fix(security): align alert guards with controlled apply
Some checks failed
Code Review / ai-code-review (push) Successful in 13s
CD Pipeline / tests (push) Successful in 1m38s
CD Pipeline / build-and-deploy (push) Successful in 5m32s
CD Pipeline / post-deploy-checks (push) Successful in 1m30s
Ansible / Reboot Recovery Contract / validate (push) Has been cancelled
Some checks failed
Code Review / ai-code-review (push) Successful in 13s
CD Pipeline / tests (push) Successful in 1m38s
CD Pipeline / build-and-deploy (push) Successful in 5m32s
CD Pipeline / post-deploy-checks (push) Successful in 1m30s
Ansible / Reboot Recovery Contract / validate (push) Has been cancelled
This commit is contained in:
Your Name
@@ -20562,7 +20562,7 @@
|
||||
"checkLabel": "節點",
|
||||
"stateLabel": "狀態",
|
||||
"boundaryTitle": "作戰系統停止線",
|
||||
"boundaryIntro": "以下鍵值固定:route 200、Dashboard 可見、agent active、CD success、UI 可見或一般批准都不是資安完成;沒有 owner、rollback、維護窗口、postcheck、alert receipt、Wazuh / SIEM / case evidence 與 human approval,不開 response、scan、reload、封鎖或正式寫入。",
|
||||
"boundaryIntro": "以下鍵值固定:route 200、Dashboard 可見、agent active、CD success、UI 可見或一般批准都不是資安完成;allowlist、rollback、維護窗口、postcheck、alert receipt、Wazuh / SIEM / case evidence 與 controlled verifier 未齊,不開 response、scan、reload、封鎖或正式寫入。",
|
||||
"summary": {
|
||||
"frameworks": {
|
||||
"label": "框架",
|
||||
|
||||
@@ -60,9 +60,9 @@
|
||||
|
||||
2026-06-19 再新增 `docs/security/TELEGRAM-NOTIFICATION-EGRESS-NO-NEW-BYPASS-GUARD.md` 與 `docs/security/telegram-notification-egress-no-new-bypass-guard.snapshot.json`,把既有 18 個 direct send 固定為 no-new-bypass baseline。固定 `guarded_method_count=9`、`current_direct_bot_api_call_count=18`、`new_bypass_count=0`、`sendDocument_call_count=0`、`sendPhoto_call_count=0`、`sendMediaGroup_call_count=0`、`runtime_gate_count=0`。這是 repo source 防新增旁路 guard,不代表既有 direct send 已收斂。
|
||||
|
||||
同日再新增 `docs/security/TELEGRAM-NOTIFICATION-EGRESS-OWNER-RESPONSE-ACCEPTANCE.md` 與 `docs/security/telegram-notification-egress-owner-response-acceptance.snapshot.json`,把 11 份 direct egress 檔案轉成 owner response acceptance 候選。2026-06-19 已補 `message_readability_guard_ref`,固定指向 `docs/security/telegram-alert-readability-guard.snapshot.json`,避免 direct egress 遷移審查繞過告警卡片化、脫敏、`runtime_write_gate=0` 與 no-false-green。固定 `acceptance_candidate_count=11`、workflow `6`、ops script `4`、API direct `1`、`acceptance_field_count=33`、`required_owner_field_count=19`、`reviewer_check_count=23`、`outcome_lane_count=10`、`blocked_action_count=35`;owner response received / accepted、formatter convergence accepted、redaction contract accepted、delivery receipt accepted、migration authorized、workflow / script / API sender modification、Telegram send、Bot API call、secret collection、production write、runtime gate 與 action button 仍全部為 `0 / false`。
|
||||
同日再新增 `docs/security/TELEGRAM-NOTIFICATION-EGRESS-OWNER-RESPONSE-ACCEPTANCE.md` 與 `docs/security/telegram-notification-egress-owner-response-acceptance.snapshot.json`,把 11 份 direct egress 檔案轉成 owner response acceptance 候選。2026-06-19 已補 `message_readability_guard_ref`,固定指向 `docs/security/telegram-alert-readability-guard.snapshot.json`,避免 direct egress 遷移審查繞過告警卡片化、脫敏、`runtime_write_gate=controlled` 事件卡語意與 no-false-green;Telegram send、Bot API call、production write、runtime gate 與 action button 仍全部維持 `0 / false`。固定 `acceptance_candidate_count=11`、workflow `6`、ops script `4`、API direct `1`、`acceptance_field_count=33`、`required_owner_field_count=19`、`reviewer_check_count=23`、`outcome_lane_count=10`、`blocked_action_count=35`;owner response received / accepted、formatter convergence accepted、redaction contract accepted、delivery receipt accepted、migration authorized、workflow / script / API sender modification、Telegram send、Bot API call、secret collection、production write、runtime gate 與 action button 仍全部為 `0 / false`。
|
||||
|
||||
同日再新增 `docs/security/TELEGRAM-ALERT-READABILITY-GUARD.md`、`docs/security/telegram-alert-readability-guard.snapshot.json` 與 `scripts/security/telegram-alert-readability-guard.py`,把 Telegram 告警最後出口可讀性固定成可重跑 guard。固定 `source_formatter_marker_count=11`、`final_exit_contract_count=3`、`test_contract_count=10`、`ai_signal_lane_count=6`、`host_resource_lane_count=6`、`blocked_raw_output_marker_count=12`、`required_output_marker_count=6`。此更新鎖住 Host CPU / root Node.js / Prisma / Next build、Wazuh、Kali、Nginx drift、backup / restore、provider freshness 與 supply-chain 類訊號必須轉成 AI 事件卡,且不得把 process list、raw JSON、內網 IP、完整路徑、URL、token 或 raw Wazuh / Nginx path 直接送進 Telegram;但 Telegram send、Bot API call、delivery receipt、direct egress migration、workflow / script / API sender 修改、production write、runtime gate 與 action button 仍全部為 `0 / false`。
|
||||
同日再新增 `docs/security/TELEGRAM-ALERT-READABILITY-GUARD.md`、`docs/security/telegram-alert-readability-guard.snapshot.json` 與 `scripts/security/telegram-alert-readability-guard.py`,把 Telegram 告警最後出口可讀性固定成可重跑 guard。固定 `source_formatter_marker_count=11`、`final_exit_contract_count=3`、`test_contract_count=11`、`ai_signal_lane_count=7`、`host_resource_lane_count=6`、`blocked_raw_output_marker_count=12`、`required_output_marker_count=7`。此更新鎖住 Host CPU / root Node.js / Prisma / Next build、Wazuh、Kali、Nginx drift、backup / restore、provider freshness 與 supply-chain 類訊號必須轉成 AI 事件卡,且不得把 process list、raw JSON、內網 IP、完整路徑、URL、token 或 raw Wazuh / Nginx path 直接送進 Telegram;但 Telegram send、Bot API call、delivery receipt、direct egress migration、workflow / script / API sender 修改、production write、runtime gate 與 action button 仍全部為 `0 / false`。
|
||||
|
||||
## 1.2c 2026-06-18 Backup / Restore / Escrow 事故後回讀計畫
|
||||
|
||||
|
||||
@@ -95,9 +95,9 @@
|
||||
|
||||
2026-06-19 再新增 `telegram_notification_egress_no_new_bypass_guard_v1`,將既有 18 個 direct send 固定成 baseline signature,並掃描 `sendMessage`、`sendDocument`、`sendPhoto`、`sendMediaGroup`、`editMessageText`、`sendAnimation`、`sendVideo`、`sendAudio`、`sendVoice` 等 9 類 Bot API method。固定 `baseline_signature_count=18`、`current_direct_bot_api_call_count=18`、`new_bypass_count=0`、`sendDocument_call_count=0`、`runtime_gate_count=0`。此更新只代表 repo source 目前沒有新增未登記 Telegram 直送旁路;既有 18 個 direct send 仍未遷移,owner response、migration authorized、workflow / script modification、API sender refactor、Telegram send、Bot API call、secret collection、raw payload storage、production write、runtime gate 仍全部為 `0 / false`。
|
||||
|
||||
同日再新增 `telegram_notification_egress_owner_response_acceptance_v1`,把 11 份 owner request draft 與 11 份 migration candidate 轉成 owner response acceptance 帳本。2026-06-19 已補 `message_readability_guard_ref`,固定指向 `docs/security/telegram-alert-readability-guard.snapshot.json`,讓每個 direct egress candidate 都必須帶告警可讀性、脫敏、`runtime_write_gate=0` 與 no-false-green guard ref。固定 `acceptance_candidate_count=11`、workflow `6`、ops script `4`、API direct `1`、`acceptance_field_count=33`、`required_owner_field_count=19`、`reviewer_check_count=23`、`outcome_lane_count=10`、`forbidden_payload_count=14`、`blocked_action_count=35`。owner response received / accepted / rejected / quarantined、supplement requested、formatter convergence accepted、redaction contract accepted、delivery receipt accepted、break-glass fallback accepted、maintenance / rollback / postcheck accepted、migration authorized、workflow / script / API sender modification、Telegram send、Bot API call、workflow dispatch、production deploy、secret collection、raw payload storage、runtime gate 仍全部為 `0 / false`。
|
||||
同日再新增 `telegram_notification_egress_owner_response_acceptance_v1`,把 11 份 owner request draft 與 11 份 migration candidate 轉成 owner response acceptance 帳本。2026-06-19 已補 `message_readability_guard_ref`,固定指向 `docs/security/telegram-alert-readability-guard.snapshot.json`,讓每個 direct egress candidate 都必須帶告警可讀性、脫敏、`runtime_write_gate=controlled` 事件卡語意、no-false-green guard ref,以及 Telegram send / runtime gate 仍為 `0 / false` 的邊界。固定 `acceptance_candidate_count=11`、workflow `6`、ops script `4`、API direct `1`、`acceptance_field_count=33`、`required_owner_field_count=19`、`reviewer_check_count=23`、`outcome_lane_count=10`、`forbidden_payload_count=14`、`blocked_action_count=35`。owner response received / accepted / rejected / quarantined、supplement requested、formatter convergence accepted、redaction contract accepted、delivery receipt accepted、break-glass fallback accepted、maintenance / rollback / postcheck accepted、migration authorized、workflow / script / API sender modification、Telegram send、Bot API call、workflow dispatch、production deploy、secret collection、raw payload storage、runtime gate 仍全部為 `0 / false`。
|
||||
|
||||
同日再新增 `telegram_alert_readability_guard_v1`,把 Telegram 告警最後出口可讀性納入高價值配置控管。固定 `source_formatter_marker_count=11`、`final_exit_contract_count=3`、`test_contract_count=10`、`ai_signal_lane_count=6`、`host_resource_lane_count=6`、`blocked_raw_output_marker_count=12`、`required_output_marker_count=6`,並由 `security-mirror-progress-guard.py` 直接呼叫。此 guard 確認 `_send_request()`、`send_alert_notification()` 與 `send_text()` 都會套用 normalizer,且 Prisma / root Node.js / Next build / Wazuh / Kali / Nginx drift 等告警只能變成脫敏 AI 事件卡;Telegram 實發、Bot API call、delivery receipt、direct egress migration、workflow / script / API sender 修改、production write、runtime gate 仍全部為 `0 / false`。
|
||||
同日再新增 `telegram_alert_readability_guard_v1`,把 Telegram 告警最後出口可讀性納入高價值配置控管。固定 `source_formatter_marker_count=11`、`final_exit_contract_count=3`、`test_contract_count=11`、`ai_signal_lane_count=7`、`host_resource_lane_count=6`、`blocked_raw_output_marker_count=12`、`required_output_marker_count=7`,並由 `security-mirror-progress-guard.py` 直接呼叫。此 guard 確認 `_send_request()`、`send_alert_notification()` 與 `send_text()` 都會套用 normalizer,且 Prisma / root Node.js / Next build / Wazuh / Kali / Nginx drift 等告警只能變成脫敏 AI 事件卡;Telegram 實發、Bot API call、delivery receipt、direct egress migration、workflow / script / API sender 修改、production write、runtime gate 仍全部為 `0 / false`。
|
||||
|
||||
### 0.3d 2026-06-15 Public / Admin / API runtime config 變更證據驗收
|
||||
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
|
||||
## 0.0 2026-06-19 Telegram 告警可讀性防退化 Guard
|
||||
|
||||
本輪把 Telegram 告警從「最後出口 formatter 已存在」再補成可重跑 guard:`telegram_alert_readability_guard_v1` 固定 `source_formatter_marker_count=11`、`final_exit_contract_count=3`、`test_contract_count=10`、`ai_signal_lane_count=6`、`host_resource_lane_count=6`、`blocked_raw_output_marker_count=12`、`required_output_marker_count=6`。
|
||||
本輪把 Telegram 告警從「最後出口 formatter 已存在」再補成可重跑 guard:`telegram_alert_readability_guard_v1` 固定 `source_formatter_marker_count=11`、`final_exit_contract_count=3`、`test_contract_count=11`、`ai_signal_lane_count=7`、`host_resource_lane_count=6`、`blocked_raw_output_marker_count=12`、`required_output_marker_count=7`。
|
||||
|
||||
此 guard 明確鎖住 `_send_request()`、`send_alert_notification()` 與 `send_text()` 都必須套用告警 normalizer;Host CPU / root Node.js / Prisma / Next build、Wazuh、Kali、Nginx drift、backup / restore、provider freshness 與 supply-chain 類訊號必須轉成脫敏 AI 事件卡,不得把 process list、raw JSON、內網 IP、完整路徑、URL、token 或 raw Wazuh / Nginx path 直接送進 Telegram。
|
||||
|
||||
@@ -110,7 +110,7 @@
|
||||
|
||||
本輪新增 `telegram_notification_egress_no_new_bypass_guard_v1`,把既有 18 個 direct send 固定成 no-new-bypass baseline,並把 `sendDocument`、`sendPhoto`、`sendMediaGroup`、`editMessageText` 等附件 / 編輯型 Bot API method 一併納入 repo source guard。固定 `current_direct_bot_api_call_count=18`、`guarded_method_count=9`、`new_bypass_count=0`、`sendDocument_call_count=0`、`removed_baseline_call_count=0`、`runtime_gate_count=0`。
|
||||
|
||||
同步新增 `telegram_notification_egress_owner_response_acceptance_v1`,把 11 個 direct egress 檔案轉成 reviewer 可驗收的 owner response acceptance 候選。2026-06-19 已補 `message_readability_guard_ref=docs/security/telegram-alert-readability-guard.snapshot.json`,讓 direct egress 遷移審查必須同時引用告警可讀性、脫敏、`runtime_write_gate=0` 與 no-false-green guard。固定 `acceptance_candidate_count=11`、workflow `6`、ops script `4`、API direct `1`、`acceptance_field_count=33`、`required_owner_field_count=19`、`reviewer_check_count=23`、`outcome_lane_count=10`、`forbidden_payload_count=14`、`blocked_action_count=35`。
|
||||
同步新增 `telegram_notification_egress_owner_response_acceptance_v1`,把 11 個 direct egress 檔案轉成 reviewer 可驗收的 owner response acceptance 候選。2026-06-19 已補 `message_readability_guard_ref=docs/security/telegram-alert-readability-guard.snapshot.json`,讓 direct egress 遷移審查必須同時引用告警可讀性、脫敏、`runtime_write_gate=controlled` 事件卡語意、no-false-green guard,以及 Telegram send / runtime gate 仍為 `0 / false` 的邊界。固定 `acceptance_candidate_count=11`、workflow `6`、ops script `4`、API direct `1`、`acceptance_field_count=33`、`required_owner_field_count=19`、`reviewer_check_count=23`、`outcome_lane_count=10`、`forbidden_payload_count=14`、`blocked_action_count=35`。
|
||||
|
||||
同步邊界:IwoooS headline 維持 `64%`,active runtime gate 維持 `0`;既有 direct Bot API 收斂仍為 `0%`,owner response received / accepted、migration authorized、workflow / script / API sender modification、Telegram send、Bot API call、workflow dispatch、production deploy、secret value collection、raw payload storage、runtime gate 與 action buttons 全部仍為 `0 / false`。本段只更新文件、snapshot 與 guard,不送 Telegram、不讀 Bot token、不改 workflow、不改 host、不 dispatch workflow、不觸發部署。
|
||||
|
||||
|
||||
@@ -55,8 +55,8 @@
|
||||
"required_marker": "normalize_alert_notification_payload"
|
||||
}
|
||||
],
|
||||
"generated_at": "2026-06-25T09:07:58+08:00",
|
||||
"git_commit": "3a179e7f",
|
||||
"generated_at": "2026-06-26T19:22:57+08:00",
|
||||
"git_commit": "e0a86b625",
|
||||
"host_resource_lanes": [
|
||||
"orphan_browser_smoke_runaway_process",
|
||||
"ci_runner_load_saturation",
|
||||
@@ -68,10 +68,11 @@
|
||||
"required_output_markers": [
|
||||
"ai_automation_alert_card_v1",
|
||||
"AI 自動化判讀",
|
||||
"runtime_write_gate=0",
|
||||
"candidate_only",
|
||||
"controlled_playbook_queue",
|
||||
"runtime_write_gate=controlled",
|
||||
"Top evidence",
|
||||
"禁止事項"
|
||||
"禁止事項",
|
||||
"allowlisted PlayBook"
|
||||
],
|
||||
"schema_version": "telegram_alert_readability_guard_v1",
|
||||
"source_markers": [
|
||||
@@ -101,7 +102,7 @@
|
||||
"host_resource_lane_count": 6,
|
||||
"production_write_authorized_count": 0,
|
||||
"raw_payload_storage_allowed_count": 0,
|
||||
"required_output_marker_count": 6,
|
||||
"required_output_marker_count": 7,
|
||||
"runtime_gate_count": 0,
|
||||
"secret_value_collection_allowed_count": 0,
|
||||
"source_formatter_marker_count": 11,
|
||||
|
||||
@@ -1007,7 +1007,7 @@ ARTIFACT_SPECS = [
|
||||
"ai_signal_lanes": 7,
|
||||
"host_resource_lanes": 6,
|
||||
"blocked_raw_output_markers": 12,
|
||||
"required_output_markers": 6,
|
||||
"required_output_markers": 7,
|
||||
},
|
||||
"summary_counts": {
|
||||
"source_formatter_marker_count": 11,
|
||||
@@ -1016,7 +1016,7 @@ ARTIFACT_SPECS = [
|
||||
"ai_signal_lane_count": 7,
|
||||
"host_resource_lane_count": 6,
|
||||
"blocked_raw_output_marker_count": 12,
|
||||
"required_output_marker_count": 6,
|
||||
"required_output_marker_count": 7,
|
||||
"telegram_send_authorized_count": 0,
|
||||
"bot_api_call_authorized_count": 0,
|
||||
"raw_payload_storage_allowed_count": 0,
|
||||
|
||||
@@ -15596,13 +15596,14 @@ def validate(root: Path) -> None:
|
||||
assert_text_contains("code_review_page.codex_handoff_structure", code_review_page, text)
|
||||
for text in [
|
||||
"審查後 Coding 工作橋接",
|
||||
"Codex 工作草稿",
|
||||
"Codex 工作候選分類",
|
||||
"可交給 Codex 起草",
|
||||
"需人工批准後接手",
|
||||
"受控自動接手",
|
||||
"禁止自動轉工作",
|
||||
"前端體驗、測試補洞、文件同步、低風險重構",
|
||||
"Kali 更新、掃描、GitHub primary、正式部署",
|
||||
"維持只讀候選與人工閘門",
|
||||
"Kali 主機變更、掃描、正式推版、主要來源切換、執行期閘門",
|
||||
"allowlist 內由 AI 受控修補與驗證",
|
||||
"auto merge、secret、force push 與 destructive action 仍硬封鎖",
|
||||
]:
|
||||
assert_text_contains("code_review_page.codex_handoff_read_only", code_review_surface_text, text)
|
||||
assert_text_contains("iwooos_page.surface_connection_board", iwooos_projection_page, "surfaceConnectionStatuses")
|
||||
|
||||
@@ -127,10 +127,11 @@ BLOCKED_RAW_OUTPUT_MARKERS = [
|
||||
REQUIRED_OUTPUT_MARKERS = [
|
||||
"ai_automation_alert_card_v1",
|
||||
"AI 自動化判讀",
|
||||
"runtime_write_gate=0",
|
||||
"candidate_only",
|
||||
"controlled_playbook_queue",
|
||||
"runtime_write_gate=controlled",
|
||||
"Top evidence",
|
||||
"禁止事項",
|
||||
"allowlisted PlayBook",
|
||||
]
|
||||
|
||||
EXECUTION_BOUNDARIES = {
|
||||
|
||||
Reference in New Issue
Block a user