From c329be9acd16d8ed283d5e488d382cc682f28e3c Mon Sep 17 00:00:00 2001 From: Your Name Date: Sun, 28 Jun 2026 18:41:24 +0800 Subject: [PATCH] docs(logbook): record wazuh readiness production readback [skip ci] --- docs/LOGBOOK.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index 22d63cb54..9c130d2fa 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -1,3 +1,13 @@ +## 2026-06-28 — 18:40 IwoooS Wazuh live metadata readiness production readback + +**完成內容**: +- Gitea `cd.yaml #3846` 與 `code-review.yaml #3847` 皆成功;deploy marker `c9ef59afe` 將 `k8s/awoooi-prod/kustomization.yaml` API / Web tag 推到 `1fdbc96a9bae7447222deec5cf0ac8c925fef615`。 +- Production `GET /api/v1/iwooos/wazuh-live-metadata-gate` HTTP 200,schema `iwooos_wazuh_live_metadata_gate_readback_v1`,狀態 `ready_for_server_side_env_enable_review_no_secret_collection`。 +- Readback counters:owner / secret metadata / manager health ref / readonly scope 皆 `1`;post-enable readback、live Wazuh query、active response、host write、runtime gate 仍全 `0`。 +- K8s `awoooi-api` 與 `awoooi-web` rollout successful;production `/zh-TW/iwooos` desktop / mobile browser smoke console error `0`、水平溢出 `0`、敏感原文 pattern hit `0`。 + +**邊界**:沒有讀 secret / raw Wazuh payload / raw session;沒有查 live Wazuh;沒有 active response、host write、K8s secret patch、Nginx、firewall、DB 或 force push。 + ## 2026-06-28 — 16:22 110 runner fail-closed authority copy 補強 **背景**:16:21 P3 release gate 又抓到短命外部 opener 把 `awoooi-cd-lane-drain.service` 恢復為 `enabled / activating`、把 fail-closed timers mask,並把 `/usr/local/lib/awoooi/enforce-110-runner-failclosed.sh` 覆寫成 disabled stub;原 cron authority 雖存在,但若 cron 指向被覆寫的 canonical,就會失去自動修復能力。