From 866811bbb347725151ff92061931794d71ebdcce Mon Sep 17 00:00:00 2001 From: ogt Date: Fri, 10 Jul 2026 20:21:48 +0800 Subject: [PATCH] fix(iwooos): surface security queue verifier gaps --- apps/web/messages/en.json | 5 +- apps/web/messages/zh-TW.json | 5 +- apps/web/src/app/[locale]/iwooos/page.tsx | 114 +++++++++++++++++----- 3 files changed, 99 insertions(+), 25 deletions(-) diff --git a/apps/web/messages/en.json b/apps/web/messages/en.json index e61697594..7a268368a 100644 --- a/apps/web/messages/en.json +++ b/apps/web/messages/en.json @@ -13982,7 +13982,10 @@ "signals": "signals", "sources": "sources", "p0": "P0 tracks", - "controlled": "controlled" + "controlled": "controlled", + "missing": "missing", + "action": "next", + "verifier": "verifier" }, "guards": { "runtimeActions": "runtime action", diff --git a/apps/web/messages/zh-TW.json b/apps/web/messages/zh-TW.json index 739e3fff7..71cc865ec 100644 --- a/apps/web/messages/zh-TW.json +++ b/apps/web/messages/zh-TW.json @@ -13982,7 +13982,10 @@ "signals": "signals", "sources": "sources", "p0": "P0 軌", - "controlled": "controlled" + "controlled": "controlled", + "missing": "缺口", + "action": "下一步", + "verifier": "驗證器" }, "guards": { "runtimeActions": "runtime action", diff --git a/apps/web/src/app/[locale]/iwooos/page.tsx b/apps/web/src/app/[locale]/iwooos/page.tsx index f63ca4465..00e11a4fb 100644 --- a/apps/web/src/app/[locale]/iwooos/page.tsx +++ b/apps/web/src/app/[locale]/iwooos/page.tsx @@ -773,7 +773,11 @@ const SECURITY_TOOL_CLOSURE_BOOTSTRAP_QUEUE: IwoooSSecurityToolClosureQueueEntry track_id: 'wazuh_detection_response', state: 'wazuh_source_verifier_ready_runtime_closure_open', next_action: 'attach_live_event_case_controlled_response_and_post_verifier', + next_executable_action: 'attach_live_wazuh_event_forensics_incident_case_controlled_response_and_independent_post_verifier_receipts', ready_signal_count: 6, + required_signal_count: 6, + missing_signal_count: 0, + required_verifier: 'wazuh_registry_fim_vulnerability_alert_receipt_post_verifier', controlled_apply_policy_allowed: true, }, { @@ -781,6 +785,11 @@ const SECURITY_TOOL_CLOSURE_BOOTSTRAP_QUEUE: IwoooSSecurityToolClosureQueueEntry track_id: 'supply_chain_sbom_scan', state: 'sbom_and_scan_artifacts_missing', next_action: 'stage_trivy_syft_grype_check_mode_reports', + next_executable_action: 'stage_trivy_syft_grype_check_mode_reports', + ready_signal_count: 0, + required_signal_count: 5, + missing_signal_count: 5, + required_verifier: 'sbom_vulnerability_artifact_post_verifier', controlled_apply_policy_allowed: true, }, { @@ -788,7 +797,11 @@ const SECURITY_TOOL_CLOSURE_BOOTSTRAP_QUEUE: IwoooSSecurityToolClosureQueueEntry track_id: 'ai_agent_controlled_apply', state: 'preflight_ready_for_controlled_policy_check', next_action: 'connect_target_selector_diff_check_mode_rollback_post_verifier_km', + next_executable_action: 'connect_target_selector_diff_check_mode_rollback_post_verifier_km', ready_signal_count: 2, + required_signal_count: 9, + missing_signal_count: 7, + required_verifier: 'ai_controlled_apply_same_run_post_verifier_km_writeback', controlled_apply_policy_allowed: true, }, ] @@ -16550,6 +16563,40 @@ function publicSecurityToolClosureMarker(marker: string) { .replace(/token/g, 'approval_id') } +const SECURITY_TOOL_CLOSURE_ACTION_LABELS: Record = { + attach_live_event_case_controlled_response_and_post_verifier: 'Wazuh live event -> case -> response verifier', + attach_live_wazuh_event_forensics_incident_case_controlled_response_and_independent_post_verifier_receipts: + 'Wazuh live event -> case -> response verifier', + stage_trivy_syft_grype_check_mode_reports: 'Trivy/Syft/Grype check-mode evidence', + connect_target_selector_diff_check_mode_rollback_post_verifier_km: + 'Target selector -> check-mode -> rollback verifier -> KM', + run_allowlisted_check_mode_with_rollback_post_verifier_and_km_writeback: + 'Check-mode -> rollback verifier -> KM writeback', + wazuh_registry_fim_vulnerability_alert_receipt_post_verifier: + 'Wazuh/FIM alert receipt verifier', + sbom_vulnerability_artifact_post_verifier: 'SBOM vulnerability verifier', + ai_controlled_apply_same_run_post_verifier_km_writeback: + 'Same-run AI controlled apply verifier', + ai_controlled_apply_post_verifier_and_learning_writeback: + 'AI apply post-verifier + learning writeback', +} + +function publicSecurityToolClosureAction(action: string | undefined) { + if (!action) return '--' + return ( + SECURITY_TOOL_CLOSURE_ACTION_LABELS[action] ?? + action + .replace(/_/g, ' ') + .replace(/\bkm\b/gi, 'KM') + .replace(/\bsbom\b/gi, 'SBOM') + .replace(/\bwazuh\b/gi, 'Wazuh') + .replace(/\bfim\b/gi, 'FIM') + .replace(/\bai\b/gi, 'AI') + .replace(/\bmcp\b/gi, 'MCP') + .replace(/\brag\b/gi, 'RAG') + ) +} + function IwoooSSecurityToolClosureBoard() { const t = useTranslations('iwooos.securityToolClosure') const textWrap = { overflowWrap: 'anywhere' as const, wordBreak: 'break-word' as const } @@ -16762,7 +16809,7 @@ function IwoooSSecurityToolClosureBoard() {
- {primaryQueue.ready_signal_count ?? 0}/6 + {primaryQueue.ready_signal_count ?? 0}/{primaryQueue.required_signal_count ?? 0} {t('compact.controlled')} @@ -16892,29 +16939,50 @@ function IwoooSSecurityToolClosureBoard() { {t('detailsTitle')}
- {queue.map(item => ( -
-
- {item.queue_id} - + {queue.map(item => { + const ready = item.ready_signal_count ?? 0 + const required = item.required_signal_count ?? 0 + const missing = item.missing_signal_count ?? Math.max(required - ready, 0) + const nextAction = publicSecurityToolClosureAction(item.next_executable_action ?? item.next_action) + const verifier = publicSecurityToolClosureAction(item.required_verifier) + + return ( +
+
+ {item.queue_id} + +
+
+ {t(`queue.${item.queue_id}.title` as never)} +
+
+ + {t('compact.signals')}: {ready}/{required} + + 0 ? '#9a5d1d' : '#315f43', padding: '5px 7px', fontSize: 10, fontWeight: 900, ...textWrap }}> + {t('compact.missing')}: {missing} + +
+
+ {t('compact.action')}: {nextAction} +
+
+ {t('compact.verifier')}: {verifier} +
-
- {t(`queue.${item.queue_id}.title` as never)} -
-
- {t(`queue.${item.queue_id}.next` as never)} -
-
- ))} + ) + })}
{boundaryMarkers.slice(0, 10).map(marker => (