docs(iwooos): 記錄 owner packet 前台正式驗證 [skip ci]

This commit is contained in:
Your Name
2026-06-14 17:55:50 +08:00
parent 16c6b98332
commit 798e9f57cd
4 changed files with 17 additions and 6 deletions

View File

@@ -14,9 +14,20 @@
- AwoooP desktop / mobile`/zh-TW/awooop?_v=owner-packet-sync-local-fixed3``200``目前有 3 包草案``目前 2 包 C0``high_value_config_owner_packet_count=3``high_value_config_owner_packet_c0_packet_count=2` 可見;水平溢位 `0`、卡片內操作控制 `0`、危險連結 `0`、工作溝通片語命中 `0`
- 本地 AwoooP preview 仍出現 platform API `404``Missing NEXT_PUBLIC_API_URL` console 訊息,判定為未接後端 API 的本機 dev preview 限制;正式部署後仍需 production route smoke 重驗。
**正式部署與 Browser smoke**
- Feature commit`e999c16b fix(iwooos): 同步高價值配置 owner packet 前台`
- Deploy marker`16c6b983 chore(cd): deploy e999c16 [skip ci]`
- Gitea runscode-review `2973` success、CD `2972` success。
- IwoooS production desktop `1440x1100``https://awoooi.wooo.work/zh-TW/iwooos?_v=16c6b983-owner-packet-sync-prod-desktop``200``三包草案``兩包 C0``草案 3``C0 / P0``high_value_config_owner_packet_count=3``high_value_config_owner_packet_c0_packet_count=2``runtime_gate_count=0``accepted_response_count=0` 可見console error `0`、page error `0`、HTTP 5xx `0`、水平溢位 `0`、卡片內操作控制 `0`、危險連結 `0`、工作溝通片語命中 `0`
- IwoooS production mobile `390x844`:同組正式 URL 回 `200`;展開 `高價值配置收件邊界` 後必要文字與 boundary keys 皆可見console error `0`、page error `0`、HTTP 5xx `0`、水平溢位 `0`、卡片內外凸元素 `0`、卡片內操作控制 `0`、危險連結 `0`、工作溝通片語命中 `0`
- AwoooP production desktop / mobile`https://awoooi.wooo.work/zh-TW/awooop?_v=16c6b983-owner-packet-sync-prod-*``200``目前有 3 包草案``目前 2 包 C0``high_value_config_owner_packet_count=3``high_value_config_owner_packet_c0_packet_count=2` 可見console error `0`、page error `0`、HTTP 5xx `0`、水平溢位 `0`、卡片內操作控制 `0`、危險連結 `0`、工作溝通片語命中 `0`
- In-app browser`/zh-TW/iwooos?_v=16c6b983-owner-packet-sync-prod-iab2``/zh-TW/awooop?_v=16c6b983-owner-packet-sync-prod-iab2` 均通過;必要文字與 boundary keys 可見、水平溢位 `false`、卡片內操作控制 `0`、危險連結 `0`、工作溝通片語命中 `0`
- 截圖:`/tmp/awoooi-owner-packet-sync-prod-iwooos-desktop-16c6b983.png``/tmp/awoooi-owner-packet-sync-prod-iwooos-mobile-16c6b983.png``/tmp/awoooi-owner-packet-sync-prod-awooop-desktop-16c6b983.png``/tmp/awoooi-owner-packet-sync-prod-awooop-mobile-16c6b983.png`
- Smoke JSON`/tmp/awoooi-owner-packet-sync-prod-smoke-16c6b983.json`
**完成度與邊界**
- Owner Packet 前台同步 local slice`100%`
- Production verification`0%`,待 commit / Gitea CD / 正式站 desktop + mobile smoke 後更新
- Production verification`100%`
- IwoooS 整體 headline 仍維持 `64%`;框架 / 只讀證據 / 前台可視化仍維持 `92%`runtime landing 仍維持 `40-45%`
- owner request sent、owner response received / accepted、live evidence、runtime gate、Nginx live config、`nginx -t`、reload、DNS / TLS live probe、certbot renew、ArgoCD sync、kubectl action、workflow / secret 修改、public route change、agent-bounty runtime、host write、active scan、production write 全部維持 `0 / false`

View File

@@ -7,7 +7,7 @@
| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Source Control Ref Truth Owner Response 收件包 + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + GitHub Target Owner Decision Response 收件包 + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Gitea Owner Attestation Approval Lane 對齊 + Gitea Owner Attestation Response 收件包 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Workflow / Secret Name Owner Response 收件包 + Source Control Owner Response Validation Rollup + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 + IwoooS 前端態勢入口 + IwoooS posture projection contract + IwoooS 既有前端資安頁面整合 + IwoooS 覆蓋與邊界矩陣 + IwoooS 只讀資安處理旅程 + IwoooS owner evidence readiness board + IwoooS host coverage view + IwoooS host action gate matrix + IwoooS host evidence readiness board + IwoooS host evidence collection order + IwoooS host evidence intake preflight + IwoooS host evidence review outcome lanes + IwoooS host evidence review handoff packets + IwoooS host evidence reviewer checklist + IwoooS host evidence reviewer outcome lanes + IwoooS host owner decision candidate packets + IwoooS host owner decision review checklist + IwoooS host owner decision review outcome lanes + IwoooS host owner decision record draft packets + IwoooS host owner decision record draft review checklist + IwoooS host owner decision record draft review outcome lanes + IwoooS host owner decision record write-up packets + IwoooS host owner decision record write-up review checklist + IwoooS host owner decision record write-up review outcome lanes + IwoooS host owner decision record formal candidate packets + IwoooS host owner decision record formal candidate review checklist + IwoooS host owner decision record formal candidate review outcome lanes + IwoooS host owner decision record formal record queue packets + IwoooS host owner decision record formal record queue review checklist + IwoooS host owner decision record formal record queue review outcome lanes + IwoooS host owner decision record human handoff readiness packets + IwoooS host owner decision record human handoff readiness review checklist + IwoooS host owner decision record human handoff readiness review outcome lanes + IwoooS host owner decision record human record owner review candidate packets + IwoooS host owner decision record human record owner review candidate checklist + IwoooS host owner decision record human record owner review candidate outcome lanes + IwoooS host owner decision record human record owner review preparation packets + IwoooS host owner decision record human record owner review preparation checklist + IwoooS progress acceleration lanes + IwoooS owner response next-action focus + IwoooS S4.9 owner response preflight + IwoooS S4.9 owner response request templates + IwoooS progress hold movement gates + IwoooS AwoooP read-only landing readiness + IwoooS AwoooP cross-session handoff packets + AwoooP 首頁 IwoooS 資安鏡像候選 + AwoooP 工作鏈路 IwoooS 資安鏡像候選 + AwoooP 審批佇列 IwoooS owner response 只讀焦點 |
| 本階段追加 | AwoooP 合約儀表板 IwoooS 資安契約只讀候選 + AwoooP 租戶管理 IwoooS 資安租戶範圍只讀候選 + AwoooP 執行監控 IwoooS 執行狀態只讀候選 + 既有安全 / 合規頁面 IwoooS 只讀反向橋接 + 告警 / 錯誤 / 授權 / 治理頁面 IwoooS 只讀反向橋接 + 稽核 / 工程審查頁面 IwoooS 深色只讀反向橋接 + IwoooS 前端資安頁面連接狀態板 + IwoooS GitHub 主要來源就緒度只讀狀態板 + AwoooP 工作鏈路 GitHub 主要來源就緒度只讀工作項 + AwoooP 合約儀表板 GitHub 主要來源就緒度合約只讀候選 + AwoooP 審批佇列 GitHub 主要來源就緒度審批邊界 + AwoooP 首頁 GitHub 主要來源就緒度只讀摘要 + AwoooP 租戶管理 GitHub 主要來源就緒度租戶範圍 + AwoooP 執行監控 GitHub 主要來源就緒度執行邊界 + IwoooS / AwoooP 資安可視區塊繁體中文呈現防護檢查 + AwoooP 執行詳情 / 審批詳情繁體中文呈現防護檢查 + AwoooP 首頁負責人回覆驗收總覽 + AwoooP 工作鏈路負責人回覆驗收只讀工作項 + AwoooP 合約儀表板負責人回覆驗收契約只讀候選 + AwoooP 審批佇列負責人回覆驗收只讀審查邊界 + AwoooP 租戶管理負責人回覆驗收租戶範圍 + AwoooP 執行監控負責人回覆驗收執行邊界 + AwoooP 執行詳情負責人回覆驗收詳情邊界 + AwoooP 審批決策負責人回覆驗收審批邊界 + IwoooS AwoooP 資安入口覆蓋狀態板 + IwoooS 階段式資安收斂節奏圖 + IwoooS 下一步人工收件作戰板 + IwoooS 人工回覆安全驗收閘道 + IwoooS 人工回覆審查結果分流 + IwoooS 人工決策準備佇列 + IwoooS 人工決策紀錄草稿防誤用 + IwoooS 人工決策正式紀錄負責人指派確認準備包 + IwoooS 人工決策正式紀錄負責人指派確認清單 + IwoooS 人工決策正式紀錄負責人指派確認結果分流 + IwoooS 人工決策正式紀錄負責人指派決策準備包 + IwoooS 人工決策正式紀錄負責人指派決策檢查清單 + IwoooS S4.9 負責人回覆封套欄位 + IwoooS S4.9 負責人回覆封套送件前檢查 + IwoooS S4.9 負責人回覆封套送件前結果分流 + IwoooS S4.9 負責人回覆送件請求草稿 + IwoooS S4.9 負責人回覆送件鏈路摘要 + IwoooS 低摩擦分階段收斂主控 + IwoooS 低摩擦下一步行動邊界 + IwoooS 64% 進度移動訊號驗收條 + IwoooS 第一個進度解鎖路徑 + IwoooS 第一解鎖證據包 + IwoooS 第一解鎖證據包預檢分流 + IwoooS 第一解鎖證據包補件路徑 + IwoooS 第一解鎖證據包補件送審前檢查 + IwoooS 第一解鎖證據包補件送審結果分流 + IwoooS 第一解鎖證據包 reviewer 指派準備包 + IwoooS 第一解鎖證據包 reviewer 指派前檢查 + IwoooS 第一解鎖證據包 reviewer 指派前檢查結果分流 + IwoooS 正式只讀 landing 與 Kali 112 只讀證據進度重估 |
| 本階段追加補充 | IwoooS 目前具體工作地圖 + IwoooS 目前具體交付清單 + IwoooS 目前阻塞與解除條件 + IwoooS 三軸進度與全產品套用範圍 + IwoooS 全產品分階段套用台帳 + IwoooS 全產品 rollout 波次驗收門檻 + IwoooS 全產品 rollout 驗收結果分流 + IwoooS 全產品證據接線地圖 + IwoooS 全產品證據接線預檢 + IwoooS 全產品證據接線預檢結果分流 + IwoooS 全產品預檢補件回收台帳 + IwoooS 全產品補件重試門檻 + IwoooS 全產品重試結果分流 + IwoooS 全產品人工審查候選準備 + IwoooS 全產品人工審查候選預檢 + IwoooS 全產品人工審查候選預檢結果分流 + IwoooS 全產品人工審查候選預檢補件回收台帳 + IwoooS 全產品人工審查候選預檢補件重試門檻 + IwoooS 全產品只讀套用快照 + P2-145 owner response acceptance gate 正式驗證完成 |
| P0 追加 | IwoooS P0 配置控管優先序前台正式驗證完成Nginx public gateway、DNS / TLS / certbot、K8s / ArgoCD / production manifests、Workflow / runner / secret metadata、Public / admin / API runtime config、agent-bounty runtime / treasury 六類先列為即時風險配置;高價值配置 Gate 已補上 `k8s/nginx/**``scripts/ops/**/*cert*``scripts/ops/**/*tls*`sample 從 `matched=0 / C0=0` 收斂到 `matched=3 / C0=2`Gate 預設工作樹 preflight 已可讀取 staged / unstaged / untracked本地 smoke 對臨時 `k8s/nginx/*` 檔命中 C0Owner Packet snapshot 已同步為 `packets=3 / c0=2`Coverage snapshot 已同步最新 patternsIwoooS / AwoooP 前台 Owner Packet 摘要本地已同步 `packet=3 / c0=2`production verification 待 Gitea CD 後執行owner response / live evidence / runtime gate / action buttons 仍全部為 0 |
| P0 追加 | IwoooS P0 配置控管優先序前台正式驗證完成Nginx public gateway、DNS / TLS / certbot、K8s / ArgoCD / production manifests、Workflow / runner / secret metadata、Public / admin / API runtime config、agent-bounty runtime / treasury 六類先列為即時風險配置;高價值配置 Gate 已補上 `k8s/nginx/**``scripts/ops/**/*cert*``scripts/ops/**/*tls*`sample 從 `matched=0 / C0=0` 收斂到 `matched=3 / C0=2`Gate 預設工作樹 preflight 已可讀取 staged / unstaged / untracked本地 smoke 對臨時 `k8s/nginx/*` 檔命中 C0Owner Packet snapshot 已同步為 `packets=3 / c0=2`Coverage snapshot 已同步最新 patternsIwoooS / AwoooP 前台 Owner Packet 摘要已正式驗證 `packet=3 / c0=2`feature commit `e999c16b`、deploy marker `16c6b983`、Gitea code-review `2973` / CD `2972` successowner response / live evidence / runtime gate / action buttons 仍全部為 0 |
| 原則 | 低摩擦分階段文件、schema、read-only evidence 優先;不做 runtime enforcement、不切 primary |
| P0 主控板 | `docs/workplans/2026-06-04-iwooos-security-governance-p0.md` |
@@ -385,7 +385,7 @@ headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner respons
| S2.141 IwoooS 全產品只讀套用快照 | 完成草案 | `/iwooos` 預設展開區改放全產品 compact snapshot六類產品狀態一屏可讀完整三軸與 rollout 明細留在進階收合區 | 使用者能直接理解「所有專案產品都有套用但目前只讀、低摩擦、runtime ready 仍 0」這是 UI/UX 與可理解性推進headline 仍不提高 |
| P2-145 AI Agent Owner Response 驗收門檻 | 正式驗證完成 | `/governance?tab=automation-inventory` 新增 P2-145 owner response acceptance gate 卡片feature commit `386dbd07`、deploy marker `36fbfc6b`、Gitea code-review `2969` / CD `2968` success正式 API readback、in-app browser smoke、desktop / mobile smoke 已確認 P2-144 回讀基線、5 條驗收 gate lane、6 個驗收檢查、6 個拒收規則、5 個操作事項與 received / accepted / rejected / Gateway / Telegram / production write 全部 0 | 使用者與另一個 AwoooP Session 能確認下一關只建立驗收門檻;未收到合格、遮罩、欄位完整、可驗證來源的外部正式回覆前,不得建立 acceptance receipt、不得進 reviewer / Gateway queue、不得發 Telegram、不得開 runtime gateheadline 仍不提高 |
| P0 配置控管優先序前台 | 正式驗證完成 | `/iwooos` 新增 P0 配置控管優先序看板,集中顯示 Nginx public gateway、DNS / TLS / certbot、K8s / ArgoCD / production manifests、Workflow / runner / secret metadata、Public / admin / API runtime config、agent-bounty runtime / treasury 六類即時風險配置feature commit `e992af89`、deploy marker `ed651a98`、Gitea code-review `2971` / CD `2970` success本地與正式 in-app browser、desktop `1440x1100`、mobile `390x844` 檢查通過,新增看板操作控制 `0`、水平溢位 `0`、工作視窗片語命中 `0` | 使用者與另一個 AwoooP Session 能先看到哪些重要配置要優先被資安控管;這不是 Nginx live conf 讀取、`nginx -t`、reload、DNS / TLS probe、certbot renew、ArgoCD sync、kubectl、workflow / secret 修改、public route change、agent-bounty runtime、payout / withdrawal、production write 或 runtime gate |
| 高價值配置 Owner Packet 前台同步 | 本地完成,正式驗證待跑 | `/iwooos``/awooop` 已同步 owner packet snapshot顯示 `packet=3 / c0=2`、Nginx public gateway、DNS / TLS / certbot 與 security tooling 影響範圍;本地 desktop / mobile smoke 已確認必要文字與 boundary keys 可見、水平溢位 `0`、卡片內操作控制 `0`、危險連結 `0`、工作溝通片語命中 `0` | 這是前台 read-only projection 對齊,不是 owner request sent、owner response received / accepted、Nginx reload、certbot renew、DNS / TLS probe、workflow 修改、secret rotation、agent-bounty runtime、host write、active scan、production write 或 runtime gate正式站驗證需等 Gitea CD 完成 |
| 高價值配置 Owner Packet 前台同步 | 正式驗證完成 | `/iwooos``/awooop` 已同步 owner packet snapshot顯示 `packet=3 / c0=2`、Nginx public gateway、DNS / TLS / certbot 與 security tooling 影響範圍;feature commit `e999c16b`、deploy marker `16c6b983`、Gitea code-review `2973` / CD `2972` success本地與正式 desktop / mobile / in-app browser smoke 已確認必要文字與 boundary keys 可見、水平溢位 `0`、卡片內操作控制 `0`、危險連結 `0`、工作溝通片語命中 `0` | 這是前台 read-only projection 對齊,不是 owner request sent、owner response received / accepted、Nginx reload、certbot renew、DNS / TLS probe、workflow 修改、secret rotation、agent-bounty runtime、host write、active scan、production write 或 runtime gateheadline 仍不提高 |
| S3 approval gate | 進行中 | `security_approval_gate_v1` 已建立 8 個人工 gate items7 pending、1 block candidate、0 approved | 不得繞過人工批准;批准後仍需 follow-up runtime gate |
| S3.0 人工批准 Gate 契約 | 完成草案 | 定義批准範圍、決策選項、required reviewers、still forbidden 與 follow-up runtime gate | AwoooP 可記錄決策,不可執行 gate item |
| S3.1 人工決策紀錄契約 | 完成草案 | `security_approval_decision_record_v1` 已建立;目前 0 筆 decision records、0 個 runtime action 授權 | AwoooP 可稽核決策,不可把決策當執行 |

View File

@@ -685,7 +685,7 @@ Alert / Sentry / SigNoz / Gitea / Market Watch / Operator
| `docs/evaluations/ai_agent_result_capture_release_decision_owner_response_acceptance_gate_2026-06-14.json` + `GET /api/v1/agents/agent-result-capture-release-decision-owner-response-acceptance-gate` | P2-145 owner response acceptance gate承接 P2-144 readback建立 5 條 acceptance gate lane、18 個 required owner field、6 個 acceptance validation check、6 個 acceptance rejection guard、5 個 operator action、5 個 blocked no external response 與 5 個 no acceptable external responseruntime authority 固定 `result_capture_release_decision_owner_response_acceptance_gate_only_no_live_write`owner response received / accepted / rejected、redacted payload ingested、owner release authorized / approved、owner review approved、owner decision approved、verifier decision approved、maintenance window approved、rollback owner confirmed、release decision passed、release authorization granted、rollback release passed、live apply release passed、writer apply、execution apply、receipt write、reviewer queue write、Gateway queue write、Telegram send、Bot API call、result capture write、learning write、PlayBook trust write、production write、secret read 與 destructive action 全部 `0 / false`feature commit `386dbd07`、deploy marker `36fbfc6b`、Gitea code-review `2969` / CD `2968` success、本地 P2-144 + P2-145 owner response chain regression `16 passed`、JSON parse、Python compile、Web typecheck、guard、doc secret sanity、顯示值工作視窗污染掃描、i18n key parity 與 diff check 通過production API readback、in-app browser smoke、desktop / mobile smoke、水平溢位 `0`、P2-145 卡片操作控制 `0`、工作溝通片語命中 `0` 已完成,下一步 P2-146 acceptance receipt preview |
| `/zh-TW/iwooos` P0 配置控管優先序看板 | P0 配置控管優先序前台正式驗證完成;集中顯示 Nginx public gateway、DNS / TLS / certbot、K8s / ArgoCD / production manifests、Workflow / runner / secret metadata、Public / admin / API runtime config、agent-bounty runtime / treasury 六類即時風險配置owner response `0 / 0`、live evidence `0`、執行期 `0`、操作按鈕 `0`feature commit `e992af89`、deploy marker `ed651a98`、Gitea code-review `2971` / CD `2970` success本地與正式 in-app browser、desktop `1440x1100`、mobile `390x844` 檢查通過,新增看板水平溢位 `0`、看板內外凸元素 `0`、工作溝通片語命中 `0` | 這是高價值配置控管的可視化優先序,不是 Nginx live conf 讀取、`nginx -t`、reload、DNS / TLS probe、certbot renew、ArgoCD sync、kubectl、workflow / secret 修改、public route change、agent-bounty runtime、payout / withdrawal、production write 或 runtime gate |
| `scripts/security/high-value-config-change-gate.py` + `docs/security/high-value-config-change-gate.snapshot.json` + owner packet / coverage snapshots | P0 高價值配置 Gate pattern、工作樹 preflight、owner packet 與 coverage snapshot 同步本地完成;新增 `k8s/nginx/**``scripts/ops/**/*cert*``scripts/ops/**/*tls*`,讓 `k8s/nginx/awoooi-prod.conf` 命中 `nginx_public_gateway` P0 / C0`scripts/ops/188-registry-certbot-fix.sh``scripts/ops/fix-188-registry-certbot-renewal.sh` 命中 `dns_tls_certbot` P0 / C0補強前 sample `matched=0 / C0=0`,補強後 sample `matched=3 / C0=2`committed snapshot sample `changed_files=6``matched=6``categories=3``c0=2``c1=0`、strongest tier `C0`、strongest priority `P0`;預設模式已可讀取 staged / unstaged / untracked臨時 `k8s/nginx/*` smoke 命中 C0owner packet snapshot `packets=3 / c0=2 / runtime_gate=0`coverage snapshot `categories=14 / c0=8 / avg=66 / runtime_gate=0`owner evidence `provided=false / complete=false`runtime execution `false` | 這是 repo 內分類工具與快照補強,不是 Nginx live conf 讀取、`nginx -t`、reload、DNS / TLS live probe、certbot renew、主機寫入、workflow 修改、secret 收集、active scan、production write 或 runtime gate |
| `/zh-TW/iwooos` + `/zh-TW/awooop` 高價值配置 Owner Packet 前台同步 | 最新 owner packet snapshot 已投影到 IwoooS 與 AwoooP 前台,本地顯示 `packet=3 / c0=2`、最高命中 `C0 / P0`,並列出 Nginx public gateway、DNS / TLS / certbot 與 security tooling 影響範圍request sent、received、accepted、runtime gate、action buttons 仍全部為 `0`本地 desktop `1440x1100` 與 mobile `390x1000` smoke 已確認必要文字、boundary keys、水平溢位 `0`、卡片內操作控制 `0`、危險連結 `0`、工作溝通片語命中 `0`production verification 尚待 commit / Gitea CD / 正式站 smoke | 這是前台 read-only projection 對齊,不是 owner request sent、owner response received / accepted、Nginx reload、certbot renew、DNS / TLS probe、workflow 修改、secret rotation、agent-bounty runtime、host write、active scan、production write 或 runtime gate |
| `/zh-TW/iwooos` + `/zh-TW/awooop` 高價值配置 Owner Packet 前台同步 | 最新 owner packet snapshot 已投影到 IwoooS 與 AwoooP 前台,正式顯示 `packet=3 / c0=2`、最高命中 `C0 / P0`,並列出 Nginx public gateway、DNS / TLS / certbot 與 security tooling 影響範圍request sent、received、accepted、runtime gate、action buttons 仍全部為 `0`feature commit `e999c16b`、deploy marker `16c6b983`、Gitea code-review `2973` / CD `2972` success本地與正式 desktop / mobile / in-app browser smoke 已確認必要文字、boundary keys、水平溢位 `0`、卡片內操作控制 `0`、危險連結 `0`、工作溝通片語命中 `0` | 這是前台 read-only projection 對齊,不是 owner request sent、owner response received / accepted、Nginx reload、certbot renew、DNS / TLS probe、workflow 修改、secret rotation、agent-bounty runtime、host write、active scan、production write 或 runtime gate |
| `docs/evaluations/ai_agent_live_read_model_gate_2026-06-11.json` + `GET /api/v1/agents/agent-live-read-model-gate` | P2-403B AgentSession / Redis Streams live read model gate定義 safe fields、Redis envelope、worker gate、rollback plan 與 no-write smoke不連 DB、不讀寫 Redis、不啟動 worker |
#### 3.2.1c 2026-06-11 AI Agent 主動營運委派與版本生命週期契約
@@ -822,7 +822,7 @@ Repo / registry / release notes / K8s / host / observability / backup evidence
66. 建立 owner response acceptance gate。✅ P2-145 已完成並正式驗證;承接 P2-144 readback固定 acceptance gate lane `5`、required owner field `18`、acceptance validation check `6`、acceptance rejection guard `6`、operator action `5`、blocked no external response `5`、no acceptable external response `5`owner response received / accepted / rejected、redacted payload ingested、reviewer queue write、Gateway queue write、Telegram send、Bot API、result capture、learning、PlayBook trust、production write、secret read、destructive operation 仍為 `0 / false`feature commit `386dbd07`、deploy marker `36fbfc6b`、Gitea code-review `2969` / CD `2968` successP2-144 + P2-145 regression `16 passed`、JSON parse、Python compile、Web typecheck、guard、doc secret sanity、顯示值工作視窗污染掃描、i18n key parity、diff check、production API readback、in-app browser smoke、desktop / mobile smoke、水平溢位 `0`、P2-145 卡片操作控制 `0`、工作溝通片語命中 `0` 已完成。下一步 P2-146 acceptance receipt preview且必須等合格、遮罩、欄位完整、可驗證來源的外部正式回覆後才能建立 receipt preview。
67. 新增 P0 配置控管優先序前台可視化。✅ 正式驗證完成;`/zh-TW/iwooos` 已集中顯示 Nginx public gateway、DNS / TLS / certbot、K8s / ArgoCD / production manifests、Workflow / runner / secret metadata、Public / admin / API runtime config、agent-bounty runtime / treasury 六類即時風險配置owner response `0 / 0`、live evidence `0`、執行期 `0`、操作按鈕 `0`feature commit `e992af89`、deploy marker `ed651a98`、Gitea code-review `2971` / CD `2970` success本地與正式 in-app browser、desktop `1440x1100`、mobile `390x844` smoke 通過。這不是 Nginx live conf 讀取、`nginx -t`、reload、DNS / TLS probe、certbot renew、ArgoCD sync、kubectl、workflow / secret 修改、public route change、agent-bounty runtime、payout / withdrawal、production write 或 runtime gate。
68. 補強 P0 高價值配置 Gate path pattern、工作樹 preflight、owner packet 與 coverage snapshot。✅ 本地完成;`k8s/nginx/**``scripts/ops/**/*cert*``scripts/ops/**/*tls*` 已納入 high-value config classificationNginx public gateway 與 DNS / TLS / certbot sample 從 `matched=0 / C0=0` 收斂到 `matched=3 / C0=2`gate snapshot 顯示 `changed_files=6``matched=6``categories=3``c0=2``c1=0`;預設模式已可讀取 staged / unstaged / untracked臨時 `k8s/nginx/*` smoke 命中 C0owner packet snapshot `packets=3 / c0=2 / runtime_gate=0`coverage snapshot `categories=14 / c0=8 / avg=66 / runtime_gate=0`owner evidence 仍 `provided=false / complete=false`runtime execution 仍 `false`。這不是 live config read、`nginx -t`、reload、certbot renew、DNS / TLS probe、host write、active scan、workflow 修改、secret 收集、production write 或 runtime gate。
69. 同步高價值配置 Owner Packet 前台 projection。✅ 本地完成正式驗證待跑`/zh-TW/iwooos``/zh-TW/awooop` 已顯示 owner packet snapshot `packet=3 / c0=2`、最高命中 `C0 / P0`、Nginx public gateway、DNS / TLS / certbot 與 security tooling 影響範圍request sent、received、accepted、runtime gate 與 action buttons 仍為 `0`;本地 desktop / mobile smoke 已通過,水平溢位 `0`、卡片內操作控制 `0`、危險連結 `0`、工作溝通片語命中 `0`production verification 需等 Gitea CD 後補正式站 smoke不得因此調高 IwoooS headline。
69. 同步高價值配置 Owner Packet 前台 projection。✅ 完成正式驗證;`/zh-TW/iwooos``/zh-TW/awooop` 已顯示 owner packet snapshot `packet=3 / c0=2`、最高命中 `C0 / P0`、Nginx public gateway、DNS / TLS / certbot 與 security tooling 影響範圍;feature commit `e999c16b`、deploy marker `16c6b983`、Gitea code-review `2973` / CD `2972` successrequest sent、received、accepted、runtime gate 與 action buttons 仍為 `0`;本地與正式 desktop / mobile / in-app browser smoke 已通過,水平溢位 `0`、卡片內操作控制 `0`、危險連結 `0`、工作溝通片語命中 `0`。不得因此調高 IwoooS headline。
#### 3.2.1d 2026-06-11 Agent 互動、學習與成長證據面

View File

@@ -75,7 +75,7 @@
| P0-8 | Telegram no-action 人工處置包與操作入口 | 100% | no-action 卡片已新增人工處置包、證據補齊清單、AwoooP 修復候選建立步驟、verifier / KM / PlayBook 回寫提醒,並改成 `處置包``重診``歷史``靜默``真相鏈``Runs` 鍵盤;舊訊息不 retroactive 改寫 | 目標 pytest `64 passed + 44 passed`、py_compile、guard、production health、API / worker rollout、production pod render / keyboard smoke |
| P0-9 | MCP evidence -> PlayBook 修復候選產生 | D5 `88%` | 已補 webhook fallback 先建立 incident再收 MCP evidence、查 approved PlayBook、檢查 trust / command safety、產生 medium approval candidate 與 verifier planD1 追加通用兜底 PlayBook / 診斷型命令不可誤當修復、阻擋理由繁中化D2 在缺候選時產生 `repair_candidate_draft_package_v1``playbook_draft_required`、下一步與必填欄位D3 新增 `awooop_repair_candidate_draft_work_item_v1` read-only projection 與 Telegram `工作項目` deeplinkD4 讓 AwoooP Work Items 詳細呈現 PlayBook 草案處置板、必填欄位、阻擋原因、下一步、Runs / 審批連結D5 新增 `repair_candidate_coverage_gap_v1`,讓 blocked result 帶出 coverage key、target kind、blocking stage、必收 MCP evidence refs、PlayBook template fields 與 runtime 0 / false 邊界;下一步要補 MCP tool call/result 詳細證據面與真實告警 approval -> execution -> verifier -> KM / PlayBook 回寫 | 目標 pytest `7 passed`、py_compile、guard、diff check後續部署後需補 production health、API / worker rollout 與 production pod metadata render smokestatus-chain 後續仍必須看到 tool call、PlayBook id、risk gate、repair candidate、verifier plan |
| P0-10 | 高價值配置 Gate path coverage、工作樹 preflight、owner packet / coverage snapshot 補強 | 100% | 已將 `k8s/nginx/**``scripts/ops/**/*cert*``scripts/ops/**/*tls*` 納入 `high-value-config-change-gate.py`,讓 Nginx public gateway 與 DNS / TLS / certbot 既有路徑命中 P0 / C0預設模式可讀取 staged / unstaged / untracked避免本地 preflight 漏掉未提交配置owner packet 與 coverage snapshot 已同步最新 patternowner evidence 仍未提供runtime execution 仍 false | Gate sample`changed_files=6 matched=6 categories=3 c0=2 c1=0`;工作樹 smoke臨時 `k8s/nginx/*` 檔命中 C0owner packet`packets=3 c0=2 runtime_gate=0`coverage`categories=14 c0=8 avg=66 runtime_gate=0``py_compile`、snapshot JSON parse、progress guard、owner response guard、doc secret sanity、diff check |
| P0-11 | 高價值配置 Owner Packet 前台同步 | local 100%production 0% | `/zh-TW/iwooos``/zh-TW/awooop` 已同步 latest owner packet snapshot顯示 `packet=3 / c0=2`、Nginx public gateway、DNS / TLS / certbot 與 security tooling 影響範圍request sent、received、accepted、runtime gate 與 action buttons 仍全部為 `0` | 本地 desktop / mobile smokeIwoooS 與 AwoooP 均 HTTP `200`、必要文字與 boundary keys 可見、水平溢位 `0`、卡片內操作控制 `0`、危險連結 `0`、工作溝通片語命中 `0`正式驗證待 Gitea CD 後執行 |
| P0-11 | 高價值配置 Owner Packet 前台同步 | local 100%production 100% | `/zh-TW/iwooos``/zh-TW/awooop` 已同步 latest owner packet snapshot顯示 `packet=3 / c0=2`、Nginx public gateway、DNS / TLS / certbot 與 security tooling 影響範圍request sent、received、accepted、runtime gate 與 action buttons 仍全部為 `0` | Feature commit `e999c16b`、deploy marker `16c6b983`、Gitea code-review `2973` / CD `2972` success本地與正式 desktop / mobile / in-app browser smokeIwoooS 與 AwoooP 均 HTTP `200`、必要文字與 boundary keys 可見、水平溢位 `0`、卡片內操作控制 `0`、危險連結 `0`、工作溝通片語命中 `0`headline 不提高 |
## 3. S4.9 Owner Response Gate 規範