feat(web): add IwoooS host action gates

This commit is contained in:
Your Name
2026-05-19 21:21:23 +08:00
parent 79ab8e3f88
commit fb66ac47fc
11 changed files with 453 additions and 5 deletions

View File

@@ -42,6 +42,7 @@ IwoooS 首版只讀取或對齊以下已提交 evidence
10. 6 個只讀資安處理旅程階段。
11. 7 個 owner evidence readiness items。
12. 3 個只讀主機覆蓋 itemsKali 112、開發主機 168、開發主機 111。
13. 6 個主機動作 gate itemsactive scan、credentialed scan、Kali `/execute`、SSH / host change、Kali update、runtime blocking control。
## 3.1 既有前端資安頁面整合
@@ -124,6 +125,21 @@ S2.14 將統帥指定的 Kali 與兩台開發主機放進 IwoooS 的可見資安
這個視圖只代表「納入視野」,不代表已啟動掃描、已登入主機、已更新 Kali、已調校主機、已建立 SSH 工作流或已允許 runtime control。
## 3.6 主機動作 Gate 矩陣
S2.15 將主機相關高風險動作拆成只讀 gate matrix避免「主機已納入視野」被誤讀成「可以直接掃描、登入、更新或阻擋」。
| 順序 | 動作 | 相關主機 | 目前 Gate |
|------|------|----------|-----------|
| 1 | Active scan | `192.168.0.112``192.168.0.168``192.168.0.111` | 需要 S1.6 scan scope approval 與後續 runtime gate |
| 2 | Credentialed scan | `192.168.0.112``192.168.0.168``192.168.0.111` | 需要 scope、credential handling 與脫敏 evidence 規範;目前未批准 |
| 3 | Kali `/execute` | `192.168.0.112` | block candidate需要人工 decision record 與 S3.4 follow-up runtime gate |
| 4 | SSH / host change | `192.168.0.112``192.168.0.168``192.168.0.111` | 需要明確人工批准、變更計畫與 rollback evidence |
| 5 | Kali host update | `192.168.0.112` | 需要維護窗口、更新清單、驗證指標與 rollback 計畫 |
| 6 | Runtime blocking control | `192.168.0.112``192.168.0.168``192.168.0.111` | 需要 accepted decision record目前 active runtime gates 仍為 0 |
每個 item 都固定 `display_mode=gate_only`,且 `active_scan_authorized=false``credentialed_scan_authorized=false``ssh_change_authorized=false``host_update_authorized=false``runtime_execution_authorized=false``action_buttons_allowed=false``not_authorization=true`
## 4. 仍禁止
IwoooS 不得提供下列輸出:
@@ -133,8 +149,9 @@ IwoooS 不得提供下列輸出:
3. workflow / webhook / runner / deploy key / branch protection / repository secret 修改。
4. GitHub primary switch 或 Gitea disable。
5. production deploy 或 runtime enforcement。
6. SSH 到主機、更新 Kali、credentialed scan 或 active scan。
7. 把 58% progress、contract count、mirror readiness 或前端可見狀態當成授權
6. SSH 到主機、開 SSH session、更新 Kali、package upgrade、credentialed scan 或 active scan。
7. 套用 runtime blocking control
8. 把 58% progress、contract count、mirror readiness 或前端可見狀態當成授權。
## 5. 驗證

View File

@@ -35,7 +35,7 @@
| Owner response validation | S4.13 已建立;四包 owner response 目前 received/accepted 皆為 04 條 missing response lanes、4 步 collection order、next collection candidate、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks 與 7 條 parallel session recovery outcome lanes 可供 AwoooP 直接顯示;下一個建議收件為 S4.9 Gitea owner attestationlatest local validation 為 `SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`reviewer audit emitted 仍為 0不代表 owner response 已收到或任何執行授權 |
| Low-friction rollout policy | S1.3 已補 7 條 non-blocking escalation lanesLOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 初期只能 observe / warn`owner_review_required_before_blocking=true``runtime_blocking_allowed=false` |
| IwoooS frontend posture | S2.8 已新增 `/iwooos` read-only Information Security 入口;顯示 Security Posture / Exposure、source-control supply chain、Kali 112 Mesh、approval boundary、non-blocking lanes 與 evidence refs不新增執行按鈕 |
| IwoooS posture projection | S2.9 已新增 `iwooos_posture_projection_v1`S2.10 已把 10 個既有前端資安相關頁面納入 projectionS2.11 已補 4 個 coverage groups 與 5 個 conflict controlsS2.12 已補 6 個只讀 operator journey stepsS2.13 已補 7 個 owner evidence readiness itemsS2.14 已補 3 個 host coverage itemsKali 112、開發主機 168、開發主機 111仍不新增 action button |
| IwoooS posture projection | S2.9 已新增 `iwooos_posture_projection_v1`S2.10 已把 10 個既有前端資安相關頁面納入 projectionS2.11 已補 4 個 coverage groups 與 5 個 conflict controlsS2.12 已補 6 個只讀 operator journey stepsS2.13 已補 7 個 owner evidence readiness itemsS2.14 已補 3 個 host coverage itemsKali 112、開發主機 168、開發主機 111S2.15 已補 6 個 host action gate items仍不新增 action button |
| Dry-run | `contract_defined_not_executed`;已納入 `CHECK_PROGRESS_GUARD``CHECK_OWNER_RESPONSE_GUARD`latest local validation 為 `repo_snapshot_guard_pass`,仍不代表 production ingestion |
| Runtime actions | `false` |
| Payload ingestion | `false` |
@@ -98,6 +98,7 @@
| S2.12 IwoooS operator journey projection | framework detail | 0 | 只把資安處理旅程顯示成 read-only status projection不代表 execution queue、runtime gate、deploy approval、Kali scan 或 Code Review blocking 授權 |
| S2.13 IwoooS owner evidence readiness board | framework detail | 0 | 只顯示 headline 進度下一步需要的 owner evidence / approval gatereceived / accepted 仍為 0不代表 owner response received、approval、runtime gate、Kali scan 或 GitHub primary 授權 |
| S2.14 IwoooS host coverage view | framework detail | 0 | 只顯示 Kali 112 與 168 / 111 開發主機已納入 observe-only 資安視野,不代表 active scan、SSH 變更、主機更新、credentialed scan、runtime gate 或 Kali `/execute` 授權 |
| S2.15 IwoooS host action gate matrix | framework detail | 0 | 只把 active scan、credentialed scan、Kali `/execute`、SSH / host change、Kali update 與 runtime blocking control 拆成只讀 gate不代表任何主機動作或 runtime enforcement 已批准 |
headline 進度要再往上,至少需要下列任一高層 gate 有實質 evidence

View File

@@ -4,7 +4,7 @@
|------|------|
| 日期 | 2026-05-17 |
| 狀態 | S0/S1 read-only evidence 建置中 |
| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Source Control Ref Truth Owner Response 收件包 + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + GitHub Target Owner Decision Response 收件包 + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Gitea Owner Attestation Approval Lane 對齊 + Gitea Owner Attestation Response 收件包 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Workflow / Secret Name Owner Response 收件包 + Source Control Owner Response Validation Rollup + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 + IwoooS 前端態勢入口 + IwoooS posture projection contract + IwoooS 既有前端資安頁面整合 + IwoooS 覆蓋與邊界矩陣 + IwoooS 只讀資安處理旅程 + IwoooS owner evidence readiness board + IwoooS host coverage view |
| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Source Control Ref Truth Owner Response 收件包 + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + GitHub Target Owner Decision Response 收件包 + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Gitea Owner Attestation Approval Lane 對齊 + Gitea Owner Attestation Response 收件包 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Workflow / Secret Name Owner Response 收件包 + Source Control Owner Response Validation Rollup + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 + IwoooS 前端態勢入口 + IwoooS posture projection contract + IwoooS 既有前端資安頁面整合 + IwoooS 覆蓋與邊界矩陣 + IwoooS 只讀資安處理旅程 + IwoooS owner evidence readiness board + IwoooS host coverage view + IwoooS host action gate matrix |
| 原則 | 低摩擦分階段文件、schema、read-only evidence 優先;不做 runtime enforcement、不切 primary |
## 0. 本階段完成後整體進度
@@ -74,6 +74,7 @@ python3 scripts/security/security-mirror-progress-guard.py
| S2.12 IwoooS operator journey projection | 已完成草案,將讀態勢、開既有頁面、判讀非阻擋分流、收 owner evidence、等待人工決策、準備後續 runtime gate 固定為 6 個只讀旅程階段 | 0 |
| S2.13 IwoooS owner evidence readiness board | 已完成草案,將 S4.9 / S4.10 / S4.11 / S4.12 owner response、redacted finding ingestion、Kali scan scope、follow-up runtime gate 固定為 7 個只讀 readiness items | 0 |
| S2.14 IwoooS host coverage view | 已完成草案,將 Kali 112、開發主機 168、開發主機 111 固定為 3 個只讀 host coverage itemsactive scan、SSH 變更、主機更新、credentialed scan 與 runtime control 仍未批准 | 0 |
| S2.15 IwoooS host action gate matrix | 已完成草案,將 active scan、credentialed scan、Kali `/execute`、SSH / host change、Kali update、runtime blocking control 固定為 6 個只讀 gate items | 0 |
headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner response 收到並通過脫敏驗收,或人工批准後出現 active runtime gate、redacted payload ingestion、GitHub primary readiness 這類落地 evidence。
@@ -107,6 +108,7 @@ headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner respons
| S2.12 IwoooS 只讀資安處理旅程 | 完成草案 | `/iwooos` 新增 6 階段處理旅程:讀態勢、開既有頁面、判讀非阻擋分流、收 owner evidence、等待人工決策、準備後續 runtime gate | 使用者能理解資安工作下一步,但每一步都是 status projection不是 execution queue 或 action button |
| S2.13 IwoooS Owner Evidence Readiness | 完成草案 | `/iwooos` 新增 owner evidence readiness board顯示下一步真正影響 headline progress 的 7 個 evidence / gate 缺口 | 使用者能理解為什麼 58% 不應灌水提高;全部 received / accepted 仍為 0不新增執行控制 |
| S2.14 IwoooS Host Coverage View | 完成草案 | `/iwooos` 新增主機覆蓋視圖,明確顯示 Kali 112 與 168 / 111 兩台開發主機已納入 observe-only 資安視野 | 使用者能看到指定主機已納管到資安架構視圖;仍不新增 SSH、scan、update、execute、credentialed scan 或 blocking control |
| S2.15 IwoooS Host Action Gate Matrix | 完成草案 | `/iwooos` 新增主機動作 gate 矩陣,將 active scan、credentialed scan、Kali `/execute`、SSH / host change、Kali update 與 runtime blocking control 拆成只讀 gate | 使用者能看懂主機動作為什麼仍需人工批准;仍不新增任何主機操作或 runtime enforcement |
| S3 approval gate | 進行中 | `security_approval_gate_v1` 已建立 8 個人工 gate items7 pending、1 block candidate、0 approved | 不得繞過人工批准;批准後仍需 follow-up runtime gate |
| S3.0 人工批准 Gate 契約 | 完成草案 | 定義批准範圍、決策選項、required reviewers、still forbidden 與 follow-up runtime gate | AwoooP 可記錄決策,不可執行 gate item |
| S3.1 人工決策紀錄契約 | 完成草案 | `security_approval_decision_record_v1` 已建立;目前 0 筆 decision records、0 個 runtime action 授權 | AwoooP 可稽核決策,不可把決策當執行 |

View File

@@ -40,7 +40,8 @@
"frontend_surface_conflict_control_count": 5,
"operator_journey_step_count": 6,
"owner_evidence_readiness_item_count": 7,
"host_coverage_item_count": 3
"host_coverage_item_count": 3,
"host_action_gate_item_count": 6
},
"progress": {
"overall_percent": 58,
@@ -115,6 +116,7 @@
"display_operator_journey_steps",
"display_owner_evidence_readiness_board",
"display_host_coverage_view",
"display_host_action_gate_matrix",
"display_evidence_refs",
"display_next_gate",
"display_forbidden_actions"
@@ -134,6 +136,10 @@
"ssh_to_host",
"update_kali_host",
"credentialed_scan_host",
"open_ssh_session",
"auto_update_host",
"run_host_package_upgrade",
"apply_runtime_blocking_control",
"production_deploy",
"treat_progress_as_authorization"
],
@@ -648,5 +654,117 @@
"action_buttons_allowed": false,
"not_authorization": true
}
],
"host_action_gate_items": [
{
"action_id": "host_active_scan_gate",
"display_order": 1,
"related_hosts": [
"192.168.0.112",
"192.168.0.168",
"192.168.0.111"
],
"required_gate": "kali_scan_scope_approval_v1",
"gate_state": "approval_required",
"display_mode": "gate_only",
"active_scan_authorized": false,
"credentialed_scan_authorized": false,
"ssh_change_authorized": false,
"host_update_authorized": false,
"runtime_execution_authorized": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"action_id": "host_credentialed_scan_gate",
"display_order": 2,
"related_hosts": [
"192.168.0.112",
"192.168.0.168",
"192.168.0.111"
],
"required_gate": "kali_scan_scope_approval_v1_and_credential_handling_review",
"gate_state": "locked_until_scope_and_credential_handling_approved",
"display_mode": "gate_only",
"active_scan_authorized": false,
"credentialed_scan_authorized": false,
"ssh_change_authorized": false,
"host_update_authorized": false,
"runtime_execution_authorized": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"action_id": "kali_execute_gate",
"display_order": 3,
"related_hosts": [
"192.168.0.112"
],
"required_gate": "security_followup_runtime_gate_v1",
"gate_state": "block_candidate_until_human_decision",
"display_mode": "gate_only",
"active_scan_authorized": false,
"credentialed_scan_authorized": false,
"ssh_change_authorized": false,
"host_update_authorized": false,
"runtime_execution_authorized": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"action_id": "ssh_host_change_gate",
"display_order": 4,
"related_hosts": [
"192.168.0.112",
"192.168.0.168",
"192.168.0.111"
],
"required_gate": "security_approval_gate_v1_with_change_plan_and_rollback_evidence",
"gate_state": "approval_required",
"display_mode": "gate_only",
"active_scan_authorized": false,
"credentialed_scan_authorized": false,
"ssh_change_authorized": false,
"host_update_authorized": false,
"runtime_execution_authorized": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"action_id": "kali_host_update_gate",
"display_order": 5,
"related_hosts": [
"192.168.0.112"
],
"required_gate": "security_approval_gate_v1_with_maintenance_window",
"gate_state": "approval_required",
"display_mode": "gate_only",
"active_scan_authorized": false,
"credentialed_scan_authorized": false,
"ssh_change_authorized": false,
"host_update_authorized": false,
"runtime_execution_authorized": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"action_id": "runtime_blocking_control_gate",
"display_order": 6,
"related_hosts": [
"192.168.0.112",
"192.168.0.168",
"192.168.0.111"
],
"required_gate": "security_followup_runtime_gate_v1_after_accepted_decision_record",
"gate_state": "locked_until_human_decision_active_gate_zero",
"display_mode": "gate_only",
"active_scan_authorized": false,
"credentialed_scan_authorized": false,
"ssh_change_authorized": false,
"host_update_authorized": false,
"runtime_execution_authorized": false,
"action_buttons_allowed": false,
"not_authorization": true
}
]
}

View File

@@ -684,6 +684,18 @@
"runtime_delta": false,
"execution_authorized": false,
"not_authorization": true
},
{
"delta_id": "s2_15_iwooos_host_action_gate_matrix",
"display_order": 44,
"completed_stage": "S2.15 IwoooS host action gate matrix",
"progress_axis": "framework_detail",
"headline_percent_delta": 0,
"framework_delta_visible": true,
"why_headline_unchanged": "IwoooS host action gate matrix 只把 active scan、credentialed scan、Kali /execute、SSH/host change、Kali host update 與 runtime blocking control 拆成只讀 gate所有 active_scan、credentialed_scan、ssh_change、host_update、runtime execution 與 action button 仍為 false。",
"runtime_delta": false,
"execution_authorized": false,
"not_authorization": true
}
],
"next_safe_actions": [