docs(iwooos): 記錄監控告警事故回讀 gate [skip ci]

This commit is contained in:
Your Name
2026-06-16 11:20:21 +08:00
parent 9a7ba625c2
commit 95be78bd66

View File

@@ -1,3 +1,58 @@
## 2026-06-16Monitoring / Alerting / Observability 事故後回讀 Gate
**背景**110 冷啟動、端口異動、Prometheus / Alertmanager / StockPlatform / Harbor / registry / Ollama route 類事故證明,監控告警不能只看 dashboard up、route `200`、CD success、訊息預覽或 UI 可見。IwoooS 必須補上監控告警事故後回讀欄位確認告警規則、datasource、scrape target、receiver route、silence / mute / dedup / inhibit、通知回執、dashboard / trace / log freshness、reload / no-reload、rollback 與跨專案同步;本階段只建立 readback plan、snapshot、guard 與前台 marker不 reload Prometheus / Alertmanager、不改 Grafana / SigNoz / Sentry / Langfuse / OTEL、不發 Telegram、不 fire live alert、不做 alert-chain smoke、不 SSH、不做 host write。
**完成項目**
- 新增 `scripts/security/monitoring-post-incident-readback-plan.py``docs/security/monitoring-post-incident-readback-plan.snapshot.json`
- 新增 `docs/security/MONITORING-POST-INCIDENT-READBACK-PLAN.md`,把既有 monitoring owner response acceptance 轉成事故後回讀計畫。
- Post-incident readback plan 固定為 candidates `60`、write-capable candidates `11`、live-evidence-required candidates `60`、alert-rule candidates `13`、deploy-or-reload candidates `6`、readback fields `39`、required readback fields `30`、reviewer checks `28`、outcome lanes `11`、blocked actions `53`
- 必填回讀欄位包含 incident / change / outage ref、actor attribution、time window、break-glass、before / after alert state、rule / datasource / scrape state、receiver route、reload / no-reload、receiver receipt、stale / pending / resolved review、silence / mute / dedup / inhibit、dashboard / trace / log freshness、notification delivery metadata、alert chain health、cross-project sync、rollback / disable validation、post-change monitoring、postcheck、recurrence guard、maintenance window、rollback owner、followup owner、redacted refs、no-secret / no-raw-payload / no-false-green attestation。
- 所有 readback received / accepted、receiver receipt accepted、stale / silence accepted、alert chain health accepted、Prometheus reload、Alertmanager reload、Grafana import、SigNoz apply、Sentry deploy、Langfuse change、OTEL reload、receiver route change、silence change、Telegram send、live alert fire、alert-chain smoke、secret collection、host write、production write、runtime gate 與 action button 仍為 `0 / false`
- `monitoring_alerting_observability` 只讀成熟度從 `68%` 推進到 `70%`,狀態為 `post_incident_readback_plan_ready_no_runtime_action`
- 高價值配置平均成熟度維持 `71%`needs-live-evidence 類別維持 `9`IwoooS headline 維持 `64%`active runtime gate 維持 `0`
- `/zh-TW/iwooos` 前台高價值配置卡片更新為 Monitoring / Alerting / Observability `70% / readback 0`,並在展開邊界中保留 `monitoring_post_incident_readback_plan_candidate_count=60``monitoring_post_incident_readback_plan_blocked_action_count=53``monitoring_alerting_observability_coverage_percent=70``monitoring_post_incident_readback_plan_runtime_gate_count=0` 等 marker。
- `/zh-TW/awooop/tenants` 維持脫敏資產台帳:前台只顯示產品 / 專案代號、脫敏範圍代號、控管狀態與閘門數,不顯示原始個人 namespace、原始 repo namespace、raw blocker 狀態或內部協作語句。
**本地驗證**
- `python3 -m py_compile scripts/security/monitoring-post-incident-readback-plan.py scripts/security/high-value-config-control-coverage.py scripts/security/iwooos-config-control-guard.py scripts/security/security-mirror-progress-guard.py` 通過。
- JSON parse 驗證 `docs/security/monitoring-post-incident-readback-plan.snapshot.json``docs/security/high-value-config-control-coverage.snapshot.json``docs/security/iwooos-posture-projection.snapshot.json``docs/schemas/iwooos_posture_projection_v1.schema.json``apps/web/messages/zh-TW.json``apps/web/messages/en.json` 通過。
- `python3 scripts/security/monitoring-post-incident-readback-plan.py --root . --output /tmp/monitoring-post-incident-readback-plan.verify.json``MONITORING_POST_INCIDENT_READBACK_PLAN_OK candidates=60 write_capable=11 checks=28 lanes=11 accepted=0 runtime_gate=0`
- `python3 scripts/security/iwooos-config-control-guard.py --root .``IWOOOS_CONFIG_CONTROL_GUARD_OK`
- `python3 scripts/security/security-mirror-progress-guard.py --root .``SECURITY_MIRROR_PROGRESS_GUARD_OK`
- `python3 scripts/security/public-frontend-env-guard.py --root .``OK public frontend sensitive surface guard files=225 patterns=12 allowlisted=2 violations=0 runtime_gate=0`
- `python3 scripts/security/source-control-owner-response-guard.py --root .``SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`
- `python3 scripts/security/package-supply-chain-owner-policy-guard.py --root .``PACKAGE_SUPPLY_CHAIN_OWNER_POLICY_GUARD_OK`
- `python3 scripts/ops/doc-secrets-sanity-check.py docs .gitea``DOC_SECRET_SANITY_OK scanned_files=887`
- `pnpm --filter @awoooi/web typecheck` 通過;`apps/web/tsconfig.tsbuildinfo` 只屬 typecheck 快取副作用,未納入提交。
- `git diff --check` 通過;前端敏感顯示面掃描 `批准!``工作視窗``source_thread_id``blocked_waiting_``blockers=`、原始 namespace 與 raw namespace 命中 `0`
**Gitea / CD**
- Code commit`d89f271a feat(iwooos): 新增監控告警事故回讀 gate`
- Code-review run`3066`,公開 Actions 頁顯示成功。
- CD run`3065`,公開 Actions 頁顯示成功。
- Deploy marker`9a7ba625 chore(cd): deploy d89f271 [skip ci]`;初次短輪詢時 marker 尚未落地,後續 fetch 已確認延遲完成。
**Production 驗證**
- 內建瀏覽器自動化通道 attach 逾時,改用本機 Google Chrome headless 對相同 production URL 做只讀 smoke未使用登入 token、未讀 secrets、未進行寫操作。
- Chrome desktop `1440x1100``/zh-TW/iwooos?_v=9a7ba625-monitoring-readback-prod-probe``200`Monitoring readback marker 缺漏 `0`,敏感 / 內部協作片語命中 `0``horizontalOverflow=false``scrollWidth=1440``clientWidth=1440`
- Chrome mobile `390x844``/zh-TW/iwooos?_v=9a7ba625-monitoring-readback-prod-probe``200`Monitoring readback marker 缺漏 `0`,敏感 / 內部協作片語命中 `0``horizontalOverflow=false``scrollWidth=390``clientWidth=390`
- Chrome desktop `1440x1100``/zh-TW/awooop/tenants?_v=9a7ba625-monitoring-readback-prod-probe``200`,敏感 / 內部協作片語命中 `0``horizontalOverflow=false``scrollWidth=1440``clientWidth=1440`
- Chrome mobile `390x844``/zh-TW/awooop/tenants?_v=9a7ba625-monitoring-readback-prod-probe``200`,敏感 / 內部協作片語命中 `0``horizontalOverflow=false``scrollWidth=390``clientWidth=390`
- Chrome 截圖:
- `/tmp/iwooos-desktop-9a7ba625-monitoring-readback.png`
- `/tmp/iwooos-mobile-9a7ba625-monitoring-readback.png`
- `/tmp/tenants-desktop-9a7ba625-monitoring-readback.png`
- `/tmp/tenants-mobile-9a7ba625-monitoring-readback.png`
**完成度與邊界**
- Monitoring / Alerting / Observability post-incident readback plan`0% -> 100%`
- Monitoring / Alerting / Observability 只讀成熟度:`68% -> 70%`
- 高價值配置平均成熟度:維持 `71%`needs-live-evidence 類別:維持 `9`
- IwoooS headline 維持 `64%`active runtime gate 維持 `0`
- readback received / accepted、receiver receipt accepted、stale / silence accepted、alert chain health accepted、Prometheus reload、Alertmanager reload、Grafana import、SigNoz apply、Sentry deploy、Langfuse change、OTEL reload、receiver route change、silence change、Telegram send、live alert fire、alert-chain smoke、secret collection、host write、production write、runtime gate 與 action buttons 全部維持 `0 / false`
- 本輪未 SSH、未改 Prometheus / Alertmanager / Grafana / SigNoz / Sentry / Langfuse / OTEL、未 reload、未發 Telegram、未 fire live alert、未做 alert-chain smoke、未 Docker / systemd / firewall / ArgoCD / K8s live action、未 active scan、未收 secrets 明文、未 force push。
- 下一優先:收 Monitoring / Alerting / Observability owner readback evidence 與 receiver receipt同時推進 S4.9 owner response、Backup / Restore / Escrow、Workflow / runner / deploy secret injection 的 owner evidence gate且不得用 dashboard up、route 200、CD success、UI 可見或 smoke pass 當成資安 runtime 授權。
## 2026-06-16Public Gateway / Nginx 事故後回讀 Gate
**背景**Nginx / Public Gateway 控制公開網站、API、管理路由、Webhook、WebSocket、TLS / ACME 與 Ollama / AI provider proxy近期端口與 gateway 類事故證明route `200`、Nginx active、dashboard up、CD success 或 UI 可見都不能當成事故已驗收。本階段補上 Public Gateway / Nginx post-incident readback plan只建立事故後回讀候選、必填欄位、reviewer checks、outcome lanes、blocked actions 與前台 marker不 SSH、不讀 live Nginx conf、不執行 `nginx -t`、不 reload、不做 route smoke、不改 DNS / TLS、不 renew cert、不寫主機。