From 95be78bd6692ec3dfa1a01d754667bf163d7308f Mon Sep 17 00:00:00 2001 From: Your Name Date: Tue, 16 Jun 2026 11:20:21 +0800 Subject: [PATCH] =?UTF-8?q?docs(iwooos):=20=E8=A8=98=E9=8C=84=E7=9B=A3?= =?UTF-8?q?=E6=8E=A7=E5=91=8A=E8=AD=A6=E4=BA=8B=E6=95=85=E5=9B=9E=E8=AE=80?= =?UTF-8?q?=20gate=20[skip=20ci]?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/LOGBOOK.md | 55 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index aa2320cf1..1adfdf11f 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -1,3 +1,58 @@ +## 2026-06-16|Monitoring / Alerting / Observability 事故後回讀 Gate + +**背景**:110 冷啟動、端口異動、Prometheus / Alertmanager / StockPlatform / Harbor / registry / Ollama route 類事故證明,監控告警不能只看 dashboard up、route `200`、CD success、訊息預覽或 UI 可見。IwoooS 必須補上監控告警事故後回讀欄位,確認告警規則、datasource、scrape target、receiver route、silence / mute / dedup / inhibit、通知回執、dashboard / trace / log freshness、reload / no-reload、rollback 與跨專案同步;本階段只建立 readback plan、snapshot、guard 與前台 marker,不 reload Prometheus / Alertmanager、不改 Grafana / SigNoz / Sentry / Langfuse / OTEL、不發 Telegram、不 fire live alert、不做 alert-chain smoke、不 SSH、不做 host write。 + +**完成項目**: +- 新增 `scripts/security/monitoring-post-incident-readback-plan.py` 與 `docs/security/monitoring-post-incident-readback-plan.snapshot.json`。 +- 新增 `docs/security/MONITORING-POST-INCIDENT-READBACK-PLAN.md`,把既有 monitoring owner response acceptance 轉成事故後回讀計畫。 +- Post-incident readback plan 固定為 candidates `60`、write-capable candidates `11`、live-evidence-required candidates `60`、alert-rule candidates `13`、deploy-or-reload candidates `6`、readback fields `39`、required readback fields `30`、reviewer checks `28`、outcome lanes `11`、blocked actions `53`。 +- 必填回讀欄位包含 incident / change / outage ref、actor attribution、time window、break-glass、before / after alert state、rule / datasource / scrape state、receiver route、reload / no-reload、receiver receipt、stale / pending / resolved review、silence / mute / dedup / inhibit、dashboard / trace / log freshness、notification delivery metadata、alert chain health、cross-project sync、rollback / disable validation、post-change monitoring、postcheck、recurrence guard、maintenance window、rollback owner、followup owner、redacted refs、no-secret / no-raw-payload / no-false-green attestation。 +- 所有 readback received / accepted、receiver receipt accepted、stale / silence accepted、alert chain health accepted、Prometheus reload、Alertmanager reload、Grafana import、SigNoz apply、Sentry deploy、Langfuse change、OTEL reload、receiver route change、silence change、Telegram send、live alert fire、alert-chain smoke、secret collection、host write、production write、runtime gate 與 action button 仍為 `0 / false`。 +- `monitoring_alerting_observability` 只讀成熟度從 `68%` 推進到 `70%`,狀態為 `post_incident_readback_plan_ready_no_runtime_action`。 +- 高價值配置平均成熟度維持 `71%`;needs-live-evidence 類別維持 `9`;IwoooS headline 維持 `64%`;active runtime gate 維持 `0`。 +- `/zh-TW/iwooos` 前台高價值配置卡片更新為 Monitoring / Alerting / Observability `70% / readback 0`,並在展開邊界中保留 `monitoring_post_incident_readback_plan_candidate_count=60`、`monitoring_post_incident_readback_plan_blocked_action_count=53`、`monitoring_alerting_observability_coverage_percent=70`、`monitoring_post_incident_readback_plan_runtime_gate_count=0` 等 marker。 +- `/zh-TW/awooop/tenants` 維持脫敏資產台帳:前台只顯示產品 / 專案代號、脫敏範圍代號、控管狀態與閘門數,不顯示原始個人 namespace、原始 repo namespace、raw blocker 狀態或內部協作語句。 + +**本地驗證**: +- `python3 -m py_compile scripts/security/monitoring-post-incident-readback-plan.py scripts/security/high-value-config-control-coverage.py scripts/security/iwooos-config-control-guard.py scripts/security/security-mirror-progress-guard.py` 通過。 +- JSON parse 驗證 `docs/security/monitoring-post-incident-readback-plan.snapshot.json`、`docs/security/high-value-config-control-coverage.snapshot.json`、`docs/security/iwooos-posture-projection.snapshot.json`、`docs/schemas/iwooos_posture_projection_v1.schema.json`、`apps/web/messages/zh-TW.json`、`apps/web/messages/en.json` 通過。 +- `python3 scripts/security/monitoring-post-incident-readback-plan.py --root . --output /tmp/monitoring-post-incident-readback-plan.verify.json` → `MONITORING_POST_INCIDENT_READBACK_PLAN_OK candidates=60 write_capable=11 checks=28 lanes=11 accepted=0 runtime_gate=0`。 +- `python3 scripts/security/iwooos-config-control-guard.py --root .` → `IWOOOS_CONFIG_CONTROL_GUARD_OK`。 +- `python3 scripts/security/security-mirror-progress-guard.py --root .` → `SECURITY_MIRROR_PROGRESS_GUARD_OK`。 +- `python3 scripts/security/public-frontend-env-guard.py --root .` → `OK public frontend sensitive surface guard files=225 patterns=12 allowlisted=2 violations=0 runtime_gate=0`。 +- `python3 scripts/security/source-control-owner-response-guard.py --root .` → `SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`。 +- `python3 scripts/security/package-supply-chain-owner-policy-guard.py --root .` → `PACKAGE_SUPPLY_CHAIN_OWNER_POLICY_GUARD_OK`。 +- `python3 scripts/ops/doc-secrets-sanity-check.py docs .gitea` → `DOC_SECRET_SANITY_OK scanned_files=887`。 +- `pnpm --filter @awoooi/web typecheck` 通過;`apps/web/tsconfig.tsbuildinfo` 只屬 typecheck 快取副作用,未納入提交。 +- `git diff --check` 通過;前端敏感顯示面掃描 `批准!`、`工作視窗`、`source_thread_id`、`blocked_waiting_`、`blockers=`、原始 namespace 與 raw namespace 命中 `0`。 + +**Gitea / CD**: +- Code commit:`d89f271a feat(iwooos): 新增監控告警事故回讀 gate`。 +- Code-review run:`3066`,公開 Actions 頁顯示成功。 +- CD run:`3065`,公開 Actions 頁顯示成功。 +- Deploy marker:`9a7ba625 chore(cd): deploy d89f271 [skip ci]`;初次短輪詢時 marker 尚未落地,後續 fetch 已確認延遲完成。 + +**Production 驗證**: +- 內建瀏覽器自動化通道 attach 逾時,改用本機 Google Chrome headless 對相同 production URL 做只讀 smoke;未使用登入 token、未讀 secrets、未進行寫操作。 +- Chrome desktop `1440x1100`:`/zh-TW/iwooos?_v=9a7ba625-monitoring-readback-prod-probe` 回 `200`,Monitoring readback marker 缺漏 `0`,敏感 / 內部協作片語命中 `0`,`horizontalOverflow=false`,`scrollWidth=1440`,`clientWidth=1440`。 +- Chrome mobile `390x844`:`/zh-TW/iwooos?_v=9a7ba625-monitoring-readback-prod-probe` 回 `200`,Monitoring readback marker 缺漏 `0`,敏感 / 內部協作片語命中 `0`,`horizontalOverflow=false`,`scrollWidth=390`,`clientWidth=390`。 +- Chrome desktop `1440x1100`:`/zh-TW/awooop/tenants?_v=9a7ba625-monitoring-readback-prod-probe` 回 `200`,敏感 / 內部協作片語命中 `0`,`horizontalOverflow=false`,`scrollWidth=1440`,`clientWidth=1440`。 +- Chrome mobile `390x844`:`/zh-TW/awooop/tenants?_v=9a7ba625-monitoring-readback-prod-probe` 回 `200`,敏感 / 內部協作片語命中 `0`,`horizontalOverflow=false`,`scrollWidth=390`,`clientWidth=390`。 +- Chrome 截圖: + - `/tmp/iwooos-desktop-9a7ba625-monitoring-readback.png` + - `/tmp/iwooos-mobile-9a7ba625-monitoring-readback.png` + - `/tmp/tenants-desktop-9a7ba625-monitoring-readback.png` + - `/tmp/tenants-mobile-9a7ba625-monitoring-readback.png` + +**完成度與邊界**: +- Monitoring / Alerting / Observability post-incident readback plan:`0% -> 100%`。 +- Monitoring / Alerting / Observability 只讀成熟度:`68% -> 70%`。 +- 高價值配置平均成熟度:維持 `71%`;needs-live-evidence 類別:維持 `9`。 +- IwoooS headline 維持 `64%`;active runtime gate 維持 `0`。 +- readback received / accepted、receiver receipt accepted、stale / silence accepted、alert chain health accepted、Prometheus reload、Alertmanager reload、Grafana import、SigNoz apply、Sentry deploy、Langfuse change、OTEL reload、receiver route change、silence change、Telegram send、live alert fire、alert-chain smoke、secret collection、host write、production write、runtime gate 與 action buttons 全部維持 `0 / false`。 +- 本輪未 SSH、未改 Prometheus / Alertmanager / Grafana / SigNoz / Sentry / Langfuse / OTEL、未 reload、未發 Telegram、未 fire live alert、未做 alert-chain smoke、未 Docker / systemd / firewall / ArgoCD / K8s live action、未 active scan、未收 secrets 明文、未 force push。 +- 下一優先:收 Monitoring / Alerting / Observability owner readback evidence 與 receiver receipt;同時推進 S4.9 owner response、Backup / Restore / Escrow、Workflow / runner / deploy secret injection 的 owner evidence gate,且不得用 dashboard up、route 200、CD success、UI 可見或 smoke pass 當成資安 runtime 授權。 + ## 2026-06-16|Public Gateway / Nginx 事故後回讀 Gate **背景**:Nginx / Public Gateway 控制公開網站、API、管理路由、Webhook、WebSocket、TLS / ACME 與 Ollama / AI provider proxy;近期端口與 gateway 類事故證明,route `200`、Nginx active、dashboard up、CD success 或 UI 可見都不能當成事故已驗收。本階段補上 Public Gateway / Nginx post-incident readback plan,只建立事故後回讀候選、必填欄位、reviewer checks、outcome lanes、blocked actions 與前台 marker;不 SSH、不讀 live Nginx conf、不執行 `nginx -t`、不 reload、不做 route smoke、不改 DNS / TLS、不 renew cert、不寫主機。