diff --git a/apps/web/messages/en.json b/apps/web/messages/en.json index 0ebd1413..05a291cf 100644 --- a/apps/web/messages/en.json +++ b/apps/web/messages/en.json @@ -3955,6 +3955,40 @@ "hostCoverage": "The three named hosts are included only for security visibility and evidence readiness; no SSH, updates, credentialed scans, or blocking controls are performed.", "ownerResponse": "S4.9-S4.12 owner response received / accepted remain 0. Tenant scope display is not approval." } + }, + "githubTenantReadinessScope": { + "title": "GitHub Primary Readiness Tenant Scope", + "subtitle": "Tenant management mirrors the source-control owner scope gap between the AWOOOI first tenant and the Gitea-to-GitHub path. This is not tenant policy, repo creation, or primary switch authorization.", + "badge": "Read-only scope", + "openIwooos": "Open IwoooS", + "scopeRefsTitle": "Owner Scope Refs", + "boundaryLabel": "Tenant / GitHub Boundary", + "boundaryTitle": "Tenant scope still waits for owner response", + "boundaryDetail": "This panel only displays the relation between tenant scope and source-control readiness. It does not change tenant migration mode, modify tenant policy, create GitHub repos, mutate refs, collect secret values, switch primary, or disable Gitea.", + "metrics": { + "candidateRepos": { + "label": "Candidate Repos", + "detail": "8 candidate repos are scope visibility only and do not authorize GitHub repo creation." + }, + "inScopeRepos": { + "label": "In-scope Repos", + "detail": "7 repos still require owner scope decision and source-control response." + }, + "ownerResponses": { + "label": "Owner Responses", + "detail": "22 response templates remain 0 received / 0 accepted." + }, + "tenantScopeChanges": { + "label": "Tenant Scope Changes", + "detail": "Currently 0. Readiness display must not change tenant policy or migration mode." + } + }, + "scopeRefs": { + "tenantSourceScope": "The AWOOOI first tenant only maps to source-control readiness scope; it does not mean the whole platform or GitHub primary is accepted.", + "giteaInventoryOwner": "S4.9 still waits for Gitea inventory owner attestation. Repo scope must not be filled as accepted before coverage is accepted.", + "githubTargetOwner": "S4.10 still waits for GitHub target owner decision. Do not create repos or change visibility before the target owner accepts.", + "workflowSecretOwner": "S4.12 only waits for workflow / secret name owner response. Secret values must not be collected and GitHub secrets must not be changed." + } } }, "runs": { diff --git a/apps/web/messages/zh-TW.json b/apps/web/messages/zh-TW.json index 9d7c4414..c5db6257 100644 --- a/apps/web/messages/zh-TW.json +++ b/apps/web/messages/zh-TW.json @@ -3956,6 +3956,40 @@ "hostCoverage": "三台指定主機目前只納入資安視野與 evidence readiness;不做 SSH、更新、credentialed scan 或 blocking control。", "ownerResponse": "S4.9-S4.12 owner response received / accepted 仍為 0,tenant scope 顯示不等於批准。" } + }, + "githubTenantReadinessScope": { + "title": "GitHub Primary Readiness 租戶範圍", + "subtitle": "租戶管理同步顯示 AWOOOI first tenant 與 Gitea 轉 GitHub 的 source-control owner scope 缺口;這不是租戶 policy、repo 建立或 primary 切換授權。", + "badge": "只讀 scope", + "openIwooos": "開啟 IwoooS", + "scopeRefsTitle": "Owner scope refs", + "boundaryLabel": "租戶 / GitHub 邊界", + "boundaryTitle": "租戶範圍仍等待 owner response", + "boundaryDetail": "這個面板只呈現租戶與 source-control readiness 的對應關係;不變更 tenant migration mode、不改 tenant policy、不建立 GitHub repo、不改 refs、不收 secret value、不切 primary,也不停用 Gitea。", + "metrics": { + "candidateRepos": { + "label": "Candidate repos", + "detail": "8 個候選 repo 只作為 scope visibility,不代表可建立 GitHub repo。" + }, + "inScopeRepos": { + "label": "In-scope repos", + "detail": "7 個 repo 仍需 owner scope decision 與 source-control response。" + }, + "ownerResponses": { + "label": "Owner responses", + "detail": "22 個 response templates 仍為 0 received / 0 accepted。" + }, + "tenantScopeChanges": { + "label": "Tenant scope changes", + "detail": "目前為 0;不得因顯示 readiness 而改 tenant policy 或 migration mode。" + } + }, + "scopeRefs": { + "tenantSourceScope": "AWOOOI first tenant 只對應 source-control readiness 範圍,不代表全平台或 GitHub primary 已接受。", + "giteaInventoryOwner": "S4.9 仍等待 Gitea inventory owner attestation;coverage accepted 前不得補寫 repo scope。", + "githubTargetOwner": "S4.10 仍等待 GitHub target owner decision;target owner 未接受前不得建立 repo 或改 visibility。", + "workflowSecretOwner": "S4.12 只等待 workflow / secret name owner response;仍不得收 secret value 或修改 GitHub secrets。" + } } }, "runs": { diff --git a/apps/web/src/app/[locale]/awooop/tenants/page.tsx b/apps/web/src/app/[locale]/awooop/tenants/page.tsx index 77b0ad8d..23fe68d4 100644 --- a/apps/web/src/app/[locale]/awooop/tenants/page.tsx +++ b/apps/web/src/app/[locale]/awooop/tenants/page.tsx @@ -16,6 +16,10 @@ import { DollarSign, Ban, CheckCircle2, + GitBranch, + ListChecks, + Lock, + SearchCheck, ShieldCheck, } from "lucide-react"; import { cn } from "@/lib/utils"; @@ -46,12 +50,67 @@ interface ApiResponse { total: number; } +type GitHubTenantReadinessMetric = { + key: string; + value: string; + icon: typeof ShieldCheck; + tone: "neutral" | "warn"; +}; + +type GitHubTenantReadinessScope = { + key: string; + name: string; + status: string; +}; + // ============================================================================= // 常數 // ============================================================================= const API_BASE = process.env.NEXT_PUBLIC_API_URL ?? ""; +const githubTenantReadinessMetrics: GitHubTenantReadinessMetric[] = [ + { key: "candidateRepos", value: "8", icon: GitBranch, tone: "neutral" }, + { key: "inScopeRepos", value: "7", icon: ListChecks, tone: "warn" }, + { key: "ownerResponses", value: "0/22", icon: ShieldCheck, tone: "warn" }, + { key: "tenantScopeChanges", value: "0", icon: Lock, tone: "warn" }, +]; + +const githubTenantReadinessScopes: GitHubTenantReadinessScope[] = [ + { + key: "tenantSourceScope", + name: "AWOOOI first tenant source-control scope", + status: "waiting", + }, + { + key: "giteaInventoryOwner", + name: "S4.9 Gitea inventory owner attestation", + status: "0/5", + }, + { + key: "githubTargetOwner", + name: "S4.10 GitHub target owner decision", + status: "0/7", + }, + { + key: "workflowSecretOwner", + name: "S4.12 workflow / secret name owner response", + status: "0/5", + }, +]; + +const githubTenantReadinessBoundaries = [ + "tenant_source_control_scope_accepted=false", + "repo_owner_response_accepted=false", + "repo_creation_authorized=false", + "refs_mutation_authorized=false", + "github_primary_switch_authorized=false", + "gitea_disablement_authorized=false", + "tenant_policy_mutation_authorized=false", + "runtime_execution_authorized=false", + "action_buttons_allowed=false", +]; + const MIGRATION_MODE_CONFIG: Record< MigrationMode, { label: string; bg: string; text: string; border: string } @@ -312,6 +371,106 @@ function SecurityTenantScopeCandidatePanel() { ); } +function GitHubTenantReadinessScopePanel() { + const t = useTranslations("awooop.tenants.githubTenantReadinessScope"); + + return ( +
+
+
+
+
+ + {t("badge")} + + + {t("openIwooos")} +
+
+ +
+ {githubTenantReadinessMetrics.map((metric) => { + const Icon = metric.icon; + return ( +
+
+
+

+ {t(`metrics.${metric.key}.label` as never)} +

+

+ {metric.value} +

+
+ + +
+

+ {t(`metrics.${metric.key}.detail` as never)} +

+
+ ); + })} +
+ +
+
+
+ {t("scopeRefsTitle")} +
+
+ {githubTenantReadinessScopes.map((scope) => ( +
+
+

+ {scope.name} +

+

+ {t(`scopeRefs.${scope.key}` as never)} +

+
+
+ + {scope.status} + +
+
+ ))} +
+
+ +
+

{t("boundaryLabel")}

+

{t("boundaryTitle")}

+

{t("boundaryDetail")}

+
+ {githubTenantReadinessBoundaries.map((boundary) => ( + {boundary} + ))} +
+
+
+
+ ); +} + // ============================================================================= // Main Component // ============================================================================= @@ -366,6 +525,8 @@ export default function TenantsPage() { + + {/* Error State */} {error && (
diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index fbb9881e..146c3608 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -1,3 +1,17 @@ +## 2026-05-21 | 資安供應鏈 S2.68:AwoooP Tenants GitHub Primary Readiness Scope + +**背景**:S2.63-S2.67 已把 GitHub Primary Readiness 放進 `/iwooos`、AwoooP 工作鏈路、合約、審批與首頁;本輪補到 AwoooP 租戶管理,讓 AWOOOI first tenant 與 source-control owner scope 的缺口可見,但不把租戶範圍視圖誤認成 tenant policy 或 GitHub primary approval。 + +**完成**: +- `/awooop/tenants` 新增「GitHub Primary Readiness 租戶範圍」只讀面板,顯示 candidate repos=8、in-scope=7、owner response 0/22、tenant scope changes=0。 +- 租戶範圍面板顯示 AWOOOI first tenant source-control scope、S4.9 Gitea inventory owner attestation、S4.10 GitHub target owner decision、S4.12 workflow / secret name owner response,並連回 `/iwooos`。 +- `security_mirror_status_rollup_v1` micro progress ledger 新增 `s2_68_awooop_tenants_github_primary_readiness_scope`,並新增 `show_awooop_tenants_github_primary_readiness_scope` next safe action。 +- `security-mirror-progress-guard.py` 開始驗證 AwoooP tenants 的 GitHub readiness 租戶範圍、owner scope refs、IwoooS link、i18n 鍵與 false 邊界。 + +**仍禁止**: +- S2.68 的 AwoooP tenants 範圍面板不代表 tenant policy approval、owner response received / accepted、runtime authorization、active runtime gate、repo creation、visibility change、refs sync / delete / force push、workflow / secret modification、secret value collection、GitHub primary switch、Gitea disablement、Kali `/execute`、SSH 登入、主機更新或 blocking control。 +- 整體資安網 headline 仍是 58%;框架 / 治理 / 文件 / schema / read-only evidence 仍約 80-85%;真正落地執行 / runtime ingestion / GitHub primary / AwoooP production landing 仍約 35-40%。 + ## 2026-05-21 | 資安供應鏈 S2.67:AwoooP Home GitHub Primary Readiness Summary **背景**:S2.63-S2.66 已把 GitHub Primary Readiness 放進 `/iwooos`、AwoooP 工作鏈路、合約儀表板與審批佇列;本輪補到 AwoooP 首頁,讓使用者一進入操作面就能看見 Gitea 轉 GitHub 仍是只讀 readiness 缺口,不會誤以為已可建立 repo 或切 primary。 diff --git a/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md b/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md index 0ea34447..8b3d63b0 100644 --- a/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md +++ b/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md @@ -49,6 +49,7 @@ | AwoooP contracts GitHub primary readiness candidate | S2.65 已在 `/awooop/contracts` 顯示 GitHub Primary Readiness 合約只讀候選;candidate repos=8、in-scope=7、primary_ready_count=0、owner response 0/22、workflow inventory complete=0/7;仍不建立 repo、不改 visibility、不改 refs、不收 secret value、不切 primary、不停用 Gitea | | AwoooP approvals GitHub primary readiness boundary | S2.66 已在 `/awooop/approvals` 顯示 GitHub Primary Readiness 審批邊界;S4.9=0/5、S4.10=0/7、S4.11=0/5、S4.12=0/5、primary_ready_count=0;仍不建立 approval record、不建立 repo、不改 visibility、不改 refs、不收 secret value、不切 primary、不停用 Gitea | | AwoooP home GitHub primary readiness summary | S2.67 已在 `/awooop` 顯示 GitHub Primary Readiness 只讀摘要;candidate repos=8、in-scope=7、primary_ready_count=0、owner response 0/22、workflow inventory complete=0/7;仍不建立 repo、不改 visibility、不改 refs、不收 secret value、不切 primary、不停用 Gitea | +| AwoooP tenants GitHub primary readiness scope | S2.68 已在 `/awooop/tenants` 顯示 GitHub Primary Readiness 租戶範圍;candidate repos=8、in-scope=7、owner response 0/22、tenant scope changes=0;仍不改 migration mode、不改 tenant policy、不建立 repo、不改 visibility、不改 refs、不收 secret value、不切 primary、不停用 Gitea | | Dry-run | `contract_defined_not_executed`;已納入 `CHECK_PROGRESS_GUARD` 與 `CHECK_OWNER_RESPONSE_GUARD`,latest local validation 為 `repo_snapshot_guard_pass`,仍不代表 production ingestion | | Runtime actions | `false` | | Payload ingestion | `false` | @@ -164,6 +165,7 @@ | S2.65 AwoooP contracts GitHub primary readiness candidate | framework detail | 0 | 只在 `/awooop/contracts` 顯示 GitHub Primary Readiness 合約只讀候選,連回 `/iwooos` 並呈現 candidate repos=8、in-scope=7、primary_ready_count=0、owner response 0/22、workflow inventory complete=0/7;runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不建立 GitHub repo、不改 visibility、不 sync / delete / force push refs、不收 secret value、不切 primary、不停用 Gitea | | S2.66 AwoooP approvals GitHub primary readiness boundary | framework detail | 0 | 只在 `/awooop/approvals` 顯示 GitHub Primary Readiness 審批邊界,連回 `/iwooos` 並呈現 S4.9=0/5、S4.10=0/7、S4.11=0/5、S4.12=0/5、primary_ready_count=0;approval_record_created=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不建立 approval record、不建立 GitHub repo、不改 visibility、不 sync / delete / force push refs、不收 secret value、不切 primary、不停用 Gitea | | S2.67 AwoooP home GitHub primary readiness summary | framework detail | 0 | 只在 `/awooop` 顯示 GitHub Primary Readiness 只讀摘要,連回 `/iwooos` 並呈現 candidate repos=8、in-scope=7、primary_ready_count=0、owner response 0/22、workflow inventory complete=0/7;repo_creation_authorized=false、refs_mutation_authorized=false、secret_value_collection_allowed=false、github_primary_switch_authorized=false、gitea_disablement_authorized=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不建立 GitHub repo、不改 visibility、不 sync / delete / force push refs、不收 secret value、不切 primary、不停用 Gitea | +| S2.68 AwoooP tenants GitHub primary readiness scope | framework detail | 0 | 只在 `/awooop/tenants` 顯示 GitHub Primary Readiness 租戶範圍,連回 `/iwooos` 並呈現 AWOOOI first tenant source-control scope、S4.9、S4.10、S4.12 owner scope refs、candidate repos=8、in-scope=7、owner response 0/22、tenant scope changes=0;tenant_source_control_scope_accepted=false、repo_owner_response_accepted=false、repo_creation_authorized=false、refs_mutation_authorized=false、github_primary_switch_authorized=false、gitea_disablement_authorized=false、tenant_policy_mutation_authorized=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不改 migration mode、不改 tenant policy、不建立 GitHub repo、不改 visibility、不 sync / delete / force push refs、不收 secret value、不切 primary、不停用 Gitea | headline 進度要再往上,至少需要下列任一高層 gate 有實質 evidence: diff --git a/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md b/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md index 9e2c1f8b..ec9627c9 100644 --- a/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md +++ b/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md @@ -5,7 +5,7 @@ | 日期 | 2026-05-17 | | 狀態 | S0/S1 read-only evidence 建置中 | | 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Source Control Ref Truth Owner Response 收件包 + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + GitHub Target Owner Decision Response 收件包 + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Gitea Owner Attestation Approval Lane 對齊 + Gitea Owner Attestation Response 收件包 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Workflow / Secret Name Owner Response 收件包 + Source Control Owner Response Validation Rollup + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 + IwoooS 前端態勢入口 + IwoooS posture projection contract + IwoooS 既有前端資安頁面整合 + IwoooS 覆蓋與邊界矩陣 + IwoooS 只讀資安處理旅程 + IwoooS owner evidence readiness board + IwoooS host coverage view + IwoooS host action gate matrix + IwoooS host evidence readiness board + IwoooS host evidence collection order + IwoooS host evidence intake preflight + IwoooS host evidence review outcome lanes + IwoooS host evidence review handoff packets + IwoooS host evidence reviewer checklist + IwoooS host evidence reviewer outcome lanes + IwoooS host owner decision candidate packets + IwoooS host owner decision review checklist + IwoooS host owner decision review outcome lanes + IwoooS host owner decision record draft packets + IwoooS host owner decision record draft review checklist + IwoooS host owner decision record draft review outcome lanes + IwoooS host owner decision record write-up packets + IwoooS host owner decision record write-up review checklist + IwoooS host owner decision record write-up review outcome lanes + IwoooS host owner decision record formal candidate packets + IwoooS host owner decision record formal candidate review checklist + IwoooS host owner decision record formal candidate review outcome lanes + IwoooS host owner decision record formal record queue packets + IwoooS host owner decision record formal record queue review checklist + IwoooS host owner decision record formal record queue review outcome lanes + IwoooS host owner decision record human handoff readiness packets + IwoooS host owner decision record human handoff readiness review checklist + IwoooS host owner decision record human handoff readiness review outcome lanes + IwoooS host owner decision record human record owner review candidate packets + IwoooS host owner decision record human record owner review candidate checklist + IwoooS host owner decision record human record owner review candidate outcome lanes + IwoooS host owner decision record human record owner review preparation packets + IwoooS host owner decision record human record owner review preparation checklist + IwoooS progress acceleration lanes + IwoooS owner response next-action focus + IwoooS S4.9 owner response preflight + IwoooS S4.9 owner response request templates + IwoooS progress hold movement gates + IwoooS AwoooP read-only landing readiness + IwoooS AwoooP cross-session handoff packets + AwoooP 首頁 IwoooS 資安鏡像候選 + AwoooP 工作鏈路 IwoooS 資安鏡像候選 + AwoooP 審批佇列 IwoooS owner response 只讀焦點 | -| 本階段追加 | AwoooP 合約儀表板 IwoooS 資安契約只讀候選 + AwoooP 租戶管理 IwoooS 資安租戶範圍只讀候選 + AwoooP Run 監控 IwoooS Run State 只讀候選 + 既有安全 / 合規頁面 IwoooS 只讀反向橋接 + 告警 / 錯誤 / 授權 / 治理頁面 IwoooS 只讀反向橋接 + 稽核 / 工程審查頁面 IwoooS 深色只讀反向橋接 + IwoooS 前端資安頁面連接狀態板 + IwoooS GitHub Primary Readiness 只讀狀態板 + AwoooP 工作鏈路 GitHub Primary Readiness 只讀工作項 + AwoooP 合約儀表板 GitHub Primary Readiness 合約只讀候選 + AwoooP 審批佇列 GitHub Primary Readiness 審批邊界 + AwoooP 首頁 GitHub Primary Readiness 只讀摘要 | +| 本階段追加 | AwoooP 合約儀表板 IwoooS 資安契約只讀候選 + AwoooP 租戶管理 IwoooS 資安租戶範圍只讀候選 + AwoooP Run 監控 IwoooS Run State 只讀候選 + 既有安全 / 合規頁面 IwoooS 只讀反向橋接 + 告警 / 錯誤 / 授權 / 治理頁面 IwoooS 只讀反向橋接 + 稽核 / 工程審查頁面 IwoooS 深色只讀反向橋接 + IwoooS 前端資安頁面連接狀態板 + IwoooS GitHub Primary Readiness 只讀狀態板 + AwoooP 工作鏈路 GitHub Primary Readiness 只讀工作項 + AwoooP 合約儀表板 GitHub Primary Readiness 合約只讀候選 + AwoooP 審批佇列 GitHub Primary Readiness 審批邊界 + AwoooP 首頁 GitHub Primary Readiness 只讀摘要 + AwoooP 租戶管理 GitHub Primary Readiness 租戶範圍 | | 原則 | 低摩擦分階段;文件、schema、read-only evidence 優先;不做 runtime enforcement、不切 primary | ## 0. 本階段完成後整體進度 @@ -28,7 +28,7 @@ python3 scripts/security/security-mirror-progress-guard.py ### 0.2 Headline 58% 不代表停滯 -近期 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.13 evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates / reviewer audit display sections / reviewer audit collection checks / reviewer audit redaction examples / reviewer audit retention rules / reviewer audit retention checks / reviewer audit handoff packets / reviewer audit handoff checks / parallel session sync checks / parallel session conflict lanes / parallel session recovery checks / recovery outcome lanes、S1.3 non-blocking escalation lanes、S2.8 IwoooS frontend posture entry,以及 S2.9-S2.67 IwoooS / AwoooP security projection contract 都是有效進展,但它們是 framework detail,不是 owner response、runtime gate、production ingestion 或 GitHub primary readiness。因此 headline 仍維持 58%,避免把只讀框架誤算成已落地執行。 +近期 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.13 evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates / reviewer audit display sections / reviewer audit collection checks / reviewer audit redaction examples / reviewer audit retention rules / reviewer audit retention checks / reviewer audit handoff packets / reviewer audit handoff checks / parallel session sync checks / parallel session conflict lanes / parallel session recovery checks / recovery outcome lanes、S1.3 non-blocking escalation lanes、S2.8 IwoooS frontend posture entry,以及 S2.9-S2.68 IwoooS / AwoooP security projection contract 都是有效進展,但它們是 framework detail,不是 owner response、runtime gate、production ingestion 或 GitHub primary readiness。因此 headline 仍維持 58%,避免把只讀框架誤算成已落地執行。 S2.50 也把「為什麼 58% 還不動」拆成五個可見 gate:owner response accepted、redacted payload ingestion、active runtime gate、GitHub primary ready、AwoooP read-only landing。這五個 gate 目前仍全部是 0 / false,所以 headline 不應被灌水提高。 @@ -130,6 +130,7 @@ S2.50 也把「為什麼 58% 還不動」拆成五個可見 gate:owner respons | S2.65 AwoooP contracts GitHub primary readiness candidate | 已完成草案,在 `/awooop/contracts` 顯示 GitHub Primary Readiness 合約只讀候選,連回 `/iwooos`,並顯示 candidate repos=8、in-scope=7、primary_ready_count=0、owner response 0/22、workflow inventory complete=0/7;runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false | 0 | | S2.66 AwoooP approvals GitHub primary readiness boundary | 已完成草案,在 `/awooop/approvals` 顯示 GitHub Primary Readiness 審批邊界,連回 `/iwooos`,並顯示 S4.9=0/5、S4.10=0/7、S4.11=0/5、S4.12=0/5、primary_ready_count=0;approval_record_created=false、runtime_execution_authorized=false、action_buttons_allowed=false | 0 | | S2.67 AwoooP home GitHub primary readiness summary | 已完成草案,在 `/awooop` 顯示 GitHub Primary Readiness 只讀摘要,連回 `/iwooos`,並顯示 candidate repos=8、in-scope=7、primary_ready_count=0、owner response 0/22、workflow inventory complete=0/7;repo_creation_authorized=false、refs_mutation_authorized=false、secret_value_collection_allowed=false、runtime_execution_authorized=false、action_buttons_allowed=false | 0 | +| S2.68 AwoooP tenants GitHub primary readiness scope | 已完成草案,在 `/awooop/tenants` 顯示 GitHub Primary Readiness 租戶範圍,連回 `/iwooos`,並顯示 candidate repos=8、in-scope=7、owner response 0/22、tenant scope changes=0;tenant_source_control_scope_accepted=false、repo_creation_authorized=false、refs_mutation_authorized=false、tenant_policy_mutation_authorized=false、runtime_execution_authorized=false、action_buttons_allowed=false | 0 | headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner response 收到並通過脫敏驗收,或人工批准後出現 active runtime gate、redacted payload ingestion、GitHub primary readiness 這類落地 evidence。 @@ -216,6 +217,7 @@ headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner respons | S2.65 AwoooP Contracts GitHub Primary Readiness Candidate | 完成草案 | `/awooop/contracts` 新增 GitHub Primary Readiness 合約只讀候選,顯示 primary readiness、owner response validation、rollback ADR、workflow / secret name inventory 與 IwoooS projection refs | 使用者與另一個 AwoooP Session 能在合約控制面理解 GitHub primary readiness 仍只是只讀契約缺口;合約候選仍不是 repo creation、visibility change、refs mutation、secret value collection、primary switch、Gitea disablement 或 runtime 授權 | | S2.66 AwoooP Approvals GitHub Primary Readiness Boundary | 完成草案 | `/awooop/approvals` 新增 GitHub Primary Readiness 審批邊界,顯示 S4.9 / S4.10 / S4.11 / S4.12 owner response lanes 全部仍未 accepted | 使用者與另一個 AwoooP Session 能在審批視野理解 GitHub primary readiness 仍只是 owner response 收件缺口;審批邊界仍不是 approval record、repo creation、refs mutation、secret value collection、primary switch、Gitea disablement 或 runtime 授權 | | S2.67 AwoooP Home GitHub Primary Readiness Summary | 完成草案 | `/awooop` 新增 GitHub Primary Readiness 只讀摘要,顯示 primary readiness、owner response validation、rollback ADR、workflow / secret name inventory refs,並顯示 candidate repos=8、in-scope=7、primary_ready_count=0、owner response 0/22、workflow inventory complete=0/7 | 使用者與另一個 AwoooP Session 能在首頁理解 GitHub primary readiness 仍只是 source-control readiness 缺口;首頁摘要仍不是 repo creation、visibility change、refs mutation、secret value collection、primary switch、Gitea disablement 或 runtime 授權 | +| S2.68 AwoooP Tenants GitHub Primary Readiness Scope | 完成草案 | `/awooop/tenants` 新增 GitHub Primary Readiness 租戶範圍,顯示 AWOOOI first tenant source-control scope、S4.9、S4.10、S4.12 owner scope refs、candidate repos=8、in-scope=7、owner response 0/22、tenant scope changes=0 | 使用者與另一個 AwoooP Session 能在租戶視野理解 GitHub primary readiness 仍只是 owner scope 缺口;租戶範圍仍不是 tenant policy approval、repo creation、visibility change、refs mutation、secret value collection、primary switch、Gitea disablement 或 runtime 授權 | | S3 approval gate | 進行中 | `security_approval_gate_v1` 已建立 8 個人工 gate items:7 pending、1 block candidate、0 approved | 不得繞過人工批准;批准後仍需 follow-up runtime gate | | S3.0 人工批准 Gate 契約 | 完成草案 | 定義批准範圍、決策選項、required reviewers、still forbidden 與 follow-up runtime gate | AwoooP 可記錄決策,不可執行 gate item | | S3.1 人工決策紀錄契約 | 完成草案 | `security_approval_decision_record_v1` 已建立;目前 0 筆 decision records、0 個 runtime action 授權 | AwoooP 可稽核決策,不可把決策當執行 | diff --git a/docs/security/security-mirror-status-rollup.snapshot.json b/docs/security/security-mirror-status-rollup.snapshot.json index a3609f32..80454f2b 100644 --- a/docs/security/security-mirror-status-rollup.snapshot.json +++ b/docs/security/security-mirror-status-rollup.snapshot.json @@ -1274,6 +1274,18 @@ "runtime_delta": false, "execution_authorized": false, "not_authorization": true + }, + { + "delta_id": "s2_68_awooop_tenants_github_primary_readiness_scope", + "display_order": 97, + "completed_stage": "S2.68 AwoooP tenants GitHub primary readiness scope", + "progress_axis": "framework_detail", + "headline_percent_delta": 0, + "framework_delta_visible": true, + "why_headline_unchanged": "AwoooP 租戶管理只新增 GitHub Primary Readiness 租戶範圍只讀面板,顯示 candidate repos=8、in-scope=7、owner response 0/22、tenant scope changes=0;runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false,沒有變更 tenant migration mode、tenant policy、建立 GitHub repo、修改 visibility、sync / delete / force push refs、收 secret value、切 primary 或停用 Gitea。", + "runtime_delta": false, + "execution_authorized": false, + "not_authorization": true } ], "next_safe_actions": [ @@ -1550,6 +1562,22 @@ "從 AwoooP 首頁切 GitHub primary、停用 Gitea 或把 request-ready 當 owner response accepted" ] }, + { + "action_id": "show_awooop_tenants_github_primary_readiness_scope", + "title": "AwoooP 租戶管理顯示 GitHub Primary Readiness 租戶範圍", + "mode": "observe", + "source_contract": "security_mirror_status_rollup_v1", + "allowed_processing": [ + "在 /awooop/tenants 顯示 S2.68 GitHub Primary Readiness 租戶範圍", + "顯示 candidate repos=8、in-scope=7、owner response 0/22、tenant scope changes=0", + "連到 /iwooos 只讀入口,不新增 tenant policy、repo、visibility、refs、workflow、secret、primary 或 Gitea disablement action" + ], + "blocked_processing": [ + "把 AwoooP tenants GitHub readiness 範圍當成 tenant policy approval 或 GitHub primary approval", + "從 AwoooP tenants 改 migration mode、改 tenant policy、建立 repo、改 visibility、sync/delete/force push refs 或收 secret value", + "從 AwoooP tenants 切 GitHub primary、停用 Gitea 或把 request-ready 當 owner response accepted" + ] + }, { "action_id": "mirror_low_friction_non_blocking_lanes", "title": "AwoooP 顯示低摩擦非阻擋升級分流", @@ -1930,7 +1958,8 @@ "S2.64 新增 AwoooP work-items GitHub Primary Readiness 只讀工作項;/awooop/work-items 顯示 candidate repos=8、in-scope=7、primary_ready_count=0、owner response 0/22、workflow inventory complete=0/7,並連回 /iwooos;runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把工作項當 GitHub primary approval、不建立 repo、不改 visibility、不 sync/delete/force push refs、不收 secret value、不切 primary、不停用 Gitea。", "S2.65 新增 AwoooP contracts GitHub Primary Readiness 合約只讀候選;/awooop/contracts 顯示 source_control_primary_readiness_gate_v1、source_control_owner_response_validation_rollup_v1、source_control_primary_rollback_adr_v1、source_control_workflow_secret_name_inventory_v1、iwooos_posture_projection_v1、candidate repos=8、in-scope=7、primary_ready_count=0、owner response 0/22、workflow inventory complete=0/7,並連回 /iwooos;runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把合約候選當 GitHub primary approval、不建立 repo、不改 visibility、不 sync/delete/force push refs、不收 secret value、不切 primary、不停用 Gitea。", "S2.66 新增 AwoooP approvals GitHub Primary Readiness 審批邊界;/awooop/approvals 顯示 S4.9=0/5、S4.10=0/7、S4.11=0/5、S4.12=0/5、primary_ready_count=0,並連回 /iwooos;approval_record_created=false、github_primary_approval_granted=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把 approvals 邊界當 GitHub primary approval、不建立 repo、不改 visibility、不 sync/delete/force push refs、不收 secret value、不切 primary、不停用 Gitea。", - "S2.67 新增 AwoooP home GitHub Primary Readiness 只讀摘要;/awooop 顯示 candidate repos=8、in-scope=7、primary_ready_count=0、owner response 0/22、workflow inventory complete=0/7,並連回 /iwooos;repo_creation_authorized=false、refs_mutation_authorized=false、secret_value_collection_allowed=false、github_primary_switch_authorized=false、gitea_disablement_authorized=false、runtime_execution_authorized=false、action_buttons_allowed=false、not_authorization=true,不把首頁摘要當 GitHub primary approval、不建立 repo、不改 visibility、不 sync/delete/force push refs、不收 secret value、不切 primary、不停用 Gitea。" + "S2.67 新增 AwoooP home GitHub Primary Readiness 只讀摘要;/awooop 顯示 candidate repos=8、in-scope=7、primary_ready_count=0、owner response 0/22、workflow inventory complete=0/7,並連回 /iwooos;repo_creation_authorized=false、refs_mutation_authorized=false、secret_value_collection_allowed=false、github_primary_switch_authorized=false、gitea_disablement_authorized=false、runtime_execution_authorized=false、action_buttons_allowed=false、not_authorization=true,不把首頁摘要當 GitHub primary approval、不建立 repo、不改 visibility、不 sync/delete/force push refs、不收 secret value、不切 primary、不停用 Gitea。", + "S2.68 新增 AwoooP tenants GitHub Primary Readiness 租戶範圍;/awooop/tenants 顯示 AWOOOI first tenant source-control scope、S4.9、S4.10、S4.12 owner scope refs、candidate repos=8、in-scope=7、owner response 0/22、tenant scope changes=0,並連回 /iwooos;tenant_source_control_scope_accepted=false、repo_owner_response_accepted=false、repo_creation_authorized=false、refs_mutation_authorized=false、github_primary_switch_authorized=false、gitea_disablement_authorized=false、tenant_policy_mutation_authorized=false、runtime_execution_authorized=false、action_buttons_allowed=false、not_authorization=true,不把租戶範圍當 tenant policy approval 或 GitHub primary approval、不改 migration mode、不改 tenant policy、不建立 repo、不改 visibility、不 sync/delete/force push refs、不收 secret value、不切 primary、不停用 Gitea。" ], "forbidden_actions": [ "start_kali_scan", diff --git a/scripts/security/security-mirror-progress-guard.py b/scripts/security/security-mirror-progress-guard.py index 7614e644..befc20f2 100755 --- a/scripts/security/security-mirror-progress-guard.py +++ b/scripts/security/security-mirror-progress-guard.py @@ -280,6 +280,7 @@ def validate(root: Path) -> None: "s2_65_awooop_contracts_github_primary_readiness_candidate", "s2_66_awooop_approvals_github_primary_readiness_boundary", "s2_67_awooop_home_github_primary_readiness_summary", + "s2_68_awooop_tenants_github_primary_readiness_scope", ] assert_equal( "progress_delta_ledger.delta_ids", @@ -384,6 +385,11 @@ def validate(root: Path) -> None: [item["action_id"] for item in rollup["next_safe_actions"] if isinstance(item, dict)], "show_awooop_home_github_primary_readiness_summary", ) + assert_contains( + "rollup.next_safe_actions.action_ids", + [item["action_id"] for item in rollup["next_safe_actions"] if isinstance(item, dict)], + "show_awooop_tenants_github_primary_readiness_scope", + ) assert_equal("rollout_policy.schema_version", rollout_policy["schema_version"], "security_rollout_policy_v1") assert_equal("rollout_policy.default_mode", rollout_policy["default_mode"], "observe") @@ -5224,6 +5230,60 @@ def validate(root: Path) -> None: key, ) + assert_text_contains( + "awooop_tenants_page.github_tenant_scope_panel", + awooop_tenants_page, + "GitHubTenantReadinessScopePanel", + ) + assert_text_contains( + "awooop_tenants_page.github_tenant_scope_metrics", + awooop_tenants_page, + "githubTenantReadinessMetrics", + ) + assert_text_contains( + "awooop_tenants_page.github_tenant_scope_iwooos_link", + awooop_tenants_page, + 'href="/iwooos"', + ) + for text in [ + "AWOOOI first tenant source-control scope", + "S4.9 Gitea inventory owner attestation", + "S4.10 GitHub target owner decision", + "S4.12 workflow / secret name owner response", + "tenant_source_control_scope_accepted=false", + "repo_owner_response_accepted=false", + "repo_creation_authorized=false", + "refs_mutation_authorized=false", + "github_primary_switch_authorized=false", + "gitea_disablement_authorized=false", + "tenant_policy_mutation_authorized=false", + "runtime_execution_authorized=false", + "action_buttons_allowed=false", + ]: + assert_text_contains("awooop_tenants_page.github_tenant_scope_boundary", awooop_tenants_page, text) + for key in [ + "title", + "subtitle", + "badge", + "openIwooos", + "scopeRefsTitle", + "boundaryLabel", + "boundaryTitle", + "boundaryDetail", + "metrics", + "scopeRefs", + ]: + assert_contains( + "web_messages.zh-TW.awooop.tenants.githubTenantReadinessScope", + list(web_messages_zh["awooop"]["tenants"]["githubTenantReadinessScope"].keys()), + key, + ) + assert_contains( + "web_messages.en.awooop.tenants.githubTenantReadinessScope", + list(web_messages_en["awooop"]["tenants"]["githubTenantReadinessScope"].keys()), + key, + ) + assert_text_contains( "awooop_runs_page.security_run_state_panel", awooop_runs_page,