From 392c1741ca8ebcb57ffdf1b2802d4a6043398b38 Mon Sep 17 00:00:00 2001 From: Your Name Date: Sun, 28 Jun 2026 10:55:29 +0800 Subject: [PATCH] docs(logbook): record wazuh runtime preflight production readback [skip ci] --- docs/LOGBOOK.md | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index ad7554e4..0f93388f 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -48404,3 +48404,41 @@ production browser smoke: **仍維持**: - regular `awoooi-cd-lane.service` masked/inactive;legacy direct runner units fail-closed。 - 不讀 `.runner`、SQLite、raw session、auth、`.env`;只驗 systemd、capacity/labels 與 binary kind。 + +## 2026-06-28 — 10:54 Wazuh runtime controlled apply preflight production 完成 + +**時間與來源**: +- 2026-06-28 10:17-10:54 Asia/Taipei。 +- 來源:feature commit `b010afdbf feat(iwooos): add wazuh controlled apply preflight`、Gitea main deploy trigger `9b9f1cf38`、deploy marker `104546308`、CD `cd.yaml #3792`。 +- 追加確認時 main 已前進到 `46faf9cb6`;本段 production readback 以已部署 `#3792 / 104546308` 為證據,且 Wazuh API contract 已包含於最新 main。 + +**完成內容**: +- 新增 `GET /api/v1/iwooos/wazuh-runtime-controlled-apply-preflight`,回傳公開安全 target selector、source-of-truth diff、check-mode / dry-run、rollback、post-apply verifier、KM / PlayBook writeback 與 runtime gate 邊界。 +- 新增 `POST /api/v1/iwooos/wazuh-runtime-controlled-apply-preflight/validate-controlled-apply-packet`,只做 redacted controlled-apply packet no-persist validation;可分流 accepted / quarantine sensitive payload / reject runtime action。 +- `GET /api/v1/iwooos/runtime-security-readback` 納入 Wazuh runtime controlled apply preflight lane,`source_snapshot_count=11`、`p0_lane_count=10`、`wazuh_runtime_apply_preflight_ready_count=1`、`wazuh_runtime_apply_runtime_gate_count=0`。 +- `/zh-TW/iwooos` 新增對應前台讀回與 i18n;前台仍只顯示公開安全摘要,不顯示 raw Wazuh payload、內網位址、secret 或 raw session 文字。 + +**驗證結果**: +- 本地:`py_compile`、ruff format/check、focused API tests、完整 API tests `3477 passed, 23 skipped`、web `tsc --noEmit`、JSON validation、`git diff --check` 均通過。 +- Gitea:`cd.yaml #3792` build/deploy job `Job succeeded`;API / web image build push 完成,api / web rollout 成功。 +- Production GET preflight:HTTP 200,schema `iwooos_wazuh_runtime_controlled_apply_preflight_readback_v1`。 +- Production GET runtime-security:HTTP 200,schema `iwooos_runtime_security_readback_v1`,`source_snapshot_count=11`、`p0_lane_count=10`。 +- Production POST valid redacted packet:HTTP 200,status `accepted_for_controlled_apply_preflight_review_only`、`payload_persisted=false`、`runtime_execution_authorized=false`、`runtime_gate_open=false`。 +- Production POST sensitive dummy packet:HTTP 200,status `quarantine_sensitive_payload`,未 echo dummy `10.1.2.3` 或 dummy bearer string。 +- Production POST runtime-action packet:HTTP 200,status `reject_runtime_action_request`、`runtime_gate_count=0`。 +- POST 後 GET preflight counters 仍全 `0`:received / accepted / quarantined / runtime action rejected / runtime gate / live Wazuh query / active response / host write / secret collection。 +- Browser smoke `/zh-TW/iwooos`:desktop `1440x1100`、mobile `390x664` 皆 HTTP 200、console error `0`、page error `0`、horizontal overflow `false`、forbidden hits `0`。 + +**仍維持 0 / false**: +- `runtime_gate_count=0`、`wazuh_api_live_query_authorized_count=0`、`wazuh_active_response_authorized_count=0`、`host_write_authorized_count=0`、`secret_value_collection_allowed_count=0`。 +- `payload_persisted=false`、`runtime_execution_authorized=false`、`runtime_gate_open=false`。 +- 此段是 controlled apply preflight / review readiness,不是 live Wazuh query、agent restart、active response、host write 或 runtime gate 開啟。 + +**未做**: +- 沒有 live Wazuh API query、沒有 host / Docker / systemd / Nginx / firewall / K8s node / DB / Wazuh runtime 寫操作。 +- 沒有讀 secret 明文、沒有讀 `.env`、沒有讀 raw sessions / SQLite / auth、沒有 force push。 +- 沒有繞過 110 runner / direct CD lane 壓力事故例外;沒有把 pressure gate 改成 warn-only。 + +**下一個 P0**: +- 將 Wazuh runtime gate owner review packet 從 no-persist validation 推進為 committed review readback:保留 redacted evidence refs、target selector、source diff、check-mode / dry-run、rollback、post-apply verifier 與 KM writeback;仍不得查 live Wazuh 或做 host write。 +- 若要進一步打開 runtime gate,必須逐 target 以 check-mode / dry-run、rollback owner、maintenance window 與 post-apply verifier 收斂,並在 production readback 中證明沒有 secret/raw payload 外洩。