fix(iwooos): 脫敏 tenants public identity
This commit is contained in:
@@ -54,6 +54,12 @@
|
||||
|
||||
固定數字為 `acceptance_candidate_count=4`、`c0_acceptance_candidate_count=4`、`acceptance_field_count=23`、`required_owner_response_field_count=13`、`reviewer_check_count=13`、`outcome_lane_count=7`、`blocked_action_count=20`、`owner_response_received_count=0`、`owner_response_accepted_count=0`、`certificate_coverage_confirmed_count=0`、`dns_query_authorized_count=0`、`live_tls_probe_authorized_count=0`、`certbot_renew_authorized_count=0`、`nginx_reload_authorized_count=0`、`route_smoke_authorized_count=0`、`runtime_gate_count=0`。此更新讓 `dns_tls_certbot` 從 `74%` 推進到 `78%`,代表未來 owner 回覆可被補件、隔離、拒收或送 reviewer review;它不代表 DNS query、TLS probe、certbot renew、Nginx reload、route smoke、host write 或 runtime gate 已授權。
|
||||
|
||||
## 1.6 2026-06-14 Docker / systemd / host service owner response acceptance 只讀帳本
|
||||
|
||||
已新增 `docs/security/HOST-SERVICE-OWNER-RESPONSE-ACCEPTANCE.md` 與 `docs/security/host-service-owner-response-acceptance.snapshot.json`,將 9 份 Docker / systemd / host service owner request draft 轉成 metadata-only owner response acceptance 只讀帳本。
|
||||
|
||||
固定數字為 `acceptance_candidate_count=9`、`write_capable_acceptance_candidate_count=3`、`live_evidence_required_candidate_count=8`、`acceptance_field_count=28`、`required_owner_field_count=12`、`reviewer_check_count=14`、`outcome_lane_count=7`、`blocked_action_count=20`、`owner_response_received_count=0`、`owner_response_accepted_count=0`、`live_host_read_authorized_count=0`、`docker_compose_action_authorized_count=0`、`systemctl_action_authorized_count=0`、`repair_bot_execution_authorized_count=0`、`ansible_apply_authorized_count=0`、`runtime_gate_count=0`。此更新讓 `docker_compose_systemd_host_config` 從 `50%` 推進到 `54%`,也讓高價值配置平均只讀成熟度從 `67%` 推進到 `68%`;它不代表 live host read、restart、repair-bot、Ansible、sudo、host write 或 runtime gate 已授權。
|
||||
|
||||
## 2. 覆蓋摘要
|
||||
|
||||
| 指標 | 目前值 | 說明 |
|
||||
@@ -63,8 +69,8 @@
|
||||
| C1 類別 | `4` | 監控、Docker / systemd、SSH / network、AI provider |
|
||||
| C2 類別 | `1` | 產品 runtime route 與跨產品邊界 |
|
||||
| C3 類別 | `1` | security evidence / snapshot / guard tooling |
|
||||
| 平均只讀控管成熟度 | `67%` | 僅代表框架 / evidence / owner packet / acceptance ledger 準備度,不代表 runtime 可執行 |
|
||||
| 需要 live evidence 的類別 | `7` | 只能等 owner-provided redacted evidence 或維護窗口,不主動修改主機 |
|
||||
| 平均只讀控管成熟度 | `68%` | 僅代表框架 / evidence / owner packet / acceptance ledger 準備度,不代表 runtime 可執行 |
|
||||
| 需要 live evidence 的類別 | `6` | 只能等 owner-provided redacted evidence 或維護窗口,不主動修改主機 |
|
||||
| owner response required | `14` | 每類都需要 owner response 才能往 accepted 前進 |
|
||||
| owner response received / accepted | `0 / 0` | 不得假性提高 |
|
||||
| runtime gate | `0` | 不得產生執行按鈕 |
|
||||
@@ -73,7 +79,7 @@
|
||||
|
||||
| 優先 | 類別 | 目前成熟度 | 下一步 |
|
||||
|------|------|------------|--------|
|
||||
| P1-1 | Docker Compose / systemd / host service config | `50%` | repo-only 清冊已納入 9 個 surface,owner request draft 已轉成 9 份草稿;仍缺 owner response、110 / 188 live hash、restart window、rollback owner 與 post-check 指標 |
|
||||
| P1-1 | Docker Compose / systemd / host service config | `54%` | repo-only 清冊已納入 9 個 surface,owner request draft 與 owner response acceptance ledger 已完成;仍缺 owner response、110 / 188 live hash、maintenance / restart window、rollback owner、post-check plan、disable switch 與 no-secret-value evidence |
|
||||
| P1-2 | SSH / sudoers / known_hosts / firewall / WireGuard / NodePort | `58%` | repo-only 清冊已納入 16 個 SSH / network access surface,owner request draft 與 owner response acceptance ledger 已完成;仍缺 owner response、live access state、allowed source CIDR、host key pinning、port impact、firewall owner、maintenance window、rollback owner 與 validation plan |
|
||||
| P1-3 | Backup / restore / escrow / retention | `62%` | repo-only 清冊已納入 38 個 surface,owner request draft 與 owner response acceptance ledger 已完成;仍缺 owner response、restore drill approval package、offsite / escrow owner、retention owner、rollback owner、validation plan 與 no-secret-value evidence |
|
||||
| P1-4 | Prometheus / Alertmanager / Grafana / SigNoz / Sentry / Langfuse | `62%` | repo-only 清冊已納入 60 個 monitoring / alerting / observability surface,owner request draft 已轉成 60 份草稿;仍缺 owner response、live drift evidence、reload owner、receiver owner、route smoke 與 receipt proof |
|
||||
@@ -168,6 +174,7 @@ python3 scripts/security/high-value-config-control-coverage.py \
|
||||
| 全高價值配置類別註冊 | `100%` | 14 類全部來自既有 Gate 定義 |
|
||||
| 覆蓋 snapshot / schema | `100%` | 已新增可重跑 snapshot 與 JSON schema |
|
||||
| DNS / TLS / certbot owner response acceptance | `100%` | 已新增 `domain_tls_certbot_owner_response_acceptance_v1`,4 個 C0 candidate、13 個 owner 必填欄位、13 個 reviewer checks、7 條 outcome lanes、20 類 blocked action;成熟度 `74% -> 78%` |
|
||||
| Docker / systemd / host service owner response acceptance | `100%` | 已新增 `host_service_owner_response_acceptance_v1`,9 個 candidate、3 個 write-capable、14 個 reviewer checks、7 條 outcome lanes、20 類 blocked action;成熟度 `50% -> 54%` |
|
||||
| owner response 收件 | `0%` | 尚未收到或接受任何 owner response |
|
||||
| live evidence collection | `0%` | 未 SSH、未 live probe、未 active scan |
|
||||
| runtime gate | `0%` | 未開啟任何執行期閘門 |
|
||||
@@ -178,6 +185,8 @@ python3 scripts/security/high-value-config-control-coverage.py \
|
||||
|
||||
2026-06-14 再新增 `host_service_owner_request_draft_v1`,把 9 個 surface 轉成 `request_draft_count=9`、`write_capable_request_draft_count=3`、`live_evidence_required_request_count=8`、`required_owner_field_count=12`、`blocked_action_count=14` 的人工送件前草稿。此更新仍不調高類別成熟度,因為 request sent、owner response received / accepted、live evidence、restart window、rollback owner、runtime gate 與 action button 仍全部為 `0`。
|
||||
|
||||
2026-06-14 再新增 `host_service_owner_response_acceptance_v1`,把 9 份 request draft 轉成 `acceptance_candidate_count=9`、`write_capable_acceptance_candidate_count=3`、`live_evidence_required_candidate_count=8`、`required_owner_field_count=12`、`reviewer_check_count=14`、`outcome_lane_count=7`、`blocked_action_count=20` 的 owner response acceptance 只讀帳本。此更新讓 `docker_compose_systemd_host_config` 從 `50%` 推進到 `54%`,但 owner response received / accepted、live hash、maintenance / restart window、rollback owner、post-check plan、disable switch、live host read、SSH、Docker Compose、systemctl、repair-bot、Ansible、sudo、host write、runtime gate 與 action button 仍全部為 `0`。
|
||||
|
||||
## 9. P1-2 SSH / network access 清冊更新
|
||||
|
||||
`ssh_network_access_inventory_v1` 已把 SSH target、known_hosts workflow、CI deploy SSH、monitoring SSH、backup SSH capture、sudoers wrapper、NetworkPolicy、NodePort、WireGuard runbook 與 alert SSH action catalog 納入 repo-only 清冊,共 `16` 個 surface、`6` 個 write-capable surface、`2` 個 NetworkPolicy、`2` 個 NodePort、`1` 個 sudoers surface 與 `1` 個 WireGuard surface。此更新只讓 `ssh_firewall_network_access` 從 `48%` 推進到 `54%`;owner response、live evidence、maintenance window、rollback owner、runtime gate 與 action button 仍全部為 `0`。
|
||||
|
||||
@@ -19,6 +19,10 @@
|
||||
|
||||
此 artifact 只表示 owner request 的 required shape,不代表 request sent、recipient confirmed、owner response received / accepted、live host read、Docker Compose action、systemctl action、repair-bot execution、Ansible apply、secret collection、host write、production write 或 runtime gate。
|
||||
|
||||
2026-06-14 再新增 `docs/security/HOST-SERVICE-OWNER-RESPONSE-ACCEPTANCE.md` 與 `docs/security/host-service-owner-response-acceptance.snapshot.json`,將 9 份 request draft 轉成 owner response acceptance 只讀帳本。固定 `acceptance_candidate_count=9`、`write_capable_acceptance_candidate_count=3`、`live_evidence_required_candidate_count=8`、`required_owner_field_count=12`、`reviewer_check_count=14`、`outcome_lane_count=7`、`blocked_action_count=20`、`owner_response_received_count=0`、`owner_response_accepted_count=0`、`runtime_gate_count=0`。
|
||||
|
||||
此 artifact 只表示未來 owner 回覆可被收件、補件、隔離、拒收或進 reviewer review,不代表 live host read、SSH、Docker Compose、systemctl、repair-bot、Ansible、sudo、host write、production write 或 runtime gate。
|
||||
|
||||
## 2. 覆蓋摘要
|
||||
|
||||
| 指標 | 目前值 | 說明 |
|
||||
@@ -107,3 +111,4 @@ python3 scripts/security/host-service-config-inventory.py \
|
||||
| live evidence collection | `0%` | 未 SSH、未讀 live host、未 active scan |
|
||||
| restart / apply gate | `0%` | 未開啟 docker compose / systemctl / Ansible / repair-bot 操作 |
|
||||
| owner request draft | `100%` | 已新增 9 份 request draft、snapshot、文件與 guard;request sent / received / accepted 仍為 0 |
|
||||
| owner response acceptance | `100%` | 已新增 9 份 acceptance candidate、snapshot、文件與 guard;owner response received / accepted、live host read、restart / apply gate 仍為 0 |
|
||||
|
||||
@@ -15,6 +15,8 @@
|
||||
|
||||
這不是主機真相、不是 live hash 收件、不是 restart window 已接受,也不是 `docker compose`、`systemctl`、repair-bot、Ansible 或 SSH 授權。
|
||||
|
||||
2026-06-14 已新增 `docs/security/HOST-SERVICE-OWNER-RESPONSE-ACCEPTANCE.md` 與 `docs/security/host-service-owner-response-acceptance.snapshot.json`,把本文件 9 份 request draft 轉成 owner response acceptance 只讀帳本。固定 `candidates=9`、`write_capable=3`、`live_evidence_required=8`、`reviewer_checks=14`、`outcome_lanes=7`、`blocked_actions=20`,但 owner response received / accepted、live host read、Docker Compose、systemctl、repair-bot、Ansible、sudo、host write 與 runtime gate 仍全部為 `0 / false`。
|
||||
|
||||
## 2. 摘要
|
||||
|
||||
| 指標 | 目前值 | 說明 |
|
||||
@@ -105,3 +107,4 @@ python3 scripts/security/security-mirror-progress-guard.py --root .
|
||||
| live evidence collection | `0%` | 未 SSH、未讀 live host、未 active scan |
|
||||
| restart / apply / repair-bot / Ansible gate | `0%` | 未授權且未執行 |
|
||||
| runtime gate / production write | `0%` | 未授權且未執行 |
|
||||
| owner response acceptance ledger | `100%` | 已新增 acceptance ledger;仍不是 owner response received / accepted 或 runtime approval |
|
||||
|
||||
137
docs/security/HOST-SERVICE-OWNER-RESPONSE-ACCEPTANCE.md
Normal file
137
docs/security/HOST-SERVICE-OWNER-RESPONSE-ACCEPTANCE.md
Normal file
@@ -0,0 +1,137 @@
|
||||
# IwoooS Docker / systemd / 主機服務 Owner Response Acceptance
|
||||
|
||||
| 項目 | 內容 |
|
||||
|------|------|
|
||||
| 日期 | 2026-06-14 |
|
||||
| 狀態 | `owner_response_acceptance_ledger_ready_no_runtime_action` |
|
||||
| 工具 | `scripts/security/host-service-owner-response-acceptance.py` |
|
||||
| 輸入 | `docs/security/host-service-config-inventory.snapshot.json`、`docs/security/host-service-owner-request-draft.snapshot.json` |
|
||||
| Snapshot | `docs/security/host-service-owner-response-acceptance.snapshot.json` |
|
||||
| runtime gate | `0` |
|
||||
|
||||
## 1. 目的
|
||||
|
||||
Docker / systemd / host service config 會直接影響 110 / 188 的 Compose stack、repair-bot、Ansible service role、host config backup 與服務 restart 邊界。既有 repo-only 清冊與 owner request draft 已完成,但若缺少 owner response acceptance 帳本,後續容易把未驗收回覆誤判成 live host read、`docker compose`、`systemctl`、repair-bot、Ansible、sudo 或 host write 授權。
|
||||
|
||||
本文件只定義 owner response 如何收件、補證、隔離、拒收與進 reviewer review。它不是 request sent、不是 owner response received、不是 accepted response、不是 live host read、不是 Docker / systemd 操作,也不是 repair-bot、Ansible、SSH、host write、production write 或 runtime gate 授權。
|
||||
|
||||
## 2. 摘要
|
||||
|
||||
| 指標 | 值 | 說明 |
|
||||
|------|----|------|
|
||||
| acceptance candidate count | `9` | 9 個 host service surface |
|
||||
| write-capable candidate count | `3` | Ansible role、110 repair-bot、188 repair-bot |
|
||||
| live evidence required candidate count | `8` | local dev compose 之外都需 owner-provided live hash / disposition |
|
||||
| acceptance field count | `28` | 每份 candidate 的 metadata-only 欄位 |
|
||||
| required owner field count | `12` | owner / decision / scope / redacted refs / live hash / windows / rollback / post-check / disable switch |
|
||||
| reviewer check count | `14` | owner、scope、redaction、secret、live hash、restart window、rollback、post-check、runtime request 檢查 |
|
||||
| outcome lane count | `7` | waiting、quarantine、reject、supplement、host service review、read-only update、waiting runtime gate |
|
||||
| blocked action count | `20` | SSH、Docker Compose、systemctl、repair-bot、Ansible、sudo、host write、active scan 等 |
|
||||
| owner response received / accepted | `0 / 0` | 尚未收到,尚未驗收 |
|
||||
| live host read / Docker / systemctl / repair-bot / Ansible | `0 / 0 / 0 / 0 / 0` | 尚未批准且未執行 |
|
||||
| runtime gate / action button | `0 / 0` | 未開啟 |
|
||||
|
||||
## 3. 九份驗收候選
|
||||
|
||||
| Acceptance candidate | Host scope | 類型 | 驗收焦點 |
|
||||
|----------------------|------------|------|----------|
|
||||
| `host_service_owner_response_acceptance:local_dev_compose` | `local_dev_only` | Docker Compose | dev-only disposition、不得誤用 production、secret placeholder policy |
|
||||
| `host_service_owner_response_acceptance:monitoring_110_compose` | `192.168.0.110` | Docker Compose | live hash ref、restart window、rollback owner、post-check 指標 |
|
||||
| `host_service_owner_response_acceptance:monitoring_exporters_188_compose` | `192.168.0.188` | Docker Compose | exporter env source、live hash ref、rollback owner |
|
||||
| `host_service_owner_response_acceptance:sentry_110_reference_compose` | `192.168.0.110` | reference compose | actual source-of-truth、official revision、backup path、rollback owner |
|
||||
| `host_service_owner_response_acceptance:langfuse_110_compose` | `192.168.0.110` | Docker Compose | live hash ref、secret placeholder disposition、restart window、rollback owner |
|
||||
| `host_service_owner_response_acceptance:ansible_docker_compose_service_role` | `multi_host` | Ansible executor role | allowed service_dir、check-mode、人工 gate、rollback owner |
|
||||
| `host_service_owner_response_acceptance:repair_bot_110_whitelist` | `192.168.0.110` | repair whitelist | authorized_keys binding、disable switch、audit log、post-check |
|
||||
| `host_service_owner_response_acceptance:repair_bot_188_whitelist` | `192.168.0.188` | repair whitelist | systemd restart approval gate、sudoers boundary、disable switch、route smoke |
|
||||
| `host_service_owner_response_acceptance:config_backup_host_capture` | `110_188_120_121_cluster` | config backup capture | latest backup status、restore drill owner、secret handling proof |
|
||||
|
||||
## 4. Owner response 必填欄位
|
||||
|
||||
| 欄位 | 規則 |
|
||||
|------|------|
|
||||
| `owner_role_or_team` | 只填角色或團隊,不填私人聯絡資料或 credential |
|
||||
| `decision` | 允許 `confirm`、`defer`、`reject`、`request_more_evidence` |
|
||||
| `decision_reason` | 摘要說明,不貼 raw compose、env dump、systemd unit、secret 或 log payload |
|
||||
| `affected_scope` | 明確列出 host scope、service scope、repo source、runtime 影響範圍 |
|
||||
| `redacted_evidence_refs` | 只接受脫敏 ref、ticket id、文件路徑、hash 或摘要 |
|
||||
| `live_config_hash_ref` | 只能是 owner-provided metadata ref,不得貼 raw live config |
|
||||
| `maintenance_window` | 未來 live read、restart、repair-bot 或 Ansible 動作的窗口;本 response 不開執行權 |
|
||||
| `restart_window` | restart / reload window 必須與 action 分離,不得自動執行 |
|
||||
| `rollback_owner` | 未來若進變更的 rollback owner |
|
||||
| `post_check_plan` | 服務健康、route、queue、log、error budget 與 rollback 停止條件 |
|
||||
| `disable_switch` | repair-bot、Ansible role 或 service config 的停用方式 / freeze rule |
|
||||
| `followup_owner` | 後續補證、reviewer 或 runtime gate 負責角色 |
|
||||
|
||||
## 5. Reviewer checks
|
||||
|
||||
| Check | 說明 |
|
||||
|-------|------|
|
||||
| `owner_identity_present` | owner role / team 必須可追溯 |
|
||||
| `decision_reason_present` | decision 與 reason 必須同時存在 |
|
||||
| `affected_scope_matches_surface` | affected scope 必須能對回 committed surface_id |
|
||||
| `redacted_refs_only` | evidence 只能是脫敏 ref、ticket、hash、文件路徑或摘要 |
|
||||
| `secret_value_absent` | 不得出現 token、password、cookie、private key、env dump 或 partial secret |
|
||||
| `live_config_hash_metadata_only` | live config hash 只能是 metadata ref,不得貼 raw live config |
|
||||
| `maintenance_window_present` | 未來 host read、restart、repair-bot 或 Ansible 動作需獨立維護窗口 |
|
||||
| `restart_window_separate_from_action` | restart window 與 docker / systemctl action 必須分離 |
|
||||
| `rollback_owner_present` | rollback owner、rollback ref 或 disable path 必須存在 |
|
||||
| `post_check_plan_present` | post-check 必須列服務健康、route、queue、log 與 rollback 停止條件 |
|
||||
| `disable_switch_present` | repair-bot、Ansible role 或 service config 需有 disable switch 或 freeze rule |
|
||||
| `write_capable_requires_extra_review` | write-capable surface 必須進額外 reviewer review |
|
||||
| `no_runtime_request` | 夾帶 SSH、Docker、systemctl、repair-bot、Ansible、sudo 或 host write 要求時拒收 |
|
||||
| `counts_transition_safe` | 只有 reviewer record 可更新 received / accepted / rejected,且不得開 runtime gate |
|
||||
|
||||
## 6. Outcome lanes
|
||||
|
||||
| Lane | 意義 |
|
||||
|------|------|
|
||||
| `waiting_owner_response` | 尚未收到 owner response |
|
||||
| `quarantine_secret_or_raw_payload` | 收到 secret、env dump、raw compose、raw systemd unit 或未脫敏 host config 時隔離 |
|
||||
| `reject_execution_request` | 夾帶 SSH、Docker、systemctl、repair-bot、Ansible、sudo 或 host write 要求時拒收 |
|
||||
| `request_supplement` | 欄位不足、scope 不清、live hash ref / rollback / post-check 缺失時要求補件 |
|
||||
| `ready_for_host_service_review` | metadata 合格後,只能進 host service reviewer review |
|
||||
| `owner_review_only_update` | 只允許更新只讀 owner review ledger |
|
||||
| `waiting_runtime_gate` | 即使 owner response accepted,runtime gate 仍等待獨立人工批准 |
|
||||
|
||||
## 7. 禁止事項
|
||||
|
||||
1. 不 SSH read / write。
|
||||
2. 不執行 `docker compose up/down/pull`。
|
||||
3. 不執行 `systemctl restart/reload`。
|
||||
4. 不呼叫 repair-bot。
|
||||
5. 不跑 Ansible apply。
|
||||
6. 不做 sudo action、host file write 或 firewall change。
|
||||
7. 不保存 raw live config、env dump、secret value、未脫敏 log 或 shell history。
|
||||
8. 不把 restart window、maintenance window 或 owner response 當成 runtime approval。
|
||||
9. 不開 runtime gate,不建立 action button。
|
||||
|
||||
## 8. 指令
|
||||
|
||||
產生 committed snapshot:
|
||||
|
||||
```bash
|
||||
python3 scripts/security/host-service-owner-response-acceptance.py \
|
||||
--root . \
|
||||
--inventory-report docs/security/host-service-config-inventory.snapshot.json \
|
||||
--owner-request-report docs/security/host-service-owner-request-draft.snapshot.json \
|
||||
--output docs/security/host-service-owner-response-acceptance.snapshot.json \
|
||||
--generated-at 2026-06-14T23:45:00+08:00
|
||||
```
|
||||
|
||||
驗證 guard:
|
||||
|
||||
```bash
|
||||
python3 scripts/security/security-mirror-progress-guard.py --root .
|
||||
```
|
||||
|
||||
## 9. 完成度
|
||||
|
||||
| 工作 | 完成度 | 說明 |
|
||||
|------|--------|------|
|
||||
| owner response acceptance ledger artifact | `100%` | 產生器、snapshot 與文件已固定 |
|
||||
| Docker / systemd / host service 只讀治理成熟度 | `50% -> 54%` | 收件驗收帳本更完整;不代表 live evidence 或 runtime action |
|
||||
| owner response received / accepted | `0%` | 尚未收到,尚未驗收 |
|
||||
| live config hash accepted | `0%` | 尚未收到 owner-provided metadata ref |
|
||||
| live host read / SSH | `0%` | 尚未批准且未執行 |
|
||||
| Docker / systemd / repair-bot / Ansible | `0%` | 尚未批准且未執行 |
|
||||
| runtime gate / host write | `0%` | 未授權且未執行 |
|
||||
@@ -32,8 +32,8 @@
|
||||
| 註冊配置類別 | `14` | 代表已進 Gate 分類,不代表已批准 |
|
||||
| C0 類別 | `8` | Nginx、DNS / TLS、K8s、secret、workflow / runner、runtime config、backup、agent-bounty runtime |
|
||||
| C1 類別 | `4` | 監控、Docker / systemd、SSH / network、AI provider |
|
||||
| 平均只讀控管成熟度 | `67%` | 只代表框架 / evidence / owner packet / acceptance ledger 準備度 |
|
||||
| 需要 live evidence 類別 | `7` | 只能等 owner-provided redacted evidence 或維護窗口,不主動 SSH |
|
||||
| 平均只讀控管成熟度 | `68%` | 只代表框架 / evidence / owner packet / acceptance ledger 準備度 |
|
||||
| 需要 live evidence 類別 | `6` | 只能等 owner-provided redacted evidence 或維護窗口,不主動 SSH |
|
||||
| owner response required | `14` | owner response received / accepted 仍 `0 / 0` |
|
||||
| runtime gate | `0` | 不提供執行按鈕 |
|
||||
|
||||
@@ -89,6 +89,12 @@
|
||||
|
||||
此更新只表示 SAN / wildcard / 共用憑證覆蓋關係、certificate expiry metadata、renewal owner、ACME route owner、maintenance window、rollback owner 與 validation plan 已有收件驗收規則;owner response received / accepted、certificate coverage confirmed、DNS query、TLS probe、certbot renew、Nginx reload、route smoke、DNS record / certificate path / ACME route 變更、host write、runtime gate 仍全部為 `0 / false`。
|
||||
|
||||
### 0.8 2026-06-14 Docker / systemd / host service owner response acceptance 只讀帳本
|
||||
|
||||
`host_service_owner_response_acceptance_v1` 已把 9 份 Docker / systemd / host service owner request draft 轉成 owner response acceptance 只讀帳本。固定 `candidates=9`、`write_capable=3`、`live_evidence_required=8`、`owner_fields=12`、`reviewer_checks=14`、`outcome_lanes=7`、`blocked_actions=20`,讓 Docker / systemd / host service 類別成熟度從 `50%` 推進到 `54%`,高價值配置平均只讀成熟度從 `67%` 推進到 `68%`。
|
||||
|
||||
此更新只表示 live config hash ref、maintenance / restart window、rollback owner、post-check plan、disable switch 與 no-secret-value evidence 已有收件驗收規則;owner response received / accepted、live host read、SSH、Docker Compose、systemctl、repair-bot、Ansible、sudo、host write、runtime gate 仍全部為 `0 / false`。
|
||||
|
||||
## 1. 目前已不符合新要求的項目
|
||||
|
||||
| 優先 | 項目 | 現況 | 風險 | 本階段處置 |
|
||||
@@ -102,7 +108,7 @@
|
||||
| P1 | 高價值配置變更 Gate | 已有 C0-C3 清冊與 Hard Rule,但原本缺少可重跑 path 分類 | reviewer 只能靠人工記憶判斷 Nginx、workflow、secret、K8s、DNS、AI provider 是否需 owner gate | 已新增 `scripts/security/high-value-config-change-gate.py`;本階段只分類,不接 CI blocking |
|
||||
| P0 | DNS / TLS / certbot | 已有 domain / certificate path 清冊、owner confirmation request 與 owner response acceptance 只讀帳本,但仍缺 owner-provided coverage metadata、expiry metadata、renewal owner、ACME route owner、maintenance window 與 rollback owner | 憑證過期、錯誤 cert path、ACME challenge 被覆蓋會造成公開服務中斷 | 維持 C0;下一步只收脫敏 metadata ref,不做 DNS query、TLS probe、certbot renew 或 reload |
|
||||
| P1 | workflow / runner / deploy key / secret name | 已有 Gitea / GitHub readiness 盤點,但尚未把配置變更和 IwoooS 高價值配置共用 gate 合併 | workflow 或 runner 改錯會直接影響部署與 secret 注入 | 納入 C0,維持只讀 owner response,不收 secret value |
|
||||
| P1 | Docker Compose / systemd live config | 110 / 188 多服務由 compose、systemd 與 recovery scripts 管理 | restart policy、port、volume、env 改動會影響 Harbor、Sentry、Langfuse、Gitea、agent-bounty-protocol | 已有 repo-only inventory 與 owner request draft;下一步只收脫敏 owner response / live hash,不主動 SSH |
|
||||
| P1 | Docker Compose / systemd live config | 已有 repo-only inventory、owner request draft 與 owner response acceptance 只讀帳本,但仍缺 owner-provided live hash、maintenance / restart window、rollback owner、post-check plan、disable switch 與 no-secret-value evidence | restart policy、port、volume、env 改動會影響 Harbor、Sentry、Langfuse、Gitea 與代理賞金協議 runtime | 下一步只收脫敏 owner response / live hash metadata,不主動 SSH、不重啟、不跑 repair-bot |
|
||||
| P1 | AI provider / Ollama proxy | 110 Nginx proxy、GCP-A/B、111 fallback、API provider route 多處配置 | provider route drift 會造成成本、可用性、資料外送與模型品質風險 | 納入 C1,任何切換仍需 dry-run / benchmark / owner gate |
|
||||
| P1 | agent-bounty-protocol runtime / treasury / A2A / MCP | 已納入只讀範圍,但尚未有 production host、compose、domain、TLS、rollback owner 完整資料 | 外部 agent、claim / submit、payout 或 webhook 若未控管,風險高於一般網站 | 納入 C2,仍不改該 repo、不讀 `.env`、不部署 |
|
||||
|
||||
@@ -155,7 +161,7 @@ Nginx 是目前必須最先資安控管的配置,原因是它同時控制公
|
||||
| P1 | Grafana / SigNoz / Sentry / Langfuse | `ops/grafana/*`、`ops/signoz/*`、`ops/sentry-self-hosted/*`、`infra/langfuse/*`、`docs/security/MONITORING-ALERTING-OBSERVABILITY-INVENTORY.md`、`docs/security/MONITORING-OWNER-REQUEST-DRAFT.md` | 110 compose / public gateway | owner request draft 已固定;仍缺 admin secret owner、public route proof、backup owner、smoke plan、upgrade window 與 rollback owner |
|
||||
| P1 | Harbor / registry | Nginx templates、backup scripts、CD workflows | 110 Harbor / registry domains | robot account owner、image tag immutability、scan policy、TLS |
|
||||
| P1 | PostgreSQL / Redis / MinIO | app config、backup scripts、monitoring config | 188 / 110 / K3s | no plaintext DSN, access boundary, backup, restore, metrics auth |
|
||||
| P1 | Docker Compose / systemd | `docker-compose.yml`、`ops/*/docker-compose.yml`、`scripts/reboot-recovery/*.service` | 110 / 188 / agent-bounty hosts | port / volume / env diff、restart window、rollback owner |
|
||||
| P1 | Docker Compose / systemd | `docker-compose.yml`、`ops/*/docker-compose.yml`、`scripts/reboot-recovery/*.service`、`docs/security/HOST-SERVICE-OWNER-REQUEST-DRAFT.md`、`docs/security/HOST-SERVICE-OWNER-RESPONSE-ACCEPTANCE.md` | 110 / 188 / agent-bounty hosts | live hash metadata、port / volume / env diff、maintenance / restart window、rollback owner、post-check plan、disable switch;不得 restart / apply |
|
||||
| P1 | SSH / sudoers / known_hosts | Ansible inventory、ops scripts、runner scripts | host owners | owner request draft 已固定;下一步只收脫敏 live access state、known_hosts / host-key policy、target whitelist 與 rollback owner |
|
||||
| P1 | Firewall / WireGuard / NodePort / VIP | K8s service / network policy、Kali / wg-easy docs | network owner | owner request draft 已固定;下一步只收 allowed source CIDR、maintenance window、rollback owner 與 validation plan;no unreviewed port exposure |
|
||||
| P1 | AI provider / model routing | `apps/api/src/services/ai_providers/*`、Ollama runbooks、Nginx proxy | AI owner | dry-run、benchmark、cost / privacy review、fallback order gate |
|
||||
@@ -215,6 +221,7 @@ Nginx 是目前必須最先資安控管的配置,原因是它同時控制公
|
||||
| owner response request / received / accepted | `0%` | Packet 只是草案;尚未送件、尚未收件、尚未 reviewer accepted |
|
||||
| agent-bounty-protocol owner request draft | `100%` | 已將 repo / refs、deployment、data classification、external agent / treasury 與 7 個 product surface 轉成 11 份 owner request draft;claim / submit、payout、cron / daemon、runtime gate 仍為 0 |
|
||||
| Docker / systemd owner request draft | `100%` | 已將 9 個 host service surface 轉成 owner request draft;request sent / received / accepted 仍為 0 |
|
||||
| Docker / systemd owner response acceptance | `100%` | 已新增 `host_service_owner_response_acceptance_v1`,9 個 candidate、3 個 write-capable、8 個需 live evidence、14 個 reviewer checks、7 條 outcome lanes、20 類 blocked action;成熟度 `50% -> 54%` |
|
||||
| SSH / firewall / network owner request draft | `100%` | 已將 16 個 SSH / network access surface 轉成 owner request draft;request sent / received / accepted、port change、firewall change、NetworkPolicy apply、NodePort change、WireGuard change 仍為 0 |
|
||||
| SSH / firewall / network owner response acceptance | `100%` | 已新增 `ssh_network_owner_response_acceptance_v1`,16 個 candidate、6 個 write-capable、15 個 reviewer checks、7 條 outcome lanes、22 類 blocked action;成熟度 `54% -> 58%` |
|
||||
| Backup / restore / escrow owner request draft | `100%` | 已將 38 個 backup / restore / escrow surface 轉成 owner request draft;request sent / received / accepted、backup run、restore run、offsite sync、remote delete、escrow marker write、retention change 仍為 0 |
|
||||
@@ -232,7 +239,7 @@ Nginx 是目前必須最先資安控管的配置,原因是它同時控制公
|
||||
3. P0:向 owner 收 DNS / TLS / certbot 脫敏 coverage metadata ref、expiry metadata ref、renewal owner、ACME route owner、maintenance window、rollback owner 與 validation plan;不做 DNS query、TLS probe、certbot renew 或 reload。
|
||||
4. P0:把 workflow / runner / secret name owner response 與高價值配置 C0 gate 串成同一個 IwoooS 狀態。
|
||||
5. P0:把 agent-bounty-protocol compose / MCP / A2A / treasury 高價值配置欄位接入同一個 owner packet queue;不啟用 runtime。
|
||||
6. P1:向 owner 收 110 / 188 Docker Compose 與 systemd 脫敏 live hash、restart window、rollback owner 與 post-check 指標;不主動 SSH、不重啟、不跑 repair-bot。
|
||||
6. P1:向 owner 收 110 / 188 Docker Compose 與 systemd 脫敏 live hash metadata、maintenance / restart window、rollback owner、post-check plan、disable switch 與 no-secret-value evidence;不主動 SSH、不重啟、不跑 repair-bot。
|
||||
7. P1:向 owner 收 SSH / firewall / WireGuard / NodePort 脫敏 live access state、allowed source CIDR、maintenance window、rollback owner 與 validation plan;不主動 keyscan、不改 firewall、不開關端口。
|
||||
8. P1:向 owner 收 backup / restore / offsite / escrow 非敏感 evidence id、最新備份狀態、restore drill plan、maintenance window、rollback owner 與 validation plan;驗收前 backup run、restore drill、offsite sync、remote delete、escrow marker write、retention change 全部維持 `0 / false`。
|
||||
9. P1:把 Prometheus / Alertmanager / Grafana / SigNoz / Sentry / Langfuse owner request draft 接入 AwoooP 只讀狀態;驗收前 reload、receiver route change、silence change、Telegram send 與 alert chain smoke 全部維持 `0 / false`。
|
||||
|
||||
@@ -95,7 +95,7 @@ IwoooS 首版只讀取或對齊以下已提交 evidence:
|
||||
51. 10 個 frontend surface reverse bridge statuses,顯示既有資安入口目前是 embedded bridge、direct bridge 或 AwoooP read-only candidate;這只是連接狀態,不代表 owner response、runtime authorization、Code Review blocker、Gitea/GitHub action 或任何執行控制。
|
||||
52. 6 個 source control primary readiness items,顯示 GitHub primary 前置缺口:candidate repo inventory、primary ready counter、owner response validation、refs truth、workflow / secret name inventory、rollback ADR;這只是 readiness,不代表 repo 建立、visibility 變更、refs mutation、secret value collection、primary switch 或 Gitea 停用。
|
||||
53. 4 個 rollout risk read-only items,顯示風險來源部署 marker、`AWOOOI_ROLLOUT_RISK=1`、ArgoCD `Degraded` / `OutOfSync`、API health / smoke 已通過與執行期閘門仍為 0;這只是部署風險可見性,不代表 ArgoCD sync、kubectl、主機重啟、修復、部署或 runtime gate 已授權。
|
||||
54. 14 類 high-value config control coverage statuses,顯示 Nginx、DNS / TLS、K8s、secret、workflow、backup、agent-bounty runtime、monitoring、Docker / systemd、SSH / network、AI provider、產品 route 與 security evidence 的全域配置控管覆蓋矩陣;平均只讀成熟度 `67%`、C0 類別 `8`、需 live evidence 類別 `7`、owner response received / accepted 與 runtime gate 仍為 `0`,不代表 reload、sync、scan、secret rotation、payout 或主機操作授權。
|
||||
54. 14 類 high-value config control coverage statuses,顯示 Nginx、DNS / TLS、K8s、secret、workflow、backup、agent-bounty runtime、monitoring、Docker / systemd、SSH / network、AI provider、產品 route 與 security evidence 的全域配置控管覆蓋矩陣;平均只讀成熟度 `68%`、C0 類別 `8`、需 live evidence 類別 `6`、owner response received / accepted 與 runtime gate 仍為 `0`,不代表 reload、sync、scan、secret rotation、payout 或主機操作授權。
|
||||
55. 9 個 host-service config repo-only inventory surfaces,顯示 Docker Compose、systemd / repair-bot、Ansible service role 與 host config backup capture 的第一層清冊;write-capable surface `3`、repair-bot whitelist `2`、systemd restart surface `1`,owner response、live evidence、restart window、rollback owner、runtime gate 與 action button 仍全部為 `0`,不代表 `docker compose`、`systemctl`、repair-bot 或 Ansible apply 已授權。
|
||||
56. 16 個 SSH / network access repo-only inventory surfaces 與 owner response acceptance 只讀帳本,顯示 SSH target、known_hosts workflow、CI deploy SSH、monitoring SSH、backup SSH capture、sudoers wrapper、NetworkPolicy、NodePort、WireGuard runbook 與 alert SSH action catalog 的第一層清冊;write-capable surface `6`、NetworkPolicy `2`、NodePort `2`、sudoers `1`、WireGuard `1`,acceptance candidate `16`、reviewer check `15`、outcome lane `7`、blocked action `22`,讓 SSH / network 類別成熟度從 `54%` 推進到 `58%`;owner response、live evidence、maintenance window、rollback owner、runtime gate 與 action button 仍全部為 `0`,不代表 SSH、sudo、firewall、NetworkPolicy、NodePort、WireGuard 或 known_hosts patch 已授權。
|
||||
57. 38 個 Backup / restore / escrow / retention repo-only inventory surfaces,顯示 backup orchestration、service backup scripts、restic retention、offsite sync、credential escrow、Velero restore drill、backup health alert 與 cold-start / DR runbook 的第一層清冊;write-capable surface `27`、restore drill surface `4`、offsite / escrow surface `8`,owner response、live evidence、restore drill、offsite sync、credential escrow、retention change、runtime gate 與 action button 仍全部為 `0`,不代表 backup、restore、offsite sync、remote delete、restic prune、escrow marker write、rclone config 或 Velero restore 已授權。
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
| 項目 | 內容 |
|
||||
|------|------|
|
||||
| 日期 | 2026-06-15 |
|
||||
| 狀態 | IwoooS 64% 只讀治理推進中;P2-145 owner response acceptance gate 已完成正式驗證;P0 DNS / TLS / certbot owner response acceptance 只讀帳本已本地完成;S4.9 owner response gate 仍是第一優先 |
|
||||
| 狀態 | IwoooS 64% 只讀治理推進中;P2-145 owner response acceptance gate 已完成正式驗證;P1 Docker / systemd / host service owner response acceptance 只讀帳本已本地完成;S4.9 owner response gate 仍是第一優先 |
|
||||
| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Source Control Ref Truth Owner Response 收件包 + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + GitHub Target Owner Decision Response 收件包 + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Gitea Owner Attestation Approval Lane 對齊 + Gitea Owner Attestation Response 收件包 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Workflow / Secret Name Owner Response 收件包 + Source Control Owner Response Validation Rollup + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 + IwoooS 前端態勢入口 + IwoooS posture projection contract + IwoooS 既有前端資安頁面整合 + IwoooS 覆蓋與邊界矩陣 + IwoooS 只讀資安處理旅程 + IwoooS owner evidence readiness board + IwoooS host coverage view + IwoooS host action gate matrix + IwoooS host evidence readiness board + IwoooS host evidence collection order + IwoooS host evidence intake preflight + IwoooS host evidence review outcome lanes + IwoooS host evidence review handoff packets + IwoooS host evidence reviewer checklist + IwoooS host evidence reviewer outcome lanes + IwoooS host owner decision candidate packets + IwoooS host owner decision review checklist + IwoooS host owner decision review outcome lanes + IwoooS host owner decision record draft packets + IwoooS host owner decision record draft review checklist + IwoooS host owner decision record draft review outcome lanes + IwoooS host owner decision record write-up packets + IwoooS host owner decision record write-up review checklist + IwoooS host owner decision record write-up review outcome lanes + IwoooS host owner decision record formal candidate packets + IwoooS host owner decision record formal candidate review checklist + IwoooS host owner decision record formal candidate review outcome lanes + IwoooS host owner decision record formal record queue packets + IwoooS host owner decision record formal record queue review checklist + IwoooS host owner decision record formal record queue review outcome lanes + IwoooS host owner decision record human handoff readiness packets + IwoooS host owner decision record human handoff readiness review checklist + IwoooS host owner decision record human handoff readiness review outcome lanes + IwoooS host owner decision record human record owner review candidate packets + IwoooS host owner decision record human record owner review candidate checklist + IwoooS host owner decision record human record owner review candidate outcome lanes + IwoooS host owner decision record human record owner review preparation packets + IwoooS host owner decision record human record owner review preparation checklist + IwoooS progress acceleration lanes + IwoooS owner response next-action focus + IwoooS S4.9 owner response preflight + IwoooS S4.9 owner response request templates + IwoooS progress hold movement gates + IwoooS AwoooP read-only landing readiness + IwoooS AwoooP cross-session handoff packets + AwoooP 首頁 IwoooS 資安鏡像候選 + AwoooP 工作鏈路 IwoooS 資安鏡像候選 + AwoooP 審批佇列 IwoooS owner response 只讀焦點 |
|
||||
| 本階段追加 | AwoooP 合約儀表板 IwoooS 資安契約只讀候選 + AwoooP 租戶管理 IwoooS 資安租戶範圍只讀候選 + AwoooP 執行監控 IwoooS 執行狀態只讀候選 + 既有安全 / 合規頁面 IwoooS 只讀反向橋接 + 告警 / 錯誤 / 授權 / 治理頁面 IwoooS 只讀反向橋接 + 稽核 / 工程審查頁面 IwoooS 深色只讀反向橋接 + IwoooS 前端資安頁面連接狀態板 + IwoooS GitHub 主要來源就緒度只讀狀態板 + AwoooP 工作鏈路 GitHub 主要來源就緒度只讀工作項 + AwoooP 合約儀表板 GitHub 主要來源就緒度合約只讀候選 + AwoooP 審批佇列 GitHub 主要來源就緒度審批邊界 + AwoooP 首頁 GitHub 主要來源就緒度只讀摘要 + AwoooP 租戶管理 GitHub 主要來源就緒度租戶範圍 + AwoooP 執行監控 GitHub 主要來源就緒度執行邊界 + IwoooS / AwoooP 資安可視區塊繁體中文呈現防護檢查 + AwoooP 執行詳情 / 審批詳情繁體中文呈現防護檢查 + AwoooP 首頁負責人回覆驗收總覽 + AwoooP 工作鏈路負責人回覆驗收只讀工作項 + AwoooP 合約儀表板負責人回覆驗收契約只讀候選 + AwoooP 審批佇列負責人回覆驗收只讀審查邊界 + AwoooP 租戶管理負責人回覆驗收租戶範圍 + AwoooP 執行監控負責人回覆驗收執行邊界 + AwoooP 執行詳情負責人回覆驗收詳情邊界 + AwoooP 審批決策負責人回覆驗收審批邊界 + IwoooS AwoooP 資安入口覆蓋狀態板 + IwoooS 階段式資安收斂節奏圖 + IwoooS 下一步人工收件作戰板 + IwoooS 人工回覆安全驗收閘道 + IwoooS 人工回覆審查結果分流 + IwoooS 人工決策準備佇列 + IwoooS 人工決策紀錄草稿防誤用 + IwoooS 人工決策正式紀錄負責人指派確認準備包 + IwoooS 人工決策正式紀錄負責人指派確認清單 + IwoooS 人工決策正式紀錄負責人指派確認結果分流 + IwoooS 人工決策正式紀錄負責人指派決策準備包 + IwoooS 人工決策正式紀錄負責人指派決策檢查清單 + IwoooS S4.9 負責人回覆封套欄位 + IwoooS S4.9 負責人回覆封套送件前檢查 + IwoooS S4.9 負責人回覆封套送件前結果分流 + IwoooS S4.9 負責人回覆送件請求草稿 + IwoooS S4.9 負責人回覆送件鏈路摘要 + IwoooS 低摩擦分階段收斂主控 + IwoooS 低摩擦下一步行動邊界 + IwoooS 64% 進度移動訊號驗收條 + IwoooS 第一個進度解鎖路徑 + IwoooS 第一解鎖證據包 + IwoooS 第一解鎖證據包預檢分流 + IwoooS 第一解鎖證據包補件路徑 + IwoooS 第一解鎖證據包補件送審前檢查 + IwoooS 第一解鎖證據包補件送審結果分流 + IwoooS 第一解鎖證據包 reviewer 指派準備包 + IwoooS 第一解鎖證據包 reviewer 指派前檢查 + IwoooS 第一解鎖證據包 reviewer 指派前檢查結果分流 + IwoooS 正式只讀 landing 與 Kali 112 只讀證據進度重估 |
|
||||
| 本階段追加補充 | IwoooS 目前具體工作地圖 + IwoooS 目前具體交付清單 + IwoooS 目前阻塞與解除條件 + IwoooS 三軸進度與全產品套用範圍 + IwoooS 全產品分階段套用台帳 + IwoooS 全產品 rollout 波次驗收門檻 + IwoooS 全產品 rollout 驗收結果分流 + IwoooS 全產品證據接線地圖 + IwoooS 全產品證據接線預檢 + IwoooS 全產品證據接線預檢結果分流 + IwoooS 全產品預檢補件回收台帳 + IwoooS 全產品補件重試門檻 + IwoooS 全產品重試結果分流 + IwoooS 全產品人工審查候選準備 + IwoooS 全產品人工審查候選預檢 + IwoooS 全產品人工審查候選預檢結果分流 + IwoooS 全產品人工審查候選預檢補件回收台帳 + IwoooS 全產品人工審查候選預檢補件重試門檻 + IwoooS 全產品只讀套用快照 + P2-145 owner response acceptance gate 正式驗證完成 |
|
||||
@@ -13,6 +13,12 @@
|
||||
| 原則 | 低摩擦分階段;文件、schema、read-only evidence 優先;不做 runtime enforcement、不切 primary |
|
||||
| P0 主控板 | `docs/workplans/2026-06-04-iwooos-security-governance-p0.md` |
|
||||
|
||||
## 0.00a 2026-06-14 Docker / systemd / host service owner response acceptance
|
||||
|
||||
本輪把 Docker / systemd / host service 從 owner request draft 推進到 owner response acceptance 只讀帳本:`host_service_owner_response_acceptance_v1` 固定 `candidates=9`、`write_capable=3`、`live_evidence_required=8`、`owner_fields=12`、`reviewer_checks=14`、`outcome_lanes=7`、`blocked_actions=20`,並讓 `docker_compose_systemd_host_config` 只讀治理成熟度 `50% -> 54%`,高價值配置平均只讀成熟度 `67% -> 68%`。這是 metadata-only 收件驗收,不是 request sent、owner response received / accepted、live host read、SSH、Docker Compose、systemctl、repair-bot、Ansible、sudo、host write、production write 或 runtime gate。
|
||||
|
||||
同步邊界:IwoooS headline 維持 `64%`,active runtime gate 維持 `0`;owner response / live evidence / runtime gate / action buttons 全部仍為 `0 / false`。本段只更新文件、snapshot、guard 與覆蓋矩陣,不改前端 bundle、不部署、不碰 Docker daemon、systemd、repair-bot、Ansible、Nginx、firewall 或主機。
|
||||
|
||||
## 0.00 2026-06-14 DNS / TLS / certbot owner response acceptance
|
||||
|
||||
本輪把 DNS / TLS / certbot 從 owner confirmation request 草稿推進到 owner response acceptance 只讀帳本:`domain_tls_certbot_owner_response_acceptance_v1` 固定 `candidates=4`、`c0=4`、`owner_fields=13`、`reviewer_checks=13`、`outcome_lanes=7`、`blocked_actions=20`,並讓 `dns_tls_certbot` 只讀治理成熟度 `74% -> 78%`。這是 metadata-only 收件驗收,不是 request sent、owner response received / accepted、certificate coverage confirmed、DNS query、live TLS probe、certbot renew、Nginx reload、route smoke、host write、production write 或 runtime gate。
|
||||
|
||||
@@ -349,17 +349,21 @@
|
||||
"action_buttons_allowed": false,
|
||||
"category_id": "docker_compose_systemd_host_config",
|
||||
"control_tier": "C1",
|
||||
"coverage_percent": 50,
|
||||
"coverage_status": "repo_only_inventory_ready_needs_live_owner_evidence",
|
||||
"current_gap": "repo-only 清冊已納入 9 個 surface;仍缺 110 / 188 live hash、restart window、rollback owner 與 post-check 指標。",
|
||||
"coverage_percent": 54,
|
||||
"coverage_status": "owner_response_acceptance_ledger_ready_needs_live_owner_evidence",
|
||||
"current_gap": "已固定 9 份 Docker / systemd / host service owner response acceptance candidate;仍缺 owner response、110 / 188 live hash、maintenance / restart window、rollback owner、post-check plan、disable switch 與 no-secret-value evidence。",
|
||||
"evidence_refs": [
|
||||
"docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md",
|
||||
"docs/security/HOST-SERVICE-CONFIG-INVENTORY.md",
|
||||
"docs/security/host-service-config-inventory.snapshot.json",
|
||||
"docs/security/HOST-SERVICE-OWNER-REQUEST-DRAFT.md",
|
||||
"docs/security/host-service-owner-request-draft.snapshot.json",
|
||||
"docs/security/HOST-SERVICE-OWNER-RESPONSE-ACCEPTANCE.md",
|
||||
"docs/security/host-service-owner-response-acceptance.snapshot.json",
|
||||
"docs/security/DEV-HOSTS-112-111-168-OBSERVE-ONLY-MAPPING.md"
|
||||
],
|
||||
"label": "Docker Compose / systemd / host service config",
|
||||
"next_owner_action": "補 owner-provided live hash / disposition、compose / systemd owner、restart window、rollback owner 與 post-check 指標。",
|
||||
"next_owner_action": "補 owner-provided live hash / disposition、compose / systemd owner、maintenance / restart window、rollback owner、post-check plan 與 disable switch。",
|
||||
"owner_response_accepted": false,
|
||||
"owner_response_received": false,
|
||||
"owner_response_required": true,
|
||||
@@ -584,15 +588,15 @@
|
||||
"websocket_route_change_authorized": false,
|
||||
"workflow_modification_authorized": false
|
||||
},
|
||||
"generated_at": "2026-06-14T23:05:00+08:00",
|
||||
"git_commit": "d26f3bef",
|
||||
"generated_at": "2026-06-14T23:45:00+08:00",
|
||||
"git_commit": "92e451cb",
|
||||
"lowest_coverage_categories": [
|
||||
{
|
||||
"category_id": "docker_compose_systemd_host_config",
|
||||
"coverage_percent": 50,
|
||||
"current_gap": "repo-only 清冊已納入 9 個 surface;仍缺 110 / 188 live hash、restart window、rollback owner 與 post-check 指標。",
|
||||
"coverage_percent": 54,
|
||||
"current_gap": "已固定 9 份 Docker / systemd / host service owner response acceptance candidate;仍缺 owner response、110 / 188 live hash、maintenance / restart window、rollback owner、post-check plan、disable switch 與 no-secret-value evidence。",
|
||||
"label": "Docker Compose / systemd / host service config",
|
||||
"next_owner_action": "補 owner-provided live hash / disposition、compose / systemd owner、restart window、rollback owner 與 post-check 指標。"
|
||||
"next_owner_action": "補 owner-provided live hash / disposition、compose / systemd owner、maintenance / restart window、rollback owner、post-check plan 與 disable switch。"
|
||||
},
|
||||
{
|
||||
"category_id": "ssh_firewall_network_access",
|
||||
@@ -638,14 +642,14 @@
|
||||
"status": "coverage_matrix_ready",
|
||||
"summary": {
|
||||
"action_button_count": 0,
|
||||
"average_coverage_percent": 67,
|
||||
"average_coverage_percent": 68,
|
||||
"c0_category_count": 8,
|
||||
"c1_category_count": 4,
|
||||
"c2_category_count": 1,
|
||||
"c3_category_count": 1,
|
||||
"category_count": 14,
|
||||
"lowest_coverage_category_count": 4,
|
||||
"needs_live_evidence_count": 7,
|
||||
"needs_live_evidence_count": 6,
|
||||
"owner_response_accepted_count": 0,
|
||||
"owner_response_received_count": 0,
|
||||
"owner_response_required_count": 14,
|
||||
|
||||
1598
docs/security/host-service-owner-response-acceptance.snapshot.json
Normal file
1598
docs/security/host-service-owner-response-acceptance.snapshot.json
Normal file
File diff suppressed because it is too large
Load Diff
@@ -34,6 +34,8 @@
|
||||
"docs/schemas/domain_tls_certbot_inventory_v1.schema.json",
|
||||
"docs/security/host-service-config-inventory.snapshot.json",
|
||||
"docs/security/HOST-SERVICE-CONFIG-INVENTORY.md",
|
||||
"docs/security/host-service-owner-response-acceptance.snapshot.json",
|
||||
"docs/security/HOST-SERVICE-OWNER-RESPONSE-ACCEPTANCE.md",
|
||||
"docs/schemas/host_service_config_inventory_v1.schema.json",
|
||||
"docs/security/ssh-network-access-inventory.snapshot.json",
|
||||
"docs/security/SSH-NETWORK-ACCESS-INVENTORY.md",
|
||||
@@ -258,8 +260,8 @@
|
||||
"high_value_config_control_coverage_category_count": 14,
|
||||
"high_value_config_control_coverage_c0_category_count": 8,
|
||||
"high_value_config_control_coverage_c1_category_count": 4,
|
||||
"high_value_config_control_coverage_average_percent": 67,
|
||||
"high_value_config_control_coverage_needs_live_evidence_count": 7,
|
||||
"high_value_config_control_coverage_average_percent": 68,
|
||||
"high_value_config_control_coverage_needs_live_evidence_count": 6,
|
||||
"high_value_config_control_coverage_owner_response_required_count": 14,
|
||||
"high_value_config_control_coverage_owner_response_received_count": 0,
|
||||
"high_value_config_control_coverage_owner_response_accepted_count": 0,
|
||||
|
||||
Reference in New Issue
Block a user