Files
awoooi/docs/security/high-value-config-control-coverage.snapshot.json

749 lines
43 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"coverage_categories": [
{
"action_buttons_allowed": false,
"category_id": "nginx_public_gateway",
"control_tier": "C0",
"coverage_percent": 92,
"coverage_status": "post_incident_readback_plan_ready_needs_public_gateway_owner_evidence",
"current_gap": "已固定 owner response acceptance、手動 / 緊急 gateway 變更回補欄位、rendered diff evidence acceptance 與 post-incident readback plan 只讀帳本actor、時間窗、改前改後 route、source-to-live diff、nginx -t readback、reload / no-reload、route smoke、TLS / ACME、WebSocket、upstream、AI provider、monitoring、跨專案同步、防再發與 no-false-green 已納入owner response、live conf、rendered diff evidence、nginx -t evidence、route smoke evidence、事故回讀包、maintenance window 與 rollback owner 仍全部為 0。",
"evidence_refs": [
"docs/security/NGINX-CONFIG-DRIFT-DETECTOR.md",
"docs/security/nginx-config-drift-repo.snapshot.json",
"docs/security/DOMAIN-TLS-CERTBOT-INVENTORY.md",
"docs/security/PUBLIC-GATEWAY-PREFLIGHT-INVENTORY.md",
"docs/security/public-gateway-preflight-inventory.snapshot.json",
"docs/security/PUBLIC-GATEWAY-OWNER-RESPONSE-ACCEPTANCE.md",
"docs/security/public-gateway-owner-response-acceptance.snapshot.json",
"docs/security/PUBLIC-GATEWAY-RENDERED-DIFF-ACCEPTANCE.md",
"docs/security/public-gateway-rendered-diff-acceptance.snapshot.json",
"docs/security/PUBLIC-GATEWAY-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/public-gateway-post-incident-readback-plan.snapshot.json",
"docs/schemas/public_gateway_preflight_inventory_v1.schema.json"
],
"label": "Nginx / reverse proxy / public route",
"next_owner_action": "補 Public Gateway / Nginx 事故回讀包owner 回覆、owner-provided live conf、source-to-live rendered diff ref、nginx -t evidence ref、route smoke evidence ref、change intent / break-glass、actor role / team、變更時間窗、改前改後 route state、upstream / WebSocket / TLS / ACME 影響、AI provider / monitoring 影響、跨專案同步、route health impact、rollback validation、post-change monitoring、recurrence guard、maintenance window 與 rollback owner。",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
"infra/ansible/roles/nginx/templates/*.j2",
"infra/ansible/playbooks/nginx-sync.yml",
"k8s/nginx/**",
"ops/nginx/**",
"docs/runbooks/disaster-recovery/DR-Nginx.md"
],
"priority": "P0",
"required_gate": "public_gateway_owner_response_required",
"required_validation": [
"rendered_diff",
"nginx_t",
"affected_route_smoke",
"admin_route_smoke_if_affected",
"acme_path_smoke_if_affected",
"rollback_ref"
],
"runtime_gate_open": false
},
{
"action_buttons_allowed": false,
"category_id": "dns_tls_certbot",
"control_tier": "C0",
"coverage_percent": 78,
"coverage_status": "owner_response_acceptance_ledger_ready_needs_certificate_owner_evidence",
"current_gap": "已固定 4 份 DNS / TLS / certbot owner response acceptance candidate仍缺 owner response、certificate coverage metadata ref、expiry metadata ref、renewal owner、ACME route owner、maintenance window、rollback owner 與 validation plan。",
"evidence_refs": [
"docs/security/DOMAIN-TLS-CERTBOT-INVENTORY.md",
"docs/security/domain-tls-certbot-inventory.snapshot.json",
"docs/security/DOMAIN-TLS-CERTBOT-OWNER-CONFIRMATION-REQUEST.md",
"docs/security/domain-tls-certbot-owner-confirmation-request.snapshot.json",
"docs/security/DOMAIN-TLS-CERTBOT-OWNER-RESPONSE-ACCEPTANCE.md",
"docs/security/domain-tls-certbot-owner-response-acceptance.snapshot.json"
],
"label": "DNS / TLS / certbot / certificate path",
"next_owner_action": "補 SAN / wildcard / 共用憑證覆蓋依據 ref、到期 metadata ref、renewal owner、ACME route owner、維護窗口、rollback owner 與 validation plan。",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
"docs/runbooks/REGISTRY-CERTBOT-188.md",
"docs/runbooks/**/*CERTBOT*.md",
"docs/runbooks/**/*TLS*.md",
"scripts/ops/**/*cert*",
"scripts/ops/**/*tls*",
"ops/**/*cert*",
"ops/**/*tls*",
"infra/**/*cert*",
"infra/**/*tls*",
"k8s/**/*tls*"
],
"priority": "P0",
"required_gate": "domain_tls_owner_response_required",
"required_validation": [
"domain_inventory",
"certificate_path_check",
"renewal_window",
"acme_path_smoke",
"public_https_smoke",
"rollback_ref"
],
"runtime_gate_open": false
},
{
"action_buttons_allowed": false,
"category_id": "k8s_production_gitops",
"control_tier": "C0",
"coverage_percent": 66,
"coverage_status": "post_incident_readback_plan_ready_needs_gitops_owner_evidence",
"current_gap": "已固定 owner response acceptance、GitOps 變更證據驗收與事故後回讀計畫只讀帳本ArgoCD sync / health / degraded、Pending workload、image pull / scheduling、rollout before-after、event / metrics / alert、drift scanner、CronJob schedule、NetworkPolicy / RBAC、route / AI provider / monitoring 影響、防再發與 no-false-green 已納入;仍缺 owner response、事故回讀包、rendered manifest diff、ArgoCD revision、maintenance window、rollback revision、post-check owner 與 no-secret-value evidence。",
"evidence_refs": [
"docs/security/HIGH-VALUE-CONFIG-CHANGE-GATE.md",
"docs/security/K8S-ARGOCD-MANIFEST-INVENTORY.md",
"docs/security/k8s-argocd-manifest-inventory.snapshot.json",
"docs/security/K8S-ARGOCD-OWNER-RESPONSE-ACCEPTANCE.md",
"docs/security/k8s-argocd-owner-response-acceptance.snapshot.json",
"docs/security/K8S-ARGOCD-CHANGE-EVIDENCE-ACCEPTANCE.md",
"docs/security/k8s-argocd-change-evidence-acceptance.snapshot.json",
"docs/security/K8S-ARGOCD-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/k8s-argocd-post-incident-readback-plan.snapshot.json",
"k8s/awoooi-prod",
"k8s/argocd"
],
"label": "K8s / ArgoCD / production manifests",
"next_owner_action": "補 GitOps / K8s 事故回讀包incident / change ref、actor role / team、ArgoCD sync / health / revision、degraded / Pending / image pull / scheduling 摘要、rollout before-after、event summary、metrics / alert、drift scanner、CronJob schedule、NetworkPolicy / Service / RBAC 影響、public/admin route、AI provider、monitoring、operator notification、cross-project sync、recovery 或 still-degraded ref、recurrence guard、maintenance window、rollback revision、rollback owner、post-check owner 與 no-secret-value evidence。",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
"k8s/awoooi-prod/**",
"k8s/argocd/**",
"k8s/velero/**",
"k8s/monitoring/**"
],
"priority": "P0",
"required_gate": "gitops_owner_response_required",
"required_validation": [
"gitops_diff",
"argocd_health_readback",
"sync_authorization_check",
"rollback_revision",
"post_deploy_health_if_executed"
],
"runtime_gate_open": false
},
{
"action_buttons_allowed": false,
"category_id": "secret_metadata",
"control_tier": "C0",
"coverage_percent": 70,
"coverage_status": "post_incident_readback_plan_ready_needs_secret_injection_owner_evidence",
"current_gap": " secret name / injection owner secret name parity statesecret injection routestep-env secret guardlog redactiondeploy marker / Gitea run readbackrollbackpost-check no-false-green secret valuehashpartial tokenrunner tokensecret store readsecret rotationrepo secret change injection path change 0",
"evidence_refs": [
"docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-INVENTORY.md",
"docs/security/source-control-workflow-secret-name-inventory.snapshot.json",
"docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md",
"docs/security/source-control-workflow-secret-name-owner-response.snapshot.json",
"docs/security/CD-RUNNER-SECRET-INJECTION-CHANGE-EVIDENCE-ACCEPTANCE.md",
"docs/security/cd-runner-secret-injection-change-evidence-acceptance.snapshot.json",
"docs/security/CD-RUNNER-SECRET-INJECTION-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/cd-runner-secret-injection-post-incident-readback-plan.snapshot.json",
"docs/security/SECRETS_REFERENCE.md"
],
"label": "Secret metadata / injection / redaction",
"next_owner_action": " secret name parity state refsecret injection route state refstep-env secret guard resultlog redaction readbackdeploy marker / Gitea run readbacknotification receiptrollback ownerpost-check evidencerecurrence guard no-secret-value evidence",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
"k8s/**/*secret*",
"k8s/**/*Secret*",
".gitea/workflows/*.yml",
".gitea/workflows/*.yaml",
".github/workflows/*.yml",
".github/workflows/*.yaml",
"docs/runbooks/SECRETS-MANAGEMENT.md",
"docs/security/SECRETS_REFERENCE.md"
],
"priority": "P0",
"required_gate": "secret_metadata_owner_response_required",
"required_validation": [
"secret_name_parity",
"metadata_only_check",
"no_secret_value_check",
"rotation_owner",
"injection_readback_if_deployed"
],
"runtime_gate_open": false
},
{
"action_buttons_allowed": false,
"category_id": "gitea_workflow_runner_source_control",
"control_tier": "C0",
"coverage_percent": 74,
"coverage_status": "post_incident_readback_plan_ready_needs_workflow_runner_owner_evidence",
"current_gap": " CD / runner / secret injection workflow diff staterunner attestationexecutor / hostworkspace cleanuppermission scopewebhook / notificationdeploy key / branch protection / CODEOWNERSdeploy marker / Gitea runrollbackpost-change monitoring no-false-green workflow dispatchrunner / GitHub hosted runnerwebhook / deploy key / branch protection / CODEOWNERS 0",
"evidence_refs": [
"docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-INVENTORY.md",
"docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md",
"docs/security/CD-RUNNER-SECRET-INJECTION-CHANGE-EVIDENCE-ACCEPTANCE.md",
"docs/security/cd-runner-secret-injection-change-evidence-acceptance.snapshot.json",
"docs/security/CD-RUNNER-SECRET-INJECTION-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/cd-runner-secret-injection-post-incident-readback-plan.snapshot.json",
"docs/security/SOURCE-CONTROL-PRIMARY-READINESS-GATE.md"
],
"label": "Gitea workflow / runner / deploy key / webhook / branch protection",
"next_owner_action": " workflow diff state refrunner owner attestationexecutor / host readbackworkspace cleanuppermission scopeGitea run readbackdeploy marker readbackwebhook / notification receiptmaintenance windowrollback ownerpost-change monitoring recurrence guard evidence",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
".gitea/workflows/**",
".github/workflows/**",
"ops/runner/**",
"scripts/setup-runner*.sh",
"scripts/**/*runner*",
"docs/security/SOURCE-CONTROL-*",
"docs/security/GITEA-*",
"docs/security/GITHUB-*"
],
"priority": "P0",
"required_gate": "workflow_source_control_owner_response_required",
"required_validation": [
"workflow_diff",
"runner_label_owner",
"deploy_key_metadata_only",
"webhook_metadata_only",
"branch_protection_metadata",
"no_token_value_check"
],
"runtime_gate_open": false
},
{
"action_buttons_allowed": false,
"category_id": "public_admin_api_runtime_config",
"control_tier": "C0",
"coverage_percent": 66,
"coverage_status": "frontend_sensitive_surface_guard_ready_needs_runtime_config_owner_evidence",
"current_gap": " Public / Admin / API runtime config source / messages guardaffected routeadmin/auth boundaryAPI readbackCORS difffrontend env diffi18n redactionwebhook ownerdesktop/mobile production smokebundle scanrollback post-check evidence 0",
"evidence_refs": [
"docs/HARD_RULES.md",
"docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md",
"docs/security/PUBLIC-RUNTIME-CONFIG-CHANGE-EVIDENCE-ACCEPTANCE.md",
"docs/security/public-runtime-config-change-evidence-acceptance.snapshot.json",
"docs/security/public-frontend-sensitive-surface-guard.snapshot.json"
],
"label": "Public / admin / API / frontend runtime config",
"next_owner_action": " affected route refsadmin/auth boundaryAPI contract readbackCORS origin difffrontend env diffi18n redaction reviewwebhook/callback ownerdesktop/mobile production smokebundle sensitive scanrollback owner post-check evidence",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
"apps/web/next.config.*",
"apps/web/src/lib/config.*",
"apps/api/src/core/config.py",
"apps/api/src/api/v1/monitoring.py",
"apps/api/src/middleware/**",
"apps/web/src/middleware.*"
],
"priority": "P0",
"required_gate": "public_runtime_config_owner_response_required",
"required_validation": [
"public_url_check",
"frontend_internal_ip_ban",
"cors_boundary_check",
"admin_auth_boundary_check",
"desktop_mobile_smoke_if_frontend"
],
"runtime_gate_open": false
},
{
"action_buttons_allowed": false,
"category_id": "backup_restore_credential",
"control_tier": "C0",
"coverage_percent": 66,
"coverage_status": "post_incident_readback_plan_ready_needs_backup_restore_owner_evidence",
"current_gap": " owner response acceptancerestore recovery backfill freshness before-afterbackup status readbackrestore drill restore targetoffsite syncremote delete guardcredential escrow non-secret proofretention runwayalert textfilecold-start scorecardrollbackpost-change monitoring no-false-green owner responselive backup evidencerestore drill acceptedoffsite / escrow / retention accepted runtime gate 0",
"evidence_refs": [
"docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md",
"docs/security/BACKUP-RESTORE-ESCROW-INVENTORY.md",
"docs/security/backup-restore-escrow-inventory.snapshot.json",
"docs/security/BACKUP-RESTORE-OWNER-RESPONSE-ACCEPTANCE.md",
"docs/security/backup-restore-owner-response-acceptance.snapshot.json",
"docs/security/BACKUP-RESTORE-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/backup-restore-post-incident-readback-plan.snapshot.json",
"docs/schemas/backup_restore_escrow_inventory_v1.schema.json"
],
"label": "Backup / restore / escrow / retention",
"next_owner_action": " Backup / Restore / Escrow incident / change refactor role / team freshnessbackup status readbackrestore drill restore targetoffsite syncremote delete guardcredential escrow non-secret proofcredential recovery metadataretention runwayretention / prune decisionrestore observer / stop conditionalert textfilecold-start / DR scorecardrollback validationpost-change monitoringrecurrence guard no-secret-value evidence",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
"scripts/backup/**",
"k8s/velero/**",
"docs/runbooks/disaster-recovery/**",
"docs/runbooks/**/*RESTORE*.md",
"docs/runbooks/**/*BACKUP*.md"
],
"priority": "P0",
"required_gate": "backup_restore_owner_response_required",
"required_validation": [
"credential_absence_check",
"restore_drill_gate",
"retention_policy",
"escrow_owner",
"rollback_ref"
],
"runtime_gate_open": false
},
{
"action_buttons_allowed": false,
"category_id": "agent_bounty_protocol_runtime",
"control_tier": "C0",
"coverage_percent": 68,
"coverage_status": "owner_request_draft_ready_needs_runtime_owner",
"current_gap": "owner request draft 11 稿 runtime / MCP / A2A / treasury / payout owner responseruntime gate 0",
"evidence_refs": [
"docs/security/AGENT-BOUNTY-IWOOOS-ONBOARDING-HANDOFF.md",
"docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json",
"docs/security/AGENT-BOUNTY-OWNER-REQUEST-DRAFT.md",
"docs/security/agent-bounty-owner-request-draft.snapshot.json",
"docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md"
],
"label": "agent-bounty-protocol runtime / MCP / A2A / treasury boundary",
"next_owner_action": " repo ownerexternal agent ownertreasury ownerruntime gate ownermaintenance windowrollback owner validation plan",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
"docs/security/AGENT-BOUNTY-IWOOOS-ONBOARDING-HANDOFF.md",
"docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json",
"docs/schemas/agent_bounty_iwooos_onboarding_handoff_v1.schema.json",
"agent-bounty-protocol/**"
],
"priority": "P0",
"required_gate": "agent_bounty_owner_response_required",
"required_validation": [
"repo_owner_scope",
"runtime_gate_false",
"no_payout_or_treasury_execution",
"no_mcp_a2a_runtime_execution",
"redacted_evidence_refs_only"
],
"runtime_gate_open": false
},
{
"action_buttons_allowed": false,
"category_id": "monitoring_alerting_observability",
"control_tier": "C1",
"coverage_percent": 78,
"coverage_status": "soc_siem_kali_wazuh_integration_control_ready_needs_soc_owner_evidence",
"current_gap": " 60 monitoring / alerting / observability owner response acceptance candidateWazuh / readback plan SOC / SIEM / Kali 112 / Wazuh NIST CSFCIS ControlsCISA KEVOWASP ASVSWazuhSuricata Kali tooling 16 12 20 Wazuh event refsKali scope refshost forensic refsSIEM correlationalert route ownerincident case ownerpostcheckrecurrence guardowner response maintenance window",
"evidence_refs": [
"docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md",
"docs/security/MONITORING-ALERTING-OBSERVABILITY-INVENTORY.md",
"docs/security/monitoring-alerting-observability-inventory.snapshot.json",
"docs/security/MONITORING-OWNER-REQUEST-DRAFT.md",
"docs/security/monitoring-owner-request-draft.snapshot.json",
"docs/security/MONITORING-OWNER-RESPONSE-ACCEPTANCE.md",
"docs/security/monitoring-owner-response-acceptance.snapshot.json",
"docs/security/MONITORING-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/monitoring-post-incident-readback-plan.snapshot.json",
"docs/security/WAZUH-IWOOOS-INTRUSION-READBACK-PLAN.md",
"docs/security/wazuh-iwooos-intrusion-readback-plan.snapshot.json",
"scripts/security/wazuh-iwooos-intrusion-readback-plan.py",
"docs/security/EXTERNAL-HOST-INTRUSION-PREVENTION-CONTROL.md",
"docs/security/external-host-intrusion-prevention-control.snapshot.json",
"scripts/security/external-host-intrusion-prevention-control.py",
"docs/security/SOC-SIEM-KALI-WAZUH-INTEGRATION-CONTROL.md",
"docs/security/soc-siem-kali-wazuh-integration-control.snapshot.json",
"scripts/security/soc-siem-kali-wazuh-integration-control.py",
"apps/web/src/app/api/iwooos/wazuh/route.ts",
"docs/schemas/monitoring_alerting_observability_inventory_v1.schema.json"
],
"label": "Prometheus / Alertmanager / Grafana / SigNoz / Sentry / Langfuse",
"next_owner_action": " SOC owner packetWazuh manager / agent / event refsKali scope / health / normalized finding refsPrometheus / Alertmanager route refsSigNoz / Sentry correlation refshost forensic refsgateway diff refsrunner / workflow refsKEV / CVE refsincident case refdedupe / noise budgetchain of custodyrollback ownerpostcheck owner no-secret / no-raw-payload / no-false-green attestation",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
"ops/monitoring/**",
"ops/alertmanager/**",
"ops/grafana/**",
"ops/signoz/**",
"ops/sentry-self-hosted/**",
"infra/langfuse/**",
"k8s/monitoring/**",
"scripts/ops/**/*exporter*"
],
"priority": "P1",
"required_gate": "monitoring_observability_owner_response_required",
"required_validation": [
"rule_diff",
"receiver_diff",
"reload_gate",
"failure_notification_policy",
"public_route_smoke_if_affected"
],
"runtime_gate_open": false
},
{
"action_buttons_allowed": false,
"category_id": "docker_compose_systemd_host_config",
"control_tier": "C1",
"coverage_percent": 68,
"coverage_status": "external_host_intrusion_prevention_control_ready_needs_host_service_owner_evidence",
"current_gap": " 9 Docker / systemd / host service owner response acceptance candidatechange evidence acceptancepost-incident readback plan actorboot / recovery windowbefore / after stateDocker daemoncompose / systemd statefailed unitport bindingdependencyprocess / persistence baselinepublic/admin route recoveryAI provider healthmonitoring alertoperator noticecross-project syncrestorationrecurrence guard no-false-green owner responselive hashWazuh / host forensic refsmaintenance / restart windowrollback ownerpost-check plandisable switch no-secret-value evidence",
"evidence_refs": [
"docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md",
"docs/security/HOST-SERVICE-CONFIG-INVENTORY.md",
"docs/security/host-service-config-inventory.snapshot.json",
"docs/security/HOST-SERVICE-OWNER-REQUEST-DRAFT.md",
"docs/security/host-service-owner-request-draft.snapshot.json",
"docs/security/HOST-SERVICE-OWNER-RESPONSE-ACCEPTANCE.md",
"docs/security/host-service-owner-response-acceptance.snapshot.json",
"docs/security/HOST-SERVICE-CHANGE-EVIDENCE-ACCEPTANCE.md",
"docs/security/host-service-change-evidence-acceptance.snapshot.json",
"docs/security/HOST-SERVICE-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/host-service-post-incident-readback-plan.snapshot.json",
"docs/security/EXTERNAL-HOST-INTRUSION-PREVENTION-CONTROL.md",
"docs/security/external-host-intrusion-prevention-control.snapshot.json",
"scripts/security/external-host-intrusion-prevention-control.py",
"docs/security/DEV-HOSTS-112-111-168-OBSERVE-ONLY-MAPPING.md"
],
"label": "Docker Compose / systemd / host service config",
"next_owner_action": " host service owner-provided live hash / dispositionchange / incident refactor role / teamboot timerestart / recovery windowbefore / after stateDocker daemon statecompose / systemd statefailed unit reviewport bindingprocess / persistence refspublic/admin route recoveryAI provider healthmonitoring alertoperator notificationcross-project syncrestoration evidencerecurrence guardrollback ownerpost-check plan no-secret-value evidence",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
"docker-compose*.yml",
"docker-compose*.yaml",
"ops/**/docker-compose*.yml",
"ops/**/docker-compose*.yaml",
"scripts/reboot-recovery/**",
"scripts/**/*.service",
"ops/**/*.service"
],
"priority": "P1",
"required_gate": "host_service_owner_response_required",
"required_validation": [
"port_conflict_check",
"volume_diff",
"env_name_diff",
"restart_window",
"rollback_owner"
],
"runtime_gate_open": false
},
{
"action_buttons_allowed": false,
"category_id": "ssh_firewall_network_access",
"control_tier": "C1",
"coverage_percent": 70,
"coverage_status": "external_host_intrusion_prevention_control_ready_needs_network_owner_evidence",
"current_gap": "owner response acceptance / post-incident readback plan SSH / sudoauthorized_keysknown_hostsfirewallWireGuardNodePortNetworkPolicyport close / open break-glass owner-provided change / incident evidenceactorbefore / after stateWazuh / host forensic refsservice / AI provider / monitoring impactoperator notificationcross-project syncrestoration evidencerecurrence guardmaintenance windowrollback owner post-check evidence",
"evidence_refs": [
"docs/HARD_RULES.md",
"docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md",
"docs/security/SSH-NETWORK-ACCESS-INVENTORY.md",
"docs/security/ssh-network-access-inventory.snapshot.json",
"docs/security/SSH-NETWORK-OWNER-REQUEST-DRAFT.md",
"docs/security/ssh-network-owner-request-draft.snapshot.json",
"docs/security/SSH-NETWORK-OWNER-RESPONSE-ACCEPTANCE.md",
"docs/security/ssh-network-owner-response-acceptance.snapshot.json",
"docs/security/PORT-FIREWALL-CHANGE-EVIDENCE-ACCEPTANCE.md",
"docs/security/port-firewall-change-evidence-acceptance.snapshot.json",
"docs/security/SSH-NETWORK-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/ssh-network-post-incident-readback-plan.snapshot.json",
"docs/security/EXTERNAL-HOST-INTRUSION-PREVENTION-CONTROL.md",
"docs/security/external-host-intrusion-prevention-control.snapshot.json",
"scripts/security/external-host-intrusion-prevention-control.py"
],
"label": "SSH / sudoers / known_hosts / firewall / WireGuard / NodePort",
"next_owner_action": " SSH / / change / incident refactor role / teamaffected scopebefore / after stateservice dependencypublic route impactAI provider impactmonitoring alert impactoperator notificationcross-project syncrestoration evidencerecurrence guardmaintenance windowrollback owner post-check ",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
"infra/ansible/inventory/**",
"infra/ansible/**/*known_hosts*",
"infra/ansible/**/*ssh*",
"scripts/**/*ssh*",
"scripts/**/*known_hosts*",
"ops/**/*wireguard*",
"ops/**/*firewall*",
"k8s/**/*network*",
"k8s/**/*Network*"
],
"priority": "P1",
"required_gate": "network_access_owner_response_required",
"required_validation": [
"target_whitelist",
"host_key_policy",
"ingress_egress_matrix",
"rollback_owner",
"maintenance_window"
],
"runtime_gate_open": false
},
{
"action_buttons_allowed": false,
"category_id": "ai_provider_model_routing",
"control_tier": "C1",
"coverage_percent": 64,
"coverage_status": "owner_response_acceptance_ready_needs_provider_owner_evidence",
"current_gap": " AI provider / model routing owner response acceptance provider ownerfallback orderdry-runbenchmarkprivacydata classificationprompt redactionrollback post-check evidence 0 production",
"evidence_refs": [
"docs/HARD_RULES.md",
"docs/ai",
"docs/security/AI-PROVIDER-OWNER-RESPONSE-ACCEPTANCE.md",
"docs/security/ai-provider-owner-response-acceptance.snapshot.json"
],
"label": "AI provider / model routing / Ollama proxy / cost and privacy",
"next_owner_action": " provider ownerfallback orderdry-run resultbenchmark resultcost reviewprivacy reviewdata classificationprompt redactionquota budgetquality gaterollback owner post-check evidence",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
"apps/api/src/services/ai_providers/**",
"apps/api/src/services/**/*model*",
"apps/api/src/services/**/*provider*",
"infra/ansible/roles/nginx/templates/110-ollama-proxy.conf.j2",
"docs/ai/**",
"docs/**/*Ollama*"
],
"priority": "P1",
"required_gate": "ai_provider_owner_response_required",
"required_validation": [
"dry_run",
"benchmark",
"cost_review",
"privacy_review",
"fallback_order_check"
],
"runtime_gate_open": false
},
{
"action_buttons_allowed": false,
"category_id": "product_surface_runtime_routes",
"control_tier": "C2",
"coverage_percent": 72,
"coverage_status": "scope_inventory_ready",
"current_gap": " owner response accepted route / admin / webhook ",
"evidence_refs": [
"docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md",
"docs/security/VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md",
"docs/security/AGENT-BOUNTY-IWOOOS-ONBOARDING-HANDOFF.md",
"docs/security/AGENT-BOUNTY-OWNER-REQUEST-DRAFT.md"
],
"label": "AWOOOI / AwoooP / IwoooS / VibeWork / other product runtime routes",
"next_owner_action": " AWOOOIAwoooPIwoooSVibeWorkagent-bounty-protocol owner response",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
"apps/web/src/app/**",
"apps/web/messages/*.json",
"docs/security/VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md",
"docs/security/vibework-iwooos-onboarding-handoff.snapshot.json"
],
"priority": "P2",
"required_gate": "product_surface_owner_response_required",
"required_validation": [
"product_boundary_check",
"i18n_traditional_chinese_check",
"no_internal_transcript_check",
"desktop_mobile_smoke_if_frontend"
],
"runtime_gate_open": false
},
{
"action_buttons_allowed": false,
"category_id": "security_evidence_tooling",
"control_tier": "C3",
"coverage_percent": 88,
"coverage_status": "soc_siem_guard_ready",
"current_gap": "guard SOC / SIEM / Kali / Wazuh snapshot blocking CI",
"evidence_refs": [
"scripts/security/security-mirror-progress-guard.py",
"scripts/security/high-value-config-change-gate.py",
"scripts/security/high-value-config-owner-packet.py",
"docs/security/high-value-config-change-gate.snapshot.json",
"scripts/security/soc-siem-kali-wazuh-integration-control.py",
"docs/security/soc-siem-kali-wazuh-integration-control.snapshot.json"
],
"label": "Security evidence / snapshot / guard tooling",
"next_owner_action": " guard / doc secret sanity / SOC snapshot CI blockingactive scan active response rollout plan",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
"patterns": [
"docs/security/**",
"docs/schemas/**",
"scripts/security/**",
"docs/LOGBOOK.md"
],
"priority": "P3",
"required_gate": "security_evidence_owner_review_required",
"required_validation": [
"snapshot_parse",
"guard_smoke",
"doc_secret_sanity",
"no_runtime_gate_increase"
],
"runtime_gate_open": false
}
],
"execution_boundaries": {
"acme_challenge_change_authorized": false,
"action_buttons_allowed": false,
"active_scan_authorized": false,
"admin_route_change_authorized": false,
"agent_bounty_runtime_authorized": false,
"alert_chain_smoke_authorized": false,
"alertmanager_reload_authorized": false,
"api_contract_change_authorized": false,
"api_route_change_authorized": false,
"argocd_api_read_authorized": false,
"argocd_sync_authorized": false,
"backup_run_authorized": false,
"callback_url_change_authorized": false,
"certbot_renew_authorized": false,
"cookie_policy_change_authorized": false,
"cors_change_authorized": false,
"credential_escrow_marker_write_authorized": false,
"csrf_disable_authorized": false,
"database_migration_authorized": false,
"desktop_mobile_smoke_authorized": false,
"dns_tls_change_authorized": false,
"exporter_deploy_authorized": false,
"force_push_authorized": false,
"frontend_env_change_authorized": false,
"grafana_dashboard_apply_authorized": false,
"helm_upgrade_authorized": false,
"host_live_conf_read_authorized": false,
"host_write_authorized": false,
"i18n_public_text_internal_identity_allowed": false,
"internal_ip_exposure_allowed": false,
"internal_status_code_exposure_allowed": false,
"internal_transcript_exposure_allowed": false,
"kubectl_action_authorized": false,
"langfuse_config_change_authorized": false,
"live_alert_fire_authorized": false,
"middleware_auth_change_authorized": false,
"network_policy_apply_authorized": false,
"nginx_reload_authorized": false,
"nginx_test_authorized": false,
"nodeport_change_authorized": false,
"notification_route_change_authorized": false,
"offsite_remote_delete_authorized": false,
"offsite_sync_authorized": false,
"otel_collector_reload_authorized": false,
"owner_namespace_exposure_allowed": false,
"payout_or_withdrawal_authorized": false,
"prometheus_reload_authorized": false,
"public_gateway_reload_authorized": false,
"public_route_change_authorized": false,
"rate_limit_disable_authorized": false,
"raw_payload_storage_allowed": false,
"rbac_change_authorized": false,
"rclone_config_authorized": false,
"receiver_route_change_authorized": false,
"refs_sync_authorized": false,
"remote_write_change_authorized": false,
"repo_namespace_exposure_allowed": false,
"restic_prune_authorized": false,
"restore_drill_authorized": false,
"restore_run_authorized": false,
"retention_change_authorized": false,
"rollback_executed": false,
"route_smoke_authorized": false,
"runner_change_authorized": false,
"runtime_config_change_authorized": false,
"runtime_execution_authorized": false,
"secret_value_collection_allowed": false,
"security_header_change_authorized": false,
"sentry_deploy_authorized": false,
"signoz_rule_apply_authorized": false,
"silence_policy_change_authorized": false,
"telegram_send_authorized": false,
"velero_restore_authorized": false,
"webhook_receiver_change_authorized": false,
"webhook_secret_change_authorized": false,
"websocket_route_change_authorized": false,
"workflow_modification_authorized": false
},
"generated_at": "2026-06-24T20:14:02+08:00",
"git_commit": "2ec7f6f4",
"lowest_coverage_categories": [
{
"category_id": "ai_provider_model_routing",
"coverage_percent": 64,
"current_gap": " AI provider / model routing owner response acceptance provider ownerfallback orderdry-runbenchmarkprivacydata classificationprompt redactionrollback post-check evidence 0 production",
"label": "AI provider / model routing / Ollama proxy / cost and privacy",
"next_owner_action": " provider ownerfallback orderdry-run resultbenchmark resultcost reviewprivacy reviewdata classificationprompt redactionquota budgetquality gaterollback owner post-check evidence"
},
{
"category_id": "k8s_production_gitops",
"coverage_percent": 66,
"current_gap": " owner response acceptanceGitOps ArgoCD sync / health / degradedPending workloadimage pull / schedulingrollout before-afterevent / metrics / alertdrift scannerCronJob scheduleNetworkPolicy / RBACroute / AI provider / monitoring no-false-green owner responserendered manifest diffArgoCD revisionmaintenance windowrollback revisionpost-check owner no-secret-value evidence",
"label": "K8s / ArgoCD / production manifests",
"next_owner_action": " GitOps / K8s incident / change refactor role / teamArgoCD sync / health / revisiondegraded / Pending / image pull / scheduling rollout before-afterevent summarymetrics / alertdrift scannerCronJob scheduleNetworkPolicy / Service / RBAC public/admin routeAI providermonitoringoperator notificationcross-project syncrecovery still-degraded refrecurrence guardmaintenance windowrollback revisionrollback ownerpost-check owner no-secret-value evidence"
},
{
"category_id": "public_admin_api_runtime_config",
"coverage_percent": 66,
"current_gap": " Public / Admin / API runtime config source / messages guardaffected routeadmin/auth boundaryAPI readbackCORS difffrontend env diffi18n redactionwebhook ownerdesktop/mobile production smokebundle scanrollback post-check evidence 0",
"label": "Public / admin / API / frontend runtime config",
"next_owner_action": " affected route refsadmin/auth boundaryAPI contract readbackCORS origin difffrontend env diffi18n redaction reviewwebhook/callback ownerdesktop/mobile production smokebundle sensitive scanrollback owner post-check evidence"
},
{
"category_id": "backup_restore_credential",
"coverage_percent": 66,
"current_gap": " owner response acceptancerestore recovery backfill freshness before-afterbackup status readbackrestore drill restore targetoffsite syncremote delete guardcredential escrow non-secret proofretention runwayalert textfilecold-start scorecardrollbackpost-change monitoring no-false-green owner responselive backup evidencerestore drill acceptedoffsite / escrow / retention accepted runtime gate 0",
"label": "Backup / restore / escrow / retention",
"next_owner_action": " Backup / Restore / Escrow incident / change refactor role / team freshnessbackup status readbackrestore drill restore targetoffsite syncremote delete guardcredential escrow non-secret proofcredential recovery metadataretention runwayretention / prune decisionrestore observer / stop conditionalert textfilecold-start / DR scorecardrollback validationpost-change monitoringrecurrence guard no-secret-value evidence"
}
],
"next_collection_order": [
"nginx_public_gateway",
"dns_tls_certbot",
"k8s_production_gitops",
"secret_metadata",
"gitea_workflow_runner_source_control",
"public_admin_api_runtime_config",
"ssh_firewall_network_access",
"docker_compose_systemd_host_config",
"monitoring_alerting_observability",
"agent_bounty_protocol_runtime",
"ai_provider_model_routing",
"backup_restore_credential"
],
"operator_interpretation": [
" git diff ",
" category Gate owner response owner response received / accepted 0",
"C0 / C1 coverage percent runtime ",
" live evidence owner-provided redacted evidence SSHreloadscan secret value"
],
"schema_version": "high_value_config_control_coverage_v1",
"source_category_definition": "scripts/security/high-value-config-change-gate.py",
"status": "coverage_matrix_ready",
"summary": {
"action_button_count": 0,
"average_coverage_percent": 73,
"c0_category_count": 8,
"c1_category_count": 4,
"c2_category_count": 1,
"c3_category_count": 1,
"category_count": 14,
"lowest_coverage_category_count": 4,
"needs_live_evidence_count": 10,
"owner_response_accepted_count": 0,
"owner_response_received_count": 0,
"owner_response_required_count": 14,
"registered_control_count": 14,
"runtime_gate_count": 0
}
}