslations('iwooos.hostOwnerDecisionRecordWriteupReview')
const Icon = item.icon
return (
<div style={{ ...band, minHeight: 190, padding: 16 }}>
<div style={{ display: 'flex', alignItems: 'center', justifyContent: 'space-between', gap: 12 }}>
<div style={{ display: 'flex', alignItems: 'center', gap: 9 }}>
<Icon size={18} color={toneColors[item.tone]} />
<span style={{ fontSize: 11, color: '#87867f' }}>{t('checkLabel')}</span>
</div>
<span style={{ fontSize: 11, color: '#9b978b' }}>{item.check}</span>
</div>
<h2 style={{ fontSize: 14, margin: '12px 0 6px', color: '#141413' }}>
{t(`items.${item.key}.title` as never)}
</h2>
<p style={{ fontSize: 12, lineHeight: 1.55, color: '#6f6d66', margin: 0 }}>
{t(`items.${item.key}.body` as never)}
</p>
<div style={{ marginTop: 10, display: 'grid', gap: 5 }}>
<div style={{ fontSize: 11, color: '#87867f' }}>{t('guardLabel')}</div>
<div style={{ fontSize: 11, color: toneColors[item.tone], lineHeight: 1.45 }}>
{t(`items.${item.key}.guard` as never)}
</div>
</div>
</div>
)
}
export default function IwoooSPage({ params }: { params: { locale: string } }) {
const t = useTranslations('iwooos')
@@ -1527,6 +1572,26 @@ export default function IwoooSPage({ params }: { params: { locale: string } }) {
</div>
</section>
<section style={{ marginBottom: 14 }}>
<div style={{ marginBottom: 14 }}>
<h2 style={{ fontSize: 16, margin: 0 }}>{t('hostOwnerDecisionRecordWriteupReview.title')}</h2>
<p style={{ fontSize: 12, color: '#6f6d66', margin: '6px 0 0', lineHeight: 1.55 }}>
{t('hostOwnerDecisionRecordWriteupReview.subtitle')}
</p>
</div>
<div
style={{
display: 'grid',
gridTemplateColumns: 'repeat(auto-fit, minmax(210px, 1fr))',
gap: 12,
}}
>
{hostOwnerDecisionRecordWriteupReviewItems.map(item => (
<HostOwnerDecisionRecordWriteupReviewCard key={item.key} item={item} />
))}
</div>
</section>
<section
style={{
display: 'grid',