diff --git a/apps/web/messages/en.json b/apps/web/messages/en.json index 5c44b2429..95062d03a 100644 --- a/apps/web/messages/en.json +++ b/apps/web/messages/en.json @@ -4340,6 +4340,9 @@ "githubPrimaryReadiness": { "title": "GitHub Primary Readiness read-only work item" }, + "ownerResponseValidation": { + "title": "Owner response validation read-only work item" + }, "mcpGateway": { "title": "MCP Gateway usage evidence overview" }, @@ -4356,6 +4359,7 @@ "frontendConsole": "Completed and in-progress work must be trackable from the frontend", "iwooosSecurityMirror": "Track security mesh progress and boundaries as read-only only; do not create scan, execute, repair, deploy, primary switch, or runtime gate actions", "githubPrimaryReadiness": "Track the Gitea-to-GitHub readiness gap as read-only only; do not create repos, change visibility, sync refs, collect secret values, switch primary, or disable Gitea", + "ownerResponseValidation": "Track the four owner response validation packets as read-only only; do not treat the work item as received, accepted, an approval record, a primary switch, or a runtime gate", "mcpGateway": "MCP usage must show agent, tool, scope, and blocked reason", "timelineContract": "Incident, Approval, Evidence, KM, and Timeline must not contradict each other" }, @@ -4375,6 +4379,9 @@ "githubPrimaryOwnerResponses": "Owner response remains 0/22; request-ready is not accepted", "githubPrimaryWorkflowNames": "Workflow / secret-name inventory complete=0/7; collect names only, never secret values", "githubPrimaryBoundary": "repo_creation=false; refs_mutation=false; github_primary_switch=false; disable_gitea=false", + "ownerResponseValidation": "Packets={packets}; templates={templates}; received={received}; accepted={accepted}; rejected={rejected}", + "ownerResponseValidationChecks": "Cross-packet checks={crossPacket}; evidence routing={routing}; display sections={sections}", + "ownerResponseValidationBoundary": "No approval record, no primary switch, and no runtime gate", "mcpReady": "MCP Gateway gate is not currently a top gap", "mcpMissing": "Quality summary still reports an MCP Gateway observation gap", "remediationHistory": "Dry-run history: {count}x; latest {preview}", diff --git a/apps/web/messages/zh-TW.json b/apps/web/messages/zh-TW.json index 2d61d916d..a54ea2e3d 100644 --- a/apps/web/messages/zh-TW.json +++ b/apps/web/messages/zh-TW.json @@ -4283,7 +4283,7 @@ }, "workItems": { "title": "工作鏈路", - "subtitle": "{count} 個控制點,依 production truth-chain 與治理資料同步狀態", + "subtitle": "{count} 個控制點,依營運真相鏈與治理資料同步狀態", "refresh": "重新整理", "lastUpdated": "最後更新 {time}", "tableLabel": "AwoooP 工作鏈路", @@ -4306,19 +4306,19 @@ "status": "狀態", "surface": "前端操作面", "source": "資料來源", - "evidence": "Production 證據", + "evidence": "營運證據", "gate": "完成閘門", - "link": "Link" + "link": "連結" }, "surfaces": { "runs": "執行監控 / 執行詳情", - "governance": "治理事件 / SLO", + "governance": "治理事件 / 服務目標", "workItems": "工作鏈路", "iwooos": "IwoooS / 資安鏡像" }, "items": { "sourceDossier": { - "title": "來源事件卷宗與 truth-chain mirror" + "title": "來源事件卷宗與真相鏈鏡像" }, "autoRepair": { "title": "低風險 Alertmanager 自動修復閉環" @@ -4327,10 +4327,10 @@ "title": "非成功驗證補救工作佇列" }, "telegramCallbacks": { - "title": "Telegram 詳情 / 歷史改為 DB truth-first" + "title": "Telegram 詳情 / 歷史改為資料庫真相優先" }, "governanceDispatch": { - "title": "治理告警 dispatch 與去重" + "title": "治理告警派送與去重" }, "frontendConsole": { "title": "AwoooP 操作控制台產品化" @@ -4341,49 +4341,56 @@ "githubPrimaryReadiness": { "title": "GitHub 主要來源就緒度只讀工作項" }, + "ownerResponseValidation": { + "title": "負責人回覆驗收只讀工作項" + }, "mcpGateway": { - "title": "MCP Gateway 使用證據總覽" + "title": "MCP 閘道使用證據總覽" }, "timelineContract": { - "title": "Timeline / KM / PlayBook 回寫一致性" + "title": "時間軸 / 知識庫 / Playbook 回寫一致性" } }, "gates": { - "sourceDossier": "入站告警必須能查到 received / incident_linked / source refs", - "autoRepair": "必須同時有 auto_repair、verification_result=success 與 KM 回寫", - "remediationQueue": "每筆 degraded / failed / timeout 都必須映射到重跑、重驗、Ticket 或人工檢查", + "sourceDossier": "入站告警必須能查到已收到、已連到事件與來源參照", + "autoRepair": "必須同時有自動修復、驗證成功與知識庫回寫", + "remediationQueue": "每筆降級、失敗或逾時都必須映射到重跑、重驗、工單或人工檢查", "telegramCallbacks": "按下詳情與歷史不能再只依賴 Redis TTL 或舊快照", - "governanceDispatch": "治理告警必須進 dispatch,並標示 skipped / pending / repaired", + "governanceDispatch": "治理告警必須進入派送,並標示已略過、等待中或已修復", "frontendConsole": "已完成與推進中的工作必須能從前端直接追蹤", - "iwooosSecurityMirror": "只讀追蹤資安網進度與邊界;不得建立掃描、執行、修復、部署、主要來源切換或 runtime gate", - "githubPrimaryReadiness": "只讀追蹤 Gitea 轉 GitHub 的就緒度缺口;不得建立 repo、改可見性、sync refs、收 secret value、切主要來源或停用 Gitea", - "mcpGateway": "MCP 使用必須看得到 agent、tool、scope 與 blocked 原因", - "timelineContract": "Incident、Approval、Evidence、KM、Timeline 不得互相矛盾" + "iwooosSecurityMirror": "只讀追蹤資安網進度與邊界;不得建立掃描、執行、修復、部署、主要來源切換或執行期閘門", + "githubPrimaryReadiness": "只讀追蹤 Gitea 轉 GitHub 的就緒度缺口;不得建立專案庫、改可見性、同步分支 / 標籤參照、收機密明文值、切主要來源或停用 Gitea", + "ownerResponseValidation": "只讀追蹤四包負責人回覆驗收;不得把工作項當成已收到、已接受、審批紀錄、主要來源切換或執行期閘門", + "mcpGateway": "MCP 使用必須看得到代理、工具、範圍與阻擋原因", + "timelineContract": "事件、審批、證據、知識庫與時間軸不得互相矛盾" }, "evidence": { - "channelEvents": "最近 Alertmanager channel events:{count}", + "channelEvents": "最近 Alertmanager 通道事件:{count}", "autoRepair": "已驗證自動修復:{verified}/{evaluated}", "remediationQueue": "補救工作:{total};AI 可接手:{ready};人工:{human}", - "telegramCallbacks": "目前修補 Telegram callback 查詢鏈與歷史摘要", - "governance": "未解治理告警:{unresolved};pending dispatch:{queued}", - "governanceUnavailable": "治理事件 API 目前無法回應;pending dispatch:{queued}", - "governanceQueueMissing": "治理 dispatch 表尚未就緒;未解治理告警:{unresolved}", - "frontendConsole": "本頁已改讀 production API,而非靜態清單", - "iwooosSecurityMirror": "整體 {headline};框架 {framework};落地 {runtime};active runtime gates={gates}", + "telegramCallbacks": "目前修補 Telegram 回呼查詢鏈與歷史摘要", + "governance": "未解治理告警:{unresolved};等待派送:{queued}", + "governanceUnavailable": "治理事件 API 目前無法回應;等待派送:{queued}", + "governanceQueueMissing": "治理派送表尚未就緒;未解治理告警:{unresolved}", + "frontendConsole": "本頁已改讀營運 API,而非靜態清單", + "iwooosSecurityMirror": "整體 {headline};框架 {framework};落地 {runtime};主動執行閘門={gates}", "iwooosSecurityMirrorOwner": "負責人回覆仍等待;production_landing_enabled=false", "iwooosSecurityMirrorBoundary": "execution_router_linked=false;runtime_execution_authorized=false;action_buttons_allowed=false", - "githubPrimaryReadiness": "候選 repo={candidates};範圍內={inScope};主要來源就緒={ready}", - "githubPrimaryOwnerResponses": "負責人回覆仍為 0/22;request-ready 不是 accepted", - "githubPrimaryWorkflowNames": "Workflow / secret 名稱清冊 complete=0/7;只收名稱不收 secret value", + "githubPrimaryReadiness": "候選專案庫={candidates};範圍內={inScope};主要來源就緒={ready}", + "githubPrimaryOwnerResponses": "負責人回覆仍為 0/22;請求可送出不等於已接受", + "githubPrimaryWorkflowNames": "工作流程 / 機密名稱清冊完成=0/7;只收名稱不收機密明文值", "githubPrimaryBoundary": "repo_creation=false;refs_mutation=false;github_primary_switch=false;disable_gitea=false", - "mcpReady": "MCP Gateway gate 目前未列為主要缺口", - "mcpMissing": "品質總覽仍指出 MCP Gateway 觀測缺口", + "ownerResponseValidation": "回覆包={packets};範本={templates};已收到={received};已接受={accepted};已拒收={rejected}", + "ownerResponseValidationChecks": "跨包驗收={crossPacket};證據路由={routing};顯示區塊={sections}", + "ownerResponseValidationBoundary": "不建立審批紀錄、不切主要來源、不開執行期閘門", + "mcpReady": "MCP 閘道目前未列為主要缺口", + "mcpMissing": "品質總覽仍指出 MCP 閘道觀測缺口", "remediationHistory": "試跑歷史:{count} 次;上次 {preview}", "remediationHistoryEmpty": "尚無補救試跑歷史", "remediationRoute": "MCP:{route}", - "remediationWrites": "寫入:incident={incident};autoRepair={autoRepair}", - "timelineReady": "Timeline gate 目前未列為主要缺口", - "timelineMissing": "品質總覽仍指出 Timeline / 稽核記錄缺口" + "remediationWrites": "寫入:事件={incident};自動修復={autoRepair}", + "timelineReady": "時間軸閘門目前未列為主要缺口", + "timelineMissing": "品質總覽仍指出時間軸 / 稽核記錄缺口" } }, "listEvidence": { diff --git a/apps/web/src/app/[locale]/awooop/work-items/page.tsx b/apps/web/src/app/[locale]/awooop/work-items/page.tsx index 26d9c0a7f..db5b67ff4 100644 --- a/apps/web/src/app/[locale]/awooop/work-items/page.tsx +++ b/apps/web/src/app/[locale]/awooop/work-items/page.tsx @@ -235,7 +235,7 @@ function buildWorkItems( phase: "T17", status: "in_progress", surfaceKey: "runs", - source: "telegram_callback / truth-chain", + source: "telegram_callback / 真相鏈鏡像", gateKey: "telegramCallbacks", evidence: t("evidence.telegramCallbacks"), href: "/awooop/runs", @@ -309,6 +309,30 @@ function buildWorkItems( ], href: "/iwooos", }, + { + id: "ownerResponseValidation", + phase: "S2.73", + status: "watching", + surfaceKey: "iwooos", + source: "source-control-owner-response-validation-rollup.snapshot.json / security_mirror_status_rollup_v1", + gateKey: "ownerResponseValidation", + evidence: t("evidence.ownerResponseValidation", { + packets: 4, + templates: 22, + received: 0, + accepted: 0, + rejected: 0, + }), + evidenceDetails: [ + t("evidence.ownerResponseValidationChecks", { + crossPacket: 10, + routing: 6, + sections: 8, + }), + t("evidence.ownerResponseValidationBoundary"), + ], + href: "/iwooos", + }, { id: "mcpGateway", phase: "T18", diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index 3fd930e56..47d8472ff 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -1,3 +1,17 @@ +## 2026-05-21 | 資安供應鏈 S2.73:AwoooP 工作鏈路負責人回覆驗收只讀工作項 + +**背景**:S2.72 已把四包負責人回覆驗收總覽放進 AwoooP 首頁,但 `/awooop/work-items` 尚未有同一個工作鏈路項目。另一個 AwoooP Session 與使用者需要在工作項層看見真正卡住 GitHub 主要來源與後續執行期閘門的是負責人回覆收件與驗收,而不是頁面已呈現就代表可執行。 + +**完成**: +- `/awooop/work-items` 新增「負責人回覆驗收只讀工作項」,來源為 `source-control-owner-response-validation-rollup.snapshot.json / security_mirror_status_rollup_v1`,並連回 `/iwooos`。 +- 工作項顯示四包負責人回覆、22 個回覆範本、已收到=0、已接受=0、已拒收=0、10 個跨包驗收、6 條證據路由與 8 個顯示區塊。 +- `apps/web/messages/zh-TW.json` 已把 AwoooP 工作鏈路的可見欄位、證據、閘門與工作項標題改為繁體中文;技術鍵值與 `false` 邊界保留作為可追溯證據。 +- `security_mirror_status_rollup_v1` 新增 `s2_73_awooop_work_items_owner_response_validation_candidate`,並由 `security-mirror-progress-guard.py` 驗證工作項、i18n 鍵、證據細節、繁中用語與非授權邊界。 + +**仍禁止**: +- S2.73 是 AwoooP 工作鏈路只讀呈現,不代表負責人回覆已收到 / 已接受、審批紀錄已建立、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、機密明文值收集、GitHub 主要來源切換、Gitea 停用、Kali `/execute`、SSH 登入、主機更新、阻擋型控制或執行期閘門。 +- 整體資安網百分比仍是 58%;框架 / 治理 / 文件 / 結構定義 / 只讀證據仍約 80-85%;真正落地執行 / 執行期匯入 / GitHub 主要來源 / AwoooP 正式入口仍約 35-40%。 + ## 2026-05-21 | 資安供應鏈 S2.72:AwoooP 首頁負責人回覆驗收總覽 **背景**:S2.63-S2.71 已把 GitHub 主要來源就緒度與 IwoooS / AwoooP 只讀資安可視面板串起來,但使用者在 AwoooP 首頁仍需要更直接看見:真正卡住 GitHub 主要來源與後續執行期閘門的不是頁面或防護檢查,而是 S4.9-S4.12 四包負責人回覆尚未收到與驗收。 diff --git a/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md b/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md index 18f12aa5c..37dc8b8a5 100644 --- a/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md +++ b/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md @@ -54,6 +54,7 @@ | IwoooS / AwoooP Traditional Chinese security surface wording guard | S2.70 已把 zh-TW 資安可視區塊使用者可見英文標籤改成繁體中文,並由 guard 阻擋 Candidate repos、In-scope repos、Owner response、Workflow inventory、Active runtime gates、GitHub Primary Readiness 等英文標籤回流;保留 contract id 與 false flags 作為證據鍵值;仍不建立 repo、不改 refs、不改 workflow / secrets、不收 secret value、不切 primary、不停用 Gitea | | AwoooP run detail Traditional Chinese wording guard | S2.71 已把 AwoooP 執行詳情、審批決策與事件證據的使用者可見英文標籤改成繁體中文,並由 scoped guard 阻擋 Trace ID、Trigger、Tool、Scope、Dry-run、Tools、Incident Evidence、Run state、audit trail 等英文文案回流;保留技術 ID 與證據鍵值;仍不建立 approval record、不執行 runtime、不建立 repo、不改 refs、不改 workflow / secrets、不收 secret value、不切 primary、不停用 Gitea | | AwoooP 首頁負責人回覆驗收總覽 | S2.72 已在 `/awooop` 顯示四包負責人回覆驗收總覽;S4.9/S4.10/S4.11/S4.12、22 個回覆範本、已收到=0、已接受=0、已拒收=0、10 個跨包驗收、6 條證據路由、8 個顯示區塊、7 條狀態轉移、9 個審查清單項目、7 條審查結果分流;仍不標記負責人回覆已收到 / 已接受、不建立審批紀錄、不建立專案庫、不改分支 / 標籤參照、不改工作流程 / 機密設定、不收機密明文值、不切主要來源、不開執行期閘門 | +| AwoooP 工作鏈路負責人回覆驗收只讀工作項 | S2.73 已在 `/awooop/work-items` 顯示四包負責人回覆驗收只讀工作項;22 個回覆範本、已收到=0、已接受=0、已拒收=0、10 個跨包驗收、6 條證據路由、8 個顯示區塊;仍不把工作項當成已收到 / 已接受、審批紀錄、專案庫 / 分支與標籤參照 / 工作流程 / 機密設定 / 主要來源動作或執行期閘門 | | Dry-run | `contract_defined_not_executed`;已納入 `CHECK_PROGRESS_GUARD` 與 `CHECK_OWNER_RESPONSE_GUARD`,latest local validation 為 `repo_snapshot_guard_pass`,仍不代表 production ingestion | | Runtime actions | `false` | | Payload ingestion | `false` | @@ -173,6 +174,7 @@ | S2.69 AwoooP runs GitHub primary readiness boundary | framework detail | 0 | 只在 `/awooop/runs` 顯示 GitHub Primary Readiness Run 邊界,連回 `/iwooos` 並呈現 source_control_primary_readiness_gate_v1、source_control_owner_response_validation_rollup_v1、source_control_workflow_secret_name_inventory_v1、source_control_primary_rollback_adr_v1、candidate repos=8、in-scope=7、security runs=0、owner response 0/22、workflow inventory complete=0/7;security_run_created=false、github_primary_run_created=false、execution_router_linked=false、repo_creation_authorized=false、refs_mutation_authorized=false、workflow_secret_modification_authorized=false、secret_value_collection_allowed=false、github_primary_switch_authorized=false、gitea_disablement_authorized=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不建立 platform run、不接 execution router、不建立 GitHub repo、不改 visibility、不 sync / delete / force push refs、不改 workflow / secrets、不收 secret value、不切 primary、不停用 Gitea | | S2.70 IwoooS / AwoooP Traditional Chinese security surface wording guard | framework detail | 0 | 只把 IwoooS / AwoooP 資安可視區塊使用者可見英文標籤改成繁體中文,並由 `security-mirror-progress-guard.py` 阻擋 Candidate repos、In-scope repos、Owner response、Workflow inventory、Active runtime gates、GitHub Primary Readiness 等英文標籤回流;runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不建立 GitHub repo、不改 visibility、不 sync / delete / force push refs、不改 workflow / secrets、不收 secret value、不切 primary、不停用 Gitea | | S2.71 AwoooP run detail Traditional Chinese wording guard | framework detail | 0 | 只把 AwoooP 執行詳情、審批決策與事件證據使用者可見英文標籤改成繁體中文,並由 `security-mirror-progress-guard.py` scoped guard 阻擋 Trace ID、Trigger、Tool、Scope、Dry-run、Tools、Incident Evidence、Run state、audit trail 等英文文案回流;runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不建立 approval record、不執行 runtime、不建立 GitHub repo、不改 visibility、不 sync / delete / force push refs、不改 workflow / secrets、不收 secret value、不切 primary、不停用 Gitea | +| S2.73 AwoooP work-items owner response validation candidate | framework detail | 0 | 只在 `/awooop/work-items` 顯示四包負責人回覆驗收只讀工作項,呈現回覆包=4、範本=22、已收到=0、已接受=0、已拒收=0、跨包驗收=10、證據路由=6、顯示區塊=8;owner_response_validation_received_count=0、owner_response_validation_accepted_count=0、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不建立審批紀錄、不建立 GitHub repo、不改 visibility、不 sync / delete / force push refs、不改 workflow / secrets、不收 secret value、不切 primary、不停用 Gitea | headline 進度要再往上,至少需要下列任一高層 gate 有實質 evidence: diff --git a/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md b/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md index 2bd067a41..c019b4fa4 100644 --- a/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md +++ b/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md @@ -5,7 +5,7 @@ | 日期 | 2026-05-17 | | 狀態 | S0/S1 read-only evidence 建置中 | | 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Source Control Ref Truth Owner Response 收件包 + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + GitHub Target Owner Decision Response 收件包 + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Gitea Owner Attestation Approval Lane 對齊 + Gitea Owner Attestation Response 收件包 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Workflow / Secret Name Owner Response 收件包 + Source Control Owner Response Validation Rollup + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 + IwoooS 前端態勢入口 + IwoooS posture projection contract + IwoooS 既有前端資安頁面整合 + IwoooS 覆蓋與邊界矩陣 + IwoooS 只讀資安處理旅程 + IwoooS owner evidence readiness board + IwoooS host coverage view + IwoooS host action gate matrix + IwoooS host evidence readiness board + IwoooS host evidence collection order + IwoooS host evidence intake preflight + IwoooS host evidence review outcome lanes + IwoooS host evidence review handoff packets + IwoooS host evidence reviewer checklist + IwoooS host evidence reviewer outcome lanes + IwoooS host owner decision candidate packets + IwoooS host owner decision review checklist + IwoooS host owner decision review outcome lanes + IwoooS host owner decision record draft packets + IwoooS host owner decision record draft review checklist + IwoooS host owner decision record draft review outcome lanes + IwoooS host owner decision record write-up packets + IwoooS host owner decision record write-up review checklist + IwoooS host owner decision record write-up review outcome lanes + IwoooS host owner decision record formal candidate packets + IwoooS host owner decision record formal candidate review checklist + IwoooS host owner decision record formal candidate review outcome lanes + IwoooS host owner decision record formal record queue packets + IwoooS host owner decision record formal record queue review checklist + IwoooS host owner decision record formal record queue review outcome lanes + IwoooS host owner decision record human handoff readiness packets + IwoooS host owner decision record human handoff readiness review checklist + IwoooS host owner decision record human handoff readiness review outcome lanes + IwoooS host owner decision record human record owner review candidate packets + IwoooS host owner decision record human record owner review candidate checklist + IwoooS host owner decision record human record owner review candidate outcome lanes + IwoooS host owner decision record human record owner review preparation packets + IwoooS host owner decision record human record owner review preparation checklist + IwoooS progress acceleration lanes + IwoooS owner response next-action focus + IwoooS S4.9 owner response preflight + IwoooS S4.9 owner response request templates + IwoooS progress hold movement gates + IwoooS AwoooP read-only landing readiness + IwoooS AwoooP cross-session handoff packets + AwoooP 首頁 IwoooS 資安鏡像候選 + AwoooP 工作鏈路 IwoooS 資安鏡像候選 + AwoooP 審批佇列 IwoooS owner response 只讀焦點 | -| 本階段追加 | AwoooP 合約儀表板 IwoooS 資安契約只讀候選 + AwoooP 租戶管理 IwoooS 資安租戶範圍只讀候選 + AwoooP 執行監控 IwoooS 執行狀態只讀候選 + 既有安全 / 合規頁面 IwoooS 只讀反向橋接 + 告警 / 錯誤 / 授權 / 治理頁面 IwoooS 只讀反向橋接 + 稽核 / 工程審查頁面 IwoooS 深色只讀反向橋接 + IwoooS 前端資安頁面連接狀態板 + IwoooS GitHub 主要來源就緒度只讀狀態板 + AwoooP 工作鏈路 GitHub 主要來源就緒度只讀工作項 + AwoooP 合約儀表板 GitHub 主要來源就緒度合約只讀候選 + AwoooP 審批佇列 GitHub 主要來源就緒度審批邊界 + AwoooP 首頁 GitHub 主要來源就緒度只讀摘要 + AwoooP 租戶管理 GitHub 主要來源就緒度租戶範圍 + AwoooP 執行監控 GitHub 主要來源就緒度執行邊界 + IwoooS / AwoooP 資安可視區塊繁體中文呈現防護檢查 + AwoooP 執行詳情 / 審批詳情繁體中文呈現防護檢查 + AwoooP 首頁負責人回覆驗收總覽 | +| 本階段追加 | AwoooP 合約儀表板 IwoooS 資安契約只讀候選 + AwoooP 租戶管理 IwoooS 資安租戶範圍只讀候選 + AwoooP 執行監控 IwoooS 執行狀態只讀候選 + 既有安全 / 合規頁面 IwoooS 只讀反向橋接 + 告警 / 錯誤 / 授權 / 治理頁面 IwoooS 只讀反向橋接 + 稽核 / 工程審查頁面 IwoooS 深色只讀反向橋接 + IwoooS 前端資安頁面連接狀態板 + IwoooS GitHub 主要來源就緒度只讀狀態板 + AwoooP 工作鏈路 GitHub 主要來源就緒度只讀工作項 + AwoooP 合約儀表板 GitHub 主要來源就緒度合約只讀候選 + AwoooP 審批佇列 GitHub 主要來源就緒度審批邊界 + AwoooP 首頁 GitHub 主要來源就緒度只讀摘要 + AwoooP 租戶管理 GitHub 主要來源就緒度租戶範圍 + AwoooP 執行監控 GitHub 主要來源就緒度執行邊界 + IwoooS / AwoooP 資安可視區塊繁體中文呈現防護檢查 + AwoooP 執行詳情 / 審批詳情繁體中文呈現防護檢查 + AwoooP 首頁負責人回覆驗收總覽 + AwoooP 工作鏈路負責人回覆驗收只讀工作項 | | 原則 | 低摩擦分階段;文件、schema、read-only evidence 優先;不做 runtime enforcement、不切 primary | ## 0. 本階段完成後整體進度 @@ -28,7 +28,7 @@ python3 scripts/security/security-mirror-progress-guard.py ### 0.2 Headline 58% 不代表停滯 -近期 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.13 evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates / reviewer audit display sections / reviewer audit collection checks / reviewer audit redaction examples / reviewer audit retention rules / reviewer audit retention checks / reviewer audit handoff packets / reviewer audit handoff checks / parallel session sync checks / parallel session conflict lanes / parallel session recovery checks / recovery outcome lanes、S1.3 non-blocking escalation lanes、S2.8 IwoooS frontend posture entry,以及 S2.9-S2.72 IwoooS / AwoooP security projection contract 都是有效進展,但它們是 framework detail,不是 owner response、runtime gate、production ingestion 或 GitHub primary readiness。因此 headline 仍維持 58%,避免把只讀框架誤算成已落地執行。 +近期 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.13 evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates / reviewer audit display sections / reviewer audit collection checks / reviewer audit redaction examples / reviewer audit retention rules / reviewer audit retention checks / reviewer audit handoff packets / reviewer audit handoff checks / parallel session sync checks / parallel session conflict lanes / parallel session recovery checks / recovery outcome lanes、S1.3 non-blocking escalation lanes、S2.8 IwoooS frontend posture entry,以及 S2.9-S2.73 IwoooS / AwoooP security projection contract 都是有效進展,但它們是 framework detail,不是 owner response、runtime gate、production ingestion 或 GitHub primary readiness。因此 headline 仍維持 58%,避免把只讀框架誤算成已落地執行。 S2.50 也把「為什麼 58% 還不動」拆成五個可見 gate:owner response accepted、redacted payload ingestion、active runtime gate、GitHub primary ready、AwoooP read-only landing。這五個 gate 目前仍全部是 0 / false,所以 headline 不應被灌水提高。 @@ -135,6 +135,7 @@ S2.50 也把「為什麼 58% 還不動」拆成五個可見 gate:owner respons | S2.70 IwoooS / AwoooP security surface Traditional Chinese wording guard | 已完成草案,將 IwoooS / AwoooP 資安可視區塊的使用者可見英文標籤改成繁體中文,並由 guard 阻擋 Candidate repos、In-scope repos、Owner response、Workflow inventory、Active runtime gates、GitHub Primary Readiness 等英文標籤回流;技術 contract id 與 false flags 保留可追溯 | 0 | | S2.71 AwoooP run detail Traditional Chinese wording guard | 已完成草案,將 AwoooP 執行詳情、審批決策與事件證據的使用者可見英文標籤改成繁體中文,並由 scoped guard 阻擋 Trace ID、Trigger、Tool、Scope、Dry-run、Tools、Incident Evidence、Run state、audit trail 等英文文案回流;技術 ID 與 false flags 保留可追溯 | 0 | | S2.72 AwoooP 首頁負責人回覆驗收總覽 | 已完成草案,在 `/awooop` 顯示 S4.9/S4.10/S4.11/S4.12 四包負責人回覆、22 個回覆範本、已收到=0、已接受=0、已拒收=0 與人工審查驗收檢查;仍不標記負責人回覆已收到 / 已接受、不建立審批紀錄、不建立專案庫、不改分支 / 標籤參照、不開執行期閘門 | 0 | +| S2.73 AwoooP 工作鏈路負責人回覆驗收只讀工作項 | 已完成草案,在 `/awooop/work-items` 顯示四包負責人回覆、22 個回覆範本、已收到=0、已接受=0、已拒收=0、10 個跨包驗收、6 條證據路由與 8 個顯示區塊;仍不把工作項當成已收到 / 已接受、審批紀錄、主要來源切換或執行期閘門 | 0 | headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner response 收到並通過脫敏驗收,或人工批准後出現 active runtime gate、redacted payload ingestion、GitHub primary readiness 這類落地 evidence。 @@ -226,6 +227,7 @@ headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner respons | S2.70 IwoooS / AwoooP Traditional Chinese Security Surface Guard | 完成草案 | zh-TW 前端資安可視文案改為繁體中文,並新增 guard 防止關鍵英文標籤回流 | 使用者看到的資安入口、AwoooP 首頁、租戶、執行、合約、審批等資安可視區塊以繁體中文理解;本修正仍只是文案與 guard,不是 runtime、repo、refs、workflow、secret、GitHub primary 或 Gitea 動作 | | S2.71 AwoooP Run Detail Traditional Chinese Wording Guard | 完成草案 | zh-TW AwoooP 執行詳情、審批決策與事件證據文案改為繁體中文,並新增 scoped guard 防止詳情頁英文標籤回流 | 使用者進入執行時間線、審批決策與事件證據時能以繁體中文理解狀態、來源、MCP、補救試跑與稽核欄位;本修正仍只是文案與 guard,不是 approval record、runtime、repo、refs、workflow、secret、GitHub primary 或 Gitea 動作 | | S2.72 AwoooP 首頁負責人回覆驗收總覽 | 完成草案 | `/awooop` 新增四包負責人回覆驗收總覽,顯示 22 個範本、0 已收到、0 已接受、0 已拒收、10 個跨包驗收、6 條證據路由、8 個顯示區塊、7 條狀態轉移、9 個審查清單項目與 7 條審查結果分流 | 使用者能在首頁看懂 GitHub 主要來源前真正卡住的是負責人證據收件與驗收;總覽仍不是審批紀錄、負責人回覆已接受、專案庫 / 分支與標籤參照 / 工作流程 / 機密設定動作、GitHub 主要來源或執行期閘門 | +| S2.73 AwoooP 工作鏈路負責人回覆驗收只讀工作項 | 完成草案 | `/awooop/work-items` 新增四包負責人回覆驗收工作項,顯示 22 個範本、0 已收到、0 已接受、0 已拒收、10 個跨包驗收、6 條證據路由與 8 個顯示區塊,並連回 `/iwooos` | 使用者與另一個 AwoooP Session 能在工作鏈路理解 GitHub 主要來源真正等待負責人回覆驗收;工作項仍不是審批紀錄、已接受回覆、專案庫 / 分支與標籤參照 / 工作流程 / 機密設定動作、主要來源切換或執行期閘門 | | S3 approval gate | 進行中 | `security_approval_gate_v1` 已建立 8 個人工 gate items:7 pending、1 block candidate、0 approved | 不得繞過人工批准;批准後仍需 follow-up runtime gate | | S3.0 人工批准 Gate 契約 | 完成草案 | 定義批准範圍、決策選項、required reviewers、still forbidden 與 follow-up runtime gate | AwoooP 可記錄決策,不可執行 gate item | | S3.1 人工決策紀錄契約 | 完成草案 | `security_approval_decision_record_v1` 已建立;目前 0 筆 decision records、0 個 runtime action 授權 | AwoooP 可稽核決策,不可把決策當執行 | diff --git a/docs/security/security-mirror-status-rollup.snapshot.json b/docs/security/security-mirror-status-rollup.snapshot.json index c1c70df00..b67a40a6a 100644 --- a/docs/security/security-mirror-status-rollup.snapshot.json +++ b/docs/security/security-mirror-status-rollup.snapshot.json @@ -1334,6 +1334,18 @@ "runtime_delta": false, "execution_authorized": false, "not_authorization": true + }, + { + "delta_id": "s2_73_awooop_work_items_owner_response_validation_candidate", + "display_order": 102, + "completed_stage": "S2.73 AwoooP 工作鏈路負責人回覆驗收只讀工作項", + "progress_axis": "framework_detail", + "headline_percent_delta": 0, + "framework_delta_visible": true, + "why_headline_unchanged": "AwoooP 工作鏈路只新增負責人回覆驗收只讀工作項,顯示四包、22 個回覆範本、已收到=0、已接受=0、已拒收=0、10 個跨包驗收、6 條證據路由與 8 個顯示區塊;runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false,不標記負責人回覆已收到 / 已接受、不建立審批紀錄、不建立專案庫、不改分支 / 標籤參照、不改工作流程 / 機密設定、不收機密明文值、不切主要來源、不停用 Gitea。", + "runtime_delta": false, + "execution_authorized": false, + "not_authorization": true } ], "next_safe_actions": [ @@ -1562,6 +1574,22 @@ "從 AwoooP 工作鏈路切 GitHub primary、停用 Gitea 或把 request-ready 當 owner response accepted" ] }, + { + "action_id": "show_awooop_work_items_owner_response_validation_candidate", + "title": "AwoooP 工作鏈路顯示負責人回覆驗收只讀工作項", + "mode": "observe", + "source_contract": "security_mirror_status_rollup_v1", + "allowed_processing": [ + "在 /awooop/work-items 顯示 S2.73 負責人回覆驗收只讀工作項", + "顯示四包、22 個回覆範本、已收到=0、已接受=0、已拒收=0、10 個跨包驗收、6 條證據路由與 8 個顯示區塊", + "連到 /iwooos 只讀入口,不新增審批紀錄、專案庫、可見性、分支 / 標籤參照、工作流程、機密設定、主要來源或 Gitea 停用動作" + ], + "blocked_processing": [ + "把 AwoooP 工作鏈路負責人回覆驗收工作項當成負責人回覆已收到或已接受", + "從 AwoooP 工作鏈路建立審批紀錄、建立專案庫、改可見性、同步 / 刪除 / 強制推送分支或標籤參照,或收機密明文值", + "從 AwoooP 工作鏈路切 GitHub 主要來源、停用 Gitea 或開執行期閘門" + ] + }, { "action_id": "show_awooop_contracts_github_primary_readiness_candidate", "title": "AwoooP 合約儀表板顯示 GitHub Primary Readiness 合約只讀候選", @@ -2059,7 +2087,8 @@ "S2.69 新增 AwoooP runs GitHub Primary Readiness Run 邊界;/awooop/runs 顯示 source_control_primary_readiness_gate_v1、source_control_owner_response_validation_rollup_v1、source_control_workflow_secret_name_inventory_v1、source_control_primary_rollback_adr_v1、candidate repos=8、in-scope=7、security runs=0、owner response 0/22、workflow inventory complete=0/7,並連回 /iwooos;security_run_created=false、github_primary_run_created=false、execution_router_linked=false、repo_creation_authorized=false、refs_mutation_authorized=false、workflow_secret_modification_authorized=false、secret_value_collection_allowed=false、github_primary_switch_authorized=false、gitea_disablement_authorized=false、runtime_execution_authorized=false、action_buttons_allowed=false、not_authorization=true,不把 Run 邊界當 platform run、execution router 或 GitHub primary approval、不建立 repo、不改 visibility、不 sync/delete/force push refs、不改 workflow / secrets、不收 secret value、不切 primary、不停用 Gitea。", "S2.70 修正 IwoooS / AwoooP 資安可視區塊繁體中文呈現;zh-TW 前端文案將 GitHub readiness、owner response、runtime gate、run state、workflow inventory、tenant scope、contract refs、approval lanes 等使用者可見英文標籤改成繁體中文,並由 security-mirror-progress-guard.py 阻擋 Candidate repos、In-scope repos、Owner response、Workflow inventory、Active runtime gates、GitHub Primary Readiness 等英文標籤回流;保留 GitHub、Gitea、Kali、AwoooP、IwoooS、refs、workflow、secret、runtime、contract id 與 false flags 作為技術名詞或證據鍵值;runtime_execution_authorized=false、action_buttons_allowed=false、not_authorization=true,不建立 repo、不改 refs、不改 workflow / secrets、不收 secret value、不切 primary、不停用 Gitea。", "S2.71 修正 AwoooP 執行詳情、審批決策與事件證據繁體中文呈現;zh-TW 前端文案將 Trace ID、Trigger、Trigger Ref、Tool、Scope、First-class、Policy enforced、Approval executor、Legacy bridge、Dry-run、Tools、Incident Evidence、Run state、audit trail 等使用者可見英文標籤改成繁體中文,並由 security-mirror-progress-guard.py 新增 scoped guard 阻擋回流;保留 run_id、project_id、trace_id、MCP Gateway、Runtime、ADR-100 與 false flags 作為技術名詞或證據鍵值;runtime_execution_authorized=false、action_buttons_allowed=false、not_authorization=true,不建立 approval record、不執行 runtime、不建立 repo、不改 refs、不改 workflow / secrets、不收 secret value、不切 primary、不停用 Gitea。", - "S2.72 新增 AwoooP 首頁負責人回覆驗收總覽;/awooop 顯示 S4.9/S4.10/S4.11/S4.12 四包負責人回覆、22 個回覆範本、已收到=0、已接受=0、已拒收=0、10 個跨包驗收、6 條證據路由、8 個顯示區塊、7 條狀態轉移、9 個審查清單項目與 7 條審查結果分流;owner_response_validation_received_count=0、owner_response_validation_accepted_count=0、repo_creation_authorized=false、refs_sync_authorized=false、workflow_modification_authorized=false、secret_value_collection_allowed=false、github_primary_switch_authorized=false、runtime_execution_authorized=false、action_buttons_allowed=false、not_authorization=true,不把首頁驗收總覽當負責人回覆已收到 / 已接受、審批紀錄、專案庫 / 分支與標籤參照 / 工作流程 / 機密設定 / 主要來源動作或執行期閘門。" + "S2.72 新增 AwoooP 首頁負責人回覆驗收總覽;/awooop 顯示 S4.9/S4.10/S4.11/S4.12 四包負責人回覆、22 個回覆範本、已收到=0、已接受=0、已拒收=0、10 個跨包驗收、6 條證據路由、8 個顯示區塊、7 條狀態轉移、9 個審查清單項目與 7 條審查結果分流;owner_response_validation_received_count=0、owner_response_validation_accepted_count=0、repo_creation_authorized=false、refs_sync_authorized=false、workflow_modification_authorized=false、secret_value_collection_allowed=false、github_primary_switch_authorized=false、runtime_execution_authorized=false、action_buttons_allowed=false、not_authorization=true,不把首頁驗收總覽當負責人回覆已收到 / 已接受、審批紀錄、專案庫 / 分支與標籤參照 / 工作流程 / 機密設定 / 主要來源動作或執行期閘門。", + "S2.73 新增 AwoooP 工作鏈路負責人回覆驗收只讀工作項;/awooop/work-items 顯示四包、22 個回覆範本、已收到=0、已接受=0、已拒收=0、10 個跨包驗收、6 條證據路由與 8 個顯示區塊;owner_response_validation_received_count=0、owner_response_validation_accepted_count=0、repo_creation_authorized=false、refs_sync_authorized=false、workflow_modification_authorized=false、secret_value_collection_allowed=false、github_primary_switch_authorized=false、runtime_execution_authorized=false、action_buttons_allowed=false、not_authorization=true,不把工作鏈路工作項當負責人回覆已收到 / 已接受、審批紀錄、專案庫 / 分支與標籤參照 / 工作流程 / 機密設定 / 主要來源動作或執行期閘門。" ], "forbidden_actions": [ "start_kali_scan", diff --git a/scripts/security/security-mirror-progress-guard.py b/scripts/security/security-mirror-progress-guard.py index 2d6398e31..4af51a7f2 100755 --- a/scripts/security/security-mirror-progress-guard.py +++ b/scripts/security/security-mirror-progress-guard.py @@ -290,6 +290,7 @@ def validate(root: Path) -> None: "s2_70_traditional_chinese_security_surface_wording_guard", "s2_71_awooop_run_detail_traditional_chinese_wording_guard", "s2_72_awooop_home_owner_response_validation_rollup", + "s2_73_awooop_work_items_owner_response_validation_candidate", ] assert_equal( "progress_delta_ledger.delta_ids", @@ -384,6 +385,11 @@ def validate(root: Path) -> None: [item["action_id"] for item in rollup["next_safe_actions"] if isinstance(item, dict)], "show_awooop_work_items_github_primary_readiness_candidate", ) + assert_contains( + "rollup.next_safe_actions.action_ids", + [item["action_id"] for item in rollup["next_safe_actions"] if isinstance(item, dict)], + "show_awooop_work_items_owner_response_validation_candidate", + ) assert_contains( "rollup.next_safe_actions.action_ids", [item["action_id"] for item in rollup["next_safe_actions"] if isinstance(item, dict)], @@ -488,6 +494,32 @@ def validate(root: Path) -> None: ]: assert_text_not_contains("web_messages.zh-TW.awooop_run_detail_wording", zh_awooop_run_detail_text, forbidden) + zh_awooop_work_items_text = json.dumps( + web_messages_zh["awooop"]["workItems"], + ensure_ascii=False, + ) + for forbidden in [ + "Production 證據", + "Link", + "truth-chain", + "truth-first", + "MCP Gateway", + "Timeline", + "GitHub Primary Readiness", + "active runtime gates", + "Workflow / secret", + "secret value", + "pending dispatch", + "channel events", + "DB truth", + "dispatch 與", + ]: + assert_text_not_contains( + "web_messages.zh-TW.awooop_work_items_wording", + zh_awooop_work_items_text, + forbidden, + ) + zh_awooop_home_security_text = json.dumps( { "securityMirror": web_messages_zh["awooop"]["home"]["securityMirror"], @@ -5347,6 +5379,12 @@ def validate(root: Path) -> None: assert_text_contains("awooop_work_items_page.security_mirror_item", awooop_work_items_page, "iwooosSecurityMirror") assert_text_contains("awooop_work_items_page.github_primary_item", awooop_work_items_page, "githubPrimaryReadiness") + assert_text_contains("awooop_work_items_page.owner_response_validation_item", awooop_work_items_page, "ownerResponseValidation") + assert_text_contains( + "awooop_work_items_page.telegram_source_traditional_chinese", + awooop_work_items_page, + 'source: "telegram_callback / 真相鏈鏡像"', + ) assert_text_contains( "awooop_work_items_page.security_mirror_source", awooop_work_items_page, @@ -5357,6 +5395,11 @@ def validate(root: Path) -> None: awooop_work_items_page, "source-control-primary-readiness-gate.snapshot.json / iwooos_posture_projection_v1", ) + assert_text_contains( + "awooop_work_items_page.owner_response_validation_source", + awooop_work_items_page, + "source-control-owner-response-validation-rollup.snapshot.json / security_mirror_status_rollup_v1", + ) assert_text_contains("awooop_work_items_page.security_mirror_href", awooop_work_items_page, 'href: "/iwooos"') assert_text_contains("awooop_work_items_page.security_mirror_status", awooop_work_items_page, 'status: "watching"') for key in ["iwooos"]: @@ -5391,6 +5434,16 @@ def validate(root: Path) -> None: list(web_messages_en["awooop"]["workItems"][section].keys()), "githubPrimaryReadiness", ) + assert_contains( + f"web_messages.zh-TW.awooop.workItems.{section}", + list(web_messages_zh["awooop"]["workItems"][section].keys()), + "ownerResponseValidation", + ) + assert_contains( + f"web_messages.en.awooop.workItems.{section}", + list(web_messages_en["awooop"]["workItems"][section].keys()), + "ownerResponseValidation", + ) for key in ["iwooosSecurityMirrorOwner", "iwooosSecurityMirrorBoundary"]: assert_contains( "web_messages.zh-TW.awooop.workItems.evidence", @@ -5408,6 +5461,20 @@ def validate(root: Path) -> None: list(web_messages_zh["awooop"]["workItems"]["evidence"].keys()), key, ) + for key in [ + "ownerResponseValidationChecks", + "ownerResponseValidationBoundary", + ]: + assert_contains( + "web_messages.zh-TW.awooop.workItems.evidence", + list(web_messages_zh["awooop"]["workItems"]["evidence"].keys()), + key, + ) + assert_contains( + "web_messages.en.awooop.workItems.evidence", + list(web_messages_en["awooop"]["workItems"]["evidence"].keys()), + key, + ) assert_contains( "web_messages.en.awooop.workItems.evidence", list(web_messages_en["awooop"]["workItems"]["evidence"].keys()),