4307 lines
206 KiB
JSON
4307 lines
206 KiB
JSON
{
|
||
"metadata": {
|
||
"title": "AWOOOI - Zero-Touch Ops. Human-Centric Decisions.",
|
||
"description": "AI-Powered Intelligent Operations Platform"
|
||
},
|
||
"common": {
|
||
"loading": "Loading...",
|
||
"error": "An error occurred",
|
||
"success": "Success",
|
||
"cancel": "Cancel",
|
||
"confirm": "Confirm",
|
||
"close": "Close",
|
||
"closeEsc": "Close (ESC)",
|
||
"previous": "Previous (←)",
|
||
"next": "Next (→)",
|
||
"save": "Save",
|
||
"delete": "Delete",
|
||
"edit": "Edit",
|
||
"back": "Back",
|
||
"clear": "Clear",
|
||
"refresh": "Refresh",
|
||
"viewDetails": "View Details",
|
||
"later": "Later",
|
||
"keyboardShortcuts": "Keyboard Shortcuts",
|
||
"showShortcuts": "Show Shortcuts"
|
||
},
|
||
"brand": {
|
||
"name": "AWOOOI",
|
||
"slogan": "Zero-Touch Ops. Human-Centric Decisions.",
|
||
"sloganAlt": "零干預維運,以人為本的決策。",
|
||
"tagline": "AI-Powered Intelligent Operations Platform",
|
||
"aiTagline": "AI Sees. AI Acts. You Approve.",
|
||
"version": "v1.0.0",
|
||
"environment": "Production"
|
||
},
|
||
"nav": {
|
||
"home": "Home",
|
||
"dashboard": "Dashboard",
|
||
"approvals": "Approvals",
|
||
"errors": "Error Tracking",
|
||
"actions": "Action Log",
|
||
"knowledge": "Knowledge Base",
|
||
"settings": "Settings",
|
||
"alerts": "Alerts",
|
||
"monitoring": "Monitoring",
|
||
"apm": "APM",
|
||
"topology": "Topology",
|
||
"security": "Security",
|
||
"compliance": "Compliance",
|
||
"autoRepair": "Auto Repair",
|
||
"deployments": "Deployments",
|
||
"tickets": "Tickets",
|
||
"cost": "Cost",
|
||
"reports": "Reports",
|
||
"terminal": "Terminal",
|
||
"apps": "Apps",
|
||
"services": "Services",
|
||
"users": "Users",
|
||
"notifications": "Notifications",
|
||
"billing": "Billing",
|
||
"help": "Help",
|
||
"drift": "Drift Detection",
|
||
"neuralCommand": "Neural Command",
|
||
"commandCenter": "Command Center",
|
||
"observability": "Observability",
|
||
"automation": "Automation",
|
||
"operations": "Operations",
|
||
"securityCompliance": "Security & Compliance",
|
||
"classicAICenter": "Classic AI Center",
|
||
"governance": "AI Governance",
|
||
"awooop": "AwoooP",
|
||
"iwooos": "IwoooS"
|
||
},
|
||
"locale": {
|
||
"switch": "Switch Language",
|
||
"zhTW": "繁體中文",
|
||
"en": "EN"
|
||
},
|
||
"demo": {
|
||
"title": "AWOOOI Demo",
|
||
"subtitle": "Visual Acceptance Test",
|
||
"mockMode": "MOCK MODE",
|
||
"spikeControls": "CPU Spike Demo Controls",
|
||
"spikeActive": "SPIKE ACTIVE",
|
||
"triggerSpike": "Spike {host}",
|
||
"clearSpike": "Clear Spike",
|
||
"liveDashboard": "Live Dashboard (SSE)",
|
||
"approvalCards": "HITL Approval Cards (CPO-107)",
|
||
"statusShowcase": "StatusOrb Showcase",
|
||
"lowRiskDemo": "LOW RISK - 1 second hold",
|
||
"highRiskDemo": "HIGH RISK - 1 second hold",
|
||
"criticalDemo": "CRITICAL + DESTRUCTIVE - 2 second hold + red glow",
|
||
"hitlRealApi": "HITL Multi-Sig (Real API)",
|
||
"addCritical": "+ Critical",
|
||
"addMedium": "+ Medium",
|
||
"creating": "Creating..."
|
||
},
|
||
"host": {
|
||
"devops": {
|
||
"name": "DevOps Vault",
|
||
"shortName": "DevOps"
|
||
},
|
||
"security": {
|
||
"name": "Kali Security Center",
|
||
"shortName": "Kali"
|
||
},
|
||
"k3s": {
|
||
"name": "K3s Master Node",
|
||
"shortName": "K3s"
|
||
},
|
||
"aiWeb": {
|
||
"name": "AI+Web Center",
|
||
"shortName": "AI+Web"
|
||
}
|
||
},
|
||
"dashboard": {
|
||
"title": "AI Center",
|
||
"subtitle": "AI-Powered Unified Operations View",
|
||
"liveStats": "Live Stats",
|
||
"activeNodes": "Active Nodes",
|
||
"pendingAlerts": "Pending Alerts",
|
||
"pendingApprovals": "Pending Approvals",
|
||
"overallStatus": "Overall Status",
|
||
"waitingData": "Waiting for data...",
|
||
"cpu": "CPU",
|
||
"memory": "MEM",
|
||
"baseline": "Baseline",
|
||
"baselineFormat": "(Baseline: {value}%)",
|
||
"criticality": "Criticality",
|
||
"systemStatus": "System Status",
|
||
"eventStream": "Event Stream",
|
||
"aiAgent": "AI Agent",
|
||
"globalPulse": "Global Pulse",
|
||
"liveUpdates": "Live Updates",
|
||
"loadingMetrics": "Loading metrics...",
|
||
"metricsError": "Failed to load metrics",
|
||
"flow": {
|
||
"alert": "Alert",
|
||
"detection": "AI Detection",
|
||
"analysis": "AI Analysis",
|
||
"proposal": "Proposal",
|
||
"approval": "Awaiting Auth",
|
||
"execution": "Execution",
|
||
"resolved": "Resolved"
|
||
},
|
||
"activeIncidents": "Active Incidents",
|
||
"serviceHealth": "Service Health",
|
||
"todayIncidents": "Today Incidents",
|
||
"autoRemediationRate": "Auto Remediation",
|
||
"mttrAvg": "MTTR Avg",
|
||
"stable": "Stable",
|
||
"normal": "Normal",
|
||
"openclawEngine": "OPENCLAW COGNITIVE ENGINE",
|
||
"infrastructure": "INFRASTRUCTURE",
|
||
"podHealth": "POD Health",
|
||
"allRunning": "All Running",
|
||
"servicesUp": "Services Up",
|
||
"monitoringTools": "Monitoring Tools",
|
||
"monitoringStatus": {
|
||
"up": "OK",
|
||
"down": "Down",
|
||
"unknown": "Unknown",
|
||
"firing": "firing",
|
||
"alert": "alerts"
|
||
},
|
||
"connectionError": "Connection failed",
|
||
"metaVersion": "Version",
|
||
"metaStats": "Stats",
|
||
"metaUpdatedAt": "Updated",
|
||
"tabs": {
|
||
"overview": "Overview",
|
||
"alerts": "Alerts & Approvals",
|
||
"stream": "Activity Stream",
|
||
"disposition": "Disposition Stats"
|
||
},
|
||
"alertEvents": "Alert Events",
|
||
"noActiveAlerts": "No active alerts",
|
||
"pendingApprovalsTitle": "Pending Approvals",
|
||
"noPendingApprovals": "No pending approvals",
|
||
"approve": "Approve",
|
||
"reject": "Reject",
|
||
"activityStream": "System Activity Stream",
|
||
"sseConnected": "SSE Connected",
|
||
"sseDisconnected": "Disconnected",
|
||
"waitingEvents": "Waiting for events...",
|
||
"statusLabel": "Status",
|
||
"hostsLabel": "Hosts",
|
||
"eventsCount": "{count} events",
|
||
"noDispositionData": "No disposition data available",
|
||
"totalDispositions": "Total Dispositions",
|
||
"autoRate": "Automation Rate",
|
||
"humanRate": "Human Intervention Rate",
|
||
"autoRepairLabel": "Auto Repair",
|
||
"humanApprovedLabel": "Human Approved",
|
||
"manualResolvedLabel": "Manual Resolved",
|
||
"coldStartLabel": "Cold Start",
|
||
"dispositionBreakdown": "Disposition Breakdown",
|
||
"hostView": "Hosts",
|
||
"topoView": "Topology",
|
||
"waitingHostData": "Waiting for host data...",
|
||
"dashboardConnecting": "Dashboard API connecting...",
|
||
"alertBadge": "{count} alerts",
|
||
"alertBadgeZero": "0 alerts",
|
||
"awaitingConfirm": "Awaiting Confirmation",
|
||
"viewAllAlerts": "View All Alerts",
|
||
"viewAllAuth": "View All Authorizations",
|
||
"viewAllReport": "View Full Report",
|
||
"aiModelStatus": "AI Model Status",
|
||
"loading": "Loading...",
|
||
"trendUp": "↑{pct}%",
|
||
"searchPlaceholderShort": "Search...",
|
||
"cotTitle": "Reasoning Timeline",
|
||
"cotNoEvents": "Waiting for reasoning data...",
|
||
"cotReasoning": "Reasoning",
|
||
"cotConfidence": "Confidence",
|
||
"cotProvider": "Model",
|
||
"cotLatency": "Latency",
|
||
"cotTools": "Tool Calls",
|
||
"cotClickHint": "Click an event to view reasoning details",
|
||
"byAnomalyTitle": "Anomaly Type Distribution Top 5",
|
||
"byAnomalyAutoRate": "Auto {pct}%",
|
||
"mttrTitle": "MTTR Overview",
|
||
"mttrUnit": "min",
|
||
"mttrNoData": "No MTTR data yet"
|
||
},
|
||
"openclaw": {
|
||
"name": "OpenClaw",
|
||
"monitoring": "Monitoring",
|
||
"statusOk": "OK",
|
||
"statusWarning": "WARNING",
|
||
"messageOk": "All systems operational. No action required.",
|
||
"messageWarning": "{host} status abnormal. Recommend checking related services."
|
||
},
|
||
"ai": {
|
||
"title": "AI Decision Engine",
|
||
"intercepting": "[SYS] Intercepting anomaly signals...",
|
||
"analyzing": "OpenClaw analyzing blast radius...",
|
||
"calculating": "Calculating risk matrix & approval threshold...",
|
||
"generating": "Generating remediation script...",
|
||
"complete": "Analysis complete. Approval card created.",
|
||
"processingAlert": "Processing alert...",
|
||
"analysisComplete": "Analysis complete",
|
||
"patrolling": "Patrolling...",
|
||
"standby": "STANDBY",
|
||
"processFlow": "AI Decision Flow",
|
||
"processing": "Processing"
|
||
},
|
||
"agent": {
|
||
"title": "AI Agent",
|
||
"state": "State",
|
||
"idle": "Idle",
|
||
"standby": "Standby",
|
||
"patrolling": "Patrolling",
|
||
"intercepting": "Intercepting",
|
||
"analyzing": "Analyzing",
|
||
"generating": "Generating",
|
||
"complete": "Complete",
|
||
"executing": "Executing",
|
||
"waitingApproval": "Awaiting Approval",
|
||
"error": "Error",
|
||
"lastCheck": "Last check"
|
||
},
|
||
"metrics": {
|
||
"title": "Global Pulse",
|
||
"realtime": "Real-time",
|
||
"rps": "Requests/sec",
|
||
"errorRate": "Error Rate",
|
||
"p99Latency": "P99 Latency",
|
||
"aiSuccess": "AI Success"
|
||
},
|
||
"connection": {
|
||
"disconnected": "Disconnected",
|
||
"connecting": "Connecting...",
|
||
"subscribing": "Subscribing...",
|
||
"connected": "Live",
|
||
"streaming": "Streaming",
|
||
"reconnecting": "Reconnecting...",
|
||
"error": "Connection Error",
|
||
"mockMode": "MOCK"
|
||
},
|
||
"terminal": {
|
||
"title": "AWOOOI Terminal",
|
||
"version": "Version",
|
||
"waiting": "> Waiting for command...",
|
||
"initiate": "INITIATE SYNC",
|
||
"executing": ">_ EXECUTING...",
|
||
"events": "{count} events",
|
||
"stream": "STREAM: /agent/thinking",
|
||
"waitingForData": "Waiting for decision chain data...",
|
||
"steps": "Steps",
|
||
"streaming": "Streaming",
|
||
"paused": "Paused",
|
||
"blastRadius": "[ BLAST RADIUS ]",
|
||
"rootCauseChain": "[ ROOT CAUSE CHAIN ]",
|
||
"upstreamImpact": "[ UPSTREAM IMPACT ]",
|
||
"downstreamDependencies": "[ DOWNSTREAM DEPENDENCIES ]",
|
||
"dependsOn": "depends on",
|
||
"calls": "calls",
|
||
"finopsAnalysis": "[ FINOPS ANALYSIS ]",
|
||
"wastedPerMonth": "Wasted/mo",
|
||
"realizable": "Realizable",
|
||
"freed": "Freed",
|
||
"connecting": "Connecting...",
|
||
"connected": "Connected",
|
||
"streamComplete": "Stream complete",
|
||
"streamAborted": "Stream aborted",
|
||
"stop": "STOP",
|
||
"clear": "CLEAR"
|
||
},
|
||
"omniTerminal": {
|
||
"title": "OMNI-TERMINAL",
|
||
"fullTitle": "AWOOOI // OMNI-TERMINAL",
|
||
"shortcut": "⌘J",
|
||
"open": "Open Terminal",
|
||
"close": "Close Terminal",
|
||
"inputPlaceholder": "Enter command...",
|
||
"inputPlaceholderFull": "Enter command or ask AI... (e.g., /approval list)",
|
||
"sseLive": "SSE Live",
|
||
"offline": "Offline",
|
||
"system": "[SYS]",
|
||
"agent": "[AI]",
|
||
"user": "$",
|
||
"unknownComponent": "Unknown Component",
|
||
"executing": "Executing",
|
||
"completed": "Completed",
|
||
"failed": "Failed"
|
||
},
|
||
"nuclearKey": {
|
||
"authorize": "Authorize Execution",
|
||
"authorized": "Authorized",
|
||
"authorizing": "Authorizing...",
|
||
"holdToAuthorize": "Hold to authorize...",
|
||
"holdHintMobile": "Press and hold to authorize",
|
||
"holdHintDesktop": "Hold Y key or click and hold to authorize",
|
||
"keepHolding": "Keep holding to authorize...",
|
||
"highBlastRadius": "This action has a HIGH blast radius",
|
||
"executionAuthorized": "Execution Authorized & Completed",
|
||
"executionFailed": "Execution Failed",
|
||
"riskLevel": {
|
||
"low": "LOW",
|
||
"medium": "MEDIUM",
|
||
"high": "HIGH",
|
||
"critical": "CRITICAL"
|
||
}
|
||
},
|
||
"incident": {
|
||
"title": "Incident Management",
|
||
"activeIncidents": "Active Incidents",
|
||
"noActiveIncidents": "No active incidents",
|
||
"systemStable": "System Stable",
|
||
"activeAlerts": "active alerts",
|
||
"signals": "signals",
|
||
"proposals": "proposals",
|
||
"affectedServices": "Affected Services",
|
||
"emptyState": "No active incidents",
|
||
"emptyStateDescription": "All systems operational",
|
||
"status": {
|
||
"investigating": "Investigating",
|
||
"mitigating": "Mitigating",
|
||
"resolved": "Resolved",
|
||
"closed": "Closed"
|
||
},
|
||
"severity": {
|
||
"P0": "P0 (Critical)",
|
||
"P1": "P1 (High)",
|
||
"P2": "P2 (Warning)",
|
||
"P3": "P3 (Info)"
|
||
},
|
||
"generateProposal": "Generate Proposal",
|
||
"viewDetails": "View Details",
|
||
"card": {
|
||
"executing": "Executing...",
|
||
"approved": "[ APPROVED ]",
|
||
"rejected": "[ REJECTED ]",
|
||
"error": "Error",
|
||
"timeout": "Timeout",
|
||
"retry": "Retry",
|
||
"timeoutMessage": "Execution timeout, please check API logs",
|
||
"checkApiLogs": "Please check API logs",
|
||
"analyzing": "Brain analyzing...",
|
||
"waitingDecision": "Waiting for decision",
|
||
"authorizeExecution": "Authorize execution",
|
||
"rejectProposal": "Reject proposal",
|
||
"aiExecuting": ">_ AI Executing (Tier 1)",
|
||
"brainAnalyzing": ">_ Brain analyzing...",
|
||
"decisionReady": ">_ Decision ready (Tier {tier})",
|
||
"waitingCommander": ">_ Awaiting commander approval (Tier {tier})",
|
||
"suggestedAction": "> Suggested action:",
|
||
"authorize": "Authorize",
|
||
"reject": "Reject",
|
||
"anomaly": "anomaly",
|
||
"affectedServices": "Affected Services",
|
||
"signalCount": "Signals",
|
||
"statusLabel": "Status",
|
||
"aiProposal": "AI Proposal",
|
||
"processingTimeline": "Processing Timeline",
|
||
"timelineLoading": "Loading processing timeline...",
|
||
"timelineEvents": "Event Details",
|
||
"timelineSource": "Source",
|
||
"timelineRoute": "MCP",
|
||
"timelineWrites": "Writes"
|
||
}
|
||
},
|
||
"status": {
|
||
"idle": "Idle",
|
||
"thinking": "Thinking",
|
||
"syncing": "Syncing",
|
||
"executing": "Executing",
|
||
"waitingApproval": "Waiting Approval",
|
||
"error": "Error",
|
||
"healthy": "Healthy",
|
||
"warning": "Warning",
|
||
"critical": "Critical",
|
||
"degraded": "Degraded",
|
||
"unhealthy": "Unhealthy"
|
||
},
|
||
"approval": {
|
||
"title": "Approval Request",
|
||
"card": "Approval Card",
|
||
"approve": "APPROVE",
|
||
"reject": "REJECT",
|
||
"holdToApprove": "HOLD TO APPROVE",
|
||
"holdToConfirm": "HOLD TO CONFIRM",
|
||
"holdToSign": "HOLD TO SIGN",
|
||
"confirming": "CONFIRMING...",
|
||
"signing": "SIGNING...",
|
||
"needMore": "NEED {count} MORE",
|
||
"confirmDestructive": "CONFIRM DESTRUCTIVE",
|
||
"approveDestructive": "APPROVE (DESTRUCTIVE)",
|
||
"pendingApprovals": "Pending Approvals",
|
||
"riskLevel": "Risk Level",
|
||
"signatures": "SIGNATURES",
|
||
"requiredSignatures": "Required Signatures",
|
||
"currentSignatures": "Current Signatures",
|
||
"requestedBy": "Requested by",
|
||
"expiresAt": "Expires At",
|
||
"holdHint": "Hold button for {seconds}s to {action}",
|
||
"actionApprove": "approve",
|
||
"actionConfirm": "confirm destructive action",
|
||
"actionSign": "sign",
|
||
"waitingSecondSig": "Waiting for second approver",
|
||
"signedBy": "Signed by {name}",
|
||
"signedAt": "at {time}",
|
||
"signSuccess": "Signed successfully",
|
||
"executionTriggered": "Execution triggered",
|
||
"rejectSuccess": "Rejected",
|
||
"rejectReason": "Rejection reason",
|
||
"enterReason": "Enter rejection reason...",
|
||
"signComment": "Sign comment (optional)",
|
||
"enterComment": "Enter comment...",
|
||
"noApprovals": "No pending approvals",
|
||
"fetchError": "Failed to fetch approvals",
|
||
"noPendingApprovals": "No pending approvals",
|
||
"selectApproval": "Select an approval to view details",
|
||
"backToList": "Back to list",
|
||
"previousApproval": "Previous",
|
||
"nextApproval": "Next",
|
||
"holdToApproveHint": "Hold button to approve or reject",
|
||
"swipeHint": "Swipe left for details, swipe right to go back",
|
||
"holdYToApprove": "Hold Y to approve (2s)",
|
||
"pressNToReject": "Press N to reject",
|
||
"justNow": "just now",
|
||
"minutesAgo": "{count}m ago",
|
||
"hoursAgo": "{count}h ago",
|
||
"daysAgo": "{count}d ago",
|
||
"batch": {
|
||
"title": "Batch Mode",
|
||
"bulkApprove": "Accept All",
|
||
"sequential": "Review One by One",
|
||
"criticalOnly": "CRITICAL Only",
|
||
"eligible": "eligible",
|
||
"items": "items",
|
||
"securityNote": "CRITICAL risk and DESTRUCTIVE data impact items require individual review."
|
||
}
|
||
},
|
||
"risk": {
|
||
"low": "LOW RISK",
|
||
"medium": "MEDIUM RISK",
|
||
"high": "HIGH RISK",
|
||
"critical": "CRITICAL"
|
||
},
|
||
"dryRun": {
|
||
"title": "Dry-Run",
|
||
"validation": "DRY-RUN VALIDATION",
|
||
"passed": "Passed",
|
||
"failed": "Failed",
|
||
"checks": "Checks",
|
||
"rbac": "RBAC Check",
|
||
"syntax": "Syntax Check",
|
||
"resource": "Resource Check",
|
||
"replicaCount": "Replica Count",
|
||
"backupAvailable": "Backup Available",
|
||
"clusterAdmin": "cluster-admin",
|
||
"dbAdmin": "db-admin",
|
||
"deploymentAdmin": "deployment-admin",
|
||
"noRecentBackup": "No recent backup!",
|
||
"ok": "OK"
|
||
},
|
||
"blastRadius": {
|
||
"title": "BLAST RADIUS",
|
||
"affectedPods": "AFFECTED PODS",
|
||
"estimatedDowntime": "EST. DOWNTIME",
|
||
"relatedServices": "RELATED SERVICES",
|
||
"dataImpact": "DATA IMPACT",
|
||
"none": "NONE",
|
||
"readOnly": "READ ONLY",
|
||
"write": "WRITE",
|
||
"destructive": "DESTRUCTIVE"
|
||
},
|
||
"graphRag": {
|
||
"title": "Topology Analysis",
|
||
"blastRadius": "Blast Radius",
|
||
"rootCause": "Root Cause",
|
||
"upstreamImpact": "Upstream Impact",
|
||
"downstreamChain": "Downstream Chain",
|
||
"dependsOn": "depends on",
|
||
"calls": "calls",
|
||
"affectedCount": "Affected Count",
|
||
"probableRootCauses": "Probable Root Causes"
|
||
},
|
||
"finops": {
|
||
"title": "Cost Analysis",
|
||
"totalWasted": "Monthly Waste",
|
||
"realizableSavings": "Realizable Savings",
|
||
"freedResources": "Freed Resources",
|
||
"annualProjection": "Annual Projection",
|
||
"topActions": "Top Actions",
|
||
"orphanedPvc": "Orphaned PVC",
|
||
"zombiePod": "Zombie Pod",
|
||
"overProvisioned": "Over-provisioned"
|
||
},
|
||
"trustEngine": {
|
||
"title": "Trust Engine",
|
||
"trustScore": "Trust Score",
|
||
"progressive": "Progressive Autonomy",
|
||
"approved": "Approved",
|
||
"rejected": "Rejected",
|
||
"neverDowngrade": "Never Downgrade"
|
||
},
|
||
"multiSig": {
|
||
"title": "Multi-Sig",
|
||
"signature": "Signature",
|
||
"signedBy": "Signed By",
|
||
"signedAt": "Signed At",
|
||
"voided": "Voided",
|
||
"toctouWarning": "State Changed Warning"
|
||
},
|
||
"privacy": {
|
||
"title": "Privacy Shield",
|
||
"redacted": "Redacted",
|
||
"piiDetected": "PII Detected"
|
||
},
|
||
"mockData": {
|
||
"deletePod": "Delete Pod: nginx-frontend-7d4b8c9f5-xk2m3",
|
||
"deletePodDesc": "Clean up unresponsive frontend Pod, ReplicaSet will auto-rebuild",
|
||
"dropTable": "DROP TABLE: user_sessions",
|
||
"dropTableDesc": "Clear all user sessions, will force logout all users",
|
||
"scaleDeployment": "Scale Deployment: api-backend",
|
||
"scaleDeploymentDesc": "Scale from 3 to 5 replicas for increased traffic",
|
||
"testActions": {
|
||
"lowAction": "Scale deployment api-backend to 5 replicas",
|
||
"lowDesc": "Increase backend replicas to handle traffic growth",
|
||
"mediumAction": "kubectl delete pod nginx-ingress-7d6f8c9b5-abc12",
|
||
"mediumDesc": "Clean up unresponsive frontend Pod, ReplicaSet will auto-rebuild",
|
||
"criticalAction": "DROP TABLE user_sessions",
|
||
"criticalDesc": "Clear all user sessions to force re-login. This will affect all online users."
|
||
}
|
||
},
|
||
"actionLog": {
|
||
"title": "Action Log",
|
||
"subtitle": "K8s Operation Execution Audit Trail",
|
||
"noLogs": "No execution records",
|
||
"loading": "Loading...",
|
||
"fetchError": "Failed to fetch audit logs",
|
||
"columns": {
|
||
"time": "Execution Time",
|
||
"operation": "Operation Type",
|
||
"target": "Target Resource",
|
||
"namespace": "Namespace",
|
||
"status": "Status",
|
||
"duration": "Duration",
|
||
"executor": "Executor"
|
||
},
|
||
"operations": {
|
||
"DELETE_POD": "Delete Pod",
|
||
"RESTART_DEPLOYMENT": "Restart Deployment",
|
||
"SCALE_DEPLOYMENT": "Scale Deployment"
|
||
},
|
||
"status": {
|
||
"success": "Success",
|
||
"failure": "Failure"
|
||
},
|
||
"stats": {
|
||
"title": "Statistics",
|
||
"total": "Total Executions",
|
||
"successRate": "Success Rate",
|
||
"avgDuration": "Avg Duration",
|
||
"last24h": "Last 24 Hours"
|
||
},
|
||
"dryRun": {
|
||
"passed": "Dry-Run Passed",
|
||
"failed": "Dry-Run Failed"
|
||
},
|
||
"pagination": {
|
||
"page": "Page {current} of {total}",
|
||
"prev": "Previous",
|
||
"next": "Next"
|
||
}
|
||
},
|
||
"placeholder": {
|
||
"underConstruction": "Under Construction",
|
||
"authorizations": "[ AUTHORIZATIONS MODULE UNDER CONSTRUCTION ]",
|
||
"knowledgeBase": "[ KNOWLEDGE BASE MODULE UNDER CONSTRUCTION ]",
|
||
"settings": "[ SETTINGS MODULE UNDER CONSTRUCTION ]"
|
||
},
|
||
"footer": {
|
||
"copyright": "© 2026 岑洋國際行銷有限公司",
|
||
"poweredBy": "Powered by leWOOOgo Engine"
|
||
},
|
||
"errorBoundary": {
|
||
"systemFailure": "[SYSTEM FAILURE]",
|
||
"criticalError": "Critical UI rendering error detected. Auto-healing attempts exhausted.",
|
||
"escalating": "Escalating to OpenClaw AIOps Agent...",
|
||
"forceRestart": "FORCE MANUAL RESTART",
|
||
"detectingAnomaly": "[ DETECTING ANOMALY ]",
|
||
"autoHealingAttempt": "Initiating Auto-Healing Protocol (Attempt {attempt}/3)"
|
||
},
|
||
"errors": {
|
||
"title": "Error Tracking",
|
||
"subtitle": "Sentry Error Tracking + OpenClaw AI Analysis",
|
||
"overview": "Error Overview",
|
||
"recentIssues": "Recent Issues",
|
||
"errorTrend": "Error Trend",
|
||
"noData": "No error data",
|
||
"noIssues": "No issues at the moment",
|
||
"noTrendData": "No trend data",
|
||
"unresolvedIssues": "Unresolved Issues",
|
||
"errors24h": "Errors (24h)",
|
||
"criticalErrors": "Critical Errors",
|
||
"totalIssues": "Total Issues",
|
||
"totalErrors": "Total Errors ({period})",
|
||
"projects": "Projects",
|
||
"aiAnalyze": "AI Analyze",
|
||
"aiAnalysis": "AI Analysis Result",
|
||
"analyzing": "Analyzing...",
|
||
"rootCause": "Root Cause",
|
||
"fixSummary": "Fix Recommendation",
|
||
"category": "Category",
|
||
"confidence": "Confidence",
|
||
"loading": "Loading...",
|
||
"refresh": "Refresh",
|
||
"sentryDashboard": "Sentry Dashboard",
|
||
"footerInfo": "Data from Sentry Self-Hosted | AI Analysis: OpenClaw | Auto-refresh: 60s",
|
||
"timeAgo": {
|
||
"minutes": "{count}m ago",
|
||
"hours": "{count}h ago",
|
||
"days": "{count}d ago"
|
||
},
|
||
"uxAudit": {
|
||
"title": "UX Audit",
|
||
"noData": "No Session Replay data",
|
||
"replaysWithErrors": "Replays with Errors",
|
||
"uiErrors": "UI Errors",
|
||
"rageClicks": "Rage Clicks",
|
||
"deadClicks": "Dead Clicks",
|
||
"recentReplays": "Recent Replays",
|
||
"recentUIErrors": "Recent UI Errors",
|
||
"replayWithErrors": "Replay with {count} errors",
|
||
"occurrences": "{count} occurrences",
|
||
"viewDashboard": "View Replay Dashboard",
|
||
"health": {
|
||
"good": "Good",
|
||
"moderate": "Moderate",
|
||
"poor": "Poor"
|
||
}
|
||
}
|
||
},
|
||
"alerts": {
|
||
"autoRefresh": "Auto-refresh every {seconds}s",
|
||
"incidentCount": "{count, plural, one {# incident} other {# incidents}}"
|
||
},
|
||
"navSection": {
|
||
"aiCore": "AI Core",
|
||
"monitoring": "Monitoring & Security",
|
||
"ops": "Operations",
|
||
"knowledge": "Knowledge & Tools"
|
||
},
|
||
"sidebar": {
|
||
"expand": "Expand sidebar",
|
||
"collapse": "Collapse sidebar"
|
||
},
|
||
"settings": {
|
||
"title": "Settings",
|
||
"appearance": "Appearance",
|
||
"appearanceDesc": "Theme, fonts, density",
|
||
"appearanceSettings": "Appearance Settings",
|
||
"language": "Language",
|
||
"languageDesc": "Interface language",
|
||
"languageSettings": "Language Settings",
|
||
"notify": "Notifications",
|
||
"notifyDesc": "Telegram / browser notification preferences",
|
||
"notifySettings": "Notification Settings",
|
||
"system": "System Info",
|
||
"systemDesc": "Version & API endpoints",
|
||
"systemSettings": "System Info",
|
||
"compactMode": "Compact Mode",
|
||
"compactModeDesc": "Reduce spacing, show more content",
|
||
"designSystem": "Design System",
|
||
"designSystemValue": "Nothing.tech Pure White Industrial (fixed)",
|
||
"themeColor": "Theme Color",
|
||
"themeColorValue": "OpenClaw Blue + Orange Accent (fixed)",
|
||
"browserNotify": "Browser Push Notifications",
|
||
"browserNotifyDesc": "Show system notification on new Incident",
|
||
"p0Only": "P0 CRITICAL Only",
|
||
"p0OnlyDesc": "Filter low-severity alerts to reduce noise",
|
||
"telegramNotify": "Telegram Notifications",
|
||
"telegramNotifyDesc": "Pushed by OpenClaw Bot (requires backend config)",
|
||
"backendConfig": "Backend Config",
|
||
"frontendVersion": "Frontend Version",
|
||
"apiEndpoint": "API Endpoint",
|
||
"notConfigured": "(not configured)",
|
||
"phase": "Phase",
|
||
"save": "Save Settings",
|
||
"saved": "Saved",
|
||
"zhTW": "繁體中文",
|
||
"zhTWSub": "Traditional Chinese",
|
||
"en": "EN",
|
||
"enSub": "English (US)"
|
||
},
|
||
"autoRepair": {
|
||
"subtitle": "High-quality Playbook auto-execution · Risk ≤ MEDIUM · Success ≥ 95%",
|
||
"approvedPlaybooks": "Approved Playbooks",
|
||
"highQualityPlaybooks": "High-Quality Playbooks",
|
||
"highQualitySub": "Success ≥ 95% · Runs ≥ 10",
|
||
"totalExecutions": "Total Executions",
|
||
"overallSuccessRate": "Overall Success Rate",
|
||
"eligible": "✓ Auto-repair available",
|
||
"notEligible": "No high-quality Playbook yet",
|
||
"ready": "Auto-repair Ready",
|
||
"notReady": "Auto-repair Not Ready",
|
||
"readyDesc": "{count} high-quality Playbooks available",
|
||
"notReadyDesc": "Need at least 1 high-quality Playbook (success ≥ 95%, runs ≥ 10)",
|
||
"incidentEval": "Active Incident Evaluation (P1/P2)",
|
||
"canAutoRepair": "Can auto-repair",
|
||
"notEligibleShort": "Not eligible",
|
||
"riskLevel": "Risk Level",
|
||
"successRate": "Success Rate",
|
||
"execCount": "Executions",
|
||
"decisionReason": "Decision Reason",
|
||
"execSuccess": "Success ({ms}ms)",
|
||
"execFailed": "Failed: {error}",
|
||
"executing": "Executing...",
|
||
"execute": "Execute Repair",
|
||
"noEligible": "No incidents eligible for auto-repair",
|
||
"dispositionAuto": "Auto Repair",
|
||
"dispositionHuman": "Human Approved",
|
||
"dispositionManual": "Manual Resolved",
|
||
"dispositionCold": "Cold Start Trust"
|
||
},
|
||
"openclawPanel": {
|
||
"patrolling": "[AGENT] patrolling...",
|
||
"intercepting": "[SYS] Intercepting anomaly...",
|
||
"analyzing": "[SYS] Analyzing blast radius...",
|
||
"generating": "[SYS] Generating proposed action...",
|
||
"complete": "[SYS] Analysis complete"
|
||
},
|
||
"knowledgeBase": {
|
||
"title": "Knowledge Base",
|
||
"searchPlaceholder": "Search knowledge entries...",
|
||
"allCategories": "All",
|
||
"noResults": "No knowledge entries found",
|
||
"createEntry": "New Entry",
|
||
"viewCount": "views",
|
||
"relatedPlaybook": "Related Playbook",
|
||
"relatedIncident": "Related Incident",
|
||
"approve": "Approve",
|
||
"approving": "Approving...",
|
||
"archive": "Archive",
|
||
"archiving": "Archiving...",
|
||
"status": {
|
||
"draft": "Draft",
|
||
"review": "In Review",
|
||
"approved": "Approved",
|
||
"archived": "Archived",
|
||
"published": "Published"
|
||
},
|
||
"type": {
|
||
"incident_case": "Incident Case",
|
||
"runbook": "Runbook",
|
||
"best_practice": "Best Practice",
|
||
"postmortem": "Postmortem",
|
||
"auto_runbook": "Auto Runbook",
|
||
"anti_pattern": "Anti-Pattern"
|
||
},
|
||
"source": {
|
||
"ai_extracted": "AI Extracted",
|
||
"human": "Manual"
|
||
},
|
||
"category": {
|
||
"infrastructure": "Infrastructure",
|
||
"application": "Application",
|
||
"ai_system": "AI System",
|
||
"security": "Security / Compliance"
|
||
},
|
||
"filterByType": "Filter by type",
|
||
"filterByStatus": "Filter by status",
|
||
"entries": "entries",
|
||
"empty": "No knowledge entries yet",
|
||
"emptyDescription": "Entries will be auto-extracted from incidents, or you can create them manually",
|
||
"semanticSearchPlaceholder": "Enter semantic search query...",
|
||
"semanticOn": "Semantic",
|
||
"semanticOff": "Semantic",
|
||
"switchToSemantic": "Switch to semantic search (pgvector)",
|
||
"switchToKeyword": "Switch to keyword search",
|
||
"semanticSearchHint": "Enter a query to search with AI vector similarity"
|
||
},
|
||
"monitoring": {
|
||
"healthy": "Healthy",
|
||
"warning": "Warning",
|
||
"critical": "Critical",
|
||
"goldMetrics": "GOLD METRICS",
|
||
"hostStatus": "HOST STATUS (FOUR-HOST ARCHITECTURE)",
|
||
"serviceList": "SERVICE LIST",
|
||
"serviceName": "Service",
|
||
"status": "Status",
|
||
"latency": "Latency",
|
||
"uptime": "Uptime",
|
||
"lastCheck": "Last Check"
|
||
},
|
||
"services": {
|
||
"title": "Services",
|
||
"subtitle": "All services across hosts",
|
||
"name": "Service Name",
|
||
"host": "Host",
|
||
"status": "Status",
|
||
"cpu": "CPU%",
|
||
"ram": "RAM%",
|
||
"noServices": "No service data available",
|
||
"fetchError": "Failed to load services"
|
||
},
|
||
"topology": {
|
||
"title": "Topology",
|
||
"subtitle": "Service dependencies & health status",
|
||
"noHosts": "No host data available",
|
||
"fetchError": "Failed to load host data",
|
||
"services": "Services",
|
||
"cpu": "CPU",
|
||
"ram": "RAM",
|
||
"groupInfra": "Infrastructure",
|
||
"groupSecurity": "Security",
|
||
"groupK3s": "K3s Cluster",
|
||
"groupAiData": "AI/Data Center",
|
||
"allHealthy": "All Healthy",
|
||
"allReachable": "All Reachable",
|
||
"warning": "Warning",
|
||
"healthy": "Healthy",
|
||
"investigating": "Investigating",
|
||
"groupExternal": "External Services",
|
||
"hostDevops": "DevOps Vault",
|
||
"hostAiData": "AI+Web Hub",
|
||
"hostK3sMaster": "K3s Master",
|
||
"hostK3sWorker": "K3s Worker"
|
||
},
|
||
"notifications": {
|
||
"title": "Notifications",
|
||
"subtitle": "Notification channel settings",
|
||
"channel": "Channel",
|
||
"type": "Type",
|
||
"status": "Status",
|
||
"noChannels": "No notification channels",
|
||
"fetchError": "Failed to load notification channels"
|
||
},
|
||
"reports": {
|
||
"title": "Reports",
|
||
"subtitle": "Incident statistics summary",
|
||
"incidentSummary": "Incident Summary",
|
||
"resolutionStats": "Resolution Statistics",
|
||
"total": "Total",
|
||
"resolved": "Resolved",
|
||
"unresolved": "Unresolved",
|
||
"avgResolutionTime": "Avg Resolution Time",
|
||
"resolutionRate": "Resolution Rate",
|
||
"fetchError": "Failed to load report data",
|
||
"noData": "No statistics available",
|
||
"totalDispositions": "Total Dispositions",
|
||
"autoRate": "Automation Rate",
|
||
"humanRate": "Human Intervention Rate",
|
||
"autoRepair": "Auto Repair",
|
||
"humanApproved": "Human Approved",
|
||
"manualResolved": "Manual Resolved",
|
||
"coldStartTrust": "Cold Start Trust",
|
||
"dispositionBreakdown": "Disposition Breakdown",
|
||
"byAnomalyType": "By Anomaly Type",
|
||
"anomalyKey": "Anomaly Type"
|
||
},
|
||
"apm": {
|
||
"title": "APM",
|
||
"subtitle": "Application Performance Monitoring — Golden Signals",
|
||
"loading": "Loading...",
|
||
"metric": "Metric",
|
||
"value": "Value",
|
||
"status": "Status",
|
||
"openSignoz": "Open SigNoz",
|
||
"noData": "No APM data",
|
||
"noDataDescription": "APM integration pending, will display automatically after SignOz connects"
|
||
},
|
||
"apps": {
|
||
"title": "Applications",
|
||
"subtitle": "All host services status",
|
||
"loading": "Loading...",
|
||
"host": "Host",
|
||
"service": "Service",
|
||
"port": "Port",
|
||
"latency": "Latency",
|
||
"status": "Status",
|
||
"error": "Load failed",
|
||
"noApps": "No service data"
|
||
},
|
||
"billing": {
|
||
"title": "Usage",
|
||
"subtitle": "System operation usage statistics",
|
||
"loading": "Loading...",
|
||
"totalExecutions": "Total Executions",
|
||
"last24h": "Last 24h",
|
||
"successRate": "Success Rate",
|
||
"avgDuration": "Avg Duration",
|
||
"currentMonth": "This Month",
|
||
"totalUsage": "Total Usage",
|
||
"error": "Load failed",
|
||
"noData": "No usage data"
|
||
},
|
||
"compliance": {
|
||
"title": "Compliance",
|
||
"subtitle": "System governance & compliance status",
|
||
"loading": "Loading...",
|
||
"totalIncidents": "Total Incidents",
|
||
"resolvedRate": "Resolution Rate",
|
||
"approvedPlaybooks": "Playbooks",
|
||
"highQualityPlaybooks": "High-Quality Playbooks",
|
||
"executionSuccessRate": "Execution Success Rate",
|
||
"autoRepairEligible": "Auto-Repair Eligible",
|
||
"yes": "Yes",
|
||
"no": "No",
|
||
"error": "Load failed",
|
||
"noData": "No compliance data"
|
||
},
|
||
"cost": {
|
||
"title": "Cost Analysis",
|
||
"subtitle": "AI execution efficiency stats",
|
||
"loading": "Loading...",
|
||
"totalProposals": "Total Proposals",
|
||
"executionRate": "Execution Rate",
|
||
"successRate": "Success Rate",
|
||
"avgEffectiveness": "Avg Effectiveness",
|
||
"error": "Load failed",
|
||
"noData": "No cost data"
|
||
},
|
||
"deployments": {
|
||
"title": "Deployments",
|
||
"subtitle": "K3s service deployment status",
|
||
"loading": "Loading...",
|
||
"service": "Service",
|
||
"port": "Port",
|
||
"latency": "Latency",
|
||
"status": "Status",
|
||
"host": "Host",
|
||
"error": "Load failed",
|
||
"noDeployments": "No deployment data",
|
||
"name": "Service Name",
|
||
"version": "Version",
|
||
"time": "Time"
|
||
},
|
||
"help": {
|
||
"title": "Help",
|
||
"subtitle": "System information",
|
||
"version": "Version Info",
|
||
"appVersion": "Application Version",
|
||
"platform": "Platform",
|
||
"docs": "Documentation",
|
||
"docsDescription": "Visit AWOOOI Docs for full documentation"
|
||
},
|
||
"security": {
|
||
"title": "Security",
|
||
"subtitle": "Errors & security event monitoring",
|
||
"loading": "Loading...",
|
||
"totalIssues": "Total Issues",
|
||
"criticalIssues": "Critical Issues",
|
||
"errorRate": "Error Rate",
|
||
"recentIssues": "Recent Issues",
|
||
"issue": "Issue",
|
||
"count": "Count",
|
||
"error": "Load failed",
|
||
"noData": "No security events",
|
||
"iwooosBridge": {
|
||
"title": "Included in the IwoooS read-only security mirror",
|
||
"subtitle": "This existing security / compliance page now shows its IwoooS scope in reverse; it only displays progress, framework maturity, and runtime boundaries without adding scan, repair, approval, or deploy buttons.",
|
||
"compactTitle": "IwoooS",
|
||
"compactDetail": "58% / gate 0",
|
||
"openIwooos": "Open IwoooS",
|
||
"sourceLabel": "Integration source",
|
||
"sourceDetail": "SecurityPanel, CompliancePanel, standalone /security, and /compliance keep their original data sources; IwoooS only indexes the security mesh and aggregates mirror-only posture.",
|
||
"boundaryLabel": "Execution boundary",
|
||
"metrics": {
|
||
"overall": {
|
||
"label": "Overall mesh",
|
||
"detail": "headline progress"
|
||
},
|
||
"framework": {
|
||
"label": "Framework maturity",
|
||
"detail": "docs / schema / read-only evidence"
|
||
},
|
||
"runtimeGates": {
|
||
"label": "Runtime gates",
|
||
"detail": "not active"
|
||
},
|
||
"actions": {
|
||
"label": "Action buttons",
|
||
"detail": "not provided"
|
||
}
|
||
}
|
||
}
|
||
},
|
||
"iwooos": {
|
||
"eyebrow": "Information Security Mesh",
|
||
"title": "IwoooS",
|
||
"subtitle": "The security mesh posture entry. It gathers Kali, source control, owner response, approval gates, and AwoooP mirror-only evidence into one readable posture without starting scans, repairs, or product blockers.",
|
||
"boundary": {
|
||
"label": "Current boundary",
|
||
"state": "Mirror-only / Observe-first",
|
||
"detail": "All numbers come from verified snapshots and guards. This page only displays posture, gaps, next gates, and non-blocking lanes."
|
||
},
|
||
"metrics": {
|
||
"overall": {
|
||
"label": "Overall mesh",
|
||
"detail": "headline progress, not authorization"
|
||
},
|
||
"framework": {
|
||
"label": "Framework maturity",
|
||
"detail": "docs, schema, read-only evidence"
|
||
},
|
||
"runtime": {
|
||
"label": "Runtime landing",
|
||
"detail": "runtime gates are not active"
|
||
},
|
||
"contracts": {
|
||
"label": "Core contracts",
|
||
"detail": "33 ready / 2 partial / 1 contract-only"
|
||
},
|
||
"activeGates": {
|
||
"label": "Active runtime gates",
|
||
"detail": "kept at 0 before approval"
|
||
}
|
||
},
|
||
"pillars": {
|
||
"exposure": {
|
||
"title": "Exposure Posture",
|
||
"state": "Waiting evidence",
|
||
"body": "Mainstream security management puts assets, exposure, vulnerabilities, and owner gates in one view. IwoooS shows coverage gaps without turning them into blockers."
|
||
},
|
||
"sourceControl": {
|
||
"title": "Source-control Supply Chain",
|
||
"state": "Draft gated",
|
||
"body": "GitHub is the long-term direction, but refs, workflows, secret names, and rollback ADRs still need owner responses."
|
||
},
|
||
"kali": {
|
||
"title": "Kali 112 Mesh",
|
||
"state": "Observe-only",
|
||
"body": "Kali 112 is in scope, and 111 / 168 are also observe-only. Active scan and /execute remain block candidates."
|
||
},
|
||
"governance": {
|
||
"title": "Approval Boundary",
|
||
"state": "Locked",
|
||
"body": "7 pending approvals, 1 block candidate, and 0 active runtime gates. Execution requires a human decision record and a follow-up runtime gate."
|
||
}
|
||
},
|
||
"lanes": {
|
||
"title": "Non-blocking Lanes",
|
||
"subtitle": "The initial phase stays observe / warn so security does not slow product and deployment flow.",
|
||
"lowMedium": {
|
||
"title": "LOW / MEDIUM observation",
|
||
"body": "Label risk, create follow-up, add evidence_ref, do not block deploy."
|
||
},
|
||
"ownerMissing": {
|
||
"title": "Owner response missing",
|
||
"body": "Show gaps and the next collection candidate; do not treat silence as rejection."
|
||
},
|
||
"mirrorIncomplete": {
|
||
"title": "Mirror data incomplete",
|
||
"body": "Show partial / quarantine reason and wait for a new redacted snapshot."
|
||
},
|
||
"sourceDrift": {
|
||
"title": "Source-control drift draft",
|
||
"body": "Keep the draft reconcile plan; do not sync refs or force push."
|
||
},
|
||
"kaliObserve": {
|
||
"title": "Kali observe finding",
|
||
"body": "Show only redacted finding summary; do not start active scan."
|
||
},
|
||
"workflowGap": {
|
||
"title": "Workflow / secret name gap",
|
||
"body": "Request redacted export; do not collect secret values or enable runners."
|
||
},
|
||
"progressHolding": {
|
||
"title": "Progress display holding",
|
||
"body": "58% means high-level gates are pending; it is neither stuck nor runtime approval."
|
||
}
|
||
},
|
||
"existingSurfaces": {
|
||
"title": "Existing Security Surfaces",
|
||
"subtitle": "Collects the frontend routes that already carry security, compliance, alert, authorization, governance, audit, and code review signals into one read-only index.",
|
||
"sourceLabel": "Original source",
|
||
"mode": "read-only link / no execution button",
|
||
"items": {
|
||
"securityCompliance": {
|
||
"title": "Security Compliance Hub",
|
||
"body": "The existing integrated page for SecurityPanel and CompliancePanel, covering errors, incidents, repair, and compliance stats.",
|
||
"source": "SecurityPanel / CompliancePanel; errors, incident summary, auto-repair stats"
|
||
},
|
||
"legacySecurity": {
|
||
"title": "Legacy Security Monitor",
|
||
"body": "Keeps the earlier standalone security route visible so existing error stats and Sentry issue entrypoints do not disappear behind IwoooS.",
|
||
"source": "apps/web/src/app/[locale]/security/page.tsx; errors stats / issues"
|
||
},
|
||
"legacyCompliance": {
|
||
"title": "Legacy Compliance Page",
|
||
"body": "Keeps the earlier standalone compliance route visible for incident, playbook, and auto-repair effectiveness data.",
|
||
"source": "apps/web/src/app/[locale]/compliance/page.tsx; incident summary / auto-repair stats"
|
||
},
|
||
"alerts": {
|
||
"title": "Alert Management",
|
||
"body": "The active incident surface sorted from P0 to P3, feeding near-real-time security posture signals.",
|
||
"source": "useIncidents; incidents / pending approvals"
|
||
},
|
||
"errors": {
|
||
"title": "Errors and UX Audit",
|
||
"body": "The existing error tracking and UX audit entrypoint for issues, trends, session replay, and user friction.",
|
||
"source": "ErrorsPanel; error stats / trends / ux-audit"
|
||
},
|
||
"authorizations": {
|
||
"title": "Authorization Center",
|
||
"body": "The existing HITL and multi-sig entrypoint, preserving the human control boundary before future security runtime gates.",
|
||
"source": "LiveApprovalPanel; pending approvals / SSE"
|
||
},
|
||
"governance": {
|
||
"title": "AI Governance Hub",
|
||
"body": "The existing governance events, SLO, remediation queue, and dry-run history surface for automation evidence.",
|
||
"source": "governance tabs; AI SLO / governance events / queue"
|
||
},
|
||
"alertOperationLogs": {
|
||
"title": "Alert Operation Logs",
|
||
"body": "The full alert operation log surface for guardrails, preflight, approval escalation, and handling results.",
|
||
"source": "alert-operation-logs; events / stats"
|
||
},
|
||
"awooopApprovals": {
|
||
"title": "AwoooP Approval Queue",
|
||
"body": "The existing AwoooP approvals page showing read-only dry-run, write observed, blocked, and human gate status.",
|
||
"source": "AwoooP approvals; platform approvals"
|
||
},
|
||
"codeReview": {
|
||
"title": "AI Code Review Control Plane",
|
||
"body": "The existing Code Review page showing Hermes, OpenClaw, Elephant Alpha, NemoTron, and the non-blocking review pipeline.",
|
||
"source": "code-review page; review pipeline / agent assignment"
|
||
}
|
||
}
|
||
},
|
||
"coverage": {
|
||
"title": "Coverage and Boundary Matrix",
|
||
"subtitle": "Groups the 10 existing security surfaces into four responsibility planes so IwoooS can show where to read signals, human control, governance audit, and engineering review.",
|
||
"groups": {
|
||
"signals": {
|
||
"title": "Signals and Exposure",
|
||
"body": "Collects security, compliance, alert, error, and UX audit signals; observations stay visible without becoming blockers."
|
||
},
|
||
"humanControl": {
|
||
"title": "Human Control Boundary",
|
||
"body": "Keeps HITL, multi-sig, and AwoooP approvals visible; runtime gates still require human decisions."
|
||
},
|
||
"governanceAudit": {
|
||
"title": "Governance and Audit",
|
||
"body": "Governance events, SLOs, remediation queues, and operation logs are evidence surfaces, not execution authorization."
|
||
},
|
||
"engineeringReview": {
|
||
"title": "Engineering Review",
|
||
"body": "Code Review remains a non-blocking review pipeline for risk grading and coding follow-up, not deploy approval."
|
||
}
|
||
},
|
||
"conflicts": {
|
||
"title": "Overlap and Conflict Controls",
|
||
"subtitle": "The same security signal can appear on multiple pages. IwoooS only organizes entrypoints and does not change ownership or authority.",
|
||
"preserveOwnership": {
|
||
"title": "Preserve Route Ownership",
|
||
"body": "Each route remains owned by its original page and API contract; IwoooS does not move write authority."
|
||
},
|
||
"noRuntimeLift": {
|
||
"title": "No Runtime Lift",
|
||
"body": "The coverage matrix can show coverage and gaps, but cannot create scan, execute, repair, or blocking gates."
|
||
},
|
||
"codeReviewNotDeployGate": {
|
||
"title": "Code Review Is Not Deploy Approval",
|
||
"body": "AI Code Review can grade risk and propose coding follow-up, but cannot become deploy approval by itself."
|
||
},
|
||
"awooopNotSecurityApproval": {
|
||
"title": "AwoooP Approval Is Not Security Approval",
|
||
"body": "The AwoooP approval queue can show human gate state, but security gates still require decision records and follow-up runtime gates."
|
||
},
|
||
"kaliNotCalled": {
|
||
"title": "Frontend Index Does Not Call Kali",
|
||
"body": "Kali 112 remains observe-only; active scan or /execute must go through human approval and follow-up gates."
|
||
}
|
||
}
|
||
},
|
||
"journey": {
|
||
"title": "Security Handling Journey",
|
||
"subtitle": "Pins the visible security mesh flow into a read-only status map: read posture, inspect existing surfaces, then move through owner evidence, human decisions, and follow-up gates.",
|
||
"outputLabel": "Output",
|
||
"steps": {
|
||
"readPosture": {
|
||
"title": "Read Current Posture",
|
||
"body": "Start from the 58% headline, framework / runtime landing, active gates, and next high-level gate.",
|
||
"output": "read-only posture, not authorization"
|
||
},
|
||
"openSurface": {
|
||
"title": "Open Existing Surfaces",
|
||
"body": "Enter the original page by security, alert, authorization, governance, audit, or code review responsibility.",
|
||
"output": "preserve original owner and data boundary"
|
||
},
|
||
"triageLane": {
|
||
"title": "Triage Non-blocking Lanes",
|
||
"body": "LOW / MEDIUM, missing owner response, partial mirror, and Kali observe findings stay observe / warn first.",
|
||
"output": "follow-up, not blocking"
|
||
},
|
||
"collectEvidence": {
|
||
"title": "Collect Owner Evidence",
|
||
"body": "The next recommended collection item remains S4.9 Gitea owner attestation response, accepting redacted evidence only.",
|
||
"output": "update received / accepted state, no execution"
|
||
},
|
||
"humanDecision": {
|
||
"title": "Wait for Human Decision",
|
||
"body": "Security gates need decision records; AwoooP approval, Code Review, or progress numbers cannot replace that.",
|
||
"output": "human decision, not runtime"
|
||
},
|
||
"runtimeGate": {
|
||
"title": "Follow-up Runtime Gate",
|
||
"body": "Only after human approval can work move into follow-up runtime gate templates; active runtime gates remain 0.",
|
||
"output": "separate gate after approval"
|
||
}
|
||
}
|
||
},
|
||
"evidenceReadiness": {
|
||
"title": "Owner Evidence Readiness",
|
||
"subtitle": "Shows the evidence that can actually move headline progress. Every item is waiting for collection or human decision and does not trigger execution from the frontend.",
|
||
"unlockLabel": "Unlock condition",
|
||
"items": {
|
||
"giteaOwnerAttestation": {
|
||
"title": "Gitea owner attestation",
|
||
"body": "The recommended first collection item is S4.9, covering Gitea inventory coverage and owner disposition.",
|
||
"unlock": "redacted owner response received and accepted"
|
||
},
|
||
"githubTargetOwner": {
|
||
"title": "GitHub target owner",
|
||
"body": "Confirms GitHub targets, visibility, canonical owner, and whether repos can enter primary readiness.",
|
||
"unlock": "S4.10 owner response accepted"
|
||
},
|
||
"refsTruthOwner": {
|
||
"title": "Refs truth owner",
|
||
"body": "Confirms truth for main/dev, deprecated drift, release tags, and GitHub-only refs.",
|
||
"unlock": "S4.11 refs truth response accepted"
|
||
},
|
||
"workflowSecretOwner": {
|
||
"title": "Workflow / secret name owner",
|
||
"body": "Confirms workflow, webhook, runner, deploy key, branch protection, and secret name parity.",
|
||
"unlock": "S4.12 workflow / secret response accepted"
|
||
},
|
||
"redactedFindingIngestion": {
|
||
"title": "Redacted finding ingestion",
|
||
"body": "Kali findings and security findings must enter mirror as redacted payloads before any runtime path.",
|
||
"unlock": "human-approved redacted finding ingestion"
|
||
},
|
||
"kaliScanScope": {
|
||
"title": "Kali scan scope",
|
||
"body": "Kali 112, 111, and 168 remain observe-only; active scan and /execute require separate approval.",
|
||
"unlock": "scan scope approval plus follow-up gate"
|
||
},
|
||
"followupRuntimeGate": {
|
||
"title": "Follow-up runtime gate",
|
||
"body": "Real execution waits for a human decision record and a separate follow-up runtime gate.",
|
||
"unlock": "decision record accepted; active gates remain 0"
|
||
}
|
||
}
|
||
},
|
||
"hostCoverage": {
|
||
"title": "Host Coverage View",
|
||
"subtitle": "Places Kali and the two development hosts inside the visible IwoooS security scope. This only shows coverage and gate state; it does not create SSH, scan, update, or blocking controls.",
|
||
"stateLabel": "Current state",
|
||
"items": {
|
||
"kali112": {
|
||
"title": "Kali security host",
|
||
"body": "192.168.0.112 is the Kali node for the security mesh and is visible in posture and evidence refs as observe-only integration.",
|
||
"state": "in scope; active scan, /execute, and host updates still require separate approval"
|
||
},
|
||
"dev168": {
|
||
"title": "Development host 168",
|
||
"body": "192.168.0.168 is included in IwoooS observe-only development host coverage for future scope approval and finding correlation.",
|
||
"state": "scope declared; credentialed scan and runtime control are not approved"
|
||
},
|
||
"dev111": {
|
||
"title": "Development host 111",
|
||
"body": "192.168.0.111 is included in IwoooS observe-only development host coverage and stays paired with 168 for phased tightening.",
|
||
"state": "scope declared; credentialed scan and runtime control are not approved"
|
||
}
|
||
}
|
||
},
|
||
"hostActionGates": {
|
||
"title": "Host Action Gate Matrix",
|
||
"subtitle": "Breaks host-related high-risk actions into read-only gates. This only explains what is locked and what human decision is required; it does not provide execution entry points.",
|
||
"gateLabel": "Required gate",
|
||
"items": {
|
||
"activeScan": {
|
||
"title": "Active scan",
|
||
"body": "Active scans for Kali 112 and development hosts 168 / 111 are not approved and cannot be triggered from IwoooS.",
|
||
"gate": "requires S1.6 scan scope approval plus a follow-up runtime gate"
|
||
},
|
||
"credentialedScan": {
|
||
"title": "Credentialed scan",
|
||
"body": "Any credentialed scan requires scope, credential handling, and redacted evidence rules before it can proceed.",
|
||
"gate": "requires S1.6 scope approval; credentialed scan remains false"
|
||
},
|
||
"kaliExecute": {
|
||
"title": "Kali /execute",
|
||
"body": "The Kali execution endpoint remains a block candidate and is not opened just because hosts are visible.",
|
||
"gate": "requires a human decision record and S3.4 follow-up runtime gate"
|
||
},
|
||
"sshChange": {
|
||
"title": "SSH / host change",
|
||
"body": "Logging into hosts, changing settings, tuning services, restarting services, or changing SSH settings is outside the frontend authority.",
|
||
"gate": "requires explicit human approval, a change plan, and rollback evidence"
|
||
},
|
||
"kaliUpdate": {
|
||
"title": "Kali host update",
|
||
"body": "Kali updates and host tuning affect scan results and toolchain stability, so they must be approved separately from posture display.",
|
||
"gate": "requires maintenance window, update list, validation metrics, and rollback plan"
|
||
},
|
||
"runtimeBlocking": {
|
||
"title": "Runtime blocking control",
|
||
"body": "Turning findings into product blocking or runtime enforcement still waits for owner evidence and a human decision.",
|
||
"gate": "requires an accepted decision record; active runtime gates remain 0"
|
||
}
|
||
}
|
||
},
|
||
"hostEvidenceReadiness": {
|
||
"title": "Host Evidence Readiness",
|
||
"subtitle": "Lists the evidence required before host scans, updates, SSH changes, or runtime blocking can proceed. These items are waiting for collection and do not mean approval.",
|
||
"evidenceLabel": "Required evidence",
|
||
"items": {
|
||
"scopeBoundary": {
|
||
"title": "Scope boundary",
|
||
"body": "Confirms allowed targets, exclusions, scan depth, and rate limits for 112, 168, and 111.",
|
||
"evidence": "requires redacted scan scope approval; received=0, accepted=0"
|
||
},
|
||
"ownerDecision": {
|
||
"title": "Owner decision record",
|
||
"body": "Every host action needs human control; IwoooS visibility or AwoooP queue status cannot replace a decision.",
|
||
"evidence": "requires accepted decision record; active runtime gates=0"
|
||
},
|
||
"credentialHandling": {
|
||
"title": "Credential handling",
|
||
"body": "Credentialed scans require defined credential source, storage boundary, redaction, and rejection rules.",
|
||
"evidence": "credential material collection is forbidden; credentialed scan=false"
|
||
},
|
||
"maintenanceWindow": {
|
||
"title": "Maintenance window",
|
||
"body": "Kali updates, host tuning, or SSH changes need a maintenance window to avoid disrupting development and product flow.",
|
||
"evidence": "requires window, impact scope, notification, and recovery criteria"
|
||
},
|
||
"rollbackPlan": {
|
||
"title": "Rollback plan",
|
||
"body": "Every host change needs a recovery path covering packages, settings, services, and toolchain versions.",
|
||
"evidence": "requires rollback owner, steps, and validation method"
|
||
},
|
||
"validationMetrics": {
|
||
"title": "Validation metrics",
|
||
"body": "Host actions need post-check metrics to confirm scanners, monitoring, services, and user flows did not regress.",
|
||
"evidence": "requires post-check metrics and failure lane"
|
||
},
|
||
"redactedIngestion": {
|
||
"title": "Redacted ingestion",
|
||
"body": "Host findings or scan results may only enter mirror as redacted summaries, not raw runtime input.",
|
||
"evidence": "requires redacted payload acceptance; payloads_ingested=false"
|
||
}
|
||
}
|
||
},
|
||
"hostEvidenceCollection": {
|
||
"title": "Host Evidence Collection Order",
|
||
"subtitle": "Orders the seven host evidence items into a recommended collection sequence. Each step only names the next reviewable item and does not change received / accepted from 0.",
|
||
"stepLabel": "Collection step",
|
||
"dependencyLabel": "Dependency",
|
||
"items": {
|
||
"scopeFirst": {
|
||
"title": "Define scope boundary first",
|
||
"body": "Confirm allowed targets, exclusions, depth, and rate limits first. No scope means no scan.",
|
||
"dependency": "none; this is the first host collection step"
|
||
},
|
||
"ownerSecond": {
|
||
"title": "Collect owner decision second",
|
||
"body": "Confirm who approves, the approved range, and the decision record; queue state cannot replace human control.",
|
||
"dependency": "requires readable scope boundary"
|
||
},
|
||
"credentialThird": {
|
||
"title": "Isolate credential handling",
|
||
"body": "If future scans need credentials, define credential source, storage boundary, redaction, and rejection first.",
|
||
"dependency": "requires owner decision; plaintext credential collection remains forbidden"
|
||
},
|
||
"maintenanceFourth": {
|
||
"title": "Schedule maintenance window",
|
||
"body": "Before updates, tuning, or SSH changes, confirm the window, impact scope, and notification.",
|
||
"dependency": "requires owner decision and change scope"
|
||
},
|
||
"rollbackFifth": {
|
||
"title": "Add rollback plan",
|
||
"body": "Every host action needs recovery for packages, settings, services, and toolchain versions.",
|
||
"dependency": "requires maintenance window and change list"
|
||
},
|
||
"validationSixth": {
|
||
"title": "Define validation metrics",
|
||
"body": "Define post-check metrics and failure handling lanes before execution is discussed.",
|
||
"dependency": "requires rollback plan"
|
||
},
|
||
"redactedSeventh": {
|
||
"title": "Collect redacted ingestion last",
|
||
"body": "Findings / scan results enter mirror only as redacted summaries, never as raw payload.",
|
||
"dependency": "requires validation metrics; payloads_ingested=false"
|
||
}
|
||
}
|
||
},
|
||
"hostEvidenceIntake": {
|
||
"title": "Host Evidence Intake Preflight",
|
||
"subtitle": "Before future host evidence enters human review, this read-only preflight checks whether it is safe to review. It does not accept raw payloads, plaintext credentials, or change received / accepted.",
|
||
"checkLabel": "Preflight",
|
||
"rejectLabel": "Reject / quarantine condition",
|
||
"items": {
|
||
"metadataPointer": {
|
||
"title": "Metadata pointer only",
|
||
"body": "Host evidence only accepts redacted metadata pointers, source steps, and summaries, not full scan output.",
|
||
"reject": "reject when redacted metadata pointer is missing"
|
||
},
|
||
"dependencyOrder": {
|
||
"title": "Collection order match",
|
||
"body": "Submitted evidence must follow the S2.17 collection order and cannot skip scope or owner decision.",
|
||
"reject": "quarantine when prerequisite dependencies are skipped"
|
||
},
|
||
"scopeBeforeScan": {
|
||
"title": "Scope before scan",
|
||
"body": "Any scan-related evidence must map to scope boundary before it can enter human review.",
|
||
"reject": "reject scan evidence without scope"
|
||
},
|
||
"ownerBeforeChange": {
|
||
"title": "Owner before host change",
|
||
"body": "SSH, updates, tuning, or blocking-control evidence requires an owner decision pointer.",
|
||
"reject": "reject host-change evidence without decision record"
|
||
},
|
||
"credentialPlaintext": {
|
||
"title": "Credential plaintext blocked",
|
||
"body": "Passwords, tokens, private keys, sessions, or plaintext credentials cannot enter IwoooS mirror.",
|
||
"reject": "reject and quarantine when plaintext credential material is detected"
|
||
},
|
||
"rawPayload": {
|
||
"title": "Raw payload blocked",
|
||
"body": "Full raw scan output, unredacted findings, host dumps, or log bundles do not enter projection.",
|
||
"reject": "raw payload is always rejected"
|
||
},
|
||
"counterFreeze": {
|
||
"title": "Frontend counters frozen",
|
||
"body": "The frontend can display preflight state only and cannot move received / accepted away from 0.",
|
||
"reject": "block frontend attempts to advance counters"
|
||
}
|
||
}
|
||
},
|
||
"hostEvidenceReviewOutcomes": {
|
||
"title": "Host Evidence Review Outcome Lanes",
|
||
"subtitle": "After preflight, evidence can only move into these read-only lanes. This shows possible human review outcomes and does not create approval records, runtime gates, or host actions.",
|
||
"laneLabel": "Outcome lane",
|
||
"nextLabel": "Next step",
|
||
"items": {
|
||
"readyForHumanReview": {
|
||
"title": "Ready for human review",
|
||
"body": "Evidence becomes a human review candidate only when metadata pointer, dependency order, scope, and owner pointer are readable.",
|
||
"next": "display candidate only; received=0, accepted=0"
|
||
},
|
||
"needsScopeEvidence": {
|
||
"title": "Needs scope evidence",
|
||
"body": "Scan or finding evidence that cannot map to scope boundary returns to the scope lane.",
|
||
"next": "collect scope, no scan"
|
||
},
|
||
"needsOwnerDecision": {
|
||
"title": "Needs owner decision",
|
||
"body": "Host change, update, SSH, or blocking evidence without decision pointer returns to owner decision lane.",
|
||
"next": "collect decision record, no host action"
|
||
},
|
||
"quarantineDependencySkip": {
|
||
"title": "Quarantine dependency skip",
|
||
"body": "Evidence that skips the S2.17 order or has incomplete prerequisites is quarantined for human interpretation.",
|
||
"next": "show quarantine reason, do not advance counters"
|
||
},
|
||
"rejectRawPayload": {
|
||
"title": "Reject raw payload",
|
||
"body": "Full scan output, unredacted findings, host dumps, or log bundles do not enter IwoooS.",
|
||
"next": "request redacted summary instead"
|
||
},
|
||
"rejectCredentialPlaintext": {
|
||
"title": "Reject credential plaintext",
|
||
"body": "Passwords, tokens, private keys, sessions, or plaintext credentials are rejected and quarantined.",
|
||
"next": "do not store, forward, or display plaintext"
|
||
},
|
||
"waitingRuntimeGate": {
|
||
"title": "Waiting runtime gate",
|
||
"body": "Even after human review allows action, the work waits for a later runtime gate and is not executed by this lane.",
|
||
"next": "active runtime gates remain 0"
|
||
}
|
||
}
|
||
},
|
||
"nextGate": {
|
||
"title": "Next High-level Gate",
|
||
"body": "S4.9 Gitea owner attestation response is the recommended next owner evidence. Headline progress should only increase after owner responses, redacted payload ingestion, active runtime gates, or GitHub primary readiness actually change."
|
||
},
|
||
"evidence": {
|
||
"title": "Current Evidence"
|
||
},
|
||
"blocked": {
|
||
"title": "Blocked Actions",
|
||
"body": "This page does not provide scan, execute, repo, refs, workflow, secret, runner, primary switch, or deploy action buttons."
|
||
},
|
||
"hostEvidenceReviewHandoff": {
|
||
"title": "Host Evidence Review Handoff Packets",
|
||
"subtitle": "Human reviewers can interpret evidence only through these redacted handoff packets. This shows required review material and does not mark received / accepted, create approval records, or open runtime gates.",
|
||
"packetLabel": "Handoff packet",
|
||
"requiredLabel": "Required material",
|
||
"items": {
|
||
"scopeSummaryPacket": {
|
||
"title": "Scope summary packet",
|
||
"body": "Describes host, service, network, scan boundary, and exclusions with indicators and summaries only, without storing raw scan output.",
|
||
"required": "redacted scope pointer; no raw payload"
|
||
},
|
||
"ownerDecisionPacket": {
|
||
"title": "Owner decision packet",
|
||
"body": "Shows who approved review, scope, constraints, and expiry so the reviewer cannot expand authority.",
|
||
"required": "owner decision record pointer; not host-action approval"
|
||
},
|
||
"credentialHandlingPacket": {
|
||
"title": "Credential handling packet",
|
||
"body": "Shows credential handling and custody responsibility only, without exposing plaintext authentication material.",
|
||
"required": "metadata-only handling statement; secret value=blocked"
|
||
},
|
||
"maintenanceRollbackPacket": {
|
||
"title": "Maintenance / rollback packet",
|
||
"body": "If later change is needed, it first shows maintenance window, blast radius, rollback owner, and recovery validation method.",
|
||
"required": "maintenance window + rollback pointer; no change execution"
|
||
},
|
||
"validationMetricsPacket": {
|
||
"title": "Validation metrics packet",
|
||
"body": "Defines which metrics, logs, baselines, or follow-up evidence the reviewer should inspect after review.",
|
||
"required": "post-check metrics pointer; runtime gate not opened"
|
||
},
|
||
"redactionAttestationPacket": {
|
||
"title": "Redaction attestation packet",
|
||
"body": "Confirms evidence removed raw logs, host dumps, credentials, private URL credentials, and unredacted screenshots.",
|
||
"required": "redaction attestation only; sensitive payload not stored"
|
||
},
|
||
"runtimeGatePacket": {
|
||
"title": "Runtime gate pointer packet",
|
||
"body": "Routes any possible later action back to a separate runtime gate so review outcome lanes cannot execute work.",
|
||
"required": "follow-up gate pointer; active runtime gates=0"
|
||
}
|
||
}
|
||
},
|
||
"hostEvidenceReviewerChecklist": {
|
||
"title": "Host Evidence Reviewer Checklist",
|
||
"subtitle": "After reading handoff packets, reviewers can only use this read-only checklist to decide whether the case can move to the next human decision. The checklist does not mark passed, received / accepted, approval, or runtime gates.",
|
||
"checkLabel": "Review check",
|
||
"verifyLabel": "Verify",
|
||
"items": {
|
||
"scopeBoundaryMatch": {
|
||
"title": "Scope boundary match",
|
||
"body": "Confirm the handoff scope matches host coverage, network, service, and exclusions without expanding scan boundary.",
|
||
"verify": "compare redacted pointer only; no scan starts"
|
||
},
|
||
"ownerDecisionScopeExpiry": {
|
||
"title": "Owner decision scope / expiry",
|
||
"body": "Confirm the owner decision record has reviewer, scope, constraints, expiry, and is still valid.",
|
||
"verify": "read decision pointer only; no approval record created"
|
||
},
|
||
"credentialHandlingMetadataOnly": {
|
||
"title": "Credential handling metadata only",
|
||
"body": "Confirm the reviewer sees only handling method and accountable owner, without plaintext authentication material.",
|
||
"verify": "secret value collection=false"
|
||
},
|
||
"redactionAttestationPass": {
|
||
"title": "Redaction attestation pass",
|
||
"body": "Confirm raw logs, host dumps, unredacted screenshots, private URL credentials, and sensitive payloads are excluded.",
|
||
"verify": "raw payload allowed=false"
|
||
},
|
||
"maintenanceRollbackComplete": {
|
||
"title": "Maintenance / rollback complete",
|
||
"body": "If evidence implies later change, confirm maintenance window, rollback owner, and recovery validation metrics exist.",
|
||
"verify": "display future-change conditions only; no change execution"
|
||
},
|
||
"validationMetricsLinked": {
|
||
"title": "Validation metrics linked",
|
||
"body": "Confirm post-check metrics, baseline, logs, or follow-up evidence link to readable redacted pointers.",
|
||
"verify": "display validation pointer only; runtime gate stays closed"
|
||
},
|
||
"runtimeGateSeparated": {
|
||
"title": "Runtime gate separated",
|
||
"body": "Confirm any reviewer checklist result cannot directly become runtime action and must return to a separate runtime gate.",
|
||
"verify": "active runtime gates=0; action buttons=false"
|
||
}
|
||
}
|
||
},
|
||
"hostEvidenceReviewerOutcomes": {
|
||
"title": "Host Evidence Reviewer Outcome Lanes",
|
||
"subtitle": "After reviewer checklist, cases can only enter these read-only outcome lanes. This shows next interpretation and does not mark passed, accepted, approval, or runtime gates.",
|
||
"laneLabel": "Reviewer outcome",
|
||
"nextLabel": "Next step",
|
||
"items": {
|
||
"readyForOwnerDecision": {
|
||
"title": "Ready for owner decision",
|
||
"body": "When scope, owner, redaction, rollback, validation, and runtime separation are readable, the case can only become an owner-decision candidate.",
|
||
"next": "display candidate; received=0, accepted=0"
|
||
},
|
||
"scopeMismatch": {
|
||
"title": "Scope mismatch",
|
||
"body": "When handoff scope does not match host coverage, network, service, or exclusions, the case returns to the scope lane.",
|
||
"next": "collect scope pointer; no scan starts"
|
||
},
|
||
"ownerExpired": {
|
||
"title": "Owner decision expired",
|
||
"body": "When owner decision lacks scope, constraints, or is expired, the case returns to the owner decision lane.",
|
||
"next": "collect decision record; no approval created"
|
||
},
|
||
"credentialMetadataFailed": {
|
||
"title": "Credential metadata failed",
|
||
"body": "When credential handling is not metadata-only or accountability boundary is unreadable, the reviewer outcome is quarantined.",
|
||
"next": "request metadata-only statement; no sensitive material collected"
|
||
},
|
||
"redactionFailed": {
|
||
"title": "Redaction failed",
|
||
"body": "When redaction attestation cannot prove raw logs, host dumps, unredacted screenshots, or sensitive payloads are excluded, the case is rejected.",
|
||
"next": "request redaction again; raw payload not stored"
|
||
},
|
||
"rollbackMissing": {
|
||
"title": "Rollback missing",
|
||
"body": "When maintenance window, rollback owner, or recovery validation metrics are missing, the case cannot move to later decision.",
|
||
"next": "collect rollback pointer; no change execution"
|
||
},
|
||
"runtimeGateRequired": {
|
||
"title": "Runtime gate required",
|
||
"body": "Any possible later host action must route to a separate runtime gate and cannot run from reviewer outcome.",
|
||
"next": "active runtime gates=0; action buttons=false"
|
||
}
|
||
}
|
||
},
|
||
"hostOwnerDecisionCandidates": {
|
||
"title": "Host Owner Decision Candidate Packets",
|
||
"subtitle": "After reviewer outcome reaches the owner-decision candidate lane, IwoooS only displays the human decision packets. It does not create decision records, mark approval, or open runtime gates.",
|
||
"packetLabel": "Candidate packet",
|
||
"decisionLabel": "Human decision scope",
|
||
"items": {
|
||
"scopeApprovalCandidate": {
|
||
"title": "Scope approval candidate",
|
||
"body": "Confirm hosts, networks, services, exclusions, and observation purpose are readable for the owner.",
|
||
"decision": "display scope candidate only; owner decision received=0"
|
||
},
|
||
"scanModeCandidate": {
|
||
"title": "Scan mode candidate",
|
||
"body": "Separate observe-only, future active scan, and credentialed scan modes so the candidate packet is not mistaken for scan approval.",
|
||
"decision": "display mode options only; active scan=false"
|
||
},
|
||
"credentialHandlingCandidate": {
|
||
"title": "Credential handling candidate",
|
||
"body": "Describe metadata-only handling, accountable owner, and retention boundary without requesting or storing sensitive material.",
|
||
"decision": "display handling principle only; collection=false"
|
||
},
|
||
"maintenanceWindowCandidate": {
|
||
"title": "Maintenance window candidate",
|
||
"body": "If later host update or tuning is involved, display candidate maintenance window and constraints first.",
|
||
"decision": "display time window only; host update=false"
|
||
},
|
||
"rollbackOwnerCandidate": {
|
||
"title": "Rollback owner candidate",
|
||
"body": "Display future rollback owner, recovery route, and human contact point so accountability is clear before any change.",
|
||
"decision": "display owner pointer only; change=false"
|
||
},
|
||
"validationMetricsCandidate": {
|
||
"title": "Validation metrics candidate",
|
||
"body": "List future post-check metrics, baselines, and review evidence pointers as material for later human gate evaluation.",
|
||
"decision": "display validation items only; runtime gate=false"
|
||
},
|
||
"runtimeGateCandidate": {
|
||
"title": "Runtime gate candidate",
|
||
"body": "Any later host action still requires a separate runtime gate and cannot execute from an owner-decision candidate.",
|
||
"decision": "display gate candidate only; action buttons=false"
|
||
}
|
||
}
|
||
},
|
||
"hostOwnerDecisionReviewChecklist": {
|
||
"title": "Host Owner Decision Review Checklist",
|
||
"subtitle": "After owner decision candidate packets, every item still requires human review. This only displays review checks and does not create decision records, mark approval, or open runtime gates.",
|
||
"checkLabel": "Owner review",
|
||
"guardLabel": "Safety boundary",
|
||
"items": {
|
||
"scopeBoundaryReadable": {
|
||
"title": "Scope boundary readable",
|
||
"body": "Confirm the owner can read hosts, networks, services, exclusions, and observation purpose without exceeding the original scope.",
|
||
"guard": "scope review only; owner decision received=0"
|
||
},
|
||
"scanModeNotAuthorization": {
|
||
"title": "Scan mode not authorization",
|
||
"body": "Confirm observe-only, future active scan, and credentialed scan are mode descriptions only, not scan authorization.",
|
||
"guard": "scan authorized=false"
|
||
},
|
||
"credentialBoundaryMetadataOnly": {
|
||
"title": "Credential boundary metadata only",
|
||
"body": "Confirm credential handling keeps only metadata, owner, and retention boundary without requesting sensitive material.",
|
||
"guard": "secret collection=false"
|
||
},
|
||
"maintenanceWindowNotChange": {
|
||
"title": "Maintenance window not change",
|
||
"body": "Confirm the maintenance window is only a future candidate condition and does not allow Kali updates or host tuning.",
|
||
"guard": "host update=false"
|
||
},
|
||
"rollbackOwnerReadable": {
|
||
"title": "Rollback owner readable",
|
||
"body": "Confirm rollback owner, recovery route, and human contact point are readable, but no change is approved.",
|
||
"guard": "approval record=false"
|
||
},
|
||
"validationMetricsPredefined": {
|
||
"title": "Validation metrics predefined",
|
||
"body": "Confirm post-check metrics, baseline, and evidence pointers are defined first for later gate review.",
|
||
"guard": "runtime gate opened=false"
|
||
},
|
||
"runtimeGateStillSeparate": {
|
||
"title": "Runtime gate still separate",
|
||
"body": "Confirm owner decision checklist cannot execute any later host action and still needs a separate runtime gate.",
|
||
"guard": "action buttons=false"
|
||
}
|
||
}
|
||
},
|
||
"hostOwnerDecisionReviewOutcomes": {
|
||
"title": "Host Owner Decision Review Outcome Lanes",
|
||
"subtitle": "After owner review checklist, cases can only enter these read-only outcome lanes. This shows next interpretation and does not create decision records, mark approval, or open runtime gates.",
|
||
"laneLabel": "Review outcome",
|
||
"nextLabel": "Next step",
|
||
"items": {
|
||
"readyForDecisionRecord": {
|
||
"title": "Ready for decision record",
|
||
"body": "When scope, scan mode, credential boundary, maintenance, rollback, validation, and runtime separation are readable, the case can only become a formal decision record candidate.",
|
||
"next": "display decision record candidate; received=0, accepted=0"
|
||
},
|
||
"scopeNeedsRefresh": {
|
||
"title": "Scope needs refresh",
|
||
"body": "When scope boundary is unreadable, expired, or outside host coverage, the case returns to the scope lane.",
|
||
"next": "collect scope pointer; no scan starts"
|
||
},
|
||
"scanModeNeedsScope": {
|
||
"title": "Scan mode needs scope",
|
||
"body": "When scan mode is not aligned with scope or is being mistaken for authorization, it must return to scope and mode explanation.",
|
||
"next": "collect scan mode statement; scan authorized=false"
|
||
},
|
||
"credentialBoundaryFailed": {
|
||
"title": "Credential boundary failed",
|
||
"body": "When credential handling cannot stay metadata-only or accountability boundary is unreadable, the decision outcome is quarantined.",
|
||
"next": "collect metadata-only boundary; secret collection=false"
|
||
},
|
||
"maintenanceWindowMissing": {
|
||
"title": "Maintenance window missing",
|
||
"body": "When later update or tuning is possible but maintenance window and constraints are missing, the case cannot move to decision record.",
|
||
"next": "collect window pointer; host update=false"
|
||
},
|
||
"rollbackOwnerMissing": {
|
||
"title": "Rollback owner missing",
|
||
"body": "When rollback owner or recovery path is unreadable, the case cannot enter later approval semantics.",
|
||
"next": "collect rollback owner; approval record=false"
|
||
},
|
||
"runtimeGateRequired": {
|
||
"title": "Runtime gate required",
|
||
"body": "Any later host action must route to a separate runtime gate and cannot execute from owner review outcome.",
|
||
"next": "active runtime gates=0; action buttons=false"
|
||
}
|
||
}
|
||
},
|
||
"hostOwnerDecisionRecordDrafts": {
|
||
"title": "Host Owner Decision Record Draft Packets",
|
||
"subtitle": "When owner review outcome enters the ready lane, IwoooS can still only display decision record draft fields. It does not create records, mark acceptance, or open runtime gates.",
|
||
"packetLabel": "Draft packet",
|
||
"metadataLabel": "Required metadata",
|
||
"items": {
|
||
"scopeStatementDraft": {
|
||
"title": "Scope statement draft",
|
||
"body": "The draft only organizes hosts, networks, services, exclusions, and observation intent so the owner decision does not stay ambiguous.",
|
||
"metadata": "host / network / service / exclusion; record created=false"
|
||
},
|
||
"scanModeDraft": {
|
||
"title": "Scan mode draft",
|
||
"body": "The draft only describes observe-only, future active scan, or credentialed scan candidate modes. It is not scan approval.",
|
||
"metadata": "mode candidate; active scan=false"
|
||
},
|
||
"credentialBoundaryDraft": {
|
||
"title": "Credential boundary draft",
|
||
"body": "The draft only keeps credential handling metadata, owner, and retention boundary. It does not collect sensitive material.",
|
||
"metadata": "metadata-only boundary; secret collection=false"
|
||
},
|
||
"maintenanceConstraintsDraft": {
|
||
"title": "Maintenance constraints draft",
|
||
"body": "The draft only records future maintenance window candidates, constraints, and impact boundaries. It is not host update approval.",
|
||
"metadata": "window / constraint; host update=false"
|
||
},
|
||
"rollbackOwnerDraft": {
|
||
"title": "Rollback owner draft",
|
||
"body": "The draft only organizes rollback owner, recovery path, and human contact so later gates have accountability.",
|
||
"metadata": "owner / recovery pointer; approval record=false"
|
||
},
|
||
"validationMetricsDraft": {
|
||
"title": "Validation metrics draft",
|
||
"body": "The draft only lists post-check metrics, baseline, and evidence pointer for later human interpretation.",
|
||
"metadata": "metrics / baseline; accepted=0"
|
||
},
|
||
"runtimeGateDraft": {
|
||
"title": "Runtime gate draft",
|
||
"body": "The draft only states that later approval must still open a separate follow-up runtime gate and cannot execute from the draft.",
|
||
"metadata": "runtime gate pointer; active gates=0"
|
||
}
|
||
}
|
||
},
|
||
"hostOwnerDecisionRecordDraftReview": {
|
||
"title": "Host Owner Decision Record Draft Review Checklist",
|
||
"subtitle": "Decision record draft packets still require read-only review. This only shows whether drafts have the metadata needed for human decision and does not create formal decision records.",
|
||
"checkLabel": "Draft review",
|
||
"guardLabel": "No upgrade",
|
||
"items": {
|
||
"scopeStatementComplete": {
|
||
"title": "Scope statement complete",
|
||
"body": "Confirm the scope draft includes host, network, service, exclusions, and observation intent so decision record scope is not ambiguous.",
|
||
"guard": "draft review only; record created=false"
|
||
},
|
||
"scanModeStillNotApproval": {
|
||
"title": "Scan mode still not approval",
|
||
"body": "Confirm scan mode remains a candidate description and is not read as active scan or credentialed scan authorization.",
|
||
"guard": "scan authorized=false"
|
||
},
|
||
"credentialBoundaryMetadataOnly": {
|
||
"title": "Credential boundary metadata only",
|
||
"body": "Confirm credential boundary stays metadata-only and does not request or store sensitive material.",
|
||
"guard": "secret collection=false"
|
||
},
|
||
"maintenanceConstraintsReadable": {
|
||
"title": "Maintenance constraints readable",
|
||
"body": "Confirm maintenance window, constraints, and impact boundary are readable without becoming host update approval.",
|
||
"guard": "host update=false"
|
||
},
|
||
"rollbackOwnerReadable": {
|
||
"title": "Rollback owner readable",
|
||
"body": "Confirm rollback owner, recovery path, and human contact are readable while no approval record is created.",
|
||
"guard": "approval record=false"
|
||
},
|
||
"validationMetricsLinked": {
|
||
"title": "Validation metrics linked",
|
||
"body": "Confirm post-check metrics, baseline, and evidence pointer are linked to the draft for later human review.",
|
||
"guard": "accepted=0"
|
||
},
|
||
"runtimeGateStillClosed": {
|
||
"title": "Runtime gate still closed",
|
||
"body": "Confirm decision record draft review does not open runtime gates. Later execution still requires a separate gate.",
|
||
"guard": "active runtime gates=0; action buttons=false"
|
||
}
|
||
}
|
||
},
|
||
"hostOwnerDecisionRecordDraftReviewOutcomes": {
|
||
"title": "Host Owner Decision Record Draft Review Outcome Lanes",
|
||
"subtitle": "After draft review checklist, cases can only enter these read-only outcome lanes. This shows next steps and does not mark review passed, create decision records, or open runtime gates.",
|
||
"laneLabel": "Review outcome",
|
||
"nextLabel": "Next step",
|
||
"items": {
|
||
"readyForDecisionRecordWriteup": {
|
||
"title": "Ready for decision record write-up",
|
||
"body": "When scope, scan mode, credential boundary, maintenance, rollback, validation, and runtime separation are readable, the case can only become a formal decision record write-up candidate.",
|
||
"next": "display write-up candidate; record created=false"
|
||
},
|
||
"scopeDraftIncomplete": {
|
||
"title": "Scope draft incomplete",
|
||
"body": "When the scope draft lacks host, network, service, exclusion, or observation intent, it returns to scope draft completion.",
|
||
"next": "collect scope statement; no record creation"
|
||
},
|
||
"scanModeAmbiguous": {
|
||
"title": "Scan mode ambiguous",
|
||
"body": "When scan mode can still be mistaken for authorization, it returns to scan mode draft and scope explanation.",
|
||
"next": "refine scan mode wording; scan authorized=false"
|
||
},
|
||
"credentialBoundaryIncomplete": {
|
||
"title": "Credential boundary incomplete",
|
||
"body": "When credential boundary is unclear about metadata-only handling, owner, or retention, it returns to credential draft completion.",
|
||
"next": "collect metadata-only boundary; secret collection=false"
|
||
},
|
||
"maintenanceConstraintsIncomplete": {
|
||
"title": "Maintenance constraints incomplete",
|
||
"body": "When maintenance window, constraints, or impact boundary are unreadable, the case cannot enter formal decision record write-up.",
|
||
"next": "collect constraints; host update=false"
|
||
},
|
||
"rollbackOwnerIncomplete": {
|
||
"title": "Rollback owner incomplete",
|
||
"body": "When rollback owner, recovery path, or human contact is unreadable, the case cannot enter later approval semantics.",
|
||
"next": "collect rollback owner; approval record=false"
|
||
},
|
||
"runtimeGateStillRequired": {
|
||
"title": "Runtime gate still required",
|
||
"body": "Any later host action must still wait for a separate runtime gate and cannot execute from draft review outcome.",
|
||
"next": "active runtime gates=0; action buttons=false"
|
||
}
|
||
}
|
||
},
|
||
"hostOwnerDecisionRecordWriteups": {
|
||
"title": "Host Owner Decision Record Write-Up Packets",
|
||
"subtitle": "When a draft review outcome is ready for write-up, IwoooS can still only display formal decision record write-up fields. It does not create records, mark completed / accepted, or open runtime gates.",
|
||
"packetLabel": "Write-up packet",
|
||
"fieldLabel": "Required field",
|
||
"items": {
|
||
"decisionSummaryWriteup": {
|
||
"title": "Decision summary write-up",
|
||
"body": "Only organizes the human owner decision, risk acceptance boundary, and no-execution statement.",
|
||
"field": "decision summary; write-up completed=0"
|
||
},
|
||
"approvedScopeWriteup": {
|
||
"title": "Approved scope write-up",
|
||
"body": "Only organizes hosts, networks, services, exclusions, observation intent, and expiry.",
|
||
"field": "scope / expiry; record created=false"
|
||
},
|
||
"scanModeLimitsWriteup": {
|
||
"title": "Scan mode limits write-up",
|
||
"body": "Only organizes limits for observe-only, future active scan, or credentialed scan modes. This is not scan approval.",
|
||
"field": "mode limits; scan authorized=false"
|
||
},
|
||
"credentialBoundaryWriteup": {
|
||
"title": "Credential boundary write-up",
|
||
"body": "Only organizes credential handling metadata, owner, retention boundary, and forbidden collection content.",
|
||
"field": "metadata-only boundary; secret collection=false"
|
||
},
|
||
"maintenanceRollbackWriteup": {
|
||
"title": "Maintenance and rollback write-up",
|
||
"body": "Only organizes maintenance window candidates, constraints, rollback owner, recovery path, and human contact.",
|
||
"field": "window / rollback; host update=false"
|
||
},
|
||
"validationEvidenceWriteup": {
|
||
"title": "Validation evidence write-up",
|
||
"body": "Only organizes post-check metrics, baseline, evidence pointer, and human acceptance condition.",
|
||
"field": "metrics / evidence; accepted=0"
|
||
},
|
||
"runtimeGatePointerWriteup": {
|
||
"title": "Runtime gate pointer write-up",
|
||
"body": "Only states that future approval still needs a separate follow-up runtime gate and cannot execute from write-up.",
|
||
"field": "runtime gate pointer; active gates=0"
|
||
}
|
||
}
|
||
},
|
||
"hostOwnerDecisionRecordWriteupReview": {
|
||
"title": "Host Owner Decision Record Write-Up Review Checklist",
|
||
"subtitle": "Write-up packets still require read-only review. This only shows whether formal decision record write-up fields are readable and does not mark write-up completed, create or accept decision records, or open runtime gates.",
|
||
"checkLabel": "Write-up review",
|
||
"guardLabel": "No upgrade",
|
||
"items": {
|
||
"decisionSummaryReadable": {
|
||
"title": "Decision summary readable",
|
||
"body": "Confirm the write-up only organizes the human owner decision, risk acceptance boundary, and no-execution statement without adding approval semantics.",
|
||
"guard": "write-up review only; completed=0"
|
||
},
|
||
"scopeExpiryComplete": {
|
||
"title": "Scope and expiry complete",
|
||
"body": "Confirm scope, exclusions, observation intent, and expiry are readable so the formal record scope is not ambiguous.",
|
||
"guard": "record created=false"
|
||
},
|
||
"scanModeLimitsExplicit": {
|
||
"title": "Scan mode limits explicit",
|
||
"body": "Confirm observe-only, future active scan, and credentialed scan limits are explicit while not becoming scan authorization.",
|
||
"guard": "scan authorized=false"
|
||
},
|
||
"credentialBoundaryMetadataOnly": {
|
||
"title": "Credential boundary metadata only",
|
||
"body": "Confirm credential handling still keeps only metadata, owner, and retention boundary without requesting or storing sensitive material.",
|
||
"guard": "secret collection=false"
|
||
},
|
||
"maintenanceRollbackLinked": {
|
||
"title": "Maintenance and rollback linked",
|
||
"body": "Confirm maintenance window candidates, constraints, rollback owner, recovery path, and human contact remain traceable.",
|
||
"guard": "host update=false"
|
||
},
|
||
"validationEvidenceLinked": {
|
||
"title": "Validation evidence linked",
|
||
"body": "Confirm post-check metrics, baseline, evidence pointer, and human acceptance condition are linked to the write-up.",
|
||
"guard": "accepted=0"
|
||
},
|
||
"runtimeGateStillSeparate": {
|
||
"title": "Runtime gate still separate",
|
||
"body": "Confirm the runtime gate pointer still points to a separate follow-up gate and write-up review does not open gates.",
|
||
"guard": "active runtime gates=0; action buttons=false"
|
||
}
|
||
}
|
||
},
|
||
"hostOwnerDecisionRecordWriteupReviewOutcomes": {
|
||
"title": "Host Owner Decision Record Write-Up Review Outcome Lanes",
|
||
"subtitle": "After write-up review checklist, cases can only enter these read-only outcome lanes. This shows next steps and does not mark review passed, create or accept decision records, or open runtime gates.",
|
||
"laneLabel": "Review outcome",
|
||
"nextLabel": "Next step",
|
||
"items": {
|
||
"readyForFormalRecordCandidate": {
|
||
"title": "Ready for formal record candidate",
|
||
"body": "When summary, scope, scan limits, credential boundary, maintenance, rollback, validation, and runtime separation are readable, the case can only show a formal record candidate.",
|
||
"next": "display formal record candidate; record created=false"
|
||
},
|
||
"decisionSummaryNeedsClarification": {
|
||
"title": "Decision summary needs clarification",
|
||
"body": "When the decision summary, risk acceptance boundary, or no-execution statement is unreadable, the case returns to write-up completion.",
|
||
"next": "collect decision summary; completed=0"
|
||
},
|
||
"scopeExpiryNeedsRefresh": {
|
||
"title": "Scope and expiry needs refresh",
|
||
"body": "When scope, exclusions, observation intent, or expiry are incomplete, the case cannot enter formal record candidate.",
|
||
"next": "collect scope / expiry; record created=false"
|
||
},
|
||
"scanModeLimitsAmbiguous": {
|
||
"title": "Scan mode limits ambiguous",
|
||
"body": "When scan mode limits can still be mistaken for active scan or credentialed scan authorization, the wording must return to write-up.",
|
||
"next": "refine scan wording; scan authorized=false"
|
||
},
|
||
"credentialBoundaryFailed": {
|
||
"title": "Credential boundary failed",
|
||
"body": "When credential boundary is unclear about metadata-only handling, owner, retention, or forbidden collection content, it returns to credential write-up.",
|
||
"next": "collect metadata-only boundary; secret collection=false"
|
||
},
|
||
"maintenanceRollbackIncomplete": {
|
||
"title": "Maintenance and rollback incomplete",
|
||
"body": "When maintenance window, constraints, rollback owner, recovery path, or human contact is unreadable, the case cannot create approval semantics.",
|
||
"next": "collect maintenance / rollback; host update=false"
|
||
},
|
||
"runtimeGateStillRequired": {
|
||
"title": "Runtime gate still required",
|
||
"body": "Validation evidence or runtime gate pointer still requires a separate follow-up gate and cannot execute from review outcome.",
|
||
"next": "active runtime gates=0; action buttons=false"
|
||
}
|
||
}
|
||
},
|
||
"hostOwnerDecisionRecordFormalCandidates": {
|
||
"title": "Host Owner Decision Record Formal Candidate Packets",
|
||
"subtitle": "Formal record candidate only organizes the fields that may later be written into a formal record. This does not create decision records, mark finalized or accepted, create approval records, or open runtime gates.",
|
||
"packetLabel": "Candidate packet",
|
||
"fieldLabel": "Candidate field",
|
||
"items": {
|
||
"recordIdentityCandidate": {
|
||
"title": "Record identity candidate",
|
||
"body": "Organizes candidate record id, version, owner, review scope, and trace source so a future formal record has a readable identity.",
|
||
"field": "identity / version; record created=false"
|
||
},
|
||
"decisionSummaryCandidate": {
|
||
"title": "Decision summary candidate",
|
||
"body": "Organizes human owner decision summary, risk acceptance boundary, and no-execution statement without writing it as an accepted decision.",
|
||
"field": "decision summary; finalized=0"
|
||
},
|
||
"approvedScopeCandidate": {
|
||
"title": "Approved scope candidate",
|
||
"body": "Organizes host, network, service, exclusion, observation intent, and expiry so scope remains readable.",
|
||
"field": "scope / expiry; accepted=0"
|
||
},
|
||
"scanModeLimitsCandidate": {
|
||
"title": "Scan mode limits candidate",
|
||
"body": "Organizes observe-only, future active scan, and credentialed scan limits so they cannot be mistaken for scan authorization.",
|
||
"field": "scan limits; scan authorized=false"
|
||
},
|
||
"credentialBoundaryCandidate": {
|
||
"title": "Credential boundary candidate",
|
||
"body": "Organizes metadata-only credential owner, retention boundary, masking requirement, and forbidden collection content.",
|
||
"field": "metadata-only boundary; secret collection=false"
|
||
},
|
||
"maintenanceRollbackCandidate": {
|
||
"title": "Maintenance and rollback candidate",
|
||
"body": "Organizes maintenance window, constraints, rollback owner, recovery path, and human contact.",
|
||
"field": "window / rollback; host update=false"
|
||
},
|
||
"validationRuntimeGateCandidate": {
|
||
"title": "Validation and runtime gate candidate",
|
||
"body": "Organizes validation evidence, post-check metrics, baseline pointer, and the statement that a separate follow-up runtime gate is still required.",
|
||
"field": "validation / runtime pointer; active gates=0"
|
||
}
|
||
}
|
||
},
|
||
"hostOwnerDecisionRecordFormalCandidateReview": {
|
||
"title": "Host Owner Decision Record Formal Candidate Review Checklist",
|
||
"subtitle": "Formal candidate packets can still only enter read-only review before any later human record step. This does not mark review passed, create decision records, mark accepted, create approval records, or open runtime gates.",
|
||
"checkLabel": "Candidate review",
|
||
"guardLabel": "Still locked",
|
||
"items": {
|
||
"identityTraceable": {
|
||
"title": "Record identity traceable",
|
||
"body": "Confirm candidate record id, version, owner, review scope, and trace source are readable while no formal record is created.",
|
||
"guard": "record created=false"
|
||
},
|
||
"decisionSummaryReadable": {
|
||
"title": "Decision summary readable",
|
||
"body": "Confirm decision summary, risk acceptance boundary, and no-execution statement are readable while still not meaning decision accepted.",
|
||
"guard": "accepted=0"
|
||
},
|
||
"scopeExpiryConsistent": {
|
||
"title": "Scope and expiry consistent",
|
||
"body": "Confirm host, network, service, exclusion, observation intent, and expiry are consistent while remaining candidate fields only.",
|
||
"guard": "finalized=0"
|
||
},
|
||
"scanLimitsStillNotAuthorization": {
|
||
"title": "Scan limits still not authorization",
|
||
"body": "Confirm observe-only, future active scan, and credentialed scan limits cannot be mistaken for active scan or credentialed scan authorization.",
|
||
"guard": "scan authorized=false"
|
||
},
|
||
"credentialBoundaryStillMetadataOnly": {
|
||
"title": "Credential boundary still metadata-only",
|
||
"body": "Confirm credential boundary only keeps metadata, owner, retention, masking, and forbidden collection content.",
|
||
"guard": "secret collection=false"
|
||
},
|
||
"maintenanceRollbackTraceable": {
|
||
"title": "Maintenance and rollback traceable",
|
||
"body": "Confirm maintenance window, constraints, rollback owner, recovery path, and human contact remain traceable.",
|
||
"guard": "host update=false"
|
||
},
|
||
"runtimeGateStillClosed": {
|
||
"title": "Runtime gate still closed",
|
||
"body": "Confirm validation evidence and runtime gate pointer still only point to a separate follow-up gate and candidate review does not open gates.",
|
||
"guard": "active runtime gates=0; action buttons=false"
|
||
}
|
||
}
|
||
},
|
||
"hostOwnerDecisionRecordFormalCandidateReviewOutcomes": {
|
||
"title": "Host Owner Decision Record Formal Candidate Review Outcome Lanes",
|
||
"subtitle": "Formal candidate review outcome only shows next-step lanes after candidate review. This does not mark review passed, mark finalized, create decision records, mark accepted, create approval records, or open runtime gates.",
|
||
"laneLabel": "Outcome lane",
|
||
"nextLabel": "Next remains read-only",
|
||
"items": {
|
||
"readyForHumanRecordQueue": {
|
||
"title": "Ready for human record queue",
|
||
"body": "When candidate fields are readable, this can only show readiness for a human formal-record queue and does not create decision records.",
|
||
"next": "queue visible only; record created=false"
|
||
},
|
||
"identityNeedsTrace": {
|
||
"title": "Record identity needs trace",
|
||
"body": "When candidate record id, version, owner, review scope, or trace source is missing, the item returns to identity trace collection.",
|
||
"next": "collect identity trace; review passed=0"
|
||
},
|
||
"decisionSummaryNeedsClarification": {
|
||
"title": "Decision summary needs clarification",
|
||
"body": "When decision summary, risk acceptance boundary, or no-execution statement is unclear, the item remains a candidate.",
|
||
"next": "clarify decision summary; accepted=0"
|
||
},
|
||
"scopeExpiryNeedsRefresh": {
|
||
"title": "Scope and expiry need refresh",
|
||
"body": "When host, network, service, exclusion, observation intent, or expiry is inconsistent, the item cannot enter a formal record.",
|
||
"next": "refresh scope / expiry; finalized=0"
|
||
},
|
||
"scanLimitsAmbiguous": {
|
||
"title": "Scan limits remain ambiguous",
|
||
"body": "When active scan or credentialed scan limits could be misread, the lane stays locked as not authorized.",
|
||
"next": "clarify scan limits; scan authorized=false"
|
||
},
|
||
"credentialBoundaryFailed": {
|
||
"title": "Credential boundary failed",
|
||
"body": "When credential metadata, retention, masking, or forbidden collection boundary is unclear, the lane remains quarantined.",
|
||
"next": "repair metadata-only boundary; secret collection=false"
|
||
},
|
||
"maintenanceRollbackIncomplete": {
|
||
"title": "Maintenance and rollback incomplete",
|
||
"body": "When maintenance window, constraints, rollback owner, recovery path, or human contact is not traceable, approval semantics cannot be created.",
|
||
"next": "collect maintenance / rollback; host update=false"
|
||
},
|
||
"runtimeGateStillRequired": {
|
||
"title": "Runtime gate still required",
|
||
"body": "Validation evidence or runtime gate pointer still requires a separate follow-up gate and cannot open from the outcome.",
|
||
"next": "active runtime gates=0; action buttons=false"
|
||
}
|
||
}
|
||
},
|
||
"hostOwnerDecisionRecordFormalRecordQueue": {
|
||
"title": "Host Owner Decision Record Formal Record Queue Packets",
|
||
"subtitle": "Formal record queue packets only organize the data packets a future human formal-record queue would need to read. This does not enqueue, create decision records, mark accepted, create approval records, or open runtime gates.",
|
||
"packetLabel": "Queue packet",
|
||
"fieldLabel": "Queue field",
|
||
"items": {
|
||
"queueIdentityPacket": {
|
||
"title": "Queue identity packet",
|
||
"body": "Organizes candidate record id, version, owner, review scope, and trace source so a human queue can trace identity.",
|
||
"field": "identity trace; queue enqueued=0"
|
||
},
|
||
"queueDecisionSummaryPacket": {
|
||
"title": "Queue decision summary packet",
|
||
"body": "Organizes decision summary, risk acceptance boundary, and no-execution statement without creating a formal decision record.",
|
||
"field": "decision summary; record created=false"
|
||
},
|
||
"queueScopeExpiryPacket": {
|
||
"title": "Queue scope and expiry packet",
|
||
"body": "Organizes host, network, service, exclusion, observation intent, and expiry while remaining readable queue information only.",
|
||
"field": "scope / expiry; finalized=0"
|
||
},
|
||
"queueScanLimitsPacket": {
|
||
"title": "Queue scan limits packet",
|
||
"body": "Organizes observe-only, future active scan, and credentialed scan limits so they cannot be mistaken for scan authorization.",
|
||
"field": "scan limits; scan authorized=false"
|
||
},
|
||
"queueCredentialBoundaryPacket": {
|
||
"title": "Queue credential boundary packet",
|
||
"body": "Organizes metadata-only credential owner, retention, masking, and forbidden collection boundary.",
|
||
"field": "metadata-only boundary; secret collection=false"
|
||
},
|
||
"queueMaintenanceRollbackPacket": {
|
||
"title": "Queue maintenance and rollback packet",
|
||
"body": "Organizes maintenance window, constraints, rollback owner, recovery path, and human contact.",
|
||
"field": "window / rollback; host update=false"
|
||
},
|
||
"queueValidationRuntimeGatePacket": {
|
||
"title": "Queue validation and runtime gate packet",
|
||
"body": "Organizes validation evidence, post-check metrics, baseline pointer, and the separate runtime gate requirement.",
|
||
"field": "validation / runtime pointer; active gates=0"
|
||
},
|
||
"queueNoExecutionAttestationPacket": {
|
||
"title": "Queue no-execution attestation packet",
|
||
"body": "Organizes the statement that nothing is executed, approved, or gate-opened so queue packets cannot be treated as authorization.",
|
||
"field": "not authorization; action buttons=false"
|
||
}
|
||
}
|
||
},
|
||
"hostOwnerDecisionRecordFormalRecordQueueReview": {
|
||
"title": "Host Owner Decision Record Formal Record Queue Review Checklist",
|
||
"subtitle": "The formal record queue review checklist only confirms whether queue packets are readable for a future human formal-record review. It does not mark review passed, enqueue, create decision records, create approval records, or open runtime gates.",
|
||
"checkLabel": "Queue review",
|
||
"guardLabel": "Guardrail",
|
||
"items": {
|
||
"queueIdentityTraceable": {
|
||
"title": "Queue identity traceable",
|
||
"body": "Confirms queue identity can trace candidate record, version, owner, review scope, and source without treating traceability as formal enqueue.",
|
||
"guard": "trace only; queue enqueued=0"
|
||
},
|
||
"queueDecisionSummaryReadable": {
|
||
"title": "Queue decision summary readable",
|
||
"body": "Confirms the decision summary and no-execution statement are readable without creating a formal decision record.",
|
||
"guard": "summary only; record created=false"
|
||
},
|
||
"queueScopeExpiryFresh": {
|
||
"title": "Queue scope and expiry fresh",
|
||
"body": "Confirms host, network, service, exclusion, observation intent, and expiry are not stale or outside the original scope.",
|
||
"guard": "scope check only; finalized=0"
|
||
},
|
||
"queueScanLimitsNotAuthorization": {
|
||
"title": "Queue scan limits not authorization",
|
||
"body": "Confirms observe-only, future active scan, and credentialed scan limits remain constraints, not scan approval.",
|
||
"guard": "scan authorized=false"
|
||
},
|
||
"queueCredentialBoundaryMetadataOnly": {
|
||
"title": "Queue credential boundary metadata-only",
|
||
"body": "Confirms credential boundary keeps only metadata, owner, retention, and masking boundary without requesting sensitive material.",
|
||
"guard": "secret collection=false"
|
||
},
|
||
"queueMaintenanceRollbackLinked": {
|
||
"title": "Queue maintenance and rollback linked",
|
||
"body": "Confirms maintenance window, constraints, rollback owner, recovery path, and human contact have pointers without allowing host package changes or tuning.",
|
||
"guard": "host change=false"
|
||
},
|
||
"queueValidationGateSeparate": {
|
||
"title": "Queue validation gate separate",
|
||
"body": "Confirms validation evidence, post-check metrics, and baseline pointer still route to a separate runtime gate.",
|
||
"guard": "active gates=0"
|
||
},
|
||
"queueNoExecutionAttestationPresent": {
|
||
"title": "Queue no-execution attestation present",
|
||
"body": "Confirms the no-execution, no-approval, and no-runtime-gate statement remains present so the checklist cannot become an action entry.",
|
||
"guard": "action buttons=false"
|
||
}
|
||
}
|
||
},
|
||
"hostOwnerDecisionRecordFormalRecordQueueReviewOutcomes": {
|
||
"title": "Host Owner Decision Record Formal Record Queue Review Outcome Lanes",
|
||
"subtitle": "Formal record queue review outcome lanes only show the next-step routing after checklist review. They do not mark review passed, enqueue, create decision records, accept owner decisions, create approval records, or open runtime gates.",
|
||
"laneLabel": "Queue review outcome",
|
||
"nextLabel": "Next step",
|
||
"items": {
|
||
"readyForHumanRecordOwnerHandoff": {
|
||
"title": "Ready for human record owner handoff",
|
||
"body": "When all queue review conditions are readable, this can only display a future candidate handoff state for a human record owner.",
|
||
"next": "display handoff candidate; review passed=0, queue enqueued=0"
|
||
},
|
||
"identityNeedsTraceRefresh": {
|
||
"title": "Identity needs trace refresh",
|
||
"body": "When candidate record id, version, owner, review scope, or trace source is unclear, route back to the identity packet for evidence refresh.",
|
||
"next": "refresh identity trace; record created=false"
|
||
},
|
||
"decisionSummaryNeedsClarification": {
|
||
"title": "Decision summary needs clarification",
|
||
"body": "When the decision summary or no-execution statement is not readable, route back to the summary packet for clarification.",
|
||
"next": "clarify decision summary; accepted=0"
|
||
},
|
||
"scopeExpiryNeedsRefresh": {
|
||
"title": "Scope and expiry need refresh",
|
||
"body": "When host, network, service, exclusion, observation intent, or expiry is stale or outside original scope, route back to the scope packet.",
|
||
"next": "refresh scope / expiry; finalized=0"
|
||
},
|
||
"scanLimitsRemainAmbiguous": {
|
||
"title": "Scan limits remain ambiguous",
|
||
"body": "If observe-only, future active scan, or credentialed scan limits can still be mistaken for authorization, route back to the scan limits packet.",
|
||
"next": "clarify scan limits; scan authorized=false"
|
||
},
|
||
"credentialBoundaryFailed": {
|
||
"title": "Credential boundary failed",
|
||
"body": "If the credential boundary cannot stay metadata-only or the responsibility boundary is unreadable, quarantine and request evidence refresh.",
|
||
"next": "refresh metadata-only boundary; secret collection=false"
|
||
},
|
||
"maintenanceRollbackIncomplete": {
|
||
"title": "Maintenance and rollback incomplete",
|
||
"body": "If maintenance window, constraints, rollback owner, recovery path, or human contact is missing, it cannot enter formal record semantics.",
|
||
"next": "refresh maintenance / rollback; host change=false"
|
||
},
|
||
"runtimeGateStillRequired": {
|
||
"title": "Runtime gate still required",
|
||
"body": "Validation evidence or runtime gate pointer still requires a separate follow-up gate and cannot open from queue review outcome.",
|
||
"next": "active runtime gates=0; action buttons=false"
|
||
}
|
||
}
|
||
},
|
||
"hostOwnerDecisionRecordHumanHandoffReadiness": {
|
||
"title": "Host Owner Decision Record Human Record Owner Handoff Readiness Packets",
|
||
"subtitle": "Human record owner handoff readiness packets only display metadata to prepare before a future human record owner handoff. They do not start handoff, mark handoff ready, mark review passed, create decision records, accept owner decisions, or open runtime gates.",
|
||
"packetLabel": "Handoff readiness packet",
|
||
"guardLabel": "Guardrail",
|
||
"items": {
|
||
"handoffIdentityTrace": {
|
||
"title": "Handoff identity and trace",
|
||
"body": "Shows whether candidate record id, version, source outcome lane, source queue review, and trace pointer are readable enough for a future human record owner to identify.",
|
||
"guard": "handoff started=0; ready=0"
|
||
},
|
||
"handoffOwnerBoundary": {
|
||
"title": "Human record owner boundary",
|
||
"body": "Shows future record owner, backup owner, contact point, and responsibility boundary without sending notifications, collecting decisions, or creating approval records.",
|
||
"guard": "owner decision received=0"
|
||
},
|
||
"handoffDecisionSummary": {
|
||
"title": "Decision summary packet",
|
||
"body": "Shows whether decision summary, no-execution statement, and candidate conclusion are readable so the handoff cannot be mistaken for approval.",
|
||
"guard": "decision record created=false"
|
||
},
|
||
"handoffScopeExpiry": {
|
||
"title": "Scope and expiry packet",
|
||
"body": "Shows the handoff summary for host, network, service, exclusion, observation intent, and expiry; stale or out-of-scope data can only route back to scope refresh.",
|
||
"guard": "review passed=0"
|
||
},
|
||
"handoffScanLimits": {
|
||
"title": "Scan limits packet",
|
||
"body": "Shows the wording for observe-only, future active scan, and credentialed scan limits so the human record owner can see this is not scan authorization.",
|
||
"guard": "scan authorized=false"
|
||
},
|
||
"handoffCredentialBoundary": {
|
||
"title": "Credential boundary packet",
|
||
"body": "Shows credential boundary metadata, retention, and masking responsibility without collecting plaintext, token values, or raw secrets.",
|
||
"guard": "secret collection=false"
|
||
},
|
||
"handoffMaintenanceRollback": {
|
||
"title": "Maintenance and rollback packet",
|
||
"body": "Shows maintenance window, constraints, rollback owner, recovery path, and human contact while still disallowing SSH, package updates, or host tuning.",
|
||
"guard": "host change=false"
|
||
},
|
||
"handoffRuntimeGate": {
|
||
"title": "Runtime gate separation packet",
|
||
"body": "Shows validation evidence and follow-up runtime gate pointer as a separate gate that cannot open from handoff readiness.",
|
||
"guard": "active runtime gates=0; action buttons=false"
|
||
}
|
||
}
|
||
},
|
||
"hostOwnerDecisionRecordHumanHandoffReadinessReview": {
|
||
"title": "Host Owner Decision Record Human Handoff Readiness Review Checklist",
|
||
"subtitle": "Human handoff readiness review checklist only displays read-only checks before handoff readiness packets can be reviewed by a future human record owner. It does not mark review passed, start handoff, mark handoff ready, create decision records, accept owner decisions, or open runtime gates.",
|
||
"checkLabel": "Handoff readiness check",
|
||
"guardLabel": "Guardrail",
|
||
"items": {
|
||
"identityTraceReadable": {
|
||
"title": "Identity trace readable",
|
||
"body": "Confirms candidate record id, version, source outcome lane, source queue review, and trace pointer are readable; gaps can only route back to identity trace refresh.",
|
||
"guard": "handoff started=0; ready=0"
|
||
},
|
||
"ownerBoundaryReadable": {
|
||
"title": "Owner boundary readable",
|
||
"body": "Confirms future record owner, backup owner, contact point, and responsibility boundary are readable without sending notifications or collecting owner decisions.",
|
||
"guard": "owner decision received=0"
|
||
},
|
||
"decisionSummaryReadable": {
|
||
"title": "Decision summary readable",
|
||
"body": "Confirms decision summary, candidate conclusion, and no-execution statement are readable so handoff readiness cannot be mistaken for approval.",
|
||
"guard": "decision record created=false"
|
||
},
|
||
"scopeExpiryCurrent": {
|
||
"title": "Scope and expiry current",
|
||
"body": "Confirms host, network, service, exclusion, observation intent, and expiry are current and in scope; stale scope can only route back to scope refresh.",
|
||
"guard": "review passed=0"
|
||
},
|
||
"scanLimitsNotAuthorization": {
|
||
"title": "Scan limits not authorization",
|
||
"body": "Confirms observe-only, future active scan, and credentialed scan limits remain constraint wording, not scan approval.",
|
||
"guard": "scan authorized=false"
|
||
},
|
||
"credentialBoundaryMetadataOnly": {
|
||
"title": "Credential boundary metadata-only",
|
||
"body": "Confirms credential boundary only contains metadata, retention, and masking responsibility without plaintext, token values, or raw secrets.",
|
||
"guard": "secret collection=false"
|
||
},
|
||
"maintenanceRollbackTraceable": {
|
||
"title": "Maintenance and rollback traceable",
|
||
"body": "Confirms maintenance window, constraints, rollback owner, recovery path, and human contact are traceable while still disallowing SSH, package updates, or host tuning.",
|
||
"guard": "host change=false"
|
||
},
|
||
"runtimeGateSeparate": {
|
||
"title": "Runtime gate separate",
|
||
"body": "Confirms validation evidence and follow-up runtime gate remain independent and cannot open from readiness review.",
|
||
"guard": "active runtime gates=0; action buttons=false"
|
||
}
|
||
}
|
||
},
|
||
"hostOwnerDecisionRecordHumanHandoffReadinessReviewOutcomes": {
|
||
"title": "Host Owner Decision Record Human Handoff Readiness Review Outcome Lanes",
|
||
"subtitle": "Human handoff readiness review outcome lanes only show next-step routing after checklist review. They do not mark review passed, start handoff, mark handoff ready, create decision records, accept owner decisions, create approval records, or open runtime gates.",
|
||
"laneLabel": "Handoff review outcome",
|
||
"nextLabel": "Next step",
|
||
"items": {
|
||
"readyForHumanRecordOwnerReviewCandidate": {
|
||
"title": "Ready for human record owner review candidate",
|
||
"body": "When all readiness review conditions are readable, this can only display a future candidate state for human record owner review.",
|
||
"next": "display review candidate; review passed=0, handoff started=0"
|
||
},
|
||
"identityTraceNeedsRefresh": {
|
||
"title": "Identity trace needs refresh",
|
||
"body": "When candidate record id, version, source outcome lane, source queue review, or trace pointer is unclear, route back to the identity packet.",
|
||
"next": "refresh identity trace; handoff ready=0"
|
||
},
|
||
"ownerBoundaryNeedsClarification": {
|
||
"title": "Owner boundary needs clarification",
|
||
"body": "When record owner, backup owner, contact point, or responsibility boundary is unreadable, route back to the owner boundary packet.",
|
||
"next": "clarify owner boundary; decision received=0"
|
||
},
|
||
"decisionSummaryNeedsClarification": {
|
||
"title": "Decision summary needs clarification",
|
||
"body": "When decision summary, candidate conclusion, or no-execution statement is unreadable, route back to the decision summary packet.",
|
||
"next": "clarify decision summary; record created=false"
|
||
},
|
||
"scopeExpiryNeedsRefresh": {
|
||
"title": "Scope and expiry need refresh",
|
||
"body": "When host, network, service, exclusion, observation intent, or expiry is stale or out of scope, route back to the scope packet.",
|
||
"next": "refresh scope / expiry; review passed=0"
|
||
},
|
||
"scanLimitsRemainAmbiguous": {
|
||
"title": "Scan limits remain ambiguous",
|
||
"body": "If observe-only, future active scan, or credentialed scan limits can still be mistaken for authorization, route back to the scan limits packet.",
|
||
"next": "clarify scan limits; scan authorized=false"
|
||
},
|
||
"credentialBoundaryFailed": {
|
||
"title": "Credential boundary failed",
|
||
"body": "If credential boundary is not metadata-only or plaintext, token value, and raw secret boundaries are unclear, quarantine and request evidence refresh.",
|
||
"next": "refresh credential boundary; secret collection=false"
|
||
},
|
||
"maintenanceRollbackIncomplete": {
|
||
"title": "Maintenance and rollback incomplete",
|
||
"body": "If maintenance window, constraints, rollback owner, recovery path, or human contact is missing, it cannot enter human record owner review semantics.",
|
||
"next": "refresh maintenance / rollback; host change=false"
|
||
},
|
||
"runtimeGateStillRequired": {
|
||
"title": "Runtime gate still required",
|
||
"body": "Validation evidence or follow-up runtime gate pointer still requires a separate gate and cannot open from readiness review outcome.",
|
||
"next": "active runtime gates=0; action buttons=false"
|
||
}
|
||
}
|
||
},
|
||
"hostOwnerDecisionRecordHumanRecordOwnerReviewCandidatePackets": {
|
||
"title": "Host Owner Decision Record Human Record Owner Review Candidate Packets",
|
||
"subtitle": "Human record owner review candidate packets only organize metadata a future human record owner may need to inspect. They do not start handoff, mark review ready, collect owner decisions, create decision records, create approval records, or open runtime gates.",
|
||
"packetLabel": "Review candidate packet",
|
||
"guardLabel": "Guardrail",
|
||
"items": {
|
||
"reviewCandidateIdentity": {
|
||
"title": "Review candidate identity packet",
|
||
"body": "Organizes candidate id, source readiness outcome, version, trace pointer, and source queue review link so a future human record owner can understand provenance.",
|
||
"guard": "review started=0; decision record created=false"
|
||
},
|
||
"reviewOwnerBoundary": {
|
||
"title": "Review owner boundary packet",
|
||
"body": "Organizes human record owner, backup owner, contact channel, and responsibility boundary without treating owner contact as accepted work or a decision.",
|
||
"guard": "owner decision received=0; handoff started=0"
|
||
},
|
||
"reviewDecisionSummary": {
|
||
"title": "Review decision summary packet",
|
||
"body": "Organizes candidate decision summary, risk acceptance boundary, and no-execution statement so the review candidate is not mistaken for a formal record.",
|
||
"guard": "review ready=0; record accepted=0"
|
||
},
|
||
"reviewScopeExpiry": {
|
||
"title": "Review scope and expiry packet",
|
||
"body": "Organizes host, network, service, exclusion, observation intent, and expiry so the review candidate scope remains readable.",
|
||
"guard": "scope review only; runtime gate opened=false"
|
||
},
|
||
"reviewScanLimits": {
|
||
"title": "Review scan limits packet",
|
||
"body": "Organizes observe-only, future active scan, and credentialed scan limits while keeping active scan behind separate approval.",
|
||
"guard": "scan authorized=false; action buttons=false"
|
||
},
|
||
"reviewCredentialBoundary": {
|
||
"title": "Review credential boundary packet",
|
||
"body": "Organizes credential owner, retention, masking, and forbidden collection as metadata only; plaintext, token value, and raw secret are not collected.",
|
||
"guard": "secret collection=false; raw payload=false"
|
||
},
|
||
"reviewMaintenanceRollback": {
|
||
"title": "Review maintenance and rollback packet",
|
||
"body": "Organizes maintenance window, constraints, rollback owner, recovery path, and human contact without authorizing host change.",
|
||
"guard": "host change=false; Kali update=false"
|
||
},
|
||
"reviewValidationRuntimeGate": {
|
||
"title": "Review validation and runtime gate packet",
|
||
"body": "Organizes validation evidence pointer, post-check metrics, and separate runtime gate requirement without opening a gate from the candidate packet.",
|
||
"guard": "runtime gate opened=false; runtime execution=false"
|
||
},
|
||
"reviewNoExecutionAttestation": {
|
||
"title": "Review no-execution attestation packet",
|
||
"body": "Fixes not authorization, no execution, no approval, and no runtime gate statements so the review candidate is not mistaken for approval.",
|
||
"guard": "not_authorization=true; approval record=false"
|
||
}
|
||
}
|
||
},
|
||
"hostOwnerDecisionRecordHumanRecordOwnerReviewCandidateChecklist": {
|
||
"title": "Host Owner Decision Record Human Record Owner Review Candidate Checklist",
|
||
"subtitle": "Human record owner review candidate checklist only checks whether candidate packets are readable. It does not mark checklist passed, start review, mark review ready, collect owner decisions, create decision records, create approval records, or open runtime gates.",
|
||
"checkLabel": "Review candidate check",
|
||
"guardLabel": "Guardrail",
|
||
"items": {
|
||
"candidateIdentityTraceable": {
|
||
"title": "Candidate identity traceable",
|
||
"body": "Checks that candidate id, source outcome, version, trace pointer, and queue review link are traceable.",
|
||
"guard": "check passed=0; review started=0"
|
||
},
|
||
"candidateOwnerBoundaryReadable": {
|
||
"title": "Candidate owner boundary readable",
|
||
"body": "Checks that human record owner, backup owner, contact channel, and responsibility boundary are readable without treating the owner as engaged.",
|
||
"guard": "owner decision received=0; review ready=0"
|
||
},
|
||
"candidateDecisionSummaryReadable": {
|
||
"title": "Candidate decision summary readable",
|
||
"body": "Checks that candidate decision summary, risk acceptance boundary, and no-execution statement are readable while remaining outside a formal decision record.",
|
||
"guard": "decision record created=false; accepted=0"
|
||
},
|
||
"candidateScopeExpiryCurrent": {
|
||
"title": "Candidate scope and expiry current",
|
||
"body": "Checks that host, network, service, exclusion, observation intent, and expiry remain within the candidate scope.",
|
||
"guard": "scope check only; runtime gate opened=false"
|
||
},
|
||
"candidateScanLimitsNotAuthorization": {
|
||
"title": "Candidate scan limits not authorization",
|
||
"body": "Checks that observe-only, future active scan, and credentialed scan limits are not written as scan authorization.",
|
||
"guard": "scan authorized=false; action buttons=false"
|
||
},
|
||
"candidateCredentialBoundaryMetadataOnly": {
|
||
"title": "Candidate credential boundary metadata-only",
|
||
"body": "Checks that credential owner, retention, masking, and forbidden collection remain metadata-only.",
|
||
"guard": "secret collection=false; raw payload=false"
|
||
},
|
||
"candidateMaintenanceRollbackTraceable": {
|
||
"title": "Candidate maintenance and rollback traceable",
|
||
"body": "Checks that maintenance window, constraints, rollback owner, recovery path, and human contact are traceable.",
|
||
"guard": "host change=false; Kali update=false"
|
||
},
|
||
"candidateValidationRuntimeGateSeparate": {
|
||
"title": "Candidate validation and runtime gate separate",
|
||
"body": "Checks that validation evidence pointer, post-check metrics, and runtime gate requirement remain separate.",
|
||
"guard": "runtime gate opened=false; runtime execution=false"
|
||
},
|
||
"candidateNoExecutionAttestationPresent": {
|
||
"title": "Candidate no-execution attestation present",
|
||
"body": "Checks that not authorization, no execution, no approval, and no runtime gate statements are visible.",
|
||
"guard": "not_authorization=true; approval record=false"
|
||
}
|
||
}
|
||
},
|
||
"hostOwnerDecisionRecordHumanRecordOwnerReviewCandidateOutcomes": {
|
||
"title": "Host Owner Decision Record Human Record Owner Review Candidate Outcome Lanes",
|
||
"subtitle": "Human record owner review candidate outcome lanes only display next-step routing after candidate checklist. They do not mark checklist passed, start review, mark review ready, collect owner decisions, create decision records, create approval records, or open runtime gates.",
|
||
"laneLabel": "Review candidate outcome",
|
||
"nextLabel": "Next step",
|
||
"items": {
|
||
"readyForHumanRecordOwnerReviewPreparation": {
|
||
"title": "Ready for human record owner review preparation candidate",
|
||
"body": "All candidate checklist read-only conditions can be prepared for a future human record owner review surface, but this remains a preparation candidate.",
|
||
"next": "display only; review started=0"
|
||
},
|
||
"identityTraceNeedsRefresh": {
|
||
"title": "Identity trace needs refresh",
|
||
"body": "Candidate identity, source outcome, version, trace pointer, or queue review link needs refresh before the next layer.",
|
||
"next": "refresh identity trace; check passed=0"
|
||
},
|
||
"ownerBoundaryNeedsClarification": {
|
||
"title": "Owner boundary needs clarification",
|
||
"body": "Human record owner, backup owner, contact channel, or responsibility boundary still needs clarification and cannot count as owner engagement.",
|
||
"next": "clarify owner boundary; decision received=0"
|
||
},
|
||
"decisionSummaryNeedsClarification": {
|
||
"title": "Decision summary needs clarification",
|
||
"body": "Candidate decision summary, risk acceptance boundary, or no-execution statement is still unclear and cannot create a formal record.",
|
||
"next": "clarify summary; record created=false"
|
||
},
|
||
"scopeExpiryNeedsRefresh": {
|
||
"title": "Scope and expiry need refresh",
|
||
"body": "Host, network, service, exclusion, observation intent, or expiry needs refresh before moving into the next human preparation layer.",
|
||
"next": "refresh scope; review ready=0"
|
||
},
|
||
"scanLimitsRemainAmbiguous": {
|
||
"title": "Scan limits remain ambiguous",
|
||
"body": "Observe-only, future active scan, or credentialed scan limits may still be mistaken for authorization and must remain routed to clarification.",
|
||
"next": "clarify limits; scan authorized=false"
|
||
},
|
||
"credentialBoundaryFailed": {
|
||
"title": "Credential boundary failed",
|
||
"body": "Credential owner, retention, masking, or forbidden collection failed the metadata-only boundary and must be quarantined.",
|
||
"next": "quarantine credential boundary; secret collection=false"
|
||
},
|
||
"maintenanceRollbackIncomplete": {
|
||
"title": "Maintenance and rollback incomplete",
|
||
"body": "Maintenance window, constraints, rollback owner, recovery path, or human contact is incomplete and cannot lead to host change.",
|
||
"next": "complete maintenance data; host change=false"
|
||
},
|
||
"runtimeGateStillRequired": {
|
||
"title": "Runtime gate still required",
|
||
"body": "Validation evidence, post-check metrics, or follow-up runtime gate pointer still requires an independent gate and cannot open from candidate outcome.",
|
||
"next": "active runtime gates=0; action buttons=false"
|
||
}
|
||
}
|
||
},
|
||
"hostOwnerDecisionRecordHumanRecordOwnerReviewPreparationPackets": {
|
||
"title": "Host Owner Decision Record Human Record Owner Review Preparation Packets",
|
||
"subtitle": "Human record owner review preparation packets only organize metadata needed by a future human record owner review surface. They do not mark preparation completed, start review, mark review ready, collect owner decisions, create decision records, create approval records, or open runtime gates.",
|
||
"packetLabel": "Review preparation packet",
|
||
"guardLabel": "Guardrail",
|
||
"items": {
|
||
"preparationIdentityTrace": {
|
||
"title": "Preparation identity trace packet",
|
||
"body": "Organizes preparation id, source candidate outcome, version, trace pointer, and candidate checklist link so a future review surface can trace provenance.",
|
||
"guard": "prepared=0; review started=0"
|
||
},
|
||
"preparationOwnerBoundary": {
|
||
"title": "Preparation owner boundary packet",
|
||
"body": "Organizes human record owner, backup owner, contact channel, responsibility boundary, and open clarifications without treating owner as engaged or decided.",
|
||
"guard": "owner decision received=0; review ready=0"
|
||
},
|
||
"preparationDecisionSummary": {
|
||
"title": "Preparation decision summary packet",
|
||
"body": "Organizes candidate decision summary, risk acceptance boundary, no-execution statement, and formal record preface while remaining outside a decision record.",
|
||
"guard": "decision record created=false; accepted=0"
|
||
},
|
||
"preparationScopeExpiry": {
|
||
"title": "Preparation scope and expiry packet",
|
||
"body": "Organizes host, network, service, exclusion, observation intent, expiry, and refresh need so the preparation layer remains read-only visible.",
|
||
"guard": "scope preparation only; runtime gate opened=false"
|
||
},
|
||
"preparationScanLimits": {
|
||
"title": "Preparation scan limits packet",
|
||
"body": "Organizes observe-only, future active scan, credentialed scan limits, and scan boundaries that still require separate approval.",
|
||
"guard": "scan authorized=false; action buttons=false"
|
||
},
|
||
"preparationCredentialBoundary": {
|
||
"title": "Preparation credential boundary packet",
|
||
"body": "Organizes credential owner, retention, masking, forbidden collection, and quarantine rules while allowing metadata only.",
|
||
"guard": "secret collection=false; raw payload=false"
|
||
},
|
||
"preparationMaintenanceRollback": {
|
||
"title": "Preparation maintenance and rollback packet",
|
||
"body": "Organizes maintenance window, constraints, rollback owner, recovery path, and human contact without authorizing host change.",
|
||
"guard": "host change=false; Kali update=false"
|
||
},
|
||
"preparationValidationRuntimeGate": {
|
||
"title": "Preparation validation and runtime gate packet",
|
||
"body": "Organizes validation evidence pointer, post-check metrics, and independent runtime gate requirement without opening a gate from preparation packet.",
|
||
"guard": "runtime gate opened=false; runtime execution=false"
|
||
},
|
||
"preparationNoExecutionAttestation": {
|
||
"title": "Preparation no-execution attestation packet",
|
||
"body": "Fixes not authorization, no execution, no approval, and no runtime gate statements so the preparation packet is not mistaken for approval.",
|
||
"guard": "not_authorization=true; approval record=false"
|
||
}
|
||
}
|
||
},
|
||
"hostOwnerDecisionRecordHumanRecordOwnerReviewPreparationChecklist": {
|
||
"title": "Host Owner Decision Record Human Record Owner Review Preparation Checklist",
|
||
"subtitle": "Human record owner review preparation checklist only checks whether preparation packets are readable. It does not mark preparation completed, mark checklist passed, start review, mark review ready, collect owner decisions, create decision records, create approval records, or open runtime gates.",
|
||
"checkLabel": "Review preparation check",
|
||
"guardLabel": "Guardrail",
|
||
"items": {
|
||
"preparationIdentityTraceReadable": {
|
||
"title": "Preparation identity trace readable",
|
||
"body": "Checks that preparation id, source candidate outcome, version, trace pointer, and candidate checklist link are traceable.",
|
||
"guard": "prepared=0; check passed=0"
|
||
},
|
||
"preparationOwnerBoundaryReadable": {
|
||
"title": "Preparation owner boundary readable",
|
||
"body": "Checks that human record owner, backup owner, contact channel, responsibility boundary, and open clarifications are readable without treating the owner as engaged.",
|
||
"guard": "owner decision received=0; review ready=0"
|
||
},
|
||
"preparationDecisionSummaryReadable": {
|
||
"title": "Preparation decision summary readable",
|
||
"body": "Checks that candidate decision summary, risk acceptance boundary, no-execution statement, and formal record preface are readable while remaining outside a decision record.",
|
||
"guard": "decision record created=false; accepted=0"
|
||
},
|
||
"preparationScopeExpiryCurrent": {
|
||
"title": "Preparation scope and expiry current",
|
||
"body": "Checks that host, network, service, exclusion, observation intent, expiry, and refresh need remain readable within the preparation layer.",
|
||
"guard": "scope check only; runtime gate opened=false"
|
||
},
|
||
"preparationScanLimitsNotAuthorization": {
|
||
"title": "Preparation scan limits not authorization",
|
||
"body": "Checks that observe-only, future active scan, and credentialed scan limits are not written as scan authorization.",
|
||
"guard": "scan authorized=false; action buttons=false"
|
||
},
|
||
"preparationCredentialBoundaryMetadataOnly": {
|
||
"title": "Preparation credential boundary metadata-only",
|
||
"body": "Checks that credential owner, retention, masking, forbidden collection, and quarantine rules remain metadata-only.",
|
||
"guard": "secret collection=false; raw payload=false"
|
||
},
|
||
"preparationMaintenanceRollbackTraceable": {
|
||
"title": "Preparation maintenance and rollback traceable",
|
||
"body": "Checks that maintenance window, constraints, rollback owner, recovery path, and human contact are traceable.",
|
||
"guard": "host change=false; Kali update=false"
|
||
},
|
||
"preparationValidationRuntimeGateSeparate": {
|
||
"title": "Preparation validation and runtime gate separate",
|
||
"body": "Checks that validation evidence pointer, post-check metrics, and independent runtime gate requirement remain separate.",
|
||
"guard": "runtime gate opened=false; runtime execution=false"
|
||
},
|
||
"preparationNoExecutionAttestationPresent": {
|
||
"title": "Preparation no-execution attestation present",
|
||
"body": "Checks that not authorization, no execution, no approval, and no runtime gate statements are visible so the checklist is not mistaken for approval.",
|
||
"guard": "not_authorization=true; approval record=false"
|
||
}
|
||
}
|
||
},
|
||
"progressHoldMovementGates": {
|
||
"title": "Why 58% Is Still Holding",
|
||
"subtitle": "S2.50 surfaces the headline progress movement gates directly: work is moving, but none of the five gates that can trigger a 58% review has real evidence yet. Framework, docs, and frontend visibility accumulate in the 80-85% framework track, not in the landed headline.",
|
||
"gateLabel": "Movement gate",
|
||
"moveLabel": "When it moves",
|
||
"guardLabel": "No inflation rule",
|
||
"items": {
|
||
"ownerResponseAccepted": {
|
||
"title": "Owner response accepted is still 0",
|
||
"body": "S4.9-S4.12 still have no owner response received / accepted; S4.9 is request-ready only.",
|
||
"move": "The headline can be reviewed after the first redacted owner responses pass S4.9 preflight and the S4.13 rollup.",
|
||
"guard": "Do not treat request-ready, templates, preflight, or focus as received / accepted."
|
||
},
|
||
"redactedPayloadIngested": {
|
||
"title": "Redacted payload ingestion is not enabled",
|
||
"body": "Evidence refs, redaction examples, quarantine, and preflight exist, but there is no accepted payload ingestion yet.",
|
||
"move": "Runtime landing can be reviewed after redacted payloads are approved, pass preflight, and enter read-only ingestion.",
|
||
"guard": "No raw payloads, credential plaintext, or doc examples as ingestion."
|
||
},
|
||
"activeRuntimeGate": {
|
||
"title": "Active runtime gate is still 0",
|
||
"body": "Kali `/execute`, SSH, host updates, blocking control, repo / refs / workflow actions remain outside an active gate.",
|
||
"move": "It moves only after human approval, scope, rollback, post-check metrics, and a separate active runtime gate.",
|
||
"guard": "Do not open runtime gates from IwoooS, progress numbers, or checklists."
|
||
},
|
||
"githubPrimaryReady": {
|
||
"title": "GitHub primary ready is still 0",
|
||
"body": "GitHub targets, refs truth, workflow / secret name parity, and rollback ADR are still in owner-response / readiness phases.",
|
||
"move": "primary_ready_count can become greater than 0 after at least one repo passes target, refs, workflow / secret name, and rollback readiness.",
|
||
"guard": "No repo creation, refs sync, primary switch, or candidate as readiness."
|
||
},
|
||
"awooopReadOnlyLanding": {
|
||
"title": "AwoooP landing is not yet production-consumed",
|
||
"body": "IwoooS is visible, but the AwoooP main line still needs read-only consumption of rollup, evidence refs, and guard results without execution routing.",
|
||
"move": "User-visible progress improves after AwoooP consumes this state read-only and passes guard checks, still without production execution.",
|
||
"guard": "Read-only landing is not an action button, approval, runtime execution, or blocking control."
|
||
}
|
||
}
|
||
},
|
||
"awooopReadOnlyLandingReadiness": {
|
||
"title": "AwoooP Read-Only Landing Readiness",
|
||
"subtitle": "S2.51 turns the AwoooP main-line read-only consumption path for IwoooS / security mirror state into an intake readiness board. This is landing readiness, not production_landing_enabled, and it does not connect an execution router.",
|
||
"readinessLabel": "Read-only intake",
|
||
"requirementLabel": "Intake requirement",
|
||
"guardLabel": "Still locked",
|
||
"items": {
|
||
"rollupSnapshotReadable": {
|
||
"title": "Rollup snapshots are readable",
|
||
"body": "`security-mirror-status-rollup.snapshot.json` and `iwooos-posture-projection.snapshot.json` can serve as the main read-only sources for AwoooP.",
|
||
"requirement": "AwoooP consumes committed snapshots and guard output only, without calling Kali, Gitea, GitHub, or runtime APIs directly.",
|
||
"guard": "production_landing_enabled=false; execution router linked=false"
|
||
},
|
||
"evidenceRefsReadable": {
|
||
"title": "Evidence refs are traceable",
|
||
"body": "IwoooS already lists evidence refs for security rollout, owner response validation, Kali status, rollup, and projection state.",
|
||
"requirement": "AwoooP landing may show evidence refs and status summaries only; it must not store raw payloads, credential plaintext, or token values.",
|
||
"guard": "payloads_ingested=false; secret value collection=false"
|
||
},
|
||
"guardChecksKnown": {
|
||
"title": "Guard checks are known",
|
||
"body": "`security-mirror-progress-guard.py` and `source-control-owner-response-guard.py` are the required read-only preflight checks.",
|
||
"requirement": "AwoooP main-line intake must preserve progress, owner response, runtime flag, action button, and forbidden output checks.",
|
||
"guard": "Do not skip guards; do not treat guard pass as runtime approval."
|
||
},
|
||
"routeGroupsKnown": {
|
||
"title": "Mirror route groups are known",
|
||
"body": "`security_mirror_route_v1` already defines read-only destinations for Operator Console, runtime state, channel event, audit evidence, and approval queue.",
|
||
"requirement": "AwoooP may display and classify by route group only; it must not add scan, execute, repair, repo, refs, or deploy actions.",
|
||
"guard": "action_buttons_allowed=false; runtime_execution_authorized=false"
|
||
},
|
||
"forbiddenOutputsLocked": {
|
||
"title": "Forbidden outputs stay locked",
|
||
"body": "IwoooS / rollup explicitly forbids action buttons, runtime gates, GitHub primary switching, or production execution from landing readiness.",
|
||
"requirement": "AwoooP intake must preserve the forbidden output list and keep write, execution, switch, and secret-value collection paths closed.",
|
||
"guard": "Do not treat landing readiness as production consumption."
|
||
},
|
||
"productionHandoffPending": {
|
||
"title": "Production handoff is still pending",
|
||
"body": "This is only the AwoooP read-only landing intake preparation; it does not prove the AwoooP production main line consumes the state yet.",
|
||
"requirement": "A later PR / deployment evidence must prove AwoooP displays rollup, evidence refs, and guard results read-only.",
|
||
"guard": "progress_change_applied=false; headline percent delta=0"
|
||
}
|
||
}
|
||
},
|
||
"progressAcceleration": {
|
||
"title": "Progress Acceleration And Real Unlock Points",
|
||
"subtitle": "Progress is moving, but the 58% headline only gets reassessed when owner responses, runtime gates, GitHub primary readiness, or AwoooP production landing produce real evidence. This board makes the next visible unlock points explicit.",
|
||
"laneLabel": "Acceleration lane",
|
||
"unlockLabel": "Unlock signal",
|
||
"guardLabel": "Low-friction boundary remains",
|
||
"items": {
|
||
"ownerResponses": {
|
||
"title": "Converge owner responses first",
|
||
"body": "S4.9-S4.12 owner responses for Gitea, GitHub targets, refs truth, and workflow / secret names are the main reason the headline is holding at 58%.",
|
||
"unlock": "The headline can be reassessed only after the first accepted redacted owner responses arrive.",
|
||
"guard": "Redacted evidence only; no repo creation, refs sync, workflow mutation, or secret value collection."
|
||
},
|
||
"redactedIngestion": {
|
||
"title": "Connect redacted evidence ingestion",
|
||
"body": "Security findings, Kali observe signals, and owner evidence need to enter the read-only intake plane as redacted metadata before runtime work.",
|
||
"unlock": "Runtime landing gets a real signal only after the redacted payload ingestion adapter is approved and passes preflight.",
|
||
"guard": "No raw payload, no credential plaintext, and no active scan."
|
||
},
|
||
"runtimeGate": {
|
||
"title": "Runtime gates stay separately approved",
|
||
"body": "Future scanning, repair, host update, or blocking controls must not auto-advance from frontend status.",
|
||
"unlock": "Runtime landing can be reassessed only after S3 / S3.4 has human approval, rollback, post-check metrics, and an active runtime gate.",
|
||
"guard": "active runtime gate=0; action button=false; Kali /execute remains a block candidate."
|
||
},
|
||
"githubReadiness": {
|
||
"title": "Split GitHub primary readiness blockers",
|
||
"body": "The long-term GitHub direction is agreed, but targets, refs, workflow / secret names, and rollback ADR still need full verification.",
|
||
"unlock": "primary_ready_count can move only after owner responses, refs truth, workflow parity, and rollback ADR are verifiable.",
|
||
"guard": "No primary switch, no force push, no refs deletion, and no unapproved target repo creation."
|
||
},
|
||
"awooopLanding": {
|
||
"title": "Make AwoooP / IwoooS visible in the main flow",
|
||
"body": "One reason progress feels slow is that security work still looks like backend contracts; the next steps, blockers, prohibitions, and unlock signals need to be visible in-product.",
|
||
"unlock": "Once AwoooP consumes the rollup and IwoooS board read-only, users can see the real blockers directly.",
|
||
"guard": "Read-only landing only; visible status is not authorization and does not add execution buttons."
|
||
},
|
||
"cadenceCompression": {
|
||
"title": "Move future cadence in batches",
|
||
"body": "S2.38-S2.45 split many checklist layers, making progress feel fragmented. Next work should favor P0 owner responses and AwoooP landing over endlessly adding small checklist layers.",
|
||
"unlock": "Similar framework details should be batched in future reports; only high-level gate changes move the headline.",
|
||
"guard": "Faster cadence does not loosen safety; runtime and source-control cutover still need human gates."
|
||
}
|
||
}
|
||
},
|
||
"ownerResponseNextActionFocus": {
|
||
"title": "Owner Response Next-Action Focus",
|
||
"subtitle": "S2.47 makes the owner-response work that can actually move the 58% headline explicit: collect S4.9 Gitea owner attestation first, then GitHub targets, refs truth, and workflow / secret names. This is display-only: no chasing, autofill, or received marking.",
|
||
"focusLabel": "Next focus",
|
||
"nextLabel": "Evidence to inspect",
|
||
"guardLabel": "Still forbidden",
|
||
"items": {
|
||
"giteaOwnerAttestation": {
|
||
"title": "Collect S4.9 Gitea owner attestation first",
|
||
"body": "Confirm Gitea coverage, public-only / local gaps, org/user endpoint, 110 adjacent source, canonical owner, and legacy disposition.",
|
||
"next": "Owner must answer the 5 redacted evidence refs in GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.",
|
||
"guard": "received=0; accepted=0; no token value storage, Gitea writes, refs sync, or primary switch."
|
||
},
|
||
"githubTargetOwnerDecision": {
|
||
"title": "Handle S4.10 GitHub target decisions next",
|
||
"body": "Confirm each GitHub target owner, visibility, canonical disposition, and not_found_or_private handling.",
|
||
"next": "After S4.9 is accepted, collect the 7 target responses from GITHUB-TARGET-OWNER-DECISION-RESPONSE.",
|
||
"guard": "No GitHub repo creation, visibility change, refs sync, or target response as primary approval."
|
||
},
|
||
"refsTruthOwnerResponse": {
|
||
"title": "Resolve S4.11 refs truth after that",
|
||
"body": "Clarify main/dev truth, deprecated drift, release tags, and GitHub-only refs so migration does not treat stale refs as truth.",
|
||
"next": "Repo owners must decide the 141 ref review items per repo / per ref.",
|
||
"guard": "No fetch, push, refs deletion, force push, or history rewrite."
|
||
},
|
||
"workflowSecretOwnerResponse": {
|
||
"title": "Complete S4.12 workflow / secret names last",
|
||
"body": "Fill webhook, runner, deploy key, branch protection / CODEOWNERS, and repository secret name parity gaps.",
|
||
"next": "Collect names, owners, and redacted parity evidence only so GitHub readiness has verifiable gaps.",
|
||
"guard": "No secret value collection, workflow mutation, runner enablement, or write token use."
|
||
}
|
||
}
|
||
},
|
||
"s49OwnerResponseRequestTemplates": {
|
||
"title": "S4.9 Owner Response Five Templates",
|
||
"subtitle": "S2.49 surfaces the five S4.9 templates the owner must answer one by one. This is only a request-ready list: the request is not sent, there is no chasing or autofill, no received / accepted marking, and no template is treated as Gitea inventory or GitHub migration approval.",
|
||
"templateLabel": "Template",
|
||
"ownerActionLabel": "Owner response",
|
||
"guardLabel": "Still forbidden",
|
||
"items": {
|
||
"publicOnlyVsLocalGiteaGap": {
|
||
"title": "Public-only / local Gitea gap",
|
||
"body": "Decide whether `wooo/clawbot-v5` and `wooo/wooo-aiops` belong in the current inventory / migration scope.",
|
||
"ownerAction": "Reply per repo with in scope, out of scope, legacy archived, external system, inaccessible, or needs more evidence, plus redacted evidence refs.",
|
||
"guard": "request_ready_not_sent; received=0; accepted=0; no Gitea writes, repo creation, or refs sync."
|
||
},
|
||
"orgUserEndpointIdentity": {
|
||
"title": "Gitea `wooo` org/user endpoint",
|
||
"body": "Clarify whether `wooo` in Gitea should be inventoried as a user, an org, or both, without treating endpoint 404 as absence.",
|
||
"ownerAction": "Reply with canonical endpoint identity, verification method, and follow-up owner.",
|
||
"guard": "No admin API calls, token use, or endpoint decision as inventory completed."
|
||
},
|
||
"internal110AdjacentScope": {
|
||
"title": "110 adjacent source scope",
|
||
"body": "Decide whether `bitan-pharmacy`, `root/momo-pro-system`, `tsenyang-website`, and `wooo/wooo-infra-config` belong in this scope.",
|
||
"ownerAction": "Classify each as in scope / out of scope / legacy / external / inaccessible, with redacted source evidence.",
|
||
"guard": "No private repo content reads, archive imports, or automatic migration inclusion."
|
||
},
|
||
"repoOwnerCanonicalScope": {
|
||
"title": "Repo owner / canonical / GitHub target",
|
||
"body": "Assign owner, canonical source, GitHub target candidate, and visibility review owner for in-scope repos.",
|
||
"ownerAction": "Reply with owner role/team, canonical source, GitHub target candidate, visibility review owner, and rationale.",
|
||
"guard": "No GitHub repo creation, visibility change, primary switch, or target candidate as approval."
|
||
},
|
||
"legacyOrInaccessibleDisposition": {
|
||
"title": "Legacy / inaccessible disposition",
|
||
"body": "Record disposition, rationale, and follow-up owner for legacy, inaccessible, or external repos.",
|
||
"ownerAction": "Mark archive, exclude, follow-up evidence, or external owner, with redacted trace.",
|
||
"guard": "No deletion, disabling, or repo archival; disposition is human classification, not execution."
|
||
}
|
||
}
|
||
},
|
||
"s49OwnerResponsePreflight": {
|
||
"title": "S4.9 Owner Response Intake Preflight",
|
||
"subtitle": "S2.48 surfaces the 6 S4.9 intake preflight checks in IwoooS: known attestation item, complete fields, allowed decision, redacted evidence, no execution request, and no accepted state until all five items are covered. This is preflight display only: no request send, received marking, or audit event creation.",
|
||
"checkLabel": "Preflight",
|
||
"failureLabel": "If it fails",
|
||
"guardLabel": "Still forbidden",
|
||
"items": {
|
||
"knownAttestationItem": {
|
||
"title": "Match a known S4.7 item",
|
||
"body": "The owner response must map to public-only / local gap, org/user endpoint, 110 adjacent source, canonical owner, or legacy disposition.",
|
||
"failure": "Unclear mapping can only request owner correction.",
|
||
"guard": "Do not treat vague text as coverage attestation or auto-map it to an item."
|
||
},
|
||
"requiredOwnerFields": {
|
||
"title": "Required owner fields complete",
|
||
"body": "Each response needs owner role/team, decision, decision reason, affected scope, evidence refs, and followup owner.",
|
||
"failure": "Missing fields can only request more evidence.",
|
||
"guard": "No verbal OK and no approval record from incomplete responses."
|
||
},
|
||
"allowedDecision": {
|
||
"title": "Decision is allowed",
|
||
"body": "The decision must fit the acceptable decisions for the matching template so free text is not misread as authorization.",
|
||
"failure": "Invalid decisions request owner correction.",
|
||
"guard": "Do not upgrade OK / looks fine language into migration or primary approval."
|
||
},
|
||
"redactedEvidenceOnly": {
|
||
"title": "Redacted evidence refs only",
|
||
"body": "Evidence may only point to repo docs, snapshots, or redacted metadata pointers; no tokens, secrets, cookies, sessions, private keys, or private URL credentials.",
|
||
"failure": "Sensitive payloads go to quarantine.",
|
||
"guard": "No raw secret storage, DB dump import, git object pack, or repo archive collection."
|
||
},
|
||
"noExecutionRequest": {
|
||
"title": "No execution request",
|
||
"body": "Responses must not request Gitea/GitHub writes, repo creation, visibility changes, refs sync/delete/force-push, workflow/secret/runner changes, scans, or runtime actions.",
|
||
"failure": "Embedded execution asks are rejected.",
|
||
"guard": "No Gitea writes, GitHub repo creation, refs sync, or runtime gate opening."
|
||
},
|
||
"allFiveItemsBeforeAccepted": {
|
||
"title": "All five items before Accepted",
|
||
"body": "S4.9 cannot be accepted until all five response templates have acceptable owner responses.",
|
||
"failure": "Partial responses remain waiting or request more evidence.",
|
||
"guard": "Visible preflight is not request sent, received, accepted, or audit emitted."
|
||
}
|
||
}
|
||
},
|
||
"awooopCrossSessionHandoff": {
|
||
"title": "AwoooP Cross-Session Handoff",
|
||
"subtitle": "S2.52 freezes the current PR, branch, progress semantics, required guards, forbidden actions, and next coordination gate as read-only handoff packets so another AwoooP Session can continue without treating the handoff as production landing or execution authorization.",
|
||
"packetLabel": "Handoff packet",
|
||
"handoffLabel": "Handoff note",
|
||
"guardLabel": "Still locked",
|
||
"items": {
|
||
"branchAndPrAnchor": {
|
||
"title": "PR / branch anchor",
|
||
"body": "PR #117 and codex/security-supply-chain-contracts-20260512 are the current read-only sync anchors.",
|
||
"handoff": "The other Session should confirm the same PR, branch, and latest commit, then read LOGBOOK and the rollup ledger.",
|
||
"guard": "Do not merge, deploy, switch primary, or mutate refs from the handoff."
|
||
},
|
||
"progressSemantics": {
|
||
"title": "Progress semantics",
|
||
"body": "The headline remains 58%; framework is 80-85%; runtime / ingestion / GitHub primary / AwoooP production landing remains 35-40%.",
|
||
"handoff": "New UI, docs, and snapshots stay in the framework_detail ledger unless owner response, runtime gate, GitHub primary, or production landing evidence exists.",
|
||
"guard": "Do not treat framework detail, readiness, handoff, or guard pass as headline delta."
|
||
},
|
||
"requiredGuardCommands": {
|
||
"title": "Required guards",
|
||
"body": "Run security-mirror-progress-guard.py and source-control-owner-response-guard.py before taking over.",
|
||
"handoff": "Continue read-only projection only after both guards pass; if either fails, fix the contract or snapshot first.",
|
||
"guard": "Do not skip guards; do not treat guard pass as runtime approval."
|
||
},
|
||
"forbiddenRuntimeActions": {
|
||
"title": "Runtime forbidden actions",
|
||
"body": "Kali /execute, SSH, host update, active scan, credentialed scan, blocking control, repo / refs / workflow actions remain unauthorized.",
|
||
"handoff": "The other Session may only add read-only evidence, UI projection, docs, snapshots, and guards.",
|
||
"guard": "runtime_execution_authorized=false; action_buttons_allowed=false"
|
||
},
|
||
"awooopReadOnlyInputs": {
|
||
"title": "AwoooP read-only inputs",
|
||
"body": "AwoooP may consume the rollup snapshot, IwoooS projection, owner response validation rollup, Kali status, and rollout policy.",
|
||
"handoff": "Main-line AwoooP intake may display only state, evidence refs, route groups, and forbidden actions.",
|
||
"guard": "Do not store raw payloads, credential plaintext, token values, or execution payloads."
|
||
},
|
||
"nextCoordinationGate": {
|
||
"title": "Next coordination gate",
|
||
"body": "The next high-level gates that can move the headline remain owner response accepted, redacted payload ingestion, active runtime gate, GitHub primary ready, or AwoooP production landing.",
|
||
"handoff": "If the other Session advances production landing, it must provide read-only consumption evidence and deployment proof.",
|
||
"guard": "Do not treat handoff packets as production consumption."
|
||
}
|
||
}
|
||
}
|
||
},
|
||
"tickets": {
|
||
"title": "Tickets",
|
||
"subtitle": "Incident ticket tracking",
|
||
"loading": "Loading...",
|
||
"id": "Ticket ID",
|
||
"title_col": "Title",
|
||
"status": "Status",
|
||
"priority": "Priority",
|
||
"createdAt": "Created At",
|
||
"error": "Load failed",
|
||
"noTickets": "No tickets"
|
||
},
|
||
"users": {
|
||
"title": "Audit Log",
|
||
"subtitle": "K8s operation execution records",
|
||
"loading": "Loading...",
|
||
"totalExecutions": "Total Executions",
|
||
"successCount": "Success",
|
||
"failureCount": "Failures",
|
||
"successRate": "Success Rate",
|
||
"avgDuration": "Avg Duration",
|
||
"recentOps": "Recent Operations",
|
||
"operation": "Operation Type",
|
||
"namespace": "Namespace",
|
||
"result": "Result",
|
||
"time": "Time",
|
||
"error": "Load failed",
|
||
"noUsers": "No audit records",
|
||
"name": "Name",
|
||
"role": "Role",
|
||
"status": "Status"
|
||
},
|
||
"emptyState": {
|
||
"noData": "--",
|
||
"comingSoon": "Integration pending"
|
||
},
|
||
"drift": {
|
||
"title": "Config Drift Detection",
|
||
"subtitle": "GitOps Guardian — Detects drift between K8s actual state and Git YAML",
|
||
"scan": "Scan Now",
|
||
"scanning": "Scanning...",
|
||
"loading": "Loading...",
|
||
"noReports": "No drift reports yet",
|
||
"noReportsHint": "CronJob scans hourly automatically, or click \"Scan Now\" to trigger manually",
|
||
"noDrift": "No Drift",
|
||
"reportId": "Report ID",
|
||
"scannedAt": "Scanned At",
|
||
"namespace": "Namespace",
|
||
"triggeredBy": "Triggered By",
|
||
"highCount": "High",
|
||
"mediumCount": "Medium",
|
||
"infoCount": "Info",
|
||
"status": "Status",
|
||
"driftLevel": {
|
||
"high": "High",
|
||
"medium": "Medium",
|
||
"info": "Info"
|
||
},
|
||
"interpretation": "Nemotron Intent Analysis",
|
||
"noInterpretation": "No analysis needed (no drift)",
|
||
"rollback": "Rollback to Git",
|
||
"adopt": "Adopt Change",
|
||
"rollbackConfirm": "Rollback this resource to Git state?",
|
||
"adoptConfirm": "Adopt this change and update Git?",
|
||
"pending": "Pending",
|
||
"resolved": "Resolved",
|
||
"ignored": "Ignored"
|
||
},
|
||
"neuralCommand": {
|
||
"title": "Neural Command Center",
|
||
"subtitle": "SSH_COMMAND Chain of Command · OpenClaw 🦞 × NemoTron ⚡",
|
||
"lastRefresh": "Updated {time}",
|
||
"refresh": "Refresh",
|
||
"preFlightAudit": "Pre-Flight Audit",
|
||
"liveCommand": "Live Command",
|
||
"statsHistory": "Stats & History",
|
||
"nuclearApproval": "Nuclear Approval",
|
||
"preFlightTitle": "SSH_COMMAND Architecture Security Audit",
|
||
"preFlightSubtitle": "WHITELIST updated to production standard",
|
||
"progress": "Progress",
|
||
"riskLevel": "Risk Level",
|
||
"riskLow": "Low",
|
||
"auditStatus": "Audit Status",
|
||
"passed": "Passed",
|
||
"pending": "Pending",
|
||
"passBannerTitle": "Pre-Flight Passed — Architecture meets security standards",
|
||
"passBannerDesc": "8/8 checks passed · Shell Injection protection enabled · known_hosts mounted",
|
||
"statusFixed": "Fixed",
|
||
"statusPending": "Pending",
|
||
"featureToggles": "Feature Toggle Status",
|
||
"approvedPlaybooks": "Approved Playbooks",
|
||
"highQuality": "High Quality",
|
||
"totalExecutions": "Total Executions",
|
||
"successRate": "Success Rate",
|
||
"checkA1Label": "Key Check (known_hosts)",
|
||
"checkA1Desc": "K8s Secret mounted at /etc/repair-ssh/known_hosts",
|
||
"checkA2Label": "Whitelist (ConfigMap)",
|
||
"checkA2Desc": "Hardcoded Whitelist → K8s ConfigMap",
|
||
"checkA3Label": "Command Injection Filter",
|
||
"checkA3Desc": "Block ; | && $() · Max 512 chars",
|
||
"checkB1Label": "Audit Log",
|
||
"checkB1Desc": "Missing AuditLog → PostgreSQL write",
|
||
"checkB2Label": "Langfuse Trace",
|
||
"checkB2Desc": "SSH Trace Missing → Decision tracing added",
|
||
"checkC1Label": "Idempotency Lock (Redis)",
|
||
"checkC1Desc": "repair_lock prevents duplicate execution",
|
||
"checkC2Label": "Feedback Loop",
|
||
"checkC2Desc": "Success Rate Update → RAG confidence self-updates",
|
||
"checkC3Label": "Execution Path (.188)",
|
||
"checkC3Desc": "ansible:// forced to .188 control node",
|
||
"agentRoleOC": "Diagnosis & RAG Matching",
|
||
"agentRoleNemo": "Decision & Execution",
|
||
"todayMatches": "Today's Matches",
|
||
"ragConf": "RAG Conf",
|
||
"execSuccess": "Exec Success",
|
||
"avgDuration": "Avg Duration",
|
||
"pendingApproval": "Pending",
|
||
"alertRadar": "Alert Radar",
|
||
"chainTitle": "Neural Transmission Path",
|
||
"nodeDone": "Done",
|
||
"nodeActive": "Running",
|
||
"nodeWaiting": "Waiting",
|
||
"execStream": "Execution Stream",
|
||
"waitingApproval": "Awaiting commander approval",
|
||
"kpiSuccessRate": "Overall Success Rate",
|
||
"kpiTotalExec": "Total Executions",
|
||
"kpiPlaybooks": "Playbooks",
|
||
"kpiAvgDuration": "Avg Repair Time",
|
||
"kpiPendingAppr": "Pending Approvals",
|
||
"trendUp": "↑ {n}% this week",
|
||
"trendDown": "↓ {n}s this week",
|
||
"schemeBreakdown": "Execution Path Breakdown",
|
||
"playbookRanking": "Playbook Performance Ranking",
|
||
"thName": "Name",
|
||
"thType": "Type",
|
||
"thRate": "Success Rate",
|
||
"thCount": "Count",
|
||
"historyTimeline": "Repair History Timeline",
|
||
"ago": "ago",
|
||
"approvalTitle": "Host Layer Command — Commander Authorization Required",
|
||
"diagnosis": "Diagnosis",
|
||
"recommendation": "Recommendation",
|
||
"execPathDetails": "Execution Path Details",
|
||
"uriScheme": "URI Scheme",
|
||
"controlNode": "Control Node",
|
||
"targetHost": "Target Host",
|
||
"playbookPath": "Playbook",
|
||
"repairLock": "Idempotency Lock",
|
||
"riskMediumDesc": "Operation cannot be immediately reverted, but backup protection exists",
|
||
"confirmExec": "Hold 5s to Confirm Execution",
|
||
"rejectApproval": "Reject — Transfer to Manual",
|
||
"approvalGranted": "Authorization Granted",
|
||
"approvalGrantedDesc": "NemoTron is executing ansible-playbook...",
|
||
"approvalRejected": "Authorization Rejected",
|
||
"approvalRejectedDesc": "Transferred to manual handling",
|
||
"noHistory": "No repair history yet",
|
||
"noActiveAlerts": "No active alerts",
|
||
"noPlaybooks": "No playbook records yet",
|
||
"noApprovals": "No pending approvals",
|
||
"noApprovalsDesc": "All authorization requests have been processed",
|
||
"chainAlert": "Alert Triggered",
|
||
"chainRAG": "🦞 OpenClaw RAG Diagnosis",
|
||
"chainDecide": "⚡ NemoTron Decision",
|
||
"chainExec": "Executor Routing",
|
||
"chainIdleSub": "Waiting for new alerts...",
|
||
"backToList": "Back to List",
|
||
"approvalError": "Operation failed",
|
||
"processing": "Processing...",
|
||
"blastRadius": "Blast Radius",
|
||
"affectedPods": "Affected Pods",
|
||
"estimatedDowntime": "Est. Downtime",
|
||
"relatedServices": "Related Services",
|
||
"dataImpact": "Data Impact",
|
||
"dryRunChecks": "Dry-Run Checks",
|
||
"approvalQueueCount": "{count} pending approvals",
|
||
"dispositionBreakdown": "Disposition Breakdown",
|
||
"dispositionAuto": "Auto Repair",
|
||
"dispositionHuman": "Human Approved",
|
||
"dispositionManual": "Manual Resolved",
|
||
"dispositionCold": "Cold Start Trust",
|
||
"autoRateLabel": "Automation Rate"
|
||
},
|
||
"alertOpLogs": {
|
||
"title": "Alert Operation Logs",
|
||
"subtitle": "alert_operation_log · Full event stream",
|
||
"refresh": "Refresh",
|
||
"totalEvents24h": "24h Total Events",
|
||
"allEventTypes": "All Event Types",
|
||
"incidentIdFilter": "Filter by Incident ID...",
|
||
"totalCount": "{count} total",
|
||
"colTime": "Time",
|
||
"colEventType": "Event Type",
|
||
"colIncident": "Incident",
|
||
"colActor": "Actor",
|
||
"colDetail": "Detail",
|
||
"colResult": "Result",
|
||
"loading": "Loading...",
|
||
"noRecords": "No records",
|
||
"loadError": "Failed to load, please retry",
|
||
"pageInfo": "Page {page} / {total}",
|
||
"prevPage": "Previous",
|
||
"nextPage": "Next",
|
||
"eventAlertReceived": "Alert Received",
|
||
"eventTelegramSent": "TG Notified",
|
||
"eventUserAction": "User Action",
|
||
"eventAutoRepairTriggered": "Auto Repair",
|
||
"eventExecutionStarted": "Execution Started",
|
||
"eventExecutionCompleted": "Execution Completed",
|
||
"eventTelegramResultSent": "TG Result",
|
||
"eventResolved": "Resolved",
|
||
"eventSilenced": "Silenced",
|
||
"eventEscalated": "Escalated",
|
||
"eventGuardrailBlocked": "Guardrail Blocked",
|
||
"eventPreFlightPassed": "Pre-flight Passed",
|
||
"eventPreFlightFailed": "Pre-flight Failed",
|
||
"eventBackupTriggered": "Backup Triggered",
|
||
"eventBackupCompleted": "Backup Completed",
|
||
"eventBackupFailed": "Backup Failed",
|
||
"eventApprovalEscalated": "Approval Escalated",
|
||
"eventChangeApplied": "Change Applied"
|
||
},
|
||
"commandPalette": {
|
||
"placeholder": "Search commands, pages or events...",
|
||
"noResults": "No results found",
|
||
"hint": "↑↓ Navigate Enter Select Esc Close",
|
||
"groupNav": "Navigation",
|
||
"groupActions": "Quick Actions",
|
||
"groupRecent": "Recent Events",
|
||
"actionOpenTerminal": "Open Omni-Terminal",
|
||
"actionGoHome": "Go to Command Center",
|
||
"actionGoObservability": "Go to Observability",
|
||
"actionGoAutomation": "Go to Automation",
|
||
"actionGoOperations": "Go to Operations",
|
||
"actionGoSecurity": "Go to Security & Compliance",
|
||
"actionGoIwooos": "Go to IwoooS",
|
||
"actionGoKnowledge": "Go to Knowledge Hall",
|
||
"actionGoSettings": "Go to Settings",
|
||
"actionGoTerminal": "Go to Terminal",
|
||
"actionGoApprovals": "Go to Authorizations"
|
||
},
|
||
"aiopsTimeline": {
|
||
"title": "AIOps Full Timeline",
|
||
"subtitle": "Alert → Investigation → Decision → Execution → Verification → Learning",
|
||
"mockBadge": "MOCK MODE",
|
||
"stages": {
|
||
"alert": "Alert Triggered",
|
||
"diagnose": "Investigation",
|
||
"decide": "AI Decision",
|
||
"execute": "Auto Execute",
|
||
"verify": "Verification",
|
||
"learn": "Learning Update"
|
||
},
|
||
"status": {
|
||
"success": "Success",
|
||
"running": "Running",
|
||
"failed": "Failed",
|
||
"skipped": "Skipped",
|
||
"pending": "Pending"
|
||
},
|
||
"filters": {
|
||
"incident_id": "Incident ID",
|
||
"incident_id_placeholder": "Search incident ID...",
|
||
"time_range": "Time Range",
|
||
"status_filter": "Status Filter",
|
||
"incident_count": "{count} incidents",
|
||
"timeRange": {
|
||
"1h": "1H",
|
||
"6h": "6H",
|
||
"24h": "24H",
|
||
"7d": "7D"
|
||
},
|
||
"statusFilter": {
|
||
"all": "All",
|
||
"success": "Success",
|
||
"failed": "Failed",
|
||
"running": "Running"
|
||
}
|
||
},
|
||
"incident": {
|
||
"started_at": "Started At",
|
||
"resolved_at": "Resolved At",
|
||
"duration": "Duration",
|
||
"in_progress": "In Progress",
|
||
"severity": "Severity",
|
||
"stages_summary": "{success} success / {total} stages",
|
||
"expand_all": "Expand All",
|
||
"collapse_all": "Collapse All"
|
||
},
|
||
"stage": {
|
||
"toggle_details": "Toggle {stage} details"
|
||
},
|
||
"evidence": {
|
||
"dimensions": "8D Dimensions",
|
||
"anomalyCount": "{count}/{total} anomaly dimensions",
|
||
"noData": "N/A"
|
||
},
|
||
"stageDetails": {
|
||
"alert": {
|
||
"name": "Alert Name",
|
||
"rule": "Rule",
|
||
"value": "Current Value",
|
||
"labels": "Labels"
|
||
},
|
||
"diagnose": {
|
||
"investigator": "Investigator",
|
||
"tools_used": "MCP Tools",
|
||
"hypothesis": "Root Cause Hypothesis",
|
||
"evidence": "8D Evidence"
|
||
},
|
||
"decide": {
|
||
"engine": "Decision Engine",
|
||
"fusion": "Fusion Method",
|
||
"confidence": "Confidence",
|
||
"confidenceThreshold": "Threshold {value}%",
|
||
"auto_execute": "Auto Execute",
|
||
"auto_yes": "Yes",
|
||
"auto_no": "No (requires approval)",
|
||
"playbook": "Playbook",
|
||
"decision": "Decision Command",
|
||
"reasoning": "Reasoning",
|
||
"alternates": "Alternate Decisions"
|
||
},
|
||
"execute": {
|
||
"command": "Command",
|
||
"target": "Target",
|
||
"executor": "Executor",
|
||
"duration": "Duration",
|
||
"stdout": "Output",
|
||
"exit_code": "Exit Code"
|
||
},
|
||
"verify": {
|
||
"verifier": "Verifier",
|
||
"outcome": "Outcome",
|
||
"checks": "Checks",
|
||
"trust_delta": "Trust Delta",
|
||
"notes": "Notes"
|
||
},
|
||
"learn": {
|
||
"playbook": "Playbook",
|
||
"trust_update": "Trust Update",
|
||
"km_entry": "Knowledge Base Entry",
|
||
"summary": "Learning Summary"
|
||
}
|
||
},
|
||
"loading": "Loading timeline data...",
|
||
"empty": {
|
||
"title": "No incidents found",
|
||
"subtitle": "No AIOps incidents match the current filters"
|
||
},
|
||
"error": {
|
||
"title": "Failed to load data",
|
||
"retry": "Retry"
|
||
}
|
||
},
|
||
"governance": {
|
||
"title": "AI Governance",
|
||
"complianceBadge": {
|
||
"label": "AI Governance",
|
||
"loading": "Loading...",
|
||
"score": "Overall Compliance",
|
||
"target": "Target ≥ 95%"
|
||
},
|
||
"tabs": {
|
||
"slo": "SLO Dashboard",
|
||
"events": "Governance Events",
|
||
"queue": "AI Queue"
|
||
},
|
||
"comingSoon": "This tab is coming soon",
|
||
"slo": {
|
||
"kpi": {
|
||
"autonomy_rate": "Autonomy Rate",
|
||
"decision_accuracy": "Decision Accuracy",
|
||
"confidence_calibration": "Confidence Calibration",
|
||
"km_growth_rate": "KM Growth Rate",
|
||
"mcp_call_diversity": "MCP Call Diversity",
|
||
"auto_execute_success_rate": "Auto Execute Success",
|
||
"human_override_rate": "Human Override Rate",
|
||
"verifier_false_neg_rate": "Verifier False Negative",
|
||
"current": "Current",
|
||
"target": "Target",
|
||
"sparkline": "7-day trend",
|
||
"loading": "Loading...",
|
||
"error": "Failed to load",
|
||
"noData": "No data",
|
||
"sampleCount": "Samples {count}",
|
||
"window": "Window {window}",
|
||
"state": {
|
||
"ok": "OK",
|
||
"warning": "Below target",
|
||
"violated": "Hard red line",
|
||
"skipped_low_volume": "Low sample wait",
|
||
"no_data": "No data",
|
||
"error": "Query failed",
|
||
"partial": "Partially evaluable"
|
||
},
|
||
"reason": {
|
||
"none": "None",
|
||
"denominator_below_minimum_events": "Denominator events too low",
|
||
"prometheus_nan_or_inf": "Prometheus has no valid denominator yet",
|
||
"prometheus_empty_result_metric_not_emitted": "Prometheus has not returned the metric yet",
|
||
"unknown": "Reason pending"
|
||
}
|
||
},
|
||
"chart": {
|
||
"title": "30-day Violation Timeline",
|
||
"xAxisLabel": "Date",
|
||
"yAxisLabel": "Count",
|
||
"loading": "Loading chart...",
|
||
"error": "Chart failed to load",
|
||
"empty": "No violations in the last 30 days",
|
||
"tooltip": "Violations"
|
||
},
|
||
"compliance": {
|
||
"title": "Overall Compliance",
|
||
"target": "Target ≥ 95%"
|
||
},
|
||
"coverage": {
|
||
"title": "Verification Coverage",
|
||
"subtitle": "Auto-repair executions and verifier writeback in the last {window}",
|
||
"totalAuto": "Auto repairs",
|
||
"verifiedAuto": "Verified",
|
||
"unverifiedAuto": "Unverified",
|
||
"coverageRate": "Coverage",
|
||
"successRate": "Success verification",
|
||
"lastVerified": "Last verified execution",
|
||
"reasonLabel": "Reason",
|
||
"failureBreakdown": "Non-success Verification Classes",
|
||
"recentFindings": "Recent Non-success Verification",
|
||
"remediationQueue": "Remediation Work Queue",
|
||
"queueSummary": "Total {total}; AI-ready {ready}; human {human}",
|
||
"dryRunButton": "Dry run",
|
||
"dryRunLoading": "Running",
|
||
"dryRunResult": "{mode}; preview {result}; tools {tools}",
|
||
"dryRunHistoryRecorded": "History recorded",
|
||
"dryRunHistorySummary": "History {count}x; last {time}; {route}",
|
||
"dryRunBlocked": "Dry run blocked",
|
||
"dryRunError": "Dry run failed",
|
||
"state": {
|
||
"ok": "OK",
|
||
"warning": "Needs tracking",
|
||
"violated": "Hard red line",
|
||
"skipped_low_volume": "Waiting for samples",
|
||
"no_data": "No data",
|
||
"error": "Query failed"
|
||
},
|
||
"reason": {
|
||
"none": "None",
|
||
"no_auto_repair_executions_24h": "No auto-repair executions in the last 24h",
|
||
"verification_backlog_present": "Some auto repairs are missing verification results",
|
||
"non_success_verification_present": "degraded / failed / timeout verification exists",
|
||
"postgresql_query_error": "PostgreSQL query failed"
|
||
},
|
||
"failureClass": {
|
||
"unsupported_action_scheme": "PlayBook action misses supported executor",
|
||
"verifier_missing_promql": "Verifier missing PromQL query",
|
||
"verifier_target_missing_pod": "Verifier missing pod target",
|
||
"auto_repair_execution_failed": "Auto repair execution failed",
|
||
"verification_failed": "Verification failed",
|
||
"verification_timeout": "Verification timed out",
|
||
"verification_degraded": "Verification degraded",
|
||
"unknown": "Pending classification"
|
||
},
|
||
"nextStep": {
|
||
"normalize_playbook_executor": "Fix PlayBook executor",
|
||
"add_verifier_query_template": "Add verifier query template",
|
||
"map_verifier_target": "Map verifier target",
|
||
"review_auto_repair_execution": "Inspect auto repair record",
|
||
"escalate_verification_failure": "Escalate verification failure",
|
||
"review_degraded_verification": "Review degraded evidence"
|
||
},
|
||
"remediationStatus": {
|
||
"ready_for_replay": "Ready for replay",
|
||
"ready_for_reverify": "Ready to reverify",
|
||
"needs_target_mapping": "Needs target mapping",
|
||
"needs_playbook_ticket": "Needs ticket",
|
||
"manual_review": "Manual review",
|
||
"unknown": "Pending classification"
|
||
},
|
||
"remediationAction": {
|
||
"replay_with_supported_executor": "Replay with supported executor",
|
||
"reverify_with_promql_template": "Reverify with PromQL template",
|
||
"map_target_and_reverify": "Map target and reverify",
|
||
"create_playbook_ticket": "Create PlayBook ticket",
|
||
"escalate_verification_failure": "Escalate verification failure",
|
||
"inspect_degraded_evidence": "Inspect degraded evidence"
|
||
}
|
||
}
|
||
},
|
||
"events": {
|
||
"filter": {
|
||
"eventType": "Event Type",
|
||
"dateRange": "Date Range",
|
||
"status": "Status",
|
||
"severity": "Severity",
|
||
"clearAll": "Clear All",
|
||
"allStatuses": "All Statuses",
|
||
"resolved": "Resolved",
|
||
"unresolved": "Unresolved",
|
||
"allSeverities": "All Severities",
|
||
"critical": "Critical",
|
||
"warning": "Warning",
|
||
"info": "Info",
|
||
"placeholder": "Select event types...",
|
||
"from": "From",
|
||
"to": "To"
|
||
},
|
||
"column": {
|
||
"eventType": "Event Type",
|
||
"triggeredAt": "Triggered At",
|
||
"status": "Status",
|
||
"impact": "Impact Summary",
|
||
"actions": "Actions"
|
||
},
|
||
"detail": {
|
||
"rawData": "Raw Data",
|
||
"remediation": "Remediation",
|
||
"dispatch": "Dispatch Log",
|
||
"noRemediation": "No remediation available",
|
||
"noDispatch": "No dispatch records"
|
||
},
|
||
"eventType": {
|
||
"slo_breach": "SLO Breach",
|
||
"accuracy_drop": "Accuracy Drop",
|
||
"km_stall": "KM Stall",
|
||
"mcp_failure": "MCP Failure",
|
||
"trust_degradation": "Trust Degradation",
|
||
"unknown": "Unknown"
|
||
},
|
||
"status": {
|
||
"resolved": "Resolved",
|
||
"unresolved": "Unresolved"
|
||
},
|
||
"severity": {
|
||
"critical": "Critical",
|
||
"warning": "Warning",
|
||
"info": "Info"
|
||
},
|
||
"emptyState": "No governance events",
|
||
"emptyStateHint": "System is operating normally",
|
||
"errorState": "Failed to load events",
|
||
"retry": "Retry",
|
||
"page": "Page",
|
||
"of": "of",
|
||
"prevPage": "Previous",
|
||
"nextPage": "Next",
|
||
"perPage": "20 per page ·",
|
||
"expand": "Expand details",
|
||
"collapse": "Collapse details"
|
||
},
|
||
"queue": {
|
||
"status": {
|
||
"connected": "Live updates",
|
||
"disconnected": "Offline mode",
|
||
"connecting": "Connecting..."
|
||
},
|
||
"column": {
|
||
"eventType": "Event Type",
|
||
"createdAt": "Created At",
|
||
"proposedAction": "Proposed Action",
|
||
"playbookTrust": "Playbook Trust",
|
||
"dispatchStatus": "Status"
|
||
},
|
||
"action": {
|
||
"approve": "Approve",
|
||
"reject": "Reject",
|
||
"approveTitle": "Approve this action",
|
||
"rejectTitle": "Reject this action"
|
||
},
|
||
"history": {
|
||
"title": "History",
|
||
"succeeded": "Succeeded",
|
||
"failed": "Failed",
|
||
"empty": "No history records"
|
||
},
|
||
"emptyState": {
|
||
"noTable": "Dispatch table not yet built",
|
||
"noTableHint": "Track D dispatch table is initializing",
|
||
"noPending": "No pending items",
|
||
"noPendingHint": "AI system is operating normally"
|
||
},
|
||
"sse": {
|
||
"label": "Live Updates",
|
||
"connected": "Connected",
|
||
"disconnected": "Disconnected"
|
||
},
|
||
"pendingSection": "Pending",
|
||
"loading": "Loading queue...",
|
||
"error": "Failed to load queue",
|
||
"retry": "Retry"
|
||
}
|
||
},
|
||
"awooop": {
|
||
"home": {
|
||
"eyebrow": "AI Automation Control Plane",
|
||
"title": "AwoooP Governance Overview",
|
||
"subtitle": "Unifies tenants, contracts, runs, approvals, and channel state into one operator surface so the AI flywheel and governance plane do not drift apart.",
|
||
"refresh": "Refresh",
|
||
"snapshotStatus": "Snapshot Status",
|
||
"lastUpdated": "Last Updated",
|
||
"migrationMode": "Migration Mode",
|
||
"migrationValue": "mirror / shadow",
|
||
"ready": "In Sync",
|
||
"loading": "Loading",
|
||
"degraded": "Degraded",
|
||
"securityMirror": {
|
||
"title": "IwoooS Security Mirror",
|
||
"subtitle": "AwoooP home displays IwoooS / security mirror state as a read-only candidate so operators can understand security mesh progress and boundaries. This is not production_landing_enabled and does not connect an execution router.",
|
||
"badge": "Read-only candidate",
|
||
"openIwooos": "Open IwoooS",
|
||
"checkpointsTitle": "Intake Checks",
|
||
"boundaryLabel": "Safety Boundary",
|
||
"boundaryTitle": "Still in the low-friction framework phase",
|
||
"boundaryDetail": "This panel displays committed snapshot and guard semantics only. It does not call Kali, GitHub, Gitea, or runtime APIs, and it does not provide scan, execute, repair, deploy, primary switch, or refs actions.",
|
||
"metrics": {
|
||
"headline": {
|
||
"label": "Overall Security Mesh",
|
||
"detail": "The headline still waits for owner response, redacted ingestion, runtime gate, GitHub primary, or AwoooP production landing evidence."
|
||
},
|
||
"framework": {
|
||
"label": "Framework Maturity",
|
||
"detail": "Governance, docs, schemas, read-only evidence, and IwoooS projection are close to complete."
|
||
},
|
||
"runtime": {
|
||
"label": "Runtime Landing",
|
||
"detail": "Runtime ingestion, GitHub primary, and AwoooP production landing still require later evidence."
|
||
},
|
||
"activeGates": {
|
||
"label": "Active Runtime Gates",
|
||
"detail": "Currently 0; any host or blocking control still needs separate approval."
|
||
}
|
||
},
|
||
"checkpoints": {
|
||
"iwooosProjection": {
|
||
"title": "IwoooS projection is readable",
|
||
"detail": "AwoooP displays only IwoooS posture, progress, evidence refs, and forbidden actions."
|
||
},
|
||
"rollupGuard": {
|
||
"title": "Guard semantics match",
|
||
"detail": "Before handoff, keep security-mirror-progress-guard.py and source-control-owner-response-guard.py green."
|
||
},
|
||
"ownerResponse": {
|
||
"title": "Owner response still waiting",
|
||
"detail": "S4.9 through S4.12 received / accepted remain 0; display state is not completed validation."
|
||
},
|
||
"productionLanding": {
|
||
"title": "Production landing is not complete",
|
||
"detail": "AwoooP main line still needs deployment proof and read-only consumption evidence before headline review."
|
||
}
|
||
}
|
||
},
|
||
"quality": {
|
||
"title": "Automation Quality",
|
||
"subtitle": "Whether recent alerts actually reached AI auto-repair, verification, and learning writeback in the last 24 hours.",
|
||
"claimReady": "Full Loop Claim Ready",
|
||
"claimBlocked": "Full Loop Claim Blocked",
|
||
"unavailable": "Unavailable",
|
||
"loadFailed": "Unable to load the automation quality summary. Check Operator permissions and the truth-chain API.",
|
||
"empty": "No alert quality data is available yet.",
|
||
"yes": "Yes",
|
||
"no": "No",
|
||
"metrics": {
|
||
"evaluated": "Evaluated Alerts",
|
||
"evaluatedDetail": "Same quality gate applied",
|
||
"verified": "Verified Auto-Repairs",
|
||
"verifiedDetail": "Requires auto-repair plus verification",
|
||
"averageScore": "Average Score",
|
||
"averageScoreDetail": "0 to 100 process completeness",
|
||
"claim": "Production Claim",
|
||
"claimReadyDetail": "Every alert completed the verified loop",
|
||
"claimBlockedDetail": "Some alerts still lack execution, verification, or learning records"
|
||
},
|
||
"scoreBuckets": "Score Buckets",
|
||
"scoreBucketsDetail": "{total} evaluated alerts",
|
||
"green": "Green",
|
||
"yellow": "Yellow",
|
||
"red": "Red",
|
||
"verdictTitle": "Verdict Distribution",
|
||
"gateFailureTitle": "Top Gaps",
|
||
"scoreRange": "min {min} / max {max} / avg {avg}",
|
||
"verdicts": {
|
||
"autoRepairedVerified": "Auto-Repaired and Verified",
|
||
"executionUnverified": "Executed but Unverified",
|
||
"executionFailed": "Execution Failed",
|
||
"manualRequiredNoAction": "Manual Required: NO_ACTION",
|
||
"approvalRequired": "Waiting for Approval",
|
||
"observedNotExecuted": "Observed but Not Executed",
|
||
"receivedOnly": "Received Only"
|
||
},
|
||
"gates": {
|
||
"sourcePersisted": "Source Persisted",
|
||
"outboundRecorded": "Outbound Recorded",
|
||
"evidenceCollected": "Evidence Collected",
|
||
"mcpGatewayObserved": "MCP Gateway",
|
||
"approvalState": "Approval State",
|
||
"executionRecorded": "Execution Recorded",
|
||
"autoRepairRecorded": "Auto-Repair Recorded",
|
||
"verificationRecorded": "Verification Recorded",
|
||
"learningRecorded": "Learning Writeback",
|
||
"timelineRecorded": "Timeline Recorded"
|
||
},
|
||
"gateStatuses": {
|
||
"failed": "Failed",
|
||
"missing": "Missing"
|
||
}
|
||
},
|
||
"metrics": {
|
||
"tenants": "Tenants",
|
||
"tenantsDetail": "{active} active, {shadow} in shadow",
|
||
"runs": "Operator Runs",
|
||
"runsDetail": "Run state is the single view into async work",
|
||
"approvals": "Pending Approvals",
|
||
"approvalsDetail": "Every high-risk action must stop at the human gate",
|
||
"contracts": "Contracts",
|
||
"contractsDetail": "Project / Agent / Policy contract publish state"
|
||
},
|
||
"disposition": {
|
||
"title": "Disposition Semantics",
|
||
"diagnosis": {
|
||
"title": "Read-only Diagnosis",
|
||
"signal": "AI collected evidence",
|
||
"owner": "Owner: AI summarizes, SRE judges",
|
||
"route": "Route: Run monitor / incident detail"
|
||
},
|
||
"approval": {
|
||
"title": "Human Gate",
|
||
"signal": "High-risk approval pending",
|
||
"owner": "Owner: SRE approve / reject",
|
||
"route": "Route: Approval queue"
|
||
},
|
||
"execute": {
|
||
"title": "Auto Execution",
|
||
"signal": "Low-risk closure path",
|
||
"owner": "Owner: MCP Gateway executes and audits",
|
||
"route": "Route: Run State / Audit"
|
||
},
|
||
"manual": {
|
||
"title": "Manual Escalation",
|
||
"signal": "AI cannot safely repair",
|
||
"owner": "Owner: war room takes over",
|
||
"route": "Route: AwoooI SRE war room"
|
||
}
|
||
},
|
||
"lanes": {
|
||
"title": "Flywheel Lanes",
|
||
"live": "Live",
|
||
"mirror": "Mirror",
|
||
"providerName": "Provider Order",
|
||
"providerDetail": "GCP-A Ollama -> GCP-B Ollama -> 111 Ollama -> OpenClaw/Nemo -> Gemini",
|
||
"mcpName": "MCP Gateway",
|
||
"mcpDetail": "MCP Gateway stays in mirror / wrap mode before audit and redaction are proven as the only execution gate",
|
||
"channelName": "Channel Hub",
|
||
"channelDetail": "Telegram / LINE / Slack enter Channel Event first, then message ownership moves gradually",
|
||
"approvalName": "Approval Plane",
|
||
"approvalDetail": "Run state and Approval plane share one approval meaning"
|
||
},
|
||
"next": {
|
||
"title": "Next Actions",
|
||
"item1": "Review run monitor and provider fallback",
|
||
"item2": "Handle pending high-risk approvals",
|
||
"item3": "Review contract lifecycle",
|
||
"item4": "Open the AwoooP work map"
|
||
}
|
||
},
|
||
"tenants": {
|
||
"securityTenantScopeCandidate": {
|
||
"title": "IwoooS Tenant Security Scope Read-only Candidate",
|
||
"subtitle": "Tenant management only displays the protection scope for the AWOOOI first tenant and the IwoooS security mirror. This is not a migration mode change and does not modify tenant policy.",
|
||
"badge": "Tenant scope",
|
||
"scopeRefsTitle": "Read-only scope refs",
|
||
"boundaryLabel": "Tenant Boundary",
|
||
"boundaryTitle": "No tenant settings are changeable here",
|
||
"boundaryDetail": "This panel does not change migration mode, modify tenant policy, write to the platform tenants API, call GitHub / Gitea / Kali, or add scan, execute, deploy, primary switch, or refs actions.",
|
||
"openIwooos": "Open IwoooS",
|
||
"metrics": {
|
||
"primaryTenant": "Primary Tenant",
|
||
"primaryTenantDetail": "AWOOOI is the first runtime tenant in AwoooP. This only displays scope and does not change settings.",
|
||
"securityEntry": "Security Entry",
|
||
"securityEntryDetail": "IwoooS remains the read-only Information Security entrypoint and posture mirror.",
|
||
"hostCoverage": "Host coverage",
|
||
"hostCoverageDetail": "Kali 112, Dev 168, and Dev 111 are in observe-only view.",
|
||
"policyMutations": "Tenant policy changes",
|
||
"policyMutationsDetail": "Currently 0. Do not change policy before owner response and a runtime gate."
|
||
},
|
||
"scopeRefs": {
|
||
"awoooiTenant": "Under the AwoooP platform identity, AWOOOI remains the first tenant / runtime host, not a synonym for the whole platform.",
|
||
"iwooosMirror": "IwoooS displays security mirror posture, progress, evidence refs, and forbidden actions.",
|
||
"hostCoverage": "The three named hosts are included only for security visibility and evidence readiness; no SSH, updates, credentialed scans, or blocking controls are performed.",
|
||
"ownerResponse": "S4.9-S4.12 owner response received / accepted remain 0. Tenant scope display is not approval."
|
||
}
|
||
}
|
||
},
|
||
"runs": {
|
||
"securityRunStateCandidate": {
|
||
"title": "IwoooS Run State Read-only Candidate",
|
||
"subtitle": "Run Monitor only shows how the security mirror can be understood from the AwoooP Run view. This is not run_created and does not connect an execution router.",
|
||
"badge": "Run State candidate",
|
||
"runRefsTitle": "Read-only run refs",
|
||
"boundaryLabel": "Run Boundary",
|
||
"boundaryTitle": "No security Run is executable here",
|
||
"boundaryDetail": "This panel does not create a platform run, connect an execution router, call GitHub / Gitea / Kali, or add scan, execute, repair, deploy, primary switch, or refs actions.",
|
||
"openIwooos": "Open IwoooS",
|
||
"metrics": {
|
||
"visibility": "Run visibility",
|
||
"visibilityValue": "read-only",
|
||
"visibilityDetail": "Projects the security mirror into Run Monitor language only. It does not create a real runtime run.",
|
||
"runtimeRuns": "Security runs",
|
||
"runtimeRunsDetail": "Currently 0. S2.58 is display-candidate only and does not create a run record.",
|
||
"activeGates": "Active runtime gates",
|
||
"activeGatesDetail": "Still 0. Runtime gates need separate approval, rollback, and post-check evidence.",
|
||
"ownerResponse": "Owner accepted",
|
||
"ownerResponseDetail": "S4.9-S4.12 owner response accepted remains 0. Run display is not completed intake."
|
||
},
|
||
"runRefs": {
|
||
"mirrorRunState": "AwoooP Run Monitor can understand the security mirror, but only as a read-only candidate.",
|
||
"readOnlyDryRun": "If future dry-run evidence appears, it must still preserve read-only and human-gate semantics.",
|
||
"ownerResponse": "Owner response received / accepted remain 0, so any further Run movement waits for human intake.",
|
||
"activeGates": "Active runtime gates remain 0. Do not open gates or create action buttons from Run Monitor."
|
||
}
|
||
}
|
||
},
|
||
"contracts": {
|
||
"securityContractCandidate": {
|
||
"title": "IwoooS Security Contract Read-only Candidate",
|
||
"subtitle": "The contract dashboard only shows the schema, snapshot, and guard semantics that IwoooS / security mirror currently depends on. This is not contract publishing and does not trigger a runtime gate.",
|
||
"badge": "Contract candidate",
|
||
"contractRefsTitle": "Read-only contract refs",
|
||
"boundaryLabel": "Contract Boundary",
|
||
"boundaryTitle": "No security contract is publishable here",
|
||
"boundaryDetail": "This panel does not publish contract revisions, change contract lifecycle, write to the platform contracts API, call GitHub / Gitea / Kali, or add scan, execute, deploy, primary switch, or refs actions.",
|
||
"openIwooos": "Open IwoooS",
|
||
"metrics": {
|
||
"totalContracts": "Total contracts",
|
||
"totalContractsDetail": "Security mirror currently rolls up 36 primary contracts.",
|
||
"readyForMirror": "Ready for mirror",
|
||
"readyForMirrorDetail": "33 ready, 2 partial, 1 contract-only, and 0 blocked.",
|
||
"partialReady": "Partial",
|
||
"partialReadyDetail": "Remaining gaps are owner response, payload ingestion, and source-control owner evidence.",
|
||
"activeRuntimeGates": "Active runtime gates",
|
||
"activeRuntimeGatesDetail": "Still 0; contract visibility is not runtime enforcement."
|
||
},
|
||
"contractRefs": {
|
||
"statusRollup": "The shared state entrypoint for AwoooP and the Security Session; it only rolls up progress and safe gates.",
|
||
"postureProjection": "The projection contract for IwoooS posture, host coverage, owner response focus, and forbidden actions.",
|
||
"ownerValidation": "The S4.9-S4.12 owner response received / accepted separation and reviewer check semantics.",
|
||
"rolloutPolicy": "The low-friction, observe-first rollout policy with owner review before blocking."
|
||
}
|
||
}
|
||
},
|
||
"approvals": {
|
||
"securityOwnerResponseGate": {
|
||
"title": "IwoooS Owner Response Read-only Review Focus",
|
||
"subtitle": "The AwoooP approval queue only shows the next human intake focus for S4.9-S4.12 owner response. This is not an approval record and does not open a runtime gate.",
|
||
"badge": "Read-only focus",
|
||
"ownerChecksTitle": "Owner response intake order",
|
||
"boundaryLabel": "Approval Boundary",
|
||
"boundaryTitle": "There is still nothing to approve here",
|
||
"boundaryDetail": "This panel does not send requests, mark received / accepted, create approval records, call GitHub / Gitea / Kali, or add approve, execute, deploy, primary switch, or refs actions.",
|
||
"openIwooos": "Open IwoooS",
|
||
"metrics": {
|
||
"received": "Received",
|
||
"receivedDetail": "S4.9-S4.12 owner response received remains 0.",
|
||
"accepted": "Accepted",
|
||
"acceptedDetail": "No acceptable redacted owner evidence has been received.",
|
||
"activeRuntimeGates": "Active runtime gates",
|
||
"activeRuntimeGatesDetail": "Any runtime gate still needs separate approval plus rollback and post-check evidence.",
|
||
"headline": "Overall Security Mesh",
|
||
"headlineDetail": "58% is only reviewed when owner response, runtime gate, GitHub primary, or production landing evidence changes."
|
||
},
|
||
"checks": {
|
||
"s49OwnerAttestation": {
|
||
"title": "S4.9 Gitea owner attestation",
|
||
"detail": "Recommended first intake; needs public-only / local gap, org / user endpoint, 110 adjacent source, canonical owner, and legacy disposition answers."
|
||
},
|
||
"s410GithubTarget": {
|
||
"title": "S4.10 GitHub target owner",
|
||
"detail": "After S4.9, collect owner / visibility / canonical decisions for the seven GitHub targets."
|
||
},
|
||
"s411RefsTruth": {
|
||
"title": "S4.11 refs truth owner response",
|
||
"detail": "Wait for redacted owner decisions on main / dev truth, deprecated drift, release tags, and GitHub-only refs."
|
||
},
|
||
"s412WorkflowSecret": {
|
||
"title": "S4.12 workflow / secret names",
|
||
"detail": "Wait for redacted owner decisions on webhooks, runners, deploy keys, branch protection / CODEOWNERS, and secret name parity."
|
||
}
|
||
}
|
||
}
|
||
},
|
||
"workItems": {
|
||
"title": "Work Chain",
|
||
"subtitle": "{count} control points synced from production truth-chain and governance data",
|
||
"refresh": "Refresh",
|
||
"lastUpdated": "Last updated {time}",
|
||
"tableLabel": "AwoooP work chain",
|
||
"open": "Open",
|
||
"summary": {
|
||
"live": "Completed",
|
||
"inProgress": "In Progress",
|
||
"watching": "Watching",
|
||
"blocked": "Blocked"
|
||
},
|
||
"status": {
|
||
"live": "Completed",
|
||
"in_progress": "In Progress",
|
||
"blocked": "Blocked",
|
||
"watching": "Watching"
|
||
},
|
||
"columns": {
|
||
"phase": "Phase",
|
||
"work": "Work Item",
|
||
"status": "Status",
|
||
"surface": "Frontend Surface",
|
||
"source": "Data Source",
|
||
"evidence": "Production Evidence",
|
||
"gate": "Completion Gate",
|
||
"link": "Link"
|
||
},
|
||
"surfaces": {
|
||
"runs": "Run Monitor / Run Detail",
|
||
"governance": "Governance Events / SLO",
|
||
"workItems": "Work Chain",
|
||
"iwooos": "IwoooS / Security Mirror"
|
||
},
|
||
"items": {
|
||
"sourceDossier": {
|
||
"title": "Source event dossier and truth-chain mirror"
|
||
},
|
||
"autoRepair": {
|
||
"title": "Low-risk Alertmanager auto-repair loop"
|
||
},
|
||
"remediationQueue": {
|
||
"title": "Non-success verification remediation queue"
|
||
},
|
||
"telegramCallbacks": {
|
||
"title": "Telegram detail / history as DB truth-first"
|
||
},
|
||
"governanceDispatch": {
|
||
"title": "Governance alert dispatch and dedupe"
|
||
},
|
||
"frontendConsole": {
|
||
"title": "AwoooP Operator Console productization"
|
||
},
|
||
"iwooosSecurityMirror": {
|
||
"title": "IwoooS security mirror read-only work item"
|
||
},
|
||
"mcpGateway": {
|
||
"title": "MCP Gateway usage evidence overview"
|
||
},
|
||
"timelineContract": {
|
||
"title": "Timeline / KM / PlayBook writeback consistency"
|
||
}
|
||
},
|
||
"gates": {
|
||
"sourceDossier": "Inbound alerts must show received / incident_linked / source refs",
|
||
"autoRepair": "Requires auto_repair, verification_result=success, and KM writeback",
|
||
"remediationQueue": "Every degraded / failed / timeout row must map to replay, reverify, ticket, or manual review",
|
||
"telegramCallbacks": "Detail and history buttons cannot depend only on Redis TTL or stale snapshots",
|
||
"governanceDispatch": "Governance alerts must enter dispatch and expose skipped / pending / repaired",
|
||
"frontendConsole": "Completed and in-progress work must be trackable from the frontend",
|
||
"iwooosSecurityMirror": "Track security mesh progress and boundaries as read-only only; do not create scan, execute, repair, deploy, primary switch, or runtime gate actions",
|
||
"mcpGateway": "MCP usage must show agent, tool, scope, and blocked reason",
|
||
"timelineContract": "Incident, Approval, Evidence, KM, and Timeline must not contradict each other"
|
||
},
|
||
"evidence": {
|
||
"channelEvents": "Recent Alertmanager channel events: {count}",
|
||
"autoRepair": "Verified auto-repairs: {verified}/{evaluated}",
|
||
"remediationQueue": "Remediation work: {total}; AI-ready: {ready}; human: {human}",
|
||
"telegramCallbacks": "Telegram callback lookup and history summary are being repaired",
|
||
"governance": "Unresolved governance alerts: {unresolved}; pending dispatch: {queued}",
|
||
"governanceUnavailable": "Governance events API is not responding; pending dispatch: {queued}",
|
||
"governanceQueueMissing": "Governance dispatch table is not ready; unresolved governance alerts: {unresolved}",
|
||
"frontendConsole": "This page now reads production APIs instead of a static list",
|
||
"iwooosSecurityMirror": "Overall {headline}; framework {framework}; landing {runtime}; active runtime gates={gates}",
|
||
"iwooosSecurityMirrorOwner": "Owner response is still waiting; production_landing_enabled=false",
|
||
"iwooosSecurityMirrorBoundary": "execution_router_linked=false; runtime_execution_authorized=false; action_buttons_allowed=false",
|
||
"mcpReady": "MCP Gateway gate is not currently a top gap",
|
||
"mcpMissing": "Quality summary still reports an MCP Gateway observation gap",
|
||
"remediationHistory": "Dry-run history: {count}x; latest {preview}",
|
||
"remediationHistoryEmpty": "No remediation dry-run history yet",
|
||
"remediationRoute": "MCP: {route}",
|
||
"remediationWrites": "Writes: incident={incident}; autoRepair={autoRepair}",
|
||
"timelineReady": "Timeline gate is not currently a top gap",
|
||
"timelineMissing": "Quality summary still reports a Timeline / audit gap"
|
||
}
|
||
},
|
||
"listEvidence": {
|
||
"column": "AI Evidence",
|
||
"count": "{count} dry-runs",
|
||
"route": "MCP: {route}",
|
||
"emptyShort": "No remediation dry-run linked",
|
||
"manualGate": "Next: human approval",
|
||
"filters": {
|
||
"label": "AI evidence filter",
|
||
"all": "All AI evidence",
|
||
"incidentLabel": "Incident ID filter",
|
||
"incidentPlaceholder": "Enter Incident ID"
|
||
},
|
||
"incident": {
|
||
"column": "Incident",
|
||
"empty": "Not linked",
|
||
"filterTitle": "Show only {incidentId}",
|
||
"more": "+{count} more"
|
||
},
|
||
"statuses": {
|
||
"noEvidence": "No dry-run yet",
|
||
"readOnlyDryRun": "AI dry-run: read-only",
|
||
"writeObserved": "Write flag observed",
|
||
"blocked": "Dry-run blocked",
|
||
"observed": "Evidence linked"
|
||
},
|
||
"details": {
|
||
"noEvidence": "This row is not linked to ADR-100 remediation dry-run records in alert_operation_log yet.",
|
||
"readOnlyDryRun": "AI has run the remediation dry-run and the latest record did not write incident or auto-repair state.",
|
||
"writeObserved": "The latest remediation record contains write flags; verify the state-change source before approval.",
|
||
"blocked": "The remediation dry-run failed or was blocked by a gate; human review is required.",
|
||
"observed": "This row is linked to remediation history; open Run Timeline for the full evidence."
|
||
},
|
||
"summary": {
|
||
"readOnly": "Read-only dry-run",
|
||
"readOnlyDetail": "Latest evidence shows AI trialed the action without writing state",
|
||
"manualGate": "Human gate",
|
||
"manualGateDetail": "AI is stopped at the approval gate and needs approve / reject",
|
||
"writeObserved": "Write flags",
|
||
"writeObservedDetail": "Verify whether this is the expected auto-repair result",
|
||
"noEvidence": "Missing evidence",
|
||
"noEvidenceDetail": "The list row is not linked to ADR-100 dry-run history yet",
|
||
"approvalReadOnlyDetail": "Read-only remediation evidence is visible before approval",
|
||
"approvalNoEvidenceDetail": "Approval still lacks remediation dry-run evidence; inspect Run Timeline"
|
||
}
|
||
},
|
||
"incidentEvidence": {
|
||
"title": "Incident Evidence",
|
||
"subtitle": "Telegram, Run, Approval, and Work Item share the same remediation evidence",
|
||
"empty": "--",
|
||
"incidentLabel": "Incident",
|
||
"notLinked": "No Incident linked",
|
||
"filterTitle": "Show only {incidentId}",
|
||
"more": "+{count} more",
|
||
"dryRuns": "Dry-run",
|
||
"route": "MCP Route",
|
||
"writes": "Write flags",
|
||
"writeFlags": "incident={incident} / autoRepair={autoRepair}",
|
||
"runLink": "Run Timeline"
|
||
},
|
||
"runDetail": {
|
||
"back": "Back to Run Monitor",
|
||
"title": "Run Disposition Timeline",
|
||
"refresh": "Refresh",
|
||
"empty": "--",
|
||
"durationSeconds": "{seconds}s",
|
||
"errors": {
|
||
"title": "Failed to load run details",
|
||
"loadFailed": "Load failed"
|
||
},
|
||
"stats": {
|
||
"state": "Current State",
|
||
"timeline": "Timeline",
|
||
"mcpSteps": "MCP / Steps",
|
||
"duration": "Duration"
|
||
},
|
||
"summary": {
|
||
"title": "Run Summary",
|
||
"project": "Project",
|
||
"agent": "Agent",
|
||
"traceId": "Trace ID",
|
||
"trigger": "Trigger",
|
||
"triggerRef": "Trigger Ref",
|
||
"cost": "Cost",
|
||
"attempts": "Attempts",
|
||
"created": "Created",
|
||
"completed": "Completed",
|
||
"error": "Error"
|
||
},
|
||
"timeline": {
|
||
"title": "Disposition Timeline",
|
||
"lastUpdated": "Last updated {time}",
|
||
"count": "{count} items",
|
||
"empty": "No timeline records yet."
|
||
},
|
||
"gateway": {
|
||
"title": "MCP Gateway",
|
||
"emptyState": "No records",
|
||
"agent": "Agent",
|
||
"tool": "Tool",
|
||
"scope": "Scope",
|
||
"blockers": "Blockers",
|
||
"metrics": {
|
||
"firstClass": "First-class",
|
||
"policy": "Policy enforced",
|
||
"approvalExecutor": "Approval executor",
|
||
"legacyBridge": "Legacy bridge"
|
||
}
|
||
},
|
||
"remediation": {
|
||
"title": "Remediation Dry-run Evidence",
|
||
"empty": "This run is not linked to ADR-100 remediation dry-run history yet.",
|
||
"latest": "Latest dry-run",
|
||
"route": "MCP Route",
|
||
"preview": "Mode {mode}; preview {preview}",
|
||
"writes": "Writes: incident={incident}; autoRepair={autoRepair}",
|
||
"status": {
|
||
"linked": "Linked to remediation history",
|
||
"empty": "No remediation history"
|
||
},
|
||
"metrics": {
|
||
"incidents": "Incident",
|
||
"dryRuns": "Dry-run",
|
||
"tools": "Tools",
|
||
"writes": "Write flags"
|
||
}
|
||
},
|
||
"dossier": {
|
||
"title": "Source Event Dossier",
|
||
"empty": "This run is not linked to replayable inbound source events yet.",
|
||
"content": "Redacted Content",
|
||
"sourceRefs": "Source References",
|
||
"duplicate": "Duplicate",
|
||
"firstSeen": "First seen",
|
||
"status": {
|
||
"visible": "Recorded in truth-chain",
|
||
"empty": "No source"
|
||
},
|
||
"metrics": {
|
||
"sources": "Sources",
|
||
"refs": "References",
|
||
"redacted": "Redacted",
|
||
"duplicates": "Duplicates"
|
||
},
|
||
"fields": {
|
||
"stage": "Stage",
|
||
"severity": "Risk",
|
||
"namespace": "Namespace",
|
||
"target": "Target",
|
||
"hash": "Hash"
|
||
},
|
||
"refs": {
|
||
"alertIds": "Alert",
|
||
"approvalIds": "Approval",
|
||
"eventIds": "Event",
|
||
"fingerprints": "Fingerprint",
|
||
"incidentIds": "Incident",
|
||
"sentryIssueIds": "Sentry",
|
||
"signozAlerts": "SignOz"
|
||
}
|
||
},
|
||
"action": {
|
||
"eyebrow": "Next Decision",
|
||
"approval": {
|
||
"title": "Waiting for human approval",
|
||
"detail": "AI is stopped at the human gate and has not resumed. Approve or reject from the approval page; every decision is written back to Run state and audit.",
|
||
"primary": "Open approval decision"
|
||
},
|
||
"manual": {
|
||
"title": "Manual handoff required",
|
||
"detail": "AI cannot safely close the loop, or execution has failed / timed out. Return to Run Monitor to compare same-project work and hand off to the SRE war room when needed.",
|
||
"primary": "Back to Run Monitor"
|
||
},
|
||
"completed": {
|
||
"title": "Completed, ready for audit review",
|
||
"detail": "The run has converged. Use the timeline to verify MCP calls, outbound messages, and cost records before writing back to KM / Playbook.",
|
||
"primary": "Back to Run Monitor"
|
||
},
|
||
"running": {
|
||
"title": "AI is processing",
|
||
"detail": "The run is still active and this page refreshes periodically. If it stays running for too long, check heartbeat, MCP latency, and worker state.",
|
||
"primary": "Back to Run Monitor"
|
||
},
|
||
"observe": {
|
||
"title": "Observing",
|
||
"detail": "The run has not reached a human gate or terminal state. Follow the timeline to verify inbound events, tool calls, and outbound messages.",
|
||
"primary": "Back to Run Monitor"
|
||
},
|
||
"evidence": {
|
||
"inbound": "Inbound",
|
||
"outbound": "Outbound",
|
||
"mcp": "MCP Calls",
|
||
"steps": "Steps"
|
||
}
|
||
},
|
||
"statuses": {
|
||
"blocked": "Blocked",
|
||
"cancelled": "Cancelled",
|
||
"completed": "Completed",
|
||
"error": "Error",
|
||
"failed": "Failed",
|
||
"pending": "Pending",
|
||
"received": "Received",
|
||
"running": "Running",
|
||
"sent": "Sent",
|
||
"shadow": "Shadow",
|
||
"success": "Success",
|
||
"timeout": "Timed out",
|
||
"warning": "Warning",
|
||
"waitingApproval": "Waiting approval"
|
||
}
|
||
},
|
||
"approvalDecision": {
|
||
"back": "Back to Approval Queue",
|
||
"viewTimeline": "View Run Timeline",
|
||
"eyebrow": "Human Approval Gate",
|
||
"title": "Approval Decision",
|
||
"timeout": "Approval Deadline",
|
||
"empty": "--",
|
||
"errors": {
|
||
"title": "Failed to load run data",
|
||
"loadFailed": "Load failed",
|
||
"missingProject": "Missing project_id; cannot submit approval decision",
|
||
"actionFailed": "Action failed"
|
||
},
|
||
"success": {
|
||
"approve": "Run approved. Returning to Timeline",
|
||
"reject": "Run rejected. Returning to Timeline"
|
||
},
|
||
"notWaiting": {
|
||
"title": "This run is not waiting for human approval",
|
||
"detail": "Current state is {state}. This page will not show approve / reject; return to Run Timeline for the latest state."
|
||
},
|
||
"remediation": {
|
||
"title": "Remediation Dry-run Evidence",
|
||
"empty": "This run is not linked to remediation dry-run history yet; check the Run Timeline source dossier and MCP Gateway before approval.",
|
||
"latest": "Latest dry-run",
|
||
"preview": "Mode {mode}; preview {preview}",
|
||
"writes": "Writes: incident={incident}; autoRepair={autoRepair}",
|
||
"status": {
|
||
"linked": "Linked to remediation history",
|
||
"empty": "No remediation history"
|
||
},
|
||
"metrics": {
|
||
"incidents": "Incident",
|
||
"dryRuns": "Dry-run",
|
||
"tools": "Tools"
|
||
}
|
||
},
|
||
"details": {
|
||
"title": "Run Details",
|
||
"runId": "Run ID",
|
||
"project": "Project",
|
||
"agent": "Agent",
|
||
"state": "State",
|
||
"traceId": "Trace ID",
|
||
"trigger": "Trigger",
|
||
"triggerRef": "Trigger Ref",
|
||
"cost": "Cost",
|
||
"attempts": "Attempts",
|
||
"created": "Created",
|
||
"timeout": "Timeout",
|
||
"error": "Error",
|
||
"empty": "Run data was not found."
|
||
},
|
||
"actions": {
|
||
"approve": "Approve",
|
||
"reject": "Reject"
|
||
},
|
||
"dialog": {
|
||
"close": "Close",
|
||
"cancel": "Cancel",
|
||
"runId": "Run ID:",
|
||
"approve": {
|
||
"title": "Confirm Approval",
|
||
"body": "After approval, the run resumes from the human gate and continues through Runtime / MCP Gateway.",
|
||
"warning": "This decision is written to Run state, approval token, and audit trail.",
|
||
"confirm": "Confirm Approval"
|
||
},
|
||
"reject": {
|
||
"title": "Confirm Rejection",
|
||
"body": "After rejection, the run is cancelled and will not continue automatic execution.",
|
||
"reason": "Rejection reason",
|
||
"placeholder": "Enter rejection reason...",
|
||
"warning": "The reason is written to the audit trail for later review in Run Timeline.",
|
||
"confirm": "Confirm Rejection"
|
||
}
|
||
}
|
||
}
|
||
}
|
||
}
|