From 15b02cb6e024e331c1b2f1a4810fb671e417055e Mon Sep 17 00:00:00 2001 From: Your Name Date: Sun, 28 Jun 2026 03:14:13 +0800 Subject: [PATCH] fix(iwooos): remove public runtime boundary phrases [skip ci] --- apps/web/messages/en.json | 60 ++++++++++++++++++------------------ apps/web/messages/zh-TW.json | 60 ++++++++++++++++++------------------ 2 files changed, 60 insertions(+), 60 deletions(-) diff --git a/apps/web/messages/en.json b/apps/web/messages/en.json index 3f4603a8..5bd58898 100644 --- a/apps/web/messages/en.json +++ b/apps/web/messages/en.json @@ -154,11 +154,11 @@ } }, "boundaries": { - "secret": "不收 secret value、token、private key、cookie 或 private clone credential。", + "secret": "不收機密明文、token、private key、cookie 或 private clone credential。", "production": "不直接改 production runtime、public gateway、Nginx、Docker、K8s 或 firewall。", "repo": "不直接建立 GitHub repo、改 visibility、sync refs、force push 或 trigger workflow。", "data": "不直接做資料庫、backup、restore 或 migration 寫操作。", - "security": "不啟動 Wazuh / Kali active response、active scan 或 host containment。" + "security": "不啟動 Wazuh / Kali 主動回應流程、active scan 或 host containment。" }, "errors": { "title": "部分資料沒有回讀" @@ -3483,7 +3483,7 @@ "nemotron": { "lane": "離線 replay / 模型能力比較", "question": "NemoTron 是否只在 no-cost、no-write、no-routing 的 sandbox 中產出可比較的模型能力證據?", - "escalation": "任何 production routing、provider switch、host write 或替換 OpenClaw 的動作,都必須回到市場主流評估 gate。" + "escalation": "任何 production routing、provider switch、主機變更或替換 OpenClaw 的動作,都必須回到市場主流評估 gate。" }, "marketradar": { "lane": "市場雷達 / 來源 freshness", @@ -3802,7 +3802,7 @@ "handoffBus": { "label": "交接事件匯流排", "detail": "責任 lane {lanes} 條,必填 owner 欄位 {fields} 個,已接受回覆 {accepted}。", - "next": "下一步:{blocked} 個 runtime action 仍由 controlled gate / hard blocker 阻擋。" + "next": "下一步:{blocked} 個執行期變更仍由 controlled gate / hard blocker 阻擋。" }, "ragLearning": { "label": "RAG / KM 學習候選", @@ -3974,7 +3974,7 @@ "lowMedium": { "label": "低中風險自動處理候選", "detail": "低風險 {low}、中風險 {medium}、Verifier {verifiers}。", - "next": "OpenClaw 先乾跑與審計理由;blocked runtime action {blocked} 不執行。" + "next": "OpenClaw 先乾跑與審計理由;blocked 執行期變更 {blocked} 不執行。" }, "highRisk": { "label": "高風險審核與批准包", @@ -6197,7 +6197,7 @@ "destructive": "destructive: {value}", "liveExecution": "live execution: {value}", "opensLive": "opens live: {value}", - "runtimeAction": "runtime action: {value}" + "runtimeAction": "執行期變更:{value}" }, "labels": { "nextGate": "next gate: {value}", @@ -6260,7 +6260,7 @@ "destructive": "destructive: {value}", "liveReadback": "live readback: {value}", "resultWrite": "result write: {value}", - "runtimeAction": "runtime action: {value}" + "runtimeAction": "執行期變更:{value}" }, "labels": { "sideEffect": "副作用 {count}", @@ -6328,7 +6328,7 @@ "targetSystem": "target: {value}", "writeEnabled": "write enabled: {value}", "runtimeWriter": "執行期寫入r: {value}", - "runtimeAction": "runtime action: {value}" + "runtimeAction": "執行期變更:{value}" }, "resultStates": { "diagnostic_only": "只完成診斷", @@ -20527,7 +20527,7 @@ "securityControlCoverage": { "eyebrow": "IwoooS 資安納管覆蓋總表", "title": "主機、產品、服務、工具與 AI Agent 先收斂成同一張總帳", - "subtitle": "這張板彙整 committed snapshot,集中顯示高價值配置、主機服務、監控告警、SSH / Firewall、runtime surface、Wazuh、agent-bounty-protocol 與 AI Agent 納管狀態;它不查 live host、不讀 secret、不啟動掃描、不送告警、不開 runtime gate。", + "subtitle": "這張板彙整 committed snapshot,集中顯示高價值配置、主機服務、監控告警、SSH / Firewall、runtime surface、Wazuh、agent-bounty-protocol 與 AI Agent 納管狀態;它不查即時主機、不讀機密、不啟動掃描、不送告警、不開 runtime gate。", "statusLabel": "總表狀態", "statusDetail": "納管總表只代表控制面可讀與缺口已集中,不代表所有主機、產品、服務或 AI Agent 已完成 runtime 控管。", "emptyDomains": "尚未讀回控制域,維持阻擋狀態。", @@ -20851,7 +20851,7 @@ "checksLoading": "正在讀取 reviewer checks。", "checksFallback": "Reviewer checks 尚未由正式 API 讀回,維持 fallback 停止線。", "boundaryTitle": "Reviewer validation 停止線", - "boundaryIntro": "以下鍵值固定:reviewer validation passed 只代表脫敏 evidence refs 通過 no-persist 驗證;accepted 不代表 manager registry accepted、active response、agent restart、host write、secret rotation 或 runtime gate 已授權。", + "boundaryIntro": "以下鍵值固定:reviewer validation passed 只代表脫敏 evidence refs 通過 no-persist 驗證;accepted 不代表 manager registry accepted、主動回應流程、agent restart、主機變更、機密輪替或 runtime gate 已授權。", "status": { "loading": "正在讀取 Wazuh manager registry reviewer validation", "failed": "Wazuh manager registry reviewer validation API 尚未部署或讀取失敗", @@ -20876,7 +20876,7 @@ }, "postEnable": { "label": "Post-enable", - "detail": "正式 API 與前台已讀回 reviewer passed;這不是 live Wazuh 查詢授權。" + "detail": "正式 API 與前台已讀回 reviewer passed;這不是管理端即時查詢授權。" }, "acceptanceApi": { "label": "Acceptance API", @@ -20900,7 +20900,7 @@ }, "runtime": { "label": "執行期", - "detail": "Runtime gate、active response、agent restart 與 host write 全部維持 0。" + "detail": "Runtime gate、主動回應流程、agent restart 與主機變更全部維持 0。" } } }, @@ -21002,7 +21002,7 @@ }, "runtimeGate": { "label": "執行期", - "detail": "runtime gate、host write、active response、scan、auto block 與 action button 都是 0。" + "detail": "runtime gate、主機變更、主動回應流程、scan、auto block 與 action button 都是 0。" } }, "items": { @@ -21036,7 +21036,7 @@ }, "runtimeBoundary": { "title": "執行邊界維持 0 / false", - "body": "Wazuh active response、Kali active scan、Kali /execute、Nginx reload、firewall change、SOAR 與 auto block 都未授權。" + "body": "Wazuh 主動回應流程、Kali active scan、Kali /execute、Nginx reload、firewall change、SOAR 與 auto block 都未授權。" } } }, @@ -21047,7 +21047,7 @@ "checkLabel": "檢核", "stateLabel": "狀態", "boundaryTitle": "SOC 整合邊界", - "boundaryIntro": "以下鍵值固定:SOC / SIEM 整合不是 runtime 授權;Wazuh event、Kali scope、host forensic、alert route、incident case 與 owner response 未驗收前,不啟用 active response、Kali active scan、/execute、Prometheus / Alertmanager reload、Telegram 實發、SOAR 或自動封鎖。", + "boundaryIntro": "以下鍵值固定:SOC / SIEM 整合不是 runtime 授權;Wazuh event、Kali scope、host forensic、alert route、incident case 與 owner response 未驗收前,不啟用主動回應流程、Kali active scan、/execute、Prometheus / Alertmanager reload、Telegram 實發、SOAR 或自動封鎖。", "summary": { "frameworks": { "label": "框架", @@ -21075,7 +21075,7 @@ }, "runtimeGate": { "label": "執行期", - "detail": "runtime gate、action button、active response 與掃描都仍為 0。" + "detail": "runtime gate、action button、主動回應流程與掃描都仍為 0。" } }, "items": { @@ -21109,7 +21109,7 @@ }, "runtimeBoundary": { "title": "runtime 邊界維持 0 / false", - "body": "Wazuh active response、Kali scan、Prometheus reload、Telegram 發送、auto block 與 action button 全部維持關閉。" + "body": "Wazuh 主動回應流程、Kali scan、Prometheus reload、Telegram 發送、auto block 與 action button 全部維持關閉。" }, "operatingModel": { "title": "營運角色已拆分", @@ -21148,7 +21148,7 @@ }, "runtimeGate": { "label": "執行期", - "detail": "active response、scan、reload、firewall、host write 與 action button 都是 0。" + "detail": "主動回應流程、scan、reload、firewall、主機變更與 action button 都是 0。" } }, "items": { @@ -21182,7 +21182,7 @@ }, "runtimeBoundary": { "title": "跨專案與 runtime 動作不得自動執行", - "body": "需要跨專案同步、維護窗口或 break-glass、rollback owner;Wazuh active response、Kali scan、reload、firewall、host write、Telegram 實發與 SOAR 都需獨立批准。" + "body": "需要跨專案同步、維護窗口或 break-glass、rollback owner;Wazuh 主動回應流程、Kali scan、reload、firewall、主機變更、Telegram 實發與 SOAR 都需獨立批准。" } } }, @@ -21193,7 +21193,7 @@ "checkLabel": "檢核", "stateLabel": "狀態", "boundaryTitle": "資安資產總帳邊界", - "boundaryIntro": "以下鍵值固定:資安資產總帳完成只代表 repo-side 控制面已收斂;owner response、live evidence、runtime gate、host write、Kali active scan、Wazuh active response、SOAR、auto block 與 正式環境寫入 仍全部維持 0 / false。", + "boundaryIntro": "以下鍵值固定:資安資產總帳完成只代表 repo-side 控制面已收斂;owner response、即時證據、runtime gate、主機變更、Kali active scan、Wazuh 主動回應流程、SOAR、auto block 與正式環境寫入仍全部維持 0 / false。", "summary": { "assetGroups": { "label": "資產群組", @@ -21209,7 +21209,7 @@ }, "runtimeGate": { "label": "執行期", - "detail": "runtime gate、action button、host write、active scan 全部為 0。" + "detail": "runtime gate、action button、主機變更、active scan 全部為 0。" } }, "items": { @@ -21219,7 +21219,7 @@ }, "hostNetwork": { "title": "主機與網路待 owner", - "body": "Docker、systemd、SSH、firewall、WireGuard、NodePort 與 NetworkPolicy 只收脫敏狀態,不做 host write。" + "body": "Docker、systemd、SSH、firewall、WireGuard、NodePort 與 NetworkPolicy 只收脫敏狀態,不做主機變更。" }, "k8sWorkflow": { "title": "GitOps 與 workflow 待回讀", @@ -21227,7 +21227,7 @@ }, "wazuhKali": { "title": "Wazuh / Kali 維持證據收件", - "body": "Wazuh event refs、Kali scope、health 與 finding envelope 仍待補;active response、active scan 與 /execute 仍未授權。" + "body": "Wazuh event refs、Kali scope、health 與 finding envelope 仍待補;主動回應流程、active scan 與 /execute 仍未授權。" }, "alertBackup": { "title": "告警與復原避免假綠燈", @@ -21254,7 +21254,7 @@ "checkLabel": "優先", "stateLabel": "狀態", "boundaryTitle": "外部入侵防堵邊界", - "boundaryIntro": "以下鍵值固定:防堵矩陣不是主機操作授權;沒有 owner、維護窗口、rollback、validation 與 postcheck 前,不執行 SSH、firewall、Nginx reload、Wazuh active response、套件更新、secret 輪替或 正式環境寫入。", + "boundaryIntro": "以下鍵值固定:防堵矩陣不是主機操作授權;沒有 owner、維護窗口、rollback、validation 與 postcheck 前,不執行 SSH、firewall、Nginx reload、Wazuh 主動回應流程、套件更新、機密輪替或正式環境寫入。", "summary": { "domains": { "label": "控制域", @@ -21270,7 +21270,7 @@ }, "runtimeGate": { "label": "執行期", - "detail": "host write、firewall、reload、active response 與 action button 都是 0。" + "detail": "主機變更、firewall、reload、主動回應流程與 action button 都是 0。" } }, "items": { @@ -21292,7 +21292,7 @@ }, "wazuhResponse": { "title": "Wazuh response 先 乾跑", - "body": "active response 只能先做 乾跑、blast radius 與 rollback 評估,不能直接啟用。" + "body": "主動回應流程只能先做乾跑、blast radius 與 rollback 評估,不能直接啟用。" }, "backupRestore": { "title": "復原退路要先驗", @@ -21415,10 +21415,10 @@ "ownerEvidenceIntakePreflight": { "eyebrow": "負責人證據收件預檢", "title": "Nginx、DNS、K8s、機密、執行器與 Wazuh 證據先進同一條收件線", - "subtitle": "此卡只讀 committed snapshot,把六條 P0 owner-provided redacted evidence lane 統一成可檢查欄位、拒收規則與 0 / false 邊界;不送 request、不收回覆、不寫 reviewer queue、不查 live host、不開 runtime action。", + "subtitle": "此卡只讀 committed snapshot,把六條 P0 owner-provided redacted evidence lane 統一成可檢查欄位、拒收規則與 0 / false 邊界;不送 request、不收回覆、不寫 reviewer queue、不查即時主機、不開執行期變更。", "stateLabel": "收件來源", "boundaryTitle": "負責人證據收件邊界", - "boundaryIntro": "以下鍵值固定:預檢可見不代表 request 已送出、回覆已收到、reviewer 已接受、Nginx 可 reload、ArgoCD 可 sync、workflow 可改、Wazuh 可 active response 或 Kali 可掃描。", + "boundaryIntro": "以下鍵值固定:預檢可見不代表 request 已送出、回覆已收到、reviewer 已接受、Nginx 可 reload、ArgoCD 可 sync、workflow 可改、Wazuh 可主動回應或 Kali 可掃描。", "apiStatus": { "loading": "正在讀取只讀 API", "ready": "只讀 API 已接上", @@ -21493,7 +21493,7 @@ }, "sshNetwork": { "title": "SSH / network / firewall", - "body": "repo-only 清冊已納入 16 個 SSH / network access surface,並新增外部入侵防堵矩陣;目前成熟度 70%,SSH、sudo、known_hosts、firewall、WireGuard、NodePort 與 NetworkPolicy 都需要 before / after state、維護窗口與 rollback owner。防火牆變更、port close / open、SSH 寫入、host write、readback accepted 與 runtime gate 仍全部為 0。" + "body": "repo-only 清冊已納入 16 個 SSH / network access surface,並新增外部入侵防堵矩陣;目前成熟度 70%,SSH、sudo、known_hosts、firewall、WireGuard、NodePort 與 NetworkPolicy 都需要 before / after state、維護窗口與 rollback owner。防火牆變更、port close / open、SSH 寫入、主機變更、readback accepted 與 runtime gate 仍全部為 0。" }, "k8sGitops": { "title": "K8s / ArgoCD GitOps", @@ -21505,7 +21505,7 @@ }, "monitoring": { "title": "監控與告警設定", - "body": "已新增 60 個 monitoring / alerting / observability surface、事故後回讀計畫、Wazuh / 主機入侵 readback plan 與外部入侵防堵矩陣;目前只讀成熟度 74%。Wazuh event、主機鑑識、containment、recovery proof、active response、host write、runtime gate 與 action button 仍全部為 0。" + "body": "已新增 60 個 monitoring / alerting / observability surface、事故後回讀計畫、Wazuh / 主機入侵 readback plan 與外部入侵防堵矩陣;目前只讀成熟度 74%。Wazuh event、主機鑑識、containment、recovery proof、主動回應流程、主機變更、runtime gate 與 action button 仍全部為 0。" } } }, diff --git a/apps/web/messages/zh-TW.json b/apps/web/messages/zh-TW.json index 3f4603a8..5bd58898 100644 --- a/apps/web/messages/zh-TW.json +++ b/apps/web/messages/zh-TW.json @@ -154,11 +154,11 @@ } }, "boundaries": { - "secret": "不收 secret value、token、private key、cookie 或 private clone credential。", + "secret": "不收機密明文、token、private key、cookie 或 private clone credential。", "production": "不直接改 production runtime、public gateway、Nginx、Docker、K8s 或 firewall。", "repo": "不直接建立 GitHub repo、改 visibility、sync refs、force push 或 trigger workflow。", "data": "不直接做資料庫、backup、restore 或 migration 寫操作。", - "security": "不啟動 Wazuh / Kali active response、active scan 或 host containment。" + "security": "不啟動 Wazuh / Kali 主動回應流程、active scan 或 host containment。" }, "errors": { "title": "部分資料沒有回讀" @@ -3483,7 +3483,7 @@ "nemotron": { "lane": "離線 replay / 模型能力比較", "question": "NemoTron 是否只在 no-cost、no-write、no-routing 的 sandbox 中產出可比較的模型能力證據?", - "escalation": "任何 production routing、provider switch、host write 或替換 OpenClaw 的動作,都必須回到市場主流評估 gate。" + "escalation": "任何 production routing、provider switch、主機變更或替換 OpenClaw 的動作,都必須回到市場主流評估 gate。" }, "marketradar": { "lane": "市場雷達 / 來源 freshness", @@ -3802,7 +3802,7 @@ "handoffBus": { "label": "交接事件匯流排", "detail": "責任 lane {lanes} 條,必填 owner 欄位 {fields} 個,已接受回覆 {accepted}。", - "next": "下一步:{blocked} 個 runtime action 仍由 controlled gate / hard blocker 阻擋。" + "next": "下一步:{blocked} 個執行期變更仍由 controlled gate / hard blocker 阻擋。" }, "ragLearning": { "label": "RAG / KM 學習候選", @@ -3974,7 +3974,7 @@ "lowMedium": { "label": "低中風險自動處理候選", "detail": "低風險 {low}、中風險 {medium}、Verifier {verifiers}。", - "next": "OpenClaw 先乾跑與審計理由;blocked runtime action {blocked} 不執行。" + "next": "OpenClaw 先乾跑與審計理由;blocked 執行期變更 {blocked} 不執行。" }, "highRisk": { "label": "高風險審核與批准包", @@ -6197,7 +6197,7 @@ "destructive": "destructive: {value}", "liveExecution": "live execution: {value}", "opensLive": "opens live: {value}", - "runtimeAction": "runtime action: {value}" + "runtimeAction": "執行期變更:{value}" }, "labels": { "nextGate": "next gate: {value}", @@ -6260,7 +6260,7 @@ "destructive": "destructive: {value}", "liveReadback": "live readback: {value}", "resultWrite": "result write: {value}", - "runtimeAction": "runtime action: {value}" + "runtimeAction": "執行期變更:{value}" }, "labels": { "sideEffect": "副作用 {count}", @@ -6328,7 +6328,7 @@ "targetSystem": "target: {value}", "writeEnabled": "write enabled: {value}", "runtimeWriter": "執行期寫入r: {value}", - "runtimeAction": "runtime action: {value}" + "runtimeAction": "執行期變更:{value}" }, "resultStates": { "diagnostic_only": "只完成診斷", @@ -20527,7 +20527,7 @@ "securityControlCoverage": { "eyebrow": "IwoooS 資安納管覆蓋總表", "title": "主機、產品、服務、工具與 AI Agent 先收斂成同一張總帳", - "subtitle": "這張板彙整 committed snapshot,集中顯示高價值配置、主機服務、監控告警、SSH / Firewall、runtime surface、Wazuh、agent-bounty-protocol 與 AI Agent 納管狀態;它不查 live host、不讀 secret、不啟動掃描、不送告警、不開 runtime gate。", + "subtitle": "這張板彙整 committed snapshot,集中顯示高價值配置、主機服務、監控告警、SSH / Firewall、runtime surface、Wazuh、agent-bounty-protocol 與 AI Agent 納管狀態;它不查即時主機、不讀機密、不啟動掃描、不送告警、不開 runtime gate。", "statusLabel": "總表狀態", "statusDetail": "納管總表只代表控制面可讀與缺口已集中,不代表所有主機、產品、服務或 AI Agent 已完成 runtime 控管。", "emptyDomains": "尚未讀回控制域,維持阻擋狀態。", @@ -20851,7 +20851,7 @@ "checksLoading": "正在讀取 reviewer checks。", "checksFallback": "Reviewer checks 尚未由正式 API 讀回,維持 fallback 停止線。", "boundaryTitle": "Reviewer validation 停止線", - "boundaryIntro": "以下鍵值固定:reviewer validation passed 只代表脫敏 evidence refs 通過 no-persist 驗證;accepted 不代表 manager registry accepted、active response、agent restart、host write、secret rotation 或 runtime gate 已授權。", + "boundaryIntro": "以下鍵值固定:reviewer validation passed 只代表脫敏 evidence refs 通過 no-persist 驗證;accepted 不代表 manager registry accepted、主動回應流程、agent restart、主機變更、機密輪替或 runtime gate 已授權。", "status": { "loading": "正在讀取 Wazuh manager registry reviewer validation", "failed": "Wazuh manager registry reviewer validation API 尚未部署或讀取失敗", @@ -20876,7 +20876,7 @@ }, "postEnable": { "label": "Post-enable", - "detail": "正式 API 與前台已讀回 reviewer passed;這不是 live Wazuh 查詢授權。" + "detail": "正式 API 與前台已讀回 reviewer passed;這不是管理端即時查詢授權。" }, "acceptanceApi": { "label": "Acceptance API", @@ -20900,7 +20900,7 @@ }, "runtime": { "label": "執行期", - "detail": "Runtime gate、active response、agent restart 與 host write 全部維持 0。" + "detail": "Runtime gate、主動回應流程、agent restart 與主機變更全部維持 0。" } } }, @@ -21002,7 +21002,7 @@ }, "runtimeGate": { "label": "執行期", - "detail": "runtime gate、host write、active response、scan、auto block 與 action button 都是 0。" + "detail": "runtime gate、主機變更、主動回應流程、scan、auto block 與 action button 都是 0。" } }, "items": { @@ -21036,7 +21036,7 @@ }, "runtimeBoundary": { "title": "執行邊界維持 0 / false", - "body": "Wazuh active response、Kali active scan、Kali /execute、Nginx reload、firewall change、SOAR 與 auto block 都未授權。" + "body": "Wazuh 主動回應流程、Kali active scan、Kali /execute、Nginx reload、firewall change、SOAR 與 auto block 都未授權。" } } }, @@ -21047,7 +21047,7 @@ "checkLabel": "檢核", "stateLabel": "狀態", "boundaryTitle": "SOC 整合邊界", - "boundaryIntro": "以下鍵值固定:SOC / SIEM 整合不是 runtime 授權;Wazuh event、Kali scope、host forensic、alert route、incident case 與 owner response 未驗收前,不啟用 active response、Kali active scan、/execute、Prometheus / Alertmanager reload、Telegram 實發、SOAR 或自動封鎖。", + "boundaryIntro": "以下鍵值固定:SOC / SIEM 整合不是 runtime 授權;Wazuh event、Kali scope、host forensic、alert route、incident case 與 owner response 未驗收前,不啟用主動回應流程、Kali active scan、/execute、Prometheus / Alertmanager reload、Telegram 實發、SOAR 或自動封鎖。", "summary": { "frameworks": { "label": "框架", @@ -21075,7 +21075,7 @@ }, "runtimeGate": { "label": "執行期", - "detail": "runtime gate、action button、active response 與掃描都仍為 0。" + "detail": "runtime gate、action button、主動回應流程與掃描都仍為 0。" } }, "items": { @@ -21109,7 +21109,7 @@ }, "runtimeBoundary": { "title": "runtime 邊界維持 0 / false", - "body": "Wazuh active response、Kali scan、Prometheus reload、Telegram 發送、auto block 與 action button 全部維持關閉。" + "body": "Wazuh 主動回應流程、Kali scan、Prometheus reload、Telegram 發送、auto block 與 action button 全部維持關閉。" }, "operatingModel": { "title": "營運角色已拆分", @@ -21148,7 +21148,7 @@ }, "runtimeGate": { "label": "執行期", - "detail": "active response、scan、reload、firewall、host write 與 action button 都是 0。" + "detail": "主動回應流程、scan、reload、firewall、主機變更與 action button 都是 0。" } }, "items": { @@ -21182,7 +21182,7 @@ }, "runtimeBoundary": { "title": "跨專案與 runtime 動作不得自動執行", - "body": "需要跨專案同步、維護窗口或 break-glass、rollback owner;Wazuh active response、Kali scan、reload、firewall、host write、Telegram 實發與 SOAR 都需獨立批准。" + "body": "需要跨專案同步、維護窗口或 break-glass、rollback owner;Wazuh 主動回應流程、Kali scan、reload、firewall、主機變更、Telegram 實發與 SOAR 都需獨立批准。" } } }, @@ -21193,7 +21193,7 @@ "checkLabel": "檢核", "stateLabel": "狀態", "boundaryTitle": "資安資產總帳邊界", - "boundaryIntro": "以下鍵值固定:資安資產總帳完成只代表 repo-side 控制面已收斂;owner response、live evidence、runtime gate、host write、Kali active scan、Wazuh active response、SOAR、auto block 與 正式環境寫入 仍全部維持 0 / false。", + "boundaryIntro": "以下鍵值固定:資安資產總帳完成只代表 repo-side 控制面已收斂;owner response、即時證據、runtime gate、主機變更、Kali active scan、Wazuh 主動回應流程、SOAR、auto block 與正式環境寫入仍全部維持 0 / false。", "summary": { "assetGroups": { "label": "資產群組", @@ -21209,7 +21209,7 @@ }, "runtimeGate": { "label": "執行期", - "detail": "runtime gate、action button、host write、active scan 全部為 0。" + "detail": "runtime gate、action button、主機變更、active scan 全部為 0。" } }, "items": { @@ -21219,7 +21219,7 @@ }, "hostNetwork": { "title": "主機與網路待 owner", - "body": "Docker、systemd、SSH、firewall、WireGuard、NodePort 與 NetworkPolicy 只收脫敏狀態,不做 host write。" + "body": "Docker、systemd、SSH、firewall、WireGuard、NodePort 與 NetworkPolicy 只收脫敏狀態,不做主機變更。" }, "k8sWorkflow": { "title": "GitOps 與 workflow 待回讀", @@ -21227,7 +21227,7 @@ }, "wazuhKali": { "title": "Wazuh / Kali 維持證據收件", - "body": "Wazuh event refs、Kali scope、health 與 finding envelope 仍待補;active response、active scan 與 /execute 仍未授權。" + "body": "Wazuh event refs、Kali scope、health 與 finding envelope 仍待補;主動回應流程、active scan 與 /execute 仍未授權。" }, "alertBackup": { "title": "告警與復原避免假綠燈", @@ -21254,7 +21254,7 @@ "checkLabel": "優先", "stateLabel": "狀態", "boundaryTitle": "外部入侵防堵邊界", - "boundaryIntro": "以下鍵值固定:防堵矩陣不是主機操作授權;沒有 owner、維護窗口、rollback、validation 與 postcheck 前,不執行 SSH、firewall、Nginx reload、Wazuh active response、套件更新、secret 輪替或 正式環境寫入。", + "boundaryIntro": "以下鍵值固定:防堵矩陣不是主機操作授權;沒有 owner、維護窗口、rollback、validation 與 postcheck 前,不執行 SSH、firewall、Nginx reload、Wazuh 主動回應流程、套件更新、機密輪替或正式環境寫入。", "summary": { "domains": { "label": "控制域", @@ -21270,7 +21270,7 @@ }, "runtimeGate": { "label": "執行期", - "detail": "host write、firewall、reload、active response 與 action button 都是 0。" + "detail": "主機變更、firewall、reload、主動回應流程與 action button 都是 0。" } }, "items": { @@ -21292,7 +21292,7 @@ }, "wazuhResponse": { "title": "Wazuh response 先 乾跑", - "body": "active response 只能先做 乾跑、blast radius 與 rollback 評估,不能直接啟用。" + "body": "主動回應流程只能先做乾跑、blast radius 與 rollback 評估,不能直接啟用。" }, "backupRestore": { "title": "復原退路要先驗", @@ -21415,10 +21415,10 @@ "ownerEvidenceIntakePreflight": { "eyebrow": "負責人證據收件預檢", "title": "Nginx、DNS、K8s、機密、執行器與 Wazuh 證據先進同一條收件線", - "subtitle": "此卡只讀 committed snapshot,把六條 P0 owner-provided redacted evidence lane 統一成可檢查欄位、拒收規則與 0 / false 邊界;不送 request、不收回覆、不寫 reviewer queue、不查 live host、不開 runtime action。", + "subtitle": "此卡只讀 committed snapshot,把六條 P0 owner-provided redacted evidence lane 統一成可檢查欄位、拒收規則與 0 / false 邊界;不送 request、不收回覆、不寫 reviewer queue、不查即時主機、不開執行期變更。", "stateLabel": "收件來源", "boundaryTitle": "負責人證據收件邊界", - "boundaryIntro": "以下鍵值固定:預檢可見不代表 request 已送出、回覆已收到、reviewer 已接受、Nginx 可 reload、ArgoCD 可 sync、workflow 可改、Wazuh 可 active response 或 Kali 可掃描。", + "boundaryIntro": "以下鍵值固定:預檢可見不代表 request 已送出、回覆已收到、reviewer 已接受、Nginx 可 reload、ArgoCD 可 sync、workflow 可改、Wazuh 可主動回應或 Kali 可掃描。", "apiStatus": { "loading": "正在讀取只讀 API", "ready": "只讀 API 已接上", @@ -21493,7 +21493,7 @@ }, "sshNetwork": { "title": "SSH / network / firewall", - "body": "repo-only 清冊已納入 16 個 SSH / network access surface,並新增外部入侵防堵矩陣;目前成熟度 70%,SSH、sudo、known_hosts、firewall、WireGuard、NodePort 與 NetworkPolicy 都需要 before / after state、維護窗口與 rollback owner。防火牆變更、port close / open、SSH 寫入、host write、readback accepted 與 runtime gate 仍全部為 0。" + "body": "repo-only 清冊已納入 16 個 SSH / network access surface,並新增外部入侵防堵矩陣;目前成熟度 70%,SSH、sudo、known_hosts、firewall、WireGuard、NodePort 與 NetworkPolicy 都需要 before / after state、維護窗口與 rollback owner。防火牆變更、port close / open、SSH 寫入、主機變更、readback accepted 與 runtime gate 仍全部為 0。" }, "k8sGitops": { "title": "K8s / ArgoCD GitOps", @@ -21505,7 +21505,7 @@ }, "monitoring": { "title": "監控與告警設定", - "body": "已新增 60 個 monitoring / alerting / observability surface、事故後回讀計畫、Wazuh / 主機入侵 readback plan 與外部入侵防堵矩陣;目前只讀成熟度 74%。Wazuh event、主機鑑識、containment、recovery proof、active response、host write、runtime gate 與 action button 仍全部為 0。" + "body": "已新增 60 個 monitoring / alerting / observability surface、事故後回讀計畫、Wazuh / 主機入侵 readback plan 與外部入侵防堵矩陣;目前只讀成熟度 74%。Wazuh event、主機鑑識、containment、recovery proof、主動回應流程、主機變更、runtime gate 與 action button 仍全部為 0。" } } },