{ "asset_groups": [ { "action_button": 0, "evidence_ref_states": [ { "exists": true, "ref": "docs/security/PUBLIC-GATEWAY-PREFLIGHT-INVENTORY.md" }, { "exists": true, "ref": "docs/security/public-gateway-preflight-inventory.snapshot.json" }, { "exists": true, "ref": "docs/security/PUBLIC-GATEWAY-POST-INCIDENT-READBACK-PLAN.md" }, { "exists": true, "ref": "docs/security/public-gateway-post-incident-readback-plan.snapshot.json" } ], "evidence_refs": [ "docs/security/PUBLIC-GATEWAY-PREFLIGHT-INVENTORY.md", "docs/security/public-gateway-preflight-inventory.snapshot.json", "docs/security/PUBLIC-GATEWAY-POST-INCIDENT-READBACK-PLAN.md", "docs/security/public-gateway-post-incident-readback-plan.snapshot.json" ], "group_id": "public_gateway_nginx", "label": "Nginx / Public Gateway / Route", "live_evidence_accepted": 0, "next_owner_action": "補 owner-provided live conf、rendered diff、nginx -t、route smoke、rollback owner。", "owner_packet_status": "waiting_asset_owner_packet", "owner_response_accepted": 0, "owner_response_received": 0, "priority": "P0", "raw_payload_allowed": false, "redacted_evidence_refs_required": true, "runtime_gate": 0, "scope": "公開入口、API、WebSocket、ACME、admin route、Ollama proxy", "secret_value_collection_allowed": false, "tier": "C0" }, { "action_button": 0, "evidence_ref_states": [ { "exists": true, "ref": "docs/security/DOMAIN-TLS-CERTBOT-INVENTORY.md" }, { "exists": true, "ref": "docs/security/domain-tls-certbot-inventory.snapshot.json" }, { "exists": true, "ref": "docs/security/DOMAIN-TLS-CERTBOT-OWNER-RESPONSE-ACCEPTANCE.md" }, { "exists": true, "ref": "docs/security/domain-tls-certbot-owner-response-acceptance.snapshot.json" } ], "evidence_refs": [ "docs/security/DOMAIN-TLS-CERTBOT-INVENTORY.md", "docs/security/domain-tls-certbot-inventory.snapshot.json", "docs/security/DOMAIN-TLS-CERTBOT-OWNER-RESPONSE-ACCEPTANCE.md", "docs/security/domain-tls-certbot-owner-response-acceptance.snapshot.json" ], "group_id": "dns_tls_certbot", "label": "DNS / TLS / Certbot", "live_evidence_accepted": 0, "next_owner_action": "補 SAN / wildcard 覆蓋依據、expiry metadata、renewal owner、ACME route owner。", "owner_packet_status": "waiting_asset_owner_packet", "owner_response_accepted": 0, "owner_response_received": 0, "priority": "P0", "raw_payload_allowed": false, "redacted_evidence_refs_required": true, "runtime_gate": 0, "scope": "domain、certificate path、ACME、renewal owner、TLS route", "secret_value_collection_allowed": false, "tier": "C0" }, { "action_button": 0, "evidence_ref_states": [ { "exists": true, "ref": "docs/security/HOST-SERVICE-CONFIG-INVENTORY.md" }, { "exists": true, "ref": "docs/security/host-service-config-inventory.snapshot.json" }, { "exists": true, "ref": "docs/security/HOST-SERVICE-POST-INCIDENT-READBACK-PLAN.md" }, { "exists": true, "ref": "docs/security/host-service-post-incident-readback-plan.snapshot.json" } ], "evidence_refs": [ "docs/security/HOST-SERVICE-CONFIG-INVENTORY.md", "docs/security/host-service-config-inventory.snapshot.json", "docs/security/HOST-SERVICE-POST-INCIDENT-READBACK-PLAN.md", "docs/security/host-service-post-incident-readback-plan.snapshot.json" ], "group_id": "host_service_runtime", "label": "Docker / systemd / Host Service", "live_evidence_accepted": 0, "next_owner_action": "補 live hash metadata、incident readback、restart window、rollback owner、post-check。", "owner_packet_status": "waiting_asset_owner_packet", "owner_response_accepted": 0, "owner_response_received": 0, "priority": "P0", "raw_payload_allowed": false, "redacted_evidence_refs_required": true, "runtime_gate": 0, "scope": "Docker Compose、systemd、repair-bot、port binding、process / persistence baseline", "secret_value_collection_allowed": false, "tier": "C0" }, { "action_button": 0, "evidence_ref_states": [ { "exists": true, "ref": "docs/security/SSH-NETWORK-ACCESS-INVENTORY.md" }, { "exists": true, "ref": "docs/security/ssh-network-access-inventory.snapshot.json" }, { "exists": true, "ref": "docs/security/SSH-NETWORK-POST-INCIDENT-READBACK-PLAN.md" }, { "exists": true, "ref": "docs/security/ssh-network-post-incident-readback-plan.snapshot.json" } ], "evidence_refs": [ "docs/security/SSH-NETWORK-ACCESS-INVENTORY.md", "docs/security/ssh-network-access-inventory.snapshot.json", "docs/security/SSH-NETWORK-POST-INCIDENT-READBACK-PLAN.md", "docs/security/ssh-network-post-incident-readback-plan.snapshot.json" ], "group_id": "ssh_firewall_network", "label": "SSH / Firewall / WireGuard / NodePort", "live_evidence_accepted": 0, "next_owner_action": "補 actor、before / after state、impact、operator notification、restoration evidence。", "owner_packet_status": "waiting_asset_owner_packet", "owner_response_accepted": 0, "owner_response_received": 0, "priority": "P0", "raw_payload_allowed": false, "redacted_evidence_refs_required": true, "runtime_gate": 0, "scope": "SSH target、known_hosts、sudoers、firewall、WireGuard、NetworkPolicy、NodePort", "secret_value_collection_allowed": false, "tier": "C0" }, { "action_button": 0, "evidence_ref_states": [ { "exists": true, "ref": "docs/security/K8S-ARGOCD-MANIFEST-INVENTORY.md" }, { "exists": true, "ref": "docs/security/k8s-argocd-manifest-inventory.snapshot.json" }, { "exists": true, "ref": "docs/security/K8S-ARGOCD-POST-INCIDENT-READBACK-PLAN.md" }, { "exists": true, "ref": "docs/security/k8s-argocd-post-incident-readback-plan.snapshot.json" } ], "evidence_refs": [ "docs/security/K8S-ARGOCD-MANIFEST-INVENTORY.md", "docs/security/k8s-argocd-manifest-inventory.snapshot.json", "docs/security/K8S-ARGOCD-POST-INCIDENT-READBACK-PLAN.md", "docs/security/k8s-argocd-post-incident-readback-plan.snapshot.json" ], "group_id": "k8s_argocd_gitops", "label": "K8s / ArgoCD / GitOps", "live_evidence_accepted": 0, "next_owner_action": "補 ArgoCD revision、health / sync、rendered manifest diff、rollback revision、postcheck owner。", "owner_packet_status": "waiting_asset_owner_packet", "owner_response_accepted": 0, "owner_response_received": 0, "priority": "P0", "raw_payload_allowed": false, "redacted_evidence_refs_required": true, "runtime_gate": 0, "scope": "K8s manifests、ArgoCD app、RBAC、NetworkPolicy、CronJob、Velero", "secret_value_collection_allowed": false, "tier": "C0" }, { "action_button": 0, "evidence_ref_states": [ { "exists": true, "ref": "docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-INVENTORY.md" }, { "exists": true, "ref": "docs/security/source-control-workflow-secret-name-inventory.snapshot.json" }, { "exists": true, "ref": "docs/security/CD-RUNNER-SECRET-INJECTION-POST-INCIDENT-READBACK-PLAN.md" }, { "exists": true, "ref": "docs/security/cd-runner-secret-injection-post-incident-readback-plan.snapshot.json" } ], "evidence_refs": [ "docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-INVENTORY.md", "docs/security/source-control-workflow-secret-name-inventory.snapshot.json", "docs/security/CD-RUNNER-SECRET-INJECTION-POST-INCIDENT-READBACK-PLAN.md", "docs/security/cd-runner-secret-injection-post-incident-readback-plan.snapshot.json" ], "group_id": "workflow_runner_secret", "label": "Gitea Workflow / Runner / Secret Metadata", "live_evidence_accepted": 0, "next_owner_action": "補 runner attestation、workspace cleanup、secret injection route、log redaction、Gitea run readback。", "owner_packet_status": "waiting_asset_owner_packet", "owner_response_accepted": 0, "owner_response_received": 0, "priority": "P0", "raw_payload_allowed": false, "redacted_evidence_refs_required": true, "runtime_gate": 0, "scope": "workflow、runner label、deploy key、webhook、secret name parity、redaction guard", "secret_value_collection_allowed": false, "tier": "C0" }, { "action_button": 0, "evidence_ref_states": [ { "exists": true, "ref": "docs/security/GITEA-GITHUB-MIGRATION-INVENTORY.md" }, { "exists": true, "ref": "docs/security/SOURCE-CONTROL-PRIMARY-READINESS-GATE.md" }, { "exists": true, "ref": "docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md" }, { "exists": true, "ref": "docs/security/source-control-primary-readiness-gate.snapshot.json" } ], "evidence_refs": [ "docs/security/GITEA-GITHUB-MIGRATION-INVENTORY.md", "docs/security/SOURCE-CONTROL-PRIMARY-READINESS-GATE.md", "docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md", "docs/security/source-control-primary-readiness-gate.snapshot.json" ], "group_id": "source_control_repo_visibility", "label": "Gitea / GitHub / Source Control", "live_evidence_accepted": 0, "next_owner_action": "補 owner response;不得建立 repo、改 visibility、sync refs 或切 primary。", "owner_packet_status": "waiting_asset_owner_packet", "owner_response_accepted": 0, "owner_response_received": 0, "priority": "P0", "raw_payload_allowed": false, "redacted_evidence_refs_required": true, "runtime_gate": 0, "scope": "repo visibility、canonical refs、GitHub primary readiness、branch / tag / workflow boundary", "secret_value_collection_allowed": false, "tier": "C0" }, { "action_button": 0, "evidence_ref_states": [ { "exists": true, "ref": "docs/security/WAZUH-IWOOOS-INTRUSION-READBACK-PLAN.md" }, { "exists": true, "ref": "docs/security/wazuh-iwooos-intrusion-readback-plan.snapshot.json" }, { "exists": true, "ref": "docs/security/SOC-SIEM-KALI-WAZUH-INTEGRATION-CONTROL.md" }, { "exists": true, "ref": "docs/security/soc-siem-kali-wazuh-integration-control.snapshot.json" } ], "evidence_refs": [ "docs/security/WAZUH-IWOOOS-INTRUSION-READBACK-PLAN.md", "docs/security/wazuh-iwooos-intrusion-readback-plan.snapshot.json", "docs/security/SOC-SIEM-KALI-WAZUH-INTEGRATION-CONTROL.md", "docs/security/soc-siem-kali-wazuh-integration-control.snapshot.json" ], "group_id": "wazuh_endpoint_siem", "label": "Wazuh / Endpoint / SIEM", "live_evidence_accepted": 0, "next_owner_action": "補 Wazuh health refs、agent refs、event refs、rule / decoder readback 與 no-raw-payload attestation。", "owner_packet_status": "waiting_asset_owner_packet", "owner_response_accepted": 0, "owner_response_received": 0, "priority": "P0", "raw_payload_allowed": false, "redacted_evidence_refs_required": true, "runtime_gate": 0, "scope": "Wazuh manager、agent、FIM、rule / decoder、event ref、active response dry-run boundary", "secret_value_collection_allowed": false, "tier": "C0" }, { "action_button": 0, "evidence_ref_states": [ { "exists": true, "ref": "docs/security/KALI-INTEGRATION-STATUS.md" }, { "exists": true, "ref": "docs/security/kali-integration-status.snapshot.json" }, { "exists": true, "ref": "docs/security/KALI-112-MAINTENANCE-WINDOW-DRAFT.md" }, { "exists": true, "ref": "docs/security/kali-112-maintenance-window-draft.snapshot.json" } ], "evidence_refs": [ "docs/security/KALI-INTEGRATION-STATUS.md", "docs/security/kali-integration-status.snapshot.json", "docs/security/KALI-112-MAINTENANCE-WINDOW-DRAFT.md", "docs/security/kali-112-maintenance-window-draft.snapshot.json" ], "group_id": "kali_112_assessment", "label": "Kali 112 / Assessment Tooling", "live_evidence_accepted": 0, "next_owner_action": "補 scope ref、health ref、normalized finding envelope;active scan 與 /execute 仍獨立批准。", "owner_packet_status": "waiting_asset_owner_packet", "owner_response_accepted": 0, "owner_response_received": 0, "priority": "P0", "raw_payload_allowed": false, "redacted_evidence_refs_required": true, "runtime_gate": 0, "scope": "Kali health、tool version、scope、finding envelope、maintenance window", "secret_value_collection_allowed": false, "tier": "C0" }, { "action_button": 0, "evidence_ref_states": [ { "exists": true, "ref": "docs/security/MONITORING-ALERTING-OBSERVABILITY-INVENTORY.md" }, { "exists": true, "ref": "docs/security/monitoring-alerting-observability-inventory.snapshot.json" }, { "exists": true, "ref": "docs/security/MONITORING-POST-INCIDENT-READBACK-PLAN.md" }, { "exists": true, "ref": "docs/security/monitoring-post-incident-readback-plan.snapshot.json" } ], "evidence_refs": [ "docs/security/MONITORING-ALERTING-OBSERVABILITY-INVENTORY.md", "docs/security/monitoring-alerting-observability-inventory.snapshot.json", "docs/security/MONITORING-POST-INCIDENT-READBACK-PLAN.md", "docs/security/monitoring-post-incident-readback-plan.snapshot.json" ], "group_id": "monitoring_alerting_observability", "label": "Monitoring / Alerting / Observability", "live_evidence_accepted": 0, "next_owner_action": "補 route owner、receiver diff、receipt evidence、noise budget、reload owner 與 no-false-green。", "owner_packet_status": "waiting_asset_owner_packet", "owner_response_accepted": 0, "owner_response_received": 0, "priority": "P0", "raw_payload_allowed": false, "redacted_evidence_refs_required": true, "runtime_gate": 0, "scope": "Prometheus、Alertmanager、Telegram route、SigNoz、Sentry、Langfuse、no-false-green", "secret_value_collection_allowed": false, "tier": "C0" }, { "action_button": 0, "evidence_ref_states": [ { "exists": true, "ref": "docs/security/BACKUP-RESTORE-ESCROW-INVENTORY.md" }, { "exists": true, "ref": "docs/security/backup-restore-escrow-inventory.snapshot.json" }, { "exists": true, "ref": "docs/security/BACKUP-RESTORE-POST-INCIDENT-READBACK-PLAN.md" }, { "exists": true, "ref": "docs/security/backup-restore-post-incident-readback-plan.snapshot.json" } ], "evidence_refs": [ "docs/security/BACKUP-RESTORE-ESCROW-INVENTORY.md", "docs/security/backup-restore-escrow-inventory.snapshot.json", "docs/security/BACKUP-RESTORE-POST-INCIDENT-READBACK-PLAN.md", "docs/security/backup-restore-post-incident-readback-plan.snapshot.json" ], "group_id": "backup_restore_dr", "label": "Backup / Restore / DR / Escrow", "live_evidence_accepted": 0, "next_owner_action": "補 restore drill、offsite sync ref、escrow non-secret proof、retention runway、DR scorecard。", "owner_packet_status": "waiting_asset_owner_packet", "owner_response_accepted": 0, "owner_response_received": 0, "priority": "P0", "raw_payload_allowed": false, "redacted_evidence_refs_required": true, "runtime_gate": 0, "scope": "backup scripts、restic、offsite、credential escrow、Velero、restore drill、retention", "secret_value_collection_allowed": false, "tier": "C0" }, { "action_button": 0, "evidence_ref_states": [ { "exists": true, "ref": "docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md" }, { "exists": true, "ref": "docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md" }, { "exists": true, "ref": "docs/security/security-supply-chain-contract-manifest.snapshot.json" }, { "exists": true, "ref": "docs/evaluations/dependency_supply_chain_drift_monitor_2026-06-18.json" } ], "evidence_refs": [ "docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md", "docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md", "docs/security/security-supply-chain-contract-manifest.snapshot.json", "docs/evaluations/dependency_supply_chain_drift_monitor_2026-06-18.json" ], "group_id": "container_registry_supply_chain", "label": "Harbor / Registry / SBOM / Supply Chain", "live_evidence_accepted": 0, "next_owner_action": "補 SBOM / VEX / provenance intake、image signing、KEV / EPSS / exposure SLA。", "owner_packet_status": "waiting_asset_owner_packet", "owner_response_accepted": 0, "owner_response_received": 0, "priority": "P0", "raw_payload_allowed": false, "redacted_evidence_refs_required": true, "runtime_gate": 0, "scope": "Harbor、registry、image tag、SBOM、Cosign、SLSA、dependency drift、CVE / KEV", "secret_value_collection_allowed": false, "tier": "C0" }, { "action_button": 0, "evidence_ref_states": [ { "exists": true, "ref": "docs/security/PUBLIC-RUNTIME-CONFIG-CHANGE-EVIDENCE-ACCEPTANCE.md" }, { "exists": true, "ref": "docs/security/public-runtime-config-change-evidence-acceptance.snapshot.json" }, { "exists": true, "ref": "docs/security/public-frontend-sensitive-surface-guard.snapshot.json" }, { "exists": true, "ref": "docs/HARD_RULES.md" } ], "evidence_refs": [ "docs/security/PUBLIC-RUNTIME-CONFIG-CHANGE-EVIDENCE-ACCEPTANCE.md", "docs/security/public-runtime-config-change-evidence-acceptance.snapshot.json", "docs/security/public-frontend-sensitive-surface-guard.snapshot.json", "docs/HARD_RULES.md" ], "group_id": "public_admin_api_runtime", "label": "Public / Admin / API / Frontend Runtime", "live_evidence_accepted": 0, "next_owner_action": "補 route owner、API contract readback、CORS diff、desktop / mobile smoke、bundle sensitive scan。", "owner_packet_status": "waiting_asset_owner_packet", "owner_response_accepted": 0, "owner_response_received": 0, "priority": "P0", "raw_payload_allowed": false, "redacted_evidence_refs_required": true, "runtime_gate": 0, "scope": "public URL、CORS、auth boundary、middleware、webhook、frontend env、i18n redaction", "secret_value_collection_allowed": false, "tier": "C0" }, { "action_button": 0, "evidence_ref_states": [ { "exists": true, "ref": "docs/security/AI-PROVIDER-OWNER-RESPONSE-ACCEPTANCE.md" }, { "exists": true, "ref": "docs/security/ai-provider-owner-response-acceptance.snapshot.json" }, { "exists": true, "ref": "docs/ai" }, { "exists": true, "ref": "docs/superpowers/specs/2026-04-15-MASTER-ai-autonomous-flywheel-v2.md" } ], "evidence_refs": [ "docs/security/AI-PROVIDER-OWNER-RESPONSE-ACCEPTANCE.md", "docs/security/ai-provider-owner-response-acceptance.snapshot.json", "docs/ai", "docs/superpowers/specs/2026-04-15-MASTER-ai-autonomous-flywheel-v2.md" ], "group_id": "ai_provider_agent_runtime", "label": "AI Provider / Model Router / Agent Runtime", "live_evidence_accepted": 0, "next_owner_action": "補 dry-run、benchmark、cost review、privacy review、fallback order 與 rollback owner。", "owner_packet_status": "waiting_asset_owner_packet", "owner_response_accepted": 0, "owner_response_received": 0, "priority": "P0", "raw_payload_allowed": false, "redacted_evidence_refs_required": true, "runtime_gate": 0, "scope": "OpenClaw、Ollama、NemoTron、Hermes、Gemini、MCP / A2A、tool allowlist、cost / privacy", "secret_value_collection_allowed": false, "tier": "C0" }, { "action_button": 0, "evidence_ref_states": [ { "exists": true, "ref": "docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md" }, { "exists": true, "ref": "docs/security/VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md" }, { "exists": true, "ref": "docs/security/AGENT-BOUNTY-IWOOOS-ONBOARDING-HANDOFF.md" }, { "exists": true, "ref": "docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json" } ], "evidence_refs": [ "docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md", "docs/security/VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md", "docs/security/AGENT-BOUNTY-IWOOOS-ONBOARDING-HANDOFF.md", "docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json" ], "group_id": "product_surface_runtime_routes", "label": "Product Surface / Runtime Route", "live_evidence_accepted": 0, "next_owner_action": "補逐產品 owner、route、admin、API、backup、webhook、rollback 與 validation 指標。", "owner_packet_status": "waiting_asset_owner_packet", "owner_response_accepted": 0, "owner_response_received": 0, "priority": "P1", "raw_payload_allowed": false, "redacted_evidence_refs_required": true, "runtime_gate": 0, "scope": "AWOOOI、AwoooP、IwoooS、VibeWork、agent-bounty-protocol、StockPlatform、Tsenyang、Bitan", "secret_value_collection_allowed": false, "tier": "C1" }, { "action_button": 0, "evidence_ref_states": [ { "exists": true, "ref": "docs/LOGBOOK.md" }, { "exists": true, "ref": "apps/api/src/services/repair_candidate_service.py" }, { "exists": true, "ref": "apps/api/src/services/telegram_gateway.py" }, { "exists": true, "ref": "apps/web/src/app/[locale]/awooop/work-items/page.tsx" } ], "evidence_refs": [ "docs/LOGBOOK.md", "apps/api/src/services/repair_candidate_service.py", "apps/api/src/services/telegram_gateway.py", "apps/web/src/app/[locale]/awooop/work-items/page.tsx" ], "group_id": "automation_asset_sedimentation", "label": "KM / PlayBook / Script / Schedule / Verifier", "live_evidence_accepted": 0, "next_owner_action": "補 incident / approval / manual handoff writeback contract,讓資產總帳從可視化進入可追蹤閉環。", "owner_packet_status": "waiting_asset_owner_packet", "owner_response_accepted": 0, "owner_response_received": 0, "priority": "P1", "raw_payload_allowed": false, "redacted_evidence_refs_required": true, "runtime_gate": 0, "scope": "incident、approval、repair candidate、manual handoff 的自動化資產沉澱", "secret_value_collection_allowed": false, "tier": "C1" } ], "blocked_actions": [ "ssh_to_host", "read_live_host_log", "write_host_file", "nginx_reload", "certbot_renew", "dns_change", "firewall_change", "wireguard_change", "nodeport_change", "networkpolicy_apply", "kubectl_action", "argocd_sync", "helm_upgrade", "docker_restart", "docker_compose_up", "systemctl_restart", "repair_bot_execute", "ansible_apply", "wazuh_active_response", "wazuh_rule_change", "kali_active_scan", "kali_execute", "nmap_scan", "nuclei_scan", "trivy_live_scan", "package_upgrade", "workflow_modify", "workflow_dispatch", "runner_restart", "secret_read", "secret_rotate", "webhook_modify", "deploy_key_modify", "refs_sync", "force_push", "github_primary_switch", "backup_run", "restore_run", "offsite_sync", "remote_delete", "telegram_send", "soar_case_create", "auto_block", "production_write" ], "execution_boundaries": { "action_buttons_allowed": false, "argocd_sync_authorized": false, "auto_block_authorized": false, "firewall_change_authorized": false, "host_write_authorized": false, "kali_active_scan_authorized": false, "kali_execute_authorized": false, "nginx_reload_authorized": false, "not_authorization": true, "production_write_authorized": false, "runtime_execution_authorized": false, "secret_value_collection_allowed": false, "soar_action_authorized": false, "ssh_read_authorized": false, "telegram_send_authorized": false, "wazuh_active_response_authorized": false, "workflow_modification_authorized": false }, "generated_at": "2026-06-18T13:44:00+08:00", "git_commit": "c7597df2", "outcome_lanes": [ "waiting_asset_owner_packet", "request_gateway_supplement", "request_host_service_supplement", "request_network_supplement", "request_wazuh_kali_supplement", "request_backup_restore_supplement", "request_supply_chain_supplement", "request_product_surface_supplement", "quarantine_secret_or_raw_payload", "ready_for_security_reviewer_review" ], "required_owner_fields": [ "asset_group_id", "asset_alias", "owner_role", "owner_team", "business_impact", "technical_scope", "affected_routes_or_services", "data_classification", "redacted_evidence_refs", "source_of_truth_ref", "live_state_ref", "config_diff_ref", "monitoring_signal_ref", "wazuh_or_siem_ref", "kali_scope_ref", "backup_restore_ref", "supply_chain_ref", "secret_absence_attestation", "raw_payload_absence_attestation", "maintenance_window", "rollback_owner", "postcheck_owner", "followup_owner", "decision_reason" ], "reviewer_checks": [ "asset alias 不得暴露個人 namespace", "owner role / team 必填", "source-of-truth 必須可追溯", "live evidence 只能收脫敏 ref", "secret value / hash / partial token 一律拒收", "raw Wazuh / raw Kali output 一律拒收", "Nginx / firewall / K8s / workflow 變更需獨立 runtime approval", "route 200 不得當資安完成", "dashboard 可見不得當 remediation 完成", "backup 存在不得當 restore drill 完成", "Kali 納入範圍不得當 active scan 授權", "Wazuh event 可見不得當 active response 授權", "repo snapshot 不得當 live host truth", "事故後回讀需含 actor、before / after、impact、postcheck", "no-false-green 必須明確標示", "owner response received / accepted 必須維持 0,除非有實際收件", "runtime gate 必須維持 0", "action button 必須維持 0", "Gitea / GitHub refs 不得自動同步", "GitHub primary 不得自動切換", "Telegram 不得實發", "SOAR 不得 auto block", "AI agent 不得讀 secret 或 host write", "LOGBOOK 不得包含內部對話逐字稿" ], "schema_version": "security_asset_control_ledger_v1", "status": "security_asset_control_ledger_ready_no_runtime_action", "summary": { "action_button_count": 0, "active_scan_authorized_count": 0, "asset_group_count": 16, "auto_block_authorized_count": 0, "blocked_action_count": 44, "c0_asset_group_count": 14, "c1_asset_group_count": 2, "evidence_ref_count": 64, "existing_evidence_ref_count": 64, "host_write_authorized_count": 0, "iwooos_headline_progress_percent": 64, "kali_execute_authorized_count": 0, "live_evidence_accepted_count": 0, "missing_evidence_ref_count": 0, "outcome_lane_count": 10, "owner_packet_required_count": 16, "owner_response_accepted_count": 0, "owner_response_received_count": 0, "p0_asset_group_count": 14, "p1_asset_group_count": 2, "raw_payload_stored_count": 0, "required_owner_field_count": 24, "reviewer_check_count": 24, "runtime_gate_count": 0, "secret_value_collected_count": 0, "security_asset_control_ledger_completion_percent": 100, "soar_action_authorized_count": 0, "wazuh_active_response_authorized_count": 0 } }