feat(iwooos): 強化主機服務事故回補 gate
All checks were successful
Code Review / ai-code-review (push) Successful in 13s
CD Pipeline / tests (push) Successful in 1m40s
CD Pipeline / build-and-deploy (push) Successful in 6m17s
CD Pipeline / post-deploy-checks (push) Successful in 1m35s

This commit is contained in:
Your Name
2026-06-15 14:48:52 +08:00
parent a036b07673
commit 41f5ff1a38
17 changed files with 588 additions and 83 deletions

View File

@@ -2719,7 +2719,7 @@ def validate(root: Path) -> None:
assert_equal(
"high_value_config_coverage.summary.needs_live_evidence_count",
high_value_config_coverage["summary"]["needs_live_evidence_count"],
9,
10,
)
for key in [
"owner_response_received_count",
@@ -3135,12 +3135,12 @@ def validate(root: Path) -> None:
assert_equal(
"high_value_config_coverage.coverage_categories.docker.coverage_percent",
docker_systemd_category["coverage_percent"],
54,
58,
)
assert_equal(
"high_value_config_coverage.coverage_categories.docker.coverage_status",
docker_systemd_category["coverage_status"],
"owner_response_acceptance_ledger_ready_needs_live_owner_evidence",
"incident_recovery_backfill_ready_needs_live_owner_evidence",
)
for evidence_ref in [
"docs/security/HOST-SERVICE-CONFIG-INVENTORY.md",
@@ -3474,11 +3474,11 @@ def validate(root: Path) -> None:
"acceptance_candidate_count": 9,
"write_capable_acceptance_candidate_count": 3,
"live_evidence_required_candidate_count": 8,
"acceptance_field_count": 28,
"required_owner_field_count": 12,
"reviewer_check_count": 14,
"outcome_lane_count": 7,
"blocked_action_count": 20,
"acceptance_field_count": 34,
"required_owner_field_count": 18,
"reviewer_check_count": 21,
"outcome_lane_count": 8,
"blocked_action_count": 27,
"request_sent_count": 0,
"recipient_confirmed_count": 0,
"owner_response_received_count": 0,
@@ -3493,6 +3493,12 @@ def validate(root: Path) -> None:
"rollback_owner_accepted_count": 0,
"post_check_plan_accepted_count": 0,
"disable_switch_accepted_count": 0,
"config_source_of_truth_accepted_count": 0,
"service_dependency_map_accepted_count": 0,
"port_binding_inventory_accepted_count": 0,
"cold_start_sequence_accepted_count": 0,
"incident_recovery_evidence_accepted_count": 0,
"daemon_runner_contention_accepted_count": 0,
"host_write_authorized_count": 0,
"ssh_read_authorized_count": 0,
"ssh_write_authorized_count": 0,
@@ -3551,6 +3557,13 @@ def validate(root: Path) -> None:
"rollback_owner_present",
"post_check_plan_present",
"disable_switch_present",
"config_source_of_truth_present",
"service_dependency_map_present",
"port_binding_inventory_present",
"cold_start_sequence_present",
"incident_recovery_evidence_present",
"daemon_runner_contention_reviewed",
"silent_restart_not_accepted",
"write_capable_requires_extra_review",
"no_runtime_request",
"counts_transition_safe",
@@ -3565,6 +3578,7 @@ def validate(root: Path) -> None:
"quarantine_secret_or_raw_payload",
"reject_execution_request",
"request_supplement",
"incident_recovery_backfill_required",
"ready_for_host_service_review",
"owner_review_only_update",
"waiting_runtime_gate",
@@ -3593,6 +3607,13 @@ def validate(root: Path) -> None:
"raw_live_config_storage",
"restart_without_window",
"rollback_without_owner",
"accept_silent_restart",
"treat_service_healthy_as_config_accepted",
"skip_config_source_of_truth_review",
"skip_service_dependency_map",
"skip_port_binding_review",
"skip_cold_start_sequence",
"hide_daemon_runner_contention",
"runtime_gate_open",
"add_action_button",
]
@@ -3605,27 +3626,27 @@ def validate(root: Path) -> None:
assert_equal(
f"host_service_owner_response_acceptance.{item['acceptance_candidate_id']}.acceptance_fields",
len(item["acceptance_fields"]),
28,
34,
)
assert_equal(
f"host_service_owner_response_acceptance.{item['acceptance_candidate_id']}.required_owner_fields",
len(item["required_owner_fields"]),
12,
18,
)
assert_equal(
f"host_service_owner_response_acceptance.{item['acceptance_candidate_id']}.reviewer_checks",
len(item["reviewer_checks"]),
14,
21,
)
assert_equal(
f"host_service_owner_response_acceptance.{item['acceptance_candidate_id']}.outcome_lanes",
len(item["outcome_lanes"]),
7,
8,
)
assert_equal(
f"host_service_owner_response_acceptance.{item['acceptance_candidate_id']}.blocked_actions",
len(item["blocked_actions"]),
20,
27,
)
assert_true(
f"host_service_owner_response_acceptance.{item['acceptance_candidate_id']}.not_approval",
@@ -3646,6 +3667,12 @@ def validate(root: Path) -> None:
"rollback_owner_accepted",
"post_check_plan_accepted",
"disable_switch_accepted",
"config_source_of_truth_accepted",
"service_dependency_map_accepted",
"port_binding_inventory_accepted",
"cold_start_sequence_accepted",
"incident_recovery_evidence_accepted",
"daemon_runner_contention_accepted",
"host_write_authorized",
"ssh_read_authorized",
"ssh_write_authorized",
@@ -6325,8 +6352,8 @@ def validate(root: Path) -> None:
"high_value_config_control_coverage_category_count": 14,
"high_value_config_control_coverage_c0_category_count": 8,
"high_value_config_control_coverage_c1_category_count": 4,
"high_value_config_control_coverage_average_percent": 68,
"high_value_config_control_coverage_needs_live_evidence_count": 9,
"high_value_config_control_coverage_average_percent": 69,
"high_value_config_control_coverage_needs_live_evidence_count": 10,
"high_value_config_control_coverage_owner_response_required_count": 14,
"high_value_config_control_coverage_owner_response_received_count": 0,
"high_value_config_control_coverage_owner_response_accepted_count": 0,
@@ -16212,7 +16239,7 @@ def validate(root: Path) -> None:
assert_text_contains(
"iwooos_page.high_value_config_control_coverage_docker_systemd_percent",
iwooos_projection_page,
"{ key: 'dockerSystemd', rank: 'P1-1', value: '54%'",
"{ key: 'dockerSystemd', rank: 'P1-1', value: '58%'",
)
assert_text_contains(
"iwooos_page.high_value_config_control_coverage_ssh_network_percent",
@@ -16242,7 +16269,7 @@ def validate(root: Path) -> None:
"high_value_config_control_coverage_c0_category_count=8",
"high_value_config_control_coverage_c1_category_count=4",
"high_value_config_control_coverage_average_percent=69",
"high_value_config_control_coverage_needs_live_evidence_count=9",
"high_value_config_control_coverage_needs_live_evidence_count=10",
"high_value_config_control_coverage_owner_response_required_count=14",
"high_value_config_control_coverage_owner_response_received_count=0",
"high_value_config_control_coverage_owner_response_accepted_count=0",
@@ -16326,7 +16353,10 @@ def validate(root: Path) -> None:
"host_service_config_inventory_runtime_gate_count=0",
"host_service_owner_response_acceptance_candidate_count=9",
"host_service_owner_response_acceptance_write_capable_candidate_count=3",
"host_service_owner_response_acceptance_reviewer_check_count=14",
"host_service_owner_response_acceptance_required_owner_field_count=18",
"host_service_owner_response_acceptance_reviewer_check_count=21",
"host_service_owner_response_acceptance_outcome_lane_count=8",
"host_service_owner_response_acceptance_blocked_action_count=27",
"host_service_owner_response_acceptance_runtime_gate_count=0",
"ssh_network_access_inventory_surface_count=16",
"ssh_network_access_inventory_write_capable_surface_count=6",