feat(iwooos): 強化主機服務事故回補 gate
All checks were successful
Code Review / ai-code-review (push) Successful in 13s
CD Pipeline / tests (push) Successful in 1m40s
CD Pipeline / build-and-deploy (push) Successful in 6m17s
CD Pipeline / post-deploy-checks (push) Successful in 1m35s

This commit is contained in:
Your Name
2026-06-15 14:48:52 +08:00
parent a036b07673
commit 41f5ff1a38
17 changed files with 588 additions and 83 deletions

View File

@@ -156,8 +156,8 @@ CONTROL_STATUS_BY_CATEGORY = {
"next_owner_action": "補 Prometheus / Alertmanager / Grafana / SigNoz / Sentry / Langfuse / Telegram owner、live drift evidence、reload window、receiver owner、route smoke plan、noise budget、rollback owner 與 no-secret-value evidence。",
},
"docker_compose_systemd_host_config": {
"coverage_status": "owner_response_acceptance_ledger_ready_needs_live_owner_evidence",
"coverage_percent": 54,
"coverage_status": "incident_recovery_backfill_ready_needs_live_owner_evidence",
"coverage_percent": 58,
"evidence_refs": [
"docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md",
"docs/security/HOST-SERVICE-CONFIG-INVENTORY.md",
@@ -168,8 +168,8 @@ CONTROL_STATUS_BY_CATEGORY = {
"docs/security/host-service-owner-response-acceptance.snapshot.json",
"docs/security/DEV-HOSTS-112-111-168-OBSERVE-ONLY-MAPPING.md",
],
"current_gap": "已固定 9 份 Docker / systemd / host service owner response acceptance candidate仍缺 owner response、110 / 188 live hash、maintenance / restart window、rollback owner、post-check plan、disable switch 與 no-secret-value evidence。",
"next_owner_action": "補 owner-provided live hash / disposition、compose / systemd owner、maintenance / restart window、rollback owner、post-check plandisable switch。",
"current_gap": "已固定 9 份 Docker / systemd / host service owner response acceptance candidate並加入事故恢復、依賴圖、port binding、cold-start sequence、source-of-truth 與 daemon / runner 競爭回補欄位;仍缺 owner response、110 / 188 live hash、maintenance / restart window、rollback owner、post-check plan、disable switch 與 no-secret-value evidence。",
"next_owner_action": "補 owner-provided live hash / disposition、compose / systemd owner、maintenance / restart window、rollback owner、post-check plandisable switch、source-of-truth、服務依賴圖、port binding、cold-start sequence、incident recovery evidence 與 daemon / runner contention review",
},
"ssh_firewall_network_access": {
"coverage_status": "incident_change_evidence_acceptance_ready_needs_network_owner_evidence",
@@ -384,6 +384,7 @@ def build_report(root: Path, generated_at: str | None) -> dict[str, Any]:
"policy_ready_needs_drift_evidence",
"inventory_needed",
"repo_only_inventory_ready_needs_live_owner_evidence",
"incident_recovery_backfill_ready_needs_live_owner_evidence",
"policy_ready_needs_network_matrix",
"policy_ready_needs_dry_run_pack",
}