diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index 9d30d9a0..a7b34586 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -1,3 +1,39 @@ +## 2026-06-15|S4.9 Owner Response Gate 基準收斂與防過期 Guard 更新 + +**背景**:AwoooP 高可見頁敏感識別已完成正式脫敏與 production 驗證,但 S4.9 owner response gate 的缺口稽核、snapshot 產生器與 guard 仍鎖在較早的 deploy marker。這會讓後續 Session 以舊基準判斷 S4.9 狀態,進而誤把 UI / LOGBOOK / AwoooP 可見性當成 owner response 或資安接受。 + +**完成項目**: +- 更新 `docs/security/S4-9-OWNER-RESPONSE-GATE-CURRENT-GAP-AUDIT.md`,基準改為 `gitea/main=57df61da`、runtime deploy marker `166497ee`、AwoooP 高可見頁 redaction code commit `94a9c612`。 +- 更新 `docs/security/S4-9-CANONICAL-OWNER-RESPONSE-ENVELOPE.md`、`S4-9-OWNER-RESPONSE-INTAKE-FORM.md`、`S4-9-REVIEWER-VALIDATION-CHECKLIST.md`、`S4-9-SECURITY-ACCEPTANCE-RECORD-TEMPLATE.md` 的基準列,避免 S4.9 文件停在舊 commit。 +- 更新 `scripts/security/s4-9-owner-response-gap-audit.py`,讓重新產生 snapshot 時會保留最新正式驗證基準,不會倒退到舊 deploy marker。 +- 重新產生 `docs/security/s4-9-owner-response-gap-audit.snapshot.json`,固定 `gaps=8`、`new_rules=7`、`adjustments=7`、`owner_gate=0`、`runtime_gate=0`。 +- 更新 `scripts/security/source-control-owner-response-guard.py` 的預期基準,讓 guard 直接擋下 S4.9 gap audit 回到舊 `gitea/main`、舊 deploy marker 或舊 redaction commit。 + +**本地驗證**: +- `python3 scripts/security/s4-9-owner-response-gap-audit.py --root . --generated-at 2026-06-15T07:50:00+08:00 --output docs/security/s4-9-owner-response-gap-audit.snapshot.json` → `S4_9_OWNER_RESPONSE_GAP_AUDIT_OK gaps=8 new_rules=7 adjustments=7 owner_gate=0 runtime_gate=0`。 +- `python3 -m py_compile scripts/security/s4-9-owner-response-gap-audit.py scripts/security/source-control-owner-response-guard.py scripts/security/iwooos-owner-gate-guard.py scripts/security/security-mirror-progress-guard.py` 通過。 +- `python3 -m json.tool docs/security/s4-9-owner-response-gap-audit.snapshot.json` 通過。 +- `python3 scripts/security/source-control-owner-response-guard.py --root .` → `SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`。 +- `python3 scripts/security/iwooos-owner-gate-guard.py --root .` → `IWOOOS_OWNER_GATE_GUARD_OK`。 +- `python3 scripts/security/security-mirror-progress-guard.py --root .` → `SECURITY_MIRROR_PROGRESS_GUARD_OK`。 +- `python3 scripts/security/iwooos-config-control-guard.py --root .` → `IWOOOS_CONFIG_CONTROL_GUARD_OK`。 +- `python3 scripts/security/package-supply-chain-owner-policy-guard.py --root .` → `PACKAGE_SUPPLY_CHAIN_OWNER_POLICY_GUARD_OK`。 +- `python3 scripts/ops/doc-secrets-sanity-check.py docs .gitea` → `DOC_SECRET_SANITY_OK scanned_files=865`。 +- `git diff --check` 通過。 + +**Production / Browser 驗證判斷**: +- 本輪只修改 repo-only 文件、JSON snapshot 與 guard 腳本,未改 `apps/web`、messages、API、Nginx、K8s 或 runtime,因此不新增正式部署,也不需要重新做 Browser smoke。 +- 仍沿用上一輪最終 deploy marker `166497ee` 的 production desktop / mobile 驗證:AwoooP tenants / runs / approvals / contracts / work-items 均未顯示 raw owner namespace、外部 namespace、內部阻塞碼或內部協作文字,且無水平溢出。 + +**完成度與邊界**: +- S4.9 owner response gate 收件前置:`70% -> 74%`,基準、文件與 snapshot 產生器已跟上最新正式驗證;仍缺人工送件與 owner 回覆。 +- S4.9 基準與日期一致性:`100%`,guard 已鎖住最新 `57df61da / 166497ee / 94a9c612`。 +- S4.9 owner response gate:維持 `0%`;`request_sent=0`、`received=0`、`accepted=0`、`rejected=0`。 +- 前台 / public API identity redaction:維持 `100%`;本輪未改前端,只強化 S4.9 gap audit 的防過期基準。 +- IwoooS headline 維持 `64%`;active runtime gate 維持 `0`。 +- owner response accepted、target decision accepted、refs parity accepted、repository creation、refs sync、workflow modification、secret collection、runtime execution、action button、Nginx reload、host restart、firewall change、active scan 全部維持 `0 / false`。 +- 本輪未 SSH、未改主機、未重啟 Docker / Nginx、未修改 firewall / iptables、未收 secrets 明文、未執行 active scan、未切 GitHub primary、未 force push,也沒有把內部協作內容放到前端頁面。 + ## 2026-06-15|AwoooP 高可見頁敏感識別與前端 bundle 防洩漏完成 **背景**:使用者指出 `/zh-TW/awooop/tenants` 曾在前台表格顯示個人 owner namespace、外部 org namespace、英文 repo / product slug、`blocked_waiting_*` 與 `blockers=` 類內部狀態碼。這不符合 IwoooS 現階段資安要求:公開面不得暴露可反推 owner、repo、內部 gate、內部協作文字或執行邊界的 raw identifier;UI 可視不等於 runtime 授權,且 client bundle 也不能保存敏感對照常數。 diff --git a/docs/security/S4-9-CANONICAL-OWNER-RESPONSE-ENVELOPE.md b/docs/security/S4-9-CANONICAL-OWNER-RESPONSE-ENVELOPE.md index 23c8f5a5..7903531b 100644 --- a/docs/security/S4-9-CANONICAL-OWNER-RESPONSE-ENVELOPE.md +++ b/docs/security/S4-9-CANONICAL-OWNER-RESPONSE-ENVELOPE.md @@ -2,8 +2,8 @@ | 項目 | 內容 | |------|------| -| 日期 | 2026-06-13 | -| 基準 | `gitea/main=2afb7c0a fix(governance): harden agent evidence redaction` | +| 日期 | 2026-06-15 | +| 基準 | `gitea/main=57df61da docs(iwooos): 記錄 AwoooP 前台脫敏正式驗證 [skip ci]` | | 範圍 | S4.9 owner response 收件信封、欄位別名、隔離規則與驗收前狀態邊界 | | 模式 | 只讀文件規範,不送 request、不收 owner response、不改 API、不改 UI、不改 runtime | | 不可誤讀 | 本文件不是 request sent、不是 owner response received、不是 accepted、不是 Gitea / GitHub / refs / workflow / secret / runner / runtime 授權 | diff --git a/docs/security/S4-9-OWNER-RESPONSE-GATE-CURRENT-GAP-AUDIT.md b/docs/security/S4-9-OWNER-RESPONSE-GATE-CURRENT-GAP-AUDIT.md index 3ee11a5b..97dfc706 100644 --- a/docs/security/S4-9-OWNER-RESPONSE-GATE-CURRENT-GAP-AUDIT.md +++ b/docs/security/S4-9-OWNER-RESPONSE-GATE-CURRENT-GAP-AUDIT.md @@ -2,8 +2,8 @@ | 項目 | 內容 | |------|------| -| 日期 | 2026-06-14 | -| 基準 | `gitea/main=8795c08d docs(iwooos): 記錄 ssh network production 驗證 [skip ci]`;runtime deploy marker `605fde43`;Tenants redaction code commit `4bbc5269` | +| 日期 | 2026-06-15 | +| 基準 | `gitea/main=57df61da docs(iwooos): 記錄 AwoooP 前台脫敏正式驗證 [skip ci]`;runtime deploy marker `166497ee`;AwoooP 高可見頁 redaction code commit `94a9c612` | | 範圍 | S4.9 Gitea owner attestation response gate、S4.13 owner response validation rollup、public surface identity redaction boundary | | 模式 | 只讀 committed snapshot / 文件稽核 | | 不可誤讀 | 不是 request sent、不是 owner response received、不是 accepted、不是 repo / refs / workflow / secret / runtime 授權 | @@ -16,7 +16,7 @@ S4.9 的基礎規範已存在,且已能被 `source-control-owner-response-guar 真正尚未完成的是「owner 回覆本身」。目前 `request_sent=false`、`received=0`、`accepted=0`、`rejected=0`,所以 S4.9 owner response gate 仍是 `0%`。任何 UI、request template、AwoooP 顯示、reviewer checklist 或 LOGBOOK 文字都不得把這個 gate 拉高。 -本輪另外把使用者指出的前台資訊揭露問題納入 S4.9 缺口稽核:前台、public API、HTML、bundle 與 messages 不得顯示個人 namespace、外部 raw namespace、工作視窗對話或內部 session 語句。AwoooP Tenants 已改成 `SRC-###` 脫敏範圍代號,但此規則必須持續由 guard 與 production desktop / mobile sensitive scan 保護。 +本輪另外把使用者指出的前台資訊揭露問題納入 S4.9 缺口稽核:前台、public API、HTML、bundle 與 messages 不得顯示個人 namespace、外部 raw namespace、工作視窗對話或內部 session 語句。AwoooP Tenants / Runs / Approvals / Contracts / Work Items 已完成高可見頁脫敏與 bundle sensitive scan,但此規則必須持續由 guard 與 production desktop / mobile sensitive scan 保護。 ## 2. 已符合目前要求 @@ -29,13 +29,13 @@ S4.9 的基礎規範已存在,且已能被 `source-control-owner-response-guar | 五題齊備才可 accepted | 已要求 5 個 response templates 都收到可驗收回覆,部分回覆只能 waiting 或 request_more_evidence | `preflight-all-five-items-before-accepted` | | 四包收件順序 | S4.9 -> S4.10 -> S4.11 -> S4.12 已固定 | `source-control-owner-response-validation-rollup.snapshot.json` | | 安全旗標 | token、secret、repo write、refs sync、GitHub primary、action button 全部 `false` | owner response guard | -| Public surface redaction | `/zh-TW/awooop/tenants` 與 `GET /api/v1/platform/tenants` 已改用 `SRC-###`、`source_scope_id`、`source_namespace_redacted=true` | `security-mirror-progress-guard.py`、production desktop / mobile verification | +| Public surface redaction | `/zh-TW/awooop/tenants`、`runs`、`approvals`、`contracts`、`work-items` 與 public API 已改用公開名稱、`SRC-###`、已脫敏摘要與 bundle-level 防洩漏 | `security-mirror-progress-guard.py`、production desktop / mobile verification | ## 3. 目前仍不符合最新推進要求 | 缺口 | 影響 | 下一步 | |------|------|--------| -| P0 主控總帳與缺口稽核基準需跟上最新 `gitea/main` | 平行 Session 已推進 Tenants redaction、Backup / Restore、Public Gateway、K8s / ArgoCD、SSH / network acceptance ledger 與 production Browser smoke;舊 commit 基準會讓新 Session 誤判下一步 | 本輪已更新到 `gitea/main=8795c08d` 與 deploy marker `605fde43`;最新 S4.9 仍是等待 owner response,後續每次推送前仍需 fetch、讀 LOGBOOK 最新段落與同步 runs / deploy marker | +| P0 主控總帳與缺口稽核基準需跟上最新 `gitea/main` | 平行 Session 已推進高可見頁脫敏、Backup / Restore、Public Gateway、K8s / ArgoCD、SSH / network acceptance ledger 與 production Browser smoke;舊 commit 基準會讓新 Session 誤判下一步 | 本輪已更新到 `gitea/main=57df61da` 與 deploy marker `166497ee`;最新 S4.9 仍是等待 owner response,後續每次推送前仍需 fetch、讀 LOGBOOK 最新段落與同步 runs / deploy marker | | S4.9 gate 仍只有 request-ready,沒有 owner response | IwoooS 64% 不能因規範存在而往前解鎖 | 維持 `0%`,只準備收件缺口,不調高 progress | | S4.13 rollup 文件曾殘留舊模板總數 | Snapshot 已是 `5 + 9 + 5 + 5 = 24`,但文件仍可能寫成 `22`,會造成 reviewer 誤判 S4.10 目標數 | 已同步文件並把 `source-control-owner-response-guard.py` 納入文件一致性檢查 | | request packet 的欄位名稱存在同義詞 | `affected_repos`、`affected_sources`、`affected_repos_or_sources_or_namespace`、`evidence_refs` 與使用者要求的 `affected_scope`、`redacted_evidence_refs` 容易在 UI / handoff 中混用 | 已補 `S4-9-CANONICAL-OWNER-RESPONSE-ENVELOPE.md`,後續顯示層以六欄 canonical envelope 呈現;source templates 可保留細分欄位 | @@ -43,7 +43,7 @@ S4.9 的基礎規範已存在,且已能被 `source-control-owner-response-guar | 尚未有 owner response reviewer outcome | reviewer checklist 存在,但沒有任何可分類 response | 等脫敏 metadata 進來後,才能進補件、隔離、拒收、只讀更新候選 | | 部分文件仍可能把近期 P2-403I/J/K 或資安 P1 工作誤當 S4.9 已解鎖 | 平行 Session 已推進 AI Agent 報表 / 告警路由,但 S4.9 owner response 仍是獨立 P0 gate | 後續 LOGBOOK / workplan 每次都標註平行 Session、最新基線與 S4.9 received / accepted 仍為 `0 / 0` | | P0-PUBLICENV 與 P2-105 容易被誤讀為 S4.9 owner response | 公開主機 alias redaction、bundle clean、production smoke、critic / reviewer scorecard 都不是 owner role / team、decision、reason、scope、redacted refs、followup owner 的實際回覆 | 在 rollup 與 LOGBOOK 明確標記:這些進展不增加 request_sent、received、accepted 或 runtime gate | -| 前台 raw namespace 或工作視窗內容外洩 | 產品頁若直接顯示 raw source-control evidence,會暴露個人 namespace、外部 namespace 或內部協作脈絡 | 已補 Tenants 脫敏;後續新增頁面 / API 必須先走 public surface redaction gate 與 production sensitive scan | +| 前台 raw namespace 或工作視窗內容外洩 | 產品頁若直接顯示 raw source-control evidence,會暴露個人 namespace、外部 namespace 或內部協作脈絡 | 已補 AwoooP 高可見頁脫敏;後續新增頁面 / API / bundle 必須先走 public surface redaction gate 與 production sensitive scan | | 內部 evidence 與產品文案邊界不清 | `docs/security` 可能保留必要技術識別供內部稽核,但不得被直接接到前台渲染 | 前台只能顯示 redacted scope id、aggregate count、risk tier、readiness state、redacted evidence ref | | repo-local `MEMORY.md` 缺檔 | 啟動規範要求讀 `MEMORY.md`,但本 release worktree 沒有此檔 | 已改讀全域 memory 摘要與 LOGBOOK;後續需把此視為啟動程序缺口,不得假稱 repo-local MEMORY.md 已讀 | @@ -56,7 +56,7 @@ S4.9 的基礎規範已存在,且已能被 `source-control-owner-response-guar | Request sent 與 received 分離 | request packet 顯示、人工送件、owner response received、accepted 必須是四個獨立狀態 | 已有規範,需在後續 audit metadata 實作時保持 | | Quarantine-first 收件 | 疑似 token、secret、private key、cookie、session、authorization header、private URL credential、未脫敏截圖先隔離,不渲染 raw payload | 已有規範,需維持 | | 平行 Session 衝突規則 | 任一 Session 推送前必須 fetch / fast-forward 到最新 `gitea/main`,並同步 commit / run / production evidence / gate 0 false | 已執行,需持續 | -| Public surface redaction gate | 前台、public API、HTML、bundle、messages 不得出現 raw owner namespace、個人識別、外部 raw namespace 或工作視窗對話 | 已補 snapshot 與 guard 接入;每次前端 / API 變更需 production sensitive scan | +| Public surface redaction gate | 前台、public API、HTML、bundle、messages 不得出現 raw owner namespace、個人識別、外部 raw namespace、內部狀態碼或工作視窗對話 | 已補 snapshot 與 guard 接入;每次前端 / API / client bundle 變更需 production sensitive scan | | Internal evidence private boundary | 內部 source-control raw evidence 只能留在 private evidence / docs,不得直接作為產品渲染來源 | 已納入 `s4-9-owner-response-gap-audit.snapshot.json` | | Machine-readable S4.9 gap audit | S4.9 缺口稽核不得只停在 MD,必須有 snapshot 與 guard | 已新增 `s4_9_owner_response_gap_audit_v1` | @@ -102,7 +102,7 @@ S4.9 的基礎規範已存在,且已能被 `source-control-owner-response-guar | Public surface identity redaction boundary | 100% | Tenants 前台 / public API 已用 `SRC-###`;後續由 guard 與 production sensitive scan 持續保護 | | S4.9 canonical owner response envelope | 100% | 已補六欄信封、alias 映射、五題投影、quarantine-first 與 reviewer checklist | | S4.9 owner response gate | 0% | 沒有收到 owner response,不得調高 | -| S4.9 基準與日期一致性 | 100% | 已跟到 `gitea/main=8795c08d`、deploy marker `605fde43`,並要求 guard 擋下過期 rollup 日期與舊模板公式 | +| S4.9 基準與日期一致性 | 100% | 已跟到 `gitea/main=57df61da`、deploy marker `166497ee`,並要求 guard 擋下過期 rollup 日期與舊模板公式 | | S4.13 rollup 文件一致性 | 100% | 已把 `22` 舊口徑修正為 `24`,並由 guard 檢查 | | IwoooS 整體 | 維持 64% | 只讀稽核不改 runtime readiness | | active runtime gate | 0 | 不變 | diff --git a/docs/security/S4-9-OWNER-RESPONSE-INTAKE-FORM.md b/docs/security/S4-9-OWNER-RESPONSE-INTAKE-FORM.md index 3d64091a..c637b02f 100644 --- a/docs/security/S4-9-OWNER-RESPONSE-INTAKE-FORM.md +++ b/docs/security/S4-9-OWNER-RESPONSE-INTAKE-FORM.md @@ -2,8 +2,8 @@ | 項目 | 內容 | |------|------| -| 日期 | 2026-06-13 | -| 基準 | `gitea/main=2afb7c0a fix(governance): harden agent evidence redaction` | +| 日期 | 2026-06-15 | +| 基準 | `gitea/main=57df61da docs(iwooos): 記錄 AwoooP 前台脫敏正式驗證 [skip ci]` | | 對應規範 | `docs/security/S4-9-CANONICAL-OWNER-RESPONSE-ENVELOPE.md` | | 對應收件包 | `docs/security/GITEA-INVENTORY-OWNER-ATTESTATION-RESPONSE.md` | | 模式 | owner response intake form only | diff --git a/docs/security/S4-9-REVIEWER-VALIDATION-CHECKLIST.md b/docs/security/S4-9-REVIEWER-VALIDATION-CHECKLIST.md index 7ba4167d..296256ee 100644 --- a/docs/security/S4-9-REVIEWER-VALIDATION-CHECKLIST.md +++ b/docs/security/S4-9-REVIEWER-VALIDATION-CHECKLIST.md @@ -2,8 +2,8 @@ | 項目 | 內容 | |------|------| -| 日期 | 2026-06-13 | -| 基準 | `gitea/main=2afb7c0a fix(governance): harden agent evidence redaction` | +| 日期 | 2026-06-15 | +| 基準 | `gitea/main=57df61da docs(iwooos): 記錄 AwoooP 前台脫敏正式驗證 [skip ci]` | | 上游文件 | `docs/security/S4-9-CANONICAL-OWNER-RESPONSE-ENVELOPE.md`、`docs/security/S4-9-OWNER-RESPONSE-INTAKE-FORM.md` | | 模式 | reviewer validation checklist only | | 不可誤讀 | 本文件不是 request dispatch、不是 owner response、不是 accepted record、不是 repo / refs / workflow / secret / runner / host / runtime 執行授權 | diff --git a/docs/security/S4-9-SECURITY-ACCEPTANCE-RECORD-TEMPLATE.md b/docs/security/S4-9-SECURITY-ACCEPTANCE-RECORD-TEMPLATE.md index b5ff1345..0a69b16b 100644 --- a/docs/security/S4-9-SECURITY-ACCEPTANCE-RECORD-TEMPLATE.md +++ b/docs/security/S4-9-SECURITY-ACCEPTANCE-RECORD-TEMPLATE.md @@ -2,8 +2,8 @@ | 項目 | 內容 | |------|------| -| 日期 | 2026-06-13 | -| 基準 | `gitea/main=2afb7c0a fix(governance): harden agent evidence redaction` | +| 日期 | 2026-06-15 | +| 基準 | `gitea/main=57df61da docs(iwooos): 記錄 AwoooP 前台脫敏正式驗證 [skip ci]` | | 上游文件 | `docs/security/S4-9-CANONICAL-OWNER-RESPONSE-ENVELOPE.md`、`docs/security/S4-9-OWNER-RESPONSE-INTAKE-FORM.md`、`docs/security/S4-9-REVIEWER-VALIDATION-CHECKLIST.md` | | 模式 | security acceptance record template only | | 不可誤讀 | 本文件不是 owner response、不是 reviewer validation 已通過、不是 accepted record、不是 GitHub primary / repo / refs / workflow / secret / runner / host / runtime 執行授權 | diff --git a/docs/security/s4-9-owner-response-gap-audit.snapshot.json b/docs/security/s4-9-owner-response-gap-audit.snapshot.json index d259d94f..a6984158 100644 --- a/docs/security/s4-9-owner-response-gap-audit.snapshot.json +++ b/docs/security/s4-9-owner-response-gap-audit.snapshot.json @@ -1,9 +1,9 @@ { "basis": { - "gitea_main_commit": "8795c08d", - "latest_logbook_commit": "8795c08d", - "latest_runtime_deploy_marker": "605fde43", - "latest_tenants_redaction_commit": "4bbc5269", + "gitea_main_commit": "57df61da", + "latest_logbook_commit": "57df61da", + "latest_runtime_deploy_marker": "166497ee", + "latest_tenants_redaction_commit": "94a9c612", "production_verification_required_for_frontend_changes": true, "source_control_rollup_date": "2026-06-13", "source_control_rollup_templates": 24 @@ -34,10 +34,10 @@ "status": "active_blocker" }, { - "current_state": "AwoooP Tenants 已改用 SRC-###;仍需由 guard 固定 public surface redaction 規則。", + "current_state": "AwoooP 高可見頁已改用公開名稱 / SRC-###;仍需由 guard 固定 public surface redaction 規則。", "gap_id": "public_surface_identity_leak_risk", "priority": "P0", - "required_next_step": "持續跑 security mirror guard;新增頁面或 API payload 時一律先做 sensitive public-surface scan。", + "required_next_step": "持續跑 security mirror guard;新增頁面、API payload 或 client bundle 時一律先做 sensitive public-surface scan。", "requirement": "前台與瀏覽器 API 不得顯示個人 namespace、外部 org namespace、工作視窗對話或內部 session 語句。", "status": "mitigated_needs_guard" }, @@ -50,7 +50,7 @@ "status": "active_risk" }, { - "current_state": "舊 MD 仍提到 2026-06-13 與舊基準;本 snapshot 將基準更新到目前 release worktree。", + "current_state": "舊 MD / 產生器曾停在 2026-06-14 以前的 deploy marker;本 snapshot 將基準更新到最新 AwoooP 高可見頁脫敏正式驗證。", "gap_id": "latest_basis_staleness_risk", "priority": "P0", "required_next_step": "每次推送前 fetch gitea 並更新 basis,不得沿用舊 commit 宣稱最新。", @@ -92,8 +92,8 @@ "work_session_transcript_public_allowed": false, "workflow_modification_authorized": false }, - "generated_at": "2026-06-14T22:35:00+08:00", - "git_commit": "8795c08d", + "generated_at": "2026-06-15T07:50:00+08:00", + "git_commit": "57df61da", "mode": "read_only_gap_audit_no_runtime_action", "new_rules_required": [ { diff --git a/scripts/security/s4-9-owner-response-gap-audit.py b/scripts/security/s4-9-owner-response-gap-audit.py index 7fee80c6..7fa6eeeb 100644 --- a/scripts/security/s4-9-owner-response-gap-audit.py +++ b/scripts/security/s4-9-owner-response-gap-audit.py @@ -69,8 +69,8 @@ CURRENT_REQUIREMENT_GAPS = [ "priority": "P0", "status": "mitigated_needs_guard", "requirement": "前台與瀏覽器 API 不得顯示個人 namespace、外部 org namespace、工作視窗對話或內部 session 語句。", - "current_state": "AwoooP Tenants 已改用 SRC-###;仍需由 guard 固定 public surface redaction 規則。", - "required_next_step": "持續跑 security mirror guard;新增頁面或 API payload 時一律先做 sensitive public-surface scan。", + "current_state": "AwoooP 高可見頁已改用公開名稱 / SRC-###;仍需由 guard 固定 public surface redaction 規則。", + "required_next_step": "持續跑 security mirror guard;新增頁面、API payload 或 client bundle 時一律先做 sensitive public-surface scan。", }, { "gap_id": "raw_namespace_internal_evidence_misroute_risk", @@ -85,7 +85,7 @@ CURRENT_REQUIREMENT_GAPS = [ "priority": "P0", "status": "remediated_by_this_snapshot", "requirement": "S4.9 缺口稽核基準需跟上最新 gitea/main、deploy marker、production verification 與 LOGBOOK。", - "current_state": "舊 MD 仍提到 2026-06-13 與舊基準;本 snapshot 將基準更新到目前 release worktree。", + "current_state": "舊 MD / 產生器曾停在 2026-06-14 以前的 deploy marker;本 snapshot 將基準更新到最新 AwoooP 高可見頁脫敏正式驗證。", "required_next_step": "每次推送前 fetch gitea 並更新 basis,不得沿用舊 commit 宣稱最新。", }, { @@ -296,9 +296,9 @@ def build_report(root: Path, generated_at: str | None) -> dict[str, Any]: "mode": "read_only_gap_audit_no_runtime_action", "basis": { "gitea_main_commit": git_output(root, ["git", "rev-parse", "--short", "gitea/main"]), - "latest_runtime_deploy_marker": "605fde43", - "latest_tenants_redaction_commit": "4bbc5269", - "latest_logbook_commit": "8795c08d", + "latest_runtime_deploy_marker": "166497ee", + "latest_tenants_redaction_commit": "94a9c612", + "latest_logbook_commit": "57df61da", "source_control_rollup_date": rollup.get("date"), "source_control_rollup_templates": rollup.get("summary", {}).get("total_response_template_count"), "production_verification_required_for_frontend_changes": True, diff --git a/scripts/security/source-control-owner-response-guard.py b/scripts/security/source-control-owner-response-guard.py index a4c5e8aa..a409e409 100755 --- a/scripts/security/source-control-owner-response-guard.py +++ b/scripts/security/source-control-owner-response-guard.py @@ -16,9 +16,9 @@ from typing import Any EXPECTED_ROLLUP_DATE = "2026-06-13" EXPECTED_TEMPLATE_COUNT_FORMULA = "5 + 9 + 5 + 5 = 24" STALE_TEMPLATE_COUNT_FORMULA = "5 + 7 + 5 + 5 = 22" -EXPECTED_GAP_AUDIT_GITEA_MAIN = "8795c08d" -EXPECTED_GAP_AUDIT_DEPLOY_MARKER = "605fde43" -EXPECTED_GAP_AUDIT_TENANTS_REDACTION_COMMIT = "4bbc5269" +EXPECTED_GAP_AUDIT_GITEA_MAIN = "57df61da" +EXPECTED_GAP_AUDIT_DEPLOY_MARKER = "166497ee" +EXPECTED_GAP_AUDIT_TENANTS_REDACTION_COMMIT = "94a9c612" EXPECTED_GAP_AUDIT_GAP_IDS = [ "s49_owner_response_absent",