feat(iwooos): 強化前台敏感資訊防洩漏 guard
This commit is contained in:
@@ -101,16 +101,17 @@ CONTROL_STATUS_BY_CATEGORY = {
|
||||
"next_owner_action": "補 workflow diff ref、runner owner attestation、secret name parity ref、Gitea run readback、guard result、maintenance window、rollback owner 與 post-check evidence。",
|
||||
},
|
||||
"public_admin_api_runtime_config": {
|
||||
"coverage_status": "change_evidence_acceptance_ready_needs_runtime_config_owner_evidence",
|
||||
"coverage_percent": 64,
|
||||
"coverage_status": "frontend_sensitive_surface_guard_ready_needs_runtime_config_owner_evidence",
|
||||
"coverage_percent": 66,
|
||||
"evidence_refs": [
|
||||
"docs/HARD_RULES.md",
|
||||
"docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md",
|
||||
"docs/security/PUBLIC-RUNTIME-CONFIG-CHANGE-EVIDENCE-ACCEPTANCE.md",
|
||||
"docs/security/public-runtime-config-change-evidence-acceptance.snapshot.json",
|
||||
"docs/security/public-frontend-sensitive-surface-guard.snapshot.json",
|
||||
],
|
||||
"current_gap": "已固定 Public / Admin / API runtime config 變更證據驗收只讀帳本;affected route、admin/auth boundary、API readback、CORS diff、frontend env diff、i18n redaction、webhook owner、desktop/mobile smoke、sensitive string scan、rollback 與 post-check evidence 仍全部為 0。",
|
||||
"next_owner_action": "補 affected route refs、admin/auth boundary、API contract readback、CORS origin diff、frontend env diff、i18n redaction review、webhook/callback owner、desktop/mobile smoke、sensitive string scan、rollback owner 與 post-check evidence。",
|
||||
"current_gap": "已固定 Public / Admin / API runtime config 變更證據驗收只讀帳本,並新增前台 source / messages 敏感資訊防洩漏 guard;affected route、admin/auth boundary、API readback、CORS diff、frontend env diff、i18n redaction、webhook owner、desktop/mobile production smoke、bundle scan、rollback 與 post-check evidence 仍全部為 0。",
|
||||
"next_owner_action": "補 affected route refs、admin/auth boundary、API contract readback、CORS origin diff、frontend env diff、i18n redaction review、webhook/callback owner、desktop/mobile production smoke、bundle sensitive scan、rollback owner 與 post-check evidence。",
|
||||
},
|
||||
"backup_restore_credential": {
|
||||
"coverage_status": "restore_recovery_backfill_ready_needs_owner_live_evidence",
|
||||
@@ -376,6 +377,7 @@ def build_report(root: Path, generated_at: str | None) -> dict[str, Any]:
|
||||
"secret_injection_change_evidence_acceptance_ready_needs_owner_evidence",
|
||||
"cd_runner_secret_injection_change_evidence_acceptance_ready_needs_owner_evidence",
|
||||
"change_evidence_acceptance_ready_needs_runtime_config_owner_evidence",
|
||||
"frontend_sensitive_surface_guard_ready_needs_runtime_config_owner_evidence",
|
||||
"owner_response_acceptance_ledger_ready_needs_restore_drill_owner",
|
||||
"restore_recovery_backfill_ready_needs_owner_live_evidence",
|
||||
"owner_response_acceptance_ledger_ready_needs_network_owner",
|
||||
|
||||
Reference in New Issue
Block a user