Files
awoooi/docs/security/high-value-config-control-coverage.snapshot.json

749 lines
43 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"coverage_categories": [
{
"action_buttons_allowed": false,
"category_id": "nginx_public_gateway",
"control_tier": "C0",
"coverage_percent": 92,
"coverage_status": "post_incident_readback_plan_ready_needs_public_gateway_owner_evidence",
"current_gap": "已固定 owner response acceptance、手動 / 緊急 gateway 變更回補欄位、rendered diff evidence acceptance 與 post-incident readback plan 只讀帳本actor、時間窗、改前改後 route、source-to-live diff、nginx -t readback、reload / no-reload、route smoke、TLS / ACME、WebSocket、upstream、AI provider、monitoring、跨專案同步、防再發與 no-false-green 已納入owner response、live conf、rendered diff evidence、nginx -t evidence、route smoke evidence、事故回讀包、maintenance window 與 rollback owner 仍全部為 0。",
"evidence_refs": [
"docs/security/NGINX-CONFIG-DRIFT-DETECTOR.md",
"docs/security/nginx-config-drift-repo.snapshot.json",
"docs/security/DOMAIN-TLS-CERTBOT-INVENTORY.md",
"docs/security/PUBLIC-GATEWAY-PREFLIGHT-INVENTORY.md",
"docs/security/public-gateway-preflight-inventory.snapshot.json",
"docs/security/PUBLIC-GATEWAY-OWNER-RESPONSE-ACCEPTANCE.md",
"docs/security/public-gateway-owner-response-acceptance.snapshot.json",
"docs/security/PUBLIC-GATEWAY-RENDERED-DIFF-ACCEPTANCE.md",
"docs/security/public-gateway-rendered-diff-acceptance.snapshot.json",
"docs/security/PUBLIC-GATEWAY-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/public-gateway-post-incident-readback-plan.snapshot.json",
"docs/schemas/public_gateway_preflight_inventory_v1.schema.json"
],
"label": "Nginx / reverse proxy / public route",
"next_owner_action": "補 Public Gateway / Nginx 事故回讀包owner 回覆、owner-provided live conf、source-to-live rendered diff ref、nginx -t evidence ref、route smoke evidence ref、change intent / break-glass、actor role / team、變更時間窗、改前改後 route state、upstream / WebSocket / TLS / ACME 影響、AI provider / monitoring 影響、跨專案同步、route health impact、rollback validation、post-change monitoring、recurrence guard、maintenance window 與 rollback owner。",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
"infra/ansible/roles/nginx/templates/*.j2",
"infra/ansible/playbooks/nginx-sync.yml",
"k8s/nginx/**",
"ops/nginx/**",
"docs/runbooks/disaster-recovery/DR-Nginx.md"
],
"priority": "P0",
"required_gate": "public_gateway_owner_response_required",
"required_validation": [
"rendered_diff",
"nginx_t",
"affected_route_smoke",
"admin_route_smoke_if_affected",
"acme_path_smoke_if_affected",
"rollback_ref"
],
"runtime_gate_open": false
},
{
"action_buttons_allowed": false,
"category_id": "dns_tls_certbot",
"control_tier": "C0",
"coverage_percent": 78,
"coverage_status": "owner_response_acceptance_ledger_ready_needs_certificate_owner_evidence",
"current_gap": "已固定 4 份 DNS / TLS / certbot owner response acceptance candidate仍缺 owner response、certificate coverage metadata ref、expiry metadata ref、renewal owner、ACME route owner、maintenance window、rollback owner 與 validation plan。",
"evidence_refs": [
"docs/security/DOMAIN-TLS-CERTBOT-INVENTORY.md",
"docs/security/domain-tls-certbot-inventory.snapshot.json",
"docs/security/DOMAIN-TLS-CERTBOT-OWNER-CONFIRMATION-REQUEST.md",
"docs/security/domain-tls-certbot-owner-confirmation-request.snapshot.json",
"docs/security/DOMAIN-TLS-CERTBOT-OWNER-RESPONSE-ACCEPTANCE.md",
"docs/security/domain-tls-certbot-owner-response-acceptance.snapshot.json"
],
"label": "DNS / TLS / certbot / certificate path",
"next_owner_action": "補 SAN / wildcard / 共用憑證覆蓋依據 ref、到期 metadata ref、renewal owner、ACME route owner、維護窗口、rollback owner 與 validation plan。",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
"docs/runbooks/REGISTRY-CERTBOT-188.md",
"docs/runbooks/**/*CERTBOT*.md",
"docs/runbooks/**/*TLS*.md",
"scripts/ops/**/*cert*",
"scripts/ops/**/*tls*",
"ops/**/*cert*",
"ops/**/*tls*",
"infra/**/*cert*",
"infra/**/*tls*",
"k8s/**/*tls*"
],
"priority": "P0",
"required_gate": "domain_tls_owner_response_required",
"required_validation": [
"domain_inventory",
"certificate_path_check",
"renewal_window",
"acme_path_smoke",
"public_https_smoke",
"rollback_ref"
],
"runtime_gate_open": false
},
{
"action_buttons_allowed": false,
"category_id": "k8s_production_gitops",
"control_tier": "C0",
"coverage_percent": 66,
"coverage_status": "post_incident_readback_plan_ready_needs_gitops_owner_evidence",
"current_gap": "已固定 owner response acceptance、GitOps 變更證據驗收與事故後回讀計畫只讀帳本ArgoCD sync / health / degraded、Pending workload、image pull / scheduling、rollout before-after、event / metrics / alert、drift scanner、CronJob schedule、NetworkPolicy / RBAC、route / AI provider / monitoring 影響、防再發與 no-false-green 已納入;仍缺 owner response、事故回讀包、rendered manifest diff、ArgoCD revision、maintenance window、rollback revision、post-check owner 與 no-secret-value evidence。",
"evidence_refs": [
"docs/security/HIGH-VALUE-CONFIG-CHANGE-GATE.md",
"docs/security/K8S-ARGOCD-MANIFEST-INVENTORY.md",
"docs/security/k8s-argocd-manifest-inventory.snapshot.json",
"docs/security/K8S-ARGOCD-OWNER-RESPONSE-ACCEPTANCE.md",
"docs/security/k8s-argocd-owner-response-acceptance.snapshot.json",
"docs/security/K8S-ARGOCD-CHANGE-EVIDENCE-ACCEPTANCE.md",
"docs/security/k8s-argocd-change-evidence-acceptance.snapshot.json",
"docs/security/K8S-ARGOCD-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/k8s-argocd-post-incident-readback-plan.snapshot.json",
"k8s/awoooi-prod",
"k8s/argocd"
],
"label": "K8s / ArgoCD / production manifests",
"next_owner_action": "補 GitOps / K8s 事故回讀包incident / change ref、actor role / team、ArgoCD sync / health / revision、degraded / Pending / image pull / scheduling 摘要、rollout before-after、event summary、metrics / alert、drift scanner、CronJob schedule、NetworkPolicy / Service / RBAC 影響、public/admin route、AI provider、monitoring、operator notification、cross-project sync、recovery 或 still-degraded ref、recurrence guard、maintenance window、rollback revision、rollback owner、post-check owner 與 no-secret-value evidence。",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
"k8s/awoooi-prod/**",
"k8s/argocd/**",
"k8s/velero/**",
"k8s/monitoring/**"
],
"priority": "P0",
"required_gate": "gitops_owner_response_required",
"required_validation": [
"gitops_diff",
"argocd_health_readback",
"sync_authorization_check",
"rollback_revision",
"post_deploy_health_if_executed"
],
"runtime_gate_open": false
},
{
"action_buttons_allowed": false,
"category_id": "secret_metadata",
"control_tier": "C0",
"coverage_percent": 70,
"coverage_status": "post_incident_readback_plan_ready_needs_secret_injection_owner_evidence",
"current_gap": "已固定 secret name / injection owner 變更證據驗收帳本並新增事故後回讀計畫secret name parity state、secret injection route、step-env secret guard、log redaction、deploy marker / Gitea run readback、rollback、post-check、防再發與 no-false-green 已納入secret value、hash、partial token、runner token、secret store read、secret rotation、repo secret change 與 injection path change 仍全部為 0。",
"evidence_refs": [
"docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-INVENTORY.md",
"docs/security/source-control-workflow-secret-name-inventory.snapshot.json",
"docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md",
"docs/security/source-control-workflow-secret-name-owner-response.snapshot.json",
"docs/security/CD-RUNNER-SECRET-INJECTION-CHANGE-EVIDENCE-ACCEPTANCE.md",
"docs/security/cd-runner-secret-injection-change-evidence-acceptance.snapshot.json",
"docs/security/CD-RUNNER-SECRET-INJECTION-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/cd-runner-secret-injection-post-incident-readback-plan.snapshot.json",
"docs/security/SECRETS_REFERENCE.md"
],
"label": "Secret metadata / injection / redaction",
"next_owner_action": "補 secret name parity state ref、secret injection route state ref、step-env secret guard result、log redaction readback、deploy marker / Gitea run readback、notification receipt、rollback owner、post-check evidence、recurrence guard 與 no-secret-value evidence。",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
"k8s/**/*secret*",
"k8s/**/*Secret*",
".gitea/workflows/*.yml",
".gitea/workflows/*.yaml",
".github/workflows/*.yml",
".github/workflows/*.yaml",
"docs/runbooks/SECRETS-MANAGEMENT.md",
"docs/security/SECRETS_REFERENCE.md"
],
"priority": "P0",
"required_gate": "secret_metadata_owner_response_required",
"required_validation": [
"secret_name_parity",
"metadata_only_check",
"no_secret_value_check",
"rotation_owner",
"injection_readback_if_deployed"
],
"runtime_gate_open": false
},
{
"action_buttons_allowed": false,
"category_id": "gitea_workflow_runner_source_control",
"control_tier": "C0",
"coverage_percent": 74,
"coverage_status": "post_incident_readback_plan_ready_needs_workflow_runner_owner_evidence",
"current_gap": "已固定 CD / runner / secret injection 變更證據驗收帳本並新增事故後回讀計畫workflow diff state、runner attestation、executor / host、workspace cleanup、permission scope、webhook / notification、deploy key / branch protection / CODEOWNERS、deploy marker / Gitea run、rollback、post-change monitoring、防再發與 no-false-green 已納入workflow 修改、dispatch、runner 啟用 / 重啟、GitHub hosted runner、webhook / deploy key / branch protection / CODEOWNERS 修改仍全部為 0。",
"evidence_refs": [
"docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-INVENTORY.md",
"docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md",
"docs/security/CD-RUNNER-SECRET-INJECTION-CHANGE-EVIDENCE-ACCEPTANCE.md",
"docs/security/cd-runner-secret-injection-change-evidence-acceptance.snapshot.json",
"docs/security/CD-RUNNER-SECRET-INJECTION-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/cd-runner-secret-injection-post-incident-readback-plan.snapshot.json",
"docs/security/SOURCE-CONTROL-PRIMARY-READINESS-GATE.md"
],
"label": "Gitea workflow / runner / deploy key / webhook / branch protection",
"next_owner_action": "補 workflow diff state ref、runner owner attestation、executor / host readback、workspace cleanup、permission scope、Gitea run readback、deploy marker readback、webhook / notification receipt、maintenance window、rollback owner、post-change monitoring 與 recurrence guard evidence。",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
".gitea/workflows/**",
".github/workflows/**",
"ops/runner/**",
"scripts/setup-runner*.sh",
"scripts/**/*runner*",
"docs/security/SOURCE-CONTROL-*",
"docs/security/GITEA-*",
"docs/security/GITHUB-*"
],
"priority": "P0",
"required_gate": "workflow_source_control_owner_response_required",
"required_validation": [
"workflow_diff",
"runner_label_owner",
"deploy_key_metadata_only",
"webhook_metadata_only",
"branch_protection_metadata",
"no_token_value_check"
],
"runtime_gate_open": false
},
{
"action_buttons_allowed": false,
"category_id": "public_admin_api_runtime_config",
"control_tier": "C0",
"coverage_percent": 66,
"coverage_status": "frontend_sensitive_surface_guard_ready_needs_runtime_config_owner_evidence",
"current_gap": "已固定 Public / Admin / API runtime config 變更證據驗收只讀帳本,並新增前台 source / messages 敏感資訊防洩漏 guardaffected route、admin/auth boundary、API readback、CORS diff、frontend env diff、i18n redaction、webhook owner、desktop/mobile production smoke、bundle scan、rollback 與 post-check evidence 仍全部為 0。",
"evidence_refs": [
"docs/HARD_RULES.md",
"docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md",
"docs/security/PUBLIC-RUNTIME-CONFIG-CHANGE-EVIDENCE-ACCEPTANCE.md",
"docs/security/public-runtime-config-change-evidence-acceptance.snapshot.json",
"docs/security/public-frontend-sensitive-surface-guard.snapshot.json"
],
"label": "Public / admin / API / frontend runtime config",
"next_owner_action": "補 affected route refs、admin/auth boundary、API contract readback、CORS origin diff、frontend env diff、i18n redaction review、webhook/callback owner、desktop/mobile production smoke、bundle sensitive scan、rollback owner 與 post-check evidence。",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
"apps/web/next.config.*",
"apps/web/src/lib/config.*",
"apps/api/src/core/config.py",
"apps/api/src/api/v1/monitoring.py",
"apps/api/src/middleware/**",
"apps/web/src/middleware.*"
],
"priority": "P0",
"required_gate": "public_runtime_config_owner_response_required",
"required_validation": [
"public_url_check",
"frontend_internal_ip_ban",
"cors_boundary_check",
"admin_auth_boundary_check",
"desktop_mobile_smoke_if_frontend"
],
"runtime_gate_open": false
},
{
"action_buttons_allowed": false,
"category_id": "backup_restore_credential",
"control_tier": "C0",
"coverage_percent": 66,
"coverage_status": "post_incident_readback_plan_ready_needs_backup_restore_owner_evidence",
"current_gap": " owner response acceptancerestore recovery backfill freshness before-afterbackup status readbackrestore drill restore targetoffsite syncremote delete guardcredential escrow non-secret proofretention runwayalert textfilecold-start scorecardrollbackpost-change monitoring no-false-green owner responselive backup evidencerestore drill acceptedoffsite / escrow / retention accepted runtime gate 0",
"evidence_refs": [
"docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md",
"docs/security/BACKUP-RESTORE-ESCROW-INVENTORY.md",
"docs/security/backup-restore-escrow-inventory.snapshot.json",
"docs/security/BACKUP-RESTORE-OWNER-RESPONSE-ACCEPTANCE.md",
"docs/security/backup-restore-owner-response-acceptance.snapshot.json",
"docs/security/BACKUP-RESTORE-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/backup-restore-post-incident-readback-plan.snapshot.json",
"docs/schemas/backup_restore_escrow_inventory_v1.schema.json"
],
"label": "Backup / restore / escrow / retention",
"next_owner_action": " Backup / Restore / Escrow incident / change refactor role / team freshnessbackup status readbackrestore drill restore targetoffsite syncremote delete guardcredential escrow non-secret proofcredential recovery metadataretention runwayretention / prune decisionrestore observer / stop conditionalert textfilecold-start / DR scorecardrollback validationpost-change monitoringrecurrence guard no-secret-value evidence",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
"scripts/backup/**",
"k8s/velero/**",
"docs/runbooks/disaster-recovery/**",
"docs/runbooks/**/*RESTORE*.md",
"docs/runbooks/**/*BACKUP*.md"
],
"priority": "P0",
"required_gate": "backup_restore_owner_response_required",
"required_validation": [
"credential_absence_check",
"restore_drill_gate",
"retention_policy",
"escrow_owner",
"rollback_ref"
],
"runtime_gate_open": false
},
{
"action_buttons_allowed": false,
"category_id": "agent_bounty_protocol_runtime",
"control_tier": "C0",
"coverage_percent": 68,
"coverage_status": "owner_request_draft_ready_needs_runtime_owner",
"current_gap": "owner request draft 11 稿 runtime / MCP / A2A / treasury / payout owner responseruntime gate 0",
"evidence_refs": [
"docs/security/AGENT-BOUNTY-IWOOOS-ONBOARDING-HANDOFF.md",
"docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json",
"docs/security/AGENT-BOUNTY-OWNER-REQUEST-DRAFT.md",
"docs/security/agent-bounty-owner-request-draft.snapshot.json",
"docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md"
],
"label": "agent-bounty-protocol runtime / MCP / A2A / treasury boundary",
"next_owner_action": " repo ownerexternal agent ownertreasury ownerruntime gate ownermaintenance windowrollback owner validation plan",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
"docs/security/AGENT-BOUNTY-IWOOOS-ONBOARDING-HANDOFF.md",
"docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json",
"docs/schemas/agent_bounty_iwooos_onboarding_handoff_v1.schema.json",
"agent-bounty-protocol/**"
],
"priority": "P0",
"required_gate": "agent_bounty_owner_response_required",
"required_validation": [
"repo_owner_scope",
"runtime_gate_false",
"no_payout_or_treasury_execution",
"no_mcp_a2a_runtime_execution",
"redacted_evidence_refs_only"
],
"runtime_gate_open": false
},
{
"action_buttons_allowed": false,
"category_id": "monitoring_alerting_observability",
"control_tier": "C1",
"coverage_percent": 78,
"coverage_status": "soc_siem_kali_wazuh_integration_control_ready_needs_soc_owner_evidence",
"current_gap": " 60 monitoring / alerting / observability owner response acceptance candidateWazuh / readback plan SOC / SIEM / Kali 112 / Wazuh NIST CSFCIS ControlsCISA KEVOWASP ASVSWazuhSuricata Kali tooling 16 12 20 Wazuh event refsKali scope refshost forensic refsSIEM correlationalert route ownerincident case ownerpostcheckrecurrence guardowner response maintenance window",
"evidence_refs": [
"docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md",
"docs/security/MONITORING-ALERTING-OBSERVABILITY-INVENTORY.md",
"docs/security/monitoring-alerting-observability-inventory.snapshot.json",
"docs/security/MONITORING-OWNER-REQUEST-DRAFT.md",
"docs/security/monitoring-owner-request-draft.snapshot.json",
"docs/security/MONITORING-OWNER-RESPONSE-ACCEPTANCE.md",
"docs/security/monitoring-owner-response-acceptance.snapshot.json",
"docs/security/MONITORING-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/monitoring-post-incident-readback-plan.snapshot.json",
"docs/security/WAZUH-IWOOOS-INTRUSION-READBACK-PLAN.md",
"docs/security/wazuh-iwooos-intrusion-readback-plan.snapshot.json",
"scripts/security/wazuh-iwooos-intrusion-readback-plan.py",
"docs/security/EXTERNAL-HOST-INTRUSION-PREVENTION-CONTROL.md",
"docs/security/external-host-intrusion-prevention-control.snapshot.json",
"scripts/security/external-host-intrusion-prevention-control.py",
"docs/security/SOC-SIEM-KALI-WAZUH-INTEGRATION-CONTROL.md",
"docs/security/soc-siem-kali-wazuh-integration-control.snapshot.json",
"scripts/security/soc-siem-kali-wazuh-integration-control.py",
"apps/web/src/app/api/iwooos/wazuh/route.ts",
"docs/schemas/monitoring_alerting_observability_inventory_v1.schema.json"
],
"label": "Prometheus / Alertmanager / Grafana / SigNoz / Sentry / Langfuse",
"next_owner_action": " SOC owner packetWazuh manager / agent / event refsKali scope / health / normalized finding refsPrometheus / Alertmanager route refsSigNoz / Sentry correlation refshost forensic refsgateway diff refsrunner / workflow refsKEV / CVE refsincident case refdedupe / noise budgetchain of custodyrollback ownerpostcheck owner no-secret / no-raw-payload / no-false-green attestation",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
"ops/monitoring/**",
"ops/alertmanager/**",
"ops/grafana/**",
"ops/signoz/**",
"ops/sentry-self-hosted/**",
"infra/langfuse/**",
"k8s/monitoring/**",
"scripts/ops/**/*exporter*"
],
"priority": "P1",
"required_gate": "monitoring_observability_owner_response_required",
"required_validation": [
"rule_diff",
"receiver_diff",
"reload_gate",
"failure_notification_policy",
"public_route_smoke_if_affected"
],
"runtime_gate_open": false
},
{
"action_buttons_allowed": false,
"category_id": "docker_compose_systemd_host_config",
"control_tier": "C1",
"coverage_percent": 68,
"coverage_status": "external_host_intrusion_prevention_control_ready_needs_host_service_owner_evidence",
"current_gap": " 9 Docker / systemd / host service owner response acceptance candidatechange evidence acceptancepost-incident readback plan actorboot / recovery windowbefore / after stateDocker daemoncompose / systemd statefailed unitport bindingdependencyprocess / persistence baselinepublic/admin route recoveryAI provider healthmonitoring alertoperator noticecross-project syncrestorationrecurrence guard no-false-green owner responselive hashWazuh / host forensic refsmaintenance / restart windowrollback ownerpost-check plandisable switch no-secret-value evidence",
"evidence_refs": [
"docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md",
"docs/security/HOST-SERVICE-CONFIG-INVENTORY.md",
"docs/security/host-service-config-inventory.snapshot.json",
"docs/security/HOST-SERVICE-OWNER-REQUEST-DRAFT.md",
"docs/security/host-service-owner-request-draft.snapshot.json",
"docs/security/HOST-SERVICE-OWNER-RESPONSE-ACCEPTANCE.md",
"docs/security/host-service-owner-response-acceptance.snapshot.json",
"docs/security/HOST-SERVICE-CHANGE-EVIDENCE-ACCEPTANCE.md",
"docs/security/host-service-change-evidence-acceptance.snapshot.json",
"docs/security/HOST-SERVICE-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/host-service-post-incident-readback-plan.snapshot.json",
"docs/security/EXTERNAL-HOST-INTRUSION-PREVENTION-CONTROL.md",
"docs/security/external-host-intrusion-prevention-control.snapshot.json",
"scripts/security/external-host-intrusion-prevention-control.py",
"docs/security/DEV-HOSTS-112-111-168-OBSERVE-ONLY-MAPPING.md"
],
"label": "Docker Compose / systemd / host service config",
"next_owner_action": " host service owner-provided live hash / dispositionchange / incident refactor role / teamboot timerestart / recovery windowbefore / after stateDocker daemon statecompose / systemd statefailed unit reviewport bindingprocess / persistence refspublic/admin route recoveryAI provider healthmonitoring alertoperator notificationcross-project syncrestoration evidencerecurrence guardrollback ownerpost-check plan no-secret-value evidence",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
"docker-compose*.yml",
"docker-compose*.yaml",
"ops/**/docker-compose*.yml",
"ops/**/docker-compose*.yaml",
"scripts/reboot-recovery/**",
"scripts/**/*.service",
"ops/**/*.service"
],
"priority": "P1",
"required_gate": "host_service_owner_response_required",
"required_validation": [
"port_conflict_check",
"volume_diff",
"env_name_diff",
"restart_window",
"rollback_owner"
],
"runtime_gate_open": false
},
{
"action_buttons_allowed": false,
"category_id": "ssh_firewall_network_access",
"control_tier": "C1",
"coverage_percent": 70,
"coverage_status": "external_host_intrusion_prevention_control_ready_needs_network_owner_evidence",
"current_gap": "owner response acceptance / post-incident readback plan SSH / sudoauthorized_keysknown_hostsfirewallWireGuardNodePortNetworkPolicyport close / open break-glass owner-provided change / incident evidenceactorbefore / after stateWazuh / host forensic refsservice / AI provider / monitoring impactoperator notificationcross-project syncrestoration evidencerecurrence guardmaintenance windowrollback owner post-check evidence",
"evidence_refs": [
"docs/HARD_RULES.md",
"docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md",
"docs/security/SSH-NETWORK-ACCESS-INVENTORY.md",
"docs/security/ssh-network-access-inventory.snapshot.json",
"docs/security/SSH-NETWORK-OWNER-REQUEST-DRAFT.md",
"docs/security/ssh-network-owner-request-draft.snapshot.json",
"docs/security/SSH-NETWORK-OWNER-RESPONSE-ACCEPTANCE.md",
"docs/security/ssh-network-owner-response-acceptance.snapshot.json",
"docs/security/PORT-FIREWALL-CHANGE-EVIDENCE-ACCEPTANCE.md",
"docs/security/port-firewall-change-evidence-acceptance.snapshot.json",
"docs/security/SSH-NETWORK-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/ssh-network-post-incident-readback-plan.snapshot.json",
"docs/security/EXTERNAL-HOST-INTRUSION-PREVENTION-CONTROL.md",
"docs/security/external-host-intrusion-prevention-control.snapshot.json",
"scripts/security/external-host-intrusion-prevention-control.py"
],
"label": "SSH / sudoers / known_hosts / firewall / WireGuard / NodePort",
"next_owner_action": " SSH / / change / incident refactor role / teamaffected scopebefore / after stateservice dependencypublic route impactAI provider impactmonitoring alert impactoperator notificationcross-project syncrestoration evidencerecurrence guardmaintenance windowrollback owner post-check ",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
"infra/ansible/inventory/**",
"infra/ansible/**/*known_hosts*",
"infra/ansible/**/*ssh*",
"scripts/**/*ssh*",
"scripts/**/*known_hosts*",
"ops/**/*wireguard*",
"ops/**/*firewall*",
"k8s/**/*network*",
"k8s/**/*Network*"
],
"priority": "P1",
"required_gate": "network_access_owner_response_required",
"required_validation": [
"target_whitelist",
"host_key_policy",
"ingress_egress_matrix",
"rollback_owner",
"maintenance_window"
],
"runtime_gate_open": false
},
{
"action_buttons_allowed": false,
"category_id": "ai_provider_model_routing",
"control_tier": "C1",
"coverage_percent": 64,
"coverage_status": "owner_response_acceptance_ready_needs_provider_owner_evidence",
"current_gap": " AI provider / model routing owner response acceptance provider ownerfallback orderdry-runbenchmarkprivacydata classificationprompt redactionrollback post-check evidence 0 production",
"evidence_refs": [
"docs/HARD_RULES.md",
"docs/ai",
"docs/security/AI-PROVIDER-OWNER-RESPONSE-ACCEPTANCE.md",
"docs/security/ai-provider-owner-response-acceptance.snapshot.json"
],
"label": "AI provider / model routing / Ollama proxy / cost and privacy",
"next_owner_action": " provider ownerfallback orderdry-run resultbenchmark resultcost reviewprivacy reviewdata classificationprompt redactionquota budgetquality gaterollback owner post-check evidence",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
"apps/api/src/services/ai_providers/**",
"apps/api/src/services/**/*model*",
"apps/api/src/services/**/*provider*",
"infra/ansible/roles/nginx/templates/110-ollama-proxy.conf.j2",
"docs/ai/**",
"docs/**/*Ollama*"
],
"priority": "P1",
"required_gate": "ai_provider_owner_response_required",
"required_validation": [
"dry_run",
"benchmark",
"cost_review",
"privacy_review",
"fallback_order_check"
],
"runtime_gate_open": false
},
{
"action_buttons_allowed": false,
"category_id": "product_surface_runtime_routes",
"control_tier": "C2",
"coverage_percent": 72,
"coverage_status": "scope_inventory_ready",
"current_gap": " owner response accepted route / admin / webhook ",
"evidence_refs": [
"docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md",
"docs/security/VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md",
"docs/security/AGENT-BOUNTY-IWOOOS-ONBOARDING-HANDOFF.md",
"docs/security/AGENT-BOUNTY-OWNER-REQUEST-DRAFT.md"
],
"label": "AWOOOI / AwoooP / IwoooS / VibeWork / other product runtime routes",
"next_owner_action": " AWOOOIAwoooPIwoooSVibeWorkagent-bounty-protocol owner response",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
"apps/web/src/app/**",
"apps/web/messages/*.json",
"docs/security/VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md",
"docs/security/vibework-iwooos-onboarding-handoff.snapshot.json"
],
"priority": "P2",
"required_gate": "product_surface_owner_response_required",
"required_validation": [
"product_boundary_check",
"i18n_traditional_chinese_check",
"no_internal_transcript_check",
"desktop_mobile_smoke_if_frontend"
],
"runtime_gate_open": false
},
{
"action_buttons_allowed": false,
"category_id": "security_evidence_tooling",
"control_tier": "C3",
"coverage_percent": 88,
"coverage_status": "soc_siem_guard_ready",
"current_gap": "guard SOC / SIEM / Kali / Wazuh snapshot blocking CI",
"evidence_refs": [
"scripts/security/security-mirror-progress-guard.py",
"scripts/security/high-value-config-change-gate.py",
"scripts/security/high-value-config-owner-packet.py",
"docs/security/high-value-config-change-gate.snapshot.json",
"scripts/security/soc-siem-kali-wazuh-integration-control.py",
"docs/security/soc-siem-kali-wazuh-integration-control.snapshot.json"
],
"label": "Security evidence / snapshot / guard tooling",
"next_owner_action": " guard / doc secret sanity / SOC snapshot CI blockingactive scan active response rollout plan",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
"docs/security/**",
"docs/schemas/**",
"scripts/security/**",
"docs/LOGBOOK.md"
],
"priority": "P3",
"required_gate": "security_evidence_owner_review_required",
"required_validation": [
"snapshot_parse",
"guard_smoke",
"doc_secret_sanity",
"no_runtime_gate_increase"
],
"runtime_gate_open": false
}
],
"execution_boundaries": {
"acme_challenge_change_authorized": false,
"action_buttons_allowed": false,
"active_scan_authorized": false,
"admin_route_change_authorized": false,
"agent_bounty_runtime_authorized": false,
"alert_chain_smoke_authorized": false,
"alertmanager_reload_authorized": false,
"api_contract_change_authorized": false,
"api_route_change_authorized": false,
"argocd_api_read_authorized": false,
"argocd_sync_authorized": false,
"backup_run_authorized": false,
"callback_url_change_authorized": false,
"certbot_renew_authorized": false,
"cookie_policy_change_authorized": false,
"cors_change_authorized": false,
"credential_escrow_marker_write_authorized": false,
"csrf_disable_authorized": false,
"database_migration_authorized": false,
"desktop_mobile_smoke_authorized": false,
"dns_tls_change_authorized": false,
"exporter_deploy_authorized": false,
"force_push_authorized": false,
"frontend_env_change_authorized": false,
"grafana_dashboard_apply_authorized": false,
"helm_upgrade_authorized": false,
"host_live_conf_read_authorized": false,
"host_write_authorized": false,
"i18n_public_text_internal_identity_allowed": false,
"internal_ip_exposure_allowed": false,
"internal_status_code_exposure_allowed": false,
"internal_transcript_exposure_allowed": false,
"kubectl_action_authorized": false,
"langfuse_config_change_authorized": false,
"live_alert_fire_authorized": false,
"middleware_auth_change_authorized": false,
"network_policy_apply_authorized": false,
"nginx_reload_authorized": false,
"nginx_test_authorized": false,
"nodeport_change_authorized": false,
"notification_route_change_authorized": false,
"offsite_remote_delete_authorized": false,
"offsite_sync_authorized": false,
"otel_collector_reload_authorized": false,
"owner_namespace_exposure_allowed": false,
"payout_or_withdrawal_authorized": false,
"prometheus_reload_authorized": false,
"public_gateway_reload_authorized": false,
"public_route_change_authorized": false,
"rate_limit_disable_authorized": false,
"raw_payload_storage_allowed": false,
"rbac_change_authorized": false,
"rclone_config_authorized": false,
"receiver_route_change_authorized": false,
"refs_sync_authorized": false,
"remote_write_change_authorized": false,
"repo_namespace_exposure_allowed": false,
"restic_prune_authorized": false,
"restore_drill_authorized": false,
"restore_run_authorized": false,
"retention_change_authorized": false,
"rollback_executed": false,
"route_smoke_authorized": false,
"runner_change_authorized": false,
"runtime_config_change_authorized": false,
"runtime_execution_authorized": false,
"secret_value_collection_allowed": false,
"security_header_change_authorized": false,
"sentry_deploy_authorized": false,
"signoz_rule_apply_authorized": false,
"silence_policy_change_authorized": false,
"telegram_send_authorized": false,
"velero_restore_authorized": false,
"webhook_receiver_change_authorized": false,
"webhook_secret_change_authorized": false,
"websocket_route_change_authorized": false,
"workflow_modification_authorized": false
},
"generated_at": "2026-06-24T20:14:02+08:00",
"git_commit": "2ec7f6f4",
"lowest_coverage_categories": [
{
"category_id": "ai_provider_model_routing",
"coverage_percent": 64,
"current_gap": " AI provider / model routing owner response acceptance provider ownerfallback orderdry-runbenchmarkprivacydata classificationprompt redactionrollback post-check evidence 0 production",
"label": "AI provider / model routing / Ollama proxy / cost and privacy",
"next_owner_action": " provider ownerfallback orderdry-run resultbenchmark resultcost reviewprivacy reviewdata classificationprompt redactionquota budgetquality gaterollback owner post-check evidence"
},
{
"category_id": "k8s_production_gitops",
"coverage_percent": 66,
"current_gap": " owner response acceptanceGitOps ArgoCD sync / health / degradedPending workloadimage pull / schedulingrollout before-afterevent / metrics / alertdrift scannerCronJob scheduleNetworkPolicy / RBACroute / AI provider / monitoring no-false-green owner responserendered manifest diffArgoCD revisionmaintenance windowrollback revisionpost-check owner no-secret-value evidence",
"label": "K8s / ArgoCD / production manifests",
"next_owner_action": " GitOps / K8s incident / change refactor role / teamArgoCD sync / health / revisiondegraded / Pending / image pull / scheduling rollout before-afterevent summarymetrics / alertdrift scannerCronJob scheduleNetworkPolicy / Service / RBAC public/admin routeAI providermonitoringoperator notificationcross-project syncrecovery still-degraded refrecurrence guardmaintenance windowrollback revisionrollback ownerpost-check owner no-secret-value evidence"
},
{
"category_id": "public_admin_api_runtime_config",
"coverage_percent": 66,
"current_gap": " Public / Admin / API runtime config source / messages guardaffected routeadmin/auth boundaryAPI readbackCORS difffrontend env diffi18n redactionwebhook ownerdesktop/mobile production smokebundle scanrollback post-check evidence 0",
"label": "Public / admin / API / frontend runtime config",
"next_owner_action": " affected route refsadmin/auth boundaryAPI contract readbackCORS origin difffrontend env diffi18n redaction reviewwebhook/callback ownerdesktop/mobile production smokebundle sensitive scanrollback owner post-check evidence"
},
{
"category_id": "backup_restore_credential",
"coverage_percent": 66,
"current_gap": " owner response acceptancerestore recovery backfill freshness before-afterbackup status readbackrestore drill restore targetoffsite syncremote delete guardcredential escrow non-secret proofretention runwayalert textfilecold-start scorecardrollbackpost-change monitoring no-false-green owner responselive backup evidencerestore drill acceptedoffsite / escrow / retention accepted runtime gate 0",
"label": "Backup / restore / escrow / retention",
"next_owner_action": " Backup / Restore / Escrow incident / change refactor role / team freshnessbackup status readbackrestore drill restore targetoffsite syncremote delete guardcredential escrow non-secret proofcredential recovery metadataretention runwayretention / prune decisionrestore observer / stop conditionalert textfilecold-start / DR scorecardrollback validationpost-change monitoringrecurrence guard no-secret-value evidence"
}
],
"next_collection_order": [
"nginx_public_gateway",
"dns_tls_certbot",
"k8s_production_gitops",
"secret_metadata",
"gitea_workflow_runner_source_control",
"public_admin_api_runtime_config",
"ssh_firewall_network_access",
"docker_compose_systemd_host_config",
"monitoring_alerting_observability",
"agent_bounty_protocol_runtime",
"ai_provider_model_routing",
"backup_restore_credential"
],
"operator_interpretation": [
" git diff ",
" category Gate owner response owner response received / accepted 0",
"C0 / C1 coverage percent runtime ",
" live evidence owner-provided redacted evidence SSHreloadscan secret value"
],
"schema_version": "high_value_config_control_coverage_v1",
"source_category_definition": "scripts/security/high-value-config-change-gate.py",
"status": "coverage_matrix_ready",
"summary": {
"action_button_count": 0,
"average_coverage_percent": 73,
"c0_category_count": 8,
"c1_category_count": 4,
"c2_category_count": 1,
"c3_category_count": 1,
"category_count": 14,
"lowest_coverage_category_count": 4,
"needs_live_evidence_count": 10,
"owner_response_accepted_count": 0,
"owner_response_received_count": 0,
"owner_response_required_count": 14,
"registered_control_count": 14,
"runtime_gate_count": 0
}
}