From 5ed5022cd70304824b8aac833dfb88a72ea08c6d Mon Sep 17 00:00:00 2001 From: Your Name Date: Sun, 31 May 2026 15:50:39 +0800 Subject: [PATCH] =?UTF-8?q?fix(web):=20=E6=94=B6=E6=96=82=20IwoooS=20?= =?UTF-8?q?=E8=8B=B1=E6=96=87=E5=85=A7=E5=AE=B9=E7=82=BA=E7=B9=81=E4=B8=AD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/web/messages/en.json | 1778 ++++++++--------- docs/LOGBOOK.md | 42 + .../security-mirror-progress-guard.py | 1 + 3 files changed, 932 insertions(+), 889 deletions(-) diff --git a/apps/web/messages/en.json b/apps/web/messages/en.json index 8f8e8acaf..d461d892a 100644 --- a/apps/web/messages/en.json +++ b/apps/web/messages/en.json @@ -4867,11 +4867,11 @@ "iwooos": { "eyebrow": "資訊安全網", "title": "IwoooS", - "subtitle": "The security mesh posture entry. It gathers Kali, source control, 負責人回覆, approval gates, and AwoooP mirror-only evidence into one readable posture without starting scans, repairs, or product blockers.", + "subtitle": "資安網的態勢入口。把 Kali、原始碼管控、負責人回覆、審批閘門、AwoooP 只讀鏡像證據收成一個可讀的資安態勢,不啟動掃描、不修復、不阻擋產品流程。", "boundary": { - "label": "Current boundary", + "label": "目前邊界", "state": "只讀鏡像 / 先觀測", - "detail": "All numbers come from verified snapshots and guards. This page only displays posture, gaps, next gates, and non-blocking lanes." + "detail": "所有數字來自已驗證 snapshot 與 guard。此頁只顯示態勢、缺口、下一個 gate 與非阻擋分流。" }, "informationArchitecture": { "overview": { @@ -4901,24 +4901,24 @@ }, "metrics": { "overall": { - "label": "Overall mesh", - "detail": "headline progress, not authorization" + "label": "整體資安網", + "detail": "headline 進度,不是授權" }, "framework": { - "label": "Framework maturity", - "detail": "docs, schema, read-only evidence" + "label": "框架成熟度", + "detail": "文件、schema、只讀 evidence" }, "runtime": { - "label": "Runtime landing", - "detail": "執行期閘門s are not active" + "label": "落地執行", + "detail": "runtime 閘門尚未啟用" }, "contracts": { - "label": "Core contracts", + "label": "主要契約", "detail": "33 ready / 2 partial / 1 contract-only" }, "activeGates": { - "label": "主動執行期閘門", - "detail": "kept at 0 before approval" + "label": "主動執行閘門", + "detail": "人工批准前維持 0" } }, "allProductCoverageSnapshot": { @@ -5034,1747 +5034,1747 @@ "pillars": { "exposure": { "title": "暴露面態勢", - "state": "Waiting evidence", - "body": "Mainstream security management puts assets, exposure, vulnerabilities, and owner gates in one view. IwoooS shows coverage gaps without turning them into blockers." + "state": "等待證據", + "body": "主流資安管理會把資產、暴露面、弱點與 owner gate 放在同一張圖。IwoooS 先顯示覆蓋缺口,不把缺口變成阻擋。" }, "sourceControl": { - "title": "版本控制供應鏈", - "state": "Draft gated", - "body": "GitHub is the long-term direction, but refs, workflows, secret names, and rollback ADRs still need 負責人回覆s." + "title": "原始碼供應鏈", + "state": "草案受閘門控管", + "body": "Gitea 到 GitHub 的長期方向已確認,但 refs、workflow、secret name 與 rollback ADR 仍需負責人回覆。" }, "kali": { - "title": "Kali 112 Mesh", - "state": "Observe-only", - "body": "Kali 112 is in scope, and 111 / 168 are also observe-only. Active scan and /execute remain block candidates." + "title": "Kali 112 網格", + "state": "只觀測", + "body": "Kali 112 已在資安網範圍中,111 / 168 也納入 observe-only。active scan 與 /execute 仍維持封鎖候選。" }, "governance": { - "title": "Approval Boundary", - "state": "Locked", - "body": "7 pending approvals, 1 block candidate, and 0 active 執行期閘門s. Execution requires a human decision record and a follow-up 執行期閘門." + "title": "審批邊界", + "state": "已鎖定", + "body": "7 個 pending approval、1 個 block candidate、0 active 執行期閘門s。任何執行都必須先留下人工決策與後續 執行期閘門。" } }, "lanes": { - "title": "Non-blocking Lanes", - "subtitle": "The initial phase stays observe / warn so security does not slow product and deployment flow.", + "title": "非阻擋分流", + "subtitle": "初期只 observe / warn,避免資安框架拖慢產品與部署節奏。", "lowMedium": { - "title": "LOW / MEDIUM observation", - "body": "Label risk, create follow-up, add evidence_ref, do not block deploy." + "title": "低 / 中風險觀測", + "body": "標風險、建 follow-up、補 evidence_ref,不阻擋 deploy。" }, "ownerMissing": { - "title": "負責人回覆缺漏", - "body": "Show gaps and the next collection candidate; do not treat silence as rejection." + "title": "負責人回覆缺口", + "body": "顯示缺口與下一個收件候選,不把未回覆當拒絕。" }, "mirrorIncomplete": { - "title": "Mirror data incomplete", - "body": "Show partial / quarantine reason and wait for a new redacted snapshot." + "title": "鏡像資料不完整", + "body": "顯示 partial / quarantine reason,等待新的 redacted snapshot。" }, "sourceDrift": { - "title": "Source-control drift draft", - "body": "Keep the draft reconcile plan; do not sync refs or force push." + "title": "原始碼漂移草案", + "body": "維持 draft reconcile plan,不 sync refs、不 force push。" }, "kaliObserve": { "title": "Kali observe finding", - "body": "Show only redacted finding summary; do not start active scan." + "body": "只顯示 redacted finding summary,不啟動 active scan。" }, "workflowGap": { "title": "工作流程 / 機密 name gap", - "body": "Request redacted export; do not collect 機密明文值s or enable runners." + "body": "要求 redacted export,不收集 機密明文值、不啟用 runner。" }, "progressHolding": { "title": "Progress display holding", - "body": "61% means high-level gates are pending; it is neither stuck nor runtime approval." + "body": "61% 代表等待高層 gate,不代表卡住,也不是 runtime approval。" } }, "existingSurfaces": { - "title": "Existing Security Surfaces", - "subtitle": "Collects the frontend routes that already carry security, compliance, alert, authorization, governance, audit, and code review signals into one read-only index.", - "sourceLabel": "Original source", - "mode": "read-only link / no execution button", + "title": "既有資安頁面整合", + "subtitle": "把前端原本已存在的安全、合規、告警、授權、治理、稽核與 Code Review 入口收成一張只讀索引,讓使用者知道資安能力已經散在哪裡。", + "sourceLabel": "原始來源", + "mode": "只讀連結 / 不新增執行按鈕", "items": { "securityCompliance": { - "title": "Security Compliance Hub", - "body": "The existing integrated page for SecurityPanel and CompliancePanel, covering errors, incidents, repair, and compliance stats.", - "source": "SecurityPanel / CompliancePanel; errors, incident summary, auto-repair stats" + "title": "安全合規整合頁", + "body": "SecurityPanel 與 CompliancePanel 的既有整合頁,集中顯示錯誤、事件、修復與合規統計。", + "source": "SecurityPanel / CompliancePanel;errors、incident summary、auto-repair stats" }, "legacySecurity": { - "title": "Legacy Security Monitor", - "body": "Keeps the earlier standalone security route visible so existing error stats and Sentry issue entrypoints do not disappear behind IwoooS.", - "source": "apps/web/src/app/[locale]/security/page.tsx; errors stats / issues" + "title": "既有安全監控頁", + "body": "保留早期 standalone security route 的可見性,避免既有錯誤統計與 Sentry issue 入口被 IwoooS 吃掉。", + "source": "apps/web/src/app/[locale]/security/page.tsx;errors stats / issues" }, "legacyCompliance": { - "title": "Legacy Compliance Page", - "body": "Keeps the earlier standalone compliance route visible for incident, playbook, and auto-repair effectiveness data.", - "source": "apps/web/src/app/[locale]/compliance/page.tsx; incident summary / auto-repair stats" + "title": "既有合規頁", + "body": "保留早期 standalone compliance route 的可見性,顯示 incident、playbook 與 auto-repair 成效資料。", + "source": "apps/web/src/app/[locale]/compliance/page.tsx;incident summary / auto-repair stats" }, "alerts": { - "title": "Alert Management", - "body": "The active incident surface sorted from P0 to P3, feeding near-real-time security posture signals.", - "source": "useIncidents; incidents / pending approvals" + "title": "告警管理", + "body": "現有 active incident 入口,依 P0 到 P3 顯示告警與處理狀態,作為資安態勢的即時訊號。", + "source": "useIncidents;incidents / pending approvals" }, "errors": { - "title": "Errors and UX Audit", - "body": "The existing error tracking and UX audit entrypoint for issues, trends, session replay, and user friction.", - "source": "ErrorsPanel; error stats / trends / ux-audit" + "title": "錯誤與 UX 稽核", + "body": "現有錯誤追蹤與 UX audit 入口,可回看 issue、趨勢、session replay 與使用者痛點。", + "source": "ErrorsPanel;error stats / trends / ux-audit" }, "authorizations": { - "title": "Authorization Center", - "body": "The existing HITL and multi-sig entrypoint, preserving the human control boundary before future security 執行期閘門s.", - "source": "LiveApprovalPanel; pending approvals / SSE" + "title": "授權中心", + "body": "HITL 與 multi-sig 的既有入口,是未來資安 執行期閘門 前必須保留的人控邊界。", + "source": "LiveApprovalPanel;pending approvals / SSE" }, "governance": { - "title": "AI Governance Hub", - "body": "The existing governance events, SLO, remediation queue, and dry-run history surface for automation evidence.", - "source": "governance tabs; AI SLO / governance events / queue" + "title": "AI 治理中樞", + "body": "現有治理事件、SLO、補救佇列與 dry-run history 入口,適合作為自動化前的治理證據面。", + "source": "governance tabs;AI SLO / governance events / queue" }, "alertOperationLogs": { - "title": "Alert Operation Logs", - "body": "The full alert operation log surface for guardrails, preflight, approval escalation, and handling results.", - "source": "alert-operation-logs; events / stats" + "title": "告警操作日誌", + "body": "完整 alert operation log 入口,能看見 guardrail、preflight、approval escalation 與處理結果。", + "source": "alert-operation-logs;events / stats" }, "awooopApprovals": { - "title": "AwoooP Approval Queue", - "body": "The existing AwoooP approvals page showing read-only dry-run, write observed, blocked, and human gate status.", - "source": "AwoooP approvals; platform approvals" + "title": "AwoooP 審批佇列", + "body": "AwoooP approvals 既有頁面,顯示 read-only dry-run、write observed、blocked 等人控狀態。", + "source": "AwoooP approvals;platform approvals" }, "codeReview": { "title": "AI Code Review 控制面", - "body": "The existing Code Review page showing Hermes, OpenClaw, Elephant Alpha, NemoTron, and the non-blocking review pipeline.", - "source": "code-review page; review pipeline / agent assignment" + "body": "既有 Code Review 頁面顯示 Hermes、OpenClaw、Elephant Alpha、NemoTron 與 non-blocking review pipeline。", + "source": "code-review page;review pipeline / agent assignment" } } }, "surfaceConnections": { - "title": "Security Page Connection Status", - "subtitle": "Shows how the 10 existing entrypoints connect back to IwoooS: direct bridge, embedded panel bridge, or AwoooP read-only candidate. This is visible coverage only, not authorization or blocking.", + "title": "資安頁面連接狀態", + "subtitle": "把 10 個既有入口目前如何接回 IwoooS 說清楚:有些是直接橋接,有些是嵌入原本面板,有些是 AwoooP 只讀候選。這只是可見覆蓋,不代表授權或阻擋。", "states": { - "embeddedBridge": "Embedded bridge visible", - "directBridge": "Direct bridge visible", - "awooopCandidate": "AwoooP read-only candidate" + "embeddedBridge": "嵌入橋接可見", + "directBridge": "直接橋接可見", + "awooopCandidate": "AwoooP 只讀候選" }, "items": { "securityCompliance": { - "title": "Security Compliance Hub", - "body": "Shows IwoooS inclusion through the embedded SecurityPanel and CompliancePanel bridges.", - "boundary": "Displays integration status only; no repair, approval, deploy, or blocking control is added." + "title": "安全合規整合頁", + "body": "透過 SecurityPanel 與 CompliancePanel 的內嵌橋接顯示 IwoooS 納管狀態。", + "boundary": "只顯示整合狀態,不新增修復、批准、部署或 blocking control。" }, "legacySecurity": { - "title": "Legacy Security Monitor", - "body": "The standalone security page now shows the IwoooS read-only bridge and 61% / gate 0 boundary.", - "boundary": "Keeps error and security signals visible without turning the page into a scan entrypoint." + "title": "既有安全監控頁", + "body": "standalone 安全頁已直接顯示 IwoooS 只讀橋接與 61% / gate 0 邊界。", + "boundary": "只保留錯誤與安全訊號可見,不把頁面升級成掃描入口。" }, "legacyCompliance": { - "title": "Legacy Compliance Page", - "body": "The standalone compliance page now shows the IwoooS read-only bridge and runtime false boundary.", - "boundary": "Displays compliance state only; no 負責人回覆, approval, or 執行期閘門 is created." + "title": "既有合規頁", + "body": "standalone 合規頁已直接顯示 IwoooS 只讀橋接與 runtime false 邊界。", + "boundary": "只顯示合規狀態,不建立 負責人回覆、approval 或 執行期閘門。" }, "alerts": { - "title": "Alert Management", - "body": "The active incident page now shows the IwoooS read-only bridge so alert signals return to the mesh.", - "boundary": "Displays alert inclusion only; no alert blocker, scan, or repair is added." + "title": "告警管理", + "body": "active incident 頁已直接顯示 IwoooS 只讀橋接,讓告警訊號回到資安網。", + "boundary": "只顯示告警納管狀態,不新增 alert blocker、scan 或 repair。" }, "errors": { - "title": "Errors and UX Audit", - "body": "ErrorsPanel now shows the IwoooS read-only bridge so errors and UX audit stay observable.", - "boundary": "Keeps issue tracking and user friction visible without adding execution controls." + "title": "錯誤與 UX 稽核", + "body": "ErrorsPanel 已直接顯示 IwoooS 只讀橋接,讓錯誤與 UX audit 被納入觀察。", + "boundary": "只保留問題追蹤與使用者痛點可見,不新增執行控制。" }, "authorizations": { - "title": "Authorization Center", - "body": "The authorization page now shows the IwoooS read-only bridge while preserving HITL / multi-sig control.", - "boundary": "The bridge is not an approval record and cannot mark 負責人回覆 accepted." + "title": "授權中心", + "body": "授權頁已直接顯示 IwoooS 只讀橋接,維持 HITL / multi-sig 人控邊界。", + "boundary": "橋接不是 approval record,也不能標記 負責人回覆 accepted。" }, "governance": { - "title": "AI Governance Hub", - "body": "The governance page now shows the IwoooS read-only bridge so SLOs, events, and queues remain evidence surfaces.", - "boundary": "Displays governance evidence only; visibility is not runtime authorization." + "title": "AI 治理中樞", + "body": "治理頁已直接顯示 IwoooS 只讀橋接,讓 SLO、events 與 queue 成為證據面。", + "boundary": "只顯示治理證據,不把治理可見性升成 runtime authorization。" }, "alertOperationLogs": { - "title": "Alert Operation Logs", - "body": "The operation log page now shows the dark IwoooS read-only bridge and keeps the audit chain visible.", - "boundary": "Displays event flow only; no preflight bypass, repair, or deploy is added." + "title": "告警操作日誌", + "body": "告警操作日誌已直接顯示深色 IwoooS 只讀橋接,保留稽核鏈路可見。", + "boundary": "只顯示事件流,不新增 preflight bypass、repair 或 deploy。" }, "awooopApprovals": { - "title": "AwoooP Approval Queue", - "body": "AwoooP approvals connect back to IwoooS through the owner-response read-only candidate.", - "boundary": "AwoooP human gate state is not security approval and cannot open 執行期閘門s." + "title": "AwoooP 審批佇列", + "body": "AwoooP approvals 以 負責人回覆 只讀候選方式接回 IwoooS。", + "boundary": "AwoooP 人控狀態不是資安批准,也不能開 執行期閘門。" }, "codeReview": { "title": "AI Code Review 控制面", - "body": "The Code Review page now shows the dark IwoooS read-only bridge and preserves its non-blocking review posture.", - "boundary": "Code Review is not deploy approval and does not add Gitea/GitHub actions." + "body": "Code Review 頁已直接顯示深色 IwoooS 只讀橋接,保留非阻擋審查語境。", + "boundary": "Code Review 不是部署批准,也不新增 Gitea/GitHub action。" } } }, "coverage": { - "title": "Coverage and Boundary Matrix", - "subtitle": "Groups the 10 existing security surfaces into four responsibility planes so IwoooS can show where to read signals, human control, governance audit, and engineering review.", + "title": "覆蓋與邊界矩陣", + "subtitle": "把 10 個既有資安頁面分成四個責任面,讓 IwoooS 能說清楚哪裡看訊號、哪裡做人工控制、哪裡看治理稽核、哪裡看工程審查。", "groups": { "signals": { - "title": "Signals and Exposure", - "body": "Collects security, compliance, alert, error, and UX audit signals; observations stay visible without becoming blockers." + "title": "訊號與暴露面", + "body": "集中安全、合規、告警、錯誤與 UX 稽核訊號;只顯示風險,不把觀察結果直接升成阻擋。" }, "humanControl": { - "title": "Human Control Boundary", - "body": "Keeps HITL, multi-sig, and AwoooP approvals visible; 執行期閘門s still require human decisions." + "title": "人工控制邊界", + "body": "保留 HITL、multi-sig 與 AwoooP approvals 的人控位置;沒有人工決策就不啟動 執行期閘門。" }, "governanceAudit": { - "title": "Governance and Audit", - "body": "Governance events, SLOs, remediation queues, and operation logs are evidence surfaces, not execution authorization." + "title": "治理與稽核", + "body": "治理事件、SLO、補救佇列與操作日誌用來看流程證據,不把 audit event 當執行授權。" }, "engineeringReview": { - "title": "Engineering Review", - "body": "Code Review remains a non-blocking review pipeline for risk grading and coding follow-up, not deploy approval." + "title": "工程審查", + "body": "Code Review 維持 non-blocking review pipeline,用於風險分級與後續修復建議,不直接等同 deploy approval。" } }, "conflicts": { - "title": "Overlap and Conflict Controls", - "subtitle": "The same security signal can appear on multiple pages. IwoooS only organizes entrypoints and does not change ownership or authority.", + "title": "重疊與衝突控制", + "subtitle": "同一個資安訊號可能在多個頁面出現,IwoooS 只做入口整理,不改變原始頁面的責任與權限。", "preserveOwnership": { - "title": "Preserve Route Ownership", - "body": "Each route remains owned by its original page and API contract; IwoooS does not move write authority." + "title": "保留原頁 owner", + "body": "每個 route 繼續由原本頁面與 API contract 負責,IwoooS 不搬移資料寫入權。" }, "noRuntimeLift": { - "title": "No Runtime Lift", - "body": "The coverage matrix can show coverage and gaps, but cannot create scan, execute, repair, or blocking gates." + "title": "不把只讀索引升成 runtime", + "body": "coverage matrix 只能顯示覆蓋與缺口,不建立 scan、execute、repair 或 blocking gate。" }, "codeReviewNotDeployGate": { - "title": "Code Review Is Not Deploy Approval", - "body": "AI Code Review can grade risk and propose coding follow-up, but cannot become deploy approval by itself." + "title": "Code Review 不等於部署批准", + "body": "AI Code Review 可以提供風險分級與 coding follow-up,但不能直接變成 deploy approval。" }, "awooopNotSecurityApproval": { - "title": "AwoooP Approval Is Not Security Approval", - "body": "The AwoooP approval queue can show human gate state, but security gates still require decision records and follow-up 執行期閘門s." + "title": "AwoooP approvals 不等於資安批准", + "body": "AwoooP 審批佇列可顯示人控狀態,但資安 gate 仍需對應決策紀錄與 follow-up 執行期閘門。" }, "kaliNotCalled": { - "title": "Frontend Index Does Not Call Kali", - "body": "Kali 112 remains observe-only; active scan or /execute must go through human approval and follow-up gates." + "title": "前端索引不呼叫 Kali", + "body": "Kali 112 維持 observe-only;任何 active scan 或 /execute 都必須走人工批准與後續 gate。" } } }, "journey": { - "title": "Security Handling Journey", - "subtitle": "Pins the visible security mesh flow into a read-only status map: read posture, inspect existing surfaces, then move through owner evidence, human decisions, and follow-up gates.", - "outputLabel": "Output", + "title": "資安處理旅程", + "subtitle": "把目前資安網的可見流程固定成只讀狀態圖:先看態勢,再查既有頁面,最後才進入 owner evidence、人工決策與後續 gate。", + "outputLabel": "輸出", "steps": { "readPosture": { - "title": "Read Current Posture", - "body": "Start from the 61% headline, framework / runtime landing, active gates, and next high-level gate.", - "output": "read-only posture, not authorization" + "title": "讀取目前態勢", + "body": "先看 61% headline、framework / runtime landing、active gates 與下一個高層 gate。", + "output": "只讀 posture,不代表授權" }, "openSurface": { - "title": "Open Existing Surfaces", - "body": "Enter the original page by security, alert, authorization, governance, audit, or code review responsibility.", - "output": "preserve original owner and data boundary" + "title": "開啟既有頁面", + "body": "依照 security、alert、authorization、governance、audit、code review 的責任面進入原頁。", + "output": "保留原頁 owner 與資料邊界" }, "triageLane": { - "title": "Triage Non-blocking Lanes", - "body": "LOW / MEDIUM, missing 負責人回覆, partial mirror, and Kali observe findings stay observe / warn first.", - "output": "follow-up, not blocking" + "title": "判讀非阻擋分流", + "body": "LOW / MEDIUM、缺 負責人回覆、partial mirror 與 Kali observe finding 先維持 observe / warn。", + "output": "follow-up,不升 blocking" }, "collectEvidence": { - "title": "Collect Owner Evidence", - "body": "The next recommended collection item remains S4.9 Gitea owner attestation response, accepting redacted evidence only.", - "output": "update 已收到 / 已接受 state, no execution" + "title": "收 owner evidence", + "body": "下一個建議收件仍是 S4.9 Gitea owner attestation response,且只接受脫敏 evidence。", + "output": "更新 已收到 / 已接受 狀態,不執行" }, "humanDecision": { - "title": "Wait for Human Decision", - "body": "Security gates need decision records; AwoooP approval, Code Review, or progress numbers cannot replace that.", - "output": "human decision, not runtime" + "title": "等待人工決策", + "body": "資安 gate 需要 decision record;AwoooP approval、Code Review 或進度數字都不能自動替代。", + "output": "人控決策,不是 runtime" }, "runtimeGate": { - "title": "Follow-up Runtime Gate", - "body": "Only after human approval can work move into follow-up 執行期閘門 templates; active 執行期閘門s remain 0.", - "output": "separate gate after approval" + "title": "後續 執行期閘門", + "body": "只有人工批准後,才進入 follow-up 執行期閘門 template;目前 active 執行期閘門s 仍為 0。", + "output": "待批准後另開 gate" } } }, "evidenceReadiness": { "title": "Owner Evidence Readiness", - "subtitle": "Shows the evidence that can actually move headline progress. Every item is waiting for collection or human decision and does not trigger execution from the frontend.", - "unlockLabel": "Unlock condition", + "subtitle": "這裡顯示 headline 進度下一步真正需要的 evidence。每一項都是等待收件或人工決策,不會從前端直接觸發任何執行。", + "unlockLabel": "解除條件", "items": { "giteaOwnerAttestation": { "title": "Gitea owner attestation", - "body": "The recommended first collection item is S4.9, covering Gitea inventory coverage and owner disposition.", - "unlock": "redacted 負責人回覆 received and accepted" + "body": "目前建議先收 S4.9,補齊 Gitea 清冊覆蓋與 owner 判定。", + "unlock": "收到並接受脫敏 負責人回覆" }, "githubTargetOwner": { "title": "GitHub target owner", - "body": "Confirms GitHub targets, visibility, canonical owner, and whether repos can enter primary readiness.", + "body": "確認 GitHub target、visibility、canonical owner 與 repo 是否可進 primary readiness。", "unlock": "S4.10 負責人回覆 accepted" }, "refsTruthOwner": { "title": "Refs truth owner", - "body": "Confirms truth for main/dev, deprecated drift, release tags, and GitHub-only refs.", + "body": "確認 main/dev truth、deprecated drift、release tags 與 GitHub-only refs 的真相來源。", "unlock": "S4.11 refs truth response accepted" }, "workflowSecretOwner": { "title": "工作流程 / 機密 name owner", - "body": "Confirms workflow, webhook, runner, deploy key, branch protection, and secret name parity.", + "body": "確認 workflow、webhook、runner、deploy key、branch protection、secret name parity。", "unlock": "S4.12 工作流程 / 機密 response accepted" }, "redactedFindingIngestion": { "title": "Redacted finding ingestion", - "body": "Kali findings and security findings must enter mirror as redacted payloads before any runtime path.", - "unlock": "human-approved redacted finding ingestion" + "body": "Kali finding 與安全發現需要先以脫敏 payload 進入 mirror,不能直接進 runtime。", + "unlock": "人工批准後接收脫敏 finding" }, "kaliScanScope": { "title": "Kali scan scope", - "body": "Kali 112, 111, and 168 remain observe-only; active scan and /execute require separate approval.", - "unlock": "scan scope approval plus follow-up gate" + "body": "Kali 112、111、168 目前仍是 observe-only;active scan 與 /execute 仍需獨立批准。", + "unlock": "scan scope approval + follow-up gate" }, "followupRuntimeGate": { "title": "Follow-up 執行期閘門", - "body": "Real execution waits for a human decision record and a separate follow-up 執行期閘門.", - "unlock": "decision record accepted; active gates remain 0" + "body": "所有實際執行都要等人工 decision record 後,另開 follow-up 執行期閘門。", + "unlock": "decision record accepted,active gate 仍為 0" } } }, "hostCoverage": { - "title": "Host Coverage View", - "subtitle": "Places Kali and the two development hosts inside the visible IwoooS security scope. This only shows coverage and gate state; it does not create SSH, scan, update, or blocking controls.", - "stateLabel": "Current state", + "title": "主機覆蓋視圖", + "subtitle": "把 Kali 與兩台開發主機放進 IwoooS 的可見資安範圍。這裡只顯示納管與 gate 狀態,不建立 SSH、掃描、更新或阻擋控制。", + "stateLabel": "目前狀態", "items": { "kali112": { - "title": "Kali security host", - "body": "192.168.0.112 is the Kali node for the security mesh and is visible in posture and evidence refs as observe-only integration.", - "state": "in scope; active scan, /execute, and host updates still require separate approval" + "title": "Kali 資安主機", + "body": "192.168.0.112 是資安網的 Kali 節點,已在 posture 與 evidence refs 中作為 observe-only 整合面。", + "state": "已納入視野;active scan、/execute、主機更新仍需獨立批准" }, "dev168": { - "title": "Development host 168", - "body": "192.168.0.168 is included in IwoooS observe-only development host coverage for future scope approval and finding correlation.", - "state": "scope declared; credentialed scan and runtime control are not approved" + "title": "開發主機 168", + "body": "192.168.0.168 納入 IwoooS 的 observe-only 開發主機覆蓋,用於後續 scope approval 與 finding 關聯。", + "state": "scope declared;尚未批准 credentialed scan 或 runtime control" }, "dev111": { - "title": "Development host 111", - "body": "192.168.0.111 is included in IwoooS observe-only development host coverage and stays paired with 168 for phased tightening.", - "state": "scope declared; credentialed scan and runtime control are not approved" + "title": "開發主機 111", + "body": "192.168.0.111 納入 IwoooS 的 observe-only 開發主機覆蓋,與 168 一起維持低摩擦分階段收斂。", + "state": "scope declared;尚未批准 credentialed scan 或 runtime control" } } }, "hostActionGates": { - "title": "Host Action Gate Matrix", - "subtitle": "Breaks host-related high-risk actions into read-only gates. This only explains what is locked and what human decision is required; it does not provide execution entry points.", - "gateLabel": "Required gate", + "title": "主機動作 Gate 矩陣", + "subtitle": "把主機相關高風險動作拆成只讀 gate。這裡只說明哪些動作仍被鎖住,以及需要哪一類人工決策;不提供任何執行入口。", + "gateLabel": "需要 Gate", "items": { "activeScan": { "title": "Active scan", - "body": "Active scans for Kali 112 and development hosts 168 / 111 are not approved and cannot be triggered from IwoooS.", - "gate": "requires S1.6 scan scope approval plus a follow-up 執行期閘門" + "body": "對 Kali 112、開發主機 168 / 111 的主動掃描仍未批准,不能由 IwoooS 直接觸發。", + "gate": "需要 S1.6 scan scope approval 與後續 執行期閘門" }, "credentialedScan": { "title": "Credentialed scan", - "body": "Any credentialed scan requires scope, credential handling, and redacted evidence rules before it can proceed.", - "gate": "requires S1.6 scope approval; credentialed scan remains false" + "body": "任何帶憑證的掃描都必須先有 scope、credential handling 與脫敏 evidence 規範。", + "gate": "需要 S1.6 scope approval;目前 credentialed scan=false" }, "kaliExecute": { "title": "Kali /execute", - "body": "The Kali execution endpoint remains a block candidate and is not opened just because hosts are visible.", - "gate": "requires a human decision record and S3.4 follow-up 執行期閘門" + "body": "Kali 執行端點仍是 block candidate,不能因主機已納入視野就開放。", + "gate": "需要人工 decision record 與 S3.4 follow-up 執行期閘門" }, "sshChange": { "title": "SSH / host change", - "body": "Logging into hosts, changing settings, tuning services, restarting services, or changing SSH settings is outside the frontend authority.", - "gate": "requires explicit human approval, a change plan, and rollback evidence" + "body": "登入主機、改設定、套用調校、重啟服務或變更 SSH 設定都不屬於目前前端權限。", + "gate": "需要明確人工批准、變更計畫與 rollback evidence" }, "kaliUpdate": { "title": "Kali host update", - "body": "Kali updates and host tuning affect scan results and toolchain stability, so they must be approved separately from posture display.", - "gate": "requires maintenance window, update list, validation metrics, and rollback plan" + "body": "Kali 更新與主機調校會影響掃描結果與工具鏈穩定性,必須和資安 gate 分開批准。", + "gate": "需要維護窗口、更新清單、驗證指標與 rollback 計畫" }, "runtimeBlocking": { "title": "Runtime blocking control", - "body": "Turning findings into product blocking or runtime enforcement still waits for owner evidence and a human decision.", - "gate": "requires an accepted decision record; active 執行期閘門s remain 0" + "body": "把 finding 變成產品阻擋或 runtime enforcement 仍要等 owner evidence 與人工決策。", + "gate": "需要 accepted decision record;active 執行期閘門s 仍為 0" } } }, "hostEvidenceReadiness": { - "title": "Host Evidence Readiness", - "subtitle": "Lists the evidence required before host scans, updates, SSH changes, or runtime blocking can proceed. These items are waiting for collection and do not mean approval.", - "evidenceLabel": "Required evidence", + "title": "主機 Evidence Readiness", + "subtitle": "列出主機掃描、更新、SSH 變更或 runtime blocking 前必須補齊的 evidence。這些項目目前都只是待收件,不代表已批准。", + "evidenceLabel": "需要 Evidence", "items": { "scopeBoundary": { "title": "範圍 boundary", - "body": "Confirms allowed targets, exclusions, scan depth, and rate limits for 112, 168, and 111.", - "evidence": "requires redacted scan scope approval; received=0, accepted=0" + "body": "確認 112、168、111 的允許目標、排除範圍、掃描深度與速率限制。", + "evidence": "需要脫敏 scan scope approval;received=0、accepted=0" }, "ownerDecision": { "title": "Owner decision record", - "body": "Every host action needs human control; IwoooS visibility or AwoooP queue status cannot replace a decision.", - "evidence": "requires accepted decision record; active 執行期閘門s=0" + "body": "每個主機動作都需要人控決策,不能用 IwoooS 可見狀態或 AwoooP queue 取代。", + "evidence": "需要 accepted decision record;目前 active 執行期閘門s=0" }, "credentialHandling": { "title": "Credential handling", - "body": "Credentialed scans require defined credential source, storage boundary, redaction, and rejection rules.", - "evidence": "credential material collection is forbidden; credentialed scan=false" + "body": "帶憑證掃描前要先定義憑證來源、保存邊界、遮蔽方式與拒收規則。", + "evidence": "禁止收集憑證明文;目前 credentialed scan=false" }, "maintenanceWindow": { "title": "Maintenance window", - "body": "Kali updates, host tuning, or SSH changes need a maintenance window to avoid disrupting development and product flow.", - "evidence": "requires window, impact scope, notification, and recovery criteria" + "body": "Kali 更新、主機調校或 SSH 變更都需要維護窗口,避免影響開發與產品流程。", + "evidence": "需要窗口、影響範圍、通知與回復標準" }, "rollbackPlan": { "title": "Rollback plan", - "body": "Every host change needs a recovery path covering packages, settings, services, and toolchain versions.", - "evidence": "requires rollback owner, steps, and validation method" + "body": "任何主機變更都要能回復,包含套件、設定、服務與工具鏈版本。", + "evidence": "需要 rollback owner、步驟與驗證方式" }, "validationMetrics": { "title": "Validation metrics", - "body": "Host actions need post-check metrics to confirm scanners, monitoring, services, and user flows did not regress.", - "evidence": "requires post-check metrics and failure lane" + "body": "主機動作後要有驗證指標,確認掃描器、監控、服務與使用者流程沒有退化。", + "evidence": "需要 post-check 指標與失敗處理 lane" }, "redactedIngestion": { "title": "Redacted ingestion", - "body": "Host findings or scan results may only enter mirror as redacted summaries, not raw runtime input.", - "evidence": "requires redacted payload acceptance; payloads_ingested=false" + "body": "主機 finding 或掃描結果只能以脫敏摘要進入 mirror,不能直接把原始載荷當 runtime input。", + "evidence": "需要 redacted payload acceptance;payloads_ingested=false" } } }, "hostEvidenceCollection": { - "title": "Host Evidence Collection Order", - "subtitle": "Orders the seven host evidence items into a recommended collection sequence. Each step only names the next reviewable item and does not change 已收到 / 已接受 from 0.", - "stepLabel": "Collection step", - "dependencyLabel": "Dependency", + "title": "主機 Evidence 收件順序", + "subtitle": "把七個主機 evidence 排成建議收件順序。每一步都只代表下一個可審項目,不會把 已收到 / 已接受 從 0 改掉。", + "stepLabel": "收件步驟", + "dependencyLabel": "前置依賴", "items": { "scopeFirst": { - "title": "Define scope boundary first", - "body": "Confirm allowed targets, exclusions, depth, and rate limits first. No scope means no scan.", - "dependency": "none; this is the first host collection step" + "title": "先定義 scope boundary", + "body": "先確認允許目標、排除範圍、深度與速率。沒有 scope,不進 scan。", + "dependency": "無;這是主機收件第一步" }, "ownerSecond": { - "title": "Collect owner decision second", - "body": "Confirm who approves, the approved range, and the decision record; queue state cannot replace human control.", - "dependency": "requires readable scope boundary" + "title": "再收 owner decision", + "body": "確認誰批准、批准範圍與決策紀錄,不用 queue 狀態替代人控決策。", + "dependency": "需要 scope boundary 可讀" }, "credentialThird": { - "title": "Isolate credential handling", - "body": "If future scans need credentials, define credential source, storage boundary, redaction, and rejection first.", - "dependency": "requires owner decision; plaintext credential collection remains forbidden" + "title": "隔離 credential handling", + "body": "若未來要帶憑證掃描,先定義憑證來源、保存邊界、遮蔽與拒收。", + "dependency": "需要 owner decision;仍禁止收集憑證明文" }, "maintenanceFourth": { - "title": "Schedule maintenance window", - "body": "Before updates, tuning, or SSH changes, confirm the window, impact scope, and notification.", - "dependency": "requires owner decision and change scope" + "title": "安排 maintenance window", + "body": "更新、調校或 SSH 變更前先確認窗口、影響範圍與通知。", + "dependency": "需要 owner decision 與變更範圍" }, "rollbackFifth": { - "title": "Add rollback plan", - "body": "Every host action needs recovery for packages, settings, services, and toolchain versions.", - "dependency": "requires maintenance window and change list" + "title": "補 rollback plan", + "body": "每個主機動作都要能回復套件、設定、服務與工具鏈版本。", + "dependency": "需要 maintenance window 與變更清單" }, "validationSixth": { - "title": "Define validation metrics", - "body": "Define post-check metrics and failure handling lanes before execution is discussed.", - "dependency": "requires rollback plan" + "title": "定義 validation metrics", + "body": "先定義 post-check 指標與失敗處理 lane,再談執行。", + "dependency": "需要 rollback plan" }, "redactedSeventh": { - "title": "Collect redacted ingestion last", - "body": "Findings / scan results enter mirror only as redacted summaries, never as raw payload.", - "dependency": "requires validation metrics; payloads_ingested=false" + "title": "最後才收 redacted ingestion", + "body": "finding / scan result 只用脫敏摘要進 mirror,不吃原始載荷。", + "dependency": "需要 validation metrics;payloads_ingested=false" } } }, "hostEvidenceIntake": { - "title": "Host Evidence Intake Preflight", - "subtitle": "Before future host evidence enters human review, this read-only preflight checks whether it is safe to review. It does not accept raw payloads, plaintext credentials, or change 已收到 / 已接受.", - "checkLabel": "Preflight", - "rejectLabel": "Reject / quarantine condition", + "title": "主機 Evidence Intake Preflight", + "subtitle": "未來收到主機 evidence 前,先用這組只讀預檢規則判斷能否進人工 review。預檢不會收原始載荷、憑證明文,也不會改 已收到 / 已接受。", + "checkLabel": "預檢", + "rejectLabel": "拒收 / 隔離條件", "items": { "metadataPointer": { "title": "Metadata pointer only", - "body": "Host evidence only accepts redacted metadata pointers, source steps, and summaries, not full scan output.", - "reject": "reject when redacted metadata pointer is missing" + "body": "主機 evidence 只接受脫敏 metadata pointer、來源步驟與摘要,不直接吃完整掃描輸出。", + "reject": "缺 redacted metadata pointer 就拒收" }, "dependencyOrder": { "title": "Collection order match", - "body": "Submitted evidence must follow the S2.17 collection order and cannot skip scope or owner decision.", - "reject": "quarantine when prerequisite dependencies are skipped" + "body": "提交的 evidence 必須符合 S2.17 收件順序,不能跳過 scope 或 owner decision。", + "reject": "跳過前置依賴就隔離" }, "scopeBeforeScan": { "title": "範圍 before scan", - "body": "Any scan-related evidence must map to scope boundary before it can enter human review.", - "reject": "reject scan evidence without scope" + "body": "任何 scan 相關 evidence 都要先能對到 scope boundary;沒有 scope 不進人工審。", + "reject": "scan evidence 沒有 scope 就拒收" }, "ownerBeforeChange": { "title": "Owner before host change", - "body": "SSH, updates, tuning, or blocking-control evidence requires an owner decision pointer.", - "reject": "reject host-change evidence without decision record" + "body": "SSH、更新、調校或 blocking control 的 evidence 需要 owner decision pointer。", + "reject": "主機變更缺 decision record 就拒收" }, "credentialPlaintext": { "title": "Credential plaintext blocked", - "body": "Passwords, tokens, private keys, sessions, or plaintext credentials cannot enter IwoooS mirror.", - "reject": "reject and quarantine when plaintext credential material is detected" + "body": "任何帳密、token、private key、session 或憑證明文都不能進 IwoooS mirror。", + "reject": "偵測到憑證明文就拒收並隔離" }, "rawPayload": { - "title": "Raw payload blocked", - "body": "Full raw scan output, unredacted findings, host dumps, or log bundles do not enter projection.", - "reject": "raw payload is always rejected" + "title": "原始載荷已阻擋", + "body": "完整掃描 raw output、未脫敏 finding、主機 dump 或 log bundle 不進 projection。", + "reject": "原始載荷一律拒收" }, "counterFreeze": { "title": "Frontend counters frozen", - "body": "The frontend can display preflight state only and cannot move 已收到 / 已接受 away from 0.", - "reject": "block frontend attempts to advance counters" + "body": "前端只能顯示預檢狀態,不能把 已收到 / 已接受 從 0 推進。", + "reject": "前端嘗試推 counter 就阻擋" } } }, "hostEvidenceReviewOutcomes": { - "title": "Host Evidence Review Outcome Lanes", - "subtitle": "After preflight, evidence can only move into these read-only lanes. This shows possible human review outcomes and does not create approval records, 執行期閘門s, or host actions.", - "laneLabel": "Outcome lane", - "nextLabel": "Next step", + "title": "主機 Evidence Review Outcome Lanes", + "subtitle": "預檢後的 evidence 只能進這些只讀分流。這裡顯示人工審查可能結果,不會建立 approval record、執行期閘門 或主機動作。", + "laneLabel": "結果分流", + "nextLabel": "下一步", "items": { "readyForHumanReview": { "title": "Ready for human review", - "body": "Evidence becomes a human review candidate only when metadata pointer, dependency order, scope, and owner pointer are readable.", - "next": "display candidate only; received=0, accepted=0" + "body": "metadata pointer、依賴順序、scope 與 owner pointer 都可讀時,才可標示為人工審查候選。", + "next": "只顯示候選;received=0、accepted=0" }, "needsScopeEvidence": { "title": "Needs scope evidence", - "body": "Scan or finding evidence that cannot map to scope boundary returns to the scope lane.", - "next": "collect scope, no scan" + "body": "scan 或 finding evidence 無法對到 scope boundary 時,回到補 scope lane。", + "next": "補 scope,不進 scan" }, "needsOwnerDecision": { "title": "Needs owner decision", - "body": "Host change, update, SSH, or blocking evidence without decision pointer returns to owner decision lane.", - "next": "collect decision record, no host action" + "body": "主機變更、更新、SSH 或 blocking 類 evidence 缺 decision pointer 時,回到 owner decision lane。", + "next": "補 decision record,不啟動主機動作" }, "quarantineDependencySkip": { "title": "Quarantine dependency skip", - "body": "Evidence that skips the S2.17 order or has incomplete prerequisites is quarantined for human interpretation.", - "next": "show quarantine reason, do not advance counters" + "body": "跳過 S2.17 收件順序或前置依賴不完整時,先隔離再人工判讀。", + "next": "隔離原因可見,不推 counter" }, "rejectRawPayload": { - "title": "Reject raw payload", - "body": "Full scan output, unredacted findings, host dumps, or log bundles do not enter IwoooS.", - "next": "request redacted summary instead" + "title": "拒收原始載荷", + "body": "完整掃描輸出、未脫敏 finding、host dump 或 log bundle 不進 IwoooS。", + "next": "要求改交脫敏摘要" }, "rejectCredentialPlaintext": { "title": "Reject credential plaintext", - "body": "Passwords, tokens, private keys, sessions, or plaintext credentials are rejected and quarantined.", - "next": "do not store, forward, or display plaintext" + "body": "任何帳密、token、private key、session 或憑證明文都直接拒收並隔離。", + "next": "不保存、不轉送、不顯示明文" }, "waitingRuntimeGate": { "title": "Waiting 執行期閘門", - "body": "Even after human review allows action, the work waits for a later 執行期閘門 and is not executed by this lane.", - "next": "active 執行期閘門s remain 0" + "body": "即使人工審查後可採取行動,也只能等待後續 執行期閘門,不由 outcome lane 執行。", + "next": "active 執行期閘門s 仍為 0" } } }, "nextGate": { - "title": "Next High-level Gate", - "body": "S4.9 Gitea owner attestation response is the recommended next owner evidence. Headline progress should only increase after 負責人回覆s, redacted payload ingestion, active 執行期閘門s, or GitHub primary readiness actually change." + "title": "下一個高層 Gate", + "body": "S4.9 Gitea owner attestation response 是目前建議先收的 owner evidence。任何 headline 提升都要等 負責人回覆、redacted payload ingestion、active 執行期閘門 或 GitHub primary readiness 有真實變化。" }, "evidence": { - "title": "Current Evidence" + "title": "目前 Evidence" }, "blocked": { - "title": "Blocked Actions", - "body": "This page does not provide scan, execute, repo, refs, workflow, secret, runner, primary switch, or deploy 操作按鈕s." + "title": "禁止動作", + "body": "此頁不提供 scan、execute、repo、refs、workflow、secret、runner、primary switch 或 deploy 操作按鈕。" }, "hostEvidenceReviewHandoff": { - "title": "Host Evidence Review Handoff Packets", - "subtitle": "Human reviewers can interpret evidence only through these redacted handoff packets. This shows required review material and does not mark 已收到 / 已接受, create approval records, or open 執行期閘門s.", - "packetLabel": "Handoff packet", - "requiredLabel": "Required material", + "title": "主機 Evidence 人工審查交接包", + "subtitle": "人工 reviewer 只能依這些脫敏交接包判讀 evidence。這裡顯示送審必備資料,不會標示 已收到 / 已接受、建立 approval record 或啟動 執行期閘門。", + "packetLabel": "交接包", + "requiredLabel": "必備內容", "items": { "scopeSummaryPacket": { - "title": "範圍 summary packet", - "body": "Describes host, service, network, scan boundary, and exclusions with indicators and summaries only, without storing raw scan output.", - "required": "redacted scope pointer; no raw payload" + "title": "範圍 摘要包", + "body": "描述主機、服務、網段、掃描邊界與排除範圍,只允許指標與摘要,不保存原始掃描輸出。", + "required": "redacted scope pointer;不含原始載荷" }, "ownerDecisionPacket": { - "title": "Owner decision packet", - "body": "Shows who approved review, scope, constraints, and expiry so the reviewer cannot expand authority.", - "required": "owner decision record pointer; not host-action approval" + "title": "Owner Decision 包", + "body": "提供誰批准審查、批准範圍、限制條件與到期時間,避免 reviewer 自行擴權。", + "required": "owner decision record pointer;不等於主機動作批准" }, "credentialHandlingPacket": { - "title": "Credential handling packet", - "body": "Shows credential handling and custody responsibility only, without exposing plaintext authentication material.", - "required": "metadata-only handling statement; 機密明文值=blocked" + "title": "Credential Handling 包", + "body": "只顯示憑證處理方式與保管責任,不顯示帳密、token、private key 或 session value。", + "required": "metadata-only handling statement;機密明文值=blocked" }, "maintenanceRollbackPacket": { - "title": "Maintenance / rollback packet", - "body": "If later change is needed, it first shows maintenance window, blast radius, rollback owner, and recovery validation method.", - "required": "maintenance window + rollback pointer; no change execution" + "title": "Maintenance / Rollback 包", + "body": "若後續需要變更,先提供維護窗口、影響範圍、rollback owner 與復原驗證方法。", + "required": "maintenance window + rollback pointer;不啟動變更" }, "validationMetricsPacket": { - "title": "Validation metrics packet", - "body": "Defines which metrics, logs, baselines, or follow-up evidence the reviewer should inspect after review.", - "required": "post-check metrics pointer; 執行期閘門 not opened" + "title": "Validation Metrics 包", + "body": "定義 reviewer 檢查後要看哪些 metrics、logs、baseline 或 follow-up evidence。", + "required": "post-check metrics pointer;不代表 執行期閘門 opened" }, "redactionAttestationPacket": { - "title": "Redaction attestation packet", - "body": "Confirms evidence removed raw logs, host dumps, credentials, private URL credentials, and unredacted screenshots.", - "required": "redaction attestation only; sensitive payload not stored" + "title": "Redaction Attestation 包", + "body": "確認 evidence 已移除 raw log、host dump、credential、private URL credential 與未脫敏截圖。", + "required": "redaction attestation only;不保存敏感 payload" }, "runtimeGatePacket": { - "title": "Runtime gate pointer packet", - "body": "Routes any possible later action back to a separate 執行期閘門 so review outcome lanes cannot execute work.", - "required": "follow-up gate pointer; active 執行期閘門s=0" + "title": "Runtime Gate Pointer 包", + "body": "把可能的後續行動導回獨立 執行期閘門,避免 reviewer outcome lane 直接變成執行。", + "required": "follow-up gate pointer;active 執行期閘門s=0" } } }, "hostEvidenceReviewerChecklist": { - "title": "Host Evidence Reviewer Checklist", - "subtitle": "After reading handoff packets, reviewers can only use this read-only checklist to decide whether the case can move to the next human decision. The checklist does not mark passed, 已收到 / 已接受, approval, or 執行期閘門s.", - "checkLabel": "Review check", - "verifyLabel": "Verify", + "title": "主機 Evidence Reviewer Checklist", + "subtitle": "Reviewer 在看 handoff packets 後,只能依這些只讀檢查判斷是否可進下一個人工決策。檢查清單不會標示 passed、已收到 / 已接受、approval 或 執行期閘門。", + "checkLabel": "審查檢查", + "verifyLabel": "確認項目", "items": { "scopeBoundaryMatch": { "title": "範圍 boundary match", - "body": "Confirm the handoff scope matches host coverage, network, service, and exclusions without expanding scan boundary.", - "verify": "compare redacted pointer only; no scan starts" + "body": "確認 handoff scope 與 host coverage、網段、服務、排除範圍一致,沒有自行擴大掃描邊界。", + "verify": "只核對 redacted pointer;不啟動 scan" }, "ownerDecisionScopeExpiry": { "title": "Owner decision scope / expiry", - "body": "Confirm the owner decision record has reviewer, scope, constraints, expiry, and is still valid.", - "verify": "read decision pointer only; no approval record created" + "body": "確認 owner decision record 有批准人、範圍、限制條件與到期時間,且仍在有效期內。", + "verify": "只判讀 decision pointer;不建立 approval record" }, "credentialHandlingMetadataOnly": { "title": "Credential handling metadata only", - "body": "Confirm the reviewer sees only handling method and accountable owner, without plaintext authentication material.", + "body": "確認 reviewer 只看到處理方式與責任人,不接觸任何明文驗證素材。", "verify": "機密明文值 collection=false" }, "redactionAttestationPass": { "title": "Redaction attestation pass", - "body": "Confirm raw logs, host dumps, unredacted screenshots, private URL credentials, and sensitive payloads are excluded.", - "verify": "raw payload allowed=false" + "body": "確認 raw log、host dump、未脫敏截圖、private URL credential 與敏感 payload 都已排除。", + "verify": "原始載荷 allowed=false" }, "maintenanceRollbackComplete": { "title": "Maintenance / rollback complete", - "body": "If evidence implies later change, confirm maintenance window, rollback owner, and recovery validation metrics exist.", - "verify": "display future-change conditions only; no change execution" + "body": "若 evidence 暗示後續變更,確認已存在維護窗口、rollback owner 與復原驗證指標。", + "verify": "只顯示未來變更條件;不執行 change" }, "validationMetricsLinked": { "title": "Validation metrics linked", - "body": "Confirm post-check metrics, baseline, logs, or follow-up evidence link to readable redacted pointers.", - "verify": "display validation pointer only; 執行期閘門 stays closed" + "body": "確認 post-check metrics、baseline、logs 或 follow-up evidence 已連到可讀的脫敏 pointer。", + "verify": "只顯示 validation pointer;不開 執行期閘門" }, "runtimeGateSeparated": { "title": "Runtime gate separated", - "body": "Confirm any reviewer checklist result cannot directly become runtime action and must return to a separate 執行期閘門.", - "verify": "active 執行期閘門s=0; 操作按鈕s=false" + "body": "確認 reviewer checklist 的任何結果都不能直接變成 runtime action,必須回到獨立 執行期閘門。", + "verify": "active 執行期閘門s=0;操作按鈕s=false" } } }, "hostEvidenceReviewerOutcomes": { - "title": "Host Evidence Reviewer Outcome Lanes", - "subtitle": "After reviewer checklist, cases can only enter these read-only outcome lanes. This shows next interpretation and does not mark passed, accepted, approval, or 執行期閘門s.", - "laneLabel": "Reviewer outcome", - "nextLabel": "Next step", + "title": "主機 Evidence Reviewer Outcome Lanes", + "subtitle": "Reviewer checklist 後只能進入這些只讀結果分流。這裡顯示下一步判讀,不會標示 passed、accepted、approval 或 執行期閘門。", + "laneLabel": "Reviewer 結果", + "nextLabel": "下一步", "items": { "readyForOwnerDecision": { "title": "Ready for owner decision", - "body": "When scope, owner, redaction, rollback, validation, and runtime separation are readable, the case can only become an owner-decision candidate.", - "next": "display candidate; received=0, accepted=0" + "body": "scope、owner、redaction、rollback、validation 與 runtime separation 都可讀時,只能標示為 owner decision 候選。", + "next": "顯示候選;received=0、accepted=0" }, "scopeMismatch": { "title": "範圍 mismatch", - "body": "When handoff scope does not match host coverage, network, service, or exclusions, the case returns to the scope lane.", - "next": "collect scope pointer; no scan starts" + "body": "handoff scope 與主機覆蓋、網段、服務或排除範圍不一致時,回到補 scope lane。", + "next": "補 scope pointer;不啟動 scan" }, "ownerExpired": { "title": "Owner decision expired", - "body": "When owner decision lacks scope, constraints, or is expired, the case returns to the owner decision lane.", - "next": "collect decision record; no approval created" + "body": "owner decision 缺 scope、限制條件或已過期時,回到 owner decision lane。", + "next": "補 decision record;不建立 approval" }, "credentialMetadataFailed": { "title": "Credential metadata failed", - "body": "When credential handling is not metadata-only or accountability boundary is unreadable, the reviewer outcome is quarantined.", - "next": "request metadata-only statement; no sensitive material collected" + "body": "credential handling 不是 metadata-only 或責任邊界不可讀時,先隔離 reviewer outcome。", + "next": "只要求 metadata-only 說明;不收敏感素材" }, "redactionFailed": { "title": "Redaction failed", - "body": "When redaction attestation cannot prove raw logs, host dumps, unredacted screenshots, or sensitive payloads are excluded, the case is rejected.", - "next": "request redaction again; raw payload not stored" + "body": "redaction attestation 無法證明 raw logs、host dump、未脫敏截圖或 sensitive payload 已排除時,拒收。", + "next": "要求重新脫敏;不保存原始載荷" }, "rollbackMissing": { "title": "Rollback missing", - "body": "When maintenance window, rollback owner, or recovery validation metrics are missing, the case cannot move to later decision.", - "next": "collect rollback pointer; no change execution" + "body": "maintenance window、rollback owner 或復原驗證指標缺漏時,不能進入後續決策。", + "next": "補 rollback pointer;不執行 change" }, "runtimeGateRequired": { "title": "Runtime gate required", - "body": "Any possible later host action must route to a separate 執行期閘門 and cannot run from reviewer outcome.", - "next": "active 執行期閘門s=0; 操作按鈕s=false" + "body": "任何可能的後續主機行動都必須導回獨立 執行期閘門,不能由 reviewer outcome 執行。", + "next": "active 執行期閘門s=0;操作按鈕s=false" } } }, "hostOwnerDecisionCandidates": { - "title": "Host Owner Decision Candidate Packets", - "subtitle": "After reviewer outcome reaches the owner-decision candidate lane, IwoooS only displays the human decision packets. It does not create decision records, mark approval, or open 執行期閘門s.", - "packetLabel": "Candidate packet", - "decisionLabel": "Human decision scope", + "title": "主機 Owner Decision Candidate Packets", + "subtitle": "Reviewer outcome 進到 owner decision 候選後,IwoooS 只顯示需要人工判讀的決策包。不建立 decision record、不標示 approved、不開 執行期閘門。", + "packetLabel": "候選包", + "decisionLabel": "人工決策範圍", "items": { "scopeApprovalCandidate": { "title": "範圍 approval candidate", - "body": "Confirm hosts, networks, services, exclusions, and observation purpose are readable for the owner.", - "decision": "display scope candidate only; owner decision received=0" + "body": "確認主機、網段、服務、排除範圍與觀察目的都能被 owner 讀懂。", + "decision": "只顯示 scope 候選;owner decision received=0" }, "scanModeCandidate": { "title": "Scan mode candidate", - "body": "Separate observe-only, future active scan, and credentialed scan modes so the candidate packet is not mistaken for scan approval.", - "decision": "display mode options only; active scan=false" + "body": "把 observe-only、未來 active scan 或 credentialed scan 的差異拆清楚,避免候選包被誤認為掃描授權。", + "decision": "只顯示模式選項;active scan=false" }, "credentialHandlingCandidate": { "title": "Credential handling candidate", - "body": "Describe metadata-only handling, accountable owner, and retention boundary without requesting or storing sensitive material.", - "decision": "display handling principle only; collection=false" + "body": "只描述 metadata-only handling、責任人與保存邊界,不要求或保存敏感素材。", + "decision": "只顯示處理原則;collection=false" }, "maintenanceWindowCandidate": { "title": "Maintenance window candidate", - "body": "If later host update or tuning is involved, display candidate maintenance window and constraints first.", - "decision": "display time window only; host update=false" + "body": "若未來涉及主機更新或調校,先顯示候選維護窗口與限制條件。", + "decision": "只顯示時間範圍;host update=false" }, "rollbackOwnerCandidate": { "title": "Rollback owner candidate", - "body": "Display future rollback owner, recovery route, and human contact point so accountability is clear before any change.", - "decision": "display owner pointer only; change=false" + "body": "顯示未來 rollback owner、復原路徑與人工聯絡點,避免變更前缺少責任邊界。", + "decision": "只顯示 owner pointer;change=false" }, "validationMetricsCandidate": { "title": "Validation metrics candidate", - "body": "List future post-check metrics, baselines, and review evidence pointers as material for later human gate evaluation.", - "decision": "display validation items only; 執行期閘門=false" + "body": "列出未來 post-check metrics、baseline 與回看 evidence pointer,作為後續 gate 的人工判讀素材。", + "decision": "只顯示驗證項目;執行期閘門=false" }, "runtimeGateCandidate": { "title": "Runtime gate candidate", - "body": "Any later host action still requires a separate 執行期閘門 and cannot execute from an owner-decision candidate.", - "decision": "display gate candidate only; 操作按鈕s=false" + "body": "任何後續主機動作仍需獨立 執行期閘門,不能由 owner decision candidate 直接執行。", + "decision": "只顯示 gate 候選;操作按鈕s=false" } } }, "hostOwnerDecisionReviewChecklist": { - "title": "Host Owner Decision Review Checklist", - "subtitle": "After owner decision candidate packets, every item still requires human review. This only displays review checks and does not create decision records, mark approval, or open 執行期閘門s.", - "checkLabel": "Owner review", - "guardLabel": "Safety boundary", + "title": "主機 Owner Decision Review Checklist", + "subtitle": "Owner decision candidate packets 之後仍需人工逐項核對。這裡只顯示核對項,不建立決策紀錄、不標示 approved、不開 執行期閘門。", + "checkLabel": "Owner 核對", + "guardLabel": "安全邊界", "items": { "scopeBoundaryReadable": { "title": "範圍 boundary readable", - "body": "Confirm the owner can read hosts, networks, services, exclusions, and observation purpose without exceeding the original scope.", - "guard": "scope review only; owner decision received=0" + "body": "確認 owner 能讀懂主機、網段、服務、排除範圍與觀察目的,且沒有超出原始 scope。", + "guard": "只核對 scope;owner decision received=0" }, "scanModeNotAuthorization": { "title": "Scan mode not authorization", - "body": "Confirm observe-only, future active scan, and credentialed scan are mode descriptions only, not scan authorization.", + "body": "確認 observe-only、future active scan、credentialed scan 都只是選項說明,不是掃描授權。", "guard": "scan authorized=false" }, "credentialBoundaryMetadataOnly": { "title": "Credential boundary metadata only", - "body": "Confirm credential handling keeps only metadata, owner, and retention boundary without requesting sensitive material.", + "body": "確認 credential handling 只保留 metadata、owner 與保存邊界,不要求敏感素材。", "guard": "secret collection=false" }, "maintenanceWindowNotChange": { "title": "Maintenance window not change", - "body": "Confirm the maintenance window is only a future candidate condition and does not allow Kali updates or host tuning.", + "body": "確認維護窗口只是未來候選條件,不代表可以進行 Kali 主機套件變更或主機調校。", "guard": "host update=false" }, "rollbackOwnerReadable": { "title": "Rollback owner readable", - "body": "Confirm rollback owner, recovery route, and human contact point are readable, but no change is approved.", + "body": "確認 rollback owner、復原路徑與人工聯絡點可讀,但尚未批准任何 change。", "guard": "approval record=false" }, "validationMetricsPredefined": { "title": "Validation metrics predefined", - "body": "Confirm post-check metrics, baseline, and evidence pointers are defined first for later gate review.", + "body": "確認 post-check metrics、baseline 與 evidence pointer 已先定義,供未來 gate 判讀。", "guard": "執行期閘門 opened=false" }, "runtimeGateStillSeparate": { "title": "Runtime gate still separate", - "body": "Confirm owner decision checklist cannot execute any later host action and still needs a separate 執行期閘門.", + "body": "確認 owner decision checklist 不能直接執行任何後續主機動作,仍需獨立 執行期閘門。", "guard": "操作按鈕s=false" } } }, "hostOwnerDecisionReviewOutcomes": { - "title": "Host Owner Decision Review Outcome Lanes", - "subtitle": "After owner review checklist, cases can only enter these read-only outcome lanes. This shows next interpretation and does not create decision records, mark approval, or open 執行期閘門s.", - "laneLabel": "Review outcome", - "nextLabel": "Next step", + "title": "主機 Owner Decision Review Outcome Lanes", + "subtitle": "負責人審查清單後只能進入這些只讀結果分流。這裡顯示下一步判讀,不會建立 decision record、不會標示 approved、不會開 執行期閘門。", + "laneLabel": "Review 結果", + "nextLabel": "下一步", "items": { "readyForDecisionRecord": { "title": "Ready for decision record", - "body": "When scope, scan mode, credential boundary, maintenance, rollback, validation, and runtime separation are readable, the case can only become a formal decision record candidate.", - "next": "display decision record candidate; received=0, accepted=0" + "body": "scope、scan mode、credential boundary、maintenance、rollback、validation 與 runtime separation 都可讀時,只能顯示 formal decision record 候選。", + "next": "顯示決策紀錄候選;received=0、accepted=0" }, "scopeNeedsRefresh": { "title": "範圍 needs refresh", - "body": "When scope boundary is unreadable, expired, or outside host coverage, the case returns to the scope lane.", - "next": "collect scope pointer; no scan starts" + "body": "scope boundary 不可讀、過期或超出主機覆蓋時,回到補 scope lane。", + "next": "補 scope pointer;不啟動 scan" }, "scanModeNeedsScope": { "title": "Scan mode needs scope", - "body": "When scan mode is not aligned with scope or is being mistaken for authorization, it must return to scope and mode explanation.", - "next": "collect scan mode statement; scan authorized=false" + "body": "scan mode 尚未對齊 scope 或被誤讀成授權時,必須回到 scope / mode 說明。", + "next": "補 scan mode 說明;scan authorized=false" }, "credentialBoundaryFailed": { "title": "Credential boundary failed", - "body": "When credential handling cannot stay metadata-only or accountability boundary is unreadable, the decision outcome is quarantined.", - "next": "collect metadata-only boundary; secret collection=false" + "body": "credential handling 若無法保持 metadata-only 或責任邊界不可讀,先隔離 decision outcome。", + "next": "補 metadata-only 邊界;secret collection=false" }, "maintenanceWindowMissing": { "title": "Maintenance window missing", - "body": "When later update or tuning is possible but maintenance window and constraints are missing, the case cannot move to decision record.", - "next": "collect window pointer; host update=false" + "body": "未來可能涉及更新或調校時,若缺維護窗口與限制條件,不能進入決策紀錄。", + "next": "補 window pointer;host update=false" }, "rollbackOwnerMissing": { "title": "Rollback owner missing", - "body": "When rollback owner or recovery path is unreadable, the case cannot enter later approval semantics.", - "next": "collect rollback owner; approval record=false" + "body": "rollback owner 或復原路徑不可讀時,不能進入後續批准語義。", + "next": "補 rollback owner;approval record=false" }, "runtimeGateRequired": { "title": "Runtime gate required", - "body": "Any later host action must route to a separate 執行期閘門 and cannot execute from owner review outcome.", - "next": "active 執行期閘門s=0; 操作按鈕s=false" + "body": "任何後續主機動作都必須導回獨立 執行期閘門,不能由 owner review outcome 執行。", + "next": "active 執行期閘門s=0;操作按鈕s=false" } } }, "hostOwnerDecisionRecordDrafts": { - "title": "Host Owner Decision Record Draft Packets", - "subtitle": "When owner review outcome enters the ready lane, IwoooS can still only display decision record draft fields. It does not create records, mark acceptance, or open 執行期閘門s.", + "title": "主機 Owner Decision Record Draft Packets", + "subtitle": "負責人審查結果若進入 ready lane,IwoooS 也只能顯示 decision record 草稿欄位。不建立 record、不標示 accepted、不開 執行期閘門。", "packetLabel": "Draft packet", - "metadataLabel": "Required metadata", + "metadataLabel": "必要 metadata", "items": { "scopeStatementDraft": { "title": "範圍 statement draft", - "body": "The draft only organizes hosts, networks, services, exclusions, and observation intent so the owner decision does not stay ambiguous.", - "metadata": "host / network / service / exclusion; record created=false" + "body": "草稿只整理主機、網段、服務、排除範圍與觀察目的,避免 owner decision 模糊。", + "metadata": "host / network / service / exclusion;record created=false" }, "scanModeDraft": { "title": "Scan mode draft", - "body": "The draft only describes observe-only, future active scan, or credentialed scan candidate modes. It is not scan approval.", - "metadata": "mode candidate; active scan=false" + "body": "草稿只描述 observe-only、future active scan 或 credentialed scan 的候選模式,不代表掃描批准。", + "metadata": "mode candidate;active scan=false" }, "credentialBoundaryDraft": { "title": "Credential boundary draft", - "body": "The draft only keeps credential handling metadata, owner, and retention boundary. It does not collect sensitive material.", - "metadata": "metadata-only boundary; secret collection=false" + "body": "草稿只保留 credential handling 的 metadata、owner 與保存邊界,不收集敏感素材。", + "metadata": "metadata-only boundary;secret collection=false" }, "maintenanceConstraintsDraft": { "title": "Maintenance constraints draft", - "body": "The draft only records future maintenance window candidates, constraints, and impact boundaries. It is not host update approval.", - "metadata": "window / constraint; host update=false" + "body": "草稿只記錄未來可能維護窗口、限制條件與不可影響範圍,不代表可以更新主機。", + "metadata": "window / constraint;host update=false" }, "rollbackOwnerDraft": { "title": "Rollback owner draft", - "body": "The draft only organizes rollback owner, recovery path, and human contact so later gates have accountability.", - "metadata": "owner / recovery pointer; approval record=false" + "body": "草稿只整理 rollback owner、復原路徑與人工聯絡點,讓後續 gate 不缺責任人。", + "metadata": "owner / recovery pointer;approval record=false" }, "validationMetricsDraft": { "title": "Validation metrics draft", - "body": "The draft only lists post-check metrics, baseline, and evidence pointer for later human interpretation.", - "metadata": "metrics / baseline; accepted=0" + "body": "草稿只列出 post-check metrics、baseline 與 evidence pointer,供未來人工判讀。", + "metadata": "metrics / baseline;accepted=0" }, "runtimeGateDraft": { "title": "Runtime gate draft", - "body": "The draft only states that later approval must still open a separate follow-up 執行期閘門 and cannot execute from the draft.", - "metadata": "執行期閘門 pointer; active gates=0" + "body": "草稿只標示若未來批准,仍需另開 follow-up 執行期閘門,不能由草稿直接執行。", + "metadata": "執行期閘門 pointer;active gates=0" } } }, "hostOwnerDecisionRecordDraftReview": { - "title": "Host Owner Decision Record Draft Review Checklist", - "subtitle": "Decision record draft packets still require read-only review. This only shows whether drafts have the metadata needed for human decision and does not create formal decision records.", + "title": "主機 Owner Decision Record Draft Review Checklist", + "subtitle": "Decision record 草稿包後仍需只讀核對。這裡只顯示草稿是否具備人工決策所需 metadata,不會建立正式 decision record。", "checkLabel": "Draft review", - "guardLabel": "No upgrade", + "guardLabel": "不可升級", "items": { "scopeStatementComplete": { "title": "範圍 statement complete", - "body": "Confirm the scope draft includes host, network, service, exclusions, and observation intent so decision record scope is not ambiguous.", - "guard": "draft review only; record created=false" + "body": "確認 scope 草稿已包含主機、網段、服務、排除範圍與觀察目的,避免決策紀錄範圍不清。", + "guard": "只核對草稿;record created=false" }, "scanModeStillNotApproval": { "title": "Scan mode still not approval", - "body": "Confirm scan mode remains a candidate description and is not read as active scan or credentialed scan authorization.", + "body": "確認 scan mode 仍只是候選描述,不被解讀成 active scan 或 credentialed scan 授權。", "guard": "scan authorized=false" }, "credentialBoundaryMetadataOnly": { "title": "Credential boundary metadata only", - "body": "Confirm credential boundary stays metadata-only and does not request or store sensitive material.", + "body": "確認 credential boundary 仍維持 metadata-only,沒有要求或保存敏感素材。", "guard": "secret collection=false" }, "maintenanceConstraintsReadable": { "title": "Maintenance constraints readable", - "body": "Confirm maintenance window, constraints, and impact boundary are readable without becoming host update approval.", + "body": "確認維護窗口、限制條件與不可影響範圍可讀,但不代表可以更新或調校主機。", "guard": "host update=false" }, "rollbackOwnerReadable": { "title": "Rollback owner readable", - "body": "Confirm rollback owner, recovery path, and human contact are readable while no approval record is created.", + "body": "確認 rollback owner、復原路徑與人工聯絡點可讀,但尚未建立 approval record。", "guard": "approval record=false" }, "validationMetricsLinked": { "title": "Validation metrics linked", - "body": "Confirm post-check metrics, baseline, and evidence pointer are linked to the draft for later human review.", + "body": "確認 post-check metrics、baseline 與 evidence pointer 已連到草稿,供後續人審使用。", "guard": "accepted=0" }, "runtimeGateStillClosed": { "title": "Runtime gate still closed", - "body": "Confirm decision record draft review does not open 執行期閘門s. Later execution still requires a separate gate.", - "guard": "active 執行期閘門s=0; 操作按鈕s=false" + "body": "確認 decision record 草稿審查不會開 執行期閘門,後續執行仍需獨立 gate。", + "guard": "active 執行期閘門s=0;操作按鈕s=false" } } }, "hostOwnerDecisionRecordDraftReviewOutcomes": { - "title": "Host Owner Decision Record Draft Review Outcome Lanes", - "subtitle": "After draft review checklist, cases can only enter these read-only outcome lanes. This shows next steps and does not mark review passed, create decision records, or open 執行期閘門s.", + "title": "主機 Owner Decision Record Draft Review Outcome Lanes", + "subtitle": "Draft review checklist 後只能進入這些只讀結果分流。這裡顯示下一步,不會標記 review passed、不會建立 decision record、不會開 執行期閘門。", "laneLabel": "Review outcome", - "nextLabel": "Next step", + "nextLabel": "下一步", "items": { "readyForDecisionRecordWriteup": { "title": "Ready for decision record write-up", - "body": "When scope, scan mode, credential boundary, maintenance, rollback, validation, and runtime separation are readable, the case can only become a formal decision record write-up candidate.", - "next": "display write-up candidate; record created=false" + "body": "scope、scan mode、credential boundary、maintenance、rollback、validation 與 runtime separation 都可讀時,只能進入正式 decision record 撰寫候選。", + "next": "顯示 write-up candidate;record created=false" }, "scopeDraftIncomplete": { "title": "範圍 draft incomplete", - "body": "When the scope draft lacks host, network, service, exclusion, or observation intent, it returns to scope draft completion.", - "next": "collect scope statement; no record creation" + "body": "scope 草稿缺主機、網段、服務、排除範圍或觀察目的時,回到 scope 草稿補件。", + "next": "補 scope statement;不建立 record" }, "scanModeAmbiguous": { "title": "Scan mode ambiguous", - "body": "When scan mode can still be mistaken for authorization, it returns to scan mode draft and scope explanation.", - "next": "refine scan mode wording; scan authorized=false" + "body": "scan mode 仍可能被誤讀成授權時,回到 scan mode 草稿與 scope 說明。", + "next": "補 scan mode wording;scan authorized=false" }, "credentialBoundaryIncomplete": { "title": "Credential boundary incomplete", - "body": "When credential boundary is unclear about metadata-only handling, owner, or retention, it returns to credential draft completion.", - "next": "collect metadata-only boundary; secret collection=false" + "body": "credential boundary 若不清楚 metadata-only、owner 或保存邊界,必須回到 credential 草稿補件。", + "next": "補 metadata-only boundary;secret collection=false" }, "maintenanceConstraintsIncomplete": { "title": "Maintenance constraints incomplete", - "body": "When maintenance window, constraints, or impact boundary are unreadable, the case cannot enter formal decision record write-up.", - "next": "collect constraints; host update=false" + "body": "維護窗口、限制條件或不可影響範圍不可讀時,不能進入正式決策紀錄撰寫。", + "next": "補 constraints;host update=false" }, "rollbackOwnerIncomplete": { "title": "Rollback owner incomplete", - "body": "When rollback owner, recovery path, or human contact is unreadable, the case cannot enter later approval semantics.", - "next": "collect rollback owner; approval record=false" + "body": "rollback owner、復原路徑或人工聯絡點不可讀時,不能建立後續批准語義。", + "next": "補 rollback owner;approval record=false" }, "runtimeGateStillRequired": { "title": "Runtime gate still required", - "body": "Any later host action must still wait for a separate 執行期閘門 and cannot execute from draft review outcome.", - "next": "active 執行期閘門s=0; 操作按鈕s=false" + "body": "任何後續主機動作仍要等待獨立 執行期閘門,不能由 draft review outcome 執行。", + "next": "active 執行期閘門s=0;操作按鈕s=false" } } }, "hostOwnerDecisionRecordWriteups": { - "title": "Host Owner Decision Record Write-Up Packets", - "subtitle": "When a draft review outcome is ready for write-up, IwoooS can still only display formal decision record write-up fields. It does not create records, mark completed / accepted, or open 執行期閘門s.", + "title": "主機 Owner Decision Record Write-Up Packets", + "subtitle": "Draft review outcome 若進入 ready for write-up,IwoooS 也只能顯示正式 decision record 撰寫欄位。不建立 record、不標示 completed / accepted、不開 執行期閘門。", "packetLabel": "Write-up packet", - "fieldLabel": "Required field", + "fieldLabel": "必要欄位", "items": { "decisionSummaryWriteup": { "title": "Decision summary write-up", - "body": "Only organizes the human owner decision, risk acceptance boundary, and no-execution statement.", - "field": "decision summary; write-up completed=0" + "body": "只整理 owner 要做的人工作業判斷、風險接受邊界與不執行聲明。", + "field": "decision summary;write-up completed=0" }, "approvedScopeWriteup": { "title": "Approved scope write-up", - "body": "Only organizes hosts, networks, services, exclusions, observation intent, and expiry.", - "field": "scope / expiry; record created=false" + "body": "只整理主機、網段、服務、排除範圍、觀察目的與到期時間。", + "field": "scope / expiry;record created=false" }, "scanModeLimitsWriteup": { "title": "Scan mode limits write-up", - "body": "Only organizes limits for observe-only, future active scan, or credentialed scan modes. This is not scan approval.", - "field": "mode limits; scan authorized=false" + "body": "只整理 observe-only、future active scan 或 credentialed scan 的限制條件,不代表掃描批准。", + "field": "mode limits;scan authorized=false" }, "credentialBoundaryWriteup": { "title": "Credential boundary write-up", - "body": "Only organizes credential handling metadata, owner, retention boundary, and forbidden collection content.", - "field": "metadata-only boundary; secret collection=false" + "body": "只整理 credential handling metadata、owner、保存邊界與不可收集內容。", + "field": "metadata-only boundary;secret collection=false" }, "maintenanceRollbackWriteup": { "title": "Maintenance and rollback write-up", - "body": "Only organizes maintenance window candidates, constraints, rollback owner, recovery path, and human contact.", - "field": "window / rollback; host update=false" + "body": "只整理維護窗口候選、限制條件、rollback owner、復原路徑與人工聯絡點。", + "field": "window / rollback;host update=false" }, "validationEvidenceWriteup": { "title": "Validation evidence write-up", - "body": "Only organizes post-check metrics, baseline, evidence pointer, and human acceptance condition.", - "field": "metrics / evidence; accepted=0" + "body": "只整理 post-check metrics、baseline、evidence pointer 與人工驗收條件。", + "field": "metrics / evidence;accepted=0" }, "runtimeGatePointerWriteup": { "title": "Runtime gate pointer write-up", - "body": "Only states that future approval still needs a separate follow-up 執行期閘門 and cannot execute from write-up.", - "field": "執行期閘門 pointer; active gates=0" + "body": "只標示若未來批准,仍要另開 follow-up 執行期閘門,不能由 write-up 執行。", + "field": "執行期閘門 pointer;active gates=0" } } }, "hostOwnerDecisionRecordWriteupReview": { - "title": "Host Owner Decision Record Write-Up Review Checklist", - "subtitle": "Write-up packets still require read-only review. This only shows whether formal decision record write-up fields are readable and does not mark write-up completed, create or accept decision records, or open 執行期閘門s.", + "title": "主機 Owner Decision Record Write-Up Review Checklist", + "subtitle": "Write-up packets 後仍需要只讀核對。這裡只顯示正式 decision record 撰寫欄位是否可讀,不會標記 write-up completed、不會建立或接受 decision record、不會開 執行期閘門。", "checkLabel": "Write-up review", - "guardLabel": "No upgrade", + "guardLabel": "不可升級", "items": { "decisionSummaryReadable": { "title": "Decision summary readable", - "body": "Confirm the write-up only organizes the human owner decision, risk acceptance boundary, and no-execution statement without adding approval semantics.", - "guard": "write-up review only; completed=0" + "body": "確認 write-up 只整理 owner 人工判斷、風險接受邊界與不執行聲明,不新增批准語義。", + "guard": "write-up review only;completed=0" }, "scopeExpiryComplete": { "title": "範圍 and expiry complete", - "body": "Confirm scope, exclusions, observation intent, and expiry are readable so the formal record scope is not ambiguous.", + "body": "確認 scope、排除範圍、觀察目的與到期時間可讀,避免正式紀錄範圍不清。", "guard": "record created=false" }, "scanModeLimitsExplicit": { "title": "Scan mode limits explicit", - "body": "Confirm observe-only, future active scan, and credentialed scan limits are explicit while not becoming scan authorization.", + "body": "確認 observe-only、future active scan 與 credentialed scan 的限制條件明確,且不代表掃描授權。", "guard": "scan authorized=false" }, "credentialBoundaryMetadataOnly": { "title": "Credential boundary metadata only", - "body": "Confirm credential handling still keeps only metadata, owner, and retention boundary without requesting or storing sensitive material.", + "body": "確認 credential handling 仍只保留 metadata、owner 與保存邊界,不要求或保存敏感素材。", "guard": "secret collection=false" }, "maintenanceRollbackLinked": { "title": "Maintenance and rollback linked", - "body": "Confirm maintenance window candidates, constraints, rollback owner, recovery path, and human contact remain traceable.", + "body": "確認維護窗口候選、限制條件、rollback owner、復原路徑與人工聯絡點都可追。", "guard": "host update=false" }, "validationEvidenceLinked": { "title": "Validation evidence linked", - "body": "Confirm post-check metrics, baseline, evidence pointer, and human acceptance condition are linked to the write-up.", + "body": "確認 post-check metrics、baseline、evidence pointer 與人工驗收條件已連到 write-up。", "guard": "accepted=0" }, "runtimeGateStillSeparate": { "title": "Runtime gate still separate", - "body": "Confirm the 執行期閘門 pointer still points to a separate follow-up gate and write-up review does not open gates.", - "guard": "active 執行期閘門s=0; 操作按鈕s=false" + "body": "確認 執行期閘門 pointer 仍指向獨立 follow-up gate,write-up review 不會開 gate。", + "guard": "active 執行期閘門s=0;操作按鈕s=false" } } }, "hostOwnerDecisionRecordWriteupReviewOutcomes": { - "title": "Host Owner Decision Record Write-Up Review Outcome Lanes", - "subtitle": "After write-up review checklist, cases can only enter these read-only outcome lanes. This shows next steps and does not mark review passed, create or accept decision records, or open 執行期閘門s.", + "title": "主機 Owner Decision Record Write-Up Review Outcome Lanes", + "subtitle": "Write-up review checklist 後只能進入這些只讀結果分流。這裡顯示下一步,不會標記 review passed、不會建立或接受 decision record、不會開 執行期閘門。", "laneLabel": "Review outcome", - "nextLabel": "Next step", + "nextLabel": "下一步", "items": { "readyForFormalRecordCandidate": { "title": "Ready for formal record candidate", - "body": "When summary, scope, scan limits, credential boundary, maintenance, rollback, validation, and runtime separation are readable, the case can only show a formal record candidate.", - "next": "display formal record candidate; record created=false" + "body": "summary、scope、scan limits、credential boundary、maintenance、rollback、validation 與 runtime separation 都可讀時,只能顯示正式紀錄候選。", + "next": "顯示 formal record candidate;record created=false" }, "decisionSummaryNeedsClarification": { "title": "Decision summary needs clarification", - "body": "When the decision summary, risk acceptance boundary, or no-execution statement is unreadable, the case returns to write-up completion.", - "next": "collect decision summary; completed=0" + "body": "decision summary、風險接受邊界或不執行聲明不可讀時,回到 write-up 補件。", + "next": "補 decision summary;completed=0" }, "scopeExpiryNeedsRefresh": { "title": "範圍 and expiry needs refresh", - "body": "When scope, exclusions, observation intent, or expiry are incomplete, the case cannot enter formal record candidate.", - "next": "collect scope / expiry; record created=false" + "body": "scope、排除範圍、觀察目的或到期時間不完整時,不能進入正式紀錄候選。", + "next": "補 scope / expiry;record created=false" }, "scanModeLimitsAmbiguous": { "title": "Scan mode limits ambiguous", - "body": "When scan mode limits can still be mistaken for active scan or credentialed scan authorization, the wording must return to write-up.", - "next": "refine scan wording; scan authorized=false" + "body": "scan mode limits 仍可能被誤讀成 active scan 或 credentialed scan 授權時,必須回到 write-up 修正。", + "next": "補 scan wording;scan authorized=false" }, "credentialBoundaryFailed": { "title": "Credential boundary failed", - "body": "When credential boundary is unclear about metadata-only handling, owner, retention, or forbidden collection content, it returns to credential write-up.", - "next": "collect metadata-only boundary; secret collection=false" + "body": "credential boundary 若不清楚 metadata-only、owner、保存邊界或不可收集內容,必須回到 credential write-up。", + "next": "補 metadata-only boundary;secret collection=false" }, "maintenanceRollbackIncomplete": { "title": "Maintenance and rollback incomplete", - "body": "When maintenance window, constraints, rollback owner, recovery path, or human contact is unreadable, the case cannot create approval semantics.", - "next": "collect maintenance / rollback; host update=false" + "body": "維護窗口、限制條件、rollback owner、復原路徑或人工聯絡點不可讀時,不能建立批准語義。", + "next": "補 maintenance / rollback;host update=false" }, "runtimeGateStillRequired": { "title": "Runtime gate still required", - "body": "Validation evidence or 執行期閘門 pointer still requires a separate follow-up gate and cannot execute from review outcome.", - "next": "active 執行期閘門s=0; 操作按鈕s=false" + "body": "validation evidence 或 執行期閘門 pointer 仍需要獨立 follow-up gate,不能由 review outcome 執行。", + "next": "active 執行期閘門s=0;操作按鈕s=false" } } }, "hostOwnerDecisionRecordFormalCandidates": { - "title": "Host Owner Decision Record Formal Candidate Packets", - "subtitle": "Formal record candidate only organizes the fields that may later be written into a formal record. This does not create decision records, mark finalized or accepted, create approval records, or open 執行期閘門s.", + "title": "主機 Owner Decision Record Formal Candidate Packets", + "subtitle": "Formal record candidate 只把未來可能寫入正式紀錄的欄位整理出來。這裡不建立 decision record、不標記 finalized / accepted、不產生 approval record、不開 執行期閘門。", "packetLabel": "Candidate packet", - "fieldLabel": "Candidate field", + "fieldLabel": "候選欄位", "items": { "recordIdentityCandidate": { "title": "Record identity candidate", - "body": "Organizes candidate record id, version, owner, review scope, and trace source so a future formal record has a readable identity.", - "field": "identity / version; record created=false" + "body": "整理候選 record id、版本、owner、review scope 與追蹤來源,避免正式紀錄沒有可追溯身份。", + "field": "identity / version;record created=false" }, "decisionSummaryCandidate": { "title": "Decision summary candidate", - "body": "Organizes human owner decision summary, risk acceptance boundary, and no-execution statement without writing it as an accepted decision.", - "field": "decision summary; finalized=0" + "body": "整理人工 owner decision summary、風險接受邊界與不執行聲明,但不把它寫成已接受決策。", + "field": "decision summary;finalized=0" }, "approvedScopeCandidate": { "title": "Approved scope candidate", - "body": "Organizes host, network, service, exclusion, observation intent, and expiry so scope remains readable.", - "field": "scope / expiry; accepted=0" + "body": "整理 host、network、service、exclusion、觀察目的與到期時間,保留 scope 可讀性。", + "field": "scope / expiry;accepted=0" }, "scanModeLimitsCandidate": { "title": "Scan mode limits candidate", - "body": "Organizes observe-only, future active scan, and credentialed scan limits so they cannot be mistaken for scan authorization.", - "field": "scan limits; scan authorized=false" + "body": "整理 observe-only、未來 active scan 與 credentialed scan 的限制,避免被誤讀成掃描授權。", + "field": "scan limits;scan authorized=false" }, "credentialBoundaryCandidate": { "title": "Credential boundary candidate", - "body": "Organizes metadata-only credential owner, retention boundary, masking requirement, and forbidden collection content.", - "field": "metadata-only boundary; secret collection=false" + "body": "整理 metadata-only credential owner、保存邊界、遮蔽要求與不可收集內容。", + "field": "metadata-only boundary;secret collection=false" }, "maintenanceRollbackCandidate": { "title": "Maintenance and rollback candidate", - "body": "Organizes maintenance window, constraints, rollback owner, recovery path, and human contact.", - "field": "window / rollback; host update=false" + "body": "整理維護窗口、限制條件、rollback owner、復原路徑與人工聯絡點。", + "field": "window / rollback;host update=false" }, "validationRuntimeGateCandidate": { "title": "Validation and 執行期閘門 candidate", - "body": "Organizes validation evidence, post-check metrics, baseline pointer, and the statement that a separate follow-up 執行期閘門 is still required.", - "field": "validation / runtime pointer; active gates=0" + "body": "整理 validation evidence、post-check metrics、baseline pointer 與仍需獨立 follow-up 執行期閘門 的聲明。", + "field": "validation / runtime pointer;active gates=0" } } }, "hostOwnerDecisionRecordFormalCandidateReview": { - "title": "Host Owner Decision Record Formal Candidate Review Checklist", - "subtitle": "Formal candidate packets can still only enter read-only review before any later human record step. This does not mark review passed, create decision records, mark accepted, create approval records, or open 執行期閘門s.", + "title": "主機 Owner Decision Record Formal Candidate Review Checklist", + "subtitle": "Formal candidate packets 進入後續人工紀錄前仍只能做只讀核對。這裡不標記 review passed、不建立 decision record、不標記 accepted、不建立 approval record、不開 執行期閘門。", "checkLabel": "Candidate review", - "guardLabel": "Still locked", + "guardLabel": "仍鎖住", "items": { "identityTraceable": { "title": "Record identity traceable", - "body": "Confirm candidate record id, version, owner, review scope, and trace source are readable while no formal record is created.", + "body": "確認 candidate record id、版本、owner、review scope 與 trace source 可讀,且沒有建立正式紀錄。", "guard": "record created=false" }, "decisionSummaryReadable": { "title": "Decision summary readable", - "body": "Confirm decision summary, risk acceptance boundary, and no-execution statement are readable while still not meaning decision accepted.", + "body": "確認 decision summary、風險接受邊界與不執行聲明可讀,但仍不代表 decision accepted。", "guard": "accepted=0" }, "scopeExpiryConsistent": { "title": "範圍 and expiry consistent", - "body": "Confirm host, network, service, exclusion, observation intent, and expiry are consistent while remaining candidate fields only.", + "body": "確認 host、network、service、exclusion、觀察目的與到期時間一致,仍只作為候選欄位。", "guard": "finalized=0" }, "scanLimitsStillNotAuthorization": { "title": "Scan limits still not authorization", - "body": "Confirm observe-only, future active scan, and credentialed scan limits cannot be mistaken for active scan or credentialed scan authorization.", + "body": "確認 observe-only、future active scan 與 credentialed scan limits 沒有被誤讀成 active scan 或 credentialed scan 授權。", "guard": "scan authorized=false" }, "credentialBoundaryStillMetadataOnly": { "title": "Credential boundary still metadata-only", - "body": "Confirm credential boundary only keeps metadata, owner, retention, masking, and forbidden collection content.", + "body": "確認 credential boundary 只保留 metadata、owner、retention、masking 與不可收集內容。", "guard": "secret collection=false" }, "maintenanceRollbackTraceable": { "title": "Maintenance and rollback traceable", - "body": "Confirm maintenance window, constraints, rollback owner, recovery path, and human contact remain traceable.", + "body": "確認維護窗口、限制條件、rollback owner、復原路徑與人工聯絡點可追。", "guard": "host update=false" }, "runtimeGateStillClosed": { "title": "Runtime gate still closed", - "body": "Confirm validation evidence and 執行期閘門 pointer still only point to a separate follow-up gate and candidate review does not open gates.", - "guard": "active 執行期閘門s=0; 操作按鈕s=false" + "body": "確認 validation evidence 與 執行期閘門 pointer 仍只指向獨立 follow-up gate,candidate review 不會開 gate。", + "guard": "active 執行期閘門s=0;操作按鈕s=false" } } }, "hostOwnerDecisionRecordFormalCandidateReviewOutcomes": { - "title": "Host Owner Decision Record Formal Candidate Review Outcome Lanes", - "subtitle": "Formal candidate review outcome only shows next-step lanes after candidate review. This does not mark review passed, mark finalized, create decision records, mark accepted, create approval records, or open 執行期閘門s.", + "title": "主機 Owner Decision Record Formal Candidate Review Outcome Lanes", + "subtitle": "Formal candidate review outcome 只呈現候選核對後的下一步分流。這裡不標記 review passed、不標記 finalized、不建立 decision record、不標記 accepted、不建立 approval record、不開 執行期閘門。", "laneLabel": "Outcome lane", - "nextLabel": "Next remains read-only", + "nextLabel": "下一步仍只讀", "items": { "readyForHumanRecordQueue": { "title": "Ready for human record queue", - "body": "When candidate fields are readable, this can only show readiness for a human formal-record queue and does not create decision records.", - "next": "queue visible only; record created=false" + "body": "候選欄位可讀時,只能顯示可送人工正式紀錄佇列,不會建立 decision record。", + "next": "queue visible only;record created=false" }, "identityNeedsTrace": { "title": "Record identity needs trace", - "body": "When candidate record id, version, owner, review scope, or trace source is missing, the item returns to identity trace collection.", - "next": "collect identity trace; review passed=0" + "body": "candidate record id、版本、owner、review scope 或 trace source 不足時,回到身份追蹤補件。", + "next": "補 identity trace;review passed=0" }, "decisionSummaryNeedsClarification": { "title": "Decision summary needs clarification", - "body": "When decision summary, risk acceptance boundary, or no-execution statement is unclear, the item remains a candidate.", - "next": "clarify decision summary; accepted=0" + "body": "decision summary、風險接受邊界或不執行聲明不清楚時,維持候選狀態。", + "next": "補 decision summary;accepted=0" }, "scopeExpiryNeedsRefresh": { "title": "範圍 and expiry need refresh", - "body": "When host, network, service, exclusion, observation intent, or expiry is inconsistent, the item cannot enter a formal record.", - "next": "refresh scope / expiry; finalized=0" + "body": "host、network、service、exclusion、觀察目的或到期時間不一致時,不進入正式紀錄。", + "next": "補 scope / expiry;finalized=0" }, "scanLimitsAmbiguous": { "title": "Scan limits remain ambiguous", - "body": "When active scan or credentialed scan limits could be misread, the lane stays locked as not authorized.", - "next": "clarify scan limits; scan authorized=false" + "body": "active scan 或 credentialed scan limits 可能被誤讀時,仍鎖在不授權狀態。", + "next": "補 scan limits;scan authorized=false" }, "credentialBoundaryFailed": { "title": "Credential boundary failed", - "body": "When credential metadata, retention, masking, or forbidden collection boundary is unclear, the lane remains quarantined.", - "next": "repair metadata-only boundary; secret collection=false" + "body": "credential metadata、retention、masking 或 forbidden collection 邊界不清楚時,直接隔離。", + "next": "補 metadata-only boundary;secret collection=false" }, "maintenanceRollbackIncomplete": { "title": "Maintenance and rollback incomplete", - "body": "When maintenance window, constraints, rollback owner, recovery path, or human contact is not traceable, approval semantics cannot be created.", - "next": "collect maintenance / rollback; host update=false" + "body": "維護窗口、限制條件、rollback owner、復原路徑或人工聯絡點不可追時,不能建立批准語義。", + "next": "補 maintenance / rollback;host update=false" }, "runtimeGateStillRequired": { "title": "Runtime gate still required", - "body": "Validation evidence or 執行期閘門 pointer still requires a separate follow-up gate and cannot open from the outcome.", - "next": "active 執行期閘門s=0; 操作按鈕s=false" + "body": "validation evidence 或 執行期閘門 pointer 仍需要獨立 follow-up gate,不能由 outcome 開 gate。", + "next": "active 執行期閘門s=0;操作按鈕s=false" } } }, "hostOwnerDecisionRecordFormalRecordQueue": { - "title": "Host Owner Decision Record Formal Record Queue Packets", - "subtitle": "Formal record queue packets only organize the data packets a future human formal-record queue would need to read. This does not enqueue, create decision records, mark accepted, create approval records, or open 執行期閘門s.", + "title": "主機 Owner Decision Record Formal Record Queue Packets", + "subtitle": "Formal record queue packets 只整理未來人工正式紀錄佇列需要看到的資料包。這裡不 enqueue、不建立 decision record、不標記 accepted、不建立 approval record、不開 執行期閘門。", "packetLabel": "Queue packet", - "fieldLabel": "Queue field", + "fieldLabel": "佇列欄位", "items": { "queueIdentityPacket": { "title": "Queue identity packet", - "body": "Organizes candidate record id, version, owner, review scope, and trace source so a human queue can trace identity.", - "field": "identity trace; queue enqueued=0" + "body": "整理 candidate record id、版本、owner、review scope 與 trace source,讓人工佇列能追蹤身份。", + "field": "identity trace;queue enqueued=0" }, "queueDecisionSummaryPacket": { "title": "Queue decision summary packet", - "body": "Organizes decision summary, risk acceptance boundary, and no-execution statement without creating a formal decision record.", - "field": "decision summary; record created=false" + "body": "整理 decision summary、風險接受邊界與不執行聲明,但不建立正式 decision record。", + "field": "decision summary;record created=false" }, "queueScopeExpiryPacket": { "title": "Queue scope and expiry packet", - "body": "Organizes host, network, service, exclusion, observation intent, and expiry while remaining readable queue information only.", - "field": "scope / expiry; finalized=0" + "body": "整理 host、network、service、exclusion、觀察目的與到期時間,仍只作為人工佇列可讀資訊。", + "field": "scope / expiry;finalized=0" }, "queueScanLimitsPacket": { "title": "Queue scan limits packet", - "body": "Organizes observe-only, future active scan, and credentialed scan limits so they cannot be mistaken for scan authorization.", - "field": "scan limits; scan authorized=false" + "body": "整理 observe-only、future active scan 與 credentialed scan limits,避免被誤讀成掃描授權。", + "field": "scan limits;scan authorized=false" }, "queueCredentialBoundaryPacket": { "title": "Queue credential boundary packet", - "body": "Organizes metadata-only credential owner, retention, masking, and forbidden collection boundary.", - "field": "metadata-only boundary; secret collection=false" + "body": "整理 metadata-only credential owner、retention、masking 與 forbidden collection 邊界。", + "field": "metadata-only boundary;secret collection=false" }, "queueMaintenanceRollbackPacket": { "title": "Queue maintenance and rollback packet", - "body": "Organizes maintenance window, constraints, rollback owner, recovery path, and human contact.", - "field": "window / rollback; host update=false" + "body": "整理維護窗口、限制條件、rollback owner、復原路徑與人工聯絡點。", + "field": "window / rollback;host update=false" }, "queueValidationRuntimeGatePacket": { "title": "Queue validation and 執行期閘門 packet", - "body": "Organizes validation evidence, post-check metrics, baseline pointer, and the separate 執行期閘門 requirement.", - "field": "validation / runtime pointer; active gates=0" + "body": "整理 validation evidence、post-check metrics、baseline pointer 與獨立 執行期閘門 需求。", + "field": "validation / runtime pointer;active gates=0" }, "queueNoExecutionAttestationPacket": { "title": "Queue no-execution attestation packet", - "body": "Organizes the statement that nothing is executed, approved, or gate-opened so queue packets cannot be treated as authorization.", - "field": "not authorization; 操作按鈕s=false" + "body": "整理仍不執行、不批准、不開 gate 的聲明,避免佇列資料包被當成授權。", + "field": "not authorization;操作按鈕s=false" } } }, "hostOwnerDecisionRecordFormalRecordQueueReview": { - "title": "Host Owner Decision Record Formal Record Queue Review Checklist", - "subtitle": "The formal record queue review checklist only confirms whether queue packets are readable for a future human formal-record review. It does not mark review passed, enqueue, create decision records, create approval records, or open 執行期閘門s.", + "title": "主機 Owner Decision Record Formal Record Queue Review Checklist", + "subtitle": "Formal record queue review checklist 只確認佇列資料包是否可供未來人工正式紀錄審查。不標記 review passed、不 enqueue、不建立 decision record、不建立 approval record、不開 執行期閘門。", "checkLabel": "Queue review", - "guardLabel": "Guardrail", + "guardLabel": "保護邊界", "items": { "queueIdentityTraceable": { "title": "Queue identity traceable", - "body": "Confirms queue identity can trace candidate record, version, owner, review scope, and source without treating traceability as formal enqueue.", - "guard": "trace only; queue enqueued=0" + "body": "確認 queue identity 能回溯 candidate record、版本、owner、review scope 與來源,不把可追蹤性當成正式入列。", + "guard": "trace only;queue enqueued=0" }, "queueDecisionSummaryReadable": { "title": "Queue decision summary readable", - "body": "Confirms the decision summary and no-execution statement are readable without creating a formal decision record.", - "guard": "summary only; record created=false" + "body": "確認 decision summary 與 no-execution statement 可讀,但不產生正式 decision record。", + "guard": "summary only;record created=false" }, "queueScopeExpiryFresh": { "title": "Queue scope and expiry fresh", - "body": "Confirms host, network, service, exclusion, observation intent, and expiry are not stale or outside the original scope.", - "guard": "scope check only; finalized=0" + "body": "確認 host、network、service、exclusion、觀察目的與 expiry 沒有過期或超出原始 scope。", + "guard": "scope check only;finalized=0" }, "queueScanLimitsNotAuthorization": { "title": "Queue scan limits not authorization", - "body": "Confirms observe-only, future active scan, and credentialed scan limits remain constraints, not scan approval.", + "body": "確認 observe-only、future active scan 與 credentialed scan limits 仍只是限制描述,不是掃描批准。", "guard": "scan authorized=false" }, "queueCredentialBoundaryMetadataOnly": { "title": "Queue credential boundary metadata-only", - "body": "Confirms credential boundary keeps only metadata, owner, retention, and masking boundary without requesting sensitive material.", + "body": "確認 credential boundary 只保留 metadata、owner、retention 與 masking 邊界,不要求敏感素材。", "guard": "secret collection=false" }, "queueMaintenanceRollbackLinked": { "title": "Queue maintenance and rollback linked", - "body": "Confirms maintenance window, constraints, rollback owner, recovery path, and human contact have pointers without allowing host package changes or tuning.", + "body": "確認維護窗口、限制條件、rollback owner、復原路徑與人工聯絡點都有 pointer,但不代表可以做主機套件變更或調校。", "guard": "host change=false" }, "queueValidationGateSeparate": { "title": "Queue validation gate separate", - "body": "Confirms validation evidence, post-check metrics, and baseline pointer still route to a separate 執行期閘門.", + "body": "確認 validation evidence、post-check metrics 與 baseline pointer 仍導向獨立 執行期閘門。", "guard": "active gates=0" }, "queueNoExecutionAttestationPresent": { "title": "Queue no-execution attestation present", - "body": "Confirms the no-execution, no-approval, and no-runtime-gate statement remains present so the checklist cannot become an action entry.", + "body": "確認 no-execution / no-approval / no-runtime-gate 聲明仍在,避免 checklist 被當成 action entry。", "guard": "操作按鈕s=false" } } }, "hostOwnerDecisionRecordFormalRecordQueueReviewOutcomes": { - "title": "Host Owner Decision Record Formal Record Queue Review Outcome Lanes", - "subtitle": "Formal record queue review outcome lanes only show the next-step routing after checklist review. They do not mark review passed, enqueue, create decision records, accept owner decisions, create approval records, or open 執行期閘門s.", + "title": "主機 Owner Decision Record Formal Record Queue Review Outcome Lanes", + "subtitle": "Formal record queue review outcome lanes 只顯示 checklist 後的下一步分流。不代表 review passed、不 enqueue、不建立 decision record、不接受 owner decision、不建立 approval record、不開 執行期閘門。", "laneLabel": "Queue review outcome", - "nextLabel": "Next step", + "nextLabel": "下一步", "items": { "readyForHumanRecordOwnerHandoff": { "title": "Ready for human record owner handoff", - "body": "When all queue review conditions are readable, this can only display a future candidate handoff state for a human record owner.", - "next": "display handoff candidate; review passed=0, queue enqueued=0" + "body": "所有 queue review 條件都可讀時,只能顯示未來交給人工 record owner 的候選狀態。", + "next": "顯示 handoff 候選;review passed=0、queue enqueued=0" }, "identityNeedsTraceRefresh": { "title": "Identity needs trace refresh", - "body": "When candidate record id, version, owner, review scope, or trace source is unclear, route back to the identity packet for evidence refresh.", - "next": "refresh identity trace; record created=false" + "body": "candidate record id、版本、owner、review scope 或 trace source 不清楚時,回到 identity packet 補證。", + "next": "補 identity trace;record created=false" }, "decisionSummaryNeedsClarification": { "title": "Decision summary needs clarification", - "body": "When the decision summary or no-execution statement is not readable, route back to the summary packet for clarification.", - "next": "clarify decision summary; accepted=0" + "body": "decision summary 或 no-execution statement 不可讀時,回到 summary packet 補文字。", + "next": "補 decision summary;accepted=0" }, "scopeExpiryNeedsRefresh": { "title": "範圍 and expiry need refresh", - "body": "When host, network, service, exclusion, observation intent, or expiry is stale or outside original scope, route back to the scope packet.", - "next": "refresh scope / expiry; finalized=0" + "body": "host、network、service、exclusion、觀察目的或 expiry 過期或超出原始 scope 時,回到 scope packet。", + "next": "補 scope / expiry;finalized=0" }, "scanLimitsRemainAmbiguous": { "title": "Scan limits remain ambiguous", - "body": "If observe-only, future active scan, or credentialed scan limits can still be mistaken for authorization, route back to the scan limits packet.", - "next": "clarify scan limits; scan authorized=false" + "body": "observe-only、future active scan 或 credentialed scan limits 若仍可能被誤讀成授權,必須回到 scan limits packet。", + "next": "補 scan limits;scan authorized=false" }, "credentialBoundaryFailed": { "title": "Credential boundary failed", - "body": "If the credential boundary cannot stay metadata-only or the responsibility boundary is unreadable, quarantine and request evidence refresh.", - "next": "refresh metadata-only boundary; secret collection=false" + "body": "credential boundary 若無法保持 metadata-only 或責任邊界不可讀,必須隔離補證。", + "next": "補 metadata-only boundary;secret collection=false" }, "maintenanceRollbackIncomplete": { "title": "Maintenance and rollback incomplete", - "body": "If maintenance window, constraints, rollback owner, recovery path, or human contact is missing, it cannot enter formal record semantics.", - "next": "refresh maintenance / rollback; host change=false" + "body": "維護窗口、限制條件、rollback owner、復原路徑或人工聯絡點缺漏時,不能進入正式紀錄語義。", + "next": "補 maintenance / rollback;host change=false" }, "runtimeGateStillRequired": { "title": "Runtime gate still required", - "body": "Validation evidence or 執行期閘門 pointer still requires a separate follow-up gate and cannot open from queue review outcome.", - "next": "active 執行期閘門s=0; 操作按鈕s=false" + "body": "validation evidence 或 執行期閘門 pointer 仍需要獨立 follow-up gate,不能由 queue review outcome 開 gate。", + "next": "active 執行期閘門s=0;操作按鈕s=false" } } }, "hostOwnerDecisionRecordHumanHandoffReadiness": { - "title": "Host Owner Decision Record Human Record Owner Handoff Readiness Packets", - "subtitle": "Human record owner handoff readiness packets only display metadata to prepare before a future human record owner handoff. They do not start handoff, mark handoff ready, mark review passed, create decision records, accept owner decisions, or open 執行期閘門s.", + "title": "主機 Owner Decision Record Human Record Owner Handoff Readiness Packets", + "subtitle": "Human record owner handoff readiness packets 只顯示未來交給人工 record owner 前要準備的 metadata。不代表 handoff started、不代表 handoff ready、不代表 review passed、不建立 decision record、不接受 owner decision、不開 執行期閘門。", "packetLabel": "Handoff readiness packet", - "guardLabel": "Guardrail", + "guardLabel": "保護邊界", "items": { "handoffIdentityTrace": { "title": "Handoff identity and trace", - "body": "Shows whether candidate record id, version, source outcome lane, source queue review, and trace pointer are readable enough for a future human record owner to identify.", - "guard": "handoff started=0; ready=0" + "body": "顯示 candidate record id、版本、來源 outcome lane、source queue review 與 trace pointer 是否足夠供未來人工 record owner 辨識。", + "guard": "handoff started=0;ready=0" }, "handoffOwnerBoundary": { "title": "Human record owner boundary", - "body": "Shows future record owner, backup owner, contact point, and responsibility boundary without sending notifications, collecting decisions, or creating approval records.", + "body": "顯示未來 record owner、backup owner、聯絡窗口與責任邊界,但不自動通知、不收 decision、不建立 approval record。", "guard": "owner decision received=0" }, "handoffDecisionSummary": { "title": "Decision summary packet", - "body": "Shows whether decision summary, no-execution statement, and candidate conclusion are readable so the handoff cannot be mistaken for approval.", + "body": "顯示 decision summary、no-execution statement 與候選結論是否可讀,避免 handoff 時把摘要當成批准。", "guard": "decision record created=false" }, "handoffScopeExpiry": { "title": "範圍 and expiry packet", - "body": "Shows the handoff summary for host, network, service, exclusion, observation intent, and expiry; stale or out-of-scope data can only route back to scope refresh.", + "body": "顯示 host、network、service、exclusion、觀察目的與 expiry 的 handoff 摘要,過期或越界時仍只能回補 scope。", "guard": "review passed=0" }, "handoffScanLimits": { "title": "Scan limits packet", - "body": "Shows the wording for observe-only, future active scan, and credentialed scan limits so the human record owner can see this is not scan authorization.", + "body": "顯示 observe-only、future active scan 與 credentialed scan limits 的限制文字,讓人工 record owner 清楚這不是掃描授權。", "guard": "scan authorized=false" }, "handoffCredentialBoundary": { "title": "Credential boundary packet", - "body": "Shows credential boundary metadata, retention, and masking responsibility without collecting plaintext, token values, or raw 機密設定.", + "body": "顯示 credential boundary metadata、retention 與 masking 責任,不收 plaintext、不收 token value、不收 raw secret。", "guard": "secret collection=false" }, "handoffMaintenanceRollback": { "title": "Maintenance and rollback packet", - "body": "Shows maintenance window, constraints, rollback owner, recovery path, and human contact while still disallowing SSH, package updates, or host tuning.", + "body": "顯示維護窗口、限制條件、rollback owner、復原路徑與人工聯絡點,仍不允許 SSH、package update 或主機調校。", "guard": "host change=false" }, "handoffRuntimeGate": { "title": "Runtime gate separation packet", - "body": "Shows validation evidence and follow-up 執行期閘門 pointer as a separate gate that cannot open from handoff readiness.", - "guard": "active 執行期閘門s=0; 操作按鈕s=false" + "body": "顯示 validation evidence 與 follow-up 執行期閘門 pointer 仍是獨立 gate,不能由 handoff readiness 開啟。", + "guard": "active 執行期閘門s=0;操作按鈕s=false" } } }, "hostOwnerDecisionRecordHumanHandoffReadinessReview": { - "title": "Host Owner Decision Record Human Handoff Readiness Review Checklist", - "subtitle": "Human handoff readiness review checklist only displays read-only checks before handoff readiness packets can be reviewed by a future human record owner. It does not mark review passed, start handoff, mark handoff ready, create decision records, accept owner decisions, or open 執行期閘門s.", + "title": "主機 Owner Decision Record Human Handoff Readiness Review Checklist", + "subtitle": "Human handoff readiness review checklist 只顯示 handoff readiness packets 進人工 record owner 前的只讀核對條件。不代表 review passed、不開始 handoff、不標記 handoff ready、不建立 decision record、不接受 owner decision、不開 執行期閘門。", "checkLabel": "Handoff readiness check", - "guardLabel": "Guardrail", + "guardLabel": "保護邊界", "items": { "identityTraceReadable": { "title": "Identity trace readable", - "body": "Confirms candidate record id, version, source outcome lane, source queue review, and trace pointer are readable; gaps can only route back to identity trace refresh.", - "guard": "handoff started=0; ready=0" + "body": "確認 candidate record id、版本、來源 outcome lane、source queue review 與 trace pointer 可讀;缺漏時只能回補 identity trace。", + "guard": "handoff started=0;ready=0" }, "ownerBoundaryReadable": { "title": "Owner boundary readable", - "body": "Confirms future record owner, backup owner, contact point, and responsibility boundary are readable without sending notifications or collecting owner decisions.", + "body": "確認 future record owner、backup owner、聯絡窗口與責任邊界可讀;不能自動通知或收 owner decision。", "guard": "owner decision received=0" }, "decisionSummaryReadable": { "title": "Decision summary readable", - "body": "Confirms decision summary, candidate conclusion, and no-execution statement are readable so handoff readiness cannot be mistaken for approval.", + "body": "確認 decision summary、候選結論與 no-execution statement 可讀,避免 handoff readiness 被誤讀成批准。", "guard": "decision record created=false" }, "scopeExpiryCurrent": { "title": "範圍 and expiry current", - "body": "Confirms host, network, service, exclusion, observation intent, and expiry are current and in scope; stale scope can only route back to scope refresh.", + "body": "確認 host、network、service、exclusion、觀察目的與 expiry 沒有過期或越界;過期時只能回補 scope。", "guard": "review passed=0" }, "scanLimitsNotAuthorization": { "title": "Scan limits not authorization", - "body": "Confirms observe-only, future active scan, and credentialed scan limits remain constraint wording, not scan approval.", + "body": "確認 observe-only、future active scan 與 credentialed scan limits 仍只是限制文字,不是掃描批准。", "guard": "scan authorized=false" }, "credentialBoundaryMetadataOnly": { "title": "Credential boundary metadata-only", - "body": "Confirms credential boundary only contains metadata, retention, and masking responsibility without plaintext, token values, or raw 機密設定.", + "body": "確認 credential boundary 只含 metadata、retention 與 masking 責任;不得收 plaintext、token value 或 raw secret。", "guard": "secret collection=false" }, "maintenanceRollbackTraceable": { "title": "Maintenance and rollback traceable", - "body": "Confirms maintenance window, constraints, rollback owner, recovery path, and human contact are traceable while still disallowing SSH, package updates, or host tuning.", + "body": "確認維護窗口、限制條件、rollback owner、復原路徑與人工聯絡點可追溯,但仍不能 SSH、更新套件或調校主機。", "guard": "host change=false" }, "runtimeGateSeparate": { "title": "Runtime gate separate", - "body": "Confirms validation evidence and follow-up 執行期閘門 remain independent and cannot open from readiness review.", - "guard": "active 執行期閘門s=0; 操作按鈕s=false" + "body": "確認 validation evidence 與 follow-up 執行期閘門 仍維持獨立,不由 readiness review 開啟。", + "guard": "active 執行期閘門s=0;操作按鈕s=false" } } }, "hostOwnerDecisionRecordHumanHandoffReadinessReviewOutcomes": { - "title": "Host Owner Decision Record Human Handoff Readiness Review Outcome Lanes", - "subtitle": "Human handoff readiness review outcome lanes only show next-step routing after checklist review. They do not mark review passed, start handoff, mark handoff ready, create decision records, accept owner decisions, create approval records, or open 執行期閘門s.", + "title": "主機 Owner Decision Record Human Handoff Readiness Review Outcome Lanes", + "subtitle": "Human handoff readiness review outcome lanes 只顯示 checklist 後的下一步分流。不代表 review passed、不開始 handoff、不標記 handoff ready、不建立 decision record、不接受 owner decision、不建立 approval record、不開 執行期閘門。", "laneLabel": "Handoff review outcome", - "nextLabel": "Next step", + "nextLabel": "下一步", "items": { "readyForHumanRecordOwnerReviewCandidate": { "title": "Ready for human record owner review candidate", - "body": "When all readiness review conditions are readable, this can only display a future candidate state for human record owner review.", - "next": "display review candidate; review passed=0, handoff started=0" + "body": "所有 readiness review 條件都可讀時,只能顯示未來交給人工 record owner 看看的候選狀態。", + "next": "顯示 review candidate;review passed=0、handoff started=0" }, "identityTraceNeedsRefresh": { "title": "Identity trace needs refresh", - "body": "When candidate record id, version, source outcome lane, source queue review, or trace pointer is unclear, route back to the identity packet.", - "next": "refresh identity trace; handoff ready=0" + "body": "candidate record id、版本、來源 outcome lane、source queue review 或 trace pointer 不清楚時,回到 identity packet 補證。", + "next": "補 identity trace;handoff ready=0" }, "ownerBoundaryNeedsClarification": { "title": "Owner boundary needs clarification", - "body": "When record owner, backup owner, contact point, or responsibility boundary is unreadable, route back to the owner boundary packet.", - "next": "clarify owner boundary; decision received=0" + "body": "record owner、backup owner、聯絡窗口或責任邊界不可讀時,回到 owner boundary packet 補文字。", + "next": "補 owner boundary;decision received=0" }, "decisionSummaryNeedsClarification": { "title": "Decision summary needs clarification", - "body": "When decision summary, candidate conclusion, or no-execution statement is unreadable, route back to the decision summary packet.", - "next": "clarify decision summary; record created=false" + "body": "decision summary、候選結論或 no-execution statement 不可讀時,回到 decision summary packet。", + "next": "補 decision summary;record created=false" }, "scopeExpiryNeedsRefresh": { "title": "範圍 and expiry need refresh", - "body": "When host, network, service, exclusion, observation intent, or expiry is stale or out of scope, route back to the scope packet.", - "next": "refresh scope / expiry; review passed=0" + "body": "host、network、service、exclusion、觀察目的或 expiry 過期或越界時,回到 scope packet。", + "next": "補 scope / expiry;review passed=0" }, "scanLimitsRemainAmbiguous": { "title": "Scan limits remain ambiguous", - "body": "If observe-only, future active scan, or credentialed scan limits can still be mistaken for authorization, route back to the scan limits packet.", - "next": "clarify scan limits; scan authorized=false" + "body": "observe-only、future active scan 或 credentialed scan limits 仍可能被誤讀成授權時,回到 scan limits packet。", + "next": "補 scan limits;scan authorized=false" }, "credentialBoundaryFailed": { "title": "Credential boundary failed", - "body": "If credential boundary is not metadata-only or plaintext, token value, and raw secret boundaries are unclear, quarantine and request evidence refresh.", - "next": "refresh credential boundary; secret collection=false" + "body": "credential boundary 若不是 metadata-only,或 plaintext、token value、raw secret 邊界不清楚,必須隔離補證。", + "next": "補 credential boundary;secret collection=false" }, "maintenanceRollbackIncomplete": { "title": "Maintenance and rollback incomplete", - "body": "If maintenance window, constraints, rollback owner, recovery path, or human contact is missing, it cannot enter human record owner review semantics.", - "next": "refresh maintenance / rollback; host change=false" + "body": "維護窗口、限制條件、rollback owner、復原路徑或人工聯絡點缺漏時,不能進入人工 record owner review 語義。", + "next": "補 maintenance / rollback;host change=false" }, "runtimeGateStillRequired": { "title": "Runtime gate still required", - "body": "Validation evidence or follow-up 執行期閘門 pointer still requires a separate gate and cannot open from readiness review outcome.", - "next": "active 執行期閘門s=0; 操作按鈕s=false" + "body": "validation evidence 或 follow-up 執行期閘門 pointer 仍需要獨立 gate,不能由 readiness review outcome 開 gate。", + "next": "active 執行期閘門s=0;操作按鈕s=false" } } }, "hostOwnerDecisionRecordHumanRecordOwnerReviewCandidatePackets": { - "title": "Host Owner Decision Record Human Record Owner Review Candidate Packets", - "subtitle": "Human record owner review candidate packets only organize metadata a future human record owner may need to inspect. They do not start handoff, mark review ready, collect owner decisions, create decision records, create approval records, or open 執行期閘門s.", + "title": "主機 Owner Decision Record Human Record Owner Review Candidate Packets", + "subtitle": "Human record owner review candidate packets 只整理未來人工 record owner 可能需要看的 metadata。它不開始 handoff、不標記 review ready、不收 owner decision、不建立 decision record、不建立 approval record、不開 執行期閘門。", "packetLabel": "Review candidate packet", - "guardLabel": "Guardrail", + "guardLabel": "保護邊界", "items": { "reviewCandidateIdentity": { "title": "Review candidate identity packet", - "body": "Organizes candidate id, source readiness outcome, version, trace pointer, and source queue review link so a future human record owner can understand provenance.", - "guard": "review started=0; decision record created=false" + "body": "整理 candidate id、來源 readiness outcome、版本、trace pointer 與來源 queue review 連結,讓人工 record owner 未來能看懂來源。", + "guard": "review started=0;decision record created=false" }, "reviewOwnerBoundary": { "title": "Review owner boundary packet", - "body": "Organizes human record owner, backup owner, contact channel, and responsibility boundary without treating owner contact as accepted work or a decision.", - "guard": "owner decision received=0; handoff started=0" + "body": "整理 human record owner、backup owner、聯絡窗口與責任邊界,但不把 owner contact 視為已接案或已決策。", + "guard": "owner decision received=0;handoff started=0" }, "reviewDecisionSummary": { "title": "Review decision summary packet", - "body": "Organizes candidate decision summary, risk acceptance boundary, and no-execution statement so the review candidate is not mistaken for a formal record.", - "guard": "review ready=0; record accepted=0" + "body": "整理候選決策摘要、風險接受邊界與 no-execution statement,避免人工 review 候選被誤讀成正式紀錄。", + "guard": "review ready=0;record accepted=0" }, "reviewScopeExpiry": { "title": "Review scope and expiry packet", - "body": "Organizes host, network, service, exclusion, observation intent, and expiry so the review candidate scope remains readable.", - "guard": "scope review only; 執行期閘門 opened=false" + "body": "整理 host、network、service、exclusion、observation intent 與 expiry,讓 review candidate 的範圍維持可讀。", + "guard": "scope review only;執行期閘門 opened=false" }, "reviewScanLimits": { "title": "Review scan limits packet", - "body": "Organizes observe-only, future active scan, and credentialed scan limits while keeping active scan behind separate approval.", - "guard": "scan authorized=false; 操作按鈕s=false" + "body": "整理 observe-only、future active scan 與 credentialed scan limits,明確保留 active scan 仍需獨立批准。", + "guard": "scan authorized=false;操作按鈕s=false" }, "reviewCredentialBoundary": { "title": "Review credential boundary packet", - "body": "Organizes credential owner, retention, masking, and forbidden collection as metadata only; plaintext, token value, and raw secret are not collected.", - "guard": "secret collection=false; raw payload=false" + "body": "整理 credential owner、retention、masking 與 forbidden collection,只允許 metadata,不收 plaintext、token value 或 raw secret。", + "guard": "secret collection=false;原始載荷=false" }, "reviewMaintenanceRollback": { "title": "Review maintenance and rollback packet", - "body": "Organizes maintenance window, constraints, rollback owner, recovery path, and human contact without authorizing host change.", - "guard": "host change=false; Kali update=false" + "body": "整理 maintenance window、constraints、rollback owner、recovery path 與人工聯絡點,但不代表可以變更主機。", + "guard": "host change=false;Kali update=false" }, "reviewValidationRuntimeGate": { "title": "Review validation and 執行期閘門 packet", - "body": "Organizes validation evidence pointer, post-check metrics, and separate 執行期閘門 requirement without opening a gate from the candidate packet.", - "guard": "執行期閘門 opened=false; runtime execution=false" + "body": "整理 validation evidence pointer、post-check metrics 與獨立 執行期閘門 requirement,仍不能由 candidate packet 開 gate。", + "guard": "執行期閘門 opened=false;runtime execution=false" }, "reviewNoExecutionAttestation": { "title": "Review no-execution attestation packet", - "body": "Fixes not authorization, no execution, no approval, and no 執行期閘門 statements so the review candidate is not mistaken for approval.", - "guard": "not_authorization=true; approval record=false" + "body": "固定 not authorization、no execution、no approval、no 執行期閘門 statement,避免人工 review candidate 被誤解成批准。", + "guard": "not_authorization=true;approval record=false" } } }, "hostOwnerDecisionRecordHumanRecordOwnerReviewCandidateChecklist": { - "title": "Host Owner Decision Record Human Record Owner Review Candidate Checklist", - "subtitle": "Human record owner review candidate checklist only checks whether candidate packets are readable. It does not mark checklist passed, start review, mark review ready, collect owner decisions, create decision records, create approval records, or open 執行期閘門s.", + "title": "主機 Owner Decision Record Human Record Owner Review Candidate Checklist", + "subtitle": "Human record owner review candidate checklist 只核對 candidate packets 是否可讀。不代表 checklist passed、不開始 review、不標記 review ready、不收 owner decision、不建立 decision record、不建立 approval record、不開 執行期閘門。", "checkLabel": "Review candidate check", - "guardLabel": "Guardrail", + "guardLabel": "保護邊界", "items": { "candidateIdentityTraceable": { "title": "Candidate identity traceable", - "body": "Checks that candidate id, source outcome, version, trace pointer, and queue review link are traceable.", - "guard": "check passed=0; review started=0" + "body": "確認 candidate id、來源 outcome、版本、trace pointer 與 queue review link 可追溯。", + "guard": "check passed=0;review started=0" }, "candidateOwnerBoundaryReadable": { "title": "Candidate owner boundary readable", - "body": "Checks that human record owner, backup owner, contact channel, and responsibility boundary are readable without treating the owner as engaged.", - "guard": "owner decision received=0; review ready=0" + "body": "確認 human record owner、backup owner、聯絡窗口與責任邊界可讀,但不代表 owner 已接案。", + "guard": "owner decision received=0;review ready=0" }, "candidateDecisionSummaryReadable": { "title": "Candidate decision summary readable", - "body": "Checks that candidate decision summary, risk acceptance boundary, and no-execution statement are readable while remaining outside a formal decision record.", - "guard": "decision record created=false; accepted=0" + "body": "確認候選決策摘要、風險接受邊界與 no-execution statement 可讀,仍不是正式 decision record。", + "guard": "decision record created=false;accepted=0" }, "candidateScopeExpiryCurrent": { "title": "Candidate scope and expiry current", - "body": "Checks that host, network, service, exclusion, observation intent, and expiry remain within the candidate scope.", - "guard": "scope check only; 執行期閘門 opened=false" + "body": "確認 host、network、service、exclusion、observation intent 與 expiry 仍在候選範圍內。", + "guard": "scope check only;執行期閘門 opened=false" }, "candidateScanLimitsNotAuthorization": { "title": "Candidate scan limits not authorization", - "body": "Checks that observe-only, future active scan, and credentialed scan limits are not written as scan authorization.", - "guard": "scan authorized=false; 操作按鈕s=false" + "body": "確認 observe-only、future active scan 與 credentialed scan limits 沒有被寫成掃描授權。", + "guard": "scan authorized=false;操作按鈕s=false" }, "candidateCredentialBoundaryMetadataOnly": { "title": "Candidate credential boundary metadata-only", - "body": "Checks that credential owner, retention, masking, and forbidden collection remain metadata-only.", - "guard": "secret collection=false; raw payload=false" + "body": "確認 credential owner、retention、masking 與 forbidden collection 仍是 metadata-only。", + "guard": "secret collection=false;原始載荷=false" }, "candidateMaintenanceRollbackTraceable": { "title": "Candidate maintenance and rollback traceable", - "body": "Checks that maintenance window, constraints, rollback owner, recovery path, and human contact are traceable.", - "guard": "host change=false; Kali update=false" + "body": "確認 maintenance window、constraints、rollback owner、recovery path 與人工聯絡點可追溯。", + "guard": "host change=false;Kali update=false" }, "candidateValidationRuntimeGateSeparate": { "title": "Candidate validation and 執行期閘門 separate", - "body": "Checks that validation evidence pointer, post-check metrics, and 執行期閘門 requirement remain separate.", - "guard": "執行期閘門 opened=false; runtime execution=false" + "body": "確認 validation evidence pointer、post-check metrics 與 執行期閘門 requirement 仍維持獨立。", + "guard": "執行期閘門 opened=false;runtime execution=false" }, "candidateNoExecutionAttestationPresent": { "title": "Candidate no-execution attestation present", - "body": "Checks that not authorization, no execution, no approval, and no 執行期閘門 statements are visible.", - "guard": "not_authorization=true; approval record=false" + "body": "確認 not authorization、no execution、no approval、no 執行期閘門 statement 都可見。", + "guard": "not_authorization=true;approval record=false" } } }, "hostOwnerDecisionRecordHumanRecordOwnerReviewCandidateOutcomes": { - "title": "Host Owner Decision Record Human Record Owner Review Candidate Outcome Lanes", - "subtitle": "Human record owner review candidate outcome lanes only display next-step routing after candidate checklist. They do not mark checklist passed, start review, mark review ready, collect owner decisions, create decision records, create approval records, or open 執行期閘門s.", + "title": "主機 Owner Decision Record Human Record Owner Review Candidate Outcome Lanes", + "subtitle": "Human record owner review candidate outcome lanes 只顯示 candidate checklist 後下一步分流。不代表 checklist passed、不開始 review、不標記 review ready、不收 owner decision、不建立 decision record、不建立 approval record、不開 執行期閘門。", "laneLabel": "Review candidate outcome", - "nextLabel": "Next step", + "nextLabel": "下一步", "items": { "readyForHumanRecordOwnerReviewPreparation": { "title": "Ready for human record owner review preparation candidate", - "body": "All candidate checklist read-only conditions can be prepared for a future human record owner review surface, but this remains a preparation candidate.", - "next": "display only; review started=0" + "body": "所有 candidate checklist 只讀條件都可被準備成未來人工 record owner review 畫面,但目前仍只是 preparation candidate。", + "next": "display only;review started=0" }, "identityTraceNeedsRefresh": { "title": "Identity trace needs refresh", - "body": "Candidate identity, source outcome, version, trace pointer, or queue review link needs refresh before the next layer.", - "next": "refresh identity trace; check passed=0" + "body": "candidate identity、source outcome、version、trace pointer 或 queue review link 需要補齊或刷新。", + "next": "refresh identity trace;check passed=0" }, "ownerBoundaryNeedsClarification": { "title": "Owner boundary needs clarification", - "body": "Human record owner, backup owner, contact channel, or responsibility boundary still needs clarification and cannot count as owner engagement.", - "next": "clarify owner boundary; decision received=0" + "body": "human record owner、backup owner、contact channel 或責任邊界仍需釐清,不能視為 owner 已接案。", + "next": "clarify owner boundary;decision received=0" }, "decisionSummaryNeedsClarification": { "title": "Decision summary needs clarification", - "body": "Candidate decision summary, risk acceptance boundary, or no-execution statement is still unclear and cannot create a formal record.", - "next": "clarify summary; record created=false" + "body": "候選決策摘要、風險接受邊界或 no-execution statement 仍不夠清楚,不能建立正式紀錄。", + "next": "clarify summary;record created=false" }, "scopeExpiryNeedsRefresh": { "title": "範圍 and expiry need refresh", - "body": "Host, network, service, exclusion, observation intent, or expiry needs refresh before moving into the next human preparation layer.", - "next": "refresh scope; review ready=0" + "body": "host、network、service、exclusion、observation intent 或 expiry 需要刷新後才能進下一層人工準備。", + "next": "refresh scope;review ready=0" }, "scanLimitsRemainAmbiguous": { "title": "Scan limits remain ambiguous", - "body": "Observe-only, future active scan, or credentialed scan limits may still be mistaken for authorization and must remain routed to clarification.", - "next": "clarify limits; scan authorized=false" + "body": "observe-only、future active scan 或 credentialed scan limits 仍可能被誤讀成授權,需要保留為阻擋分流。", + "next": "clarify limits;scan authorized=false" }, "credentialBoundaryFailed": { "title": "Credential boundary failed", - "body": "Credential owner, retention, masking, or forbidden collection failed the metadata-only boundary and must be quarantined.", - "next": "quarantine credential boundary; secret collection=false" + "body": "credential owner、retention、masking 或 forbidden collection 沒有維持 metadata-only 時必須隔離。", + "next": "quarantine credential boundary;secret collection=false" }, "maintenanceRollbackIncomplete": { "title": "Maintenance and rollback incomplete", - "body": "Maintenance window, constraints, rollback owner, recovery path, or human contact is incomplete and cannot lead to host change.", - "next": "complete maintenance data; host change=false" + "body": "maintenance window、constraints、rollback owner、recovery path 或人工聯絡點仍缺漏,不能導向主機變更。", + "next": "complete maintenance data;host change=false" }, "runtimeGateStillRequired": { "title": "Runtime gate still required", - "body": "Validation evidence, post-check metrics, or follow-up 執行期閘門 pointer still requires an independent gate and cannot open from candidate outcome.", - "next": "active 執行期閘門s=0; 操作按鈕s=false" + "body": "validation evidence、post-check metrics 或 follow-up 執行期閘門 pointer 仍需獨立 gate,不可由 candidate outcome 開啟。", + "next": "active 執行期閘門s=0;操作按鈕s=false" } } }, "hostOwnerDecisionRecordHumanRecordOwnerReviewPreparationPackets": { - "title": "Host Owner Decision Record Human Record Owner Review Preparation Packets", - "subtitle": "Human record owner review preparation packets only organize metadata needed by a future human record owner review surface. They do not mark preparation completed, start review, mark review ready, collect owner decisions, create decision records, create approval records, or open 執行期閘門s.", + "title": "主機 Owner Decision Record Human Record Owner Review Preparation Packets", + "subtitle": "Human record owner review preparation packets 只整理未來人工 record owner review 畫面需要的 metadata。它不代表 preparation completed、不開始 review、不標記 review ready、不收 owner decision、不建立 decision record、不建立 approval record、不開 執行期閘門。", "packetLabel": "Review preparation packet", - "guardLabel": "Guardrail", + "guardLabel": "保護邊界", "items": { "preparationIdentityTrace": { "title": "Preparation identity trace packet", - "body": "Organizes preparation id, source candidate outcome, version, trace pointer, and candidate checklist link so a future review surface can trace provenance.", - "guard": "prepared=0; review started=0" + "body": "整理 preparation id、來源 candidate outcome、版本、trace pointer 與 candidate checklist link,讓未來 review 畫面能追溯來源。", + "guard": "prepared=0;review started=0" }, "preparationOwnerBoundary": { "title": "Preparation owner boundary packet", - "body": "Organizes human record owner, backup owner, contact channel, responsibility boundary, and open clarifications without treating owner as engaged or decided.", - "guard": "owner decision received=0; review ready=0" + "body": "整理 human record owner、backup owner、聯絡窗口、責任邊界與待確認項目,但不代表 owner 已接案或已決策。", + "guard": "owner decision received=0;review ready=0" }, "preparationDecisionSummary": { "title": "Preparation decision summary packet", - "body": "Organizes candidate decision summary, risk acceptance boundary, no-execution statement, and formal record preface while remaining outside a decision record.", - "guard": "decision record created=false; accepted=0" + "body": "整理候選決策摘要、風險接受邊界、no-execution statement 與正式紀錄前置說明,仍不是 decision record。", + "guard": "decision record created=false;accepted=0" }, "preparationScopeExpiry": { "title": "Preparation scope and expiry packet", - "body": "Organizes host, network, service, exclusion, observation intent, expiry, and refresh need so the preparation layer remains read-only visible.", - "guard": "scope preparation only; 執行期閘門 opened=false" + "body": "整理 host、network、service、exclusion、observation intent、expiry 與刷新需求,讓準備層保持只讀可見。", + "guard": "scope preparation only;執行期閘門 opened=false" }, "preparationScanLimits": { "title": "Preparation scan limits packet", - "body": "Organizes observe-only, future active scan, credentialed scan limits, and scan boundaries that still require separate approval.", - "guard": "scan authorized=false; 操作按鈕s=false" + "body": "整理 observe-only、future active scan、credentialed scan limits 與仍需獨立批准的掃描邊界。", + "guard": "scan authorized=false;操作按鈕s=false" }, "preparationCredentialBoundary": { "title": "Preparation credential boundary packet", - "body": "Organizes credential owner, retention, masking, forbidden collection, and quarantine rules while allowing metadata only.", - "guard": "secret collection=false; raw payload=false" + "body": "整理 credential owner、retention、masking、forbidden collection 與隔離規則,只允許 metadata-only。", + "guard": "secret collection=false;原始載荷=false" }, "preparationMaintenanceRollback": { "title": "Preparation maintenance and rollback packet", - "body": "Organizes maintenance window, constraints, rollback owner, recovery path, and human contact without authorizing host change.", - "guard": "host change=false; Kali update=false" + "body": "整理 maintenance window、constraints、rollback owner、recovery path 與人工聯絡點,但不代表可以變更主機。", + "guard": "host change=false;Kali update=false" }, "preparationValidationRuntimeGate": { "title": "Preparation validation and 執行期閘門 packet", - "body": "Organizes validation evidence pointer, post-check metrics, and independent 執行期閘門 requirement without opening a gate from preparation packet.", - "guard": "執行期閘門 opened=false; runtime execution=false" + "body": "整理 validation evidence pointer、post-check metrics 與獨立 執行期閘門 requirement,仍不能由 preparation packet 開 gate。", + "guard": "執行期閘門 opened=false;runtime execution=false" }, "preparationNoExecutionAttestation": { "title": "Preparation no-execution attestation packet", - "body": "Fixes not authorization, no execution, no approval, and no 執行期閘門 statements so the preparation packet is not mistaken for approval.", - "guard": "not_authorization=true; approval record=false" + "body": "固定 not authorization、no execution、no approval、no 執行期閘門 statement,避免 preparation packet 被誤解成批准。", + "guard": "not_authorization=true;approval record=false" } } }, "hostOwnerDecisionRecordHumanRecordOwnerReviewPreparationChecklist": { - "title": "Host Owner Decision Record Human Record Owner Review Preparation Checklist", - "subtitle": "Human record owner review preparation checklist only checks whether preparation packets are readable. It does not mark preparation completed, mark checklist passed, start review, mark review ready, collect owner decisions, create decision records, create approval records, or open 執行期閘門s.", + "title": "主機 Owner Decision Record Human Record Owner Review Preparation Checklist", + "subtitle": "Human record owner review preparation checklist 只核對 preparation packets 是否可讀。不代表 preparation completed、不代表 checklist passed、不開始 review、不標記 review ready、不收 owner decision、不建立 decision record、不建立 approval record、不開 執行期閘門。", "checkLabel": "Review preparation check", - "guardLabel": "Guardrail", + "guardLabel": "保護邊界", "items": { "preparationIdentityTraceReadable": { "title": "Preparation identity trace readable", - "body": "Checks that preparation id, source candidate outcome, version, trace pointer, and candidate checklist link are traceable.", - "guard": "prepared=0; check passed=0" + "body": "確認 preparation id、來源 candidate outcome、版本、trace pointer 與 candidate checklist link 可追溯。", + "guard": "prepared=0;check passed=0" }, "preparationOwnerBoundaryReadable": { "title": "Preparation owner boundary readable", - "body": "Checks that human record owner, backup owner, contact channel, responsibility boundary, and open clarifications are readable without treating the owner as engaged.", - "guard": "owner decision received=0; review ready=0" + "body": "確認 human record owner、backup owner、聯絡窗口、責任邊界與待確認項目可讀,但不代表 owner 已接案。", + "guard": "owner decision received=0;review ready=0" }, "preparationDecisionSummaryReadable": { "title": "Preparation decision summary readable", - "body": "Checks that candidate decision summary, risk acceptance boundary, no-execution statement, and formal record preface are readable while remaining outside a decision record.", - "guard": "decision record created=false; accepted=0" + "body": "確認候選決策摘要、風險接受邊界、no-execution statement 與正式紀錄前置說明可讀,仍不是 decision record。", + "guard": "decision record created=false;accepted=0" }, "preparationScopeExpiryCurrent": { "title": "Preparation scope and expiry current", - "body": "Checks that host, network, service, exclusion, observation intent, expiry, and refresh need remain readable within the preparation layer.", - "guard": "scope check only; 執行期閘門 opened=false" + "body": "確認 host、network、service、exclusion、observation intent、expiry 與刷新需求仍在準備層可讀範圍內。", + "guard": "scope check only;執行期閘門 opened=false" }, "preparationScanLimitsNotAuthorization": { "title": "Preparation scan limits not authorization", - "body": "Checks that observe-only, future active scan, and credentialed scan limits are not written as scan authorization.", - "guard": "scan authorized=false; 操作按鈕s=false" + "body": "確認 observe-only、future active scan 與 credentialed scan limits 沒有被寫成掃描授權。", + "guard": "scan authorized=false;操作按鈕s=false" }, "preparationCredentialBoundaryMetadataOnly": { "title": "Preparation credential boundary metadata-only", - "body": "Checks that credential owner, retention, masking, forbidden collection, and quarantine rules remain metadata-only.", - "guard": "secret collection=false; raw payload=false" + "body": "確認 credential owner、retention、masking、forbidden collection 與隔離規則仍是 metadata-only。", + "guard": "secret collection=false;原始載荷=false" }, "preparationMaintenanceRollbackTraceable": { "title": "Preparation maintenance and rollback traceable", - "body": "Checks that maintenance window, constraints, rollback owner, recovery path, and human contact are traceable.", - "guard": "host change=false; Kali update=false" + "body": "確認 maintenance window、constraints、rollback owner、recovery path 與人工聯絡點可追溯。", + "guard": "host change=false;Kali update=false" }, "preparationValidationRuntimeGateSeparate": { "title": "Preparation validation and 執行期閘門 separate", - "body": "Checks that validation evidence pointer, post-check metrics, and independent 執行期閘門 requirement remain separate.", - "guard": "執行期閘門 opened=false; runtime execution=false" + "body": "確認 validation evidence pointer、post-check metrics 與獨立 執行期閘門 requirement 仍維持分離。", + "guard": "執行期閘門 opened=false;runtime execution=false" }, "preparationNoExecutionAttestationPresent": { "title": "Preparation no-execution attestation present", - "body": "Checks that not authorization, no execution, no approval, and no 執行期閘門 statements are visible so the checklist is not mistaken for approval.", - "guard": "not_authorization=true; approval record=false" + "body": "確認 not authorization、no execution、no approval、no 執行期閘門 statement 都可見,避免 checklist 被誤解成批准。", + "guard": "not_authorization=true;approval record=false" } } }, @@ -6883,39 +6883,39 @@ }, "sourceControlReadiness": { "title": "GitHub 主要來源就緒度", - "subtitle": "The long-term Gitea-to-GitHub direction is shown as read-only readiness: candidate repos, 負責人回覆s, refs truth, 工作流程 / 機密 names, and rollback ADR must all be present before primary_ready_count can be reviewed.", - "gateLabel": "Readiness gate", - "guardLabel": "Still forbidden", + "subtitle": "把 Gitea 轉 GitHub 的長期方向拆成只讀就緒度:候選 repo、負責人回覆、refs truth、工作流程 / 機密 名稱與 rollback ADR 都要到齊,才會重估 primary_ready_count。", + "gateLabel": "就緒度閘門", + "guardLabel": "仍禁止", "items": { "candidateRepos": { - "title": "Candidate repo inventory", - "body": "8 candidate repos and 7 in-scope repos are visible for inventory and owner-evidence alignment only.", - "guard": "No GitHub repo creation or visibility changes." + "title": "候選 repo 清冊", + "body": "8 個候選 repo、7 個範圍內 repo,目前只做清冊與負責人 evidence 對齊。", + "guard": "不建立 GitHub repo、不改可見性。" }, "primaryReady": { - "title": "primary_ready_count remains 0", - "body": "No repo has passed target, refs, 工作流程 / 機密 name, and rollback readiness yet.", - "guard": "No GitHub primary switch and no Gitea disablement." + "title": "primary_ready_count 仍為 0", + "body": "尚無 repo 通過 target、refs、工作流程 / 機密 名稱與 rollback readiness。", + "guard": "不切 GitHub 主要來源、不停用 Gitea。" }, "ownerResponses": { - "title": "負責人回覆 are still waiting", - "body": "S4.9-S4.12 include 22 templates; received=0 and accepted=0.", - "guard": "Do not treat request-ready as response accepted." + "title": "負責人回覆仍等待", + "body": "S4.9-S4.12 共 22 個範本,目前 received=0、accepted=0。", + "guard": "不把 request-ready 當 response accepted。" }, "refsTruth": { - "title": "Refs truth is not accepted", - "body": "main / dev truth, release tags, and deprecated refs still need owner decisions.", - "guard": "No refs push, delete, or force push." + "title": "Refs truth 尚未接受", + "body": "main / dev truth、release tags、deprecated refs 仍需 owner 判定。", + "guard": "不 push、delete、force push refs。" }, "workflowSecrets": { - "title": "工作流程 / 機密 names are incomplete", - "body": "Workflow, runner, webhook, and secret-name parity evidence is still missing for 7 in-scope repos.", - "guard": "Collect names and owners only, never 機密明文值s." + "title": "工作流程 / 機密 名稱未完成", + "body": "7 個範圍內 repo 的 workflow、runner、webhook、secret name parity 還缺 evidence。", + "guard": "只收名稱與 owner,不收 機密明文值。" }, "rollbackAdr": { - "title": "Rollback ADR is not approved", - "body": "Rollback owner, validation window, and trigger details still need human review for 7 in-scope repos.", - "guard": "No cutover dry-run and no primary switch." + "title": "Rollback ADR 未批准", + "body": "7 個範圍內 repo 的 rollback 負責人、驗證窗口與 trigger 尚待人工審查。", + "guard": "不 dry-run cutover、不切 primary。" } } }, @@ -8336,164 +8336,164 @@ } }, "awooopReadOnlyLandingReadiness": { - "title": "AwoooP Read-Only Landing Readiness", - "subtitle": "S2.51 turns the AwoooP main-line read-only consumption path for IwoooS / security mirror state into an intake readiness board. This is landing readiness, not production_landing_enabled, and it does not connect an execution router.", - "readinessLabel": "Read-only intake", - "requirementLabel": "Intake requirement", - "guardLabel": "Still locked", + "title": "AwoooP 只讀接入就緒度", + "subtitle": "S2.51 把 AwoooP 主線要如何只讀消費 IwoooS / 資安鏡像狀態整理成接入準備面板。這是接入就緒度,不是 production landing enabled,也不接 execution router。", + "readinessLabel": "只讀接入", + "requirementLabel": "接入要求", + "guardLabel": "仍鎖住", "items": { "rollupSnapshotReadable": { - "title": "Rollup snapshots are readable", - "body": "`security-mirror-status-rollup.snapshot.json` and `iwooos-posture-projection.snapshot.json` can serve as the main read-only sources for AwoooP.", - "requirement": "AwoooP consumes committed snapshots and guard output only, without calling Kali, Gitea, GitHub, or runtime APIs directly.", - "guard": "production_landing_enabled=false; execution router linked=false" + "title": "彙總快照可讀", + "body": "`security-mirror-status-rollup.snapshot.json` 與 `iwooos-posture-projection.snapshot.json` 已可作為 AwoooP 只讀入口的主要來源。", + "requirement": "AwoooP 只讀消費已提交快照與 guard output,不直接呼叫 Kali、Gitea、GitHub 或 runtime API。", + "guard": "production_landing_enabled=false;execution router linked=false" }, "evidenceRefsReadable": { - "title": "Evidence refs are traceable", - "body": "IwoooS already lists evidence refs for security rollout, 負責人回覆 validation, Kali status, rollup, and projection state.", - "requirement": "AwoooP landing may show evidence refs and status summaries only; it must not store raw payloads, credential plaintext, or token values.", - "guard": "payloads_ingested=false; 機密明文值 collection=false" + "title": "Evidence refs 可追溯", + "body": "IwoooS 已列出資安 rollout、負責人回覆驗證、Kali 狀態、彙總與投影的 evidence refs。", + "requirement": "AwoooP landing 只能顯示 evidence refs 與狀態摘要,不保存原始載荷、credential plaintext 或 token value。", + "guard": "payloads_ingested=false;機密明文值 collection=false" }, "guardChecksKnown": { - "title": "Guard checks are known", - "body": "`security-mirror-progress-guard.py` and `source-control-owner-response-guard.py` are the required read-only preflight checks.", - "requirement": "AwoooP main-line intake must preserve progress, 負責人回覆, runtime flag, 操作按鈕, and forbidden output checks.", - "guard": "Do not skip guards; do not treat guard pass as runtime approval." + "title": "Guard 檢查已知", + "body": "`security-mirror-progress-guard.py` 與 `source-control-owner-response-guard.py` 是接入前必跑的只讀檢查。", + "requirement": "AwoooP 主線接入前必須保留進度、負責人回覆、runtime flags、操作按鈕 與 forbidden output 檢查。", + "guard": "不跳過 guard;不把 guard pass 當 runtime approval" }, "routeGroupsKnown": { - "title": "Mirror route groups are known", - "body": "`security_mirror_route_v1` already defines read-only destinations for Operator Console, runtime state, channel event, audit evidence, and approval queue.", - "requirement": "AwoooP may display and classify by route group only; it must not add scan, execute, repair, repo, refs, or deploy actions.", - "guard": "action_buttons_allowed=false; runtime_execution_authorized=false" + "title": "鏡像路由群組已知", + "body": "`security_mirror_route_v1` 已定義操作控制台、runtime state、channel event、audit evidence、approval queue 的只讀目的地。", + "requirement": "AwoooP 只能依 route group 顯示與分類,不新增掃描、執行、修復、repo、refs 或部署動作。", + "guard": "action_buttons_allowed=false;runtime_execution_authorized=false" }, "forbiddenOutputsLocked": { - "title": "Forbidden outputs stay locked", - "body": "IwoooS / rollup explicitly forbids 操作按鈕s, 執行期閘門s, GitHub primary switching, or production execution from landing readiness.", - "requirement": "AwoooP intake must preserve the forbidden output list and keep write, execution, switch, and secret-value collection paths closed.", - "guard": "Do not treat landing readiness as production consumption." + "title": "禁止輸出已鎖住", + "body": "IwoooS / rollup 已明確列出不得從接入就緒度產生 操作按鈕、執行期閘門、GitHub 主要來源或 production execution。", + "requirement": "AwoooP 接入時必須保留禁止輸出清單,並把所有寫入、執行、切換與收 機密明文值 的入口維持關閉。", + "guard": "不把接入就緒度當 production consumption" }, "productionHandoffPending": { - "title": "Production handoff is still pending", - "body": "This is only the AwoooP read-only landing intake preparation; it does not prove the AwoooP production main line consumes the state yet.", - "requirement": "A later PR / deployment evidence must prove AwoooP displays rollup, evidence refs, and guard results read-only.", - "guard": "progress_change_applied=false; headline percent delta=0" + "title": "Production 交接仍待接入", + "body": "目前只是 AwoooP 只讀 landing 的接入準備,尚未證明 AwoooP production 主線已消費這組狀態。", + "requirement": "需要後續 PR / deployment evidence 證明 AwoooP 主線只讀顯示 rollup、evidence refs 與 guard result。", + "guard": "progress_change_applied=false;headline percent delta=0" } } }, "progressAcceleration": { - "title": "Progress Acceleration And Real Unlock Points", - "subtitle": "Progress is moving, but the 61% headline only gets reassessed when 負責人回覆s, 執行期閘門s, GitHub primary readiness, or AwoooP production landing produce real evidence. This board makes the next visible unlock points explicit.", - "laneLabel": "Acceleration lane", - "unlockLabel": "Unlock signal", - "guardLabel": "Low-friction boundary remains", + "title": "進度加速與真正解鎖點", + "subtitle": "目前不是沒有推進,而是 61% headline 只在負責人回覆、執行期閘門、GitHub 主要來源就緒度或 AwoooP production landing 有實質 evidence 時才會重估。這裡把下一批有感推進點集中顯示。", + "laneLabel": "加速路線", + "unlockLabel": "解鎖訊號", + "guardLabel": "仍維持低摩擦邊界", "items": { "ownerResponses": { - "title": "Converge 負責人回覆s first", - "body": "S4.9-S4.12 負責人回覆s for Gitea, GitHub targets, refs truth, and 工作流程 / 機密 names are the main reason the headline is holding at 61%.", - "unlock": "The headline can be reassessed only after the first accepted redacted 負責人回覆s arrive.", - "guard": "Redacted evidence only; no repo creation, refs sync, workflow mutation, or 機密明文值 collection." + "title": "負責人回覆先收斂", + "body": "S4.9-S4.12 的 Gitea、GitHub target、refs truth、工作流程 / 機密 name 負責人回覆是目前 61% 最主要的卡點。", + "unlock": "收到並驗收第一批脫敏負責人回覆後,headline 才有重估依據。", + "guard": "只收脫敏 evidence;不建立 repo、不同步 refs、不修改 workflow、不收 機密明文值。" }, "redactedIngestion": { - "title": "Connect redacted evidence ingestion", - "body": "Security findings, Kali observe signals, and owner evidence need to enter the read-only intake plane as redacted metadata before runtime work.", - "unlock": "Runtime landing gets a real signal only after the redacted payload ingestion adapter is approved and passes preflight.", - "guard": "No raw payload, no credential plaintext, and no active scan." + "title": "脫敏匯入接上可見證據", + "body": "資安 finding、Kali observe 訊號與負責人 evidence 需要先以 redacted metadata 進入只讀收件面,再談 runtime。", + "unlock": "redacted payload ingestion adapter 經人工批准並通過 preflight 後,runtime landing 會有實質訊號。", + "guard": "不收原始載荷、不收 credential plaintext、不啟動 active scan。" }, "runtimeGate": { - "title": "Runtime gates stay separately approved", - "body": "Future scanning, repair, host update, or blocking controls must not auto-advance from frontend status.", - "unlock": "Runtime landing can be reassessed only after S3 / S3.4 has human approval, rollback, post-check metrics, and an active 執行期閘門.", - "guard": "active 執行期閘門=0; 操作按鈕=false; Kali /execute remains a block candidate." + "title": "Runtime gate 必須獨立批准", + "body": "後續真正掃描、修復、主機更新或 blocking control 都不能從前端狀態自動推進。", + "unlock": "S3 / S3.4 有人工批准、rollback、post-check metrics 與 active 執行期閘門 後,才進入落地重估。", + "guard": "active 執行期閘門=0;操作按鈕=false;Kali /execute 仍是 block candidate。" }, "githubReadiness": { - "title": "Split GitHub primary readiness blockers", - "body": "The long-term GitHub direction is agreed, but targets, refs, 工作流程 / 機密 names, and rollback ADR still need full verification.", - "unlock": "primary_ready_count can move only after 負責人回覆s, refs truth, workflow parity, and rollback ADR are verifiable.", - "guard": "No primary switch, no force push, no refs deletion, and no unapproved target repo creation." + "title": "GitHub 主要來源就緒度要拆關鍵缺口", + "body": "Gitea 轉 GitHub 的大方向已確認,但 target、refs、工作流程 / 機密 name、rollback ADR 還沒全量驗證。", + "unlock": "負責人回覆、refs truth、workflow parity 與 rollback ADR 都可驗證後,primary_ready_count 才能往上。", + "guard": "不切主要來源、不 force push、不刪 refs、不建立未批准 target repo。" }, "awooopLanding": { - "title": "Make AwoooP / IwoooS visible in the main flow", - "body": "One reason progress feels slow is that security work still looks like backend contracts; the next steps, blockers, prohibitions, and unlock signals need to be visible in-product.", - "unlock": "Once AwoooP consumes the rollup and IwoooS board read-only, users can see the real blockers directly.", - "guard": "Read-only landing only; visible status is not authorization and does not add execution buttons." + "title": "AwoooP / IwoooS 主線可見", + "body": "使用者感覺慢的原因之一,是資安工作還太像後台契約;需要把下一步、卡點、禁令與解鎖訊號放到產品入口。", + "unlock": "AwoooP 主線只讀消費 rollup 與 IwoooS 面板後,使用者能直接看到真正卡點。", + "guard": "只讀 landing;不把可見狀態當授權,不新增執行按鈕。" }, "cadenceCompression": { - "title": "Move future cadence in batches", - "body": "S2.38-S2.45 split many checklist layers, making progress feel fragmented. Next work should favor P0 負責人回覆s and AwoooP landing over endlessly adding small checklist layers.", - "unlock": "Similar framework details should be batched in future reports; only high-level gate changes move the headline.", - "guard": "Faster cadence does not loosen safety; runtime and source-control cutover still need human gates." + "title": "後續節奏改成批次推進", + "body": "S2.38-S2.45 太多細層 checklist 讓進度看起來碎。後續應優先收斂 P0 負責人回覆 與 AwoooP landing,而不是無限拆小核對項。", + "unlock": "相同類型的 framework detail 之後合併成一批回報,只有高層 gate 變動才調整 headline。", + "guard": "節奏加快不等於放寬安全;runtime 與 source-control cutover 仍需人工 gate。" } } }, "ownerResponseNextActionFocus": { - "title": "Owner Response Next-Action Focus", - "subtitle": "S2.47 makes the owner-response work that can actually move the 61% headline explicit: collect S4.9 Gitea owner attestation first, then GitHub targets, refs truth, and 工作流程 / 機密 names. This is display-only: no chasing, autofill, or received marking.", - "focusLabel": "Next focus", - "nextLabel": "Evidence to inspect", - "guardLabel": "Still forbidden", + "title": "Owner Response 下一步收件焦點", + "subtitle": "S2.47 將下一個真正能推動 61% 的 負責人回覆 工作排清楚:先收 S4.9 Gitea owner attestation,再依序處理 GitHub target、refs truth、工作流程 / 機密 name。這裡只顯示收件焦點,不催收、不代填、不標記 received。", + "focusLabel": "下一步焦點", + "nextLabel": "要看的 evidence", + "guardLabel": "仍禁止", "items": { "giteaOwnerAttestation": { - "title": "Collect S4.9 Gitea owner attestation first", - "body": "Confirm Gitea coverage, public-only / local gaps, org/user endpoint, 110 adjacent source, canonical owner, and legacy disposition.", - "next": "Owner must answer the 5 redacted evidence refs in GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.", - "guard": "received=0; accepted=0; no token value storage, Gitea writes, refs sync, or primary switch." + "title": "S4.9 Gitea owner attestation 先收", + "body": "先確認 Gitea 覆蓋範圍、public-only / local gap、org/user endpoint、110 adjacent source、canonical owner 與 legacy disposition。", + "next": "需要 owner 依 GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE 回覆 5 個脫敏 evidence refs。", + "guard": "received=0;accepted=0;不保存 token value、不寫 Gitea、不 sync refs、不切 primary。" }, "githubTargetOwnerDecision": { - "title": "Handle S4.10 GitHub target decisions next", - "body": "Confirm each GitHub target owner, visibility, canonical disposition, and not_found_or_private handling.", - "next": "After S4.9 is accepted, collect the 7 target responses from GITHUB-TARGET-OWNER-DECISION-RESPONSE.", - "guard": "No GitHub repo creation, visibility change, refs sync, or target response as primary approval." + "title": "S4.10 GitHub target 決策接續", + "body": "確認每個 GitHub target 的 owner、visibility、canonical disposition 與 not_found_or_private 處理方式。", + "next": "S4.9 通過後,才依 GITHUB-TARGET-OWNER-DECISION-RESPONSE 收 7 個 target responses。", + "guard": "不建立 GitHub repo、不改 visibility、不同步 refs、不把 target response 當 primary approval。" }, "refsTruthOwnerResponse": { - "title": "Resolve S4.11 refs truth after that", - "body": "Clarify main/dev truth, deprecated drift, release tags, and GitHub-only refs so migration does not treat stale refs as truth.", - "next": "Repo owners must decide the 141 ref review items per repo / per ref.", - "guard": "No fetch, push, refs deletion, force push, or history rewrite." + "title": "S4.11 Refs truth 再判定", + "body": "釐清 main/dev truth、deprecated drift、release tag 與 GitHub-only refs,避免 migration 時把舊 refs 誤當真相。", + "next": "需要 repo owner 對 141 個 ref review items 做單 repo / 單 ref 判定。", + "guard": "不 fetch、不 push、不 delete refs、不 force push、不 rewrite history。" }, "workflowSecretOwnerResponse": { - "title": "Complete S4.12 工作流程 / 機密 names last", - "body": "Fill webhook, runner, deploy key, branch protection / CODEOWNERS, and repository secret name parity gaps.", - "next": "Collect names, owners, and redacted parity evidence only so GitHub readiness has verifiable gaps.", - "guard": "No 機密明文值 collection, workflow mutation, runner enablement, or write token use." + "title": "S4.12 工作流程 / 機密 名稱最後補齊", + "body": "補 webhook、runner、deploy key、branch protection / CODEOWNERS、repository secret name parity。", + "next": "只收名稱、owner 與脫敏 parity evidence,讓 GitHub readiness 有可驗證缺口表。", + "guard": "不收 機密明文值、不改 workflow、不啟用 runner、不使用 write token。" } } }, "s49OwnerResponseRequestTemplates": { - "title": "S4.9 Owner Response Five Templates", - "subtitle": "S2.49 surfaces the five S4.9 templates the owner must answer one by one. This is only a request-ready list: the request is not sent, there is no chasing or autofill, no 已收到 / 已接受 marking, and no template is treated as Gitea inventory or GitHub migration approval.", + "title": "S4.9 Owner Response 五個回覆 Template", + "subtitle": "S2.49 將 S4.9 owner 要逐項回答的五個 template 顯示在 IwoooS。這裡只是 request-ready 清單:request 仍未送出、不催收、不代填、不標記 已收到 / 已接受,也不把任何 template 當成 Gitea inventory 或 GitHub migration approval。", "templateLabel": "Template", - "ownerActionLabel": "負責人回覆", - "guardLabel": "Still forbidden", + "ownerActionLabel": "Owner 要回覆", + "guardLabel": "仍禁止", "items": { "publicOnlyVsLocalGiteaGap": { "title": "Public-only / local Gitea gap", - "body": "Decide whether `wooo/clawbot-v5` and `wooo/wooo-aiops` belong in the current inventory / migration scope.", - "ownerAction": "Reply per repo with in scope, out of scope, legacy archived, external system, inaccessible, or needs more evidence, plus redacted evidence refs.", - "guard": "request_ready_not_sent; received=0; accepted=0; no Gitea writes, repo creation, or refs sync." + "body": "判定 `wooo/clawbot-v5` 與 `wooo/wooo-aiops` 是否屬於本輪 inventory / migration scope。", + "ownerAction": "逐 repo 回覆 in scope、out of scope、legacy archived、external system、inaccessible 或 needs more evidence,並引用脫敏 evidence refs。", + "guard": "request_ready_not_sent;received=0;accepted=0;不寫 Gitea、不建立 repo、不 sync refs。" }, "orgUserEndpointIdentity": { "title": "Gitea `wooo` org/user endpoint", - "body": "Clarify whether `wooo` in Gitea should be inventoried as a user, an org, or both, without treating endpoint 404 as absence.", - "ownerAction": "Reply with canonical endpoint identity, verification method, and follow-up owner.", - "guard": "No admin API calls, token use, or endpoint decision as inventory completed." + "body": "釐清 `wooo` 在 Gitea 中應以 user、org 或兩者盤點,避免把 endpoint 404 誤讀成不存在。", + "ownerAction": "回覆 canonical endpoint 身分、查證方式與後續 owner。", + "guard": "不呼叫 admin API、不使用 token、不把 endpoint 判定當成 inventory completed。" }, "internal110AdjacentScope": { "title": "110 adjacent source scope", - "body": "Decide whether `bitan-pharmacy`, `root/momo-pro-system`, `tsenyang-website`, and `wooo/wooo-infra-config` belong in this scope.", - "ownerAction": "Classify each as in scope / out of scope / legacy / external / inaccessible, with redacted source evidence.", - "guard": "No private repo content reads, archive imports, or automatic migration inclusion." + "body": "判定 `bitan-pharmacy`、`root/momo-pro-system`、`tsenyang-website`、`wooo/wooo-infra-config` 是否納入本輪 scope。", + "ownerAction": "逐項標示 in scope / out of scope / legacy / external / inaccessible,並補脫敏來源證據。", + "guard": "不讀取私有 repo 內容、不匯入 archive、不把 110 adjacent source 自動納入 migration。" }, "repoOwnerCanonicalScope": { "title": "Repo owner / canonical / GitHub target", - "body": "Assign owner, canonical source, GitHub target candidate, and visibility review owner for in-scope repos.", - "ownerAction": "Reply with owner role/team, canonical source, GitHub target candidate, visibility review owner, and rationale.", - "guard": "No GitHub repo creation, visibility change, primary switch, or target candidate as approval." + "body": "為 in-scope repo 指定 owner、canonical source、GitHub target candidate 與 visibility review owner。", + "ownerAction": "回覆 owner role/team、canonical source、GitHub target candidate、visibility review owner 與理由。", + "guard": "不建立 GitHub repo、不改 visibility、不切 primary、不把 target candidate 當 approval。" }, "legacyOrInaccessibleDisposition": { "title": "Legacy / inaccessible disposition", - "body": "Record disposition, rationale, and follow-up owner for legacy, inaccessible, or external repos.", - "ownerAction": "Mark archive, exclude, follow-up evidence, or external owner, with redacted trace.", - "guard": "No deletion, disabling, or repo archival; disposition is human classification, not execution." + "body": "對 legacy、inaccessible 或 external repo 留下 disposition、理由與 follow-up owner。", + "ownerAction": "標示 archive、exclude、follow-up evidence 或 external owner,並保留脫敏 trace。", + "guard": "不刪除、不停用、不封存 repo;disposition 只是人工分類,不是執行命令。" } } }, @@ -10852,62 +10852,62 @@ } }, "s49OwnerResponsePreflight": { - "title": "S4.9 Owner Response Intake Preflight", - "subtitle": "S2.48 surfaces the 6 S4.9 intake preflight checks in IwoooS: known attestation item, complete fields, allowed decision, redacted evidence, no execution request, and no accepted state until all five items are covered. This is preflight display only: no request send, received marking, or audit event creation.", + "title": "S4.9 Owner Response 收件前 Preflight", + "subtitle": "S2.48 把 S4.9 的 6 個收件前檢查拉到 IwoooS:先確認回覆是否對應已知 attestation item、欄位完整、decision 合法、evidence 脫敏、沒有執行要求,且五個 items 到齊前不得 accepted。這裡只顯示 preflight,不寄送 request、不標記 received、不建立 audit event。", "checkLabel": "Preflight", - "failureLabel": "If it fails", - "guardLabel": "Still forbidden", + "failureLabel": "不通過時", + "guardLabel": "仍禁止", "items": { "knownAttestationItem": { - "title": "Match a known S4.7 item", - "body": "The 負責人回覆 must map to public-only / local gap, org/user endpoint, 110 adjacent source, canonical owner, or legacy disposition.", - "failure": "Unclear mapping can only request owner correction.", - "guard": "Do not treat vague text as coverage attestation or auto-map it to an item." + "title": "對應 S4.7 已知 item", + "body": "負責人回覆 必須明確對應 public-only / local gap、org/user endpoint、110 adjacent source、canonical owner 或 legacy disposition 其中之一。", + "failure": "不明確時只能 request owner correction,不能進 accepted。", + "guard": "不把模糊回覆當作 coverage attestation,也不自動補成某個 item。" }, "requiredOwnerFields": { - "title": "Required owner fields complete", - "body": "Each response needs owner role/team, decision, decision reason, affected scope, evidence refs, and followup owner.", - "failure": "Missing fields can only request more evidence.", - "guard": "No verbal OK and no approval record from incomplete responses." + "title": "必填欄位完整", + "body": "每筆回覆都要有 owner role/team、decision、decision reason、受影響 scope、evidence refs 與 followup owner。", + "failure": "欄位不足只能 request more evidence。", + "guard": "不接受口頭 OK、不用缺欄位回覆建立 approval record。" }, "allowedDecision": { - "title": "Decision is allowed", - "body": "The decision must fit the acceptable decisions for the matching template so free text is not misread as authorization.", - "failure": "Invalid decisions request owner correction.", - "guard": "Do not upgrade OK / looks fine language into migration or primary approval." + "title": "Decision 在允許值內", + "body": "decision 必須落在該 template 允許的 acceptable decisions,避免自由文字被誤讀成授權。", + "failure": "decision 不合規時 request owner correction。", + "guard": "不把同意、可進行、看起來沒問題升級成 migration 或 primary approval。" }, "redactedEvidenceOnly": { - "title": "Redacted evidence refs only", - "body": "Evidence may only point to repo docs, snapshots, or redacted metadata pointers; no tokens, 機密設定, cookies, sessions, private keys, or private URL credentials.", - "failure": "Sensitive payloads go to quarantine.", - "guard": "No raw secret storage, DB dump import, git object pack, or repo archive collection." + "title": "只接受脫敏 evidence refs", + "body": "evidence 只能指向 repo 內文件、snapshot 或脫敏 metadata pointer,不貼 token、secret、cookie、session、private key 或私有 URL 憑證。", + "failure": "出現敏感 payload 只能 quarantine sensitive payload。", + "guard": "不保存 raw secret、不匯入 DB dump、不收 git object pack 或 repo archive。" }, "noExecutionRequest": { - "title": "No execution request", - "body": "Responses must not request Gitea/GitHub writes, repo creation, visibility changes, refs sync/delete/force-push, workflow/secret/runner changes, scans, or runtime actions.", - "failure": "Embedded execution asks are rejected.", - "guard": "No Gitea writes, GitHub repo creation, refs sync, or 執行期閘門 opening." + "title": "不得夾帶執行要求", + "body": "回覆不得要求 Gitea/GitHub 寫入、repo 建立、visibility 修改、refs sync/delete/force-push、workflow/secret/runner 變更、scan 或 runtime action。", + "failure": "夾帶執行要求時 reject execution request。", + "guard": "不寫 Gitea、不建 GitHub repo、不同步 refs、不開 執行期閘門。" }, "allFiveItemsBeforeAccepted": { - "title": "All five items before Accepted", - "body": "S4.9 cannot be accepted until all five response templates have acceptable 負責人回覆s.", - "failure": "Partial responses remain waiting or request more evidence.", - "guard": "Visible preflight is not request sent, received, accepted, or audit emitted." + "title": "五個項目到齊前不得 Accepted", + "body": "S4.9 要被標示 accepted 前,五個回覆範本都必須收到可驗收的負責人回覆。", + "failure": "部分回覆只能維持 waiting 或 request more evidence。", + "guard": "preflight 可見不代表 request sent、received、accepted 或 audit emitted。" } } }, "awooopCrossSessionHandoff": { - "title": "AwoooP Cross-Session Handoff", - "subtitle": "S2.52 freezes the current PR, branch, progress semantics, required guards, forbidden actions, and next coordination gate as read-only handoff packets so another AwoooP Session can continue without treating the handoff as production landing or execution authorization.", + "title": "AwoooP 跨 Session Handoff", + "subtitle": "S2.52 將目前 PR、分支、進度語義、必跑 guard、禁止動作與下一個協調 gate 固定成只讀 handoff packet,讓另一個 AwoooP Session 可直接接手,不把 handoff 當 production landing 或執行授權。", "packetLabel": "Handoff packet", - "handoffLabel": "Handoff note", - "guardLabel": "Still locked", + "handoffLabel": "交接說明", + "guardLabel": "仍鎖住", "items": { "branchAndPrAnchor": { - "title": "PR / branch anchor", - "body": "PR #117 and codex/security-supply-chain-contracts-20260512 are the current read-only sync anchors.", - "handoff": "The other Session should confirm the same PR, branch, and latest commit, then read LOGBOOK and the rollup ledger.", - "guard": "Do not merge, deploy, switch primary, or mutate refs from the handoff." + "title": "PR / 分支錨點", + "body": "目前以 PR #117 與 codex/security-supply-chain-contracts-20260512 作為只讀同步錨點。", + "handoff": "另一個 Session 先確認同一 PR / branch / latest commit,再讀 LOGBOOK 與 rollup ledger。", + "guard": "不從 handoff 自動 merge、deploy、切 primary 或改 refs。" }, "progressSemantics": { "title": "進度語義", @@ -10916,22 +10916,22 @@ "guard": "不把 framework detail、readiness、handoff、guard pass 當 headline delta。" }, "requiredGuardCommands": { - "title": "Required guards", - "body": "Run security-mirror-progress-guard.py and source-control-owner-response-guard.py before taking over.", - "handoff": "Continue read-only projection only after both guards pass; if either fails, fix the contract or snapshot first.", - "guard": "Do not skip guards; do not treat guard pass as runtime approval." + "title": "必跑 Guard", + "body": "接手前先跑 security-mirror-progress-guard.py 與 source-control-owner-response-guard.py。", + "handoff": "兩個 guard 都通過後才能繼續 read-only projection;失敗時先停下修 contract / snapshot。", + "guard": "不跳過 guard;不把 guard pass 當 runtime approval。" }, "forbiddenRuntimeActions": { - "title": "Runtime forbidden actions", - "body": "Kali /execute, SSH, host update, active scan, credentialed scan, blocking control, repo / refs / workflow actions remain unauthorized.", - "handoff": "The other Session may only add read-only evidence, UI projection, docs, snapshots, and guards.", - "guard": "runtime_execution_authorized=false; action_buttons_allowed=false" + "title": "Runtime 禁止動作", + "body": "Kali /execute、SSH、host update、active scan、credentialed scan、blocking control、repo / refs / workflow 動作仍未授權。", + "handoff": "另一個 Session 只能新增 read-only evidence、UI projection、docs、snapshot、guard。", + "guard": "runtime_execution_authorized=false;action_buttons_allowed=false" }, "awooopReadOnlyInputs": { - "title": "AwoooP read-only inputs", - "body": "AwoooP may consume the rollup snapshot, IwoooS projection, 負責人回覆 validation rollup, Kali status, and rollout policy.", - "handoff": "Main-line AwoooP intake may display only state, evidence refs, route groups, and forbidden actions.", - "guard": "Do not store raw payloads, credential plaintext, token values, or execution payloads." + "title": "AwoooP 只讀輸入", + "body": "可消費 rollup snapshot、IwoooS projection、負責人回覆 validation rollup、Kali status 與 rollout policy。", + "handoff": "AwoooP 主線接入時只顯示狀態、evidence refs、route group 與 forbidden actions。", + "guard": "不保存原始載荷、credential plaintext、token value 或 execution payload。" }, "nextCoordinationGate": { "title": "下一個協調 Gate", diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index 3d00d883a..1dd28b024 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -1,3 +1,45 @@ +## 2026-05-31|IwoooS `/en` 內容層繁體中文收斂 + +**背景**: + +- 正式站驗證側邊欄菜單已合併為單一 `IwoooS 安全合規` 入口,但 `/en/iwooos` 頁面內容仍殘留 `Security Compliance Hub`、`Existing Security Surfaces`、`Embedded bridge visible`、`Original source` 等英文區塊。 +- 使用者已明確要求所有網站內容都以繁體中文呈現,因此不能只收斂側邊欄導覽文字。 + +**本次調整**: + +- `apps/web/messages/en.json` 的 `iwooos` 區塊完整鏡像 `zh-TW.json`,讓 `/en/iwooos` 內容層也維持繁體中文。 +- 保留必要產品與技術名詞:`IwoooS`、`AwoooP`、`SecurityPanel`、`CompliancePanel`、`Code Review`、`runtime gate` 等只作為系統名詞,不再使用英文段落作為使用者說明文。 +- `security-mirror-progress-guard.py` 新增 `web_messages.en.iwooos.traditional_chinese_mirror`,防止後續 `/en/iwooos` 再與繁中主內容分叉。 + +**驗證**: + +```text +diff -u <(jq -S '.iwooos' apps/web/messages/zh-TW.json) <(jq -S '.iwooos' apps/web/messages/en.json) + -> pass +python3 -m json.tool apps/web/messages/en.json + -> pass +python3 -m py_compile scripts/security/security-mirror-progress-guard.py scripts/security/source-control-owner-response-guard.py + -> pass +python3 scripts/security/security-mirror-progress-guard.py + -> SECURITY_MIRROR_PROGRESS_GUARD_OK +python3 scripts/security/source-control-owner-response-guard.py + -> SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK +pnpm --dir apps/web exec tsc --noEmit --tsBuildInfoFile /tmp/awoooi-iwooos-language-full-20260531.tsbuildinfo + -> pass +NEXT_PUBLIC_API_URL=https://awoooi.wooo.work pnpm --dir apps/web run build + -> pass +本地 Playwright(production build / next start): + /en/iwooos 桌機 1280px -> 無 Command Center / Security & Compliance / Classic AI Center / Terminal / Settings / Security Compliance Hub / Existing Security Surfaces / Embedded bridge visible / Original source / read-only link 英文殘留;側邊欄單一 /en/iwooos;無水平溢出 + /en/security-compliance 桌機 1280px -> 同上,舊路由仍由單一 IwoooS 側邊欄入口承接;無水平溢出 + /en/iwooos 手機 390px -> 無上述英文殘留;單一 /en/iwooos 側邊欄入口;無水平溢出 + /en/security-compliance 手機 390px -> 無上述英文殘留;單一 /en/iwooos 側邊欄入口;無水平溢出 +``` + +**進度邊界**: + +- 整體資安網仍維持 `61%`;本輪是使用者可理解度與語系一致性收斂,不代表 runtime 安全等級升高。 +- active runtime gate 仍為 `0`;沒有新增掃描、SSH、主機更新、修復、批准、部署按鈕或 GitHub primary 切換。 + ## 2026-05-31|Telegram / AwoooP 處置結果與人工通知契約補齊 **背景**: diff --git a/scripts/security/security-mirror-progress-guard.py b/scripts/security/security-mirror-progress-guard.py index 22a6fa175..860b716b5 100755 --- a/scripts/security/security-mirror-progress-guard.py +++ b/scripts/security/security-mirror-progress-guard.py @@ -217,6 +217,7 @@ def validate(root: Path) -> None: "IwoooS 安全合規", ) assert_equal("web_messages.en.nav.traditional_chinese_mirror", web_messages_en["nav"], web_messages_zh["nav"]) + assert_equal("web_messages.en.iwooos.traditional_chinese_mirror", web_messages_en["iwooos"], web_messages_zh["iwooos"]) progress = rollup["progress_estimate"] assert_equal("progress.overall_percent", progress["overall_percent"], 61)