diff --git a/apps/web/messages/en.json b/apps/web/messages/en.json
index a6e32203e..ec04dc723 100644
--- a/apps/web/messages/en.json
+++ b/apps/web/messages/en.json
@@ -3764,6 +3764,34 @@
"item4": "Open the AwoooP work map"
}
},
+ "tenants": {
+ "securityTenantScopeCandidate": {
+ "title": "IwoooS Tenant Security Scope Read-only Candidate",
+ "subtitle": "Tenant management only displays the protection scope for the AWOOOI first tenant and the IwoooS security mirror. This is not a migration mode change and does not modify tenant policy.",
+ "badge": "Tenant scope",
+ "scopeRefsTitle": "Read-only scope refs",
+ "boundaryLabel": "Tenant Boundary",
+ "boundaryTitle": "No tenant settings are changeable here",
+ "boundaryDetail": "This panel does not change migration mode, modify tenant policy, write to the platform tenants API, call GitHub / Gitea / Kali, or add scan, execute, deploy, primary switch, or refs actions.",
+ "openIwooos": "Open IwoooS",
+ "metrics": {
+ "primaryTenant": "Primary Tenant",
+ "primaryTenantDetail": "AWOOOI is the first runtime tenant in AwoooP. This only displays scope and does not change settings.",
+ "securityEntry": "Security Entry",
+ "securityEntryDetail": "IwoooS remains the read-only Information Security entrypoint and posture mirror.",
+ "hostCoverage": "Host coverage",
+ "hostCoverageDetail": "Kali 112, Dev 168, and Dev 111 are in observe-only view.",
+ "policyMutations": "Tenant policy changes",
+ "policyMutationsDetail": "Currently 0. Do not change policy before owner response and a runtime gate."
+ },
+ "scopeRefs": {
+ "awoooiTenant": "Under the AwoooP platform identity, AWOOOI remains the first tenant / runtime host, not a synonym for the whole platform.",
+ "iwooosMirror": "IwoooS displays security mirror posture, progress, evidence refs, and forbidden actions.",
+ "hostCoverage": "The three named hosts are included only for security visibility and evidence readiness; no SSH, updates, credentialed scans, or blocking controls are performed.",
+ "ownerResponse": "S4.9-S4.12 owner response received / accepted remain 0. Tenant scope display is not approval."
+ }
+ }
+ },
"contracts": {
"securityContractCandidate": {
"title": "IwoooS Security Contract Read-only Candidate",
diff --git a/apps/web/messages/zh-TW.json b/apps/web/messages/zh-TW.json
index a1870a639..5d6738df7 100644
--- a/apps/web/messages/zh-TW.json
+++ b/apps/web/messages/zh-TW.json
@@ -3765,6 +3765,34 @@
"item4": "查看 AwoooP 工作鏈路地圖"
}
},
+ "tenants": {
+ "securityTenantScopeCandidate": {
+ "title": "IwoooS 租戶資安範圍只讀候選",
+ "subtitle": "租戶管理只顯示 AWOOOI 第一租戶與 IwoooS security mirror 的保護範圍;這不是 migration mode change,也不會改 tenant policy。",
+ "badge": "租戶範圍",
+ "scopeRefsTitle": "只讀 scope refs",
+ "boundaryLabel": "租戶邊界",
+ "boundaryTitle": "目前沒有租戶設定可變更",
+ "boundaryDetail": "這個面板不變更 migration mode、不改 tenant policy、不寫入 platform tenants API、不呼叫 GitHub / Gitea / Kali,也不新增 scan、execute、deploy、primary switch 或 refs action。",
+ "openIwooos": "開啟 IwoooS",
+ "metrics": {
+ "primaryTenant": "第一租戶",
+ "primaryTenantDetail": "AWOOOI 是 AwoooP 的第一個 runtime tenant;此處只顯示 scope,不改設定。",
+ "securityEntry": "資安入口",
+ "securityEntryDetail": "IwoooS 仍是 Information Security 的只讀入口與 posture mirror。",
+ "hostCoverage": "Host coverage",
+ "hostCoverageDetail": "Kali 112、Dev 168、Dev 111 已納入 observe-only 視野。",
+ "policyMutations": "Tenant policy changes",
+ "policyMutationsDetail": "目前為 0;owner response 與 runtime gate 前不得改 policy。"
+ },
+ "scopeRefs": {
+ "awoooiTenant": "AwoooP 平台身分下,AWOOOI 仍是第一個 tenant / runtime host,不是全平台的同義詞。",
+ "iwooosMirror": "IwoooS 顯示 security mirror posture、progress、evidence refs 與 forbidden actions。",
+ "hostCoverage": "三台指定主機目前只納入資安視野與 evidence readiness;不做 SSH、更新、credentialed scan 或 blocking control。",
+ "ownerResponse": "S4.9-S4.12 owner response received / accepted 仍為 0,tenant scope 顯示不等於批准。"
+ }
+ }
+ },
"contracts": {
"securityContractCandidate": {
"title": "IwoooS 資安契約只讀候選",
diff --git a/apps/web/src/app/[locale]/awooop/tenants/page.tsx b/apps/web/src/app/[locale]/awooop/tenants/page.tsx
index 509f7fa9d..77b0ad8d7 100644
--- a/apps/web/src/app/[locale]/awooop/tenants/page.tsx
+++ b/apps/web/src/app/[locale]/awooop/tenants/page.tsx
@@ -6,13 +6,17 @@
"use client";
import { useState, useEffect, useCallback } from "react";
+import { useTranslations } from "next-intl";
+import { Link } from "@/i18n/routing";
import {
+ ArrowRight,
Building2,
RefreshCw,
AlertCircle,
DollarSign,
Ban,
CheckCircle2,
+ ShieldCheck,
} from "lucide-react";
import { cn } from "@/lib/utils";
@@ -162,6 +166,152 @@ function TenantRow({ tenant }: { tenant: Tenant }) {
);
}
+function SecurityTenantScopeCandidatePanel() {
+ const t = useTranslations("awooop.tenants.securityTenantScopeCandidate");
+ const metrics = [
+ {
+ label: t("metrics.primaryTenant"),
+ value: "AWOOOI",
+ detail: t("metrics.primaryTenantDetail"),
+ },
+ {
+ label: t("metrics.securityEntry"),
+ value: "IwoooS",
+ detail: t("metrics.securityEntryDetail"),
+ },
+ {
+ label: t("metrics.hostCoverage"),
+ value: "3",
+ detail: t("metrics.hostCoverageDetail"),
+ },
+ {
+ label: t("metrics.policyMutations"),
+ value: "0",
+ detail: t("metrics.policyMutationsDetail"),
+ },
+ ];
+ const scopes = [
+ {
+ name: "AWOOOI first tenant",
+ detail: t("scopeRefs.awoooiTenant"),
+ },
+ {
+ name: "IwoooS security mirror",
+ detail: t("scopeRefs.iwooosMirror"),
+ },
+ {
+ name: "Kali 112 / Dev 168 / Dev 111",
+ detail: t("scopeRefs.hostCoverage"),
+ },
+ {
+ name: "S4.9-S4.12 owner response waiting",
+ detail: t("scopeRefs.ownerResponse"),
+ },
+ ];
+
+ return (
+
+
+
+
{t("title")}
+
+ {t("badge")}
+
+
+
+
+
{t("boundaryTitle")}
+
4 gates = false
+
+ IwoooS
+
+
+
+
+
+
+
+
+
+
+
{t("title")}
+
{t("subtitle")}
+
+
+
+ {t("badge")}
+
+
+
+
+ {metrics.map((item) => (
+
+
{item.label}
+
{item.value}
+
{item.detail}
+
+ ))}
+
+
+
+
+
+ {t("scopeRefsTitle")}
+
+
+ {scopes.map((item) => (
+
+
{item.name}
+
{item.detail}
+
+ ))}
+
+
+
+
+
{t("boundaryLabel")}
+
{t("boundaryTitle")}
+
{t("boundaryDetail")}
+
+ tenant_migration_mode_changed=false
+ tenant_policy_mutation_authorized=false
+ runtime_execution_authorized=false
+ action_buttons_allowed=false
+
+
+ {t("openIwooos")}
+
+
+
+
+
+
+ );
+}
+
// =============================================================================
// Main Component
// =============================================================================
@@ -214,6 +364,8 @@ export default function TenantsPage() {
+
+
{/* Error State */}
{error && (
diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md
index 63f4a3bc1..48887791d 100644
--- a/docs/LOGBOOK.md
+++ b/docs/LOGBOOK.md
@@ -1,3 +1,17 @@
+## 2026-05-20 | 資安供應鏈 S2.57:AwoooP Tenants IwoooS Tenant Scope Candidate
+
+**背景**:S2.53-S2.56 已把 IwoooS 資安鏡像接到 AwoooP 首頁、工作鏈路、審批佇列與合約儀表板;本輪把同一個只讀範圍放進 `/awooop/tenants`,讓使用者在租戶管理也能理解 AWOOOI 第一租戶、IwoooS 與三台指定主機的資安視野,但不把它變成租戶設定或 policy mutation。
+
+**完成**:
+- `/awooop/tenants` 新增「IwoooS 租戶資安範圍只讀候選」面板,顯示 AWOOOI first tenant、IwoooS security mirror、Kali 112 / Dev 168 / Dev 111 與 S4.9-S4.12 owner response waiting。
+- 面板顯示 primary tenant=AWOOOI、security entry=IwoooS、host coverage=3、tenant policy changes=0,並以 `/iwooos` 作為只讀入口。
+- `security_mirror_status_rollup_v1` micro progress ledger 新增 `s2_57_awooop_tenants_iwooos_tenant_scope_candidate`,並新增 `show_awooop_tenants_iwooos_tenant_scope_candidate` next safe action。
+- `security-mirror-progress-guard.py` 開始驗證 AwoooP tenants 面板、IwoooS link、四個 scope refs、四個 false 邊界與 i18n 鍵。
+
+**仍禁止**:
+- AwoooP tenants 的 S2.57 面板不代表 tenant migration mode change、tenant policy mutation、platform tenants API write、runtime gate、execution router、action button、Kali `/execute`、SSH 登入、主機更新、GitHub primary、Gitea/GitHub refs mutation 或 blocking control。
+- 整體資安網 headline 仍是 58%;框架 / 治理 / 文件 / schema / read-only evidence 仍約 80-85%;真正落地執行 / runtime ingestion / GitHub primary / AwoooP production landing 仍約 35-40%。
+
## 2026-05-20 | 資安供應鏈 S2.56:AwoooP Contracts IwoooS Security Contract Candidate
**背景**:S2.53-S2.55 已把 IwoooS 資安鏡像接到 AwoooP 首頁、工作鏈路與審批佇列;本輪把同一組只讀契約口徑放進 `/awooop/contracts`,讓使用者能在合約儀表板理解 IwoooS 依賴哪些 schema / snapshot / guard,而不是把資安狀態只看成頁面文案。
diff --git a/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md b/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md
index f9941ca94..c2e718d0e 100644
--- a/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md
+++ b/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md
@@ -38,6 +38,7 @@
| IwoooS posture projection | S2.9 已新增 `iwooos_posture_projection_v1`;S2.10 已把 10 個既有前端資安相關頁面納入 projection;S2.11 已補 4 個 coverage groups 與 5 個 conflict controls;S2.12 已補 6 個只讀 operator journey steps;S2.13 已補 7 個 owner evidence readiness items;S2.14 已補 3 個 host coverage items:Kali 112、開發主機 168、開發主機 111;S2.15 已補 6 個 host action gate items;S2.16 已補 7 個 host evidence readiness items;S2.17 已補 7 個 host evidence collection order steps;S2.18 已補 7 個 host evidence intake preflight checks;S2.19 已補 7 個 host evidence review outcome lanes;S2.20 已補 7 個 host evidence review handoff packets;S2.21 已補 7 個 host evidence reviewer checklist items;S2.22 已補 7 個 host evidence reviewer outcome lanes;S2.23 已補 7 個 host owner decision candidate packets;S2.24 已補 7 個 host owner decision review checklist items;S2.25 已補 7 個 host owner decision review outcome lanes;S2.26 已補 7 個 host owner decision record draft packets;S2.27 已補 7 個 host owner decision record draft review checklist items;S2.28 已補 7 個 host owner decision record draft review outcome lanes;S2.29 已補 7 個 host owner decision record write-up packets;S2.30 已補 7 個 host owner decision record write-up review checklist items;S2.31 已補 7 個 host owner decision record write-up review outcome lanes;S2.32 已補 7 個 host owner decision record formal candidate packets;S2.33 已補 7 個 host owner decision record formal candidate review checklist items;S2.34 已補 8 個 host owner decision record formal candidate review outcome lanes;S2.35 已補 8 個 host owner decision record formal record queue packets;S2.36 已補 8 個 host owner decision record formal record queue review checklist items;S2.37 已補 8 個 host owner decision record formal record queue review outcome lanes;S2.38 已補 8 個 host owner decision record human handoff readiness packets;S2.39 已補 8 個 host owner decision record human handoff readiness review checklist items;S2.40 已補 9 個 host owner decision record human handoff readiness review outcome lanes;S2.41 已補 9 個 host owner decision record human record owner review candidate packets;S2.42 已補 9 個 host owner decision record human record owner review candidate checklist items;S2.43 已補 9 個 host owner decision record human record owner review candidate outcome lanes;S2.44 已補 9 個 host owner decision record human record owner review preparation packets;S2.45 已補 9 個 host owner decision record human record owner review preparation checklist items;S2.46 已補 6 條 progress acceleration lanes,顯示 58% holding 原因與下一個高層解鎖 gate;S2.47 已補 4 個 owner response next-action focus items,顯示 S4.9 為下一個收件焦點且 S4.10-S4.12 依序排隊;S2.48 已補 6 個 S4.9 owner response preflight checks,讓下一個 P0 owner response 的可收件條件可見;S2.49 已補 5 個 S4.9 owner response request templates,讓 owner 要逐項回覆的五題可見;S2.50 已補 5 個 progress hold movement gates,解釋為什麼 58% 仍維持且五個真實 movement signal 都是 0 / false;S2.51 已補 6 個 AwoooP read-only landing readiness items,讓另一個 AwoooP Session 可照 snapshot / evidence / guard / route / forbidden outputs 接入;S2.52 已補 6 個 AwoooP cross-session handoff packets,固定 PR / branch anchor、progress semantics、guard commands、forbidden runtime actions、read-only inputs 與 next coordination gate;S2.53 已把 IwoooS / security mirror 狀態放進 AwoooP 首頁只讀候選面板,顯示 58%、80-85%、35-40%、active gates 0 與四個接入檢查;S2.54 已把 IwoooS / security mirror 狀態放進 AwoooP 工作鏈路觀察項;仍不新增 action button |
| AwoooP approvals IwoooS owner response focus | S2.55 已把 S4.9-S4.12 owner response 下一個人工收件焦點放進 `/awooop/approvals` 只讀面板;received=0、accepted=0、active runtime gates=0、headline=58%、approval_record_created=false;仍不新增 approve、execute、deploy、primary switch、refs action 或 runtime gate |
| AwoooP contracts IwoooS security contract candidate | S2.56 已把四個 security mirror contract refs 放進 `/awooop/contracts` 只讀面板;total contracts=36、ready=33、partial=2、active runtime gates=0、contract_publish_authorized=false;仍不發布 contract revision、不改 lifecycle、不寫 platform contracts API、不新增 action button |
+| AwoooP tenants IwoooS tenant scope candidate | S2.57 已把 AWOOOI first tenant、IwoooS security mirror、Kali 112 / Dev 168 / Dev 111 與 S4.9-S4.12 owner response waiting 放進 `/awooop/tenants` 只讀面板;host coverage=3、tenant policy changes=0、tenant_migration_mode_changed=false;仍不改 migration mode、不改 tenant policy、不寫 platform tenants API、不新增 action button |
| Dry-run | `contract_defined_not_executed`;已納入 `CHECK_PROGRESS_GUARD` 與 `CHECK_OWNER_RESPONSE_GUARD`,latest local validation 為 `repo_snapshot_guard_pass`,仍不代表 production ingestion |
| Runtime actions | `false` |
| Payload ingestion | `false` |
@@ -142,6 +143,7 @@
| S2.54 AwoooP work-items IwoooS security mirror candidate | framework detail | 0 | 只把 IwoooS / security mirror 狀態放進 AwoooP 工作鏈路觀察項;production_landing_enabled=false、execution_router_linked=false、runtime_execution_authorized=false、action_buttons_allowed=false,不把觀察項當 production landing、runtime gate、execution router、scan、execute、repair、deploy、primary switch 或 refs action |
| S2.55 AwoooP approvals IwoooS owner response gate candidate | framework detail | 0 | 只把 S4.9-S4.12 owner response 下一個人工收件焦點放進 AwoooP 審批視野;approval_record_created=false、owner_response_accepted_count=0、runtime_execution_authorized=false、action_buttons_allowed=false,不把面板當 approval record、runtime gate、execution router 或 action button |
| S2.56 AwoooP contracts IwoooS security contract candidate | framework detail | 0 | 只把四個 security mirror contract refs 放進 AwoooP 合約儀表板只讀視野;contract_publish_authorized=false、contract_mutation_authorized=false、runtime_execution_authorized=false、action_buttons_allowed=false,不把面板當 contract publish、lifecycle mutation、runtime gate、execution router 或 action button |
+| S2.57 AwoooP tenants IwoooS tenant scope candidate | framework detail | 0 | 只把 AWOOOI first tenant、IwoooS security mirror、host coverage=3 與 owner response waiting 放進 AwoooP 租戶管理只讀視野;tenant_migration_mode_changed=false、tenant_policy_mutation_authorized=false、runtime_execution_authorized=false、action_buttons_allowed=false,不把面板當 migration mode change、tenant policy mutation、runtime gate、execution router 或 action button |
headline 進度要再往上,至少需要下列任一高層 gate 有實質 evidence:
diff --git a/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md b/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md
index 1f990a710..89ee49033 100644
--- a/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md
+++ b/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md
@@ -5,7 +5,7 @@
| 日期 | 2026-05-17 |
| 狀態 | S0/S1 read-only evidence 建置中 |
| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Source Control Ref Truth Owner Response 收件包 + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + GitHub Target Owner Decision Response 收件包 + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Gitea Owner Attestation Approval Lane 對齊 + Gitea Owner Attestation Response 收件包 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Workflow / Secret Name Owner Response 收件包 + Source Control Owner Response Validation Rollup + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 + IwoooS 前端態勢入口 + IwoooS posture projection contract + IwoooS 既有前端資安頁面整合 + IwoooS 覆蓋與邊界矩陣 + IwoooS 只讀資安處理旅程 + IwoooS owner evidence readiness board + IwoooS host coverage view + IwoooS host action gate matrix + IwoooS host evidence readiness board + IwoooS host evidence collection order + IwoooS host evidence intake preflight + IwoooS host evidence review outcome lanes + IwoooS host evidence review handoff packets + IwoooS host evidence reviewer checklist + IwoooS host evidence reviewer outcome lanes + IwoooS host owner decision candidate packets + IwoooS host owner decision review checklist + IwoooS host owner decision review outcome lanes + IwoooS host owner decision record draft packets + IwoooS host owner decision record draft review checklist + IwoooS host owner decision record draft review outcome lanes + IwoooS host owner decision record write-up packets + IwoooS host owner decision record write-up review checklist + IwoooS host owner decision record write-up review outcome lanes + IwoooS host owner decision record formal candidate packets + IwoooS host owner decision record formal candidate review checklist + IwoooS host owner decision record formal candidate review outcome lanes + IwoooS host owner decision record formal record queue packets + IwoooS host owner decision record formal record queue review checklist + IwoooS host owner decision record formal record queue review outcome lanes + IwoooS host owner decision record human handoff readiness packets + IwoooS host owner decision record human handoff readiness review checklist + IwoooS host owner decision record human handoff readiness review outcome lanes + IwoooS host owner decision record human record owner review candidate packets + IwoooS host owner decision record human record owner review candidate checklist + IwoooS host owner decision record human record owner review candidate outcome lanes + IwoooS host owner decision record human record owner review preparation packets + IwoooS host owner decision record human record owner review preparation checklist + IwoooS progress acceleration lanes + IwoooS owner response next-action focus + IwoooS S4.9 owner response preflight + IwoooS S4.9 owner response request templates + IwoooS progress hold movement gates + IwoooS AwoooP read-only landing readiness + IwoooS AwoooP cross-session handoff packets + AwoooP 首頁 IwoooS 資安鏡像候選 + AwoooP 工作鏈路 IwoooS 資安鏡像候選 + AwoooP 審批佇列 IwoooS owner response 只讀焦點 |
-| 本階段追加 | AwoooP 合約儀表板 IwoooS 資安契約只讀候選 |
+| 本階段追加 | AwoooP 合約儀表板 IwoooS 資安契約只讀候選 + AwoooP 租戶管理 IwoooS 資安租戶範圍只讀候選 |
| 原則 | 低摩擦分階段;文件、schema、read-only evidence 優先;不做 runtime enforcement、不切 primary |
## 0. 本階段完成後整體進度
@@ -28,7 +28,7 @@ python3 scripts/security/security-mirror-progress-guard.py
### 0.2 Headline 58% 不代表停滯
-近期 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.13 evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates / reviewer audit display sections / reviewer audit collection checks / reviewer audit redaction examples / reviewer audit retention rules / reviewer audit retention checks / reviewer audit handoff packets / reviewer audit handoff checks / parallel session sync checks / parallel session conflict lanes / parallel session recovery checks / recovery outcome lanes、S1.3 non-blocking escalation lanes、S2.8 IwoooS frontend posture entry,以及 S2.9-S2.56 IwoooS / AwoooP security projection contract 都是有效進展,但它們是 framework detail,不是 owner response、runtime gate、production ingestion 或 GitHub primary readiness。因此 headline 仍維持 58%,避免把只讀框架誤算成已落地執行。
+近期 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.13 evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates / reviewer audit display sections / reviewer audit collection checks / reviewer audit redaction examples / reviewer audit retention rules / reviewer audit retention checks / reviewer audit handoff packets / reviewer audit handoff checks / parallel session sync checks / parallel session conflict lanes / parallel session recovery checks / recovery outcome lanes、S1.3 non-blocking escalation lanes、S2.8 IwoooS frontend posture entry,以及 S2.9-S2.57 IwoooS / AwoooP security projection contract 都是有效進展,但它們是 framework detail,不是 owner response、runtime gate、production ingestion 或 GitHub primary readiness。因此 headline 仍維持 58%,避免把只讀框架誤算成已落地執行。
S2.50 也把「為什麼 58% 還不動」拆成五個可見 gate:owner response accepted、redacted payload ingestion、active runtime gate、GitHub primary ready、AwoooP read-only landing。這五個 gate 目前仍全部是 0 / false,所以 headline 不應被灌水提高。
@@ -119,6 +119,7 @@ S2.50 也把「為什麼 58% 還不動」拆成五個可見 gate:owner respons
| S2.54 AwoooP work-items IwoooS security mirror candidate | 已完成草案,將 IwoooS / security mirror 顯示成 AwoooP 工作鏈路的觀察期只讀工作項;production_landing_enabled 仍為 false,active runtime gates 仍為 0 | 0 |
| S2.55 AwoooP approvals IwoooS owner response gate candidate | 已完成草案,將 S4.9-S4.12 owner response 下一個人工收件焦點放進 AwoooP 審批佇列的只讀面板;approval_record_created=false、runtime gate 仍為 0 | 0 |
| S2.56 AwoooP contracts IwoooS security contract candidate | 已完成草案,將四個 security mirror contract refs 放進 AwoooP 合約儀表板只讀面板;contract_publish_authorized=false、runtime gate 仍為 0 | 0 |
+| S2.57 AwoooP tenants IwoooS tenant scope candidate | 已完成草案,將 AWOOOI first tenant、IwoooS security mirror、host coverage=3 與 owner response waiting 放進 AwoooP 租戶管理只讀面板;tenant_migration_mode_changed=false、tenant policy changes 仍為 0 | 0 |
headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner response 收到並通過脫敏驗收,或人工批准後出現 active runtime gate、redacted payload ingestion、GitHub primary readiness 這類落地 evidence。
@@ -194,6 +195,7 @@ headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner respons
| S2.54 AwoooP Work-Items IwoooS Security Mirror Candidate | 完成草案 | `/awooop/work-items` 新增 S2.54 IwoooS 資安鏡像只讀工作項,顯示 58%、80-85%、35-40%、active runtime gates=0、owner response waiting 與 false 邊界,並連到 `/iwooos` | 使用者能在工作鏈路追蹤資安網,而不是只看首頁摘要;觀察項仍不是 production landing enabled、execution router、runtime gate、action button 或 headline 加分 |
| S2.55 AwoooP Approvals IwoooS Owner Response Gate Candidate | 完成草案 | `/awooop/approvals` 新增 IwoooS owner response 只讀審查焦點,顯示 S4.9-S4.12 收件順序、received=0、accepted=0、active runtime gates=0、headline=58%,並連到 `/iwooos` | 使用者能在審批佇列理解下一個人工收件焦點;面板仍不是 approval record、runtime gate、execution router、action button 或 headline 加分 |
| S2.56 AwoooP Contracts IwoooS Security Contract Candidate | 完成草案 | `/awooop/contracts` 新增 IwoooS 資安契約只讀候選,顯示四個 security mirror contract refs、36 total、33 ready、2 partial、active runtime gates=0,並連到 `/iwooos` | 使用者能在合約儀表板理解資安網背後的契約來源;面板仍不是 contract publish、lifecycle mutation、runtime gate、execution router、action button 或 headline 加分 |
+| S2.57 AwoooP Tenants IwoooS Tenant Scope Candidate | 完成草案 | `/awooop/tenants` 新增 IwoooS 租戶資安範圍只讀候選,顯示 AWOOOI 第一租戶、IwoooS、host coverage=3、tenant policy changes=0,並連到 `/iwooos` | 使用者能在租戶管理理解資安網保護範圍;面板仍不是 migration mode change、tenant policy mutation、runtime gate、execution router、action button 或 headline 加分 |
| S3 approval gate | 進行中 | `security_approval_gate_v1` 已建立 8 個人工 gate items:7 pending、1 block candidate、0 approved | 不得繞過人工批准;批准後仍需 follow-up runtime gate |
| S3.0 人工批准 Gate 契約 | 完成草案 | 定義批准範圍、決策選項、required reviewers、still forbidden 與 follow-up runtime gate | AwoooP 可記錄決策,不可執行 gate item |
| S3.1 人工決策紀錄契約 | 完成草案 | `security_approval_decision_record_v1` 已建立;目前 0 筆 decision records、0 個 runtime action 授權 | AwoooP 可稽核決策,不可把決策當執行 |
diff --git a/docs/security/security-mirror-status-rollup.snapshot.json b/docs/security/security-mirror-status-rollup.snapshot.json
index 2a02f9fd6..0ce21e1ec 100644
--- a/docs/security/security-mirror-status-rollup.snapshot.json
+++ b/docs/security/security-mirror-status-rollup.snapshot.json
@@ -1142,6 +1142,18 @@
"runtime_delta": false,
"execution_authorized": false,
"not_authorization": true
+ },
+ {
+ "delta_id": "s2_57_awooop_tenants_iwooos_tenant_scope_candidate",
+ "display_order": 86,
+ "completed_stage": "S2.57 AwoooP tenants IwoooS tenant scope candidate",
+ "progress_axis": "framework_detail",
+ "headline_percent_delta": 0,
+ "framework_delta_visible": true,
+ "why_headline_unchanged": "AwoooP tenants IwoooS tenant scope candidate 只把 AWOOOI 第一租戶、IwoooS security mirror、Kali 112 / Dev 168 / Dev 111 與 owner response waiting 放進租戶管理只讀視野;tenant_migration_mode_changed=false,tenant policy 仍未變更。",
+ "runtime_delta": false,
+ "execution_authorized": false,
+ "not_authorization": true
}
],
"next_safe_actions": [
@@ -1242,6 +1254,22 @@
"從 AwoooP contracts 面板建立 runtime gate、GitHub/Gitea action、Kali action、secret action 或 refs action"
]
},
+ {
+ "action_id": "show_awooop_tenants_iwooos_tenant_scope_candidate",
+ "title": "AwoooP 租戶管理顯示 IwoooS 資安租戶範圍候選",
+ "mode": "observe",
+ "source_contract": "security_mirror_status_rollup_v1",
+ "allowed_processing": [
+ "在 /awooop/tenants 顯示 AWOOOI 第一租戶與 IwoooS security mirror 範圍",
+ "顯示 host coverage=3、tenant policy changes=0、active runtime gates=0",
+ "連到 /iwooos 只讀入口,不變更 migration mode、不改 tenant policy、不新增 scan、execute、deploy、primary switch、refs action 或 runtime gate"
+ ],
+ "blocked_processing": [
+ "把 AwoooP tenants 面板當成 tenant_migration_mode_changed",
+ "從 AwoooP tenants 面板寫入 platform tenants API 或修改 tenant policy",
+ "從 AwoooP tenants 面板建立 runtime gate、GitHub/Gitea action、Kali action、secret action 或 refs action"
+ ]
+ },
{
"action_id": "mirror_low_friction_non_blocking_lanes",
"title": "AwoooP 顯示低摩擦非阻擋升級分流",
@@ -1611,7 +1639,8 @@
"S2.53 新增 AwoooP home IwoooS security mirror candidate;AwoooP 首頁以只讀候選方式顯示 headline 58%、framework 80-85%、runtime 35-40%、active runtime gates 0 與四個接入檢查;production_landing_enabled=false、execution_router_linked=false、runtime_execution_authorized=false、action_buttons_allowed=false,不把首頁候選面板當 production landing、runtime gate、execution router 或 action button。",
"S2.54 新增 AwoooP work-items IwoooS security mirror candidate;AwoooP 工作鏈路以觀察期只讀工作項顯示 S2.54、IwoooS / security mirror、headline 58%、framework 80-85%、runtime 35-40%、active runtime gates 0 與 owner response waiting;production_landing_enabled=false、execution_router_linked=false、runtime_execution_authorized=false、action_buttons_allowed=false,不把工作項當 production landing、runtime gate、execution router 或 action button。",
"S2.55 新增 AwoooP approvals IwoooS owner response gate candidate;AwoooP 審批佇列以只讀焦點顯示 S4.9-S4.12 owner response 收件順序、received=0、accepted=0、active runtime gates=0、headline=58%;approval_record_created=false、owner_response_accepted_count=0、runtime_execution_authorized=false、action_buttons_allowed=false,不把 approvals 面板當 owner response received/accepted、approval record、runtime gate、execution router 或 action button。",
- "S2.56 新增 AwoooP contracts IwoooS security contract candidate;AwoooP 合約儀表板以只讀候選顯示 security_mirror_status_rollup_v1、iwooos_posture_projection_v1、source_control_owner_response_validation_rollup_v1、security_rollout_policy_v1、total contracts=36、ready=33、partial=2、active runtime gates=0;contract_publish_authorized=false、contract_mutation_authorized=false、runtime_execution_authorized=false、action_buttons_allowed=false,不把 contracts 面板當 contract publish、lifecycle mutation、runtime gate、execution router 或 action button。"
+ "S2.56 新增 AwoooP contracts IwoooS security contract candidate;AwoooP 合約儀表板以只讀候選顯示 security_mirror_status_rollup_v1、iwooos_posture_projection_v1、source_control_owner_response_validation_rollup_v1、security_rollout_policy_v1、total contracts=36、ready=33、partial=2、active runtime gates=0;contract_publish_authorized=false、contract_mutation_authorized=false、runtime_execution_authorized=false、action_buttons_allowed=false,不把 contracts 面板當 contract publish、lifecycle mutation、runtime gate、execution router 或 action button。",
+ "S2.57 新增 AwoooP tenants IwoooS tenant scope candidate;AwoooP 租戶管理以只讀候選顯示 AWOOOI first tenant、IwoooS security mirror、Kali 112 / Dev 168 / Dev 111、S4.9-S4.12 owner response waiting、host coverage=3、tenant policy changes=0;tenant_migration_mode_changed=false、tenant_policy_mutation_authorized=false、runtime_execution_authorized=false、action_buttons_allowed=false,不把 tenants 面板當 tenant migration、policy mutation、runtime gate、execution router 或 action button。"
],
"forbidden_actions": [
"start_kali_scan",
diff --git a/scripts/security/security-mirror-progress-guard.py b/scripts/security/security-mirror-progress-guard.py
index 140fe2a5c..09658559c 100755
--- a/scripts/security/security-mirror-progress-guard.py
+++ b/scripts/security/security-mirror-progress-guard.py
@@ -61,6 +61,9 @@ def validate(root: Path) -> None:
awooop_work_items_page = (
root / "apps" / "web" / "src" / "app" / "[locale]" / "awooop" / "work-items" / "page.tsx"
).read_text(encoding="utf-8")
+ awooop_tenants_page = (
+ root / "apps" / "web" / "src" / "app" / "[locale]" / "awooop" / "tenants" / "page.tsx"
+ ).read_text(encoding="utf-8")
awooop_approvals_page = (
root / "apps" / "web" / "src" / "app" / "[locale]" / "awooop" / "approvals" / "page.tsx"
).read_text(encoding="utf-8")
@@ -227,6 +230,7 @@ def validate(root: Path) -> None:
"s2_54_awooop_work_items_iwooos_security_mirror_candidate",
"s2_55_awooop_approvals_iwooos_owner_response_gate_candidate",
"s2_56_awooop_contracts_iwooos_security_contract_candidate",
+ "s2_57_awooop_tenants_iwooos_tenant_scope_candidate",
]
assert_equal(
"progress_delta_ledger.delta_ids",
@@ -276,6 +280,11 @@ def validate(root: Path) -> None:
[item["action_id"] for item in rollup["next_safe_actions"] if isinstance(item, dict)],
"show_awooop_contracts_iwooos_security_contract_candidate",
)
+ assert_contains(
+ "rollup.next_safe_actions.action_ids",
+ [item["action_id"] for item in rollup["next_safe_actions"] if isinstance(item, dict)],
+ "show_awooop_tenants_iwooos_tenant_scope_candidate",
+ )
assert_equal("rollout_policy.schema_version", rollout_policy["schema_version"], "security_rollout_policy_v1")
assert_equal("rollout_policy.default_mode", rollout_policy["default_mode"], "observe")
@@ -4867,6 +4876,49 @@ def validate(root: Path) -> None:
key,
)
+ assert_text_contains(
+ "awooop_tenants_page.security_tenant_scope_panel",
+ awooop_tenants_page,
+ "SecurityTenantScopeCandidatePanel",
+ )
+ assert_text_contains("awooop_tenants_page.iwooos_link", awooop_tenants_page, 'href="/iwooos"')
+ for text in [
+ "tenant_migration_mode_changed=false",
+ "tenant_policy_mutation_authorized=false",
+ "runtime_execution_authorized=false",
+ "action_buttons_allowed=false",
+ ]:
+ assert_text_contains("awooop_tenants_page.security_tenant_boundary", awooop_tenants_page, text)
+ for text in [
+ "AWOOOI first tenant",
+ "IwoooS security mirror",
+ "Kali 112 / Dev 168 / Dev 111",
+ "S4.9-S4.12 owner response waiting",
+ ]:
+ assert_text_contains("awooop_tenants_page.security_tenant_scope_refs", awooop_tenants_page, text)
+ for key in [
+ "title",
+ "subtitle",
+ "badge",
+ "scopeRefsTitle",
+ "boundaryLabel",
+ "boundaryTitle",
+ "boundaryDetail",
+ "openIwooos",
+ "metrics",
+ "scopeRefs",
+ ]:
+ assert_contains(
+ "web_messages.zh-TW.awooop.tenants.securityTenantScopeCandidate",
+ list(web_messages_zh["awooop"]["tenants"]["securityTenantScopeCandidate"].keys()),
+ key,
+ )
+ assert_contains(
+ "web_messages.en.awooop.tenants.securityTenantScopeCandidate",
+ list(web_messages_en["awooop"]["tenants"]["securityTenantScopeCandidate"].keys()),
+ key,
+ )
+
assert_text_contains("awooop_approvals_page.security_owner_response_panel", awooop_approvals_page, "SecurityOwnerResponseGatePanel")
assert_text_contains("awooop_approvals_page.iwooos_link", awooop_approvals_page, 'href="/iwooos"')
for text in [