From f497c194e8684d04c8ac77ae8246b75126a2db67 Mon Sep 17 00:00:00 2001 From: ogt Date: Fri, 10 Jul 2026 18:48:28 +0800 Subject: [PATCH] fix(iwooos): redact public security wording --- apps/web/messages/en.json | 20 ++++++++++---------- apps/web/messages/zh-TW.json | 20 ++++++++++---------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/apps/web/messages/en.json b/apps/web/messages/en.json index 13d5dda0e..b06df768d 100644 --- a/apps/web/messages/en.json +++ b/apps/web/messages/en.json @@ -21911,7 +21911,7 @@ }, "intrusion_prevention": { "title": "外部入侵防護", - "body": "候選已按公開入口、SSH、firewall、主機 runtime、runner、secret、Wazuh 等域分類;圍堵仍只能是候選。" + "body": "候選已按公開入口、SSH、firewall、主機 runtime、runner、敏感設定、Wazuh 等域分類;圍堵仍只能是候選。" } } }, @@ -22005,11 +22005,11 @@ "read_only_inventory_runtime_write_gate_closed": "只讀盤點完成,AI runtime write gate 仍關閉" }, "domainBody": { - "high_value_asset_control": "Nginx、DNS / TLS、K8s、secret、workflow、runner、runtime config、backup 與 agent-bounty runtime 都先放進高價值配置總帳。", + "high_value_asset_control": "Nginx、DNS / TLS、K8s、敏感設定、workflow、runner、runtime config、backup 與 agent-bounty runtime 都先放進高價值配置總帳。", "host_service_runtime": "Docker Compose、systemd、repair bot、port binding、process / persistence baseline 需要 live hash 與維護窗口。", "monitoring_alerting_observability": "Prometheus、Alertmanager、Grafana、SigNoz、Sentry、Langfuse、OTEL 與通知路由都需要 receipt 與 owner acceptance。", "ssh_firewall_network_access": "SSH target、known_hosts、deploy SSH、sudoers、NodePort、NetworkPolicy、WireGuard 與 firewall 需要 before / after 證據。", - "awoooi_runtime_surfaces": "API、Web、Worker、Ingress、Secret、CronJob 與 K8s runtime surface 只做 manifest 讀回,不代表可 rollout。", + "awoooi_runtime_surfaces": "API、Web、Worker、Ingress、敏感設定、CronJob 與 K8s runtime surface 只做 manifest 讀回,不代表可 rollout。", "wazuh_managed_host_coverage": "受管主機必須由 manager registry 交叉驗收;transport observed 不能當完成。", "agent_bounty_protocol": "agent-bounty-protocol 已納入產品邊界,但 MCP、A2A、claim、submit、payout 與 cron 仍鎖住。", "ai_agent_automation": "OpenClaw、Hermes、Nemotron、provider 與自動化資產維持只讀;replay / shadow / canary 前不可切 production。" @@ -22435,7 +22435,7 @@ "items": { "assetGraph": { "title": "資產與暴露面要先成圖", - "body": "主機、domain、route、service、port、package、repo、runner、secret metadata、backup 與 AI agent 都要進同一張資安作戰圖。" + "body": "主機、domain、route、service、port、package、repo、runner、敏感設定 metadata、backup 與 AI agent 都要進同一張資安作戰圖。" }, "wazuhRegistry": { "title": "Wazuh registry 還是第一個硬 Gate", @@ -22451,7 +22451,7 @@ }, "configControl": { "title": "高價值配置納入作戰線", - "body": "Nginx、DNS / TLS、firewall、K8s、workflow、runner、secret metadata、backup 與 AI provider 不能再被零散手改。" + "body": "Nginx、DNS / TLS、firewall、K8s、workflow、runner、敏感設定 metadata、backup 與 AI provider 不能再被零散手改。" }, "kevExposure": { "title": "已遭利用弱點優先於一般 CVSS", @@ -22650,7 +22650,7 @@ }, "k8sWorkflow": { "title": "GitOps 與 workflow 待回讀", - "body": "K8s、ArgoCD、workflow、runner、deploy key 與 secret metadata 需補 revision、diff 與 redaction readback。" + "body": "K8s、ArgoCD、workflow、runner、deploy key 與敏感設定 metadata 需補 revision、diff 與 redaction readback。" }, "wazuhKali": { "title": "Wazuh / Kali 維持證據收件", @@ -22677,7 +22677,7 @@ "externalHostIntrusionPreventionControl": { "eyebrow": "外部入侵主機防堵控制", "title": "把主機、入口、網路與供應鏈先收成 P0 防堵矩陣", - "subtitle": "這張卡把公開入口、SSH、端口、防火牆、Nginx、runner、secret、Docker / systemd、K8s、Wazuh、套件更新、backup / restore 與跨專案同步放進同一條防堵線;目前只顯示主機別名、候選數、必填 owner 欄位與 0/false 邊界。", + "subtitle": "這張卡把公開入口、SSH、端口、防火牆、Nginx、runner、敏感設定、Docker / systemd、K8s、Wazuh、套件更新、backup / restore 與跨專案同步放進同一條防堵線;目前只顯示主機別名、候選數、必填 owner 欄位與 0/false 邊界。", "checkLabel": "優先", "stateLabel": "狀態", "boundaryTitle": "外部入侵防堵邊界", @@ -22715,7 +22715,7 @@ }, "runnerSecret": { "title": "Runner / workflow / secret freeze", - "body": "runner、workflow、deploy key、webhook 與 secret metadata 變更必須串回高價值配置 gate。" + "body": "runner、workflow、deploy key、webhook 與敏感設定 metadata 變更必須串回高價值配置 gate。" }, "wazuhResponse": { "title": "Wazuh response 先 乾跑", @@ -22770,7 +22770,7 @@ }, "k8sArgocd": { "title": "K8s / ArgoCD / production manifests", - "body": "production manifests、ConfigMap / Secret metadata、NetworkPolicy、CronJob 與 rollback revision 需被納管;GitOps 變更證據驗收後已新增事故後回讀計畫,固定 4 個範圍、31 個必填欄位、28 個審查檢查項、10 條結果分流與 41 類禁止動作。目前 post-incident readback received / accepted、ArgoCD app health、sync status、Pending / image pull / scheduling、drift、route / AI / monitoring impact、cross-project sync、no-false-green 與 runtime gate 仍全部為 0;不執行 ArgoCD sync、kubectl、Helm upgrade、NetworkPolicy / NodePort / RBAC 變更或 live patch。" + "body": "production manifests、ConfigMap / 敏感設定 metadata、NetworkPolicy、CronJob 與 rollback revision 需被納管;GitOps 變更證據驗收後已新增事故後回讀計畫,固定 4 個範圍、31 個必填欄位、28 個審查檢查項、10 條結果分流與 41 類禁止動作。目前 post-incident readback received / accepted、ArgoCD app health、sync status、Pending / image pull / scheduling、drift、route / AI / monitoring impact、cross-project sync、no-false-green 與 runtime gate 仍全部為 0;不執行 ArgoCD sync、kubectl、Helm upgrade、NetworkPolicy / NodePort / RBAC 變更或 live patch。" }, "workflowSecret": { "title": "工作流程 / 執行器 / 機密中繼資料", @@ -22924,7 +22924,7 @@ }, "k8sGitops": { "title": "K8s / ArgoCD GitOps", - "body": "manifest 清冊、負責人回覆驗收、GitOps 變更證據驗收與事故後回讀計畫已固定;目前成熟度 66%。新回讀計畫涵蓋 4 個範圍、31 個必填欄位、28 個審查檢查項、10 條結果分流與 41 類禁止動作;仍缺 actor、ArgoCD app / sync、Degraded / Pending、image pull / scheduling、rollout 前後、event / metrics / alert、drift scanner、CronJob、NetworkPolicy / RBAC / Secret metadata、route / AI / monitoring impact、跨專案同步與 no-false-green 脫敏證據。readback accepted 與 runtime gate 仍全部為 0。" + "body": "manifest 清冊、負責人回覆驗收、GitOps 變更證據驗收與事故後回讀計畫已固定;目前成熟度 66%。新回讀計畫涵蓋 4 個範圍、31 個必填欄位、28 個審查檢查項、10 條結果分流與 41 類禁止動作;仍缺 actor、ArgoCD app / sync、Degraded / Pending、image pull / scheduling、rollout 前後、event / metrics / alert、drift scanner、CronJob、NetworkPolicy / RBAC / 敏感設定 metadata、route / AI / monitoring impact、跨專案同步與 no-false-green 脫敏證據。readback accepted 與 runtime gate 仍全部為 0。" }, "backupRestore": { "title": "備份 / 還原 / 金庫", diff --git a/apps/web/messages/zh-TW.json b/apps/web/messages/zh-TW.json index 1b4b77654..e8012044e 100644 --- a/apps/web/messages/zh-TW.json +++ b/apps/web/messages/zh-TW.json @@ -21911,7 +21911,7 @@ }, "intrusion_prevention": { "title": "外部入侵防護", - "body": "候選已按公開入口、SSH、firewall、主機 runtime、runner、secret、Wazuh 等域分類;圍堵仍只能是候選。" + "body": "候選已按公開入口、SSH、firewall、主機 runtime、runner、敏感設定、Wazuh 等域分類;圍堵仍只能是候選。" } } }, @@ -22005,11 +22005,11 @@ "read_only_inventory_runtime_write_gate_closed": "只讀盤點完成,AI runtime write gate 仍關閉" }, "domainBody": { - "high_value_asset_control": "Nginx、DNS / TLS、K8s、secret、workflow、runner、runtime config、backup 與 agent-bounty runtime 都先放進高價值配置總帳。", + "high_value_asset_control": "Nginx、DNS / TLS、K8s、敏感設定、workflow、runner、runtime config、backup 與 agent-bounty runtime 都先放進高價值配置總帳。", "host_service_runtime": "Docker Compose、systemd、repair bot、port binding、process / persistence baseline 需要 live hash 與維護窗口。", "monitoring_alerting_observability": "Prometheus、Alertmanager、Grafana、SigNoz、Sentry、Langfuse、OTEL 與通知路由都需要 receipt 與 owner acceptance。", "ssh_firewall_network_access": "SSH target、known_hosts、deploy SSH、sudoers、NodePort、NetworkPolicy、WireGuard 與 firewall 需要 before / after 證據。", - "awoooi_runtime_surfaces": "API、Web、Worker、Ingress、Secret、CronJob 與 K8s runtime surface 只做 manifest 讀回,不代表可 rollout。", + "awoooi_runtime_surfaces": "API、Web、Worker、Ingress、敏感設定、CronJob 與 K8s runtime surface 只做 manifest 讀回,不代表可 rollout。", "wazuh_managed_host_coverage": "受管主機必須由 manager registry 交叉驗收;transport observed 不能當完成。", "agent_bounty_protocol": "agent-bounty-protocol 已納入產品邊界,但 MCP、A2A、claim、submit、payout 與 cron 仍鎖住。", "ai_agent_automation": "OpenClaw、Hermes、Nemotron、provider 與自動化資產維持只讀;replay / shadow / canary 前不可切 production。" @@ -22435,7 +22435,7 @@ "items": { "assetGraph": { "title": "資產與暴露面要先成圖", - "body": "主機、domain、route、service、port、package、repo、runner、secret metadata、backup 與 AI agent 都要進同一張資安作戰圖。" + "body": "主機、domain、route、service、port、package、repo、runner、敏感設定 metadata、backup 與 AI agent 都要進同一張資安作戰圖。" }, "wazuhRegistry": { "title": "Wazuh registry 還是第一個硬 Gate", @@ -22451,7 +22451,7 @@ }, "configControl": { "title": "高價值配置納入作戰線", - "body": "Nginx、DNS / TLS、firewall、K8s、workflow、runner、secret metadata、backup 與 AI provider 不能再被零散手改。" + "body": "Nginx、DNS / TLS、firewall、K8s、workflow、runner、敏感設定 metadata、backup 與 AI provider 不能再被零散手改。" }, "kevExposure": { "title": "已遭利用弱點優先於一般 CVSS", @@ -22650,7 +22650,7 @@ }, "k8sWorkflow": { "title": "GitOps 與 workflow 待回讀", - "body": "K8s、ArgoCD、workflow、runner、deploy key 與 secret metadata 需補 revision、diff 與 redaction readback。" + "body": "K8s、ArgoCD、workflow、runner、deploy key 與敏感設定 metadata 需補 revision、diff 與 redaction readback。" }, "wazuhKali": { "title": "Wazuh / Kali 維持證據收件", @@ -22677,7 +22677,7 @@ "externalHostIntrusionPreventionControl": { "eyebrow": "外部入侵主機防堵控制", "title": "把主機、入口、網路與供應鏈先收成 P0 防堵矩陣", - "subtitle": "這張卡把公開入口、SSH、端口、防火牆、Nginx、runner、secret、Docker / systemd、K8s、Wazuh、套件更新、backup / restore 與跨專案同步放進同一條防堵線;目前只顯示主機別名、候選數、必填 owner 欄位與 0/false 邊界。", + "subtitle": "這張卡把公開入口、SSH、端口、防火牆、Nginx、runner、敏感設定、Docker / systemd、K8s、Wazuh、套件更新、backup / restore 與跨專案同步放進同一條防堵線;目前只顯示主機別名、候選數、必填 owner 欄位與 0/false 邊界。", "checkLabel": "優先", "stateLabel": "狀態", "boundaryTitle": "外部入侵防堵邊界", @@ -22715,7 +22715,7 @@ }, "runnerSecret": { "title": "Runner / workflow / secret freeze", - "body": "runner、workflow、deploy key、webhook 與 secret metadata 變更必須串回高價值配置 gate。" + "body": "runner、workflow、deploy key、webhook 與敏感設定 metadata 變更必須串回高價值配置 gate。" }, "wazuhResponse": { "title": "Wazuh response 先 乾跑", @@ -22770,7 +22770,7 @@ }, "k8sArgocd": { "title": "K8s / ArgoCD / production manifests", - "body": "production manifests、ConfigMap / Secret metadata、NetworkPolicy、CronJob 與 rollback revision 需被納管;GitOps 變更證據驗收後已新增事故後回讀計畫,固定 4 個範圍、31 個必填欄位、28 個審查檢查項、10 條結果分流與 41 類禁止動作。目前 post-incident readback received / accepted、ArgoCD app health、sync status、Pending / image pull / scheduling、drift、route / AI / monitoring impact、cross-project sync、no-false-green 與 runtime gate 仍全部為 0;不執行 ArgoCD sync、kubectl、Helm upgrade、NetworkPolicy / NodePort / RBAC 變更或 live patch。" + "body": "production manifests、ConfigMap / 敏感設定 metadata、NetworkPolicy、CronJob 與 rollback revision 需被納管;GitOps 變更證據驗收後已新增事故後回讀計畫,固定 4 個範圍、31 個必填欄位、28 個審查檢查項、10 條結果分流與 41 類禁止動作。目前 post-incident readback received / accepted、ArgoCD app health、sync status、Pending / image pull / scheduling、drift、route / AI / monitoring impact、cross-project sync、no-false-green 與 runtime gate 仍全部為 0;不執行 ArgoCD sync、kubectl、Helm upgrade、NetworkPolicy / NodePort / RBAC 變更或 live patch。" }, "workflowSecret": { "title": "工作流程 / 執行器 / 機密中繼資料", @@ -22924,7 +22924,7 @@ }, "k8sGitops": { "title": "K8s / ArgoCD GitOps", - "body": "manifest 清冊、負責人回覆驗收、GitOps 變更證據驗收與事故後回讀計畫已固定;目前成熟度 66%。新回讀計畫涵蓋 4 個範圍、31 個必填欄位、28 個審查檢查項、10 條結果分流與 41 類禁止動作;仍缺 actor、ArgoCD app / sync、Degraded / Pending、image pull / scheduling、rollout 前後、event / metrics / alert、drift scanner、CronJob、NetworkPolicy / RBAC / Secret metadata、route / AI / monitoring impact、跨專案同步與 no-false-green 脫敏證據。readback accepted 與 runtime gate 仍全部為 0。" + "body": "manifest 清冊、負責人回覆驗收、GitOps 變更證據驗收與事故後回讀計畫已固定;目前成熟度 66%。新回讀計畫涵蓋 4 個範圍、31 個必填欄位、28 個審查檢查項、10 條結果分流與 41 類禁止動作;仍缺 actor、ArgoCD app / sync、Degraded / Pending、image pull / scheduling、rollout 前後、event / metrics / alert、drift scanner、CronJob、NetworkPolicy / RBAC / 敏感設定 metadata、route / AI / monitoring impact、跨專案同步與 no-false-green 脫敏證據。readback accepted 與 runtime gate 仍全部為 0。" }, "backupRestore": { "title": "備份 / 還原 / 金庫",