feat(web): add IwoooS host review outcomes
This commit is contained in:
@@ -46,6 +46,7 @@ IwoooS 首版只讀取或對齊以下已提交 evidence:
|
||||
14. 7 個主機 evidence readiness items:scope boundary、owner decision、credential handling、maintenance window、rollback plan、validation metrics、redacted ingestion。
|
||||
15. 7 個主機 evidence collection order steps,顯示收件順序與前置依賴。
|
||||
16. 7 個主機 evidence intake preflight checks,顯示未來 evidence 進人工 review 前的拒收 / 隔離規則。
|
||||
17. 7 個主機 evidence review outcome lanes,顯示 preflight 後的人工審查分流結果。
|
||||
|
||||
## 3.1 既有前端資安頁面整合
|
||||
|
||||
@@ -195,6 +196,24 @@ S2.18 將主機 evidence 進人工 review 前的預檢條件顯示成只讀規
|
||||
|
||||
這個 preflight board 不代表已收到任何主機 evidence,也不代表已進人工 review。真正收件仍需要脫敏 evidence pointer、owner decision 與後續人工驗收。
|
||||
|
||||
## 3.10 主機 Evidence Review Outcome Lanes
|
||||
|
||||
S2.19 將主機 evidence 通過 preflight 後可能進入的人工審查結果分流顯示成只讀 lanes。這一層只回答「下一步該補什麼或顯示什麼結果」,不建立 approval record、不啟動 runtime gate、不改 received / accepted。
|
||||
|
||||
| 順序 | Outcome lane | 來源預檢 | 下一步 |
|
||||
|------|--------------|----------|--------|
|
||||
| 1 | Ready for human review | metadata pointer、dependency order、scope、owner decision | 顯示人工審查候選;received=0、accepted=0 |
|
||||
| 2 | Needs scope evidence | scope before scan | 補脫敏 scope boundary pointer,不進 scan |
|
||||
| 3 | Needs owner decision | owner before host change | 補 owner decision record pointer,不啟動主機動作 |
|
||||
| 4 | Quarantine dependency skip | collection order match | 顯示隔離原因,不推 counter |
|
||||
| 5 | Reject raw payload | raw payload blocked | 要求改交脫敏摘要 |
|
||||
| 6 | Reject credential plaintext | credential plaintext blocked | 不保存、不轉送、不顯示憑證明文 |
|
||||
| 7 | Waiting runtime gate | frontend counters frozen、owner decision | 人工審查後仍需另開 runtime gate;active runtime gates=0 |
|
||||
|
||||
每個 lane 都固定 `display_mode=review_outcome_only`、`received_count=0`、`accepted_count=0`、`approval_record_created=false`、`runtime_execution_authorized=false`、`action_buttons_allowed=false`、`not_authorization=true`。
|
||||
|
||||
這個 outcome board 不代表 evidence 已進 review、approval record 已建立或任何主機操作可執行。它只讓使用者理解「預檢後可能被導向哪一類人審結果」。
|
||||
|
||||
## 4. 仍禁止
|
||||
|
||||
IwoooS 不得提供下列輸出:
|
||||
@@ -210,7 +229,8 @@ IwoooS 不得提供下列輸出:
|
||||
9. 推進 host collection state 或跳過 host evidence dependency。
|
||||
10. 未通過 preflight 就接受 host evidence。
|
||||
11. 收集 host credential plaintext、ingest host raw payload,或由前端推進 host evidence counters。
|
||||
12. 把 58% progress、contract count、mirror readiness 或前端可見狀態當成授權。
|
||||
12. 從 review outcome lane 建立 host approval record、把 review lane 當 runtime gate,或把 review outcome 標成 accepted。
|
||||
13. 把 58% progress、contract count、mirror readiness 或前端可見狀態當成授權。
|
||||
|
||||
## 5. 驗證
|
||||
|
||||
|
||||
@@ -35,7 +35,7 @@
|
||||
| Owner response validation | S4.13 已建立;四包 owner response 目前 received/accepted 皆為 0;4 條 missing response lanes、4 步 collection order、next collection candidate、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks 與 7 條 parallel session recovery outcome lanes 可供 AwoooP 直接顯示;下一個建議收件為 S4.9 Gitea owner attestation;latest local validation 為 `SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`,reviewer audit emitted 仍為 0,不代表 owner response 已收到或任何執行授權 |
|
||||
| Low-friction rollout policy | S1.3 已補 7 條 non-blocking escalation lanes;LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 初期只能 observe / warn;`owner_review_required_before_blocking=true`、`runtime_blocking_allowed=false` |
|
||||
| IwoooS frontend posture | S2.8 已新增 `/iwooos` read-only Information Security 入口;顯示 Security Posture / Exposure、source-control supply chain、Kali 112 Mesh、approval boundary、non-blocking lanes 與 evidence refs;不新增執行按鈕 |
|
||||
| IwoooS posture projection | S2.9 已新增 `iwooos_posture_projection_v1`;S2.10 已把 10 個既有前端資安相關頁面納入 projection;S2.11 已補 4 個 coverage groups 與 5 個 conflict controls;S2.12 已補 6 個只讀 operator journey steps;S2.13 已補 7 個 owner evidence readiness items;S2.14 已補 3 個 host coverage items:Kali 112、開發主機 168、開發主機 111;S2.15 已補 6 個 host action gate items;S2.16 已補 7 個 host evidence readiness items;S2.17 已補 7 個 host evidence collection order steps;S2.18 已補 7 個 host evidence intake preflight checks;仍不新增 action button |
|
||||
| IwoooS posture projection | S2.9 已新增 `iwooos_posture_projection_v1`;S2.10 已把 10 個既有前端資安相關頁面納入 projection;S2.11 已補 4 個 coverage groups 與 5 個 conflict controls;S2.12 已補 6 個只讀 operator journey steps;S2.13 已補 7 個 owner evidence readiness items;S2.14 已補 3 個 host coverage items:Kali 112、開發主機 168、開發主機 111;S2.15 已補 6 個 host action gate items;S2.16 已補 7 個 host evidence readiness items;S2.17 已補 7 個 host evidence collection order steps;S2.18 已補 7 個 host evidence intake preflight checks;S2.19 已補 7 個 host evidence review outcome lanes;仍不新增 action button |
|
||||
| Dry-run | `contract_defined_not_executed`;已納入 `CHECK_PROGRESS_GUARD` 與 `CHECK_OWNER_RESPONSE_GUARD`,latest local validation 為 `repo_snapshot_guard_pass`,仍不代表 production ingestion |
|
||||
| Runtime actions | `false` |
|
||||
| Payload ingestion | `false` |
|
||||
@@ -102,6 +102,7 @@
|
||||
| S2.16 IwoooS host evidence readiness board | framework detail | 0 | 只顯示主機動作前仍缺 scope、owner decision、credential handling、maintenance window、rollback、validation metrics 與 redacted ingestion evidence;received / accepted 仍為 0,不代表任何主機動作已批准 |
|
||||
| S2.17 IwoooS host evidence collection order | framework detail | 0 | 只把七個主機 evidence readiness items 排成只讀收件順序與依賴關係;received / accepted 仍為 0,不代表 active scan、SSH、Kali update、raw evidence ingestion 或 runtime control 已批准 |
|
||||
| S2.18 IwoooS host evidence intake preflight | framework detail | 0 | 只把主機 evidence 進人工 review 前的七個預檢規則顯示出來;raw payload、secret value、runtime execution、action button 與 received / accepted counter 仍全部鎖住 |
|
||||
| S2.19 IwoooS host evidence review outcome lanes | framework detail | 0 | 只顯示主機 evidence 通過 preflight 後的只讀人工審查結果分流;approval record、runtime gate、received / accepted counter 與 action button 仍全部鎖住 |
|
||||
|
||||
headline 進度要再往上,至少需要下列任一高層 gate 有實質 evidence:
|
||||
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
|------|------|
|
||||
| 日期 | 2026-05-17 |
|
||||
| 狀態 | S0/S1 read-only evidence 建置中 |
|
||||
| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Source Control Ref Truth Owner Response 收件包 + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + GitHub Target Owner Decision Response 收件包 + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Gitea Owner Attestation Approval Lane 對齊 + Gitea Owner Attestation Response 收件包 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Workflow / Secret Name Owner Response 收件包 + Source Control Owner Response Validation Rollup + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 + IwoooS 前端態勢入口 + IwoooS posture projection contract + IwoooS 既有前端資安頁面整合 + IwoooS 覆蓋與邊界矩陣 + IwoooS 只讀資安處理旅程 + IwoooS owner evidence readiness board + IwoooS host coverage view + IwoooS host action gate matrix + IwoooS host evidence readiness board + IwoooS host evidence collection order + IwoooS host evidence intake preflight |
|
||||
| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Source Control Ref Truth Owner Response 收件包 + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + GitHub Target Owner Decision Response 收件包 + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Gitea Owner Attestation Approval Lane 對齊 + Gitea Owner Attestation Response 收件包 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Workflow / Secret Name Owner Response 收件包 + Source Control Owner Response Validation Rollup + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 + IwoooS 前端態勢入口 + IwoooS posture projection contract + IwoooS 既有前端資安頁面整合 + IwoooS 覆蓋與邊界矩陣 + IwoooS 只讀資安處理旅程 + IwoooS owner evidence readiness board + IwoooS host coverage view + IwoooS host action gate matrix + IwoooS host evidence readiness board + IwoooS host evidence collection order + IwoooS host evidence intake preflight + IwoooS host evidence review outcome lanes |
|
||||
| 原則 | 低摩擦分階段;文件、schema、read-only evidence 優先;不做 runtime enforcement、不切 primary |
|
||||
|
||||
## 0. 本階段完成後整體進度
|
||||
@@ -78,6 +78,7 @@ python3 scripts/security/security-mirror-progress-guard.py
|
||||
| S2.16 IwoooS host evidence readiness board | 已完成草案,將 scope boundary、owner decision、credential handling、maintenance window、rollback plan、validation metrics、redacted ingestion 固定為 7 個只讀 readiness items | 0 |
|
||||
| S2.17 IwoooS host evidence collection order | 已完成草案,將七個主機 evidence readiness items 排成只讀收件順序與依賴關係;received / accepted 仍為 0 | 0 |
|
||||
| S2.18 IwoooS host evidence intake preflight | 已完成草案,將主機 evidence 進人工 review 前的 metadata pointer、dependency、scope、owner decision、credential plaintext、raw payload 與 counter freeze 預檢顯示成只讀規則 | 0 |
|
||||
| S2.19 IwoooS host evidence review outcome lanes | 已完成草案,將 preflight 後的 ready for human review、needs scope、needs owner decision、quarantine、reject raw payload、reject credential plaintext 與 waiting runtime gate 顯示成只讀分流 | 0 |
|
||||
|
||||
headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner response 收到並通過脫敏驗收,或人工批准後出現 active runtime gate、redacted payload ingestion、GitHub primary readiness 這類落地 evidence。
|
||||
|
||||
@@ -115,6 +116,7 @@ headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner respons
|
||||
| S2.16 IwoooS Host Evidence Readiness | 完成草案 | `/iwooos` 新增主機 evidence readiness board,顯示主機動作前仍缺 scope、owner decision、credential handling、maintenance window、rollback、validation metrics 與 redacted ingestion evidence | 使用者能看懂主機行動前置證據,不會把規劃誤認為已批准;仍不新增任何主機操作 |
|
||||
| S2.17 IwoooS Host Evidence Collection Order | 完成草案 | `/iwooos` 新增主機 evidence 收件順序,將 scope、owner decision、credential handling、maintenance window、rollback、validation metrics 與 redacted ingestion 排成只讀依賴 | 使用者能知道下一步先收什麼;仍不把任何 evidence 標成 received / accepted,也不啟動掃描、SSH、更新或 runtime control |
|
||||
| S2.18 IwoooS Host Evidence Intake Preflight | 完成草案 | `/iwooos` 新增主機 evidence intake preflight,顯示 metadata pointer、collection order、scope、owner decision、credential plaintext、raw payload 與 counter freeze 七個預檢 | 使用者能知道 evidence 送審前會先擋哪些風險;仍不收 raw payload、不收憑證明文、不推 received / accepted、不啟動 runtime |
|
||||
| S2.19 IwoooS Host Evidence Review Outcome Lanes | 完成草案 | `/iwooos` 新增主機 evidence review outcome lanes,顯示可進人工審、補 scope、補 owner decision、隔離、拒收 raw payload、拒收憑證明文與等待 runtime gate 七個分流 | 使用者能理解 preflight 後的處理結果;仍不建立 approval record、不推 received / accepted、不啟動 runtime |
|
||||
| S3 approval gate | 進行中 | `security_approval_gate_v1` 已建立 8 個人工 gate items:7 pending、1 block candidate、0 approved | 不得繞過人工批准;批准後仍需 follow-up runtime gate |
|
||||
| S3.0 人工批准 Gate 契約 | 完成草案 | 定義批准範圍、決策選項、required reviewers、still forbidden 與 follow-up runtime gate | AwoooP 可記錄決策,不可執行 gate item |
|
||||
| S3.1 人工決策紀錄契約 | 完成草案 | `security_approval_decision_record_v1` 已建立;目前 0 筆 decision records、0 個 runtime action 授權 | AwoooP 可稽核決策,不可把決策當執行 |
|
||||
|
||||
@@ -44,7 +44,8 @@
|
||||
"host_action_gate_item_count": 6,
|
||||
"host_evidence_readiness_item_count": 7,
|
||||
"host_evidence_collection_step_count": 7,
|
||||
"host_evidence_intake_preflight_check_count": 7
|
||||
"host_evidence_intake_preflight_check_count": 7,
|
||||
"host_evidence_review_outcome_lane_count": 7
|
||||
},
|
||||
"progress": {
|
||||
"overall_percent": 58,
|
||||
@@ -125,7 +126,8 @@
|
||||
"display_next_gate",
|
||||
"display_forbidden_actions",
|
||||
"display_host_evidence_collection_order",
|
||||
"display_host_evidence_intake_preflight_checks"
|
||||
"display_host_evidence_intake_preflight_checks",
|
||||
"display_host_evidence_review_outcome_lanes"
|
||||
],
|
||||
"forbidden_frontend_outputs": [
|
||||
"add_scan_button",
|
||||
@@ -156,7 +158,10 @@
|
||||
"accept_host_evidence_without_preflight",
|
||||
"ingest_host_evidence_raw_payload",
|
||||
"collect_host_credential_plaintext",
|
||||
"advance_host_evidence_counters_from_frontend"
|
||||
"advance_host_evidence_counters_from_frontend",
|
||||
"create_host_approval_from_review_lane",
|
||||
"treat_host_review_lane_as_runtime_gate",
|
||||
"mark_host_review_outcome_accepted"
|
||||
],
|
||||
"runtime_execution_authorized": false,
|
||||
"action_buttons_allowed": false,
|
||||
@@ -1168,5 +1173,123 @@
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
}
|
||||
],
|
||||
"host_evidence_review_outcome_lanes": [
|
||||
{
|
||||
"lane_id": "host_ready_for_human_review_lane",
|
||||
"display_order": 1,
|
||||
"source_check_ids": [
|
||||
"host_metadata_pointer_shape_check",
|
||||
"host_collection_dependency_order_check",
|
||||
"host_scope_boundary_before_scan_check",
|
||||
"host_owner_decision_before_change_check"
|
||||
],
|
||||
"outcome_state": "candidate_only_not_received",
|
||||
"next_human_action": "manual_review_candidate_display_only",
|
||||
"display_mode": "review_outcome_only",
|
||||
"received_count": 0,
|
||||
"accepted_count": 0,
|
||||
"approval_record_created": false,
|
||||
"runtime_execution_authorized": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"lane_id": "host_needs_scope_evidence_lane",
|
||||
"display_order": 2,
|
||||
"source_check_ids": [
|
||||
"host_scope_boundary_before_scan_check"
|
||||
],
|
||||
"outcome_state": "needs_scope_evidence",
|
||||
"next_human_action": "request_redacted_scope_boundary_pointer",
|
||||
"display_mode": "review_outcome_only",
|
||||
"received_count": 0,
|
||||
"accepted_count": 0,
|
||||
"approval_record_created": false,
|
||||
"runtime_execution_authorized": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"lane_id": "host_needs_owner_decision_lane",
|
||||
"display_order": 3,
|
||||
"source_check_ids": [
|
||||
"host_owner_decision_before_change_check"
|
||||
],
|
||||
"outcome_state": "needs_owner_decision_pointer",
|
||||
"next_human_action": "request_owner_decision_record_pointer",
|
||||
"display_mode": "review_outcome_only",
|
||||
"received_count": 0,
|
||||
"accepted_count": 0,
|
||||
"approval_record_created": false,
|
||||
"runtime_execution_authorized": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"lane_id": "host_quarantine_dependency_skip_lane",
|
||||
"display_order": 4,
|
||||
"source_check_ids": [
|
||||
"host_collection_dependency_order_check"
|
||||
],
|
||||
"outcome_state": "quarantine_dependency_skip",
|
||||
"next_human_action": "show_dependency_skip_reason_without_counter_transition",
|
||||
"display_mode": "review_outcome_only",
|
||||
"received_count": 0,
|
||||
"accepted_count": 0,
|
||||
"approval_record_created": false,
|
||||
"runtime_execution_authorized": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"lane_id": "host_reject_raw_payload_lane",
|
||||
"display_order": 5,
|
||||
"source_check_ids": [
|
||||
"host_raw_payload_rejection_check"
|
||||
],
|
||||
"outcome_state": "rejected_raw_payload",
|
||||
"next_human_action": "request_redacted_summary_instead",
|
||||
"display_mode": "review_outcome_only",
|
||||
"received_count": 0,
|
||||
"accepted_count": 0,
|
||||
"approval_record_created": false,
|
||||
"runtime_execution_authorized": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"lane_id": "host_reject_credential_plaintext_lane",
|
||||
"display_order": 6,
|
||||
"source_check_ids": [
|
||||
"host_credential_plaintext_rejection_check"
|
||||
],
|
||||
"outcome_state": "rejected_plaintext_credential",
|
||||
"next_human_action": "discard_plaintext_and_request_redacted_metadata_only",
|
||||
"display_mode": "review_outcome_only",
|
||||
"received_count": 0,
|
||||
"accepted_count": 0,
|
||||
"approval_record_created": false,
|
||||
"runtime_execution_authorized": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"lane_id": "host_waiting_runtime_gate_lane",
|
||||
"display_order": 7,
|
||||
"source_check_ids": [
|
||||
"host_counter_transition_freeze_check",
|
||||
"host_owner_decision_before_change_check"
|
||||
],
|
||||
"outcome_state": "waiting_followup_runtime_gate",
|
||||
"next_human_action": "separate_runtime_gate_required_after_accepted_decision",
|
||||
"display_mode": "review_outcome_only",
|
||||
"received_count": 0,
|
||||
"accepted_count": 0,
|
||||
"approval_record_created": false,
|
||||
"runtime_execution_authorized": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@@ -732,6 +732,18 @@
|
||||
"runtime_delta": false,
|
||||
"execution_authorized": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"delta_id": "s2_19_iwooos_host_evidence_review_outcome_lanes",
|
||||
"display_order": 48,
|
||||
"completed_stage": "S2.19 IwoooS host evidence review outcome lanes",
|
||||
"progress_axis": "framework_detail",
|
||||
"headline_percent_delta": 0,
|
||||
"framework_delta_visible": true,
|
||||
"why_headline_unchanged": "IwoooS host evidence review outcome lanes 只顯示主機 evidence 通過 preflight 後可能進入 ready for human review、needs scope、needs owner decision、quarantine、reject raw payload、reject credential plaintext 或 waiting runtime gate 等只讀分流;received / accepted、approval record、runtime execution 與 action button 仍全部為 false。",
|
||||
"runtime_delta": false,
|
||||
"execution_authorized": false,
|
||||
"not_authorization": true
|
||||
}
|
||||
],
|
||||
"next_safe_actions": [
|
||||
|
||||
Reference in New Issue
Block a user