feat(web): add IwoooS operator journey

This commit is contained in:
Your Name
2026-05-19 20:40:31 +08:00
parent 9de8469e8f
commit e5a444ed9c
11 changed files with 389 additions and 5 deletions

View File

@@ -39,6 +39,7 @@ IwoooS 首版只讀取或對齊以下已提交 evidence
7. evidence refs 與下一個高層 gate。
8. 10 個既有前端資安相關頁面索引。
9. 4 個前端資安責任面與 5 個重疊 / 衝突控制。
10. 6 個只讀資安處理旅程階段。
## 3.1 既有前端資安頁面整合
@@ -78,6 +79,21 @@ S2.11 將 10 個既有前端資安頁面分成四個責任面,讓使用者看
4. AwoooP approval 狀態不等於資安 approval decision record。
5. 前端索引不得呼叫 Kali active scan 或 `/execute`
## 3.3 資安處理旅程
S2.12 將使用者可見的資安處理流程固定為 6 個只讀階段:
| 順序 | 階段 | 輸出 |
|------|------|------|
| 1 | 讀取目前態勢 | 顯示 posture / progress / gate 狀態,不代表授權 |
| 2 | 開啟既有資安頁面 | 進入原 route保留原 owner 與資料邊界 |
| 3 | 判讀非阻擋分流 | 建 follow-up不直接升 blocking |
| 4 | 收 owner evidence | 更新 received / accepted 狀態,不執行 repo / refs / workflow / Kali 動作 |
| 5 | 等待人工決策 | 需要 decision record不用 AwoooP approval、Code Review 或進度數字替代 |
| 6 | 準備後續 runtime gate | 只有人工批准後才另開 follow-up runtime gate目前 active runtime gates 仍為 0 |
這個旅程是 status projection不是 execution queue。任何 active scan、repair、deploy、GitHub primary、repo / refs / workflow / runner 或 secret 變更,都仍需獨立批准與後續 runtime gate。
## 4. 仍禁止
IwoooS 不得提供下列輸出:

View File

@@ -35,7 +35,7 @@
| Owner response validation | S4.13 已建立;四包 owner response 目前 received/accepted 皆為 04 條 missing response lanes、4 步 collection order、next collection candidate、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks 與 7 條 parallel session recovery outcome lanes 可供 AwoooP 直接顯示;下一個建議收件為 S4.9 Gitea owner attestationlatest local validation 為 `SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`reviewer audit emitted 仍為 0不代表 owner response 已收到或任何執行授權 |
| Low-friction rollout policy | S1.3 已補 7 條 non-blocking escalation lanesLOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 初期只能 observe / warn`owner_review_required_before_blocking=true``runtime_blocking_allowed=false` |
| IwoooS frontend posture | S2.8 已新增 `/iwooos` read-only Information Security 入口;顯示 Security Posture / Exposure、source-control supply chain、Kali 112 Mesh、approval boundary、non-blocking lanes 與 evidence refs不新增執行按鈕 |
| IwoooS posture projection | S2.9 已新增 `iwooos_posture_projection_v1`S2.10 已把 10 個既有前端資安相關頁面納入 projectionS2.11 已補 4 個 coverage groups 與 5 個 conflict controls仍不新增 action button |
| IwoooS posture projection | S2.9 已新增 `iwooos_posture_projection_v1`S2.10 已把 10 個既有前端資安相關頁面納入 projectionS2.11 已補 4 個 coverage groups 與 5 個 conflict controlsS2.12 已補 6 個只讀 operator journey steps仍不新增 action button |
| Dry-run | `contract_defined_not_executed`;已納入 `CHECK_PROGRESS_GUARD``CHECK_OWNER_RESPONSE_GUARD`latest local validation 為 `repo_snapshot_guard_pass`,仍不代表 production ingestion |
| Runtime actions | `false` |
| Payload ingestion | `false` |
@@ -95,6 +95,7 @@
| S2.9 IwoooS posture projection contract | framework detail | 0 | 只把前端顯示資料固定成可驗證契約,不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization |
| S2.10 IwoooS existing frontend surface integration | framework detail | 0 | 只把既有前端資安頁面整理成只讀索引,不代表 owner response、production ingestion、approval、runtime gate、Kali scan、Code Review gate 或 execution authorization |
| S2.11 IwoooS surface coverage boundary matrix | framework detail | 0 | 只把既有前端資安頁面分成訊號、人工控制、治理稽核與工程審查四面,並顯示重疊 / 衝突控制,不代表 runtime gate、deploy approval、Kali scan 或 Code Review blocking 授權 |
| S2.12 IwoooS operator journey projection | framework detail | 0 | 只把資安處理旅程顯示成 read-only status projection不代表 execution queue、runtime gate、deploy approval、Kali scan 或 Code Review blocking 授權 |
headline 進度要再往上,至少需要下列任一高層 gate 有實質 evidence

View File

@@ -4,7 +4,7 @@
|------|------|
| 日期 | 2026-05-17 |
| 狀態 | S0/S1 read-only evidence 建置中 |
| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Source Control Ref Truth Owner Response 收件包 + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + GitHub Target Owner Decision Response 收件包 + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Gitea Owner Attestation Approval Lane 對齊 + Gitea Owner Attestation Response 收件包 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Workflow / Secret Name Owner Response 收件包 + Source Control Owner Response Validation Rollup + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 + IwoooS 前端態勢入口 + IwoooS posture projection contract + IwoooS 既有前端資安頁面整合 + IwoooS 覆蓋與邊界矩陣 |
| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Source Control Ref Truth Owner Response 收件包 + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + GitHub Target Owner Decision Response 收件包 + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Gitea Owner Attestation Approval Lane 對齊 + Gitea Owner Attestation Response 收件包 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Workflow / Secret Name Owner Response 收件包 + Source Control Owner Response Validation Rollup + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 + IwoooS 前端態勢入口 + IwoooS posture projection contract + IwoooS 既有前端資安頁面整合 + IwoooS 覆蓋與邊界矩陣 + IwoooS 只讀資安處理旅程 |
| 原則 | 低摩擦分階段文件、schema、read-only evidence 優先;不做 runtime enforcement、不切 primary |
## 0. 本階段完成後整體進度
@@ -71,6 +71,7 @@ python3 scripts/security/security-mirror-progress-guard.py
| S2.9 IwoooS posture projection contract | 已完成草案,新增 `iwooos_posture_projection_v1`,把 `/iwooos` 的 posture、progress、lanes、evidence refs 與 forbidden actions 固定成可驗證 snapshot | 0 |
| S2.10 IwoooS existing frontend surface integration | 已完成草案,將前端既有 `/security-compliance``/security``/compliance``/alerts``/errors``/authorizations``/governance``/alert-operation-logs``/awooop/approvals``/code-review` 收成 IwoooS 只讀索引 | 0 |
| S2.11 IwoooS surface coverage boundary matrix | 已完成草案,將 10 個既有前端資安頁面分成訊號與暴露面、人工控制、治理與稽核、工程審查四面,並補 5 個重疊 / 衝突控制 | 0 |
| S2.12 IwoooS operator journey projection | 已完成草案,將讀態勢、開既有頁面、判讀非阻擋分流、收 owner evidence、等待人工決策、準備後續 runtime gate 固定為 6 個只讀旅程階段 | 0 |
headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner response 收到並通過脫敏驗收,或人工批准後出現 active runtime gate、redacted payload ingestion、GitHub primary readiness 這類落地 evidence。
@@ -101,6 +102,7 @@ headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner respons
| S2.9 IwoooS 前端投影契約 | 完成草案 | `iwooos_posture_projection_v1` 已建立manifest / readiness / route / acceptance / dry-run / event sample 已同步 36 contracts / 33 ready 口徑guard 會驗證 no action button、no runtime authorization 與 7 條 non-blocking lanes | IwoooS 顯示資料不再只是頁面常數,而是可被 AwoooP / Security Session 驗證的只讀契約 |
| S2.10 IwoooS 既有前端資安頁面整合 | 完成草案 | `/iwooos` 新增既有資安頁面索引,涵蓋安全合規、舊安全、舊合規、告警、錯誤與 UX 稽核、授權中心、AI 治理、告警操作日誌、AwoooP approvals、AI Code Review | 使用者能從 IwoooS 看懂原本資安能力散在哪些頁面;仍只做 link-only 顯示,不新增 scan / execute / repair / blocking gate |
| S2.11 IwoooS 覆蓋與邊界矩陣 | 完成草案 | `/iwooos` 新增 coverage / boundary matrix分成 signals、human control、governance audit、engineering review 四組,並顯示 preserve owner、no runtime lift、Code Review not deploy gate、AwoooP approval not security approval、frontend index not Kali caller 五條控制 | 使用者能理解重疊頁面的責任分界;仍不新增 runtime、Kali、deploy 或 blocking control |
| S2.12 IwoooS 只讀資安處理旅程 | 完成草案 | `/iwooos` 新增 6 階段處理旅程:讀態勢、開既有頁面、判讀非阻擋分流、收 owner evidence、等待人工決策、準備後續 runtime gate | 使用者能理解資安工作下一步,但每一步都是 status projection不是 execution queue 或 action button |
| S3 approval gate | 進行中 | `security_approval_gate_v1` 已建立 8 個人工 gate items7 pending、1 block candidate、0 approved | 不得繞過人工批准;批准後仍需 follow-up runtime gate |
| S3.0 人工批准 Gate 契約 | 完成草案 | 定義批准範圍、決策選項、required reviewers、still forbidden 與 follow-up runtime gate | AwoooP 可記錄決策,不可執行 gate item |
| S3.1 人工決策紀錄契約 | 完成草案 | `security_approval_decision_record_v1` 已建立;目前 0 筆 decision records、0 個 runtime action 授權 | AwoooP 可稽核決策,不可把決策當執行 |

View File

@@ -37,7 +37,8 @@
"action_buttons_allowed": false,
"existing_frontend_surface_count": 10,
"frontend_surface_coverage_group_count": 4,
"frontend_surface_conflict_control_count": 5
"frontend_surface_conflict_control_count": 5,
"operator_journey_step_count": 6
},
"progress": {
"overall_percent": 58,
@@ -109,6 +110,7 @@
"display_existing_frontend_security_surfaces",
"display_frontend_surface_coverage_matrix",
"display_frontend_surface_conflict_controls",
"display_operator_journey_steps",
"display_evidence_refs",
"display_next_gate",
"display_forbidden_actions"
@@ -409,5 +411,88 @@
"action_buttons_allowed": false,
"not_authorization": true
}
],
"operator_journey_steps": [
{
"step_id": "read_current_posture",
"display_order": 1,
"responsibility_plane": "iwooos_posture",
"source_refs": [
"security_mirror_status_rollup_v1",
"iwooos_posture_projection_v1"
],
"display_mode": "journey_only",
"allowed_outcome": "display_posture_only",
"runtime_execution_authorized": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"step_id": "open_existing_security_surface",
"display_order": 2,
"responsibility_plane": "frontend_surface_index",
"source_refs": [
"existing_frontend_surfaces",
"frontend_surface_coverage_groups"
],
"display_mode": "journey_only",
"allowed_outcome": "navigate_to_existing_surface_without_changing_ownership",
"runtime_execution_authorized": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"step_id": "triage_non_blocking_lane",
"display_order": 3,
"responsibility_plane": "low_friction_rollout",
"source_refs": [
"security_rollout_policy_v1"
],
"display_mode": "journey_only",
"allowed_outcome": "create_followup_without_blocking",
"runtime_execution_authorized": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"step_id": "collect_owner_evidence",
"display_order": 4,
"responsibility_plane": "owner_response_validation",
"source_refs": [
"source_control_owner_response_validation_rollup_v1"
],
"display_mode": "journey_only",
"allowed_outcome": "update_received_or_accepted_state_after_redacted_review",
"runtime_execution_authorized": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"step_id": "wait_for_human_decision",
"display_order": 5,
"responsibility_plane": "security_approval_decision_record",
"source_refs": [
"security_approval_gate_v1",
"security_approval_decision_record_v1"
],
"display_mode": "journey_only",
"allowed_outcome": "record_human_decision_only",
"runtime_execution_authorized": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"step_id": "prepare_followup_runtime_gate",
"display_order": 6,
"responsibility_plane": "followup_runtime_gate",
"source_refs": [
"security_followup_runtime_gate_v1"
],
"display_mode": "journey_only",
"allowed_outcome": "wait_for_separate_runtime_gate_after_approval",
"runtime_execution_authorized": false,
"action_buttons_allowed": false,
"not_authorization": true
}
]
}

View File

@@ -648,6 +648,18 @@
"runtime_delta": false,
"execution_authorized": false,
"not_authorization": true
},
{
"delta_id": "s2_12_iwooos_operator_journey_projection",
"display_order": 41,
"completed_stage": "S2.12 IwoooS operator journey projection",
"progress_axis": "framework_detail",
"headline_percent_delta": 0,
"framework_delta_visible": true,
"why_headline_unchanged": "IwoooS operator journey 只把目前使用者可見的資安處理流程整理成 read-only 狀態圖,不代表 owner response received、production ingestion、approval、runtime gate、Kali scan、Code Review gating 或 execution authorization。",
"runtime_delta": false,
"execution_authorized": false,
"not_authorization": true
}
],
"next_safe_actions": [
@@ -726,14 +738,16 @@
"顯示 4 個 posture pillars、7 條 non-blocking lanes 與 evidence refs",
"顯示 forbidden actions 與 next gate但不提供 action button",
"顯示 10 個既有前端資安相關頁面索引security-compliance、security、compliance、alerts、errors、authorizations、governance、alert-operation-logs、AwoooP approvals、code-review",
"顯示 4 個 frontend surface coverage groups 與 5 個 conflict controls協助判讀既有資安頁面的責任邊界"
"顯示 4 個 frontend surface coverage groups 與 5 個 conflict controls協助判讀既有資安頁面的責任邊界",
"顯示 6 個 operator journey steps讀態勢、開既有頁面、判讀非阻擋分流、收 owner evidence、等待人工決策、準備後續 runtime gate"
],
"blocked_processing": [
"新增 scan / execute / repair button",
"把 posture projection 當成 runtime authorization",
"把前端 contract count 當成 GitHub primary、Kali scan 或 repo / refs action approval",
"把既有頁面索引當成 scan、execute、repair、approval、Kali active scan、Code Review gating 或 runtime gate 授權",
"把 coverage group 或 conflict control 當成 runtime gate、deploy approval、Kali active scan 或 Code Review blocking 授權"
"把 coverage group 或 conflict control 當成 runtime gate、deploy approval、Kali active scan 或 Code Review blocking 授權",
"把 operator journey step 當成執行流程、自動化 queue、runtime gate、approval 或 deploy 授權"
]
},
{
@@ -768,6 +782,22 @@
"新增 scan / execute / repair / Kali / repo / refs / workflow / runner / primary action button"
]
},
{
"action_id": "show_iwooos_operator_journey",
"title": "IwoooS 顯示只讀資安處理旅程",
"mode": "observe",
"source_contract": "iwooos_posture_projection_v1",
"allowed_processing": [
"顯示 read posture、open surface、triage lane、collect owner evidence、human decision、follow-up runtime gate 六個階段",
"標示每個階段的責任面與 allowed outcome",
"只更新前端可理解度與 read-only projection evidence"
],
"blocked_processing": [
"把 journey step 當成 runtime authorization",
"把 journey step 當成 approval、deploy gate、Kali active scan 或 Code Review blocking gate",
"新增 scan / execute / repair / repo / refs / workflow / runner / primary action button"
]
},
{
"action_id": "mirror_approval_review_packets",
"title": "AwoooP 顯示 8 個人工審查封包",