docs(security): 綁定通知出口可讀性驗收

2026-06-19 02:08:26 +08:00
parent 1eaa51e645
commit c7740f5d1d
9 changed files with 69 additions and 16 deletions
--- a/scripts/security/security-mirror-progress-guard.py
+++ b/scripts/security/security-mirror-progress-guard.py
@@ -22006,9 +22006,9 @@ def validate(root: Path) -> None:
        "workflow_acceptance_candidate_count": 6,
        "ops_script_acceptance_candidate_count": 4,
        "api_direct_acceptance_candidate_count": 1,
-        "acceptance_field_count": 32,
+        "acceptance_field_count": 33,
        "required_owner_field_count": 19,
-        "reviewer_check_count": 22,
+        "reviewer_check_count": 23,
        "outcome_lane_count": 10,
        "forbidden_payload_count": 14,
        "blocked_action_count": 35,
@@ -22069,7 +22069,7 @@ def validate(root: Path) -> None:
        assert_equal(
            f"telegram_notification_egress_owner_response_acceptance.{item['acceptance_candidate_id']}.acceptance_fields",
            len(item["acceptance_fields"]),
-            32,
+            33,
        )
        assert_equal(
            f"telegram_notification_egress_owner_response_acceptance.{item['acceptance_candidate_id']}.required_owner_fields",
@@ -22079,7 +22079,12 @@ def validate(root: Path) -> None:
        assert_equal(
            f"telegram_notification_egress_owner_response_acceptance.{item['acceptance_candidate_id']}.reviewer_checks",
            len(item["reviewer_checks"]),
-            22,
+            23,
+        )
+        assert_equal(
+            f"telegram_notification_egress_owner_response_acceptance.{item['acceptance_candidate_id']}.message_readability_guard_ref",
+            item.get("message_readability_guard_ref"),
+            "docs/security/telegram-alert-readability-guard.snapshot.json",
        )
        assert_equal(
            f"telegram_notification_egress_owner_response_acceptance.{item['acceptance_candidate_id']}.outcome_lanes",
--- a/scripts/security/telegram-notification-egress-owner-response-acceptance.py
+++ b/scripts/security/telegram-notification-egress-owner-response-acceptance.py
@@ -21,6 +21,7 @@ TAIPEI = timezone(timedelta(hours=8))

 OWNER_REQUEST_SNAPSHOT = Path("docs/security/telegram-notification-egress-owner-request-draft.snapshot.json")
 MIGRATION_PLAN_SNAPSHOT = Path("docs/security/telegram-notification-egress-migration-plan-draft.snapshot.json")
+MESSAGE_READABILITY_GUARD_SNAPSHOT = Path("docs/security/telegram-alert-readability-guard.snapshot.json")

 ACCEPTANCE_FIELDS = [
    "acceptance_candidate_id",
@@ -38,6 +39,7 @@ ACCEPTANCE_FIELDS = [
    "affected_scope",
    "redacted_evidence_refs",
    "message_shape_contract_ref",
+    "message_readability_guard_ref",
    "redaction_contract_ref",
    "formatter_convergence_decision",
    "gateway_or_alertmanager_target",
@@ -67,6 +69,7 @@ REVIEWER_CHECKS = [
    "no_secret_or_token_value",
    "no_raw_message_payload",
    "message_shape_contract_present",
+    "message_readability_guard_present",
    "redaction_contract_present",
    "formatter_convergence_explicit",
    "gateway_or_alertmanager_target_valid",
@@ -190,6 +193,7 @@ def build_candidate(request: dict[str, Any], migration: dict[str, Any]) -> dict[
        "affected_scope": "pending_owner_response",
        "redacted_evidence_refs": [],
        "message_shape_contract_ref": None,
+        "message_readability_guard_ref": MESSAGE_READABILITY_GUARD_SNAPSHOT.as_posix(),
        "redaction_contract_ref": None,
        "formatter_convergence_decision": "pending_owner_response",
        "gateway_or_alertmanager_target": "pending_owner_response",
@@ -274,6 +278,7 @@ def build_report(root: Path, generated_at: str | None = None) -> dict[str, Any]:
        "source_migration_plan_snapshot": MIGRATION_PLAN_SNAPSHOT.as_posix(),
        "source_migration_plan_schema_version": migration_plan["schema_version"],
        "source_migration_plan_status": migration_plan["status"],
+        "message_readability_guard_snapshot": MESSAGE_READABILITY_GUARD_SNAPSHOT.as_posix(),
        "summary": {
            "source_request_draft_count": owner_request["summary"]["request_draft_count"],
            "source_migration_candidate_count": migration_plan["summary"]["migration_candidate_count"],
@@ -340,6 +345,7 @@ def build_report(root: Path, generated_at: str | None = None) -> dict[str, Any]:
        "acceptance_candidates": candidates,
        "operator_interpretation": [
            "此帳本只是 reviewer 驗收模板；owner response received / accepted 仍維持 0。",
+            "每個 direct egress candidate 都必須引用 Telegram 告警可讀性 guard，migration review 不得繞過卡片化、脫敏與 runtime_write_gate=0。",
            "CD success、route 200、UI 可見或 Telegram sent 狀態本身都不是 delivery receipt。",
            "workflow、script 與 API sender 收斂仍需獨立 runtime approval 與 change evidence。",
        ],