fix(awooop): route workflow telegram alerts through ai receipts
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / build-and-deploy (push) Has been cancelled
CD Pipeline / post-deploy-checks (push) Has been cancelled
CD Pipeline / tests (push) Has been cancelled
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / build-and-deploy (push) Has been cancelled
CD Pipeline / post-deploy-checks (push) Has been cancelled
CD Pipeline / tests (push) Has been cancelled
This commit is contained in:
@@ -53,10 +53,7 @@ jobs:
|
||||
scripts/ci/notify-awoooi-cicd.sh; then
|
||||
echo "Dev deploy start notification mirrored through AWOOI API"
|
||||
else
|
||||
printf '%b' "$MSG" | curl -fS -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
|
||||
-d "chat_id=${{ env.SRE_GROUP_CHAT_ID }}" \
|
||||
-d "parse_mode=HTML" \
|
||||
--data-urlencode "text@-"
|
||||
echo "AWOOI API notify failed; direct Telegram fallback disabled to preserve AwoooP receipt chain"
|
||||
fi
|
||||
|
||||
# API 測試 (同 prod CI,確保 dev 也通過)
|
||||
@@ -243,10 +240,7 @@ jobs:
|
||||
scripts/ci/notify-awoooi-cicd.sh; then
|
||||
echo "Dev deploy success notification mirrored through AWOOI API"
|
||||
else
|
||||
printf '%b' "$MSG" | curl -fS -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
|
||||
-d "chat_id=${{ env.SRE_GROUP_CHAT_ID }}" \
|
||||
-d "parse_mode=HTML" \
|
||||
--data-urlencode "text@-"
|
||||
echo "AWOOI API notify failed; direct Telegram fallback disabled to preserve AwoooP receipt chain"
|
||||
fi
|
||||
|
||||
- name: Notify Dev Deploy Failure
|
||||
@@ -266,8 +260,5 @@ jobs:
|
||||
scripts/ci/notify-awoooi-cicd.sh; then
|
||||
echo "Dev deploy failure notification mirrored through AWOOI API"
|
||||
else
|
||||
printf '%b' "$MSG" | curl -fS -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
|
||||
-d "chat_id=${{ env.SRE_GROUP_CHAT_ID }}" \
|
||||
-d "parse_mode=HTML" \
|
||||
--data-urlencode "text@-"
|
||||
echo "AWOOI API notify failed; direct Telegram fallback disabled to preserve AwoooP receipt chain"
|
||||
fi
|
||||
|
||||
@@ -148,10 +148,7 @@ jobs:
|
||||
scripts/ci/notify-awoooi-cicd.sh; then
|
||||
echo "✅ CI/CD start notification mirrored through AWOOI API"
|
||||
else
|
||||
curl -fS -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
|
||||
-d "chat_id=${{ env.SRE_GROUP_CHAT_ID }}" \
|
||||
-d "parse_mode=HTML" \
|
||||
--data-urlencode "text=${MSG}" || echo "TG notify failed (non-fatal): exit=$?"
|
||||
echo "AWOOI API notify failed; direct Telegram fallback disabled to preserve AwoooP receipt chain"
|
||||
fi
|
||||
|
||||
|
||||
@@ -1094,10 +1091,7 @@ jobs:
|
||||
scripts/ci/notify-awoooi-cicd.sh; then
|
||||
echo "✅ CI/CD tests failure notification mirrored through AWOOI API"
|
||||
else
|
||||
curl -fS -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
|
||||
-d "chat_id=${{ env.SRE_GROUP_CHAT_ID }}" \
|
||||
-d "parse_mode=HTML" \
|
||||
--data-urlencode "text=${MSG}" || echo "TG notify failed (non-fatal): exit=$?"
|
||||
echo "AWOOI API notify failed; direct Telegram fallback disabled to preserve AwoooP receipt chain"
|
||||
fi
|
||||
|
||||
build-and-deploy:
|
||||
@@ -2289,10 +2283,7 @@ jobs:
|
||||
scripts/ci/notify-awoooi-cicd.sh; then
|
||||
echo "✅ CI/CD build failure notification mirrored through AWOOI API"
|
||||
else
|
||||
curl -fS -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
|
||||
-d "chat_id=${{ env.SRE_GROUP_CHAT_ID }}" \
|
||||
-d "parse_mode=HTML" \
|
||||
--data-urlencode "text=${MSG}" || echo "TG notify failed (non-fatal): exit=$?"
|
||||
echo "AWOOI API notify failed; direct Telegram fallback disabled to preserve AwoooP receipt chain"
|
||||
fi
|
||||
|
||||
post-deploy-checks:
|
||||
@@ -2683,9 +2674,7 @@ jobs:
|
||||
scripts/ci/notify-awoooi-cicd.sh; then
|
||||
echo "✅ CI/CD success notification mirrored through AWOOI API"
|
||||
else
|
||||
printf '%b' "$TG_MSG" | curl -fS -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
|
||||
-d "chat_id=${{ env.SRE_GROUP_CHAT_ID }}" \
|
||||
--data-urlencode "text@-" || echo "TG notify warning (non-fatal)"
|
||||
echo "AWOOI API notify failed; direct Telegram fallback disabled to preserve AwoooP receipt chain"
|
||||
fi
|
||||
|
||||
- name: Notify Pipeline Failure
|
||||
@@ -2708,10 +2697,7 @@ jobs:
|
||||
scripts/ci/notify-awoooi-cicd.sh; then
|
||||
echo "✅ CI/CD post-deploy failure notification mirrored through AWOOI API"
|
||||
else
|
||||
curl -fS -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
|
||||
-d "chat_id=${{ env.SRE_GROUP_CHAT_ID }}" \
|
||||
-d "parse_mode=HTML" \
|
||||
--data-urlencode "text=${MSG}" || echo "TG notify failed (non-fatal): exit=$?"
|
||||
echo "AWOOI API notify failed; direct Telegram fallback disabled to preserve AwoooP receipt chain"
|
||||
fi
|
||||
|
||||
- name: Clean Post-Deploy Workspace Artifacts
|
||||
|
||||
@@ -125,14 +125,7 @@ jobs:
|
||||
scripts/ci/notify-awoooi-cicd.sh; then
|
||||
echo "Code review start notification mirrored through AWOOI API"
|
||||
else
|
||||
if [ -z "${TG_BOT_TOKEN:-}" ] || [ -z "${SRE_GROUP_CHAT_ID:-}" ]; then
|
||||
echo "Telegram secret missing and AWOOI API notify failed; skip start notification"
|
||||
exit 0
|
||||
fi
|
||||
curl -fsS -X POST "https://api.telegram.org/bot${TG_BOT_TOKEN}/sendMessage" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "$(jq -n --arg c "$SRE_GROUP_CHAT_ID" --arg t "$MSG" '{chat_id:$c,text:$t,parse_mode:"HTML",disable_web_page_preview:true}')" \
|
||||
>/dev/null
|
||||
echo "AWOOI API notify failed; direct Telegram fallback disabled to preserve AwoooP receipt chain"
|
||||
fi
|
||||
|
||||
- name: Run Deterministic Review
|
||||
@@ -201,12 +194,5 @@ jobs:
|
||||
scripts/ci/notify-awoooi-cicd.sh; then
|
||||
echo "Code review completion notification mirrored through AWOOI API"
|
||||
else
|
||||
if [ -z "${TG_BOT_TOKEN:-}" ] || [ -z "${SRE_GROUP_CHAT_ID:-}" ]; then
|
||||
echo "Telegram secret missing and AWOOI API notify failed; skip completion notification"
|
||||
exit 0
|
||||
fi
|
||||
curl -fsS -X POST "https://api.telegram.org/bot${TG_BOT_TOKEN}/sendMessage" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "$(jq -n --arg c "$SRE_GROUP_CHAT_ID" --arg t "$MSG" '{chat_id:$c,text:$t,parse_mode:"HTML",disable_web_page_preview:true}')" \
|
||||
>/dev/null
|
||||
echo "AWOOI API notify failed; direct Telegram fallback disabled to preserve AwoooP receipt chain"
|
||||
fi
|
||||
|
||||
@@ -67,7 +67,5 @@ jobs:
|
||||
scripts/ci/notify-awoooi-cicd.sh; then
|
||||
echo "Alert rule deploy notification mirrored through AWOOI API"
|
||||
else
|
||||
curl -fS -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
|
||||
-d "chat_id=${{ env.SRE_GROUP_CHAT_ID }}" \
|
||||
--data-urlencode "text=${MSG}" || true
|
||||
echo "AWOOI API notify failed; direct Telegram fallback disabled to preserve AwoooP receipt chain"
|
||||
fi
|
||||
|
||||
@@ -95,8 +95,5 @@ jobs:
|
||||
scripts/ci/notify-awoooi-cicd.sh; then
|
||||
echo "E2E failure notification mirrored through AWOOI API"
|
||||
else
|
||||
curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
|
||||
-d chat_id="${{ env.SRE_GROUP_CHAT_ID }}" \
|
||||
-d parse_mode="HTML" \
|
||||
-d text="🔴 <b>[E2E Health Check]</b> 失敗%0A%0A📅 $(TZ=Asia/Taipei date '+%Y-%m-%d %H:%M')%0A🔗 API 健康檢查未通過%0A%0A請檢查 K3s 叢集狀態"
|
||||
echo "AWOOI API notify failed; direct Telegram fallback disabled to preserve AwoooP receipt chain"
|
||||
fi
|
||||
|
||||
@@ -196,10 +196,4 @@ jobs:
|
||||
echo "Migration notification mirrored through AWOOI API"
|
||||
exit 0
|
||||
fi
|
||||
if [ -n "$TG_TOKEN" ] && [ -n "${SRE_GROUP_CHAT_ID:-}" ]; then
|
||||
MSG="🗄️ Migration CI: \`${STATUS}\` — commit ${{ github.sha }}"
|
||||
curl -s -X POST "https://api.telegram.org/bot${TG_TOKEN}/sendMessage" \
|
||||
-d chat_id="${SRE_GROUP_CHAT_ID}" \
|
||||
-d parse_mode="Markdown" \
|
||||
-d text="${MSG}" || true
|
||||
fi
|
||||
echo "AWOOI API notify failed; direct Telegram fallback disabled to preserve AwoooP receipt chain"
|
||||
|
||||
@@ -37,18 +37,18 @@ def test_load_latest_ai_agent_report_truth_actionability_review():
|
||||
assert data["telegram_routing_consolidation"]["direct_telegram_api_send_allowed"] is False
|
||||
assert data["rollups"]["telegram_route_finding_count"] == len(data["telegram_route_findings"])
|
||||
assert data["telegram_egress_guard"]["status"] == "pass_no_new_bypass"
|
||||
assert data["telegram_egress_guard"]["summary"]["live_direct_bot_api_call_count"] == 18
|
||||
assert data["telegram_egress_guard"]["summary"]["live_direct_bot_api_call_count"] == 5
|
||||
assert data["telegram_egress_guard"]["summary"]["new_bypass_count"] == 0
|
||||
assert data["telegram_egress_guard"]["summary"]["gitea_workflow_direct_bot_api_call_count"] == 13
|
||||
assert data["telegram_egress_guard"]["summary"]["gitea_workflow_direct_bot_api_call_count"] == 0
|
||||
assert data["telegram_egress_guard"]["summary"]["ops_script_direct_bot_api_call_count"] == 4
|
||||
assert data["telegram_egress_guard"]["summary"]["api_direct_bot_api_call_count"] == 1
|
||||
assert (
|
||||
data["telegram_egress_guard"]["summary"]["direct_bot_api_awooop_db_receipt_missing_count"]
|
||||
== 18
|
||||
== 5
|
||||
)
|
||||
assert (
|
||||
data["telegram_egress_guard"]["summary"]["direct_bot_api_ai_controlled_route_missing_count"]
|
||||
== 18
|
||||
== 5
|
||||
)
|
||||
assert (
|
||||
data["telegram_egress_guard"]["telegram_receipt_coverage"]["coverage_status"]
|
||||
@@ -72,17 +72,16 @@ def test_load_latest_ai_agent_report_truth_actionability_review():
|
||||
]
|
||||
is False
|
||||
)
|
||||
assert data["rollups"]["telegram_route_finding_count"] == 22
|
||||
assert data["rollups"]["legacy_or_direct_route_count"] == 22
|
||||
assert data["rollups"]["telegram_route_finding_count"] == 9
|
||||
assert data["rollups"]["legacy_or_direct_route_count"] == 9
|
||||
assert sum(
|
||||
1
|
||||
for route in data["telegram_route_findings"]
|
||||
if route["route_id"].startswith("telegram_direct_bot_api_")
|
||||
) == 18
|
||||
) == 5
|
||||
assert {
|
||||
item["surface_kind"] for item in data["telegram_egress_guard"]["current_direct_bot_api_calls"]
|
||||
} == {
|
||||
"gitea_workflow_direct_bot_api",
|
||||
"ops_script_direct_bot_api",
|
||||
"api_direct_bot_api",
|
||||
}
|
||||
|
||||
@@ -34,18 +34,18 @@ def test_get_ai_agent_report_truth_actionability_review_api():
|
||||
assert data["telegram_routing_consolidation"]["canonical_room_env"] == "SRE_GROUP_CHAT_ID"
|
||||
assert data["telegram_routing_consolidation"]["other_bot_or_group_alerts_allowed"] is False
|
||||
assert data["telegram_routing_consolidation"]["direct_telegram_api_send_allowed"] is False
|
||||
assert data["telegram_egress_guard"]["summary"]["live_direct_bot_api_call_count"] == 18
|
||||
assert data["telegram_egress_guard"]["summary"]["live_direct_bot_api_call_count"] == 5
|
||||
assert data["telegram_egress_guard"]["summary"]["new_bypass_count"] == 0
|
||||
assert data["telegram_egress_guard"]["summary"]["gitea_workflow_direct_bot_api_call_count"] == 13
|
||||
assert data["telegram_egress_guard"]["summary"]["gitea_workflow_direct_bot_api_call_count"] == 0
|
||||
assert data["telegram_egress_guard"]["summary"]["ops_script_direct_bot_api_call_count"] == 4
|
||||
assert data["telegram_egress_guard"]["summary"]["api_direct_bot_api_call_count"] == 1
|
||||
assert (
|
||||
data["telegram_egress_guard"]["summary"]["direct_bot_api_awooop_db_receipt_missing_count"]
|
||||
== 18
|
||||
== 5
|
||||
)
|
||||
assert (
|
||||
data["telegram_egress_guard"]["summary"]["direct_bot_api_ai_controlled_route_missing_count"]
|
||||
== 18
|
||||
== 5
|
||||
)
|
||||
assert (
|
||||
data["telegram_egress_guard"]["telegram_receipt_coverage"][
|
||||
@@ -57,6 +57,6 @@ def test_get_ai_agent_report_truth_actionability_review_api():
|
||||
data["telegram_egress_guard"]["telegram_receipt_coverage"]["all_telegram_alerts_ai_controlled"]
|
||||
is False
|
||||
)
|
||||
assert data["rollups"]["telegram_route_finding_count"] == 22
|
||||
assert data["rollups"]["legacy_or_direct_route_count"] == 22
|
||||
assert data["rollups"]["telegram_route_finding_count"] == 9
|
||||
assert data["rollups"]["legacy_or_direct_route_count"] == 9
|
||||
assert data["rollups"]["operator_action_count"] == 5
|
||||
|
||||
@@ -229,7 +229,7 @@
|
||||
},
|
||||
"credential_escrow": {
|
||||
"title": "P0-005 credential escrow",
|
||||
"description": "已收斂 non-secret evidence refs 與 reviewer acceptance readback;不寫 credential marker、不收 secret。",
|
||||
"description": "已收斂 non-secret evidence 參照 與 reviewer acceptance readback;不寫 credential marker、不收 secret。",
|
||||
"metric": "evidence {accepted}/{required}"
|
||||
},
|
||||
"gitea": {
|
||||
@@ -251,7 +251,7 @@
|
||||
"boundaries": {
|
||||
"secret": "不收機密明文、授權憑證、瀏覽器憑證或私有存取材料。",
|
||||
"production": "不直接改 production runtime、public gateway、Nginx、Docker、K8s 或 firewall。",
|
||||
"repo": "不直接建立 repo、改 visibility、sync refs、force push 或 trigger workflow;GitHub 維持 stopped / do_not_use。",
|
||||
"repo": "不直接建立 repo、改 visibility、sync 參照、force push 或 trigger workflow;GitHub 維持 stopped / do_not_use。",
|
||||
"data": "不直接做資料庫、backup、restore 或 migration 寫操作。",
|
||||
"security": "不啟動 Wazuh / Kali 主動回應流程、active scan 或 host containment。"
|
||||
},
|
||||
@@ -978,7 +978,7 @@
|
||||
},
|
||||
"sourceDossier": {
|
||||
"title": "Sentry / SigNoz 來源卷宗證據",
|
||||
"detail": "最近來源 {sources} 筆;Sentry refs {sentry}、SigNoz refs {signoz},用 provider 篩選驗證,不再被整體樣本誤判。"
|
||||
"detail": "最近來源 {sources} 筆;Sentry 參照 {sentry}、SigNoz 參照 {signoz},用 provider 篩選驗證,不再被整體樣本誤判。"
|
||||
},
|
||||
"callbackEvidence": {
|
||||
"title": "Telegram 詳情 / 歷史 DB 真相鏈",
|
||||
@@ -1212,8 +1212,8 @@
|
||||
"kmBurndown": "/api/v1/ai/governance/km-stale-owner-review-burndown"
|
||||
},
|
||||
"signal": {
|
||||
"metric": "來源 {sources} / refs {refs}",
|
||||
"detail": "missing refs {missing},duplicates {duplicates};Alert {alert} / Sentry(provider) {sentry} / SigNoz(provider) {signoz}"
|
||||
"metric": "來源 {sources} / 參照 {參照}",
|
||||
"detail": "missing 參照 {missing},duplicates {duplicates};Alert {alert} / Sentry(provider) {sentry} / SigNoz(provider) {signoz}"
|
||||
},
|
||||
"intake": {
|
||||
"metric": "Runs {runs} / linked {linked}",
|
||||
@@ -1347,47 +1347,47 @@
|
||||
"messageOk": "所有系統運作正常,無需處理。",
|
||||
"messageWarning": "{host} 狀態異常,建議檢查相關服務。",
|
||||
"liveOpsSpace": {
|
||||
"title": "Live Ops Space",
|
||||
"title": "OpenClaw 持續工作室",
|
||||
"status": {
|
||||
"loading": "Loading scene",
|
||||
"ready": "Scene connected",
|
||||
"degraded": "Waiting for readback"
|
||||
"loading": "讀取場景中",
|
||||
"ready": "場景已連線",
|
||||
"degraded": "等待讀回"
|
||||
},
|
||||
"actions": {
|
||||
"refresh": "Refresh"
|
||||
"refresh": "重新讀取"
|
||||
},
|
||||
"source": {
|
||||
"marker": "marker",
|
||||
"updated": "updated"
|
||||
"marker": "部署 marker",
|
||||
"updated": "更新"
|
||||
},
|
||||
"animation": {
|
||||
"loop": "loop",
|
||||
"on": "on",
|
||||
"off": "off"
|
||||
"loop": "動畫迴圈",
|
||||
"on": "開啟",
|
||||
"off": "關閉"
|
||||
},
|
||||
"panels": {
|
||||
"rollups": "Scene metrics",
|
||||
"boundaries": "Safety boundaries",
|
||||
"workItems": "Work items"
|
||||
"rollups": "場景指標",
|
||||
"boundaries": "安全邊界",
|
||||
"workItems": "工作項目"
|
||||
},
|
||||
"metrics": {
|
||||
"agents": "Agents",
|
||||
"workItems": "Work items",
|
||||
"animated": "Animated",
|
||||
"blocked": "Blocked"
|
||||
"agents": "Agent",
|
||||
"workItems": "工作項",
|
||||
"animated": "動畫物件",
|
||||
"blocked": "阻擋"
|
||||
},
|
||||
"boundary": {
|
||||
"closed": "closed",
|
||||
"open": "open"
|
||||
"closed": "關閉",
|
||||
"open": "開啟"
|
||||
},
|
||||
"states": {
|
||||
"working": "working",
|
||||
"verified": "verified",
|
||||
"blocked": "blocked",
|
||||
"waiting": "waiting",
|
||||
"idle": "idle"
|
||||
"working": "工作中",
|
||||
"verified": "已驗證",
|
||||
"blocked": "阻擋",
|
||||
"waiting": "等待",
|
||||
"idle": "待命"
|
||||
},
|
||||
"empty": "Scene state is not available yet."
|
||||
"empty": "尚未取得場景狀態。"
|
||||
}
|
||||
},
|
||||
"ai": {
|
||||
@@ -2078,7 +2078,7 @@
|
||||
"openNavigation": "開啟導航選單",
|
||||
"closeNavigation": "關閉導航選單",
|
||||
"iwooos": "IwoooS",
|
||||
"iwooosSecurityCompliance": "IwoooS Security Compliance"
|
||||
"iwooosSecurityCompliance": "IwoooS 安全合規"
|
||||
},
|
||||
"settings": {
|
||||
"title": "系統設定",
|
||||
@@ -3013,11 +3013,11 @@
|
||||
"repairLock": "冪等鎖",
|
||||
"riskMediumDesc": "操作不可即時撤銷,但有備份保護",
|
||||
"confirmExec": "長按 5 秒確認授權執行",
|
||||
"rejectApproval": "Reject authorization - route to AI controlled completion",
|
||||
"rejectApproval": "拒絕授權 — 轉 AI 受控補齊",
|
||||
"approvalGranted": "授權已核准",
|
||||
"approvalGrantedDesc": "NemoTron 正在執行 ansible-playbook...",
|
||||
"approvalRejected": "授權已拒絕",
|
||||
"approvalRejectedDesc": "Routed into the AI controlled completion flow",
|
||||
"approvalRejectedDesc": "已轉入 AI 受控補齊流程",
|
||||
"noHistory": "尚無修復紀錄",
|
||||
"noActiveAlerts": "目前無活躍告警",
|
||||
"noPlaybooks": "尚無 Playbook 紀錄",
|
||||
@@ -3391,7 +3391,7 @@
|
||||
"ready_for_reverify": "可重驗",
|
||||
"needs_target_mapping": "待補目標",
|
||||
"needs_playbook_ticket": "待建 Ticket",
|
||||
"manual_review": "Controlled review",
|
||||
"manual_review": "受控檢查",
|
||||
"unknown": "待分類"
|
||||
},
|
||||
"remediationAction": {
|
||||
@@ -3404,12 +3404,12 @@
|
||||
}
|
||||
},
|
||||
"legacyHitl": {
|
||||
"title": "Legacy HITL Evidence Queue",
|
||||
"subtitle": "These rows come from approval_records and are not AwoooP run approvals; keep them as historical evidence and route follow-up into AI controlled work items.",
|
||||
"title": "Legacy HITL 歷史證據佇列",
|
||||
"subtitle": "這批來自 批准_records,不屬於 AwoooP run 批准;以歷史證據保留,後續導回 AI 受控工作項。",
|
||||
"openAuthorizations": "開啟授權中心",
|
||||
"loadFailed": "Legacy HITL backlog 載入失敗:{error}",
|
||||
"tableLabel": "Legacy HITL Evidence Queue",
|
||||
"moreRows": "Only the latest 8 rows are shown; track the remaining {count} in the authorization center.",
|
||||
"tableLabel": "Legacy HITL 歷史證據佇列",
|
||||
"moreRows": "只顯示最新 8 筆,其餘 {count} 筆請到授權中心追蹤。",
|
||||
"noTelegram": "no TG",
|
||||
"telegramRef": "TG #{id}",
|
||||
"summary": {
|
||||
@@ -3855,7 +3855,7 @@
|
||||
"cockpit": {
|
||||
"liveLabel": "LIVE PRODUCTION",
|
||||
"title": "AI Agent Cockpit",
|
||||
"subtitle": "Production readback for the active control layer, closed loop, receipts, and hard boundaries.",
|
||||
"subtitle": "用 production readback 呈現控制層、閉環、收據與硬邊界。",
|
||||
"production": "Production",
|
||||
"dbOk": "DB readback OK",
|
||||
"dbReview": "DB readback review",
|
||||
@@ -3878,8 +3878,8 @@
|
||||
"riskTitle": "Controlled risk lanes",
|
||||
"on": "ON",
|
||||
"off": "OFF",
|
||||
"ownerRequired": "Controlled evidence review required",
|
||||
"ownerNotRequired": "Controlled evidence review cleared",
|
||||
"ownerRequired": "受控證據複核需要補齊",
|
||||
"ownerNotRequired": "受控證據複核已免除",
|
||||
"criticalBreakGlass": "critical break-glass",
|
||||
"criticalReview": "critical review"
|
||||
},
|
||||
@@ -3898,7 +3898,7 @@
|
||||
"executorDetail": "post verifier {verifier} · KM {km} · Telegram {telegram}",
|
||||
"loop": "latest flow closed",
|
||||
"loopDetail": "MCP {mcp} · RAG {rag} · PlayBook {playbook}",
|
||||
"ledger": "operation-id loop ledger",
|
||||
"ledger": "operation-id 閉環總帳",
|
||||
"ledgerDetail": "{state} · stages {stages} · missing {missing}",
|
||||
"stageLedger": "candidate → check-mode → apply → verifier → KM → Telegram"
|
||||
},
|
||||
@@ -6016,13 +6016,13 @@
|
||||
"legacyRoutesDetail": "direct send / legacy chat / multi bot 必須收斂",
|
||||
"ttl": "TTL: {value}",
|
||||
"requiredAssets": "必填資產 {count} 項",
|
||||
"guardCalls": "Direct scan {count}",
|
||||
"newBypass": "New bypass {count}",
|
||||
"dbReceiptMissing": "DB receipt gap {count}",
|
||||
"aiRouteMissing": "AI route gap {count}",
|
||||
"workflowDirect": "workflow direct {count}",
|
||||
"opsDirect": "ops direct {count}",
|
||||
"apiDirect": "API direct {count}"
|
||||
"guardCalls": "直送掃描 {count} 條",
|
||||
"newBypass": "新增旁路 {count}",
|
||||
"dbReceiptMissing": "DB receipt 缺口 {count}",
|
||||
"aiRouteMissing": "AI route 缺口 {count}",
|
||||
"workflowDirect": "workflow 直送 {count}",
|
||||
"opsDirect": "ops 直送 {count}",
|
||||
"apiDirect": "API 直送 {count}"
|
||||
}
|
||||
},
|
||||
"reportAutomationReview": {
|
||||
@@ -9081,35 +9081,35 @@
|
||||
"blocked": "阻塞"
|
||||
},
|
||||
"aiLoopLogSources": {
|
||||
"eyebrow": "P0 visual state",
|
||||
"title": "Current blocker and repair intake",
|
||||
"subtitle": "Shows the blocker, blocker diagnosis, and receipt contract first; technical fields are collapsed so the workbench does not read like a long text list.",
|
||||
"loading": "Loading LOG source labels",
|
||||
"empty": "No LOG source labels read back yet.",
|
||||
"blocker": "Current blocker: {value}",
|
||||
"boundary": "Metadata-only labels; no raw log read, no secret display, no writeback, and no runtime apply from this panel.",
|
||||
"details": "Expand technical fields",
|
||||
"eyebrow": "P0 視覺狀態",
|
||||
"title": "目前卡點與修復收件",
|
||||
"subtitle": "先顯示目前真正卡住的 blocker、阻塞診斷與收件契約;技術欄位收在展開區,避免把工作台變成長文字清單。",
|
||||
"loading": "讀取 LOG 來源貼標中",
|
||||
"empty": "尚未讀回 LOG 來源貼標。",
|
||||
"blocker": "Current blocker:{value}",
|
||||
"boundary": "只顯示 metadata-only 標籤;不讀 raw log、不顯示 secret、不觸發寫入或 runtime apply。",
|
||||
"details": "展開技術欄位",
|
||||
"visual": {
|
||||
"blocker": "Current blocker",
|
||||
"diagnosis": "Blocker diagnosis",
|
||||
"receipt": "Receipt contract",
|
||||
"blocker": "目前卡點",
|
||||
"diagnosis": "阻塞診斷",
|
||||
"receipt": "收件契約",
|
||||
"receiptValue": "{inputs} inputs / {outputs} outputs",
|
||||
"currentCd": "Latest CD run",
|
||||
"currentCd": "最新 CD run",
|
||||
"currentCdValue": "#{run} · {status}",
|
||||
"currentCdDetail": "closure: {state}",
|
||||
"resolvedByProductionReadback": "Closed by production readback",
|
||||
"noActionRequired": "Do not reopen this queue"
|
||||
"currentCdDetail": "closure:{state}",
|
||||
"resolvedByProductionReadback": "已由 production readback 關閉",
|
||||
"noActionRequired": "不需重開此 queue"
|
||||
},
|
||||
"rootCause": {
|
||||
"sessionTimeout": "Key accepted, session timeout",
|
||||
"sessionTimeout": "Key accepted,session timeout",
|
||||
"offerTimeout": "Publickey offer timeout",
|
||||
"controlledCdLaneGuardrails": "SSH control path and Harbor v2 are readable; controlled CD lane guardrails are still blocked.",
|
||||
"productionReadbackResolved": "Latest production readback verified this queue item; it is no longer the current blocker.",
|
||||
"unknown": "Waiting for queue diagnosis"
|
||||
"controlledCdLaneGuardrails": "SSH 控制通道與 Harbor v2 已可讀;目前卡在 controlled CD lane guardrails。",
|
||||
"productionReadbackResolved": "最新 production readback 已驗證此 queue item,不再當作目前卡點。",
|
||||
"unknown": "等待 queue 診斷"
|
||||
},
|
||||
"phases": {
|
||||
"ssh": {
|
||||
"label": "SSH control path",
|
||||
"label": "SSH 控制通道",
|
||||
"value": "ready"
|
||||
},
|
||||
"harbor": {
|
||||
@@ -9124,12 +9124,12 @@
|
||||
},
|
||||
"liveMetrics": {
|
||||
"enforcer": "110 enforcer",
|
||||
"ready": "metric fresh",
|
||||
"missing": "metric missing",
|
||||
"ready": "metric 已更新",
|
||||
"missing": "metric 未讀回",
|
||||
"enforcerDetail": "apply={apply} · metadata-only={metadata}",
|
||||
"drainGuard": "Drain guard",
|
||||
"drainGuardValue": "active={active} / staging={staging}",
|
||||
"blockers": "blockers={count}",
|
||||
"blockers": "阻塞項={count}",
|
||||
"jobs": "Jobs / lane",
|
||||
"jobsValue": "jobs={jobs} / lane={lane}",
|
||||
"restoreSources": "restore sources={count}",
|
||||
@@ -9139,56 +9139,56 @@
|
||||
},
|
||||
"metrics": {
|
||||
"tags": "Tags",
|
||||
"groups": "Groups",
|
||||
"groups": "分群鍵",
|
||||
"contract": "Contract",
|
||||
"queue": "Queue fields"
|
||||
},
|
||||
"queueFields": "Queue normalizer fields",
|
||||
"safeNextAction": "Next AI action",
|
||||
"safeNextStage": "Stage: {stage} · local console: {local}",
|
||||
"safeNextCommand": "Command: {command}",
|
||||
"safeNextAction": "下一步 AI action",
|
||||
"safeNextStage": "Stage:{stage} · local console:{local}",
|
||||
"safeNextCommand": "Command:{command}",
|
||||
"receipt": {
|
||||
"inputs": "Receipt inputs",
|
||||
"outputs": "Receipt outputs"
|
||||
},
|
||||
"tagLabels": {
|
||||
"projectId": "Project",
|
||||
"product": "Product",
|
||||
"siteOrRoute": "Site / route",
|
||||
"service": "Service",
|
||||
"package": "Package",
|
||||
"tool": "Tool",
|
||||
"sourceSystem": "Source system",
|
||||
"projectId": "專案",
|
||||
"product": "產品",
|
||||
"siteOrRoute": "網站 / 路由",
|
||||
"service": "服務",
|
||||
"package": "套件",
|
||||
"tool": "工具",
|
||||
"sourceSystem": "來源系統",
|
||||
"runtimeComponent": "Runtime",
|
||||
"signalLane": "Signal lane",
|
||||
"evidenceBoundary": "Evidence boundary"
|
||||
"signalLane": "訊號 Lane",
|
||||
"evidenceBoundary": "證據邊界"
|
||||
}
|
||||
},
|
||||
"commanderInsertedRequirements": {
|
||||
"eyebrow": "Mainline priority",
|
||||
"title": "Commander inserted requirement work items",
|
||||
"subtitle": "Turns the requirements inserted during this run into ordered work items with P0/P1/P2/P3 priority, status, acceptance criteria, and next action.",
|
||||
"total": "Total work items",
|
||||
"next": "Current priority",
|
||||
"nextAction": "Next action",
|
||||
"acceptance": "Acceptance",
|
||||
"rowNextAction": "Next action",
|
||||
"spotlight": "Mainline spotlight",
|
||||
"spotlightSubtitle": "Surfaces the current P0, OpenClaw Live Ops, and non-text-wall UX directly instead of burying them in the long ledger.",
|
||||
"fullLedger": "Full ledger: {count} items",
|
||||
"loading": "Loading inserted requirement work items",
|
||||
"empty": "No inserted requirement work items read back yet.",
|
||||
"eyebrow": "主線優先序",
|
||||
"title": "統帥插入需求工作項",
|
||||
"subtitle": "把本輪中途插入的要求收成正式工作項,依 P0/P1/P2/P3 排序,並顯示狀態、驗收條件與下一步。",
|
||||
"total": "總工作項",
|
||||
"next": "目前優先項",
|
||||
"nextAction": "下一步",
|
||||
"acceptance": "驗收條件",
|
||||
"rowNextAction": "下一步",
|
||||
"spotlight": "主線焦點",
|
||||
"spotlightSubtitle": "直接露出目前 P0、OpenClaw Live Ops 與非文字牆 UX,避免工作項藏在長清單裡。",
|
||||
"fullLedger": "完整總帳 {count} 項",
|
||||
"loading": "讀取插入需求工作項",
|
||||
"empty": "尚未讀回插入需求工作項。",
|
||||
"order": "order={order}",
|
||||
"source": "source={source}",
|
||||
"metrics": {
|
||||
"active": "active"
|
||||
},
|
||||
"statuses": {
|
||||
"done": "Done",
|
||||
"inProgress": "In progress",
|
||||
"pending": "Not started",
|
||||
"blocked": "Blocked",
|
||||
"deferred": "Deferred"
|
||||
"done": "已完成",
|
||||
"inProgress": "進行中",
|
||||
"pending": "未開始",
|
||||
"blocked": "阻塞",
|
||||
"deferred": "延後"
|
||||
}
|
||||
},
|
||||
"operatorSop": {
|
||||
@@ -9214,7 +9214,7 @@
|
||||
},
|
||||
"inProgress": {
|
||||
"title": "自動化資產正在補齊,仍需追蹤候選品質",
|
||||
"detail": "優先確認候選是否有證據 refs、安全路由、回滾計畫與修復後驗證。"
|
||||
"detail": "優先確認候選是否有證據 參照、安全路由、回滾計畫與修復後驗證。"
|
||||
},
|
||||
"watching": {
|
||||
"title": "目前沒有明顯 AI 受控卡點,持續觀察資料新鮮度",
|
||||
@@ -9525,7 +9525,7 @@
|
||||
}
|
||||
},
|
||||
"gates": {
|
||||
"sourceDossier": "入站告警必須能查到 received / incident_linked / 來源 refs",
|
||||
"sourceDossier": "入站告警必須能查到 received / incident_linked / 來源 參照",
|
||||
"autoRepair": "必須同時有 auto_repair、verification_result=success與KM 回寫",
|
||||
"recurrenceWorkItems": "Run 完成無修復、修復失敗與 AI 受控佇列必須進入可追蹤工作項",
|
||||
"aiRouteRepairWorkItem": "Provider lane 降級時必須顯示 evidence、owner、PlayBook候選與是否可自動修復",
|
||||
@@ -9632,7 +9632,7 @@
|
||||
"githubPrimaryReadiness": "候選專案庫={candidates};範圍內={inScope};主要來源就緒={ready}",
|
||||
"githubPrimaryOwnerResponses": "負責人回覆仍為 0/22;請求可送出不等於已接受",
|
||||
"githubPrimaryWorkflowNames": "工作流程 / 機密名稱清冊完成=0/7;只收名稱不收機密明文值",
|
||||
"githubPrimaryBoundary": "未核准建立專案庫、同步 refs、切換 GitHub primary 或停用 Gitea。",
|
||||
"githubPrimaryBoundary": "未核准建立專案庫、同步 參照、切換 GitHub primary 或停用 Gitea。",
|
||||
"ownerResponseValidation": "回覆包={packets};範本={templates};已收到={received};已接受={accepted};已拒收={rejected}",
|
||||
"ownerResponseValidationChecks": "跨包驗收={crossPacket};證據路由={routing};顯示區塊={sections}",
|
||||
"ownerResponseValidationBoundary": "不建立審批紀錄、不切主要來源、不開執行期閘門"
|
||||
@@ -10243,7 +10243,7 @@
|
||||
},
|
||||
"fields": {
|
||||
"target_selector": "Target selector",
|
||||
"mcp_evidence_refs": "MCP 證據",
|
||||
"mcp_evidence_參照": "MCP 證據",
|
||||
"route_id": "Route",
|
||||
"repair_command_template": "修復模板",
|
||||
"rollback_command_template": "Rollback",
|
||||
@@ -10297,7 +10297,7 @@
|
||||
"required": {
|
||||
"alertname": "告警名稱與觸發條件,避免把不同服務的症狀混用。",
|
||||
"target_selector": "命名空間、Pod、Deployment、host 或服務選擇器。",
|
||||
"mcp_evidence_refs": "MCP / Sentry / SigNoz / K8s / log 證據參照。",
|
||||
"mcp_evidence_參照": "MCP / Sentry / SigNoz / K8s / log 證據參照。",
|
||||
"repair_command": "受控修復命令或 Ansible playbook,不能是純診斷命令。",
|
||||
"rollback_command": "修復失敗時的回滾或安全停止方案。",
|
||||
"verifier_plan": "修復後如何驗證成功、失敗與是否要升級 AI 補齊或 break-glass。",
|
||||
@@ -10380,10 +10380,10 @@
|
||||
"matchedIncident": "配對目標:{incident}",
|
||||
"stage": "階段:{stage}",
|
||||
"sourceEvent": "來源事件:{event}",
|
||||
"sourceRefs": "來源 refs:{refs}(Sentry {sentry} / SignOz {signoz})",
|
||||
"sourceRefs": "來源 參照:{參照}(Sentry {sentry} / SignOz {signoz})",
|
||||
"sourceFlow": {
|
||||
"label": "來源流程:{status}",
|
||||
"detail": "參照={refs};Sentry={sentry};SigNoz={signoz};事件={event}",
|
||||
"detail": "參照={參照};Sentry={sentry};SigNoz={signoz};事件={event}",
|
||||
"statuses": {
|
||||
"applied": "已套用",
|
||||
"reviewed": "覆核已記錄",
|
||||
@@ -10633,15 +10633,15 @@
|
||||
"refs": "關聯索引",
|
||||
"missingRefs": "缺關聯",
|
||||
"duplicates": "重複事件",
|
||||
"sentry": "Sentry refs",
|
||||
"signoz": "SignOz refs"
|
||||
"sentry": "Sentry 參照",
|
||||
"signoz": "SignOz 參照"
|
||||
},
|
||||
"details": {
|
||||
"latest": "最新 {time}",
|
||||
"withRefs": "{count} 筆含 來源 refs",
|
||||
"withRefs": "{count} 筆含 來源 參照",
|
||||
"missingEnvelope": "{count} 筆缺 來源 envelope",
|
||||
"redacted": "{count} 筆已 redacted",
|
||||
"alertRefs": "{count} 個 alert refs",
|
||||
"alertRefs": "{count} 個 alert 參照",
|
||||
"limit": "最近 {count} 筆視窗"
|
||||
},
|
||||
"provider": {
|
||||
@@ -10770,8 +10770,8 @@
|
||||
"error": "Callback evidence 載入失敗:{error}",
|
||||
"summary": {
|
||||
"outbound": "出站鏡像",
|
||||
"outboundDetail": "來源_refs {sourceRefs};trace refs {traceRefs};incident refs {incidentRefs};覆蓋 {coverage}",
|
||||
"outboundReplyMarkupDetail": "reply_markup {replyMarkup};缺 trace refs {missingTraceRefs};缺 incident refs {missingIncidentRefs}",
|
||||
"outboundDetail": "來源_參照 {sourceRefs};trace 參照 {traceRefs};incident 參照 {incidentRefs};覆蓋 {coverage}",
|
||||
"outboundReplyMarkupDetail": "reply_markup {replyMarkup};缺 trace 參照 {missingTraceRefs};缺 incident 參照 {missingIncidentRefs}",
|
||||
"outboundReplyMarkupTraceFreshness": "缺 trace 活躍度:1h {recent1h} / 24h {recent24h} / 最新 {latest}",
|
||||
"outboundReplyMarkupTraceDecision": "缺 trace 判讀:{status};下一步:{action}",
|
||||
"outboundReplyMarkupTraceRecovery": "缺 trace 復原訊號:{status};gap 後 traced {count};首筆 {first};最新 {latest}",
|
||||
@@ -10806,7 +10806,7 @@
|
||||
},
|
||||
"traceGapNextActions": {
|
||||
"none": "不需補動作",
|
||||
"inspect_recent_outbound_source_refs": "檢查近 1 小時 outbound 來源_refs",
|
||||
"inspect_recent_outbound_source_參照": "檢查近 1 小時 outbound 來源_參照",
|
||||
"watch_24h_decay": "觀察 24 小時窗口自然歸零",
|
||||
"backfill_or_archive_legacy_callbacks": "歸檔或回補舊 callback 缺口",
|
||||
"observed": "等待下一次 outbound evidence"
|
||||
@@ -10833,7 +10833,7 @@
|
||||
"press_telegram_detail_or_history": "按一次 Telegram 詳情 / 歷史產生 callback evidence",
|
||||
"press_telegram_detail_or_history_after_rollout": "重新按 Telegram 詳情 / 歷史補新版 snapshot",
|
||||
"review_legacy_callback_snapshot_gap": "新版已捕捉;舊 callback 缺 snapshot不需重複按",
|
||||
"review_outbound_source_refs": "檢查 outbound 來源_refs 缺口",
|
||||
"review_outbound_source_參照": "檢查 outbound 來源_參照 缺口",
|
||||
"observed": "等待下一次 callback evidence"
|
||||
}
|
||||
},
|
||||
@@ -11157,7 +11157,7 @@
|
||||
"incidentRef": "Incident 參照",
|
||||
"routeId": "受控路由",
|
||||
"dryRunEvidence": "乾跑證據",
|
||||
"mcpEvidenceRefs": "MCP 證據 refs",
|
||||
"mcpEvidenceRefs": "MCP 證據 參照",
|
||||
"ownerApprovalReceipt": "Owner 放行回執",
|
||||
"maintenanceWindow": "維護窗口",
|
||||
"rollbackOwner": "Rollback Owner",
|
||||
@@ -11484,11 +11484,11 @@
|
||||
"unknown": "待負責人補證"
|
||||
},
|
||||
"sourceActions": {
|
||||
"refsParity": "先取得分支 / 標籤參照一致性、部署真相來源與 rollback owner 的脫敏證據;未接受前不得同步 refs 或切主來源。",
|
||||
"refsParity": "先取得分支 / 標籤參照一致性、部署真相來源與 rollback owner 的脫敏證據;未接受前不得同步 參照 或切主來源。",
|
||||
"targetDecision": "先取得 GitHub 目標、可見性、標準負責人與後續 owner 的脫敏回覆;未接受前不得建立專案庫或改可見性。",
|
||||
"internalRemoteDecision": "先確認內部 remote 用途、維運 owner、移除或保留理由與 rollback 方式;未接受前不得改 remote、workflow 或 secret。",
|
||||
"scopeReview": "先確認是否納入 IwoooS 管控範圍;未接受前只保留觀測,不升級為主來源候選。",
|
||||
"unknown": "先補 owner role / team、decision、decision reason、affected scope 與 redacted evidence refs。"
|
||||
"unknown": "先補 owner role / team、decision、decision reason、affected scope 與 redacted evidence 參照。"
|
||||
}
|
||||
},
|
||||
"securityTenantScopeCandidate": {
|
||||
@@ -11560,7 +11560,7 @@
|
||||
"sourceScopeWaiting": "租戶原始碼範圍仍等待正式負責人回覆。",
|
||||
"ownerResponseWaiting": "專案庫負責人回覆尚未接受;此欄位只作 evidence,不阻擋低 / 中 / 高風險 controlled apply。",
|
||||
"repoCreationLocked": "未取得正式決策前,不建立 GitHub 專案庫或修改可見性。",
|
||||
"refsMutationLocked": "未取得分支 / 標籤真相證據前,不同步或修改 refs。",
|
||||
"refsMutationLocked": "未取得分支 / 標籤真相證據前,不同步或修改 參照。",
|
||||
"githubPrimaryLocked": "GitHub primary 尚未核准切換。",
|
||||
"giteaDisableLocked": "Gitea 不得停用,仍是目前 CI/CD 來源。",
|
||||
"tenantPolicyLocked": "租戶政策與遷移模式不得因就緒度顯示而改變。",
|
||||
@@ -11630,17 +11630,17 @@
|
||||
}
|
||||
},
|
||||
"autonomousRuntime": {
|
||||
"title": "AI Controlled Execution Loop",
|
||||
"refresh": "Refresh",
|
||||
"completion": "{percent}% complete",
|
||||
"completionLoading": "Completion reading",
|
||||
"title": "AI 受控執行閉環",
|
||||
"refresh": "重新整理",
|
||||
"completion": "完成 {percent}%",
|
||||
"completionLoading": "完成度讀取中",
|
||||
"detail": "Incident {incident} / op {op} / {catalog}",
|
||||
"states": {
|
||||
"loading": "Reading production readback",
|
||||
"closed": "Loop closed",
|
||||
"open": "Loop open",
|
||||
"degraded": "Read degraded",
|
||||
"unavailable": "Read failed"
|
||||
"loading": "讀取正式 readback",
|
||||
"closed": "閉環完成",
|
||||
"open": "閉環中",
|
||||
"degraded": "讀取降級",
|
||||
"unavailable": "讀取失敗"
|
||||
},
|
||||
"metrics": {
|
||||
"loop": "Loop",
|
||||
@@ -11658,18 +11658,18 @@
|
||||
"telegram": "Telegram"
|
||||
},
|
||||
"proof": {
|
||||
"deploy": "Production deploy",
|
||||
"deployDetail": "CD / readback: {status}",
|
||||
"deploy": "正式部署",
|
||||
"deployDetail": "CD / readback:{status}",
|
||||
"runtime": "Runtime DB",
|
||||
"runtimeDetail": "marker: {marker}",
|
||||
"workItems": "Work complete",
|
||||
"workItemsDetail": "{percent}% complete",
|
||||
"sources": "Log sources",
|
||||
"sourcesDetail": "Project, product, site, service, package, and tool",
|
||||
"events": "Classified events",
|
||||
"eventsDetail": "24h {recent}",
|
||||
"consumer": "Consumer writeback",
|
||||
"consumerDetail": "{targets} targets ready",
|
||||
"runtimeDetail": "marker:{marker}",
|
||||
"workItems": "工作完成",
|
||||
"workItemsDetail": "完成度 {percent}%",
|
||||
"sources": "Log 來源",
|
||||
"sourcesDetail": "專案 / 產品 / 網站 / 服務 / 套件 / 工具",
|
||||
"events": "分類事件",
|
||||
"eventsDetail": "近 24h {recent}",
|
||||
"consumer": "Consumer 回寫",
|
||||
"consumerDetail": "{targets} 個 target ready",
|
||||
"ok": "ok",
|
||||
"degraded": "degraded"
|
||||
},
|
||||
@@ -11685,7 +11685,7 @@
|
||||
"contextWrites": "Context receipts",
|
||||
"contextWritesDetail": "target writeback receipts",
|
||||
"blockers": "Active blockers",
|
||||
"noBlockers": "No active blocker",
|
||||
"noBlockers": "無 active blocker",
|
||||
"targetDetail": "context writes / bindings",
|
||||
"targetsMap": {
|
||||
"km": "KM",
|
||||
@@ -11696,22 +11696,22 @@
|
||||
"aiAgent": "AI Agent"
|
||||
}
|
||||
},
|
||||
"recent": "24h {count}",
|
||||
"missing": "{count} missing",
|
||||
"recent": "近 24h {count}",
|
||||
"missing": "缺 {count} 節點",
|
||||
"closedDetail": "required stages ok",
|
||||
"traceCaption": "{count} stages / {missing} missing",
|
||||
"traceCaption": "{count} 節點 / 缺 {missing}",
|
||||
"taxonomy": {
|
||||
"sources": "Log sources",
|
||||
"products": "Product scopes",
|
||||
"labels": "Label dimensions",
|
||||
"events": "Classified events",
|
||||
"learning": "Learning sources",
|
||||
"workItems": "Work items",
|
||||
"productsDetail": "adapter active {active} / missing dimensions {missing}",
|
||||
"workItemsDetail": "Active {active} / pending {pending} / blocked {blocked}"
|
||||
"sources": "Log 來源",
|
||||
"products": "產品範圍",
|
||||
"labels": "貼標維度",
|
||||
"events": "分類事件",
|
||||
"learning": "學習來源",
|
||||
"workItems": "工作項目",
|
||||
"productsDetail": "adapter active {active} / 缺維度 {missing}",
|
||||
"workItemsDetail": "進行 {active} / 待辦 {pending} / 阻塞 {blocked}"
|
||||
},
|
||||
"policy": {
|
||||
"label": "Controlled risk tiers",
|
||||
"label": "受控風險層",
|
||||
"critical": "Critical",
|
||||
"breakGlass": "break-glass"
|
||||
},
|
||||
@@ -11720,35 +11720,35 @@
|
||||
"medium": "medium",
|
||||
"high": "high"
|
||||
},
|
||||
"nextAction": "Next action",
|
||||
"nextAction": "下一步",
|
||||
"workBoard": {
|
||||
"title": "Priority Work Board",
|
||||
"subtitle": "{ordered} mainline items; {sources} log source families.",
|
||||
"completedOfTotal": "{completed}/{total} completed",
|
||||
"sourceCoverage": "Source coverage",
|
||||
"sourceCoverageDetail": "Project, product, site, service, package, and tool logs are classified and labeled.",
|
||||
"empty": "No work items match this filter.",
|
||||
"title": "優先工作板",
|
||||
"subtitle": "主線 {ordered} 項;Log 來源 {sources} 組。",
|
||||
"completedOfTotal": "完成 {completed}/{total}",
|
||||
"sourceCoverage": "來源覆蓋",
|
||||
"sourceCoverageDetail": "專案 / 產品 / 網站 / 服務 / 套件 / 工具 Log 已分類貼標。",
|
||||
"empty": "此篩選目前沒有工作項。",
|
||||
"filters": {
|
||||
"all": "All",
|
||||
"completed": "Completed",
|
||||
"active": "Active",
|
||||
"pending": "Pending",
|
||||
"blocked": "Blocked"
|
||||
"all": "全部",
|
||||
"completed": "已完成",
|
||||
"active": "進行中",
|
||||
"pending": "待推進",
|
||||
"blocked": "阻塞"
|
||||
},
|
||||
"statuses": {
|
||||
"completed": "Completed",
|
||||
"in_progress": "In progress",
|
||||
"pending": "Pending",
|
||||
"blocked": "Blocked",
|
||||
"not_started": "Not started",
|
||||
"unknown": "Unknown"
|
||||
"completed": "已完成",
|
||||
"in_progress": "進行中",
|
||||
"pending": "待推進",
|
||||
"blocked": "阻塞",
|
||||
"not_started": "未開始",
|
||||
"unknown": "未知"
|
||||
}
|
||||
}
|
||||
},
|
||||
"alerts": {
|
||||
"aiLoop": {
|
||||
"title": "Alert AI Loop",
|
||||
"subtitle": "Alert signals are aligned to LOG / KM / RAG / MCP / PlayBook / Verifier runtime receipts.",
|
||||
"title": "告警 AI Loop",
|
||||
"subtitle": "告警訊號直接對齊 LOG / KM / RAG / MCP / PlayBook / Verifier 的 runtime receipt。",
|
||||
"badge": "controlled automation",
|
||||
"runs": "Runs",
|
||||
"workItems": "Work Items",
|
||||
@@ -12079,32 +12079,32 @@
|
||||
"expiredDetail": "改排 AI retry / rollback / verifier,不預設人工結案"
|
||||
},
|
||||
"logAutomation": {
|
||||
"eyebrow": "LOG / KM / RAG / MCP / PlayBook Mainline",
|
||||
"title": "AI Automation Writeback And Executor Queue",
|
||||
"subtitle": "Reads the production executor readback directly and connects service log labels, feedback receipts, post-write verifier, controlled plan, and AI Agent next action queue into one trackable mainline.",
|
||||
"refresh": "Refresh mainline",
|
||||
"loadFailed": "AI automation mainline readback failed to load",
|
||||
"emptyBatches": "No executor batches returned yet",
|
||||
"boundary": "This panel shows the low / medium / high metadata writeback queue available to AI controlled apply. Runtime dispatch truth still comes from production readback; critical remains break-glass.",
|
||||
"errorDetail": "AI automation mainline read failed: {error}",
|
||||
"eyebrow": "LOG / KM / RAG / MCP / PlayBook 主線",
|
||||
"title": "AI 自動化回寫與執行器隊列",
|
||||
"subtitle": "直接讀取正式 API 的 executor readback,把服務日誌貼標、feedback receipt、post-write verifier、controlled plan 與 AI Agent next action queue 串成同一條可追蹤主線。",
|
||||
"refresh": "刷新主線",
|
||||
"loadFailed": "AI 自動化主線 readback 載入失敗",
|
||||
"emptyBatches": "尚未取得 executor batch",
|
||||
"boundary": "此面板顯示 AI controlled apply 已具備的低 / 中 / 高風險 metadata writeback 隊列;runtime dispatch 是否已執行仍以正式 readback 為準,critical 維持 break-glass。",
|
||||
"errorDetail": "AI 自動化主線讀取失敗:{error}",
|
||||
"status": {
|
||||
"loading": "Loading mainline",
|
||||
"loading": "讀取主線",
|
||||
"ready": "executor ready",
|
||||
"waiting": "waiting readback",
|
||||
"waiting": "等待 readback",
|
||||
"error": "readback failed"
|
||||
},
|
||||
"metrics": {
|
||||
"plans": "Writeback plans",
|
||||
"plansDetail": "Verified KM / RAG / MCP / PlayBook / Agent plans.",
|
||||
"batches": "Executor batches",
|
||||
"batchesDetail": "ready / total batches consumable by AI Agent controlled apply.",
|
||||
"selectors": "Target selectors",
|
||||
"selectorsDetail": "Every writeback binds project, service, package, and tool.",
|
||||
"verifiers": "Post-apply verifiers",
|
||||
"verifiersDetail": "Every target batch must carry a verifier ref."
|
||||
"plans": "回寫計畫",
|
||||
"plansDetail": "已驗證的 KM / RAG / MCP / PlayBook / Agent plan。",
|
||||
"batches": "Executor 批次",
|
||||
"batchesDetail": "ready / total,供 AI Agent controlled apply 消費。",
|
||||
"selectors": "目標 selector",
|
||||
"selectorsDetail": "每筆回寫都要綁 project、service、package、tool。",
|
||||
"verifiers": "Post-apply verifier",
|
||||
"verifiersDetail": "每個 target batch 都必須有 verifier ref。"
|
||||
},
|
||||
"stages": {
|
||||
"logs": "LOG labels",
|
||||
"logs": "LOG 貼標",
|
||||
"receipts": "Feedback receipts",
|
||||
"verifier": "Post-write verifier",
|
||||
"plan": "Controlled plan",
|
||||
@@ -12120,20 +12120,20 @@
|
||||
"unknown": "Unknown"
|
||||
},
|
||||
"policy": {
|
||||
"controlledApply": "L/M/H controlled apply",
|
||||
"ownerReview": "L/M/H controlled review",
|
||||
"controlledApply": "低中高風險 controlled apply",
|
||||
"ownerReview": "低中高受控審查",
|
||||
"critical": "Critical",
|
||||
"runtime": "Runtime dispatch",
|
||||
"queue": "Next action queue",
|
||||
"evidence": "Evidence chain"
|
||||
},
|
||||
"values": {
|
||||
"on": "on",
|
||||
"off": "off",
|
||||
"required": "required",
|
||||
"notRequired": "not required",
|
||||
"performed": "performed",
|
||||
"notPerformed": "not performed"
|
||||
"on": "開啟",
|
||||
"off": "關閉",
|
||||
"required": "必要",
|
||||
"notRequired": "不必要",
|
||||
"performed": "已執行",
|
||||
"notPerformed": "未執行"
|
||||
}
|
||||
},
|
||||
"decisionRail": {
|
||||
@@ -12167,8 +12167,8 @@
|
||||
"detail": "需要 AI 補齊、retry、rollback 或 break-glass 的審批"
|
||||
},
|
||||
"handoff": {
|
||||
"title": "Action Packages",
|
||||
"detail": "Gate 5 projections, historical evidence, and AI work item backfill"
|
||||
"title": "處置包",
|
||||
"detail": "Gate 5、歷史證據與 AI 工作項補齊"
|
||||
},
|
||||
"verifier": {
|
||||
"title": "驗證",
|
||||
@@ -12181,7 +12181,7 @@
|
||||
"detail": "找出 learning_recorded、execution_failed、AI retry / rollback 或逾時的審批。",
|
||||
"cta": "查看卡點",
|
||||
"meta": {
|
||||
"controlledAction": "AI action package",
|
||||
"controlledAction": "AI 處置包",
|
||||
"executionFailed": "執行失敗 / 降級",
|
||||
"learningRecorded": "卡在學習紀錄"
|
||||
}
|
||||
@@ -12203,7 +12203,7 @@
|
||||
"meta": {
|
||||
"gate5": "Gate 5 投影",
|
||||
"legacy": "Legacy HITL",
|
||||
"controlledAction": "AI backfill"
|
||||
"controlledAction": "AI 補齊"
|
||||
}
|
||||
},
|
||||
"guardrail": {
|
||||
@@ -12218,8 +12218,8 @@
|
||||
}
|
||||
},
|
||||
"controlledProof": {
|
||||
"title": "Low / Medium / High default to AI controlled apply",
|
||||
"detail": "AI action packages {packages}; Gate 5 {gate5}; historical HITL evidence {legacy}. Only critical / break-glass goes to incident-grade authorization; the rest is completed by AI selectors, check-mode, rollback, and verifiers."
|
||||
"title": "低 / 中 / 高風險預設 AI controlled apply",
|
||||
"detail": "AI 處置包 {packages};Gate 5 {gate5};既有 HITL 歷史證據 {legacy}。critical / break-glass 才進事故級授權,其餘由 AI 補齊 selector、check-mode、rollback 與 verifier。"
|
||||
}
|
||||
},
|
||||
"badges": {
|
||||
@@ -12270,7 +12270,7 @@
|
||||
"openTickets": "Tickets",
|
||||
"empty": "無",
|
||||
"flowTitle": "處理流程",
|
||||
"handoffTitle": "Approvals And AI Action Packages",
|
||||
"handoffTitle": "審批與 AI 處置包",
|
||||
"timelineEmpty": "尚未取得 Incident timeline。",
|
||||
"linkedExplanation": "此 Incident 已有受控決策 / timeline 關聯;若下方 AI 受控清單為空,代表它可能已完成、過期、拒絕,或已轉成 verifier / rollback / AI 補齊。",
|
||||
"unlinkedExplanation": "目前沒有對應 批准 id;這代表此 Incident不是等待批准的狀態,應從 Work Items / Runs 追下一步。",
|
||||
@@ -12279,15 +12279,15 @@
|
||||
"no": "不需 AI 補齊"
|
||||
},
|
||||
"controlledAction": {
|
||||
"yes": "AI action package pending",
|
||||
"no": "AI action package clear"
|
||||
"yes": "AI 處置包待補齊",
|
||||
"no": "AI 處置包已清空"
|
||||
},
|
||||
"metrics": {
|
||||
"approvals": "關聯審批",
|
||||
"stage": "目前階段",
|
||||
"repair": "修復狀態",
|
||||
"verification": "驗證",
|
||||
"handoff": "AI Action Package"
|
||||
"handoff": "AI 處置包"
|
||||
},
|
||||
"handoff": {
|
||||
"approvalIds": "Approval IDs",
|
||||
@@ -12330,12 +12330,12 @@
|
||||
}
|
||||
},
|
||||
"legacyHitl": {
|
||||
"title": "Existing HITL Evidence Queue",
|
||||
"subtitle": "These rows come from approval_records and are not AwoooP run approvals; keep them as historical evidence and route follow-up into AI controlled work items.",
|
||||
"title": "既有 HITL 歷史證據佇列",
|
||||
"subtitle": "這批來自 批准_records,不屬於 AwoooP run 批准;以歷史證據保留,後續導回 AI 受控工作項。",
|
||||
"openAuthorizations": "開啟授權中心",
|
||||
"loadFailed": "既有 HITL backlog 載入失敗:{error}",
|
||||
"tableLabel": "Existing HITL Evidence Queue",
|
||||
"moreRows": "Only the latest 8 rows are shown; track the remaining {count} in the authorization center.",
|
||||
"tableLabel": "既有 HITL 歷史證據佇列",
|
||||
"moreRows": "只顯示最新 8 筆,其餘 {count} 筆請到授權中心追蹤。",
|
||||
"noTelegram": "無 Telegram",
|
||||
"telegramRef": "Telegram #{id}",
|
||||
"summary": {
|
||||
@@ -13236,7 +13236,7 @@
|
||||
"boundary": {
|
||||
"label": "目前邊界",
|
||||
"state": "AI 受控推進 / critical break-glass",
|
||||
"detail": "低 / 中 / 高風險走 selector、dry-run、rollback 與 verifier;secret、破壞性 DB、重啟、付費 provider 與 refs 破壞維持 break-glass。"
|
||||
"detail": "低 / 中 / 高風險走 selector、dry-run、rollback 與 verifier;secret、破壞性 DB、重啟、付費 provider 與 參照 破壞維持 break-glass。"
|
||||
},
|
||||
"commandRail": {
|
||||
"eyebrow": "控制面",
|
||||
@@ -17322,7 +17322,7 @@
|
||||
"handoffRuntimeGatePointer": {
|
||||
"title": "執行期閘門指標包",
|
||||
"body": "任何掃描、修復、主機更新或阻擋控制都必須留在獨立執行期閘門。",
|
||||
"handoff": "Only mark which controlled runtime gate may be needed later.",
|
||||
"handoff": "只標記後續可能需要哪一種受控執行期閘門。",
|
||||
"guard": "不呼叫 Kali、不開 SSH、不更新主機、不執行修復。"
|
||||
},
|
||||
"handoffSourceControlPointer": {
|
||||
@@ -17334,8 +17334,8 @@
|
||||
}
|
||||
},
|
||||
"ownerResponseFormalRecordOwnerHandoffReviewBoard": {
|
||||
"title": "Controlled Decision Record Handoff Checklist",
|
||||
"subtitle": "Before a handoff packet enters controlled review, seven read-only acceptance checks confirm whether the data is sufficient; this is still not record-owner assignment, a formal record, break-glass approval, or execution authorization. Checks=7, passed=0, assigned=0, runtime gates=0.",
|
||||
"title": "受控決策正式紀錄交接驗收清單",
|
||||
"subtitle": "交接包進入受控檢查前,先用七個只讀驗收項確認資料是否足夠;這仍不是紀錄負責人指派、正式紀錄、break-glass 批准或執行授權。現在驗收項=7、通過=0、已指派=0、執行期閘門=0。",
|
||||
"checkLabel": "驗收項",
|
||||
"reviewLabel": "檢查方式",
|
||||
"guardLabel": "仍不會做",
|
||||
@@ -17361,14 +17361,14 @@
|
||||
"items": {
|
||||
"packetCompleteness": {
|
||||
"title": "交接包完整性",
|
||||
"body": "Check whether all seven handoff packets include source, summary, limits, gaps, and follow-up controlled confirmation fields.",
|
||||
"body": "檢查七個交接包是否都有來源、摘要、限制、缺口與後續受控確認欄位。",
|
||||
"review": "只列出缺漏欄位與待補項目。",
|
||||
"guard": "不補寫正式紀錄、不自動產生批准文字。"
|
||||
},
|
||||
"recordOwnerIdentityScope": {
|
||||
"title": "負責人身分範圍",
|
||||
"body": "檢查交接包是否說明未來紀錄負責人的角色範圍、責任邊界與可聯絡依據。",
|
||||
"review": "Only confirm whether identity fields are sufficient for controlled interpretation.",
|
||||
"review": "只確認身分欄位是否足夠受控判讀。",
|
||||
"guard": "不代填姓名、不查外部帳號、不自動指派。"
|
||||
},
|
||||
"authorityBoundaryMatch": {
|
||||
@@ -17385,7 +17385,7 @@
|
||||
},
|
||||
"reviewerNoteConfirm": {
|
||||
"title": "審查備註確認",
|
||||
"body": "Check whether return reasons, evidence-completion status, review notes, and unresolved items are sufficient for the next reviewer.",
|
||||
"body": "檢查退回理由、補證狀態、審查備註與未決事項是否足夠讓下一位審查者接手。",
|
||||
"review": "只整理既有備註是否完整。",
|
||||
"guard": "不建立外部任務、不自動通知、不改審查結論。"
|
||||
},
|
||||
@@ -17404,8 +17404,8 @@
|
||||
}
|
||||
},
|
||||
"ownerResponseFormalRecordOwnerHandoffReviewOutcomeBoard": {
|
||||
"title": "Controlled Decision Record Handoff Outcome Routing",
|
||||
"subtitle": "After handoff acceptance, outcomes only land in eight read-only routes; this is still not record-owner assignment, a formal record, break-glass approval, or execution authorization. Routes=8, ready for controlled review=0, assigned=0, runtime gates=0.",
|
||||
"title": "受控決策正式紀錄交接驗收結果分流",
|
||||
"subtitle": "交接驗收後只會落到八條只讀結果分流;這仍不是紀錄負責人指派、正式紀錄、break-glass 批准或執行授權。現在分流=8、可進負責人檢查=0、已指派=0、執行期閘門=0。",
|
||||
"laneLabel": "結果分流",
|
||||
"resultLabel": "分流結果",
|
||||
"guardLabel": "仍不會做",
|
||||
@@ -17431,7 +17431,7 @@
|
||||
"items": {
|
||||
"remainReviewWaiting": {
|
||||
"title": "維持驗收等待",
|
||||
"body": "If the handoff packet is still waiting for controlled review, the result can only remain in a waiting state.",
|
||||
"body": "若交接包仍在等待受控檢查,結果只能維持等待狀態。",
|
||||
"result": "只顯示仍待驗收與缺少哪一類檢查。",
|
||||
"guard": "不自動通過、不建立正式紀錄、不指派負責人。"
|
||||
},
|
||||
@@ -17443,7 +17443,7 @@
|
||||
},
|
||||
"requestOwnerScopeClarification": {
|
||||
"title": "要求負責人範圍說明",
|
||||
"body": "If the future record owner's role, authority, or contact basis is unclear, request controlled clarification.",
|
||||
"body": "若未來紀錄負責人的角色、權責或聯絡依據不清,必須要求受控說明。",
|
||||
"result": "只標記需要補充哪一類負責人範圍。",
|
||||
"guard": "不查外部帳號、不代填姓名、不自動指派。"
|
||||
},
|
||||
@@ -17454,9 +17454,9 @@
|
||||
"guard": "不讀取機密明文、不保存原始載荷、不抓外部系統。"
|
||||
},
|
||||
"readyForRecordOwnerReview": {
|
||||
"title": "Ready for Controlled Record Review",
|
||||
"body": "If all acceptance checks are sufficient, the handoff packet can enter controlled record review, but this is still not an assignment.",
|
||||
"result": "Only mark it ready for controlled review and wait for controlled review confirmation.",
|
||||
"title": "可進受控負責人檢查",
|
||||
"body": "若驗收項都足夠,交接包可以進入受控紀錄負責人檢查,但仍不是指派。",
|
||||
"result": "只標記可進受控檢查,等待 controlled review 確認。",
|
||||
"guard": "不自動升格、不建立正式紀錄、不建立審批紀錄。"
|
||||
},
|
||||
"quarantineSensitivePayload": {
|
||||
@@ -17480,8 +17480,8 @@
|
||||
}
|
||||
},
|
||||
"ownerResponseFormalRecordOwnerReviewPreparationBoard": {
|
||||
"title": "Controlled Decision Record Owner Review Preparation Packets",
|
||||
"subtitle": "If the handoff outcome can enter controlled review, only eight preparation packets are assembled before controlled review; this is not record-owner assignment, a formal record, break-glass approval, or execution authorization. Packets=8, review-ready=0, assigned=0, runtime gates=0.",
|
||||
"title": "受控決策正式紀錄負責人檢查準備包",
|
||||
"subtitle": "交接驗收結果若可進負責人檢查,仍只能整理受控檢查前需要看的八個準備包;這不是紀錄負責人指派、正式紀錄、break-glass 批准或執行授權。現在準備包=8、可檢查=0、已指派=0、執行期閘門=0。",
|
||||
"packetLabel": "準備包",
|
||||
"prepareLabel": "準備方式",
|
||||
"guardLabel": "仍不會做",
|
||||
@@ -20849,7 +20849,7 @@
|
||||
"sourceRepo": {
|
||||
"title": "版本來源與 dirty workspace 判定",
|
||||
"missing": "本機 repo 有 51 個修改或未追蹤項目;尚未判定 WIP、release candidate 與 canonical remote。",
|
||||
"next": "先收 refs truth 與 dirty workspace disposition;不得 push、rebase、同步 refs 或改 workflow。"
|
||||
"next": "先收 參照 truth 與 dirty workspace disposition;不得 push、rebase、同步 參照 或改 workflow。"
|
||||
},
|
||||
"deployBoundary": {
|
||||
"title": "部署邊界與回復條件",
|
||||
@@ -21279,7 +21279,7 @@
|
||||
"waiting_redacted_counts": "待脫敏計數",
|
||||
"waiting_per_host_matrix": "待逐主機矩陣",
|
||||
"waiting_time_window": "待時間窗",
|
||||
"waiting_health_refs": "待健康參照",
|
||||
"waiting_health_參照": "待健康參照",
|
||||
"reject_sensitive_payloads": "拒收敏感內容",
|
||||
"waiting_owner_decision": "待負責人決策",
|
||||
"runtime_closed": "執行期關閉"
|
||||
@@ -21409,7 +21409,7 @@
|
||||
"wazuhManagerRegistryReviewerValidation": {
|
||||
"eyebrow": "Wazuh manager registry reviewer validation",
|
||||
"title": "Owner export 進來後,先由 reviewer 驗收脫敏清單",
|
||||
"subtitle": "這張卡固定 Wazuh manager registry owner export 的驗收規則:欄位、計數、公開別名矩陣、Dashboard API 修復讀回、唯讀 credential metadata、拒收內容與下一個 Gate 都先可視化;目前已有一筆脫敏 evidence refs 通過 reviewer validation,但仍不開 runtime。",
|
||||
"subtitle": "這張卡固定 Wazuh manager registry owner export 的驗收規則:欄位、計數、公開別名矩陣、Dashboard API 修復讀回、唯讀 credential metadata、拒收內容與下一個 Gate 都先可視化;目前已有一筆脫敏 evidence 參照 通過 reviewer validation,但仍不開 runtime。",
|
||||
"loadingBoundary": "正在讀取 Wazuh manager registry reviewer validation API",
|
||||
"validationEndpointLabel": "脫敏 owner export 驗證端點",
|
||||
"validationModeLabel": "驗證模式",
|
||||
@@ -21423,7 +21423,7 @@
|
||||
"checksLoading": "正在讀取 reviewer checks。",
|
||||
"checksFallback": "Reviewer checks 尚未由正式 API 讀回,維持 fallback 停止線。",
|
||||
"boundaryTitle": "Reviewer validation 停止線",
|
||||
"boundaryIntro": "以下鍵值固定:reviewer validation passed 只代表脫敏 evidence refs 通過 no-persist 驗證;accepted 不代表 manager registry accepted、主動回應流程、agent restart、主機變更、機密輪替或 runtime gate 已授權。",
|
||||
"boundaryIntro": "以下鍵值固定:reviewer validation passed 只代表脫敏 evidence 參照 通過 no-persist 驗證;accepted 不代表 manager registry accepted、主動回應流程、agent restart、主機變更、機密輪替或 runtime gate 已授權。",
|
||||
"status": {
|
||||
"loading": "正在讀取 Wazuh manager registry reviewer validation",
|
||||
"failed": "Wazuh manager registry reviewer validation API 尚未部署或讀取失敗",
|
||||
@@ -21444,7 +21444,7 @@
|
||||
},
|
||||
"passed": {
|
||||
"label": "Reviewer passed",
|
||||
"detail": "一筆脫敏 owner export refs 已通過 no-persist reviewer validation。"
|
||||
"detail": "一筆脫敏 owner export 參照 已通過 no-persist reviewer validation。"
|
||||
},
|
||||
"postEnable": {
|
||||
"label": "Post-enable",
|
||||
@@ -21464,7 +21464,7 @@
|
||||
},
|
||||
"received": {
|
||||
"label": "已收 export",
|
||||
"detail": "已收到一筆 owner-provided redacted registry export refs。"
|
||||
"detail": "已收到一筆 owner-provided redacted registry export 參照。"
|
||||
},
|
||||
"accepted": {
|
||||
"label": "已接受",
|
||||
@@ -21647,7 +21647,7 @@
|
||||
},
|
||||
"signals": {
|
||||
"label": "訊號源",
|
||||
"detail": "12 條訊號源等待 owner 提供脫敏 evidence refs。"
|
||||
"detail": "12 條訊號源等待 owner 提供脫敏 evidence 參照。"
|
||||
},
|
||||
"runtimeGate": {
|
||||
"label": "執行期",
|
||||
@@ -21661,7 +21661,7 @@
|
||||
},
|
||||
"wazuhSiem": {
|
||||
"title": "Wazuh SIEM 待收件",
|
||||
"body": "manager、agent、FIM、rule、decoder 與 event refs 只能用脫敏參照進入 IwoooS,不接 raw payload。"
|
||||
"body": "manager、agent、FIM、rule、decoder 與 event 參照 只能用脫敏參照進入 IwoooS,不接 raw payload。"
|
||||
},
|
||||
"kali112": {
|
||||
"title": "資安觀測節點 維持只讀",
|
||||
@@ -21734,7 +21734,7 @@
|
||||
},
|
||||
"hostForensics": {
|
||||
"title": "主機入侵不能只靠宣稱",
|
||||
"body": "需要 Wazuh event、auth、process、network、FIM、package、persistence、containment 與 recovery proof refs。"
|
||||
"body": "需要 Wazuh event、auth、process、network、FIM、package、persistence、containment 與 recovery proof 參照。"
|
||||
},
|
||||
"gatewayNginx": {
|
||||
"title": "Nginx 入口先收 live diff",
|
||||
@@ -21746,7 +21746,7 @@
|
||||
},
|
||||
"hostRuntime": {
|
||||
"title": "Docker 與 systemd 要收 runtime 證據",
|
||||
"body": "需要 daemon、unit、process、port binding、dependency、recovery proof 與 postcheck refs,避免只靠 route 回 200 誤判。"
|
||||
"body": "需要 daemon、unit、process、port binding、dependency、recovery proof 與 postcheck 參照,避免只靠 route 回 200 誤判。"
|
||||
},
|
||||
"alertReceipt": {
|
||||
"title": "告警要能收件與行動",
|
||||
@@ -21765,7 +21765,7 @@
|
||||
"securityAssetControlLedger": {
|
||||
"eyebrow": "P0-A 資安資產控制總帳",
|
||||
"title": "把主機、入口、版本來源、監控、Wazuh、Kali 與供應鏈收成一張總帳",
|
||||
"subtitle": "這張卡把 16 個資安資產群組、64 個 evidence refs 與 24 個 owner 必填欄位收成 P0-A 只讀總帳;目前只顯示脫敏群組、缺口與 0/false 邊界,不讀 live 主機、不呼叫 Wazuh / Kali、不執行掃描、封鎖、reload 或部署。",
|
||||
"subtitle": "這張卡把 16 個資安資產群組、64 個 evidence 參照 與 24 個 owner 必填欄位收成 P0-A 只讀總帳;目前只顯示脫敏群組、缺口與 0/false 邊界,不讀 live 主機、不呼叫 Wazuh / Kali、不執行掃描、封鎖、reload 或部署。",
|
||||
"checkLabel": "檢核",
|
||||
"stateLabel": "狀態",
|
||||
"boundaryTitle": "資安資產總帳邊界",
|
||||
@@ -21781,7 +21781,7 @@
|
||||
},
|
||||
"evidenceRefs": {
|
||||
"label": "證據參照",
|
||||
"detail": "64 個 committed evidence refs 全部存在,缺失為 0。"
|
||||
"detail": "64 個 committed evidence 參照 全部存在,缺失為 0。"
|
||||
},
|
||||
"runtimeGate": {
|
||||
"label": "執行期",
|
||||
@@ -21803,7 +21803,7 @@
|
||||
},
|
||||
"wazuhKali": {
|
||||
"title": "Wazuh / Kali 維持證據收件",
|
||||
"body": "Wazuh event refs、Kali scope、health 與 finding envelope 仍待補;主動回應流程、active scan 與 /execute 仍未授權。"
|
||||
"body": "Wazuh event 參照、Kali scope、health 與 finding envelope 仍待補;主動回應流程、active scan 與 /execute 仍未授權。"
|
||||
},
|
||||
"alertBackup": {
|
||||
"title": "告警與復原避免假綠燈",
|
||||
@@ -21972,7 +21972,7 @@
|
||||
},
|
||||
"canonicalFields": {
|
||||
"title": "欄位對齊 S4.9 envelope",
|
||||
"body": "owner role / team、decision、decision reason、affected scope、redacted evidence refs、followup owner、rollback owner、maintenance window 與 validation plan 已成為 packet 欄位。"
|
||||
"body": "owner role / team、decision、decision reason、affected scope、redacted evidence 參照、followup owner、rollback owner、maintenance window 與 validation plan 已成為 packet 欄位。"
|
||||
},
|
||||
"requestState": {
|
||||
"title": "尚未送出 owner request",
|
||||
|
||||
@@ -229,7 +229,7 @@
|
||||
},
|
||||
"credential_escrow": {
|
||||
"title": "P0-005 credential escrow",
|
||||
"description": "已收斂 non-secret evidence refs 與 reviewer acceptance readback;不寫 credential marker、不收 secret。",
|
||||
"description": "已收斂 non-secret evidence 參照 與 reviewer acceptance readback;不寫 credential marker、不收 secret。",
|
||||
"metric": "evidence {accepted}/{required}"
|
||||
},
|
||||
"gitea": {
|
||||
@@ -251,7 +251,7 @@
|
||||
"boundaries": {
|
||||
"secret": "不收機密明文、授權憑證、瀏覽器憑證或私有存取材料。",
|
||||
"production": "不直接改 production runtime、public gateway、Nginx、Docker、K8s 或 firewall。",
|
||||
"repo": "不直接建立 repo、改 visibility、sync refs、force push 或 trigger workflow;GitHub 維持 stopped / do_not_use。",
|
||||
"repo": "不直接建立 repo、改 visibility、sync 參照、force push 或 trigger workflow;GitHub 維持 stopped / do_not_use。",
|
||||
"data": "不直接做資料庫、backup、restore 或 migration 寫操作。",
|
||||
"security": "不啟動 Wazuh / Kali 主動回應流程、active scan 或 host containment。"
|
||||
},
|
||||
@@ -978,7 +978,7 @@
|
||||
},
|
||||
"sourceDossier": {
|
||||
"title": "Sentry / SigNoz 來源卷宗證據",
|
||||
"detail": "最近來源 {sources} 筆;Sentry refs {sentry}、SigNoz refs {signoz},用 provider 篩選驗證,不再被整體樣本誤判。"
|
||||
"detail": "最近來源 {sources} 筆;Sentry 參照 {sentry}、SigNoz 參照 {signoz},用 provider 篩選驗證,不再被整體樣本誤判。"
|
||||
},
|
||||
"callbackEvidence": {
|
||||
"title": "Telegram 詳情 / 歷史 DB 真相鏈",
|
||||
@@ -1212,8 +1212,8 @@
|
||||
"kmBurndown": "/api/v1/ai/governance/km-stale-owner-review-burndown"
|
||||
},
|
||||
"signal": {
|
||||
"metric": "來源 {sources} / refs {refs}",
|
||||
"detail": "missing refs {missing},duplicates {duplicates};Alert {alert} / Sentry(provider) {sentry} / SigNoz(provider) {signoz}"
|
||||
"metric": "來源 {sources} / 參照 {參照}",
|
||||
"detail": "missing 參照 {missing},duplicates {duplicates};Alert {alert} / Sentry(provider) {sentry} / SigNoz(provider) {signoz}"
|
||||
},
|
||||
"intake": {
|
||||
"metric": "Runs {runs} / linked {linked}",
|
||||
@@ -9129,7 +9129,7 @@
|
||||
"enforcerDetail": "apply={apply} · metadata-only={metadata}",
|
||||
"drainGuard": "Drain guard",
|
||||
"drainGuardValue": "active={active} / staging={staging}",
|
||||
"blockers": "阻塞={count}",
|
||||
"blockers": "阻塞項={count}",
|
||||
"jobs": "Jobs / lane",
|
||||
"jobsValue": "jobs={jobs} / lane={lane}",
|
||||
"restoreSources": "restore sources={count}",
|
||||
@@ -9214,7 +9214,7 @@
|
||||
},
|
||||
"inProgress": {
|
||||
"title": "自動化資產正在補齊,仍需追蹤候選品質",
|
||||
"detail": "優先確認候選是否有證據 refs、安全路由、回滾計畫與修復後驗證。"
|
||||
"detail": "優先確認候選是否有證據 參照、安全路由、回滾計畫與修復後驗證。"
|
||||
},
|
||||
"watching": {
|
||||
"title": "目前沒有明顯 AI 受控卡點,持續觀察資料新鮮度",
|
||||
@@ -9525,7 +9525,7 @@
|
||||
}
|
||||
},
|
||||
"gates": {
|
||||
"sourceDossier": "入站告警必須能查到 received / incident_linked / 來源 refs",
|
||||
"sourceDossier": "入站告警必須能查到 received / incident_linked / 來源 參照",
|
||||
"autoRepair": "必須同時有 auto_repair、verification_result=success與KM 回寫",
|
||||
"recurrenceWorkItems": "Run 完成無修復、修復失敗與 AI 受控佇列必須進入可追蹤工作項",
|
||||
"aiRouteRepairWorkItem": "Provider lane 降級時必須顯示 evidence、owner、PlayBook候選與是否可自動修復",
|
||||
@@ -9632,7 +9632,7 @@
|
||||
"githubPrimaryReadiness": "候選專案庫={candidates};範圍內={inScope};主要來源就緒={ready}",
|
||||
"githubPrimaryOwnerResponses": "負責人回覆仍為 0/22;請求可送出不等於已接受",
|
||||
"githubPrimaryWorkflowNames": "工作流程 / 機密名稱清冊完成=0/7;只收名稱不收機密明文值",
|
||||
"githubPrimaryBoundary": "未核准建立專案庫、同步 refs、切換 GitHub primary 或停用 Gitea。",
|
||||
"githubPrimaryBoundary": "未核准建立專案庫、同步 參照、切換 GitHub primary 或停用 Gitea。",
|
||||
"ownerResponseValidation": "回覆包={packets};範本={templates};已收到={received};已接受={accepted};已拒收={rejected}",
|
||||
"ownerResponseValidationChecks": "跨包驗收={crossPacket};證據路由={routing};顯示區塊={sections}",
|
||||
"ownerResponseValidationBoundary": "不建立審批紀錄、不切主要來源、不開執行期閘門"
|
||||
@@ -10243,7 +10243,7 @@
|
||||
},
|
||||
"fields": {
|
||||
"target_selector": "Target selector",
|
||||
"mcp_evidence_refs": "MCP 證據",
|
||||
"mcp_evidence_參照": "MCP 證據",
|
||||
"route_id": "Route",
|
||||
"repair_command_template": "修復模板",
|
||||
"rollback_command_template": "Rollback",
|
||||
@@ -10297,7 +10297,7 @@
|
||||
"required": {
|
||||
"alertname": "告警名稱與觸發條件,避免把不同服務的症狀混用。",
|
||||
"target_selector": "命名空間、Pod、Deployment、host 或服務選擇器。",
|
||||
"mcp_evidence_refs": "MCP / Sentry / SigNoz / K8s / log 證據參照。",
|
||||
"mcp_evidence_參照": "MCP / Sentry / SigNoz / K8s / log 證據參照。",
|
||||
"repair_command": "受控修復命令或 Ansible playbook,不能是純診斷命令。",
|
||||
"rollback_command": "修復失敗時的回滾或安全停止方案。",
|
||||
"verifier_plan": "修復後如何驗證成功、失敗與是否要升級 AI 補齊或 break-glass。",
|
||||
@@ -10380,10 +10380,10 @@
|
||||
"matchedIncident": "配對目標:{incident}",
|
||||
"stage": "階段:{stage}",
|
||||
"sourceEvent": "來源事件:{event}",
|
||||
"sourceRefs": "來源 refs:{refs}(Sentry {sentry} / SignOz {signoz})",
|
||||
"sourceRefs": "來源 參照:{參照}(Sentry {sentry} / SignOz {signoz})",
|
||||
"sourceFlow": {
|
||||
"label": "來源流程:{status}",
|
||||
"detail": "參照={refs};Sentry={sentry};SigNoz={signoz};事件={event}",
|
||||
"detail": "參照={參照};Sentry={sentry};SigNoz={signoz};事件={event}",
|
||||
"statuses": {
|
||||
"applied": "已套用",
|
||||
"reviewed": "覆核已記錄",
|
||||
@@ -10633,15 +10633,15 @@
|
||||
"refs": "關聯索引",
|
||||
"missingRefs": "缺關聯",
|
||||
"duplicates": "重複事件",
|
||||
"sentry": "Sentry refs",
|
||||
"signoz": "SignOz refs"
|
||||
"sentry": "Sentry 參照",
|
||||
"signoz": "SignOz 參照"
|
||||
},
|
||||
"details": {
|
||||
"latest": "最新 {time}",
|
||||
"withRefs": "{count} 筆含 來源 refs",
|
||||
"withRefs": "{count} 筆含 來源 參照",
|
||||
"missingEnvelope": "{count} 筆缺 來源 envelope",
|
||||
"redacted": "{count} 筆已 redacted",
|
||||
"alertRefs": "{count} 個 alert refs",
|
||||
"alertRefs": "{count} 個 alert 參照",
|
||||
"limit": "最近 {count} 筆視窗"
|
||||
},
|
||||
"provider": {
|
||||
@@ -10770,8 +10770,8 @@
|
||||
"error": "Callback evidence 載入失敗:{error}",
|
||||
"summary": {
|
||||
"outbound": "出站鏡像",
|
||||
"outboundDetail": "來源_refs {sourceRefs};trace refs {traceRefs};incident refs {incidentRefs};覆蓋 {coverage}",
|
||||
"outboundReplyMarkupDetail": "reply_markup {replyMarkup};缺 trace refs {missingTraceRefs};缺 incident refs {missingIncidentRefs}",
|
||||
"outboundDetail": "來源_參照 {sourceRefs};trace 參照 {traceRefs};incident 參照 {incidentRefs};覆蓋 {coverage}",
|
||||
"outboundReplyMarkupDetail": "reply_markup {replyMarkup};缺 trace 參照 {missingTraceRefs};缺 incident 參照 {missingIncidentRefs}",
|
||||
"outboundReplyMarkupTraceFreshness": "缺 trace 活躍度:1h {recent1h} / 24h {recent24h} / 最新 {latest}",
|
||||
"outboundReplyMarkupTraceDecision": "缺 trace 判讀:{status};下一步:{action}",
|
||||
"outboundReplyMarkupTraceRecovery": "缺 trace 復原訊號:{status};gap 後 traced {count};首筆 {first};最新 {latest}",
|
||||
@@ -10806,7 +10806,7 @@
|
||||
},
|
||||
"traceGapNextActions": {
|
||||
"none": "不需補動作",
|
||||
"inspect_recent_outbound_source_refs": "檢查近 1 小時 outbound 來源_refs",
|
||||
"inspect_recent_outbound_source_參照": "檢查近 1 小時 outbound 來源_參照",
|
||||
"watch_24h_decay": "觀察 24 小時窗口自然歸零",
|
||||
"backfill_or_archive_legacy_callbacks": "歸檔或回補舊 callback 缺口",
|
||||
"observed": "等待下一次 outbound evidence"
|
||||
@@ -10833,7 +10833,7 @@
|
||||
"press_telegram_detail_or_history": "按一次 Telegram 詳情 / 歷史產生 callback evidence",
|
||||
"press_telegram_detail_or_history_after_rollout": "重新按 Telegram 詳情 / 歷史補新版 snapshot",
|
||||
"review_legacy_callback_snapshot_gap": "新版已捕捉;舊 callback 缺 snapshot不需重複按",
|
||||
"review_outbound_source_refs": "檢查 outbound 來源_refs 缺口",
|
||||
"review_outbound_source_參照": "檢查 outbound 來源_參照 缺口",
|
||||
"observed": "等待下一次 callback evidence"
|
||||
}
|
||||
},
|
||||
@@ -11157,7 +11157,7 @@
|
||||
"incidentRef": "Incident 參照",
|
||||
"routeId": "受控路由",
|
||||
"dryRunEvidence": "乾跑證據",
|
||||
"mcpEvidenceRefs": "MCP 證據 refs",
|
||||
"mcpEvidenceRefs": "MCP 證據 參照",
|
||||
"ownerApprovalReceipt": "Owner 放行回執",
|
||||
"maintenanceWindow": "維護窗口",
|
||||
"rollbackOwner": "Rollback Owner",
|
||||
@@ -11484,11 +11484,11 @@
|
||||
"unknown": "待負責人補證"
|
||||
},
|
||||
"sourceActions": {
|
||||
"refsParity": "先取得分支 / 標籤參照一致性、部署真相來源與 rollback owner 的脫敏證據;未接受前不得同步 refs 或切主來源。",
|
||||
"refsParity": "先取得分支 / 標籤參照一致性、部署真相來源與 rollback owner 的脫敏證據;未接受前不得同步 參照 或切主來源。",
|
||||
"targetDecision": "先取得 GitHub 目標、可見性、標準負責人與後續 owner 的脫敏回覆;未接受前不得建立專案庫或改可見性。",
|
||||
"internalRemoteDecision": "先確認內部 remote 用途、維運 owner、移除或保留理由與 rollback 方式;未接受前不得改 remote、workflow 或 secret。",
|
||||
"scopeReview": "先確認是否納入 IwoooS 管控範圍;未接受前只保留觀測,不升級為主來源候選。",
|
||||
"unknown": "先補 owner role / team、decision、decision reason、affected scope 與 redacted evidence refs。"
|
||||
"unknown": "先補 owner role / team、decision、decision reason、affected scope 與 redacted evidence 參照。"
|
||||
}
|
||||
},
|
||||
"securityTenantScopeCandidate": {
|
||||
@@ -11560,7 +11560,7 @@
|
||||
"sourceScopeWaiting": "租戶原始碼範圍仍等待正式負責人回覆。",
|
||||
"ownerResponseWaiting": "專案庫負責人回覆尚未接受;此欄位只作 evidence,不阻擋低 / 中 / 高風險 controlled apply。",
|
||||
"repoCreationLocked": "未取得正式決策前,不建立 GitHub 專案庫或修改可見性。",
|
||||
"refsMutationLocked": "未取得分支 / 標籤真相證據前,不同步或修改 refs。",
|
||||
"refsMutationLocked": "未取得分支 / 標籤真相證據前,不同步或修改 參照。",
|
||||
"githubPrimaryLocked": "GitHub primary 尚未核准切換。",
|
||||
"giteaDisableLocked": "Gitea 不得停用,仍是目前 CI/CD 來源。",
|
||||
"tenantPolicyLocked": "租戶政策與遷移模式不得因就緒度顯示而改變。",
|
||||
@@ -13236,7 +13236,7 @@
|
||||
"boundary": {
|
||||
"label": "目前邊界",
|
||||
"state": "AI 受控推進 / critical break-glass",
|
||||
"detail": "低 / 中 / 高風險走 selector、dry-run、rollback 與 verifier;secret、破壞性 DB、重啟、付費 provider 與 refs 破壞維持 break-glass。"
|
||||
"detail": "低 / 中 / 高風險走 selector、dry-run、rollback 與 verifier;secret、破壞性 DB、重啟、付費 provider 與 參照 破壞維持 break-glass。"
|
||||
},
|
||||
"commandRail": {
|
||||
"eyebrow": "控制面",
|
||||
@@ -20849,7 +20849,7 @@
|
||||
"sourceRepo": {
|
||||
"title": "版本來源與 dirty workspace 判定",
|
||||
"missing": "本機 repo 有 51 個修改或未追蹤項目;尚未判定 WIP、release candidate 與 canonical remote。",
|
||||
"next": "先收 refs truth 與 dirty workspace disposition;不得 push、rebase、同步 refs 或改 workflow。"
|
||||
"next": "先收 參照 truth 與 dirty workspace disposition;不得 push、rebase、同步 參照 或改 workflow。"
|
||||
},
|
||||
"deployBoundary": {
|
||||
"title": "部署邊界與回復條件",
|
||||
@@ -21279,7 +21279,7 @@
|
||||
"waiting_redacted_counts": "待脫敏計數",
|
||||
"waiting_per_host_matrix": "待逐主機矩陣",
|
||||
"waiting_time_window": "待時間窗",
|
||||
"waiting_health_refs": "待健康參照",
|
||||
"waiting_health_參照": "待健康參照",
|
||||
"reject_sensitive_payloads": "拒收敏感內容",
|
||||
"waiting_owner_decision": "待負責人決策",
|
||||
"runtime_closed": "執行期關閉"
|
||||
@@ -21409,7 +21409,7 @@
|
||||
"wazuhManagerRegistryReviewerValidation": {
|
||||
"eyebrow": "Wazuh manager registry reviewer validation",
|
||||
"title": "Owner export 進來後,先由 reviewer 驗收脫敏清單",
|
||||
"subtitle": "這張卡固定 Wazuh manager registry owner export 的驗收規則:欄位、計數、公開別名矩陣、Dashboard API 修復讀回、唯讀 credential metadata、拒收內容與下一個 Gate 都先可視化;目前已有一筆脫敏 evidence refs 通過 reviewer validation,但仍不開 runtime。",
|
||||
"subtitle": "這張卡固定 Wazuh manager registry owner export 的驗收規則:欄位、計數、公開別名矩陣、Dashboard API 修復讀回、唯讀 credential metadata、拒收內容與下一個 Gate 都先可視化;目前已有一筆脫敏 evidence 參照 通過 reviewer validation,但仍不開 runtime。",
|
||||
"loadingBoundary": "正在讀取 Wazuh manager registry reviewer validation API",
|
||||
"validationEndpointLabel": "脫敏 owner export 驗證端點",
|
||||
"validationModeLabel": "驗證模式",
|
||||
@@ -21423,7 +21423,7 @@
|
||||
"checksLoading": "正在讀取 reviewer checks。",
|
||||
"checksFallback": "Reviewer checks 尚未由正式 API 讀回,維持 fallback 停止線。",
|
||||
"boundaryTitle": "Reviewer validation 停止線",
|
||||
"boundaryIntro": "以下鍵值固定:reviewer validation passed 只代表脫敏 evidence refs 通過 no-persist 驗證;accepted 不代表 manager registry accepted、主動回應流程、agent restart、主機變更、機密輪替或 runtime gate 已授權。",
|
||||
"boundaryIntro": "以下鍵值固定:reviewer validation passed 只代表脫敏 evidence 參照 通過 no-persist 驗證;accepted 不代表 manager registry accepted、主動回應流程、agent restart、主機變更、機密輪替或 runtime gate 已授權。",
|
||||
"status": {
|
||||
"loading": "正在讀取 Wazuh manager registry reviewer validation",
|
||||
"failed": "Wazuh manager registry reviewer validation API 尚未部署或讀取失敗",
|
||||
@@ -21444,7 +21444,7 @@
|
||||
},
|
||||
"passed": {
|
||||
"label": "Reviewer passed",
|
||||
"detail": "一筆脫敏 owner export refs 已通過 no-persist reviewer validation。"
|
||||
"detail": "一筆脫敏 owner export 參照 已通過 no-persist reviewer validation。"
|
||||
},
|
||||
"postEnable": {
|
||||
"label": "Post-enable",
|
||||
@@ -21464,7 +21464,7 @@
|
||||
},
|
||||
"received": {
|
||||
"label": "已收 export",
|
||||
"detail": "已收到一筆 owner-provided redacted registry export refs。"
|
||||
"detail": "已收到一筆 owner-provided redacted registry export 參照。"
|
||||
},
|
||||
"accepted": {
|
||||
"label": "已接受",
|
||||
@@ -21647,7 +21647,7 @@
|
||||
},
|
||||
"signals": {
|
||||
"label": "訊號源",
|
||||
"detail": "12 條訊號源等待 owner 提供脫敏 evidence refs。"
|
||||
"detail": "12 條訊號源等待 owner 提供脫敏 evidence 參照。"
|
||||
},
|
||||
"runtimeGate": {
|
||||
"label": "執行期",
|
||||
@@ -21661,7 +21661,7 @@
|
||||
},
|
||||
"wazuhSiem": {
|
||||
"title": "Wazuh SIEM 待收件",
|
||||
"body": "manager、agent、FIM、rule、decoder 與 event refs 只能用脫敏參照進入 IwoooS,不接 raw payload。"
|
||||
"body": "manager、agent、FIM、rule、decoder 與 event 參照 只能用脫敏參照進入 IwoooS,不接 raw payload。"
|
||||
},
|
||||
"kali112": {
|
||||
"title": "資安觀測節點 維持只讀",
|
||||
@@ -21734,7 +21734,7 @@
|
||||
},
|
||||
"hostForensics": {
|
||||
"title": "主機入侵不能只靠宣稱",
|
||||
"body": "需要 Wazuh event、auth、process、network、FIM、package、persistence、containment 與 recovery proof refs。"
|
||||
"body": "需要 Wazuh event、auth、process、network、FIM、package、persistence、containment 與 recovery proof 參照。"
|
||||
},
|
||||
"gatewayNginx": {
|
||||
"title": "Nginx 入口先收 live diff",
|
||||
@@ -21746,7 +21746,7 @@
|
||||
},
|
||||
"hostRuntime": {
|
||||
"title": "Docker 與 systemd 要收 runtime 證據",
|
||||
"body": "需要 daemon、unit、process、port binding、dependency、recovery proof 與 postcheck refs,避免只靠 route 回 200 誤判。"
|
||||
"body": "需要 daemon、unit、process、port binding、dependency、recovery proof 與 postcheck 參照,避免只靠 route 回 200 誤判。"
|
||||
},
|
||||
"alertReceipt": {
|
||||
"title": "告警要能收件與行動",
|
||||
@@ -21765,7 +21765,7 @@
|
||||
"securityAssetControlLedger": {
|
||||
"eyebrow": "P0-A 資安資產控制總帳",
|
||||
"title": "把主機、入口、版本來源、監控、Wazuh、Kali 與供應鏈收成一張總帳",
|
||||
"subtitle": "這張卡把 16 個資安資產群組、64 個 evidence refs 與 24 個 owner 必填欄位收成 P0-A 只讀總帳;目前只顯示脫敏群組、缺口與 0/false 邊界,不讀 live 主機、不呼叫 Wazuh / Kali、不執行掃描、封鎖、reload 或部署。",
|
||||
"subtitle": "這張卡把 16 個資安資產群組、64 個 evidence 參照 與 24 個 owner 必填欄位收成 P0-A 只讀總帳;目前只顯示脫敏群組、缺口與 0/false 邊界,不讀 live 主機、不呼叫 Wazuh / Kali、不執行掃描、封鎖、reload 或部署。",
|
||||
"checkLabel": "檢核",
|
||||
"stateLabel": "狀態",
|
||||
"boundaryTitle": "資安資產總帳邊界",
|
||||
@@ -21781,7 +21781,7 @@
|
||||
},
|
||||
"evidenceRefs": {
|
||||
"label": "證據參照",
|
||||
"detail": "64 個 committed evidence refs 全部存在,缺失為 0。"
|
||||
"detail": "64 個 committed evidence 參照 全部存在,缺失為 0。"
|
||||
},
|
||||
"runtimeGate": {
|
||||
"label": "執行期",
|
||||
@@ -21803,7 +21803,7 @@
|
||||
},
|
||||
"wazuhKali": {
|
||||
"title": "Wazuh / Kali 維持證據收件",
|
||||
"body": "Wazuh event refs、Kali scope、health 與 finding envelope 仍待補;主動回應流程、active scan 與 /execute 仍未授權。"
|
||||
"body": "Wazuh event 參照、Kali scope、health 與 finding envelope 仍待補;主動回應流程、active scan 與 /execute 仍未授權。"
|
||||
},
|
||||
"alertBackup": {
|
||||
"title": "告警與復原避免假綠燈",
|
||||
@@ -21972,7 +21972,7 @@
|
||||
},
|
||||
"canonicalFields": {
|
||||
"title": "欄位對齊 S4.9 envelope",
|
||||
"body": "owner role / team、decision、decision reason、affected scope、redacted evidence refs、followup owner、rollback owner、maintenance window 與 validation plan 已成為 packet 欄位。"
|
||||
"body": "owner role / team、decision、decision reason、affected scope、redacted evidence 參照、followup owner、rollback owner、maintenance window 與 validation plan 已成為 packet 欄位。"
|
||||
},
|
||||
"requestState": {
|
||||
"title": "尚未送出 owner request",
|
||||
|
||||
@@ -70,8 +70,10 @@ export function CommandPalette() {
|
||||
setOpen(false)
|
||||
}
|
||||
|
||||
const productNavigationItems = PRODUCT_NAV_SECTIONS.flatMap(section => section.items)
|
||||
|
||||
const navigationSources: PaletteNavSource[] = [
|
||||
...PRODUCT_NAV_SECTIONS.flatMap(section => section.items.flatMap(item => [
|
||||
...productNavigationItems.flatMap(item => [
|
||||
item,
|
||||
...(item.children ?? []).map(child => ({
|
||||
...child,
|
||||
@@ -80,7 +82,7 @@ export function CommandPalette() {
|
||||
parentId: item.id,
|
||||
surface: 'secondary' as const,
|
||||
})),
|
||||
])),
|
||||
]),
|
||||
...PRODUCT_BOTTOM_NAV_ITEMS,
|
||||
]
|
||||
|
||||
|
||||
@@ -129,6 +129,18 @@
|
||||
**下一步**:
|
||||
- commit / push Gitea `main` 後讀回 CD;接續目前 active P0:110 Stock/Postgres hot pressure 的 read-only evidence / source freshness / query attribution。
|
||||
|
||||
## 2026-07-02 — 14:08 Telegram workflow 直送 fallback 收斂到 AWOOI API / AwoooP
|
||||
|
||||
**完成內容**:
|
||||
- 6 個 Gitea workflow 的 Telegram direct fallback 已移除:`.gitea/workflows/cd.yaml`、`cd-dev.yaml`、`code-review.yaml`、`deploy-alerts.yaml`、`e2e-health.yaml`、`run-migration.yml`。
|
||||
- workflow 通知仍先走 `scripts/ci/notify-awoooi-cicd.sh` → AWOOI Alertmanager webhook → TelegramGateway / AwoooP;若 AWOOI API 通知失敗,只留下 CI log evidence,不再旁路直打 Telegram Bot API。
|
||||
- Telegram egress scanner 讀回已從 `direct_bot_api_call_count=18` / `workflow_direct_bot_api_call_count=13` 收斂為 `direct_bot_api_call_count=5` / `workflow_direct_bot_api_call_count=0`;剩餘缺口為 ops script `4` 與 API direct `1`。
|
||||
- `agent-report-truth-actionability-review` regression 更新為 direct `5`、workflow `0`、ops `4`、API `1`、route finding `9`,避免 UI/API 繼續展示舊 18 條 workflow 旁路。
|
||||
|
||||
**仍維持**:
|
||||
- 未使用 GitHub / `gh` / GitHub API;未讀 secret / token / `.env` / raw sessions / SQLite / auth;未送 Telegram;未觸發 workflow;未對 production DB 寫入。
|
||||
- 剩餘 5 個 direct Bot API path 尚未宣告完成:必須下一批收斂到 AWOOI API / TelegramGateway 或建立 redacted DB receipt、AI controlled route、KM / PlayBook / verifier writeback。
|
||||
|
||||
## 2026-07-02 — 13:34 統帥插入需求升級為 API/UI 工作項讀回
|
||||
|
||||
**完成內容**:
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -1,29 +1,29 @@
|
||||
{
|
||||
"schema_version": "telegram_notification_egress_migration_plan_draft_v1",
|
||||
"generated_at": "2026-06-18T23:00:00+08:00",
|
||||
"git_commit": "f171ffc2",
|
||||
"generated_at": "2026-07-02T14:24:46+08:00",
|
||||
"git_commit": "f9469bcc2",
|
||||
"status": "migration_plan_draft_ready_no_runtime_action",
|
||||
"mode": "metadata_only_no_workflow_script_api_change_no_telegram_send",
|
||||
"source_snapshot": "docs/security/telegram-notification-egress-owner-request-draft.snapshot.json",
|
||||
"source_schema_version": "telegram_notification_egress_owner_request_draft_v1",
|
||||
"source_status": "owner_request_draft_ready_no_dispatch_no_runtime_action",
|
||||
"summary": {
|
||||
"source_request_draft_count": 11,
|
||||
"source_direct_bot_api_call_count": 18,
|
||||
"migration_candidate_count": 11,
|
||||
"workflow_migration_candidate_count": 6,
|
||||
"source_request_draft_count": 5,
|
||||
"source_direct_bot_api_call_count": 5,
|
||||
"migration_candidate_count": 5,
|
||||
"workflow_migration_candidate_count": 0,
|
||||
"ops_script_migration_candidate_count": 4,
|
||||
"api_direct_migration_candidate_count": 1,
|
||||
"proposed_wave_count": 3,
|
||||
"proposed_wave_count": 2,
|
||||
"plan_field_count": 17,
|
||||
"reviewer_check_count": 15,
|
||||
"outcome_lane_count": 9,
|
||||
"blocked_action_count": 21,
|
||||
"owner_response_required_count": 11,
|
||||
"maintenance_window_required_count": 11,
|
||||
"rollback_owner_required_count": 11,
|
||||
"postcheck_required_count": 11,
|
||||
"delivery_receipt_required_count": 11,
|
||||
"owner_response_required_count": 5,
|
||||
"maintenance_window_required_count": 5,
|
||||
"rollback_owner_required_count": 5,
|
||||
"postcheck_required_count": 5,
|
||||
"delivery_receipt_required_count": 5,
|
||||
"owner_response_received_count": 0,
|
||||
"owner_response_accepted_count": 0,
|
||||
"migration_authorized_count": 0,
|
||||
@@ -52,605 +52,10 @@
|
||||
"not_authorization": true
|
||||
},
|
||||
"proposed_waves": [
|
||||
"wave_1_workflow_notification_wrapper",
|
||||
"wave_2_ops_notification_wrapper",
|
||||
"wave_3_api_sender_gateway"
|
||||
],
|
||||
"migration_candidates": [
|
||||
{
|
||||
"migration_candidate_id": "telegram_notification_egress_migration:.gitea/workflows/cd-dev.yaml",
|
||||
"source_request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_cd_dev_yaml",
|
||||
"source_path": ".gitea/workflows/cd-dev.yaml",
|
||||
"surface_kind": "gitea_workflow_direct_bot_api",
|
||||
"direct_call_count": 3,
|
||||
"proposed_wave": "wave_1_workflow_notification_wrapper",
|
||||
"proposed_target": "scripts/ci/notify-awoooi-cicd.sh or AWOOI Alertmanager webhook",
|
||||
"proposed_change_summary": "Replace direct workflow Bot API send with normalized CI/CD notification wrapper after owner approval.",
|
||||
"plan_fields": [
|
||||
"migration_candidate_id",
|
||||
"source_request_draft_id",
|
||||
"source_path",
|
||||
"surface_kind",
|
||||
"direct_call_count",
|
||||
"proposed_wave",
|
||||
"proposed_target",
|
||||
"proposed_change_summary",
|
||||
"required_owner_response_ref",
|
||||
"required_maintenance_window",
|
||||
"required_rollback_owner",
|
||||
"required_postcheck_ref",
|
||||
"required_delivery_receipt_ref",
|
||||
"required_no_secret_value_attestation",
|
||||
"required_no_raw_payload_attestation",
|
||||
"required_no_false_green_attestation",
|
||||
"not_authorization"
|
||||
],
|
||||
"reviewer_checks": [
|
||||
"source_owner_request_draft_current",
|
||||
"owner_response_required_before_change",
|
||||
"maintenance_window_required_before_change",
|
||||
"rollback_owner_required_before_change",
|
||||
"delivery_receipt_plan_required",
|
||||
"postcheck_plan_required",
|
||||
"redaction_contract_required",
|
||||
"break_glass_fallback_explicit",
|
||||
"no_secret_value_required",
|
||||
"no_raw_payload_required",
|
||||
"no_false_green_required",
|
||||
"workflow_changes_separate_from_docs",
|
||||
"script_changes_separate_from_docs",
|
||||
"api_sender_refactor_separate_from_docs",
|
||||
"runtime_gate_stays_zero"
|
||||
],
|
||||
"outcome_lanes": [
|
||||
"draft_waiting_owner_response",
|
||||
"ready_for_workflow_migration_review",
|
||||
"ready_for_ops_script_migration_review",
|
||||
"ready_for_api_sender_migration_review",
|
||||
"request_missing_owner_response",
|
||||
"request_missing_maintenance_or_rollback",
|
||||
"reject_secret_or_raw_payload",
|
||||
"reject_false_green_claim",
|
||||
"waiting_runtime_gate"
|
||||
],
|
||||
"blocked_actions": [
|
||||
"modify_workflow",
|
||||
"modify_ops_script",
|
||||
"refactor_api_sender",
|
||||
"send_telegram",
|
||||
"call_bot_api",
|
||||
"dispatch_workflow",
|
||||
"trigger_cd",
|
||||
"deploy_production",
|
||||
"read_secret_store",
|
||||
"collect_secret_value",
|
||||
"collect_secret_hash",
|
||||
"collect_partial_token",
|
||||
"store_raw_payload",
|
||||
"store_unredacted_log",
|
||||
"change_chat_route",
|
||||
"change_bot_token",
|
||||
"rotate_secret",
|
||||
"accept_cd_success_as_delivery_receipt",
|
||||
"accept_route_200_as_notification_delivery",
|
||||
"open_runtime_gate",
|
||||
"add_action_button"
|
||||
],
|
||||
"owner_response_required": true,
|
||||
"maintenance_window_required": true,
|
||||
"rollback_owner_required": true,
|
||||
"postcheck_required": true,
|
||||
"delivery_receipt_required": true,
|
||||
"owner_response_received": false,
|
||||
"owner_response_accepted": false,
|
||||
"migration_authorized": false,
|
||||
"workflow_modification_authorized": false,
|
||||
"script_modification_authorized": false,
|
||||
"api_sender_refactor_authorized": false,
|
||||
"telegram_send_authorized": false,
|
||||
"bot_api_call_authorized": false,
|
||||
"secret_value_collection_allowed": false,
|
||||
"raw_payload_storage_allowed": false,
|
||||
"production_write_authorized": false,
|
||||
"runtime_gate": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"migration_candidate_id": "telegram_notification_egress_migration:.gitea/workflows/cd.yaml",
|
||||
"source_request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_cd_yaml",
|
||||
"source_path": ".gitea/workflows/cd.yaml",
|
||||
"surface_kind": "gitea_workflow_direct_bot_api",
|
||||
"direct_call_count": 5,
|
||||
"proposed_wave": "wave_1_workflow_notification_wrapper",
|
||||
"proposed_target": "scripts/ci/notify-awoooi-cicd.sh or AWOOI Alertmanager webhook",
|
||||
"proposed_change_summary": "Replace direct workflow Bot API send with normalized CI/CD notification wrapper after owner approval.",
|
||||
"plan_fields": [
|
||||
"migration_candidate_id",
|
||||
"source_request_draft_id",
|
||||
"source_path",
|
||||
"surface_kind",
|
||||
"direct_call_count",
|
||||
"proposed_wave",
|
||||
"proposed_target",
|
||||
"proposed_change_summary",
|
||||
"required_owner_response_ref",
|
||||
"required_maintenance_window",
|
||||
"required_rollback_owner",
|
||||
"required_postcheck_ref",
|
||||
"required_delivery_receipt_ref",
|
||||
"required_no_secret_value_attestation",
|
||||
"required_no_raw_payload_attestation",
|
||||
"required_no_false_green_attestation",
|
||||
"not_authorization"
|
||||
],
|
||||
"reviewer_checks": [
|
||||
"source_owner_request_draft_current",
|
||||
"owner_response_required_before_change",
|
||||
"maintenance_window_required_before_change",
|
||||
"rollback_owner_required_before_change",
|
||||
"delivery_receipt_plan_required",
|
||||
"postcheck_plan_required",
|
||||
"redaction_contract_required",
|
||||
"break_glass_fallback_explicit",
|
||||
"no_secret_value_required",
|
||||
"no_raw_payload_required",
|
||||
"no_false_green_required",
|
||||
"workflow_changes_separate_from_docs",
|
||||
"script_changes_separate_from_docs",
|
||||
"api_sender_refactor_separate_from_docs",
|
||||
"runtime_gate_stays_zero"
|
||||
],
|
||||
"outcome_lanes": [
|
||||
"draft_waiting_owner_response",
|
||||
"ready_for_workflow_migration_review",
|
||||
"ready_for_ops_script_migration_review",
|
||||
"ready_for_api_sender_migration_review",
|
||||
"request_missing_owner_response",
|
||||
"request_missing_maintenance_or_rollback",
|
||||
"reject_secret_or_raw_payload",
|
||||
"reject_false_green_claim",
|
||||
"waiting_runtime_gate"
|
||||
],
|
||||
"blocked_actions": [
|
||||
"modify_workflow",
|
||||
"modify_ops_script",
|
||||
"refactor_api_sender",
|
||||
"send_telegram",
|
||||
"call_bot_api",
|
||||
"dispatch_workflow",
|
||||
"trigger_cd",
|
||||
"deploy_production",
|
||||
"read_secret_store",
|
||||
"collect_secret_value",
|
||||
"collect_secret_hash",
|
||||
"collect_partial_token",
|
||||
"store_raw_payload",
|
||||
"store_unredacted_log",
|
||||
"change_chat_route",
|
||||
"change_bot_token",
|
||||
"rotate_secret",
|
||||
"accept_cd_success_as_delivery_receipt",
|
||||
"accept_route_200_as_notification_delivery",
|
||||
"open_runtime_gate",
|
||||
"add_action_button"
|
||||
],
|
||||
"owner_response_required": true,
|
||||
"maintenance_window_required": true,
|
||||
"rollback_owner_required": true,
|
||||
"postcheck_required": true,
|
||||
"delivery_receipt_required": true,
|
||||
"owner_response_received": false,
|
||||
"owner_response_accepted": false,
|
||||
"migration_authorized": false,
|
||||
"workflow_modification_authorized": false,
|
||||
"script_modification_authorized": false,
|
||||
"api_sender_refactor_authorized": false,
|
||||
"telegram_send_authorized": false,
|
||||
"bot_api_call_authorized": false,
|
||||
"secret_value_collection_allowed": false,
|
||||
"raw_payload_storage_allowed": false,
|
||||
"production_write_authorized": false,
|
||||
"runtime_gate": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"migration_candidate_id": "telegram_notification_egress_migration:.gitea/workflows/code-review.yaml",
|
||||
"source_request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_code_review_yaml",
|
||||
"source_path": ".gitea/workflows/code-review.yaml",
|
||||
"surface_kind": "gitea_workflow_direct_bot_api",
|
||||
"direct_call_count": 2,
|
||||
"proposed_wave": "wave_1_workflow_notification_wrapper",
|
||||
"proposed_target": "scripts/ci/notify-awoooi-cicd.sh or AWOOI Alertmanager webhook",
|
||||
"proposed_change_summary": "Replace direct workflow Bot API send with normalized CI/CD notification wrapper after owner approval.",
|
||||
"plan_fields": [
|
||||
"migration_candidate_id",
|
||||
"source_request_draft_id",
|
||||
"source_path",
|
||||
"surface_kind",
|
||||
"direct_call_count",
|
||||
"proposed_wave",
|
||||
"proposed_target",
|
||||
"proposed_change_summary",
|
||||
"required_owner_response_ref",
|
||||
"required_maintenance_window",
|
||||
"required_rollback_owner",
|
||||
"required_postcheck_ref",
|
||||
"required_delivery_receipt_ref",
|
||||
"required_no_secret_value_attestation",
|
||||
"required_no_raw_payload_attestation",
|
||||
"required_no_false_green_attestation",
|
||||
"not_authorization"
|
||||
],
|
||||
"reviewer_checks": [
|
||||
"source_owner_request_draft_current",
|
||||
"owner_response_required_before_change",
|
||||
"maintenance_window_required_before_change",
|
||||
"rollback_owner_required_before_change",
|
||||
"delivery_receipt_plan_required",
|
||||
"postcheck_plan_required",
|
||||
"redaction_contract_required",
|
||||
"break_glass_fallback_explicit",
|
||||
"no_secret_value_required",
|
||||
"no_raw_payload_required",
|
||||
"no_false_green_required",
|
||||
"workflow_changes_separate_from_docs",
|
||||
"script_changes_separate_from_docs",
|
||||
"api_sender_refactor_separate_from_docs",
|
||||
"runtime_gate_stays_zero"
|
||||
],
|
||||
"outcome_lanes": [
|
||||
"draft_waiting_owner_response",
|
||||
"ready_for_workflow_migration_review",
|
||||
"ready_for_ops_script_migration_review",
|
||||
"ready_for_api_sender_migration_review",
|
||||
"request_missing_owner_response",
|
||||
"request_missing_maintenance_or_rollback",
|
||||
"reject_secret_or_raw_payload",
|
||||
"reject_false_green_claim",
|
||||
"waiting_runtime_gate"
|
||||
],
|
||||
"blocked_actions": [
|
||||
"modify_workflow",
|
||||
"modify_ops_script",
|
||||
"refactor_api_sender",
|
||||
"send_telegram",
|
||||
"call_bot_api",
|
||||
"dispatch_workflow",
|
||||
"trigger_cd",
|
||||
"deploy_production",
|
||||
"read_secret_store",
|
||||
"collect_secret_value",
|
||||
"collect_secret_hash",
|
||||
"collect_partial_token",
|
||||
"store_raw_payload",
|
||||
"store_unredacted_log",
|
||||
"change_chat_route",
|
||||
"change_bot_token",
|
||||
"rotate_secret",
|
||||
"accept_cd_success_as_delivery_receipt",
|
||||
"accept_route_200_as_notification_delivery",
|
||||
"open_runtime_gate",
|
||||
"add_action_button"
|
||||
],
|
||||
"owner_response_required": true,
|
||||
"maintenance_window_required": true,
|
||||
"rollback_owner_required": true,
|
||||
"postcheck_required": true,
|
||||
"delivery_receipt_required": true,
|
||||
"owner_response_received": false,
|
||||
"owner_response_accepted": false,
|
||||
"migration_authorized": false,
|
||||
"workflow_modification_authorized": false,
|
||||
"script_modification_authorized": false,
|
||||
"api_sender_refactor_authorized": false,
|
||||
"telegram_send_authorized": false,
|
||||
"bot_api_call_authorized": false,
|
||||
"secret_value_collection_allowed": false,
|
||||
"raw_payload_storage_allowed": false,
|
||||
"production_write_authorized": false,
|
||||
"runtime_gate": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"migration_candidate_id": "telegram_notification_egress_migration:.gitea/workflows/deploy-alerts.yaml",
|
||||
"source_request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_deploy_alerts_yaml",
|
||||
"source_path": ".gitea/workflows/deploy-alerts.yaml",
|
||||
"surface_kind": "gitea_workflow_direct_bot_api",
|
||||
"direct_call_count": 1,
|
||||
"proposed_wave": "wave_1_workflow_notification_wrapper",
|
||||
"proposed_target": "scripts/ci/notify-awoooi-cicd.sh or AWOOI Alertmanager webhook",
|
||||
"proposed_change_summary": "Replace direct workflow Bot API send with normalized CI/CD notification wrapper after owner approval.",
|
||||
"plan_fields": [
|
||||
"migration_candidate_id",
|
||||
"source_request_draft_id",
|
||||
"source_path",
|
||||
"surface_kind",
|
||||
"direct_call_count",
|
||||
"proposed_wave",
|
||||
"proposed_target",
|
||||
"proposed_change_summary",
|
||||
"required_owner_response_ref",
|
||||
"required_maintenance_window",
|
||||
"required_rollback_owner",
|
||||
"required_postcheck_ref",
|
||||
"required_delivery_receipt_ref",
|
||||
"required_no_secret_value_attestation",
|
||||
"required_no_raw_payload_attestation",
|
||||
"required_no_false_green_attestation",
|
||||
"not_authorization"
|
||||
],
|
||||
"reviewer_checks": [
|
||||
"source_owner_request_draft_current",
|
||||
"owner_response_required_before_change",
|
||||
"maintenance_window_required_before_change",
|
||||
"rollback_owner_required_before_change",
|
||||
"delivery_receipt_plan_required",
|
||||
"postcheck_plan_required",
|
||||
"redaction_contract_required",
|
||||
"break_glass_fallback_explicit",
|
||||
"no_secret_value_required",
|
||||
"no_raw_payload_required",
|
||||
"no_false_green_required",
|
||||
"workflow_changes_separate_from_docs",
|
||||
"script_changes_separate_from_docs",
|
||||
"api_sender_refactor_separate_from_docs",
|
||||
"runtime_gate_stays_zero"
|
||||
],
|
||||
"outcome_lanes": [
|
||||
"draft_waiting_owner_response",
|
||||
"ready_for_workflow_migration_review",
|
||||
"ready_for_ops_script_migration_review",
|
||||
"ready_for_api_sender_migration_review",
|
||||
"request_missing_owner_response",
|
||||
"request_missing_maintenance_or_rollback",
|
||||
"reject_secret_or_raw_payload",
|
||||
"reject_false_green_claim",
|
||||
"waiting_runtime_gate"
|
||||
],
|
||||
"blocked_actions": [
|
||||
"modify_workflow",
|
||||
"modify_ops_script",
|
||||
"refactor_api_sender",
|
||||
"send_telegram",
|
||||
"call_bot_api",
|
||||
"dispatch_workflow",
|
||||
"trigger_cd",
|
||||
"deploy_production",
|
||||
"read_secret_store",
|
||||
"collect_secret_value",
|
||||
"collect_secret_hash",
|
||||
"collect_partial_token",
|
||||
"store_raw_payload",
|
||||
"store_unredacted_log",
|
||||
"change_chat_route",
|
||||
"change_bot_token",
|
||||
"rotate_secret",
|
||||
"accept_cd_success_as_delivery_receipt",
|
||||
"accept_route_200_as_notification_delivery",
|
||||
"open_runtime_gate",
|
||||
"add_action_button"
|
||||
],
|
||||
"owner_response_required": true,
|
||||
"maintenance_window_required": true,
|
||||
"rollback_owner_required": true,
|
||||
"postcheck_required": true,
|
||||
"delivery_receipt_required": true,
|
||||
"owner_response_received": false,
|
||||
"owner_response_accepted": false,
|
||||
"migration_authorized": false,
|
||||
"workflow_modification_authorized": false,
|
||||
"script_modification_authorized": false,
|
||||
"api_sender_refactor_authorized": false,
|
||||
"telegram_send_authorized": false,
|
||||
"bot_api_call_authorized": false,
|
||||
"secret_value_collection_allowed": false,
|
||||
"raw_payload_storage_allowed": false,
|
||||
"production_write_authorized": false,
|
||||
"runtime_gate": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"migration_candidate_id": "telegram_notification_egress_migration:.gitea/workflows/e2e-health.yaml",
|
||||
"source_request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_e2e_health_yaml",
|
||||
"source_path": ".gitea/workflows/e2e-health.yaml",
|
||||
"surface_kind": "gitea_workflow_direct_bot_api",
|
||||
"direct_call_count": 1,
|
||||
"proposed_wave": "wave_1_workflow_notification_wrapper",
|
||||
"proposed_target": "scripts/ci/notify-awoooi-cicd.sh or AWOOI Alertmanager webhook",
|
||||
"proposed_change_summary": "Replace direct workflow Bot API send with normalized CI/CD notification wrapper after owner approval.",
|
||||
"plan_fields": [
|
||||
"migration_candidate_id",
|
||||
"source_request_draft_id",
|
||||
"source_path",
|
||||
"surface_kind",
|
||||
"direct_call_count",
|
||||
"proposed_wave",
|
||||
"proposed_target",
|
||||
"proposed_change_summary",
|
||||
"required_owner_response_ref",
|
||||
"required_maintenance_window",
|
||||
"required_rollback_owner",
|
||||
"required_postcheck_ref",
|
||||
"required_delivery_receipt_ref",
|
||||
"required_no_secret_value_attestation",
|
||||
"required_no_raw_payload_attestation",
|
||||
"required_no_false_green_attestation",
|
||||
"not_authorization"
|
||||
],
|
||||
"reviewer_checks": [
|
||||
"source_owner_request_draft_current",
|
||||
"owner_response_required_before_change",
|
||||
"maintenance_window_required_before_change",
|
||||
"rollback_owner_required_before_change",
|
||||
"delivery_receipt_plan_required",
|
||||
"postcheck_plan_required",
|
||||
"redaction_contract_required",
|
||||
"break_glass_fallback_explicit",
|
||||
"no_secret_value_required",
|
||||
"no_raw_payload_required",
|
||||
"no_false_green_required",
|
||||
"workflow_changes_separate_from_docs",
|
||||
"script_changes_separate_from_docs",
|
||||
"api_sender_refactor_separate_from_docs",
|
||||
"runtime_gate_stays_zero"
|
||||
],
|
||||
"outcome_lanes": [
|
||||
"draft_waiting_owner_response",
|
||||
"ready_for_workflow_migration_review",
|
||||
"ready_for_ops_script_migration_review",
|
||||
"ready_for_api_sender_migration_review",
|
||||
"request_missing_owner_response",
|
||||
"request_missing_maintenance_or_rollback",
|
||||
"reject_secret_or_raw_payload",
|
||||
"reject_false_green_claim",
|
||||
"waiting_runtime_gate"
|
||||
],
|
||||
"blocked_actions": [
|
||||
"modify_workflow",
|
||||
"modify_ops_script",
|
||||
"refactor_api_sender",
|
||||
"send_telegram",
|
||||
"call_bot_api",
|
||||
"dispatch_workflow",
|
||||
"trigger_cd",
|
||||
"deploy_production",
|
||||
"read_secret_store",
|
||||
"collect_secret_value",
|
||||
"collect_secret_hash",
|
||||
"collect_partial_token",
|
||||
"store_raw_payload",
|
||||
"store_unredacted_log",
|
||||
"change_chat_route",
|
||||
"change_bot_token",
|
||||
"rotate_secret",
|
||||
"accept_cd_success_as_delivery_receipt",
|
||||
"accept_route_200_as_notification_delivery",
|
||||
"open_runtime_gate",
|
||||
"add_action_button"
|
||||
],
|
||||
"owner_response_required": true,
|
||||
"maintenance_window_required": true,
|
||||
"rollback_owner_required": true,
|
||||
"postcheck_required": true,
|
||||
"delivery_receipt_required": true,
|
||||
"owner_response_received": false,
|
||||
"owner_response_accepted": false,
|
||||
"migration_authorized": false,
|
||||
"workflow_modification_authorized": false,
|
||||
"script_modification_authorized": false,
|
||||
"api_sender_refactor_authorized": false,
|
||||
"telegram_send_authorized": false,
|
||||
"bot_api_call_authorized": false,
|
||||
"secret_value_collection_allowed": false,
|
||||
"raw_payload_storage_allowed": false,
|
||||
"production_write_authorized": false,
|
||||
"runtime_gate": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"migration_candidate_id": "telegram_notification_egress_migration:.gitea/workflows/run-migration.yml",
|
||||
"source_request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_run_migration_yml",
|
||||
"source_path": ".gitea/workflows/run-migration.yml",
|
||||
"surface_kind": "gitea_workflow_direct_bot_api",
|
||||
"direct_call_count": 1,
|
||||
"proposed_wave": "wave_1_workflow_notification_wrapper",
|
||||
"proposed_target": "scripts/ci/notify-awoooi-cicd.sh or AWOOI Alertmanager webhook",
|
||||
"proposed_change_summary": "Replace direct workflow Bot API send with normalized CI/CD notification wrapper after owner approval.",
|
||||
"plan_fields": [
|
||||
"migration_candidate_id",
|
||||
"source_request_draft_id",
|
||||
"source_path",
|
||||
"surface_kind",
|
||||
"direct_call_count",
|
||||
"proposed_wave",
|
||||
"proposed_target",
|
||||
"proposed_change_summary",
|
||||
"required_owner_response_ref",
|
||||
"required_maintenance_window",
|
||||
"required_rollback_owner",
|
||||
"required_postcheck_ref",
|
||||
"required_delivery_receipt_ref",
|
||||
"required_no_secret_value_attestation",
|
||||
"required_no_raw_payload_attestation",
|
||||
"required_no_false_green_attestation",
|
||||
"not_authorization"
|
||||
],
|
||||
"reviewer_checks": [
|
||||
"source_owner_request_draft_current",
|
||||
"owner_response_required_before_change",
|
||||
"maintenance_window_required_before_change",
|
||||
"rollback_owner_required_before_change",
|
||||
"delivery_receipt_plan_required",
|
||||
"postcheck_plan_required",
|
||||
"redaction_contract_required",
|
||||
"break_glass_fallback_explicit",
|
||||
"no_secret_value_required",
|
||||
"no_raw_payload_required",
|
||||
"no_false_green_required",
|
||||
"workflow_changes_separate_from_docs",
|
||||
"script_changes_separate_from_docs",
|
||||
"api_sender_refactor_separate_from_docs",
|
||||
"runtime_gate_stays_zero"
|
||||
],
|
||||
"outcome_lanes": [
|
||||
"draft_waiting_owner_response",
|
||||
"ready_for_workflow_migration_review",
|
||||
"ready_for_ops_script_migration_review",
|
||||
"ready_for_api_sender_migration_review",
|
||||
"request_missing_owner_response",
|
||||
"request_missing_maintenance_or_rollback",
|
||||
"reject_secret_or_raw_payload",
|
||||
"reject_false_green_claim",
|
||||
"waiting_runtime_gate"
|
||||
],
|
||||
"blocked_actions": [
|
||||
"modify_workflow",
|
||||
"modify_ops_script",
|
||||
"refactor_api_sender",
|
||||
"send_telegram",
|
||||
"call_bot_api",
|
||||
"dispatch_workflow",
|
||||
"trigger_cd",
|
||||
"deploy_production",
|
||||
"read_secret_store",
|
||||
"collect_secret_value",
|
||||
"collect_secret_hash",
|
||||
"collect_partial_token",
|
||||
"store_raw_payload",
|
||||
"store_unredacted_log",
|
||||
"change_chat_route",
|
||||
"change_bot_token",
|
||||
"rotate_secret",
|
||||
"accept_cd_success_as_delivery_receipt",
|
||||
"accept_route_200_as_notification_delivery",
|
||||
"open_runtime_gate",
|
||||
"add_action_button"
|
||||
],
|
||||
"owner_response_required": true,
|
||||
"maintenance_window_required": true,
|
||||
"rollback_owner_required": true,
|
||||
"postcheck_required": true,
|
||||
"delivery_receipt_required": true,
|
||||
"owner_response_received": false,
|
||||
"owner_response_accepted": false,
|
||||
"migration_authorized": false,
|
||||
"workflow_modification_authorized": false,
|
||||
"script_modification_authorized": false,
|
||||
"api_sender_refactor_authorized": false,
|
||||
"telegram_send_authorized": false,
|
||||
"bot_api_call_authorized": false,
|
||||
"secret_value_collection_allowed": false,
|
||||
"raw_payload_storage_allowed": false,
|
||||
"production_write_authorized": false,
|
||||
"runtime_gate": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"migration_candidate_id": "telegram_notification_egress_migration:apps/api/src/services/channel_hub.py",
|
||||
"source_request_draft_id": "telegram_notification_egress_owner_request:apps_api_src_services_channel_hub_py",
|
||||
|
||||
@@ -1,96 +1,5 @@
|
||||
{
|
||||
"current_direct_bot_api_calls": [
|
||||
{
|
||||
"line": 54,
|
||||
"method": "sendMessage",
|
||||
"path": ".gitea/workflows/cd-dev.yaml",
|
||||
"sanitized_excerpt": "printf '%b' \"$MSG\" | curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
|
||||
"signature": ".gitea/workflows/cd-dev.yaml::sendmessage::printf '%b' \"$MSG\" | curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
|
||||
},
|
||||
{
|
||||
"line": 241,
|
||||
"method": "sendMessage",
|
||||
"path": ".gitea/workflows/cd-dev.yaml",
|
||||
"sanitized_excerpt": "printf '%b' \"$MSG\" | curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
|
||||
"signature": ".gitea/workflows/cd-dev.yaml::sendmessage::printf '%b' \"$MSG\" | curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
|
||||
},
|
||||
{
|
||||
"line": 262,
|
||||
"method": "sendMessage",
|
||||
"path": ".gitea/workflows/cd-dev.yaml",
|
||||
"sanitized_excerpt": "printf '%b' \"$MSG\" | curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
|
||||
"signature": ".gitea/workflows/cd-dev.yaml::sendmessage::printf '%b' \"$MSG\" | curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
|
||||
},
|
||||
{
|
||||
"line": 113,
|
||||
"method": "sendMessage",
|
||||
"path": ".gitea/workflows/cd.yaml",
|
||||
"sanitized_excerpt": "curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
|
||||
"signature": ".gitea/workflows/cd.yaml::sendmessage::curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
|
||||
},
|
||||
{
|
||||
"line": 305,
|
||||
"method": "sendMessage",
|
||||
"path": ".gitea/workflows/cd.yaml",
|
||||
"sanitized_excerpt": "curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
|
||||
"signature": ".gitea/workflows/cd.yaml::sendmessage::curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
|
||||
},
|
||||
{
|
||||
"line": 1203,
|
||||
"method": "sendMessage",
|
||||
"path": ".gitea/workflows/cd.yaml",
|
||||
"sanitized_excerpt": "curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
|
||||
"signature": ".gitea/workflows/cd.yaml::sendmessage::curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
|
||||
},
|
||||
{
|
||||
"line": 1552,
|
||||
"method": "sendMessage",
|
||||
"path": ".gitea/workflows/cd.yaml",
|
||||
"sanitized_excerpt": "printf '%b' \"$TG_MSG\" | curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
|
||||
"signature": ".gitea/workflows/cd.yaml::sendmessage::printf '%b' \"$TG_MSG\" | curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
|
||||
},
|
||||
{
|
||||
"line": 1575,
|
||||
"method": "sendMessage",
|
||||
"path": ".gitea/workflows/cd.yaml",
|
||||
"sanitized_excerpt": "curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
|
||||
"signature": ".gitea/workflows/cd.yaml::sendmessage::curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
|
||||
},
|
||||
{
|
||||
"line": 137,
|
||||
"method": "sendMessage",
|
||||
"path": ".gitea/workflows/code-review.yaml",
|
||||
"sanitized_excerpt": "curl -fsS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
|
||||
"signature": ".gitea/workflows/code-review.yaml::sendmessage::curl -fsS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
|
||||
},
|
||||
{
|
||||
"line": 216,
|
||||
"method": "sendMessage",
|
||||
"path": ".gitea/workflows/code-review.yaml",
|
||||
"sanitized_excerpt": "curl -fsS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
|
||||
"signature": ".gitea/workflows/code-review.yaml::sendmessage::curl -fsS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
|
||||
},
|
||||
{
|
||||
"line": 69,
|
||||
"method": "sendMessage",
|
||||
"path": ".gitea/workflows/deploy-alerts.yaml",
|
||||
"sanitized_excerpt": "curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
|
||||
"signature": ".gitea/workflows/deploy-alerts.yaml::sendmessage::curl -fS -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
|
||||
},
|
||||
{
|
||||
"line": 98,
|
||||
"method": "sendMessage",
|
||||
"path": ".gitea/workflows/e2e-health.yaml",
|
||||
"sanitized_excerpt": "curl -s -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
|
||||
"signature": ".gitea/workflows/e2e-health.yaml::sendmessage::curl -s -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
|
||||
},
|
||||
{
|
||||
"line": 210,
|
||||
"method": "sendMessage",
|
||||
"path": ".gitea/workflows/run-migration.yml",
|
||||
"sanitized_excerpt": "curl -s -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
|
||||
"signature": ".gitea/workflows/run-migration.yml::sendmessage::curl -s -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
|
||||
},
|
||||
{
|
||||
"line": 1138,
|
||||
"method": "sendMessage",
|
||||
@@ -106,7 +15,7 @@
|
||||
"signature": "scripts/ops/backup-from-110.sh::sendmessage::curl -s -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\"
|
||||
},
|
||||
{
|
||||
"line": 90,
|
||||
"line": 120,
|
||||
"method": "sendMessage",
|
||||
"path": "scripts/ops/docker-health-monitor.sh",
|
||||
"sanitized_excerpt": "curl -s -X POST \"https://api.telegram.org/bot<redacted>/sendMessage\" \\",
|
||||
@@ -144,8 +53,8 @@
|
||||
"telegram_send_authorized": false,
|
||||
"workflow_modification_authorized": false
|
||||
},
|
||||
"generated_at": "2026-06-19T09:40:00+08:00",
|
||||
"git_commit": "4d0150e1",
|
||||
"generated_at": "2026-07-02T14:24:46+08:00",
|
||||
"git_commit": "f9469bcc2",
|
||||
"guarded_bot_methods": [
|
||||
"sendMessage",
|
||||
"sendDocument",
|
||||
@@ -177,9 +86,9 @@
|
||||
"status": "pass_no_new_bypass",
|
||||
"summary": {
|
||||
"action_button_count": 0,
|
||||
"baseline_signature_count": 18,
|
||||
"current_direct_bot_api_call_count": 18,
|
||||
"current_direct_bot_api_file_count": 11,
|
||||
"baseline_signature_count": 5,
|
||||
"current_direct_bot_api_call_count": 5,
|
||||
"current_direct_bot_api_file_count": 5,
|
||||
"editMessageText_call_count": 0,
|
||||
"guarded_method_count": 9,
|
||||
"new_bypass_count": 0,
|
||||
@@ -189,9 +98,9 @@
|
||||
"runtime_gate_count": 0,
|
||||
"sendDocument_call_count": 0,
|
||||
"sendMediaGroup_call_count": 0,
|
||||
"sendMessage_call_count": 18,
|
||||
"sendMessage_call_count": 5,
|
||||
"sendPhoto_call_count": 0,
|
||||
"source_direct_bot_api_call_count": 18,
|
||||
"source_direct_bot_api_file_count": 11
|
||||
"source_direct_bot_api_call_count": 5,
|
||||
"source_direct_bot_api_file_count": 5
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,17 +1,17 @@
|
||||
{
|
||||
"schema_version": "telegram_notification_egress_owner_request_draft_v1",
|
||||
"generated_at": "2026-06-18T22:45:00+08:00",
|
||||
"git_commit": "8cbedfe4",
|
||||
"generated_at": "2026-07-02T14:24:46+08:00",
|
||||
"git_commit": "f9469bcc2",
|
||||
"status": "owner_request_draft_ready_no_dispatch_no_runtime_action",
|
||||
"mode": "metadata_only_no_secret_value_no_telegram_send_no_workflow_change",
|
||||
"source_snapshot": "docs/security/telegram-notification-egress-inventory.snapshot.json",
|
||||
"source_schema_version": "telegram_notification_egress_inventory_v1",
|
||||
"source_status": "inventory_ready_no_runtime_action",
|
||||
"summary": {
|
||||
"source_direct_bot_api_call_count": 18,
|
||||
"source_direct_bot_api_file_count": 11,
|
||||
"request_draft_count": 11,
|
||||
"workflow_request_draft_count": 6,
|
||||
"source_direct_bot_api_call_count": 5,
|
||||
"source_direct_bot_api_file_count": 5,
|
||||
"request_draft_count": 5,
|
||||
"workflow_request_draft_count": 0,
|
||||
"ops_script_request_draft_count": 4,
|
||||
"ci_script_request_draft_count": 0,
|
||||
"api_direct_request_draft_count": 1,
|
||||
@@ -59,962 +59,6 @@
|
||||
"not_authorization": true
|
||||
},
|
||||
"request_drafts": [
|
||||
{
|
||||
"request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_cd_dev_yaml",
|
||||
"source_inventory_schema_version": "telegram_notification_egress_inventory_v1",
|
||||
"source_path": ".gitea/workflows/cd-dev.yaml",
|
||||
"surface_kind": "gitea_workflow_direct_bot_api",
|
||||
"direct_call_count": 3,
|
||||
"line_refs": [
|
||||
54,
|
||||
241,
|
||||
262
|
||||
],
|
||||
"line_hash_refs": [
|
||||
"f503c2c0f61100a9",
|
||||
"c41f88fbca91a4b9",
|
||||
"eaa9a6cb8326dc79"
|
||||
],
|
||||
"request_fields": [
|
||||
"request_draft_id",
|
||||
"source_inventory_schema_version",
|
||||
"source_path",
|
||||
"surface_kind",
|
||||
"direct_call_count",
|
||||
"line_refs",
|
||||
"line_hash_refs",
|
||||
"owner_role_or_team",
|
||||
"routing_purpose",
|
||||
"current_sender",
|
||||
"target_chat_route",
|
||||
"message_shape_contract",
|
||||
"redaction_contract",
|
||||
"formatter_convergence_decision",
|
||||
"gateway_or_alertmanager_target",
|
||||
"break_glass_fallback_decision",
|
||||
"delivery_receipt_ref",
|
||||
"dedup_or_fingerprint_plan",
|
||||
"fallback_or_degraded_mode",
|
||||
"migration_or_exception_reason",
|
||||
"maintenance_window",
|
||||
"rollback_owner",
|
||||
"postcheck_evidence_ref",
|
||||
"no_secret_value_attestation",
|
||||
"no_raw_payload_attestation",
|
||||
"no_false_green_attestation",
|
||||
"not_authorization"
|
||||
],
|
||||
"required_owner_fields": [
|
||||
"owner_role_or_team",
|
||||
"routing_purpose",
|
||||
"current_sender",
|
||||
"target_chat_route",
|
||||
"message_shape_contract",
|
||||
"redaction_contract",
|
||||
"formatter_convergence_decision",
|
||||
"gateway_or_alertmanager_target",
|
||||
"break_glass_fallback_decision",
|
||||
"delivery_receipt_ref",
|
||||
"dedup_or_fingerprint_plan",
|
||||
"fallback_or_degraded_mode",
|
||||
"migration_or_exception_reason",
|
||||
"maintenance_window",
|
||||
"rollback_owner",
|
||||
"postcheck_evidence_ref",
|
||||
"no_secret_value_attestation",
|
||||
"no_raw_payload_attestation",
|
||||
"no_false_green_attestation"
|
||||
],
|
||||
"preflight_checks": [
|
||||
"source_inventory_current",
|
||||
"owner_role_present",
|
||||
"route_purpose_present",
|
||||
"message_shape_contract_present",
|
||||
"redaction_contract_present",
|
||||
"formatter_convergence_decision_present",
|
||||
"break_glass_fallback_explicit",
|
||||
"delivery_receipt_metadata_present",
|
||||
"dedup_or_fingerprint_present",
|
||||
"maintenance_window_present_for_change",
|
||||
"rollback_owner_present",
|
||||
"postcheck_evidence_present",
|
||||
"no_secret_value_attested",
|
||||
"no_raw_payload_attested",
|
||||
"no_false_green_attested",
|
||||
"runtime_gate_stays_zero"
|
||||
],
|
||||
"outcome_lanes": [
|
||||
"draft_waiting_owner_dispatch",
|
||||
"request_owner_route_supplement",
|
||||
"request_formatter_convergence_supplement",
|
||||
"request_break_glass_fallback_supplement",
|
||||
"request_redaction_or_receipt_supplement",
|
||||
"quarantine_secret_or_raw_payload",
|
||||
"reject_false_green_claim",
|
||||
"ready_for_manual_dispatch",
|
||||
"waiting_runtime_gate"
|
||||
],
|
||||
"forbidden_payloads": [
|
||||
"bot_token_value",
|
||||
"chat_secret_value",
|
||||
"secret_hash",
|
||||
"partial_token",
|
||||
"masked_token",
|
||||
"authorization_header",
|
||||
"raw_message_payload",
|
||||
"raw_workflow_log",
|
||||
"raw_action_log",
|
||||
"raw_screenshot_with_secret",
|
||||
"internal_work_window_transcript",
|
||||
"private_namespace",
|
||||
"unredacted_internal_path",
|
||||
"unredacted_private_ip"
|
||||
],
|
||||
"blocked_actions": [
|
||||
"send_owner_request",
|
||||
"confirm_recipient",
|
||||
"emit_audit_event",
|
||||
"telegram_send",
|
||||
"bot_api_call",
|
||||
"workflow_modification",
|
||||
"script_modification",
|
||||
"api_sender_refactor",
|
||||
"change_chat_route",
|
||||
"change_bot_token",
|
||||
"read_secret_store",
|
||||
"collect_secret_value",
|
||||
"collect_secret_hash",
|
||||
"collect_partial_token",
|
||||
"collect_chat_id_secret",
|
||||
"store_raw_message_payload",
|
||||
"store_unredacted_log",
|
||||
"workflow_dispatch",
|
||||
"production_deploy",
|
||||
"accept_cd_success_as_delivery_receipt",
|
||||
"accept_route_200_as_notification_delivery",
|
||||
"accept_ui_visible_as_notification_acceptance",
|
||||
"skip_formatter_convergence",
|
||||
"skip_redaction_contract",
|
||||
"open_runtime_gate",
|
||||
"add_action_button"
|
||||
],
|
||||
"request_sent": false,
|
||||
"recipient_confirmed": false,
|
||||
"audit_event_emitted": false,
|
||||
"owner_response_received": false,
|
||||
"owner_response_accepted": false,
|
||||
"formatter_convergence_accepted": false,
|
||||
"redaction_contract_accepted": false,
|
||||
"delivery_receipt_accepted": false,
|
||||
"break_glass_fallback_accepted": false,
|
||||
"direct_bot_api_migration_authorized": false,
|
||||
"telegram_send_authorized": false,
|
||||
"bot_api_call_authorized": false,
|
||||
"workflow_modification_authorized": false,
|
||||
"script_modification_authorized": false,
|
||||
"api_sender_refactor_authorized": false,
|
||||
"secret_value_collection_allowed": false,
|
||||
"raw_payload_storage_allowed": false,
|
||||
"production_write_authorized": false,
|
||||
"runtime_gate": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_cd_yaml",
|
||||
"source_inventory_schema_version": "telegram_notification_egress_inventory_v1",
|
||||
"source_path": ".gitea/workflows/cd.yaml",
|
||||
"surface_kind": "gitea_workflow_direct_bot_api",
|
||||
"direct_call_count": 5,
|
||||
"line_refs": [
|
||||
113,
|
||||
305,
|
||||
1203,
|
||||
1552,
|
||||
1575
|
||||
],
|
||||
"line_hash_refs": [
|
||||
"b57e6587a106976b",
|
||||
"19c1de8d67af874a",
|
||||
"6ef020c2b6eac91f",
|
||||
"d029b95242f39c03",
|
||||
"d62c45a8595984fc"
|
||||
],
|
||||
"request_fields": [
|
||||
"request_draft_id",
|
||||
"source_inventory_schema_version",
|
||||
"source_path",
|
||||
"surface_kind",
|
||||
"direct_call_count",
|
||||
"line_refs",
|
||||
"line_hash_refs",
|
||||
"owner_role_or_team",
|
||||
"routing_purpose",
|
||||
"current_sender",
|
||||
"target_chat_route",
|
||||
"message_shape_contract",
|
||||
"redaction_contract",
|
||||
"formatter_convergence_decision",
|
||||
"gateway_or_alertmanager_target",
|
||||
"break_glass_fallback_decision",
|
||||
"delivery_receipt_ref",
|
||||
"dedup_or_fingerprint_plan",
|
||||
"fallback_or_degraded_mode",
|
||||
"migration_or_exception_reason",
|
||||
"maintenance_window",
|
||||
"rollback_owner",
|
||||
"postcheck_evidence_ref",
|
||||
"no_secret_value_attestation",
|
||||
"no_raw_payload_attestation",
|
||||
"no_false_green_attestation",
|
||||
"not_authorization"
|
||||
],
|
||||
"required_owner_fields": [
|
||||
"owner_role_or_team",
|
||||
"routing_purpose",
|
||||
"current_sender",
|
||||
"target_chat_route",
|
||||
"message_shape_contract",
|
||||
"redaction_contract",
|
||||
"formatter_convergence_decision",
|
||||
"gateway_or_alertmanager_target",
|
||||
"break_glass_fallback_decision",
|
||||
"delivery_receipt_ref",
|
||||
"dedup_or_fingerprint_plan",
|
||||
"fallback_or_degraded_mode",
|
||||
"migration_or_exception_reason",
|
||||
"maintenance_window",
|
||||
"rollback_owner",
|
||||
"postcheck_evidence_ref",
|
||||
"no_secret_value_attestation",
|
||||
"no_raw_payload_attestation",
|
||||
"no_false_green_attestation"
|
||||
],
|
||||
"preflight_checks": [
|
||||
"source_inventory_current",
|
||||
"owner_role_present",
|
||||
"route_purpose_present",
|
||||
"message_shape_contract_present",
|
||||
"redaction_contract_present",
|
||||
"formatter_convergence_decision_present",
|
||||
"break_glass_fallback_explicit",
|
||||
"delivery_receipt_metadata_present",
|
||||
"dedup_or_fingerprint_present",
|
||||
"maintenance_window_present_for_change",
|
||||
"rollback_owner_present",
|
||||
"postcheck_evidence_present",
|
||||
"no_secret_value_attested",
|
||||
"no_raw_payload_attested",
|
||||
"no_false_green_attested",
|
||||
"runtime_gate_stays_zero"
|
||||
],
|
||||
"outcome_lanes": [
|
||||
"draft_waiting_owner_dispatch",
|
||||
"request_owner_route_supplement",
|
||||
"request_formatter_convergence_supplement",
|
||||
"request_break_glass_fallback_supplement",
|
||||
"request_redaction_or_receipt_supplement",
|
||||
"quarantine_secret_or_raw_payload",
|
||||
"reject_false_green_claim",
|
||||
"ready_for_manual_dispatch",
|
||||
"waiting_runtime_gate"
|
||||
],
|
||||
"forbidden_payloads": [
|
||||
"bot_token_value",
|
||||
"chat_secret_value",
|
||||
"secret_hash",
|
||||
"partial_token",
|
||||
"masked_token",
|
||||
"authorization_header",
|
||||
"raw_message_payload",
|
||||
"raw_workflow_log",
|
||||
"raw_action_log",
|
||||
"raw_screenshot_with_secret",
|
||||
"internal_work_window_transcript",
|
||||
"private_namespace",
|
||||
"unredacted_internal_path",
|
||||
"unredacted_private_ip"
|
||||
],
|
||||
"blocked_actions": [
|
||||
"send_owner_request",
|
||||
"confirm_recipient",
|
||||
"emit_audit_event",
|
||||
"telegram_send",
|
||||
"bot_api_call",
|
||||
"workflow_modification",
|
||||
"script_modification",
|
||||
"api_sender_refactor",
|
||||
"change_chat_route",
|
||||
"change_bot_token",
|
||||
"read_secret_store",
|
||||
"collect_secret_value",
|
||||
"collect_secret_hash",
|
||||
"collect_partial_token",
|
||||
"collect_chat_id_secret",
|
||||
"store_raw_message_payload",
|
||||
"store_unredacted_log",
|
||||
"workflow_dispatch",
|
||||
"production_deploy",
|
||||
"accept_cd_success_as_delivery_receipt",
|
||||
"accept_route_200_as_notification_delivery",
|
||||
"accept_ui_visible_as_notification_acceptance",
|
||||
"skip_formatter_convergence",
|
||||
"skip_redaction_contract",
|
||||
"open_runtime_gate",
|
||||
"add_action_button"
|
||||
],
|
||||
"request_sent": false,
|
||||
"recipient_confirmed": false,
|
||||
"audit_event_emitted": false,
|
||||
"owner_response_received": false,
|
||||
"owner_response_accepted": false,
|
||||
"formatter_convergence_accepted": false,
|
||||
"redaction_contract_accepted": false,
|
||||
"delivery_receipt_accepted": false,
|
||||
"break_glass_fallback_accepted": false,
|
||||
"direct_bot_api_migration_authorized": false,
|
||||
"telegram_send_authorized": false,
|
||||
"bot_api_call_authorized": false,
|
||||
"workflow_modification_authorized": false,
|
||||
"script_modification_authorized": false,
|
||||
"api_sender_refactor_authorized": false,
|
||||
"secret_value_collection_allowed": false,
|
||||
"raw_payload_storage_allowed": false,
|
||||
"production_write_authorized": false,
|
||||
"runtime_gate": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_code_review_yaml",
|
||||
"source_inventory_schema_version": "telegram_notification_egress_inventory_v1",
|
||||
"source_path": ".gitea/workflows/code-review.yaml",
|
||||
"surface_kind": "gitea_workflow_direct_bot_api",
|
||||
"direct_call_count": 2,
|
||||
"line_refs": [
|
||||
137,
|
||||
216
|
||||
],
|
||||
"line_hash_refs": [
|
||||
"a7ebbd735dad5ab2",
|
||||
"f10f7782dc7c8125"
|
||||
],
|
||||
"request_fields": [
|
||||
"request_draft_id",
|
||||
"source_inventory_schema_version",
|
||||
"source_path",
|
||||
"surface_kind",
|
||||
"direct_call_count",
|
||||
"line_refs",
|
||||
"line_hash_refs",
|
||||
"owner_role_or_team",
|
||||
"routing_purpose",
|
||||
"current_sender",
|
||||
"target_chat_route",
|
||||
"message_shape_contract",
|
||||
"redaction_contract",
|
||||
"formatter_convergence_decision",
|
||||
"gateway_or_alertmanager_target",
|
||||
"break_glass_fallback_decision",
|
||||
"delivery_receipt_ref",
|
||||
"dedup_or_fingerprint_plan",
|
||||
"fallback_or_degraded_mode",
|
||||
"migration_or_exception_reason",
|
||||
"maintenance_window",
|
||||
"rollback_owner",
|
||||
"postcheck_evidence_ref",
|
||||
"no_secret_value_attestation",
|
||||
"no_raw_payload_attestation",
|
||||
"no_false_green_attestation",
|
||||
"not_authorization"
|
||||
],
|
||||
"required_owner_fields": [
|
||||
"owner_role_or_team",
|
||||
"routing_purpose",
|
||||
"current_sender",
|
||||
"target_chat_route",
|
||||
"message_shape_contract",
|
||||
"redaction_contract",
|
||||
"formatter_convergence_decision",
|
||||
"gateway_or_alertmanager_target",
|
||||
"break_glass_fallback_decision",
|
||||
"delivery_receipt_ref",
|
||||
"dedup_or_fingerprint_plan",
|
||||
"fallback_or_degraded_mode",
|
||||
"migration_or_exception_reason",
|
||||
"maintenance_window",
|
||||
"rollback_owner",
|
||||
"postcheck_evidence_ref",
|
||||
"no_secret_value_attestation",
|
||||
"no_raw_payload_attestation",
|
||||
"no_false_green_attestation"
|
||||
],
|
||||
"preflight_checks": [
|
||||
"source_inventory_current",
|
||||
"owner_role_present",
|
||||
"route_purpose_present",
|
||||
"message_shape_contract_present",
|
||||
"redaction_contract_present",
|
||||
"formatter_convergence_decision_present",
|
||||
"break_glass_fallback_explicit",
|
||||
"delivery_receipt_metadata_present",
|
||||
"dedup_or_fingerprint_present",
|
||||
"maintenance_window_present_for_change",
|
||||
"rollback_owner_present",
|
||||
"postcheck_evidence_present",
|
||||
"no_secret_value_attested",
|
||||
"no_raw_payload_attested",
|
||||
"no_false_green_attested",
|
||||
"runtime_gate_stays_zero"
|
||||
],
|
||||
"outcome_lanes": [
|
||||
"draft_waiting_owner_dispatch",
|
||||
"request_owner_route_supplement",
|
||||
"request_formatter_convergence_supplement",
|
||||
"request_break_glass_fallback_supplement",
|
||||
"request_redaction_or_receipt_supplement",
|
||||
"quarantine_secret_or_raw_payload",
|
||||
"reject_false_green_claim",
|
||||
"ready_for_manual_dispatch",
|
||||
"waiting_runtime_gate"
|
||||
],
|
||||
"forbidden_payloads": [
|
||||
"bot_token_value",
|
||||
"chat_secret_value",
|
||||
"secret_hash",
|
||||
"partial_token",
|
||||
"masked_token",
|
||||
"authorization_header",
|
||||
"raw_message_payload",
|
||||
"raw_workflow_log",
|
||||
"raw_action_log",
|
||||
"raw_screenshot_with_secret",
|
||||
"internal_work_window_transcript",
|
||||
"private_namespace",
|
||||
"unredacted_internal_path",
|
||||
"unredacted_private_ip"
|
||||
],
|
||||
"blocked_actions": [
|
||||
"send_owner_request",
|
||||
"confirm_recipient",
|
||||
"emit_audit_event",
|
||||
"telegram_send",
|
||||
"bot_api_call",
|
||||
"workflow_modification",
|
||||
"script_modification",
|
||||
"api_sender_refactor",
|
||||
"change_chat_route",
|
||||
"change_bot_token",
|
||||
"read_secret_store",
|
||||
"collect_secret_value",
|
||||
"collect_secret_hash",
|
||||
"collect_partial_token",
|
||||
"collect_chat_id_secret",
|
||||
"store_raw_message_payload",
|
||||
"store_unredacted_log",
|
||||
"workflow_dispatch",
|
||||
"production_deploy",
|
||||
"accept_cd_success_as_delivery_receipt",
|
||||
"accept_route_200_as_notification_delivery",
|
||||
"accept_ui_visible_as_notification_acceptance",
|
||||
"skip_formatter_convergence",
|
||||
"skip_redaction_contract",
|
||||
"open_runtime_gate",
|
||||
"add_action_button"
|
||||
],
|
||||
"request_sent": false,
|
||||
"recipient_confirmed": false,
|
||||
"audit_event_emitted": false,
|
||||
"owner_response_received": false,
|
||||
"owner_response_accepted": false,
|
||||
"formatter_convergence_accepted": false,
|
||||
"redaction_contract_accepted": false,
|
||||
"delivery_receipt_accepted": false,
|
||||
"break_glass_fallback_accepted": false,
|
||||
"direct_bot_api_migration_authorized": false,
|
||||
"telegram_send_authorized": false,
|
||||
"bot_api_call_authorized": false,
|
||||
"workflow_modification_authorized": false,
|
||||
"script_modification_authorized": false,
|
||||
"api_sender_refactor_authorized": false,
|
||||
"secret_value_collection_allowed": false,
|
||||
"raw_payload_storage_allowed": false,
|
||||
"production_write_authorized": false,
|
||||
"runtime_gate": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_deploy_alerts_yaml",
|
||||
"source_inventory_schema_version": "telegram_notification_egress_inventory_v1",
|
||||
"source_path": ".gitea/workflows/deploy-alerts.yaml",
|
||||
"surface_kind": "gitea_workflow_direct_bot_api",
|
||||
"direct_call_count": 1,
|
||||
"line_refs": [
|
||||
69
|
||||
],
|
||||
"line_hash_refs": [
|
||||
"79e83190f68f27c9"
|
||||
],
|
||||
"request_fields": [
|
||||
"request_draft_id",
|
||||
"source_inventory_schema_version",
|
||||
"source_path",
|
||||
"surface_kind",
|
||||
"direct_call_count",
|
||||
"line_refs",
|
||||
"line_hash_refs",
|
||||
"owner_role_or_team",
|
||||
"routing_purpose",
|
||||
"current_sender",
|
||||
"target_chat_route",
|
||||
"message_shape_contract",
|
||||
"redaction_contract",
|
||||
"formatter_convergence_decision",
|
||||
"gateway_or_alertmanager_target",
|
||||
"break_glass_fallback_decision",
|
||||
"delivery_receipt_ref",
|
||||
"dedup_or_fingerprint_plan",
|
||||
"fallback_or_degraded_mode",
|
||||
"migration_or_exception_reason",
|
||||
"maintenance_window",
|
||||
"rollback_owner",
|
||||
"postcheck_evidence_ref",
|
||||
"no_secret_value_attestation",
|
||||
"no_raw_payload_attestation",
|
||||
"no_false_green_attestation",
|
||||
"not_authorization"
|
||||
],
|
||||
"required_owner_fields": [
|
||||
"owner_role_or_team",
|
||||
"routing_purpose",
|
||||
"current_sender",
|
||||
"target_chat_route",
|
||||
"message_shape_contract",
|
||||
"redaction_contract",
|
||||
"formatter_convergence_decision",
|
||||
"gateway_or_alertmanager_target",
|
||||
"break_glass_fallback_decision",
|
||||
"delivery_receipt_ref",
|
||||
"dedup_or_fingerprint_plan",
|
||||
"fallback_or_degraded_mode",
|
||||
"migration_or_exception_reason",
|
||||
"maintenance_window",
|
||||
"rollback_owner",
|
||||
"postcheck_evidence_ref",
|
||||
"no_secret_value_attestation",
|
||||
"no_raw_payload_attestation",
|
||||
"no_false_green_attestation"
|
||||
],
|
||||
"preflight_checks": [
|
||||
"source_inventory_current",
|
||||
"owner_role_present",
|
||||
"route_purpose_present",
|
||||
"message_shape_contract_present",
|
||||
"redaction_contract_present",
|
||||
"formatter_convergence_decision_present",
|
||||
"break_glass_fallback_explicit",
|
||||
"delivery_receipt_metadata_present",
|
||||
"dedup_or_fingerprint_present",
|
||||
"maintenance_window_present_for_change",
|
||||
"rollback_owner_present",
|
||||
"postcheck_evidence_present",
|
||||
"no_secret_value_attested",
|
||||
"no_raw_payload_attested",
|
||||
"no_false_green_attested",
|
||||
"runtime_gate_stays_zero"
|
||||
],
|
||||
"outcome_lanes": [
|
||||
"draft_waiting_owner_dispatch",
|
||||
"request_owner_route_supplement",
|
||||
"request_formatter_convergence_supplement",
|
||||
"request_break_glass_fallback_supplement",
|
||||
"request_redaction_or_receipt_supplement",
|
||||
"quarantine_secret_or_raw_payload",
|
||||
"reject_false_green_claim",
|
||||
"ready_for_manual_dispatch",
|
||||
"waiting_runtime_gate"
|
||||
],
|
||||
"forbidden_payloads": [
|
||||
"bot_token_value",
|
||||
"chat_secret_value",
|
||||
"secret_hash",
|
||||
"partial_token",
|
||||
"masked_token",
|
||||
"authorization_header",
|
||||
"raw_message_payload",
|
||||
"raw_workflow_log",
|
||||
"raw_action_log",
|
||||
"raw_screenshot_with_secret",
|
||||
"internal_work_window_transcript",
|
||||
"private_namespace",
|
||||
"unredacted_internal_path",
|
||||
"unredacted_private_ip"
|
||||
],
|
||||
"blocked_actions": [
|
||||
"send_owner_request",
|
||||
"confirm_recipient",
|
||||
"emit_audit_event",
|
||||
"telegram_send",
|
||||
"bot_api_call",
|
||||
"workflow_modification",
|
||||
"script_modification",
|
||||
"api_sender_refactor",
|
||||
"change_chat_route",
|
||||
"change_bot_token",
|
||||
"read_secret_store",
|
||||
"collect_secret_value",
|
||||
"collect_secret_hash",
|
||||
"collect_partial_token",
|
||||
"collect_chat_id_secret",
|
||||
"store_raw_message_payload",
|
||||
"store_unredacted_log",
|
||||
"workflow_dispatch",
|
||||
"production_deploy",
|
||||
"accept_cd_success_as_delivery_receipt",
|
||||
"accept_route_200_as_notification_delivery",
|
||||
"accept_ui_visible_as_notification_acceptance",
|
||||
"skip_formatter_convergence",
|
||||
"skip_redaction_contract",
|
||||
"open_runtime_gate",
|
||||
"add_action_button"
|
||||
],
|
||||
"request_sent": false,
|
||||
"recipient_confirmed": false,
|
||||
"audit_event_emitted": false,
|
||||
"owner_response_received": false,
|
||||
"owner_response_accepted": false,
|
||||
"formatter_convergence_accepted": false,
|
||||
"redaction_contract_accepted": false,
|
||||
"delivery_receipt_accepted": false,
|
||||
"break_glass_fallback_accepted": false,
|
||||
"direct_bot_api_migration_authorized": false,
|
||||
"telegram_send_authorized": false,
|
||||
"bot_api_call_authorized": false,
|
||||
"workflow_modification_authorized": false,
|
||||
"script_modification_authorized": false,
|
||||
"api_sender_refactor_authorized": false,
|
||||
"secret_value_collection_allowed": false,
|
||||
"raw_payload_storage_allowed": false,
|
||||
"production_write_authorized": false,
|
||||
"runtime_gate": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_e2e_health_yaml",
|
||||
"source_inventory_schema_version": "telegram_notification_egress_inventory_v1",
|
||||
"source_path": ".gitea/workflows/e2e-health.yaml",
|
||||
"surface_kind": "gitea_workflow_direct_bot_api",
|
||||
"direct_call_count": 1,
|
||||
"line_refs": [
|
||||
98
|
||||
],
|
||||
"line_hash_refs": [
|
||||
"d73ce94678f970a9"
|
||||
],
|
||||
"request_fields": [
|
||||
"request_draft_id",
|
||||
"source_inventory_schema_version",
|
||||
"source_path",
|
||||
"surface_kind",
|
||||
"direct_call_count",
|
||||
"line_refs",
|
||||
"line_hash_refs",
|
||||
"owner_role_or_team",
|
||||
"routing_purpose",
|
||||
"current_sender",
|
||||
"target_chat_route",
|
||||
"message_shape_contract",
|
||||
"redaction_contract",
|
||||
"formatter_convergence_decision",
|
||||
"gateway_or_alertmanager_target",
|
||||
"break_glass_fallback_decision",
|
||||
"delivery_receipt_ref",
|
||||
"dedup_or_fingerprint_plan",
|
||||
"fallback_or_degraded_mode",
|
||||
"migration_or_exception_reason",
|
||||
"maintenance_window",
|
||||
"rollback_owner",
|
||||
"postcheck_evidence_ref",
|
||||
"no_secret_value_attestation",
|
||||
"no_raw_payload_attestation",
|
||||
"no_false_green_attestation",
|
||||
"not_authorization"
|
||||
],
|
||||
"required_owner_fields": [
|
||||
"owner_role_or_team",
|
||||
"routing_purpose",
|
||||
"current_sender",
|
||||
"target_chat_route",
|
||||
"message_shape_contract",
|
||||
"redaction_contract",
|
||||
"formatter_convergence_decision",
|
||||
"gateway_or_alertmanager_target",
|
||||
"break_glass_fallback_decision",
|
||||
"delivery_receipt_ref",
|
||||
"dedup_or_fingerprint_plan",
|
||||
"fallback_or_degraded_mode",
|
||||
"migration_or_exception_reason",
|
||||
"maintenance_window",
|
||||
"rollback_owner",
|
||||
"postcheck_evidence_ref",
|
||||
"no_secret_value_attestation",
|
||||
"no_raw_payload_attestation",
|
||||
"no_false_green_attestation"
|
||||
],
|
||||
"preflight_checks": [
|
||||
"source_inventory_current",
|
||||
"owner_role_present",
|
||||
"route_purpose_present",
|
||||
"message_shape_contract_present",
|
||||
"redaction_contract_present",
|
||||
"formatter_convergence_decision_present",
|
||||
"break_glass_fallback_explicit",
|
||||
"delivery_receipt_metadata_present",
|
||||
"dedup_or_fingerprint_present",
|
||||
"maintenance_window_present_for_change",
|
||||
"rollback_owner_present",
|
||||
"postcheck_evidence_present",
|
||||
"no_secret_value_attested",
|
||||
"no_raw_payload_attested",
|
||||
"no_false_green_attested",
|
||||
"runtime_gate_stays_zero"
|
||||
],
|
||||
"outcome_lanes": [
|
||||
"draft_waiting_owner_dispatch",
|
||||
"request_owner_route_supplement",
|
||||
"request_formatter_convergence_supplement",
|
||||
"request_break_glass_fallback_supplement",
|
||||
"request_redaction_or_receipt_supplement",
|
||||
"quarantine_secret_or_raw_payload",
|
||||
"reject_false_green_claim",
|
||||
"ready_for_manual_dispatch",
|
||||
"waiting_runtime_gate"
|
||||
],
|
||||
"forbidden_payloads": [
|
||||
"bot_token_value",
|
||||
"chat_secret_value",
|
||||
"secret_hash",
|
||||
"partial_token",
|
||||
"masked_token",
|
||||
"authorization_header",
|
||||
"raw_message_payload",
|
||||
"raw_workflow_log",
|
||||
"raw_action_log",
|
||||
"raw_screenshot_with_secret",
|
||||
"internal_work_window_transcript",
|
||||
"private_namespace",
|
||||
"unredacted_internal_path",
|
||||
"unredacted_private_ip"
|
||||
],
|
||||
"blocked_actions": [
|
||||
"send_owner_request",
|
||||
"confirm_recipient",
|
||||
"emit_audit_event",
|
||||
"telegram_send",
|
||||
"bot_api_call",
|
||||
"workflow_modification",
|
||||
"script_modification",
|
||||
"api_sender_refactor",
|
||||
"change_chat_route",
|
||||
"change_bot_token",
|
||||
"read_secret_store",
|
||||
"collect_secret_value",
|
||||
"collect_secret_hash",
|
||||
"collect_partial_token",
|
||||
"collect_chat_id_secret",
|
||||
"store_raw_message_payload",
|
||||
"store_unredacted_log",
|
||||
"workflow_dispatch",
|
||||
"production_deploy",
|
||||
"accept_cd_success_as_delivery_receipt",
|
||||
"accept_route_200_as_notification_delivery",
|
||||
"accept_ui_visible_as_notification_acceptance",
|
||||
"skip_formatter_convergence",
|
||||
"skip_redaction_contract",
|
||||
"open_runtime_gate",
|
||||
"add_action_button"
|
||||
],
|
||||
"request_sent": false,
|
||||
"recipient_confirmed": false,
|
||||
"audit_event_emitted": false,
|
||||
"owner_response_received": false,
|
||||
"owner_response_accepted": false,
|
||||
"formatter_convergence_accepted": false,
|
||||
"redaction_contract_accepted": false,
|
||||
"delivery_receipt_accepted": false,
|
||||
"break_glass_fallback_accepted": false,
|
||||
"direct_bot_api_migration_authorized": false,
|
||||
"telegram_send_authorized": false,
|
||||
"bot_api_call_authorized": false,
|
||||
"workflow_modification_authorized": false,
|
||||
"script_modification_authorized": false,
|
||||
"api_sender_refactor_authorized": false,
|
||||
"secret_value_collection_allowed": false,
|
||||
"raw_payload_storage_allowed": false,
|
||||
"production_write_authorized": false,
|
||||
"runtime_gate": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"request_draft_id": "telegram_notification_egress_owner_request:_gitea_workflows_run_migration_yml",
|
||||
"source_inventory_schema_version": "telegram_notification_egress_inventory_v1",
|
||||
"source_path": ".gitea/workflows/run-migration.yml",
|
||||
"surface_kind": "gitea_workflow_direct_bot_api",
|
||||
"direct_call_count": 1,
|
||||
"line_refs": [
|
||||
210
|
||||
],
|
||||
"line_hash_refs": [
|
||||
"934a8dd69fca99b3"
|
||||
],
|
||||
"request_fields": [
|
||||
"request_draft_id",
|
||||
"source_inventory_schema_version",
|
||||
"source_path",
|
||||
"surface_kind",
|
||||
"direct_call_count",
|
||||
"line_refs",
|
||||
"line_hash_refs",
|
||||
"owner_role_or_team",
|
||||
"routing_purpose",
|
||||
"current_sender",
|
||||
"target_chat_route",
|
||||
"message_shape_contract",
|
||||
"redaction_contract",
|
||||
"formatter_convergence_decision",
|
||||
"gateway_or_alertmanager_target",
|
||||
"break_glass_fallback_decision",
|
||||
"delivery_receipt_ref",
|
||||
"dedup_or_fingerprint_plan",
|
||||
"fallback_or_degraded_mode",
|
||||
"migration_or_exception_reason",
|
||||
"maintenance_window",
|
||||
"rollback_owner",
|
||||
"postcheck_evidence_ref",
|
||||
"no_secret_value_attestation",
|
||||
"no_raw_payload_attestation",
|
||||
"no_false_green_attestation",
|
||||
"not_authorization"
|
||||
],
|
||||
"required_owner_fields": [
|
||||
"owner_role_or_team",
|
||||
"routing_purpose",
|
||||
"current_sender",
|
||||
"target_chat_route",
|
||||
"message_shape_contract",
|
||||
"redaction_contract",
|
||||
"formatter_convergence_decision",
|
||||
"gateway_or_alertmanager_target",
|
||||
"break_glass_fallback_decision",
|
||||
"delivery_receipt_ref",
|
||||
"dedup_or_fingerprint_plan",
|
||||
"fallback_or_degraded_mode",
|
||||
"migration_or_exception_reason",
|
||||
"maintenance_window",
|
||||
"rollback_owner",
|
||||
"postcheck_evidence_ref",
|
||||
"no_secret_value_attestation",
|
||||
"no_raw_payload_attestation",
|
||||
"no_false_green_attestation"
|
||||
],
|
||||
"preflight_checks": [
|
||||
"source_inventory_current",
|
||||
"owner_role_present",
|
||||
"route_purpose_present",
|
||||
"message_shape_contract_present",
|
||||
"redaction_contract_present",
|
||||
"formatter_convergence_decision_present",
|
||||
"break_glass_fallback_explicit",
|
||||
"delivery_receipt_metadata_present",
|
||||
"dedup_or_fingerprint_present",
|
||||
"maintenance_window_present_for_change",
|
||||
"rollback_owner_present",
|
||||
"postcheck_evidence_present",
|
||||
"no_secret_value_attested",
|
||||
"no_raw_payload_attested",
|
||||
"no_false_green_attested",
|
||||
"runtime_gate_stays_zero"
|
||||
],
|
||||
"outcome_lanes": [
|
||||
"draft_waiting_owner_dispatch",
|
||||
"request_owner_route_supplement",
|
||||
"request_formatter_convergence_supplement",
|
||||
"request_break_glass_fallback_supplement",
|
||||
"request_redaction_or_receipt_supplement",
|
||||
"quarantine_secret_or_raw_payload",
|
||||
"reject_false_green_claim",
|
||||
"ready_for_manual_dispatch",
|
||||
"waiting_runtime_gate"
|
||||
],
|
||||
"forbidden_payloads": [
|
||||
"bot_token_value",
|
||||
"chat_secret_value",
|
||||
"secret_hash",
|
||||
"partial_token",
|
||||
"masked_token",
|
||||
"authorization_header",
|
||||
"raw_message_payload",
|
||||
"raw_workflow_log",
|
||||
"raw_action_log",
|
||||
"raw_screenshot_with_secret",
|
||||
"internal_work_window_transcript",
|
||||
"private_namespace",
|
||||
"unredacted_internal_path",
|
||||
"unredacted_private_ip"
|
||||
],
|
||||
"blocked_actions": [
|
||||
"send_owner_request",
|
||||
"confirm_recipient",
|
||||
"emit_audit_event",
|
||||
"telegram_send",
|
||||
"bot_api_call",
|
||||
"workflow_modification",
|
||||
"script_modification",
|
||||
"api_sender_refactor",
|
||||
"change_chat_route",
|
||||
"change_bot_token",
|
||||
"read_secret_store",
|
||||
"collect_secret_value",
|
||||
"collect_secret_hash",
|
||||
"collect_partial_token",
|
||||
"collect_chat_id_secret",
|
||||
"store_raw_message_payload",
|
||||
"store_unredacted_log",
|
||||
"workflow_dispatch",
|
||||
"production_deploy",
|
||||
"accept_cd_success_as_delivery_receipt",
|
||||
"accept_route_200_as_notification_delivery",
|
||||
"accept_ui_visible_as_notification_acceptance",
|
||||
"skip_formatter_convergence",
|
||||
"skip_redaction_contract",
|
||||
"open_runtime_gate",
|
||||
"add_action_button"
|
||||
],
|
||||
"request_sent": false,
|
||||
"recipient_confirmed": false,
|
||||
"audit_event_emitted": false,
|
||||
"owner_response_received": false,
|
||||
"owner_response_accepted": false,
|
||||
"formatter_convergence_accepted": false,
|
||||
"redaction_contract_accepted": false,
|
||||
"delivery_receipt_accepted": false,
|
||||
"break_glass_fallback_accepted": false,
|
||||
"direct_bot_api_migration_authorized": false,
|
||||
"telegram_send_authorized": false,
|
||||
"bot_api_call_authorized": false,
|
||||
"workflow_modification_authorized": false,
|
||||
"script_modification_authorized": false,
|
||||
"api_sender_refactor_authorized": false,
|
||||
"secret_value_collection_allowed": false,
|
||||
"raw_payload_storage_allowed": false,
|
||||
"production_write_authorized": false,
|
||||
"runtime_gate": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"request_draft_id": "telegram_notification_egress_owner_request:apps_api_src_services_channel_hub_py",
|
||||
"source_inventory_schema_version": "telegram_notification_egress_inventory_v1",
|
||||
@@ -1336,10 +380,10 @@
|
||||
"surface_kind": "ops_script_direct_bot_api",
|
||||
"direct_call_count": 1,
|
||||
"line_refs": [
|
||||
90
|
||||
120
|
||||
],
|
||||
"line_hash_refs": [
|
||||
"6611406903bc7d65"
|
||||
"283499ad28d35d6a"
|
||||
],
|
||||
"request_fields": [
|
||||
"request_draft_id",
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -21645,13 +21645,13 @@ def validate(root: Path) -> None:
|
||||
"repo_only_scan_no_secret_value_no_telegram_send",
|
||||
)
|
||||
expected_telegram_notification_egress_summary = {
|
||||
"direct_bot_api_file_count": 11,
|
||||
"direct_bot_api_call_count": 18,
|
||||
"workflow_direct_bot_api_call_count": 13,
|
||||
"direct_bot_api_file_count": 5,
|
||||
"direct_bot_api_call_count": 5,
|
||||
"workflow_direct_bot_api_call_count": 0,
|
||||
"ops_script_direct_bot_api_call_count": 4,
|
||||
"ci_script_direct_bot_api_call_count": 0,
|
||||
"api_direct_bot_api_call_count": 1,
|
||||
"gateway_normalized_callsite_count": 56,
|
||||
"gateway_normalized_callsite_count": 57,
|
||||
"gateway_final_exit_formatter_present_count": 1,
|
||||
"required_owner_field_count": 18,
|
||||
"reviewer_check_count": 14,
|
||||
@@ -21680,12 +21680,6 @@ def validate(root: Path) -> None:
|
||||
expected,
|
||||
)
|
||||
expected_telegram_direct_path_counts = {
|
||||
".gitea/workflows/cd-dev.yaml": 3,
|
||||
".gitea/workflows/cd.yaml": 5,
|
||||
".gitea/workflows/code-review.yaml": 2,
|
||||
".gitea/workflows/deploy-alerts.yaml": 1,
|
||||
".gitea/workflows/e2e-health.yaml": 1,
|
||||
".gitea/workflows/run-migration.yml": 1,
|
||||
"apps/api/src/services/channel_hub.py": 1,
|
||||
"scripts/ops/backup-from-110.sh": 1,
|
||||
"scripts/ops/docker-health-monitor.sh": 1,
|
||||
@@ -21767,10 +21761,10 @@ def validate(root: Path) -> None:
|
||||
"metadata_only_no_secret_value_no_telegram_send_no_workflow_change",
|
||||
)
|
||||
expected_telegram_egress_owner_request_summary = {
|
||||
"source_direct_bot_api_call_count": 18,
|
||||
"source_direct_bot_api_file_count": 11,
|
||||
"request_draft_count": 11,
|
||||
"workflow_request_draft_count": 6,
|
||||
"source_direct_bot_api_call_count": 5,
|
||||
"source_direct_bot_api_file_count": 5,
|
||||
"request_draft_count": 5,
|
||||
"workflow_request_draft_count": 0,
|
||||
"ops_script_request_draft_count": 4,
|
||||
"ci_script_request_draft_count": 0,
|
||||
"api_direct_request_draft_count": 1,
|
||||
@@ -21808,12 +21802,6 @@ def validate(root: Path) -> None:
|
||||
expected,
|
||||
)
|
||||
expected_telegram_egress_request_paths = [
|
||||
".gitea/workflows/cd-dev.yaml",
|
||||
".gitea/workflows/cd.yaml",
|
||||
".gitea/workflows/code-review.yaml",
|
||||
".gitea/workflows/deploy-alerts.yaml",
|
||||
".gitea/workflows/e2e-health.yaml",
|
||||
".gitea/workflows/run-migration.yml",
|
||||
"apps/api/src/services/channel_hub.py",
|
||||
"scripts/ops/backup-from-110.sh",
|
||||
"scripts/ops/docker-health-monitor.sh",
|
||||
@@ -21907,22 +21895,22 @@ def validate(root: Path) -> None:
|
||||
"metadata_only_no_workflow_script_api_change_no_telegram_send",
|
||||
)
|
||||
expected_telegram_egress_migration_plan_summary = {
|
||||
"source_request_draft_count": 11,
|
||||
"source_direct_bot_api_call_count": 18,
|
||||
"migration_candidate_count": 11,
|
||||
"workflow_migration_candidate_count": 6,
|
||||
"source_request_draft_count": 5,
|
||||
"source_direct_bot_api_call_count": 5,
|
||||
"migration_candidate_count": 5,
|
||||
"workflow_migration_candidate_count": 0,
|
||||
"ops_script_migration_candidate_count": 4,
|
||||
"api_direct_migration_candidate_count": 1,
|
||||
"proposed_wave_count": 3,
|
||||
"proposed_wave_count": 2,
|
||||
"plan_field_count": 17,
|
||||
"reviewer_check_count": 15,
|
||||
"outcome_lane_count": 9,
|
||||
"blocked_action_count": 21,
|
||||
"owner_response_required_count": 11,
|
||||
"maintenance_window_required_count": 11,
|
||||
"rollback_owner_required_count": 11,
|
||||
"postcheck_required_count": 11,
|
||||
"delivery_receipt_required_count": 11,
|
||||
"owner_response_required_count": 5,
|
||||
"maintenance_window_required_count": 5,
|
||||
"rollback_owner_required_count": 5,
|
||||
"postcheck_required_count": 5,
|
||||
"delivery_receipt_required_count": 5,
|
||||
"owner_response_received_count": 0,
|
||||
"owner_response_accepted_count": 0,
|
||||
"migration_authorized_count": 0,
|
||||
@@ -21947,7 +21935,6 @@ def validate(root: Path) -> None:
|
||||
"telegram_notification_egress_migration_plan_draft.proposed_waves",
|
||||
telegram_notification_egress_migration_plan_draft["proposed_waves"],
|
||||
[
|
||||
"wave_1_workflow_notification_wrapper",
|
||||
"wave_2_ops_notification_wrapper",
|
||||
"wave_3_api_sender_gateway",
|
||||
],
|
||||
@@ -22025,13 +22012,13 @@ def validate(root: Path) -> None:
|
||||
"repo_source_scan_no_secret_value_no_telegram_send",
|
||||
)
|
||||
expected_telegram_egress_no_new_bypass_summary = {
|
||||
"source_direct_bot_api_call_count": 18,
|
||||
"source_direct_bot_api_file_count": 11,
|
||||
"baseline_signature_count": 18,
|
||||
"current_direct_bot_api_call_count": 18,
|
||||
"current_direct_bot_api_file_count": 11,
|
||||
"source_direct_bot_api_call_count": 5,
|
||||
"source_direct_bot_api_file_count": 5,
|
||||
"baseline_signature_count": 5,
|
||||
"current_direct_bot_api_call_count": 5,
|
||||
"current_direct_bot_api_file_count": 5,
|
||||
"guarded_method_count": 9,
|
||||
"sendMessage_call_count": 18,
|
||||
"sendMessage_call_count": 5,
|
||||
"sendDocument_call_count": 0,
|
||||
"sendPhoto_call_count": 0,
|
||||
"sendMediaGroup_call_count": 0,
|
||||
@@ -22053,19 +22040,6 @@ def validate(root: Path) -> None:
|
||||
"telegram_notification_egress_no_new_bypass_guard.current_paths",
|
||||
[item["path"] for item in telegram_notification_egress_no_new_bypass_guard["current_direct_bot_api_calls"]],
|
||||
[
|
||||
".gitea/workflows/cd-dev.yaml",
|
||||
".gitea/workflows/cd-dev.yaml",
|
||||
".gitea/workflows/cd-dev.yaml",
|
||||
".gitea/workflows/cd.yaml",
|
||||
".gitea/workflows/cd.yaml",
|
||||
".gitea/workflows/cd.yaml",
|
||||
".gitea/workflows/cd.yaml",
|
||||
".gitea/workflows/cd.yaml",
|
||||
".gitea/workflows/code-review.yaml",
|
||||
".gitea/workflows/code-review.yaml",
|
||||
".gitea/workflows/deploy-alerts.yaml",
|
||||
".gitea/workflows/e2e-health.yaml",
|
||||
".gitea/workflows/run-migration.yml",
|
||||
"apps/api/src/services/channel_hub.py",
|
||||
"scripts/ops/backup-from-110.sh",
|
||||
"scripts/ops/docker-health-monitor.sh",
|
||||
@@ -22104,11 +22078,11 @@ def validate(root: Path) -> None:
|
||||
"metadata_only_no_secret_value_no_telegram_send_no_workflow_script_api_change",
|
||||
)
|
||||
expected_telegram_egress_owner_response_acceptance_summary = {
|
||||
"source_request_draft_count": 11,
|
||||
"source_migration_candidate_count": 11,
|
||||
"source_direct_bot_api_call_count": 18,
|
||||
"acceptance_candidate_count": 11,
|
||||
"workflow_acceptance_candidate_count": 6,
|
||||
"source_request_draft_count": 5,
|
||||
"source_migration_candidate_count": 5,
|
||||
"source_direct_bot_api_call_count": 5,
|
||||
"acceptance_candidate_count": 5,
|
||||
"workflow_acceptance_candidate_count": 0,
|
||||
"ops_script_acceptance_candidate_count": 4,
|
||||
"api_direct_acceptance_candidate_count": 1,
|
||||
"acceptance_field_count": 33,
|
||||
|
||||
Reference in New Issue
Block a user