# IwoooS Public Gateway Live Conf 匯出請求包 | 項目 | 內容 | |------|------| | 日期 | 2026-06-14 | | 狀態 | `live_conf_export_request_ready_not_dispatched` | | 工具 | `scripts/security/public-gateway-live-conf-export-request.py` | | 輸入 | `docs/security/public-gateway-preflight-inventory.snapshot.json` | | Snapshot | `docs/security/public-gateway-live-conf-export-request.snapshot.json` | | runtime gate | `0` | ## 1. 目的 Nginx public gateway 是公開網站、API、Webhook、ACME 與 WebSocket 的共同入口。若 live Nginx conf 常被手動修改,IwoooS 不能直接 SSH 去讀或覆寫 live conf;第一步應先建立 owner-provided live conf 匯出請求包,明確規定只能收脫敏 export ref,且不得保存 raw live conf。 本文件只定義匯出請求草稿、脫敏規則與送後不變條件。它不是 request sent、不是 live conf received、不是 rendered diff ready、不是 `nginx -t`、不是 reload、不是 route smoke,也不是 production write 或 runtime gate 授權。 ## 2. 摘要 | 指標 | 值 | 說明 | |------|----|------| | export request count | `3` | 188 all sites、188 internal tools HTTPS、110 Ollama proxy | | C0 export request count | `2` | 188 all sites 與 188 internal tools HTTPS | | export request field count | `12` | 每份匯出請求的 handoff 欄位 | | redaction rule count | `8` | raw live conf 與敏感資訊拒收規則 | | request sent | `0` | 尚未送出匯出請求 | | recipient confirmed | `0` | 尚未確認 owner / recipient | | redacted export received | `0` | 尚未收到脫敏 export ref | | raw live conf stored | `0` | 不允許保存 | | rendered diff / nginx -t / route smoke | `0 / 0 / 0` | 尚未批准且未執行 | | runtime gate / action button | `0 / 0` | 未開啟 | ## 3. Redaction Policy 1. 只收 owner 提供的脫敏 live conf export ref,不收 raw live conf。 2. 不得包含 TLS private key、token、secret、cookie、session、authorization header 或 Basic Auth credential。 3. 若 upstream URL 含 credential,必須整段遮罩為 `redacted_upstream_credential`。 4. 若路徑含 private credential、query token 或 webhook secret,必須整段遮罩。 5. 允許保留 server name、listen、location、proxy pass host / port、ACME path、TLS certificate path metadata。 6. 不得貼主機 shell history、完整環境變數、私鑰內容、DB URL 或未脫敏 log。 7. 疑似敏感 payload 只能記 quarantine metadata,不得寫入 repo、LOGBOOK 或前端。 8. 匯出請求不等於 `nginx -t`、reload、route smoke、DNS / TLS probe 或 production write 授權。 ## 4. 匯出請求欄位 | 欄位 | 內容規則 | |------|----------| | `export_request_id` | 固定對應 public gateway live conf export,不建立 runtime action id | | `config_id` | 對應 public gateway preflight row | | `host` | 只記 host scope;不代表可 SSH | | `live_path` | 只記 owner 需提供的 live path metadata;不代表已讀取 | | `export_owner_role_or_team` | 只填 role / team,不填私人憑證或聯絡資訊 | | `export_method` | 固定 `owner_provided_redacted_export_only` | | `redaction_policy_ref` | 指向本文件脫敏規則 | | `redacted_live_conf_ref` | 未收到前為空;收到後只可填脫敏 ref | | `source_snapshot_ref` | 指向 repo-only preflight snapshot | | `intended_use` | 固定 `rendered_diff_and_route_change_preflight_only` | | `followup_owner` | 後續補證或審查負責 role / team | | `not_approval` | 必須為 `true` | ## 5. 三份請求 | Request | Control tier | Live path | 邊界 | |---------|--------------|-----------|------| | `public_gateway_live_conf_export:host188_all_sites` | `C0` | `/etc/nginx/sites-enabled/all-sites.conf` | 只請 owner 提供脫敏 export ref,不代表 SSH 讀取、rendered diff、`nginx -t` 或 reload | | `public_gateway_live_conf_export:host188_internal_tools_https` | `C0` | `owner_confirmation_required` | 只請 owner 確認 live path 與脫敏 export ref,不代表 route change | | `public_gateway_live_conf_export:host110_ollama_proxy` | `C1` | `/etc/nginx/sites-enabled/110-ollama-proxy.conf` | 只請 owner 提供脫敏 export ref,不代表 Ollama proxy 改動或重啟 | ## 6. 送後不變條件 即使未來人工送出請求,也只能在有可稽核送件 metadata 後另行記錄 request sent。收到脫敏 export ref 後,仍需先做敏感 payload 隔離檢查;通過後才可進 rendered diff。Rendered diff 成立仍不代表 `nginx -t`、reload、route smoke 或 public route change 已授權。 2026-06-14 P0-16 已新增 `docs/security/PUBLIC-GATEWAY-REDACTED-EXPORT-INTAKE-PREFLIGHT.md` 與 `docs/security/public-gateway-redacted-export-intake-preflight.snapshot.json`,將三份 export request 轉成 redacted export 收件預檢候選。該預檢仍保持 request sent、recipient confirmed、redacted export received、accepted、quarantine、rejected、rendered diff、`nginx -t`、reload、route smoke、runtime gate 全部為 `0`。 ## 7. 指令 產生 committed snapshot: ```bash python3 scripts/security/public-gateway-live-conf-export-request.py \ --root . \ --preflight-report docs/security/public-gateway-preflight-inventory.snapshot.json \ --output docs/security/public-gateway-live-conf-export-request.snapshot.json \ --generated-at 2026-06-14T19:05:00+08:00 ``` 驗證 guard: ```bash python3 scripts/security/security-mirror-progress-guard.py --root . ``` ## 8. 完成度 | 工作 | 完成度 | 說明 | |------|--------|------| | live conf export request artifact | `100%` | 產生器、snapshot 與文件已固定 | | request dispatch | `0%` | 尚未送出 | | redacted export received | `0%` | 尚未收到 | | rendered diff / nginx -t / route smoke | `0%` | 尚未批准且未執行 | | runtime reload / host write | `0%` | 未授權且未執行 |