feat(web): add IwoooS host evidence readiness
This commit is contained in:
@@ -43,6 +43,7 @@ IwoooS 首版只讀取或對齊以下已提交 evidence:
|
||||
11. 7 個 owner evidence readiness items。
|
||||
12. 3 個只讀主機覆蓋 items:Kali 112、開發主機 168、開發主機 111。
|
||||
13. 6 個主機動作 gate items:active scan、credentialed scan、Kali `/execute`、SSH / host change、Kali update、runtime blocking control。
|
||||
14. 7 個主機 evidence readiness items:scope boundary、owner decision、credential handling、maintenance window、rollback plan、validation metrics、redacted ingestion。
|
||||
|
||||
## 3.1 既有前端資安頁面整合
|
||||
|
||||
@@ -140,6 +141,22 @@ S2.15 將主機相關高風險動作拆成只讀 gate matrix,避免「主機
|
||||
|
||||
每個 item 都固定 `display_mode=gate_only`,且 `active_scan_authorized=false`、`credentialed_scan_authorized=false`、`ssh_change_authorized=false`、`host_update_authorized=false`、`runtime_execution_authorized=false`、`action_buttons_allowed=false`、`not_authorization=true`。
|
||||
|
||||
## 3.7 主機 Evidence Readiness
|
||||
|
||||
S2.16 將主機動作解鎖前需要的 evidence 顯示成只讀 readiness board。這一層只回答「要進下一步前缺什麼」,不代表任何 evidence 已收到或已接受。
|
||||
|
||||
| 順序 | Evidence item | 目前狀態 | 影響範圍 |
|
||||
|------|---------------|----------|----------|
|
||||
| 1 | Scope boundary | waiting redacted scope approval;received=0、accepted=0 | 112、168、111 的目標、排除範圍、深度與速率 |
|
||||
| 2 | Owner decision record | waiting human decision record;received=0、accepted=0 | 人控決策,不可由可見狀態替代 |
|
||||
| 3 | Credential handling | credential material collection forbidden;received=0、accepted=0 | credentialed scan 前的憑證來源、保存邊界、遮蔽與拒收規則 |
|
||||
| 4 | Maintenance window | waiting maintenance window;received=0、accepted=0 | Kali update、SSH / host change 與主機調校窗口 |
|
||||
| 5 | Rollback plan | waiting rollback plan;received=0、accepted=0 | 套件、設定、服務、工具鏈版本回復 |
|
||||
| 6 | Validation metrics | waiting post-check metrics;received=0、accepted=0 | 掃描器、監控、服務與使用者流程 post-check |
|
||||
| 7 | Redacted ingestion | waiting redacted payload acceptance;received=0、accepted=0 | finding / scan result 只能以脫敏摘要進 mirror |
|
||||
|
||||
每個 item 都固定 `display_mode=evidence_readiness_only`,且 `active_scan_authorized=false`、`credentialed_scan_authorized=false`、`ssh_change_authorized=false`、`host_update_authorized=false`、`runtime_execution_authorized=false`、`action_buttons_allowed=false`、`not_authorization=true`。
|
||||
|
||||
## 4. 仍禁止
|
||||
|
||||
IwoooS 不得提供下列輸出:
|
||||
@@ -151,7 +168,8 @@ IwoooS 不得提供下列輸出:
|
||||
5. production deploy 或 runtime enforcement。
|
||||
6. SSH 到主機、開 SSH session、更新 Kali、package upgrade、credentialed scan 或 active scan。
|
||||
7. 套用 runtime blocking control。
|
||||
8. 把 58% progress、contract count、mirror readiness 或前端可見狀態當成授權。
|
||||
8. 將主機 evidence 標記為 received / accepted,或匯入 raw host evidence。
|
||||
9. 把 58% progress、contract count、mirror readiness 或前端可見狀態當成授權。
|
||||
|
||||
## 5. 驗證
|
||||
|
||||
|
||||
Reference in New Issue
Block a user