wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 3 Packages Projects Releases Wiki Activity

feat(web): add IwoooS decision draft review

Browse Source
This commit is contained in:
Your Name
2026-05-19 23:49:26 +08:00
parent 451c7c0088
commit c845963fa2
11 changed files with 532 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
apps/web/messages/en.json
View File

@@ -1801,6 +1801,49 @@
"metadata": "runtime gate pointer; active gates=0"
}
}
},
"hostOwnerDecisionRecordDraftReview": {
"title": "Host Owner Decision Record Draft Review Checklist",
"subtitle": "Decision record draft packets still require read-only review. This only shows whether drafts have the metadata needed for human decision and does not create formal decision records.",
"checkLabel": "Draft review",
"guardLabel": "No upgrade",
"items": {
"scopeStatementComplete": {
"title": "Scope statement complete",
"body": "Confirm the scope draft includes host, network, service, exclusions, and observation intent so decision record scope is not ambiguous.",
"guard": "draft review only; record created=false"
},
"scanModeStillNotApproval": {
"title": "Scan mode still not approval",
"body": "Confirm scan mode remains a candidate description and is not read as active scan or credentialed scan authorization.",
"guard": "scan authorized=false"
},
"credentialBoundaryMetadataOnly": {
"title": "Credential boundary metadata only",
"body": "Confirm credential boundary stays metadata-only and does not request or store sensitive material.",
"guard": "secret collection=false"
},
"maintenanceConstraintsReadable": {
"title": "Maintenance constraints readable",
"body": "Confirm maintenance window, constraints, and impact boundary are readable without becoming host update approval.",
"guard": "host update=false"
},
"rollbackOwnerReadable": {
"title": "Rollback owner readable",
"body": "Confirm rollback owner, recovery path, and human contact are readable while no approval record is created.",
"guard": "approval record=false"
},
"validationMetricsLinked": {
"title": "Validation metrics linked",
"body": "Confirm post-check metrics, baseline, and evidence pointer are linked to the draft for later human review.",
"guard": "accepted=0"
},
"runtimeGateStillClosed": {
"title": "Runtime gate still closed",
"body": "Confirm decision record draft review does not open runtime gates. Later execution still requires a separate gate.",
"guard": "active runtime gates=0; action buttons=false"
}
}
}
},
"tickets": {

43
apps/web/messages/zh-TW.json
View File

@@ -1802,6 +1802,49 @@
"metadata": "runtime gate pointeractive gates=0"
}
}
},
"hostOwnerDecisionRecordDraftReview": {
"title": "主機 Owner Decision Record Draft Review Checklist",
"subtitle": "Decision record 草稿包後仍需只讀核對。這裡只顯示草稿是否具備人工決策所需 metadata不會建立正式 decision record。",
"checkLabel": "Draft review",
"guardLabel": "不可升級",
"items": {
"scopeStatementComplete": {
"title": "Scope statement complete",
"body": "確認 scope 草稿已包含主機、網段、服務、排除範圍與觀察目的,避免決策紀錄範圍不清。",
"guard": "只核對草稿record created=false"
},
"scanModeStillNotApproval": {
"title": "Scan mode still not approval",
"body": "確認 scan mode 仍只是候選描述,不被解讀成 active scan 或 credentialed scan 授權。",
"guard": "scan authorized=false"
},
"credentialBoundaryMetadataOnly": {
"title": "Credential boundary metadata only",
"body": "確認 credential boundary 仍維持 metadata-only沒有要求或保存敏感素材。",
"guard": "secret collection=false"
},
"maintenanceConstraintsReadable": {
"title": "Maintenance constraints readable",
"body": "確認維護窗口、限制條件與不可影響範圍可讀,但不代表可以更新或調校主機。",
"guard": "host update=false"
},
"rollbackOwnerReadable": {
"title": "Rollback owner readable",
"body": "確認 rollback owner、復原路徑與人工聯絡點可讀但尚未建立 approval record。",
"guard": "approval record=false"
},
"validationMetricsLinked": {
"title": "Validation metrics linked",
"body": "確認 post-check metrics、baseline 與 evidence pointer 已連到草稿,供後續人審使用。",
"guard": "accepted=0"
},
"runtimeGateStillClosed": {
"title": "Runtime gate still closed",
"body": "確認 decision record 草稿審查不會開 runtime gate後續執行仍需獨立 gate。",
"guard": "active runtime gates=0action buttons=false"
}
}
}
},
"tickets": {

65
apps/web/src/app/[locale]/iwooos/page.tsx
View File

@@ -165,6 +165,13 @@ type HostOwnerDecisionRecordDraftPacket = {
tone: 'steady' | 'warn' | 'locked'
}
type HostOwnerDecisionRecordDraftReviewItem = {
key: string
check: string
icon: typeof ShieldCheck
tone: 'steady' | 'warn' | 'locked'
}
const postureMetrics: PostureMetric[] = [
{ key: 'overall', value: '58%', tone: 'warn' },
{ key: 'framework', value: '80-85%', tone: 'steady' },
@@ -386,6 +393,16 @@ const hostOwnerDecisionRecordDraftPackets: HostOwnerDecisionRecordDraftPacket[]
{ key: 'runtimeGateDraft', packet: 'DR7', icon: ShieldCheck, tone: 'locked' },
]
const hostOwnerDecisionRecordDraftReviewItems: HostOwnerDecisionRecordDraftReviewItem[] = [
{ key: 'scopeStatementComplete', check: 'RV1', icon: Radar, tone: 'warn' },
{ key: 'scanModeStillNotApproval', check: 'RV2', icon: Activity, tone: 'locked' },
{ key: 'credentialBoundaryMetadataOnly', check: 'RV3', icon: Lock, tone: 'locked' },
{ key: 'maintenanceConstraintsReadable', check: 'RV4', icon: Clock3, tone: 'warn' },
{ key: 'rollbackOwnerReadable', check: 'RV5', icon: FileWarning, tone: 'warn' },
{ key: 'validationMetricsLinked', check: 'RV6', icon: CheckCircle2, tone: 'warn' },
{ key: 'runtimeGateStillClosed', check: 'RV7', icon: ShieldCheck, tone: 'locked' },
]
const evidenceItems = [
'iwooos-posture-projection.snapshot.json',
'security-rollout-policy.snapshot.json',
@@ -996,6 +1013,34 @@ function HostOwnerDecisionRecordDraftCard({ item }: { item: HostOwnerDecisionRec
)
}
function HostOwnerDecisionRecordDraftReviewCard({ item }: { item: HostOwnerDecisionRecordDraftReviewItem }) {
const t = useTranslations('iwooos.hostOwnerDecisionRecordDraftReview')
const Icon = item.icon
return (
<div style={{ ...band, minHeight: 190, padding: 16 }}>
<div style={{ display: 'flex', alignItems: 'center', justifyContent: 'space-between', gap: 12 }}>
<div style={{ display: 'flex', alignItems: 'center', gap: 9 }}>
<Icon size={18} color={toneColors[item.tone]} />
<span style={{ fontSize: 11, color: '#87867f' }}>{t('checkLabel')}</span>
</div>
<span style={{ fontSize: 11, color: '#9b978b' }}>{item.check}</span>
</div>
<h2 style={{ fontSize: 14, margin: '12px 0 6px', color: '#141413' }}>
{t(`items.${item.key}.title` as never)}
</h2>
<p style={{ fontSize: 12, lineHeight: 1.55, color: '#6f6d66', margin: 0 }}>
{t(`items.${item.key}.body` as never)}
</p>
<div style={{ marginTop: 10, display: 'grid', gap: 5 }}>
<div style={{ fontSize: 11, color: '#87867f' }}>{t('guardLabel')}</div>
<div style={{ fontSize: 11, color: toneColors[item.tone], lineHeight: 1.45 }}>
{t(`items.${item.key}.guard` as never)}
</div>
</div>
</div>
)
}
export default function IwoooSPage({ params }: { params: { locale: string } }) {
const t = useTranslations('iwooos')
@@ -1328,6 +1373,26 @@ export default function IwoooSPage({ params }: { params: { locale: string } }) {
</div>
</section>
<section style={{ marginBottom: 14 }}>
<div style={{ marginBottom: 14 }}>
<h2 style={{ fontSize: 16, margin: 0 }}>{t('hostOwnerDecisionRecordDraftReview.title')}</h2>
<p style={{ fontSize: 12, color: '#6f6d66', margin: '6px 0 0', lineHeight: 1.55 }}>
{t('hostOwnerDecisionRecordDraftReview.subtitle')}
</p>
</div>
<div
style={{
display: 'grid',
gridTemplateColumns: 'repeat(auto-fit, minmax(210px, 1fr))',
gap: 12,
}}
>
{hostOwnerDecisionRecordDraftReviewItems.map(item => (
<HostOwnerDecisionRecordDraftReviewCard key={item.key} item={item} />
))}
</div>
</section>
<section
style={{
display: 'grid',

14
docs/LOGBOOK.md
View File

@@ -1,3 +1,17 @@
## 2026-05-19 | 資安供應鏈 S2.27IwoooS Host Owner Decision Record Draft Review Checklist
**背景**S2.26 已把 formal decision record 前需要的草稿欄位顯示出來;本輪補上草稿進入人工 decision record 前的只讀核對項,避免使用者把 draft packets 誤讀成正式決策紀錄已建立。
**完成**
- `/iwooos` 新增「主機 Owner Decision Record Draft Review Checklist」顯示 scope statement complete、scan mode still not approval、credential boundary metadata only、maintenance constraints readable、rollback owner readable、validation metrics linked、runtime gate still closed 七個只讀核對項。
- `iwooos_posture_projection_v1` schema / snapshot 新增 `host_owner_decision_record_draft_review_checklist_items``host_owner_decision_record_draft_review_checklist_item_count=7`,每個 check 固定 `display_mode=owner_decision_record_draft_review_checklist_only``decision_record_review_passed_count=0``decision_record_created=false``owner_decision_received_count=0``owner_decision_accepted_count=0``owner_approval_record_created=false``runtime_gate_opened=false``raw_payload_allowed=false``secret_value_collection_allowed=false``runtime_execution_authorized=false``action_buttons_allowed=false``not_authorization=true`
- `security-mirror-progress-guard.py` 開始驗證七個 host owner decision record draft review checklist items、順序、review conditions以及 review passed / decision record / owner decision / approval record / runtime gate / raw payload / secret value / runtime / action button 仍全部鎖住。
- `security_mirror_status_rollup_v1` micro progress ledger 新增 `s2_27_iwooos_host_owner_decision_record_draft_review_checklist`headline progress 仍維持 58%。
**仍禁止**
- host owner decision record draft review checklist 不代表 review passed、decision record created、owner decision received / accepted、approved、approval record created、runtime gate opened、raw payload ingestion、secret value collection、active scan、credentialed scan、Kali `/execute`、SSH 登入、主機變更、Kali 更新或 blocking control。
- 真正人工 owner decision、決策紀錄、批准與後續 runtime gate 仍需脫敏 evidence、人工簽核與獨立 runtime gate。
## 2026-05-19 | 資安供應鏈 S2.26IwoooS Host Owner Decision Record Draft Packets
**背景**S2.25 已把 owner review checklist 後的只讀 outcome lanes 顯示出來;本輪補上 formal decision record 前的草稿欄位讓使用者知道「ready for decision record」仍只是草稿候選不代表 decision record 已建立或已批准。

94
docs/schemas/iwooos_posture_projection_v1.schema.json
View File

@@ -33,6 +33,7 @@
"host_owner_decision_review_checklist_items",
"host_owner_decision_review_outcome_lanes",
"host_owner_decision_record_draft_packets",
"host_owner_decision_record_draft_review_checklist_items",
"frontend_surface_coverage_groups",
"evidence_refs",
"allowed_frontend_outputs",
@@ -105,6 +106,7 @@
"host_owner_decision_review_checklist_item_count",
"host_owner_decision_review_outcome_lane_count",
"host_owner_decision_record_draft_packet_count",
"host_owner_decision_record_draft_review_checklist_item_count",
"action_buttons_allowed"
],
"properties": {
@@ -226,6 +228,10 @@
"host_owner_decision_record_draft_packet_count": {
"type": "integer",
"const": 7
},
"host_owner_decision_record_draft_review_checklist_item_count": {
"type": "integer",
"const": 7
}
},
"additionalProperties": false
@@ -1686,6 +1692,94 @@
},
"additionalProperties": false
}
},
"host_owner_decision_record_draft_review_checklist_items": {
"type": "array",
"minItems": 7,
"items": {
"type": "object",
"required": [
"check_id",
"display_order",
"source_packet_id",
"review_condition",
"display_mode",
"decision_record_review_passed_count",
"decision_record_created",
"owner_decision_received_count",
"owner_decision_accepted_count",
"owner_approval_record_created",
"runtime_gate_opened",
"raw_payload_allowed",
"secret_value_collection_allowed",
"runtime_execution_authorized",
"action_buttons_allowed",
"not_authorization"
],
"properties": {
"check_id": {
"type": "string"
},
"display_order": {
"type": "integer",
"minimum": 1
},
"source_packet_id": {
"type": "string"
},
"review_condition": {
"type": "string"
},
"display_mode": {
"const": "owner_decision_record_draft_review_checklist_only"
},
"decision_record_review_passed_count": {
"type": "integer",
"const": 0
},
"decision_record_created": {
"type": "boolean",
"const": false
},
"owner_decision_received_count": {
"type": "integer",
"const": 0
},
"owner_decision_accepted_count": {
"type": "integer",
"const": 0
},
"owner_approval_record_created": {
"type": "boolean",
"const": false
},
"runtime_gate_opened": {
"type": "boolean",
"const": false
},
"raw_payload_allowed": {
"type": "boolean",
"const": false
},
"secret_value_collection_allowed": {
"type": "boolean",
"const": false
},
"runtime_execution_authorized": {
"type": "boolean",
"const": false
},
"action_buttons_allowed": {
"type": "boolean",
"const": false
},
"not_authorization": {
"type": "boolean",
"const": true
}
},
"additionalProperties": false
}
}
},
"additionalProperties": false

22
docs/security/IWOOOS-POSTURE-PROJECTION.md
View File

@@ -54,6 +54,7 @@ IwoooS 首版只讀取或對齊以下已提交 evidence
22. 7 個 host owner decision review checklist items顯示 owner decision candidate packets 後仍需人工核對的安全邊界。
23. 7 個 host owner decision review outcome lanes顯示 owner review checklist 後的只讀結果分流。
24. 7 個 host owner decision record draft packets顯示 formal decision record 候選需要的草稿欄位。
25. 7 個 host owner decision record draft review checklist items顯示草稿欄位進入正式決策紀錄前仍需只讀核對的條件。
## 3.1 既有前端資安頁面整合
@@ -347,6 +348,24 @@ S2.26 將 ready for decision record 後需要整理的欄位拆成七個只讀 d
這個 draft board 不代表 decision record 已建立、owner decision 已接受、資安批准已完成或 runtime gate 已開啟。它只讓 IwoooS 把 decision record 草稿欄位先說清楚,方便後續人工決策時不混入執行語義。
## 3.18 Host Owner Decision Record Draft Review Checklist
S2.27 將 decision record draft packets 後的核對條件拆成七個只讀 checklist items。這一層只回答「草稿是否足以進入人工 decision record 撰寫」,不標記 review passed、不建立 decision record、不標記 accepted、不建立 approval record、不開 runtime gate。
| 順序 | Draft review | 來源 packet | 核對條件 |
|------|--------------|-------------|----------|
| 1 | Scope statement complete | scope draft | scope metadata complete |
| 2 | Scan mode still not approval | scan mode draft | scan mode not authorization |
| 3 | Credential boundary metadata only | credential boundary draft | credential boundary metadata-only |
| 4 | Maintenance constraints readable | maintenance constraints draft | maintenance constraints no-change |
| 5 | Rollback owner readable | rollback owner draft | rollback owner / recovery pointer readable |
| 6 | Validation metrics linked | validation metrics draft | metrics / baseline linked |
| 7 | Runtime gate still closed | runtime gate draft | runtime gate separate and closed |
每個 review check 都固定 `display_mode=owner_decision_record_draft_review_checklist_only``decision_record_review_passed_count=0``decision_record_created=false``owner_decision_received_count=0``owner_decision_accepted_count=0``owner_approval_record_created=false``runtime_gate_opened=false``raw_payload_allowed=false``secret_value_collection_allowed=false``runtime_execution_authorized=false``action_buttons_allowed=false``not_authorization=true`
這個 checklist 不代表 decision record review 已通過、decision record 已建立、owner decision 已接受或 runtime gate 已開啟。它只讓 IwoooS 把草稿進入正式人審前的核對條件說清楚。
## 4. 仍禁止
IwoooS 不得提供下列輸出:
@@ -370,7 +389,8 @@ IwoooS 不得提供下列輸出:
17. 把 owner decision review checklist 當成 approval、標記 owner decision review passed或從 owner decision review checklist 開 runtime gate。
18. 把 owner decision review outcome 當成 approval、標記 owner decision review outcome passed或從 owner decision review outcome 開 runtime gate。
19. 從 owner decision record draft 建立 host owner decision record、標記 record created或從 draft 開 runtime gate。
20.58% progress、contract count、mirror readiness 或前端可見狀態當成授權
20.owner decision record draft review 當成 approval、標記 draft review passed、從 draft review 建立 decision record或從 draft review 開 runtime gate
21. 把 58% progress、contract count、mirror readiness 或前端可見狀態當成授權。
## 5. 驗證

3
docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md
View File

@@ -35,7 +35,7 @@
| Owner response validation | S4.13 已建立;四包 owner response 目前 received/accepted 皆為 04 條 missing response lanes、4 步 collection order、next collection candidate、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks 與 7 條 parallel session recovery outcome lanes 可供 AwoooP 直接顯示;下一個建議收件為 S4.9 Gitea owner attestationlatest local validation 為 `SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`reviewer audit emitted 仍為 0不代表 owner response 已收到或任何執行授權 |
| Low-friction rollout policy | S1.3 已補 7 條 non-blocking escalation lanesLOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 初期只能 observe / warn`owner_review_required_before_blocking=true``runtime_blocking_allowed=false` |
| IwoooS frontend posture | S2.8 已新增 `/iwooos` read-only Information Security 入口;顯示 Security Posture / Exposure、source-control supply chain、Kali 112 Mesh、approval boundary、non-blocking lanes 與 evidence refs不新增執行按鈕 |
| IwoooS posture projection | S2.9 已新增 `iwooos_posture_projection_v1`S2.10 已把 10 個既有前端資安相關頁面納入 projectionS2.11 已補 4 個 coverage groups 與 5 個 conflict controlsS2.12 已補 6 個只讀 operator journey stepsS2.13 已補 7 個 owner evidence readiness itemsS2.14 已補 3 個 host coverage itemsKali 112、開發主機 168、開發主機 111S2.15 已補 6 個 host action gate itemsS2.16 已補 7 個 host evidence readiness itemsS2.17 已補 7 個 host evidence collection order stepsS2.18 已補 7 個 host evidence intake preflight checksS2.19 已補 7 個 host evidence review outcome lanesS2.20 已補 7 個 host evidence review handoff packetsS2.21 已補 7 個 host evidence reviewer checklist itemsS2.22 已補 7 個 host evidence reviewer outcome lanesS2.23 已補 7 個 host owner decision candidate packetsS2.24 已補 7 個 host owner decision review checklist itemsS2.25 已補 7 個 host owner decision review outcome lanesS2.26 已補 7 個 host owner decision record draft packets仍不新增 action button |
| IwoooS posture projection | S2.9 已新增 `iwooos_posture_projection_v1`S2.10 已把 10 個既有前端資安相關頁面納入 projectionS2.11 已補 4 個 coverage groups 與 5 個 conflict controlsS2.12 已補 6 個只讀 operator journey stepsS2.13 已補 7 個 owner evidence readiness itemsS2.14 已補 3 個 host coverage itemsKali 112、開發主機 168、開發主機 111S2.15 已補 6 個 host action gate itemsS2.16 已補 7 個 host evidence readiness itemsS2.17 已補 7 個 host evidence collection order stepsS2.18 已補 7 個 host evidence intake preflight checksS2.19 已補 7 個 host evidence review outcome lanesS2.20 已補 7 個 host evidence review handoff packetsS2.21 已補 7 個 host evidence reviewer checklist itemsS2.22 已補 7 個 host evidence reviewer outcome lanesS2.23 已補 7 個 host owner decision candidate packetsS2.24 已補 7 個 host owner decision review checklist itemsS2.25 已補 7 個 host owner decision review outcome lanesS2.26 已補 7 個 host owner decision record draft packetsS2.27 已補 7 個 host owner decision record draft review checklist items仍不新增 action button |
| Dry-run | `contract_defined_not_executed`;已納入 `CHECK_PROGRESS_GUARD``CHECK_OWNER_RESPONSE_GUARD`latest local validation 為 `repo_snapshot_guard_pass`,仍不代表 production ingestion |
| Runtime actions | `false` |
| Payload ingestion | `false` |
@@ -110,6 +110,7 @@
| S2.24 IwoooS host owner decision review checklist | framework detail | 0 | 只顯示 owner decision 前的七個只讀核對項decision record、approved count、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.25 IwoooS host owner decision review outcome lanes | framework detail | 0 | 只顯示 owner review checklist 後的七個只讀結果分流review passed、decision record、approved count、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.26 IwoooS host owner decision record draft packets | framework detail | 0 | 只顯示 formal decision record 需要的七個草稿欄位decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
| S2.27 IwoooS host owner decision record draft review checklist | framework detail | 0 | 只顯示 decision record 草稿進人審前的七個核對項review passed、decision record created、accepted count、approval record、runtime gate、raw payload、secret value、runtime execution 與 action button 仍全部鎖住 |
headline 進度要再往上,至少需要下列任一高層 gate 有實質 evidence

4
docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md
View File

@@ -4,7 +4,7 @@
|------|------|
| 日期 | 2026-05-17 |
| 狀態 | S0/S1 read-only evidence 建置中 |
| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Source Control Ref Truth Owner Response 收件包 + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + GitHub Target Owner Decision Response 收件包 + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Gitea Owner Attestation Approval Lane 對齊 + Gitea Owner Attestation Response 收件包 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Workflow / Secret Name Owner Response 收件包 + Source Control Owner Response Validation Rollup + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 + IwoooS 前端態勢入口 + IwoooS posture projection contract + IwoooS 既有前端資安頁面整合 + IwoooS 覆蓋與邊界矩陣 + IwoooS 只讀資安處理旅程 + IwoooS owner evidence readiness board + IwoooS host coverage view + IwoooS host action gate matrix + IwoooS host evidence readiness board + IwoooS host evidence collection order + IwoooS host evidence intake preflight + IwoooS host evidence review outcome lanes + IwoooS host evidence review handoff packets + IwoooS host evidence reviewer checklist + IwoooS host evidence reviewer outcome lanes + IwoooS host owner decision candidate packets + IwoooS host owner decision review checklist + IwoooS host owner decision review outcome lanes + IwoooS host owner decision record draft packets |
| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Source Control Ref Truth Owner Response 收件包 + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + GitHub Target Owner Decision Response 收件包 + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Gitea Owner Attestation Approval Lane 對齊 + Gitea Owner Attestation Response 收件包 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Workflow / Secret Name Owner Response 收件包 + Source Control Owner Response Validation Rollup + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 + IwoooS 前端態勢入口 + IwoooS posture projection contract + IwoooS 既有前端資安頁面整合 + IwoooS 覆蓋與邊界矩陣 + IwoooS 只讀資安處理旅程 + IwoooS owner evidence readiness board + IwoooS host coverage view + IwoooS host action gate matrix + IwoooS host evidence readiness board + IwoooS host evidence collection order + IwoooS host evidence intake preflight + IwoooS host evidence review outcome lanes + IwoooS host evidence review handoff packets + IwoooS host evidence reviewer checklist + IwoooS host evidence reviewer outcome lanes + IwoooS host owner decision candidate packets + IwoooS host owner decision review checklist + IwoooS host owner decision review outcome lanes + IwoooS host owner decision record draft packets + IwoooS host owner decision record draft review checklist |
| 原則 | 低摩擦分階段文件、schema、read-only evidence 優先;不做 runtime enforcement、不切 primary |
## 0. 本階段完成後整體進度
@@ -86,6 +86,7 @@ python3 scripts/security/security-mirror-progress-guard.py
| S2.24 IwoooS host owner decision review checklist | 已完成草案,將 scope readable、scan mode not authorization、credential metadata-only、maintenance not change、rollback owner、validation metrics 與 runtime gate separation 顯示成七個只讀 owner review checks | 0 |
| S2.25 IwoooS host owner decision review outcome lanes | 已完成草案,將 ready for decision record、scope refresh、scan mode scope review、credential boundary failed、maintenance window missing、rollback owner missing 與 runtime gate required 顯示成七個只讀 owner review outcome lanes | 0 |
| S2.26 IwoooS host owner decision record draft packets | 已完成草案,將 scope statement、scan mode、credential boundary、maintenance constraints、rollback owner、validation metrics 與 runtime gate pointer 顯示成七個只讀 decision record 草稿包 | 0 |
| S2.27 IwoooS host owner decision record draft review checklist | 已完成草案,將 scope statement complete、scan mode still not approval、credential boundary metadata only、maintenance constraints readable、rollback owner readable、validation metrics linked 與 runtime gate still closed 顯示成七個只讀草稿核對項 | 0 |
headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner response 收到並通過脫敏驗收,或人工批准後出現 active runtime gate、redacted payload ingestion、GitHub primary readiness 這類落地 evidence。
@@ -131,6 +132,7 @@ headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner respons
| S2.24 IwoooS Host Owner Decision Review Checklist | 完成草案 | `/iwooos` 新增主機 owner decision review checklist顯示 scope boundary readable、scan mode not authorization、credential boundary metadata only、maintenance window not change、rollback owner readable、validation metrics predefined、runtime gate still separate 七個檢查 | 使用者能理解 owner 決策前仍需核對哪些安全邊界;仍不建立 decision record、不標記 approved、不開 runtime gate、不執行主機動作 |
| S2.25 IwoooS Host Owner Decision Review Outcome Lanes | 完成草案 | `/iwooos` 新增主機 owner decision review outcome lanes顯示 ready for decision record、scope needs refresh、scan mode needs scope、credential boundary failed、maintenance window missing、rollback owner missing、runtime gate required 七個分流 | 使用者能理解 owner review 後下一步;仍不標記 review passed、不建立 decision record、不標記 approved、不開 runtime gate、不執行主機動作 |
| S2.26 IwoooS Host Owner Decision Record Draft Packets | 完成草案 | `/iwooos` 新增主機 owner decision record draft packets顯示 scope statement、scan mode、credential boundary、maintenance constraints、rollback owner、validation metrics、runtime gate pointer 七個草稿欄位 | 使用者能理解 formal decision record 草稿需要哪些 metadata仍不建立 decision record、不標記 accepted、不建立 approval record、不開 runtime gate、不執行主機動作 |
| S2.27 IwoooS Host Owner Decision Record Draft Review Checklist | 完成草案 | `/iwooos` 新增主機 owner decision record draft review checklist顯示 scope statement complete、scan mode still not approval、credential boundary metadata only、maintenance constraints readable、rollback owner readable、validation metrics linked、runtime gate still closed 七個核對項 | 使用者能理解 formal decision record 草稿進人審前仍需核對哪些條件;仍不標記 review passed、不建立 decision record、不標記 accepted、不開 runtime gate、不執行主機動作 |
| S3 approval gate | 進行中 | `security_approval_gate_v1` 已建立 8 個人工 gate items7 pending、1 block candidate、0 approved | 不得繞過人工批准;批准後仍需 follow-up runtime gate |
| S3.0 人工批准 Gate 契約 | 完成草案 | 定義批准範圍、決策選項、required reviewers、still forbidden 與 follow-up runtime gate | AwoooP 可記錄決策,不可執行 gate item |
| S3.1 人工決策紀錄契約 | 完成草案 | `security_approval_decision_record_v1` 已建立;目前 0 筆 decision records、0 個 runtime action 授權 | AwoooP 可稽核決策,不可把決策當執行 |

140
docs/security/iwooos-posture-projection.snapshot.json
View File

@@ -52,7 +52,8 @@
"host_owner_decision_candidate_packet_count": 7,
"host_owner_decision_review_checklist_item_count": 7,
"host_owner_decision_review_outcome_lane_count": 7,
"host_owner_decision_record_draft_packet_count": 7
"host_owner_decision_record_draft_packet_count": 7,
"host_owner_decision_record_draft_review_checklist_item_count": 7
},
"progress": {
"overall_percent": 58,
@@ -141,7 +142,8 @@
"display_host_owner_decision_candidate_packets",
"display_host_owner_decision_review_checklist",
"display_host_owner_decision_review_outcome_lanes",
"display_host_owner_decision_record_draft_packets"
"display_host_owner_decision_record_draft_packets",
"display_host_owner_decision_record_draft_review_checklist"
],
"forbidden_frontend_outputs": [
"add_scan_button",
@@ -196,7 +198,11 @@
"open_runtime_gate_from_owner_decision_review_outcome",
"create_host_owner_decision_record_from_draft",
"mark_host_owner_decision_record_created",
"open_runtime_gate_from_owner_decision_record_draft"
"open_runtime_gate_from_owner_decision_record_draft",
"treat_host_owner_decision_record_draft_review_as_approval",
"mark_host_owner_decision_record_draft_review_passed",
"create_host_owner_decision_record_from_draft_review",
"open_runtime_gate_from_owner_decision_record_draft_review"
],
"runtime_execution_authorized": false,
"action_buttons_allowed": false,
@@ -2288,5 +2294,133 @@
"action_buttons_allowed": false,
"not_authorization": true
}
],
"host_owner_decision_record_draft_review_checklist_items": [
{
"check_id": "host_decision_record_scope_statement_review_check",
"display_order": 1,
"source_packet_id": "host_decision_record_scope_draft_packet",
"review_condition": "scope_statement_metadata_complete",
"display_mode": "owner_decision_record_draft_review_checklist_only",
"decision_record_review_passed_count": 0,
"decision_record_created": false,
"owner_decision_received_count": 0,
"owner_decision_accepted_count": 0,
"owner_approval_record_created": false,
"runtime_gate_opened": false,
"raw_payload_allowed": false,
"secret_value_collection_allowed": false,
"runtime_execution_authorized": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"check_id": "host_decision_record_scan_mode_review_check",
"display_order": 2,
"source_packet_id": "host_decision_record_scan_mode_draft_packet",
"review_condition": "scan_mode_not_authorization_confirmed",
"display_mode": "owner_decision_record_draft_review_checklist_only",
"decision_record_review_passed_count": 0,
"decision_record_created": false,
"owner_decision_received_count": 0,
"owner_decision_accepted_count": 0,
"owner_approval_record_created": false,
"runtime_gate_opened": false,
"raw_payload_allowed": false,
"secret_value_collection_allowed": false,
"runtime_execution_authorized": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"check_id": "host_decision_record_credential_boundary_review_check",
"display_order": 3,
"source_packet_id": "host_decision_record_credential_boundary_draft_packet",
"review_condition": "credential_boundary_metadata_only_confirmed",
"display_mode": "owner_decision_record_draft_review_checklist_only",
"decision_record_review_passed_count": 0,
"decision_record_created": false,
"owner_decision_received_count": 0,
"owner_decision_accepted_count": 0,
"owner_approval_record_created": false,
"runtime_gate_opened": false,
"raw_payload_allowed": false,
"secret_value_collection_allowed": false,
"runtime_execution_authorized": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"check_id": "host_decision_record_maintenance_constraints_review_check",
"display_order": 4,
"source_packet_id": "host_decision_record_maintenance_constraints_draft_packet",
"review_condition": "maintenance_constraints_no_change_confirmed",
"display_mode": "owner_decision_record_draft_review_checklist_only",
"decision_record_review_passed_count": 0,
"decision_record_created": false,
"owner_decision_received_count": 0,
"owner_decision_accepted_count": 0,
"owner_approval_record_created": false,
"runtime_gate_opened": false,
"raw_payload_allowed": false,
"secret_value_collection_allowed": false,
"runtime_execution_authorized": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"check_id": "host_decision_record_rollback_owner_review_check",
"display_order": 5,
"source_packet_id": "host_decision_record_rollback_owner_draft_packet",
"review_condition": "rollback_owner_recovery_pointer_readable",
"display_mode": "owner_decision_record_draft_review_checklist_only",
"decision_record_review_passed_count": 0,
"decision_record_created": false,
"owner_decision_received_count": 0,
"owner_decision_accepted_count": 0,
"owner_approval_record_created": false,
"runtime_gate_opened": false,
"raw_payload_allowed": false,
"secret_value_collection_allowed": false,
"runtime_execution_authorized": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"check_id": "host_decision_record_validation_metrics_review_check",
"display_order": 6,
"source_packet_id": "host_decision_record_validation_metrics_draft_packet",
"review_condition": "validation_metrics_baseline_linked",
"display_mode": "owner_decision_record_draft_review_checklist_only",
"decision_record_review_passed_count": 0,
"decision_record_created": false,
"owner_decision_received_count": 0,
"owner_decision_accepted_count": 0,
"owner_approval_record_created": false,
"runtime_gate_opened": false,
"raw_payload_allowed": false,
"secret_value_collection_allowed": false,
"runtime_execution_authorized": false,
"action_buttons_allowed": false,
"not_authorization": true
},
{
"check_id": "host_decision_record_runtime_gate_review_check",
"display_order": 7,
"source_packet_id": "host_decision_record_runtime_gate_draft_packet",
"review_condition": "runtime_gate_separate_and_closed",
"display_mode": "owner_decision_record_draft_review_checklist_only",
"decision_record_review_passed_count": 0,
"decision_record_created": false,
"owner_decision_received_count": 0,
"owner_decision_accepted_count": 0,
"owner_approval_record_created": false,
"runtime_gate_opened": false,
"raw_payload_allowed": false,
"secret_value_collection_allowed": false,
"runtime_execution_authorized": false,
"action_buttons_allowed": false,
"not_authorization": true
}
]
}

10
docs/security/security-mirror-status-rollup.snapshot.json
View File

@@ -820,6 +820,16 @@
"runtime_delta": false,
"execution_authorized": false,
"not_authorization": true
},
{
"delta_id": "s2_27_iwooos_host_owner_decision_record_draft_review_checklist",
"display_order": 56,
"progress_axis": "framework_detail",
"headline_percent_delta": 0,
"framework_delta_visible": true,
"runtime_delta": false,
"execution_authorized": false,
"not_authorization": true
}
],
"next_safe_actions": [

100
scripts/security/security-mirror-progress-guard.py
View File

@@ -178,6 +178,7 @@ def validate(root: Path) -> None:
"s2_24_iwooos_host_owner_decision_review_checklist",
"s2_25_iwooos_host_owner_decision_review_outcome_lanes",
"s2_26_iwooos_host_owner_decision_record_draft_packets",
"s2_27_iwooos_host_owner_decision_record_draft_review_checklist",
]
assert_equal(
"progress_delta_ledger.delta_ids",
@@ -458,6 +459,15 @@ def validate(root: Path) -> None:
"host_decision_record_validation_metrics_draft_packet",
"host_decision_record_runtime_gate_draft_packet",
]
expected_iwooos_host_owner_decision_record_draft_review_checklist_item_ids = [
"host_decision_record_scope_statement_review_check",
"host_decision_record_scan_mode_review_check",
"host_decision_record_credential_boundary_review_check",
"host_decision_record_maintenance_constraints_review_check",
"host_decision_record_rollback_owner_review_check",
"host_decision_record_validation_metrics_review_check",
"host_decision_record_runtime_gate_review_check",
]
assert_equal(
"iwooos_projection.summary.frontend_surface_coverage_group_count",
iwooos_projection["summary"]["frontend_surface_coverage_group_count"],
@@ -543,6 +553,11 @@ def validate(root: Path) -> None:
iwooos_projection["summary"]["host_owner_decision_record_draft_packet_count"],
len(expected_iwooos_host_owner_decision_record_draft_packet_ids),
)
assert_equal(
"iwooos_projection.summary.host_owner_decision_record_draft_review_checklist_item_count",
iwooos_projection["summary"]["host_owner_decision_record_draft_review_checklist_item_count"],
len(expected_iwooos_host_owner_decision_record_draft_review_checklist_item_ids),
)
iwooos_progress = iwooos_projection["progress"]
assert_equal("iwooos_projection.progress.overall_percent", iwooos_progress["overall_percent"], progress["overall_percent"])
assert_equal(
@@ -1562,6 +1577,86 @@ def validate(root: Path) -> None:
f"iwooos_projection.host_owner_decision_record_draft_packets.{item['packet_id']}.not_authorization",
item["not_authorization"],
)
iwooos_host_owner_decision_record_draft_review_checklist = iwooos_projection[
"host_owner_decision_record_draft_review_checklist_items"
]
assert_equal(
"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.ids",
[item["check_id"] for item in iwooos_host_owner_decision_record_draft_review_checklist],
expected_iwooos_host_owner_decision_record_draft_review_checklist_item_ids,
)
assert_equal(
"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.display_order",
[item["display_order"] for item in iwooos_host_owner_decision_record_draft_review_checklist],
list(range(1, len(expected_iwooos_host_owner_decision_record_draft_review_checklist_item_ids) + 1)),
)
expected_iwooos_host_owner_decision_record_draft_review_conditions = [
"scope_statement_metadata_complete",
"scan_mode_not_authorization_confirmed",
"credential_boundary_metadata_only_confirmed",
"maintenance_constraints_no_change_confirmed",
"rollback_owner_recovery_pointer_readable",
"validation_metrics_baseline_linked",
"runtime_gate_separate_and_closed",
]
assert_equal(
"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.review_conditions",
[item["review_condition"] for item in iwooos_host_owner_decision_record_draft_review_checklist],
expected_iwooos_host_owner_decision_record_draft_review_conditions,
)
for item in iwooos_host_owner_decision_record_draft_review_checklist:
assert_equal(
f"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.{item['check_id']}.display_mode",
item["display_mode"],
"owner_decision_record_draft_review_checklist_only",
)
assert_equal(
f"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.{item['check_id']}.decision_record_review_passed_count",
item["decision_record_review_passed_count"],
0,
)
assert_false(
f"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.{item['check_id']}.decision_record_created",
item["decision_record_created"],
)
assert_equal(
f"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.{item['check_id']}.owner_decision_received_count",
item["owner_decision_received_count"],
0,
)
assert_equal(
f"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.{item['check_id']}.owner_decision_accepted_count",
item["owner_decision_accepted_count"],
0,
)
assert_false(
f"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.{item['check_id']}.owner_approval_record_created",
item["owner_approval_record_created"],
)
assert_false(
f"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.{item['check_id']}.runtime_gate_opened",
item["runtime_gate_opened"],
)
assert_false(
f"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.{item['check_id']}.raw_payload_allowed",
item["raw_payload_allowed"],
)
assert_false(
f"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.{item['check_id']}.secret_value_collection_allowed",
item["secret_value_collection_allowed"],
)
assert_false(
f"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.{item['check_id']}.runtime_execution_authorized",
item["runtime_execution_authorized"],
)
assert_false(
f"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.{item['check_id']}.action_buttons_allowed",
item["action_buttons_allowed"],
)
assert_true(
f"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.{item['check_id']}.not_authorization",
item["not_authorization"],
)
assert_equal(
"iwooos_projection.non_blocking_lane_ids",
iwooos_projection["non_blocking_lane_ids"],
@@ -1597,6 +1692,7 @@ def validate(root: Path) -> None:
"display_host_owner_decision_review_checklist",
"display_host_owner_decision_review_outcome_lanes",
"display_host_owner_decision_record_draft_packets",
"display_host_owner_decision_record_draft_review_checklist",
"display_evidence_refs",
"display_forbidden_actions",
]:
@@ -1650,6 +1746,10 @@ def validate(root: Path) -> None:
"create_host_owner_decision_record_from_draft",
"mark_host_owner_decision_record_created",
"open_runtime_gate_from_owner_decision_record_draft",
"treat_host_owner_decision_record_draft_review_as_approval",
"mark_host_owner_decision_record_draft_review_passed",
"create_host_owner_decision_record_from_draft_review",
"open_runtime_gate_from_owner_decision_record_draft_review",
"apply_runtime_blocking_control",
"switch_github_primary",
"production_deploy",