docs(security): 補開發主機 scope handoff [skip ci]
This commit is contained in:
130
docs/security/DEV-HOSTS-111-168-SCOPE-HANDOFF.md
Normal file
130
docs/security/DEV-HOSTS-111-168-SCOPE-HANDOFF.md
Normal file
@@ -0,0 +1,130 @@
|
||||
# 111 / 168 開發主機 Scope Handoff
|
||||
|
||||
| 項目 | 內容 |
|
||||
|------|------|
|
||||
| 日期 | 2026-06-04 |
|
||||
| 狀態 | 草案,等待 owner review |
|
||||
| Hosts | `192.168.0.111`、`192.168.0.168` |
|
||||
| Asset keys | `host:dev-ai-111`、`host:dev-workstation-168` |
|
||||
| Schema | `docs/schemas/dev_host_scope_handoff_v1.schema.json` |
|
||||
| Snapshot | `docs/security/dev-hosts-111-168-scope-handoff.snapshot.json` |
|
||||
| 上游證據 | `docs/security/DEV-HOSTS-112-111-168-OBSERVE-ONLY-MAPPING.md`、`docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md` |
|
||||
| 模式 | `scope_handoff_only` |
|
||||
| 執行面授權 | `false` |
|
||||
|
||||
## 0. 核心結論
|
||||
|
||||
P1-8 補的是 `192.168.0.111` 與 `192.168.0.168` 的開發主機 scope / credential / rollback / validation handoff。這不是主機維護批准、不是 credentialed scan、不是 active scan,也不是 Ollama fallback route 變更。
|
||||
|
||||
本階段只把 owner / reviewer 未來需要看的資料整理成只讀封套:
|
||||
|
||||
| 主機 | 角色 | 本階段輸出 | 仍未授權 |
|
||||
|------|------|------------|----------|
|
||||
| `192.168.0.111` | Local AI / Ollama fallback / 開發輔助主機 | fallback route truth、model inventory、service posture、SSH policy posture、AI route smoke 指標 | 停止模型、重啟服務、改 fallback route、credentialed scan、active scan |
|
||||
| `192.168.0.168` | 開發工作站 / local development origin | repo hygiene、dev-only CORS、local service exposure、credential refusal、rollback / disable note | 讀取未授權目錄、掃描個人資料、credentialed scan、CORS / firewall / service 變更 |
|
||||
|
||||
## 1. 摘要
|
||||
|
||||
| 指標 | 值 |
|
||||
|------|----|
|
||||
| dev host scope handoff package | `ready` |
|
||||
| package completion | `100%` |
|
||||
| host change authorized | `false` |
|
||||
| fallback route change authorized | `false` |
|
||||
| credentialed scan authorized | `false` |
|
||||
| active scan authorized | `false` |
|
||||
| secret value collection authorized | `false` |
|
||||
| owner response received / accepted | `false / false` |
|
||||
| host execution completion | `0%` |
|
||||
|
||||
## 2. Owner Response Handoff
|
||||
|
||||
此 handoff 只讓 AwoooP 或 reviewer 請 owner 補開發主機 scope metadata。它不是 request sent、不是 approval queue,也不是可執行動作。
|
||||
|
||||
### 2.1 必填欄位
|
||||
|
||||
| 欄位 | 說明 |
|
||||
|------|------|
|
||||
| `owner_role_or_team` | Dev Host Steward 或實際維護角色 / 團隊 |
|
||||
| `host_scope_boundary` | 允許觀察的路徑、服務、repo、port 類型與排除範圍 |
|
||||
| `decision` | 允許值:`confirm_observe_only`、`defer`、`reject`、`request_more_evidence` |
|
||||
| `decision_reason` | 為何接受 / 延後 / 拒絕此只讀 scope |
|
||||
| `affected_scope` | 影響主機、服務、repo、Ollama route、CORS 或 local origin |
|
||||
| `maintenance_window_expectation` | 若未來要維護,owner 需指定台北時間窗口;目前不得自動指定 |
|
||||
| `credential_handling_confirmation` | 確認只收 present / absent、脫敏 metadata pointer;不收 secret value |
|
||||
| `rollback_owner` | 未來停用、回復 route、回復 CORS、停止觀察或撤回 evidence 的 owner |
|
||||
| `validation_metrics_owner` | post-check / smoke / evidence readback 的 owner |
|
||||
| `redacted_evidence_refs` | 只填文件、snapshot、ticket、hash 或脫敏 metadata pointer |
|
||||
| `followup_owner` | 補件、拒收或下一階段 owner |
|
||||
|
||||
### 2.2 禁止輸入
|
||||
|
||||
| 類型 | 規則 |
|
||||
|------|------|
|
||||
| credential | 不貼模型 API key、SSH 密碼、private key、token value、cookie、session、authorization header、personal credential |
|
||||
| secret derivative | 不貼可還原 secret 的 hash、masked token、partial token 或截圖 |
|
||||
| host command | 不貼 SSH command、service restart、firewall change、model stop / pull / delete、CORS apply command |
|
||||
| scan request | 不把 active scan、credentialed scan、個人資料掃描或未授權目錄讀取包進 scope |
|
||||
| runtime action | 不新增 AwoooP action button,不開 runtime blocking control,不改 fallback route |
|
||||
|
||||
## 3. Host Scope 草案
|
||||
|
||||
| Host | Scope lane | 目的 | 目前授權 |
|
||||
|------|------------|------|----------|
|
||||
| `192.168.0.111` | Ollama fallback truth | 對齊 ADR-110 三層路由與 local fallback 事實來源,確認 evidence ref 與 owner | `false` |
|
||||
| `192.168.0.111` | model inventory posture | 只收模型清單摘要、模型數量、版本 / tag metadata 與 list hash,不收 prompt、token 或私有資料 | `false` |
|
||||
| `192.168.0.111` | service / SSH policy posture | 只收服務狀態摘要與 SSH policy posture,不登入、不改 service | `false` |
|
||||
| `192.168.0.168` | local development origin | 確認 168 作為本機開發來源、preview origin、dev-only CORS 候選,不改 runtime | `false` |
|
||||
| `192.168.0.168` | repo hygiene | 只收 repo 層級 hygiene 摘要、secret scan summary、dirty worktree policy,不讀未授權目錄 | `false` |
|
||||
| `192.168.0.168` | local service exposure | 只收服務清單摘要、port 類型、owner 與 disable note,不做 port scan 或 firewall 變更 | `false` |
|
||||
|
||||
## 4. Credential Handling
|
||||
|
||||
1. 只能記錄 `present` / `absent`、owner role、scope、來源文件或脫敏 evidence ref。
|
||||
2. 不保存、回顯或轉貼任何 secret value、private key、token、cookie、session、authorization header、model API key、SSH password 或個人憑證。
|
||||
3. 若 evidence 夾帶 raw credential,必須隔離為 `quarantine_required`,不得納入 snapshot。
|
||||
4. 若需要 credentialed scan,必須另開獨立人工批准、credential handling plan、audit trail、rollback 與 post-check;本 handoff 不授權。
|
||||
5. 168 的個人目錄、私有資料夾、瀏覽器 profile、通訊軟體資料與未授權 repo 預設排除。
|
||||
|
||||
## 5. 維護窗口草案
|
||||
|
||||
| Host | 維護窗口狀態 | 本階段允許 | 本階段禁止 |
|
||||
|------|--------------|------------|------------|
|
||||
| `192.168.0.111` | `waiting_owner_selection` | owner 指定未來低流量窗口、停止條件、rollback owner、route validation 指標 | 停止模型、重啟 Ollama、pull / delete model、改 `OLLAMA_*` route、改 firewall |
|
||||
| `192.168.0.168` | `waiting_owner_selection` | owner 指定未來 repo hygiene / local service review 窗口、排除範圍、disable note | credentialed scan、讀私有目錄、改 CORS、關閉服務、改本機防火牆 |
|
||||
|
||||
## 6. Rollback / Disable 草案
|
||||
|
||||
| Host | rollback / disable item | 需要證據 | owner 狀態 |
|
||||
|------|-------------------------|----------|------------|
|
||||
| `192.168.0.111` | fallback route rollback | route before / after refs、fallback owner、AI route smoke、stop condition | waiting owner assignment |
|
||||
| `192.168.0.111` | model service rollback | service state ref、model inventory hash before / after、operator notice owner | waiting owner assignment |
|
||||
| `192.168.0.168` | dev CORS rollback | current allowed origins ref、candidate change note、disable owner、browser smoke plan | waiting owner assignment |
|
||||
| `192.168.0.168` | local service disable / restore | service list summary、owner、restore note、post-check ref | waiting owner assignment |
|
||||
|
||||
## 7. Validation Metrics
|
||||
|
||||
| Host | 指標 | 說明 |
|
||||
|------|------|------|
|
||||
| `192.168.0.111` | Ollama route truth | GCP-A、GCP-B、local 111 fallback 的設定與 health evidence ref 是否一致 |
|
||||
| `192.168.0.111` | fallback availability | local fallback 可用性摘要,不等於可改路由或重啟服務 |
|
||||
| `192.168.0.111` | model list hash | 模型清單摘要 / hash,用於漂移判讀,不保存 prompt 或資料內容 |
|
||||
| `192.168.0.111` | service status | Ollama / proxy / AI route 相關服務狀態摘要 |
|
||||
| `192.168.0.111` | AI route smoke | 只讀 smoke evidence ref;若要實際改 route 必須另行批准 |
|
||||
| `192.168.0.168` | repo secret scan summary | repo 層級摘要;不得收 secret value、partial token 或私人目錄內容 |
|
||||
| `192.168.0.168` | local service list summary | owner 提供或授權的 local service summary,不做未批准 port scan |
|
||||
| `192.168.0.168` | CORS origin review | dev-only origin 是否與 production public domain 邊界一致 |
|
||||
| `192.168.0.168` | rollback / disable note | 若未來需關閉 dev exposure 或回復設定,owner 與步驟是否已指定 |
|
||||
|
||||
## 8. 驗收規則
|
||||
|
||||
1. 本 handoff 完成不代表 owner response 已收到、已接受或已批准。
|
||||
2. `192.168.0.111` 的 fallback route truth 只能作為 observe-only evidence;不得改 `OLLAMA_URL`、`OLLAMA_SECONDARY_URL`、`OLLAMA_FALLBACK_URL` 或任何 proxy route。
|
||||
3. `192.168.0.168` 的 repo / CORS / service exposure 只能作為 scope review;不得讀取未授權目錄或個人資料。
|
||||
4. 所有 credential / secret 類資料只能記錄脫敏 metadata;raw value 一律拒收或隔離。
|
||||
5. 維護窗口、rollback owner、validation owner 到齊前,不得做 host change、service restart、active scan、credentialed scan 或 runtime gate。
|
||||
6. 未來 post-check 失敗只能建立人工 follow-up,不得自動修復。
|
||||
|
||||
## 9. 階段定位
|
||||
|
||||
P1-8 只把 111 / 168 從「observe-only mapping 已宣告」推到「owner / reviewer 可照表審 scope、credential、rollback 與 validation」。它不改主機、不改 AI route、不開 runtime gate、不啟動掃描,也不提高 IwoooS headline 64%。
|
||||
@@ -3,7 +3,7 @@
|
||||
| 項目 | 內容 |
|
||||
|------|------|
|
||||
| 日期 | 2026-06-04 |
|
||||
| 狀態 | observe-only mapping + 維護準備規範;尚未寫入 DB / inventory seed |
|
||||
| 狀態 | observe-only mapping + 維護準備 / scope handoff 規範;尚未寫入 DB / inventory seed |
|
||||
| 範圍 | Kali 資安主機與兩台開發主機 |
|
||||
| 上游 | `docs/security/KALI-SECURITY-MESH-BLUEPRINT.md` |
|
||||
|
||||
@@ -37,10 +37,21 @@
|
||||
| Host | scope | maintenance window | credential handling | rollback owner | validation 指標 |
|
||||
|------|-------|--------------------|---------------------|----------------|-----------------|
|
||||
| `192.168.0.112` | Kali scanner health、tool version、package posture、`networking.service`、service hardening readiness;P1-7 草案見 `KALI-112-MAINTENANCE-WINDOW-DRAFT.md` | 待人工指定;目前不得更新、重啟、hardening 或 active scan | SSH key / token 狀態只可記錄 present / absent;不得保存密碼、token value、private key | Security Supply Chain 指派後才可動作 | scanner health、node exporter、wg-easy、pending updates、failed services、reboot required、post-check screenshot / log ref |
|
||||
| `192.168.0.111` | Ollama fallback、model inventory、host reachability、SSH policy posture、fallback readiness | 待人工指定;目前不得停止模型、重啟服務或改 fallback route | 不收模型 API key、SSH 密碼或 private key;只保存脫敏 evidence ref | Dev Host Steward 指派後才可動作 | Ollama route truth、fallback availability、model list hash、service status、AI route smoke |
|
||||
| `192.168.0.168` | local development origin、repo hygiene、dev-only CORS、local service exposure | 待人工指定;目前不得 credentialed scan 或讀取未授權目錄 | 不收個人憑證、不讀私有目錄、不保存 secrets value | Dev Host Steward 指派後才可動作 | repo secret scan summary、local service list summary、CORS origin review、rollback / disable note |
|
||||
| `192.168.0.111` | Ollama fallback、model inventory、host reachability、SSH policy posture、fallback readiness;P1-8 草案見 `DEV-HOSTS-111-168-SCOPE-HANDOFF.md` | 待人工指定;目前不得停止模型、重啟服務或改 fallback route | 不收模型 API key、SSH 密碼、private key、token、cookie、authorization header 或任何可還原 secret derivative;只保存脫敏 evidence ref | Dev Host Steward 指派後才可動作 | Ollama route truth、fallback availability、model list hash、service status、AI route smoke |
|
||||
| `192.168.0.168` | local development origin、repo hygiene、dev-only CORS、local service exposure;P1-8 草案見 `DEV-HOSTS-111-168-SCOPE-HANDOFF.md` | 待人工指定;目前不得 credentialed scan、讀取未授權目錄、讀個人資料或改 CORS / firewall / service | 不收個人憑證、不讀私有目錄、不保存 secrets value、secret hash、masked token 或 partial token | Dev Host Steward 指派後才可動作 | repo secret scan summary、local service list summary、CORS origin review、rollback / disable note |
|
||||
|
||||
## 1.2 目前已知 112 缺口
|
||||
## 1.2 目前已知 111 / 168 缺口
|
||||
|
||||
| 缺口 | 狀態 | 邊界 |
|
||||
|------|------|------|
|
||||
| `192.168.0.111` Ollama fallback route truth | P1-8 scope handoff 已建立;owner response 未收 | 不改 `OLLAMA_URL`、`OLLAMA_SECONDARY_URL`、`OLLAMA_FALLBACK_URL`、proxy route 或 model runtime |
|
||||
| `192.168.0.111` model inventory posture | 只允許收模型清單摘要 / hash 與 owner evidence ref | 不收 prompt、token、API key、私有資料或模型操作命令 |
|
||||
| `192.168.0.111` service / SSH policy posture | 只允許收服務狀態摘要與 policy posture | 不 SSH、不 restart、不改 firewall、不停止模型 |
|
||||
| `192.168.0.168` local development origin | P1-8 scope handoff 已建立;owner response 未收 | 不改 dev-only CORS、不改 production route、不把 local origin 當 production 授權 |
|
||||
| `192.168.0.168` repo hygiene / secret summary | 只允許 repo 層級摘要與脫敏 evidence ref | 不讀未授權目錄、不收 secret value / hash / partial token、不掃描個人資料 |
|
||||
| `192.168.0.168` local service exposure | 只允許 owner 提供或授權的 service summary | 不 port scan、不改 firewall、不停止服務 |
|
||||
|
||||
## 1.3 目前已知 112 缺口
|
||||
|
||||
| 缺口 | 狀態 | 邊界 |
|
||||
|------|------|------|
|
||||
@@ -104,4 +115,4 @@ AwoooP 初期不做:
|
||||
|
||||
## 6. IwoooS 顯示邊界
|
||||
|
||||
IwoooS 可以顯示 112 / 111 / 168 的 observe-only 狀態、維護準備欄位、缺口與下一步,但不得顯示或提供任何會直接觸發主機命令、掃描、更新、重啟、hardening、credentialed scan、firewall/RBAC/NetworkPolicy 修改或 `/execute` 的 action button。
|
||||
IwoooS 可以顯示 112 / 111 / 168 的 observe-only 狀態、維護準備欄位、scope handoff、缺口與下一步,但不得顯示或提供任何會直接觸發主機命令、掃描、更新、重啟、hardening、credentialed scan、fallback route change、CORS / firewall / service 修改、firewall/RBAC/NetworkPolicy 修改或 `/execute` 的 action button。
|
||||
|
||||
311
docs/security/dev-hosts-111-168-scope-handoff.snapshot.json
Normal file
311
docs/security/dev-hosts-111-168-scope-handoff.snapshot.json
Normal file
@@ -0,0 +1,311 @@
|
||||
{
|
||||
"schema_version": "dev_host_scope_handoff_v1",
|
||||
"status": "draft_waiting_owner_review",
|
||||
"date": "2026-06-04",
|
||||
"mode": "scope_handoff_only",
|
||||
"source_evidence_refs": [
|
||||
"docs/security/DEV-HOSTS-112-111-168-OBSERVE-ONLY-MAPPING.md",
|
||||
"docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md",
|
||||
"docs/security/IWOOOS-POSTURE-PROJECTION.md",
|
||||
"docs/workplans/2026-06-04-iwooos-security-governance-p0.md",
|
||||
"/Users/ogt/.claude/projects/-Users-ogt-awoooi/memory/feedback_ollama_111_only.md",
|
||||
"/Users/ogt/.claude/projects/-Users-ogt-awoooi/memory/feedback_secret_debug_output_ban.md",
|
||||
"/Users/ogt/.claude/projects/-Users-ogt-awoooi/memory/feedback_ssh_command_security.md"
|
||||
],
|
||||
"summary": {
|
||||
"hosts": [
|
||||
"192.168.0.111",
|
||||
"192.168.0.168"
|
||||
],
|
||||
"asset_keys": [
|
||||
"host:dev-ai-111",
|
||||
"host:dev-workstation-168"
|
||||
],
|
||||
"scope_handoff_package_ready": true,
|
||||
"scope_handoff_completion_percent": 100,
|
||||
"host_execution_completion_percent": 0,
|
||||
"owner_response_received": false,
|
||||
"owner_response_accepted": false,
|
||||
"host_change_authorized": false,
|
||||
"fallback_route_change_authorized": false,
|
||||
"credentialed_scan_authorized": false,
|
||||
"active_scan_authorized": false,
|
||||
"secret_value_collection_authorized": false,
|
||||
"runtime_execution_authorized": false,
|
||||
"action_buttons_allowed": false
|
||||
},
|
||||
"hosts": [
|
||||
{
|
||||
"host": "192.168.0.111",
|
||||
"asset_key": "host:dev-ai-111",
|
||||
"role": "Local AI / Ollama fallback / 開發輔助主機",
|
||||
"mode": "observe_only",
|
||||
"scope_lanes": [
|
||||
{
|
||||
"lane_id": "ollama-fallback-truth",
|
||||
"description": "對齊 ADR-110 三層路由與 local fallback 事實來源,確認 evidence ref 與 owner。",
|
||||
"validation_metrics": [
|
||||
"Ollama route truth",
|
||||
"fallback availability",
|
||||
"AI route smoke"
|
||||
],
|
||||
"current_authorized": false
|
||||
},
|
||||
{
|
||||
"lane_id": "model-inventory-posture",
|
||||
"description": "只收模型清單摘要、模型數量、版本 / tag metadata 與 list hash,不收 prompt、token 或私有資料。",
|
||||
"validation_metrics": [
|
||||
"model list hash",
|
||||
"model tag summary",
|
||||
"inventory owner ref"
|
||||
],
|
||||
"current_authorized": false
|
||||
},
|
||||
{
|
||||
"lane_id": "service-ssh-policy-posture",
|
||||
"description": "只收服務狀態摘要與 SSH policy posture,不登入、不改 service。",
|
||||
"validation_metrics": [
|
||||
"service status summary",
|
||||
"SSH policy posture",
|
||||
"rollback owner ref"
|
||||
],
|
||||
"current_authorized": false
|
||||
}
|
||||
],
|
||||
"maintenance_window": {
|
||||
"window_status": "waiting_owner_selection",
|
||||
"allowed_metadata": [
|
||||
"future low-traffic window",
|
||||
"stop condition",
|
||||
"rollback owner",
|
||||
"route validation metrics"
|
||||
],
|
||||
"forbidden_actions": [
|
||||
"stop_model",
|
||||
"restart_ollama",
|
||||
"pull_model",
|
||||
"delete_model",
|
||||
"change_ollama_route",
|
||||
"change_firewall"
|
||||
]
|
||||
},
|
||||
"rollback_plan_draft": [
|
||||
{
|
||||
"rollback_item": "fallback route rollback",
|
||||
"required_evidence": [
|
||||
"route before / after refs",
|
||||
"fallback owner",
|
||||
"AI route smoke",
|
||||
"stop condition"
|
||||
],
|
||||
"owner_status": "waiting_owner_assignment"
|
||||
},
|
||||
{
|
||||
"rollback_item": "model service rollback",
|
||||
"required_evidence": [
|
||||
"service state ref",
|
||||
"model inventory hash before / after",
|
||||
"operator notice owner"
|
||||
],
|
||||
"owner_status": "waiting_owner_assignment"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"host": "192.168.0.168",
|
||||
"asset_key": "host:dev-workstation-168",
|
||||
"role": "開發工作站 / local development origin",
|
||||
"mode": "observe_only",
|
||||
"scope_lanes": [
|
||||
{
|
||||
"lane_id": "local-development-origin",
|
||||
"description": "確認 168 作為本機開發來源、preview origin、dev-only CORS 候選,不改 runtime。",
|
||||
"validation_metrics": [
|
||||
"CORS origin review",
|
||||
"local origin owner ref",
|
||||
"production boundary note"
|
||||
],
|
||||
"current_authorized": false
|
||||
},
|
||||
{
|
||||
"lane_id": "repo-hygiene",
|
||||
"description": "只收 repo 層級 hygiene 摘要、secret scan summary、dirty worktree policy,不讀未授權目錄。",
|
||||
"validation_metrics": [
|
||||
"repo secret scan summary",
|
||||
"repo owner ref",
|
||||
"dirty worktree policy"
|
||||
],
|
||||
"current_authorized": false
|
||||
},
|
||||
{
|
||||
"lane_id": "local-service-exposure",
|
||||
"description": "只收服務清單摘要、port 類型、owner 與 disable note,不做 port scan 或 firewall 變更。",
|
||||
"validation_metrics": [
|
||||
"local service list summary",
|
||||
"service owner ref",
|
||||
"rollback / disable note"
|
||||
],
|
||||
"current_authorized": false
|
||||
}
|
||||
],
|
||||
"maintenance_window": {
|
||||
"window_status": "waiting_owner_selection",
|
||||
"allowed_metadata": [
|
||||
"future repo hygiene review window",
|
||||
"future local service review window",
|
||||
"excluded directories",
|
||||
"disable note owner"
|
||||
],
|
||||
"forbidden_actions": [
|
||||
"credentialed_scan",
|
||||
"read_private_directory",
|
||||
"change_cors",
|
||||
"stop_service",
|
||||
"change_local_firewall"
|
||||
]
|
||||
},
|
||||
"rollback_plan_draft": [
|
||||
{
|
||||
"rollback_item": "dev CORS rollback",
|
||||
"required_evidence": [
|
||||
"current allowed origins ref",
|
||||
"candidate change note",
|
||||
"disable owner",
|
||||
"browser smoke plan"
|
||||
],
|
||||
"owner_status": "waiting_owner_assignment"
|
||||
},
|
||||
{
|
||||
"rollback_item": "local service disable / restore",
|
||||
"required_evidence": [
|
||||
"service list summary",
|
||||
"owner",
|
||||
"restore note",
|
||||
"post-check ref"
|
||||
],
|
||||
"owner_status": "waiting_owner_assignment"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"owner_response_handoff": {
|
||||
"status": "ready_not_dispatched",
|
||||
"request_dispatch_authorized": false,
|
||||
"required_response_fields": [
|
||||
"owner_role_or_team",
|
||||
"host_scope_boundary",
|
||||
"decision",
|
||||
"decision_reason",
|
||||
"affected_scope",
|
||||
"maintenance_window_expectation",
|
||||
"credential_handling_confirmation",
|
||||
"rollback_owner",
|
||||
"validation_metrics_owner",
|
||||
"redacted_evidence_refs",
|
||||
"followup_owner"
|
||||
],
|
||||
"allowed_decisions": [
|
||||
"confirm_observe_only",
|
||||
"defer",
|
||||
"reject",
|
||||
"request_more_evidence"
|
||||
],
|
||||
"forbidden_inputs": [
|
||||
"model API key value",
|
||||
"SSH password",
|
||||
"private key",
|
||||
"token value",
|
||||
"cookie",
|
||||
"session",
|
||||
"authorization header",
|
||||
"personal credential",
|
||||
"secret hash",
|
||||
"masked token",
|
||||
"partial token",
|
||||
"command to execute",
|
||||
"service restart request",
|
||||
"firewall change request",
|
||||
"model stop request",
|
||||
"CORS apply request",
|
||||
"active scan request",
|
||||
"credentialed scan request",
|
||||
"private directory content"
|
||||
],
|
||||
"response_received": false,
|
||||
"response_accepted": false
|
||||
},
|
||||
"credential_handling": {
|
||||
"policy": "metadata_only_no_secret_value",
|
||||
"allowed_evidence": [
|
||||
"present / absent",
|
||||
"owner role",
|
||||
"scope",
|
||||
"document ref",
|
||||
"ticket ref",
|
||||
"redacted metadata pointer"
|
||||
],
|
||||
"forbidden_evidence": [
|
||||
"secret value",
|
||||
"private key",
|
||||
"token",
|
||||
"cookie",
|
||||
"session",
|
||||
"authorization header",
|
||||
"model API key",
|
||||
"SSH password",
|
||||
"personal credential",
|
||||
"reversible secret hash",
|
||||
"partial token",
|
||||
"raw screenshot containing credential"
|
||||
],
|
||||
"quarantine_required_on_plaintext_credential": true,
|
||||
"secret_value_collection_authorized": false
|
||||
},
|
||||
"validation_metrics": [
|
||||
{
|
||||
"host": "192.168.0.111",
|
||||
"metrics": [
|
||||
"Ollama route truth",
|
||||
"fallback availability",
|
||||
"model list hash",
|
||||
"service status",
|
||||
"AI route smoke"
|
||||
]
|
||||
},
|
||||
{
|
||||
"host": "192.168.0.168",
|
||||
"metrics": [
|
||||
"repo secret scan summary",
|
||||
"local service list summary",
|
||||
"CORS origin review",
|
||||
"rollback / disable note"
|
||||
]
|
||||
}
|
||||
],
|
||||
"acceptance_rules": [
|
||||
"本 handoff 完成不代表 owner response 已收到、已接受或已批准。",
|
||||
"192.168.0.111 的 fallback route truth 只能作為 observe-only evidence,不得改 OLLAMA_URL、OLLAMA_SECONDARY_URL、OLLAMA_FALLBACK_URL 或 proxy route。",
|
||||
"192.168.0.168 的 repo / CORS / service exposure 只能作為 scope review,不得讀取未授權目錄或個人資料。",
|
||||
"所有 credential / secret 類資料只能記錄脫敏 metadata;raw value 一律拒收或隔離。",
|
||||
"維護窗口、rollback owner、validation owner 到齊前,不得做 host change、service restart、active scan、credentialed scan 或 runtime gate。",
|
||||
"未來 post-check 失敗只能建立人工 follow-up,不得自動修復。"
|
||||
],
|
||||
"forbidden_actions": [
|
||||
"ssh_to_host",
|
||||
"read_private_directory",
|
||||
"credentialed_scan",
|
||||
"active_scan",
|
||||
"port_scan",
|
||||
"stop_model",
|
||||
"pull_model",
|
||||
"delete_model",
|
||||
"restart_ollama",
|
||||
"change_ollama_route",
|
||||
"change_cors",
|
||||
"change_firewall",
|
||||
"change_service",
|
||||
"store_credential_value",
|
||||
"enable_runtime_blocking_control",
|
||||
"add_awooop_action_button"
|
||||
]
|
||||
}
|
||||
Reference in New Issue
Block a user