feat(web): bridge audit review pages to IwoooS
This commit is contained in:
@@ -17,6 +17,7 @@
|
||||
import { useState, useEffect, useCallback, useRef } from 'react'
|
||||
import { useTranslations } from 'next-intl'
|
||||
import { AppLayout } from '@/components/layout'
|
||||
import { IwoooSReadOnlyBridge } from '@/components/security/iwooos-read-only-bridge'
|
||||
import { cn } from '@/lib/utils'
|
||||
import {
|
||||
Activity,
|
||||
@@ -196,6 +197,8 @@ export default function AlertOperationLogsPage({ params }: { params: { locale: s
|
||||
</button>
|
||||
</div>
|
||||
|
||||
<IwoooSReadOnlyBridge variant="dark" />
|
||||
|
||||
{/* Stats */}
|
||||
{stats && (
|
||||
<div className="grid grid-cols-2 md:grid-cols-4 gap-3">
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
'use client'
|
||||
|
||||
import { AppLayout } from '@/components/layout'
|
||||
import { IwoooSReadOnlyBridge } from '@/components/security/iwooos-read-only-bridge'
|
||||
import {
|
||||
Activity,
|
||||
Bot,
|
||||
@@ -56,6 +57,8 @@ export default function CodeReviewPage({ params }: { params: { locale: string }
|
||||
</a>
|
||||
</header>
|
||||
|
||||
<IwoooSReadOnlyBridge variant="dark" />
|
||||
|
||||
<section className="grid gap-3 md:grid-cols-4">
|
||||
<div className="rounded border border-gray-800 bg-gray-950 p-4">
|
||||
<div className="flex items-center gap-2 text-xs text-gray-400">
|
||||
|
||||
@@ -23,8 +23,21 @@ const boundaries = [
|
||||
'not_authorization=true',
|
||||
] as const
|
||||
|
||||
export function IwoooSReadOnlyBridge() {
|
||||
type IwoooSReadOnlyBridgeProps = {
|
||||
variant?: 'light' | 'dark'
|
||||
}
|
||||
|
||||
export function IwoooSReadOnlyBridge({ variant = 'light' }: IwoooSReadOnlyBridgeProps) {
|
||||
const t = useTranslations('security.iwooosBridge')
|
||||
const isDark = variant === 'dark'
|
||||
const panelBackground = isDark ? '#111827' : '#fff'
|
||||
const headerBackground = isDark ? '#0f172a' : '#faf9f3'
|
||||
const borderColor = isDark ? '#374151' : '#e0ddd4'
|
||||
const softBorderColor = isDark ? '#1f2937' : '#f0ede4'
|
||||
const primaryText = isDark ? '#f9fafb' : '#141413'
|
||||
const bodyText = isDark ? '#d1d5db' : '#5f5d56'
|
||||
const mutedText = isDark ? '#9ca3af' : '#87867f'
|
||||
const linkBackground = isDark ? '#111827' : '#fff'
|
||||
|
||||
return (
|
||||
<>
|
||||
@@ -47,8 +60,8 @@ export function IwoooSReadOnlyBridge() {
|
||||
flexDirection: 'column',
|
||||
alignItems: 'stretch',
|
||||
gap: 6,
|
||||
background: '#fff',
|
||||
border: '0.5px solid #e0ddd4',
|
||||
background: panelBackground,
|
||||
border: `0.5px solid ${borderColor}`,
|
||||
borderRadius: 8,
|
||||
marginBottom: 12,
|
||||
padding: '10px 8px',
|
||||
@@ -56,11 +69,11 @@ export function IwoooSReadOnlyBridge() {
|
||||
>
|
||||
<div style={{ display: 'flex', alignItems: 'center', gap: 6, minWidth: 0 }}>
|
||||
<ShieldCheck size={15} strokeWidth={1.8} color="#d97757" style={{ flex: '0 0 auto' }} />
|
||||
<div style={{ fontSize: 12, fontWeight: 700, color: '#141413', lineHeight: 1.2, minWidth: 0 }}>
|
||||
<div style={{ fontSize: 12, fontWeight: 700, color: primaryText, lineHeight: 1.2, minWidth: 0 }}>
|
||||
{t('compactTitle')}
|
||||
</div>
|
||||
</div>
|
||||
<div style={{ fontSize: 10, color: '#87867f', lineHeight: 1.35 }}>
|
||||
<div style={{ fontSize: 10, color: mutedText, lineHeight: 1.35 }}>
|
||||
{t('compactDetail')}
|
||||
</div>
|
||||
<Link
|
||||
@@ -74,8 +87,8 @@ export function IwoooSReadOnlyBridge() {
|
||||
minWidth: 0,
|
||||
height: 26,
|
||||
border: '0.5px solid #d97757',
|
||||
background: '#fff',
|
||||
color: '#141413',
|
||||
background: linkBackground,
|
||||
color: primaryText,
|
||||
textDecoration: 'none',
|
||||
}}
|
||||
>
|
||||
@@ -87,8 +100,8 @@ export function IwoooSReadOnlyBridge() {
|
||||
className="iwooos-bridge-full"
|
||||
data-testid="iwooos-read-only-bridge"
|
||||
style={{
|
||||
background: '#fff',
|
||||
border: '0.5px solid #e0ddd4',
|
||||
background: panelBackground,
|
||||
border: `0.5px solid ${borderColor}`,
|
||||
borderRadius: 12,
|
||||
marginBottom: 16,
|
||||
overflow: 'hidden',
|
||||
@@ -102,17 +115,17 @@ export function IwoooSReadOnlyBridge() {
|
||||
justifyContent: 'space-between',
|
||||
gap: 12,
|
||||
padding: '14px 16px',
|
||||
borderBottom: '0.5px solid #e0ddd4',
|
||||
background: '#faf9f3',
|
||||
borderBottom: `0.5px solid ${borderColor}`,
|
||||
background: headerBackground,
|
||||
}}
|
||||
>
|
||||
<div style={{ display: 'flex', alignItems: 'flex-start', gap: 10, minWidth: 0 }}>
|
||||
<ShieldCheck size={18} strokeWidth={1.8} color="#d97757" style={{ marginTop: 2, flex: '0 0 auto' }} />
|
||||
<div style={{ minWidth: 0 }}>
|
||||
<div style={{ fontSize: 13, fontWeight: 700, color: '#141413', lineHeight: 1.4 }}>
|
||||
<div style={{ fontSize: 13, fontWeight: 700, color: primaryText, lineHeight: 1.4 }}>
|
||||
{t('title')}
|
||||
</div>
|
||||
<p style={{ fontSize: 12, color: '#5f5d56', margin: '4px 0 0', lineHeight: 1.65 }}>
|
||||
<p style={{ fontSize: 12, color: bodyText, margin: '4px 0 0', lineHeight: 1.65 }}>
|
||||
{t('subtitle')}
|
||||
</p>
|
||||
</div>
|
||||
@@ -126,8 +139,8 @@ export function IwoooSReadOnlyBridge() {
|
||||
minHeight: 32,
|
||||
padding: '0 10px',
|
||||
border: '0.5px solid #d97757',
|
||||
background: '#fff',
|
||||
color: '#141413',
|
||||
background: linkBackground,
|
||||
color: primaryText,
|
||||
textDecoration: 'none',
|
||||
fontSize: 12,
|
||||
fontWeight: 700,
|
||||
@@ -144,18 +157,18 @@ export function IwoooSReadOnlyBridge() {
|
||||
display: 'grid',
|
||||
gridTemplateColumns: 'repeat(auto-fit, minmax(120px, 1fr))',
|
||||
gap: 0,
|
||||
borderBottom: '0.5px solid #e0ddd4',
|
||||
borderBottom: `0.5px solid ${borderColor}`,
|
||||
}}
|
||||
>
|
||||
{metrics.map(metric => (
|
||||
<div key={metric.key} style={{ padding: '12px 16px', borderRight: '0.5px solid #f0ede4' }}>
|
||||
<div style={{ fontSize: 10, color: '#87867f', textTransform: 'uppercase', letterSpacing: '0.04em', marginBottom: 4 }}>
|
||||
<div key={metric.key} style={{ padding: '12px 16px', borderRight: `0.5px solid ${softBorderColor}` }}>
|
||||
<div style={{ fontSize: 10, color: mutedText, textTransform: 'uppercase', letterSpacing: '0.04em', marginBottom: 4 }}>
|
||||
{t(`metrics.${metric.key}.label`)}
|
||||
</div>
|
||||
<div style={{ fontSize: 20, fontWeight: 700, color: '#141413', lineHeight: 1.2 }}>
|
||||
<div style={{ fontSize: 20, fontWeight: 700, color: primaryText, lineHeight: 1.2 }}>
|
||||
{metric.value}
|
||||
</div>
|
||||
<div style={{ fontSize: 11, color: '#87867f', marginTop: 4, lineHeight: 1.5 }}>
|
||||
<div style={{ fontSize: 11, color: mutedText, marginTop: 4, lineHeight: 1.5 }}>
|
||||
{t(`metrics.${metric.key}.detail`)}
|
||||
</div>
|
||||
</div>
|
||||
@@ -169,21 +182,21 @@ export function IwoooSReadOnlyBridge() {
|
||||
gap: 0,
|
||||
}}
|
||||
>
|
||||
<div style={{ padding: '12px 16px', borderRight: '0.5px solid #f0ede4' }}>
|
||||
<div style={{ fontSize: 11, fontWeight: 700, color: '#141413', marginBottom: 8 }}>
|
||||
<div style={{ padding: '12px 16px', borderRight: `0.5px solid ${softBorderColor}` }}>
|
||||
<div style={{ fontSize: 11, fontWeight: 700, color: primaryText, marginBottom: 8 }}>
|
||||
{t('sourceLabel')}
|
||||
</div>
|
||||
<p style={{ fontSize: 12, color: '#5f5d56', margin: 0, lineHeight: 1.65 }}>
|
||||
<p style={{ fontSize: 12, color: bodyText, margin: 0, lineHeight: 1.65 }}>
|
||||
{t('sourceDetail')}
|
||||
</p>
|
||||
</div>
|
||||
<div style={{ padding: '12px 16px' }}>
|
||||
<div style={{ fontSize: 11, fontWeight: 700, color: '#141413', marginBottom: 8 }}>
|
||||
<div style={{ fontSize: 11, fontWeight: 700, color: primaryText, marginBottom: 8 }}>
|
||||
{t('boundaryLabel')}
|
||||
</div>
|
||||
<div style={{ display: 'grid', gap: 5 }}>
|
||||
{boundaries.map(boundary => (
|
||||
<code key={boundary} style={{ fontSize: 11, color: '#141413', wordBreak: 'break-word' }}>
|
||||
<code key={boundary} style={{ fontSize: 11, color: primaryText, wordBreak: 'break-word' }}>
|
||||
{boundary}
|
||||
</code>
|
||||
))}
|
||||
|
||||
@@ -1,3 +1,18 @@
|
||||
## 2026-05-20 | 資安供應鏈 S2.61:Audit / Engineering Pages IwoooS Reverse Bridge
|
||||
|
||||
**背景**:S2.60 已讓告警、錯誤、授權與治理頁面能看見 IwoooS;本輪補上稽核操作日誌與 Code Review 控制面,讓使用者在事件稽核與工程審查入口也能理解它們已納入 IwoooS 資安網。
|
||||
|
||||
**完成**:
|
||||
- `/alert-operation-logs` 新增 IwoooS 深色只讀橋接,讓告警操作事件日誌回到 mirror-only 資安語境。
|
||||
- `/code-review` 新增 IwoooS 深色只讀橋接,讓 AI Code Review 控制面顯示目前仍是非阻擋、非 runtime gate 的資安框架狀態。
|
||||
- `IwoooSReadOnlyBridge` 支援 `light` / `dark` variant,沿用相同 i18n 文案與 `/iwooos` 只讀入口。
|
||||
- `security_mirror_status_rollup_v1` micro progress ledger 新增 `s2_61_audit_engineering_pages_iwooos_reverse_bridge`,並新增 `show_audit_engineering_pages_iwooos_reverse_bridge` next safe action。
|
||||
- `security-mirror-progress-guard.py` 開始驗證 `/alert-operation-logs` 與 `/code-review` 的深色只讀橋接。
|
||||
|
||||
**仍禁止**:
|
||||
- S2.61 的反向橋接不代表 owner response received / accepted、runtime authorization、active runtime gate、alert blocker、Code Review blocker、Gitea/GitHub action、scan、repair、approve、deploy、GitHub primary、Gitea/GitHub refs mutation、Kali `/execute`、SSH 登入、主機更新或 blocking control。
|
||||
- 整體資安網 headline 仍是 58%;框架 / 治理 / 文件 / schema / read-only evidence 仍約 80-85%;真正落地執行 / runtime ingestion / GitHub primary / AwoooP production landing 仍約 35-40%。
|
||||
|
||||
## 2026-05-20 | 資安供應鏈 S2.60:Security Control Pages IwoooS Reverse Bridge
|
||||
|
||||
**背景**:S2.59 已讓安全 / 合規頁反向顯示 IwoooS;本輪把同一個只讀橋接延伸到告警、錯誤、授權與治理頁面,補上資安處理鏈路中的訊號、稽核、人控與治理證據視角。
|
||||
|
||||
@@ -42,6 +42,7 @@
|
||||
| AwoooP runs IwoooS run state candidate | S2.58 已把 security mirror Run State 候選放進 `/awooop/runs` 只讀面板;security runs=0、active runtime gates=0、owner accepted=0、security_run_created=false、execution_router_linked=false;仍不建立 platform run、不接 execution router、不新增 action button |
|
||||
| Existing security pages IwoooS reverse bridge | S2.59 已把 `SecurityPanel`、`CompliancePanel`、standalone `/security` 與 `/compliance` 反向接上 IwoooS 只讀橋接;headline=58%、framework=80-85%、runtime gates=0、action buttons=0;仍不新增 scan、repair、approve、deploy 或 blocking control |
|
||||
| Security control pages IwoooS reverse bridge | S2.60 已把 `/alerts`、`/errors`、`/authorizations` 與 `/governance` 反向接上 IwoooS 只讀橋接;headline=58%、framework=80-85%、runtime gates=0、action buttons=0;仍不新增 alert blocker、scan、repair、approve、deploy 或 blocking control |
|
||||
| Audit / engineering pages IwoooS reverse bridge | S2.61 已把 `/alert-operation-logs` 與 `/code-review` 反向接上 IwoooS 深色只讀橋接;headline=58%、framework=80-85%、runtime gates=0、action buttons=0;仍不新增 Code Review blocker、Gitea/GitHub action、scan、repair、approve、deploy 或 blocking control |
|
||||
| Dry-run | `contract_defined_not_executed`;已納入 `CHECK_PROGRESS_GUARD` 與 `CHECK_OWNER_RESPONSE_GUARD`,latest local validation 為 `repo_snapshot_guard_pass`,仍不代表 production ingestion |
|
||||
| Runtime actions | `false` |
|
||||
| Payload ingestion | `false` |
|
||||
@@ -150,6 +151,7 @@
|
||||
| S2.58 AwoooP runs IwoooS run state candidate | framework detail | 0 | 只把 security mirror Run State、read-only dry-run-only、owner response waiting 與 active runtime gates 0 放進 AwoooP Run 監控只讀視野;security_run_created=false、execution_router_linked=false、runtime_execution_authorized=false、action_buttons_allowed=false,不把面板當 platform run、execution router、runtime gate、execution queue 或 action button |
|
||||
| S2.59 existing security pages IwoooS reverse bridge | framework detail | 0 | 只把 SecurityPanel、CompliancePanel、standalone `/security` 與 `/compliance` 反向接上 IwoooS 只讀橋接;runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把既有頁面的可見性當 owner response、runtime gate、掃描、修復、批准或部署 |
|
||||
| S2.60 security control pages IwoooS reverse bridge | framework detail | 0 | 只把 `/alerts`、`/errors`、`/authorizations` 與 `/governance` 反向接上 IwoooS 只讀橋接;runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把告警、錯誤、授權或治理頁面的可見性當 owner response、runtime gate、掃描、修復、批准、部署或 blocking control |
|
||||
| S2.61 audit engineering pages IwoooS reverse bridge | framework detail | 0 | 只把 `/alert-operation-logs` 與 `/code-review` 反向接上 IwoooS 深色只讀橋接;runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把稽核或工程審查頁面的可見性當 owner response、runtime gate、掃描、修復、批准、部署、Code Review blocker 或 Gitea/GitHub action |
|
||||
|
||||
headline 進度要再往上,至少需要下列任一高層 gate 有實質 evidence:
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
| 日期 | 2026-05-17 |
|
||||
| 狀態 | S0/S1 read-only evidence 建置中 |
|
||||
| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Source Control Ref Truth Owner Response 收件包 + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + GitHub Target Owner Decision Response 收件包 + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Gitea Owner Attestation Approval Lane 對齊 + Gitea Owner Attestation Response 收件包 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Workflow / Secret Name Owner Response 收件包 + Source Control Owner Response Validation Rollup + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 + IwoooS 前端態勢入口 + IwoooS posture projection contract + IwoooS 既有前端資安頁面整合 + IwoooS 覆蓋與邊界矩陣 + IwoooS 只讀資安處理旅程 + IwoooS owner evidence readiness board + IwoooS host coverage view + IwoooS host action gate matrix + IwoooS host evidence readiness board + IwoooS host evidence collection order + IwoooS host evidence intake preflight + IwoooS host evidence review outcome lanes + IwoooS host evidence review handoff packets + IwoooS host evidence reviewer checklist + IwoooS host evidence reviewer outcome lanes + IwoooS host owner decision candidate packets + IwoooS host owner decision review checklist + IwoooS host owner decision review outcome lanes + IwoooS host owner decision record draft packets + IwoooS host owner decision record draft review checklist + IwoooS host owner decision record draft review outcome lanes + IwoooS host owner decision record write-up packets + IwoooS host owner decision record write-up review checklist + IwoooS host owner decision record write-up review outcome lanes + IwoooS host owner decision record formal candidate packets + IwoooS host owner decision record formal candidate review checklist + IwoooS host owner decision record formal candidate review outcome lanes + IwoooS host owner decision record formal record queue packets + IwoooS host owner decision record formal record queue review checklist + IwoooS host owner decision record formal record queue review outcome lanes + IwoooS host owner decision record human handoff readiness packets + IwoooS host owner decision record human handoff readiness review checklist + IwoooS host owner decision record human handoff readiness review outcome lanes + IwoooS host owner decision record human record owner review candidate packets + IwoooS host owner decision record human record owner review candidate checklist + IwoooS host owner decision record human record owner review candidate outcome lanes + IwoooS host owner decision record human record owner review preparation packets + IwoooS host owner decision record human record owner review preparation checklist + IwoooS progress acceleration lanes + IwoooS owner response next-action focus + IwoooS S4.9 owner response preflight + IwoooS S4.9 owner response request templates + IwoooS progress hold movement gates + IwoooS AwoooP read-only landing readiness + IwoooS AwoooP cross-session handoff packets + AwoooP 首頁 IwoooS 資安鏡像候選 + AwoooP 工作鏈路 IwoooS 資安鏡像候選 + AwoooP 審批佇列 IwoooS owner response 只讀焦點 |
|
||||
| 本階段追加 | AwoooP 合約儀表板 IwoooS 資安契約只讀候選 + AwoooP 租戶管理 IwoooS 資安租戶範圍只讀候選 + AwoooP Run 監控 IwoooS Run State 只讀候選 + 既有安全 / 合規頁面 IwoooS 只讀反向橋接 + 告警 / 錯誤 / 授權 / 治理頁面 IwoooS 只讀反向橋接 |
|
||||
| 本階段追加 | AwoooP 合約儀表板 IwoooS 資安契約只讀候選 + AwoooP 租戶管理 IwoooS 資安租戶範圍只讀候選 + AwoooP Run 監控 IwoooS Run State 只讀候選 + 既有安全 / 合規頁面 IwoooS 只讀反向橋接 + 告警 / 錯誤 / 授權 / 治理頁面 IwoooS 只讀反向橋接 + 稽核 / 工程審查頁面 IwoooS 深色只讀反向橋接 |
|
||||
| 原則 | 低摩擦分階段;文件、schema、read-only evidence 優先;不做 runtime enforcement、不切 primary |
|
||||
|
||||
## 0. 本階段完成後整體進度
|
||||
@@ -28,7 +28,7 @@ python3 scripts/security/security-mirror-progress-guard.py
|
||||
|
||||
### 0.2 Headline 58% 不代表停滯
|
||||
|
||||
近期 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.13 evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates / reviewer audit display sections / reviewer audit collection checks / reviewer audit redaction examples / reviewer audit retention rules / reviewer audit retention checks / reviewer audit handoff packets / reviewer audit handoff checks / parallel session sync checks / parallel session conflict lanes / parallel session recovery checks / recovery outcome lanes、S1.3 non-blocking escalation lanes、S2.8 IwoooS frontend posture entry,以及 S2.9-S2.60 IwoooS / AwoooP security projection contract 都是有效進展,但它們是 framework detail,不是 owner response、runtime gate、production ingestion 或 GitHub primary readiness。因此 headline 仍維持 58%,避免把只讀框架誤算成已落地執行。
|
||||
近期 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.13 evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates / reviewer audit display sections / reviewer audit collection checks / reviewer audit redaction examples / reviewer audit retention rules / reviewer audit retention checks / reviewer audit handoff packets / reviewer audit handoff checks / parallel session sync checks / parallel session conflict lanes / parallel session recovery checks / recovery outcome lanes、S1.3 non-blocking escalation lanes、S2.8 IwoooS frontend posture entry,以及 S2.9-S2.61 IwoooS / AwoooP security projection contract 都是有效進展,但它們是 framework detail,不是 owner response、runtime gate、production ingestion 或 GitHub primary readiness。因此 headline 仍維持 58%,避免把只讀框架誤算成已落地執行。
|
||||
|
||||
S2.50 也把「為什麼 58% 還不動」拆成五個可見 gate:owner response accepted、redacted payload ingestion、active runtime gate、GitHub primary ready、AwoooP read-only landing。這五個 gate 目前仍全部是 0 / false,所以 headline 不應被灌水提高。
|
||||
|
||||
@@ -123,6 +123,7 @@ S2.50 也把「為什麼 58% 還不動」拆成五個可見 gate:owner respons
|
||||
| S2.58 AwoooP runs IwoooS run state candidate | 已完成草案,將 security mirror Run State、read-only dry-run-only、owner response waiting 與 active runtime gates 0 放進 AwoooP Run 監控只讀面板;security_run_created=false、execution_router_linked=false | 0 |
|
||||
| S2.59 existing security pages IwoooS reverse bridge | 已完成草案,將 SecurityPanel、CompliancePanel、standalone `/security` 與 `/compliance` 反向顯示 IwoooS 只讀納管狀態;runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false | 0 |
|
||||
| S2.60 security control pages IwoooS reverse bridge | 已完成草案,將 `/alerts`、`/errors`、`/authorizations` 與 `/governance` 反向顯示 IwoooS 只讀納管狀態;runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false | 0 |
|
||||
| S2.61 audit engineering pages IwoooS reverse bridge | 已完成草案,將 `/alert-operation-logs` 與 `/code-review` 反向顯示 IwoooS 深色只讀納管狀態;runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false | 0 |
|
||||
|
||||
headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner response 收到並通過脫敏驗收,或人工批准後出現 active runtime gate、redacted payload ingestion、GitHub primary readiness 這類落地 evidence。
|
||||
|
||||
@@ -202,6 +203,7 @@ headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner respons
|
||||
| S2.58 AwoooP Runs IwoooS Run State Candidate | 完成草案 | `/awooop/runs` 新增 IwoooS Run State 只讀候選,顯示 run visibility=read-only、security runs=0、active runtime gates=0、owner accepted=0,並連到 `/iwooos` | 使用者能在 Run 監控理解資安網仍是只讀候選;面板仍不是 platform run created、execution router linked、runtime gate、execution queue、action button 或 headline 加分 |
|
||||
| S2.59 Existing Security Pages IwoooS Reverse Bridge | 完成草案 | `SecurityPanel`、`CompliancePanel`、standalone `/security` 與 `/compliance` 新增 IwoooS 只讀橋接,顯示 58%、80-85%、runtime gates=0、action buttons=0,並連到 `/iwooos` | 使用者回到原本安全 / 合規頁也能知道它們已納入 IwoooS;橋接仍不是 owner response、runtime authorization、scan、repair、approve、deploy 或 blocking control |
|
||||
| S2.60 Security Control Pages IwoooS Reverse Bridge | 完成草案 | `/alerts`、`/errors`、`/authorizations` 與 `/governance` 新增 IwoooS 只讀橋接,顯示 58%、80-85%、runtime gates=0、action buttons=0,並連到 `/iwooos` | 使用者能在告警、錯誤、授權與治理流程中看見資安網邊界;橋接仍不是 alert blocker、owner response、runtime authorization、scan、repair、approve、deploy 或 blocking control |
|
||||
| S2.61 Audit / Engineering Pages IwoooS Reverse Bridge | 完成草案 | `/alert-operation-logs` 與 `/code-review` 新增 IwoooS 深色只讀橋接,顯示 58%、80-85%、runtime gates=0、action buttons=0,並連到 `/iwooos` | 使用者能在稽核操作日誌與 Code Review 控制面看見資安網邊界;橋接仍不是 Code Review blocker、Gitea/GitHub action、owner response、runtime authorization、scan、repair、approve、deploy 或 blocking control |
|
||||
| S3 approval gate | 進行中 | `security_approval_gate_v1` 已建立 8 個人工 gate items:7 pending、1 block candidate、0 approved | 不得繞過人工批准;批准後仍需 follow-up runtime gate |
|
||||
| S3.0 人工批准 Gate 契約 | 完成草案 | 定義批准範圍、決策選項、required reviewers、still forbidden 與 follow-up runtime gate | AwoooP 可記錄決策,不可執行 gate item |
|
||||
| S3.1 人工決策紀錄契約 | 完成草案 | `security_approval_decision_record_v1` 已建立;目前 0 筆 decision records、0 個 runtime action 授權 | AwoooP 可稽核決策,不可把決策當執行 |
|
||||
|
||||
@@ -1190,6 +1190,18 @@
|
||||
"runtime_delta": false,
|
||||
"execution_authorized": false,
|
||||
"not_authorization": true
|
||||
},
|
||||
{
|
||||
"delta_id": "s2_61_audit_engineering_pages_iwooos_reverse_bridge",
|
||||
"display_order": 90,
|
||||
"completed_stage": "S2.61 audit engineering pages IwoooS reverse bridge",
|
||||
"progress_axis": "framework_detail",
|
||||
"headline_percent_delta": 0,
|
||||
"framework_delta_visible": true,
|
||||
"why_headline_unchanged": "alert-operation-logs 與 code-review 只新增 IwoooS 深色只讀橋接;runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false,沒有新增告警阻擋、Code Review gate、Gitea/GitHub action、修復、部署或 runtime gate。",
|
||||
"runtime_delta": false,
|
||||
"execution_authorized": false,
|
||||
"not_authorization": true
|
||||
}
|
||||
],
|
||||
"next_safe_actions": [
|
||||
@@ -1354,6 +1366,22 @@
|
||||
"把 /alerts、/errors、/authorizations 或 /governance 的可見性當成 owner response received / accepted"
|
||||
]
|
||||
},
|
||||
{
|
||||
"action_id": "show_audit_engineering_pages_iwooos_reverse_bridge",
|
||||
"title": "稽核與工程審查頁面顯示 IwoooS 只讀橋接",
|
||||
"mode": "observe",
|
||||
"source_contract": "security_mirror_status_rollup_v1",
|
||||
"allowed_processing": [
|
||||
"在 /alert-operation-logs 與 /code-review 顯示 IwoooS 深色只讀橋接",
|
||||
"顯示 headline 58%、framework 80-85%、runtime gates=0、action buttons=0",
|
||||
"連到 /iwooos 只讀入口,不新增 scan、execute、repair、approve、deploy、primary switch、refs action、Code Review blocker 或 runtime gate"
|
||||
],
|
||||
"blocked_processing": [
|
||||
"把稽核或工程審查頁面的橋接面板當成 runtime authorization",
|
||||
"從 /alert-operation-logs 或 /code-review 新增掃描、修復、批准、部署、Gitea/GitHub action、Code Review blocking gate 或 blocking control",
|
||||
"把 /alert-operation-logs 或 /code-review 的可見性當成 owner response received / accepted"
|
||||
]
|
||||
},
|
||||
{
|
||||
"action_id": "mirror_low_friction_non_blocking_lanes",
|
||||
"title": "AwoooP 顯示低摩擦非阻擋升級分流",
|
||||
@@ -1727,7 +1755,8 @@
|
||||
"S2.57 新增 AwoooP tenants IwoooS tenant scope candidate;AwoooP 租戶管理以只讀候選顯示 AWOOOI first tenant、IwoooS security mirror、Kali 112 / Dev 168 / Dev 111、S4.9-S4.12 owner response waiting、host coverage=3、tenant policy changes=0;tenant_migration_mode_changed=false、tenant_policy_mutation_authorized=false、runtime_execution_authorized=false、action_buttons_allowed=false,不把 tenants 面板當 tenant migration、policy mutation、runtime gate、execution router 或 action button。",
|
||||
"S2.58 新增 AwoooP runs IwoooS run state candidate;AwoooP Run 監控以只讀候選顯示 security_mirror_run_state_candidate、read_only_dry_run_only、S4.9-S4.12 owner response waiting、active runtime gates 0、security runs=0、owner accepted=0;security_run_created=false、execution_router_linked=false、runtime_execution_authorized=false、action_buttons_allowed=false,不把 runs 面板當 platform run、execution router、runtime gate、execution queue 或 action button。",
|
||||
"S2.59 新增既有安全 / 合規頁面 IwoooS reverse bridge;SecurityPanel、CompliancePanel、standalone /security 與 /compliance 反向顯示 IwoooS 只讀納管狀態、headline 58%、framework 80-85%、runtime gates=0、action buttons=0;runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把既有頁面的可見性當 owner response、runtime gate、掃描、修復、批准或部署。",
|
||||
"S2.60 新增資安控制頁面 IwoooS reverse bridge;/alerts、/errors、/authorizations 與 /governance 反向顯示 IwoooS 只讀納管狀態、headline 58%、framework 80-85%、runtime gates=0、action buttons=0;runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把告警、錯誤、授權或治理頁面的可見性當 owner response、runtime gate、掃描、修復、批准、部署或 blocking control。"
|
||||
"S2.60 新增資安控制頁面 IwoooS reverse bridge;/alerts、/errors、/authorizations 與 /governance 反向顯示 IwoooS 只讀納管狀態、headline 58%、framework 80-85%、runtime gates=0、action buttons=0;runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把告警、錯誤、授權或治理頁面的可見性當 owner response、runtime gate、掃描、修復、批准、部署或 blocking control。",
|
||||
"S2.61 新增稽核與工程審查頁面 IwoooS reverse bridge;/alert-operation-logs 與 /code-review 以深色只讀橋接顯示 IwoooS 納管狀態、headline 58%、framework 80-85%、runtime gates=0、action buttons=0;runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把稽核或工程審查頁面的可見性當 owner response、runtime gate、掃描、修復、批准、部署、Code Review blocker 或 Gitea/GitHub action。"
|
||||
],
|
||||
"forbidden_actions": [
|
||||
"start_kali_scan",
|
||||
|
||||
@@ -94,6 +94,12 @@ def validate(root: Path) -> None:
|
||||
governance_page = (
|
||||
root / "apps" / "web" / "src" / "app" / "[locale]" / "governance" / "page.tsx"
|
||||
).read_text(encoding="utf-8")
|
||||
alert_operation_logs_page = (
|
||||
root / "apps" / "web" / "src" / "app" / "[locale]" / "alert-operation-logs" / "page.tsx"
|
||||
).read_text(encoding="utf-8")
|
||||
code_review_page = (
|
||||
root / "apps" / "web" / "src" / "app" / "[locale]" / "code-review" / "page.tsx"
|
||||
).read_text(encoding="utf-8")
|
||||
errors_panel = (root / "apps" / "web" / "src" / "components" / "panels" / "ErrorsPanel.tsx").read_text(
|
||||
encoding="utf-8"
|
||||
)
|
||||
@@ -264,6 +270,7 @@ def validate(root: Path) -> None:
|
||||
"s2_58_awooop_runs_iwooos_run_state_candidate",
|
||||
"s2_59_existing_security_pages_iwooos_reverse_bridge",
|
||||
"s2_60_security_control_pages_iwooos_reverse_bridge",
|
||||
"s2_61_audit_engineering_pages_iwooos_reverse_bridge",
|
||||
]
|
||||
assert_equal(
|
||||
"progress_delta_ledger.delta_ids",
|
||||
@@ -333,6 +340,11 @@ def validate(root: Path) -> None:
|
||||
[item["action_id"] for item in rollup["next_safe_actions"] if isinstance(item, dict)],
|
||||
"show_security_control_pages_iwooos_reverse_bridge",
|
||||
)
|
||||
assert_contains(
|
||||
"rollup.next_safe_actions.action_ids",
|
||||
[item["action_id"] for item in rollup["next_safe_actions"] if isinstance(item, dict)],
|
||||
"show_audit_engineering_pages_iwooos_reverse_bridge",
|
||||
)
|
||||
|
||||
assert_equal("rollout_policy.schema_version", rollout_policy["schema_version"], "security_rollout_policy_v1")
|
||||
assert_equal("rollout_policy.default_mode", rollout_policy["default_mode"], "observe")
|
||||
@@ -5107,6 +5119,16 @@ def validate(root: Path) -> None:
|
||||
]:
|
||||
assert_text_contains("security_control_pages.iwooos_bridge_import", source_text, "IwoooSReadOnlyBridge")
|
||||
assert_text_contains("security_control_pages.iwooos_bridge_render", source_text, "<IwoooSReadOnlyBridge />")
|
||||
for source_text in [
|
||||
alert_operation_logs_page,
|
||||
code_review_page,
|
||||
]:
|
||||
assert_text_contains("audit_engineering_pages.iwooos_bridge_import", source_text, "IwoooSReadOnlyBridge")
|
||||
assert_text_contains(
|
||||
"audit_engineering_pages.iwooos_bridge_render",
|
||||
source_text,
|
||||
'<IwoooSReadOnlyBridge variant="dark" />',
|
||||
)
|
||||
for key in [
|
||||
"title",
|
||||
"subtitle",
|
||||
|
||||
Reference in New Issue
Block a user