docs(logbook): record wazuh readiness production readback [skip ci]

This commit is contained in:
Your Name
2026-06-28 18:41:24 +08:00
parent f4d1b99da4
commit c329be9acd

View File

@@ -1,3 +1,13 @@
## 2026-06-28 — 18:40 IwoooS Wazuh live metadata readiness production readback
**完成內容**
- Gitea `cd.yaml #3846``code-review.yaml #3847` 皆成功deploy marker `c9ef59afe``k8s/awoooi-prod/kustomization.yaml` API / Web tag 推到 `1fdbc96a9bae7447222deec5cf0ac8c925fef615`
- Production `GET /api/v1/iwooos/wazuh-live-metadata-gate` HTTP 200schema `iwooos_wazuh_live_metadata_gate_readback_v1`,狀態 `ready_for_server_side_env_enable_review_no_secret_collection`
- Readback countersowner / secret metadata / manager health ref / readonly scope 皆 `1`post-enable readback、live Wazuh query、active response、host write、runtime gate 仍全 `0`
- K8s `awoooi-api``awoooi-web` rollout successfulproduction `/zh-TW/iwooos` desktop / mobile browser smoke console error `0`、水平溢出 `0`、敏感原文 pattern hit `0`
**邊界**:沒有讀 secret / raw Wazuh payload / raw session沒有查 live Wazuh沒有 active response、host write、K8s secret patch、Nginx、firewall、DB 或 force push。
## 2026-06-28 — 16:22 110 runner fail-closed authority copy 補強
**背景**16:21 P3 release gate 又抓到短命外部 opener 把 `awoooi-cd-lane-drain.service` 恢復為 `enabled / activating`、把 fail-closed timers mask並把 `/usr/local/lib/awoooi/enforce-110-runner-failclosed.sh` 覆寫成 disabled stub原 cron authority 雖存在,但若 cron 指向被覆寫的 canonical就會失去自動修復能力。