From ecdf135c8cf04fd58f901cc02892e9671f4905cd Mon Sep 17 00:00:00 2001 From: Your Name Date: Sun, 28 Jun 2026 15:36:25 +0800 Subject: [PATCH] docs(logbook): record wazuh live metadata validator rollout [skip ci] --- docs/LOGBOOK.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index 09f4f7af..0a7d6816 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -9,6 +9,9 @@ - `DATABASE_URL=sqlite:///test.db PYTHONPATH=apps/api python3.11 -m pytest apps/api/tests/test_iwooos_runtime_security_readback.py -q`:`17 passed`。 - `DATABASE_URL=sqlite:///test.db PYTHONPATH=apps/api python3.11 -m pytest apps/api/tests/test_iwooos_wazuh_managed_host_coverage.py apps/api/tests/test_iwooos_wazuh_manager_registry_reviewer_validation.py apps/api/tests/test_iwooos_runtime_security_readback.py apps/api/tests/test_iwooos_security_control_coverage.py -q`:`36 passed`。 - `python3 scripts/security/wazuh-readonly-route-boundary-guard.py --root .`、`python3 scripts/security/security-mirror-progress-guard.py --root .`、`py_compile`、`git diff --check`:通過。 +- Production:Gitea main `aa6b7c255` / API image `48fa4ee02272284a2b5ed8d2237e79a0ae672e5e` 已由 ArgoCD 讀回 `Synced / Healthy`,`awoooi-api` `2/2`。 +- Production `GET /api/v1/iwooos/wazuh-live-metadata-gate` HTTP 200;valid redacted POST 回 `accepted_for_live_metadata_owner_review_only`,POST 後 GET summary 完全一致;sensitive sample 回 `quarantine_sensitive_payload` 且不回顯 raw IP / Bearer,runtime-action sample 回 `reject_runtime_action_request`。 +- P3 release gate:`PASS=38 WARN=3 BLOCKED=0`;regular / drain cd-lane 皆 `failclosed`,`BAD_RUNNER_GUARDRAILS 0`,`NO_ACTIVE_JOB_CONTAINERS`。 **邊界**:沒有讀 secret / raw env / raw Wazuh payload / raw session;沒有查 live Wazuh;沒有 host / Docker / systemd / Nginx / firewall / K8s runtime action;沒有打開 runtime gate。