Files
awoooi/docs/security/HIGH-VALUE-CONFIG-CONTROL-COVERAGE.md
Your Name a4998f915c
All checks were successful
Code Review / ai-code-review (push) Successful in 14s
CD Pipeline / tests (push) Successful in 1m32s
CD Pipeline / build-and-deploy (push) Successful in 4m37s
CD Pipeline / post-deploy-checks (push) Successful in 1m31s
fix(iwooos): 新增 public gateway diff evidence acceptance
2026-06-15 00:12:53 +08:00

229 lines
24 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# IwoooS 高價值配置控管覆蓋矩陣
| 項目 | 內容 |
|------|------|
| 日期 | 2026-06-14 |
| 狀態 | `coverage_matrix_ready` |
| 工具 | `scripts/security/high-value-config-control-coverage.py` |
| Snapshot | `docs/security/high-value-config-control-coverage.snapshot.json` |
| Schema | `docs/schemas/high_value_config_control_coverage_v1.schema.json` |
| runtime gate | `0` |
## 1. 目的
此矩陣把「所有重要配置都要被資安控管」從人讀清冊推進成可重跑 snapshot。它直接讀取 `high-value-config-change-gate.py` 的配置分類,避免變更 Gate 與長期覆蓋清冊各自漂移。
本階段仍是只讀覆蓋矩陣,不接 blocking CI、不 SSH、不讀 live host、不執行 `nginx -t`、不 reload Nginx、不做 DNS / TLS probe、不 renew cert、不同步 refs、不修改 workflow、不收 secret value、不啟動 agent-bounty runtime。
## 1.1 2026-06-14 P0 pattern 覆蓋同步
本輪 snapshot 已從最新 `high-value-config-change-gate.py` 讀回 P0 pattern 補強:
| 類別 | 新增覆蓋 | 目前解讀 |
|------|----------|----------|
| `nginx_public_gateway` | `k8s/nginx/**` | K8s 內 Nginx 公開入口設定納入 P0 / C0 owner response 與 rollback 管控 |
| `dns_tls_certbot` | `scripts/ops/**/*cert*``scripts/ops/**/*tls*` | 憑證修復、renewal 與 TLS 腳本納入 P0 / C0 owner response 與維護窗口管控 |
此同步只修正長期覆蓋矩陣與變更 Gate 的一致性,不代表 live evidence 已收到,也不代表可執行 `nginx -t`、reload、certbot renew 或 DNS / TLS 變更。
## 1.2 2026-06-14 K8s / ArgoCD manifest repo-only 清冊
已新增 `docs/security/K8S-ARGOCD-MANIFEST-INVENTORY.md``docs/security/k8s-argocd-manifest-inventory.snapshot.json`,將 `k8s/awoooi-prod``k8s/argocd``k8s/velero``k8s/monitoring` 轉成 repo-only manifest inventory。
目前固定為 `file_count=49``c0_file_count=36``yaml_manifest_file_count=45``unique_kind_count=20``top_level_kind_marker_count=56``blocked_action_count=13``runtime_gate_count=0`。此 artifact 只補上 K8s / ArgoCD source inventory 的可重跑基線owner request、rendered manifest diff、ArgoCD health readback、ArgoCD sync、kubectl action、live cluster read 與 production write 仍全部未授權。
2026-06-14 P0-21 再新增 `docs/security/K8S-ARGOCD-OWNER-REQUEST-DRAFT.md``docs/security/k8s-argocd-owner-request-draft.snapshot.json`,將四個 scan group 轉成 `request_draft_count=4``c0_request_draft_count=3``required_owner_field_count=11``evidence_gap_count=8``blocked_action_count=13` 的 request draft。此更新仍不是 request sent、owner response received / accepted、ArgoCD readback、sync、kubectl action 或 runtime gate。
2026-06-15 P0-25 再新增 `docs/security/K8S-ARGOCD-OWNER-RESPONSE-ACCEPTANCE.md``docs/security/k8s-argocd-owner-response-acceptance.snapshot.json`,將 manifest inventory 與 owner request draft 轉成 `acceptance_candidate_count=4``c0_acceptance_candidate_count=3``required_owner_field_count=11``reviewer_check_count=12``outcome_lane_count=7``blocked_action_count=18` 的 owner response acceptance 只讀帳本。此更新讓 `k8s_production_gitops``58%` 推進到 `62%`owner response received / accepted、rendered manifest diff、ArgoCD API read、ArgoCD sync、kubectl action、live cluster read、secret collection、runtime gate 與 action button 仍全部為 `0 / false`
## 1.3 2026-06-14 agent-bounty-protocol owner request draft
已新增 `docs/security/AGENT-BOUNTY-OWNER-REQUEST-DRAFT.md``docs/security/agent-bounty-owner-request-draft.snapshot.json`,將 `agent-bounty-protocol` onboarding handoff 轉成 11 份 owner request draft。
固定數字為 `request_draft_count=11``control_boundary_request_count=4``product_surface_request_count=7``write_capable_request_draft_count=8``treasury_related_request_draft_count=4``mcp_a2a_related_request_draft_count=5``required_owner_field_count=22``forbidden_input_count=25``blocked_action_count=28``runtime_gate_count=0`。此更新不提高 `agent_bounty_protocol_runtime` 成熟度,仍維持 `68%`owner response、repo / refs truth、deployment boundary、MCP / A2A boundary、treasury boundary、claim / submit、payout / withdrawal、cron / daemon、runtime gate 與 action button 仍全部為 `0 / false`
## 1.4 2026-06-14 Public Gateway owner response acceptance 只讀帳本
已新增 `docs/security/PUBLIC-GATEWAY-OWNER-RESPONSE-ACCEPTANCE.md``docs/security/public-gateway-owner-response-acceptance.snapshot.json`,將 Public Gateway live conf 匯出請求、redacted export 收件預檢與 rendered diff / `nginx -t` gate 草稿串成 owner response acceptance 只讀帳本。
固定數字為 `acceptance_candidate_count=3``c0_acceptance_candidate_count=2``c1_acceptance_candidate_count=1``acceptance_field_count=23``required_owner_response_field_count=12``reviewer_check_count=12``outcome_lane_count=7``blocked_action_count=18``owner_response_received_count=0``owner_response_accepted_count=0``runtime_gate_count=0`。此更新只讓 `nginx_public_gateway``84%` 推進到 `86%`代表收件驗收帳本更完整live conf、rendered diff、`nginx -t`、reload、route smoke、DNS / TLS probe、certbot renew、maintenance window、rollback owner、runtime gate 與 action button 仍全部為 `0 / false`
2026-06-14 再新增 `docs/security/PUBLIC-GATEWAY-RENDERED-DIFF-ACCEPTANCE.md``docs/security/public-gateway-rendered-diff-acceptance.snapshot.json`,把 owner response acceptance 後的 rendered diff evidence、owner-provided `nginx -t` readback、route smoke evidence、TLS / ACME impact、maintenance window、rollback owner 與 post-check evidence 轉成只讀驗收帳本。
固定數字為 `diff_acceptance_candidate_count=3``c0_diff_acceptance_candidate_count=2``c1_diff_acceptance_candidate_count=1``diff_acceptance_field_count=25``required_evidence_field_count=14``reviewer_check_count=15``outcome_lane_count=8``blocked_action_count=22``rendered_diff_accepted_count=0``nginx_test_evidence_accepted_count=0``route_smoke_result_accepted_count=0``runtime_gate_count=0`。此更新只讓 `nginx_public_gateway``86%` 推進到 `88%`owner response accepted、redacted live conf accepted、rendered diff accepted、`nginx -t`、reload、route smoke、DNS / TLS probe、certbot renew、production write、runtime gate 與 action button 仍全部為 `0 / false`
## 1.5 2026-06-14 DNS / TLS / certbot owner response acceptance 只讀帳本
已新增 `docs/security/DOMAIN-TLS-CERTBOT-OWNER-RESPONSE-ACCEPTANCE.md``docs/security/domain-tls-certbot-owner-response-acceptance.snapshot.json`,將 4 份 DNS / TLS / certbot owner confirmation request 轉成 metadata-only owner response acceptance 只讀帳本。
固定數字為 `acceptance_candidate_count=4``c0_acceptance_candidate_count=4``acceptance_field_count=23``required_owner_response_field_count=13``reviewer_check_count=13``outcome_lane_count=7``blocked_action_count=20``owner_response_received_count=0``owner_response_accepted_count=0``certificate_coverage_confirmed_count=0``dns_query_authorized_count=0``live_tls_probe_authorized_count=0``certbot_renew_authorized_count=0``nginx_reload_authorized_count=0``route_smoke_authorized_count=0``runtime_gate_count=0`。此更新讓 `dns_tls_certbot``74%` 推進到 `78%`,代表未來 owner 回覆可被補件、隔離、拒收或送 reviewer review它不代表 DNS query、TLS probe、certbot renew、Nginx reload、route smoke、host write 或 runtime gate 已授權。
## 1.6 2026-06-14 Docker / systemd / host service owner response acceptance 只讀帳本
已新增 `docs/security/HOST-SERVICE-OWNER-RESPONSE-ACCEPTANCE.md``docs/security/host-service-owner-response-acceptance.snapshot.json`,將 9 份 Docker / systemd / host service owner request draft 轉成 metadata-only owner response acceptance 只讀帳本。
固定數字為 `acceptance_candidate_count=9``write_capable_acceptance_candidate_count=3``live_evidence_required_candidate_count=8``acceptance_field_count=28``required_owner_field_count=12``reviewer_check_count=14``outcome_lane_count=7``blocked_action_count=20``owner_response_received_count=0``owner_response_accepted_count=0``live_host_read_authorized_count=0``docker_compose_action_authorized_count=0``systemctl_action_authorized_count=0``repair_bot_execution_authorized_count=0``ansible_apply_authorized_count=0``runtime_gate_count=0`。此更新讓 `docker_compose_systemd_host_config``50%` 推進到 `54%`,也讓高價值配置平均只讀成熟度從 `67%` 推進到 `68%`;它不代表 live host read、restart、repair-bot、Ansible、sudo、host write 或 runtime gate 已授權。
## 2. 覆蓋摘要
| 指標 | 目前值 | 說明 |
|------|--------|------|
| 註冊配置類別 | `14` | 全部來自高價值配置 Gate 的 CATEGORIES |
| C0 類別 | `8` | Nginx、DNS / TLS、K8s、secret、workflow / runner、runtime config、backup、agent-bounty runtime |
| C1 類別 | `4` | 監控、Docker / systemd、SSH / network、AI provider |
| C2 類別 | `1` | 產品 runtime route 與跨產品邊界 |
| C3 類別 | `1` | security evidence / snapshot / guard tooling |
| 平均只讀控管成熟度 | `68%` | 僅代表框架 / evidence / owner packet / acceptance ledger 準備度,不代表 runtime 可執行 |
| 需要 live evidence 的類別 | `6` | 只能等 owner-provided redacted evidence 或維護窗口,不主動修改主機 |
| owner response required | `14` | 每類都需要 owner response 才能往 accepted 前進 |
| owner response received / accepted | `0 / 0` | 不得假性提高 |
| runtime gate | `0` | 不得產生執行按鈕 |
## 3. 低成熟與高風險追蹤優先順序
| 優先 | 類別 | 目前成熟度 | 下一步 |
|------|------|------------|--------|
| P1-1 | Docker Compose / systemd / host service config | `54%` | repo-only 清冊已納入 9 個 surfaceowner request draft 與 owner response acceptance ledger 已完成;仍缺 owner response、110 / 188 live hash、maintenance / restart window、rollback owner、post-check plan、disable switch 與 no-secret-value evidence |
| P1-2 | SSH / sudoers / known_hosts / firewall / WireGuard / NodePort | `58%` | repo-only 清冊已納入 16 個 SSH / network access surfaceowner request draft 與 owner response acceptance ledger 已完成;仍缺 owner response、live access state、allowed source CIDR、host key pinning、port impact、firewall owner、maintenance window、rollback owner 與 validation plan |
| P1-3 | Backup / restore / escrow / retention | `62%` | repo-only 清冊已納入 38 個 surfaceowner request draft 與 owner response acceptance ledger 已完成;仍缺 owner response、restore drill approval package、offsite / escrow owner、retention owner、rollback owner、validation plan 與 no-secret-value evidence |
| P1-4 | Prometheus / Alertmanager / Grafana / SigNoz / Sentry / Langfuse | `62%` | repo-only 清冊已納入 60 個 monitoring / alerting / observability surfaceowner request draft 已轉成 60 份草稿;仍缺 owner response、live drift evidence、reload owner、receiver owner、route smoke 與 receipt proof |
## 4. 固定 0 / false 邊界
以下旗標必須維持 `false`
```text
runtime_execution_authorized=false
host_write_authorized=false
host_live_conf_read_authorized=false
nginx_test_authorized=false
public_gateway_reload_authorized=false
public_route_change_authorized=false
admin_route_change_authorized=false
websocket_route_change_authorized=false
acme_challenge_change_authorized=false
route_smoke_authorized=false
rollback_executed=false
nginx_reload_authorized=false
dns_tls_change_authorized=false
certbot_renew_authorized=false
argocd_sync_authorized=false
kubectl_action_authorized=false
backup_run_authorized=false
restore_run_authorized=false
restore_drill_authorized=false
offsite_sync_authorized=false
offsite_remote_delete_authorized=false
credential_escrow_marker_write_authorized=false
retention_change_authorized=false
restic_prune_authorized=false
rclone_config_authorized=false
velero_restore_authorized=false
workflow_modification_authorized=false
runner_change_authorized=false
refs_sync_authorized=false
force_push_authorized=false
secret_value_collection_allowed=false
active_scan_authorized=false
agent_bounty_runtime_authorized=false
payout_or_withdrawal_authorized=false
action_buttons_allowed=false
prometheus_reload_authorized=false
alertmanager_reload_authorized=false
grafana_dashboard_apply_authorized=false
signoz_rule_apply_authorized=false
sentry_deploy_authorized=false
langfuse_config_change_authorized=false
otel_collector_reload_authorized=false
receiver_route_change_authorized=false
silence_policy_change_authorized=false
telegram_send_authorized=false
notification_route_change_authorized=false
webhook_receiver_change_authorized=false
remote_write_change_authorized=false
exporter_deploy_authorized=false
live_alert_fire_authorized=false
alert_chain_smoke_authorized=false
```
## 5. 判讀規則
1. `coverage_percent` 只代表只讀框架成熟度,不代表已收到 owner response。
2. `coverage_status` 是下一步分流用語,不是 runtime approval state。
3. C0 / C1 類別若缺 live evidence只能等待 owner-provided redacted evidence、維護窗口與 rollback owner。
4. `agent-bounty-protocol` 已是 C0 runtime / MCP / A2A / treasury boundary且 owner request draft 已完成;目前仍不得 claim / submit / payout / daemon / webhook / runtime execution。
5. IwoooS 前端可顯示覆蓋矩陣,但不得提供可執行按鈕,也不得把可見狀態解讀成資安批准。
## 6. 指令
```bash
python3 scripts/security/high-value-config-control-coverage.py \
--root . \
--output docs/security/high-value-config-control-coverage.snapshot.json
```
固定 committed snapshot 時間:
```bash
python3 scripts/security/high-value-config-control-coverage.py \
--root . \
--generated-at 2026-06-11T21:30:00+08:00 \
--output docs/security/high-value-config-control-coverage.snapshot.json
```
## 7. 完成度
| 工作 | 完成度 | 說明 |
|------|--------|------|
| 全高價值配置類別註冊 | `100%` | 14 類全部來自既有 Gate 定義 |
| 覆蓋 snapshot / schema | `100%` | 已新增可重跑 snapshot 與 JSON schema |
| DNS / TLS / certbot owner response acceptance | `100%` | 已新增 `domain_tls_certbot_owner_response_acceptance_v1`4 個 C0 candidate、13 個 owner 必填欄位、13 個 reviewer checks、7 條 outcome lanes、20 類 blocked action成熟度 `74% -> 78%` |
| Docker / systemd / host service owner response acceptance | `100%` | 已新增 `host_service_owner_response_acceptance_v1`9 個 candidate、3 個 write-capable、14 個 reviewer checks、7 條 outcome lanes、20 類 blocked action成熟度 `50% -> 54%` |
| owner response 收件 | `0%` | 尚未收到或接受任何 owner response |
| live evidence collection | `0%` | 未 SSH、未 live probe、未 active scan |
| runtime gate | `0%` | 未開啟任何執行期閘門 |
## 8. P1-1 Docker / systemd 清冊更新
`host_service_config_inventory_v1` 已把 Docker Compose、systemd / repair-bot、Ansible service role 與 host config backup capture 納入 repo-only 清冊,共 `9` 個 surface、`3` 個 write-capable surface、`2` 個 repair-bot whitelist、`1` 個 systemd restart surface。此更新只讓 `docker_compose_systemd_host_config``42%` 推進到 `50%`owner response、live evidence、restart window、rollback owner、runtime gate 與 action button 仍全部為 `0`
2026-06-14 再新增 `host_service_owner_request_draft_v1`,把 9 個 surface 轉成 `request_draft_count=9``write_capable_request_draft_count=3``live_evidence_required_request_count=8``required_owner_field_count=12``blocked_action_count=14` 的人工送件前草稿。此更新仍不調高類別成熟度,因為 request sent、owner response received / accepted、live evidence、restart window、rollback owner、runtime gate 與 action button 仍全部為 `0`
2026-06-14 再新增 `host_service_owner_response_acceptance_v1`,把 9 份 request draft 轉成 `acceptance_candidate_count=9``write_capable_acceptance_candidate_count=3``live_evidence_required_candidate_count=8``required_owner_field_count=12``reviewer_check_count=14``outcome_lane_count=7``blocked_action_count=20` 的 owner response acceptance 只讀帳本。此更新讓 `docker_compose_systemd_host_config``50%` 推進到 `54%`,但 owner response received / accepted、live hash、maintenance / restart window、rollback owner、post-check plan、disable switch、live host read、SSH、Docker Compose、systemctl、repair-bot、Ansible、sudo、host write、runtime gate 與 action button 仍全部為 `0`
## 9. P1-2 SSH / network access 清冊更新
`ssh_network_access_inventory_v1` 已把 SSH target、known_hosts workflow、CI deploy SSH、monitoring SSH、backup SSH capture、sudoers wrapper、NetworkPolicy、NodePort、WireGuard runbook 與 alert SSH action catalog 納入 repo-only 清冊,共 `16` 個 surface、`6` 個 write-capable surface、`2` 個 NetworkPolicy、`2` 個 NodePort、`1` 個 sudoers surface 與 `1` 個 WireGuard surface。此更新只讓 `ssh_firewall_network_access``48%` 推進到 `54%`owner response、live evidence、maintenance window、rollback owner、runtime gate 與 action button 仍全部為 `0`
2026-06-14 再新增 `ssh_network_owner_request_draft_v1`,把 16 個 surface 轉成 `request_draft_count=16``write_capable_request_draft_count=6``live_evidence_required_request_count=16``required_owner_field_count=13``blocked_action_count=16` 的人工送件前草稿。此更新仍不調高類別成熟度,因為 request sent、owner response received / accepted、live access state、firewall / port / NetworkPolicy / NodePort / WireGuard 變更、runtime gate 與 action button 仍全部為 `0`
2026-06-15 再新增 `ssh_network_owner_response_acceptance_v1`,把 16 份 request draft 轉成 `acceptance_candidate_count=16``write_capable_acceptance_candidate_count=6``live_evidence_required_candidate_count=16``required_owner_field_count=13``reviewer_check_count=15``outcome_lane_count=7``blocked_action_count=22` 的 owner response acceptance 只讀帳本。此更新讓 `ssh_firewall_network_access``54%` 推進到 `58%`,但 owner response received / accepted、live access state、host key pinning、port policy、firewall owner、NetworkPolicy / NodePort、WireGuard cutover、SSH、keyscan、known_hosts patch、firewall / port 變更、runtime gate 與 action button 仍全部為 `0`
## 10. P1-3 Backup / restore / escrow / retention 清冊更新
`backup_restore_escrow_inventory_v1` 已把 backup orchestration、service backup scripts、restic retention、offsite sync、credential escrow、Velero restore drill、backup health alert 與 cold-start / DR runbook 納入 repo-only 清冊,共 `38` 個 surface、`15` 個 backup script surface、`8` 個 offsite / escrow surface、`5` 個 Velero surface 與 `27` 個 write-capable surface。此更新只讓 `backup_restore_credential``52%` 推進到 `58%`owner response、live evidence、restore drill acceptance、offsite sync acceptance、credential escrow acceptance、retention change acceptance、runtime gate 與 action button 仍全部為 `0`
2026-06-14 再新增 `backup_restore_owner_request_draft_v1`,把 38 個 surface 轉成 `request_draft_count=38``write_capable_request_draft_count=27``live_evidence_required_request_count=38``required_owner_field_count=14``blocked_action_count=18` 的人工送件前草稿。此更新仍不調高類別成熟度,因為 request sent、owner response received / accepted、live backup evidence、backup run、restore run、offsite sync、escrow marker write、retention change、runtime gate 與 action button 仍全部為 `0`
2026-06-15 再新增 `backup_restore_owner_response_acceptance_v1`,把 38 份 request draft 轉成 `acceptance_candidate_count=38``write_capable_acceptance_candidate_count=27``live_evidence_required_candidate_count=38``required_owner_field_count=14``reviewer_check_count=13``outcome_lane_count=7``blocked_action_count=22` 的 owner response acceptance 只讀帳本。此更新讓 `backup_restore_credential``58%` 推進到 `62%`,但 owner response received / accepted、live backup evidence、restore drill acceptance、offsite sync acceptance、credential escrow acceptance、retention change acceptance、backup run、restore run、runtime gate 與 action button 仍全部為 `0`
## 11. P1-4 Monitoring / alerting / observability 清冊更新
`monitoring_alerting_observability_inventory_v1` 已把 Prometheus、Alertmanager、Grafana、SigNoz、Sentry、Langfuse、OTEL、Telegram / notification policy、deploy / reload scripts 與 alert chain smoke scripts 納入 repo-only 清冊,共 `60` 個 surface、`13` 個 alert rule surface、`6` 個 deploy / reload surface、`11` 個 write-capable surface 與 `1` 個 drift guard surface。此更新只讓 `monitoring_alerting_observability``56%` 推進到 `62%`owner response、live evidence、reload owner、receiver owner、route smoke、runtime gate 與 action button 仍全部為 `0`
2026-06-14 再新增 `monitoring_owner_request_draft_v1`,把 60 個 surface 轉成 `request_draft_count=60``write_capable_request_draft_count=11``live_evidence_required_request_count=60``required_owner_field_count=14``blocked_action_count=24` 的人工送件前草稿。此更新仍不調高類別成熟度,因為 request sent、owner response received / accepted、live evidence、reload、receiver route change、silence change、Telegram send、alert chain smoke、runtime gate 與 action button 仍全部為 `0`
## 12. P0 Public Gateway Preflight 清冊更新
`public_gateway_preflight_inventory_v1` 已把 Nginx public gateway reload / route change 前置 Gate 固定成只讀清冊,共 `3` 份 source config、`14` 個 route impact、`14` 個 unique upstream、`12` 個 preflight gate其中 `2` 個 gate 只代表 repo-only ready`10` 個 gate 仍需 owner acceptance。此更新讓 `nginx_public_gateway``78%` 推進到 `84%`owner response、owner-provided live conf、rendered diff、`nginx -t` evidence、route smoke、maintenance window、rollback owner、runtime gate 與 action button 仍全部為 `0`
2026-06-14 再新增 `public_gateway_owner_response_acceptance_v1`,把 3 份 public gateway config 轉成 `acceptance_candidate_count=3``c0_acceptance_candidate_count=2``required_owner_response_field_count=12``reviewer_check_count=12``outcome_lane_count=7``blocked_action_count=18` 的 owner response acceptance 只讀帳本。此更新只讓 `nginx_public_gateway``84%` 推進到 `86%`owner response received / accepted、redacted export received / accepted、rendered diff ready、`nginx -t`、reload、route smoke、DNS / TLS probe、certbot renew、runtime gate 與 action button 仍全部為 `0`
2026-06-14 再新增 `public_gateway_rendered_diff_acceptance_v1`,把 3 份 public gateway config 轉成 `diff_acceptance_candidate_count=3``c0_diff_acceptance_candidate_count=2``required_evidence_field_count=14``reviewer_check_count=15``outcome_lane_count=8``blocked_action_count=22` 的 rendered diff evidence acceptance 只讀帳本。此更新只讓 `nginx_public_gateway``86%` 推進到 `88%`owner response accepted、rendered diff accepted、owner-provided `nginx -t` evidence accepted、route smoke evidence accepted、reload、DNS / TLS probe、certbot renew、runtime gate 與 action button 仍全部為 `0`
## 13. P0 DNS / TLS / certbot owner response acceptance 更新
`domain_tls_certbot_owner_response_acceptance_v1` 已把 4 份 DNS / TLS / certbot owner confirmation request 轉成 owner response acceptance 只讀帳本。四份候選全部為 `C0`,固定 `acceptance_candidate_count=4``required_owner_response_field_count=13``reviewer_check_count=13``outcome_lane_count=7``blocked_action_count=20`,讓 `dns_tls_certbot``74%` 推進到 `78%`
此更新只補齊 SAN / wildcard / 共用憑證覆蓋關係、certificate expiry metadata ref、renewal owner、ACME route owner、maintenance window、rollback owner 與 validation plan 的收件驗收規則owner response received / accepted、certificate coverage confirmed、DNS query、live TLS probe、certbot renew、Nginx reload、route smoke、DNS record 修改、certificate path 修改、ACME challenge route 修改、host write、runtime gate 與 action button 仍全部為 `0 / false`