diff --git a/apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx b/apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx index 1a1f0dea..81c5ea13 100644 --- a/apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx +++ b/apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx @@ -206,6 +206,70 @@ const PUBLIC_TEXT_REPLACEMENTS: Array<[RegExp, string]> = [ [/authorization_header/gi, '已遮罩授權標頭欄位'], [/secret value/gi, '機密明文'], [/secret_value/gi, '已遮罩機密欄位'], + [/committed audit event template/gi, '已提交審計事件模板'], + [/immutable audit event template/gi, '不可變審計事件模板'], + [/audit event template/gi, '審計事件模板'], + [/audit event/gi, '審計事件'], + [/event envelope/gi, '事件封套'], + [/redacted evidence refs/gi, '已脫敏證據參照'], + [/post-write verifier/gi, '寫入後驗證器'], + [/post_write_verifier/gi, '寫入後驗證器'], + [/failure rollback plan/gi, '失敗回滾計畫'], + [/Timeline learning event/gi, '時間軸學習事件'], + [/timeline learning event/gi, '時間軸學習事件'], + [/runtime_learning_write/gi, '執行期學習寫入'], + [/runtime write allowed/gi, '執行期寫入允許'], + [/runtime write/gi, '執行期寫入'], + [/runtime writer/gi, '執行期寫入器'], + [/runtime action/gi, '執行期操作'], + [/runtime gate/gi, '執行期關卡'], + [/runtime target/gi, '執行期目標'], + [/live write count/gi, '正式寫入數'], + [/live write/gi, '正式寫入'], + [/live writer/gi, '正式寫入器'], + [/live execution/gi, '正式執行'], + [/live Telegram send/gi, 'Telegram 正式發送'], + [/Telegram send/gi, 'Telegram 發送'], + [/Bot API call/gi, 'Bot API 呼叫'], + [/Gateway queue write/gi, 'Gateway 佇列寫入'], + [/queue write/gi, '佇列寫入'], + [/receipt production write/gi, '回執正式寫入'], + [/production write/gi, '正式環境寫入'], + [/host write/gi, '主機寫入'], + [/secret read/gi, '機密讀取'], + [/kubectl action/gi, 'kubectl 操作'], + [/destructive operation/gi, '破壞性操作'], + [/Work Items owner review/gi, '工作項負責人審查'], + [/Work Item DB write/gi, 'Work Item DB 寫入'], + [/owner response acceptance readback/gi, '負責人回覆驗收讀回'], + [/owner acceptance/gi, '負責人驗收'], + [/owner approval/gi, '負責人批准'], + [/owner review/gi, '負責人審查'], + [/Owner Queue/gi, '負責人佇列'], + [/owner queue/gi, '負責人佇列'], + [/direct Bot API migration/gi, 'direct Bot API 遷移'], + [/Telegram bypass guard/gi, 'Telegram 繞道防護'], + [/no-new-bypass/gi, '無新增繞道'], + [/no-send preview/gi, '無發送預覽'], + [/dry-run/gi, '乾跑'], + [/preview hash/gi, '預覽 hash'], + [/diff summary/gi, '差異摘要'], + [/rollback owner/gi, '回滾負責人'], + [/verifier result/gi, '驗證器結果'], + [/baseline score/gi, '基準分數'], + [/candidate score/gi, '候選分數'], + [/promotion gate decision/gi, '提升關卡決策'], + [/replay job id/gi, '重放任務 id'], + [/workflow modification/gi, 'workflow 修改'], + [/repository secret change/gi, 'repository secret 變更'], + [/KM write/gi, 'KM 寫入'], + [/PlayBook trust write/gi, 'PlayBook trust 寫入'], + [/verifier receipt write/gi, '驗證器回執寫入'], + [/approval_required/gi, '需批准'], + [/blocked_by_runtime_gate/gi, '被執行期關卡阻擋'], + [/contract_ready/gi, '契約已定義'], + [/candidate_only/gi, '僅候選'], + [/loaded/gi, '已載入'], [blockedWaitingStatusPattern, '等待必填證據'], [/內部協作對話/gi, '已遮罩內容'], [/內部協作內容/gi, '已遮罩內容'], @@ -224,6 +288,45 @@ function redactPublicText(value: string): string { return PUBLIC_TEXT_REPLACEMENTS.reduce((text, [pattern, replacement]) => text.replace(pattern, replacement), redactedLan) } +const PUBLIC_SNAPSHOT_RAW_KEYS = new Set([ + 'schema_version', + 'generated_at', + 'current_priority', + 'current_task_id', + 'next_task_id', + 'status', + 'risk_tier', + 'owner_agent', + 'canonical_room_env', +]) + +function shouldPreserveSnapshotValue(key?: string): boolean { + if (!key) return false + if (PUBLIC_SNAPSHOT_RAW_KEYS.has(key)) return true + return key.endsWith('_id') + || key.endsWith('_ids') + || key.endsWith('_status') + || key.endsWith('_state') + || key.endsWith('_tier') + || key.endsWith('_agent') + || key.endsWith('_env') +} + +function sanitizePublicSnapshot(value: T, key?: string): T { + if (typeof value === 'string') return (shouldPreserveSnapshotValue(key) ? value : redactPublicText(value)) as T + if (Array.isArray(value)) return value.map(item => sanitizePublicSnapshot(item, key)) as T + if (value && typeof value === 'object') { + return Object.fromEntries( + Object.entries(value).map(([nestedKey, nestedValue]) => [nestedKey, sanitizePublicSnapshot(nestedValue, nestedKey)]) + ) as T + } + return value +} + +function settledPublicValue(result: PromiseSettledResult): T | null { + return result.status === 'fulfilled' ? sanitizePublicSnapshot(result.value) : null +} + function toneColor(tone: 'ok' | 'warn' | 'danger' | 'neutral') { if (tone === 'ok') return '#22C55E' if (tone === 'warn') return '#F59E0B' @@ -396,7 +499,7 @@ function MiniBar({
- {label} + {redactPublicText(label)} {value}% @@ -406,7 +509,7 @@ function MiniBar({
- {detail} + {redactPublicText(detail)}
) @@ -452,12 +555,12 @@ function SummaryTile({ {icon}
- {label} + {redactPublicText(label)} - {value} + {redactPublicText(value)} - {detail} + {redactPublicText(detail)}
@@ -656,17 +759,17 @@ function FlowStageTile({
- {label} + {redactPublicText(label)} {index}
- {value} + {redactPublicText(value)} - {detail} + {redactPublicText(detail)}
@@ -697,14 +800,14 @@ function GateMatrixRow({ }}>
- {label} + {redactPublicText(label)} - {detail} + {redactPublicText(detail)}
- {value} + {redactPublicText(value)} ) @@ -802,7 +905,7 @@ export function AutomationInventoryTab() { const fetchReportTruthQuickView = () => { apiClient.getAiAgentReportTruthActionabilityReview() - .then(value => setReportTruthActionabilityReview(value)) + .then(value => setReportTruthActionabilityReview(sanitizePublicSnapshot(value))) .catch(() => undefined) } @@ -986,95 +1089,95 @@ export function AutomationInventoryTab() { serviceHealthNotificationPolicyResult, ] = results - setSnapshot(inventoryResult.status === 'fulfilled' ? inventoryResult.value : null) - setBacklog(backlogResult.status === 'fulfilled' ? backlogResult.value : null) - setBackupTargets(targetResult.status === 'fulfilled' ? targetResult.value : null) - setBackupReadiness(readinessResult.status === 'fulfilled' ? readinessResult.value : null) - setBackupPolicy(policyResult.status === 'fulfilled' ? policyResult.value : null) - setOffsiteEscrow(offsiteEscrowResult.status === 'fulfilled' ? offsiteEscrowResult.value : null) - setRuntimeSurface(runtimeSurfaceResult.status === 'fulfilled' ? runtimeSurfaceResult.value : null) - setGiteaHealth(giteaHealthResult.status === 'fulfilled' ? giteaHealthResult.value : null) - setObservabilityMatrix(observabilityMatrixResult.status === 'fulfilled' ? observabilityMatrixResult.value : null) - setProviderRouteMatrix(providerRouteMatrixResult.status === 'fulfilled' ? providerRouteMatrixResult.value : null) - setDeploymentLayout(deploymentLayoutResult.status === 'fulfilled' ? deploymentLayoutResult.value : null) - setWarRoom(warRoomResult.status === 'fulfilled' ? warRoomResult.value : null) - setProfessionalTaskExpansion(professionalTaskExpansionResult.status === 'fulfilled' ? professionalTaskExpansionResult.value : null) - setReceiptReadbackOwnerReview(receiptReadbackOwnerReviewResult.status === 'fulfilled' ? receiptReadbackOwnerReviewResult.value : null) - setReportNoWriteAnalysisRuntime(reportNoWriteAnalysisRuntimeResult.status === 'fulfilled' ? reportNoWriteAnalysisRuntimeResult.value : null) - setLowMediumRiskWhitelist(lowMediumRiskWhitelistResult.status === 'fulfilled' ? lowMediumRiskWhitelistResult.value : null) - setHighRiskOwnerReviewQueue(highRiskOwnerReviewQueueResult.status === 'fulfilled' ? highRiskOwnerReviewQueueResult.value : null) - setActionAuditLedger(actionAuditLedgerResult.status === 'fulfilled' ? actionAuditLedgerResult.value : null) - setActionOwnerAcceptanceEventBus(actionOwnerAcceptanceEventBusResult.status === 'fulfilled' ? actionOwnerAcceptanceEventBusResult.value : null) - setHostRunawayAiops(hostRunawayAiopsResult.status === 'fulfilled' ? hostRunawayAiopsResult.value : null) - setProactiveOperations(proactiveOperationsResult.status === 'fulfilled' ? proactiveOperationsResult.value : null) - setInteractionLearningProof(interactionLearningProofResult.status === 'fulfilled' ? interactionLearningProofResult.value : null) - setLiveReadModelGate(liveReadModelGateResult.status === 'fulfilled' ? liveReadModelGateResult.value : null) - setRedisDryRunGate(redisDryRunGateResult.status === 'fulfilled' ? redisDryRunGateResult.value : null) - setLearningWritebackPackage(learningWritebackPackageResult.status === 'fulfilled' ? learningWritebackPackageResult.value : null) - setTelegramReceiptPackage(telegramReceiptPackageResult.status === 'fulfilled' ? telegramReceiptPackageResult.value : null) - setOwnerApprovedLearningDryRun(ownerApprovedLearningDryRunResult.status === 'fulfilled' ? ownerApprovedLearningDryRunResult.value : null) - setRuntimeWriteGateReview(runtimeWriteGateReviewResult.status === 'fulfilled' ? runtimeWriteGateReviewResult.value : null) - setPostWriteVerifierPackage(postWriteVerifierPackageResult.status === 'fulfilled' ? postWriteVerifierPackageResult.value : null) - setRuntimeVerifierEvidenceReview(runtimeVerifierEvidenceReviewResult.status === 'fulfilled' ? runtimeVerifierEvidenceReviewResult.value : null) - setReportAutomationReview(reportAutomationReviewResult.status === 'fulfilled' ? reportAutomationReviewResult.value : null) - setReportStatusBoard(reportStatusBoardResult.status === 'fulfilled' ? reportStatusBoardResult.value : null) - setReportRuntimeReadiness(reportRuntimeReadinessResult.status === 'fulfilled' ? reportRuntimeReadinessResult.value : null) - setReportRuntimeDryRun(reportRuntimeDryRunResult.status === 'fulfilled' ? reportRuntimeDryRunResult.value : null) - setReportRuntimeFixtureReadback(reportRuntimeFixtureReadbackResult.status === 'fulfilled' ? reportRuntimeFixtureReadbackResult.value : null) - setRuntimeWorkerShadowGate(runtimeWorkerShadowGateResult.status === 'fulfilled' ? runtimeWorkerShadowGateResult.value : null) - setOperationPermissionModel(operationPermissionModelResult.status === 'fulfilled' ? operationPermissionModelResult.value : null) - setCandidateOperationDryRunEvidence(candidateOperationDryRunEvidenceResult.status === 'fulfilled' ? candidateOperationDryRunEvidenceResult.value : null) - setTaskResultAuditTrail(taskResultAuditTrailResult.status === 'fulfilled' ? taskResultAuditTrailResult.value : null) - setMatchedPlaybookLearningGap(matchedPlaybookLearningGapResult.status === 'fulfilled' ? matchedPlaybookLearningGapResult.value : null) - setCriticReviewerResultCapture(criticReviewerResultCaptureResult.status === 'fulfilled' ? criticReviewerResultCaptureResult.value : null) - setOwnerApprovedResultCaptureDryRun(ownerApprovedResultCaptureDryRunResult.status === 'fulfilled' ? ownerApprovedResultCaptureDryRunResult.value : null) - setOwnerApprovedResultCaptureReadback(ownerApprovedResultCaptureReadbackResult.status === 'fulfilled' ? ownerApprovedResultCaptureReadbackResult.value : null) - setRuntimeReadbackApprovalPackage(runtimeReadbackApprovalPackageResult.status === 'fulfilled' ? runtimeReadbackApprovalPackageResult.value : null) - setRuntimeReadbackImplementationReview(runtimeReadbackImplementationReviewResult.status === 'fulfilled' ? runtimeReadbackImplementationReviewResult.value : null) - setReportLiveDeliveryApprovalPackage(reportLiveDeliveryApprovalPackageResult.status === 'fulfilled' ? reportLiveDeliveryApprovalPackageResult.value : null) - setRuntimeReadbackFixtureApproval(runtimeReadbackFixtureApprovalResult.status === 'fulfilled' ? runtimeReadbackFixtureApprovalResult.value : null) - setRuntimeReadbackPromotionGate(runtimeReadbackPromotionGateResult.status === 'fulfilled' ? runtimeReadbackPromotionGateResult.value : null) - setOwnerApprovedFixturePromotionGate(ownerApprovedFixturePromotionGateResult.status === 'fulfilled' ? ownerApprovedFixturePromotionGateResult.value : null) - setCanonicalRuntimeReadbackOwnerAcceptance(canonicalRuntimeReadbackOwnerAcceptanceResult.status === 'fulfilled' ? canonicalRuntimeReadbackOwnerAcceptanceResult.value : null) - setFailureReceiptNoSendReplay(failureReceiptNoSendReplayResult.status === 'fulfilled' ? failureReceiptNoSendReplayResult.value : null) - setReviewerQueueNoWriteReadback(reviewerQueueNoWriteReadbackResult.status === 'fulfilled' ? reviewerQueueNoWriteReadbackResult.value : null) - setResultCaptureNoWriteReadback(resultCaptureNoWriteReadbackResult.status === 'fulfilled' ? resultCaptureNoWriteReadbackResult.value : null) - setResultCapturePromotionApprovalGate(resultCapturePromotionApprovalGateResult.status === 'fulfilled' ? resultCapturePromotionApprovalGateResult.value : null) - setOwnerApprovedResultCapturePromotionDryRun(ownerApprovedResultCapturePromotionDryRunResult.status === 'fulfilled' ? ownerApprovedResultCapturePromotionDryRunResult.value : null) - setResultCaptureWriteGateReview(resultCaptureWriteGateReviewResult.status === 'fulfilled' ? resultCaptureWriteGateReviewResult.value : null) - setResultCaptureWriterImplementationReview(resultCaptureWriterImplementationReviewResult.status === 'fulfilled' ? resultCaptureWriterImplementationReviewResult.value : null) - setResultCaptureWriterDryRunFixture(resultCaptureWriterDryRunFixtureResult.status === 'fulfilled' ? resultCaptureWriterDryRunFixtureResult.value : null) - setResultCaptureWriterDryRunReadback(resultCaptureWriterDryRunReadbackResult.status === 'fulfilled' ? resultCaptureWriterDryRunReadbackResult.value : null) - setResultCaptureOwnerPromotionReview(resultCaptureOwnerPromotionReviewResult.status === 'fulfilled' ? resultCaptureOwnerPromotionReviewResult.value : null) - setResultCaptureOwnerApprovedExecutionRehearsal(resultCaptureOwnerApprovedExecutionRehearsalResult.status === 'fulfilled' ? resultCaptureOwnerApprovedExecutionRehearsalResult.value : null) - setResultCaptureOwnerAcceptanceMaintenanceGate(resultCaptureOwnerAcceptanceMaintenanceGateResult.status === 'fulfilled' ? resultCaptureOwnerAcceptanceMaintenanceGateResult.value : null) - setResultCaptureOwnerAcceptanceReadbackPreflightHold(resultCaptureOwnerAcceptanceReadbackPreflightHoldResult.status === 'fulfilled' ? resultCaptureOwnerAcceptanceReadbackPreflightHoldResult.value : null) - setResultCaptureOwnerApprovedPreflightReleasePackage(resultCaptureOwnerApprovedPreflightReleasePackageResult.status === 'fulfilled' ? resultCaptureOwnerApprovedPreflightReleasePackageResult.value : null) - setResultCaptureOwnerApprovedReleaseReadinessReadback(resultCaptureOwnerApprovedReleaseReadinessReadbackResult.status === 'fulfilled' ? resultCaptureOwnerApprovedReleaseReadinessReadbackResult.value : null) - setResultCaptureOwnerReleaseApprovalGate(resultCaptureOwnerReleaseApprovalGateResult.status === 'fulfilled' ? resultCaptureOwnerReleaseApprovalGateResult.value : null) - setResultCapturePostReleaseVerifierRollbackGate(resultCapturePostReleaseVerifierRollbackGateResult.status === 'fulfilled' ? resultCapturePostReleaseVerifierRollbackGateResult.value : null) - setResultCaptureFinalReleaseCandidateReadback(resultCaptureFinalReleaseCandidateReadbackResult.status === 'fulfilled' ? resultCaptureFinalReleaseCandidateReadbackResult.value : null) - setResultCaptureReleaseAuthorizationHold(resultCaptureReleaseAuthorizationHoldResult.status === 'fulfilled' ? resultCaptureReleaseAuthorizationHoldResult.value : null) - setResultCaptureReleaseAuthorizationReadbackGate(resultCaptureReleaseAuthorizationReadbackGateResult.status === 'fulfilled' ? resultCaptureReleaseAuthorizationReadbackGateResult.value : null) - setResultCaptureReleaseVerifierPreflightGate(resultCaptureReleaseVerifierPreflightGateResult.status === 'fulfilled' ? resultCaptureReleaseVerifierPreflightGateResult.value : null) - setResultCaptureReleaseVerifierOwnerReviewPacket(resultCaptureReleaseVerifierOwnerReviewPacketResult.status === 'fulfilled' ? resultCaptureReleaseVerifierOwnerReviewPacketResult.value : null) - setResultCaptureReleaseDecisionHold(resultCaptureReleaseDecisionHoldResult.status === 'fulfilled' ? resultCaptureReleaseDecisionHoldResult.value : null) - setResultCaptureReleaseDecisionReadback(resultCaptureReleaseDecisionReadbackResult.status === 'fulfilled' ? resultCaptureReleaseDecisionReadbackResult.value : null) - setResultCaptureReleaseDecisionNextHandoff(resultCaptureReleaseDecisionNextHandoffResult.status === 'fulfilled' ? resultCaptureReleaseDecisionNextHandoffResult.value : null) - setResultCaptureReleaseDecisionInputPrep(resultCaptureReleaseDecisionInputPrepResult.status === 'fulfilled' ? resultCaptureReleaseDecisionInputPrepResult.value : null) - setResultCaptureReleaseDecisionOwnerResponsePreflight(resultCaptureReleaseDecisionOwnerResponsePreflightResult.status === 'fulfilled' ? resultCaptureReleaseDecisionOwnerResponsePreflightResult.value : null) - setResultCaptureReleaseDecisionOwnerResponseReadback(resultCaptureReleaseDecisionOwnerResponseReadbackResult.status === 'fulfilled' ? resultCaptureReleaseDecisionOwnerResponseReadbackResult.value : null) - setResultCaptureReleaseDecisionOwnerResponseAcceptanceGate(resultCaptureReleaseDecisionOwnerResponseAcceptanceGateResult.status === 'fulfilled' ? resultCaptureReleaseDecisionOwnerResponseAcceptanceGateResult.value : null) + setSnapshot(settledPublicValue(inventoryResult)) + setBacklog(settledPublicValue(backlogResult)) + setBackupTargets(settledPublicValue(targetResult)) + setBackupReadiness(settledPublicValue(readinessResult)) + setBackupPolicy(settledPublicValue(policyResult)) + setOffsiteEscrow(settledPublicValue(offsiteEscrowResult)) + setRuntimeSurface(settledPublicValue(runtimeSurfaceResult)) + setGiteaHealth(settledPublicValue(giteaHealthResult)) + setObservabilityMatrix(settledPublicValue(observabilityMatrixResult)) + setProviderRouteMatrix(settledPublicValue(providerRouteMatrixResult)) + setDeploymentLayout(settledPublicValue(deploymentLayoutResult)) + setWarRoom(settledPublicValue(warRoomResult)) + setProfessionalTaskExpansion(settledPublicValue(professionalTaskExpansionResult)) + setReceiptReadbackOwnerReview(settledPublicValue(receiptReadbackOwnerReviewResult)) + setReportNoWriteAnalysisRuntime(settledPublicValue(reportNoWriteAnalysisRuntimeResult)) + setLowMediumRiskWhitelist(settledPublicValue(lowMediumRiskWhitelistResult)) + setHighRiskOwnerReviewQueue(settledPublicValue(highRiskOwnerReviewQueueResult)) + setActionAuditLedger(settledPublicValue(actionAuditLedgerResult)) + setActionOwnerAcceptanceEventBus(settledPublicValue(actionOwnerAcceptanceEventBusResult)) + setHostRunawayAiops(settledPublicValue(hostRunawayAiopsResult)) + setProactiveOperations(settledPublicValue(proactiveOperationsResult)) + setInteractionLearningProof(settledPublicValue(interactionLearningProofResult)) + setLiveReadModelGate(settledPublicValue(liveReadModelGateResult)) + setRedisDryRunGate(settledPublicValue(redisDryRunGateResult)) + setLearningWritebackPackage(settledPublicValue(learningWritebackPackageResult)) + setTelegramReceiptPackage(settledPublicValue(telegramReceiptPackageResult)) + setOwnerApprovedLearningDryRun(settledPublicValue(ownerApprovedLearningDryRunResult)) + setRuntimeWriteGateReview(settledPublicValue(runtimeWriteGateReviewResult)) + setPostWriteVerifierPackage(settledPublicValue(postWriteVerifierPackageResult)) + setRuntimeVerifierEvidenceReview(settledPublicValue(runtimeVerifierEvidenceReviewResult)) + setReportAutomationReview(settledPublicValue(reportAutomationReviewResult)) + setReportStatusBoard(settledPublicValue(reportStatusBoardResult)) + setReportRuntimeReadiness(settledPublicValue(reportRuntimeReadinessResult)) + setReportRuntimeDryRun(settledPublicValue(reportRuntimeDryRunResult)) + setReportRuntimeFixtureReadback(settledPublicValue(reportRuntimeFixtureReadbackResult)) + setRuntimeWorkerShadowGate(settledPublicValue(runtimeWorkerShadowGateResult)) + setOperationPermissionModel(settledPublicValue(operationPermissionModelResult)) + setCandidateOperationDryRunEvidence(settledPublicValue(candidateOperationDryRunEvidenceResult)) + setTaskResultAuditTrail(settledPublicValue(taskResultAuditTrailResult)) + setMatchedPlaybookLearningGap(settledPublicValue(matchedPlaybookLearningGapResult)) + setCriticReviewerResultCapture(settledPublicValue(criticReviewerResultCaptureResult)) + setOwnerApprovedResultCaptureDryRun(settledPublicValue(ownerApprovedResultCaptureDryRunResult)) + setOwnerApprovedResultCaptureReadback(settledPublicValue(ownerApprovedResultCaptureReadbackResult)) + setRuntimeReadbackApprovalPackage(settledPublicValue(runtimeReadbackApprovalPackageResult)) + setRuntimeReadbackImplementationReview(settledPublicValue(runtimeReadbackImplementationReviewResult)) + setReportLiveDeliveryApprovalPackage(settledPublicValue(reportLiveDeliveryApprovalPackageResult)) + setRuntimeReadbackFixtureApproval(settledPublicValue(runtimeReadbackFixtureApprovalResult)) + setRuntimeReadbackPromotionGate(settledPublicValue(runtimeReadbackPromotionGateResult)) + setOwnerApprovedFixturePromotionGate(settledPublicValue(ownerApprovedFixturePromotionGateResult)) + setCanonicalRuntimeReadbackOwnerAcceptance(settledPublicValue(canonicalRuntimeReadbackOwnerAcceptanceResult)) + setFailureReceiptNoSendReplay(settledPublicValue(failureReceiptNoSendReplayResult)) + setReviewerQueueNoWriteReadback(settledPublicValue(reviewerQueueNoWriteReadbackResult)) + setResultCaptureNoWriteReadback(settledPublicValue(resultCaptureNoWriteReadbackResult)) + setResultCapturePromotionApprovalGate(settledPublicValue(resultCapturePromotionApprovalGateResult)) + setOwnerApprovedResultCapturePromotionDryRun(settledPublicValue(ownerApprovedResultCapturePromotionDryRunResult)) + setResultCaptureWriteGateReview(settledPublicValue(resultCaptureWriteGateReviewResult)) + setResultCaptureWriterImplementationReview(settledPublicValue(resultCaptureWriterImplementationReviewResult)) + setResultCaptureWriterDryRunFixture(settledPublicValue(resultCaptureWriterDryRunFixtureResult)) + setResultCaptureWriterDryRunReadback(settledPublicValue(resultCaptureWriterDryRunReadbackResult)) + setResultCaptureOwnerPromotionReview(settledPublicValue(resultCaptureOwnerPromotionReviewResult)) + setResultCaptureOwnerApprovedExecutionRehearsal(settledPublicValue(resultCaptureOwnerApprovedExecutionRehearsalResult)) + setResultCaptureOwnerAcceptanceMaintenanceGate(settledPublicValue(resultCaptureOwnerAcceptanceMaintenanceGateResult)) + setResultCaptureOwnerAcceptanceReadbackPreflightHold(settledPublicValue(resultCaptureOwnerAcceptanceReadbackPreflightHoldResult)) + setResultCaptureOwnerApprovedPreflightReleasePackage(settledPublicValue(resultCaptureOwnerApprovedPreflightReleasePackageResult)) + setResultCaptureOwnerApprovedReleaseReadinessReadback(settledPublicValue(resultCaptureOwnerApprovedReleaseReadinessReadbackResult)) + setResultCaptureOwnerReleaseApprovalGate(settledPublicValue(resultCaptureOwnerReleaseApprovalGateResult)) + setResultCapturePostReleaseVerifierRollbackGate(settledPublicValue(resultCapturePostReleaseVerifierRollbackGateResult)) + setResultCaptureFinalReleaseCandidateReadback(settledPublicValue(resultCaptureFinalReleaseCandidateReadbackResult)) + setResultCaptureReleaseAuthorizationHold(settledPublicValue(resultCaptureReleaseAuthorizationHoldResult)) + setResultCaptureReleaseAuthorizationReadbackGate(settledPublicValue(resultCaptureReleaseAuthorizationReadbackGateResult)) + setResultCaptureReleaseVerifierPreflightGate(settledPublicValue(resultCaptureReleaseVerifierPreflightGateResult)) + setResultCaptureReleaseVerifierOwnerReviewPacket(settledPublicValue(resultCaptureReleaseVerifierOwnerReviewPacketResult)) + setResultCaptureReleaseDecisionHold(settledPublicValue(resultCaptureReleaseDecisionHoldResult)) + setResultCaptureReleaseDecisionReadback(settledPublicValue(resultCaptureReleaseDecisionReadbackResult)) + setResultCaptureReleaseDecisionNextHandoff(settledPublicValue(resultCaptureReleaseDecisionNextHandoffResult)) + setResultCaptureReleaseDecisionInputPrep(settledPublicValue(resultCaptureReleaseDecisionInputPrepResult)) + setResultCaptureReleaseDecisionOwnerResponsePreflight(settledPublicValue(resultCaptureReleaseDecisionOwnerResponsePreflightResult)) + setResultCaptureReleaseDecisionOwnerResponseReadback(settledPublicValue(resultCaptureReleaseDecisionOwnerResponseReadbackResult)) + setResultCaptureReleaseDecisionOwnerResponseAcceptanceGate(settledPublicValue(resultCaptureReleaseDecisionOwnerResponseAcceptanceGateResult)) setReportTruthActionabilityReview(previous => ( reportTruthActionabilityReviewResult.status === 'fulfilled' - ? reportTruthActionabilityReviewResult.value + ? sanitizePublicSnapshot(reportTruthActionabilityReviewResult.value) : previous )) - setOwnerDryRunPackage(ownerDryRunPackageResult.status === 'fulfilled' ? ownerDryRunPackageResult.value : null) - setHostStatefulInventory(hostStatefulInventoryResult.status === 'fulfilled' ? hostStatefulInventoryResult.value : null) - setDependencySupplyChainDriftMonitor(dependencySupplyChainDriftMonitorResult.status === 'fulfilled' ? dependencySupplyChainDriftMonitorResult.value : null) - setServiceHealthGapMatrix(serviceHealthGapMatrixResult.status === 'fulfilled' ? serviceHealthGapMatrixResult.value : null) - setServiceHealthNotificationPolicy(serviceHealthNotificationPolicyResult.status === 'fulfilled' ? serviceHealthNotificationPolicyResult.value : null) + setOwnerDryRunPackage(settledPublicValue(ownerDryRunPackageResult)) + setHostStatefulInventory(settledPublicValue(hostStatefulInventoryResult)) + setDependencySupplyChainDriftMonitor(settledPublicValue(dependencySupplyChainDriftMonitorResult)) + setServiceHealthGapMatrix(settledPublicValue(serviceHealthGapMatrixResult)) + setServiceHealthNotificationPolicy(settledPublicValue(serviceHealthNotificationPolicyResult)) setError([ inventoryResult, backlogResult, diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index 6a8e8ce1..4a3acd1a 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -1,3 +1,31 @@ +## 2026-06-19|治理頁 snapshot 公開顯示清理層本地完成 + +**背景**:`476227d2` 正式部署後,desktop / mobile smoke 已確認 P2-407~P2-411 與 P3-009 主要卡片無目標英文 drift、無水平溢出、無工作視窗片語;但整頁深層 DOM 仍能在舊 committed snapshot 區塊看到 `audit event template`、`event envelope`、`post-write verifier`、`runtime write`、`live write`、`owner response acceptance readback` 等半英文證據字串。這些不是 runtime 事件,而是 evaluation snapshot 的固定證據內容被前端直接投影,對使用者仍不夠專業、也不符合全站繁中要求。 + +**完成內容**: +- 在 `apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx` 擴充公開顯示 glossary,將 audit event、event envelope、post-write verifier、runtime write、live write、owner review、dry-run、Gateway queue write、Telegram send、Bot API call、host write、secret read、kubectl action 等常見操作語轉成繁中可讀文案。 +- 新增 `sanitizePublicSnapshot()` / `settledPublicValue()`,讓 governance automation inventory 的 API snapshot 進入 React state 前先做公開顯示清理。 +- 保留 `status`、`risk_tier`、`owner_agent`、`schema_version`、`current_task_id`、`next_task_id`、`*_id` 等程式判斷與識別欄位,不把顯示翻譯回寫成資料語意,避免破壞前端狀態邏輯。 +- `MiniBar`、`SummaryTile`、`FlowStageTile`、`GateMatrixRow` 補第二層顯示端清理,防止未來新增欄位直接把 raw-ish 狀態語漏到頁面。 +- 未修改 API、snapshot 檔、worker、Telegram、Bot API、Gateway queue、DB、KM、PlayBook、主機、K8s、Nginx 或 workflow。 + +**本地驗證**: +- `git diff --check` 通過。 +- `SECURITY_MIRROR_PROGRESS_GUARD_OK`。 +- `TELEGRAM_ALERT_READABILITY_GUARD_OK tests=10 ai_lanes=6 host_lanes=6 runtime_gate=0`。 +- `IWOOOS_CONFIG_CONTROL_GUARD_OK`。 +- `DOC_SECRET_SANITY_OK scanned_files=934`。 +- `pnpm --filter @awoooi/web typecheck` 在本隔離 worktree 仍因未安裝 `node_modules`、`tsc` 不存在而無法本地執行;此段需由 Gitea code-review / CD 乾淨環境補驗。 + +**完成度同步**: +- 治理頁 snapshot 公開顯示清理層:本地 `100%`,正式部署 / desktop / mobile readback `0%`。 +- IwoooS headline:仍維持 `64%`;active runtime gate 仍 `0`。 +- Owner response accepted、event bus publish、audit DB write、timeline write、KM write、PlayBook trust write、Gateway queue write、Telegram send、Bot API call、worker dispatch、receipt production write、host write、kubectl action、destructive operation:全部仍 `0 / false`。 + +**下一步**:跑 guard、正常推送 Gitea main、等待 code-review / CD / post-deploy checks;正式部署後重跑 `/zh-TW/governance?tab=automation-inventory` desktop / mobile,除了主要卡片外,也檢查整頁 `audit event`、`runtime write`、`live write`、`post-write verifier`、工作視窗片語與水平溢出。 + +**邊界**:這是前端公開顯示清理,不是改 evidence 真相、不開 runtime remediation、不新增自動修復,也不代表 Wazuh / Kali / Nginx / 主機處置已授權。 + ## 2026-06-19|P2-411 治理頁繁中可見文案正式驗證完成 **背景**:P2-411 Owner Acceptance Event Bus 已完成 production API 讀回;本段補上治理頁可見文案收斂後的正式部署與 desktop / mobile smoke,確認同頁 P2-407~P2-411 與相鄰卡片不再露出舊英文狀態詞,也沒有把工作視窗內容放到前端。