diff --git a/apps/web/messages/en.json b/apps/web/messages/en.json index d094cf89..5535a72c 100644 --- a/apps/web/messages/en.json +++ b/apps/web/messages/en.json @@ -20562,7 +20562,7 @@ "checkLabel": "節點", "stateLabel": "狀態", "boundaryTitle": "作戰系統停止線", - "boundaryIntro": "以下鍵值固定:route 200、Dashboard 可見、agent active、CD success、UI 可見或一般批准都不是資安完成;沒有 owner、rollback、維護窗口、postcheck、alert receipt、Wazuh / SIEM / case evidence 與 human approval,不開 response、scan、reload、封鎖或正式寫入。", + "boundaryIntro": "以下鍵值固定:route 200、Dashboard 可見、agent active、CD success、UI 可見或一般批准都不是資安完成;allowlist、rollback、維護窗口、postcheck、alert receipt、Wazuh / SIEM / case evidence 與 controlled verifier 未齊,不開 response、scan、reload、封鎖或正式寫入。", "summary": { "frameworks": { "label": "框架", diff --git a/docs/security/HIGH-VALUE-CONFIG-CONTROL-COVERAGE.md b/docs/security/HIGH-VALUE-CONFIG-CONTROL-COVERAGE.md index ee2a67dd..046833e5 100644 --- a/docs/security/HIGH-VALUE-CONFIG-CONTROL-COVERAGE.md +++ b/docs/security/HIGH-VALUE-CONFIG-CONTROL-COVERAGE.md @@ -60,9 +60,9 @@ 2026-06-19 再新增 `docs/security/TELEGRAM-NOTIFICATION-EGRESS-NO-NEW-BYPASS-GUARD.md` 與 `docs/security/telegram-notification-egress-no-new-bypass-guard.snapshot.json`,把既有 18 個 direct send 固定為 no-new-bypass baseline。固定 `guarded_method_count=9`、`current_direct_bot_api_call_count=18`、`new_bypass_count=0`、`sendDocument_call_count=0`、`sendPhoto_call_count=0`、`sendMediaGroup_call_count=0`、`runtime_gate_count=0`。這是 repo source 防新增旁路 guard,不代表既有 direct send 已收斂。 -同日再新增 `docs/security/TELEGRAM-NOTIFICATION-EGRESS-OWNER-RESPONSE-ACCEPTANCE.md` 與 `docs/security/telegram-notification-egress-owner-response-acceptance.snapshot.json`,把 11 份 direct egress 檔案轉成 owner response acceptance 候選。2026-06-19 已補 `message_readability_guard_ref`,固定指向 `docs/security/telegram-alert-readability-guard.snapshot.json`,避免 direct egress 遷移審查繞過告警卡片化、脫敏、`runtime_write_gate=0` 與 no-false-green。固定 `acceptance_candidate_count=11`、workflow `6`、ops script `4`、API direct `1`、`acceptance_field_count=33`、`required_owner_field_count=19`、`reviewer_check_count=23`、`outcome_lane_count=10`、`blocked_action_count=35`;owner response received / accepted、formatter convergence accepted、redaction contract accepted、delivery receipt accepted、migration authorized、workflow / script / API sender modification、Telegram send、Bot API call、secret collection、production write、runtime gate 與 action button 仍全部為 `0 / false`。 +同日再新增 `docs/security/TELEGRAM-NOTIFICATION-EGRESS-OWNER-RESPONSE-ACCEPTANCE.md` 與 `docs/security/telegram-notification-egress-owner-response-acceptance.snapshot.json`,把 11 份 direct egress 檔案轉成 owner response acceptance 候選。2026-06-19 已補 `message_readability_guard_ref`,固定指向 `docs/security/telegram-alert-readability-guard.snapshot.json`,避免 direct egress 遷移審查繞過告警卡片化、脫敏、`runtime_write_gate=controlled` 事件卡語意與 no-false-green;Telegram send、Bot API call、production write、runtime gate 與 action button 仍全部維持 `0 / false`。固定 `acceptance_candidate_count=11`、workflow `6`、ops script `4`、API direct `1`、`acceptance_field_count=33`、`required_owner_field_count=19`、`reviewer_check_count=23`、`outcome_lane_count=10`、`blocked_action_count=35`;owner response received / accepted、formatter convergence accepted、redaction contract accepted、delivery receipt accepted、migration authorized、workflow / script / API sender modification、Telegram send、Bot API call、secret collection、production write、runtime gate 與 action button 仍全部為 `0 / false`。 -同日再新增 `docs/security/TELEGRAM-ALERT-READABILITY-GUARD.md`、`docs/security/telegram-alert-readability-guard.snapshot.json` 與 `scripts/security/telegram-alert-readability-guard.py`,把 Telegram 告警最後出口可讀性固定成可重跑 guard。固定 `source_formatter_marker_count=11`、`final_exit_contract_count=3`、`test_contract_count=10`、`ai_signal_lane_count=6`、`host_resource_lane_count=6`、`blocked_raw_output_marker_count=12`、`required_output_marker_count=6`。此更新鎖住 Host CPU / root Node.js / Prisma / Next build、Wazuh、Kali、Nginx drift、backup / restore、provider freshness 與 supply-chain 類訊號必須轉成 AI 事件卡,且不得把 process list、raw JSON、內網 IP、完整路徑、URL、token 或 raw Wazuh / Nginx path 直接送進 Telegram;但 Telegram send、Bot API call、delivery receipt、direct egress migration、workflow / script / API sender 修改、production write、runtime gate 與 action button 仍全部為 `0 / false`。 +同日再新增 `docs/security/TELEGRAM-ALERT-READABILITY-GUARD.md`、`docs/security/telegram-alert-readability-guard.snapshot.json` 與 `scripts/security/telegram-alert-readability-guard.py`,把 Telegram 告警最後出口可讀性固定成可重跑 guard。固定 `source_formatter_marker_count=11`、`final_exit_contract_count=3`、`test_contract_count=11`、`ai_signal_lane_count=7`、`host_resource_lane_count=6`、`blocked_raw_output_marker_count=12`、`required_output_marker_count=7`。此更新鎖住 Host CPU / root Node.js / Prisma / Next build、Wazuh、Kali、Nginx drift、backup / restore、provider freshness 與 supply-chain 類訊號必須轉成 AI 事件卡,且不得把 process list、raw JSON、內網 IP、完整路徑、URL、token 或 raw Wazuh / Nginx path 直接送進 Telegram;但 Telegram send、Bot API call、delivery receipt、direct egress migration、workflow / script / API sender 修改、production write、runtime gate 與 action button 仍全部為 `0 / false`。 ## 1.2c 2026-06-18 Backup / Restore / Escrow 事故後回讀計畫 diff --git a/docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md b/docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md index 233c0dee..663503f9 100644 --- a/docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md +++ b/docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md @@ -95,9 +95,9 @@ 2026-06-19 再新增 `telegram_notification_egress_no_new_bypass_guard_v1`,將既有 18 個 direct send 固定成 baseline signature,並掃描 `sendMessage`、`sendDocument`、`sendPhoto`、`sendMediaGroup`、`editMessageText`、`sendAnimation`、`sendVideo`、`sendAudio`、`sendVoice` 等 9 類 Bot API method。固定 `baseline_signature_count=18`、`current_direct_bot_api_call_count=18`、`new_bypass_count=0`、`sendDocument_call_count=0`、`runtime_gate_count=0`。此更新只代表 repo source 目前沒有新增未登記 Telegram 直送旁路;既有 18 個 direct send 仍未遷移,owner response、migration authorized、workflow / script modification、API sender refactor、Telegram send、Bot API call、secret collection、raw payload storage、production write、runtime gate 仍全部為 `0 / false`。 -同日再新增 `telegram_notification_egress_owner_response_acceptance_v1`,把 11 份 owner request draft 與 11 份 migration candidate 轉成 owner response acceptance 帳本。2026-06-19 已補 `message_readability_guard_ref`,固定指向 `docs/security/telegram-alert-readability-guard.snapshot.json`,讓每個 direct egress candidate 都必須帶告警可讀性、脫敏、`runtime_write_gate=0` 與 no-false-green guard ref。固定 `acceptance_candidate_count=11`、workflow `6`、ops script `4`、API direct `1`、`acceptance_field_count=33`、`required_owner_field_count=19`、`reviewer_check_count=23`、`outcome_lane_count=10`、`forbidden_payload_count=14`、`blocked_action_count=35`。owner response received / accepted / rejected / quarantined、supplement requested、formatter convergence accepted、redaction contract accepted、delivery receipt accepted、break-glass fallback accepted、maintenance / rollback / postcheck accepted、migration authorized、workflow / script / API sender modification、Telegram send、Bot API call、workflow dispatch、production deploy、secret collection、raw payload storage、runtime gate 仍全部為 `0 / false`。 +同日再新增 `telegram_notification_egress_owner_response_acceptance_v1`,把 11 份 owner request draft 與 11 份 migration candidate 轉成 owner response acceptance 帳本。2026-06-19 已補 `message_readability_guard_ref`,固定指向 `docs/security/telegram-alert-readability-guard.snapshot.json`,讓每個 direct egress candidate 都必須帶告警可讀性、脫敏、`runtime_write_gate=controlled` 事件卡語意、no-false-green guard ref,以及 Telegram send / runtime gate 仍為 `0 / false` 的邊界。固定 `acceptance_candidate_count=11`、workflow `6`、ops script `4`、API direct `1`、`acceptance_field_count=33`、`required_owner_field_count=19`、`reviewer_check_count=23`、`outcome_lane_count=10`、`forbidden_payload_count=14`、`blocked_action_count=35`。owner response received / accepted / rejected / quarantined、supplement requested、formatter convergence accepted、redaction contract accepted、delivery receipt accepted、break-glass fallback accepted、maintenance / rollback / postcheck accepted、migration authorized、workflow / script / API sender modification、Telegram send、Bot API call、workflow dispatch、production deploy、secret collection、raw payload storage、runtime gate 仍全部為 `0 / false`。 -同日再新增 `telegram_alert_readability_guard_v1`,把 Telegram 告警最後出口可讀性納入高價值配置控管。固定 `source_formatter_marker_count=11`、`final_exit_contract_count=3`、`test_contract_count=10`、`ai_signal_lane_count=6`、`host_resource_lane_count=6`、`blocked_raw_output_marker_count=12`、`required_output_marker_count=6`,並由 `security-mirror-progress-guard.py` 直接呼叫。此 guard 確認 `_send_request()`、`send_alert_notification()` 與 `send_text()` 都會套用 normalizer,且 Prisma / root Node.js / Next build / Wazuh / Kali / Nginx drift 等告警只能變成脫敏 AI 事件卡;Telegram 實發、Bot API call、delivery receipt、direct egress migration、workflow / script / API sender 修改、production write、runtime gate 仍全部為 `0 / false`。 +同日再新增 `telegram_alert_readability_guard_v1`,把 Telegram 告警最後出口可讀性納入高價值配置控管。固定 `source_formatter_marker_count=11`、`final_exit_contract_count=3`、`test_contract_count=11`、`ai_signal_lane_count=7`、`host_resource_lane_count=6`、`blocked_raw_output_marker_count=12`、`required_output_marker_count=7`,並由 `security-mirror-progress-guard.py` 直接呼叫。此 guard 確認 `_send_request()`、`send_alert_notification()` 與 `send_text()` 都會套用 normalizer,且 Prisma / root Node.js / Next build / Wazuh / Kali / Nginx drift 等告警只能變成脫敏 AI 事件卡;Telegram 實發、Bot API call、delivery receipt、direct egress migration、workflow / script / API sender 修改、production write、runtime gate 仍全部為 `0 / false`。 ### 0.3d 2026-06-15 Public / Admin / API runtime config 變更證據驗收 diff --git a/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md b/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md index 97feadce..02ef2e79 100644 --- a/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md +++ b/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md @@ -16,7 +16,7 @@ ## 0.0 2026-06-19 Telegram 告警可讀性防退化 Guard -本輪把 Telegram 告警從「最後出口 formatter 已存在」再補成可重跑 guard:`telegram_alert_readability_guard_v1` 固定 `source_formatter_marker_count=11`、`final_exit_contract_count=3`、`test_contract_count=10`、`ai_signal_lane_count=6`、`host_resource_lane_count=6`、`blocked_raw_output_marker_count=12`、`required_output_marker_count=6`。 +本輪把 Telegram 告警從「最後出口 formatter 已存在」再補成可重跑 guard:`telegram_alert_readability_guard_v1` 固定 `source_formatter_marker_count=11`、`final_exit_contract_count=3`、`test_contract_count=11`、`ai_signal_lane_count=7`、`host_resource_lane_count=6`、`blocked_raw_output_marker_count=12`、`required_output_marker_count=7`。 此 guard 明確鎖住 `_send_request()`、`send_alert_notification()` 與 `send_text()` 都必須套用告警 normalizer;Host CPU / root Node.js / Prisma / Next build、Wazuh、Kali、Nginx drift、backup / restore、provider freshness 與 supply-chain 類訊號必須轉成脫敏 AI 事件卡,不得把 process list、raw JSON、內網 IP、完整路徑、URL、token 或 raw Wazuh / Nginx path 直接送進 Telegram。 @@ -110,7 +110,7 @@ 本輪新增 `telegram_notification_egress_no_new_bypass_guard_v1`,把既有 18 個 direct send 固定成 no-new-bypass baseline,並把 `sendDocument`、`sendPhoto`、`sendMediaGroup`、`editMessageText` 等附件 / 編輯型 Bot API method 一併納入 repo source guard。固定 `current_direct_bot_api_call_count=18`、`guarded_method_count=9`、`new_bypass_count=0`、`sendDocument_call_count=0`、`removed_baseline_call_count=0`、`runtime_gate_count=0`。 -同步新增 `telegram_notification_egress_owner_response_acceptance_v1`,把 11 個 direct egress 檔案轉成 reviewer 可驗收的 owner response acceptance 候選。2026-06-19 已補 `message_readability_guard_ref=docs/security/telegram-alert-readability-guard.snapshot.json`,讓 direct egress 遷移審查必須同時引用告警可讀性、脫敏、`runtime_write_gate=0` 與 no-false-green guard。固定 `acceptance_candidate_count=11`、workflow `6`、ops script `4`、API direct `1`、`acceptance_field_count=33`、`required_owner_field_count=19`、`reviewer_check_count=23`、`outcome_lane_count=10`、`forbidden_payload_count=14`、`blocked_action_count=35`。 +同步新增 `telegram_notification_egress_owner_response_acceptance_v1`,把 11 個 direct egress 檔案轉成 reviewer 可驗收的 owner response acceptance 候選。2026-06-19 已補 `message_readability_guard_ref=docs/security/telegram-alert-readability-guard.snapshot.json`,讓 direct egress 遷移審查必須同時引用告警可讀性、脫敏、`runtime_write_gate=controlled` 事件卡語意、no-false-green guard,以及 Telegram send / runtime gate 仍為 `0 / false` 的邊界。固定 `acceptance_candidate_count=11`、workflow `6`、ops script `4`、API direct `1`、`acceptance_field_count=33`、`required_owner_field_count=19`、`reviewer_check_count=23`、`outcome_lane_count=10`、`forbidden_payload_count=14`、`blocked_action_count=35`。 同步邊界:IwoooS headline 維持 `64%`,active runtime gate 維持 `0`;既有 direct Bot API 收斂仍為 `0%`,owner response received / accepted、migration authorized、workflow / script / API sender modification、Telegram send、Bot API call、workflow dispatch、production deploy、secret value collection、raw payload storage、runtime gate 與 action buttons 全部仍為 `0 / false`。本段只更新文件、snapshot 與 guard,不送 Telegram、不讀 Bot token、不改 workflow、不改 host、不 dispatch workflow、不觸發部署。 diff --git a/docs/security/telegram-alert-readability-guard.snapshot.json b/docs/security/telegram-alert-readability-guard.snapshot.json index b30c5502..f7998e72 100644 --- a/docs/security/telegram-alert-readability-guard.snapshot.json +++ b/docs/security/telegram-alert-readability-guard.snapshot.json @@ -55,8 +55,8 @@ "required_marker": "normalize_alert_notification_payload" } ], - "generated_at": "2026-06-25T09:07:58+08:00", - "git_commit": "3a179e7f", + "generated_at": "2026-06-26T19:22:57+08:00", + "git_commit": "e0a86b625", "host_resource_lanes": [ "orphan_browser_smoke_runaway_process", "ci_runner_load_saturation", @@ -68,10 +68,11 @@ "required_output_markers": [ "ai_automation_alert_card_v1", "AI 自動化判讀", - "runtime_write_gate=0", - "candidate_only", + "controlled_playbook_queue", + "runtime_write_gate=controlled", "Top evidence", - "禁止事項" + "禁止事項", + "allowlisted PlayBook" ], "schema_version": "telegram_alert_readability_guard_v1", "source_markers": [ @@ -101,7 +102,7 @@ "host_resource_lane_count": 6, "production_write_authorized_count": 0, "raw_payload_storage_allowed_count": 0, - "required_output_marker_count": 6, + "required_output_marker_count": 7, "runtime_gate_count": 0, "secret_value_collection_allowed_count": 0, "source_formatter_marker_count": 11, diff --git a/scripts/security/iwooos-config-control-guard.py b/scripts/security/iwooos-config-control-guard.py index e2027132..f279d169 100644 --- a/scripts/security/iwooos-config-control-guard.py +++ b/scripts/security/iwooos-config-control-guard.py @@ -1007,7 +1007,7 @@ ARTIFACT_SPECS = [ "ai_signal_lanes": 7, "host_resource_lanes": 6, "blocked_raw_output_markers": 12, - "required_output_markers": 6, + "required_output_markers": 7, }, "summary_counts": { "source_formatter_marker_count": 11, @@ -1016,7 +1016,7 @@ ARTIFACT_SPECS = [ "ai_signal_lane_count": 7, "host_resource_lane_count": 6, "blocked_raw_output_marker_count": 12, - "required_output_marker_count": 6, + "required_output_marker_count": 7, "telegram_send_authorized_count": 0, "bot_api_call_authorized_count": 0, "raw_payload_storage_allowed_count": 0, diff --git a/scripts/security/security-mirror-progress-guard.py b/scripts/security/security-mirror-progress-guard.py index f4b0de1f..530106b4 100755 --- a/scripts/security/security-mirror-progress-guard.py +++ b/scripts/security/security-mirror-progress-guard.py @@ -15596,13 +15596,14 @@ def validate(root: Path) -> None: assert_text_contains("code_review_page.codex_handoff_structure", code_review_page, text) for text in [ "審查後 Coding 工作橋接", - "Codex 工作草稿", + "Codex 工作候選分類", "可交給 Codex 起草", - "需人工批准後接手", + "受控自動接手", "禁止自動轉工作", "前端體驗、測試補洞、文件同步、低風險重構", - "Kali 更新、掃描、GitHub primary、正式部署", - "維持只讀候選與人工閘門", + "Kali 主機變更、掃描、正式推版、主要來源切換、執行期閘門", + "allowlist 內由 AI 受控修補與驗證", + "auto merge、secret、force push 與 destructive action 仍硬封鎖", ]: assert_text_contains("code_review_page.codex_handoff_read_only", code_review_surface_text, text) assert_text_contains("iwooos_page.surface_connection_board", iwooos_projection_page, "surfaceConnectionStatuses") diff --git a/scripts/security/telegram-alert-readability-guard.py b/scripts/security/telegram-alert-readability-guard.py index 96b5ddc4..34b4346e 100644 --- a/scripts/security/telegram-alert-readability-guard.py +++ b/scripts/security/telegram-alert-readability-guard.py @@ -127,10 +127,11 @@ BLOCKED_RAW_OUTPUT_MARKERS = [ REQUIRED_OUTPUT_MARKERS = [ "ai_automation_alert_card_v1", "AI 自動化判讀", - "runtime_write_gate=0", - "candidate_only", + "controlled_playbook_queue", + "runtime_write_gate=controlled", "Top evidence", "禁止事項", + "allowlisted PlayBook", ] EXECUTION_BOUNDARIES = {