wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 4 Packages Projects Releases Wiki Activity

feat(security): 新增主機服務配置只讀清冊
Some checks failed
CD Pipeline / tests (push) Successful in 1m28s
Details
Code Review / ai-code-review (push) Successful in 14s
Details
CD Pipeline / post-deploy-checks (push) Has been cancelled
Details
CD Pipeline / build-and-deploy (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Your Name
2026-06-11 21:41:41 +08:00
parent 0a82648ef6
commit 118967cabc
16 changed files with 1362 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/security/HIGH-VALUE-CONFIG-CONTROL-COVERAGE.md
View File

@@ -34,7 +34,7 @@
| 優先 | 類別 | 目前成熟度 | 下一步 |
|------|------|------------|--------|
| P1-1 | Docker Compose / systemd / host service config | `42%` | 補 110 / 188 compose、systemd、port / volume / env 只讀 inventory、restart window、rollback owner |
| P1-1 | Docker Compose / systemd / host service config | `50%` | repo-only 清冊已納入 9 個 surface仍缺 110 / 188 live hash、restart window、rollback owner 與 post-check 指標 |
| P1-2 | SSH / sudoers / known_hosts / firewall / WireGuard / NodePort | `48%` | 補 target whitelist、host key policy、ingress / egress matrix、network owner 與 rollback owner |
| P1-3 | Backup / restore / escrow / retention | `52%` | 補 restore drill approval package、offsite escrow owner、retention owner 與 no-secret-value evidence |
| P1-4 | Prometheus / Alertmanager / Grafana / SigNoz / Sentry / Langfuse | `56%` | 補 rule diff、receiver diff、reload owner、failure-only notification policy 與 route smoke |
@@ -96,3 +96,7 @@ python3 scripts/security/high-value-config-control-coverage.py \
| owner response 收件 | `0%` | 尚未收到或接受任何 owner response |
| live evidence collection | `0%` | 未 SSH、未 live probe、未 active scan |
| runtime gate | `0%` | 未開啟任何執行期閘門 |
## 8. P1-1 Docker / systemd 清冊更新
`host_service_config_inventory_v1` 已把 Docker Compose、systemd / repair-bot、Ansible service role 與 host config backup capture 納入 repo-only 清冊,共 `9` 個 surface、`3` 個 write-capable surface、`2` 個 repair-bot whitelist、`1` 個 systemd restart surface。此更新只讓 `docker_compose_systemd_host_config``42%` 推進到 `50%`owner response、live evidence、restart window、rollback owner、runtime gate 與 action button 仍全部為 `0`

104
docs/security/HOST-SERVICE-CONFIG-INVENTORY.md Normal file
View File

@@ -0,0 +1,104 @@
# IwoooS Docker / systemd / 主機服務配置只讀清冊
| 項目 | 內容 |
|------|------|
| 日期 | 2026-06-11 |
| 狀態 | `repo_only_inventory_ready` |
| 工具 | `scripts/security/host-service-config-inventory.py` |
| Snapshot | `docs/security/host-service-config-inventory.snapshot.json` |
| Schema | `docs/schemas/host_service_config_inventory_v1.schema.json` |
| runtime gate | `0` |
## 1. 目的
此清冊補齊高價值配置覆蓋矩陣中最低覆蓋的 `docker_compose_systemd_host_config`。本階段只從已提交 repo 檔案整理 Docker Compose、systemd / repair bot 白名單、Ansible service role 與 config backup coverage不讀 live host也不執行任何服務操作。
此清冊不是 host truth也不是重啟批准它只讓 P1-1 從「尚需 inventory」推進到「repo-only inventory ready」。
## 2. 覆蓋摘要
| 指標 | 目前值 | 說明 |
|------|--------|------|
| repo surface | `9` | 全部來源檔案存在 |
| host scope | `5` | `local_dev_only``192.168.0.110``192.168.0.188``110_188_120_121_cluster``multi_host` |
| Docker Compose / reference | `5` | local dev、110 monitoring、188 exporters、110 Sentry reference、110 Langfuse |
| host repair whitelist | `2` | 110 / 188 repair-bot |
| systemd restart surface | `1` | 188 repair-bot 內的 redis / nginx / ollama restart 白名單 |
| write-capable surface | `3` | Ansible docker compose role、110 repair-bot、188 repair-bot |
| owner response required | `9` | 每個 surface 都需要 owner response |
| live evidence required | `8` | local dev compose 之外仍需 owner-provided live hash / disposition |
| owner response received / accepted | `0 / 0` | 不得假性提高 |
| live evidence received | `0` | 不 SSH、不讀 live host |
| restart window / rollback owner accepted | `0 / 0` | 不得重啟 |
| runtime gate / action button | `0 / 0` | 不提供操作入口 |
| Docker/systemd 類別成熟度 | `42% -> 50%` | 只代表 repo-only 清冊完成,不代表 runtime 可執行 |
## 3. 已納入 surface
| Surface | Host scope | 類型 | 下一步 |
|---------|------------|------|--------|
| `local_dev_compose` | `local_dev_only` | local dev compose | 確認不得作 production compose補 dev secret placeholder policy |
| `monitoring_110_compose` | `192.168.0.110` | Docker Compose | 補 live compose hash、restart window、rollback owner、post-check 指標 |
| `monitoring_exporters_188_compose` | `192.168.0.188` | Docker Compose | 補 live compose hash、env source policy、restart window、rollback owner |
| `sentry_110_reference_compose` | `192.168.0.110` | reference compose | 確認實際 source-of-truth、official revision、backup path、rollback owner |
| `langfuse_110_compose` | `192.168.0.110` | Docker Compose | 補 live compose hash、secret placeholder disposition、restart window、rollback owner |
| `ansible_docker_compose_service_role` | `multi_host` | Ansible executor role | 補使用範圍、allowed service_dir、check-mode、rollback owner、人工 gate |
| `repair_bot_110_whitelist` | `192.168.0.110` | repair whitelist | 補 authorized_keys binding、disable switch、audit log path、rollback owner、post-check |
| `repair_bot_188_whitelist` | `192.168.0.188` | repair whitelist | 補 systemd restart approval gate、sudoers boundary、disable switch、rollback owner、route smoke |
| `config_backup_host_capture` | `110_188_120_121_cluster` | config backup capture | 補 latest backup status、restore drill owner、secret handling proof、retention owner |
## 4. 固定 0 / false 邊界
以下旗標必須維持 `false`
```text
runtime_execution_authorized=false
host_write_authorized=false
ssh_read_authorized=false
ssh_write_authorized=false
docker_compose_action_authorized=false
systemctl_action_authorized=false
service_restart_authorized=false
sudo_action_authorized=false
live_host_read_authorized=false
secret_value_collection_allowed=false
active_scan_authorized=false
repair_bot_execution_authorized=false
ansible_apply_authorized=false
action_buttons_allowed=false
```
## 5. 判讀規則
1. `source_exists=true` 只代表 repo 內有檔案,不代表 live host 與 repo 一致。
2. `sha256` 是 repo file hash不是 live file hash。
3. repair-bot 與 Ansible role 可見代表「需被管控」,不是可使用。
4. `docker compose up -d``systemctl restart``sudo`、repair-bot、Ansible apply 都必須等待 owner response、maintenance window、rollback owner 與 post-check 指標。
5. 此清冊不得收集 secret value若需要 secret parity只能收 secret name / owner / injection metadata。
## 6. 指令
```bash
python3 scripts/security/host-service-config-inventory.py \
--root . \
--output docs/security/host-service-config-inventory.snapshot.json
```
固定 committed snapshot 時間:
```bash
python3 scripts/security/host-service-config-inventory.py \
--root . \
--generated-at 2026-06-11T22:40:00+08:00 \
--output docs/security/host-service-config-inventory.snapshot.json
```
## 7. 完成度
| 工作 | 完成度 | 說明 |
|------|--------|------|
| repo-only surface 註冊 | `100%` | 9 個 surface 全部納入 snapshot |
| source existence / hash | `100%` | 只讀 SHA256 與 line count 已固定 |
| owner response 收件 | `0%` | 尚未收到或接受任何 owner response |
| live evidence collection | `0%` | 未 SSH、未讀 live host、未 active scan |
| restart / apply gate | `0%` | 未開啟 docker compose / systemctl / Ansible / repair-bot 操作 |

6
docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md
View File

@@ -39,6 +39,12 @@
最低覆蓋優先順序為 Docker Compose / systemd、SSH / network、backup / restore、monitoring / alerting。這些是下一波 P1 只讀 inventory 的優先順序,不代表可以 restart、reload、scan 或收 secret value。
### 0.2 2026-06-11 Docker / systemd repo-only 清冊
`host_service_config_inventory_v1` 已把 Docker Compose、systemd / repair-bot、Ansible service role 與 host config backup capture 納入只讀 snapshot。清冊目前共有 `9` 個 surface、`5` 個 host scope、`3` 個 write-capable surface、`2` 個 repair-bot whitelist 與 `1` 個 systemd restart surface讓 Docker / systemd 類別成熟度從 `42%` 推進到 `50%`
此更新仍不是 live host truth110 / 188 live hash、restart window、rollback owner、post-check 指標與 owner response received / accepted 全部仍為 `0`,也不得執行 `docker compose``systemctl`、repair-bot、Ansible apply 或任何 SSH 讀寫。
## 1. 目前已不符合新要求的項目
| 優先 | 項目 | 現況 | 風險 | 本階段處置 |

1
docs/security/IWOOOS-POSTURE-PROJECTION.md
View File

@@ -90,6 +90,7 @@ IwoooS 首版只讀取或對齊以下已提交 evidence
52. 6 個 source control primary readiness items顯示 GitHub primary 前置缺口candidate repo inventory、primary ready counter、owner response validation、refs truth、workflow / secret name inventory、rollback ADR這只是 readiness不代表 repo 建立、visibility 變更、refs mutation、secret value collection、primary switch 或 Gitea 停用。
53. 4 個 rollout risk read-only items顯示風險來源部署 marker、`AWOOOI_ROLLOUT_RISK=1`、ArgoCD `Degraded` / `OutOfSync`、API health / smoke 已通過與執行期閘門仍為 0這只是部署風險可見性不代表 ArgoCD sync、kubectl、主機重啟、修復、部署或 runtime gate 已授權。
54. 14 類 high-value config control coverage statuses顯示 Nginx、DNS / TLS、K8s、secret、workflow、backup、agent-bounty runtime、monitoring、Docker / systemd、SSH / network、AI provider、產品 route 與 security evidence 的全域配置控管覆蓋矩陣;平均只讀成熟度 `64%`、C0 類別 `8`、需 live evidence 類別 `6`、owner response received / accepted 與 runtime gate 仍為 `0`,不代表 reload、sync、scan、secret rotation、payout 或主機操作授權。
55. 9 個 host-service config repo-only inventory surfaces顯示 Docker Compose、systemd / repair-bot、Ansible service role 與 host config backup capture 的第一層清冊write-capable surface `3`、repair-bot whitelist `2`、systemd restart surface `1`owner response、live evidence、restart window、rollback owner、runtime gate 與 action button 仍全部為 `0`,不代表 `docker compose``systemctl`、repair-bot 或 Ansible apply 已授權。
## 3.1 既有前端資安頁面整合

28
docs/security/high-value-config-control-coverage.snapshot.json
View File

@@ -327,15 +327,17 @@
"action_buttons_allowed": false,
"category_id": "docker_compose_systemd_host_config",
"control_tier": "C1",
"coverage_percent": 42,
"coverage_status": "inventory_needed",
"current_gap": "110 / 188 Docker Compose、systemd、port / volume / env 差異仍需只讀 inventory。",
"coverage_percent": 50,
"coverage_status": "repo_only_inventory_ready_needs_live_owner_evidence",
"current_gap": "repo-only 清冊已納入 9 個 surface仍缺 110 / 188 live hash、restart window、rollback owner 與 post-check 指標。",
"evidence_refs": [
"docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md",
"docs/security/HOST-SERVICE-CONFIG-INVENTORY.md",
"docs/security/host-service-config-inventory.snapshot.json",
"docs/security/DEV-HOSTS-112-111-168-OBSERVE-ONLY-MAPPING.md"
],
"label": "Docker Compose / systemd / host service config",
"next_owner_action": "補 compose / systemd owner、restart window、rollback owner 與 post-check 指標。",
"next_owner_action": "補 owner-provided live hash / disposition、compose / systemd owner、restart window、rollback owner 與 post-check 指標。",
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_required": true,
@@ -518,16 +520,9 @@
"secret_value_collection_allowed": false,
"workflow_modification_authorized": false
},
"generated_at": "2026-06-11T21:30:00+08:00",
"git_commit": "d448ae36",
"generated_at": "2026-06-11T23:21:00+08:00",
"git_commit": "0a82648e",
"lowest_coverage_categories": [
{
"category_id": "docker_compose_systemd_host_config",
"coverage_percent": 42,
"current_gap": "110 / 188 Docker Compose、systemd、port / volume / env 差異仍需只讀 inventory。",
"label": "Docker Compose / systemd / host service config",
"next_owner_action": "補 compose / systemd owner、restart window、rollback owner 與 post-check 指標。"
},
{
"category_id": "ssh_firewall_network_access",
"coverage_percent": 48,
@@ -535,6 +530,13 @@
"label": "SSH / sudoers / known_hosts / firewall / WireGuard / NodePort",
"next_owner_action": "補 target whitelist、host key policy、network owner、maintenance window 與 rollback owner。"
},
{
"category_id": "docker_compose_systemd_host_config",
"coverage_percent": 50,
"current_gap": "repo-only 清冊已納入 9 個 surface仍缺 110 / 188 live hash、restart window、rollback owner 與 post-check 指標。",
"label": "Docker Compose / systemd / host service config",
"next_owner_action": "補 owner-provided live hash / disposition、compose / systemd owner、restart window、rollback owner 與 post-check 指標。"
},
{
"category_id": "backup_restore_credential",
"coverage_percent": 52,

363
docs/security/host-service-config-inventory.snapshot.json Normal file
View File

@@ -0,0 +1,363 @@
{
"config_surfaces": [
{
"action_buttons_allowed": false,
"config_kind": "docker_compose_source",
"control_tier": "C1",
"current_state": "repo_source_visible",
"expected_host_scope": "local_dev_only",
"label": "AWOOOI local development compose",
"line_count": 137,
"live_evidence_received": false,
"next_owner_action": "確認本檔僅供 local dev不得作為 production compose補 dev secret placeholder policy。",
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": false,
"requires_owner_response": true,
"restart_window_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"service_scope": [
"web",
"api",
"postgres",
"redis"
],
"sha256": "4a27bcde139b5aef6a9f3080187af5bec73d1efd9c09ed2752b0baaa5f507024",
"source_exists": true,
"source_path": "docker-compose.yml",
"surface_id": "local_dev_compose"
},
{
"action_buttons_allowed": false,
"config_kind": "docker_compose_source",
"control_tier": "C1",
"current_state": "repo_source_visible_with_live_drift_warning",
"expected_host_scope": "192.168.0.110",
"label": "110 monitoring docker compose",
"line_count": 148,
"live_evidence_received": false,
"next_owner_action": "補 110 live compose hash、restart window、rollback owner、post-check 指標與 drift disposition。",
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restart_window_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"service_scope": [
"cadvisor",
"prometheus",
"grafana",
"blackbox-exporter",
"alertmanager",
"github-exporter"
],
"sha256": "00126e9a5cb7a3cf2bf02cfddefea11f05849b46835a4e602eac4777fcb25281",
"source_exists": true,
"source_path": "k8s/monitoring/docker-compose-110.yml",
"surface_id": "monitoring_110_compose"
},
{
"action_buttons_allowed": false,
"config_kind": "docker_compose_source",
"control_tier": "C1",
"current_state": "repo_source_visible_needs_live_hash",
"expected_host_scope": "192.168.0.188",
"label": "188 database exporters compose",
"line_count": 69,
"live_evidence_received": false,
"next_owner_action": "補 188 exporter compose live hash、env source policy、restart window 與 rollback owner。",
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restart_window_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"service_scope": [
"postgres-exporter",
"redis-exporter"
],
"sha256": "3ffb3bd2e98091d18e60b74721904777c27f279c37ab6e873b82e6ef73eb87d4",
"source_exists": true,
"source_path": "ops/monitoring/docker-compose.exporters.yaml",
"surface_id": "monitoring_exporters_188_compose"
},
{
"action_buttons_allowed": false,
"config_kind": "docker_compose_reference",
"control_tier": "C1",
"current_state": "reference_only_not_runtime_source",
"expected_host_scope": "192.168.0.110",
"label": "110 Sentry self-hosted reference compose",
"line_count": 49,
"live_evidence_received": false,
"next_owner_action": "確認 110 Sentry 實際 source-of-truth、official self-hosted revision、backup path 與 rollback owner。",
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restart_window_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"service_scope": [
"sentry-placeholder-reference"
],
"sha256": "bba852dc0d73934998fa375130168615f9ac7611ce3f3efaa901e3b7e222eae3",
"source_exists": true,
"source_path": "ops/sentry-self-hosted/docker-compose.yml",
"surface_id": "sentry_110_reference_compose"
},
{
"action_buttons_allowed": false,
"config_kind": "docker_compose_source",
"control_tier": "C1",
"current_state": "repo_source_visible_needs_secret_policy_review",
"expected_host_scope": "192.168.0.110",
"label": "110 Langfuse compose",
"line_count": 71,
"live_evidence_received": false,
"next_owner_action": "補 110 live compose hash、secret placeholder disposition、restart window 與 rollback owner。",
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restart_window_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"service_scope": [
"langfuse",
"langfuse-db"
],
"sha256": "6c703a27525e62ef4d4d3c4cba8a89d64f646b01020782e35d22a3bf73f2dc83",
"source_exists": true,
"source_path": "infra/langfuse/docker-compose.yml",
"surface_id": "langfuse_110_compose"
},
{
"action_buttons_allowed": false,
"config_kind": "ansible_service_executor",
"control_tier": "C1",
"current_state": "executor_role_visible_needs_gate_mapping",
"expected_host_scope": "multi_host",
"label": "Ansible docker-compose-service role",
"line_count": 18,
"live_evidence_received": false,
"next_owner_action": "補 role 使用範圍、allowed service_dir、check-mode plan、rollback owner 與人工批准 gate。",
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restart_window_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"service_scope": [
"docker compose up -d"
],
"sha256": "cee214a8651f46c2d8be05054dddadc243a26bff51a64bd9cf42dd2ec0b7b1b3",
"source_exists": true,
"source_path": "infra/ansible/roles/docker-compose-service/tasks/main.yml",
"surface_id": "ansible_docker_compose_service_role"
},
{
"action_buttons_allowed": false,
"config_kind": "host_repair_whitelist",
"control_tier": "C1",
"current_state": "write_capable_whitelist_visible_gate_closed",
"expected_host_scope": "192.168.0.110",
"label": "110 repair-bot compose whitelist",
"line_count": 67,
"live_evidence_received": false,
"next_owner_action": "補 authorized_keys command binding、disable switch、audit log path、rollback owner 與 post-check 指標。",
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restart_window_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"service_scope": [
"sentry",
"harbor",
"gitea",
"gitea-runner",
"langfuse",
"alertmanager",
"signoz"
],
"sha256": "093d4f85c398806dee62c2831fa4fe7e1f8fddca6e3cfcc9dbe4d5e0d66cdf3b",
"source_exists": true,
"source_path": "scripts/repair-bot/repair-bot-110.sh",
"surface_id": "repair_bot_110_whitelist"
},
{
"action_buttons_allowed": false,
"config_kind": "host_repair_whitelist",
"control_tier": "C1",
"current_state": "write_capable_whitelist_visible_gate_closed",
"expected_host_scope": "192.168.0.188",
"label": "188 repair-bot compose/systemd whitelist",
"line_count": 85,
"live_evidence_received": false,
"next_owner_action": "補 systemd restart approval gate、sudoers boundary、disable switch、rollback owner 與 route smoke。",
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restart_window_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"service_scope": [
"openclaw",
"minio",
"signoz",
"redis",
"nginx",
"ollama"
],
"sha256": "fb2eb786d04edbf5d5be581a53bbe188ac66f0895aa016328b031c72f6182918",
"source_exists": true,
"source_path": "scripts/repair-bot/repair-bot-188.sh",
"surface_id": "repair_bot_188_whitelist"
},
{
"action_buttons_allowed": false,
"config_kind": "backup_capture_contract",
"control_tier": "C1",
"current_state": "capture_script_visible_not_executed_by_this_inventory",
"expected_host_scope": "110_188_120_121_cluster",
"label": "host config backup capture contract",
"line_count": 359,
"live_evidence_received": false,
"next_owner_action": "補 latest backup status、restore drill owner、secret handling proof、retention owner 與 restore validation plan。",
"owner_response_accepted": false,
"owner_response_received": false,
"requires_live_evidence": true,
"requires_owner_response": true,
"restart_window_accepted": false,
"rollback_owner_accepted": false,
"runtime_gate_open": false,
"service_scope": [
"systemd",
"docker",
"nginx",
"cron",
"k8s",
"host-configs"
],
"sha256": "d24301cff44e464bd19ce0792362be16916ccde8c92f92351a19ef4ee988f15e",
"source_exists": true,
"source_path": "scripts/backup/backup-configs.sh",
"surface_id": "config_backup_host_capture"
}
],
"execution_boundaries": {
"action_buttons_allowed": false,
"active_scan_authorized": false,
"ansible_apply_authorized": false,
"docker_compose_action_authorized": false,
"host_write_authorized": false,
"live_host_read_authorized": false,
"repair_bot_execution_authorized": false,
"runtime_execution_authorized": false,
"secret_value_collection_allowed": false,
"service_restart_authorized": false,
"ssh_read_authorized": false,
"ssh_write_authorized": false,
"sudo_action_authorized": false,
"systemctl_action_authorized": false
},
"expected_host_scopes": [
"110_188_120_121_cluster",
"192.168.0.110",
"192.168.0.188",
"local_dev_only",
"multi_host"
],
"generated_at": "2026-06-11T23:20:00+08:00",
"git_commit": "0a82648e",
"next_collection_order": [
"repair_bot_110_whitelist",
"repair_bot_188_whitelist",
"monitoring_110_compose",
"monitoring_exporters_188_compose",
"langfuse_110_compose",
"config_backup_host_capture",
"ansible_docker_compose_service_role",
"sentry_110_reference_compose",
"local_dev_compose"
],
"operator_interpretation": [
"這是 repo-only 主機服務配置清冊,不是 live host 盤點。",
"write-capable 白名單與 Ansible role 可見,不代表 repair-bot、docker compose、systemctl 或 sudo 已授權。",
"所有 live hash、restart window、rollback owner、post-check 指標都仍需 owner response。",
"本清冊讓 Docker/systemd 類別從 inventory_needed 進到 repo_only_inventory_ready但 runtime gate 仍為 0。"
],
"schema_version": "host_service_config_inventory_v1",
"source_scope": "committed_repo_files_only",
"status": "repo_only_inventory_ready",
"summary": {
"action_button_count": 0,
"coverage_percent_after_inventory": 50,
"coverage_percent_before_inventory": 42,
"docker_compose_source_count": 5,
"expected_host_scope_count": 5,
"host_repair_whitelist_count": 2,
"live_evidence_received_count": 0,
"owner_response_accepted_count": 0,
"owner_response_received_count": 0,
"restart_window_accepted_count": 0,
"rollback_owner_accepted_count": 0,
"runtime_gate_count": 0,
"source_exists_count": 9,
"surface_count": 9,
"surfaces_requiring_live_evidence_count": 8,
"surfaces_requiring_owner_response_count": 9,
"systemd_restart_surface_count": 1,
"write_capable_surface_count": 3
},
"write_capable_surfaces": [
{
"config_kind": "ansible_service_executor",
"expected_host_scope": "multi_host",
"label": "Ansible docker-compose-service role",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"service_scope": [
"docker compose up -d"
],
"surface_id": "ansible_docker_compose_service_role"
},
{
"config_kind": "host_repair_whitelist",
"expected_host_scope": "192.168.0.110",
"label": "110 repair-bot compose whitelist",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"service_scope": [
"sentry",
"harbor",
"gitea",
"gitea-runner",
"langfuse",
"alertmanager",
"signoz"
],
"surface_id": "repair_bot_110_whitelist"
},
{
"config_kind": "host_repair_whitelist",
"expected_host_scope": "192.168.0.188",
"label": "188 repair-bot compose/systemd whitelist",
"required_gate": "owner_response_plus_maintenance_window_plus_rollback_owner",
"service_scope": [
"openclaw",
"minio",
"signoz",
"redis",
"nginx",
"ollama"
],
"surface_id": "repair_bot_188_whitelist"
}
]
}

22
docs/security/iwooos-posture-projection.snapshot.json
View File

@@ -25,6 +25,9 @@
"docs/security/domain-tls-certbot-inventory.snapshot.json",
"docs/security/DOMAIN-TLS-CERTBOT-INVENTORY.md",
"docs/schemas/domain_tls_certbot_inventory_v1.schema.json",
"docs/security/host-service-config-inventory.snapshot.json",
"docs/security/HOST-SERVICE-CONFIG-INVENTORY.md",
"docs/schemas/host_service_config_inventory_v1.schema.json",
"docs/LOGBOOK.md",
"docs/workplans/2026-06-04-iwooos-security-governance-p0.md",
"apps/web/src/app/[locale]/iwooos/page.tsx",
@@ -241,6 +244,25 @@
"high_value_config_control_coverage_runtime_gate_count": 0,
"high_value_config_control_coverage_action_button_count": 0,
"high_value_config_control_coverage_lowest_category_count": 4,
"host_service_config_inventory_first_layer": true,
"host_service_config_inventory_surface_count": 9,
"host_service_config_inventory_source_exists_count": 9,
"host_service_config_inventory_expected_host_scope_count": 5,
"host_service_config_inventory_docker_compose_source_count": 5,
"host_service_config_inventory_host_repair_whitelist_count": 2,
"host_service_config_inventory_systemd_restart_surface_count": 1,
"host_service_config_inventory_write_capable_surface_count": 3,
"host_service_config_inventory_owner_response_required_count": 9,
"host_service_config_inventory_owner_response_received_count": 0,
"host_service_config_inventory_owner_response_accepted_count": 0,
"host_service_config_inventory_live_evidence_required_count": 8,
"host_service_config_inventory_live_evidence_received_count": 0,
"host_service_config_inventory_restart_window_accepted_count": 0,
"host_service_config_inventory_rollback_owner_accepted_count": 0,
"host_service_config_inventory_runtime_gate_count": 0,
"host_service_config_inventory_action_button_count": 0,
"host_service_config_inventory_coverage_percent_before_inventory": 42,
"host_service_config_inventory_coverage_percent_after_inventory": 50,
"high_value_config_owner_packet_first_layer": true,
"high_value_config_owner_packet_summary_count": 4,
"high_value_config_owner_packet_item_count": 6,