diff --git a/apps/web/messages/en.json b/apps/web/messages/en.json index ae8f7ca5..fc9e5faf 100644 --- a/apps/web/messages/en.json +++ b/apps/web/messages/en.json @@ -1016,7 +1016,7 @@ }, "contracts": { "label": "Core contracts", - "detail": "32 ready / 2 partial / 1 contract-only" + "detail": "33 ready / 2 partial / 1 contract-only" }, "activeGates": { "label": "Active runtime gates", diff --git a/apps/web/messages/zh-TW.json b/apps/web/messages/zh-TW.json index c15f88b2..967caa25 100644 --- a/apps/web/messages/zh-TW.json +++ b/apps/web/messages/zh-TW.json @@ -1017,7 +1017,7 @@ }, "contracts": { "label": "主要契約", - "detail": "32 ready / 2 partial / 1 contract-only" + "detail": "33 ready / 2 partial / 1 contract-only" }, "activeGates": { "label": "Active runtime gates", diff --git a/apps/web/src/app/[locale]/iwooos/page.tsx b/apps/web/src/app/[locale]/iwooos/page.tsx index 0da6dddc..5db7ca6a 100644 --- a/apps/web/src/app/[locale]/iwooos/page.tsx +++ b/apps/web/src/app/[locale]/iwooos/page.tsx @@ -39,7 +39,7 @@ const postureMetrics: PostureMetric[] = [ { key: 'overall', value: '58%', tone: 'warn' }, { key: 'framework', value: '80-85%', tone: 'steady' }, { key: 'runtime', value: '35-40%', tone: 'locked' }, - { key: 'contracts', value: '35', tone: 'steady' }, + { key: 'contracts', value: '36', tone: 'steady' }, { key: 'activeGates', value: '0', tone: 'locked' }, ] @@ -61,6 +61,7 @@ const nonBlockingLanes: Lane[] = [ ] const evidenceItems = [ + 'iwooos-posture-projection.snapshot.json', 'security-rollout-policy.snapshot.json', 'security-mirror-status-rollup.snapshot.json', 'source-control-owner-response-validation-rollup.snapshot.json', diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index d9a747b5..cb78ae48 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -1,3 +1,17 @@ +## 2026-05-19 | 資安供應鏈 S2.9:IwoooS Posture Projection Contract + +**背景**:S2.8 已讓使用者在前端看到 IwoooS,但若只靠頁面常數與文案,未來容易和 rollup / readiness / low-friction policy 口徑漂移。本輪把 IwoooS 顯示資料固定成可驗證的 read-only posture projection contract。 + +**完成**: +- 新增 `iwooos_posture_projection_v1` schema、snapshot 與人讀文件,定義 IwoooS 前端只能顯示 posture、progress、non-blocking lanes、evidence refs、forbidden actions 與 next gate。 +- Contract manifest 從 35 增至 36;mirror readiness 從 32 ready / 2 partial / 1 contract-only 調整為 33 ready / 2 partial / 1 contract-only;blocked 仍為 0。 +- `security_mirror_route_v1`、`security_mirror_acceptance_v1`、`security_mirror_dry_run_v1` 與 mirror event sample 已同步 36 contracts / 33 ready 口徑。 +- `security_mirror_status_rollup_v1` micro progress ledger 新增 `s2_9_iwooos_posture_projection_contract`,headline progress 仍維持 58%。 + +**仍禁止**: +- IwoooS posture projection 不新增 action button,不啟用 scan / execute / repair,不執行 repo / refs / workflow / secret / runner / deploy / primary switch。 +- 36 contracts / 33 ready 是框架可見性提升,不代表 owner response、runtime ingestion、approval、Kali scan 或 GitHub primary readiness 已完成。 + ## 2026-05-19 | 資安供應鏈 S2.8:IwoooS Frontend Posture Entry **背景**:統帥指出目前資安工作雖有 schema / snapshot / guard 推進,但使用者端無感;決策為新增獨立入口 **IwoooS = Information Security**,不再把資安網塞在一般安全 / 合規頁。 diff --git a/docs/schemas/iwooos_posture_projection_v1.schema.json b/docs/schemas/iwooos_posture_projection_v1.schema.json new file mode 100644 index 00000000..d63033d9 --- /dev/null +++ b/docs/schemas/iwooos_posture_projection_v1.schema.json @@ -0,0 +1,248 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "urn:awoooi:iwooos-posture-projection-v1", + "title": "IwoooS 前端資安態勢投影契約 v1", + "description": "定義 IwoooS 如何以 read-only / mirror-only 方式呈現資安網態勢、進度、證據與禁止動作。此契約不授權 scan、execute、repo、refs、workflow、secret、runner、deploy 或 primary switch。", + "type": "object", + "required": [ + "schema_version", + "status", + "date", + "product_id", + "display_name", + "mode", + "source_paths", + "summary", + "progress", + "posture_pillars", + "non_blocking_lane_ids", + "evidence_refs", + "allowed_frontend_outputs", + "forbidden_frontend_outputs", + "runtime_execution_authorized", + "action_buttons_allowed", + "not_authorization" + ], + "properties": { + "schema_version": { + "const": "iwooos_posture_projection_v1" + }, + "status": { + "type": "string", + "enum": ["draft"] + }, + "date": { + "type": "string" + }, + "product_id": { + "const": "iwooos" + }, + "display_name": { + "const": "IwoooS" + }, + "mode": { + "type": "string", + "enum": ["mirror_only"] + }, + "source_paths": { + "type": "array", + "minItems": 1, + "items": { + "type": "string" + } + }, + "summary": { + "type": "object", + "required": [ + "route_path", + "nav_entry_added", + "command_palette_entry_added", + "contract_count", + "active_runtime_gate_count", + "approval_queue_total", + "pending_approval_count", + "block_candidate_count", + "owner_response_validation_received_count", + "owner_response_validation_accepted_count", + "github_primary_ready_count", + "action_buttons_allowed" + ], + "properties": { + "route_path": { + "const": "/iwooos" + }, + "nav_entry_added": { + "type": "boolean", + "const": true + }, + "command_palette_entry_added": { + "type": "boolean", + "const": true + }, + "contract_count": { + "type": "integer", + "minimum": 0 + }, + "active_runtime_gate_count": { + "type": "integer", + "const": 0 + }, + "approval_queue_total": { + "type": "integer", + "minimum": 0 + }, + "pending_approval_count": { + "type": "integer", + "minimum": 0 + }, + "block_candidate_count": { + "type": "integer", + "minimum": 0 + }, + "owner_response_validation_received_count": { + "type": "integer", + "const": 0 + }, + "owner_response_validation_accepted_count": { + "type": "integer", + "const": 0 + }, + "github_primary_ready_count": { + "type": "integer", + "const": 0 + }, + "action_buttons_allowed": { + "type": "boolean", + "const": false + } + }, + "additionalProperties": false + }, + "progress": { + "type": "object", + "required": [ + "overall_percent", + "framework_percent_min", + "framework_percent_max", + "runtime_landing_percent_min", + "runtime_landing_percent_max", + "headline_status", + "not_authorization" + ], + "properties": { + "overall_percent": { + "type": "integer", + "const": 58 + }, + "framework_percent_min": { + "type": "integer", + "const": 80 + }, + "framework_percent_max": { + "type": "integer", + "const": 85 + }, + "runtime_landing_percent_min": { + "type": "integer", + "const": 35 + }, + "runtime_landing_percent_max": { + "type": "integer", + "const": 40 + }, + "headline_status": { + "const": "holding_until_owner_response_or_runtime_gate" + }, + "not_authorization": { + "type": "boolean", + "const": true + } + }, + "additionalProperties": false + }, + "posture_pillars": { + "type": "array", + "minItems": 4, + "items": { + "type": "object", + "required": [ + "pillar_id", + "display_order", + "display_state", + "source_contract", + "display_mode", + "runtime_execution_authorized", + "not_authorization" + ], + "properties": { + "pillar_id": { + "type": "string" + }, + "display_order": { + "type": "integer", + "minimum": 1 + }, + "display_state": { + "type": "string" + }, + "source_contract": { + "type": "string" + }, + "display_mode": { + "const": "posture_only" + }, + "runtime_execution_authorized": { + "type": "boolean", + "const": false + }, + "not_authorization": { + "type": "boolean", + "const": true + } + }, + "additionalProperties": false + } + }, + "non_blocking_lane_ids": { + "type": "array", + "minItems": 1, + "items": { + "type": "string" + } + }, + "evidence_refs": { + "type": "array", + "minItems": 1, + "items": { + "type": "string" + } + }, + "allowed_frontend_outputs": { + "type": "array", + "minItems": 1, + "items": { + "type": "string" + } + }, + "forbidden_frontend_outputs": { + "type": "array", + "minItems": 1, + "items": { + "type": "string" + } + }, + "runtime_execution_authorized": { + "type": "boolean", + "const": false + }, + "action_buttons_allowed": { + "type": "boolean", + "const": false + }, + "not_authorization": { + "type": "boolean", + "const": true + } + }, + "additionalProperties": false +} diff --git a/docs/security/AWOOOP-MIRROR-ONLY-CONSUMPTION-CHECKLIST.md b/docs/security/AWOOOP-MIRROR-ONLY-CONSUMPTION-CHECKLIST.md index 94876dca..1c4af5b7 100644 --- a/docs/security/AWOOOP-MIRROR-ONLY-CONSUMPTION-CHECKLIST.md +++ b/docs/security/AWOOOP-MIRROR-ONLY-CONSUMPTION-CHECKLIST.md @@ -104,7 +104,7 @@ AwoooP 初期不得直接啟動掃描、不得呼叫 Codex patch runner、不得 | `source_control_primary_readiness_gate_v1.status=draft_blocked` | `approve_required` | 顯示 8 個 candidate repos、7 個 in-scope blocked、0 個 primary ready;不得切 primary | | `source_control_primary_rollback_adr_v1.status=draft_waiting_owner_review` | `approve_required` | 顯示 7 個 in-scope rollback drafts、0 個 owner approved、0 個 dry-run completed;不得執行 rollback 或切 primary | | `source_control_workflow_secret_name_inventory_v1.status=draft_missing_evidence` | `approve_required` | 顯示 8 個 candidate repos、S4.2 local evidence 4 repos / 31 workflows / 43 referenced secret names、S4.3 export request 7 repos / 5 lanes、0 個 complete;不得收集 secret value、不得修改 workflow | -| `security_mirror_readiness_v1.status=draft` | `observe` | 顯示 35 個 contracts 的 readiness;不得把 readiness 當 execution authorization | +| `security_mirror_readiness_v1.status=draft` | `observe` | 顯示 36 個 contracts 的 readiness;不得把 readiness 當 execution authorization | | `security_mirror_intake_plan_v1.status=draft` | `observe` | 顯示 5 個 intake waves 與 4 個 acceptance gates;不得執行 wave | | `security_mirror_event_v1.execution_authorized=false` | `observe` | 只包裝鏡像 payload,明確不授權執行、不顯示執行按鈕 | | `security_mirror_route_v1.status=draft` | `observe` | 顯示 5 個 route groups、channel policy 與 review lane;不得轉成 execution router | diff --git a/docs/security/AWOOOP-SECURITY-SUPPLYCHAIN-INTEGRATION-HANDOFF.md b/docs/security/AWOOOP-SECURITY-SUPPLYCHAIN-INTEGRATION-HANDOFF.md index 9bc89c1c..3dc5d938 100644 --- a/docs/security/AWOOOP-SECURITY-SUPPLYCHAIN-INTEGRATION-HANDOFF.md +++ b/docs/security/AWOOOP-SECURITY-SUPPLYCHAIN-INTEGRATION-HANDOFF.md @@ -309,7 +309,7 @@ Schema:`docs/schemas/security_mirror_readiness_v1.schema.json` Snapshot:`docs/security/security-mirror-readiness.snapshot.json` -目前 readiness:35 個 contracts,32 個 ready for mirror,2 個 partial ready,1 個 contract-only,0 個 blocked。所有 contract 都是 `execution_allowed=false`。 +目前 readiness:36 個 contracts,33 個 ready for mirror,2 個 partial ready,1 個 contract-only,0 個 blocked。所有 contract 都是 `execution_allowed=false`。 AwoooP 初期處理方式:先 mirror readiness index,再依 readiness 分批 mirror 其他 snapshots;不得把 readiness 當 execution authorization。 @@ -345,7 +345,7 @@ Schema:`docs/schemas/security_mirror_route_v1.schema.json` Snapshot:`docs/security/security-mirror-route.snapshot.json` -目前 route:5 個 route groups,涵蓋 35 個 contracts;所有 route 都是 `runtime_execution_authorized=false`。 +目前 route:5 個 route groups,涵蓋 36 個 contracts;所有 route 都是 `runtime_execution_authorized=false`。 AwoooP 初期處理方式:只依 route group 顯示 Operator Console / Runtime State / Channel Event / Audit / Approval Queue,不把 route 轉成 execution router。 @@ -393,7 +393,7 @@ Schema:`docs/schemas/security_mirror_status_rollup_v1.schema.json` Snapshot:`docs/security/security-mirror-status-rollup.snapshot.json` -目前 rollup:`framework_ready_waiting_approval`;35 個 contracts、32 ready、2 partial、1 contract-only、0 blocked;approval queue 仍為 8 items,其中 7 pending approval、1 block candidate;review packets 8 筆;state transition rules 5 筆;follow-up runtime gate templates 8 筆;active runtime gates 0 筆;GitHub primary candidate repos 8 筆、primary ready 0 筆;S4.4 rollback ADR repo plans 7 筆、owner approved 0 筆、dry-run completed 0 筆;S4.10 GitHub target owner response request packet 1 筆、template statuses 7 筆、audit event templates 3 筆、redaction examples 5 筆、collection checks 6 筆、intake preflight checks 6 筆、owner decision response templates 7 筆、received response 0 筆、accepted response 0 筆;S4.11 refs truth owner response request packet 1 筆、template statuses 5 筆、audit event templates 3 筆、redaction examples 5 筆、collection checks 6 筆、intake preflight checks 6 筆、templates 5 筆、received response 0 筆、accepted response 0 筆、audit events emitted 0 筆;S4.13 owner response validation rollup 彙整 4 包、22 個 templates、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks、7 條 parallel session recovery outcome lanes、received response 0 筆、accepted response 0 筆、reviewer audit emitted 0 筆;Gitea inventory 目前 `partial_waiting_authenticated_inventory`,public-only repo 2 個、本機可見 Gitea unique repo 4 個、export source options 2 類、S4.6 import acceptance payload 0 筆、S4.7 owner attestation items 5 筆、received attestation 0 筆、S4.9 owner response request packet 1 筆、template statuses 5 筆、audit event templates 3 筆、redaction examples 5 筆、display sections 8 筆、collection checks 6 筆、S4.9 owner response templates 5 筆、intake preflight checks 6 筆、outcome lanes 5 筆、received response 0 筆、audit events emitted 0 筆、quarantine required=true、token value collection allowed=false;workflow / secret 名稱 inventory candidate repos 8 筆、complete 0 筆、S4.12 owner response request packet 1 筆、S4.12 template statuses 5 筆、S4.12 audit event templates 3 筆、S4.12 redaction examples 5 筆、S4.12 collection checks 6 筆、S4.12 intake preflight checks 6 筆、S4.12 owner response templates 5 筆、received response 0 筆、accepted response 0 筆、audit events emitted 0 筆;S4.2 local evidence repos 4 筆、workflow files 31 筆、referenced secret names 43 筆;decision records 目前 0 筆。 +目前 rollup:`framework_ready_waiting_approval`;36 個 contracts、33 ready、2 partial、1 contract-only、0 blocked;approval queue 仍為 8 items,其中 7 pending approval、1 block candidate;review packets 8 筆;state transition rules 5 筆;follow-up runtime gate templates 8 筆;active runtime gates 0 筆;GitHub primary candidate repos 8 筆、primary ready 0 筆;IwoooS posture projection 已建立,但只顯示姿態、progress、non-blocking lanes、evidence refs 與 forbidden actions;S4.10 GitHub target owner response request packet 1 筆、template statuses 7 筆、audit event templates 3 筆、redaction examples 5 筆、collection checks 6 筆、intake preflight checks 6 筆、owner decision response templates 7 筆、received response 0 筆、accepted response 0 筆;S4.11 refs truth owner response request packet 1 筆、template statuses 5 筆、audit event templates 3 筆、redaction examples 5 筆、collection checks 6 筆、intake preflight checks 6 筆、templates 5 筆、received response 0 筆、accepted response 0 筆、audit events emitted 0 筆;S4.13 owner response validation rollup 彙整 4 包、22 個 templates、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks、7 條 parallel session recovery outcome lanes、received response 0 筆、accepted response 0 筆、reviewer audit emitted 0 筆;Gitea inventory 目前 `partial_waiting_authenticated_inventory`,public-only repo 2 個、本機可見 Gitea unique repo 4 個、export source options 2 類、S4.6 import acceptance payload 0 筆、S4.7 owner attestation items 5 筆、received attestation 0 筆、S4.9 owner response request packet 1 筆、template statuses 5 筆、audit event templates 3 筆、redaction examples 5 筆、display sections 8 筆、collection checks 6 筆、S4.9 owner response templates 5 筆、intake preflight checks 6 筆、outcome lanes 5 筆、received response 0 筆、audit events emitted 0 筆、quarantine required=true、token value collection allowed=false;workflow / secret 名稱 inventory candidate repos 8 筆、complete 0 筆、S4.12 owner response request packet 1 筆、S4.12 template statuses 5 筆、S4.12 audit event templates 3 筆、S4.12 redaction examples 5 筆、S4.12 collection checks 6 筆、S4.12 intake preflight checks 6 筆、S4.12 owner response templates 5 筆、received response 0 筆、accepted response 0 筆、audit events emitted 0 筆;S4.2 local evidence repos 4 筆、workflow files 31 筆、referenced secret names 43 筆;decision records 目前 0 筆。 AwoooP 初期處理方式:只顯示階段狀態、下一個 gate 與禁止事項,可寫入 Audit evidence;不得把 rollup 當 runtime authorization。 @@ -886,7 +886,7 @@ Console 初期不提供高風險執行按鈕。 2026-05-12 contract manifest 追加:已新增 `docs/schemas/security_supply_chain_contract_manifest_v1.schema.json`、`docs/security/security-supply-chain-contract-manifest.snapshot.json` 與 `docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md`。AwoooP 應先讀 manifest 作為 mirror-only contract registry,不把 manifest 當 execution router。 -2026-05-13 mirror route 追加:已新增 `docs/schemas/security_mirror_route_v1.schema.json`、`docs/security/security-mirror-route.snapshot.json` 與 `docs/security/SECURITY-MIRROR-ROUTE.md`。AwoooP 可依 5 個 route groups 將 35 個 contracts 分流到 Operator Console、Runtime State、Channel Event、Audit evidence 與 Approval Queue;route 只決定目的地、channel policy 與 review lane,不是 execution router。 +2026-05-13 mirror route 追加,2026-05-19 補 IwoooS posture projection coverage:已新增 `docs/schemas/security_mirror_route_v1.schema.json`、`docs/security/security-mirror-route.snapshot.json` 與 `docs/security/SECURITY-MIRROR-ROUTE.md`。AwoooP 可依 5 個 route groups 將 36 個 contracts 分流到 Operator Console、Runtime State、Channel Event、Audit evidence 與 Approval Queue;route 只決定目的地、channel policy 與 review lane,不是 execution router。 2026-05-13 mirror acceptance 追加,2026-05-18 已對齊 progress guard:已新增 `docs/schemas/security_mirror_acceptance_v1.schema.json`、`docs/security/security-mirror-acceptance.snapshot.json` 與 `docs/security/SECURITY-MIRROR-ACCEPTANCE.md`。AwoooP 可用 8 個 acceptance checks 驗收 mirror ingestion;blocking checks 只針對 contract count mismatch、缺 event envelope、route coverage 不完整、未脫敏 evidence 或進度估算被誤當授權,不得阻擋 runtime 流程。 @@ -894,7 +894,7 @@ Console 初期不提供高風險執行按鈕。 2026-05-13 mirror dry-run 追加,2026-05-18 已對齊 progress guard 與 owner response guard:已新增 `docs/schemas/security_mirror_dry_run_v1.schema.json`、`docs/security/security-mirror-dry-run.snapshot.json` 與 `docs/security/SECURITY-MIRROR-DRY-RUN.md`。AwoooP 未來可用 8 個 dry-run steps 回報接入演練結果;本 snapshot 狀態為 `contract_defined_not_executed`,不得視為 production ingestion 已啟用。 -2026-05-13 mirror status rollup 追加,2026-05-18 補 progress display policy / delta ledger:已新增 `docs/schemas/security_mirror_status_rollup_v1.schema.json`、`docs/security/security-mirror-status-rollup.snapshot.json` 與 `docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md`。AwoooP 與 Security Supply Chain Session 可用同一份 rollup 同步 S0-S4、35 個 contracts、approval queue summary、review packet summary、state transition summary、follow-up runtime gate template summary、GitHub primary readiness summary、rollback ADR summary、workflow / secret name inventory summary、58% headline progress、micro progress delta ledger 與下一個安全 gate;本契約不授權任何 runtime action。 +2026-05-13 mirror status rollup 追加,2026-05-18 補 progress display policy / delta ledger,2026-05-19 補 IwoooS posture projection:已新增 `docs/schemas/security_mirror_status_rollup_v1.schema.json`、`docs/security/security-mirror-status-rollup.snapshot.json` 與 `docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md`。AwoooP 與 Security Supply Chain Session 可用同一份 rollup 同步 S0-S4、36 個 contracts、IwoooS posture projection、approval queue summary、review packet summary、state transition summary、follow-up runtime gate template summary、GitHub primary readiness summary、rollback ADR summary、workflow / secret name inventory summary、58% headline progress、micro progress delta ledger 與下一個安全 gate;本契約不授權任何 runtime action。 2026-05-13 S3 approval gate 追加:已新增 `docs/schemas/security_approval_gate_v1.schema.json`、`docs/security/security-approval-gate.snapshot.json` 與 `docs/security/SECURITY-APPROVAL-GATE.md`。AwoooP 可用 8 個 gate items 記錄人工批准、拒絕、延後或補 evidence;批准後仍需 follow-up runtime gate,不得直接執行。 diff --git a/docs/security/IWOOOS-POSTURE-PROJECTION.md b/docs/security/IWOOOS-POSTURE-PROJECTION.md new file mode 100644 index 00000000..807d2ff0 --- /dev/null +++ b/docs/security/IWOOOS-POSTURE-PROJECTION.md @@ -0,0 +1,59 @@ +# IwoooS 前端資安態勢投影契約 + +| 項目 | 內容 | +|------|------| +| 日期 | 2026-05-19 | +| 狀態 | 草案 | +| Schema | `docs/schemas/iwooos_posture_projection_v1.schema.json` | +| Snapshot | `docs/security/iwooos-posture-projection.snapshot.json` | +| 模式 | `mirror_only` | +| runtime 執行授權 | `false` | + +## 1. 目的 + +`iwooos_posture_projection_v1` 定義 IwoooS 如何把既有資安網資料投影到前端。 + +它只允許顯示資安態勢、headline progress、framework / runtime landing、non-blocking lanes、evidence refs 與下一個高層 gate。它不是掃描器、不是修復器、不是 approval gate,也不是 GitHub primary cutover 授權。 + +## 2. 來源 + +IwoooS 首版只讀取或對齊以下已提交 evidence: + +| 來源 | 用途 | +|------|------| +| `security_mirror_status_rollup_v1` | 58% headline、36 contracts、0 active runtime gates、下一個高層 gate | +| `security_rollout_policy_v1` | 7 條 low-friction non-blocking lanes | +| `source_control_owner_response_validation_rollup_v1` | owner response 仍為 0、S4.9 下一個收件候選 | +| `kali_integration_status_v1` | Kali 112 observe-only 整合態勢 | +| `/iwooos` 前端路由 | 顯示入口,不提供執行按鈕 | + +## 3. 前端可顯示 + +1. Security Posture / Exposure 入口。 +2. 58% headline progress 與框架 / runtime landing 判讀。 +3. 36 個主要契約、33 ready、2 partial、1 contract-only、0 blocked。 +4. 0 active runtime gates。 +5. Exposure、source-control、Kali 112、approval boundary 四個面向。 +6. 7 條 non-blocking lanes。 +7. evidence refs 與下一個高層 gate。 + +## 4. 仍禁止 + +IwoooS 不得提供下列輸出: + +1. scan / execute / repair button。 +2. repo creation、visibility change、refs sync / delete / force push。 +3. workflow / webhook / runner / deploy key / branch protection / repository secret 修改。 +4. GitHub primary switch 或 Gitea disable。 +5. production deploy 或 runtime enforcement。 +6. 把 58% progress、contract count、mirror readiness 或前端可見狀態當成授權。 + +## 5. 驗證 + +只讀驗證: + +```text +python3 scripts/security/security-mirror-progress-guard.py +``` + +這個 guard 會確認 IwoooS 投影與 rollup / rollout policy 對齊,且 `runtime_execution_authorized=false`、`action_buttons_allowed=false`、`not_authorization=true`。 diff --git a/docs/security/SECURITY-MIRROR-ACCEPTANCE.md b/docs/security/SECURITY-MIRROR-ACCEPTANCE.md index c293a31b..c80fbeaf 100644 --- a/docs/security/SECURITY-MIRROR-ACCEPTANCE.md +++ b/docs/security/SECURITY-MIRROR-ACCEPTANCE.md @@ -28,7 +28,7 @@ | Check | 目的 | 失敗時是否阻擋鏡像 | |-------|------|--------------------| -| `CONTRACT_COUNT_MATCH` | 確認 manifest、readiness、route coverage 對齊 35 個 contracts | 是 | +| `CONTRACT_COUNT_MATCH` | 確認 manifest、readiness、route coverage 對齊 36 個 contracts | 是 | | `EVENT_ENVELOPE_REQUIRED` | 確認每筆 payload 都不可執行、不可顯示執行按鈕 | 是 | | `ROUTE_GROUP_COVERAGE` | 確認 5 個 route groups 覆蓋所有 contracts | 是 | | `REDACTION_ONLY` | 確認不保存 raw sensitive value | 是 | diff --git a/docs/security/SECURITY-MIRROR-INTAKE-PLAN.md b/docs/security/SECURITY-MIRROR-INTAKE-PLAN.md index cf8c0a64..bc4ec750 100644 --- a/docs/security/SECURITY-MIRROR-INTAKE-PLAN.md +++ b/docs/security/SECURITY-MIRROR-INTAKE-PLAN.md @@ -19,7 +19,7 @@ | Wave | 目的 | 主要 contracts | Exit gate | |------|------|----------------|-----------| -| `M0_index_bootstrap` | 先載入 readiness、manifest、低摩擦 policy、鏡像事件信封、鏡像路由矩陣、驗收契約、隔離契約、dry-run 報告格式、status rollup、approval gate、decision record、review packet、state transition、follow-up runtime gate preparation、GitHub primary readiness gate、rollback ADR 與 workflow / secret name inventory gate | readiness / manifest / rollout policy / mirror event / mirror route / acceptance / quarantine / dry-run / status rollup / approval gate / decision record / review packet / state transition / follow-up runtime gate / primary readiness gate / rollback ADR / workflow-secret inventory | 顯示 35 個 contract 且 `execution_allowed=false` | +| `M0_index_bootstrap` | 先載入 readiness、manifest、低摩擦 policy、鏡像事件信封、鏡像路由矩陣、驗收契約、隔離契約、dry-run 報告格式、status rollup、IwoooS posture projection、approval gate、decision record、review packet、state transition、follow-up runtime gate preparation、GitHub primary readiness gate、rollback ADR 與 workflow / secret name inventory gate | readiness / manifest / rollout policy / mirror event / mirror route / acceptance / quarantine / dry-run / status rollup / IwoooS posture projection / approval gate / decision record / review packet / state transition / follow-up runtime gate / primary readiness gate / rollback ADR / workflow-secret inventory | 顯示 36 個 contract 且 `execution_allowed=false` | | `M1_kali_visibility` | 顯示 Kali 112、scan scope、approval queue | Kali status / scan scope / approval queue / finding sample | 顯示 5 個 scope groups 與 8 個 queue items,沒有執行按鈕 | | `M2_source_control_visibility` | 顯示 Gitea/GitHub source-control evidence、GitHub primary readiness blockers、rollback ADR 草案與 workflow / secret 名稱 inventory 缺口 | migration / inventory / refs / approval board / primary readiness gate / rollback ADR / workflow-secret inventory | 顯示 blocking reasons,repo/refs/primary/workflow/secret actions 全 disabled | | `M3_approval_candidates` | 顯示 approval candidates、S3 gate、decision record、review packet、state transition、follow-up runtime gate preparation、GitHub primary readiness gate、rollback ADR、workflow / secret 名稱 inventory gate 與人工決策留痕 | approval events / approval queue / approval gate / decision record / review packet / state transition / follow-up runtime gate / primary readiness gate / rollback ADR / workflow-secret inventory / source-control board | 可留痕,不可自動批准或執行 | diff --git a/docs/security/SECURITY-MIRROR-READINESS.md b/docs/security/SECURITY-MIRROR-READINESS.md index 8ffcecd5..35a0814c 100644 --- a/docs/security/SECURITY-MIRROR-READINESS.md +++ b/docs/security/SECURITY-MIRROR-READINESS.md @@ -23,7 +23,7 @@ | 狀態 | 數量 | 說明 | |------|------|------| -| `ready_for_mirror` | 32 | 可直接 mirror 成 Operator Console / Runtime State / Channel Event / Audit evidence | +| `ready_for_mirror` | 33 | 可直接 mirror 成 Operator Console / Runtime State / Channel Event / Audit evidence | | `partial_ready` | 2 | 可 mirror,但 evidence 仍不完整 | | `contract_only` | 1 | 有 schema / handoff,尚無正式 snapshot | | `blocked` | 0 | 目前沒有禁止 mirror 的 contract | @@ -73,7 +73,7 @@ AwoooP 可以將 ready / partial contracts mirror 到: 4. 再 mirror `security_mirror_acceptance_v1`,驗收 contract count、event envelope、route coverage 與 redaction。 5. 再 mirror `security_mirror_quarantine_v1`,定義驗收失敗時的隔離與 retry gate。 6. 再 mirror `security_mirror_dry_run_v1`,定義接入演練回報格式。 -7. 再 mirror `security_mirror_status_rollup_v1`、`security_rollout_policy_v1` 與 S4.13 `SOURCE-CONTROL-OWNER-RESPONSE-VALIDATION-ROLLUP.md`,顯示跨 Session 狀態、7 條 low-friction non-blocking escalation lanes、四個 owner response packets、22 個 templates、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks、7 條 parallel session recovery outcome lanes 與下一個 gate。 +7. 再 mirror `security_mirror_status_rollup_v1`、`security_rollout_policy_v1`、`iwooos_posture_projection_v1` 與 S4.13 `SOURCE-CONTROL-OWNER-RESPONSE-VALIDATION-ROLLUP.md`,顯示跨 Session 狀態、IwoooS 前端資安態勢投影、7 條 low-friction non-blocking escalation lanes、四個 owner response packets、22 個 templates、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks、7 條 parallel session recovery outcome lanes 與下一個 gate。 8. 再 mirror `security_mirror_intake_plan_v1`,照 wave 執行 read-only intake。 9. 再 mirror `security_approval_queue_v1`,只顯示 review order。 10. 再 mirror `security_approval_gate_v1`,只記錄人工決策與 follow-up runtime gate。 diff --git a/docs/security/SECURITY-MIRROR-ROUTE.md b/docs/security/SECURITY-MIRROR-ROUTE.md index 2551b8c8..3161fa05 100644 --- a/docs/security/SECURITY-MIRROR-ROUTE.md +++ b/docs/security/SECURITY-MIRROR-ROUTE.md @@ -25,7 +25,7 @@ | Route group | 目的 | 初期 channel policy | review lane | |-------------|------|---------------------|-------------| -| `M0_index_bootstrap` | 載入 readiness、manifest、policy、event、intake、route、acceptance、quarantine、dry-run、status rollup、S3 review packet、state transition、follow-up runtime gate、GitHub primary readiness gate、rollback ADR 與 workflow / secret name inventory 位置 | `no_channel_event` | `observe` | +| `M0_index_bootstrap` | 載入 readiness、manifest、policy、event、intake、route、acceptance、quarantine、dry-run、status rollup、IwoooS posture projection、S3 review packet、state transition、follow-up runtime gate、GitHub primary readiness gate、rollback ADR 與 workflow / secret name inventory 位置 | `no_channel_event` | `observe` | | `M1_kali_visibility` | 顯示 Kali 112、111 / 168 scope、approval queue 與 finding sample | `approval_required_only` | `approval_required` | | `M2_source_control_visibility` | 顯示 Gitea / GitHub repo、branch、tag、canonical 差異、GitHub primary readiness blockers、rollback ADR 草案與 workflow / secret 名稱 inventory 缺口 | `low_noise_status` | `source_control_review` | | `M3_approval_candidates` | 顯示人工批准候選、S3 gate、decision record、review packet、state transition、follow-up runtime gate preparation、GitHub primary readiness gate、rollback ADR、workflow / secret 名稱 inventory gate 與留痕 | `approval_required_only` | `approval_required` | @@ -52,7 +52,7 @@ S2.7 後,AwoooP 主線只需要能讀到: -1. 35 個 contracts。 +1. 36 個 contracts。 2. 5 個 route groups。 3. 所有 route group 都是 `runtime_execution_authorized=false`。 4. Channel Event 初期低噪音。 diff --git a/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md b/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md index ca2955ee..1d0e3965 100644 --- a/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md +++ b/docs/security/SECURITY-MIRROR-STATUS-ROLLUP.md @@ -20,8 +20,8 @@ | 類型 | 狀態 | |------|------| | 整體進度估算 | 約 58%;框架 / 治理 / 文件 / schema / read-only evidence 約 80-85%,runtime ingestion / owner response / GitHub primary / AwoooP production landing 約 35-40% | -| Contract manifest | 35 個 contracts | -| Mirror readiness | 32 ready、2 partial、1 contract-only、0 blocked | +| Contract manifest | 36 個 contracts | +| Mirror readiness | 33 ready、2 partial、1 contract-only、0 blocked | | Approval queue | 8 items:7 pending approval、1 block candidate | | Approval gate | S3.0 已建立;0 approved、7 pending、1 block candidate | | Decision records | S3.1 已建立;目前 0 筆決策紀錄 | @@ -35,6 +35,7 @@ | Owner response validation | S4.13 已建立;四包 owner response 目前 received/accepted 皆為 0;4 條 missing response lanes、4 步 collection order、next collection candidate、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks 與 7 條 parallel session recovery outcome lanes 可供 AwoooP 直接顯示;下一個建議收件為 S4.9 Gitea owner attestation;latest local validation 為 `SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`,reviewer audit emitted 仍為 0,不代表 owner response 已收到或任何執行授權 | | Low-friction rollout policy | S1.3 已補 7 條 non-blocking escalation lanes;LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 初期只能 observe / warn;`owner_review_required_before_blocking=true`、`runtime_blocking_allowed=false` | | IwoooS frontend posture | S2.8 已新增 `/iwooos` read-only Information Security 入口;顯示 Security Posture / Exposure、source-control supply chain、Kali 112 Mesh、approval boundary、non-blocking lanes 與 evidence refs;不新增執行按鈕 | +| IwoooS posture projection | S2.9 已新增 `iwooos_posture_projection_v1`;把 `/iwooos` 顯示資料固定成可驗證 projection,並同步 manifest / readiness / route / acceptance / dry-run / event sample;仍不新增 action button | | Dry-run | `contract_defined_not_executed`;已納入 `CHECK_PROGRESS_GUARD` 與 `CHECK_OWNER_RESPONSE_GUARD`,latest local validation 為 `repo_snapshot_guard_pass`,仍不代表 production ingestion | | Runtime actions | `false` | | Payload ingestion | `false` | @@ -43,7 +44,7 @@ 目前進度不是以「強制防護開了多少」計算,而是以統帥指定的低摩擦路線拆成兩層: -1. 框架期約 80-85%:35 個主要 contract 已有 32 個 ready、2 個 partial、1 個 contract-only、0 blocked,表示治理骨架、只讀 evidence、人工批准語義與 AwoooP mirror-only 接口已接近完整。 +1. 框架期約 80-85%:36 個主要 contract 已有 33 個 ready、2 個 partial、1 個 contract-only、0 blocked,表示治理骨架、只讀 evidence、人工批准語義、AwoooP mirror-only 接口與 IwoooS 前端投影已接近完整。 2. 落地期約 35-40%:owner responses 仍為 0、active runtime gate 為 0、payload ingestion 為 false、GitHub primary ready 為 0、AwoooP production ingestion 尚未啟用。 因此跨 Session 採用 **58%** 作為目前整體進度。這代表「框架健康、尚未過度收緊」,不是 runtime enforcement 或 primary cutover 授權。 @@ -91,6 +92,7 @@ | S4.13 parallel session recovery outcome lanes | framework detail | 0 | 只把復原結果分類成 ready、branch diverged、ledger stale、guard failed、diff out-of-scope、runtime flag drift 或 next focus drift,不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization | | S1.3 non-blocking escalation lanes | framework detail | 0 | 只確認 LOW / MEDIUM observation、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 先維持 observe / warn,不代表 blocking gate、runtime enforcement 或 action button | | S2.8 IwoooS frontend posture entry | framework detail | 0 | 只把 mirror-only 資安態勢呈現在前端,不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization | +| S2.9 IwoooS posture projection contract | framework detail | 0 | 只把前端顯示資料固定成可驗證契約,不代表 owner response、production ingestion、approval、runtime gate 或 execution authorization | headline 進度要再往上,至少需要下列任一高層 gate 有實質 evidence: diff --git a/docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md b/docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md index 00241738..5607d018 100644 --- a/docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md +++ b/docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md @@ -11,7 +11,7 @@ ## 0. 核心結論 -目前 Security Supply Chain 已有 35 個主要契約可交給 AwoooP 消費。Manifest 的用途是把分散的 schema、snapshot、人讀文件、允許動作與禁止動作收成一份入口,避免不同 Session 各自解讀。 +目前 Security Supply Chain 已有 36 個主要契約可交給 AwoooP / IwoooS 消費。Manifest 的用途是把分散的 schema、snapshot、人讀文件、允許動作與禁止動作收成一份入口,避免不同 Session 各自解讀。 初期預設仍是 `mirror_only`。Manifest 不授權 runtime enforcement、不授權 GitHub/Gitea 主控切換、不授權 repo 建立或 refs sync。 @@ -37,6 +37,7 @@ | `security_mirror_quarantine_v1` | mirror-only | AwoooP 鏡像驗收失敗隔離與 retry gate | `security-mirror-quarantine.snapshot.json` | | `security_mirror_dry_run_v1` | mirror-only | AwoooP 鏡像接入演練回報格式 | `security-mirror-dry-run.snapshot.json` | | `security_mirror_status_rollup_v1` | mirror-only | AwoooP / Security Supply Chain 跨 Session 狀態總覽;含 58% headline progress、progress display policy、micro progress delta ledger、S4.13 owner response validation rollup、evidence routing rules、display sections、state transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit event templates、reviewer audit display sections、reviewer audit collection checks、reviewer audit redaction examples、reviewer audit retention rules、reviewer audit retention checks、reviewer audit handoff packets、reviewer audit handoff checks、parallel session sync checks、parallel session conflict lanes、parallel session recovery checks、parallel session recovery outcome lanes 與 next collection candidate | `security-mirror-status-rollup.snapshot.json` / `source-control-owner-response-validation-rollup.snapshot.json` | +| `iwooos_posture_projection_v1` | mirror-only | IwoooS 前端資安態勢投影;只顯示 posture、progress、non-blocking lanes、evidence refs 與 forbidden actions | `iwooos-posture-projection.snapshot.json` | | `coding_task_v1` | suggest-only | Code Review 接 Codex patch-only | 無正式 snapshot | | `source_control_migration_event_v1` | mirror-only | Gitea/GitHub refs 差異 | `gitea-github-awoooi`、`clawbot-v5`、`wooo-aiops` | | `gitea_repo_inventory_v1` | mirror-only | Gitea repo inventory;S4.5 已補認證清冊匯出請求,S4.6 已補匯入驗收契約,S4.7 已補 owner coverage attestation,S4.9 已補 owner response request packet、template status ledger、audit event templates、redaction examples、display sections、collection checks、owner response 收件包、intake preflight checks 與 outcome lanes | public-only / blocked endpoint / S4.5 export request / S4.6 import acceptance / S4.7 coverage attestation / S4.9 response snapshots | diff --git a/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md b/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md index d55d5296..657db04a 100644 --- a/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md +++ b/docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md @@ -4,7 +4,7 @@ |------|------| | 日期 | 2026-05-17 | | 狀態 | S0/S1 read-only evidence 建置中 | -| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Source Control Ref Truth Owner Response 收件包 + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + GitHub Target Owner Decision Response 收件包 + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Gitea Owner Attestation Approval Lane 對齊 + Gitea Owner Attestation Response 收件包 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Workflow / Secret Name Owner Response 收件包 + Source Control Owner Response Validation Rollup + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 | +| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Source Control Ref Truth Owner Response 收件包 + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + GitHub Target Owner Decision Response 收件包 + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Gitea Owner Attestation Approval Lane 對齊 + Gitea Owner Attestation Response 收件包 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Workflow / Secret Name Owner Response 收件包 + Source Control Owner Response Validation Rollup + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 + IwoooS 前端態勢入口 + IwoooS posture projection contract | | 原則 | 低摩擦分階段;文件、schema、read-only evidence 優先;不做 runtime enforcement、不切 primary | ## 0. 本階段完成後整體進度 @@ -14,7 +14,7 @@ | 進度面向 | 估算 | 判讀 | |----------|------|------| | 整體資安網 | 58% | 框架與只讀治理已成形,仍等待 owner response、redacted payload、runtime gate 與 GitHub primary readiness | -| 框架 / 治理 / 文件 / schema / read-only evidence | 80-85% | 35 個主要 contract 中 32 ready、2 partial、1 contract-only、0 blocked | +| 框架 / 治理 / 文件 / schema / read-only evidence | 80-85% | 36 個主要 contract 中 33 ready、2 partial、1 contract-only、0 blocked | | 真正落地執行 / runtime ingestion / GitHub primary / AwoooP production landing | 35-40% | owner response 仍 0、active runtime gate 仍 0、payload ingestion=false、github_primary_ready_count=0 | 這個進度估算用於雙 Session 同步與階段判讀,不是 approval、runtime execution、GitHub primary cutover 或 Kali scan authorization。現階段仍維持統帥要求的低摩擦策略:先建完整框架與 evidence,之後再分階段收斂。 @@ -27,7 +27,7 @@ python3 scripts/security/security-mirror-progress-guard.py ### 0.2 Headline 58% 不代表停滯 -近期 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.13 evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates / reviewer audit display sections / reviewer audit collection checks / reviewer audit redaction examples / reviewer audit retention rules / reviewer audit retention checks / reviewer audit handoff packets / reviewer audit handoff checks / parallel session sync checks / parallel session conflict lanes / parallel session recovery checks / recovery outcome lanes、S1.3 non-blocking escalation lanes,以及 S2.8 IwoooS frontend posture entry 都是有效進展,但它們是 framework detail,不是 owner response、runtime gate、production ingestion 或 GitHub primary readiness。因此 headline 仍維持 58%,避免把只讀框架誤算成已落地執行。 +近期 S4.10 request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks、S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.13 evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates / reviewer audit display sections / reviewer audit collection checks / reviewer audit redaction examples / reviewer audit retention rules / reviewer audit retention checks / reviewer audit handoff packets / reviewer audit handoff checks / parallel session sync checks / parallel session conflict lanes / parallel session recovery checks / recovery outcome lanes、S1.3 non-blocking escalation lanes、S2.8 IwoooS frontend posture entry,以及 S2.9 IwoooS posture projection contract 都是有效進展,但它們是 framework detail,不是 owner response、runtime gate、production ingestion 或 GitHub primary readiness。因此 headline 仍維持 58%,避免把只讀框架誤算成已落地執行。 | 最近完成 | 目前狀態 | headline delta | |----------|----------|----------------| @@ -68,6 +68,7 @@ python3 scripts/security/security-mirror-progress-guard.py | S4.13 parallel session recovery outcome lanes | 已完成草案,只分類 ready、branch diverged、ledger stale、guard failed、diff out-of-scope、runtime flag drift 或 next focus drift | 0 | | S1.3 low-friction non-blocking escalation lanes | 已完成草案,只確認 LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 維持 observe / warn | 0 | | S2.8 IwoooS frontend posture entry | 已完成草案,新增 `/iwooos` read-only Security Posture / Exposure 入口,顯示 58%、35 contracts、Kali / source-control / approval boundary 與 non-blocking lanes | 0 | +| S2.9 IwoooS posture projection contract | 已完成草案,新增 `iwooos_posture_projection_v1`,把 `/iwooos` 的 posture、progress、lanes、evidence refs 與 forbidden actions 固定成可驗證 snapshot | 0 | headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner response 收到並通過脫敏驗收,或人工批准後出現 active runtime gate、redacted payload ingestion、GitHub primary readiness 這類落地 evidence。 @@ -82,11 +83,11 @@ headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner respons | S1.2b branch/tag detail diff | 完成草案 | 3 個 refs-blocked mapped repos 已完成 branch/tag 明細 diff;已忽略本 PR 分支避免 evidence 自我污染 | 人工判定真相來源與 deprecated refs | | S1.2c refs 真相來源分類 | 完成草案 | 141 個 ref review items 已分類:4 個真相來源、114 個 drift deprecated 候選、3 個 release tags、20 個 GitHub-only refs;S4.11 已補 owner response request packet、template status ledger、audit event templates、redaction examples、collection checks、intake preflight checks 與收件包 | repo owner 單 ref / 單 repo 判定 | | S1.3 低摩擦 rollout policy | 完成草案 | observe-first / mirror-only matrix 已建立,並補 7 條 non-blocking escalation lanes:LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap、headline holding;全部 `runtime_blocking_allowed=false` | AwoooP read-only policy 消費,不把 follow-up 直接升 blocking | -| S1.4 契約索引 | 完成草案 | 35 個主要 contract 已集中成 manifest | AwoooP mirror-only contract registry | +| S1.4 契約索引 | 完成草案 | 36 個主要 contract 已集中成 manifest;最新新增 IwoooS posture projection contract | AwoooP / IwoooS mirror-only contract registry | | S1.5 Kali 112 live 整合狀態 | 完成第一波 | 112 已登入盤點、scanner API healthy、targeted scanner packages updated、Asia/Taipei timezone、no reboot required | scan result ingestion + `/execute` high-risk gate | | S1.6 Kali finding / scan scope approval | 完成草案 | `security_finding_v1` sample snapshot 與 `kali_scan_scope_approval_v1` approval package 已建立;111/168 已納入 observe-only scope | 人工批准 safe crawl / credentialed scan / runtime ingestion / full-upgrade gate | | S1.7 Security approval queue | 完成草案 | 8 個 approval queue items 已集中:7 pending approval、1 block candidate;AwoooP 可 mirror 但不得執行 | 先 review redacted finding ingestion,再 review safe crawl / Gitea inventory | -| S2 AwoooP mirror-only readiness | 完成草案 | `security_mirror_readiness_v1` 已整理 35 個 contracts:32 ready、2 partial、1 contract-only、0 blocked | AwoooP 主線建立只讀入口 | +| S2 AwoooP mirror-only readiness | 完成草案 | `security_mirror_readiness_v1` 已整理 36 個 contracts:33 ready、2 partial、1 contract-only、0 blocked | AwoooP 主線建立只讀入口 | | S2.1 AwoooP mirror-only intake plan | 完成草案 | `security_mirror_intake_plan_v1` 已建立 5 個 intake waves 與 4 個 acceptance gates | AwoooP 主線照 wave mirror,不新增 execution router | | S2.2 AwoooP 鏡像事件信封 | 完成草案 | `security_mirror_event_v1` 已建立,要求每筆鏡像 payload 標示 `execution_authorized=false` 與 `action_buttons_allowed=false` | AwoooP 鏡像 payload 統一信封 | | S2.3 AwoooP 鏡像路由矩陣 | 完成草案 | `security_mirror_route_v1` 已建立 5 個 route groups,定義目的地、channel policy 與 review lane | AwoooP 消費時不猜路由、不新增執行入口 | @@ -95,6 +96,7 @@ headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner respons | S2.6 AwoooP 鏡像 dry-run 報告契約 | 完成草案 | `security_mirror_dry_run_v1` 已建立 8 個 dry-run steps,已納入 `CHECK_PROGRESS_GUARD` 與 `CHECK_OWNER_RESPONSE_GUARD`;latest local validation 為 `repo_snapshot_guard_pass`;目前狀態仍為 contract defined not executed | AwoooP 未來可回報演練結果,但不啟動 production ingestion | | S2.7 AwoooP 鏡像狀態彙整契約 | 完成草案 | `security_mirror_status_rollup_v1` 已建立,彙整 S0-S4、approval queue summary 與下一個安全 gate;S4.13 已補 owner response validation rollup、evidence routing rules、display sections、state transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit event templates、reviewer audit display sections、reviewer audit collection checks、reviewer audit redaction examples、reviewer audit retention rules、reviewer audit retention checks、reviewer audit handoff packets、reviewer audit handoff checks、parallel session sync checks、parallel session conflict lanes、parallel session recovery checks 與 parallel session recovery outcome lanes | 兩個 Session 用同一份 rollup 同步,不誤啟執行面 | | S2.8 IwoooS 前端態勢入口 | 完成草案 | 已新增 `/iwooos`、Sidebar 入口與 Command Palette 入口;以 Security Posture / Exposure Management 方式顯示目前資安網狀態、Kali 112、source-control supply chain、approval boundary、non-blocking lanes 與 evidence refs | 使用者可看懂資安網進度與邊界,但不新增執行按鈕 | +| S2.9 IwoooS 前端投影契約 | 完成草案 | `iwooos_posture_projection_v1` 已建立,manifest / readiness / route / acceptance / dry-run / event sample 已同步 36 contracts / 33 ready 口徑;guard 會驗證 no action button、no runtime authorization 與 7 條 non-blocking lanes | IwoooS 顯示資料不再只是頁面常數,而是可被 AwoooP / Security Session 驗證的只讀契約 | | S3 approval gate | 進行中 | `security_approval_gate_v1` 已建立 8 個人工 gate items:7 pending、1 block candidate、0 approved | 不得繞過人工批准;批准後仍需 follow-up runtime gate | | S3.0 人工批准 Gate 契約 | 完成草案 | 定義批准範圍、決策選項、required reviewers、still forbidden 與 follow-up runtime gate | AwoooP 可記錄決策,不可執行 gate item | | S3.1 人工決策紀錄契約 | 完成草案 | `security_approval_decision_record_v1` 已建立;目前 0 筆 decision records、0 個 runtime action 授權 | AwoooP 可稽核決策,不可把決策當執行 | diff --git a/docs/security/iwooos-posture-projection.snapshot.json b/docs/security/iwooos-posture-projection.snapshot.json new file mode 100644 index 00000000..7ce83d86 --- /dev/null +++ b/docs/security/iwooos-posture-projection.snapshot.json @@ -0,0 +1,118 @@ +{ + "schema_version": "iwooos_posture_projection_v1", + "status": "draft", + "date": "2026-05-19", + "product_id": "iwooos", + "display_name": "IwoooS", + "mode": "mirror_only", + "source_paths": [ + "docs/security/security-mirror-status-rollup.snapshot.json", + "docs/security/security-rollout-policy.snapshot.json", + "docs/security/source-control-owner-response-validation-rollup.snapshot.json", + "docs/security/kali-integration-status.snapshot.json", + "apps/web/src/app/[locale]/iwooos/page.tsx" + ], + "summary": { + "route_path": "/iwooos", + "nav_entry_added": true, + "command_palette_entry_added": true, + "contract_count": 36, + "active_runtime_gate_count": 0, + "approval_queue_total": 8, + "pending_approval_count": 7, + "block_candidate_count": 1, + "owner_response_validation_received_count": 0, + "owner_response_validation_accepted_count": 0, + "github_primary_ready_count": 0, + "action_buttons_allowed": false + }, + "progress": { + "overall_percent": 58, + "framework_percent_min": 80, + "framework_percent_max": 85, + "runtime_landing_percent_min": 35, + "runtime_landing_percent_max": 40, + "headline_status": "holding_until_owner_response_or_runtime_gate", + "not_authorization": true + }, + "posture_pillars": [ + { + "pillar_id": "exposure_posture", + "display_order": 1, + "display_state": "waiting_evidence", + "source_contract": "security_mirror_status_rollup_v1", + "display_mode": "posture_only", + "runtime_execution_authorized": false, + "not_authorization": true + }, + { + "pillar_id": "source_control_supply_chain", + "display_order": 2, + "display_state": "draft_gated", + "source_contract": "source_control_owner_response_validation_rollup_v1", + "display_mode": "posture_only", + "runtime_execution_authorized": false, + "not_authorization": true + }, + { + "pillar_id": "kali_112_mesh", + "display_order": 3, + "display_state": "observe_only", + "source_contract": "kali_integration_status_v1", + "display_mode": "posture_only", + "runtime_execution_authorized": false, + "not_authorization": true + }, + { + "pillar_id": "approval_boundary", + "display_order": 4, + "display_state": "locked", + "source_contract": "security_approval_gate_v1", + "display_mode": "posture_only", + "runtime_execution_authorized": false, + "not_authorization": true + } + ], + "non_blocking_lane_ids": [ + "lane-low-medium-observation", + "lane-owner-response-missing", + "lane-mirror-data-incomplete", + "lane-source-control-drift-draft", + "lane-kali-observe-finding", + "lane-workflow-secret-name-gap", + "lane-progress-display-holding" + ], + "evidence_refs": [ + "docs/security/iwooos-posture-projection.snapshot.json", + "docs/security/security-rollout-policy.snapshot.json", + "docs/security/security-mirror-status-rollup.snapshot.json", + "docs/security/source-control-owner-response-validation-rollup.snapshot.json", + "docs/security/kali-integration-status.snapshot.json" + ], + "allowed_frontend_outputs": [ + "display_security_posture", + "display_progress_estimate", + "display_non_blocking_lanes", + "display_evidence_refs", + "display_next_gate", + "display_forbidden_actions" + ], + "forbidden_frontend_outputs": [ + "add_scan_button", + "add_execute_button", + "add_repair_button", + "start_kali_scan", + "call_kali_execute_endpoint", + "create_github_repo", + "change_repo_visibility", + "sync_git_refs", + "modify_workflow_or_secret", + "enable_runner", + "switch_github_primary", + "production_deploy", + "treat_progress_as_authorization" + ], + "runtime_execution_authorized": false, + "action_buttons_allowed": false, + "not_authorization": true +} diff --git a/docs/security/security-mirror-acceptance.snapshot.json b/docs/security/security-mirror-acceptance.snapshot.json index b4a26343..366d3885 100644 --- a/docs/security/security-mirror-acceptance.snapshot.json +++ b/docs/security/security-mirror-acceptance.snapshot.json @@ -9,11 +9,12 @@ "docs/security/security-supply-chain-contract-manifest.snapshot.json", "docs/security/security-mirror-event-sample.snapshot.json", "docs/security/security-mirror-route.snapshot.json", - "docs/security/security-mirror-status-rollup.snapshot.json" + "docs/security/security-mirror-status-rollup.snapshot.json", + "docs/security/iwooos-posture-projection.snapshot.json" ], "summary": { - "total_contracts": 35, - "ready_for_mirror_count": 32, + "total_contracts": 36, + "ready_for_mirror_count": 33, "route_group_count": 5, "acceptance_check_count": 8, "blocking_check_count": 5 @@ -22,11 +23,12 @@ { "check_id": "CONTRACT_COUNT_MATCH", "title": "契約數量一致", - "expected_result": "AwoooP 讀到 35 個 contracts,且 manifest、readiness、route coverage 的 contract 集合一致。", + "expected_result": "AwoooP 讀到 36 個 contracts,且 manifest、readiness、route coverage 的 contract 集合一致。", "evidence_refs": [ "docs/security/security-supply-chain-contract-manifest.snapshot.json", "docs/security/security-mirror-readiness.snapshot.json", - "docs/security/security-mirror-route.snapshot.json" + "docs/security/security-mirror-route.snapshot.json", + "docs/security/iwooos-posture-projection.snapshot.json" ], "blocking_if_failed": true, "allowed_processing": [ @@ -61,7 +63,7 @@ { "check_id": "ROUTE_GROUP_COVERAGE", "title": "路由群組覆蓋", - "expected_result": "5 個 route groups 合併後涵蓋 manifest 35 個 contracts,且每個 group 都有 destinations、channel_policy 與 review_lane。", + "expected_result": "5 個 route groups 合併後涵蓋 manifest 36 個 contracts,且每個 group 都有 destinations、channel_policy 與 review_lane。", "evidence_refs": [ "docs/security/security-mirror-route.snapshot.json", "docs/security/SECURITY-MIRROR-ROUTE.md" diff --git a/docs/security/security-mirror-dry-run.snapshot.json b/docs/security/security-mirror-dry-run.snapshot.json index d219bc02..d2fe7c19 100644 --- a/docs/security/security-mirror-dry-run.snapshot.json +++ b/docs/security/security-mirror-dry-run.snapshot.json @@ -13,11 +13,12 @@ "docs/security/security-mirror-acceptance.snapshot.json", "docs/security/security-mirror-quarantine.snapshot.json", "docs/security/security-mirror-status-rollup.snapshot.json", - "docs/security/source-control-owner-response-validation-rollup.snapshot.json" + "docs/security/source-control-owner-response-validation-rollup.snapshot.json", + "docs/security/iwooos-posture-projection.snapshot.json" ], "summary": { - "total_contracts": 35, - "ready_for_mirror_count": 32, + "total_contracts": 36, + "ready_for_mirror_count": 33, "route_group_count": 5, "acceptance_check_count": 8, "quarantine_lane_count": 5, @@ -30,9 +31,10 @@ "expected_observation": "AwoooP dry-run 可讀到 manifest、readiness、event、route、acceptance、quarantine indexes。", "evidence_refs": [ "docs/security/security-supply-chain-contract-manifest.snapshot.json", - "docs/security/security-mirror-readiness.snapshot.json" + "docs/security/security-mirror-readiness.snapshot.json", + "docs/security/iwooos-posture-projection.snapshot.json" ], - "pass_condition": "看到 35 個 contracts、32 個 ready for mirror,且所有 contract execution_allowed=false。", + "pass_condition": "看到 36 個 contracts、33 個 ready for mirror,且所有 contract execution_allowed=false。", "execution_allowed": false, "blocked_actions": [ "execute_contract", @@ -62,7 +64,7 @@ "docs/security/security-mirror-route.snapshot.json", "docs/security/SECURITY-MIRROR-ROUTE.md" ], - "pass_condition": "route groups 合併後涵蓋 35 個 contracts,沒有未知 execution route。", + "pass_condition": "route groups 合併後涵蓋 36 個 contracts,沒有未知 execution route。", "execution_allowed": false, "blocked_actions": [ "fallback_to_execution_route", diff --git a/docs/security/security-mirror-event-sample.snapshot.json b/docs/security/security-mirror-event-sample.snapshot.json index 02960be3..8bb0f498 100644 --- a/docs/security/security-mirror-event-sample.snapshot.json +++ b/docs/security/security-mirror-event-sample.snapshot.json @@ -16,8 +16,8 @@ "risk": "LOW", "summary": "AwoooP 可 mirror Security Supply Chain readiness index,但不得把 readiness 視為執行授權。", "payload_summary": { - "total_contracts": 35, - "ready_for_mirror_count": 32, + "total_contracts": 36, + "ready_for_mirror_count": 33, "partial_ready_count": 2, "contract_only_count": 1, "blocked_count": 0, @@ -39,7 +39,8 @@ "docs/security/SECURITY-FOLLOWUP-RUNTIME-GATE.md", "docs/security/SOURCE-CONTROL-PRIMARY-READINESS-GATE.md", "docs/security/SOURCE-CONTROL-PRIMARY-ROLLBACK-ADR.md", - "docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-INVENTORY.md" + "docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-INVENTORY.md", + "docs/security/IWOOOS-POSTURE-PROJECTION.md" ], "blocked_actions": [ "execute_mirror_item", diff --git a/docs/security/security-mirror-intake-plan.snapshot.json b/docs/security/security-mirror-intake-plan.snapshot.json index 2437bb4d..33c5b7b4 100644 --- a/docs/security/security-mirror-intake-plan.snapshot.json +++ b/docs/security/security-mirror-intake-plan.snapshot.json @@ -21,7 +21,8 @@ "docs/security/security-followup-runtime-gate.snapshot.json", "docs/security/source-control-primary-readiness-gate.snapshot.json", "docs/security/source-control-primary-rollback-adr.snapshot.json", - "docs/security/source-control-workflow-secret-name-inventory.snapshot.json" + "docs/security/source-control-workflow-secret-name-inventory.snapshot.json", + "docs/security/iwooos-posture-projection.snapshot.json" ], "intake_waves": [ { @@ -36,7 +37,8 @@ "security_mirror_acceptance_v1", "security_mirror_quarantine_v1", "security_mirror_dry_run_v1", - "security_mirror_status_rollup_v1" + "security_mirror_status_rollup_v1", + "iwooos_posture_projection_v1" ], "destinations": [ "operator_console", @@ -52,14 +54,15 @@ "依 security_mirror_acceptance_v1 驗收鏡像資料完整性與脫敏狀態", "依 security_mirror_quarantine_v1 隔離驗收失敗 payload", "依 security_mirror_dry_run_v1 回報接入演練結果", - "依 security_mirror_status_rollup_v1 顯示跨 Session 狀態與下一個 gate" + "依 security_mirror_status_rollup_v1 顯示跨 Session 狀態與下一個 gate", + "依 iwooos_posture_projection_v1 顯示前端資安態勢投影" ], "blocked_processing": [ "runtime_enforcement", "execution_router", "blocking_gate" ], - "exit_gate": "Operator Console 能顯示 35 個 contract、5 個 route groups、8 個 acceptance checks、5 個 quarantine lanes、8 個 dry-run steps、status rollup、owner response guard、approval gate、decision record、review packet、state transition、follow-up runtime gate preparation、GitHub primary readiness gate、rollback ADR 與 workflow / secret name inventory gate,且 mirror event envelope action_buttons_allowed=false。" + "exit_gate": "Operator Console 能顯示 36 個 contract、5 個 route groups、8 個 acceptance checks、5 個 quarantine lanes、8 個 dry-run steps、status rollup、owner response guard、approval gate、decision record、review packet、state transition、follow-up runtime gate preparation、GitHub primary readiness gate、rollback ADR 與 workflow / secret name inventory gate,且 mirror event envelope action_buttons_allowed=false。" }, { "wave_id": "M1_kali_visibility", diff --git a/docs/security/security-mirror-readiness.snapshot.json b/docs/security/security-mirror-readiness.snapshot.json index a6e97751..c578b583 100644 --- a/docs/security/security-mirror-readiness.snapshot.json +++ b/docs/security/security-mirror-readiness.snapshot.json @@ -5,8 +5,8 @@ "default_enforcement_level": "mirror_only", "runtime_execution_authorized": false, "summary": { - "total_contracts": 35, - "ready_for_mirror_count": 32, + "total_contracts": 36, + "ready_for_mirror_count": 33, "partial_ready_count": 2, "contract_only_count": 1, "blocked_count": 0 @@ -273,6 +273,20 @@ ], "notes": "提供 AwoooP / Security Supply Chain 跨 Session 狀態總覽、下一個 gate 與禁止事項;S4.13 owner response validation rollup 可 mirror 四個 response packets、22 個 templates、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks、7 條 parallel session recovery outcome lanes、received=0、accepted=0、reviewer audit emitted=0、next_collection_candidate=S4.9;不授權執行。" }, + { + "contract": "iwooos_posture_projection_v1", + "readiness": "ready_for_mirror", + "consumption_mode": "mirror_only", + "mirror_allowed": true, + "execution_allowed": false, + "snapshot_paths": [ + "docs/security/iwooos-posture-projection.snapshot.json" + ], + "human_docs": [ + "docs/security/IWOOOS-POSTURE-PROJECTION.md" + ], + "notes": "可 mirror IwoooS 前端資安態勢投影;只顯示 posture、progress、non-blocking lanes、evidence refs 與 forbidden actions,不提供執行按鈕。" + }, { "contract": "coding_task_v1", "readiness": "contract_only", diff --git a/docs/security/security-mirror-route.snapshot.json b/docs/security/security-mirror-route.snapshot.json index eebf961b..ac6092c5 100644 --- a/docs/security/security-mirror-route.snapshot.json +++ b/docs/security/security-mirror-route.snapshot.json @@ -10,10 +10,11 @@ "docs/security/security-mirror-intake-plan.snapshot.json", "docs/security/security-mirror-event-sample.snapshot.json", "docs/security/source-control-workflow-secret-name-inventory.snapshot.json", - "docs/security/source-control-primary-rollback-adr.snapshot.json" + "docs/security/source-control-primary-rollback-adr.snapshot.json", + "docs/security/iwooos-posture-projection.snapshot.json" ], "summary": { - "total_contracts": 35, + "total_contracts": 36, "route_group_count": 5, "channel_event_policy": "初期只對階段完成、blocked 狀態或需要人工批准的高風險候選發低噪音事件;LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 不發阻擋事件。", "approval_queue_policy": "只有 approval-only、suggest-only 或 blocked-until-approved 項目可進 approval queue;approval queue 不代表可執行。" @@ -31,7 +32,8 @@ "security_mirror_acceptance_v1", "security_mirror_quarantine_v1", "security_mirror_dry_run_v1", - "security_mirror_status_rollup_v1" + "security_mirror_status_rollup_v1", + "iwooos_posture_projection_v1" ], "destinations": [ "operator_console", @@ -49,7 +51,8 @@ "顯示 security_mirror_quarantine_v1 隔離 lane 與 retry gate", "顯示 security_mirror_dry_run_v1 dry-run steps", "顯示 security_mirror_status_rollup_v1 跨 Session 狀態與下一個 gate", - "顯示 S3 review packet、state transition、follow-up runtime gate preparation、GitHub primary readiness gate、rollback ADR 與 workflow / secret name inventory contract 位置" + "顯示 S3 review packet、state transition、follow-up runtime gate preparation、GitHub primary readiness gate、rollback ADR 與 workflow / secret name inventory contract 位置", + "顯示 iwooos_posture_projection_v1 前端資安態勢投影" ], "blocked_processing": [ "新增執行按鈕", @@ -57,7 +60,7 @@ "runtime blocking", "自動批准任何 queue item" ], - "exit_gate": "AwoooP 可顯示 35 個 contract、5 個 route groups、8 個 acceptance checks、5 個 quarantine lanes、8 個 dry-run steps、status rollup、owner response guard、approval gate、decision record、review packet、state transition、follow-up runtime gate preparation、GitHub primary readiness gate、rollback ADR 與 workflow / secret name inventory gate,且所有 route 都維持 runtime_execution_authorized=false。" + "exit_gate": "AwoooP 可顯示 36 個 contract、5 個 route groups、8 個 acceptance checks、5 個 quarantine lanes、8 個 dry-run steps、status rollup、owner response guard、approval gate、decision record、review packet、state transition、follow-up runtime gate preparation、GitHub primary readiness gate、rollback ADR 與 workflow / secret name inventory gate,且所有 route 都維持 runtime_execution_authorized=false。" }, { "wave_id": "M1_kali_visibility", @@ -215,7 +218,7 @@ "acceptance_gates": [ { "gate_id": "ROUTE_COVERS_ALL_CONTRACTS", - "requirement": "route_groups 合併後必須涵蓋 manifest 的 35 個 contracts。" + "requirement": "route_groups 合併後必須涵蓋 manifest 的 36 個 contracts。" }, { "gate_id": "NO_EXECUTION_SURFACE", diff --git a/docs/security/security-mirror-status-rollup.snapshot.json b/docs/security/security-mirror-status-rollup.snapshot.json index 3c6db291..74e6a840 100644 --- a/docs/security/security-mirror-status-rollup.snapshot.json +++ b/docs/security/security-mirror-status-rollup.snapshot.json @@ -32,11 +32,12 @@ "docs/security/source-control-workflow-secret-name-export-request.snapshot.json", "docs/security/source-control-workflow-secret-name-owner-response.snapshot.json", "docs/security/source-control-owner-response-validation-rollup.snapshot.json", - "docs/security/security-rollout-policy.snapshot.json" + "docs/security/security-rollout-policy.snapshot.json", + "docs/security/iwooos-posture-projection.snapshot.json" ], "summary": { - "total_contracts": 35, - "ready_for_mirror_count": 32, + "total_contracts": 36, + "ready_for_mirror_count": 33, "partial_ready_count": 2, "contract_only_count": 1, "blocked_count": 0, @@ -108,7 +109,7 @@ "runtime_landing_percent_min": 35, "runtime_landing_percent_max": 40, "basis": [ - "35 個主要 contract 中 32 個 ready、2 個 partial、1 個 contract-only、0 個 blocked。", + "36 個主要 contract 中 33 個 ready、2 個 partial、1 個 contract-only、0 個 blocked。", "S0/S2/S3/S4 多數治理、鏡像、人工批准與 source-control readiness 契約已完成草案。", "owner responses、redacted payload ingestion、active runtime gate、GitHub primary readiness 與 AwoooP production ingestion 仍未完成或尚未批准。" ], @@ -131,7 +132,7 @@ { "phase_id": "S2_mirror_only_consumption", "state": "draft_ready", - "current_result": "Mirror readiness、intake、event、route、acceptance、quarantine、dry-run 與 status rollup 契約已建立。", + "current_result": "Mirror readiness、intake、event、route、acceptance、quarantine、dry-run、status rollup 與 IwoooS posture projection 契約已建立。", "next_gate": "AwoooP 主線只建立 read-only / mirror-only UI 與 audit evidence,不新增 execution router。" }, { @@ -611,6 +612,18 @@ "runtime_delta": false, "execution_authorized": false, "not_authorization": true + }, + { + "delta_id": "s2_9_iwooos_posture_projection_contract", + "display_order": 38, + "completed_stage": "S2.9 IwoooS posture projection contract", + "progress_axis": "framework_detail", + "headline_percent_delta": 0, + "framework_delta_visible": true, + "why_headline_unchanged": "IwoooS posture projection 只把前端顯示資料固定成可驗證契約,不代表 owner response received、production ingestion、approval、runtime gate 或 execution authorization。", + "runtime_delta": false, + "execution_authorized": false, + "not_authorization": true } ], "next_safe_actions": [ @@ -669,7 +682,7 @@ "mode": "observe", "source_contract": "security_mirror_status_rollup_v1", "allowed_processing": [ - "顯示 58% headline、framework / runtime landing、35 contracts 與 0 active runtime gates", + "顯示 58% headline、framework / runtime landing、36 contracts 與 0 active runtime gates", "顯示 Exposure Posture、Source-control Supply Chain、Kali 112 Mesh 與 Approval Boundary", "顯示 7 條 non-blocking escalation lanes 與目前 evidence refs" ], @@ -679,6 +692,22 @@ "把前端可見進度當成 GitHub primary、Kali scan 或 repo / refs action approval" ] }, + { + "action_id": "mirror_iwooos_posture_projection", + "title": "IwoooS 投影資安態勢契約", + "mode": "observe", + "source_contract": "iwooos_posture_projection_v1", + "allowed_processing": [ + "顯示 58% headline、36 contracts、33 ready、0 active runtime gates", + "顯示 4 個 posture pillars、7 條 non-blocking lanes 與 evidence refs", + "顯示 forbidden actions 與 next gate,但不提供 action button" + ], + "blocked_processing": [ + "新增 scan / execute / repair button", + "把 posture projection 當成 runtime authorization", + "把前端 contract count 當成 GitHub primary、Kali scan 或 repo / refs action approval" + ] + }, { "action_id": "mirror_approval_review_packets", "title": "AwoooP 顯示 8 個人工審查封包", diff --git a/docs/security/security-supply-chain-contract-manifest.snapshot.json b/docs/security/security-supply-chain-contract-manifest.snapshot.json index 15570192..98c68eb2 100644 --- a/docs/security/security-supply-chain-contract-manifest.snapshot.json +++ b/docs/security/security-supply-chain-contract-manifest.snapshot.json @@ -2,7 +2,7 @@ "schema_version": "security_supply_chain_contract_manifest_v1", "status": "draft", "default_enforcement_level": "mirror_only", - "contract_count": 35, + "contract_count": 36, "contracts": [ { "contract": "security_rollout_policy_v1", @@ -495,6 +495,39 @@ ], "notes": "定義 AwoooP 與 Security Supply Chain Session 的共同狀態摘要;目前顯示 58% headline progress、progress display policy 與 micro progress delta ledger,說明近期 S4.10 / S4.11 / S4.12 / S4.13 framework detail 不會推高 headline;S4.13 已補 owner response validation rollup、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks 與 7 條 parallel session recovery outcome lanes,彙整 S4.9/S4.10/S4.11/S4.12 共 22 個 response templates、received=0、accepted=0、reviewer audit emitted=0、next_collection_candidate=S4.9;只顯示階段、下一個 gate、evidence routing、display sections、state transition rules、reviewer checklist、reviewer outcome lanes、reviewer audit templates、reviewer audit display sections、reviewer audit collection checks、reviewer audit redaction examples、reviewer audit retention rules、reviewer audit retention checks、reviewer audit handoff packets、reviewer audit handoff checks、parallel session sync checks、parallel session conflict lanes、parallel session recovery checks、parallel session recovery outcome lanes 與禁止事項,不授權執行。" }, + { + "contract": "iwooos_posture_projection_v1", + "schema_path": "docs/schemas/iwooos_posture_projection_v1.schema.json", + "snapshot_paths": [ + "docs/security/iwooos-posture-projection.snapshot.json" + ], + "human_docs": [ + "docs/security/IWOOOS-POSTURE-PROJECTION.md" + ], + "consumer": "IwoooS frontend / AwoooP Operator Console / Audit", + "consumption_mode": "mirror_only", + "allowed_actions": [ + "mirror_posture_projection", + "display_security_posture", + "display_non_blocking_lanes", + "display_evidence_refs", + "display_forbidden_actions" + ], + "forbidden_actions": [ + "execute_posture_projection", + "add_action_button", + "start_scan", + "call_execute_endpoint", + "create_repo", + "sync_refs", + "modify_workflow_or_secret", + "enable_runner", + "switch_github_primary", + "production_deploy", + "store_secret_value" + ], + "notes": "定義 IwoooS 前端如何只讀呈現 Security Posture / Exposure、36 contracts、0 active runtime gates、7 條 non-blocking lanes 與 evidence refs;不提供 scan / execute / repair 或任何 runtime action button。" + }, { "contract": "coding_task_v1", "schema_path": "docs/schemas/coding_task_v1.schema.json", diff --git a/scripts/security/security-mirror-progress-guard.py b/scripts/security/security-mirror-progress-guard.py index d9b29d13..6feb93f9 100755 --- a/scripts/security/security-mirror-progress-guard.py +++ b/scripts/security/security-mirror-progress-guard.py @@ -41,23 +41,63 @@ def validate(root: Path) -> None: manifest = load_json(security_dir / "security-supply-chain-contract-manifest.snapshot.json") readiness = load_json(security_dir / "security-mirror-readiness.snapshot.json") rollup = load_json(security_dir / "security-mirror-status-rollup.snapshot.json") + intake = load_json(security_dir / "security-mirror-intake-plan.snapshot.json") + event_sample = load_json(security_dir / "security-mirror-event-sample.snapshot.json") + route = load_json(security_dir / "security-mirror-route.snapshot.json") acceptance = load_json(security_dir / "security-mirror-acceptance.snapshot.json") dry_run = load_json(security_dir / "security-mirror-dry-run.snapshot.json") owner_rollup = load_json(security_dir / "source-control-owner-response-validation-rollup.snapshot.json") primary_gate = load_json(security_dir / "source-control-primary-readiness-gate.snapshot.json") rollout_policy = load_json(security_dir / "security-rollout-policy.snapshot.json") + iwooos_projection = load_json(security_dir / "iwooos-posture-projection.snapshot.json") manifest_count = manifest["contract_count"] readiness_summary = readiness["summary"] rollup_summary = rollup["summary"] - assert_equal("manifest.contract_count", manifest_count, 35) + assert_equal("manifest.contract_count", manifest_count, 36) assert_equal("readiness.total_contracts", readiness_summary["total_contracts"], manifest_count) assert_equal("rollup.total_contracts", rollup_summary["total_contracts"], manifest_count) - assert_equal("rollup.ready_for_mirror_count", rollup_summary["ready_for_mirror_count"], 32) + assert_equal("rollup.ready_for_mirror_count", rollup_summary["ready_for_mirror_count"], 33) assert_equal("rollup.partial_ready_count", rollup_summary["partial_ready_count"], 2) assert_equal("rollup.contract_only_count", rollup_summary["contract_only_count"], 1) assert_equal("rollup.blocked_count", rollup_summary["blocked_count"], 0) + assert_contains( + "manifest.contracts", + [item["contract"] for item in manifest["contracts"]], + "iwooos_posture_projection_v1", + ) + assert_contains( + "readiness.contract_readiness", + [item["contract"] for item in readiness["contract_readiness"]], + "iwooos_posture_projection_v1", + ) + assert_contains( + "rollup.source_indexes", + rollup["source_indexes"], + "docs/security/iwooos-posture-projection.snapshot.json", + ) + assert_equal("event_sample.payload_summary.total_contracts", event_sample["payload_summary"]["total_contracts"], manifest_count) + assert_equal( + "event_sample.payload_summary.ready_for_mirror_count", + event_sample["payload_summary"]["ready_for_mirror_count"], + readiness_summary["ready_for_mirror_count"], + ) + assert_contains( + "event_sample.evidence_refs", + event_sample["evidence_refs"], + "docs/security/IWOOOS-POSTURE-PROJECTION.md", + ) + assert_equal("route.summary.total_contracts", route["summary"]["total_contracts"], manifest_count) + route_contracts = sorted({contract for group in route["route_groups"] for contract in group["contracts"]}) + assert_equal("route.contract_coverage", route_contracts, sorted(item["contract"] for item in manifest["contracts"])) + assert_contains( + "intake.source_indexes", + intake["source_indexes"], + "docs/security/iwooos-posture-projection.snapshot.json", + ) + intake_contracts = [contract for wave in intake["intake_waves"] for contract in wave["contracts"]] + assert_contains("intake.contracts", intake_contracts, "iwooos_posture_projection_v1") progress = rollup["progress_estimate"] assert_equal("progress.overall_percent", progress["overall_percent"], 58) @@ -120,6 +160,7 @@ def validate(root: Path) -> None: "s4_13_owner_response_validation_parallel_session_recovery_outcome_lanes", "s1_3_low_friction_non_blocking_escalation_lanes", "s2_8_iwooos_frontend_posture_entry", + "s2_9_iwooos_posture_projection_contract", ] assert_equal( "progress_delta_ledger.delta_ids", @@ -206,6 +247,123 @@ def validate(root: Path) -> None: ]: assert_contains("rollout_policy.allowed_awooop_outputs", rollout_outputs, output) + assert_equal("iwooos_projection.schema_version", iwooos_projection["schema_version"], "iwooos_posture_projection_v1") + assert_equal("iwooos_projection.product_id", iwooos_projection["product_id"], "iwooos") + assert_equal("iwooos_projection.display_name", iwooos_projection["display_name"], "IwoooS") + assert_equal("iwooos_projection.mode", iwooos_projection["mode"], "mirror_only") + assert_false("iwooos_projection.runtime_execution_authorized", iwooos_projection["runtime_execution_authorized"]) + assert_false("iwooos_projection.action_buttons_allowed", iwooos_projection["action_buttons_allowed"]) + assert_true("iwooos_projection.not_authorization", iwooos_projection["not_authorization"]) + assert_equal("iwooos_projection.summary.route_path", iwooos_projection["summary"]["route_path"], "/iwooos") + assert_true("iwooos_projection.summary.nav_entry_added", iwooos_projection["summary"]["nav_entry_added"]) + assert_true( + "iwooos_projection.summary.command_palette_entry_added", + iwooos_projection["summary"]["command_palette_entry_added"], + ) + assert_equal("iwooos_projection.summary.contract_count", iwooos_projection["summary"]["contract_count"], manifest_count) + assert_equal( + "iwooos_projection.summary.active_runtime_gate_count", + iwooos_projection["summary"]["active_runtime_gate_count"], + rollup_summary["active_runtime_gate_count"], + ) + assert_equal( + "iwooos_projection.summary.owner_response_validation_received_count", + iwooos_projection["summary"]["owner_response_validation_received_count"], + rollup_summary["owner_response_validation_received_count"], + ) + assert_equal( + "iwooos_projection.summary.owner_response_validation_accepted_count", + iwooos_projection["summary"]["owner_response_validation_accepted_count"], + rollup_summary["owner_response_validation_accepted_count"], + ) + assert_equal( + "iwooos_projection.summary.github_primary_ready_count", + iwooos_projection["summary"]["github_primary_ready_count"], + rollup_summary["github_primary_ready_count"], + ) + assert_false("iwooos_projection.summary.action_buttons_allowed", iwooos_projection["summary"]["action_buttons_allowed"]) + iwooos_progress = iwooos_projection["progress"] + assert_equal("iwooos_projection.progress.overall_percent", iwooos_progress["overall_percent"], progress["overall_percent"]) + assert_equal( + "iwooos_projection.progress.framework_percent_min", + iwooos_progress["framework_percent_min"], + progress["framework_percent_min"], + ) + assert_equal( + "iwooos_projection.progress.framework_percent_max", + iwooos_progress["framework_percent_max"], + progress["framework_percent_max"], + ) + assert_equal( + "iwooos_projection.progress.runtime_landing_percent_min", + iwooos_progress["runtime_landing_percent_min"], + progress["runtime_landing_percent_min"], + ) + assert_equal( + "iwooos_projection.progress.runtime_landing_percent_max", + iwooos_progress["runtime_landing_percent_max"], + progress["runtime_landing_percent_max"], + ) + assert_equal( + "iwooos_projection.progress.headline_status", + iwooos_progress["headline_status"], + progress_display_policy["headline_status"], + ) + assert_true("iwooos_projection.progress.not_authorization", iwooos_progress["not_authorization"]) + assert_equal( + "iwooos_projection.posture_pillars.ids", + [item["pillar_id"] for item in iwooos_projection["posture_pillars"]], + ["exposure_posture", "source_control_supply_chain", "kali_112_mesh", "approval_boundary"], + ) + assert_equal( + "iwooos_projection.posture_pillars.display_order", + [item["display_order"] for item in iwooos_projection["posture_pillars"]], + [1, 2, 3, 4], + ) + for item in iwooos_projection["posture_pillars"]: + assert_equal(f"iwooos_projection.posture_pillars.{item['pillar_id']}.display_mode", item["display_mode"], "posture_only") + assert_false( + f"iwooos_projection.posture_pillars.{item['pillar_id']}.runtime_execution_authorized", + item["runtime_execution_authorized"], + ) + assert_true(f"iwooos_projection.posture_pillars.{item['pillar_id']}.not_authorization", item["not_authorization"]) + assert_equal( + "iwooos_projection.non_blocking_lane_ids", + iwooos_projection["non_blocking_lane_ids"], + expected_low_friction_lane_ids, + ) + for evidence_ref in [ + "docs/security/iwooos-posture-projection.snapshot.json", + "docs/security/security-rollout-policy.snapshot.json", + "docs/security/security-mirror-status-rollup.snapshot.json", + "docs/security/source-control-owner-response-validation-rollup.snapshot.json", + "docs/security/kali-integration-status.snapshot.json", + ]: + assert_contains("iwooos_projection.evidence_refs", iwooos_projection["evidence_refs"], evidence_ref) + for output in [ + "display_security_posture", + "display_progress_estimate", + "display_non_blocking_lanes", + "display_evidence_refs", + "display_forbidden_actions", + ]: + assert_contains("iwooos_projection.allowed_frontend_outputs", iwooos_projection["allowed_frontend_outputs"], output) + for output in [ + "add_scan_button", + "add_execute_button", + "add_repair_button", + "start_kali_scan", + "call_kali_execute_endpoint", + "create_github_repo", + "sync_git_refs", + "modify_workflow_or_secret", + "enable_runner", + "switch_github_primary", + "production_deploy", + "treat_progress_as_authorization", + ]: + assert_contains("iwooos_projection.forbidden_frontend_outputs", iwooos_projection["forbidden_frontend_outputs"], output) + owner_summary = owner_rollup["summary"] assert_equal("owner_rollup.total_received_response_count", owner_summary["total_received_response_count"], 0) assert_equal("owner_rollup.total_accepted_response_count", owner_summary["total_accepted_response_count"], 0) @@ -340,6 +498,12 @@ def validate(root: Path) -> None: assert_false("primary_gate.raw_secret_storage_authorized", primary_summary["raw_secret_storage_authorized"]) acceptance_ids = [item["check_id"] for item in acceptance["acceptance_checks"]] + assert_equal("acceptance.total_contracts", acceptance["summary"]["total_contracts"], manifest_count) + assert_equal( + "acceptance.ready_for_mirror_count", + acceptance["summary"]["ready_for_mirror_count"], + readiness_summary["ready_for_mirror_count"], + ) assert_contains("acceptance_checks", acceptance_ids, "PROGRESS_ESTIMATE_NOT_AUTHORIZATION") assert_equal("acceptance.summary.acceptance_check_count", acceptance["summary"]["acceptance_check_count"], len(acceptance_ids)) assert_equal( @@ -353,6 +517,11 @@ def validate(root: Path) -> None: dry_run_step_ids = [item["step_id"] for item in dry_run["dry_run_steps"]] assert_equal("dry_run.dry_run_status", dry_run["dry_run_status"], "contract_defined_not_executed") assert_equal("dry_run.total_contracts", dry_run_summary["total_contracts"], manifest_count) + assert_equal( + "dry_run.ready_for_mirror_count", + dry_run_summary["ready_for_mirror_count"], + readiness_summary["ready_for_mirror_count"], + ) assert_equal("dry_run.acceptance_check_count", dry_run_summary["acceptance_check_count"], 8) assert_false("dry_run.runtime_execution_authorized", dry_run["runtime_execution_authorized"]) assert_false("dry_run.runtime_actions_executed", dry_run_summary["runtime_actions_executed"]) @@ -379,7 +548,11 @@ def validate(root: Path) -> None: assert_false("dry_run.latest_local_validation.production_ingestion_enabled", local_validation["production_ingestion_enabled"]) assert_true("dry_run.latest_local_validation.not_authorization", local_validation["not_authorization"]) - forbidden_actions = set(rollup["forbidden_actions"]) | set(acceptance["forbidden_actions"]) + forbidden_actions = ( + set(rollup["forbidden_actions"]) + | set(acceptance["forbidden_actions"]) + | set(iwooos_projection["forbidden_frontend_outputs"]) + ) for action in [ "start_kali_scan", "call_kali_execute_endpoint",