docs(iwooos): record wazuh managed host coverage production readback [skip ci]
This commit is contained in:
Your Name
@@ -47036,6 +47036,68 @@ production browser smoke:
|
||||
- `P0-02` owner-provided redacted evidence intake:開始接收六條 lane 的脫敏 evidence refs,但仍先維持 request / received / accepted / runtime 0,直到 reviewer validation 成立。
|
||||
- `P0-03` Wazuh manager registry accepted:只讀交叉驗收所有 expected host / product / agent scope,不把 Dashboard 可開、API 200 或前台 lane 可見當作全主機納管恢復。
|
||||
|
||||
## 2026-06-27 — 15:14 IwoooS Wazuh 受管主機覆蓋 production 讀回完成
|
||||
|
||||
**時間與來源**:
|
||||
- 2026-06-27 14:40-15:14 Asia/Taipei。
|
||||
- 來源:code commit `4ed96a83a`、後續 CD unblock commits `9edda8af2` / `7abb824dc` / `cea5d0236` / `b6214f22a` / `a6cf17004`、deploy marker `253beed76`、Gitea Actions `3613` / `3615` / `3618` / `3621` / `3624` / `3627`、production API / browser smoke。
|
||||
|
||||
**完成內容**:
|
||||
- `GET /api/v1/iwooos/wazuh-managed-host-coverage` 已正式部署,production 回 `200`。
|
||||
- `/zh-TW/iwooos` 的「Wazuh 主機納管覆蓋 Gate」已改成 production API 讀回優先;桌機與手機都可見只讀 API 狀態、公開別名主機矩陣與下一個 Gate。
|
||||
- 前台仍不顯示內網位址、agent 原名、主機原名、個人 namespace、工作視窗對話或 secret。
|
||||
- CD 期間 `3613` / `3615` / `3618` / `3621` / `3624` 被後續 CD unblock / retry commits 取代;正式成功基準為 `3627` + deploy marker `253beed76`。
|
||||
|
||||
**Gitea / deploy 狀態**:
|
||||
- code commit:`4ed96a83a feat(iwooos): expose wazuh managed host coverage readback`。
|
||||
- 最新部署基準 commit:`a6cf17004 fix(cd): use array needs for deploy jobs`。
|
||||
- deploy marker:`253beed76 chore(cd): deploy a6cf170 [skip ci]`。
|
||||
- 有效 CD run:`3627`,tests `success in 1m39s`、build-and-deploy `success in 4m28s`、post-deploy-checks `success in 1m35s`。
|
||||
- code-review run:`3628`,已由 Gitea Actions 清單顯示於 `a6cf17004`。
|
||||
|
||||
**production API readback**:
|
||||
- `GET https://awoooi.wooo.work/api/v1/iwooos/wazuh-managed-host-coverage`:`200`。
|
||||
- `schema_version=iwooos_wazuh_managed_host_coverage_readback_v1`。
|
||||
- `expected_host_scope_count=6`、`host_scope_matrix_count=6`、`direct_agent_active_observed_count=2`、`direct_agent_missing_or_no_transport_count=1`、`ssh_readback_blocked_count=3`。
|
||||
- `manager_registry_accepted_count=0`、`manager_registry_gap_count=6`、`required_evidence_accepted_count=0`、`runtime_gate_count=0`。
|
||||
- `host_scope_matrix` 只含公開別名:`managed_core_node_a`、`managed_core_node_b`、`managed_dev_node_a`、`managed_dev_node_b`、`managed_control_node_a`、`managed_control_node_b`。
|
||||
- forbidden hits:`192.168.0.` / `工作視窗` / `批准!繼續` / `source_thread_id` / 個人 namespace / `WAZUH_API_PASSWORD` 全部未出現。
|
||||
- `GET https://awoooi.wooo.work/api/v1/health`:`200`,`status=healthy`、`environment=prod`、`mock_mode=false`。
|
||||
- `GET https://awoooi.wooo.work/zh-TW/iwooos?_v=253beed76-wazuh-coverage-api-probe`:`200`。
|
||||
|
||||
**production browser smoke**:
|
||||
- Desktop `1366x900`,URL `https://awoooi.wooo.work/zh-TW/iwooos?_v=253beed76-wazuh-managed-host-desktop`。
|
||||
- markers present:`Wazuh 主機覆蓋只讀 API 已接上`、`公開別名主機矩陣`、`managed_core_node_a`、`manager_registry_cross_check`。
|
||||
- boundary markers present:`wazuh_managed_host_coverage_manager_registry_accepted_count=0`、`wazuh_managed_host_coverage_manager_registry_gap_count=6`、`wazuh_managed_host_coverage_runtime_gate_count=0`、`not_authorization=true`。
|
||||
- forbidden hits:`0`。
|
||||
- console errors:`0`。
|
||||
- page overflow:`0`,`scrollWidth=1360` / `clientWidth=1360`。
|
||||
- Mobile `390x844`,URL `https://awoooi.wooo.work/zh-TW/iwooos?_v=253beed76-wazuh-managed-host-mobile`。
|
||||
- markers present:同 desktop。
|
||||
- boundary markers present:同 desktop。
|
||||
- forbidden hits:`0`。
|
||||
- console errors:`0`。
|
||||
- page overflow:`0`,`scrollWidth=384` / `clientWidth=384`。
|
||||
|
||||
**完成度與同步狀態**:
|
||||
- 本段「Wazuh 受管主機覆蓋 API / 前台讀回」:`85% -> 100%`。
|
||||
- IwoooS 整體:保守 `67% -> 68%`。此段把 Wazuh 受管主機覆蓋納入正式 API / 前台 / guard / production 讀回,但未完成真正 manager registry accepted。
|
||||
- Wazuh manager registry accepted:`0% -> 35%`。完成可驗證框架與 public-safe readback;下一步才是 owner-provided redacted manager registry export / reviewer validation / post-enable readback。
|
||||
|
||||
**仍維持 0 / false**:
|
||||
- `manager_registry_accepted_count=0`、`required_evidence_accepted_count=0`、`live_metadata_env_enabled_count=0`、`runtime_gate_count=0`、`active_response_authorized_count=0`、`host_write_authorized_count=0`、`agent_reenroll_authorized_count=0`、`agent_restart_authorized_count=0`。
|
||||
- `runtime_execution_authorized=false`、`wazuh_api_live_query_authorized=false`、`wazuh_active_response_authorized=false`、`wazuh_agent_reenroll_authorized=false`、`wazuh_agent_restart_authorized=false`、`wazuh_manager_restart_authorized=false`、`host_write_authorized=false`、`kali_active_scan_authorized=false`、`secret_value_collection_allowed=false`、`not_authorization=true`。
|
||||
|
||||
**做過的命令類型**:
|
||||
- 寫入:repo LOGBOOK,以及前一筆 code commit / Gitea push。
|
||||
- 只讀:Gitea Actions UI readback、production API readback、production route smoke、production browser desktop / mobile smoke。
|
||||
- 未做:沒有 host / Docker / systemd / Nginx / firewall / K8s / DB / Wazuh runtime 寫操作;沒有讀 secret 明文;沒有重新註冊 agent;沒有 Wazuh restart;沒有 Wazuh active response;沒有 Kali active scan;沒有 force push。
|
||||
|
||||
**下一個 P0**:
|
||||
- `P0-01` owner-provided redacted Wazuh manager registry export:補 manager registry agent counts、逐主機 scope matrix、Dashboard API / RBAC / TLS 修復讀回、readonly credential metadata、owner response / rollback owner。
|
||||
- `P0-02` reviewer validation:只接受脫敏 evidence refs;拒收 raw Wazuh payload、完整截圖、內網位址、agent 原名、密碼、token、client key。
|
||||
- `P0-03` post-enable IwoooS readback:未來即使 live metadata gate 開啟,也要再驗證不回傳原始載荷、agent 原名、內網 IP 或 secret。
|
||||
|
||||
## 2026-06-27 — 14:40 IwoooS Wazuh 受管主機覆蓋 API / 前台讀回本地完成
|
||||
|
||||
**時間與來源**:
|
||||
|
||||
Reference in New Issue
Block a user