feat(iwooos): 新增資安資產控制總帳
Some checks failed
Code Review / ai-code-review (push) Successful in 13s
CD Pipeline / tests (push) Successful in 1m45s
Ansible / Reboot Recovery Contract / validate (push) Has been cancelled
CD Pipeline / post-deploy-checks (push) Has been cancelled
CD Pipeline / build-and-deploy (push) Has been cancelled

This commit is contained in:
Your Name
2026-06-18 13:56:22 +08:00
parent abd3f44744
commit 81a60226bb
9 changed files with 1956 additions and 0 deletions

View File

@@ -0,0 +1,101 @@
# IwoooS 資安資產控制總帳
| 項目 | 內容 |
|------|------|
| 日期 | 2026-06-18 |
| 狀態 | `security_asset_control_ledger_ready_no_runtime_action` |
| 工具 | `scripts/security/security-asset-control-ledger.py` |
| Snapshot | `docs/security/security-asset-control-ledger.snapshot.json` |
| 對應優先序 | P0-A 資產 / 配置總清冊 |
| runtime gate | `0` |
## 1. 目的
此總帳把 IwoooS 既有的資安清冊、snapshot、owner gate、事故後回讀計畫與前台防洩漏 guard彙整成一份可重跑的「資安資產控制總帳」。它回答的是
1. 哪些主機、公開入口、版本來源、workflow、監控、Wazuh、Kali、備份、供應鏈、AI agent 與產品 runtime 已進入資安控管視野。
2. 每一類資產目前缺哪一種 owner packet 與脫敏 evidence refs。
3. 哪些動作仍必須維持 `0 / false`,不能因 UI 可見、snapshot 存在或 CD 成功而自動升級。
本文件不是 live host truth也不是主機修復、掃描、封鎖、reload、restart、secret rotation、workflow dispatch、SOAR action 或 production write 授權。
## 2. 固定摘要
| 指標 | 值 |
|------|----|
| 資安資產群組 | `16` |
| P0 資產群組 | `14` |
| P1 資產群組 | `2` |
| C0 群組 | `14` |
| C1 群組 | `2` |
| evidence refs | `64` |
| 已存在 evidence refs | `64` |
| 缺失 evidence refs | `0` |
| owner 必填欄位 | `24` |
| reviewer checks | `24` |
| outcome lanes | `10` |
| blocked actions | `44` |
| owner packet required | `16` |
| owner response received / accepted | `0 / 0` |
| live evidence accepted | `0` |
| runtime gate / action button | `0 / 0` |
| P0-A repo 總帳完成度 | `100%` |
| IwoooS headline | 仍維持 `64%` |
## 3. 資產群組與優先序
| 優先 | 群組 | 控制範圍 | 下一步 |
|------|------|----------|--------|
| P0 | Nginx / Public Gateway / Route | 公開入口、API、WebSocket、ACME、admin route、Ollama proxy | 補 live conf、rendered diff、`nginx -t`、route smoke、rollback owner |
| P0 | DNS / TLS / Certbot | domain、certificate path、ACME、renewal owner、TLS route | 補憑證覆蓋依據、到期 metadata、renewal owner、ACME route owner |
| P0 | Docker / systemd / Host Service | compose、systemd、repair-bot、port binding、process / persistence baseline | 補 live hash、incident readback、restart window、rollback owner、post-check |
| P0 | SSH / Firewall / WireGuard / NodePort | SSH、known_hosts、sudoers、firewall、WireGuard、NetworkPolicy、NodePort | 補 actor、before / after、impact、operator notification、restoration evidence |
| P0 | K8s / ArgoCD / GitOps | manifests、ArgoCD、RBAC、NetworkPolicy、CronJob、Velero | 補 ArgoCD revision、health / sync、rendered diff、rollback revision、postcheck owner |
| P0 | Gitea Workflow / Runner / Secret Metadata | workflow、runner、deploy key、webhook、secret name parity、redaction guard | 補 runner attestation、secret injection route、log redaction、Gitea run readback |
| P0 | Gitea / GitHub / Source Control | repo visibility、canonical refs、GitHub primary readiness、branch / tag / workflow boundary | 補 owner response不得自動建 repo、改 visibility、sync refs 或切 primary |
| P0 | Wazuh / Endpoint / SIEM | Wazuh manager、agent、FIM、rule / decoder、event ref、active response dry-run 邊界 | 補 Wazuh health refs、agent refs、event refs 與 no-raw-payload attestation |
| P0 | Kali 112 / Assessment Tooling | Kali health、tool version、scope、finding envelope、maintenance window | 補 scope ref、health ref、normalized finding envelopeactive scan 與 `/execute` 另批 |
| P0 | Monitoring / Alerting / Observability | Prometheus、Alertmanager、Telegram route、SigNoz、Sentry、Langfuse、no-false-green | 補 route owner、receiver diff、receipt evidence、noise budget、reload owner |
| P0 | Backup / Restore / DR / Escrow | backup、restic、offsite、escrow、Velero、restore drill、retention | 補 restore drill、offsite ref、escrow non-secret proof、retention runway、DR scorecard |
| P0 | Harbor / Registry / SBOM / Supply Chain | Harbor、registry、image tag、SBOM、Cosign、SLSA、dependency drift、CVE / KEV | 補 SBOM / VEX / provenance intake、image signing、KEV / EPSS / exposure SLA |
| P0 | Public / Admin / API / Frontend Runtime | public URL、CORS、auth boundary、middleware、webhook、frontend env、i18n redaction | 補 route owner、API readback、CORS diff、desktop / mobile smoke、bundle scan |
| P0 | AI Provider / Model Router / Agent Runtime | OpenClaw、Ollama、NemoTron、Hermes、Gemini、MCP / A2A、tool allowlist、cost / privacy | 補 dry-run、benchmark、cost review、privacy review、fallback order、rollback owner |
| P1 | Product Surface / Runtime Route | AWOOOI、AwoooP、IwoooS、VibeWork、agent-bounty-protocol、StockPlatform、Tsenyang、Bitan | 補逐產品 owner、route、admin、API、backup、webhook、rollback 與 validation 指標 |
| P1 | KM / PlayBook / Script / Schedule / Verifier | incident、approval、repair candidate、manual handoff 的自動化資產沉澱 | 補 incident / approval / manual handoff writeback contract |
## 4. Owner Packet 必填欄位
每個資產群組要從候選進到 reviewer review至少必須具備
`asset_group_id``asset_alias``owner_role``owner_team``business_impact``technical_scope``affected_routes_or_services``data_classification``redacted_evidence_refs``source_of_truth_ref``live_state_ref``config_diff_ref``monitoring_signal_ref``wazuh_or_siem_ref``kali_scope_ref``backup_restore_ref``supply_chain_ref``secret_absence_attestation``raw_payload_absence_attestation``maintenance_window``rollback_owner``postcheck_owner``followup_owner``decision_reason`
## 5. 固定停止線
以下項目仍維持 `0 / false`
- owner response received / accepted。
- live evidence accepted。
- runtime gate / action button。
- host write、SSH read、Nginx reload、firewall change、ArgoCD sync、workflow modification。
- secret value collection。
- Wazuh active response。
- Kali active scan / Kali `/execute`
- Telegram send、SOAR action、auto block、production write。
## 6. 驗證指令
```bash
python3 scripts/security/security-asset-control-ledger.py \
--root . \
--generated-at 2026-06-18T13:44:00+08:00 \
--output docs/security/security-asset-control-ledger.snapshot.json
```
## 7. 完成度
| 工作 | 完成度 | 說明 |
|------|--------|------|
| P0-A repo-side 資安資產控制總帳 | `100%` | 16 個群組、64 個 evidence refs 全部對上 |
| owner packet 收件 | `0%` | 尚未收到或接受 owner response |
| live evidence 驗收 | `0%` | 未 SSH、未讀 live host、未呼叫 Wazuh / Kali |
| runtime / response / containment | `0%` | 未開掃描、封鎖、reload、restart、SOAR、auto block |

View File

@@ -0,0 +1,823 @@
{
"asset_groups": [
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/PUBLIC-GATEWAY-PREFLIGHT-INVENTORY.md"
},
{
"exists": true,
"ref": "docs/security/public-gateway-preflight-inventory.snapshot.json"
},
{
"exists": true,
"ref": "docs/security/PUBLIC-GATEWAY-POST-INCIDENT-READBACK-PLAN.md"
},
{
"exists": true,
"ref": "docs/security/public-gateway-post-incident-readback-plan.snapshot.json"
}
],
"evidence_refs": [
"docs/security/PUBLIC-GATEWAY-PREFLIGHT-INVENTORY.md",
"docs/security/public-gateway-preflight-inventory.snapshot.json",
"docs/security/PUBLIC-GATEWAY-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/public-gateway-post-incident-readback-plan.snapshot.json"
],
"group_id": "public_gateway_nginx",
"label": "Nginx / Public Gateway / Route",
"live_evidence_accepted": 0,
"next_owner_action": "補 owner-provided live conf、rendered diff、nginx -t、route smoke、rollback owner。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "公開入口、API、WebSocket、ACME、admin route、Ollama proxy",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/DOMAIN-TLS-CERTBOT-INVENTORY.md"
},
{
"exists": true,
"ref": "docs/security/domain-tls-certbot-inventory.snapshot.json"
},
{
"exists": true,
"ref": "docs/security/DOMAIN-TLS-CERTBOT-OWNER-RESPONSE-ACCEPTANCE.md"
},
{
"exists": true,
"ref": "docs/security/domain-tls-certbot-owner-response-acceptance.snapshot.json"
}
],
"evidence_refs": [
"docs/security/DOMAIN-TLS-CERTBOT-INVENTORY.md",
"docs/security/domain-tls-certbot-inventory.snapshot.json",
"docs/security/DOMAIN-TLS-CERTBOT-OWNER-RESPONSE-ACCEPTANCE.md",
"docs/security/domain-tls-certbot-owner-response-acceptance.snapshot.json"
],
"group_id": "dns_tls_certbot",
"label": "DNS / TLS / Certbot",
"live_evidence_accepted": 0,
"next_owner_action": "補 SAN / wildcard 覆蓋依據、expiry metadata、renewal owner、ACME route owner。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "domain、certificate path、ACME、renewal owner、TLS route",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/HOST-SERVICE-CONFIG-INVENTORY.md"
},
{
"exists": true,
"ref": "docs/security/host-service-config-inventory.snapshot.json"
},
{
"exists": true,
"ref": "docs/security/HOST-SERVICE-POST-INCIDENT-READBACK-PLAN.md"
},
{
"exists": true,
"ref": "docs/security/host-service-post-incident-readback-plan.snapshot.json"
}
],
"evidence_refs": [
"docs/security/HOST-SERVICE-CONFIG-INVENTORY.md",
"docs/security/host-service-config-inventory.snapshot.json",
"docs/security/HOST-SERVICE-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/host-service-post-incident-readback-plan.snapshot.json"
],
"group_id": "host_service_runtime",
"label": "Docker / systemd / Host Service",
"live_evidence_accepted": 0,
"next_owner_action": "補 live hash metadata、incident readback、restart window、rollback owner、post-check。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "Docker Compose、systemd、repair-bot、port binding、process / persistence baseline",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/SSH-NETWORK-ACCESS-INVENTORY.md"
},
{
"exists": true,
"ref": "docs/security/ssh-network-access-inventory.snapshot.json"
},
{
"exists": true,
"ref": "docs/security/SSH-NETWORK-POST-INCIDENT-READBACK-PLAN.md"
},
{
"exists": true,
"ref": "docs/security/ssh-network-post-incident-readback-plan.snapshot.json"
}
],
"evidence_refs": [
"docs/security/SSH-NETWORK-ACCESS-INVENTORY.md",
"docs/security/ssh-network-access-inventory.snapshot.json",
"docs/security/SSH-NETWORK-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/ssh-network-post-incident-readback-plan.snapshot.json"
],
"group_id": "ssh_firewall_network",
"label": "SSH / Firewall / WireGuard / NodePort",
"live_evidence_accepted": 0,
"next_owner_action": "補 actor、before / after state、impact、operator notification、restoration evidence。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "SSH target、known_hosts、sudoers、firewall、WireGuard、NetworkPolicy、NodePort",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/K8S-ARGOCD-MANIFEST-INVENTORY.md"
},
{
"exists": true,
"ref": "docs/security/k8s-argocd-manifest-inventory.snapshot.json"
},
{
"exists": true,
"ref": "docs/security/K8S-ARGOCD-POST-INCIDENT-READBACK-PLAN.md"
},
{
"exists": true,
"ref": "docs/security/k8s-argocd-post-incident-readback-plan.snapshot.json"
}
],
"evidence_refs": [
"docs/security/K8S-ARGOCD-MANIFEST-INVENTORY.md",
"docs/security/k8s-argocd-manifest-inventory.snapshot.json",
"docs/security/K8S-ARGOCD-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/k8s-argocd-post-incident-readback-plan.snapshot.json"
],
"group_id": "k8s_argocd_gitops",
"label": "K8s / ArgoCD / GitOps",
"live_evidence_accepted": 0,
"next_owner_action": "補 ArgoCD revision、health / sync、rendered manifest diff、rollback revision、postcheck owner。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "K8s manifests、ArgoCD app、RBAC、NetworkPolicy、CronJob、Velero",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-INVENTORY.md"
},
{
"exists": true,
"ref": "docs/security/source-control-workflow-secret-name-inventory.snapshot.json"
},
{
"exists": true,
"ref": "docs/security/CD-RUNNER-SECRET-INJECTION-POST-INCIDENT-READBACK-PLAN.md"
},
{
"exists": true,
"ref": "docs/security/cd-runner-secret-injection-post-incident-readback-plan.snapshot.json"
}
],
"evidence_refs": [
"docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-INVENTORY.md",
"docs/security/source-control-workflow-secret-name-inventory.snapshot.json",
"docs/security/CD-RUNNER-SECRET-INJECTION-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/cd-runner-secret-injection-post-incident-readback-plan.snapshot.json"
],
"group_id": "workflow_runner_secret",
"label": "Gitea Workflow / Runner / Secret Metadata",
"live_evidence_accepted": 0,
"next_owner_action": "補 runner attestation、workspace cleanup、secret injection route、log redaction、Gitea run readback。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "workflow、runner label、deploy key、webhook、secret name parity、redaction guard",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/GITEA-GITHUB-MIGRATION-INVENTORY.md"
},
{
"exists": true,
"ref": "docs/security/SOURCE-CONTROL-PRIMARY-READINESS-GATE.md"
},
{
"exists": true,
"ref": "docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md"
},
{
"exists": true,
"ref": "docs/security/source-control-primary-readiness-gate.snapshot.json"
}
],
"evidence_refs": [
"docs/security/GITEA-GITHUB-MIGRATION-INVENTORY.md",
"docs/security/SOURCE-CONTROL-PRIMARY-READINESS-GATE.md",
"docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md",
"docs/security/source-control-primary-readiness-gate.snapshot.json"
],
"group_id": "source_control_repo_visibility",
"label": "Gitea / GitHub / Source Control",
"live_evidence_accepted": 0,
"next_owner_action": "補 owner response不得建立 repo、改 visibility、sync refs 或切 primary。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "repo visibility、canonical refs、GitHub primary readiness、branch / tag / workflow boundary",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/WAZUH-IWOOOS-INTRUSION-READBACK-PLAN.md"
},
{
"exists": true,
"ref": "docs/security/wazuh-iwooos-intrusion-readback-plan.snapshot.json"
},
{
"exists": true,
"ref": "docs/security/SOC-SIEM-KALI-WAZUH-INTEGRATION-CONTROL.md"
},
{
"exists": true,
"ref": "docs/security/soc-siem-kali-wazuh-integration-control.snapshot.json"
}
],
"evidence_refs": [
"docs/security/WAZUH-IWOOOS-INTRUSION-READBACK-PLAN.md",
"docs/security/wazuh-iwooos-intrusion-readback-plan.snapshot.json",
"docs/security/SOC-SIEM-KALI-WAZUH-INTEGRATION-CONTROL.md",
"docs/security/soc-siem-kali-wazuh-integration-control.snapshot.json"
],
"group_id": "wazuh_endpoint_siem",
"label": "Wazuh / Endpoint / SIEM",
"live_evidence_accepted": 0,
"next_owner_action": "補 Wazuh health refs、agent refs、event refs、rule / decoder readback 與 no-raw-payload attestation。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "Wazuh manager、agent、FIM、rule / decoder、event ref、active response dry-run boundary",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/KALI-INTEGRATION-STATUS.md"
},
{
"exists": true,
"ref": "docs/security/kali-integration-status.snapshot.json"
},
{
"exists": true,
"ref": "docs/security/KALI-112-MAINTENANCE-WINDOW-DRAFT.md"
},
{
"exists": true,
"ref": "docs/security/kali-112-maintenance-window-draft.snapshot.json"
}
],
"evidence_refs": [
"docs/security/KALI-INTEGRATION-STATUS.md",
"docs/security/kali-integration-status.snapshot.json",
"docs/security/KALI-112-MAINTENANCE-WINDOW-DRAFT.md",
"docs/security/kali-112-maintenance-window-draft.snapshot.json"
],
"group_id": "kali_112_assessment",
"label": "Kali 112 / Assessment Tooling",
"live_evidence_accepted": 0,
"next_owner_action": "補 scope ref、health ref、normalized finding envelopeactive scan 與 /execute 仍獨立批准。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "Kali health、tool version、scope、finding envelope、maintenance window",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/MONITORING-ALERTING-OBSERVABILITY-INVENTORY.md"
},
{
"exists": true,
"ref": "docs/security/monitoring-alerting-observability-inventory.snapshot.json"
},
{
"exists": true,
"ref": "docs/security/MONITORING-POST-INCIDENT-READBACK-PLAN.md"
},
{
"exists": true,
"ref": "docs/security/monitoring-post-incident-readback-plan.snapshot.json"
}
],
"evidence_refs": [
"docs/security/MONITORING-ALERTING-OBSERVABILITY-INVENTORY.md",
"docs/security/monitoring-alerting-observability-inventory.snapshot.json",
"docs/security/MONITORING-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/monitoring-post-incident-readback-plan.snapshot.json"
],
"group_id": "monitoring_alerting_observability",
"label": "Monitoring / Alerting / Observability",
"live_evidence_accepted": 0,
"next_owner_action": "補 route owner、receiver diff、receipt evidence、noise budget、reload owner 與 no-false-green。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "Prometheus、Alertmanager、Telegram route、SigNoz、Sentry、Langfuse、no-false-green",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/BACKUP-RESTORE-ESCROW-INVENTORY.md"
},
{
"exists": true,
"ref": "docs/security/backup-restore-escrow-inventory.snapshot.json"
},
{
"exists": true,
"ref": "docs/security/BACKUP-RESTORE-POST-INCIDENT-READBACK-PLAN.md"
},
{
"exists": true,
"ref": "docs/security/backup-restore-post-incident-readback-plan.snapshot.json"
}
],
"evidence_refs": [
"docs/security/BACKUP-RESTORE-ESCROW-INVENTORY.md",
"docs/security/backup-restore-escrow-inventory.snapshot.json",
"docs/security/BACKUP-RESTORE-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/backup-restore-post-incident-readback-plan.snapshot.json"
],
"group_id": "backup_restore_dr",
"label": "Backup / Restore / DR / Escrow",
"live_evidence_accepted": 0,
"next_owner_action": "補 restore drill、offsite sync ref、escrow non-secret proof、retention runway、DR scorecard。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "backup scripts、restic、offsite、credential escrow、Velero、restore drill、retention",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md"
},
{
"exists": true,
"ref": "docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md"
},
{
"exists": true,
"ref": "docs/security/security-supply-chain-contract-manifest.snapshot.json"
},
{
"exists": true,
"ref": "docs/evaluations/dependency_supply_chain_drift_monitor_2026-06-18.json"
}
],
"evidence_refs": [
"docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md",
"docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md",
"docs/security/security-supply-chain-contract-manifest.snapshot.json",
"docs/evaluations/dependency_supply_chain_drift_monitor_2026-06-18.json"
],
"group_id": "container_registry_supply_chain",
"label": "Harbor / Registry / SBOM / Supply Chain",
"live_evidence_accepted": 0,
"next_owner_action": "補 SBOM / VEX / provenance intake、image signing、KEV / EPSS / exposure SLA。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "Harbor、registry、image tag、SBOM、Cosign、SLSA、dependency drift、CVE / KEV",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/PUBLIC-RUNTIME-CONFIG-CHANGE-EVIDENCE-ACCEPTANCE.md"
},
{
"exists": true,
"ref": "docs/security/public-runtime-config-change-evidence-acceptance.snapshot.json"
},
{
"exists": true,
"ref": "docs/security/public-frontend-sensitive-surface-guard.snapshot.json"
},
{
"exists": true,
"ref": "docs/HARD_RULES.md"
}
],
"evidence_refs": [
"docs/security/PUBLIC-RUNTIME-CONFIG-CHANGE-EVIDENCE-ACCEPTANCE.md",
"docs/security/public-runtime-config-change-evidence-acceptance.snapshot.json",
"docs/security/public-frontend-sensitive-surface-guard.snapshot.json",
"docs/HARD_RULES.md"
],
"group_id": "public_admin_api_runtime",
"label": "Public / Admin / API / Frontend Runtime",
"live_evidence_accepted": 0,
"next_owner_action": "補 route owner、API contract readback、CORS diff、desktop / mobile smoke、bundle sensitive scan。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "public URL、CORS、auth boundary、middleware、webhook、frontend env、i18n redaction",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/AI-PROVIDER-OWNER-RESPONSE-ACCEPTANCE.md"
},
{
"exists": true,
"ref": "docs/security/ai-provider-owner-response-acceptance.snapshot.json"
},
{
"exists": true,
"ref": "docs/ai"
},
{
"exists": true,
"ref": "docs/superpowers/specs/2026-04-15-MASTER-ai-autonomous-flywheel-v2.md"
}
],
"evidence_refs": [
"docs/security/AI-PROVIDER-OWNER-RESPONSE-ACCEPTANCE.md",
"docs/security/ai-provider-owner-response-acceptance.snapshot.json",
"docs/ai",
"docs/superpowers/specs/2026-04-15-MASTER-ai-autonomous-flywheel-v2.md"
],
"group_id": "ai_provider_agent_runtime",
"label": "AI Provider / Model Router / Agent Runtime",
"live_evidence_accepted": 0,
"next_owner_action": "補 dry-run、benchmark、cost review、privacy review、fallback order 與 rollback owner。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "OpenClaw、Ollama、NemoTron、Hermes、Gemini、MCP / A2A、tool allowlist、cost / privacy",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md"
},
{
"exists": true,
"ref": "docs/security/VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md"
},
{
"exists": true,
"ref": "docs/security/AGENT-BOUNTY-IWOOOS-ONBOARDING-HANDOFF.md"
},
{
"exists": true,
"ref": "docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json"
}
],
"evidence_refs": [
"docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md",
"docs/security/VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md",
"docs/security/AGENT-BOUNTY-IWOOOS-ONBOARDING-HANDOFF.md",
"docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json"
],
"group_id": "product_surface_runtime_routes",
"label": "Product Surface / Runtime Route",
"live_evidence_accepted": 0,
"next_owner_action": "補逐產品 owner、route、admin、API、backup、webhook、rollback 與 validation 指標。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P1",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "AWOOOI、AwoooP、IwoooS、VibeWork、agent-bounty-protocol、StockPlatform、Tsenyang、Bitan",
"secret_value_collection_allowed": false,
"tier": "C1"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/LOGBOOK.md"
},
{
"exists": true,
"ref": "apps/api/src/services/repair_candidate_service.py"
},
{
"exists": true,
"ref": "apps/api/src/services/telegram_gateway.py"
},
{
"exists": true,
"ref": "apps/web/src/app/[locale]/awooop/work-items/page.tsx"
}
],
"evidence_refs": [
"docs/LOGBOOK.md",
"apps/api/src/services/repair_candidate_service.py",
"apps/api/src/services/telegram_gateway.py",
"apps/web/src/app/[locale]/awooop/work-items/page.tsx"
],
"group_id": "automation_asset_sedimentation",
"label": "KM / PlayBook / Script / Schedule / Verifier",
"live_evidence_accepted": 0,
"next_owner_action": "補 incident / approval / manual handoff writeback contract讓資產總帳從可視化進入可追蹤閉環。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P1",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "incident、approval、repair candidate、manual handoff 的自動化資產沉澱",
"secret_value_collection_allowed": false,
"tier": "C1"
}
],
"blocked_actions": [
"ssh_to_host",
"read_live_host_log",
"write_host_file",
"nginx_reload",
"certbot_renew",
"dns_change",
"firewall_change",
"wireguard_change",
"nodeport_change",
"networkpolicy_apply",
"kubectl_action",
"argocd_sync",
"helm_upgrade",
"docker_restart",
"docker_compose_up",
"systemctl_restart",
"repair_bot_execute",
"ansible_apply",
"wazuh_active_response",
"wazuh_rule_change",
"kali_active_scan",
"kali_execute",
"nmap_scan",
"nuclei_scan",
"trivy_live_scan",
"package_upgrade",
"workflow_modify",
"workflow_dispatch",
"runner_restart",
"secret_read",
"secret_rotate",
"webhook_modify",
"deploy_key_modify",
"refs_sync",
"force_push",
"github_primary_switch",
"backup_run",
"restore_run",
"offsite_sync",
"remote_delete",
"telegram_send",
"soar_case_create",
"auto_block",
"production_write"
],
"execution_boundaries": {
"action_buttons_allowed": false,
"argocd_sync_authorized": false,
"auto_block_authorized": false,
"firewall_change_authorized": false,
"host_write_authorized": false,
"kali_active_scan_authorized": false,
"kali_execute_authorized": false,
"nginx_reload_authorized": false,
"not_authorization": true,
"production_write_authorized": false,
"runtime_execution_authorized": false,
"secret_value_collection_allowed": false,
"soar_action_authorized": false,
"ssh_read_authorized": false,
"telegram_send_authorized": false,
"wazuh_active_response_authorized": false,
"workflow_modification_authorized": false
},
"generated_at": "2026-06-18T13:44:00+08:00",
"git_commit": "c7597df2",
"outcome_lanes": [
"waiting_asset_owner_packet",
"request_gateway_supplement",
"request_host_service_supplement",
"request_network_supplement",
"request_wazuh_kali_supplement",
"request_backup_restore_supplement",
"request_supply_chain_supplement",
"request_product_surface_supplement",
"quarantine_secret_or_raw_payload",
"ready_for_security_reviewer_review"
],
"required_owner_fields": [
"asset_group_id",
"asset_alias",
"owner_role",
"owner_team",
"business_impact",
"technical_scope",
"affected_routes_or_services",
"data_classification",
"redacted_evidence_refs",
"source_of_truth_ref",
"live_state_ref",
"config_diff_ref",
"monitoring_signal_ref",
"wazuh_or_siem_ref",
"kali_scope_ref",
"backup_restore_ref",
"supply_chain_ref",
"secret_absence_attestation",
"raw_payload_absence_attestation",
"maintenance_window",
"rollback_owner",
"postcheck_owner",
"followup_owner",
"decision_reason"
],
"reviewer_checks": [
"asset alias 不得暴露個人 namespace",
"owner role / team 必填",
"source-of-truth 必須可追溯",
"live evidence 只能收脫敏 ref",
"secret value / hash / partial token 一律拒收",
"raw Wazuh / raw Kali output 一律拒收",
"Nginx / firewall / K8s / workflow 變更需獨立 runtime approval",
"route 200 不得當資安完成",
"dashboard 可見不得當 remediation 完成",
"backup 存在不得當 restore drill 完成",
"Kali 納入範圍不得當 active scan 授權",
"Wazuh event 可見不得當 active response 授權",
"repo snapshot 不得當 live host truth",
"事故後回讀需含 actor、before / after、impact、postcheck",
"no-false-green 必須明確標示",
"owner response received / accepted 必須維持 0除非有實際收件",
"runtime gate 必須維持 0",
"action button 必須維持 0",
"Gitea / GitHub refs 不得自動同步",
"GitHub primary 不得自動切換",
"Telegram 不得實發",
"SOAR 不得 auto block",
"AI agent 不得讀 secret 或 host write",
"LOGBOOK 不得包含內部對話逐字稿"
],
"schema_version": "security_asset_control_ledger_v1",
"status": "security_asset_control_ledger_ready_no_runtime_action",
"summary": {
"action_button_count": 0,
"active_scan_authorized_count": 0,
"asset_group_count": 16,
"auto_block_authorized_count": 0,
"blocked_action_count": 44,
"c0_asset_group_count": 14,
"c1_asset_group_count": 2,
"evidence_ref_count": 64,
"existing_evidence_ref_count": 64,
"host_write_authorized_count": 0,
"iwooos_headline_progress_percent": 64,
"kali_execute_authorized_count": 0,
"live_evidence_accepted_count": 0,
"missing_evidence_ref_count": 0,
"outcome_lane_count": 10,
"owner_packet_required_count": 16,
"owner_response_accepted_count": 0,
"owner_response_received_count": 0,
"p0_asset_group_count": 14,
"p1_asset_group_count": 2,
"raw_payload_stored_count": 0,
"required_owner_field_count": 24,
"reviewer_check_count": 24,
"runtime_gate_count": 0,
"secret_value_collected_count": 0,
"security_asset_control_ledger_completion_percent": 100,
"soar_action_authorized_count": 0,
"wazuh_active_response_authorized_count": 0
}
}