From 57b21a439917e26b23979f4855f5d011d036df1d Mon Sep 17 00:00:00 2001 From: Your Name Date: Sun, 31 May 2026 13:28:06 +0800 Subject: [PATCH] feat(web): compact iwooos security compliance entry --- apps/web/messages/en.json | 21 + apps/web/messages/zh-TW.json | 21 + .../app/[locale]/security-compliance/page.tsx | 785 ++++++++++++++---- docs/LOGBOOK.md | 54 ++ .../security/SECURITY-MIRROR-STATUS-ROLLUP.md | 12 +- .../SECURITY-SUPPLY-CHAIN-PROGRESS.md | 12 +- .../security-mirror-progress-guard.py | 37 + 7 files changed, 755 insertions(+), 187 deletions(-) diff --git a/apps/web/messages/en.json b/apps/web/messages/en.json index 58e1ea29e..076231eb2 100644 --- a/apps/web/messages/en.json +++ b/apps/web/messages/en.json @@ -4773,6 +4773,27 @@ "rolloutTitle": "低摩擦分階段收斂", "rolloutSubtitle": "初期先建立框架、可視化與證據鏈;等負責人回覆、人工審查與執行期閘門都完成後,再逐步收嚴,不讓資安一開始拖慢產品流程。", "phaseLabel": "階段", + "boundaryCodesSummary": "查看固定邊界鍵值", + "authority": { + "eyebrow": "短版結論", + "title": "IwoooS 是資安主控台;安全合規是熟悉入口", + "body": "這裡先讓使用者看懂入口關係,再把完整總覽交給 IwoooS。現階段仍是只讀、Gate 0,不啟動掃描、修復、批准或部署。", + "open": "前往 IwoooS 主控台", + "signals": { + "source": { + "label": "主控來源" + }, + "progress": { + "label": "整體進度" + }, + "gate": { + "label": "執行閘門" + }, + "mode": { + "label": "目前模式" + } + } + }, "items": { "routePreserved": { "label": "路由策略", diff --git a/apps/web/messages/zh-TW.json b/apps/web/messages/zh-TW.json index c90bebc59..f5a7b664f 100644 --- a/apps/web/messages/zh-TW.json +++ b/apps/web/messages/zh-TW.json @@ -4774,6 +4774,27 @@ "rolloutTitle": "低摩擦分階段收斂", "rolloutSubtitle": "初期先建立框架、可視化與證據鏈;等負責人回覆、人工審查與執行期閘門都完成後,再逐步收嚴,不讓資安一開始拖慢產品流程。", "phaseLabel": "階段", + "boundaryCodesSummary": "查看固定邊界鍵值", + "authority": { + "eyebrow": "短版結論", + "title": "IwoooS 是資安主控台;安全合規是熟悉入口", + "body": "這裡先讓使用者看懂入口關係,再把完整總覽交給 IwoooS。現階段仍是只讀、Gate 0,不啟動掃描、修復、批准或部署。", + "open": "前往 IwoooS 主控台", + "signals": { + "source": { + "label": "主控來源" + }, + "progress": { + "label": "整體進度" + }, + "gate": { + "label": "執行閘門" + }, + "mode": { + "label": "目前模式" + } + } + }, "items": { "routePreserved": { "label": "路由策略", diff --git a/apps/web/src/app/[locale]/security-compliance/page.tsx b/apps/web/src/app/[locale]/security-compliance/page.tsx index 4ac936a59..d14735617 100644 --- a/apps/web/src/app/[locale]/security-compliance/page.tsx +++ b/apps/web/src/app/[locale]/security-compliance/page.tsx @@ -1,4 +1,4 @@ -'use client' +"use client"; /** * 安全合規 (/security-compliance) — Sprint 5 整合頁面 @@ -6,249 +6,635 @@ * @updated 2026-04-09 Claude Opus 4.6 — 改用 Panel 元件解決 double AppLayout */ -import { useTranslations } from 'next-intl' -import Link from 'next/link' -import type { Route } from 'next' -import { Activity, ArrowRight, CheckCircle2, ClipboardCheck, GitBranch, Lock, Radar, ShieldCheck } from 'lucide-react' -import { AppLayout } from '@/components/layout' -import { PageTabs, type TabConfig } from '@/components/layout/page-tabs' -import { SecurityPanel } from '@/components/panels/SecurityPanel' -import { CompliancePanel } from '@/components/panels/CompliancePanel' +import { useTranslations } from "next-intl"; +import Link from "next/link"; +import type { Route } from "next"; +import { + Activity, + ArrowRight, + CheckCircle2, + ClipboardCheck, + GitBranch, + Lock, + Radar, + ShieldCheck, +} from "lucide-react"; +import { AppLayout } from "@/components/layout"; +import { PageTabs, type TabConfig } from "@/components/layout/page-tabs"; +import { SecurityPanel } from "@/components/panels/SecurityPanel"; +import { CompliancePanel } from "@/components/panels/CompliancePanel"; const integrationItems = [ - { key: 'routePreserved', value: '保留', icon: ShieldCheck, color: '#1f7a4d' }, - { key: 'iwooosBridge', value: '整合', icon: GitBranch, color: '#d97757' }, - { key: 'dedupeNarrative', value: '收斂', icon: CheckCircle2, color: '#1f7a4d' }, - { key: 'noRuntimeControl', value: '0', icon: Lock, color: '#6f6d66' }, -] as const + { key: "routePreserved", value: "保留", icon: ShieldCheck, color: "#1f7a4d" }, + { key: "iwooosBridge", value: "整合", icon: GitBranch, color: "#d97757" }, + { + key: "dedupeNarrative", + value: "收斂", + icon: CheckCircle2, + color: "#1f7a4d", + }, + { key: "noRuntimeControl", value: "0", icon: Lock, color: "#6f6d66" }, +] as const; + +const authoritySignals = [ + { key: "source", value: "IwoooS", icon: ShieldCheck, color: "#1f7a4d" }, + { key: "progress", value: "61%", icon: Activity, color: "#d97757" }, + { key: "gate", value: "0", icon: Lock, color: "#6f6d66" }, + { key: "mode", value: "只讀", icon: ClipboardCheck, color: "#1f7a4d" }, +] as const; const integrationBoundaries = [ - 'security_compliance_route_preserved=true', - 'security_compliance_removed=false', - 'security_compliance_integration_mode=iwooos_frontstage_bridge', - 'security_compliance_frontstage_route_role_count=5', - 'security_compliance_frontstage_primary_source=iwooos', - 'security_compliance_frontstage_execution_entry_count=0', - 'security_compliance_frontstage_links_read_only=true', - 'iwooos_authoritative_security_entry=true', - 'runtime_execution_authorized=false', - 'active_runtime_gate_count=0', - 'action_buttons_allowed=false', - 'not_authorization=true', -] as const + "security_compliance_route_preserved=true", + "security_compliance_removed=false", + "security_compliance_integration_mode=iwooos_frontstage_bridge", + "security_compliance_authoritative_entry=iwooos", + "security_compliance_frontstage_summary_mode=compact_first", + "security_compliance_frontstage_default_detail_collapsed=true", + "security_compliance_frontstage_route_role_count=5", + "security_compliance_frontstage_primary_source=iwooos", + "security_compliance_frontstage_execution_entry_count=0", + "security_compliance_frontstage_links_read_only=true", + "iwooos_authoritative_security_entry=true", + "runtime_execution_authorized=false", + "active_runtime_gate_count=0", + "action_buttons_allowed=false", + "not_authorization=true", +] as const; const routeRoleItems = [ - { key: 'iwooosOverview', href: '/iwooos', route: 'IwoooS', icon: ShieldCheck, color: '#1f7a4d' }, - { key: 'securityComplianceHub', href: '/security-compliance', route: '安全合規', icon: Radar, color: '#d97757' }, - { key: 'securityMonitor', href: '/security', route: '安全', icon: Activity, color: '#d97757' }, - { key: 'complianceStats', href: '/compliance', route: '合規', icon: ClipboardCheck, color: '#1f7a4d' }, - { key: 'awooopApprovals', href: '/awooop/approvals', route: 'AwoooP', icon: Lock, color: '#6f6d66' }, -] as const + { + key: "iwooosOverview", + href: "/iwooos", + route: "IwoooS", + icon: ShieldCheck, + color: "#1f7a4d", + }, + { + key: "securityComplianceHub", + href: "/security-compliance", + route: "安全合規", + icon: Radar, + color: "#d97757", + }, + { + key: "securityMonitor", + href: "/security", + route: "安全", + icon: Activity, + color: "#d97757", + }, + { + key: "complianceStats", + href: "/compliance", + route: "合規", + icon: ClipboardCheck, + color: "#1f7a4d", + }, + { + key: "awooopApprovals", + href: "/awooop/approvals", + route: "AwoooP", + icon: Lock, + color: "#6f6d66", + }, +] as const; const rolloutPhaseItems = [ - { key: 'observe', phase: '01', state: '現在', icon: Radar, color: '#d97757' }, - { key: 'evidence', phase: '02', state: '補證', icon: ClipboardCheck, color: '#1f7a4d' }, - { key: 'humanReview', phase: '03', state: '人控', icon: CheckCircle2, color: '#1f7a4d' }, - { key: 'runtimeGate', phase: '04', state: '批准後', icon: ShieldCheck, color: '#6f6d66' }, - { key: 'tightening', phase: '05', state: '收斂', icon: Lock, color: '#6f6d66' }, -] as const + { key: "observe", phase: "01", state: "現在", icon: Radar, color: "#d97757" }, + { + key: "evidence", + phase: "02", + state: "補證", + icon: ClipboardCheck, + color: "#1f7a4d", + }, + { + key: "humanReview", + phase: "03", + state: "人控", + icon: CheckCircle2, + color: "#1f7a4d", + }, + { + key: "runtimeGate", + phase: "04", + state: "批准後", + icon: ShieldCheck, + color: "#6f6d66", + }, + { + key: "tightening", + phase: "05", + state: "收斂", + icon: Lock, + color: "#6f6d66", + }, +] as const; const rolloutBoundaries = [ - 'security_compliance_rollout_phase_count=5', - 'security_compliance_rollout_current_phase=observe_first', - 'security_compliance_rollout_runtime_phase_enabled=false', - 'security_compliance_rollout_enforcement_enabled=false', - 'security_compliance_rollout_action_buttons_allowed=false', - 'runtime_execution_authorized=false', - 'active_runtime_gate_count=0', - 'action_buttons_allowed=false', - 'not_authorization=true', -] as const + "security_compliance_rollout_phase_count=5", + "security_compliance_rollout_current_phase=observe_first", + "security_compliance_rollout_runtime_phase_enabled=false", + "security_compliance_rollout_enforcement_enabled=false", + "security_compliance_rollout_action_buttons_allowed=false", + "runtime_execution_authorized=false", + "active_runtime_gate_count=0", + "action_buttons_allowed=false", + "not_authorization=true", +] as const; function SecurityComplianceFrontStage({ locale: _locale }: { locale: string }) { - const t = useTranslations('securityCompliance.frontStage') - const textWrap = { overflowWrap: 'anywhere' as const, wordBreak: 'break-word' as const } + const t = useTranslations("securityCompliance.frontStage"); + const textWrap = { + overflowWrap: "anywhere" as const, + wordBreak: "break-word" as const, + }; return (
-
- - {t('eyebrow')} -
-

{t('title')}

-

- {t('subtitle')} -

+ + + {t("eyebrow")} + +
+

+ {t("title")} +

+

+ {t("subtitle")} +

+
+
+ + {t("authority.eyebrow")} + +

+ {t("authority.title")} +

+

+ {t("authority.body")} +

+
+
+
+ {authoritySignals.map((item) => { + const Icon = item.icon; + return ( +
+
+ + {t(`authority.signals.${item.key}.label` as never)} + + +
+
+ {item.value} +
+
+ ); + })} +
+ + {t("authority.open")} + + +
+
+
- {integrationItems.map(item => { - const Icon = item.icon + {integrationItems.map((item) => { + const Icon = item.icon; return (
-
- {t(`items.${item.key}.label` as never)} +
+ + {t(`items.${item.key}.label` as never)} +
-
{item.value}
-

+

+ {item.value} +
+

{t(`items.${item.key}.detail` as never)}

- ) + ); })}
-
-
-

{t('routeRoleTitle')}

-

- {t('routeRoleSubtitle')} -

-
-
- {routeRoleItems.map(item => { - const Icon = item.icon - const routeHref = item.href as Route + +
+

+ {t("routeRoleTitle")} +

+

+ {t("routeRoleSubtitle")} +

+
+ +
+
+ {routeRoleItems.map((item) => { + const Icon = item.icon; + const routeHref = item.href as Route; return ( -
- {t('routeLabel')} {item.route} +
+ + {t("routeLabel")} {item.route} +
-

+

{t(`routeRoles.${item.key}.title` as never)}

-

+

{t(`routeRoles.${item.key}.body` as never)}

- ) + ); })}
-
-
+
-
-

{t('rolloutTitle')}

-

- {t('rolloutSubtitle')} -

-
-
- {rolloutPhaseItems.map(item => { - const Icon = item.icon + +
+

+ {t("rolloutTitle")} +

+

+ {t("rolloutSubtitle")} +

+
+ +
+
+ {rolloutPhaseItems.map((item) => { + const Icon = item.icon; return (
-
- {t('phaseLabel')} {item.phase} +
+ + {t("phaseLabel")} {item.phase} +
-
{item.state}
-

+
+ {item.state} +
+

{t(`rolloutPhases.${item.key}.title` as never)}

-

+

{t(`rolloutPhases.${item.key}.body` as never)}

- ) + ); })}
-
- {rolloutBoundaries.map(boundary => ( +
+ {rolloutBoundaries.map((boundary) => ( ))}
-
+
-
+
-

{t('boundaryTitle')}

+

+ {t("boundaryTitle")} +

-

- {t('boundaryIntro')} +

+ {t("boundaryIntro")}

-
- {integrationBoundaries.map(boundary => ( - - {boundary} - - ))} -
+
+ + {t("boundaryCodesSummary")} + + +
+ {integrationBoundaries.map((boundary) => ( + + {boundary} + + ))} +
+
- {t('openIwooos')} + {t("openIwooos")}
- ) + ); } -export default function SecurityCompliancePage({ params }: { params: { locale: string } }) { - const t = useTranslations('nav') +export default function SecurityCompliancePage({ + params, +}: { + params: { locale: string }; +}) { + const t = useTranslations("nav"); const tabs: TabConfig[] = [ - { id: 'security', label: t('security'), content: }, - { id: 'compliance', label: t('compliance'), content: }, - ] + { id: "security", label: t("security"), content: }, + { id: "compliance", label: t("compliance"), content: }, + ]; return ( - ) + ); } diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index 49d4c98f1..3a3deaced 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -41,6 +41,60 @@ git diff --check - OBSERVE / NO_ACTION 類卡片不再被當成 emergency manual backlog,但仍會在拆分數字中保留,避免把觀察訊號隱藏。 - 後續可再處理 fallback LLM failure branch 為何大量建立 `OBSERVE / medium` 卡片;本輪先修可見性與告警準確度,不改 agent 後續更新 PENDING action 的行為。 +## 2026-05-31|IwoooS / 安全合規前台入口短版化 + +**背景**: + +- 使用者回饋 `/zh-TW/iwooos` 與資安相關前台內容不容易一眼理解,且「安全合規」是否整合或移除容易造成入口混淆。 +- 本階段維持資安低摩擦策略:只做前台資訊架構、理解成本收斂與 guard 防退化,不啟動 Kali / SSH / 主機更新 / runtime scan / 修復 / 批准 / 部署控制。 + +**本次調整**: + +- `/security-compliance` 保留既有 SecurityPanel / CompliancePanel,但在第一屏新增短版主控列: + - 主控來源:IwoooS + - 整體進度:61% + - 執行閘門:0 + - 目前模式:只讀 +- 將「前台入口角色對照」、「低摩擦分階段收斂」、「固定邊界鍵值」改為預設收合的漸進揭露區塊,避免使用者一進頁面就被大量證據文字壓住。 +- `security-mirror-progress-guard.py` 新增防退化檢查: + - `security-compliance-authoritative-iwooos-strip` + - `security-compliance-frontstage-boundary-codes` + - `security_compliance_authoritative_entry=iwooos` + - `security_compliance_frontstage_summary_mode=compact_first` + - `security_compliance_frontstage_default_detail_collapsed=true` +- `zh-TW` 與 `en` message 的本次新增前台文案皆以繁體中文呈現。 + +**進度邊界**: + +- 整體資安網仍維持 61%。 +- 框架 / 治理 / 文件 / schema / read-only evidence 約 86-88%。 +- runtime ingestion / GitHub primary / AwoooP production landing 約 40-45%。 +- active runtime gate 仍為 0;本次不是 runtime 授權,也不是掃描、修復、主機更新或主要來源切換。 + +**Verification**: + +```text +python3 -m json.tool apps/web/messages/zh-TW.json / apps/web/messages/en.json + -> pass +python3 -m py_compile scripts/security/security-mirror-progress-guard.py scripts/security/source-control-owner-response-guard.py + -> pass +python3 scripts/security/security-mirror-progress-guard.py + -> SECURITY_MIRROR_PROGRESS_GUARD_OK +python3 scripts/security/source-control-owner-response-guard.py + -> SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK +git diff --check + -> pass +pnpm --dir apps/web exec tsc --noEmit --tsBuildInfoFile /tmp/awoooi-iwooos-security-entry-20260531.tsbuildinfo + -> pass +NEXT_PUBLIC_API_URL=https://awoooi.wooo.work pnpm --dir apps/web run build + -> pass +Browser local verification, /zh-TW/security-compliance: + -> desktop 1280px: short strip visible, 3 details sections, openDetails=0, no horizontal overflow + -> mobile 390px: short strip visible, 3 details sections, openDetails=0, scrollWidth=384, no horizontal overflow +Browser local verification, /zh-TW/iwooos: + -> stage board visible, deploy marker wording present, CD 3261 absent, 61% visible, active gate remains 0 +``` + ## 2026-05-31|CD source-link gate 過期與 pipefail 修復 **背景**: diff --git a/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md b/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md index 456febc93..00ed7ddda 100644 --- a/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md +++ b/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md @@ -50,10 +50,10 @@ | IwoooS S4.9 送件前結果分流 | S2.104 已在 `/iwooos` 顯示 S4.9 負責人回覆封套送件前結果分流;分流=7、可進收件=0、已隔離=0、已拒收=0、已提交=0、已接受=0;`s4_9_owner_response_envelope_preflight_outcome_lane_count=7`、`s4_9_owner_response_envelope_preflight_ready_for_intake_count=0`、`s4_9_owner_response_envelope_preflight_quarantined_count=0`、`s4_9_owner_response_envelope_preflight_rejected_count=0`、`s4_9_owner_response_envelope_submitted_count=0`、`s4_9_owner_response_envelope_accepted_count=0`、`s4_9_owner_response_request_sent=false`、`owner_response_acceptance_gate_open=false`、`audit_events_emitted=0`、`progress_review_authorized=false`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`action_buttons_allowed=false`、`not_authorization=true`,仍不代表 request sent、owner response submitted / received / accepted、audit event emitted、人工批准、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 | | IwoooS S4.9 送件請求草稿 | S2.105 已在 `/iwooos` 顯示 S4.9 負責人回覆送件請求草稿;草稿項=6、可送件=0、已送出=0、稽核事件=0;`s4_9_owner_response_request_draft_item_count=6`、`s4_9_owner_response_request_draft_ready_count=0`、`s4_9_owner_response_request_dispatch_authorized=false`、`s4_9_owner_response_request_sent=false`、`s4_9_owner_response_request_sent_count=0`、`s4_9_owner_response_request_audit_events_emitted=0`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`action_buttons_allowed=false`、`not_authorization=true`,仍不代表 request sent、owner response received / accepted、audit event emitted、人工批准、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 | | IwoooS S4.9 送件鏈路摘要 | S2.106 已在 `/iwooos` 顯示 S4.9 負責人回覆送件鏈路摘要;鏈路步驟=6、目前焦點=request draft、已送出=0、已接受=0;`s4_9_owner_response_dispatch_flow_step_count=6`、`s4_9_owner_response_dispatch_flow_current_step=request_draft`、`s4_9_owner_response_dispatch_flow_completed_count=0`、`s4_9_owner_response_request_sent=false`、`s4_9_owner_response_request_dispatch_authorized=false`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`action_buttons_allowed=false`、`not_authorization=true`,仍不代表 request sent、owner response received / accepted、audit event emitted、人工批准、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 | -| 前台安全合規 IwoooS 整合入口 | S2.107 已保留 `/security-compliance` 並把它整合成 IwoooS 前台友善入口;`security_compliance_route_preserved=true`、`security_compliance_removed=false`、`security_compliance_integration_mode=iwooos_frontstage_bridge`、`iwooos_authoritative_security_entry=true`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`action_buttons_allowed=false`、`not_authorization=true`,仍不代表 runtime 授權、審批、掃描、修復、部署、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 | +| 前台安全合規 IwoooS 整合入口 | S2.107 已保留 `/security-compliance` 並把它整合成 IwoooS 前台友善入口;2026-05-31 已補短版主控列,第一屏直接顯示 IwoooS、61%、執行閘門 0、只讀模式;`security_compliance_route_preserved=true`、`security_compliance_removed=false`、`security_compliance_integration_mode=iwooos_frontstage_bridge`、`security_compliance_authoritative_entry=iwooos`、`security_compliance_frontstage_summary_mode=compact_first`、`security_compliance_frontstage_default_detail_collapsed=true`、`iwooos_authoritative_security_entry=true`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`action_buttons_allowed=false`、`not_authorization=true`,仍不代表 runtime 授權、審批、掃描、修復、部署、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 | | 前台資安入口角色分流 | S2.108 已在 `/iwooos` 顯示 IwoooS、`/security-compliance`、`/security`、`/compliance`、`/awooop/approvals` 五個入口角色;`frontstage_security_entry_role_count=5`、`frontstage_security_primary_entry=iwooos`、`frontstage_security_familiar_entry=security_compliance`、`frontstage_security_execution_entry_count=0`、`frontstage_security_action_buttons_allowed=false`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`not_authorization=true`,仍不代表 runtime 授權、審批、掃描、修復、部署、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 | -| 安全合規前台入口角色對照 | S2.109 已在 `/security-compliance` 顯示 IwoooS、`/security-compliance`、`/security`、`/compliance`、`/awooop/approvals` 五個入口角色對照;`security_compliance_frontstage_route_role_count=5`、`security_compliance_frontstage_primary_source=iwooos`、`security_compliance_frontstage_execution_entry_count=0`、`security_compliance_frontstage_links_read_only=true`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`not_authorization=true`,仍不代表 runtime 授權、審批、掃描、修復、部署、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 | -| 安全合規低摩擦分階段收斂 | S2.110 已在 `/security-compliance` 顯示觀測與盤點、補齊證據、人工審查、批准後開閘、逐步收嚴五個階段;`security_compliance_rollout_phase_count=5`、`security_compliance_rollout_current_phase=observe_first`、`security_compliance_rollout_runtime_phase_enabled=false`、`security_compliance_rollout_enforcement_enabled=false`、`security_compliance_rollout_action_buttons_allowed=false`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`not_authorization=true`,仍不代表 runtime 授權、審批、掃描、修復、部署、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 | +| 安全合規前台入口角色對照 | S2.109 已在 `/security-compliance` 顯示 IwoooS、`/security-compliance`、`/security`、`/compliance`、`/awooop/approvals` 五個入口角色對照;2026-05-31 已改為預設收合,降低第一屏資訊壓力;`security_compliance_frontstage_route_role_count=5`、`security_compliance_frontstage_primary_source=iwooos`、`security_compliance_frontstage_execution_entry_count=0`、`security_compliance_frontstage_links_read_only=true`、`security_compliance_frontstage_default_detail_collapsed=true`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`not_authorization=true`,仍不代表 runtime 授權、審批、掃描、修復、部署、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 | +| 安全合規低摩擦分階段收斂 | S2.110 已在 `/security-compliance` 顯示觀測與盤點、補齊證據、人工審查、批准後開閘、逐步收嚴五個階段;2026-05-31 已改為預設收合,維持低摩擦但不讓前台一次承載過多細節;`security_compliance_rollout_phase_count=5`、`security_compliance_rollout_current_phase=observe_first`、`security_compliance_rollout_runtime_phase_enabled=false`、`security_compliance_rollout_enforcement_enabled=false`、`security_compliance_rollout_action_buttons_allowed=false`、`security_compliance_frontstage_default_detail_collapsed=true`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`not_authorization=true`,仍不代表 runtime 授權、審批、掃描、修復、部署、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 | | IwoooS 低摩擦分階段收斂主控 | S2.111 已在 `/iwooos` 顯示觀測與盤點、補齊證據、人工審查、批准後開閘、逐步收嚴五個階段,並把安全合規 S2.110 的低摩擦策略同步回主入口;`iwooos_rollout_phase_count=5`、`iwooos_rollout_current_phase=observe_first`、`iwooos_rollout_frontstage_source=security_compliance_s2_110`、`iwooos_rollout_runtime_phase_enabled=false`、`iwooos_rollout_enforcement_enabled=false`、`iwooos_rollout_action_buttons_allowed=false`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`not_authorization=true`,仍不代表 runtime 授權、審批、掃描、修復、部署、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 | | IwoooS 低摩擦下一步行動邊界 | S2.112 已在 `/iwooos` 顯示只讀盤點與姿態整理、脫敏證據包、人工審查準備、執行期仍關閉四類行動;`iwooos_next_action_item_count=4`、`iwooos_next_action_allowed_mode=observe_and_evidence_only`、`iwooos_next_action_runtime_gate_required=true`、`iwooos_next_action_scan_authorized=false`、`iwooos_next_action_host_change_authorized=false`、`iwooos_next_action_deploy_authorized=false`、`iwooos_next_action_source_control_mutation_authorized=false`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`not_authorization=true`,仍不代表 runtime 授權、審批、掃描、修復、部署、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 | | IwoooS 61% 進度移動訊號驗收條 | S2.113 已在 `/iwooos` 顯示負責人回覆接受、脫敏證據匯入、執行期閘門、GitHub 主要來源就緒、AwoooP 落地證據五個 headline movement signals;`iwooos_progress_movement_signal_count=5`、`iwooos_progress_current_headline_percent=61`、`iwooos_progress_owner_response_accepted_count=0`、`iwooos_progress_redacted_payload_ingested=false`、`iwooos_progress_active_runtime_gate_count=0`、`iwooos_progress_github_primary_ready_count=0`、`iwooos_progress_awooop_landing_evidence_count=1`、`iwooos_progress_review_authorized=true`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`not_authorization=true`,仍不代表 runtime 授權、審批、掃描、修復、部署、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 | @@ -275,10 +275,10 @@ headline progress 只在高層 gate 真正改變時調整。AwoooP production re | S2.104 IwoooS S4.9 負責人回覆封套送件前結果分流 | framework detail | 0 | 只在 `/iwooos` 顯示 S4.9 負責人回覆封套送件前結果分流,呈現維持封套等待、要求補齊欄位、要求修正判定、隔離敏感證據、要求修正範圍、拒收變更要求、維持後續負責人等待七條分流;s4_9_owner_response_envelope_preflight_outcome_lane_count=7、s4_9_owner_response_envelope_preflight_ready_for_intake_count=0、s4_9_owner_response_envelope_preflight_quarantined_count=0、s4_9_owner_response_envelope_preflight_rejected_count=0、s4_9_owner_response_envelope_submitted_count=0、s4_9_owner_response_envelope_accepted_count=0、s4_9_owner_response_request_sent=false、s4_9_owner_response_received_count=0、s4_9_owner_response_accepted_count=0、owner_response_acceptance_gate_open=false、audit_events_emitted=0、progress_review_authorized=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把送件前結果分流當 request sent、owner response submitted / received / accepted、audit event emitted、人工批准、審批紀錄、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 | | S2.105 IwoooS S4.9 負責人回覆送件請求草稿 | framework detail | 0 | 只在 `/iwooos` 顯示 S4.9 負責人回覆送件請求草稿,呈現收件範圍對應草稿、負責人收件對象草稿、脫敏證據參照草稿、禁止變更條款草稿、稽核事件範本草稿與人工送件閘門草稿六個草稿項;s4_9_owner_response_request_draft_item_count=6、s4_9_owner_response_request_draft_ready_count=0、s4_9_owner_response_request_dispatch_authorized=false、s4_9_owner_response_request_sent=false、s4_9_owner_response_request_sent_count=0、s4_9_owner_response_request_recipients_confirmed_count=0、s4_9_owner_response_request_audit_events_emitted=0、s4_9_owner_response_received_count=0、s4_9_owner_response_accepted_count=0、owner_response_acceptance_gate_open=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把送件請求草稿當 request sent、owner response received / accepted、audit event emitted、人工批准、審批紀錄、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 | | S2.106 IwoooS S4.9 負責人回覆送件鏈路摘要 | framework detail | 0 | 只在 `/iwooos` 顯示 S4.9 負責人回覆送件鏈路摘要,將人工收件工作單、回覆封套欄位、送件前檢查、結果分流、送件請求草稿與人工送件閘門整理成六段專業只讀流程;s4_9_owner_response_dispatch_flow_step_count=6、s4_9_owner_response_dispatch_flow_current_step=request_draft、s4_9_owner_response_dispatch_flow_completed_count=0、s4_9_owner_response_dispatch_flow_blocked_count=0、s4_9_owner_response_request_sent=false、s4_9_owner_response_request_dispatch_authorized=false、s4_9_owner_response_received_count=0、s4_9_owner_response_accepted_count=0、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把送件鏈路摘要當 request sent、owner response received / accepted、audit event emitted、人工批准、審批紀錄、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 | -| S2.107 前台安全合規 IwoooS 整合入口 | framework detail | 0 | 只保留 `/security-compliance` 並把它整合成 IwoooS 前台友善入口,讓前台使用者仍從安全合規看到既有安全監控與合規統計,IwoooS 則成為資安網總覽與唯一姿態來源;security_compliance_route_preserved=true、security_compliance_removed=false、security_compliance_integration_mode=iwooos_frontstage_bridge、iwooos_authoritative_security_entry=true、security_compliance_runtime_execution_authorized=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把前台入口整合當 runtime 授權、審批、掃描、修復、部署、硬性阻擋控制、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 | +| S2.107 前台安全合規 IwoooS 整合入口 | framework detail | 0 | 只保留 `/security-compliance` 並把它整合成 IwoooS 前台友善入口,讓前台使用者仍從安全合規看到既有安全監控與合規統計,IwoooS 則成為資安網總覽與唯一姿態來源;2026-05-31 已補短版主控列,第一屏直接顯示 IwoooS、61%、執行閘門 0、只讀模式;security_compliance_route_preserved=true、security_compliance_removed=false、security_compliance_integration_mode=iwooos_frontstage_bridge、security_compliance_authoritative_entry=iwooos、security_compliance_frontstage_summary_mode=compact_first、security_compliance_frontstage_default_detail_collapsed=true、iwooos_authoritative_security_entry=true、security_compliance_runtime_execution_authorized=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把前台入口整合當 runtime 授權、審批、掃描、修復、部署、硬性阻擋控制、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 | | S2.108 IwoooS 前台資安入口角色分流 | framework detail | 0 | 只在 `/iwooos` 顯示前台資安入口角色分流,將 IwoooS、`/security-compliance`、`/security`、`/compliance`、`/awooop/approvals` 五個入口的使用情境與邊界說清楚;frontstage_security_entry_role_count=5、frontstage_security_primary_entry=iwooos、frontstage_security_familiar_entry=security_compliance、frontstage_security_execution_entry_count=0、frontstage_security_links_read_only=true、frontstage_security_action_buttons_allowed=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把入口角色分流當 runtime 授權、審批、掃描、修復、部署、硬性阻擋控制、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 | -| S2.109 安全合規前台入口角色對照 | framework detail | 0 | 只在 `/security-compliance` 顯示前台入口角色對照,讓熟悉安全合規入口的使用者也能看懂 IwoooS、`/security-compliance`、`/security`、`/compliance`、`/awooop/approvals` 五個入口用途;security_compliance_frontstage_route_role_count=5、security_compliance_frontstage_primary_source=iwooos、security_compliance_frontstage_execution_entry_count=0、security_compliance_frontstage_links_read_only=true、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把入口角色對照當 runtime 授權、審批、掃描、修復、部署、硬性阻擋控制、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 | -| S2.110 安全合規低摩擦分階段收斂 | framework detail | 0 | 只在 `/security-compliance` 顯示低摩擦分階段收斂階梯,把觀測與盤點、補齊證據、人工審查、批准後開閘、逐步收嚴拆成五段;security_compliance_rollout_phase_count=5、security_compliance_rollout_current_phase=observe_first、security_compliance_rollout_runtime_phase_enabled=false、security_compliance_rollout_enforcement_enabled=false、security_compliance_rollout_action_buttons_allowed=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把分階段收斂視覺化當 runtime 授權、審批、掃描、修復、部署、硬性阻擋控制、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 | +| S2.109 安全合規前台入口角色對照 | framework detail | 0 | 只在 `/security-compliance` 顯示前台入口角色對照,讓熟悉安全合規入口的使用者也能看懂 IwoooS、`/security-compliance`、`/security`、`/compliance`、`/awooop/approvals` 五個入口用途;2026-05-31 已改為預設收合,降低第一屏資訊壓力;security_compliance_frontstage_route_role_count=5、security_compliance_frontstage_primary_source=iwooos、security_compliance_frontstage_execution_entry_count=0、security_compliance_frontstage_links_read_only=true、security_compliance_frontstage_default_detail_collapsed=true、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把入口角色對照當 runtime 授權、審批、掃描、修復、部署、硬性阻擋控制、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 | +| S2.110 安全合規低摩擦分階段收斂 | framework detail | 0 | 只在 `/security-compliance` 顯示低摩擦分階段收斂階梯,把觀測與盤點、補齊證據、人工審查、批准後開閘、逐步收嚴拆成五段;2026-05-31 已改為預設收合,維持低摩擦但不讓前台一次承載過多細節;security_compliance_rollout_phase_count=5、security_compliance_rollout_current_phase=observe_first、security_compliance_rollout_runtime_phase_enabled=false、security_compliance_rollout_enforcement_enabled=false、security_compliance_rollout_action_buttons_allowed=false、security_compliance_frontstage_default_detail_collapsed=true、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把分階段收斂視覺化當 runtime 授權、審批、掃描、修復、部署、硬性阻擋控制、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 | | S2.111 IwoooS 低摩擦分階段收斂主控 | framework detail | 0 | 只在 `/iwooos` 顯示低摩擦分階段收斂主控,把安全合規 S2.110 的觀測與盤點、補齊證據、人工審查、批准後開閘、逐步收嚴同步回主入口;iwooos_rollout_phase_count=5、iwooos_rollout_current_phase=observe_first、iwooos_rollout_frontstage_source=security_compliance_s2_110、iwooos_rollout_runtime_phase_enabled=false、iwooos_rollout_enforcement_enabled=false、iwooos_rollout_action_buttons_allowed=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把 IwoooS 主控視覺化當 runtime 授權、審批、掃描、修復、部署、硬性阻擋控制、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 | | S2.112 IwoooS 低摩擦下一步行動邊界 | framework detail | 0 | 只在 `/iwooos` 顯示低摩擦下一步行動邊界,把只讀盤點與姿態整理、脫敏證據包、人工審查準備、執行期仍關閉四類行動拆開;iwooos_next_action_item_count=4、iwooos_next_action_allowed_mode=observe_and_evidence_only、iwooos_next_action_runtime_gate_required=true、iwooos_next_action_scan_authorized=false、iwooos_next_action_host_change_authorized=false、iwooos_next_action_deploy_authorized=false、iwooos_next_action_source_control_mutation_authorized=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把下一步行動邊界當 runtime 授權、審批、掃描、修復、部署、主機變更、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 | | S2.113 IwoooS 61% 進度移動訊號驗收條 | framework detail | 0 | 只在 `/iwooos` 顯示 61% 進度移動訊號驗收條,把負責人回覆接受、脫敏證據匯入、執行期閘門、GitHub 主要來源就緒與 AwoooP 落地證據五個訊號拆開;iwooos_progress_movement_signal_count=5、iwooos_progress_current_headline_percent=61、iwooos_progress_owner_response_accepted_count=0、iwooos_progress_redacted_payload_ingested=false、iwooos_progress_active_runtime_gate_count=0、iwooos_progress_github_primary_ready_count=0、iwooos_progress_awooop_landing_evidence_count=1、iwooos_progress_review_authorized=true、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把進度移動訊號驗收條當 runtime 授權、審批、掃描、修復、部署、主機變更、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 | diff --git a/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md b/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md index af6afe8d5..f65ecef6b 100644 --- a/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md +++ b/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md @@ -170,10 +170,10 @@ S2.50 也把五個可見 gate 拆開:owner response accepted、redacted payloa | S2.104 IwoooS S4.9 負責人回覆封套送件前結果分流 | 已完成草案,在 `/iwooos` 顯示七條送件前結果分流、可進收件=0、已隔離=0、已拒收=0、已提交=0、已接受=0;仍不把結果分流當成 request sent、owner response submitted / received / accepted、audit event emitted、人工批准、主要來源切換或執行期閘門 | 0 | | S2.105 IwoooS S4.9 負責人回覆送件請求草稿 | 已完成草案,在 `/iwooos` 顯示六個送件請求草稿項、可送件=0、已送出=0、稽核事件=0;仍不把送件請求草稿當成 request sent、owner response received / accepted、audit event emitted、人工批准、主要來源切換或執行期閘門 | 0 | | S2.106 IwoooS S4.9 負責人回覆送件鏈路摘要 | 已完成草案,在 `/iwooos` 以專業摘要帶顯示工作單、封套、送件前檢查、結果分流、請求草稿、人工送件閘門六段鏈路,目前焦點=request draft、已送出=0、已接受=0;仍不把送件鏈路摘要當成 request sent、owner response received / accepted、audit event emitted、人工批准、主要來源切換或執行期閘門 | 0 | -| S2.107 前台安全合規 IwoooS 整合入口 | 已完成草案,保留 `/security-compliance` 並新增前台整合說明;`/iwooos` 同步顯示「前台安全合規整合判定」,確認安全合規整合、不移除、runtime gate 0、action button 0;仍不把前台入口整合當成 runtime 授權、審批、掃描、修復、部署、主要來源切換或執行期閘門 | 0 | +| S2.107 前台安全合規 IwoooS 整合入口 | 已完成草案,保留 `/security-compliance` 並新增前台整合說明;2026-05-31 已補短版主控列,第一屏直接顯示 IwoooS、61%、執行閘門 0、只讀模式;`/iwooos` 同步顯示「前台安全合規整合判定」,確認安全合規整合、不移除、runtime gate 0、action button 0;仍不把前台入口整合當成 runtime 授權、審批、掃描、修復、部署、主要來源切換或執行期閘門 | 0 | | S2.108 IwoooS 前台資安入口角色分流 | 已完成草案,在 `/iwooos` 顯示五個前台資安入口角色:IwoooS、`/security-compliance`、`/security`、`/compliance`、`/awooop/approvals`;仍不把入口分流當成 runtime 授權、審批、掃描、修復、部署、主要來源切換或執行期閘門 | 0 | -| S2.109 安全合規前台入口角色對照 | 已完成草案,在 `/security-compliance` 顯示五個前台資安入口角色對照:IwoooS、`/security-compliance`、`/security`、`/compliance`、`/awooop/approvals`;仍不把入口對照當成 runtime 授權、審批、掃描、修復、部署、主要來源切換或執行期閘門 | 0 | -| S2.110 安全合規低摩擦分階段收斂 | 已完成草案,在 `/security-compliance` 顯示五段收斂階梯:觀測與盤點、補齊證據、人工審查、批准後開閘、逐步收嚴;仍不把收斂階梯當成 runtime 授權、審批、掃描、修復、部署、主要來源切換或執行期閘門 | 0 | +| S2.109 安全合規前台入口角色對照 | 已完成草案,在 `/security-compliance` 顯示五個前台資安入口角色對照:IwoooS、`/security-compliance`、`/security`、`/compliance`、`/awooop/approvals`;2026-05-31 已改為預設收合,降低第一屏資訊壓力;仍不把入口對照當成 runtime 授權、審批、掃描、修復、部署、主要來源切換或執行期閘門 | 0 | +| S2.110 安全合規低摩擦分階段收斂 | 已完成草案,在 `/security-compliance` 顯示五段收斂階梯:觀測與盤點、補齊證據、人工審查、批准後開閘、逐步收嚴;2026-05-31 已改為預設收合,維持低摩擦但不讓前台一次承載過多細節;仍不把收斂階梯當成 runtime 授權、審批、掃描、修復、部署、主要來源切換或執行期閘門 | 0 | | S2.111 IwoooS 低摩擦分階段收斂主控 | 已完成草案,在 `/iwooos` 顯示五段收斂主控:觀測與盤點、補齊證據、人工審查、批准後開閘、逐步收嚴,並同步安全合規 S2.110 的低摩擦策略;仍不把主控視覺化當成 runtime 授權、審批、掃描、修復、部署、主要來源切換或執行期閘門 | 0 | | S2.112 IwoooS 低摩擦下一步行動邊界 | 已完成草案,在 `/iwooos` 顯示只讀盤點與姿態整理、脫敏證據包、人工審查準備、執行期仍關閉四類下一步;仍不把行動邊界當成 runtime 授權、審批、掃描、修復、部署、主機變更、主要來源切換或執行期閘門 | 0 | | S2.113 IwoooS 61% 進度移動訊號驗收條 | 已完成草案,在 `/iwooos` 顯示負責人回覆接受、脫敏證據匯入、執行期閘門、GitHub 主要來源就緒、AwoooP 落地證據五個 headline movement signals;目前 AwoooP 落地證據=1,其餘四項仍為 0 / false;仍不把訊號驗收條當成 runtime 授權、審批、掃描、修復、部署、主機變更、主要來源切換或執行期閘門 | 0 | @@ -329,10 +329,10 @@ headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner respons | S2.104 IwoooS S4.9 負責人回覆封套送件前結果分流 | 完成草案 | `/iwooos` 新增 S4.9 負責人回覆封套送件前結果分流看板,列出維持封套等待、要求補齊欄位、要求修正判定、隔離敏感證據、要求修正範圍、拒收變更要求、維持後續負責人等待七條分流 | 使用者與另一個 AwoooP Session 能直接知道送件前檢查後要回到哪個補正或隔離分流;結果分流仍不是 request sent、owner response submitted / received / accepted、audit event emitted、人工批准、主要來源切換或執行期閘門 | | S2.105 IwoooS S4.9 負責人回覆送件請求草稿 | 完成草案 | `/iwooos` 新增 S4.9 負責人回覆送件請求草稿看板,列出收件範圍對應草稿、負責人收件對象草稿、脫敏證據參照草稿、禁止變更條款草稿、稽核事件範本草稿、人工送件閘門草稿六個草稿項 | 使用者與另一個 AwoooP Session 能直接知道封套通過預檢後仍需要人工整理與批准送件;送件請求草稿仍不是 request sent、owner response received / accepted、audit event emitted、人工批准、主要來源切換或執行期閘門 | | S2.106 IwoooS S4.9 負責人回覆送件鏈路摘要 | 完成草案 | `/iwooos` 新增 S4.9 負責人回覆送件鏈路摘要帶,以六段流程顯示人工收件工作單、回覆封套欄位、送件前檢查、結果分流、送件請求草稿、人工送件閘門,並把目前焦點固定為 request draft | 使用者與另一個 AwoooP Session 能用更專業的視覺摘要理解 S4.9 不是卡住,而是仍停在只讀送件前準備;送件鏈路摘要仍不是 request sent、owner response received / accepted、audit event emitted、人工批准、主要來源切換或執行期閘門 | -| S2.107 前台安全合規 IwoooS 整合入口 | 完成草案 | `/security-compliance` 保留既有 SecurityPanel / CompliancePanel 頁籤並新增 IwoooS 前台整合說明;`/iwooos` 新增前台安全合規整合判定看板 | 專業判定是整合而非移除:安全合規維持前台熟悉入口,IwoooS 統一資安總覽與姿態來源;此整合仍不是 runtime 授權、審批、掃描、修復、部署、主要來源切換或執行期閘門 | +| S2.107 前台安全合規 IwoooS 整合入口 | 完成草案 | `/security-compliance` 保留既有 SecurityPanel / CompliancePanel 頁籤,並新增 IwoooS 短版主控列與前台整合說明;`/iwooos` 新增前台安全合規整合判定看板 | 專業判定是整合而非移除:安全合規維持前台熟悉入口,IwoooS 統一資安總覽與姿態來源;第一屏先講短版結論,細節再逐步展開;此整合仍不是 runtime 授權、審批、掃描、修復、部署、主要來源切換或執行期閘門 | | S2.108 IwoooS 前台資安入口角色分流 | 完成草案 | `/iwooos` 新增前台資安入口角色分流看板,列出 IwoooS、`/security-compliance`、`/security`、`/compliance`、`/awooop/approvals` 五個入口 | 使用者能快速理解每個資安入口該看什麼:總覽、熟悉入口、事件、合規統計、人控等待;此分流仍不是 runtime 授權、審批、掃描、修復、部署、主要來源切換或執行期閘門 | -| S2.109 安全合規前台入口角色對照 | 完成草案 | `/security-compliance` 新增前台入口角色對照,列出 IwoooS、`/security-compliance`、`/security`、`/compliance`、`/awooop/approvals` 五個入口 | 使用者從熟悉的安全合規入口進來時,也能快速理解哪裡看總覽、哪裡看事件、哪裡看統計、哪裡看人控等待;此對照仍不是 runtime 授權、審批、掃描、修復、部署、主要來源切換或執行期閘門 | -| S2.110 安全合規低摩擦分階段收斂 | 完成草案 | `/security-compliance` 新增低摩擦分階段收斂階梯,列出觀測與盤點、補齊證據、人工審查、批准後開閘、逐步收嚴 | 使用者能理解目前不是卡住,而是刻意先建框架與證據鏈;後續只有人工批准後才會進入執行期與逐步收嚴 | +| S2.109 安全合規前台入口角色對照 | 完成草案 | `/security-compliance` 新增前台入口角色對照,列出 IwoooS、`/security-compliance`、`/security`、`/compliance`、`/awooop/approvals` 五個入口,並改為預設收合 | 使用者從熟悉的安全合規入口進來時,第一眼先看到主控結論;需要細節時再展開角色對照。此對照仍不是 runtime 授權、審批、掃描、修復、部署、主要來源切換或執行期閘門 | +| S2.110 安全合規低摩擦分階段收斂 | 完成草案 | `/security-compliance` 新增低摩擦分階段收斂階梯,列出觀測與盤點、補齊證據、人工審查、批准後開閘、逐步收嚴,並改為預設收合 | 使用者能理解目前不是卡住,而是刻意先建框架與證據鏈;後續只有人工批准後才會進入執行期與逐步收嚴,且不讓第一屏被過多細節壓住 | | S2.111 IwoooS 低摩擦分階段收斂主控 | 完成草案 | `/iwooos` 新增低摩擦分階段收斂主控,列出觀測與盤點、補齊證據、人工審查、批准後開閘、逐步收嚴,並顯示 IwoooS 仍停在觀測優先 | 使用者從主入口就能理解整個資安網仍採低摩擦框架先行;這不是 runtime 授權、審批、掃描、修復、部署、主要來源切換或執行期閘門 | | S2.112 IwoooS 低摩擦下一步行動邊界 | 完成草案 | `/iwooos` 新增低摩擦下一步行動邊界,列出只讀盤點與姿態整理、脫敏證據包、人工審查準備、執行期仍關閉四類行動 | 使用者能直接知道現階段可以繼續推框架與證據,但掃描、主機變更、部署、版本來源操作都仍等待明確批准與 runtime gate | | S2.113 IwoooS 61% 進度移動訊號驗收條 | 完成草案 | `/iwooos` 顯示 61% 進度移動訊號驗收條,列出 owner response、脫敏 evidence、runtime gate、GitHub primary、AwoooP landing 五個真實移動訊號 | 使用者能直接看到 61% 下一次要動起來需要哪些證據;目前 AwoooP landing evidence=1,其餘四個訊號仍是 0 或 false,所以 headline 不灌水 | diff --git a/scripts/security/security-mirror-progress-guard.py b/scripts/security/security-mirror-progress-guard.py index e9e3f8c88..de2e377a8 100755 --- a/scripts/security/security-mirror-progress-guard.py +++ b/scripts/security/security-mirror-progress-guard.py @@ -8282,6 +8282,11 @@ def validate(root: Path) -> None: security_compliance_page, 'data-testid="security-compliance-iwooos-frontstage-bridge"', ) + assert_text_contains( + "security_compliance_page.authoritative_iwooos_strip_testid", + security_compliance_page, + 'data-testid="security-compliance-authoritative-iwooos-strip"', + ) assert_text_contains( "security_compliance_page.frontstage_component", security_compliance_page, @@ -8297,6 +8302,11 @@ def validate(root: Path) -> None: security_compliance_page, 'data-testid="security-compliance-low-friction-rollout-ladder"', ) + assert_text_contains( + "security_compliance_page.frontstage_boundary_codes_testid", + security_compliance_page, + 'data-testid="security-compliance-frontstage-boundary-codes"', + ) assert_text_contains( "iwooos_page.security_compliance_frontstage_testid", iwooos_projection_page, @@ -8332,6 +8342,9 @@ def validate(root: Path) -> None: "security_compliance_frontstage_primary_source=iwooos", "security_compliance_frontstage_execution_entry_count=0", "security_compliance_frontstage_links_read_only=true", + "security_compliance_authoritative_entry=iwooos", + "security_compliance_frontstage_summary_mode=compact_first", + "security_compliance_frontstage_default_detail_collapsed=true", ]: assert_text_contains( "security_compliance_page.frontstage_route_role_boundary", @@ -8386,6 +8399,8 @@ def validate(root: Path) -> None: "rolloutTitle", "rolloutSubtitle", "phaseLabel", + "boundaryCodesSummary", + "authority", "items", "routeRoles", "rolloutPhases", @@ -8400,6 +8415,28 @@ def validate(root: Path) -> None: list(web_messages_en["securityCompliance"]["frontStage"].keys()), key, ) + for key in ["eyebrow", "title", "body", "open", "signals"]: + assert_contains( + "web_messages.zh-TW.securityCompliance.frontStage.authority.keys", + list(web_messages_zh["securityCompliance"]["frontStage"]["authority"].keys()), + key, + ) + assert_contains( + "web_messages.en.securityCompliance.frontStage.authority.keys", + list(web_messages_en["securityCompliance"]["frontStage"]["authority"].keys()), + key, + ) + for key in ["source", "progress", "gate", "mode"]: + assert_contains( + "web_messages.zh-TW.securityCompliance.frontStage.authority.signals", + list(web_messages_zh["securityCompliance"]["frontStage"]["authority"]["signals"].keys()), + key, + ) + assert_contains( + "web_messages.en.securityCompliance.frontStage.authority.signals", + list(web_messages_en["securityCompliance"]["frontStage"]["authority"]["signals"].keys()), + key, + ) for key in ["routePreserved", "iwooosBridge", "dedupeNarrative", "noRuntimeControl"]: assert_contains( "web_messages.zh-TW.securityCompliance.frontStage.items",