diff --git a/apps/web/messages/en.json b/apps/web/messages/en.json
index 6a582821..21b8d063 100644
--- a/apps/web/messages/en.json
+++ b/apps/web/messages/en.json
@@ -2102,6 +2102,54 @@
"guard": "active runtime gates=0; action buttons=false"
}
}
+ },
+ "hostOwnerDecisionRecordFormalCandidateReviewOutcomes": {
+ "title": "Host Owner Decision Record Formal Candidate Review Outcome Lanes",
+ "subtitle": "Formal candidate review outcome only shows next-step lanes after candidate review. This does not mark review passed, mark finalized, create decision records, mark accepted, create approval records, or open runtime gates.",
+ "laneLabel": "Outcome lane",
+ "nextLabel": "Next remains read-only",
+ "items": {
+ "readyForHumanRecordQueue": {
+ "title": "Ready for human record queue",
+ "body": "When candidate fields are readable, this can only show readiness for a human formal-record queue and does not create decision records.",
+ "next": "queue visible only; record created=false"
+ },
+ "identityNeedsTrace": {
+ "title": "Record identity needs trace",
+ "body": "When candidate record id, version, owner, review scope, or trace source is missing, the item returns to identity trace collection.",
+ "next": "collect identity trace; review passed=0"
+ },
+ "decisionSummaryNeedsClarification": {
+ "title": "Decision summary needs clarification",
+ "body": "When decision summary, risk acceptance boundary, or no-execution statement is unclear, the item remains a candidate.",
+ "next": "clarify decision summary; accepted=0"
+ },
+ "scopeExpiryNeedsRefresh": {
+ "title": "Scope and expiry need refresh",
+ "body": "When host, network, service, exclusion, observation intent, or expiry is inconsistent, the item cannot enter a formal record.",
+ "next": "refresh scope / expiry; finalized=0"
+ },
+ "scanLimitsAmbiguous": {
+ "title": "Scan limits remain ambiguous",
+ "body": "When active scan or credentialed scan limits could be misread, the lane stays locked as not authorized.",
+ "next": "clarify scan limits; scan authorized=false"
+ },
+ "credentialBoundaryFailed": {
+ "title": "Credential boundary failed",
+ "body": "When credential metadata, retention, masking, or forbidden collection boundary is unclear, the lane remains quarantined.",
+ "next": "repair metadata-only boundary; secret collection=false"
+ },
+ "maintenanceRollbackIncomplete": {
+ "title": "Maintenance and rollback incomplete",
+ "body": "When maintenance window, constraints, rollback owner, recovery path, or human contact is not traceable, approval semantics cannot be created.",
+ "next": "collect maintenance / rollback; host update=false"
+ },
+ "runtimeGateStillRequired": {
+ "title": "Runtime gate still required",
+ "body": "Validation evidence or runtime gate pointer still requires a separate follow-up gate and cannot open from the outcome.",
+ "next": "active runtime gates=0; action buttons=false"
+ }
+ }
}
},
"tickets": {
diff --git a/apps/web/messages/zh-TW.json b/apps/web/messages/zh-TW.json
index 4d916e4b..8c202d43 100644
--- a/apps/web/messages/zh-TW.json
+++ b/apps/web/messages/zh-TW.json
@@ -2103,6 +2103,54 @@
"guard": "active runtime gates=0;action buttons=false"
}
}
+ },
+ "hostOwnerDecisionRecordFormalCandidateReviewOutcomes": {
+ "title": "主機 Owner Decision Record Formal Candidate Review Outcome Lanes",
+ "subtitle": "Formal candidate review outcome 只呈現候選核對後的下一步分流。這裡不標記 review passed、不標記 finalized、不建立 decision record、不標記 accepted、不建立 approval record、不開 runtime gate。",
+ "laneLabel": "Outcome lane",
+ "nextLabel": "下一步仍只讀",
+ "items": {
+ "readyForHumanRecordQueue": {
+ "title": "Ready for human record queue",
+ "body": "候選欄位可讀時,只能顯示可送人工正式紀錄佇列,不會建立 decision record。",
+ "next": "queue visible only;record created=false"
+ },
+ "identityNeedsTrace": {
+ "title": "Record identity needs trace",
+ "body": "candidate record id、版本、owner、review scope 或 trace source 不足時,回到身份追蹤補件。",
+ "next": "補 identity trace;review passed=0"
+ },
+ "decisionSummaryNeedsClarification": {
+ "title": "Decision summary needs clarification",
+ "body": "decision summary、風險接受邊界或不執行聲明不清楚時,維持候選狀態。",
+ "next": "補 decision summary;accepted=0"
+ },
+ "scopeExpiryNeedsRefresh": {
+ "title": "Scope and expiry need refresh",
+ "body": "host、network、service、exclusion、觀察目的或到期時間不一致時,不進入正式紀錄。",
+ "next": "補 scope / expiry;finalized=0"
+ },
+ "scanLimitsAmbiguous": {
+ "title": "Scan limits remain ambiguous",
+ "body": "active scan 或 credentialed scan limits 可能被誤讀時,仍鎖在不授權狀態。",
+ "next": "補 scan limits;scan authorized=false"
+ },
+ "credentialBoundaryFailed": {
+ "title": "Credential boundary failed",
+ "body": "credential metadata、retention、masking 或 forbidden collection 邊界不清楚時,直接隔離。",
+ "next": "補 metadata-only boundary;secret collection=false"
+ },
+ "maintenanceRollbackIncomplete": {
+ "title": "Maintenance and rollback incomplete",
+ "body": "維護窗口、限制條件、rollback owner、復原路徑或人工聯絡點不可追時,不能建立批准語義。",
+ "next": "補 maintenance / rollback;host update=false"
+ },
+ "runtimeGateStillRequired": {
+ "title": "Runtime gate still required",
+ "body": "validation evidence 或 runtime gate pointer 仍需要獨立 follow-up gate,不能由 outcome 開 gate。",
+ "next": "active runtime gates=0;action buttons=false"
+ }
+ }
}
},
"tickets": {
diff --git a/apps/web/src/app/[locale]/iwooos/page.tsx b/apps/web/src/app/[locale]/iwooos/page.tsx
index 5a98051a..533ef382 100644
--- a/apps/web/src/app/[locale]/iwooos/page.tsx
+++ b/apps/web/src/app/[locale]/iwooos/page.tsx
@@ -215,6 +215,13 @@ type HostOwnerDecisionRecordFormalCandidateReviewItem = {
tone: 'steady' | 'warn' | 'locked'
}
+type HostOwnerDecisionRecordFormalCandidateReviewOutcomeLane = {
+ key: string
+ lane: string
+ icon: typeof ShieldCheck
+ tone: 'steady' | 'warn' | 'locked'
+}
+
const postureMetrics: PostureMetric[] = [
{ key: 'overall', value: '58%', tone: 'warn' },
{ key: 'framework', value: '80-85%', tone: 'steady' },
@@ -506,6 +513,17 @@ const hostOwnerDecisionRecordFormalCandidateReviewItems: HostOwnerDecisionRecord
{ key: 'runtimeGateStillClosed', check: 'FR7', icon: ShieldCheck, tone: 'locked' },
]
+const hostOwnerDecisionRecordFormalCandidateReviewOutcomeLanes: HostOwnerDecisionRecordFormalCandidateReviewOutcomeLane[] = [
+ { key: 'readyForHumanRecordQueue', lane: 'FV1', icon: CheckCircle2, tone: 'steady' },
+ { key: 'identityNeedsTrace', lane: 'FV2', icon: FileText, tone: 'warn' },
+ { key: 'decisionSummaryNeedsClarification', lane: 'FV3', icon: ClipboardCheck, tone: 'warn' },
+ { key: 'scopeExpiryNeedsRefresh', lane: 'FV4', icon: Radar, tone: 'warn' },
+ { key: 'scanLimitsAmbiguous', lane: 'FV5', icon: Activity, tone: 'locked' },
+ { key: 'credentialBoundaryFailed', lane: 'FV6', icon: Lock, tone: 'locked' },
+ { key: 'maintenanceRollbackIncomplete', lane: 'FV7', icon: Clock3, tone: 'warn' },
+ { key: 'runtimeGateStillRequired', lane: 'FV8', icon: ShieldCheck, tone: 'locked' },
+]
+
const evidenceItems = [
'iwooos-posture-projection.snapshot.json',
'security-rollout-policy.snapshot.json',
@@ -1328,6 +1346,38 @@ function HostOwnerDecisionRecordFormalCandidateReviewCard({
)
}
+function HostOwnerDecisionRecordFormalCandidateReviewOutcomeCard({
+ item,
+}: {
+ item: HostOwnerDecisionRecordFormalCandidateReviewOutcomeLane
+}) {
+ const t = useTranslations('iwooos.hostOwnerDecisionRecordFormalCandidateReviewOutcomes')
+ const Icon = item.icon
+ return (
+
+
+
+
+ {t('laneLabel')}
+
+
{item.lane}
+
+
+ {t(`items.${item.key}.title` as never)}
+
+
+ {t(`items.${item.key}.body` as never)}
+
+
+
{t('nextLabel')}
+
+ {t(`items.${item.key}.next` as never)}
+
+
+
+ )
+}
+
export default function IwoooSPage({ params }: { params: { locale: string } }) {
const t = useTranslations('iwooos')
@@ -1800,6 +1850,26 @@ export default function IwoooSPage({ params }: { params: { locale: string } }) {
+
+
+
{t('hostOwnerDecisionRecordFormalCandidateReviewOutcomes.title')}
+
+ {t('hostOwnerDecisionRecordFormalCandidateReviewOutcomes.subtitle')}
+
+
+
+ {hostOwnerDecisionRecordFormalCandidateReviewOutcomeLanes.map(item => (
+
+ ))}
+
+
+
None:
"s2_31_iwooos_host_owner_decision_record_writeup_review_outcome_lanes",
"s2_32_iwooos_host_owner_decision_record_formal_candidate_packets",
"s2_33_iwooos_host_owner_decision_record_formal_candidate_review_checklist",
+ "s2_34_iwooos_host_owner_decision_record_formal_candidate_review_outcome_lanes",
]
assert_equal(
"progress_delta_ledger.delta_ids",
@@ -528,6 +529,16 @@ def validate(root: Path) -> None:
"host_decision_record_formal_candidate_maintenance_rollback_review_check",
"host_decision_record_formal_candidate_runtime_gate_review_check",
]
+ expected_iwooos_host_owner_decision_record_formal_candidate_review_outcome_lane_ids = [
+ "host_decision_record_formal_candidate_review_ready_for_record_queue_outcome_lane",
+ "host_decision_record_formal_candidate_review_identity_needs_trace_outcome_lane",
+ "host_decision_record_formal_candidate_review_summary_needs_clarification_outcome_lane",
+ "host_decision_record_formal_candidate_review_scope_expiry_needs_refresh_outcome_lane",
+ "host_decision_record_formal_candidate_review_scan_limits_ambiguous_outcome_lane",
+ "host_decision_record_formal_candidate_review_credential_boundary_failed_outcome_lane",
+ "host_decision_record_formal_candidate_review_maintenance_rollback_incomplete_outcome_lane",
+ "host_decision_record_formal_candidate_review_runtime_gate_required_outcome_lane",
+ ]
assert_equal(
"iwooos_projection.summary.frontend_surface_coverage_group_count",
iwooos_projection["summary"]["frontend_surface_coverage_group_count"],
@@ -648,6 +659,11 @@ def validate(root: Path) -> None:
iwooos_projection["summary"]["host_owner_decision_record_formal_candidate_review_checklist_item_count"],
len(expected_iwooos_host_owner_decision_record_formal_candidate_review_checklist_item_ids),
)
+ assert_equal(
+ "iwooos_projection.summary.host_owner_decision_record_formal_candidate_review_outcome_lane_count",
+ iwooos_projection["summary"]["host_owner_decision_record_formal_candidate_review_outcome_lane_count"],
+ len(expected_iwooos_host_owner_decision_record_formal_candidate_review_outcome_lane_ids),
+ )
iwooos_progress = iwooos_projection["progress"]
assert_equal("iwooos_projection.progress.overall_percent", iwooos_progress["overall_percent"], progress["overall_percent"])
assert_equal(
@@ -2250,6 +2266,92 @@ def validate(root: Path) -> None:
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_checklist_items.{item['check_id']}.not_authorization",
item["not_authorization"],
)
+ iwooos_host_owner_decision_record_formal_candidate_review_outcome_lanes = iwooos_projection[
+ "host_owner_decision_record_formal_candidate_review_outcome_lanes"
+ ]
+ assert_equal(
+ "iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.ids",
+ [item["lane_id"] for item in iwooos_host_owner_decision_record_formal_candidate_review_outcome_lanes],
+ expected_iwooos_host_owner_decision_record_formal_candidate_review_outcome_lane_ids,
+ )
+ assert_equal(
+ "iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.display_order",
+ [item["display_order"] for item in iwooos_host_owner_decision_record_formal_candidate_review_outcome_lanes],
+ list(range(1, len(expected_iwooos_host_owner_decision_record_formal_candidate_review_outcome_lane_ids) + 1)),
+ )
+ expected_iwooos_host_owner_decision_record_formal_candidate_review_outcome_states = [
+ "ready_for_separate_human_record_queue",
+ "record_identity_trace_missing",
+ "decision_summary_needs_clarification",
+ "scope_expiry_needs_refresh",
+ "scan_limits_ambiguous_not_authorization",
+ "credential_boundary_failed",
+ "maintenance_rollback_incomplete",
+ "waiting_separate_runtime_gate",
+ ]
+ assert_equal(
+ "iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.outcome_states",
+ [item["outcome_state"] for item in iwooos_host_owner_decision_record_formal_candidate_review_outcome_lanes],
+ expected_iwooos_host_owner_decision_record_formal_candidate_review_outcome_states,
+ )
+ for item in iwooos_host_owner_decision_record_formal_candidate_review_outcome_lanes:
+ assert_equal(
+ f"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.{item['lane_id']}.display_mode",
+ item["display_mode"],
+ "owner_decision_record_formal_candidate_review_outcome_only",
+ )
+ assert_equal(
+ f"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.{item['lane_id']}.formal_record_candidate_review_passed_count",
+ item["formal_record_candidate_review_passed_count"],
+ 0,
+ )
+ assert_equal(
+ f"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.{item['lane_id']}.formal_record_candidate_finalized_count",
+ item["formal_record_candidate_finalized_count"],
+ 0,
+ )
+ assert_false(
+ f"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.{item['lane_id']}.decision_record_created",
+ item["decision_record_created"],
+ )
+ assert_equal(
+ f"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.{item['lane_id']}.owner_decision_received_count",
+ item["owner_decision_received_count"],
+ 0,
+ )
+ assert_equal(
+ f"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.{item['lane_id']}.owner_decision_accepted_count",
+ item["owner_decision_accepted_count"],
+ 0,
+ )
+ assert_false(
+ f"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.{item['lane_id']}.owner_approval_record_created",
+ item["owner_approval_record_created"],
+ )
+ assert_false(
+ f"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.{item['lane_id']}.runtime_gate_opened",
+ item["runtime_gate_opened"],
+ )
+ assert_false(
+ f"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.{item['lane_id']}.raw_payload_allowed",
+ item["raw_payload_allowed"],
+ )
+ assert_false(
+ f"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.{item['lane_id']}.secret_value_collection_allowed",
+ item["secret_value_collection_allowed"],
+ )
+ assert_false(
+ f"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.{item['lane_id']}.runtime_execution_authorized",
+ item["runtime_execution_authorized"],
+ )
+ assert_false(
+ f"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.{item['lane_id']}.action_buttons_allowed",
+ item["action_buttons_allowed"],
+ )
+ assert_true(
+ f"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.{item['lane_id']}.not_authorization",
+ item["not_authorization"],
+ )
assert_equal(
"iwooos_projection.non_blocking_lane_ids",
iwooos_projection["non_blocking_lane_ids"],
@@ -2292,6 +2394,7 @@ def validate(root: Path) -> None:
"display_host_owner_decision_record_writeup_review_outcome_lanes",
"display_host_owner_decision_record_formal_candidate_packets",
"display_host_owner_decision_record_formal_candidate_review_checklist",
+ "display_host_owner_decision_record_formal_candidate_review_outcome_lanes",
"display_evidence_refs",
"display_forbidden_actions",
]:
@@ -2377,6 +2480,11 @@ def validate(root: Path) -> None:
"mark_host_owner_decision_record_formal_candidate_review_finalized",
"create_host_owner_decision_record_from_formal_candidate_review",
"open_runtime_gate_from_owner_decision_record_formal_candidate_review",
+ "treat_host_owner_decision_record_formal_candidate_review_outcome_as_approval",
+ "mark_host_owner_decision_record_formal_candidate_review_outcome_passed",
+ "mark_host_owner_decision_record_formal_candidate_review_outcome_finalized",
+ "create_host_owner_decision_record_from_formal_candidate_review_outcome",
+ "open_runtime_gate_from_owner_decision_record_formal_candidate_review_outcome",
"apply_runtime_blocking_control",
"switch_github_primary",
"production_deploy",