docs(iwooos): 記錄主機服務事故回補 gate 驗證 [skip ci]

This commit is contained in:
Your Name
2026-06-15 15:08:02 +08:00
parent 23c6dfea90
commit 51de5fe67e

View File

@@ -1,3 +1,49 @@
## 2026-06-15Docker / systemd 主機服務事故恢復回補 Gate
**背景**110 端口與服務異常後IwoooS 不能只看「服務最後是否恢復」,也不能把 Docker / systemd / compose / repair bot / Ansible 的健康狀態誤判成配置已被資安接受。本階段補上主機服務事故恢復回補 Gate只建立只讀 owner response acceptance、前台可視化與拒收規則不讀 live host、不 SSH、不執行 Docker / systemctl / repair bot / Ansible、不重啟服務、不收 secret 明文。
**完成項目**
- `scripts/security/host-service-owner-response-acceptance.py` 新增事故恢復必填欄位source-of-truth、服務依賴圖、port binding inventory、cold-start sequence、incident recovery evidence、daemon / runner contention review。
- Host service owner response acceptance 固定為 acceptance fields `34`、required owner response fields `18`、reviewer checks `21`、outcome lanes `8`、blocked actions `27`,所有 received / accepted / live / runtime / action count 仍為 `0`
- 新增 `incident_recovery_backfill_required` outcome lane並阻擋接受靜默重啟、把服務 healthy 當配置接受、跳過 source-of-truth、跳過服務依賴圖、跳過 port binding review、跳過 cold-start sequence、隱藏 daemon / runner contention。
- `high-value-config-control-coverage``docker_compose_systemd_host_config` 只讀成熟度從 `54%` 推進到 `58%`,狀態為 `incident_recovery_backfill_ready_needs_live_owner_evidence`;高價值配置平均成熟度維持 `69%`needs-live-evidence 類別為 `10`
- `/zh-TW/iwooos` 前台顯示 `Docker / systemd 主機服務``58%`、事故恢復、服務依賴、port binding、cold-start、source-of-truth 與 daemon / runner contention 邊界;`en.json` 維持繁中鏡像。
**本地驗證**
- JSON parse 驗證 `apps/web/messages/zh-TW.json``apps/web/messages/en.json` 與三份 security snapshot 通過。
- `python3 -m py_compile scripts/security/host-service-owner-response-acceptance.py scripts/security/high-value-config-control-coverage.py scripts/security/iwooos-config-control-guard.py scripts/security/security-mirror-progress-guard.py` 通過。
- `python3 scripts/security/iwooos-config-control-guard.py --root .``IWOOOS_CONFIG_CONTROL_GUARD_OK`
- `python3 scripts/security/security-mirror-progress-guard.py --root .``SECURITY_MIRROR_PROGRESS_GUARD_OK`
- `python3 scripts/security/source-control-owner-response-guard.py --root .``SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`
- `python3 scripts/security/package-supply-chain-owner-policy-guard.py --root .``PACKAGE_SUPPLY_CHAIN_OWNER_POLICY_GUARD_OK`
- `python3 scripts/ops/doc-secrets-sanity-check.py docs .gitea``DOC_SECRET_SANITY_OK scanned_files=871`
- `pnpm --filter @awoooi/web typecheck` 通過。
- `git diff --check` 通過。
- 前端敏感字串掃描未在產品文案中命中 `codex_delegation``source_thread_id`、逐字工作指令、原始 owner namespace、raw blocker 狀態或前台內網 IP只命中既有遮罩規則與 Work Items 內部欄位名稱。
**Gitea / CD**
- Code commit`41f5ff1a feat(iwooos): 強化主機服務事故回補 gate`
- Code-review run`3041`,成功。
- CD run`3040`,成功;`tests``build-and-deploy``post-deploy-checks` 皆成功。
- Deploy marker`23c6dfea chore(cd): deploy 41f5ff1 [skip ci]`
**Production 驗證**
- in-app browser`/zh-TW/iwooos?_v=23c6dfea-host-service-smoke` 顯示 IwoooS、`Docker / systemd 主機服務``58%`、事故恢復、服務依賴、port binding、cold-start、source-of-truth、daemon / runner contention 與執行期 `0`console error `0`;頁面水平溢出 `0`;敏感字串命中 `0`
- Browser desktop `1280x720``/zh-TW/iwooos?_v=23c6dfea-host-service-fixed-fast-desktop``200`console error `0``horizontalOverflow=0`,必填文案缺漏 `0`,敏感字串命中 `0`
- Browser mobile `390x844``/zh-TW/iwooos?_v=23c6dfea-host-service-fixed-fast-mobile``200`console error `0``horizontalOverflow=0`,必填文案缺漏 `0`,敏感字串命中 `0`
- Browser mobile `390x844` 補充 route smoke`/zh-TW/governance?tab=automation-inventory``/zh-TW/awooop/tenants``/zh-TW/code-review` 皆回 `200`、console error `0``horizontalOverflow=0`、敏感字串命中 `0`Tenants 仍可見「脫敏範圍」Code Review 可見繁中「程式碼審查」與候選分類。
- Browser 截圖:
- `/tmp/awoooi-iwooos-desktop-1280x720-23c6dfea.png`
- `/tmp/awoooi-iwooos-mobile-390x844-23c6dfea.png`
**完成度與邊界**
- Host service incident recovery backfill gate`0% -> 100%`
- Docker / systemd / host service 只讀成熟度:`54% -> 58%`
- 高價值配置平均成熟度:維持 `69%`needs-live-evidence 類別:`10`
- IwoooS headline 維持 `64%`active runtime gate 維持 `0`
- owner response received / accepted、source-of-truth accepted、service dependency map accepted、port binding inventory accepted、cold-start sequence accepted、incident recovery evidence accepted、daemon / runner contention accepted、live host read、runtime execution、action button、Docker restart、systemd restart、compose up/down、repair bot、Ansible apply、SSH write、sudo action、active scan、secret collection 全部維持 `0 / false`
- 本輪未 SSH、未讀 live host raw payload、未改 Nginx、未重啟 Docker / service、未修改 firewall / iptables、未執行 active scan、未收 secrets 明文、未 force push。
## 2026-06-15公開閘道 / Nginx 手動與緊急變更回補 Gate
**背景**:使用者指出 Nginx 等重要配置常被臨時變動,資安機制不能只盤點 repo-only 設定,還必須能處理「手動變更、緊急破窗、跨專案 route 影響、回滾驗證與變更後監控」的事後補件。此階段只建立只讀收件與拒收規則,不讀 live conf、不執行 `nginx -t`、不 reload、不改 route、不碰主機。