wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 4 Packages Projects Releases Wiki Activity

docs(security): 補開發主機 scope handoff [skip ci]

Browse Source
This commit is contained in:
Your Name
2026-06-04 20:40:37 +08:00
parent 65bdfd1de3
commit 920c9a2d41
6 changed files with 761 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
docs/LOGBOOK.md
View File

@@ -1,3 +1,42 @@
## 2026-06-04IwoooS P1-8 111 / 168 Dev Host Scope Handoff
**背景**P1-7 已把 Kali `192.168.0.112` 維護窗口草案推到 owner / reviewer 可審;本段接續 P1-8`192.168.0.111``192.168.0.168` 的開發主機 scope、credential handling、rollback owner 與 validation metrics。這是 observe-only handoff不登入主機、不 SSH、不 credentialed scan、不 active scan、不讀未授權目錄、不改 Ollama fallback route、不改 CORS / firewall / service。
**本輪完成**
- 新增 `docs/security/DEV-HOSTS-111-168-SCOPE-HANDOFF.md`:整理 111 fallback truth / model inventory / service posture 與 168 dev origin / repo hygiene / dev-only CORS / local service exposure 的 owner response 欄位、禁止輸入、維護窗口、rollback / disable 草案與 validation metrics。
- 新增 `docs/security/dev-hosts-111-168-scope-handoff.snapshot.json`:固定 `scope_handoff_completion_percent=100``host_execution_completion_percent=0`,並維持 `host_change_authorized=false``fallback_route_change_authorized=false``credentialed_scan_authorized=false``active_scan_authorized=false``secret_value_collection_authorized=false``runtime_execution_authorized=false`
- 新增 `docs/schemas/dev_host_scope_handoff_v1.schema.json`:讓 111 / 168 scope、credential handling、owner handoff、rollback 與 validation 指標有可驗契約。
- 更新 `DEV-HOSTS-112-111-168-OBSERVE-ONLY-MAPPING.md`:把 111 / 168 的 P1-8 handoff 串回主機 mapping並補「不可改 route / CORS / firewall / service、不可讀未授權資料、不可收 secret derivative」邊界。
- 更新 IwoooS P0/P1 主控總帳P1-8 scope handoff 標記 `100%`111 / 168 主機執行仍 `0%`IwoooS headline 仍 `64%`
**完成度更新**
- P1-8 111 / 168 dev host scope handoff`100%`
- 111 / 168 主機執行:`0%`
- host change authorized`false`
- fallback route change authorized`false`
- credentialed scan authorized`false`
- active scan authorized`false`
- secret value collection authorized`false`
- active runtime gate`0`
- IwoooS headline維持 `64%`,不因文件草案假性調高。
**驗證**
- `python3 -m json.tool docs/security/dev-hosts-111-168-scope-handoff.snapshot.json`:通過。
- `python3 -m json.tool docs/schemas/dev_host_scope_handoff_v1.schema.json`:通過。
- 本段自訂結構檢查:`DEV_HOST_SCOPE_HANDOFF_STRUCTURE_OK`
- `git diff --check`:通過。
- `python3 scripts/security/source-control-owner-response-guard.py --root .``SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`
- `python3 scripts/security/security-mirror-progress-guard.py --root .``SECURITY_MIRROR_PROGRESS_GUARD_OK`
- 新增 diff 行 credential pattern 檢查:`NO_ADDED_URL_CREDENTIAL_PATTERNS`
- staged 授權旗標檢查:`NO_UNEXPECTED_AUTHORIZATION_OR_COUNTER_INCREASE`
- Schema validator 限制:本地沒有 Python `jsonschema` / Node AJV 驗證器時,以 JSON parse、自訂結構檢查與既有 guard 補位。
- Production 頁面檢查:本段只改 docs / snapshot / schema / LOGBOOK未改 IwoooS 前端與 production 文案,不宣稱新的 production 狀態;沿用 P0 `/zh-TW/iwooos` desktop / mobile live sanity 與 AwoooP Runs i18n smoke 基準。
**目前邊界**
- `192.168.0.111` 只能作為 Ollama local fallback / model inventory / route truth observe-only evidence不得改 `OLLAMA_URL``OLLAMA_SECONDARY_URL``OLLAMA_FALLBACK_URL`、proxy route 或 model runtime。
- `192.168.0.168` 只能作為開發來源、repo hygiene、dev-only CORS 與 local service exposure 的 scope review不得讀個人資料、未授權目錄或改 CORS / firewall / service。
- credential / secret 類資料只接受脫敏 metadata pointerraw value、secret hash、masked token、partial token、截圖或個人憑證一律拒收或隔離。
## 2026-06-04IwoooS P1-7 Kali 112 Maintenance Window Draft
**背景**P1-5 rollback owner handoff 已推送;本段接續 P1-7針對 Kali `192.168.0.112` 已知缺口建立維護窗口草案。既有只讀證據顯示待更新套件 `1994``networking.service` failed、scanner service hardening `0 / 4`、reboot required `false`。本段只整理 owner / reviewer 可審的維護 handoff不登入主機、不更新、不重啟、不 restart、不套 hardening、不 active scan、不呼叫 `/execute`

252
docs/schemas/dev_host_scope_handoff_v1.schema.json Normal file
View File

@@ -0,0 +1,252 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "urn:awoooi:dev-host-scope-handoff-v1",
"title": "Dev Host 111 / 168 Scope Handoff v1",
"description": "定義 192.168.0.111 / 192.168.0.168 開發主機 scope、credential handling、owner handoff、rollback 與 validation 指標。此契約不授權 SSH、credentialed scan、active scan、host change、fallback route change 或 runtime execution。",
"type": "object",
"required": [
"schema_version",
"status",
"date",
"mode",
"source_evidence_refs",
"summary",
"hosts",
"owner_response_handoff",
"credential_handling",
"validation_metrics",
"acceptance_rules",
"forbidden_actions"
],
"properties": {
"schema_version": {
"const": "dev_host_scope_handoff_v1"
},
"status": {
"type": "string",
"enum": ["draft_waiting_owner_review"]
},
"date": {
"type": "string"
},
"mode": {
"type": "string",
"enum": ["scope_handoff_only"]
},
"source_evidence_refs": {
"type": "array",
"items": {"type": "string"},
"minItems": 1
},
"summary": {
"type": "object",
"required": [
"hosts",
"asset_keys",
"scope_handoff_package_ready",
"scope_handoff_completion_percent",
"host_execution_completion_percent",
"owner_response_received",
"owner_response_accepted",
"host_change_authorized",
"fallback_route_change_authorized",
"credentialed_scan_authorized",
"active_scan_authorized",
"secret_value_collection_authorized",
"runtime_execution_authorized",
"action_buttons_allowed"
],
"properties": {
"hosts": {
"type": "array",
"items": {"type": "string"},
"minItems": 2
},
"asset_keys": {
"type": "array",
"items": {"type": "string"},
"minItems": 2
},
"scope_handoff_package_ready": {"type": "boolean"},
"scope_handoff_completion_percent": {"type": "integer", "minimum": 0, "maximum": 100},
"host_execution_completion_percent": {"type": "integer", "const": 0},
"owner_response_received": {"type": "boolean", "const": false},
"owner_response_accepted": {"type": "boolean", "const": false},
"host_change_authorized": {"type": "boolean", "const": false},
"fallback_route_change_authorized": {"type": "boolean", "const": false},
"credentialed_scan_authorized": {"type": "boolean", "const": false},
"active_scan_authorized": {"type": "boolean", "const": false},
"secret_value_collection_authorized": {"type": "boolean", "const": false},
"runtime_execution_authorized": {"type": "boolean", "const": false},
"action_buttons_allowed": {"type": "boolean", "const": false}
},
"additionalProperties": false
},
"hosts": {
"type": "array",
"items": {
"type": "object",
"required": [
"host",
"asset_key",
"role",
"mode",
"scope_lanes",
"maintenance_window",
"rollback_plan_draft"
],
"properties": {
"host": {"type": "string"},
"asset_key": {"type": "string"},
"role": {"type": "string"},
"mode": {"type": "string", "enum": ["observe_only"]},
"scope_lanes": {
"type": "array",
"items": {
"type": "object",
"required": ["lane_id", "description", "validation_metrics", "current_authorized"],
"properties": {
"lane_id": {"type": "string"},
"description": {"type": "string"},
"validation_metrics": {
"type": "array",
"items": {"type": "string"},
"minItems": 1
},
"current_authorized": {"type": "boolean", "const": false}
},
"additionalProperties": false
},
"minItems": 1
},
"maintenance_window": {
"type": "object",
"required": ["window_status", "allowed_metadata", "forbidden_actions"],
"properties": {
"window_status": {"type": "string", "enum": ["waiting_owner_selection"]},
"allowed_metadata": {
"type": "array",
"items": {"type": "string"},
"minItems": 1
},
"forbidden_actions": {
"type": "array",
"items": {"type": "string"},
"minItems": 1
}
},
"additionalProperties": false
},
"rollback_plan_draft": {
"type": "array",
"items": {
"type": "object",
"required": ["rollback_item", "required_evidence", "owner_status"],
"properties": {
"rollback_item": {"type": "string"},
"required_evidence": {
"type": "array",
"items": {"type": "string"},
"minItems": 1
},
"owner_status": {"type": "string", "enum": ["waiting_owner_assignment"]}
},
"additionalProperties": false
},
"minItems": 1
}
},
"additionalProperties": false
},
"minItems": 2
},
"owner_response_handoff": {
"type": "object",
"required": [
"status",
"request_dispatch_authorized",
"required_response_fields",
"allowed_decisions",
"forbidden_inputs",
"response_received",
"response_accepted"
],
"properties": {
"status": {"type": "string", "enum": ["ready_not_dispatched"]},
"request_dispatch_authorized": {"type": "boolean", "const": false},
"required_response_fields": {
"type": "array",
"items": {"type": "string"},
"minItems": 1
},
"allowed_decisions": {
"type": "array",
"items": {"type": "string"},
"minItems": 1
},
"forbidden_inputs": {
"type": "array",
"items": {"type": "string"},
"minItems": 1
},
"response_received": {"type": "boolean", "const": false},
"response_accepted": {"type": "boolean", "const": false}
},
"additionalProperties": false
},
"credential_handling": {
"type": "object",
"required": [
"policy",
"allowed_evidence",
"forbidden_evidence",
"quarantine_required_on_plaintext_credential",
"secret_value_collection_authorized"
],
"properties": {
"policy": {"type": "string", "enum": ["metadata_only_no_secret_value"]},
"allowed_evidence": {
"type": "array",
"items": {"type": "string"},
"minItems": 1
},
"forbidden_evidence": {
"type": "array",
"items": {"type": "string"},
"minItems": 1
},
"quarantine_required_on_plaintext_credential": {"type": "boolean"},
"secret_value_collection_authorized": {"type": "boolean", "const": false}
},
"additionalProperties": false
},
"validation_metrics": {
"type": "array",
"items": {
"type": "object",
"required": ["host", "metrics"],
"properties": {
"host": {"type": "string"},
"metrics": {
"type": "array",
"items": {"type": "string"},
"minItems": 1
}
},
"additionalProperties": false
},
"minItems": 2
},
"acceptance_rules": {
"type": "array",
"items": {"type": "string"},
"minItems": 1
},
"forbidden_actions": {
"type": "array",
"items": {"type": "string"},
"minItems": 1
}
},
"additionalProperties": false
}

130
docs/security/DEV-HOSTS-111-168-SCOPE-HANDOFF.md Normal file
View File

@@ -0,0 +1,130 @@
# 111 / 168 開發主機 Scope Handoff
| 項目 | 內容 |
|------|------|
| 日期 | 2026-06-04 |
| 狀態 | 草案,等待 owner review |
| Hosts | `192.168.0.111``192.168.0.168` |
| Asset keys | `host:dev-ai-111``host:dev-workstation-168` |
| Schema | `docs/schemas/dev_host_scope_handoff_v1.schema.json` |
| Snapshot | `docs/security/dev-hosts-111-168-scope-handoff.snapshot.json` |
| 上游證據 | `docs/security/DEV-HOSTS-112-111-168-OBSERVE-ONLY-MAPPING.md``docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md` |
| 模式 | `scope_handoff_only` |
| 執行面授權 | `false` |
## 0. 核心結論
P1-8 補的是 `192.168.0.111``192.168.0.168` 的開發主機 scope / credential / rollback / validation handoff。這不是主機維護批准、不是 credentialed scan、不是 active scan也不是 Ollama fallback route 變更。
本階段只把 owner / reviewer 未來需要看的資料整理成只讀封套:
| 主機 | 角色 | 本階段輸出 | 仍未授權 |
|------|------|------------|----------|
| `192.168.0.111` | Local AI / Ollama fallback / 開發輔助主機 | fallback route truth、model inventory、service posture、SSH policy posture、AI route smoke 指標 | 停止模型、重啟服務、改 fallback route、credentialed scan、active scan |
| `192.168.0.168` | 開發工作站 / local development origin | repo hygiene、dev-only CORS、local service exposure、credential refusal、rollback / disable note | 讀取未授權目錄、掃描個人資料、credentialed scan、CORS / firewall / service 變更 |
## 1. 摘要
| 指標 | 值 |
|------|----|
| dev host scope handoff package | `ready` |
| package completion | `100%` |
| host change authorized | `false` |
| fallback route change authorized | `false` |
| credentialed scan authorized | `false` |
| active scan authorized | `false` |
| secret value collection authorized | `false` |
| owner response received / accepted | `false / false` |
| host execution completion | `0%` |
## 2. Owner Response Handoff
此 handoff 只讓 AwoooP 或 reviewer 請 owner 補開發主機 scope metadata。它不是 request sent、不是 approval queue也不是可執行動作。
### 2.1 必填欄位
| 欄位 | 說明 |
|------|------|
| `owner_role_or_team` | Dev Host Steward 或實際維護角色 / 團隊 |
| `host_scope_boundary` | 允許觀察的路徑、服務、repo、port 類型與排除範圍 |
| `decision` | 允許值:`confirm_observe_only``defer``reject``request_more_evidence` |
| `decision_reason` | 為何接受 / 延後 / 拒絕此只讀 scope |
| `affected_scope` | 影響主機、服務、repo、Ollama route、CORS 或 local origin |
| `maintenance_window_expectation` | 若未來要維護owner 需指定台北時間窗口;目前不得自動指定 |
| `credential_handling_confirmation` | 確認只收 present / absent、脫敏 metadata pointer不收 secret value |
| `rollback_owner` | 未來停用、回復 route、回復 CORS、停止觀察或撤回 evidence 的 owner |
| `validation_metrics_owner` | post-check / smoke / evidence readback 的 owner |
| `redacted_evidence_refs` | 只填文件、snapshot、ticket、hash 或脫敏 metadata pointer |
| `followup_owner` | 補件、拒收或下一階段 owner |
### 2.2 禁止輸入
| 類型 | 規則 |
|------|------|
| credential | 不貼模型 API key、SSH 密碼、private key、token value、cookie、session、authorization header、personal credential |
| secret derivative | 不貼可還原 secret 的 hash、masked token、partial token 或截圖 |
| host command | 不貼 SSH command、service restart、firewall change、model stop / pull / delete、CORS apply command |
| scan request | 不把 active scan、credentialed scan、個人資料掃描或未授權目錄讀取包進 scope |
| runtime action | 不新增 AwoooP action button不開 runtime blocking control不改 fallback route |
## 3. Host Scope 草案
| Host | Scope lane | 目的 | 目前授權 |
|------|------------|------|----------|
| `192.168.0.111` | Ollama fallback truth | 對齊 ADR-110 三層路由與 local fallback 事實來源,確認 evidence ref 與 owner | `false` |
| `192.168.0.111` | model inventory posture | 只收模型清單摘要、模型數量、版本 / tag metadata 與 list hash不收 prompt、token 或私有資料 | `false` |
| `192.168.0.111` | service / SSH policy posture | 只收服務狀態摘要與 SSH policy posture不登入、不改 service | `false` |
| `192.168.0.168` | local development origin | 確認 168 作為本機開發來源、preview origin、dev-only CORS 候選,不改 runtime | `false` |
| `192.168.0.168` | repo hygiene | 只收 repo 層級 hygiene 摘要、secret scan summary、dirty worktree policy不讀未授權目錄 | `false` |
| `192.168.0.168` | local service exposure | 只收服務清單摘要、port 類型、owner 與 disable note不做 port scan 或 firewall 變更 | `false` |
## 4. Credential Handling
1. 只能記錄 `present` / `absent`、owner role、scope、來源文件或脫敏 evidence ref。
2. 不保存、回顯或轉貼任何 secret value、private key、token、cookie、session、authorization header、model API key、SSH password 或個人憑證。
3. 若 evidence 夾帶 raw credential必須隔離為 `quarantine_required`,不得納入 snapshot。
4. 若需要 credentialed scan必須另開獨立人工批准、credential handling plan、audit trail、rollback 與 post-check本 handoff 不授權。
5. 168 的個人目錄、私有資料夾、瀏覽器 profile、通訊軟體資料與未授權 repo 預設排除。
## 5. 維護窗口草案
| Host | 維護窗口狀態 | 本階段允許 | 本階段禁止 |
|------|--------------|------------|------------|
| `192.168.0.111` | `waiting_owner_selection` | owner 指定未來低流量窗口、停止條件、rollback owner、route validation 指標 | 停止模型、重啟 Ollama、pull / delete model、改 `OLLAMA_*` route、改 firewall |
| `192.168.0.168` | `waiting_owner_selection` | owner 指定未來 repo hygiene / local service review 窗口、排除範圍、disable note | credentialed scan、讀私有目錄、改 CORS、關閉服務、改本機防火牆 |
## 6. Rollback / Disable 草案
| Host | rollback / disable item | 需要證據 | owner 狀態 |
|------|-------------------------|----------|------------|
| `192.168.0.111` | fallback route rollback | route before / after refs、fallback owner、AI route smoke、stop condition | waiting owner assignment |
| `192.168.0.111` | model service rollback | service state ref、model inventory hash before / after、operator notice owner | waiting owner assignment |
| `192.168.0.168` | dev CORS rollback | current allowed origins ref、candidate change note、disable owner、browser smoke plan | waiting owner assignment |
| `192.168.0.168` | local service disable / restore | service list summary、owner、restore note、post-check ref | waiting owner assignment |
## 7. Validation Metrics
| Host | 指標 | 說明 |
|------|------|------|
| `192.168.0.111` | Ollama route truth | GCP-A、GCP-B、local 111 fallback 的設定與 health evidence ref 是否一致 |
| `192.168.0.111` | fallback availability | local fallback 可用性摘要,不等於可改路由或重啟服務 |
| `192.168.0.111` | model list hash | 模型清單摘要 / hash用於漂移判讀不保存 prompt 或資料內容 |
| `192.168.0.111` | service status | Ollama / proxy / AI route 相關服務狀態摘要 |
| `192.168.0.111` | AI route smoke | 只讀 smoke evidence ref若要實際改 route 必須另行批准 |
| `192.168.0.168` | repo secret scan summary | repo 層級摘要;不得收 secret value、partial token 或私人目錄內容 |
| `192.168.0.168` | local service list summary | owner 提供或授權的 local service summary不做未批准 port scan |
| `192.168.0.168` | CORS origin review | dev-only origin 是否與 production public domain 邊界一致 |
| `192.168.0.168` | rollback / disable note | 若未來需關閉 dev exposure 或回復設定owner 與步驟是否已指定 |
## 8. 驗收規則
1. 本 handoff 完成不代表 owner response 已收到、已接受或已批准。
2. `192.168.0.111` 的 fallback route truth 只能作為 observe-only evidence不得改 `OLLAMA_URL``OLLAMA_SECONDARY_URL``OLLAMA_FALLBACK_URL` 或任何 proxy route。
3. `192.168.0.168` 的 repo / CORS / service exposure 只能作為 scope review不得讀取未授權目錄或個人資料。
4. 所有 credential / secret 類資料只能記錄脫敏 metadataraw value 一律拒收或隔離。
5. 維護窗口、rollback owner、validation owner 到齊前,不得做 host change、service restart、active scan、credentialed scan 或 runtime gate。
6. 未來 post-check 失敗只能建立人工 follow-up不得自動修復。
## 9. 階段定位
P1-8 只把 111 / 168 從「observe-only mapping 已宣告」推到「owner / reviewer 可照表審 scope、credential、rollback 與 validation」。它不改主機、不改 AI route、不開 runtime gate、不啟動掃描也不提高 IwoooS headline 64%。

21
docs/security/DEV-HOSTS-112-111-168-OBSERVE-ONLY-MAPPING.md
View File

@@ -3,7 +3,7 @@
| 項目 | 內容 |
|------|------|
| 日期 | 2026-06-04 |
| 狀態 | observe-only mapping + 維護準備規範;尚未寫入 DB / inventory seed |
| 狀態 | observe-only mapping + 維護準備 / scope handoff 規範;尚未寫入 DB / inventory seed |
| 範圍 | Kali 資安主機與兩台開發主機 |
| 上游 | `docs/security/KALI-SECURITY-MESH-BLUEPRINT.md` |
@@ -37,10 +37,21 @@
| Host | scope | maintenance window | credential handling | rollback owner | validation 指標 |
|------|-------|--------------------|---------------------|----------------|-----------------|
| `192.168.0.112` | Kali scanner health、tool version、package posture、`networking.service`、service hardening readinessP1-7 草案見 `KALI-112-MAINTENANCE-WINDOW-DRAFT.md` | 待人工指定目前不得更新、重啟、hardening 或 active scan | SSH key / token 狀態只可記錄 present / absent不得保存密碼、token value、private key | Security Supply Chain 指派後才可動作 | scanner health、node exporter、wg-easy、pending updates、failed services、reboot required、post-check screenshot / log ref |
| `192.168.0.111` | Ollama fallback、model inventory、host reachability、SSH policy posture、fallback readiness | 待人工指定;目前不得停止模型、重啟服務或改 fallback route | 不收模型 API key、SSH 密碼private key只保存脫敏 evidence ref | Dev Host Steward 指派後才可動作 | Ollama route truth、fallback availability、model list hash、service status、AI route smoke |
| `192.168.0.168` | local development origin、repo hygiene、dev-only CORS、local service exposure | 待人工指定;目前不得 credentialed scan讀取未授權目錄 | 不收個人憑證、不讀私有目錄、不保存 secrets value | Dev Host Steward 指派後才可動作 | repo secret scan summary、local service list summary、CORS origin review、rollback / disable note |
| `192.168.0.111` | Ollama fallback、model inventory、host reachability、SSH policy posture、fallback readinessP1-8 草案見 `DEV-HOSTS-111-168-SCOPE-HANDOFF.md` | 待人工指定;目前不得停止模型、重啟服務或改 fallback route | 不收模型 API key、SSH 密碼private key、token、cookie、authorization header 或任何可還原 secret derivative;只保存脫敏 evidence ref | Dev Host Steward 指派後才可動作 | Ollama route truth、fallback availability、model list hash、service status、AI route smoke |
| `192.168.0.168` | local development origin、repo hygiene、dev-only CORS、local service exposureP1-8 草案見 `DEV-HOSTS-111-168-SCOPE-HANDOFF.md` | 待人工指定;目前不得 credentialed scan讀取未授權目錄、讀個人資料或改 CORS / firewall / service | 不收個人憑證、不讀私有目錄、不保存 secrets value、secret hash、masked token 或 partial token | Dev Host Steward 指派後才可動作 | repo secret scan summary、local service list summary、CORS origin review、rollback / disable note |
## 1.2 目前已知 112 缺口
## 1.2 目前已知 111 / 168 缺口
| 缺口 | 狀態 | 邊界 |
|------|------|------|
| `192.168.0.111` Ollama fallback route truth | P1-8 scope handoff 已建立owner response 未收 | 不改 `OLLAMA_URL``OLLAMA_SECONDARY_URL``OLLAMA_FALLBACK_URL`、proxy route 或 model runtime |
| `192.168.0.111` model inventory posture | 只允許收模型清單摘要 / hash 與 owner evidence ref | 不收 prompt、token、API key、私有資料或模型操作命令 |
| `192.168.0.111` service / SSH policy posture | 只允許收服務狀態摘要與 policy posture | 不 SSH、不 restart、不改 firewall、不停止模型 |
| `192.168.0.168` local development origin | P1-8 scope handoff 已建立owner response 未收 | 不改 dev-only CORS、不改 production route、不把 local origin 當 production 授權 |
| `192.168.0.168` repo hygiene / secret summary | 只允許 repo 層級摘要與脫敏 evidence ref | 不讀未授權目錄、不收 secret value / hash / partial token、不掃描個人資料 |
| `192.168.0.168` local service exposure | 只允許 owner 提供或授權的 service summary | 不 port scan、不改 firewall、不停止服務 |
## 1.3 目前已知 112 缺口
| 缺口 | 狀態 | 邊界 |
|------|------|------|
@@ -104,4 +115,4 @@ AwoooP 初期不做:
## 6. IwoooS 顯示邊界
IwoooS 可以顯示 112 / 111 / 168 的 observe-only 狀態、維護準備欄位、缺口與下一步但不得顯示或提供任何會直接觸發主機命令、掃描、更新、重啟、hardening、credentialed scan、firewall/RBAC/NetworkPolicy 修改或 `/execute` 的 action button。
IwoooS 可以顯示 112 / 111 / 168 的 observe-only 狀態、維護準備欄位、scope handoff、缺口與下一步但不得顯示或提供任何會直接觸發主機命令、掃描、更新、重啟、hardening、credentialed scan、fallback route change、CORS / firewall / service 修改、firewall/RBAC/NetworkPolicy 修改或 `/execute` 的 action button。

311
docs/security/dev-hosts-111-168-scope-handoff.snapshot.json Normal file
View File

@@ -0,0 +1,311 @@
{
"schema_version": "dev_host_scope_handoff_v1",
"status": "draft_waiting_owner_review",
"date": "2026-06-04",
"mode": "scope_handoff_only",
"source_evidence_refs": [
"docs/security/DEV-HOSTS-112-111-168-OBSERVE-ONLY-MAPPING.md",
"docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md",
"docs/security/IWOOOS-POSTURE-PROJECTION.md",
"docs/workplans/2026-06-04-iwooos-security-governance-p0.md",
"/Users/ogt/.claude/projects/-Users-ogt-awoooi/memory/feedback_ollama_111_only.md",
"/Users/ogt/.claude/projects/-Users-ogt-awoooi/memory/feedback_secret_debug_output_ban.md",
"/Users/ogt/.claude/projects/-Users-ogt-awoooi/memory/feedback_ssh_command_security.md"
],
"summary": {
"hosts": [
"192.168.0.111",
"192.168.0.168"
],
"asset_keys": [
"host:dev-ai-111",
"host:dev-workstation-168"
],
"scope_handoff_package_ready": true,
"scope_handoff_completion_percent": 100,
"host_execution_completion_percent": 0,
"owner_response_received": false,
"owner_response_accepted": false,
"host_change_authorized": false,
"fallback_route_change_authorized": false,
"credentialed_scan_authorized": false,
"active_scan_authorized": false,
"secret_value_collection_authorized": false,
"runtime_execution_authorized": false,
"action_buttons_allowed": false
},
"hosts": [
{
"host": "192.168.0.111",
"asset_key": "host:dev-ai-111",
"role": "Local AI / Ollama fallback / 開發輔助主機",
"mode": "observe_only",
"scope_lanes": [
{
"lane_id": "ollama-fallback-truth",
"description": "對齊 ADR-110 三層路由與 local fallback 事實來源,確認 evidence ref 與 owner。",
"validation_metrics": [
"Ollama route truth",
"fallback availability",
"AI route smoke"
],
"current_authorized": false
},
{
"lane_id": "model-inventory-posture",
"description": "只收模型清單摘要、模型數量、版本 / tag metadata 與 list hash不收 prompt、token 或私有資料。",
"validation_metrics": [
"model list hash",
"model tag summary",
"inventory owner ref"
],
"current_authorized": false
},
{
"lane_id": "service-ssh-policy-posture",
"description": "只收服務狀態摘要與 SSH policy posture不登入、不改 service。",
"validation_metrics": [
"service status summary",
"SSH policy posture",
"rollback owner ref"
],
"current_authorized": false
}
],
"maintenance_window": {
"window_status": "waiting_owner_selection",
"allowed_metadata": [
"future low-traffic window",
"stop condition",
"rollback owner",
"route validation metrics"
],
"forbidden_actions": [
"stop_model",
"restart_ollama",
"pull_model",
"delete_model",
"change_ollama_route",
"change_firewall"
]
},
"rollback_plan_draft": [
{
"rollback_item": "fallback route rollback",
"required_evidence": [
"route before / after refs",
"fallback owner",
"AI route smoke",
"stop condition"
],
"owner_status": "waiting_owner_assignment"
},
{
"rollback_item": "model service rollback",
"required_evidence": [
"service state ref",
"model inventory hash before / after",
"operator notice owner"
],
"owner_status": "waiting_owner_assignment"
}
]
},
{
"host": "192.168.0.168",
"asset_key": "host:dev-workstation-168",
"role": "開發工作站 / local development origin",
"mode": "observe_only",
"scope_lanes": [
{
"lane_id": "local-development-origin",
"description": "確認 168 作為本機開發來源、preview origin、dev-only CORS 候選,不改 runtime。",
"validation_metrics": [
"CORS origin review",
"local origin owner ref",
"production boundary note"
],
"current_authorized": false
},
{
"lane_id": "repo-hygiene",
"description": "只收 repo 層級 hygiene 摘要、secret scan summary、dirty worktree policy不讀未授權目錄。",
"validation_metrics": [
"repo secret scan summary",
"repo owner ref",
"dirty worktree policy"
],
"current_authorized": false
},
{
"lane_id": "local-service-exposure",
"description": "只收服務清單摘要、port 類型、owner 與 disable note不做 port scan 或 firewall 變更。",
"validation_metrics": [
"local service list summary",
"service owner ref",
"rollback / disable note"
],
"current_authorized": false
}
],
"maintenance_window": {
"window_status": "waiting_owner_selection",
"allowed_metadata": [
"future repo hygiene review window",
"future local service review window",
"excluded directories",
"disable note owner"
],
"forbidden_actions": [
"credentialed_scan",
"read_private_directory",
"change_cors",
"stop_service",
"change_local_firewall"
]
},
"rollback_plan_draft": [
{
"rollback_item": "dev CORS rollback",
"required_evidence": [
"current allowed origins ref",
"candidate change note",
"disable owner",
"browser smoke plan"
],
"owner_status": "waiting_owner_assignment"
},
{
"rollback_item": "local service disable / restore",
"required_evidence": [
"service list summary",
"owner",
"restore note",
"post-check ref"
],
"owner_status": "waiting_owner_assignment"
}
]
}
],
"owner_response_handoff": {
"status": "ready_not_dispatched",
"request_dispatch_authorized": false,
"required_response_fields": [
"owner_role_or_team",
"host_scope_boundary",
"decision",
"decision_reason",
"affected_scope",
"maintenance_window_expectation",
"credential_handling_confirmation",
"rollback_owner",
"validation_metrics_owner",
"redacted_evidence_refs",
"followup_owner"
],
"allowed_decisions": [
"confirm_observe_only",
"defer",
"reject",
"request_more_evidence"
],
"forbidden_inputs": [
"model API key value",
"SSH password",
"private key",
"token value",
"cookie",
"session",
"authorization header",
"personal credential",
"secret hash",
"masked token",
"partial token",
"command to execute",
"service restart request",
"firewall change request",
"model stop request",
"CORS apply request",
"active scan request",
"credentialed scan request",
"private directory content"
],
"response_received": false,
"response_accepted": false
},
"credential_handling": {
"policy": "metadata_only_no_secret_value",
"allowed_evidence": [
"present / absent",
"owner role",
"scope",
"document ref",
"ticket ref",
"redacted metadata pointer"
],
"forbidden_evidence": [
"secret value",
"private key",
"token",
"cookie",
"session",
"authorization header",
"model API key",
"SSH password",
"personal credential",
"reversible secret hash",
"partial token",
"raw screenshot containing credential"
],
"quarantine_required_on_plaintext_credential": true,
"secret_value_collection_authorized": false
},
"validation_metrics": [
{
"host": "192.168.0.111",
"metrics": [
"Ollama route truth",
"fallback availability",
"model list hash",
"service status",
"AI route smoke"
]
},
{
"host": "192.168.0.168",
"metrics": [
"repo secret scan summary",
"local service list summary",
"CORS origin review",
"rollback / disable note"
]
}
],
"acceptance_rules": [
"本 handoff 完成不代表 owner response 已收到、已接受或已批准。",
"192.168.0.111 的 fallback route truth 只能作為 observe-only evidence不得改 OLLAMA_URL、OLLAMA_SECONDARY_URL、OLLAMA_FALLBACK_URL 或 proxy route。",
"192.168.0.168 的 repo / CORS / service exposure 只能作為 scope review不得讀取未授權目錄或個人資料。",
"所有 credential / secret 類資料只能記錄脫敏 metadataraw value 一律拒收或隔離。",
"維護窗口、rollback owner、validation owner 到齊前,不得做 host change、service restart、active scan、credentialed scan 或 runtime gate。",
"未來 post-check 失敗只能建立人工 follow-up不得自動修復。"
],
"forbidden_actions": [
"ssh_to_host",
"read_private_directory",
"credentialed_scan",
"active_scan",
"port_scan",
"stop_model",
"pull_model",
"delete_model",
"restart_ollama",
"change_ollama_route",
"change_cors",
"change_firewall",
"change_service",
"store_credential_value",
"enable_runtime_blocking_control",
"add_awooop_action_button"
]
}

17
docs/workplans/2026-06-04-iwooos-security-governance-p0.md
View File

@@ -9,7 +9,7 @@
| 工作視窗 | IwoooS / AWOOOI 資安治理 P0 |
| 本次乾淨 worktree | `/private/tmp/awoooi-iwooos-governance-p0-20260604` |
| 本次分支 | `codex/iwooos-governance-p0-20260604` |
| 最新觀察到的 `gitea/main` | `c046b9c8 chore(cd): deploy 8a32633 [skip ci]` |
| 最新觀察到的 `gitea/main` | `65bdfd1d chore(cd): deploy 29a67ec [skip ci]` |
| 前一個正式 IwoooS 候選基準 | code `7b8fc093`、deploy marker `45c63488`、LOGBOOK `02cadee6` |
| 最新導航 IA 基準 | code `973fc7a4`、LOGBOOK `2555c811`、deploy marker `0260ec89` |
| 禁止事項 | 不 force push、不 destructive git、不 SSH 修改主機、不 active scan、不收 secrets 明文、不把 AwoooP approval 當資安批准、不把 UI 可見當 runtime 授權 |
@@ -25,7 +25,7 @@
| S4.9 owner response gate | 0% | 可在收到合格回覆後調整 | 目前只定義欄位、預檢、收件與驗收,不標記 received / accepted |
| GitHub primary readiness | 0 | 否 | primary gate 仍為 0P1 只讀重盤工作本身目前約 70%,不代表可切 primary |
| Kali 112 維護準備 | P1-7 maintenance window draft `100%`;維護尚未開始 | 否 | 不更新套件、不重啟、不 hardening、不 active scan |
| 111 / 168 開發主機納管 | observe-only mapping 已有,維護包需補強 | 可補文件,不調 runtime | 仍不 credentialed scan、不讀未授權資料、不自動修復 |
| 111 / 168 開發主機納管 | P1-8 scope handoff package `100%`;主機執行 `0%` | 否 | 仍不 credentialed scan、不讀未授權資料、不改 fallback route、不改 CORS / firewall / service、不自動修復 |
| VibeWork 納入 IwoooS | 前端態勢已有 onboarding 欄位,產品邊界需補規範 | 可補文件 | 保留 VibeWork 獨立產品邊界 |
## 2. P0 工作拆解與優先順序
@@ -130,7 +130,7 @@ S4.9 是目前 IwoooS 64% 能往前的第一優先 gate。驗收前所有 count
|------|------|------|------|
| P1 | GitHub primary readiness 只讀重盤 | repo visibility、refs、tags、workflow、secret name、runner、rollback ADR | 只讀 inventory不建立 repo、不同步 refs |
| P1 | Kali 112 維護窗口草案 | 1994 pending updates、`networking.service` failed、服務硬化 0/4、rollback、post-check | P1-7 草案已完成;不 `apt upgrade`、不 restart |
| P1 | 111 / 168 主機 scope 補強 | scope、maintenance window、credential handling、rollback owner、validation 指標 | observe-only不 credentialed scan |
| P1 | 111 / 168 主機 scope 補強 | P1-8 已補 `DEV-HOSTS-111-168-SCOPE-HANDOFF.md`、snapshot 與 schemascope、maintenance window、credential handling、rollback owner、validation 指標已可交接 | observe-only不 credentialed scan、不改 route / CORS / firewall / service |
| P1 | VibeWork 納入 IwoooS | repo、product、surface、owner、evidence refs、獨立產品邊界 | 繁中 docs/specs不合併產品責任 |
| P1 | Code Review 候選分類 | 前端體驗、測試補洞、文件同步、低風險重構;人工批准後才 Codex | 候選不自動改 code、不自動 deploy |
| P2 | IwoooS UX 精簡 | 首屏摘要、圖、矩陣、Gate長證據改展開式 | desktop/mobile 開頁、overflow |
@@ -175,6 +175,9 @@ P1 只讀重盤階段整體完成度:`70%`。它代表 freshness / inventory /
| 需要調整規範 | Workflow / secret 名稱完成度 | local evidence 已有,但 webhook / runner / deploy key / branch protection / parity 仍缺 | 已改為 `missing_evidence`,不得說已完成 parity |
| 需要調整規範 | Rollback ADR owner readiness | 舊 ADR 有 fallback / trigger / window 摘要,但缺可交接的 owner response 封套與逐 repo template | 已補 P1-5 handoff packagereceived / accepted / approved 仍全部 0 |
| 需要調整規範 | AwoooP 同步封包 | P1 要同步 refreshed counts、blocked gates、no-run 狀態,避免另一 Session 以舊 `117` heads / `141` items 繼續推進 | 本總帳與 LOGBOOK 會作為同步封包來源 |
| 需要新增規範 | 111 / 168 開發主機 scope handoff | 原本只有 observe-only mapping缺 owner 可審的 scope boundary、credential refusal、rollback owner、validation metrics 與維護窗口欄位 | 已新增 P1-8 handoff、snapshot 與 schemahost execution 仍 `0%` |
| 需要調整規範 | 111 Ollama fallback wording | 111 是 ADR-110 local fallback evidence 範圍,不可被誤讀成可直接改 route、重啟 Ollama 或停止模型 | 已在 P1-8 固定 `fallback_route_change_authorized=false` 與 route truth observe-only |
| 需要調整規範 | 168 dev origin / repo hygiene wording | repo hygiene 與 local service exposure 容易被誤讀成可掃個人資料、讀未授權目錄或改 CORS / firewall | 已在 P1-8 固定未授權目錄、個人資料、secret derivative、CORS / firewall / service change 全部拒收 / 禁止 |
## 6.3 P1 優先順序細化
@@ -187,7 +190,7 @@ P1 只讀重盤階段整體完成度:`70%`。它代表 freshness / inventory /
| P1-5 | Primary rollback ADR 補強 | 已補 2026-06-04 rollback owner handoff package逐 repo rollback owner、trigger、validation window、fallback role 進入可交接模板 | ADR approved 前不切 primaryreceived / accepted / approved 仍 0 |
| P1-6 | AwoooP Session 同步 | 同步 commits、runs、production sanity、P1 refresh counts、gate 0 / false | 另一 Session 不再使用舊 refs count |
| P1-7 | Kali 112 maintenance window 草案 | 已補 `KALI-112-MAINTENANCE-WINDOW-DRAFT.md`、snapshot 與 schemapackages、`networking.service` failed、hardening 0/4、rollback、post-check 已進 owner handoff | 文件草案,不執行 `apt upgrade` / restart / hardening / scan |
| P1-8 | 111 / 168 開發主機 scope | scope、credential handling、rollback owner、validation 指標 | observe-only不做 credentialed scan |
| P1-8 | 111 / 168 開發主機 scope | 已補 `DEV-HOSTS-111-168-SCOPE-HANDOFF.md``dev-hosts-111-168-scope-handoff.snapshot.json``dev_host_scope_handoff_v1.schema.json`111 fallback truth / model inventory / service posture 與 168 dev origin / repo hygiene / CORS / local exposure 已拆成 handoff | scope handoff `100%`;主機執行 `0%`;不 credentialed scan、不讀未授權資料、不改 fallback route、不改 CORS / firewall / service |
| P1-9 | VibeWork 納入 IwoooS | repo / product / surface / owner / evidence refs / 獨立產品邊界 | docs/specs 繁中,產品責任不合併 |
## 7. 2026-06-04 本輪驗證紀錄
@@ -218,6 +221,8 @@ P1 只讀重盤階段整體完成度:`70%`。它代表 freshness / inventory /
| P1-5 JSON parse / structure check | `source-control-primary-rollback-adr.snapshot.json` 與 schema JSON parse 通過;本段自訂結構檢查 `PRIMARY_ROLLBACK_OWNER_HANDOFF_STRUCTURE_OK`;本地無 `jsonschema` / AJV 時以 JSON parse、自訂結構檢查與既有 guard 補位 |
| AwoooP Runs i18n production smoke | deploy marker `c046b9c8` 已上線 `8a326338`desktop 1440x1100 / mobile 390x844 皆載入 50 列、`horizontalOverflow=0`;繁中狀態與 fallback 文案可見,英文殘留 0 | 截圖 `/tmp/awoooi-runs-i18n-desktop-20260604.png``/tmp/awoooi-runs-i18n-mobile-20260604.png` |
| P1-7 Kali 112 maintenance window draft | 新增 `KALI-112-MAINTENANCE-WINDOW-DRAFT.md``kali-112-maintenance-window-draft.snapshot.json``kali_maintenance_window_draft_v1.schema.json`1994 pending updates、`networking.service` failed、hardening `0 / 4`、rollback owner、post-check owner 已整理成 handoff | `host_update_authorized=false``service_restart_authorized=false``hardening_authorized=false``reboot_authorized=false``active_scan_authorized=false``execute_endpoint_authorized=false` |
| P1-8 111 / 168 dev host scope handoff | 新增 `DEV-HOSTS-111-168-SCOPE-HANDOFF.md``dev-hosts-111-168-scope-handoff.snapshot.json``dev_host_scope_handoff_v1.schema.json`111 fallback truth / model inventory / service posture 與 168 dev origin / repo hygiene / CORS / local exposure 已整理成 owner handoff | `host_change_authorized=false``fallback_route_change_authorized=false``credentialed_scan_authorized=false``active_scan_authorized=false``secret_value_collection_authorized=false``runtime_execution_authorized=false` |
| P1-8 JSON parse / structure check | `dev-hosts-111-168-scope-handoff.snapshot.json``dev_host_scope_handoff_v1.schema.json` JSON parse 通過;本段自訂結構檢查 `DEV_HOST_SCOPE_HANDOFF_STRUCTURE_OK` | 本地無 `jsonschema` / AJV 時以 JSON parse、自訂結構檢查與既有 guard 補位 |
| P1 JSON parse | `gitea-github-awoooi-inventory``github-target-probe``source-control-primary-readiness-gate``source-control-workflow-secret-name-local-evidence`、Gitea repo / search / org blocked snapshots 皆通過 |
| P1 production 頁面檢查 | 本輪未改前端、未改 production 文案、未新增 deploy不宣稱新的 production 狀態,沿用 P0 live sanity 作為基準 |
@@ -231,6 +236,10 @@ github_primary_ready_count=0
runtime_execution_authorized=false
action_buttons_allowed=false
host_update_authorized=false
host_change_authorized=false
fallback_route_change_authorized=false
credentialed_scan_authorized=false
secret_value_collection_authorized=false
active_scan_authorized=false
```