From 920c9a2d41db7e01c9d9dc918f73c57bf227e60d Mon Sep 17 00:00:00 2001 From: Your Name Date: Thu, 4 Jun 2026 20:40:37 +0800 Subject: [PATCH] =?UTF-8?q?docs(security):=20=E8=A3=9C=E9=96=8B=E7=99=BC?= =?UTF-8?q?=E4=B8=BB=E6=A9=9F=20scope=20handoff=20[skip=20ci]?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/LOGBOOK.md | 39 +++ .../dev_host_scope_handoff_v1.schema.json | 252 ++++++++++++++ .../DEV-HOSTS-111-168-SCOPE-HANDOFF.md | 130 ++++++++ ...-HOSTS-112-111-168-OBSERVE-ONLY-MAPPING.md | 21 +- ...-hosts-111-168-scope-handoff.snapshot.json | 311 ++++++++++++++++++ ...026-06-04-iwooos-security-governance-p0.md | 17 +- 6 files changed, 761 insertions(+), 9 deletions(-) create mode 100644 docs/schemas/dev_host_scope_handoff_v1.schema.json create mode 100644 docs/security/DEV-HOSTS-111-168-SCOPE-HANDOFF.md create mode 100644 docs/security/dev-hosts-111-168-scope-handoff.snapshot.json diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index 5a8411a4..7eafc202 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -1,3 +1,42 @@ +## 2026-06-04|IwoooS P1-8 111 / 168 Dev Host Scope Handoff + +**背景**:P1-7 已把 Kali `192.168.0.112` 維護窗口草案推到 owner / reviewer 可審;本段接續 P1-8,補 `192.168.0.111` 與 `192.168.0.168` 的開發主機 scope、credential handling、rollback owner 與 validation metrics。這是 observe-only handoff,不登入主機、不 SSH、不 credentialed scan、不 active scan、不讀未授權目錄、不改 Ollama fallback route、不改 CORS / firewall / service。 + +**本輪完成**: +- 新增 `docs/security/DEV-HOSTS-111-168-SCOPE-HANDOFF.md`:整理 111 fallback truth / model inventory / service posture 與 168 dev origin / repo hygiene / dev-only CORS / local service exposure 的 owner response 欄位、禁止輸入、維護窗口、rollback / disable 草案與 validation metrics。 +- 新增 `docs/security/dev-hosts-111-168-scope-handoff.snapshot.json`:固定 `scope_handoff_completion_percent=100`、`host_execution_completion_percent=0`,並維持 `host_change_authorized=false`、`fallback_route_change_authorized=false`、`credentialed_scan_authorized=false`、`active_scan_authorized=false`、`secret_value_collection_authorized=false`、`runtime_execution_authorized=false`。 +- 新增 `docs/schemas/dev_host_scope_handoff_v1.schema.json`:讓 111 / 168 scope、credential handling、owner handoff、rollback 與 validation 指標有可驗契約。 +- 更新 `DEV-HOSTS-112-111-168-OBSERVE-ONLY-MAPPING.md`:把 111 / 168 的 P1-8 handoff 串回主機 mapping,並補「不可改 route / CORS / firewall / service、不可讀未授權資料、不可收 secret derivative」邊界。 +- 更新 IwoooS P0/P1 主控總帳:P1-8 scope handoff 標記 `100%`;111 / 168 主機執行仍 `0%`;IwoooS headline 仍 `64%`。 + +**完成度更新**: +- P1-8 111 / 168 dev host scope handoff:`100%`。 +- 111 / 168 主機執行:`0%`。 +- host change authorized:`false`。 +- fallback route change authorized:`false`。 +- credentialed scan authorized:`false`。 +- active scan authorized:`false`。 +- secret value collection authorized:`false`。 +- active runtime gate:`0`。 +- IwoooS headline:維持 `64%`,不因文件草案假性調高。 + +**驗證**: +- `python3 -m json.tool docs/security/dev-hosts-111-168-scope-handoff.snapshot.json`:通過。 +- `python3 -m json.tool docs/schemas/dev_host_scope_handoff_v1.schema.json`:通過。 +- 本段自訂結構檢查:`DEV_HOST_SCOPE_HANDOFF_STRUCTURE_OK`。 +- `git diff --check`:通過。 +- `python3 scripts/security/source-control-owner-response-guard.py --root .`:`SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`。 +- `python3 scripts/security/security-mirror-progress-guard.py --root .`:`SECURITY_MIRROR_PROGRESS_GUARD_OK`。 +- 新增 diff 行 credential pattern 檢查:`NO_ADDED_URL_CREDENTIAL_PATTERNS`。 +- staged 授權旗標檢查:`NO_UNEXPECTED_AUTHORIZATION_OR_COUNTER_INCREASE`。 +- Schema validator 限制:本地沒有 Python `jsonschema` / Node AJV 驗證器時,以 JSON parse、自訂結構檢查與既有 guard 補位。 +- Production 頁面檢查:本段只改 docs / snapshot / schema / LOGBOOK,未改 IwoooS 前端與 production 文案,不宣稱新的 production 狀態;沿用 P0 `/zh-TW/iwooos` desktop / mobile live sanity 與 AwoooP Runs i18n smoke 基準。 + +**目前邊界**: +- `192.168.0.111` 只能作為 Ollama local fallback / model inventory / route truth observe-only evidence;不得改 `OLLAMA_URL`、`OLLAMA_SECONDARY_URL`、`OLLAMA_FALLBACK_URL`、proxy route 或 model runtime。 +- `192.168.0.168` 只能作為開發來源、repo hygiene、dev-only CORS 與 local service exposure 的 scope review;不得讀個人資料、未授權目錄或改 CORS / firewall / service。 +- credential / secret 類資料只接受脫敏 metadata pointer;raw value、secret hash、masked token、partial token、截圖或個人憑證一律拒收或隔離。 + ## 2026-06-04|IwoooS P1-7 Kali 112 Maintenance Window Draft **背景**:P1-5 rollback owner handoff 已推送;本段接續 P1-7,針對 Kali `192.168.0.112` 已知缺口建立維護窗口草案。既有只讀證據顯示待更新套件 `1994`、`networking.service` failed、scanner service hardening `0 / 4`、reboot required `false`。本段只整理 owner / reviewer 可審的維護 handoff,不登入主機、不更新、不重啟、不 restart、不套 hardening、不 active scan、不呼叫 `/execute`。 diff --git a/docs/schemas/dev_host_scope_handoff_v1.schema.json b/docs/schemas/dev_host_scope_handoff_v1.schema.json new file mode 100644 index 00000000..60cccfb8 --- /dev/null +++ b/docs/schemas/dev_host_scope_handoff_v1.schema.json @@ -0,0 +1,252 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "urn:awoooi:dev-host-scope-handoff-v1", + "title": "Dev Host 111 / 168 Scope Handoff v1", + "description": "定義 192.168.0.111 / 192.168.0.168 開發主機 scope、credential handling、owner handoff、rollback 與 validation 指標。此契約不授權 SSH、credentialed scan、active scan、host change、fallback route change 或 runtime execution。", + "type": "object", + "required": [ + "schema_version", + "status", + "date", + "mode", + "source_evidence_refs", + "summary", + "hosts", + "owner_response_handoff", + "credential_handling", + "validation_metrics", + "acceptance_rules", + "forbidden_actions" + ], + "properties": { + "schema_version": { + "const": "dev_host_scope_handoff_v1" + }, + "status": { + "type": "string", + "enum": ["draft_waiting_owner_review"] + }, + "date": { + "type": "string" + }, + "mode": { + "type": "string", + "enum": ["scope_handoff_only"] + }, + "source_evidence_refs": { + "type": "array", + "items": {"type": "string"}, + "minItems": 1 + }, + "summary": { + "type": "object", + "required": [ + "hosts", + "asset_keys", + "scope_handoff_package_ready", + "scope_handoff_completion_percent", + "host_execution_completion_percent", + "owner_response_received", + "owner_response_accepted", + "host_change_authorized", + "fallback_route_change_authorized", + "credentialed_scan_authorized", + "active_scan_authorized", + "secret_value_collection_authorized", + "runtime_execution_authorized", + "action_buttons_allowed" + ], + "properties": { + "hosts": { + "type": "array", + "items": {"type": "string"}, + "minItems": 2 + }, + "asset_keys": { + "type": "array", + "items": {"type": "string"}, + "minItems": 2 + }, + "scope_handoff_package_ready": {"type": "boolean"}, + "scope_handoff_completion_percent": {"type": "integer", "minimum": 0, "maximum": 100}, + "host_execution_completion_percent": {"type": "integer", "const": 0}, + "owner_response_received": {"type": "boolean", "const": false}, + "owner_response_accepted": {"type": "boolean", "const": false}, + "host_change_authorized": {"type": "boolean", "const": false}, + "fallback_route_change_authorized": {"type": "boolean", "const": false}, + "credentialed_scan_authorized": {"type": "boolean", "const": false}, + "active_scan_authorized": {"type": "boolean", "const": false}, + "secret_value_collection_authorized": {"type": "boolean", "const": false}, + "runtime_execution_authorized": {"type": "boolean", "const": false}, + "action_buttons_allowed": {"type": "boolean", "const": false} + }, + "additionalProperties": false + }, + "hosts": { + "type": "array", + "items": { + "type": "object", + "required": [ + "host", + "asset_key", + "role", + "mode", + "scope_lanes", + "maintenance_window", + "rollback_plan_draft" + ], + "properties": { + "host": {"type": "string"}, + "asset_key": {"type": "string"}, + "role": {"type": "string"}, + "mode": {"type": "string", "enum": ["observe_only"]}, + "scope_lanes": { + "type": "array", + "items": { + "type": "object", + "required": ["lane_id", "description", "validation_metrics", "current_authorized"], + "properties": { + "lane_id": {"type": "string"}, + "description": {"type": "string"}, + "validation_metrics": { + "type": "array", + "items": {"type": "string"}, + "minItems": 1 + }, + "current_authorized": {"type": "boolean", "const": false} + }, + "additionalProperties": false + }, + "minItems": 1 + }, + "maintenance_window": { + "type": "object", + "required": ["window_status", "allowed_metadata", "forbidden_actions"], + "properties": { + "window_status": {"type": "string", "enum": ["waiting_owner_selection"]}, + "allowed_metadata": { + "type": "array", + "items": {"type": "string"}, + "minItems": 1 + }, + "forbidden_actions": { + "type": "array", + "items": {"type": "string"}, + "minItems": 1 + } + }, + "additionalProperties": false + }, + "rollback_plan_draft": { + "type": "array", + "items": { + "type": "object", + "required": ["rollback_item", "required_evidence", "owner_status"], + "properties": { + "rollback_item": {"type": "string"}, + "required_evidence": { + "type": "array", + "items": {"type": "string"}, + "minItems": 1 + }, + "owner_status": {"type": "string", "enum": ["waiting_owner_assignment"]} + }, + "additionalProperties": false + }, + "minItems": 1 + } + }, + "additionalProperties": false + }, + "minItems": 2 + }, + "owner_response_handoff": { + "type": "object", + "required": [ + "status", + "request_dispatch_authorized", + "required_response_fields", + "allowed_decisions", + "forbidden_inputs", + "response_received", + "response_accepted" + ], + "properties": { + "status": {"type": "string", "enum": ["ready_not_dispatched"]}, + "request_dispatch_authorized": {"type": "boolean", "const": false}, + "required_response_fields": { + "type": "array", + "items": {"type": "string"}, + "minItems": 1 + }, + "allowed_decisions": { + "type": "array", + "items": {"type": "string"}, + "minItems": 1 + }, + "forbidden_inputs": { + "type": "array", + "items": {"type": "string"}, + "minItems": 1 + }, + "response_received": {"type": "boolean", "const": false}, + "response_accepted": {"type": "boolean", "const": false} + }, + "additionalProperties": false + }, + "credential_handling": { + "type": "object", + "required": [ + "policy", + "allowed_evidence", + "forbidden_evidence", + "quarantine_required_on_plaintext_credential", + "secret_value_collection_authorized" + ], + "properties": { + "policy": {"type": "string", "enum": ["metadata_only_no_secret_value"]}, + "allowed_evidence": { + "type": "array", + "items": {"type": "string"}, + "minItems": 1 + }, + "forbidden_evidence": { + "type": "array", + "items": {"type": "string"}, + "minItems": 1 + }, + "quarantine_required_on_plaintext_credential": {"type": "boolean"}, + "secret_value_collection_authorized": {"type": "boolean", "const": false} + }, + "additionalProperties": false + }, + "validation_metrics": { + "type": "array", + "items": { + "type": "object", + "required": ["host", "metrics"], + "properties": { + "host": {"type": "string"}, + "metrics": { + "type": "array", + "items": {"type": "string"}, + "minItems": 1 + } + }, + "additionalProperties": false + }, + "minItems": 2 + }, + "acceptance_rules": { + "type": "array", + "items": {"type": "string"}, + "minItems": 1 + }, + "forbidden_actions": { + "type": "array", + "items": {"type": "string"}, + "minItems": 1 + } + }, + "additionalProperties": false +} diff --git a/docs/security/DEV-HOSTS-111-168-SCOPE-HANDOFF.md b/docs/security/DEV-HOSTS-111-168-SCOPE-HANDOFF.md new file mode 100644 index 00000000..b8111002 --- /dev/null +++ b/docs/security/DEV-HOSTS-111-168-SCOPE-HANDOFF.md @@ -0,0 +1,130 @@ +# 111 / 168 開發主機 Scope Handoff + +| 項目 | 內容 | +|------|------| +| 日期 | 2026-06-04 | +| 狀態 | 草案,等待 owner review | +| Hosts | `192.168.0.111`、`192.168.0.168` | +| Asset keys | `host:dev-ai-111`、`host:dev-workstation-168` | +| Schema | `docs/schemas/dev_host_scope_handoff_v1.schema.json` | +| Snapshot | `docs/security/dev-hosts-111-168-scope-handoff.snapshot.json` | +| 上游證據 | `docs/security/DEV-HOSTS-112-111-168-OBSERVE-ONLY-MAPPING.md`、`docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md` | +| 模式 | `scope_handoff_only` | +| 執行面授權 | `false` | + +## 0. 核心結論 + +P1-8 補的是 `192.168.0.111` 與 `192.168.0.168` 的開發主機 scope / credential / rollback / validation handoff。這不是主機維護批准、不是 credentialed scan、不是 active scan,也不是 Ollama fallback route 變更。 + +本階段只把 owner / reviewer 未來需要看的資料整理成只讀封套: + +| 主機 | 角色 | 本階段輸出 | 仍未授權 | +|------|------|------------|----------| +| `192.168.0.111` | Local AI / Ollama fallback / 開發輔助主機 | fallback route truth、model inventory、service posture、SSH policy posture、AI route smoke 指標 | 停止模型、重啟服務、改 fallback route、credentialed scan、active scan | +| `192.168.0.168` | 開發工作站 / local development origin | repo hygiene、dev-only CORS、local service exposure、credential refusal、rollback / disable note | 讀取未授權目錄、掃描個人資料、credentialed scan、CORS / firewall / service 變更 | + +## 1. 摘要 + +| 指標 | 值 | +|------|----| +| dev host scope handoff package | `ready` | +| package completion | `100%` | +| host change authorized | `false` | +| fallback route change authorized | `false` | +| credentialed scan authorized | `false` | +| active scan authorized | `false` | +| secret value collection authorized | `false` | +| owner response received / accepted | `false / false` | +| host execution completion | `0%` | + +## 2. Owner Response Handoff + +此 handoff 只讓 AwoooP 或 reviewer 請 owner 補開發主機 scope metadata。它不是 request sent、不是 approval queue,也不是可執行動作。 + +### 2.1 必填欄位 + +| 欄位 | 說明 | +|------|------| +| `owner_role_or_team` | Dev Host Steward 或實際維護角色 / 團隊 | +| `host_scope_boundary` | 允許觀察的路徑、服務、repo、port 類型與排除範圍 | +| `decision` | 允許值:`confirm_observe_only`、`defer`、`reject`、`request_more_evidence` | +| `decision_reason` | 為何接受 / 延後 / 拒絕此只讀 scope | +| `affected_scope` | 影響主機、服務、repo、Ollama route、CORS 或 local origin | +| `maintenance_window_expectation` | 若未來要維護,owner 需指定台北時間窗口;目前不得自動指定 | +| `credential_handling_confirmation` | 確認只收 present / absent、脫敏 metadata pointer;不收 secret value | +| `rollback_owner` | 未來停用、回復 route、回復 CORS、停止觀察或撤回 evidence 的 owner | +| `validation_metrics_owner` | post-check / smoke / evidence readback 的 owner | +| `redacted_evidence_refs` | 只填文件、snapshot、ticket、hash 或脫敏 metadata pointer | +| `followup_owner` | 補件、拒收或下一階段 owner | + +### 2.2 禁止輸入 + +| 類型 | 規則 | +|------|------| +| credential | 不貼模型 API key、SSH 密碼、private key、token value、cookie、session、authorization header、personal credential | +| secret derivative | 不貼可還原 secret 的 hash、masked token、partial token 或截圖 | +| host command | 不貼 SSH command、service restart、firewall change、model stop / pull / delete、CORS apply command | +| scan request | 不把 active scan、credentialed scan、個人資料掃描或未授權目錄讀取包進 scope | +| runtime action | 不新增 AwoooP action button,不開 runtime blocking control,不改 fallback route | + +## 3. Host Scope 草案 + +| Host | Scope lane | 目的 | 目前授權 | +|------|------------|------|----------| +| `192.168.0.111` | Ollama fallback truth | 對齊 ADR-110 三層路由與 local fallback 事實來源,確認 evidence ref 與 owner | `false` | +| `192.168.0.111` | model inventory posture | 只收模型清單摘要、模型數量、版本 / tag metadata 與 list hash,不收 prompt、token 或私有資料 | `false` | +| `192.168.0.111` | service / SSH policy posture | 只收服務狀態摘要與 SSH policy posture,不登入、不改 service | `false` | +| `192.168.0.168` | local development origin | 確認 168 作為本機開發來源、preview origin、dev-only CORS 候選,不改 runtime | `false` | +| `192.168.0.168` | repo hygiene | 只收 repo 層級 hygiene 摘要、secret scan summary、dirty worktree policy,不讀未授權目錄 | `false` | +| `192.168.0.168` | local service exposure | 只收服務清單摘要、port 類型、owner 與 disable note,不做 port scan 或 firewall 變更 | `false` | + +## 4. Credential Handling + +1. 只能記錄 `present` / `absent`、owner role、scope、來源文件或脫敏 evidence ref。 +2. 不保存、回顯或轉貼任何 secret value、private key、token、cookie、session、authorization header、model API key、SSH password 或個人憑證。 +3. 若 evidence 夾帶 raw credential,必須隔離為 `quarantine_required`,不得納入 snapshot。 +4. 若需要 credentialed scan,必須另開獨立人工批准、credential handling plan、audit trail、rollback 與 post-check;本 handoff 不授權。 +5. 168 的個人目錄、私有資料夾、瀏覽器 profile、通訊軟體資料與未授權 repo 預設排除。 + +## 5. 維護窗口草案 + +| Host | 維護窗口狀態 | 本階段允許 | 本階段禁止 | +|------|--------------|------------|------------| +| `192.168.0.111` | `waiting_owner_selection` | owner 指定未來低流量窗口、停止條件、rollback owner、route validation 指標 | 停止模型、重啟 Ollama、pull / delete model、改 `OLLAMA_*` route、改 firewall | +| `192.168.0.168` | `waiting_owner_selection` | owner 指定未來 repo hygiene / local service review 窗口、排除範圍、disable note | credentialed scan、讀私有目錄、改 CORS、關閉服務、改本機防火牆 | + +## 6. Rollback / Disable 草案 + +| Host | rollback / disable item | 需要證據 | owner 狀態 | +|------|-------------------------|----------|------------| +| `192.168.0.111` | fallback route rollback | route before / after refs、fallback owner、AI route smoke、stop condition | waiting owner assignment | +| `192.168.0.111` | model service rollback | service state ref、model inventory hash before / after、operator notice owner | waiting owner assignment | +| `192.168.0.168` | dev CORS rollback | current allowed origins ref、candidate change note、disable owner、browser smoke plan | waiting owner assignment | +| `192.168.0.168` | local service disable / restore | service list summary、owner、restore note、post-check ref | waiting owner assignment | + +## 7. Validation Metrics + +| Host | 指標 | 說明 | +|------|------|------| +| `192.168.0.111` | Ollama route truth | GCP-A、GCP-B、local 111 fallback 的設定與 health evidence ref 是否一致 | +| `192.168.0.111` | fallback availability | local fallback 可用性摘要,不等於可改路由或重啟服務 | +| `192.168.0.111` | model list hash | 模型清單摘要 / hash,用於漂移判讀,不保存 prompt 或資料內容 | +| `192.168.0.111` | service status | Ollama / proxy / AI route 相關服務狀態摘要 | +| `192.168.0.111` | AI route smoke | 只讀 smoke evidence ref;若要實際改 route 必須另行批准 | +| `192.168.0.168` | repo secret scan summary | repo 層級摘要;不得收 secret value、partial token 或私人目錄內容 | +| `192.168.0.168` | local service list summary | owner 提供或授權的 local service summary,不做未批准 port scan | +| `192.168.0.168` | CORS origin review | dev-only origin 是否與 production public domain 邊界一致 | +| `192.168.0.168` | rollback / disable note | 若未來需關閉 dev exposure 或回復設定,owner 與步驟是否已指定 | + +## 8. 驗收規則 + +1. 本 handoff 完成不代表 owner response 已收到、已接受或已批准。 +2. `192.168.0.111` 的 fallback route truth 只能作為 observe-only evidence;不得改 `OLLAMA_URL`、`OLLAMA_SECONDARY_URL`、`OLLAMA_FALLBACK_URL` 或任何 proxy route。 +3. `192.168.0.168` 的 repo / CORS / service exposure 只能作為 scope review;不得讀取未授權目錄或個人資料。 +4. 所有 credential / secret 類資料只能記錄脫敏 metadata;raw value 一律拒收或隔離。 +5. 維護窗口、rollback owner、validation owner 到齊前,不得做 host change、service restart、active scan、credentialed scan 或 runtime gate。 +6. 未來 post-check 失敗只能建立人工 follow-up,不得自動修復。 + +## 9. 階段定位 + +P1-8 只把 111 / 168 從「observe-only mapping 已宣告」推到「owner / reviewer 可照表審 scope、credential、rollback 與 validation」。它不改主機、不改 AI route、不開 runtime gate、不啟動掃描,也不提高 IwoooS headline 64%。 diff --git a/docs/security/DEV-HOSTS-112-111-168-OBSERVE-ONLY-MAPPING.md b/docs/security/DEV-HOSTS-112-111-168-OBSERVE-ONLY-MAPPING.md index 0fa87ee1..572efc17 100644 --- a/docs/security/DEV-HOSTS-112-111-168-OBSERVE-ONLY-MAPPING.md +++ b/docs/security/DEV-HOSTS-112-111-168-OBSERVE-ONLY-MAPPING.md @@ -3,7 +3,7 @@ | 項目 | 內容 | |------|------| | 日期 | 2026-06-04 | -| 狀態 | observe-only mapping + 維護準備規範;尚未寫入 DB / inventory seed | +| 狀態 | observe-only mapping + 維護準備 / scope handoff 規範;尚未寫入 DB / inventory seed | | 範圍 | Kali 資安主機與兩台開發主機 | | 上游 | `docs/security/KALI-SECURITY-MESH-BLUEPRINT.md` | @@ -37,10 +37,21 @@ | Host | scope | maintenance window | credential handling | rollback owner | validation 指標 | |------|-------|--------------------|---------------------|----------------|-----------------| | `192.168.0.112` | Kali scanner health、tool version、package posture、`networking.service`、service hardening readiness;P1-7 草案見 `KALI-112-MAINTENANCE-WINDOW-DRAFT.md` | 待人工指定;目前不得更新、重啟、hardening 或 active scan | SSH key / token 狀態只可記錄 present / absent;不得保存密碼、token value、private key | Security Supply Chain 指派後才可動作 | scanner health、node exporter、wg-easy、pending updates、failed services、reboot required、post-check screenshot / log ref | -| `192.168.0.111` | Ollama fallback、model inventory、host reachability、SSH policy posture、fallback readiness | 待人工指定;目前不得停止模型、重啟服務或改 fallback route | 不收模型 API key、SSH 密碼或 private key;只保存脫敏 evidence ref | Dev Host Steward 指派後才可動作 | Ollama route truth、fallback availability、model list hash、service status、AI route smoke | -| `192.168.0.168` | local development origin、repo hygiene、dev-only CORS、local service exposure | 待人工指定;目前不得 credentialed scan 或讀取未授權目錄 | 不收個人憑證、不讀私有目錄、不保存 secrets value | Dev Host Steward 指派後才可動作 | repo secret scan summary、local service list summary、CORS origin review、rollback / disable note | +| `192.168.0.111` | Ollama fallback、model inventory、host reachability、SSH policy posture、fallback readiness;P1-8 草案見 `DEV-HOSTS-111-168-SCOPE-HANDOFF.md` | 待人工指定;目前不得停止模型、重啟服務或改 fallback route | 不收模型 API key、SSH 密碼、private key、token、cookie、authorization header 或任何可還原 secret derivative;只保存脫敏 evidence ref | Dev Host Steward 指派後才可動作 | Ollama route truth、fallback availability、model list hash、service status、AI route smoke | +| `192.168.0.168` | local development origin、repo hygiene、dev-only CORS、local service exposure;P1-8 草案見 `DEV-HOSTS-111-168-SCOPE-HANDOFF.md` | 待人工指定;目前不得 credentialed scan、讀取未授權目錄、讀個人資料或改 CORS / firewall / service | 不收個人憑證、不讀私有目錄、不保存 secrets value、secret hash、masked token 或 partial token | Dev Host Steward 指派後才可動作 | repo secret scan summary、local service list summary、CORS origin review、rollback / disable note | -## 1.2 目前已知 112 缺口 +## 1.2 目前已知 111 / 168 缺口 + +| 缺口 | 狀態 | 邊界 | +|------|------|------| +| `192.168.0.111` Ollama fallback route truth | P1-8 scope handoff 已建立;owner response 未收 | 不改 `OLLAMA_URL`、`OLLAMA_SECONDARY_URL`、`OLLAMA_FALLBACK_URL`、proxy route 或 model runtime | +| `192.168.0.111` model inventory posture | 只允許收模型清單摘要 / hash 與 owner evidence ref | 不收 prompt、token、API key、私有資料或模型操作命令 | +| `192.168.0.111` service / SSH policy posture | 只允許收服務狀態摘要與 policy posture | 不 SSH、不 restart、不改 firewall、不停止模型 | +| `192.168.0.168` local development origin | P1-8 scope handoff 已建立;owner response 未收 | 不改 dev-only CORS、不改 production route、不把 local origin 當 production 授權 | +| `192.168.0.168` repo hygiene / secret summary | 只允許 repo 層級摘要與脫敏 evidence ref | 不讀未授權目錄、不收 secret value / hash / partial token、不掃描個人資料 | +| `192.168.0.168` local service exposure | 只允許 owner 提供或授權的 service summary | 不 port scan、不改 firewall、不停止服務 | + +## 1.3 目前已知 112 缺口 | 缺口 | 狀態 | 邊界 | |------|------|------| @@ -104,4 +115,4 @@ AwoooP 初期不做: ## 6. IwoooS 顯示邊界 -IwoooS 可以顯示 112 / 111 / 168 的 observe-only 狀態、維護準備欄位、缺口與下一步,但不得顯示或提供任何會直接觸發主機命令、掃描、更新、重啟、hardening、credentialed scan、firewall/RBAC/NetworkPolicy 修改或 `/execute` 的 action button。 +IwoooS 可以顯示 112 / 111 / 168 的 observe-only 狀態、維護準備欄位、scope handoff、缺口與下一步,但不得顯示或提供任何會直接觸發主機命令、掃描、更新、重啟、hardening、credentialed scan、fallback route change、CORS / firewall / service 修改、firewall/RBAC/NetworkPolicy 修改或 `/execute` 的 action button。 diff --git a/docs/security/dev-hosts-111-168-scope-handoff.snapshot.json b/docs/security/dev-hosts-111-168-scope-handoff.snapshot.json new file mode 100644 index 00000000..e9ca78d8 --- /dev/null +++ b/docs/security/dev-hosts-111-168-scope-handoff.snapshot.json @@ -0,0 +1,311 @@ +{ + "schema_version": "dev_host_scope_handoff_v1", + "status": "draft_waiting_owner_review", + "date": "2026-06-04", + "mode": "scope_handoff_only", + "source_evidence_refs": [ + "docs/security/DEV-HOSTS-112-111-168-OBSERVE-ONLY-MAPPING.md", + "docs/security/KALI-SCAN-SCOPE-APPROVAL-PACKAGE.md", + "docs/security/IWOOOS-POSTURE-PROJECTION.md", + "docs/workplans/2026-06-04-iwooos-security-governance-p0.md", + "/Users/ogt/.claude/projects/-Users-ogt-awoooi/memory/feedback_ollama_111_only.md", + "/Users/ogt/.claude/projects/-Users-ogt-awoooi/memory/feedback_secret_debug_output_ban.md", + "/Users/ogt/.claude/projects/-Users-ogt-awoooi/memory/feedback_ssh_command_security.md" + ], + "summary": { + "hosts": [ + "192.168.0.111", + "192.168.0.168" + ], + "asset_keys": [ + "host:dev-ai-111", + "host:dev-workstation-168" + ], + "scope_handoff_package_ready": true, + "scope_handoff_completion_percent": 100, + "host_execution_completion_percent": 0, + "owner_response_received": false, + "owner_response_accepted": false, + "host_change_authorized": false, + "fallback_route_change_authorized": false, + "credentialed_scan_authorized": false, + "active_scan_authorized": false, + "secret_value_collection_authorized": false, + "runtime_execution_authorized": false, + "action_buttons_allowed": false + }, + "hosts": [ + { + "host": "192.168.0.111", + "asset_key": "host:dev-ai-111", + "role": "Local AI / Ollama fallback / 開發輔助主機", + "mode": "observe_only", + "scope_lanes": [ + { + "lane_id": "ollama-fallback-truth", + "description": "對齊 ADR-110 三層路由與 local fallback 事實來源,確認 evidence ref 與 owner。", + "validation_metrics": [ + "Ollama route truth", + "fallback availability", + "AI route smoke" + ], + "current_authorized": false + }, + { + "lane_id": "model-inventory-posture", + "description": "只收模型清單摘要、模型數量、版本 / tag metadata 與 list hash,不收 prompt、token 或私有資料。", + "validation_metrics": [ + "model list hash", + "model tag summary", + "inventory owner ref" + ], + "current_authorized": false + }, + { + "lane_id": "service-ssh-policy-posture", + "description": "只收服務狀態摘要與 SSH policy posture,不登入、不改 service。", + "validation_metrics": [ + "service status summary", + "SSH policy posture", + "rollback owner ref" + ], + "current_authorized": false + } + ], + "maintenance_window": { + "window_status": "waiting_owner_selection", + "allowed_metadata": [ + "future low-traffic window", + "stop condition", + "rollback owner", + "route validation metrics" + ], + "forbidden_actions": [ + "stop_model", + "restart_ollama", + "pull_model", + "delete_model", + "change_ollama_route", + "change_firewall" + ] + }, + "rollback_plan_draft": [ + { + "rollback_item": "fallback route rollback", + "required_evidence": [ + "route before / after refs", + "fallback owner", + "AI route smoke", + "stop condition" + ], + "owner_status": "waiting_owner_assignment" + }, + { + "rollback_item": "model service rollback", + "required_evidence": [ + "service state ref", + "model inventory hash before / after", + "operator notice owner" + ], + "owner_status": "waiting_owner_assignment" + } + ] + }, + { + "host": "192.168.0.168", + "asset_key": "host:dev-workstation-168", + "role": "開發工作站 / local development origin", + "mode": "observe_only", + "scope_lanes": [ + { + "lane_id": "local-development-origin", + "description": "確認 168 作為本機開發來源、preview origin、dev-only CORS 候選,不改 runtime。", + "validation_metrics": [ + "CORS origin review", + "local origin owner ref", + "production boundary note" + ], + "current_authorized": false + }, + { + "lane_id": "repo-hygiene", + "description": "只收 repo 層級 hygiene 摘要、secret scan summary、dirty worktree policy,不讀未授權目錄。", + "validation_metrics": [ + "repo secret scan summary", + "repo owner ref", + "dirty worktree policy" + ], + "current_authorized": false + }, + { + "lane_id": "local-service-exposure", + "description": "只收服務清單摘要、port 類型、owner 與 disable note,不做 port scan 或 firewall 變更。", + "validation_metrics": [ + "local service list summary", + "service owner ref", + "rollback / disable note" + ], + "current_authorized": false + } + ], + "maintenance_window": { + "window_status": "waiting_owner_selection", + "allowed_metadata": [ + "future repo hygiene review window", + "future local service review window", + "excluded directories", + "disable note owner" + ], + "forbidden_actions": [ + "credentialed_scan", + "read_private_directory", + "change_cors", + "stop_service", + "change_local_firewall" + ] + }, + "rollback_plan_draft": [ + { + "rollback_item": "dev CORS rollback", + "required_evidence": [ + "current allowed origins ref", + "candidate change note", + "disable owner", + "browser smoke plan" + ], + "owner_status": "waiting_owner_assignment" + }, + { + "rollback_item": "local service disable / restore", + "required_evidence": [ + "service list summary", + "owner", + "restore note", + "post-check ref" + ], + "owner_status": "waiting_owner_assignment" + } + ] + } + ], + "owner_response_handoff": { + "status": "ready_not_dispatched", + "request_dispatch_authorized": false, + "required_response_fields": [ + "owner_role_or_team", + "host_scope_boundary", + "decision", + "decision_reason", + "affected_scope", + "maintenance_window_expectation", + "credential_handling_confirmation", + "rollback_owner", + "validation_metrics_owner", + "redacted_evidence_refs", + "followup_owner" + ], + "allowed_decisions": [ + "confirm_observe_only", + "defer", + "reject", + "request_more_evidence" + ], + "forbidden_inputs": [ + "model API key value", + "SSH password", + "private key", + "token value", + "cookie", + "session", + "authorization header", + "personal credential", + "secret hash", + "masked token", + "partial token", + "command to execute", + "service restart request", + "firewall change request", + "model stop request", + "CORS apply request", + "active scan request", + "credentialed scan request", + "private directory content" + ], + "response_received": false, + "response_accepted": false + }, + "credential_handling": { + "policy": "metadata_only_no_secret_value", + "allowed_evidence": [ + "present / absent", + "owner role", + "scope", + "document ref", + "ticket ref", + "redacted metadata pointer" + ], + "forbidden_evidence": [ + "secret value", + "private key", + "token", + "cookie", + "session", + "authorization header", + "model API key", + "SSH password", + "personal credential", + "reversible secret hash", + "partial token", + "raw screenshot containing credential" + ], + "quarantine_required_on_plaintext_credential": true, + "secret_value_collection_authorized": false + }, + "validation_metrics": [ + { + "host": "192.168.0.111", + "metrics": [ + "Ollama route truth", + "fallback availability", + "model list hash", + "service status", + "AI route smoke" + ] + }, + { + "host": "192.168.0.168", + "metrics": [ + "repo secret scan summary", + "local service list summary", + "CORS origin review", + "rollback / disable note" + ] + } + ], + "acceptance_rules": [ + "本 handoff 完成不代表 owner response 已收到、已接受或已批准。", + "192.168.0.111 的 fallback route truth 只能作為 observe-only evidence,不得改 OLLAMA_URL、OLLAMA_SECONDARY_URL、OLLAMA_FALLBACK_URL 或 proxy route。", + "192.168.0.168 的 repo / CORS / service exposure 只能作為 scope review,不得讀取未授權目錄或個人資料。", + "所有 credential / secret 類資料只能記錄脫敏 metadata;raw value 一律拒收或隔離。", + "維護窗口、rollback owner、validation owner 到齊前,不得做 host change、service restart、active scan、credentialed scan 或 runtime gate。", + "未來 post-check 失敗只能建立人工 follow-up,不得自動修復。" + ], + "forbidden_actions": [ + "ssh_to_host", + "read_private_directory", + "credentialed_scan", + "active_scan", + "port_scan", + "stop_model", + "pull_model", + "delete_model", + "restart_ollama", + "change_ollama_route", + "change_cors", + "change_firewall", + "change_service", + "store_credential_value", + "enable_runtime_blocking_control", + "add_awooop_action_button" + ] +} diff --git a/docs/workplans/2026-06-04-iwooos-security-governance-p0.md b/docs/workplans/2026-06-04-iwooos-security-governance-p0.md index d927cf05..c0138b45 100644 --- a/docs/workplans/2026-06-04-iwooos-security-governance-p0.md +++ b/docs/workplans/2026-06-04-iwooos-security-governance-p0.md @@ -9,7 +9,7 @@ | 工作視窗 | IwoooS / AWOOOI 資安治理 P0 | | 本次乾淨 worktree | `/private/tmp/awoooi-iwooos-governance-p0-20260604` | | 本次分支 | `codex/iwooos-governance-p0-20260604` | -| 最新觀察到的 `gitea/main` | `c046b9c8 chore(cd): deploy 8a32633 [skip ci]` | +| 最新觀察到的 `gitea/main` | `65bdfd1d chore(cd): deploy 29a67ec [skip ci]` | | 前一個正式 IwoooS 候選基準 | code `7b8fc093`、deploy marker `45c63488`、LOGBOOK `02cadee6` | | 最新導航 IA 基準 | code `973fc7a4`、LOGBOOK `2555c811`、deploy marker `0260ec89` | | 禁止事項 | 不 force push、不 destructive git、不 SSH 修改主機、不 active scan、不收 secrets 明文、不把 AwoooP approval 當資安批准、不把 UI 可見當 runtime 授權 | @@ -25,7 +25,7 @@ | S4.9 owner response gate | 0% | 可在收到合格回覆後調整 | 目前只定義欄位、預檢、收件與驗收,不標記 received / accepted | | GitHub primary readiness | 0 | 否 | primary gate 仍為 0;P1 只讀重盤工作本身目前約 70%,不代表可切 primary | | Kali 112 維護準備 | P1-7 maintenance window draft `100%`;維護尚未開始 | 否 | 不更新套件、不重啟、不 hardening、不 active scan | -| 111 / 168 開發主機納管 | observe-only mapping 已有,維護包需補強 | 可補文件,不調 runtime | 仍不 credentialed scan、不讀未授權資料、不自動修復 | +| 111 / 168 開發主機納管 | P1-8 scope handoff package `100%`;主機執行 `0%` | 否 | 仍不 credentialed scan、不讀未授權資料、不改 fallback route、不改 CORS / firewall / service、不自動修復 | | VibeWork 納入 IwoooS | 前端態勢已有 onboarding 欄位,產品邊界需補規範 | 可補文件 | 保留 VibeWork 獨立產品邊界 | ## 2. P0 工作拆解與優先順序 @@ -130,7 +130,7 @@ S4.9 是目前 IwoooS 64% 能往前的第一優先 gate。驗收前所有 count |------|------|------|------| | P1 | GitHub primary readiness 只讀重盤 | repo visibility、refs、tags、workflow、secret name、runner、rollback ADR | 只讀 inventory;不建立 repo、不同步 refs | | P1 | Kali 112 維護窗口草案 | 1994 pending updates、`networking.service` failed、服務硬化 0/4、rollback、post-check | P1-7 草案已完成;不 `apt upgrade`、不 restart | -| P1 | 111 / 168 主機 scope 補強 | scope、maintenance window、credential handling、rollback owner、validation 指標 | observe-only;不 credentialed scan | +| P1 | 111 / 168 主機 scope 補強 | P1-8 已補 `DEV-HOSTS-111-168-SCOPE-HANDOFF.md`、snapshot 與 schema;scope、maintenance window、credential handling、rollback owner、validation 指標已可交接 | observe-only;不 credentialed scan、不改 route / CORS / firewall / service | | P1 | VibeWork 納入 IwoooS | repo、product、surface、owner、evidence refs、獨立產品邊界 | 繁中 docs/specs;不合併產品責任 | | P1 | Code Review 候選分類 | 前端體驗、測試補洞、文件同步、低風險重構;人工批准後才 Codex | 候選不自動改 code、不自動 deploy | | P2 | IwoooS UX 精簡 | 首屏摘要、圖、矩陣、Gate;長證據改展開式 | desktop/mobile 開頁、overflow | @@ -175,6 +175,9 @@ P1 只讀重盤階段整體完成度:`70%`。它代表 freshness / inventory / | 需要調整規範 | Workflow / secret 名稱完成度 | local evidence 已有,但 webhook / runner / deploy key / branch protection / parity 仍缺 | 已改為 `missing_evidence`,不得說已完成 parity | | 需要調整規範 | Rollback ADR owner readiness | 舊 ADR 有 fallback / trigger / window 摘要,但缺可交接的 owner response 封套與逐 repo template | 已補 P1-5 handoff package;received / accepted / approved 仍全部 0 | | 需要調整規範 | AwoooP 同步封包 | P1 要同步 refreshed counts、blocked gates、no-run 狀態,避免另一 Session 以舊 `117` heads / `141` items 繼續推進 | 本總帳與 LOGBOOK 會作為同步封包來源 | +| 需要新增規範 | 111 / 168 開發主機 scope handoff | 原本只有 observe-only mapping,缺 owner 可審的 scope boundary、credential refusal、rollback owner、validation metrics 與維護窗口欄位 | 已新增 P1-8 handoff、snapshot 與 schema;host execution 仍 `0%` | +| 需要調整規範 | 111 Ollama fallback wording | 111 是 ADR-110 local fallback evidence 範圍,不可被誤讀成可直接改 route、重啟 Ollama 或停止模型 | 已在 P1-8 固定 `fallback_route_change_authorized=false` 與 route truth observe-only | +| 需要調整規範 | 168 dev origin / repo hygiene wording | repo hygiene 與 local service exposure 容易被誤讀成可掃個人資料、讀未授權目錄或改 CORS / firewall | 已在 P1-8 固定未授權目錄、個人資料、secret derivative、CORS / firewall / service change 全部拒收 / 禁止 | ## 6.3 P1 優先順序細化 @@ -187,7 +190,7 @@ P1 只讀重盤階段整體完成度:`70%`。它代表 freshness / inventory / | P1-5 | Primary rollback ADR 補強 | 已補 2026-06-04 rollback owner handoff package;逐 repo rollback owner、trigger、validation window、fallback role 進入可交接模板 | ADR approved 前不切 primary;received / accepted / approved 仍 0 | | P1-6 | AwoooP Session 同步 | 同步 commits、runs、production sanity、P1 refresh counts、gate 0 / false | 另一 Session 不再使用舊 refs count | | P1-7 | Kali 112 maintenance window 草案 | 已補 `KALI-112-MAINTENANCE-WINDOW-DRAFT.md`、snapshot 與 schema;packages、`networking.service` failed、hardening 0/4、rollback、post-check 已進 owner handoff | 文件草案,不執行 `apt upgrade` / restart / hardening / scan | -| P1-8 | 111 / 168 開發主機 scope | scope、credential handling、rollback owner、validation 指標 | observe-only,不做 credentialed scan | +| P1-8 | 111 / 168 開發主機 scope | 已補 `DEV-HOSTS-111-168-SCOPE-HANDOFF.md`、`dev-hosts-111-168-scope-handoff.snapshot.json`、`dev_host_scope_handoff_v1.schema.json`;111 fallback truth / model inventory / service posture 與 168 dev origin / repo hygiene / CORS / local exposure 已拆成 handoff | scope handoff `100%`;主機執行 `0%`;不 credentialed scan、不讀未授權資料、不改 fallback route、不改 CORS / firewall / service | | P1-9 | VibeWork 納入 IwoooS | repo / product / surface / owner / evidence refs / 獨立產品邊界 | docs/specs 繁中,產品責任不合併 | ## 7. 2026-06-04 本輪驗證紀錄 @@ -218,6 +221,8 @@ P1 只讀重盤階段整體完成度:`70%`。它代表 freshness / inventory / | P1-5 JSON parse / structure check | `source-control-primary-rollback-adr.snapshot.json` 與 schema JSON parse 通過;本段自訂結構檢查 `PRIMARY_ROLLBACK_OWNER_HANDOFF_STRUCTURE_OK`;本地無 `jsonschema` / AJV 時以 JSON parse、自訂結構檢查與既有 guard 補位 | | AwoooP Runs i18n production smoke | deploy marker `c046b9c8` 已上線 `8a326338`;desktop 1440x1100 / mobile 390x844 皆載入 50 列、`horizontalOverflow=0`;繁中狀態與 fallback 文案可見,英文殘留 0 | 截圖 `/tmp/awoooi-runs-i18n-desktop-20260604.png`、`/tmp/awoooi-runs-i18n-mobile-20260604.png` | | P1-7 Kali 112 maintenance window draft | 新增 `KALI-112-MAINTENANCE-WINDOW-DRAFT.md`、`kali-112-maintenance-window-draft.snapshot.json`、`kali_maintenance_window_draft_v1.schema.json`;1994 pending updates、`networking.service` failed、hardening `0 / 4`、rollback owner、post-check owner 已整理成 handoff | `host_update_authorized=false`、`service_restart_authorized=false`、`hardening_authorized=false`、`reboot_authorized=false`、`active_scan_authorized=false`、`execute_endpoint_authorized=false` | +| P1-8 111 / 168 dev host scope handoff | 新增 `DEV-HOSTS-111-168-SCOPE-HANDOFF.md`、`dev-hosts-111-168-scope-handoff.snapshot.json`、`dev_host_scope_handoff_v1.schema.json`;111 fallback truth / model inventory / service posture 與 168 dev origin / repo hygiene / CORS / local exposure 已整理成 owner handoff | `host_change_authorized=false`、`fallback_route_change_authorized=false`、`credentialed_scan_authorized=false`、`active_scan_authorized=false`、`secret_value_collection_authorized=false`、`runtime_execution_authorized=false` | +| P1-8 JSON parse / structure check | `dev-hosts-111-168-scope-handoff.snapshot.json` 與 `dev_host_scope_handoff_v1.schema.json` JSON parse 通過;本段自訂結構檢查 `DEV_HOST_SCOPE_HANDOFF_STRUCTURE_OK` | 本地無 `jsonschema` / AJV 時以 JSON parse、自訂結構檢查與既有 guard 補位 | | P1 JSON parse | `gitea-github-awoooi-inventory`、`github-target-probe`、`source-control-primary-readiness-gate`、`source-control-workflow-secret-name-local-evidence`、Gitea repo / search / org blocked snapshots 皆通過 | | P1 production 頁面檢查 | 本輪未改前端、未改 production 文案、未新增 deploy;不宣稱新的 production 狀態,沿用 P0 live sanity 作為基準 | @@ -231,6 +236,10 @@ github_primary_ready_count=0 runtime_execution_authorized=false action_buttons_allowed=false host_update_authorized=false +host_change_authorized=false +fallback_route_change_authorized=false +credentialed_scan_authorized=false +secret_value_collection_authorized=false active_scan_authorized=false ```