229 lines
24 KiB
Markdown
229 lines
24 KiB
Markdown
# IwoooS 高價值配置控管覆蓋矩陣
|
||
|
||
| 項目 | 內容 |
|
||
|------|------|
|
||
| 日期 | 2026-06-14 |
|
||
| 狀態 | `coverage_matrix_ready` |
|
||
| 工具 | `scripts/security/high-value-config-control-coverage.py` |
|
||
| Snapshot | `docs/security/high-value-config-control-coverage.snapshot.json` |
|
||
| Schema | `docs/schemas/high_value_config_control_coverage_v1.schema.json` |
|
||
| runtime gate | `0` |
|
||
|
||
## 1. 目的
|
||
|
||
此矩陣把「所有重要配置都要被資安控管」從人讀清冊推進成可重跑 snapshot。它直接讀取 `high-value-config-change-gate.py` 的配置分類,避免變更 Gate 與長期覆蓋清冊各自漂移。
|
||
|
||
本階段仍是只讀覆蓋矩陣,不接 blocking CI、不 SSH、不讀 live host、不執行 `nginx -t`、不 reload Nginx、不做 DNS / TLS probe、不 renew cert、不同步 refs、不修改 workflow、不收 secret value、不啟動 agent-bounty runtime。
|
||
|
||
## 1.1 2026-06-14 P0 pattern 覆蓋同步
|
||
|
||
本輪 snapshot 已從最新 `high-value-config-change-gate.py` 讀回 P0 pattern 補強:
|
||
|
||
| 類別 | 新增覆蓋 | 目前解讀 |
|
||
|------|----------|----------|
|
||
| `nginx_public_gateway` | `k8s/nginx/**` | K8s 內 Nginx 公開入口設定納入 P0 / C0 owner response 與 rollback 管控 |
|
||
| `dns_tls_certbot` | `scripts/ops/**/*cert*`、`scripts/ops/**/*tls*` | 憑證修復、renewal 與 TLS 腳本納入 P0 / C0 owner response 與維護窗口管控 |
|
||
|
||
此同步只修正長期覆蓋矩陣與變更 Gate 的一致性,不代表 live evidence 已收到,也不代表可執行 `nginx -t`、reload、certbot renew 或 DNS / TLS 變更。
|
||
|
||
## 1.2 2026-06-14 K8s / ArgoCD manifest repo-only 清冊
|
||
|
||
已新增 `docs/security/K8S-ARGOCD-MANIFEST-INVENTORY.md` 與 `docs/security/k8s-argocd-manifest-inventory.snapshot.json`,將 `k8s/awoooi-prod`、`k8s/argocd`、`k8s/velero`、`k8s/monitoring` 轉成 repo-only manifest inventory。
|
||
|
||
目前固定為 `file_count=49`、`c0_file_count=36`、`yaml_manifest_file_count=45`、`unique_kind_count=20`、`top_level_kind_marker_count=56`、`blocked_action_count=13`、`runtime_gate_count=0`。此 artifact 只補上 K8s / ArgoCD source inventory 的可重跑基線;owner request、rendered manifest diff、ArgoCD health readback、ArgoCD sync、kubectl action、live cluster read 與 production write 仍全部未授權。
|
||
|
||
2026-06-14 P0-21 再新增 `docs/security/K8S-ARGOCD-OWNER-REQUEST-DRAFT.md` 與 `docs/security/k8s-argocd-owner-request-draft.snapshot.json`,將四個 scan group 轉成 `request_draft_count=4`、`c0_request_draft_count=3`、`required_owner_field_count=11`、`evidence_gap_count=8`、`blocked_action_count=13` 的 request draft。此更新仍不是 request sent、owner response received / accepted、ArgoCD readback、sync、kubectl action 或 runtime gate。
|
||
|
||
2026-06-15 P0-25 再新增 `docs/security/K8S-ARGOCD-OWNER-RESPONSE-ACCEPTANCE.md` 與 `docs/security/k8s-argocd-owner-response-acceptance.snapshot.json`,將 manifest inventory 與 owner request draft 轉成 `acceptance_candidate_count=4`、`c0_acceptance_candidate_count=3`、`required_owner_field_count=11`、`reviewer_check_count=12`、`outcome_lane_count=7`、`blocked_action_count=18` 的 owner response acceptance 只讀帳本。此更新讓 `k8s_production_gitops` 從 `58%` 推進到 `62%`;owner response received / accepted、rendered manifest diff、ArgoCD API read、ArgoCD sync、kubectl action、live cluster read、secret collection、runtime gate 與 action button 仍全部為 `0 / false`。
|
||
|
||
## 1.3 2026-06-14 agent-bounty-protocol owner request draft
|
||
|
||
已新增 `docs/security/AGENT-BOUNTY-OWNER-REQUEST-DRAFT.md` 與 `docs/security/agent-bounty-owner-request-draft.snapshot.json`,將 `agent-bounty-protocol` onboarding handoff 轉成 11 份 owner request draft。
|
||
|
||
固定數字為 `request_draft_count=11`、`control_boundary_request_count=4`、`product_surface_request_count=7`、`write_capable_request_draft_count=8`、`treasury_related_request_draft_count=4`、`mcp_a2a_related_request_draft_count=5`、`required_owner_field_count=22`、`forbidden_input_count=25`、`blocked_action_count=28`、`runtime_gate_count=0`。此更新不提高 `agent_bounty_protocol_runtime` 成熟度,仍維持 `68%`;owner response、repo / refs truth、deployment boundary、MCP / A2A boundary、treasury boundary、claim / submit、payout / withdrawal、cron / daemon、runtime gate 與 action button 仍全部為 `0 / false`。
|
||
|
||
## 1.4 2026-06-14 Public Gateway owner response acceptance 只讀帳本
|
||
|
||
已新增 `docs/security/PUBLIC-GATEWAY-OWNER-RESPONSE-ACCEPTANCE.md` 與 `docs/security/public-gateway-owner-response-acceptance.snapshot.json`,將 Public Gateway live conf 匯出請求、redacted export 收件預檢與 rendered diff / `nginx -t` gate 草稿串成 owner response acceptance 只讀帳本。
|
||
|
||
固定數字為 `acceptance_candidate_count=3`、`c0_acceptance_candidate_count=2`、`c1_acceptance_candidate_count=1`、`acceptance_field_count=23`、`required_owner_response_field_count=12`、`reviewer_check_count=12`、`outcome_lane_count=7`、`blocked_action_count=18`、`owner_response_received_count=0`、`owner_response_accepted_count=0`、`runtime_gate_count=0`。此更新只讓 `nginx_public_gateway` 從 `84%` 推進到 `86%`,代表收件驗收帳本更完整;live conf、rendered diff、`nginx -t`、reload、route smoke、DNS / TLS probe、certbot renew、maintenance window、rollback owner、runtime gate 與 action button 仍全部為 `0 / false`。
|
||
|
||
2026-06-14 再新增 `docs/security/PUBLIC-GATEWAY-RENDERED-DIFF-ACCEPTANCE.md` 與 `docs/security/public-gateway-rendered-diff-acceptance.snapshot.json`,把 owner response acceptance 後的 rendered diff evidence、owner-provided `nginx -t` readback、route smoke evidence、TLS / ACME impact、maintenance window、rollback owner 與 post-check evidence 轉成只讀驗收帳本。
|
||
|
||
固定數字為 `diff_acceptance_candidate_count=3`、`c0_diff_acceptance_candidate_count=2`、`c1_diff_acceptance_candidate_count=1`、`diff_acceptance_field_count=25`、`required_evidence_field_count=14`、`reviewer_check_count=15`、`outcome_lane_count=8`、`blocked_action_count=22`、`rendered_diff_accepted_count=0`、`nginx_test_evidence_accepted_count=0`、`route_smoke_result_accepted_count=0`、`runtime_gate_count=0`。此更新只讓 `nginx_public_gateway` 從 `86%` 推進到 `88%`;owner response accepted、redacted live conf accepted、rendered diff accepted、`nginx -t`、reload、route smoke、DNS / TLS probe、certbot renew、production write、runtime gate 與 action button 仍全部為 `0 / false`。
|
||
|
||
## 1.5 2026-06-14 DNS / TLS / certbot owner response acceptance 只讀帳本
|
||
|
||
已新增 `docs/security/DOMAIN-TLS-CERTBOT-OWNER-RESPONSE-ACCEPTANCE.md` 與 `docs/security/domain-tls-certbot-owner-response-acceptance.snapshot.json`,將 4 份 DNS / TLS / certbot owner confirmation request 轉成 metadata-only owner response acceptance 只讀帳本。
|
||
|
||
固定數字為 `acceptance_candidate_count=4`、`c0_acceptance_candidate_count=4`、`acceptance_field_count=23`、`required_owner_response_field_count=13`、`reviewer_check_count=13`、`outcome_lane_count=7`、`blocked_action_count=20`、`owner_response_received_count=0`、`owner_response_accepted_count=0`、`certificate_coverage_confirmed_count=0`、`dns_query_authorized_count=0`、`live_tls_probe_authorized_count=0`、`certbot_renew_authorized_count=0`、`nginx_reload_authorized_count=0`、`route_smoke_authorized_count=0`、`runtime_gate_count=0`。此更新讓 `dns_tls_certbot` 從 `74%` 推進到 `78%`,代表未來 owner 回覆可被補件、隔離、拒收或送 reviewer review;它不代表 DNS query、TLS probe、certbot renew、Nginx reload、route smoke、host write 或 runtime gate 已授權。
|
||
|
||
## 1.6 2026-06-14 Docker / systemd / host service owner response acceptance 只讀帳本
|
||
|
||
已新增 `docs/security/HOST-SERVICE-OWNER-RESPONSE-ACCEPTANCE.md` 與 `docs/security/host-service-owner-response-acceptance.snapshot.json`,將 9 份 Docker / systemd / host service owner request draft 轉成 metadata-only owner response acceptance 只讀帳本。
|
||
|
||
固定數字為 `acceptance_candidate_count=9`、`write_capable_acceptance_candidate_count=3`、`live_evidence_required_candidate_count=8`、`acceptance_field_count=28`、`required_owner_field_count=12`、`reviewer_check_count=14`、`outcome_lane_count=7`、`blocked_action_count=20`、`owner_response_received_count=0`、`owner_response_accepted_count=0`、`live_host_read_authorized_count=0`、`docker_compose_action_authorized_count=0`、`systemctl_action_authorized_count=0`、`repair_bot_execution_authorized_count=0`、`ansible_apply_authorized_count=0`、`runtime_gate_count=0`。此更新讓 `docker_compose_systemd_host_config` 從 `50%` 推進到 `54%`,也讓高價值配置平均只讀成熟度從 `67%` 推進到 `68%`;它不代表 live host read、restart、repair-bot、Ansible、sudo、host write 或 runtime gate 已授權。
|
||
|
||
## 2. 覆蓋摘要
|
||
|
||
| 指標 | 目前值 | 說明 |
|
||
|------|--------|------|
|
||
| 註冊配置類別 | `14` | 全部來自高價值配置 Gate 的 CATEGORIES |
|
||
| C0 類別 | `8` | Nginx、DNS / TLS、K8s、secret、workflow / runner、runtime config、backup、agent-bounty runtime |
|
||
| C1 類別 | `4` | 監控、Docker / systemd、SSH / network、AI provider |
|
||
| C2 類別 | `1` | 產品 runtime route 與跨產品邊界 |
|
||
| C3 類別 | `1` | security evidence / snapshot / guard tooling |
|
||
| 平均只讀控管成熟度 | `68%` | 僅代表框架 / evidence / owner packet / acceptance ledger 準備度,不代表 runtime 可執行 |
|
||
| 需要 live evidence 的類別 | `6` | 只能等 owner-provided redacted evidence 或維護窗口,不主動修改主機 |
|
||
| owner response required | `14` | 每類都需要 owner response 才能往 accepted 前進 |
|
||
| owner response received / accepted | `0 / 0` | 不得假性提高 |
|
||
| runtime gate | `0` | 不得產生執行按鈕 |
|
||
|
||
## 3. 低成熟與高風險追蹤優先順序
|
||
|
||
| 優先 | 類別 | 目前成熟度 | 下一步 |
|
||
|------|------|------------|--------|
|
||
| P1-1 | Docker Compose / systemd / host service config | `54%` | repo-only 清冊已納入 9 個 surface,owner request draft 與 owner response acceptance ledger 已完成;仍缺 owner response、110 / 188 live hash、maintenance / restart window、rollback owner、post-check plan、disable switch 與 no-secret-value evidence |
|
||
| P1-2 | SSH / sudoers / known_hosts / firewall / WireGuard / NodePort | `58%` | repo-only 清冊已納入 16 個 SSH / network access surface,owner request draft 與 owner response acceptance ledger 已完成;仍缺 owner response、live access state、allowed source CIDR、host key pinning、port impact、firewall owner、maintenance window、rollback owner 與 validation plan |
|
||
| P1-3 | Backup / restore / escrow / retention | `62%` | repo-only 清冊已納入 38 個 surface,owner request draft 與 owner response acceptance ledger 已完成;仍缺 owner response、restore drill approval package、offsite / escrow owner、retention owner、rollback owner、validation plan 與 no-secret-value evidence |
|
||
| P1-4 | Prometheus / Alertmanager / Grafana / SigNoz / Sentry / Langfuse | `62%` | repo-only 清冊已納入 60 個 monitoring / alerting / observability surface,owner request draft 已轉成 60 份草稿;仍缺 owner response、live drift evidence、reload owner、receiver owner、route smoke 與 receipt proof |
|
||
|
||
## 4. 固定 0 / false 邊界
|
||
|
||
以下旗標必須維持 `false`:
|
||
|
||
```text
|
||
runtime_execution_authorized=false
|
||
host_write_authorized=false
|
||
host_live_conf_read_authorized=false
|
||
nginx_test_authorized=false
|
||
public_gateway_reload_authorized=false
|
||
public_route_change_authorized=false
|
||
admin_route_change_authorized=false
|
||
websocket_route_change_authorized=false
|
||
acme_challenge_change_authorized=false
|
||
route_smoke_authorized=false
|
||
rollback_executed=false
|
||
nginx_reload_authorized=false
|
||
dns_tls_change_authorized=false
|
||
certbot_renew_authorized=false
|
||
argocd_sync_authorized=false
|
||
kubectl_action_authorized=false
|
||
backup_run_authorized=false
|
||
restore_run_authorized=false
|
||
restore_drill_authorized=false
|
||
offsite_sync_authorized=false
|
||
offsite_remote_delete_authorized=false
|
||
credential_escrow_marker_write_authorized=false
|
||
retention_change_authorized=false
|
||
restic_prune_authorized=false
|
||
rclone_config_authorized=false
|
||
velero_restore_authorized=false
|
||
workflow_modification_authorized=false
|
||
runner_change_authorized=false
|
||
refs_sync_authorized=false
|
||
force_push_authorized=false
|
||
secret_value_collection_allowed=false
|
||
active_scan_authorized=false
|
||
agent_bounty_runtime_authorized=false
|
||
payout_or_withdrawal_authorized=false
|
||
action_buttons_allowed=false
|
||
prometheus_reload_authorized=false
|
||
alertmanager_reload_authorized=false
|
||
grafana_dashboard_apply_authorized=false
|
||
signoz_rule_apply_authorized=false
|
||
sentry_deploy_authorized=false
|
||
langfuse_config_change_authorized=false
|
||
otel_collector_reload_authorized=false
|
||
receiver_route_change_authorized=false
|
||
silence_policy_change_authorized=false
|
||
telegram_send_authorized=false
|
||
notification_route_change_authorized=false
|
||
webhook_receiver_change_authorized=false
|
||
remote_write_change_authorized=false
|
||
exporter_deploy_authorized=false
|
||
live_alert_fire_authorized=false
|
||
alert_chain_smoke_authorized=false
|
||
```
|
||
|
||
## 5. 判讀規則
|
||
|
||
1. `coverage_percent` 只代表只讀框架成熟度,不代表已收到 owner response。
|
||
2. `coverage_status` 是下一步分流用語,不是 runtime approval state。
|
||
3. C0 / C1 類別若缺 live evidence,只能等待 owner-provided redacted evidence、維護窗口與 rollback owner。
|
||
4. `agent-bounty-protocol` 已是 C0 runtime / MCP / A2A / treasury boundary,且 owner request draft 已完成;目前仍不得 claim / submit / payout / daemon / webhook / runtime execution。
|
||
5. IwoooS 前端可顯示覆蓋矩陣,但不得提供可執行按鈕,也不得把可見狀態解讀成資安批准。
|
||
|
||
## 6. 指令
|
||
|
||
```bash
|
||
python3 scripts/security/high-value-config-control-coverage.py \
|
||
--root . \
|
||
--output docs/security/high-value-config-control-coverage.snapshot.json
|
||
```
|
||
|
||
固定 committed snapshot 時間:
|
||
|
||
```bash
|
||
python3 scripts/security/high-value-config-control-coverage.py \
|
||
--root . \
|
||
--generated-at 2026-06-11T21:30:00+08:00 \
|
||
--output docs/security/high-value-config-control-coverage.snapshot.json
|
||
```
|
||
|
||
## 7. 完成度
|
||
|
||
| 工作 | 完成度 | 說明 |
|
||
|------|--------|------|
|
||
| 全高價值配置類別註冊 | `100%` | 14 類全部來自既有 Gate 定義 |
|
||
| 覆蓋 snapshot / schema | `100%` | 已新增可重跑 snapshot 與 JSON schema |
|
||
| DNS / TLS / certbot owner response acceptance | `100%` | 已新增 `domain_tls_certbot_owner_response_acceptance_v1`,4 個 C0 candidate、13 個 owner 必填欄位、13 個 reviewer checks、7 條 outcome lanes、20 類 blocked action;成熟度 `74% -> 78%` |
|
||
| Docker / systemd / host service owner response acceptance | `100%` | 已新增 `host_service_owner_response_acceptance_v1`,9 個 candidate、3 個 write-capable、14 個 reviewer checks、7 條 outcome lanes、20 類 blocked action;成熟度 `50% -> 54%` |
|
||
| owner response 收件 | `0%` | 尚未收到或接受任何 owner response |
|
||
| live evidence collection | `0%` | 未 SSH、未 live probe、未 active scan |
|
||
| runtime gate | `0%` | 未開啟任何執行期閘門 |
|
||
|
||
## 8. P1-1 Docker / systemd 清冊更新
|
||
|
||
`host_service_config_inventory_v1` 已把 Docker Compose、systemd / repair-bot、Ansible service role 與 host config backup capture 納入 repo-only 清冊,共 `9` 個 surface、`3` 個 write-capable surface、`2` 個 repair-bot whitelist、`1` 個 systemd restart surface。此更新只讓 `docker_compose_systemd_host_config` 從 `42%` 推進到 `50%`;owner response、live evidence、restart window、rollback owner、runtime gate 與 action button 仍全部為 `0`。
|
||
|
||
2026-06-14 再新增 `host_service_owner_request_draft_v1`,把 9 個 surface 轉成 `request_draft_count=9`、`write_capable_request_draft_count=3`、`live_evidence_required_request_count=8`、`required_owner_field_count=12`、`blocked_action_count=14` 的人工送件前草稿。此更新仍不調高類別成熟度,因為 request sent、owner response received / accepted、live evidence、restart window、rollback owner、runtime gate 與 action button 仍全部為 `0`。
|
||
|
||
2026-06-14 再新增 `host_service_owner_response_acceptance_v1`,把 9 份 request draft 轉成 `acceptance_candidate_count=9`、`write_capable_acceptance_candidate_count=3`、`live_evidence_required_candidate_count=8`、`required_owner_field_count=12`、`reviewer_check_count=14`、`outcome_lane_count=7`、`blocked_action_count=20` 的 owner response acceptance 只讀帳本。此更新讓 `docker_compose_systemd_host_config` 從 `50%` 推進到 `54%`,但 owner response received / accepted、live hash、maintenance / restart window、rollback owner、post-check plan、disable switch、live host read、SSH、Docker Compose、systemctl、repair-bot、Ansible、sudo、host write、runtime gate 與 action button 仍全部為 `0`。
|
||
|
||
## 9. P1-2 SSH / network access 清冊更新
|
||
|
||
`ssh_network_access_inventory_v1` 已把 SSH target、known_hosts workflow、CI deploy SSH、monitoring SSH、backup SSH capture、sudoers wrapper、NetworkPolicy、NodePort、WireGuard runbook 與 alert SSH action catalog 納入 repo-only 清冊,共 `16` 個 surface、`6` 個 write-capable surface、`2` 個 NetworkPolicy、`2` 個 NodePort、`1` 個 sudoers surface 與 `1` 個 WireGuard surface。此更新只讓 `ssh_firewall_network_access` 從 `48%` 推進到 `54%`;owner response、live evidence、maintenance window、rollback owner、runtime gate 與 action button 仍全部為 `0`。
|
||
|
||
2026-06-14 再新增 `ssh_network_owner_request_draft_v1`,把 16 個 surface 轉成 `request_draft_count=16`、`write_capable_request_draft_count=6`、`live_evidence_required_request_count=16`、`required_owner_field_count=13`、`blocked_action_count=16` 的人工送件前草稿。此更新仍不調高類別成熟度,因為 request sent、owner response received / accepted、live access state、firewall / port / NetworkPolicy / NodePort / WireGuard 變更、runtime gate 與 action button 仍全部為 `0`。
|
||
|
||
2026-06-15 再新增 `ssh_network_owner_response_acceptance_v1`,把 16 份 request draft 轉成 `acceptance_candidate_count=16`、`write_capable_acceptance_candidate_count=6`、`live_evidence_required_candidate_count=16`、`required_owner_field_count=13`、`reviewer_check_count=15`、`outcome_lane_count=7`、`blocked_action_count=22` 的 owner response acceptance 只讀帳本。此更新讓 `ssh_firewall_network_access` 從 `54%` 推進到 `58%`,但 owner response received / accepted、live access state、host key pinning、port policy、firewall owner、NetworkPolicy / NodePort、WireGuard cutover、SSH、keyscan、known_hosts patch、firewall / port 變更、runtime gate 與 action button 仍全部為 `0`。
|
||
|
||
## 10. P1-3 Backup / restore / escrow / retention 清冊更新
|
||
|
||
`backup_restore_escrow_inventory_v1` 已把 backup orchestration、service backup scripts、restic retention、offsite sync、credential escrow、Velero restore drill、backup health alert 與 cold-start / DR runbook 納入 repo-only 清冊,共 `38` 個 surface、`15` 個 backup script surface、`8` 個 offsite / escrow surface、`5` 個 Velero surface 與 `27` 個 write-capable surface。此更新只讓 `backup_restore_credential` 從 `52%` 推進到 `58%`;owner response、live evidence、restore drill acceptance、offsite sync acceptance、credential escrow acceptance、retention change acceptance、runtime gate 與 action button 仍全部為 `0`。
|
||
|
||
2026-06-14 再新增 `backup_restore_owner_request_draft_v1`,把 38 個 surface 轉成 `request_draft_count=38`、`write_capable_request_draft_count=27`、`live_evidence_required_request_count=38`、`required_owner_field_count=14`、`blocked_action_count=18` 的人工送件前草稿。此更新仍不調高類別成熟度,因為 request sent、owner response received / accepted、live backup evidence、backup run、restore run、offsite sync、escrow marker write、retention change、runtime gate 與 action button 仍全部為 `0`。
|
||
|
||
2026-06-15 再新增 `backup_restore_owner_response_acceptance_v1`,把 38 份 request draft 轉成 `acceptance_candidate_count=38`、`write_capable_acceptance_candidate_count=27`、`live_evidence_required_candidate_count=38`、`required_owner_field_count=14`、`reviewer_check_count=13`、`outcome_lane_count=7`、`blocked_action_count=22` 的 owner response acceptance 只讀帳本。此更新讓 `backup_restore_credential` 從 `58%` 推進到 `62%`,但 owner response received / accepted、live backup evidence、restore drill acceptance、offsite sync acceptance、credential escrow acceptance、retention change acceptance、backup run、restore run、runtime gate 與 action button 仍全部為 `0`。
|
||
|
||
## 11. P1-4 Monitoring / alerting / observability 清冊更新
|
||
|
||
`monitoring_alerting_observability_inventory_v1` 已把 Prometheus、Alertmanager、Grafana、SigNoz、Sentry、Langfuse、OTEL、Telegram / notification policy、deploy / reload scripts 與 alert chain smoke scripts 納入 repo-only 清冊,共 `60` 個 surface、`13` 個 alert rule surface、`6` 個 deploy / reload surface、`11` 個 write-capable surface 與 `1` 個 drift guard surface。此更新只讓 `monitoring_alerting_observability` 從 `56%` 推進到 `62%`;owner response、live evidence、reload owner、receiver owner、route smoke、runtime gate 與 action button 仍全部為 `0`。
|
||
|
||
2026-06-14 再新增 `monitoring_owner_request_draft_v1`,把 60 個 surface 轉成 `request_draft_count=60`、`write_capable_request_draft_count=11`、`live_evidence_required_request_count=60`、`required_owner_field_count=14`、`blocked_action_count=24` 的人工送件前草稿。此更新仍不調高類別成熟度,因為 request sent、owner response received / accepted、live evidence、reload、receiver route change、silence change、Telegram send、alert chain smoke、runtime gate 與 action button 仍全部為 `0`。
|
||
|
||
## 12. P0 Public Gateway Preflight 清冊更新
|
||
|
||
`public_gateway_preflight_inventory_v1` 已把 Nginx public gateway reload / route change 前置 Gate 固定成只讀清冊,共 `3` 份 source config、`14` 個 route impact、`14` 個 unique upstream、`12` 個 preflight gate,其中 `2` 個 gate 只代表 repo-only ready,`10` 個 gate 仍需 owner acceptance。此更新讓 `nginx_public_gateway` 從 `78%` 推進到 `84%`;owner response、owner-provided live conf、rendered diff、`nginx -t` evidence、route smoke、maintenance window、rollback owner、runtime gate 與 action button 仍全部為 `0`。
|
||
|
||
2026-06-14 再新增 `public_gateway_owner_response_acceptance_v1`,把 3 份 public gateway config 轉成 `acceptance_candidate_count=3`、`c0_acceptance_candidate_count=2`、`required_owner_response_field_count=12`、`reviewer_check_count=12`、`outcome_lane_count=7`、`blocked_action_count=18` 的 owner response acceptance 只讀帳本。此更新只讓 `nginx_public_gateway` 從 `84%` 推進到 `86%`;owner response received / accepted、redacted export received / accepted、rendered diff ready、`nginx -t`、reload、route smoke、DNS / TLS probe、certbot renew、runtime gate 與 action button 仍全部為 `0`。
|
||
|
||
2026-06-14 再新增 `public_gateway_rendered_diff_acceptance_v1`,把 3 份 public gateway config 轉成 `diff_acceptance_candidate_count=3`、`c0_diff_acceptance_candidate_count=2`、`required_evidence_field_count=14`、`reviewer_check_count=15`、`outcome_lane_count=8`、`blocked_action_count=22` 的 rendered diff evidence acceptance 只讀帳本。此更新只讓 `nginx_public_gateway` 從 `86%` 推進到 `88%`;owner response accepted、rendered diff accepted、owner-provided `nginx -t` evidence accepted、route smoke evidence accepted、reload、DNS / TLS probe、certbot renew、runtime gate 與 action button 仍全部為 `0`。
|
||
|
||
## 13. P0 DNS / TLS / certbot owner response acceptance 更新
|
||
|
||
`domain_tls_certbot_owner_response_acceptance_v1` 已把 4 份 DNS / TLS / certbot owner confirmation request 轉成 owner response acceptance 只讀帳本。四份候選全部為 `C0`,固定 `acceptance_candidate_count=4`、`required_owner_response_field_count=13`、`reviewer_check_count=13`、`outcome_lane_count=7`、`blocked_action_count=20`,讓 `dns_tls_certbot` 從 `74%` 推進到 `78%`。
|
||
|
||
此更新只補齊 SAN / wildcard / 共用憑證覆蓋關係、certificate expiry metadata ref、renewal owner、ACME route owner、maintenance window、rollback owner 與 validation plan 的收件驗收規則;owner response received / accepted、certificate coverage confirmed、DNS query、live TLS probe、certbot renew、Nginx reload、route smoke、DNS record 修改、certificate path 修改、ACME challenge route 修改、host write、runtime gate 與 action button 仍全部為 `0 / false`。
|