From 9f3a5cdcdda3a500876299df10f8d83d3e988e3d Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Wed, 24 Jun 2026 23:48:18 +0800
Subject: [PATCH] =?UTF-8?q?fix(governance):=20=E9=81=BF=E5=85=8D=E7=8B=80?=
 =?UTF-8?q?=E6=85=8B=E6=B8=85=E7=90=86=E5=84=80=E8=A1=A8=E6=9D=BF=E6=9B=9D?=
 =?UTF-8?q?=E5=85=89=E6=9C=AC=E6=A9=9F=E8=B7=AF=E5=BE=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../test_awoooi_status_cleanup_dashboard.py   |  3 ++
 ...OOI-STATUS-CLEANUP-DASHBOARD-2026-06-24.md |  4 +--
 .../AWOOOI-STATUS-CLEANUP-DASHBOARD.md        |  4 +--
 ...ooi-status-cleanup-dashboard.snapshot.json |  4 +--
 .../dev/awoooi-status-cleanup-dashboard.py    | 31 ++++++++++++++-----
 5 files changed, 33 insertions(+), 13 deletions(-)

diff --git a/apps/api/tests/test_awoooi_status_cleanup_dashboard.py b/apps/api/tests/test_awoooi_status_cleanup_dashboard.py
index 0ce67af0..0e14ede1 100644
--- a/apps/api/tests/test_awoooi_status_cleanup_dashboard.py
+++ b/apps/api/tests/test_awoooi_status_cleanup_dashboard.py
@@ -54,6 +54,9 @@ def test_load_latest_awoooi_status_cleanup_dashboard_reads_committed_snapshot():
     assert "live_metadata_env_gate=owner0_secret_metadata0_push0_deploy0_readback0_runtime0" in data["wazuh_handoff"]["boundary"]
     assert "wazuh_live_agent_registry_readback=0" in data["wazuh_handoff"]["boundary"]
     assert "manager_agent_registry_readback_passed=false" in data["wazuh_handoff"]["boundary"]
+    serialized = json.dumps(data, ensure_ascii=False)
+    assert "/Users/ogt" not in serialized
+    assert ".claude/projects" not in serialized
     assert {item["gate_id"] for item in data["gate_cards"]} >= {
         "status_cleanup_preflight",
         "owner_review_package",
diff --git a/docs/operations/AWOOOI-STATUS-CLEANUP-DASHBOARD-2026-06-24.md b/docs/operations/AWOOOI-STATUS-CLEANUP-DASHBOARD-2026-06-24.md
index 9bf3dcc7..f9f79edc 100644
--- a/docs/operations/AWOOOI-STATUS-CLEANUP-DASHBOARD-2026-06-24.md
+++ b/docs/operations/AWOOOI-STATUS-CLEANUP-DASHBOARD-2026-06-24.md
@@ -85,7 +85,7 @@
 - `owner_response_preflight:update_section_not_approved:iwooos_wazuh_boundary`
 - `owner_response_preflight:update_section_not_approved:latest_logbook_heading`
 - `owner_response_preflight:update_section_not_approved:operation_boundaries`
-- `owner_response_preflight:target_path_not_approved:/Users/ogt/.claude/projects/-Users-ogt-awoooi/memory/project_current_status.md`
+- `owner_response_preflight:target_path_not_approved:awoooi_memory/project_current_status.md`
 - `owner_response_preflight:boundary_not_acknowledged:memory_write_authorized=false`
 - `owner_response_preflight:boundary_not_acknowledged:refs_sync_authorized=false`
 - `owner_response_preflight:boundary_not_acknowledged:repo_creation_authorized=false`
@@ -105,7 +105,7 @@
 - `apply_gate:final_flag_not_accepted:confirm_post_apply_validation`
 - `apply_gate:final_flag_not_accepted:confirm_no_runtime_or_wazuh_deploy`
 - `apply_gate:command_preview_not_confirmed`
-- `apply_gate:target_path_not_confirmed:/Users/ogt/.claude/projects/-Users-ogt-awoooi/memory/project_current_status.md`
+- `apply_gate:target_path_not_confirmed:awoooi_memory/project_current_status.md`
 - `wazuh_boundary:Wazuh route / production 404 由另一受控 branch 處理；branch=codex/iwooos-wazuh-boundary-guard-20260624 base=b540fc0c commits=38dc3c2f,9a53d3e1,e9972d47,758d419e,04db4b8a,8eec298e,325f262a patch_sha_1=08f8b36d7261b0dde6bfb0c47597bd0727d578dec3335c5ff7ded2bcaa2b7eb4 patch_sha_2=e6ec8f8d10e8a2bd711c399fa14ba0ab2dfb22f8ab6a733402944302eec7da7c patch_sha_3=7e99bd5284a25519313aea05bb314d3386454b91ce86241424385752d358900d patch_sha_4=f4ffbaecd94d3696660766cc6f4a6bd195762bc533d9502f8edfed2bb8379fab patch_sha_5=9035d6c411bf86d0857970b69dd33631f052aa90de27e52d82d448d4b8e4cec5 patch_sha_6=d3bb98711a3ebf91b9936b41bc232b689befc68a4a7cec38bf9cab4c8d015827 patch_sha_7=5aa3e69fee9624d0ff3f2bfad90595a81eb9306ad6387d640690a85a2f8038d7 apply_proof=release_apply_check_20260624_2248 release_gate=source1_push0_deploy0_readback0_runtime0 release_lane_preflight=ready0_acks0of6_evidence0of6_push0_deploy0_readback0_runtime0 owner_gate=request_sent0_response_accepted0_acks0of6_evidence0of6_push0_deploy0_readback0_runtime0 live_metadata_env_gate=owner0_secret_metadata0_push0_deploy0_readback0_runtime0；wazuh_live_agent_registry_readback=0 manager_agent_registry_readback_passed=false iwooos_live_route_readback_passed=false dashboard_agent_list_recovered=false iwooos_wazuh_runtime_gate=0 active_response=0；push_blocked=missing_noninteractive_gitea_https_credential；本視窗不改 runtime / Nginx / Docker / K8s / firewall / Wazuh secret。 agent_visibility_status=blocked_waiting_manager_agent_registry_readback agent_visibility_runtime_gate_count=0`
 
 ## 強制閘門
diff --git a/docs/operations/AWOOOI-STATUS-CLEANUP-DASHBOARD.md b/docs/operations/AWOOOI-STATUS-CLEANUP-DASHBOARD.md
index 9bf3dcc7..f9f79edc 100644
--- a/docs/operations/AWOOOI-STATUS-CLEANUP-DASHBOARD.md
+++ b/docs/operations/AWOOOI-STATUS-CLEANUP-DASHBOARD.md
@@ -85,7 +85,7 @@
 - `owner_response_preflight:update_section_not_approved:iwooos_wazuh_boundary`
 - `owner_response_preflight:update_section_not_approved:latest_logbook_heading`
 - `owner_response_preflight:update_section_not_approved:operation_boundaries`
-- `owner_response_preflight:target_path_not_approved:/Users/ogt/.claude/projects/-Users-ogt-awoooi/memory/project_current_status.md`
+- `owner_response_preflight:target_path_not_approved:awoooi_memory/project_current_status.md`
 - `owner_response_preflight:boundary_not_acknowledged:memory_write_authorized=false`
 - `owner_response_preflight:boundary_not_acknowledged:refs_sync_authorized=false`
 - `owner_response_preflight:boundary_not_acknowledged:repo_creation_authorized=false`
@@ -105,7 +105,7 @@
 - `apply_gate:final_flag_not_accepted:confirm_post_apply_validation`
 - `apply_gate:final_flag_not_accepted:confirm_no_runtime_or_wazuh_deploy`
 - `apply_gate:command_preview_not_confirmed`
-- `apply_gate:target_path_not_confirmed:/Users/ogt/.claude/projects/-Users-ogt-awoooi/memory/project_current_status.md`
+- `apply_gate:target_path_not_confirmed:awoooi_memory/project_current_status.md`
 - `wazuh_boundary:Wazuh route / production 404 由另一受控 branch 處理；branch=codex/iwooos-wazuh-boundary-guard-20260624 base=b540fc0c commits=38dc3c2f,9a53d3e1,e9972d47,758d419e,04db4b8a,8eec298e,325f262a patch_sha_1=08f8b36d7261b0dde6bfb0c47597bd0727d578dec3335c5ff7ded2bcaa2b7eb4 patch_sha_2=e6ec8f8d10e8a2bd711c399fa14ba0ab2dfb22f8ab6a733402944302eec7da7c patch_sha_3=7e99bd5284a25519313aea05bb314d3386454b91ce86241424385752d358900d patch_sha_4=f4ffbaecd94d3696660766cc6f4a6bd195762bc533d9502f8edfed2bb8379fab patch_sha_5=9035d6c411bf86d0857970b69dd33631f052aa90de27e52d82d448d4b8e4cec5 patch_sha_6=d3bb98711a3ebf91b9936b41bc232b689befc68a4a7cec38bf9cab4c8d015827 patch_sha_7=5aa3e69fee9624d0ff3f2bfad90595a81eb9306ad6387d640690a85a2f8038d7 apply_proof=release_apply_check_20260624_2248 release_gate=source1_push0_deploy0_readback0_runtime0 release_lane_preflight=ready0_acks0of6_evidence0of6_push0_deploy0_readback0_runtime0 owner_gate=request_sent0_response_accepted0_acks0of6_evidence0of6_push0_deploy0_readback0_runtime0 live_metadata_env_gate=owner0_secret_metadata0_push0_deploy0_readback0_runtime0；wazuh_live_agent_registry_readback=0 manager_agent_registry_readback_passed=false iwooos_live_route_readback_passed=false dashboard_agent_list_recovered=false iwooos_wazuh_runtime_gate=0 active_response=0；push_blocked=missing_noninteractive_gitea_https_credential；本視窗不改 runtime / Nginx / Docker / K8s / firewall / Wazuh secret。 agent_visibility_status=blocked_waiting_manager_agent_registry_readback agent_visibility_runtime_gate_count=0`
 
 ## 強制閘門
diff --git a/docs/operations/awoooi-status-cleanup-dashboard.snapshot.json b/docs/operations/awoooi-status-cleanup-dashboard.snapshot.json
index 42a4e504..8af57fcc 100644
--- a/docs/operations/awoooi-status-cleanup-dashboard.snapshot.json
+++ b/docs/operations/awoooi-status-cleanup-dashboard.snapshot.json
@@ -297,7 +297,7 @@
     "owner_response_preflight:update_section_not_approved:iwooos_wazuh_boundary",
     "owner_response_preflight:update_section_not_approved:latest_logbook_heading",
     "owner_response_preflight:update_section_not_approved:operation_boundaries",
-    "owner_response_preflight:target_path_not_approved:/Users/ogt/.claude/projects/-Users-ogt-awoooi/memory/project_current_status.md",
+    "owner_response_preflight:target_path_not_approved:awoooi_memory/project_current_status.md",
     "owner_response_preflight:boundary_not_acknowledged:memory_write_authorized=false",
     "owner_response_preflight:boundary_not_acknowledged:refs_sync_authorized=false",
     "owner_response_preflight:boundary_not_acknowledged:repo_creation_authorized=false",
@@ -317,7 +317,7 @@
     "apply_gate:final_flag_not_accepted:confirm_post_apply_validation",
     "apply_gate:final_flag_not_accepted:confirm_no_runtime_or_wazuh_deploy",
     "apply_gate:command_preview_not_confirmed",
-    "apply_gate:target_path_not_confirmed:/Users/ogt/.claude/projects/-Users-ogt-awoooi/memory/project_current_status.md",
+    "apply_gate:target_path_not_confirmed:awoooi_memory/project_current_status.md",
     "wazuh_boundary:Wazuh route / production 404 由另一受控 branch 處理；branch=codex/iwooos-wazuh-boundary-guard-20260624 base=b540fc0c commits=38dc3c2f,9a53d3e1,e9972d47,758d419e,04db4b8a,8eec298e,325f262a patch_sha_1=08f8b36d7261b0dde6bfb0c47597bd0727d578dec3335c5ff7ded2bcaa2b7eb4 patch_sha_2=e6ec8f8d10e8a2bd711c399fa14ba0ab2dfb22f8ab6a733402944302eec7da7c patch_sha_3=7e99bd5284a25519313aea05bb314d3386454b91ce86241424385752d358900d patch_sha_4=f4ffbaecd94d3696660766cc6f4a6bd195762bc533d9502f8edfed2bb8379fab patch_sha_5=9035d6c411bf86d0857970b69dd33631f052aa90de27e52d82d448d4b8e4cec5 patch_sha_6=d3bb98711a3ebf91b9936b41bc232b689befc68a4a7cec38bf9cab4c8d015827 patch_sha_7=5aa3e69fee9624d0ff3f2bfad90595a81eb9306ad6387d640690a85a2f8038d7 apply_proof=release_apply_check_20260624_2248 release_gate=source1_push0_deploy0_readback0_runtime0 release_lane_preflight=ready0_acks0of6_evidence0of6_push0_deploy0_readback0_runtime0 owner_gate=request_sent0_response_accepted0_acks0of6_evidence0of6_push0_deploy0_readback0_runtime0 live_metadata_env_gate=owner0_secret_metadata0_push0_deploy0_readback0_runtime0；wazuh_live_agent_registry_readback=0 manager_agent_registry_readback_passed=false iwooos_live_route_readback_passed=false dashboard_agent_list_recovered=false iwooos_wazuh_runtime_gate=0 active_response=0；push_blocked=missing_noninteractive_gitea_https_credential；本視窗不改 runtime / Nginx / Docker / K8s / firewall / Wazuh secret。 agent_visibility_status=blocked_waiting_manager_agent_registry_readback agent_visibility_runtime_gate_count=0"
   ],
   "next_actions": [
diff --git a/scripts/dev/awoooi-status-cleanup-dashboard.py b/scripts/dev/awoooi-status-cleanup-dashboard.py
index 78637830..c0741c1a 100644
--- a/scripts/dev/awoooi-status-cleanup-dashboard.py
+++ b/scripts/dev/awoooi-status-cleanup-dashboard.py
@@ -20,6 +20,10 @@ from typing import Any
 
 
 TARGET_ROUTE = "/workspace/status-cleanup"
+PRIVATE_PROJECT_STATUS_PATH = (
+    "/Users/ogt/.claude/projects/-Users-ogt-awoooi/memory/project_current_status.md"
+)
+PUBLIC_PROJECT_STATUS_REF = "awoooi_memory/project_current_status.md"
 
 
 def utc_now_iso() -> str:
@@ -63,6 +67,10 @@ def append_boundary_tokens(boundary: str, tokens: list[str]) -> str:
     return " ".join(parts)
 
 
+def public_blocker_text(value: str) -> str:
+    return value.replace(PRIVATE_PROJECT_STATUS_PATH, PUBLIC_PROJECT_STATUS_REF)
+
+
 def section_value(owner_package: dict[str, Any], section_id: str) -> str:
     for item in owner_package.get("required_update_sections", []):
         if item.get("section_id") == section_id:
@@ -345,13 +353,22 @@ def build_payload(
             + str(wazuh_visibility.get("runtime_gate_count", 0)),
         ],
     )
-    blockers = unique_strings(
-        preflight.get("hard_gates", []),
-        [f"owner_response_preflight:{item}" for item in owner_response_preflight.get("blocking_reasons", [])],
-        [f"execution_plan_blocked_until:{item}" for item in execution_plan.get("blocked_until", [])],
-        [f"apply_gate:{item}" for item in apply_gate.get("blocking_reasons", [])],
-        [f"wazuh_boundary:{wazuh_boundary}"] if wazuh_boundary else [],
-    )
+    blockers = [
+        public_blocker_text(item)
+        for item in unique_strings(
+            preflight.get("hard_gates", []),
+            [
+                f"owner_response_preflight:{item}"
+                for item in owner_response_preflight.get("blocking_reasons", [])
+            ],
+            [
+                f"execution_plan_blocked_until:{item}"
+                for item in execution_plan.get("blocked_until", [])
+            ],
+            [f"apply_gate:{item}" for item in apply_gate.get("blocking_reasons", [])],
+            [f"wazuh_boundary:{wazuh_boundary}"] if wazuh_boundary else [],
+        )
+    ]
     actions = next_actions(owner_response_preflight, apply_gate)
     metrics = metric_cards(
         preflight,