Compare commits
1 Commits
codex/iwoo
...
codex/iwoo
| Author | SHA1 | Date | |
|---|---|---|---|
|
eba2bd4fd0 |
@@ -1267,7 +1267,7 @@
|
||||
"title": "已納入 IwoooS 只讀資安鏡像",
|
||||
"subtitle": "這個既有安全 / 合規頁面現在會反向標示 IwoooS 納管狀態;只顯示整體進度、框架成熟度與 runtime 邊界,不新增掃描、修復、批准或部署按鈕。",
|
||||
"compactTitle": "IwoooS",
|
||||
"compactDetail": "58% / gate 0",
|
||||
"compactDetail": "61% / gate 0",
|
||||
"openIwooos": "開啟 IwoooS",
|
||||
"sourceLabel": "整合來源",
|
||||
"sourceDetail": "SecurityPanel、CompliancePanel、standalone /security 與 /compliance 仍保留原本資料來源;IwoooS 只做資安網索引與 mirror-only 姿態彙整。",
|
||||
@@ -2099,48 +2099,48 @@
|
||||
"item4": "Open the AwoooP work map"
|
||||
},
|
||||
"securityMirror": {
|
||||
"title": "IwoooS Security Mirror",
|
||||
"subtitle": "AwoooP home displays IwoooS / security mirror state as a read-only candidate so operators can understand security mesh progress and boundaries. This is not production_landing_enabled and does not connect an execution router.",
|
||||
"badge": "Read-only candidate",
|
||||
"openIwooos": "Open IwoooS",
|
||||
"checkpointsTitle": "Intake Checks",
|
||||
"boundaryLabel": "Safety Boundary",
|
||||
"boundaryTitle": "Still in the low-friction framework phase",
|
||||
"boundaryDetail": "This panel displays committed snapshot and guard semantics only. It does not call Kali, GitHub, Gitea, or runtime APIs, and it does not provide scan, execute, repair, deploy, primary switch, or refs actions.",
|
||||
"title": "IwoooS 資安鏡像",
|
||||
"subtitle": "AwoooP 首頁已以正式只讀方式顯示 IwoooS / 資安鏡像狀態,讓使用者理解資安網進度與邊界;這不是執行入口,也不接執行路由器。",
|
||||
"badge": "正式只讀",
|
||||
"openIwooos": "開啟 IwoooS",
|
||||
"checkpointsTitle": "接入檢查",
|
||||
"boundaryLabel": "安全邊界",
|
||||
"boundaryTitle": "仍維持低摩擦框架期",
|
||||
"boundaryDetail": "這個面板只顯示已提交快照與防護檢查口徑,不呼叫 Kali、GitHub、Gitea 或執行期 API,也不提供掃描、執行、修復、部署、主要來源切換或分支 / 標籤參照動作。",
|
||||
"metrics": {
|
||||
"headline": {
|
||||
"label": "Overall Security Mesh",
|
||||
"detail": "The headline still waits for 負責人回覆, redacted ingestion, 執行期閘門, GitHub primary, or AwoooP production landing evidence."
|
||||
"label": "整體資安網",
|
||||
"detail": "已因 AwoooP 正式只讀 landing 證據保守重估;其餘 owner response、runtime gate 與 GitHub primary 仍等待。"
|
||||
},
|
||||
"framework": {
|
||||
"label": "Framework Maturity",
|
||||
"detail": "Governance, docs, schemas, read-only evidence, and IwoooS projection are close to complete."
|
||||
"label": "框架成熟度",
|
||||
"detail": "治理、文件、結構定義、只讀證據與 IwoooS 投影已接近完整。"
|
||||
},
|
||||
"runtime": {
|
||||
"label": "Runtime Landing",
|
||||
"detail": "Runtime ingestion, GitHub primary, and AwoooP production landing still require later evidence."
|
||||
"label": "落地執行",
|
||||
"detail": "AwoooP 只讀 landing 已有證據;執行期匯入、GitHub 主要來源與 runtime gate 仍未開。"
|
||||
},
|
||||
"activeGates": {
|
||||
"label": "Active Runtime Gates",
|
||||
"detail": "Currently 0; any host or blocking control still needs separate approval."
|
||||
"label": "主動執行閘門",
|
||||
"detail": "目前維持 0,任何主機或阻擋型控制都仍需獨立批准。"
|
||||
}
|
||||
},
|
||||
"checkpoints": {
|
||||
"iwooosProjection": {
|
||||
"title": "IwoooS projection is readable",
|
||||
"detail": "AwoooP displays only IwoooS posture, progress, evidence refs, and forbidden actions."
|
||||
"title": "IwoooS 投影可讀",
|
||||
"detail": "AwoooP 只顯示 IwoooS 態勢、進度、證據參照與禁止動作。"
|
||||
},
|
||||
"rollupGuard": {
|
||||
"title": "Guard semantics match",
|
||||
"detail": "Before handoff, keep security-mirror-progress-guard.py and source-control-owner-response-guard.py green."
|
||||
"title": "防護檢查口徑一致",
|
||||
"detail": "接手前維持 security-mirror-progress-guard.py 與 source-control-owner-response-guard.py 綠燈。"
|
||||
},
|
||||
"ownerResponse": {
|
||||
"title": "負責人回覆 still waiting",
|
||||
"detail": "S4.9 through S4.12 已收到 / 已接受 remain 0; display state is not completed validation."
|
||||
"title": "負責人回覆仍等待",
|
||||
"detail": "S4.9 到 S4.12 收到 / 接受都仍為 0,不把顯示狀態當驗收完成。"
|
||||
},
|
||||
"productionLanding": {
|
||||
"title": "Production landing is not complete",
|
||||
"detail": "AwoooP main line still needs deployment proof and read-only consumption evidence before headline review."
|
||||
"title": "正式只讀入口已完成",
|
||||
"detail": "已以正式站部署與只讀消費證據納入 61% 重估;仍不代表 execution router 或 runtime 授權。"
|
||||
}
|
||||
}
|
||||
},
|
||||
@@ -2441,8 +2441,8 @@
|
||||
"remediationWrites": "Writes: incident={incident}; autoRepair={autoRepair}",
|
||||
"timelineReady": "時間線 gate is not currently a top gap",
|
||||
"timelineMissing": "Quality summary still reports a 時間線 / audit gap",
|
||||
"iwooosSecurityMirror": "Overall {headline}; framework {framework}; landing {runtime}; active 執行期閘門s={gates}",
|
||||
"iwooosSecurityMirrorOwner": "負責人回覆 is still waiting; production_landing_enabled=false",
|
||||
"iwooosSecurityMirror": "整體 {headline};框架 {framework};落地 {runtime};主動執行閘門={gates}",
|
||||
"iwooosSecurityMirrorOwner": "AwoooP 正式只讀 landing 已驗證;負責人回覆仍等待",
|
||||
"iwooosSecurityMirrorBoundary": "execution_router_linked=false; runtime_execution_authorized=false; action_buttons_allowed=false",
|
||||
"githubPrimaryReadiness": "候選專案庫={candidates};範圍內={inScope};主要來源就緒={ready}",
|
||||
"githubPrimaryOwnerResponses": "負責人回覆 remains 0/22; request-ready is not accepted",
|
||||
@@ -3854,7 +3854,7 @@
|
||||
"activeRuntimeGates": "主動執行期閘門",
|
||||
"activeRuntimeGatesDetail": "Any 執行期閘門 still needs separate approval plus rollback and 後檢證據.",
|
||||
"headline": "Overall Security Mesh",
|
||||
"headlineDetail": "58% is only reviewed when 負責人回覆, 執行期閘門, GitHub primary, or production landing evidence changes."
|
||||
"headlineDetail": "已因 AwoooP 正式只讀落地證據重估到 61%;下一次仍要靠負責人回覆、執行期閘門或 GitHub 主要來源證據。"
|
||||
},
|
||||
"checks": {
|
||||
"s49OwnerAttestation": {
|
||||
@@ -4640,6 +4640,32 @@
|
||||
"state": "只讀鏡像 / 先觀測",
|
||||
"detail": "All numbers come from verified snapshots and guards. This page only displays posture, gaps, next gates, and non-blocking lanes."
|
||||
},
|
||||
"informationArchitecture": {
|
||||
"overview": {
|
||||
"title": "一眼看懂",
|
||||
"summary": "預設只展開 headline、下一個 gate、進度移動條件與目前仍鎖住的邊界。"
|
||||
},
|
||||
"frontStage": {
|
||||
"title": "前台入口與既有資安頁",
|
||||
"summary": "整合安全合規、告警、授權、治理、稽核與 Code Review 的只讀入口。"
|
||||
},
|
||||
"progressPath": {
|
||||
"title": "下一步與阻塞解除",
|
||||
"summary": "集中顯示低摩擦 rollout、非阻擋分流、第一個可讓 61% 往前的證據路徑。"
|
||||
},
|
||||
"ownerEvidence": {
|
||||
"title": "版本來源與負責人回覆",
|
||||
"summary": "保留 Gitea / GitHub owner response、S4.9 收件、預檢與人工決策證據。"
|
||||
},
|
||||
"awooopVersion": {
|
||||
"title": "AwoooP 只讀落地與版本證據",
|
||||
"summary": "收納產品 rollout、AwoooP production landing、evidence wiring 與跨 Session 交接。"
|
||||
},
|
||||
"hostKali": {
|
||||
"title": "主機與 Kali 邊界",
|
||||
"summary": "將 192.168.0.112 / 111 / 168 的 observe-only、收件與人工決策證據收在進階區。"
|
||||
}
|
||||
},
|
||||
"metrics": {
|
||||
"overall": {
|
||||
"label": "Overall mesh",
|
||||
@@ -4713,7 +4739,7 @@
|
||||
},
|
||||
"progressHolding": {
|
||||
"title": "Progress display holding",
|
||||
"body": "58% means high-level gates are pending; it is neither stuck nor runtime approval."
|
||||
"body": "61% means high-level gates are pending; it is neither stuck nor runtime approval."
|
||||
}
|
||||
},
|
||||
"existingSurfaces": {
|
||||
@@ -4790,7 +4816,7 @@
|
||||
},
|
||||
"legacySecurity": {
|
||||
"title": "Legacy Security Monitor",
|
||||
"body": "The standalone security page now shows the IwoooS read-only bridge and 58% / gate 0 boundary.",
|
||||
"body": "The standalone security page now shows the IwoooS read-only bridge and 61% / gate 0 boundary.",
|
||||
"boundary": "Keeps error and security signals visible without turning the page into a scan entrypoint."
|
||||
},
|
||||
"legacyCompliance": {
|
||||
@@ -4888,7 +4914,7 @@
|
||||
"steps": {
|
||||
"readPosture": {
|
||||
"title": "Read Current Posture",
|
||||
"body": "Start from the 58% headline, framework / runtime landing, active gates, and next high-level gate.",
|
||||
"body": "Start from the 61% headline, framework / runtime landing, active gates, and next high-level gate.",
|
||||
"output": "read-only posture, not authorization"
|
||||
},
|
||||
"openSurface": {
|
||||
@@ -6410,47 +6436,47 @@
|
||||
}
|
||||
},
|
||||
"progressHoldMovementGates": {
|
||||
"title": "Why 58% Is Still Holding",
|
||||
"subtitle": "S2.50 把 headline 進度的移動門檻直接顯示出來:目前不是沒有推進,而是五個會讓 58% 進入下一輪重估的閘門都還沒有實質 evidence。框架、文件、前端可見性會累積在 86-88% 框架進度,但不會灌水成落地百分比。",
|
||||
"gateLabel": "Movement gate",
|
||||
"moveLabel": "When it moves",
|
||||
"guardLabel": "No inflation rule",
|
||||
"title": "為什麼現在是 61%",
|
||||
"subtitle": "AwoooP 正式只讀 landing 已有部署與消費證據,所以 headline 從 58% 保守重估到 61%。其餘四個高層 gate 仍是 0 / false,框架、文件與前端可見性不會被灌水成 runtime 執行。",
|
||||
"gateLabel": "移動門檻",
|
||||
"moveLabel": "什麼時候會動",
|
||||
"guardLabel": "不灌水原則",
|
||||
"items": {
|
||||
"ownerResponseAccepted": {
|
||||
"title": "負責人回覆 accepted is still 0",
|
||||
"body": "S4.9-S4.12 still have no 負責人回覆 已收到 / 已接受; S4.9 is request-ready only.",
|
||||
"move": "The headline can be reviewed after the first redacted 負責人回覆s pass S4.9 preflight and the S4.13 rollup.",
|
||||
"guard": "Do not treat request-ready, templates, preflight, or focus as 已收到 / 已接受."
|
||||
"title": "負責人回覆 accepted 仍是 0",
|
||||
"body": "S4.9-S4.12 都還沒有負責人回覆 已收到 / 已接受,S4.9 目前只是 request-ready。",
|
||||
"move": "第一批脫敏負責人回覆通過 S4.9 preflight 與 S4.13 rollup 後,headline 才有重估依據。",
|
||||
"guard": "不把 request-ready、範本、preflight 或焦點當成 已收到 / 已接受。"
|
||||
},
|
||||
"redactedPayloadIngested": {
|
||||
"title": "Redacted payload ingestion is not enabled",
|
||||
"body": "Evidence refs, redaction examples, quarantine, and preflight exist, but there is no accepted payload ingestion yet.",
|
||||
"move": "Runtime landing can be reviewed after redacted payloads are approved, pass preflight, and enter read-only ingestion.",
|
||||
"guard": "No raw payloads, credential plaintext, or doc examples as ingestion."
|
||||
"title": "脫敏 payload 匯入仍未啟用",
|
||||
"body": "目前只定義 evidence refs、redaction examples、quarantine 與 preflight,尚未有 accepted payload ingestion。",
|
||||
"move": "脫敏 payload 經人工批准、通過 preflight、進入只讀 ingestion 後,runtime landing 才能重估。",
|
||||
"guard": "不收原始載荷、不收 credential plaintext、不把文件範例當 ingestion。"
|
||||
},
|
||||
"activeRuntimeGate": {
|
||||
"title": "Active 執行期閘門 is still 0",
|
||||
"body": "Kali `/execute`, SSH, host updates, blocking control, repo / refs / workflow actions remain outside an active gate.",
|
||||
"move": "It moves only after human approval, scope, rollback, post-check metrics, and a separate active 執行期閘門.",
|
||||
"guard": "Do not open 執行期閘門s from IwoooS, progress numbers, or checklists."
|
||||
"title": "主動 執行期閘門 仍是 0",
|
||||
"body": "Kali `/execute`、SSH、主機更新、blocking control、repo / refs / workflow 動作都仍在獨立 gate 之外。",
|
||||
"move": "人工批准、scope、rollback、post-check metrics 完整,並另開 active 執行期閘門 後才會動。",
|
||||
"guard": "不從 IwoooS 前端、progress 數字或 checklist 開 執行期閘門。"
|
||||
},
|
||||
"githubPrimaryReady": {
|
||||
"title": "GitHub primary ready is still 0",
|
||||
"body": "GitHub targets, refs truth, 工作流程 / 機密 name parity, and rollback ADR are still in owner-response / readiness phases.",
|
||||
"move": "primary_ready_count can become greater than 0 after at least one repo passes target, refs, 工作流程 / 機密 name, and rollback readiness.",
|
||||
"guard": "No repo creation, refs sync, primary switch, or candidate as readiness."
|
||||
"title": "GitHub 主要來源就緒數仍是 0",
|
||||
"body": "GitHub target、refs truth、工作流程 / 機密 name parity、rollback ADR 都還在負責人回覆 / 就緒度階段。",
|
||||
"move": "至少一批 repo 通過 target、refs、工作流程 / 機密 name 與 rollback readiness,primary_ready_count 才可大於 0。",
|
||||
"guard": "不建 repo、不 sync refs、不切主要來源、不把候選項當就緒。"
|
||||
},
|
||||
"awooopReadOnlyLanding": {
|
||||
"title": "AwoooP landing is not yet production-consumed",
|
||||
"body": "IwoooS is visible, but the AwoooP main line still needs read-only consumption of rollup, evidence refs, and guard results without execution routing.",
|
||||
"move": "User-visible progress improves after AwoooP consumes this state read-only and passes guard checks, still without production execution.",
|
||||
"guard": "Read-only landing is not an 操作按鈕, approval, runtime execution, or blocking control."
|
||||
"title": "AwoooP 正式只讀 landing 已驗證",
|
||||
"body": "正式站已能在 AwoooP / IwoooS / 安全頁只讀顯示資安鏡像進度、證據邊界與禁止動作,且沒有接 execution router。",
|
||||
"move": "這項證據已推動 headline 從 58% 重估到 61%;後續仍要等 owner response、runtime gate 或 GitHub primary 才能再動。",
|
||||
"guard": "read-only landing 不是 操作按鈕、approval、runtime execution 或 blocking control。"
|
||||
}
|
||||
}
|
||||
},
|
||||
"headlineMovementAcceptanceGate": {
|
||||
"title": "58% 重估驗收閘門",
|
||||
"subtitle": "S2.100 把下一次 headline 能不能從 58% 往前推的判定規則固定下來:只有真正收到並驗收脫敏負責人回覆、脫敏匯入、人工 執行期閘門、GitHub 主要來源就緒或 AwoooP production landing evidence,才會開啟重估;目前五個移動訊號仍都是 0 / false。",
|
||||
"title": "61% 重估驗收紀錄",
|
||||
"subtitle": "S2.100 的五個高層 gate 中,AwoooP production landing evidence 已有正式部署與只讀消費證據,因此本次只把 headline 從 58% 保守重估到 61%;其餘 owner response、脫敏匯入、執行期閘門與 GitHub 主要來源仍是 0 / false。",
|
||||
"gateLabel": "重估 gate",
|
||||
"acceptanceLabel": "驗收條件",
|
||||
"guardLabel": "仍禁止",
|
||||
@@ -6458,11 +6484,11 @@
|
||||
"summary": {
|
||||
"headline": {
|
||||
"label": "目前 headline",
|
||||
"detail": "仍維持 58%,不把框架層堆疊灌水成落地執行。"
|
||||
"detail": "已從 58% 保守重估到 61%,不把框架層堆疊灌水成落地執行。"
|
||||
},
|
||||
"signals": {
|
||||
"label": "移動訊號",
|
||||
"detail": "五個高層 gate 目前全部未滿足。"
|
||||
"detail": "五個高層 gate 中 1 個已有正式只讀 landing 證據。"
|
||||
},
|
||||
"s49Accepted": {
|
||||
"label": "S4.9 accepted",
|
||||
@@ -6470,13 +6496,13 @@
|
||||
},
|
||||
"review": {
|
||||
"label": "重估紀錄",
|
||||
"detail": "尚未開啟 headline review record。"
|
||||
"detail": "已建立本次 headline review record;runtime 仍未授權。"
|
||||
}
|
||||
},
|
||||
"items": {
|
||||
"s49OwnerResponseAccepted": {
|
||||
"title": "S4.9 負責人回覆驗收",
|
||||
"body": "下一個真正會推動 58% 的 P0 是 Gitea owner attestation:public-only / local gap、org/user endpoint、110 adjacent scope、repo owner canonical scope、legacy / inaccessible disposition 五項要收到脫敏 evidence。",
|
||||
"body": "下一個真正會推動 61% 的 P0 是 Gitea owner attestation:public-only / local gap、org/user endpoint、110 adjacent scope、repo owner canonical scope、legacy / inaccessible disposition 五項要收到脫敏 evidence。",
|
||||
"acceptance": "五項都通過 preflight 與 S4.13 validation rollup,才可記錄 owner_response_accepted_count > 0。",
|
||||
"guard": "不代填、不催收、不標記 已收到 / 已接受、不建立審批紀錄。"
|
||||
},
|
||||
@@ -6500,14 +6526,14 @@
|
||||
},
|
||||
"awooopProductionLandingProof": {
|
||||
"title": "AwoooP 正式只讀消費證據",
|
||||
"body": "使用者要有感,AwoooP 主線必須能只讀消費 rollup、evidence refs、guard result 與 forbidden actions。",
|
||||
"acceptance": "有 PR / deployment proof 證明 production 主線只讀顯示,且沒有接 execution router,才可視為 landing evidence。",
|
||||
"body": "AwoooP 主線已在正式站只讀消費 IwoooS / security mirror 的 headline、evidence refs、guard result 與 forbidden actions。",
|
||||
"acceptance": "已有 Gitea main commit、CD 成功與正式站路由驗證;execution_router_linked=false、runtime_execution_authorized=false。",
|
||||
"guard": "只讀 landing 不是 approval、操作按鈕、execution router 或 blocking control。"
|
||||
},
|
||||
"nextHeadlineReviewRecord": {
|
||||
"title": "下一次 headline review record",
|
||||
"body": "等任一高層 gate 真的有 evidence 後,才建立重估紀錄,說明為何從 58% 調整或為何仍維持。",
|
||||
"acceptance": "review record 必須引用具體 evidence refs、guard output、風險邊界與禁止動作清單。",
|
||||
"title": "本次 headline review record",
|
||||
"body": "本次重估只引用 AwoooP 正式只讀 landing 證據,說明為何從 58% 調整到 61%。",
|
||||
"acceptance": "review record 必須引用具體 evidence refs、guard output、風險邊界與禁止動作清單;本次仍鎖 runtime。",
|
||||
"guard": "不因為新增看板、文件或清單就調整 headline。"
|
||||
}
|
||||
}
|
||||
@@ -6684,7 +6710,7 @@
|
||||
},
|
||||
"ownerResponseCollectionBoard": {
|
||||
"title": "下一步人工收件作戰板",
|
||||
"subtitle": "把真正能推動 58% 的下一步集中顯示:S4.9-S4.12 四包負責人回覆都還是 0 已收到 / 0 已接受。本看板只讓人知道要收什麼,不會寄送、建立、接受或執行任何動作。",
|
||||
"subtitle": "把真正能推動 61% 的下一步集中顯示:S4.9-S4.12 四包負責人回覆都還是 0 已收到 / 0 已接受。本看板只讓人知道要收什麼,不會寄送、建立、接受或執行任何動作。",
|
||||
"packetLabel": "收件包",
|
||||
"movementLabel": "收件條件",
|
||||
"guardLabel": "仍不會做",
|
||||
@@ -8013,14 +8039,14 @@
|
||||
},
|
||||
"progressAcceleration": {
|
||||
"title": "Progress Acceleration And Real Unlock Points",
|
||||
"subtitle": "Progress is moving, but the 58% headline only gets reassessed when 負責人回覆s, 執行期閘門s, GitHub primary readiness, or AwoooP production landing produce real evidence. This board makes the next visible unlock points explicit.",
|
||||
"subtitle": "Progress is moving, but the 61% headline only gets reassessed when 負責人回覆s, 執行期閘門s, GitHub primary readiness, or AwoooP production landing produce real evidence. This board makes the next visible unlock points explicit.",
|
||||
"laneLabel": "Acceleration lane",
|
||||
"unlockLabel": "Unlock signal",
|
||||
"guardLabel": "Low-friction boundary remains",
|
||||
"items": {
|
||||
"ownerResponses": {
|
||||
"title": "Converge 負責人回覆s first",
|
||||
"body": "S4.9-S4.12 負責人回覆s for Gitea, GitHub targets, refs truth, and 工作流程 / 機密 names are the main reason the headline is holding at 58%.",
|
||||
"body": "S4.9-S4.12 負責人回覆s for Gitea, GitHub targets, refs truth, and 工作流程 / 機密 names are the main reason the headline is holding at 61%.",
|
||||
"unlock": "The headline can be reassessed only after the first accepted redacted 負責人回覆s arrive.",
|
||||
"guard": "Redacted evidence only; no repo creation, refs sync, workflow mutation, or 機密明文值 collection."
|
||||
},
|
||||
@@ -8058,7 +8084,7 @@
|
||||
},
|
||||
"ownerResponseNextActionFocus": {
|
||||
"title": "Owner Response Next-Action Focus",
|
||||
"subtitle": "S2.47 makes the owner-response work that can actually move the 58% headline explicit: collect S4.9 Gitea owner attestation first, then GitHub targets, refs truth, and 工作流程 / 機密 names. This is display-only: no chasing, autofill, or received marking.",
|
||||
"subtitle": "S2.47 makes the owner-response work that can actually move the 61% headline explicit: collect S4.9 Gitea owner attestation first, then GitHub targets, refs truth, and 工作流程 / 機密 names. This is display-only: no chasing, autofill, or received marking.",
|
||||
"focusLabel": "Next focus",
|
||||
"nextLabel": "Evidence to inspect",
|
||||
"guardLabel": "Still forbidden",
|
||||
@@ -8363,14 +8389,14 @@
|
||||
}
|
||||
},
|
||||
"progressMovementSignals": {
|
||||
"title": "58% 進度移動訊號驗收條",
|
||||
"subtitle": "S2.113 把真正會讓整體資安網 headline 往前的訊號拉到 IwoooS:負責人回覆、脫敏證據匯入、執行期閘門、GitHub 主要來源就緒與 AwoooP 落地證據目前都還是 0 或 false,所以進度維持 58%。",
|
||||
"title": "61% 進度移動訊號驗收條",
|
||||
"subtitle": "S2.113 把真正會讓整體資安網 headline 往前的訊號拉到 IwoooS:AwoooP 落地證據已驗證為 1,讓整體從 58% 保守重估到 61%;負責人回覆、脫敏證據匯入、執行期閘門與 GitHub 主要來源仍是 0 或 false。",
|
||||
"boundaryTitle": "進度移動驗收邊界",
|
||||
"boundaryIntro": "以下鍵值固定:這是 headline 移動條件的只讀驗收條,不是進度灌水、批准、掃描、修復、部署、主機變更或版本來源操作入口。",
|
||||
"summary": {
|
||||
"headline": {
|
||||
"label": "目前進度",
|
||||
"detail": "仍維持 58%,不把框架細節灌水。"
|
||||
"detail": "已依正式只讀 landing 證據重估到 61%,不把框架細節灌水。"
|
||||
},
|
||||
"signals": {
|
||||
"label": "移動訊號",
|
||||
@@ -8378,7 +8404,7 @@
|
||||
},
|
||||
"passed": {
|
||||
"label": "已通過",
|
||||
"detail": "目前 0,還沒有 headline 移動證據。"
|
||||
"detail": "目前 1,AwoooP 正式只讀 landing 是第一個 headline 移動證據。"
|
||||
},
|
||||
"runtime": {
|
||||
"label": "執行期閘門",
|
||||
@@ -8410,7 +8436,7 @@
|
||||
},
|
||||
"concreteSecurityWorkMap": {
|
||||
"title": "目前具體工作地圖",
|
||||
"subtitle": "S2.123 回應「很難理解有哪些具體工作」:把目前資安網拆成六條實體工作流。已完成的是前台可視化與只讀框架;真正會推動 58% 的下一步仍是 S4.9 負責人回覆被收到、脫敏並接受。",
|
||||
"subtitle": "S2.123 回應「很難理解有哪些具體工作」:把目前資安網拆成六條實體工作流。已完成的是前台可視化與只讀框架;真正會推動 61% 的下一步仍是 S4.9 負責人回覆被收到、脫敏並接受。",
|
||||
"workLabel": "工作",
|
||||
"boundaryTitle": "具體工作邊界",
|
||||
"boundaryIntro": "以下鍵值固定:這張圖只是把具體工作流講清楚,不是 runtime 授權、Kali 掃描、主機變更、repo/refs/workflow/secret 操作、GitHub primary 切換或 Gitea 停用。",
|
||||
@@ -8425,7 +8451,7 @@
|
||||
},
|
||||
"realGate": {
|
||||
"label": "下一真門檻",
|
||||
"detail": "S4.9 負責人回覆 accepted 才會讓 58% 有機會移動。"
|
||||
"detail": "S4.9 負責人回覆 accepted 才會讓 61% 有機會移動。"
|
||||
},
|
||||
"runtime": {
|
||||
"label": "執行授權",
|
||||
@@ -8436,7 +8462,7 @@
|
||||
"frontstageVisibility": {
|
||||
"title": "前台資安入口與使用者可視化",
|
||||
"body": "已把 IwoooS、既有安全/合規頁、AwoooP 首頁/工作鏈路/審批/合約/租戶/執行監控接成只讀資安視圖。",
|
||||
"evidence": "具體產出:使用者現在能從前台看見 58%、GitHub readiness、負責人回覆、host coverage 與 執行期閘門 0。"
|
||||
"evidence": "具體產出:使用者現在能從前台看見 61%、GitHub readiness、負責人回覆、host coverage 與 執行期閘門 0。"
|
||||
},
|
||||
"hostScopeInventory": {
|
||||
"title": "主機與範圍盤點框架",
|
||||
@@ -8450,7 +8476,7 @@
|
||||
},
|
||||
"ownerEvidenceIntake": {
|
||||
"title": "S4.9 負責人回覆與脫敏證據收件",
|
||||
"body": "已把第一個能推動 58% 的路徑拆成工作單、封套欄位、送件前檢查、送件鏈路與第一解鎖證據包。",
|
||||
"body": "已把第一個能推動 61% 的路徑拆成工作單、封套欄位、送件前檢查、送件鏈路與第一解鎖證據包。",
|
||||
"evidence": "具體產出:下一步很明確,是收到並驗收可追溯的 S4.9 負責人回覆;目前 received/accepted 仍是 0。"
|
||||
},
|
||||
"reviewerHumanFlow": {
|
||||
@@ -8533,12 +8559,12 @@
|
||||
},
|
||||
"concreteSecurityBlockerResolution": {
|
||||
"title": "目前阻塞與解除條件",
|
||||
"subtitle": "S2.125 把 58% 無法前進的原因拆成六個阻塞點。每個阻塞點都標明為什麼卡住,以及要用哪種脫敏證據或人工 gate 才能解除;這仍是只讀狀態,不是批准或執行入口。",
|
||||
"subtitle": "S2.125 把 61% 無法前進的原因拆成六個阻塞點。每個阻塞點都標明為什麼卡住,以及要用哪種脫敏證據或人工 gate 才能解除;這仍是只讀狀態,不是批准或執行入口。",
|
||||
"blockerLabel": "阻塞",
|
||||
"whyLabel": "卡住原因",
|
||||
"unlockLabel": "解除條件",
|
||||
"boundaryTitle": "阻塞解除邊界",
|
||||
"boundaryIntro": "以下鍵值固定:阻塞解除圖只說明為什麼 headline 仍是 58%,不會自動收件、開 reviewer queue、啟動 Kali、改主機、同步 refs、切 GitHub primary 或停用 Gitea。",
|
||||
"boundaryIntro": "以下鍵值固定:阻塞解除圖只說明為什麼 headline 仍是 61%,不會自動收件、開 reviewer queue、啟動 Kali、改主機、同步 refs、切 GitHub primary 或停用 Gitea。",
|
||||
"summary": {
|
||||
"blockers": {
|
||||
"label": "阻塞點",
|
||||
@@ -8592,7 +8618,7 @@
|
||||
},
|
||||
"threeAxisProductProgress": {
|
||||
"title": "三軸進度與全產品套用範圍",
|
||||
"subtitle": "S2.126 回應「是否也套用在所有專案產品」:所有專案產品都套用同一套三軸進度,但第一階段只套只讀治理與可視化,不自動套 runtime enforcement。這讓框架進度、整體加權進度與落地執行進度分開顯示,不再只看到 58%。",
|
||||
"subtitle": "S2.126 回應「是否也套用在所有專案產品」:所有專案產品都套用同一套三軸進度,但第一階段只套只讀治理與可視化,不自動套 runtime enforcement。這讓框架進度、整體加權進度與落地執行進度分開顯示,不再只看到 61%。",
|
||||
"scopeLabel": "範圍",
|
||||
"currentLabel": "目前套用",
|
||||
"nextLabel": "下一步",
|
||||
@@ -8602,7 +8628,7 @@
|
||||
"summary": {
|
||||
"headline": {
|
||||
"label": "整體加權",
|
||||
"detail": "保守維持 58%,等真證據才移動。"
|
||||
"detail": "已因 AwoooP 正式只讀 landing 證據保守重估到 61%。"
|
||||
},
|
||||
"framework": {
|
||||
"label": "框架建置",
|
||||
@@ -8610,7 +8636,7 @@
|
||||
},
|
||||
"runtime": {
|
||||
"label": "落地執行",
|
||||
"detail": "仍是 35-40%,執行期閘門 仍未開。"
|
||||
"detail": "提升到 40-45%,但執行期閘門仍未開。"
|
||||
},
|
||||
"products": {
|
||||
"label": "產品套用",
|
||||
@@ -9711,14 +9737,14 @@
|
||||
},
|
||||
"firstProgressUnlockPath": {
|
||||
"title": "第一個進度解鎖路徑",
|
||||
"subtitle": "S2.114 把 58% 下一個真正能往前的路徑收斂到 S4.9 負責人回覆:先收到可追溯回覆,再補齊脫敏證據參照,通過收件預檢與審查接受後,才可能成為 headline review 候選。",
|
||||
"subtitle": "S2.114 把 61% 下一個真正能往前的路徑收斂到 S4.9 負責人回覆:先收到可追溯回覆,再補齊脫敏證據參照,通過收件預檢與審查接受後,才可能成為 headline review 候選。",
|
||||
"stepLabel": "步驟",
|
||||
"boundaryTitle": "第一解鎖路徑邊界",
|
||||
"boundaryIntro": "以下鍵值固定:這是 S4.9 第一解鎖路徑的只讀收斂,不是送件完成、回覆已收到、批准、掃描、修復、部署或執行期入口。",
|
||||
"summary": {
|
||||
"focus": {
|
||||
"label": "目前焦點",
|
||||
"detail": "S4.9 是第一個可能推動 58% 的收件路徑。"
|
||||
"detail": "S4.9 是第一個可能推動 61% 的收件路徑。"
|
||||
},
|
||||
"steps": {
|
||||
"label": "解鎖步驟",
|
||||
@@ -9758,7 +9784,7 @@
|
||||
},
|
||||
"firstUnlockEvidencePacket": {
|
||||
"title": "第一解鎖證據包",
|
||||
"subtitle": "S2.115 把 S4.9 要讓 58% 真正前進所需的證據收斂成五個欄位:負責人判定 metadata、範圍與來源參照、脫敏聲明、收件預檢軌跡、審查接受摘要。這裡只顯示要補什麼,不收 raw payload、不收機密明文、不開 headline review。",
|
||||
"subtitle": "S2.115 把 S4.9 要讓 61% 真正前進所需的證據收斂成五個欄位:負責人判定 metadata、範圍與來源參照、脫敏聲明、收件預檢軌跡、審查接受摘要。這裡只顯示要補什麼,不收 raw payload、不收機密明文、不開 headline review。",
|
||||
"slotLabel": "欄位",
|
||||
"boundaryTitle": "證據包收件邊界",
|
||||
"boundaryIntro": "以下鍵值固定:這是第一解鎖證據包的只讀欄位定義,不是送件、收件、驗收通過、審批、掃描、修復、部署或執行期入口。",
|
||||
@@ -10158,7 +10184,7 @@
|
||||
},
|
||||
"s49OwnerResponseWorkOrder": {
|
||||
"title": "S4.9 Owner Response 人工收件工作單",
|
||||
"subtitle": "S2.101 把第一個真正能推動 58% 的 S4.9 回覆收件格式放到 IwoooS:每項都要包含 owner role/team、decision、decision reason、受影響 scope、脫敏 evidence refs 與 follow-up owner。這裡只是人工收件工作單,不送出 request、不收件、不標記 已收到 / 已接受。",
|
||||
"subtitle": "S2.101 把第一個真正能推動 61% 的 S4.9 回覆收件格式放到 IwoooS:每項都要包含 owner role/team、decision、decision reason、受影響 scope、脫敏 evidence refs 與 follow-up owner。這裡只是人工收件工作單,不送出 request、不收件、不標記 已收到 / 已接受。",
|
||||
"itemLabel": "收件項目",
|
||||
"requiredFieldsLabel": "必填欄位",
|
||||
"acceptanceLabel": "驗收方式",
|
||||
@@ -10541,10 +10567,10 @@
|
||||
"guard": "Do not merge, deploy, switch primary, or mutate refs from the handoff."
|
||||
},
|
||||
"progressSemantics": {
|
||||
"title": "Progress semantics",
|
||||
"body": "headline 仍是 58%,framework 86-88%,runtime / ingestion / GitHub primary / AwoooP production landing 35-40%。",
|
||||
"handoff": "New UI, docs, and snapshots stay in the framework_detail ledger unless 負責人回覆, 執行期閘門, GitHub primary, or production landing evidence exists.",
|
||||
"guard": "Do not treat framework detail, readiness, handoff, or guard pass as headline delta."
|
||||
"title": "進度語義",
|
||||
"body": "headline 仍是 61%,framework 86-88%,runtime / ingestion / GitHub primary / AwoooP production landing 40-45%。",
|
||||
"handoff": "AwoooP production landing evidence 已記錄;後續新 UI / docs / snapshot 仍只能進 framework_detail ledger,除非 負責人回覆、執行期閘門或 GitHub primary 有新 evidence。",
|
||||
"guard": "不把 framework detail、readiness、handoff、guard pass 當 headline delta。"
|
||||
},
|
||||
"requiredGuardCommands": {
|
||||
"title": "Required guards",
|
||||
@@ -10565,10 +10591,10 @@
|
||||
"guard": "Do not store raw payloads, credential plaintext, token values, or execution payloads."
|
||||
},
|
||||
"nextCoordinationGate": {
|
||||
"title": "Next coordination gate",
|
||||
"body": "The next high-level gates that can move the headline remain 負責人回覆 accepted, redacted payload ingestion, active 執行期閘門, GitHub primary ready, or AwoooP production landing.",
|
||||
"handoff": "If the other Session advances production landing, it must provide read-only consumption evidence and deployment proof.",
|
||||
"guard": "Do not treat handoff packets as production consumption."
|
||||
"title": "下一個協調 Gate",
|
||||
"body": "AwoooP production landing 已成為第一個完成的高層 gate;下一個真正能再推動 headline 的 gate 是負責人回覆 accepted、redacted payload ingestion、active 執行期閘門或 GitHub primary ready。",
|
||||
"handoff": "另一個 Session 若要繼續推進,必須沿用這份 read-only consumption evidence,不得把它升級成 execution router。",
|
||||
"guard": "不把 handoff packet 或 landing evidence 當 runtime execution。"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -319,8 +319,8 @@
|
||||
},
|
||||
"delivered": {
|
||||
"cicdTimeline": {
|
||||
"title": "CI/CD 通知進 AwoooP Timeline",
|
||||
"detail": "Gitea main 推版、deploy marker、post-deploy 通知已走 AWOOI API 與 AwoooP Run Timeline。"
|
||||
"title": "CI/CD 通知進 AwoooP 時間線",
|
||||
"detail": "Gitea main 推版、deploy marker、post-deploy 通知已走 AWOOI API 與 AwoooP 執行時間線。"
|
||||
},
|
||||
"callbackEvidence": {
|
||||
"title": "Telegram 詳情 / 歷史 DB 真相鏈",
|
||||
@@ -399,7 +399,7 @@
|
||||
"evidenceLineage": {
|
||||
"standard": "Trace / Lineage",
|
||||
"title": "證據鏈與 Callback Trace",
|
||||
"detail": "用 trace lineage 呈現 Telegram 訊息、DB 事件、Run Timeline、KM / PlayBook 回寫是否一致。",
|
||||
"detail": "用 trace lineage 呈現 Telegram 訊息、DB 事件、執行時間線、KM / PlayBook 回寫是否一致。",
|
||||
"nodes": {
|
||||
"telegram": "Telegram",
|
||||
"db": "DB Truth",
|
||||
@@ -1268,7 +1268,7 @@
|
||||
"title": "已納入 IwoooS 只讀資安鏡像",
|
||||
"subtitle": "這個既有安全 / 合規頁面現在會反向標示 IwoooS 納管狀態;只顯示整體進度、框架成熟度與 runtime 邊界,不新增掃描、修復、批准或部署按鈕。",
|
||||
"compactTitle": "IwoooS",
|
||||
"compactDetail": "58% / gate 0",
|
||||
"compactDetail": "61% / gate 0",
|
||||
"openIwooos": "開啟 IwoooS",
|
||||
"sourceLabel": "整合來源",
|
||||
"sourceDetail": "SecurityPanel、CompliancePanel、standalone /security 與 /compliance 仍保留原本資料來源;IwoooS 只做資安網索引與 mirror-only 姿態彙整。",
|
||||
@@ -2101,8 +2101,8 @@
|
||||
},
|
||||
"securityMirror": {
|
||||
"title": "IwoooS 資安鏡像",
|
||||
"subtitle": "AwoooP 首頁以只讀候選方式顯示 IwoooS / 資安鏡像狀態,讓使用者理解資安網進度與邊界;這不是正式入口啟用,也不接執行路由器。",
|
||||
"badge": "只讀候選",
|
||||
"subtitle": "AwoooP 首頁已以正式只讀方式顯示 IwoooS / 資安鏡像狀態,讓使用者理解資安網進度與邊界;這不是執行入口,也不接執行路由器。",
|
||||
"badge": "正式只讀",
|
||||
"openIwooos": "開啟 IwoooS",
|
||||
"checkpointsTitle": "接入檢查",
|
||||
"boundaryLabel": "安全邊界",
|
||||
@@ -2111,7 +2111,7 @@
|
||||
"metrics": {
|
||||
"headline": {
|
||||
"label": "整體資安網",
|
||||
"detail": "整體百分比仍等負責人回覆、脫敏匯入、執行期閘門、GitHub 主要來源或 AwoooP 正式入口證據。"
|
||||
"detail": "已因 AwoooP 正式只讀落地證據保守重估;其餘負責人回覆、執行期閘門與 GitHub 主要來源仍等待。"
|
||||
},
|
||||
"framework": {
|
||||
"label": "框架成熟度",
|
||||
@@ -2119,7 +2119,7 @@
|
||||
},
|
||||
"runtime": {
|
||||
"label": "落地執行",
|
||||
"detail": "執行期匯入、GitHub 主要來源與 AwoooP 正式入口仍需後續證據。"
|
||||
"detail": "AwoooP 只讀 landing 已有證據;執行期匯入、GitHub 主要來源與 runtime gate 仍未開。"
|
||||
},
|
||||
"activeGates": {
|
||||
"label": "主動執行閘門",
|
||||
@@ -2140,8 +2140,8 @@
|
||||
"detail": "S4.9 到 S4.12 收到 / 接受都仍為 0,不把顯示狀態當驗收完成。"
|
||||
},
|
||||
"productionLanding": {
|
||||
"title": "正式入口尚未完成",
|
||||
"detail": "AwoooP 主線仍需部署證據與只讀消費證據才能進入整體百分比重估。"
|
||||
"title": "正式只讀入口已完成",
|
||||
"detail": "已以正式站部署與只讀消費證據納入 61% 重估;仍不代表 execution router 或 runtime 授權。"
|
||||
}
|
||||
}
|
||||
},
|
||||
@@ -2415,7 +2415,7 @@
|
||||
"callbackOwnerReviewEmpty": "近期 callback evidence 均已匹配或尚無資料",
|
||||
"callbackTraceRecoveryBacklog": "Callback trace backlog:缺 trace {missing};1h {recent1h};24h {recent24h};gap 後 traced {recovered};復原 {status}",
|
||||
"callbackTraceRecoveryAction": "接續處理:{action};需要人工={human}",
|
||||
"callbackTraceRecoveryOwner": "主責:AwoooP Callback Evidence;協作:TelegramGateway / Run Timeline",
|
||||
"callbackTraceRecoveryOwner": "主責:AwoooP Callback Evidence;協作:TelegramGateway / 執行時間線",
|
||||
"callbackTraceRecoveryEvidenceSurface": "查證入口:Runs / TG Callback Evidence",
|
||||
"callbackTraceRecoveryClosure": "關閉條件:1h=0 且 24h=0;目前 1h {recent1h} / 24h {recent24h}",
|
||||
"callbackTraceRecoveryDecision": "判讀:{gap};下一步:{next}",
|
||||
@@ -2443,7 +2443,7 @@
|
||||
"timelineReady": "時間線 gate 目前未列為主要缺口",
|
||||
"timelineMissing": "品質總覽仍指出 時間線 / 稽核記錄缺口",
|
||||
"iwooosSecurityMirror": "整體 {headline};框架 {framework};落地 {runtime};主動執行閘門={gates}",
|
||||
"iwooosSecurityMirrorOwner": "負責人回覆仍等待;production_landing_enabled=false",
|
||||
"iwooosSecurityMirrorOwner": "AwoooP 正式只讀 landing 已驗證;負責人回覆仍等待",
|
||||
"iwooosSecurityMirrorBoundary": "execution_router_linked=false;runtime_execution_authorized=false;action_buttons_allowed=false",
|
||||
"githubPrimaryReadiness": "候選專案庫={candidates};範圍內={inScope};主要來源就緒={ready}",
|
||||
"githubPrimaryOwnerResponses": "負責人回覆仍為 0/22;請求可送出不等於已接受",
|
||||
@@ -2461,7 +2461,7 @@
|
||||
"unavailable": "summary 未回傳,先確認 callback-replies API",
|
||||
"closed": "已符合關閉條件,保留歷史證據即可",
|
||||
"investigateActiveGap": "仍有新缺口,檢查新 Telegram reply_markup trace 寫入",
|
||||
"verifyInstrumentation": "沒有復原訊號,檢查 TelegramGateway / Timeline instrumentation",
|
||||
"verifyInstrumentation": "沒有復原訊號,檢查 TelegramGateway / 時間線觀測埋點",
|
||||
"waitDecay": "等待舊 backlog 24h decay,不需人工處理",
|
||||
"observeRecovery": "觀察復原訊號,先不開人工任務"
|
||||
},
|
||||
@@ -3855,7 +3855,7 @@
|
||||
"activeRuntimeGates": "主動執行閘門",
|
||||
"activeRuntimeGatesDetail": "任何執行期閘門仍需獨立批准、回復方案與事後檢查證據。",
|
||||
"headline": "整體資安網",
|
||||
"headlineDetail": "58% 只在負責人回覆、執行期閘門、GitHub 主要來源或正式落地有證據時重估。"
|
||||
"headlineDetail": "已因 AwoooP 正式只讀落地證據重估到 61%;下一次仍要靠負責人回覆、執行期閘門或 GitHub 主要來源證據。"
|
||||
},
|
||||
"checks": {
|
||||
"s49OwnerAttestation": {
|
||||
@@ -4641,6 +4641,32 @@
|
||||
"state": "只讀鏡像 / 先觀測",
|
||||
"detail": "所有數字來自已驗證 snapshot 與 guard。此頁只顯示態勢、缺口、下一個 gate 與非阻擋分流。"
|
||||
},
|
||||
"informationArchitecture": {
|
||||
"overview": {
|
||||
"title": "一眼看懂",
|
||||
"summary": "預設只展開 headline、下一個 gate、進度移動條件與目前仍鎖住的邊界。"
|
||||
},
|
||||
"frontStage": {
|
||||
"title": "前台入口與既有資安頁",
|
||||
"summary": "整合安全合規、告警、授權、治理、稽核與 Code Review 的只讀入口。"
|
||||
},
|
||||
"progressPath": {
|
||||
"title": "下一步與阻塞解除",
|
||||
"summary": "集中顯示低摩擦 rollout、非阻擋分流、第一個可讓 61% 往前的證據路徑。"
|
||||
},
|
||||
"ownerEvidence": {
|
||||
"title": "版本來源與負責人回覆",
|
||||
"summary": "保留 Gitea / GitHub owner response、S4.9 收件、預檢與人工決策證據。"
|
||||
},
|
||||
"awooopVersion": {
|
||||
"title": "AwoooP 只讀落地與版本證據",
|
||||
"summary": "收納產品 rollout、AwoooP production landing、evidence wiring 與跨 Session 交接。"
|
||||
},
|
||||
"hostKali": {
|
||||
"title": "主機與 Kali 邊界",
|
||||
"summary": "將 192.168.0.112 / 111 / 168 的 observe-only、收件與人工決策證據收在進階區。"
|
||||
}
|
||||
},
|
||||
"metrics": {
|
||||
"overall": {
|
||||
"label": "整體資安網",
|
||||
@@ -4714,7 +4740,7 @@
|
||||
},
|
||||
"progressHolding": {
|
||||
"title": "Progress display holding",
|
||||
"body": "58% 代表等待高層 gate,不代表卡住,也不是 runtime approval。"
|
||||
"body": "61% 代表等待高層 gate,不代表卡住,也不是 runtime approval。"
|
||||
}
|
||||
},
|
||||
"existingSurfaces": {
|
||||
@@ -4791,7 +4817,7 @@
|
||||
},
|
||||
"legacySecurity": {
|
||||
"title": "既有安全監控頁",
|
||||
"body": "standalone 安全頁已直接顯示 IwoooS 只讀橋接與 58% / gate 0 邊界。",
|
||||
"body": "standalone 安全頁已直接顯示 IwoooS 只讀橋接與 61% / gate 0 邊界。",
|
||||
"boundary": "只保留錯誤與安全訊號可見,不把頁面升級成掃描入口。"
|
||||
},
|
||||
"legacyCompliance": {
|
||||
@@ -4889,7 +4915,7 @@
|
||||
"steps": {
|
||||
"readPosture": {
|
||||
"title": "讀取目前態勢",
|
||||
"body": "先看 58% headline、framework / runtime landing、active gates 與下一個高層 gate。",
|
||||
"body": "先看 61% headline、framework / runtime landing、active gates 與下一個高層 gate。",
|
||||
"output": "只讀 posture,不代表授權"
|
||||
},
|
||||
"openSurface": {
|
||||
@@ -6411,8 +6437,8 @@
|
||||
}
|
||||
},
|
||||
"progressHoldMovementGates": {
|
||||
"title": "為什麼 58% 還不動",
|
||||
"subtitle": "S2.50 把 headline 進度的移動門檻直接顯示出來:目前不是沒有推進,而是五個會讓 58% 進入下一輪重估的閘門都還沒有實質 evidence。框架、文件、前端可見性會累積在 86-88% 框架進度,但不會灌水成落地百分比。",
|
||||
"title": "為什麼現在是 61%",
|
||||
"subtitle": "AwoooP 正式只讀 landing 已有部署與消費證據,所以 headline 從 58% 保守重估到 61%。其餘四個高層 gate 仍是 0 / false,框架、文件與前端可見性不會被灌水成 runtime 執行。",
|
||||
"gateLabel": "移動門檻",
|
||||
"moveLabel": "什麼時候會動",
|
||||
"guardLabel": "不灌水原則",
|
||||
@@ -6442,16 +6468,16 @@
|
||||
"guard": "不建 repo、不 sync refs、不切主要來源、不把候選項當就緒。"
|
||||
},
|
||||
"awooopReadOnlyLanding": {
|
||||
"title": "AwoooP landing 仍未進 production 消費",
|
||||
"body": "IwoooS 已可見,但 AwoooP 主線仍需只讀消費 rollup、evidence refs 與 guard result,且不得接 execution router。",
|
||||
"move": "AwoooP 以只讀模式消費這組狀態並通過 guard 後,使用者體感會提升,但仍不代表 production execution。",
|
||||
"title": "AwoooP 正式只讀 landing 已驗證",
|
||||
"body": "正式站已能在 AwoooP / IwoooS / 安全頁只讀顯示資安鏡像進度、證據邊界與禁止動作,且沒有接 execution router。",
|
||||
"move": "這項證據已推動 headline 從 58% 重估到 61%;後續仍要等 owner response、runtime gate 或 GitHub primary 才能再動。",
|
||||
"guard": "read-only landing 不是 操作按鈕、approval、runtime execution 或 blocking control。"
|
||||
}
|
||||
}
|
||||
},
|
||||
"headlineMovementAcceptanceGate": {
|
||||
"title": "58% 重估驗收閘門",
|
||||
"subtitle": "S2.100 把下一次 headline 能不能從 58% 往前推的判定規則固定下來:只有真正收到並驗收脫敏負責人回覆、脫敏匯入、人工 執行期閘門、GitHub 主要來源就緒或 AwoooP production landing evidence,才會開啟重估;目前五個移動訊號仍都是 0 / false。",
|
||||
"title": "61% 重估驗收紀錄",
|
||||
"subtitle": "S2.100 的五個高層 gate 中,AwoooP production landing evidence 已有正式部署與只讀消費證據,因此本次只把 headline 從 58% 保守重估到 61%;其餘 owner response、脫敏匯入、執行期閘門與 GitHub 主要來源仍是 0 / false。",
|
||||
"gateLabel": "重估 gate",
|
||||
"acceptanceLabel": "驗收條件",
|
||||
"guardLabel": "仍禁止",
|
||||
@@ -6459,11 +6485,11 @@
|
||||
"summary": {
|
||||
"headline": {
|
||||
"label": "目前 headline",
|
||||
"detail": "仍維持 58%,不把框架層堆疊灌水成落地執行。"
|
||||
"detail": "已從 58% 保守重估到 61%,不把框架層堆疊灌水成落地執行。"
|
||||
},
|
||||
"signals": {
|
||||
"label": "移動訊號",
|
||||
"detail": "五個高層 gate 目前全部未滿足。"
|
||||
"detail": "五個高層 gate 中 1 個已有正式只讀 landing 證據。"
|
||||
},
|
||||
"s49Accepted": {
|
||||
"label": "S4.9 accepted",
|
||||
@@ -6471,13 +6497,13 @@
|
||||
},
|
||||
"review": {
|
||||
"label": "重估紀錄",
|
||||
"detail": "尚未開啟 headline review record。"
|
||||
"detail": "已建立本次 headline review record;runtime 仍未授權。"
|
||||
}
|
||||
},
|
||||
"items": {
|
||||
"s49OwnerResponseAccepted": {
|
||||
"title": "S4.9 負責人回覆驗收",
|
||||
"body": "下一個真正會推動 58% 的 P0 是 Gitea owner attestation:public-only / local gap、org/user endpoint、110 adjacent scope、repo owner canonical scope、legacy / inaccessible disposition 五項要收到脫敏 evidence。",
|
||||
"body": "下一個真正會推動 61% 的 P0 是 Gitea owner attestation:public-only / local gap、org/user endpoint、110 adjacent scope、repo owner canonical scope、legacy / inaccessible disposition 五項要收到脫敏 evidence。",
|
||||
"acceptance": "五項都通過 preflight 與 S4.13 validation rollup,才可記錄 owner_response_accepted_count > 0。",
|
||||
"guard": "不代填、不催收、不標記 已收到 / 已接受、不建立審批紀錄。"
|
||||
},
|
||||
@@ -6501,14 +6527,14 @@
|
||||
},
|
||||
"awooopProductionLandingProof": {
|
||||
"title": "AwoooP 正式只讀消費證據",
|
||||
"body": "使用者要有感,AwoooP 主線必須能只讀消費 rollup、evidence refs、guard result 與 forbidden actions。",
|
||||
"acceptance": "有 PR / deployment proof 證明 production 主線只讀顯示,且沒有接 execution router,才可視為 landing evidence。",
|
||||
"body": "AwoooP 主線已在正式站只讀消費 IwoooS / security mirror 的 headline、evidence refs、guard result 與 forbidden actions。",
|
||||
"acceptance": "已有 Gitea main commit、CD 成功與正式站路由驗證;execution_router_linked=false、runtime_execution_authorized=false。",
|
||||
"guard": "只讀 landing 不是 approval、操作按鈕、execution router 或 blocking control。"
|
||||
},
|
||||
"nextHeadlineReviewRecord": {
|
||||
"title": "下一次 headline review record",
|
||||
"body": "等任一高層 gate 真的有 evidence 後,才建立重估紀錄,說明為何從 58% 調整或為何仍維持。",
|
||||
"acceptance": "review record 必須引用具體 evidence refs、guard output、風險邊界與禁止動作清單。",
|
||||
"title": "本次 headline review record",
|
||||
"body": "本次重估只引用 AwoooP 正式只讀 landing 證據,說明為何從 58% 調整到 61%。",
|
||||
"acceptance": "review record 必須引用具體 evidence refs、guard output、風險邊界與禁止動作清單;本次仍鎖 runtime。",
|
||||
"guard": "不因為新增看板、文件或清單就調整 headline。"
|
||||
}
|
||||
}
|
||||
@@ -6685,7 +6711,7 @@
|
||||
},
|
||||
"ownerResponseCollectionBoard": {
|
||||
"title": "下一步人工收件作戰板",
|
||||
"subtitle": "把真正能推動 58% 的下一步集中顯示:S4.9-S4.12 四包負責人回覆都還是 0 已收到 / 0 已接受。本看板只讓人知道要收什麼,不會寄送、建立、接受或執行任何動作。",
|
||||
"subtitle": "把真正能推動 61% 的下一步集中顯示:S4.9-S4.12 四包負責人回覆都還是 0 已收到 / 0 已接受。本看板只讓人知道要收什麼,不會寄送、建立、接受或執行任何動作。",
|
||||
"packetLabel": "收件包",
|
||||
"movementLabel": "收件條件",
|
||||
"guardLabel": "仍不會做",
|
||||
@@ -8014,14 +8040,14 @@
|
||||
},
|
||||
"progressAcceleration": {
|
||||
"title": "進度加速與真正解鎖點",
|
||||
"subtitle": "目前不是沒有推進,而是 58% headline 只在負責人回覆、執行期閘門、GitHub 主要來源就緒度或 AwoooP production landing 有實質 evidence 時才會重估。這裡把下一批有感推進點集中顯示。",
|
||||
"subtitle": "目前不是沒有推進,而是 61% headline 只在負責人回覆、執行期閘門、GitHub 主要來源就緒度或 AwoooP production landing 有實質 evidence 時才會重估。這裡把下一批有感推進點集中顯示。",
|
||||
"laneLabel": "加速路線",
|
||||
"unlockLabel": "解鎖訊號",
|
||||
"guardLabel": "仍維持低摩擦邊界",
|
||||
"items": {
|
||||
"ownerResponses": {
|
||||
"title": "負責人回覆先收斂",
|
||||
"body": "S4.9-S4.12 的 Gitea、GitHub target、refs truth、工作流程 / 機密 name 負責人回覆是目前 58% 最主要的卡點。",
|
||||
"body": "S4.9-S4.12 的 Gitea、GitHub target、refs truth、工作流程 / 機密 name 負責人回覆是目前 61% 最主要的卡點。",
|
||||
"unlock": "收到並驗收第一批脫敏負責人回覆後,headline 才有重估依據。",
|
||||
"guard": "只收脫敏 evidence;不建立 repo、不同步 refs、不修改 workflow、不收 機密明文值。"
|
||||
},
|
||||
@@ -8059,7 +8085,7 @@
|
||||
},
|
||||
"ownerResponseNextActionFocus": {
|
||||
"title": "Owner Response 下一步收件焦點",
|
||||
"subtitle": "S2.47 將下一個真正能推動 58% 的 負責人回覆 工作排清楚:先收 S4.9 Gitea owner attestation,再依序處理 GitHub target、refs truth、工作流程 / 機密 name。這裡只顯示收件焦點,不催收、不代填、不標記 received。",
|
||||
"subtitle": "S2.47 將下一個真正能推動 61% 的 負責人回覆 工作排清楚:先收 S4.9 Gitea owner attestation,再依序處理 GitHub target、refs truth、工作流程 / 機密 name。這裡只顯示收件焦點,不催收、不代填、不標記 received。",
|
||||
"focusLabel": "下一步焦點",
|
||||
"nextLabel": "要看的 evidence",
|
||||
"guardLabel": "仍禁止",
|
||||
@@ -8364,14 +8390,14 @@
|
||||
}
|
||||
},
|
||||
"progressMovementSignals": {
|
||||
"title": "58% 進度移動訊號驗收條",
|
||||
"subtitle": "S2.113 把真正會讓整體資安網 headline 往前的訊號拉到 IwoooS:負責人回覆、脫敏證據匯入、執行期閘門、GitHub 主要來源就緒與 AwoooP 落地證據目前都還是 0 或 false,所以進度維持 58%。",
|
||||
"title": "61% 進度移動訊號驗收條",
|
||||
"subtitle": "S2.113 把真正會讓整體資安網 headline 往前的訊號拉到 IwoooS:AwoooP 落地證據已驗證為 1,讓整體從 58% 保守重估到 61%;負責人回覆、脫敏證據匯入、執行期閘門與 GitHub 主要來源仍是 0 或 false。",
|
||||
"boundaryTitle": "進度移動驗收邊界",
|
||||
"boundaryIntro": "以下鍵值固定:這是 headline 移動條件的只讀驗收條,不是進度灌水、批准、掃描、修復、部署、主機變更或版本來源操作入口。",
|
||||
"summary": {
|
||||
"headline": {
|
||||
"label": "目前進度",
|
||||
"detail": "仍維持 58%,不把框架細節灌水。"
|
||||
"detail": "已依正式只讀 landing 證據重估到 61%,不把框架細節灌水。"
|
||||
},
|
||||
"signals": {
|
||||
"label": "移動訊號",
|
||||
@@ -8379,7 +8405,7 @@
|
||||
},
|
||||
"passed": {
|
||||
"label": "已通過",
|
||||
"detail": "目前 0,還沒有 headline 移動證據。"
|
||||
"detail": "目前 1,AwoooP 正式只讀 landing 是第一個 headline 移動證據。"
|
||||
},
|
||||
"runtime": {
|
||||
"label": "執行期閘門",
|
||||
@@ -8411,7 +8437,7 @@
|
||||
},
|
||||
"concreteSecurityWorkMap": {
|
||||
"title": "目前具體工作地圖",
|
||||
"subtitle": "S2.123 回應「很難理解有哪些具體工作」:把目前資安網拆成六條實體工作流。已完成的是前台可視化與只讀框架;真正會推動 58% 的下一步仍是 S4.9 負責人回覆被收到、脫敏並接受。",
|
||||
"subtitle": "S2.123 回應「很難理解有哪些具體工作」:把目前資安網拆成六條實體工作流。已完成的是前台可視化與只讀框架;真正會推動 61% 的下一步仍是 S4.9 負責人回覆被收到、脫敏並接受。",
|
||||
"workLabel": "工作",
|
||||
"boundaryTitle": "具體工作邊界",
|
||||
"boundaryIntro": "以下鍵值固定:這張圖只是把具體工作流講清楚,不是 runtime 授權、Kali 掃描、主機變更、repo/refs/workflow/secret 操作、GitHub primary 切換或 Gitea 停用。",
|
||||
@@ -8426,7 +8452,7 @@
|
||||
},
|
||||
"realGate": {
|
||||
"label": "下一真門檻",
|
||||
"detail": "S4.9 負責人回覆 accepted 才會讓 58% 有機會移動。"
|
||||
"detail": "S4.9 負責人回覆 accepted 才會讓 61% 有機會移動。"
|
||||
},
|
||||
"runtime": {
|
||||
"label": "執行授權",
|
||||
@@ -8437,7 +8463,7 @@
|
||||
"frontstageVisibility": {
|
||||
"title": "前台資安入口與使用者可視化",
|
||||
"body": "已把 IwoooS、既有安全/合規頁、AwoooP 首頁/工作鏈路/審批/合約/租戶/執行監控接成只讀資安視圖。",
|
||||
"evidence": "具體產出:使用者現在能從前台看見 58%、GitHub readiness、負責人回覆、host coverage 與 執行期閘門 0。"
|
||||
"evidence": "具體產出:使用者現在能從前台看見 61%、GitHub readiness、負責人回覆、host coverage 與 執行期閘門 0。"
|
||||
},
|
||||
"hostScopeInventory": {
|
||||
"title": "主機與範圍盤點框架",
|
||||
@@ -8451,7 +8477,7 @@
|
||||
},
|
||||
"ownerEvidenceIntake": {
|
||||
"title": "S4.9 負責人回覆與脫敏證據收件",
|
||||
"body": "已把第一個能推動 58% 的路徑拆成工作單、封套欄位、送件前檢查、送件鏈路與第一解鎖證據包。",
|
||||
"body": "已把第一個能推動 61% 的路徑拆成工作單、封套欄位、送件前檢查、送件鏈路與第一解鎖證據包。",
|
||||
"evidence": "具體產出:下一步很明確,是收到並驗收可追溯的 S4.9 負責人回覆;目前 received/accepted 仍是 0。"
|
||||
},
|
||||
"reviewerHumanFlow": {
|
||||
@@ -8534,12 +8560,12 @@
|
||||
},
|
||||
"concreteSecurityBlockerResolution": {
|
||||
"title": "目前阻塞與解除條件",
|
||||
"subtitle": "S2.125 把 58% 無法前進的原因拆成六個阻塞點。每個阻塞點都標明為什麼卡住,以及要用哪種脫敏證據或人工 gate 才能解除;這仍是只讀狀態,不是批准或執行入口。",
|
||||
"subtitle": "S2.125 把 61% 無法前進的原因拆成六個阻塞點。每個阻塞點都標明為什麼卡住,以及要用哪種脫敏證據或人工 gate 才能解除;這仍是只讀狀態,不是批准或執行入口。",
|
||||
"blockerLabel": "阻塞",
|
||||
"whyLabel": "卡住原因",
|
||||
"unlockLabel": "解除條件",
|
||||
"boundaryTitle": "阻塞解除邊界",
|
||||
"boundaryIntro": "以下鍵值固定:阻塞解除圖只說明為什麼 headline 仍是 58%,不會自動收件、開 reviewer queue、啟動 Kali、改主機、同步 refs、切 GitHub primary 或停用 Gitea。",
|
||||
"boundaryIntro": "以下鍵值固定:阻塞解除圖只說明為什麼 headline 仍是 61%,不會自動收件、開 reviewer queue、啟動 Kali、改主機、同步 refs、切 GitHub primary 或停用 Gitea。",
|
||||
"summary": {
|
||||
"blockers": {
|
||||
"label": "阻塞點",
|
||||
@@ -8593,7 +8619,7 @@
|
||||
},
|
||||
"threeAxisProductProgress": {
|
||||
"title": "三軸進度與全產品套用範圍",
|
||||
"subtitle": "S2.126 回應「是否也套用在所有專案產品」:所有專案產品都套用同一套三軸進度,但第一階段只套只讀治理與可視化,不自動套 runtime enforcement。這讓框架進度、整體加權進度與落地執行進度分開顯示,不再只看到 58%。",
|
||||
"subtitle": "S2.126 回應「是否也套用在所有專案產品」:所有專案產品都套用同一套三軸進度,但第一階段只套只讀治理與可視化,不自動套 runtime enforcement。這讓框架進度、整體加權進度與落地執行進度分開顯示,不再只看到 61%。",
|
||||
"scopeLabel": "範圍",
|
||||
"currentLabel": "目前套用",
|
||||
"nextLabel": "下一步",
|
||||
@@ -8603,7 +8629,7 @@
|
||||
"summary": {
|
||||
"headline": {
|
||||
"label": "整體加權",
|
||||
"detail": "保守維持 58%,等真證據才移動。"
|
||||
"detail": "已因 AwoooP 正式只讀 landing 證據保守重估到 61%。"
|
||||
},
|
||||
"framework": {
|
||||
"label": "框架建置",
|
||||
@@ -8611,7 +8637,7 @@
|
||||
},
|
||||
"runtime": {
|
||||
"label": "落地執行",
|
||||
"detail": "仍是 35-40%,執行期閘門 仍未開。"
|
||||
"detail": "提升到 40-45%,但執行期閘門仍未開。"
|
||||
},
|
||||
"products": {
|
||||
"label": "產品套用",
|
||||
@@ -9712,14 +9738,14 @@
|
||||
},
|
||||
"firstProgressUnlockPath": {
|
||||
"title": "第一個進度解鎖路徑",
|
||||
"subtitle": "S2.114 把 58% 下一個真正能往前的路徑收斂到 S4.9 負責人回覆:先收到可追溯回覆,再補齊脫敏證據參照,通過收件預檢與審查接受後,才可能成為 headline review 候選。",
|
||||
"subtitle": "S2.114 把 61% 下一個真正能往前的路徑收斂到 S4.9 負責人回覆:先收到可追溯回覆,再補齊脫敏證據參照,通過收件預檢與審查接受後,才可能成為 headline review 候選。",
|
||||
"stepLabel": "步驟",
|
||||
"boundaryTitle": "第一解鎖路徑邊界",
|
||||
"boundaryIntro": "以下鍵值固定:這是 S4.9 第一解鎖路徑的只讀收斂,不是送件完成、回覆已收到、批准、掃描、修復、部署或執行期入口。",
|
||||
"summary": {
|
||||
"focus": {
|
||||
"label": "目前焦點",
|
||||
"detail": "S4.9 是第一個可能推動 58% 的收件路徑。"
|
||||
"detail": "S4.9 是第一個可能推動 61% 的收件路徑。"
|
||||
},
|
||||
"steps": {
|
||||
"label": "解鎖步驟",
|
||||
@@ -9759,7 +9785,7 @@
|
||||
},
|
||||
"firstUnlockEvidencePacket": {
|
||||
"title": "第一解鎖證據包",
|
||||
"subtitle": "S2.115 把 S4.9 要讓 58% 真正前進所需的證據收斂成五個欄位:負責人判定 metadata、範圍與來源參照、脫敏聲明、收件預檢軌跡、審查接受摘要。這裡只顯示要補什麼,不收 raw payload、不收機密明文、不開 headline review。",
|
||||
"subtitle": "S2.115 把 S4.9 要讓 61% 真正前進所需的證據收斂成五個欄位:負責人判定 metadata、範圍與來源參照、脫敏聲明、收件預檢軌跡、審查接受摘要。這裡只顯示要補什麼,不收 raw payload、不收機密明文、不開 headline review。",
|
||||
"slotLabel": "欄位",
|
||||
"boundaryTitle": "證據包收件邊界",
|
||||
"boundaryIntro": "以下鍵值固定:這是第一解鎖證據包的只讀欄位定義,不是送件、收件、驗收通過、審批、掃描、修復、部署或執行期入口。",
|
||||
@@ -10159,7 +10185,7 @@
|
||||
},
|
||||
"s49OwnerResponseWorkOrder": {
|
||||
"title": "S4.9 Owner Response 人工收件工作單",
|
||||
"subtitle": "S2.101 把第一個真正能推動 58% 的 S4.9 回覆收件格式放到 IwoooS:每項都要包含 owner role/team、decision、decision reason、受影響 scope、脫敏 evidence refs 與 follow-up owner。這裡只是人工收件工作單,不送出 request、不收件、不標記 已收到 / 已接受。",
|
||||
"subtitle": "S2.101 把第一個真正能推動 61% 的 S4.9 回覆收件格式放到 IwoooS:每項都要包含 owner role/team、decision、decision reason、受影響 scope、脫敏 evidence refs 與 follow-up owner。這裡只是人工收件工作單,不送出 request、不收件、不標記 已收到 / 已接受。",
|
||||
"itemLabel": "收件項目",
|
||||
"requiredFieldsLabel": "必填欄位",
|
||||
"acceptanceLabel": "驗收方式",
|
||||
@@ -10543,8 +10569,8 @@
|
||||
},
|
||||
"progressSemantics": {
|
||||
"title": "進度語義",
|
||||
"body": "headline 仍是 58%,framework 86-88%,runtime / ingestion / GitHub primary / AwoooP production landing 35-40%。",
|
||||
"handoff": "所有新 UI / docs / snapshot 只能進 framework_detail ledger,除非 負責人回覆、執行期閘門、GitHub primary 或 production landing 有 evidence。",
|
||||
"body": "headline 仍是 61%,framework 86-88%,runtime / ingestion / GitHub primary / AwoooP production landing 40-45%。",
|
||||
"handoff": "AwoooP production landing evidence 已記錄;後續新 UI / docs / snapshot 仍只能進 framework_detail ledger,除非 負責人回覆、執行期閘門或 GitHub primary 有新 evidence。",
|
||||
"guard": "不把 framework detail、readiness、handoff、guard pass 當 headline delta。"
|
||||
},
|
||||
"requiredGuardCommands": {
|
||||
@@ -10567,9 +10593,9 @@
|
||||
},
|
||||
"nextCoordinationGate": {
|
||||
"title": "下一個協調 Gate",
|
||||
"body": "下一個真正能推動 headline 的高層 gate 仍是 負責人回覆 accepted、redacted payload ingestion、active 執行期閘門、GitHub primary ready 或 AwoooP production landing。",
|
||||
"handoff": "若另一個 Session 要推進 production landing,必須提交 read-only consumption evidence 與 deployment proof。",
|
||||
"guard": "不把 handoff packet 當 production consumption。"
|
||||
"body": "AwoooP production landing 已成為第一個完成的高層 gate;下一個真正能再推動 headline 的 gate 是負責人回覆 accepted、redacted payload ingestion、active 執行期閘門或 GitHub primary ready。",
|
||||
"handoff": "另一個 Session 若要繼續推進,必須沿用這份 read-only consumption evidence,不得把它升級成 execution router。",
|
||||
"guard": "不把 handoff packet 或 landing evidence 當 runtime execution。"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -556,7 +556,7 @@ function SecurityOwnerResponseGatePanel() {
|
||||
},
|
||||
{
|
||||
label: t("metrics.headline"),
|
||||
value: "58%",
|
||||
value: "61%",
|
||||
detail: t("metrics.headlineDetail"),
|
||||
},
|
||||
];
|
||||
|
||||
@@ -169,9 +169,9 @@ const emptySnapshot: Snapshot = {
|
||||
};
|
||||
|
||||
const securityMirrorMetrics: SecurityMirrorMetric[] = [
|
||||
{ key: "headline", value: "58%", icon: ShieldCheck, tone: "warn" },
|
||||
{ key: "headline", value: "61%", icon: ShieldCheck, tone: "warn" },
|
||||
{ key: "framework", value: "86-88%", icon: FileText, tone: "good" },
|
||||
{ key: "runtime", value: "35-40%", icon: TriangleAlert, tone: "warn" },
|
||||
{ key: "runtime", value: "40-45%", icon: TriangleAlert, tone: "warn" },
|
||||
{ key: "activeGates", value: "0", icon: Lock, tone: "neutral" },
|
||||
];
|
||||
|
||||
@@ -179,7 +179,7 @@ const securityMirrorCheckpoints: SecurityMirrorCheckpoint[] = [
|
||||
{ key: "iwooosProjection", status: "C1", icon: SearchCheck, tone: "good" },
|
||||
{ key: "rollupGuard", status: "C2", icon: ShieldCheck, tone: "good" },
|
||||
{ key: "ownerResponse", status: "C3", icon: ListChecks, tone: "warn" },
|
||||
{ key: "productionLanding", status: "C4", icon: Lock, tone: "warn" },
|
||||
{ key: "productionLanding", status: "C4", icon: ShieldCheck, tone: "good" },
|
||||
];
|
||||
|
||||
const githubPrimaryReadinessMetrics: GitHubPrimaryReadinessMetric[] = [
|
||||
@@ -844,7 +844,7 @@ function SecurityMirrorPanel() {
|
||||
<p className="mt-2 text-sm font-semibold text-[#141413]">{t("boundaryTitle")}</p>
|
||||
<p className="mt-2 text-xs leading-5 text-[#5f5b52]">{t("boundaryDetail")}</p>
|
||||
<div className="mt-4 grid gap-2 font-mono text-xs text-[#141413]">
|
||||
<span>production_landing_enabled=false</span>
|
||||
<span>read_only_production_landing_evidence_count=1</span>
|
||||
<span>execution_router_linked=false</span>
|
||||
<span>runtime_execution_authorized=false</span>
|
||||
<span>action_buttons_allowed=false</span>
|
||||
|
||||
@@ -1970,9 +1970,9 @@ function buildWorkItems(
|
||||
source: "security_mirror_status_rollup_v1 / iwooos_posture_projection_v1",
|
||||
gateKey: "iwooosSecurityMirror",
|
||||
evidence: t("evidence.iwooosSecurityMirror", {
|
||||
headline: "58%",
|
||||
headline: "61%",
|
||||
framework: "86-88%",
|
||||
runtime: "35-40%",
|
||||
runtime: "40-45%",
|
||||
gates: 0,
|
||||
}),
|
||||
evidenceDetails: [
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -1,3 +1,69 @@
|
||||
## 2026-05-25|IwoooS 首頁資訊架構收斂
|
||||
|
||||
**背景**:
|
||||
|
||||
- 正式站 `/zh-TW/iwooos` 將框架證據、進度、Kali / 主機、版本來源、AwoooP landing 與交接明細全部直接展開,桌面實測約 96,071px 高、7,079 行可見文字,使用者很難理解目前真正要看的資安狀態。
|
||||
- 本次只調整 UI/UX 呈現,不刪除證據、不啟用 runtime、不改 Kali / SSH、不改 repo / refs / workflow / GitHub primary / Gitea 狀態。
|
||||
|
||||
**本次調整**:
|
||||
|
||||
- IwoooS 頁面預設只展開「一眼看懂」:headline 61%、framework 86-88%、runtime 40-45%、active gate 0、下一個 gate、進度移動條件與仍鎖住邊界。
|
||||
- 其餘內容收成五個可展開區塊:前台入口與既有資安頁、下一步與阻塞解除、版本來源與負責人回覆、AwoooP 只讀落地與版本證據、主機與 Kali 邊界。
|
||||
- 保留原本所有 read-only evidence board 與 `data-testid`,讓 guard / evidence / 交接仍可追溯。
|
||||
|
||||
**本地驗證**:
|
||||
|
||||
```text
|
||||
jq empty messages + security snapshots -> pass
|
||||
python3 scripts/security/security-mirror-progress-guard.py -> SECURITY_MIRROR_PROGRESS_GUARD_OK
|
||||
python3 scripts/security/source-control-owner-response-guard.py -> SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK
|
||||
python3 -m py_compile security guard scripts -> pass
|
||||
pnpm --dir apps/web exec tsc --noEmit -> pass
|
||||
local Playwright desktop /zh-TW/iwooos -> visible lines 327;scrollHeight 4,728px;details=6;openDetails=1;console errors=0
|
||||
local Playwright 768px -> no horizontal overflow;details=6;openDetails=1
|
||||
```
|
||||
|
||||
## 2026-05-25|IwoooS 61% 正式只讀 landing 進度重估
|
||||
|
||||
**背景**:
|
||||
|
||||
- IwoooS / security mirror 已經透過 `9e15fd08` 進入 `gitea/main`,Gitea CD run `2149` 成功,正式站 `/zh-TW/iwooos`、`/zh-TW/security`、`/zh-TW/awooop` 皆能看到只讀資安網狀態。
|
||||
- 先前 headline 維持 58% 的原因是五個高層 gate 全部沒有正式 evidence;目前 AwoooP production read-only landing 已有正式部署與只讀消費證據,因此可以保守重估。
|
||||
|
||||
**本次調整**:
|
||||
|
||||
- 整體資安網 headline:`58% -> 61%`。
|
||||
- runtime landing / ingestion / GitHub primary / AwoooP production landing:`35-40% -> 40-45%`。
|
||||
- AwoooP landing evidence:`0 -> 1`。
|
||||
- IwoooS 與 AwoooP 首頁同步顯示 61%、40-45%、AwoooP 正式只讀入口已完成。
|
||||
- 新增 `docs/security/IWOOOS-PRODUCTION-LANDING-EVIDENCE.md`,記錄 commit、CD run、正式站路由與禁止動作。
|
||||
|
||||
**仍維持鎖住**:
|
||||
|
||||
```text
|
||||
owner_response_received_count=0
|
||||
owner_response_accepted_count=0
|
||||
redacted_payload_ingested=false
|
||||
active_runtime_gate_count=0
|
||||
github_primary_ready_count=0
|
||||
execution_router_linked=false
|
||||
runtime_execution_authorized=false
|
||||
action_buttons_allowed=false
|
||||
secret_value_collection_allowed=false
|
||||
repo_creation_authorized=false
|
||||
refs_sync_authorized=false
|
||||
workflow_modification_authorized=false
|
||||
github_primary_switch_authorized=false
|
||||
gitea_disablement_authorized=false
|
||||
```
|
||||
|
||||
**下一個真正能再推動 headline 的 gate**:
|
||||
|
||||
- S4.9 / S4.10 / S4.11 / S4.12 任一 owner response 收到並通過脫敏驗收。
|
||||
- redacted payload ingestion 經人工批准並通過 preflight / quarantine。
|
||||
- active runtime gate 經人工批准、scope、rollback 與 post-check metrics 成立。
|
||||
- GitHub primary readiness gate 的 `primary_ready_count > 0`。
|
||||
|
||||
## 2026-05-25|IwoooS 資安姿態 production landing 整合準備
|
||||
|
||||
**背景**:
|
||||
|
||||
77
docs/security/IWOOOS-PRODUCTION-LANDING-EVIDENCE.md
Normal file
77
docs/security/IWOOOS-PRODUCTION-LANDING-EVIDENCE.md
Normal file
@@ -0,0 +1,77 @@
|
||||
# IwoooS 正式只讀 Landing 證據
|
||||
|
||||
| 項目 | 內容 |
|
||||
|------|------|
|
||||
| 日期 | 2026-05-25 |
|
||||
| 狀態 | 已記錄 |
|
||||
| 模式 | 只讀 production landing evidence |
|
||||
| headline 重估 | `58% -> 61%` |
|
||||
| runtime 執行授權 | `false` |
|
||||
| execution router | `false` |
|
||||
| action buttons | `false` |
|
||||
|
||||
## 1. 證據摘要
|
||||
|
||||
本紀錄只承認一件事:IwoooS / security mirror 已在正式站以只讀方式落地到使用者可見入口,因此可以保守重估整體資安網 headline。
|
||||
|
||||
這不代表 Kali 掃描、SSH、主機更新、repo 建立、refs 同步、workflow / secret 修改、GitHub primary cutover、Gitea 停用、blocking control 或 runtime execution 已被批准。
|
||||
|
||||
## 2. 正式站證據
|
||||
|
||||
| 證據 | 值 |
|
||||
|------|----|
|
||||
| Gitea main commit | `9e15fd08b3f8839048d0178c5b38421d35041810` |
|
||||
| Gitea CD run | `2149` |
|
||||
| 正式 IwoooS 路由 | `/zh-TW/iwooos` |
|
||||
| 正式安全頁路由 | `/zh-TW/security` |
|
||||
| 正式 AwoooP 路由 | `/zh-TW/awooop` |
|
||||
| latest main ancestry | `9e15fd08` 仍在最新 `gitea/main` 歷史內 |
|
||||
|
||||
## 3. 本次重估
|
||||
|
||||
| 面向 | 重估前 | 重估後 | 說明 |
|
||||
|------|--------|--------|------|
|
||||
| 整體資安網 | `58%` | `61%` | 只因 AwoooP production read-only landing evidence 已成立 |
|
||||
| 框架 / 治理 / 文件 / schema / read-only evidence | `86-88%` | `86-88%` | 框架成熟度不因單一 landing 證據灌水 |
|
||||
| runtime landing / ingestion / GitHub primary / AwoooP landing | `35-40%` | `40-45%` | 只讀 landing 已成立;runtime ingestion、GitHub primary 與主動執行仍未開 |
|
||||
| active runtime gates | `0` | `0` | 未批准任何 runtime gate |
|
||||
|
||||
## 4. 仍鎖住的項目
|
||||
|
||||
```text
|
||||
owner_response_received_count=0
|
||||
owner_response_accepted_count=0
|
||||
redacted_payload_ingested=false
|
||||
active_runtime_gate_count=0
|
||||
github_primary_ready_count=0
|
||||
execution_router_linked=false
|
||||
runtime_execution_authorized=false
|
||||
action_buttons_allowed=false
|
||||
secret_value_collection_allowed=false
|
||||
repo_creation_authorized=false
|
||||
refs_sync_authorized=false
|
||||
workflow_modification_authorized=false
|
||||
github_primary_switch_authorized=false
|
||||
gitea_disablement_authorized=false
|
||||
```
|
||||
|
||||
## 5. 下一個能再推動 headline 的 gate
|
||||
|
||||
1. S4.9 / S4.10 / S4.11 / S4.12 任一 owner response 收到並通過脫敏驗收。
|
||||
2. redacted payload ingestion 經人工批准並通過 preflight / quarantine。
|
||||
3. active runtime gate 經人工批准、scope、rollback 與 post-check metrics 成立。
|
||||
4. GitHub primary readiness gate 的 `primary_ready_count > 0`。
|
||||
|
||||
## 6. 首頁資訊架構修正
|
||||
|
||||
2026-05-25 追加 UI/UX 收斂:正式頁原本將所有治理證據直接展開,造成使用者第一眼難以判斷重點。調整後,IwoooS 首頁預設只展開「一眼看懂」,其餘證據收納為可展開區塊。
|
||||
|
||||
| 項目 | 值 |
|
||||
|------|----|
|
||||
| 預設展開區塊 | `一眼看懂` |
|
||||
| 可展開區塊數 | `6` |
|
||||
| 預設開啟區塊數 | `1` |
|
||||
| 本機桌面可見文字行 | `327` |
|
||||
| 本機桌面 scrollHeight | `4,728px` |
|
||||
| 證據保留 | 所有 read-only board 與 `data-testid` 保留 |
|
||||
| runtime / Kali / repo 權限變更 | `false` |
|
||||
@@ -19,7 +19,7 @@
|
||||
|
||||
| 類型 | 狀態 |
|
||||
|------|------|
|
||||
| 整體進度估算 | 約 58%;框架 / 治理 / 文件 / schema / read-only evidence 約 86-88%,runtime ingestion / owner response / GitHub primary / AwoooP production landing 約 35-40% |
|
||||
| 整體進度估算 | 約 61%;框架 / 治理 / 文件 / schema / read-only evidence 約 86-88%,runtime ingestion / owner response / GitHub primary / AwoooP production landing 約 40-45% |
|
||||
| Contract manifest | 36 個 contracts |
|
||||
| Mirror readiness | 33 ready、2 partial、1 contract-only、0 blocked |
|
||||
| Approval queue | 8 items:7 pending approval、1 block candidate |
|
||||
@@ -35,7 +35,7 @@
|
||||
| Owner response validation | S4.13 已建立;四包 owner response 目前 received/accepted 皆為 0;4 條 missing response lanes、4 步 collection order、next collection candidate、6 條 evidence routing rules、8 個 display sections、7 條 state transition rules、9 個 reviewer checklist items、7 條 reviewer outcome lanes、4 個 reviewer audit event templates、5 個 reviewer audit display sections、6 個 reviewer audit collection checks、5 個 reviewer audit redaction examples、5 條 reviewer audit retention rules、6 個 reviewer audit retention checks、6 個 reviewer audit handoff packets、6 個 reviewer audit handoff checks、6 個 parallel session sync checks、6 條 parallel session conflict lanes、6 個 parallel session recovery checks 與 7 條 parallel session recovery outcome lanes 可供 AwoooP 直接顯示;下一個建議收件為 S4.9 Gitea owner attestation;latest local validation 為 `SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK`,reviewer audit emitted 仍為 0,不代表 owner response 已收到或任何執行授權 |
|
||||
| Low-friction rollout policy | S1.3 已補 7 條 non-blocking escalation lanes;LOW / MEDIUM、缺 owner response、partial mirror、source-control drift、Kali observe finding、workflow / secret name gap 與 headline holding 初期只能 observe / warn;`owner_review_required_before_blocking=true`、`runtime_blocking_allowed=false` |
|
||||
| IwoooS frontend posture | S2.8 已新增 `/iwooos` read-only Information Security 入口;顯示 Security Posture / Exposure、source-control supply chain、Kali 112 Mesh、approval boundary、non-blocking lanes 與 evidence refs;不新增執行按鈕 |
|
||||
| IwoooS posture projection | S2.9 已新增 `iwooos_posture_projection_v1`;S2.10 已把 10 個既有前端資安相關頁面納入 projection;S2.11 已補 4 個 coverage groups 與 5 個 conflict controls;S2.12 已補 6 個只讀 operator journey steps;S2.13 已補 7 個 owner evidence readiness items;S2.14 已補 3 個 host coverage items:Kali 112、開發主機 168、開發主機 111;S2.15 已補 6 個 host action gate items;S2.16 已補 7 個 host evidence readiness items;S2.17 已補 7 個 host evidence collection order steps;S2.18 已補 7 個 host evidence intake preflight checks;S2.19 已補 7 個 host evidence review outcome lanes;S2.20 已補 7 個 host evidence review handoff packets;S2.21 已補 7 個 host evidence reviewer checklist items;S2.22 已補 7 個 host evidence reviewer outcome lanes;S2.23 已補 7 個 host owner decision candidate packets;S2.24 已補 7 個 host owner decision review checklist items;S2.25 已補 7 個 host owner decision review outcome lanes;S2.26 已補 7 個 host owner decision record draft packets;S2.27 已補 7 個 host owner decision record draft review checklist items;S2.28 已補 7 個 host owner decision record draft review outcome lanes;S2.29 已補 7 個 host owner decision record write-up packets;S2.30 已補 7 個 host owner decision record write-up review checklist items;S2.31 已補 7 個 host owner decision record write-up review outcome lanes;S2.32 已補 7 個 host owner decision record formal candidate packets;S2.33 已補 7 個 host owner decision record formal candidate review checklist items;S2.34 已補 8 個 host owner decision record formal candidate review outcome lanes;S2.35 已補 8 個 host owner decision record formal record queue packets;S2.36 已補 8 個 host owner decision record formal record queue review checklist items;S2.37 已補 8 個 host owner decision record formal record queue review outcome lanes;S2.38 已補 8 個 host owner decision record human handoff readiness packets;S2.39 已補 8 個 host owner decision record human handoff readiness review checklist items;S2.40 已補 9 個 host owner decision record human handoff readiness review outcome lanes;S2.41 已補 9 個 host owner decision record human record owner review candidate packets;S2.42 已補 9 個 host owner decision record human record owner review candidate checklist items;S2.43 已補 9 個 host owner decision record human record owner review candidate outcome lanes;S2.44 已補 9 個 host owner decision record human record owner review preparation packets;S2.45 已補 9 個 host owner decision record human record owner review preparation checklist items;S2.46 已補 6 條 progress acceleration lanes,顯示 58% holding 原因與下一個高層解鎖 gate;S2.47 已補 4 個 owner response next-action focus items,顯示 S4.9 為下一個收件焦點且 S4.10-S4.12 依序排隊;S2.48 已補 6 個 S4.9 owner response preflight checks,讓下一個 P0 owner response 的可收件條件可見;S2.49 已補 5 個 S4.9 owner response request templates,讓 owner 要逐項回覆的五題可見;S2.50 已補 5 個 progress hold movement gates,解釋為什麼 58% 仍維持且五個真實 movement signal 都是 0 / false;S2.51 已補 6 個 AwoooP read-only landing readiness items,讓另一個 AwoooP Session 可照 snapshot / evidence / guard / route / forbidden outputs 接入;S2.52 已補 6 個 AwoooP cross-session handoff packets,固定 PR / branch anchor、progress semantics、guard commands、forbidden runtime actions、read-only inputs 與 next coordination gate;S2.53 已把 IwoooS / security mirror 狀態放進 AwoooP 首頁只讀候選面板,顯示 58%、86-88%、35-40%、active gates 0 與四個接入檢查;S2.54 已把 IwoooS / security mirror 狀態放進 AwoooP 工作鏈路觀察項;仍不新增 action button |
|
||||
| IwoooS posture projection | S2.9 已新增 `iwooos_posture_projection_v1`;S2.10-S2.140 已完成前台資安入口、主機覆蓋、owner evidence、AwoooP read-only landing readiness、跨 Session handoff、全產品只讀 rollout 與人工審查候選預檢補件重試門檻;2026-05-25 已將 AwoooP 正式只讀 landing evidence 納入重估,headline 顯示 61%、framework 86-88%、runtime / ingestion / GitHub primary / AwoooP production landing 40-45%、AwoooP landing evidence=1、active gates 0;仍不新增 action button、不接 execution router、不開 runtime gate |
|
||||
| IwoooS 正式紀錄負責人檢查清單 | S2.93 已在 `/iwooos` 顯示人工決策正式紀錄負責人檢查清單;檢查項=8、通過=0、已指派=0、正式紀錄=0、已批准=0、執行期閘門=0;`owner_response_formal_record_owner_review_checklist_only=true`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`action_buttons_allowed=false`、`not_authorization=true`,仍不代表紀錄負責人指派、正式紀錄、人工批准、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| IwoooS 正式紀錄負責人檢查結果分流 | S2.94 已在 `/iwooos` 顯示人工決策正式紀錄負責人檢查結果分流;分流=8、可進人工指派確認=0、已指派=0、正式紀錄=0、已批准=0、執行期閘門=0;`owner_response_formal_record_owner_review_outcome_only=true`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`action_buttons_allowed=false`、`not_authorization=true`,仍不代表紀錄負責人指派、正式紀錄、人工批准、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| IwoooS 正式紀錄負責人指派確認準備包 | S2.95 已在 `/iwooos` 顯示人工決策正式紀錄負責人指派確認準備包;準備包=8、可確認=0、已指派=0、正式紀錄=0、已批准=0、執行期閘門=0;`owner_response_formal_record_owner_assignment_preparation_only=true`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`action_buttons_allowed=false`、`not_authorization=true`,仍不代表紀錄負責人指派、正式紀錄、人工批准、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
@@ -43,7 +43,7 @@
|
||||
| IwoooS 正式紀錄負責人指派確認結果分流 | S2.97 已在 `/iwooos` 顯示人工決策正式紀錄負責人指派確認結果分流;分流=8、可進人工指派決策=0、已指派=0、正式紀錄=0、已批准=0、執行期閘門=0;`owner_response_formal_record_owner_assignment_outcome_only=true`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`action_buttons_allowed=false`、`not_authorization=true`,仍不代表紀錄負責人指派、正式紀錄、人工批准、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| IwoooS 正式紀錄負責人指派決策準備包 | S2.98 已在 `/iwooos` 顯示人工決策正式紀錄負責人指派決策準備包;準備包=8、可進決策=0、已決策=0、已指派=0、正式紀錄=0、已批准=0、執行期閘門=0;`owner_response_formal_record_owner_assignment_decision_preparation_only=true`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`action_buttons_allowed=false`、`not_authorization=true`,仍不代表紀錄負責人指派、正式紀錄、人工批准、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| IwoooS 正式紀錄負責人指派決策檢查清單 | S2.99 已在 `/iwooos` 顯示人工決策正式紀錄負責人指派決策檢查清單;檢查項=8、通過=0、已決策=0、已指派=0、正式紀錄=0、已批准=0、執行期閘門=0;`owner_response_formal_record_owner_assignment_decision_checklist_only=true`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`action_buttons_allowed=false`、`not_authorization=true`,仍不代表紀錄負責人指派、正式紀錄、人工批准、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| IwoooS 58% 重估驗收閘門 | S2.100 已在 `/iwooos` 顯示 headline 重估判定板;重估項=6、移動訊號=0/5、S4.9 accepted=0/5、重估紀錄=未開;`headline_percent_after_this_stage=58`、`headline_movement_signal_count=0`、`owner_response_acceptance_gate_open=false`、`progress_review_authorized=false`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`action_buttons_allowed=false`、`not_authorization=true`,仍不代表負責人回覆已收到 / 已接受、脫敏匯入完成、人工批准、GitHub 主要來源切換、AwoooP production landing、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| IwoooS 61% 重估驗收紀錄 | S2.100 已在 `/iwooos` 顯示 headline 重估判定板;本次 AwoooP production landing evidence=1,headline 從 58% 保守重估為 61%;`headline_percent_after_this_stage=61`、`headline_movement_signal_count=1`、`owner_response_acceptance_gate_open=false`、`progress_review_authorized=true`、`execution_router_linked=false`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`action_buttons_allowed=false`、`not_authorization=true`,仍不代表負責人回覆已收到 / 已接受、脫敏匯入完成、人工批准、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| IwoooS S4.9 人工收件工作單 | S2.101 已在 `/iwooos` 顯示 S4.9 Owner Response 人工收件工作單;收件項=5、每項必填欄位=6、已收到=0、已接受=0、已拒收=0;`s4_9_owner_response_request_sent=false`、`s4_9_owner_response_intake_open=false`、`owner_response_acceptance_gate_open=false`、`audit_events_emitted=0`、`progress_review_authorized=false`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`action_buttons_allowed=false`、`not_authorization=true`,仍不代表 request sent、owner response received / accepted、audit event emitted、人工批准、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| IwoooS S4.9 回覆封套欄位 | S2.102 已在 `/iwooos` 顯示 S4.9 負責人回覆封套欄位;欄位=6、已填=0、已提交=0、已接受=0、已拒收=0;`s4_9_owner_response_envelope_field_count=6`、`s4_9_owner_response_envelope_filled_count=0`、`s4_9_owner_response_envelope_submitted_count=0`、`s4_9_owner_response_envelope_accepted_count=0`、`s4_9_owner_response_request_sent=false`、`owner_response_acceptance_gate_open=false`、`audit_events_emitted=0`、`progress_review_authorized=false`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`action_buttons_allowed=false`、`not_authorization=true`,仍不代表 request sent、owner response submitted / received / accepted、audit event emitted、人工批准、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| IwoooS S4.9 送件前檢查 | S2.103 已在 `/iwooos` 顯示 S4.9 負責人回覆封套送件前檢查;檢查項=6、通過=0、可送件=0、已提交=0、已接受=0;`s4_9_owner_response_envelope_preflight_check_count=6`、`s4_9_owner_response_envelope_preflight_passed_count=0`、`s4_9_owner_response_envelope_ready_to_submit_count=0`、`s4_9_owner_response_envelope_submitted_count=0`、`s4_9_owner_response_envelope_accepted_count=0`、`s4_9_owner_response_request_sent=false`、`owner_response_acceptance_gate_open=false`、`audit_events_emitted=0`、`progress_review_authorized=false`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`action_buttons_allowed=false`、`not_authorization=true`,仍不代表 request sent、owner response submitted / received / accepted、audit event emitted、人工批准、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
@@ -56,7 +56,7 @@
|
||||
| 安全合規低摩擦分階段收斂 | S2.110 已在 `/security-compliance` 顯示觀測與盤點、補齊證據、人工審查、批准後開閘、逐步收嚴五個階段;`security_compliance_rollout_phase_count=5`、`security_compliance_rollout_current_phase=observe_first`、`security_compliance_rollout_runtime_phase_enabled=false`、`security_compliance_rollout_enforcement_enabled=false`、`security_compliance_rollout_action_buttons_allowed=false`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`not_authorization=true`,仍不代表 runtime 授權、審批、掃描、修復、部署、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| IwoooS 低摩擦分階段收斂主控 | S2.111 已在 `/iwooos` 顯示觀測與盤點、補齊證據、人工審查、批准後開閘、逐步收嚴五個階段,並把安全合規 S2.110 的低摩擦策略同步回主入口;`iwooos_rollout_phase_count=5`、`iwooos_rollout_current_phase=observe_first`、`iwooos_rollout_frontstage_source=security_compliance_s2_110`、`iwooos_rollout_runtime_phase_enabled=false`、`iwooos_rollout_enforcement_enabled=false`、`iwooos_rollout_action_buttons_allowed=false`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`not_authorization=true`,仍不代表 runtime 授權、審批、掃描、修復、部署、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| IwoooS 低摩擦下一步行動邊界 | S2.112 已在 `/iwooos` 顯示只讀盤點與姿態整理、脫敏證據包、人工審查準備、執行期仍關閉四類行動;`iwooos_next_action_item_count=4`、`iwooos_next_action_allowed_mode=observe_and_evidence_only`、`iwooos_next_action_runtime_gate_required=true`、`iwooos_next_action_scan_authorized=false`、`iwooos_next_action_host_change_authorized=false`、`iwooos_next_action_deploy_authorized=false`、`iwooos_next_action_source_control_mutation_authorized=false`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`not_authorization=true`,仍不代表 runtime 授權、審批、掃描、修復、部署、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| IwoooS 58% 進度移動訊號驗收條 | S2.113 已在 `/iwooos` 顯示負責人回覆接受、脫敏證據匯入、執行期閘門、GitHub 主要來源就緒、AwoooP 落地證據五個 headline movement signals;`iwooos_progress_movement_signal_count=5`、`iwooos_progress_current_headline_percent=58`、`iwooos_progress_owner_response_accepted_count=0`、`iwooos_progress_redacted_payload_ingested=false`、`iwooos_progress_active_runtime_gate_count=0`、`iwooos_progress_github_primary_ready_count=0`、`iwooos_progress_awooop_landing_evidence_count=0`、`iwooos_progress_review_authorized=false`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`not_authorization=true`,仍不代表 headline review 授權、runtime 授權、審批、掃描、修復、部署、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| IwoooS 61% 進度移動訊號驗收條 | S2.113 已在 `/iwooos` 顯示負責人回覆接受、脫敏證據匯入、執行期閘門、GitHub 主要來源就緒、AwoooP 落地證據五個 headline movement signals;`iwooos_progress_movement_signal_count=5`、`iwooos_progress_current_headline_percent=61`、`iwooos_progress_owner_response_accepted_count=0`、`iwooos_progress_redacted_payload_ingested=false`、`iwooos_progress_active_runtime_gate_count=0`、`iwooos_progress_github_primary_ready_count=0`、`iwooos_progress_awooop_landing_evidence_count=1`、`iwooos_progress_review_authorized=true`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`not_authorization=true`,仍不代表 runtime 授權、審批、掃描、修復、部署、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| IwoooS 第一個進度解鎖路徑 | S2.114 已在 `/iwooos` 顯示 S4.9 負責人回覆的第一個進度解鎖路徑:收到負責人回覆、補齊脫敏證據參照、通過收件預檢、審查接受、成為進度審查候選五步;`iwooos_first_unlock_path_step_count=5`、`iwooos_first_unlock_path_current_focus=s4_9_owner_response`、`iwooos_first_unlock_path_owner_response_received_count=0`、`iwooos_first_unlock_path_owner_response_accepted_count=0`、`iwooos_first_unlock_path_redacted_evidence_pointer_count=0`、`iwooos_first_unlock_path_intake_preflight_passed_count=0`、`iwooos_first_unlock_path_headline_review_authorized=false`、`iwooos_first_unlock_path_runtime_gate_opened=false`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`not_authorization=true`,仍不代表送件完成、回覆已收到、headline review 授權、runtime 授權、審批、掃描、修復、部署、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| IwoooS 第一解鎖證據包 | S2.115 已在 `/iwooos` 顯示 S4.9 第一解鎖證據包:負責人判定 metadata、範圍與來源參照、脫敏聲明、收件預檢軌跡、審查接受摘要五個欄位;`iwooos_first_unlock_evidence_packet_slot_count=5`、`iwooos_first_unlock_evidence_packet_current_focus=s4_9_owner_response`、`iwooos_first_unlock_evidence_packet_filled_count=0`、`iwooos_first_unlock_evidence_packet_accepted_count=0`、`iwooos_first_unlock_evidence_packet_redacted_pointer_required=true`、`iwooos_first_unlock_evidence_packet_raw_payload_allowed=false`、`iwooos_first_unlock_evidence_packet_secret_value_allowed=false`、`iwooos_first_unlock_evidence_packet_headline_review_authorized=false`、`iwooos_first_unlock_evidence_packet_runtime_gate_opened=false`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`not_authorization=true`,仍不代表送件完成、回覆已收到、證據已補齊、審查已接受、headline review 授權、runtime 授權、掃描、修復、部署、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| IwoooS 第一解鎖證據包預檢分流 | S2.116 已在 `/iwooos` 顯示第一解鎖證據包預檢結果分流:可進人工審查、要求補 owner metadata、要求補範圍參照、隔離 raw payload、拒收機密明文值、等待 reviewer 接受六條分流;`iwooos_first_unlock_evidence_packet_preflight_outcome_lane_count=6`、`iwooos_first_unlock_evidence_packet_preflight_ready_for_review_count=0`、`iwooos_first_unlock_evidence_packet_preflight_needs_supplement_count=0`、`iwooos_first_unlock_evidence_packet_preflight_quarantined_count=0`、`iwooos_first_unlock_evidence_packet_preflight_rejected_count=0`、`iwooos_first_unlock_evidence_packet_review_accepted_count=0`、`iwooos_first_unlock_evidence_packet_headline_review_authorized=false`、`iwooos_first_unlock_evidence_packet_runtime_gate_opened=false`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`not_authorization=true`,仍不代表證據已補齊、審查已接受、headline review 授權、runtime 授權、掃描、修復、部署、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
@@ -69,7 +69,7 @@
|
||||
| IwoooS 目前具體工作地圖 | S2.123 已在 `/iwooos` 顯示目前具體工作地圖:前台資安入口與使用者可視化、主機與範圍盤點框架、GitHub / Gitea 版本來源遷移準備、S4.9 負責人回覆與脫敏證據收件、reviewer / 人工審查流程、runtime 掃描修復部署與主機變更六條;`iwooos_concrete_security_workstream_count=6`、`iwooos_concrete_security_visible_workstream_count=6`、`iwooos_concrete_security_framework_only_stream_count=6`、`iwooos_concrete_security_runtime_workstream_count=0`、`iwooos_concrete_security_next_real_gate=s4_9_owner_response_accepted`、`iwooos_concrete_security_owner_response_received_count=0`、`iwooos_concrete_security_owner_response_accepted_count=0`、`iwooos_concrete_security_redacted_payload_ingested=false`、`iwooos_concrete_security_active_runtime_gate_count=0`、`iwooos_concrete_security_github_primary_ready_count=0`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`not_authorization=true`,仍不代表 owner response 已收到、證據已接受、headline review 授權、runtime 授權、掃描、修復、部署、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新、repo / refs / workflow / secret 操作或執行期授權 |
|
||||
| IwoooS 目前具體交付清單 | S2.124 已在 `/iwooos` 顯示目前具體交付清單:IwoooS 前台可見工作台、主機範圍與證據欄位、GitHub / Gitea 遷移證據、S4.9 第一解鎖證據包、人工 reviewer 準備序列、runtime 開閘條件六項;`iwooos_concrete_security_delivery_item_count=6`、`iwooos_concrete_security_delivery_visible_item_count=6`、`iwooos_concrete_security_delivery_framework_only_count=6`、`iwooos_concrete_security_delivery_runtime_item_count=0`、`iwooos_concrete_security_delivery_next_owner_evidence=s4_9_owner_response`、`iwooos_concrete_security_delivery_ready_for_runtime_count=0`、`iwooos_concrete_security_delivery_evidence_received_count=0`、`iwooos_concrete_security_delivery_evidence_accepted_count=0`、`iwooos_concrete_security_delivery_reviewer_queue_open=false`、`iwooos_concrete_security_delivery_git_primary_ready=false`、`iwooos_concrete_security_delivery_kali_execution_ready=false`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`not_authorization=true`,仍不代表 owner response 已收到、證據已接受、reviewer queue 已開、headline review 授權、runtime 授權、掃描、修復、部署、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新、repo / refs / workflow / secret 操作或執行期授權 |
|
||||
| IwoooS 目前阻塞與解除條件 | S2.125 已在 `/iwooos` 顯示目前阻塞與解除條件:S4.9 owner response 尚未收到、脫敏證據參照尚未成立、reviewer queue 仍關閉、GitHub primary readiness 未成立、主機證據仍待收件、runtime gate 未開六個阻塞;`iwooos_concrete_security_blocker_count=6`、`iwooos_concrete_security_visible_blocker_count=6`、`iwooos_concrete_security_headline_blocker_count=6`、`iwooos_concrete_security_blocker_resolved_count=0`、`iwooos_concrete_security_first_resolvable_blocker=s4_9_owner_response_missing`、`iwooos_concrete_security_owner_response_required=true`、`iwooos_concrete_security_redacted_evidence_required=true`、`iwooos_concrete_security_reviewer_queue_open=false`、`iwooos_concrete_security_github_primary_ready=false`、`iwooos_concrete_security_kali_execution_ready=false`、`iwooos_concrete_security_runtime_gate_open=false`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`not_authorization=true`,仍不代表 owner response 已收到、證據已接受、reviewer queue 已開、headline review 授權、runtime 授權、掃描、修復、部署、GitHub 主要來源切換、Gitea 停用、Kali / SSH / 主機更新、repo / refs / workflow / secret 操作或執行期授權 |
|
||||
| IwoooS 三軸進度與全產品套用範圍 | S2.126 已在 `/iwooos` 顯示三軸進度與全產品套用範圍:整體加權 58%、框架建置 86-88%、落地執行 35-40%、所有產品第一階段只套只讀治理;`iwooos_three_axis_progress_product_scope_count=6`、`iwooos_three_axis_progress_all_products_read_only=true`、`iwooos_three_axis_progress_runtime_product_rollout_count=0`、`iwooos_three_axis_progress_first_runtime_gate=s4_9_owner_response_accepted`、`iwooos_three_axis_progress_owner_response_accepted_count=0`、`iwooos_three_axis_progress_active_runtime_gate_count=0`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`not_authorization=true`,仍不代表 owner response 已收到、runtime gate、Kali / SSH / 主機更新、repo / refs / workflow / secret 操作、GitHub 主要來源切換、Gitea 停用或正式部署 |
|
||||
| IwoooS 三軸進度與全產品套用範圍 | S2.126 已在 `/iwooos` 顯示三軸進度與全產品套用範圍:整體加權 61%、框架建置 86-88%、落地執行 40-45%、所有產品第一階段只套只讀治理;`iwooos_three_axis_progress_product_scope_count=6`、`iwooos_three_axis_progress_all_products_read_only=true`、`iwooos_three_axis_progress_runtime_product_rollout_count=0`、`iwooos_three_axis_progress_first_runtime_gate=s4_9_owner_response_accepted`、`iwooos_three_axis_progress_owner_response_accepted_count=0`、`iwooos_three_axis_progress_active_runtime_gate_count=0`、`iwooos_three_axis_progress_production_deploy_count=1`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`not_authorization=true`,仍不代表 owner response 已收到、runtime gate、Kali / SSH / 主機更新、repo / refs / workflow / secret 操作、GitHub 主要來源切換或 Gitea 停用 |
|
||||
| IwoooS 全產品分階段套用台帳 | S2.127 已在 `/iwooos` 顯示全產品分階段套用台帳:核心產品、公開網站、版本來源、主機覆蓋、監控工具與未來產品拆成 W0-W5 六個只讀 rollout waves;`iwooos_product_rollout_wave_count=6`、`iwooos_product_rollout_all_products_count=6`、`iwooos_product_rollout_current_wave=read_only_visibility`、`iwooos_product_rollout_runtime_wave_count=0`、`iwooos_product_rollout_enforcement_wave_count=0`、`iwooos_product_rollout_owner_response_accepted_count=0`、`iwooos_product_rollout_active_runtime_gate_count=0`、`iwooos_product_rollout_all_products_read_only=true`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`not_authorization=true`,仍不代表 owner response 已收到、runtime gate、Kali / SSH / 主機更新、repo / refs / workflow / secret 操作、GitHub 主要來源切換、Gitea 停用或正式部署 |
|
||||
| IwoooS 全產品 rollout 波次驗收門檻 | S2.128 已在 `/iwooos` 顯示全產品 rollout 波次驗收門檻:只讀可視證據、負責人證據、脫敏審查、版本來源證明、主機安全窗口、回復與停用條件六個 gates;`iwooos_product_rollout_acceptance_gate_count=6`、`iwooos_product_rollout_acceptance_current_stage=read_only_acceptance`、`iwooos_product_rollout_acceptance_passed_count=0`、`iwooos_product_rollout_acceptance_owner_response_received_count=0`、`iwooos_product_rollout_acceptance_owner_response_accepted_count=0`、`iwooos_product_rollout_acceptance_runtime_gate_open=false`、`iwooos_product_rollout_acceptance_runtime_wave_count=0`、`iwooos_product_rollout_acceptance_enforcement_wave_count=0`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`not_authorization=true`,仍不代表 owner response 已收到、runtime gate、Kali / SSH / 主機更新、repo / refs / workflow / secret 操作、GitHub 主要來源切換、Gitea 停用或正式部署 |
|
||||
| IwoooS 全產品 rollout 驗收結果分流 | S2.129 已在 `/iwooos` 顯示全產品 rollout 驗收結果分流:維持只讀、退回補證、隔離敏感、版本待證、主機暫停、待人工審與 runtime 未開七條 outcomes;`iwooos_product_rollout_acceptance_outcome_lane_count=7`、`iwooos_product_rollout_acceptance_outcome_current_stage=read_only_outcome_routing`、`iwooos_product_rollout_acceptance_outcome_returned_for_evidence_count=0`、`iwooos_product_rollout_acceptance_outcome_quarantined_count=0`、`iwooos_product_rollout_acceptance_outcome_human_review_candidate_count=0`、`iwooos_product_rollout_acceptance_outcome_runtime_candidate_count=0`、`iwooos_product_rollout_acceptance_outcome_owner_response_accepted_count=0`、`iwooos_product_rollout_acceptance_outcome_active_runtime_gate_count=0`、`runtime_execution_authorized=false`、`active_runtime_gate_count=0`、`not_authorization=true`,仍不代表 owner response 已收到、runtime gate、Kali / SSH / 主機更新、repo / refs / workflow / secret 操作、GitHub 主要來源切換、Gitea 停用或正式部署 |
|
||||
@@ -131,13 +131,13 @@
|
||||
目前進度不是以「強制防護開了多少」計算,而是以統帥指定的低摩擦路線拆成兩層:
|
||||
|
||||
1. 框架期約 86-88%:36 個主要 contract 已有 33 個 ready、2 個 partial、1 個 contract-only、0 blocked,表示治理骨架、只讀 evidence、人工批准語義、AwoooP mirror-only 接口與 IwoooS 前端投影已接近完整,且 S2.140 已把全產品只讀套用範圍推進到人工審查候選預檢補件重試門檻。
|
||||
2. 落地期約 35-40%:owner responses 仍為 0、active runtime gate 為 0、payload ingestion 為 false、GitHub primary ready 為 0、AwoooP production ingestion 尚未啟用。
|
||||
2. 落地期約 40-45%:AwoooP production read-only landing evidence 已成立;owner responses 仍為 0、active runtime gate 為 0、payload ingestion 為 false、GitHub primary ready 為 0,仍未啟用 execution router。
|
||||
|
||||
因此跨 Session 採用 **58%** 作為目前整體進度。這代表「框架健康、尚未過度收緊」,不是 runtime enforcement 或 primary cutover 授權。
|
||||
因此跨 Session 採用 **61%** 作為目前整體進度。這代表「框架健康、AwoooP 正式只讀入口已落地、尚未過度收緊」,不是 runtime enforcement 或 primary cutover 授權。
|
||||
|
||||
## 1.2 為什麼 58% 看起來沒動
|
||||
## 1.2 為什麼從 58% 重估到 61%
|
||||
|
||||
58% 是 headline progress,只在高層 gate 真正改變時調整。最近幾輪 S4.10、S4.11、S4.12、S4.13 與 S1.3 的工作確實有前進,但屬於框架細節、顯示順序、收件安全與低摩擦分流,不會直接推高 headline。
|
||||
headline progress 只在高層 gate 真正改變時調整。AwoooP production read-only landing 已有 commit、CD 與正式站路由證據,因此本次從 58% 保守重估到 61%;最近幾輪 S4.10、S4.11、S4.12、S4.13 與 S1.3 的工作仍屬於框架細節、顯示順序、收件安全與低摩擦分流,不會再直接推高 headline。
|
||||
|
||||
| 最近完成 | 進度軸 | headline delta | 為什麼整體百分比不變 |
|
||||
|----------|--------|----------------|----------------------|
|
||||
@@ -219,8 +219,8 @@
|
||||
| S2.47 IwoooS owner response next-action focus | framework detail | 0 | 只顯示 S4.9 為下一個 owner response 收件焦點,S4.10 / S4.11 / S4.12 依序排隊;received、accepted、rejected、audit emitted、approval record、runtime gate、repo / refs mutation、secret value collection 與 action button 仍全部鎖住 |
|
||||
| S2.48 IwoooS S4.9 owner response preflight | framework detail | 0 | 只顯示 S4.9 六個收件前檢查與 failure lanes;request sent、received、accepted、rejected、preflight passed、audit emitted、Gitea write、repo / refs mutation、runtime gate、GitHub primary 與 action button 仍全部鎖住 |
|
||||
| S2.49 IwoooS S4.9 owner response request templates | framework detail | 0 | 只顯示 S4.9 五個 request-ready-not-sent templates;request sent、received、accepted、rejected、audit emitted、Gitea inventory completed、Gitea write、repo / refs mutation、token collection、runtime gate、GitHub primary 與 action button 仍全部鎖住 |
|
||||
| S2.50 IwoooS progress hold movement gates | framework detail | 0 | 只顯示 58% 維持的五個實質門檻;owner response accepted、redacted payload ingestion、active runtime gate、GitHub primary ready、AwoooP read-only landing 仍全部為 0 / false,不把 gate 顯示當授權、進度加分或 action button |
|
||||
| S2.51 IwoooS AwoooP read-only landing readiness | framework detail | 0 | 只顯示 AwoooP 只讀接入前的六個條件;production_landing_enabled=false、execution_router_linked=false、progress_change_applied=false,不把 readiness 當 production consumption、guard skip、runtime gate 或 action button |
|
||||
| S2.50 IwoooS progress hold movement gates | framework detail | 0 | 只顯示 61% 的五個實質門檻;AwoooP read-only landing 已成為第一個 evidence=1,owner response accepted、redacted payload ingestion、active runtime gate、GitHub primary ready 仍為 0 / false,不把 gate 顯示當授權或 action button |
|
||||
| S2.51 IwoooS AwoooP read-only landing readiness | framework detail | 0 | AwoooP 只讀接入條件已以正式站證據完成 production read-only landing;execution_router_linked=false、runtime_execution_authorized=false,不把 landing evidence 當 guard skip、runtime gate 或 action button |
|
||||
| S2.52 IwoooS AwoooP cross-session handoff packets | framework detail | 0 | 只顯示另一個 Session 接手前的 PR / branch、進度語義、guard commands、runtime 禁止動作、只讀輸入與下一個協調 gate;production_landing_enabled=false、execution_router_linked=false、progress_change_applied=false,不把 handoff 當 merge、deploy、primary switch、refs mutation、guard skip 或 production consumption |
|
||||
| S2.53 AwoooP home IwoooS security mirror candidate | framework detail | 0 | 只把 IwoooS / security mirror 狀態放進 AwoooP 首頁只讀候選面板;production_landing_enabled=false、execution_router_linked=false、runtime_execution_authorized=false、action_buttons_allowed=false,不把候選面板當 production landing、runtime gate、execution router 或 action button |
|
||||
| S2.54 AwoooP work-items IwoooS security mirror candidate | framework detail | 0 | 只把 IwoooS / security mirror 狀態放進 AwoooP 工作鏈路觀察項;production_landing_enabled=false、execution_router_linked=false、runtime_execution_authorized=false、action_buttons_allowed=false,不把觀察項當 production landing、runtime gate、execution router、scan、execute、repair、deploy、primary switch 或 refs action |
|
||||
@@ -268,7 +268,7 @@
|
||||
| S2.97 IwoooS 人工決策正式紀錄負責人指派確認結果分流 | framework detail | 0 | 只在 `/iwooos` 顯示人工決策正式紀錄負責人指派確認結果分流,呈現分流=8、可進人工指派決策=0、已指派=0、正式紀錄=0、已批准=0、執行期閘門=0;owner_response_formal_record_owner_assignment_outcome_only=true、owner_response_formal_record_owner_assignment_authorized=false、owner_response_formal_record_write_authorized=false、owner_response_formal_record_approval_authorized=false、owner_response_formal_record_execution_authorized=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把指派確認結果分流當紀錄負責人指派、正式紀錄、人工批准、審批紀錄、執行期閘門、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| S2.98 IwoooS 人工決策正式紀錄負責人指派決策準備包 | framework detail | 0 | 只在 `/iwooos` 顯示人工決策正式紀錄負責人指派決策準備包,呈現準備包=8、可進決策=0、已決策=0、已指派=0、正式紀錄=0、已批准=0、執行期閘門=0;owner_response_formal_record_owner_assignment_decision_preparation_only=true、owner_response_formal_record_owner_assignment_authorized=false、owner_response_formal_record_write_authorized=false、owner_response_formal_record_approval_authorized=false、owner_response_formal_record_execution_authorized=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把指派決策準備包當紀錄負責人指派、正式紀錄、人工批准、審批紀錄、執行期閘門、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| S2.99 IwoooS 人工決策正式紀錄負責人指派決策檢查清單 | framework detail | 0 | 只在 `/iwooos` 顯示人工決策正式紀錄負責人指派決策檢查清單,呈現檢查項=8、通過=0、已決策=0、已指派=0、正式紀錄=0、已批准=0、執行期閘門=0;owner_response_formal_record_owner_assignment_decision_checklist_only=true、owner_response_formal_record_owner_assignment_authorized=false、owner_response_formal_record_write_authorized=false、owner_response_formal_record_approval_authorized=false、owner_response_formal_record_execution_authorized=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把指派決策檢查清單當紀錄負責人指派、正式紀錄、人工批准、審批紀錄、執行期閘門、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| S2.100 IwoooS 58% 重估驗收閘門 | framework detail | 0 | 只在 `/iwooos` 顯示 58% 重估驗收閘門,呈現 S4.9 負責人回覆驗收、脫敏 payload 匯入驗收、執行期閘門人工批准、GitHub 主要來源就緒證據、AwoooP 正式只讀消費證據與下一次 headline review record 六個判定項;headline_percent_after_this_stage=58、headline_movement_signal_count=0、owner_response_received_count=0、owner_response_accepted_count=0、owner_response_acceptance_gate_open=false、redacted_payload_ingested=false、active_runtime_gate_count=0、github_primary_ready_count=0、production_landing_enabled=false、progress_review_authorized=false、runtime_execution_authorized=false、action_buttons_allowed=false、not_authorization=true,不把重估驗收閘門當負責人回覆已收到 / 已接受、脫敏匯入完成、人工批准、審批紀錄、執行期閘門、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、AwoooP production landing、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| S2.100 IwoooS 61% 重估驗收紀錄 | framework detail | 0 | 只在 `/iwooos` 顯示 61% 重估驗收紀錄,呈現 S4.9 負責人回覆驗收、脫敏 payload 匯入驗收、執行期閘門人工批准、GitHub 主要來源就緒證據、AwoooP 正式只讀消費證據與本次 headline review record 六個判定項;headline_percent_after_this_stage=61、headline_movement_signal_count=1、awooop_read_only_production_landing_evidence_count=1、owner_response_received_count=0、owner_response_accepted_count=0、owner_response_acceptance_gate_open=false、redacted_payload_ingested=false、active_runtime_gate_count=0、github_primary_ready_count=0、execution_router_linked=false、progress_review_authorized=true、runtime_execution_authorized=false、action_buttons_allowed=false、not_authorization=true,不把重估驗收紀錄當負責人回覆已收到 / 已接受、脫敏匯入完成、人工批准、審批紀錄、執行期閘門、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| S2.101 IwoooS S4.9 Owner Response 人工收件工作單 | framework detail | 0 | 只在 `/iwooos` 顯示 S4.9 Owner Response 人工收件工作單,呈現 public-only / local gap 回覆、Gitea wooo endpoint 身分回覆、110 adjacent source scope 回覆、repo owner / canonical scope 回覆、legacy / inaccessible disposition 回覆五個收件項;s4_9_owner_response_work_order_item_count=5、s4_9_owner_response_required_field_count=6、s4_9_owner_response_received_count=0、s4_9_owner_response_accepted_count=0、s4_9_owner_response_rejected_count=0、s4_9_owner_response_request_sent=false、s4_9_owner_response_intake_open=false、owner_response_acceptance_gate_open=false、audit_events_emitted=0、progress_review_authorized=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把人工收件工作單當 request sent、owner response received / accepted、audit event emitted、人工批准、審批紀錄、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| S2.102 IwoooS S4.9 負責人回覆封套欄位 | framework detail | 0 | 只在 `/iwooos` 顯示 S4.9 負責人回覆封套欄位,呈現負責人角色 / 團隊、判定 / 處置、判定理由、受影響範圍、脫敏證據參照、後續負責人六個必填欄位;s4_9_owner_response_envelope_field_count=6、s4_9_owner_response_envelope_filled_count=0、s4_9_owner_response_envelope_submitted_count=0、s4_9_owner_response_envelope_accepted_count=0、s4_9_owner_response_envelope_rejected_count=0、s4_9_owner_response_request_sent=false、s4_9_owner_response_received_count=0、s4_9_owner_response_accepted_count=0、owner_response_acceptance_gate_open=false、audit_events_emitted=0、progress_review_authorized=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把回覆封套欄位當 request sent、owner response submitted / received / accepted、audit event emitted、人工批准、審批紀錄、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| S2.103 IwoooS S4.9 負責人回覆封套送件前檢查 | framework detail | 0 | 只在 `/iwooos` 顯示 S4.9 負責人回覆封套送件前檢查,呈現六欄完整檢查、判定值允許檢查、脫敏證據檢查、範圍追溯檢查、變更要求拒收檢查、後續負責人追溯檢查六個檢查項;s4_9_owner_response_envelope_preflight_check_count=6、s4_9_owner_response_envelope_preflight_passed_count=0、s4_9_owner_response_envelope_ready_to_submit_count=0、s4_9_owner_response_envelope_submitted_count=0、s4_9_owner_response_envelope_accepted_count=0、s4_9_owner_response_request_sent=false、s4_9_owner_response_received_count=0、s4_9_owner_response_accepted_count=0、owner_response_acceptance_gate_open=false、audit_events_emitted=0、progress_review_authorized=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把送件前檢查當 request sent、owner response submitted / received / accepted、audit event emitted、人工批准、審批紀錄、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
@@ -281,7 +281,7 @@
|
||||
| S2.110 安全合規低摩擦分階段收斂 | framework detail | 0 | 只在 `/security-compliance` 顯示低摩擦分階段收斂階梯,把觀測與盤點、補齊證據、人工審查、批准後開閘、逐步收嚴拆成五段;security_compliance_rollout_phase_count=5、security_compliance_rollout_current_phase=observe_first、security_compliance_rollout_runtime_phase_enabled=false、security_compliance_rollout_enforcement_enabled=false、security_compliance_rollout_action_buttons_allowed=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把分階段收斂視覺化當 runtime 授權、審批、掃描、修復、部署、硬性阻擋控制、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| S2.111 IwoooS 低摩擦分階段收斂主控 | framework detail | 0 | 只在 `/iwooos` 顯示低摩擦分階段收斂主控,把安全合規 S2.110 的觀測與盤點、補齊證據、人工審查、批准後開閘、逐步收嚴同步回主入口;iwooos_rollout_phase_count=5、iwooos_rollout_current_phase=observe_first、iwooos_rollout_frontstage_source=security_compliance_s2_110、iwooos_rollout_runtime_phase_enabled=false、iwooos_rollout_enforcement_enabled=false、iwooos_rollout_action_buttons_allowed=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把 IwoooS 主控視覺化當 runtime 授權、審批、掃描、修復、部署、硬性阻擋控制、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| S2.112 IwoooS 低摩擦下一步行動邊界 | framework detail | 0 | 只在 `/iwooos` 顯示低摩擦下一步行動邊界,把只讀盤點與姿態整理、脫敏證據包、人工審查準備、執行期仍關閉四類行動拆開;iwooos_next_action_item_count=4、iwooos_next_action_allowed_mode=observe_and_evidence_only、iwooos_next_action_runtime_gate_required=true、iwooos_next_action_scan_authorized=false、iwooos_next_action_host_change_authorized=false、iwooos_next_action_deploy_authorized=false、iwooos_next_action_source_control_mutation_authorized=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把下一步行動邊界當 runtime 授權、審批、掃描、修復、部署、主機變更、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| S2.113 IwoooS 58% 進度移動訊號驗收條 | framework detail | 0 | 只在 `/iwooos` 顯示 58% 進度移動訊號驗收條,把負責人回覆接受、脫敏證據匯入、執行期閘門、GitHub 主要來源就緒與 AwoooP 落地證據五個訊號拆開;iwooos_progress_movement_signal_count=5、iwooos_progress_current_headline_percent=58、iwooos_progress_owner_response_accepted_count=0、iwooos_progress_redacted_payload_ingested=false、iwooos_progress_active_runtime_gate_count=0、iwooos_progress_github_primary_ready_count=0、iwooos_progress_awooop_landing_evidence_count=0、iwooos_progress_review_authorized=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把進度移動訊號驗收條當 headline review 授權、runtime 授權、審批、掃描、修復、部署、主機變更、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| S2.113 IwoooS 61% 進度移動訊號驗收條 | framework detail | 0 | 只在 `/iwooos` 顯示 61% 進度移動訊號驗收條,把負責人回覆接受、脫敏證據匯入、執行期閘門、GitHub 主要來源就緒與 AwoooP 落地證據五個訊號拆開;iwooos_progress_movement_signal_count=5、iwooos_progress_current_headline_percent=61、iwooos_progress_owner_response_accepted_count=0、iwooos_progress_redacted_payload_ingested=false、iwooos_progress_active_runtime_gate_count=0、iwooos_progress_github_primary_ready_count=0、iwooos_progress_awooop_landing_evidence_count=1、iwooos_progress_review_authorized=true、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把進度移動訊號驗收條當 runtime 授權、審批、掃描、修復、部署、主機變更、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| S2.114 IwoooS 第一個進度解鎖路徑 | framework detail | 0 | 只在 `/iwooos` 顯示第一個進度解鎖路徑,把 58% 下一個可能真正前進的 S4.9 負責人回覆拆成收到負責人回覆、補齊脫敏證據參照、通過收件預檢、審查接受、成為進度審查候選五步;iwooos_first_unlock_path_step_count=5、iwooos_first_unlock_path_current_focus=s4_9_owner_response、iwooos_first_unlock_path_owner_response_received_count=0、iwooos_first_unlock_path_owner_response_accepted_count=0、iwooos_first_unlock_path_redacted_evidence_pointer_count=0、iwooos_first_unlock_path_intake_preflight_passed_count=0、iwooos_first_unlock_path_headline_review_authorized=false、iwooos_first_unlock_path_runtime_gate_opened=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把第一個進度解鎖路徑當送件完成、回覆已收到、headline review 授權、runtime 授權、審批、掃描、修復、部署、主機變更、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| S2.115 IwoooS 第一解鎖證據包 | framework detail | 0 | 只在 `/iwooos` 顯示第一解鎖證據包,把 S4.9 要讓 58% 真正前進所需的負責人判定 metadata、範圍與來源參照、脫敏聲明、收件預檢軌跡、審查接受摘要拆成五個欄位;iwooos_first_unlock_evidence_packet_slot_count=5、iwooos_first_unlock_evidence_packet_current_focus=s4_9_owner_response、iwooos_first_unlock_evidence_packet_filled_count=0、iwooos_first_unlock_evidence_packet_accepted_count=0、iwooos_first_unlock_evidence_packet_redacted_pointer_required=true、iwooos_first_unlock_evidence_packet_raw_payload_allowed=false、iwooos_first_unlock_evidence_packet_secret_value_allowed=false、iwooos_first_unlock_evidence_packet_headline_review_authorized=false、iwooos_first_unlock_evidence_packet_runtime_gate_opened=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把證據包欄位定義當送件完成、回覆已收到、證據已補齊、審查已接受、headline review 授權、runtime 授權、審批、掃描、修復、部署、主機變更、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| S2.116 IwoooS 第一解鎖證據包預檢分流 | framework detail | 0 | 只在 `/iwooos` 顯示第一解鎖證據包預檢分流,把可進審查、補 owner metadata、補範圍參照、隔離 raw payload、拒收機密值、等待 reviewer 六條結果拆開;iwooos_first_unlock_evidence_packet_preflight_outcome_lane_count=6、iwooos_first_unlock_evidence_packet_preflight_ready_for_review_count=0、iwooos_first_unlock_evidence_packet_preflight_needs_supplement_count=0、iwooos_first_unlock_evidence_packet_preflight_quarantined_count=0、iwooos_first_unlock_evidence_packet_preflight_rejected_count=0、iwooos_first_unlock_evidence_packet_review_accepted_count=0、iwooos_first_unlock_evidence_packet_headline_review_authorized=false、iwooos_first_unlock_evidence_packet_runtime_gate_opened=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把預檢分流當證據已補齊、審查已接受、headline review 授權、runtime 授權、審批、掃描、修復、部署、主機變更、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
@@ -294,7 +294,7 @@
|
||||
| S2.123 IwoooS 目前具體工作地圖 | framework detail | 0 | 只在 `/iwooos` 顯示目前具體工作地圖,把前台資安入口與使用者可視化、主機與範圍盤點框架、GitHub / Gitea 版本來源遷移準備、S4.9 負責人回覆與脫敏證據收件、reviewer / 人工審查流程、runtime 掃描修復部署與主機變更六條具體工作流拆開;iwooos_concrete_security_workstream_count=6、iwooos_concrete_security_visible_workstream_count=6、iwooos_concrete_security_framework_only_stream_count=6、iwooos_concrete_security_runtime_workstream_count=0、iwooos_concrete_security_next_real_gate=s4_9_owner_response_accepted、iwooos_concrete_security_owner_response_received_count=0、iwooos_concrete_security_owner_response_accepted_count=0、iwooos_concrete_security_redacted_payload_ingested=false、iwooos_concrete_security_active_runtime_gate_count=0、iwooos_concrete_security_github_primary_ready_count=0、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把具體工作地圖當 owner response 已收到、證據已接受、headline review 授權、runtime 授權、審批、掃描、修復、部署、主機變更、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新、reviewer queue 開啟或執行期授權 |
|
||||
| S2.124 IwoooS 目前具體交付清單 | framework detail | 0 | 只在 `/iwooos` 顯示目前具體交付清單,把 IwoooS 前台可見工作台、主機範圍與證據欄位、GitHub / Gitea 遷移證據、S4.9 第一解鎖證據包、人工 reviewer 準備序列、runtime 開閘條件六項交付拆開;iwooos_concrete_security_delivery_item_count=6、iwooos_concrete_security_delivery_visible_item_count=6、iwooos_concrete_security_delivery_framework_only_count=6、iwooos_concrete_security_delivery_runtime_item_count=0、iwooos_concrete_security_delivery_next_owner_evidence=s4_9_owner_response、iwooos_concrete_security_delivery_ready_for_runtime_count=0、iwooos_concrete_security_delivery_evidence_received_count=0、iwooos_concrete_security_delivery_evidence_accepted_count=0、iwooos_concrete_security_delivery_reviewer_queue_open=false、iwooos_concrete_security_delivery_git_primary_ready=false、iwooos_concrete_security_delivery_kali_execution_ready=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把交付清單當 owner response 已收到、證據已接受、reviewer queue 已開、headline review 授權、runtime 授權、審批、掃描、修復、部署、主機變更、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| S2.125 IwoooS 目前阻塞與解除條件 | framework detail | 0 | 只在 `/iwooos` 顯示目前阻塞與解除條件,把 S4.9 owner response 尚未收到、脫敏證據參照尚未成立、reviewer queue 仍關閉、GitHub primary readiness 未成立、主機證據仍待收件、runtime gate 未開六個阻塞拆開;iwooos_concrete_security_blocker_count=6、iwooos_concrete_security_visible_blocker_count=6、iwooos_concrete_security_headline_blocker_count=6、iwooos_concrete_security_blocker_resolved_count=0、iwooos_concrete_security_first_resolvable_blocker=s4_9_owner_response_missing、iwooos_concrete_security_owner_response_required=true、iwooos_concrete_security_redacted_evidence_required=true、iwooos_concrete_security_reviewer_queue_open=false、iwooos_concrete_security_github_primary_ready=false、iwooos_concrete_security_kali_execution_ready=false、iwooos_concrete_security_runtime_gate_open=false、runtime_execution_authorized=false、active_runtime_gate_count=0、action_buttons_allowed=false、not_authorization=true,不把阻塞解除圖當 owner response 已收到、證據已接受、reviewer queue 已開、headline review 授權、runtime 授權、審批、掃描、修復、部署、主機變更、專案庫建立、分支 / 標籤參照同步、工作流程 / 機密設定修改、主要來源切換、Gitea 停用、Kali / SSH / 主機更新或執行期授權 |
|
||||
| S2.126 IwoooS 三軸進度與全產品套用範圍 | framework detail | 0 | 只在 `/iwooos` 顯示整體加權 58%、框架建置 86-88%、落地執行 35-40% 與六類產品全產品只讀套用範圍;runtime_product_rollout_count=0、owner_response_accepted_count=0、active_runtime_gate_count=0、production_deploy_count=0,不把三軸進度或全產品範圍當 runtime 授權、Kali 執行、主機變更、repo / refs / workflow / secret 操作、GitHub 主要來源切換、Gitea 停用或正式部署 |
|
||||
| S2.126 IwoooS 三軸進度與全產品套用範圍 | framework detail | 0 | 只在 `/iwooos` 顯示整體加權 61%、框架建置 86-88%、落地執行 40-45% 與六類產品全產品只讀套用範圍;runtime_product_rollout_count=0、owner_response_accepted_count=0、active_runtime_gate_count=0、production_deploy_count=1,不把三軸進度或全產品範圍當 runtime 授權、Kali 執行、主機變更、repo / refs / workflow / secret 操作、GitHub 主要來源切換或 Gitea 停用 |
|
||||
| S2.127 IwoooS 全產品分階段套用台帳 | framework detail | 0 | 只在 `/iwooos` 顯示核心產品、公開網站、版本來源、主機覆蓋、監控工具與未來產品六個 read-only rollout waves;runtime_wave_count=0、enforcement_wave_count=0、owner_response_accepted_count=0、active_runtime_gate_count=0,不把全產品 rollout 台帳當 owner response 已收到、runtime 授權、Kali 執行、主機變更、repo / refs / workflow / secret 操作、GitHub 主要來源切換、Gitea 停用或正式部署 |
|
||||
| S2.128 IwoooS 全產品 rollout 波次驗收門檻 | framework detail | 0 | 只在 `/iwooos` 顯示六個 rollout acceptance gates;passed_count=0、owner_response_received_count=0、owner_response_accepted_count=0、runtime_gate_open=false、runtime_wave_count=0、enforcement_wave_count=0,不把驗收門檻當 owner response 已收到、runtime 授權、Kali 執行、主機變更、repo / refs / workflow / secret 操作、GitHub 主要來源切換、Gitea 停用或正式部署 |
|
||||
| S2.129 IwoooS 全產品 rollout 驗收結果分流 | framework detail | 0 | 只在 `/iwooos` 顯示七條 read-only outcome lanes;returned=0、quarantined=0、human_review_candidate=0、runtime_candidate=0、owner_response_accepted=0、active_runtime_gate_count=0,不把結果分流當 owner response 已收到、runtime 授權、Kali 執行、主機變更、repo / refs / workflow / secret 操作、GitHub 主要來源切換、Gitea 停用或正式部署 |
|
||||
|
||||
@@ -5,19 +5,19 @@
|
||||
| 日期 | 2026-05-17 |
|
||||
| 狀態 | S0/S1 read-only evidence 建置中 |
|
||||
| 本階段完成 | 資安供應鏈 contract manifest + Source Control Approval Board + Draft Reconcile Plan + Ref Detail Diff + Ref Truth Classification + Source Control Ref Truth Owner Response 收件包 + GitHub Primary Readiness Gate + GitHub Primary Rollback ADR + GitHub Target Owner Decision Response 收件包 + Gitea 認證清冊匯出請求 + Gitea 認證清冊匯入驗收契約 + Gitea 清冊覆蓋 Owner Attestation + Gitea Owner Attestation Approval Lane 對齊 + Gitea Owner Attestation Response 收件包 + Workflow / Secret Name Inventory + Workflow / Secret Name Local Evidence + Workflow / Secret Name Redacted Export Request + Workflow / Secret Name Owner Response 收件包 + Source Control Owner Response Validation Rollup + Kali 112 live integration status + Security Finding contract + Kali scan scope approval package + Security Approval Queue + S3 人工批准 Gate + S3 人工決策紀錄 + S3 人工審查封包 + S3 人工決策狀態轉移 + S3 後續 runtime gate 準備契約 + 鏡像 readiness index + 鏡像接收計畫 + 鏡像事件信封 + 鏡像路由矩陣 + 鏡像驗收契約 + 鏡像隔離契約 + 鏡像 dry-run 報告契約 + 鏡像狀態彙整契約 + IwoooS 前端態勢入口 + IwoooS posture projection contract + IwoooS 既有前端資安頁面整合 + IwoooS 覆蓋與邊界矩陣 + IwoooS 只讀資安處理旅程 + IwoooS owner evidence readiness board + IwoooS host coverage view + IwoooS host action gate matrix + IwoooS host evidence readiness board + IwoooS host evidence collection order + IwoooS host evidence intake preflight + IwoooS host evidence review outcome lanes + IwoooS host evidence review handoff packets + IwoooS host evidence reviewer checklist + IwoooS host evidence reviewer outcome lanes + IwoooS host owner decision candidate packets + IwoooS host owner decision review checklist + IwoooS host owner decision review outcome lanes + IwoooS host owner decision record draft packets + IwoooS host owner decision record draft review checklist + IwoooS host owner decision record draft review outcome lanes + IwoooS host owner decision record write-up packets + IwoooS host owner decision record write-up review checklist + IwoooS host owner decision record write-up review outcome lanes + IwoooS host owner decision record formal candidate packets + IwoooS host owner decision record formal candidate review checklist + IwoooS host owner decision record formal candidate review outcome lanes + IwoooS host owner decision record formal record queue packets + IwoooS host owner decision record formal record queue review checklist + IwoooS host owner decision record formal record queue review outcome lanes + IwoooS host owner decision record human handoff readiness packets + IwoooS host owner decision record human handoff readiness review checklist + IwoooS host owner decision record human handoff readiness review outcome lanes + IwoooS host owner decision record human record owner review candidate packets + IwoooS host owner decision record human record owner review candidate checklist + IwoooS host owner decision record human record owner review candidate outcome lanes + IwoooS host owner decision record human record owner review preparation packets + IwoooS host owner decision record human record owner review preparation checklist + IwoooS progress acceleration lanes + IwoooS owner response next-action focus + IwoooS S4.9 owner response preflight + IwoooS S4.9 owner response request templates + IwoooS progress hold movement gates + IwoooS AwoooP read-only landing readiness + IwoooS AwoooP cross-session handoff packets + AwoooP 首頁 IwoooS 資安鏡像候選 + AwoooP 工作鏈路 IwoooS 資安鏡像候選 + AwoooP 審批佇列 IwoooS owner response 只讀焦點 |
|
||||
| 本階段追加 | AwoooP 合約儀表板 IwoooS 資安契約只讀候選 + AwoooP 租戶管理 IwoooS 資安租戶範圍只讀候選 + AwoooP 執行監控 IwoooS 執行狀態只讀候選 + 既有安全 / 合規頁面 IwoooS 只讀反向橋接 + 告警 / 錯誤 / 授權 / 治理頁面 IwoooS 只讀反向橋接 + 稽核 / 工程審查頁面 IwoooS 深色只讀反向橋接 + IwoooS 前端資安頁面連接狀態板 + IwoooS GitHub 主要來源就緒度只讀狀態板 + AwoooP 工作鏈路 GitHub 主要來源就緒度只讀工作項 + AwoooP 合約儀表板 GitHub 主要來源就緒度合約只讀候選 + AwoooP 審批佇列 GitHub 主要來源就緒度審批邊界 + AwoooP 首頁 GitHub 主要來源就緒度只讀摘要 + AwoooP 租戶管理 GitHub 主要來源就緒度租戶範圍 + AwoooP 執行監控 GitHub 主要來源就緒度執行邊界 + IwoooS / AwoooP 資安可視區塊繁體中文呈現防護檢查 + AwoooP 執行詳情 / 審批詳情繁體中文呈現防護檢查 + AwoooP 首頁負責人回覆驗收總覽 + AwoooP 工作鏈路負責人回覆驗收只讀工作項 + AwoooP 合約儀表板負責人回覆驗收契約只讀候選 + AwoooP 審批佇列負責人回覆驗收只讀審查邊界 + AwoooP 租戶管理負責人回覆驗收租戶範圍 + AwoooP 執行監控負責人回覆驗收執行邊界 + AwoooP 執行詳情負責人回覆驗收詳情邊界 + AwoooP 審批決策負責人回覆驗收審批邊界 + IwoooS AwoooP 資安入口覆蓋狀態板 + IwoooS 階段式資安收斂節奏圖 + IwoooS 下一步人工收件作戰板 + IwoooS 人工回覆安全驗收閘道 + IwoooS 人工回覆審查結果分流 + IwoooS 人工決策準備佇列 + IwoooS 人工決策紀錄草稿防誤用 + IwoooS 人工決策正式紀錄負責人指派確認準備包 + IwoooS 人工決策正式紀錄負責人指派確認清單 + IwoooS 人工決策正式紀錄負責人指派確認結果分流 + IwoooS 人工決策正式紀錄負責人指派決策準備包 + IwoooS 人工決策正式紀錄負責人指派決策檢查清單 + IwoooS S4.9 負責人回覆封套欄位 + IwoooS S4.9 負責人回覆封套送件前檢查 + IwoooS S4.9 負責人回覆封套送件前結果分流 + IwoooS S4.9 負責人回覆送件請求草稿 + IwoooS S4.9 負責人回覆送件鏈路摘要 + IwoooS 低摩擦分階段收斂主控 + IwoooS 低摩擦下一步行動邊界 + IwoooS 58% 進度移動訊號驗收條 + IwoooS 第一個進度解鎖路徑 + IwoooS 第一解鎖證據包 + IwoooS 第一解鎖證據包預檢分流 + IwoooS 第一解鎖證據包補件路徑 + IwoooS 第一解鎖證據包補件送審前檢查 + IwoooS 第一解鎖證據包補件送審結果分流 + IwoooS 第一解鎖證據包 reviewer 指派準備包 + IwoooS 第一解鎖證據包 reviewer 指派前檢查 + IwoooS 第一解鎖證據包 reviewer 指派前檢查結果分流 |
|
||||
| 本階段追加 | AwoooP 合約儀表板 IwoooS 資安契約只讀候選 + AwoooP 租戶管理 IwoooS 資安租戶範圍只讀候選 + AwoooP 執行監控 IwoooS 執行狀態只讀候選 + 既有安全 / 合規頁面 IwoooS 只讀反向橋接 + 告警 / 錯誤 / 授權 / 治理頁面 IwoooS 只讀反向橋接 + 稽核 / 工程審查頁面 IwoooS 深色只讀反向橋接 + IwoooS 前端資安頁面連接狀態板 + IwoooS GitHub 主要來源就緒度只讀狀態板 + AwoooP 工作鏈路 GitHub 主要來源就緒度只讀工作項 + AwoooP 合約儀表板 GitHub 主要來源就緒度合約只讀候選 + AwoooP 審批佇列 GitHub 主要來源就緒度審批邊界 + AwoooP 首頁 GitHub 主要來源就緒度只讀摘要 + AwoooP 租戶管理 GitHub 主要來源就緒度租戶範圍 + AwoooP 執行監控 GitHub 主要來源就緒度執行邊界 + IwoooS / AwoooP 資安可視區塊繁體中文呈現防護檢查 + AwoooP 執行詳情 / 審批詳情繁體中文呈現防護檢查 + AwoooP 首頁負責人回覆驗收總覽 + AwoooP 工作鏈路負責人回覆驗收只讀工作項 + AwoooP 合約儀表板負責人回覆驗收契約只讀候選 + AwoooP 審批佇列負責人回覆驗收只讀審查邊界 + AwoooP 租戶管理負責人回覆驗收租戶範圍 + AwoooP 執行監控負責人回覆驗收執行邊界 + AwoooP 執行詳情負責人回覆驗收詳情邊界 + AwoooP 審批決策負責人回覆驗收審批邊界 + IwoooS AwoooP 資安入口覆蓋狀態板 + IwoooS 階段式資安收斂節奏圖 + IwoooS 下一步人工收件作戰板 + IwoooS 人工回覆安全驗收閘道 + IwoooS 人工回覆審查結果分流 + IwoooS 人工決策準備佇列 + IwoooS 人工決策紀錄草稿防誤用 + IwoooS 人工決策正式紀錄負責人指派確認準備包 + IwoooS 人工決策正式紀錄負責人指派確認清單 + IwoooS 人工決策正式紀錄負責人指派確認結果分流 + IwoooS 人工決策正式紀錄負責人指派決策準備包 + IwoooS 人工決策正式紀錄負責人指派決策檢查清單 + IwoooS S4.9 負責人回覆封套欄位 + IwoooS S4.9 負責人回覆封套送件前檢查 + IwoooS S4.9 負責人回覆封套送件前結果分流 + IwoooS S4.9 負責人回覆送件請求草稿 + IwoooS S4.9 負責人回覆送件鏈路摘要 + IwoooS 低摩擦分階段收斂主控 + IwoooS 低摩擦下一步行動邊界 + IwoooS 61% 進度移動訊號驗收條 + IwoooS 第一個進度解鎖路徑 + IwoooS 第一解鎖證據包 + IwoooS 第一解鎖證據包預檢分流 + IwoooS 第一解鎖證據包補件路徑 + IwoooS 第一解鎖證據包補件送審前檢查 + IwoooS 第一解鎖證據包補件送審結果分流 + IwoooS 第一解鎖證據包 reviewer 指派準備包 + IwoooS 第一解鎖證據包 reviewer 指派前檢查 + IwoooS 第一解鎖證據包 reviewer 指派前檢查結果分流 + IwoooS 正式只讀 landing 進度重估 |
|
||||
| 本階段追加補充 | IwoooS 目前具體工作地圖 + IwoooS 目前具體交付清單 + IwoooS 目前阻塞與解除條件 + IwoooS 三軸進度與全產品套用範圍 + IwoooS 全產品分階段套用台帳 + IwoooS 全產品 rollout 波次驗收門檻 + IwoooS 全產品 rollout 驗收結果分流 + IwoooS 全產品證據接線地圖 + IwoooS 全產品證據接線預檢 + IwoooS 全產品證據接線預檢結果分流 + IwoooS 全產品預檢補件回收台帳 + IwoooS 全產品補件重試門檻 + IwoooS 全產品重試結果分流 + IwoooS 全產品人工審查候選準備 + IwoooS 全產品人工審查候選預檢 + IwoooS 全產品人工審查候選預檢結果分流 + IwoooS 全產品人工審查候選預檢補件回收台帳 + IwoooS 全產品人工審查候選預檢補件重試門檻 |
|
||||
| 原則 | 低摩擦分階段;文件、schema、read-only evidence 優先;不做 runtime enforcement、不切 primary |
|
||||
|
||||
## 0. 本階段完成後整體進度
|
||||
|
||||
### 0.1 2026-05-17 整體進度估算
|
||||
### 0.1 2026-05-25 整體進度估算
|
||||
|
||||
| 進度面向 | 估算 | 判讀 |
|
||||
|----------|------|------|
|
||||
| 整體資安網 | 58% | 框架與只讀治理已成形,仍等待 owner response、redacted payload、runtime gate 與 GitHub primary readiness |
|
||||
| 整體資安網 | 61% | 框架與只讀治理已成形,AwoooP 正式只讀 landing 已有證據,仍等待 owner response、redacted payload、runtime gate 與 GitHub primary readiness |
|
||||
| 框架 / 治理 / 文件 / schema / read-only evidence | 86-88% | 36 個主要 contract 中 33 ready、2 partial、1 contract-only、0 blocked,且全產品只讀套用範圍已前台化 |
|
||||
| 真正落地執行 / runtime ingestion / GitHub primary / AwoooP production landing | 35-40% | owner response 仍 0、active runtime gate 仍 0、payload ingestion=false、github_primary_ready_count=0 |
|
||||
| 真正落地執行 / runtime ingestion / GitHub primary / AwoooP production landing | 40-45% | AwoooP 正式只讀 landing evidence=1;owner response 仍 0、active runtime gate 仍 0、payload ingestion=false、github_primary_ready_count=0 |
|
||||
|
||||
這個進度估算用於雙 Session 同步與階段判讀,不是 approval、runtime execution、GitHub primary cutover 或 Kali scan authorization。現階段仍維持統帥要求的低摩擦策略:先建完整框架與 evidence,之後再分階段收斂。
|
||||
|
||||
@@ -27,11 +27,11 @@
|
||||
python3 scripts/security/security-mirror-progress-guard.py
|
||||
```
|
||||
|
||||
### 0.2 Headline 58% 不代表停滯
|
||||
### 0.2 Headline 61% 不代表 runtime 授權
|
||||
|
||||
近期 S4.10 請求包、範本狀態台帳、稽核事件範本、脫敏範例、收件檢查、收件預檢,S4.11 請求包 / 範本狀態台帳 / 稽核事件範本 / 脫敏範例 / 收件檢查 / 收件預檢,S4.12 請求包 / 範本狀態台帳 / 稽核事件範本 / 脫敏範例 / 收件檢查 / 收件預檢,S4.13 證據路由規則 / 顯示區塊 / 狀態轉移規則 / 審查清單 / 審查結果分流 / 審查稽核事件範本 / 審查稽核顯示區塊 / 審查稽核收件檢查 / 審查稽核脫敏範例 / 審查稽核保留規則 / 審查稽核保留檢查 / 審查稽核交接包 / 交接檢查 / 平行 Session 同步檢查 / 衝突分流 / 復原檢查 / 復原結果分流,S1.3 低摩擦非阻擋升級分流、S2.8 IwoooS 前端態勢入口,以及 S2.9-S2.140 IwoooS / AwoooP 資安投影契約都是有效進展,但它們是框架細節,不是負責人回覆、執行期閘門、生產匯入或 GitHub 主要來源就緒。因此整體百分比仍維持 58%,避免把只讀框架誤算成已落地執行。
|
||||
近期 AwoooP production read-only landing 已有 commit、CD 與正式站路由證據,因此 headline 從 58% 保守重估到 61%。S4.10、S4.11、S4.12、S4.13、S1.3、S2.8 與 S2.9-S2.140 仍是有效進展,但多數屬於框架細節,不是負責人回覆、執行期閘門、生產匯入或 GitHub 主要來源就緒;因此不能把 61% 解讀成 runtime enforcement。
|
||||
|
||||
S2.50 也把「為什麼 58% 還不動」拆成五個可見 gate:owner response accepted、redacted payload ingestion、active runtime gate、GitHub primary ready、AwoooP read-only landing。這五個 gate 目前仍全部是 0 / false,所以 headline 不應被灌水提高。
|
||||
S2.50 也把五個可見 gate 拆開:owner response accepted、redacted payload ingestion、active runtime gate、GitHub primary ready、AwoooP read-only landing。目前只有 AwoooP read-only landing evidence=1;其餘四項仍是 0 / false,所以 headline 下一次不應被灌水提高。
|
||||
|
||||
| 最近完成 | 目前狀態 | headline delta |
|
||||
|----------|----------|----------------|
|
||||
@@ -163,7 +163,7 @@ S2.50 也把「為什麼 58% 還不動」拆成五個可見 gate:owner respons
|
||||
| S2.97 IwoooS 人工決策正式紀錄負責人指派確認結果分流 | 已完成草案,在 `/iwooos` 顯示八條人工決策正式紀錄負責人指派確認結果分流、可進人工指派決策=0、已指派=0、正式紀錄=0、已批准=0、執行期閘門=0;仍不把指派確認結果分流當成紀錄負責人指派、正式紀錄、人工批准、主要來源切換或執行期閘門 | 0 |
|
||||
| S2.98 IwoooS 人工決策正式紀錄負責人指派決策準備包 | 已完成草案,在 `/iwooos` 顯示八個人工決策正式紀錄負責人指派決策準備包、可進決策=0、已決策=0、已指派=0、正式紀錄=0、已批准=0、執行期閘門=0;仍不把指派決策準備包當成紀錄負責人指派、正式紀錄、人工批准、主要來源切換或執行期閘門 | 0 |
|
||||
| S2.99 IwoooS 人工決策正式紀錄負責人指派決策檢查清單 | 已完成草案,在 `/iwooos` 顯示八個人工決策正式紀錄負責人指派決策檢查項、通過=0、已決策=0、已指派=0、正式紀錄=0、已批准=0、執行期閘門=0;仍不把指派決策檢查清單當成紀錄負責人指派、正式紀錄、人工批准、主要來源切換或執行期閘門 | 0 |
|
||||
| S2.100 IwoooS 58% 重估驗收閘門 | 已完成草案,在 `/iwooos` 顯示六個 headline 重估判定項,移動訊號=0/5、S4.9 accepted=0/5、重估紀錄=未開;仍不把重估閘門當成 owner response received / accepted、脫敏匯入、人工批准、主要來源切換、AwoooP production landing 或執行期閘門 | 0 |
|
||||
| S2.100 IwoooS 61% 重估驗收紀錄 | 已完成草案,在 `/iwooos` 顯示六個 headline 重估判定項,移動訊號=1/5、S4.9 accepted=0/5、重估紀錄=已記錄;仍不把重估紀錄當成 owner response received / accepted、脫敏匯入、人工批准、主要來源切換或執行期閘門 | 0 |
|
||||
| S2.101 IwoooS S4.9 Owner Response 人工收件工作單 | 已完成草案,在 `/iwooos` 顯示五個 S4.9 owner response 收件項、每項六個必填欄位、已收到=0、已接受=0、已拒收=0;仍不把人工收件工作單當成 request sent、owner response received / accepted、audit event emitted、人工批准、主要來源切換或執行期閘門 | 0 |
|
||||
| S2.102 IwoooS S4.9 負責人回覆封套欄位 | 已完成草案,在 `/iwooos` 顯示六個 S4.9 負責人回覆封套欄位、已填=0、已提交=0、已接受=0、已拒收=0;仍不把回覆封套欄位當成 request sent、owner response submitted / received / accepted、audit event emitted、人工批准、主要來源切換或執行期閘門 | 0 |
|
||||
| S2.103 IwoooS S4.9 負責人回覆封套送件前檢查 | 已完成草案,在 `/iwooos` 顯示六個送件前檢查、通過=0、可送件=0、已提交=0、已接受=0;仍不把送件前檢查當成 request sent、owner response submitted / received / accepted、audit event emitted、人工批准、主要來源切換或執行期閘門 | 0 |
|
||||
@@ -176,7 +176,7 @@ S2.50 也把「為什麼 58% 還不動」拆成五個可見 gate:owner respons
|
||||
| S2.110 安全合規低摩擦分階段收斂 | 已完成草案,在 `/security-compliance` 顯示五段收斂階梯:觀測與盤點、補齊證據、人工審查、批准後開閘、逐步收嚴;仍不把收斂階梯當成 runtime 授權、審批、掃描、修復、部署、主要來源切換或執行期閘門 | 0 |
|
||||
| S2.111 IwoooS 低摩擦分階段收斂主控 | 已完成草案,在 `/iwooos` 顯示五段收斂主控:觀測與盤點、補齊證據、人工審查、批准後開閘、逐步收嚴,並同步安全合規 S2.110 的低摩擦策略;仍不把主控視覺化當成 runtime 授權、審批、掃描、修復、部署、主要來源切換或執行期閘門 | 0 |
|
||||
| S2.112 IwoooS 低摩擦下一步行動邊界 | 已完成草案,在 `/iwooos` 顯示只讀盤點與姿態整理、脫敏證據包、人工審查準備、執行期仍關閉四類下一步;仍不把行動邊界當成 runtime 授權、審批、掃描、修復、部署、主機變更、主要來源切換或執行期閘門 | 0 |
|
||||
| S2.113 IwoooS 58% 進度移動訊號驗收條 | 已完成草案,在 `/iwooos` 顯示負責人回覆接受、脫敏證據匯入、執行期閘門、GitHub 主要來源就緒、AwoooP 落地證據五個 headline movement signals;仍不把訊號驗收條當成 headline review 授權、runtime 授權、審批、掃描、修復、部署、主機變更、主要來源切換或執行期閘門 | 0 |
|
||||
| S2.113 IwoooS 61% 進度移動訊號驗收條 | 已完成草案,在 `/iwooos` 顯示負責人回覆接受、脫敏證據匯入、執行期閘門、GitHub 主要來源就緒、AwoooP 落地證據五個 headline movement signals;目前 AwoooP 落地證據=1,其餘四項仍為 0 / false;仍不把訊號驗收條當成 runtime 授權、審批、掃描、修復、部署、主機變更、主要來源切換或執行期閘門 | 0 |
|
||||
| S2.114 IwoooS 第一個進度解鎖路徑 | 已完成草案,在 `/iwooos` 顯示 S4.9 負責人回覆的第一個進度解鎖路徑:收到負責人回覆、補齊脫敏證據參照、通過收件預檢、審查接受、成為進度審查候選;仍不把解鎖路徑當成送件完成、回覆已收到、headline review 授權、runtime 授權或執行期閘門 | 0 |
|
||||
| S2.115 IwoooS 第一解鎖證據包 | 已完成草案,在 `/iwooos` 顯示負責人判定 metadata、範圍與來源參照、脫敏聲明、收件預檢軌跡、審查接受摘要五個欄位;仍不把證據包定義當成送件完成、回覆已收到、證據已補齊、headline review 授權、runtime 授權或執行期閘門 | 0 |
|
||||
| S2.116 IwoooS 第一解鎖證據包預檢分流 | 已完成草案,在 `/iwooos` 顯示可進人工審查、補 owner metadata、補範圍參照、隔離 raw payload、拒收機密明文值、等待 reviewer 接受六條分流;仍不把預檢分流當成證據已補齊、審查已接受、headline review 授權、runtime 授權或執行期閘門 | 0 |
|
||||
@@ -189,7 +189,7 @@ S2.50 也把「為什麼 58% 還不動」拆成五個可見 gate:owner respons
|
||||
| S2.123 IwoooS 目前具體工作地圖 | 已完成草案,在 `/iwooos` 顯示前台資安入口與使用者可視化、主機與範圍盤點框架、GitHub / Gitea 版本來源遷移準備、S4.9 負責人回覆與脫敏證據收件、reviewer / 人工審查流程、runtime 掃描修復部署與主機變更六條具體工作流;仍不把工作地圖當成 owner response 已收到、runtime 授權、掃描、修復、部署、主機變更或版本來源操作 | 0 |
|
||||
| S2.124 IwoooS 目前具體交付清單 | 已完成草案,在 `/iwooos` 顯示 IwoooS 前台可見工作台、主機範圍與證據欄位、GitHub / Gitea 遷移證據、S4.9 第一解鎖證據包、人工 reviewer 準備序列、runtime 開閘條件六項交付;仍不把交付清單當成 owner response 已收到、reviewer queue 已開、runtime 授權、掃描、修復、部署、主機變更或版本來源操作 | 0 |
|
||||
| S2.125 IwoooS 目前阻塞與解除條件 | 已完成草案,在 `/iwooos` 顯示 S4.9 owner response 尚未收到、脫敏證據參照尚未成立、reviewer queue 仍關閉、GitHub primary readiness 未成立、主機證據仍待收件、runtime gate 未開六個阻塞;仍不把阻塞解除圖當成 owner response 已收到、reviewer queue 已開、runtime 授權、掃描、修復、部署、主機變更或版本來源操作 | 0 |
|
||||
| S2.126 IwoooS 三軸進度與全產品套用範圍 | 已完成草案,在 `/iwooos` 顯示整體加權 58%、框架建置 86-88%、落地執行 35-40%,並把 AWOOOI / IwoooS / AwoooP、所有前台網站、GitHub / Gitea 專案庫、Kali 與開發主機、監控工具與未來產品六類範圍標成全產品只讀套用;仍不把三軸進度當 runtime 授權、掃描、修復、部署、主機變更或版本來源操作 | 0 |
|
||||
| S2.126 IwoooS 三軸進度與全產品套用範圍 | 已完成草案,在 `/iwooos` 顯示整體加權 61%、框架建置 86-88%、落地執行 40-45%,並把 AWOOOI / IwoooS / AwoooP、所有前台網站、GitHub / Gitea 專案庫、Kali 與開發主機、監控工具與未來產品六類範圍標成全產品只讀套用;仍不把三軸進度當 runtime 授權、掃描、修復、部署、主機變更或版本來源操作 | 0 |
|
||||
| S2.127 IwoooS 全產品分階段套用台帳 | 已完成草案,在 `/iwooos` 顯示核心產品、公開網站、版本來源、主機覆蓋、監控工具與未來產品六個 read-only rollout waves;runtime_wave_count=0、enforcement_wave_count=0、owner_response_accepted_count=0、active_runtime_gate_count=0,仍不把全產品台帳當 runtime 授權、掃描、修復、部署、主機變更或版本來源操作 | 0 |
|
||||
| S2.128 IwoooS 全產品 rollout 波次驗收門檻 | 已完成草案,在 `/iwooos` 顯示只讀可視證據、負責人證據、脫敏審查、版本來源證明、主機安全窗口、回復與停用條件六個 gates;passed_count=0、owner_response_accepted_count=0、runtime_gate_open=false,仍不把驗收門檻當 runtime 授權、掃描、修復、部署、主機變更或版本來源操作 | 0 |
|
||||
| S2.129 IwoooS 全產品 rollout 驗收結果分流 | 已完成草案,在 `/iwooos` 顯示維持只讀、退回補證、隔離敏感、版本待證、主機暫停、待人工審與 runtime 未開七條 outcomes;human_review_candidate=0、runtime_candidate=0、owner_response_accepted=0,仍不把結果分流當 runtime 授權、掃描、修復、部署、主機變更或版本來源操作 | 0 |
|
||||
@@ -322,7 +322,7 @@ headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner respons
|
||||
| S2.97 IwoooS 人工決策正式紀錄負責人指派確認結果分流 | 完成草案 | `/iwooos` 新增正式紀錄負責人指派確認結果分流看板,顯示維持指派確認等待、要求身分說明補齊、要求負責人範圍更新、要求權責邊界修正、可進人工指派決策、隔離敏感載荷、拒收變更要求、另開執行或主要來源閘門八條結果分流 | 使用者與另一個 AwoooP Session 能理解指派確認清單後只會進入只讀結果分流;結果分流仍不是紀錄負責人指派、人工批准、正式審批紀錄、專案庫 / 分支與標籤參照 / 工作流程 / 機密設定動作、主要來源切換或執行期閘門 |
|
||||
| S2.98 IwoooS 人工決策正式紀錄負責人指派決策準備包 | 完成草案 | `/iwooos` 新增正式紀錄負責人指派決策準備包看板,顯示結果分流追溯包、負責人身分包、範圍快照包、權責邊界包、證據審查包、隔離與例外包、變更拒收包、執行與主要來源閘門包八個準備包 | 使用者與另一個 AwoooP Session 能理解可進人工指派決策前仍只是資料準備;準備包仍不是紀錄負責人指派、人工批准、正式審批紀錄、專案庫 / 分支與標籤參照 / 工作流程 / 機密設定動作、主要來源切換或執行期閘門 |
|
||||
| S2.99 IwoooS 人工決策正式紀錄負責人指派決策檢查清單 | 完成草案 | `/iwooos` 新增正式紀錄負責人指派決策檢查清單看板,顯示決策追溯可讀檢查、負責人身分可確認檢查、範圍快照有效檢查、權責邊界已檢查、證據鏈可讀檢查、隔離與例外已檢查、變更拒收已檢查、執行與主要來源分離檢查八個檢查項 | 使用者與另一個 AwoooP Session 能理解指派決策前仍只是人工檢查清單;檢查清單仍不是紀錄負責人指派、人工批准、正式審批紀錄、專案庫 / 分支與標籤參照 / 工作流程 / 機密設定動作、主要來源切換或執行期閘門 |
|
||||
| S2.100 IwoooS 58% 重估驗收閘門 | 完成草案 | `/iwooos` 新增 58% 重估驗收閘門看板,顯示 S4.9 負責人回覆驗收、脫敏 payload 匯入驗收、執行期閘門人工批准、GitHub 主要來源就緒證據、AwoooP 正式只讀消費證據與下一次 headline review record 六個判定項 | 使用者與另一個 AwoooP Session 能直接看懂整體進度為何仍是 58%,以及下一個真正能推動 headline 的實質 gate;重估閘門仍不是 owner response received / accepted、脫敏匯入、人工批准、審批紀錄、主要來源切換、AwoooP production landing 或執行期閘門 |
|
||||
| S2.100 IwoooS 61% 重估驗收紀錄 | 完成草案 | `/iwooos` 顯示 61% 重估驗收紀錄看板,顯示 S4.9 負責人回覆驗收、脫敏 payload 匯入驗收、執行期閘門人工批准、GitHub 主要來源就緒證據、AwoooP 正式只讀消費證據與本次 headline review record 六個判定項 | 使用者與另一個 AwoooP Session 能直接看懂整體進度為何從 58% 保守重估到 61%,以及下一個真正能推動 headline 的實質 gate;重估紀錄仍不是 owner response received / accepted、脫敏匯入、人工批准、審批紀錄、主要來源切換或執行期閘門 |
|
||||
| S2.101 IwoooS S4.9 Owner Response 人工收件工作單 | 完成草案 | `/iwooos` 新增 S4.9 Owner Response 人工收件工作單,看板列出 public-only / local gap、Gitea `wooo` endpoint 身分、110 adjacent source scope、repo owner / canonical scope、legacy / inaccessible disposition 五項回覆與六個必填欄位 | 使用者與另一個 AwoooP Session 能直接知道第一個會推動 58% 的 S4.9 owner response 要怎麼填、怎麼驗收與怎麼拒收;工作單仍不是 request sent、owner response received / accepted、audit event emitted、人工批准、主要來源切換或執行期閘門 |
|
||||
| S2.102 IwoooS S4.9 負責人回覆封套欄位 | 完成草案 | `/iwooos` 新增 S4.9 負責人回覆封套欄位看板,列出負責人角色 / 團隊、判定 / 處置、判定理由、受影響範圍、脫敏證據參照、後續負責人六個欄位 | 使用者與另一個 AwoooP Session 能直接知道 S4.9 負責人回覆要用哪六欄填回、審查者要逐欄驗收什麼;封套欄位仍不是 request sent、owner response submitted / received / accepted、audit event emitted、人工批准、主要來源切換或執行期閘門 |
|
||||
| S2.103 IwoooS S4.9 負責人回覆封套送件前檢查 | 完成草案 | `/iwooos` 新增 S4.9 負責人回覆封套送件前檢查看板,列出六欄完整、判定值允許、脫敏證據、範圍追溯、變更要求拒收、後續負責人追溯六個檢查項 | 使用者與另一個 AwoooP Session 能直接知道封套送出前要先檢查什麼;送件前檢查仍不是 request sent、owner response submitted / received / accepted、audit event emitted、人工批准、主要來源切換或執行期閘門 |
|
||||
@@ -335,7 +335,7 @@ headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner respons
|
||||
| S2.110 安全合規低摩擦分階段收斂 | 完成草案 | `/security-compliance` 新增低摩擦分階段收斂階梯,列出觀測與盤點、補齊證據、人工審查、批准後開閘、逐步收嚴 | 使用者能理解目前不是卡住,而是刻意先建框架與證據鏈;後續只有人工批准後才會進入執行期與逐步收嚴 |
|
||||
| S2.111 IwoooS 低摩擦分階段收斂主控 | 完成草案 | `/iwooos` 新增低摩擦分階段收斂主控,列出觀測與盤點、補齊證據、人工審查、批准後開閘、逐步收嚴,並顯示 IwoooS 仍停在觀測優先 | 使用者從主入口就能理解整個資安網仍採低摩擦框架先行;這不是 runtime 授權、審批、掃描、修復、部署、主要來源切換或執行期閘門 |
|
||||
| S2.112 IwoooS 低摩擦下一步行動邊界 | 完成草案 | `/iwooos` 新增低摩擦下一步行動邊界,列出只讀盤點與姿態整理、脫敏證據包、人工審查準備、執行期仍關閉四類行動 | 使用者能直接知道現階段可以繼續推框架與證據,但掃描、主機變更、部署、版本來源操作都仍等待明確批准與 runtime gate |
|
||||
| S2.113 IwoooS 58% 進度移動訊號驗收條 | 完成草案 | `/iwooos` 新增 58% 進度移動訊號驗收條,列出 owner response、脫敏 evidence、runtime gate、GitHub primary、AwoooP landing 五個真實移動訊號 | 使用者能直接看到 58% 要動起來需要哪些證據;目前五個訊號仍是 0 或 false,所以 headline 不灌水 |
|
||||
| S2.113 IwoooS 61% 進度移動訊號驗收條 | 完成草案 | `/iwooos` 顯示 61% 進度移動訊號驗收條,列出 owner response、脫敏 evidence、runtime gate、GitHub primary、AwoooP landing 五個真實移動訊號 | 使用者能直接看到 61% 下一次要動起來需要哪些證據;目前 AwoooP landing evidence=1,其餘四個訊號仍是 0 或 false,所以 headline 不灌水 |
|
||||
| S2.114 IwoooS 第一個進度解鎖路徑 | 完成草案 | `/iwooos` 新增第一個進度解鎖路徑,將 S4.9 負責人回覆拆成收到回覆、脫敏證據參照、收件預檢、審查接受、進度審查候選五步 | 使用者能直接看到第一個真正可推動 58% 的路徑;目前 received / accepted / preflight passed 仍是 0,所以 headline 仍不提高 |
|
||||
| S2.115 IwoooS 第一解鎖證據包 | 完成草案 | `/iwooos` 新增第一解鎖證據包,列出負責人判定 metadata、範圍與來源參照、脫敏聲明、收件預檢軌跡、審查接受摘要五個欄位 | 使用者能直接看到第一個解鎖路徑要補哪些 evidence;目前 filled / accepted 仍是 0,且 raw payload 與機密明文仍禁止收件 |
|
||||
| S2.116 IwoooS 第一解鎖證據包預檢分流 | 完成草案 | `/iwooos` 新增第一解鎖證據包預檢分流,列出可審查、補 metadata、補範圍、隔離 payload、拒收機密值、等待 reviewer 六條結果 | 使用者能直接看到證據包進來後會怎麼被處理;目前 ready / accepted 仍是 0,所以 headline 仍不提高 |
|
||||
@@ -348,7 +348,7 @@ headline 要再往上,需要 S4.9 / S4.10 / S4.11 / S4.12 任一 owner respons
|
||||
| S2.123 IwoooS 目前具體工作地圖 | 完成草案 | `/iwooos` 新增目前具體工作地圖,列出前台資安入口、主機盤點、GitHub / Gitea 遷移準備、S4.9 證據收件、reviewer 人工流程與 runtime 執行 gate 六條具體工作流 | 使用者能直接看到現在具體做了哪六類工作;目前 owner response received / accepted 仍是 0、active runtime gate=0,所以 headline 仍不提高 |
|
||||
| S2.124 IwoooS 目前具體交付清單 | 完成草案 | `/iwooos` 新增目前具體交付清單,列出 IwoooS 前台可見工作台、主機範圍與證據欄位、GitHub / Gitea 遷移證據、S4.9 第一解鎖證據包、人工 reviewer 準備序列與 runtime 開閘條件 | 使用者能直接看到每項已交付內容、下一步與未開放動作;目前 evidence received / accepted 仍是 0、reviewer queue=false、runtime gate=0,所以 headline 仍不提高 |
|
||||
| S2.125 IwoooS 目前阻塞與解除條件 | 完成草案 | `/iwooos` 新增目前阻塞與解除條件,列出 S4.9 owner response、脫敏證據、reviewer queue、GitHub primary readiness、主機證據與 runtime gate 六個阻塞 | 使用者能直接看到為什麼 58% 仍不移動,以及第一個可解除阻塞是 S4.9 owner response;目前 blocker resolved=0、runtime gate=0,所以 headline 仍不提高 |
|
||||
| S2.126 IwoooS 三軸進度與全產品套用範圍 | 完成草案 | `/iwooos` 新增三軸進度與全產品套用範圍,顯示整體加權 58%、框架建置 86-88%、落地執行 35-40%,並列出六類產品範圍 | 使用者能直接理解所有專案產品都先套只讀治理與可視化;目前 runtime product rollout=0、owner response accepted=0、active runtime gate=0,所以 headline 仍不提高 |
|
||||
| S2.126 IwoooS 三軸進度與全產品套用範圍 | 完成草案 | `/iwooos` 顯示三軸進度與全產品套用範圍,顯示整體加權 61%、框架建置 86-88%、落地執行 40-45%,並列出六類產品範圍 | 使用者能直接理解所有專案產品都先套只讀治理與可視化;目前 runtime product rollout=0、owner response accepted=0、active runtime gate=0,所以 headline 下一次仍需真證據 |
|
||||
| S2.127 IwoooS 全產品分階段套用台帳 | 完成草案 | `/iwooos` 新增全產品分階段套用台帳,列出核心產品、公開網站、版本來源、主機覆蓋、監控工具與未來產品六個 rollout waves | 使用者能直接理解所有產品如何分波次套用;目前只進 read-only visibility wave,runtime / enforcement / owner accepted / active runtime gate 仍為 0,所以 headline 仍不提高 |
|
||||
| S2.128 IwoooS 全產品 rollout 波次驗收門檻 | 完成草案 | `/iwooos` 新增全產品 rollout 波次驗收門檻,列出六個進 runtime 候選前必須通過的證據與人工門檻 | 使用者能直接理解全產品後續怎麼從只讀台帳往人工驗收前進;目前 passed / owner accepted / runtime gate 仍為 0,所以 headline 仍不提高 |
|
||||
| S2.129 IwoooS 全產品 rollout 驗收結果分流 | 完成草案 | `/iwooos` 新增全產品 rollout 驗收結果分流,列出驗收後可能維持只讀、退回補證、隔離敏感、版本待證、主機暫停、待人工審或 runtime 未開 | 使用者能直接理解驗收後的下一步走向;目前 reviewer candidate / runtime candidate / owner accepted / active runtime gate 仍為 0,所以 headline 仍不提高 |
|
||||
|
||||
@@ -76,6 +76,7 @@
|
||||
"host_owner_decision_record_human_record_owner_review_preparation_packet_count": 9,
|
||||
"host_owner_decision_record_human_record_owner_review_preparation_checklist_item_count": 9,
|
||||
"awooop_read_only_landing_readiness_item_count": 6,
|
||||
"awooop_read_only_production_landing_evidence_count": 1,
|
||||
"awooop_cross_session_handoff_packet_count": 6,
|
||||
"progress_hold_movement_gate_count": 5,
|
||||
"progress_acceleration_lane_count": 6,
|
||||
@@ -84,12 +85,12 @@
|
||||
"s4_9_owner_response_request_template_count": 5
|
||||
},
|
||||
"progress": {
|
||||
"overall_percent": 58,
|
||||
"overall_percent": 61,
|
||||
"framework_percent_min": 86,
|
||||
"framework_percent_max": 88,
|
||||
"runtime_landing_percent_min": 35,
|
||||
"runtime_landing_percent_max": 40,
|
||||
"headline_status": "holding_until_owner_response_or_runtime_gate",
|
||||
"runtime_landing_percent_min": 40,
|
||||
"runtime_landing_percent_max": 45,
|
||||
"headline_status": "reviewed_after_awooop_read_only_production_landing_evidence",
|
||||
"not_authorization": true
|
||||
},
|
||||
"posture_pillars": [
|
||||
@@ -6201,16 +6202,16 @@
|
||||
"item_id": "awooop_landing_production_handoff_pending",
|
||||
"display_order": 6,
|
||||
"landing_dependency": "awooop_mainline_consumption",
|
||||
"current_state": "pending_production_consumption",
|
||||
"required_evidence": "後續 PR / deployment evidence 證明 AwoooP production 主線只讀顯示 rollup、evidence refs 與 guard result。",
|
||||
"guardrail": "不得把 readiness 當成 production_landing_enabled 或 headline progress increase。",
|
||||
"source_snapshot_count": 0,
|
||||
"required_guard_check_count": 0,
|
||||
"current_state": "production_read_only_consumption_verified",
|
||||
"required_evidence": "Gitea main commit 9e15fd08b3f8839048d0178c5b38421d35041810、CD run 2149 與正式站 `/zh-TW/iwooos`、`/zh-TW/security`、`/zh-TW/awooop` 驗證 AwoooP production 主線只讀顯示 rollup、evidence refs 與 guard result。",
|
||||
"guardrail": "不得把 read-only production landing evidence 當成 execution router、runtime approval 或 blocking control。",
|
||||
"source_snapshot_count": 3,
|
||||
"required_guard_check_count": 2,
|
||||
"display_mode": "awooop_read_only_landing_readiness_only",
|
||||
"headline_percent_delta": 0,
|
||||
"production_landing_enabled": false,
|
||||
"headline_percent_delta": 3,
|
||||
"production_landing_enabled": true,
|
||||
"execution_router_linked": false,
|
||||
"progress_change_applied": false,
|
||||
"progress_change_applied": true,
|
||||
"runtime_execution_authorized": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
@@ -6238,8 +6239,8 @@
|
||||
"display_order": 2,
|
||||
"handoff_axis": "progress_semantics",
|
||||
"current_state": "ready_for_parallel_session_sync",
|
||||
"handoff_instruction": "headline 維持 58%,framework 86-88%,runtime / ingestion / GitHub primary / AwoooP production landing 維持 35-40%;新增 UI / docs / snapshot 只能進 framework_detail ledger。",
|
||||
"guardrail": "不得把 framework detail、readiness、handoff 或 guard pass 當 headline delta。",
|
||||
"handoff_instruction": "headline 已重估為 61%,framework 86-88%,runtime / ingestion / GitHub primary / AwoooP production landing 維持 40-45%;AwoooP production landing evidence 已記錄,後續新 UI / docs / snapshot 只能進 framework_detail ledger,除非 owner response、runtime gate 或 GitHub primary 有新 evidence。",
|
||||
"guardrail": "不得把 framework detail、readiness、handoff 或 guard pass 當下一次 headline delta。",
|
||||
"display_mode": "awooop_cross_session_handoff_packet_only",
|
||||
"headline_percent_delta": 0,
|
||||
"production_landing_enabled": false,
|
||||
@@ -6301,9 +6302,9 @@
|
||||
"packet_id": "awooop_handoff_next_coordination_gate",
|
||||
"display_order": 6,
|
||||
"handoff_axis": "next_coordination_gate",
|
||||
"current_state": "waiting_external_production_evidence",
|
||||
"handoff_instruction": "若另一個 Session 要推進 production landing,必須提交 read-only consumption evidence 與 deployment proof;真正會推動 headline 的 gate 仍是 owner response accepted、redacted payload ingestion、active runtime gate、GitHub primary ready 或 AwoooP production landing。",
|
||||
"guardrail": "不得把 handoff packet 當 production consumption。",
|
||||
"current_state": "production_landing_evidence_recorded_waiting_remaining_gates",
|
||||
"handoff_instruction": "AwoooP production landing 已成為第一個完成的高層 gate;下一個真正能再推動 headline 的 gate 是 owner response accepted、redacted payload ingestion、active runtime gate 或 GitHub primary ready。",
|
||||
"guardrail": "不得把 handoff packet 或 landing evidence 當 runtime execution。",
|
||||
"display_mode": "awooop_cross_session_handoff_packet_only",
|
||||
"headline_percent_delta": 0,
|
||||
"production_landing_enabled": false,
|
||||
@@ -6407,20 +6408,20 @@
|
||||
"gate_id": "progress_hold_awooop_read_only_landing",
|
||||
"display_order": 5,
|
||||
"movement_signal": "awooop_read_only_landing",
|
||||
"current_counter_name": "production_landing_enabled",
|
||||
"current_counter_value": false,
|
||||
"current_state_label": "production_landing_enabled=false",
|
||||
"required_evidence": "AwoooP 主線以只讀模式消費 rollup、evidence refs 與 guard result,且未接 execution router。",
|
||||
"current_counter_name": "awooop_read_only_production_landing_evidence_count",
|
||||
"current_counter_value": 1,
|
||||
"current_state_label": "awooop_read_only_production_landing_evidence_count=1",
|
||||
"required_evidence": "AwoooP 主線已以只讀模式消費 rollup、evidence refs 與 guard result,且未接 execution router。",
|
||||
"expected_review_effect": "trigger_user_visible_landing_progress_review",
|
||||
"display_mode": "progress_hold_movement_gate_only",
|
||||
"headline_percent_delta": 0,
|
||||
"headline_percent_delta": 3,
|
||||
"owner_response_received_count": 0,
|
||||
"owner_response_accepted_count": 0,
|
||||
"payloads_ingested": false,
|
||||
"active_runtime_gate_count": 0,
|
||||
"github_primary_ready_count": 0,
|
||||
"production_landing_enabled": false,
|
||||
"progress_change_applied": false,
|
||||
"production_landing_enabled": true,
|
||||
"progress_change_applied": true,
|
||||
"runtime_execution_authorized": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
@@ -6503,16 +6504,16 @@
|
||||
"lane_id": "progress_acceleration_awooop_landing",
|
||||
"display_order": 5,
|
||||
"acceleration_axis": "awooop_production_landing",
|
||||
"current_state": "read_only_landing_pending",
|
||||
"unlock_condition": "AwoooP 主線只讀消費 rollup、evidence refs 與 guard result,且不接 execution router。",
|
||||
"expected_progress_effect": "讓使用者更有感看到資安網;仍不是 production execution。",
|
||||
"current_state": "read_only_landing_verified",
|
||||
"unlock_condition": "AwoooP 主線已只讀消費 rollup、evidence refs 與 guard result,且不接 execution router。",
|
||||
"expected_progress_effect": "已讓使用者更有感看到資安網,並完成 58% -> 61% headline review;仍不是 production execution。",
|
||||
"display_mode": "progress_acceleration_only",
|
||||
"owner_response_received_count": 0,
|
||||
"owner_response_accepted_count": 0,
|
||||
"payloads_ingested": false,
|
||||
"active_runtime_gate_count": 0,
|
||||
"github_primary_ready_count": 0,
|
||||
"production_landing_enabled": false,
|
||||
"production_landing_enabled": true,
|
||||
"runtime_execution_authorized": false,
|
||||
"action_buttons_allowed": false,
|
||||
"not_authorization": true
|
||||
|
||||
@@ -89,6 +89,15 @@
|
||||
"owner_response_validation_received_count": 0,
|
||||
"owner_response_validation_accepted_count": 0,
|
||||
"owner_response_validation_rejected_count": 0,
|
||||
"awooop_read_only_production_landing_evidence_count": 1,
|
||||
"awooop_read_only_production_landing_commit": "9e15fd08b3f8839048d0178c5b38421d35041810",
|
||||
"awooop_read_only_production_landing_cd_run": "2149",
|
||||
"awooop_read_only_production_landing_routes_verified": [
|
||||
"/zh-TW/iwooos",
|
||||
"/zh-TW/security",
|
||||
"/zh-TW/awooop"
|
||||
],
|
||||
"awooop_read_only_production_landing_execution_router_linked": false,
|
||||
"owner_response_validation_cross_packet_check_count": 10,
|
||||
"owner_response_validation_quarantine_required": true,
|
||||
"workflow_secret_inventory_write_token_allowed": false,
|
||||
@@ -103,15 +112,16 @@
|
||||
"payloads_ingested": false
|
||||
},
|
||||
"progress_estimate": {
|
||||
"overall_percent": 58,
|
||||
"overall_percent": 61,
|
||||
"framework_percent_min": 86,
|
||||
"framework_percent_max": 88,
|
||||
"runtime_landing_percent_min": 35,
|
||||
"runtime_landing_percent_max": 40,
|
||||
"runtime_landing_percent_min": 40,
|
||||
"runtime_landing_percent_max": 45,
|
||||
"basis": [
|
||||
"36 個主要 contract 中 33 個 ready、2 個 partial、1 個 contract-only、0 個 blocked。",
|
||||
"S0/S2/S3/S4 多數治理、鏡像、人工批准與 source-control readiness 契約已完成草案。",
|
||||
"owner responses、redacted payload ingestion、active runtime gate、GitHub primary readiness 與 AwoooP production ingestion 仍未完成或尚未批准。"
|
||||
"AwoooP 正式站已只讀顯示 IwoooS / security mirror 狀態,並保留 execution_router_linked=false、runtime_execution_authorized=false。",
|
||||
"owner responses、redacted payload ingestion、active runtime gate 與 GitHub primary readiness 仍未完成或尚未批准。"
|
||||
],
|
||||
"interpretation": "目前處於健康的框架期後段;骨架接近完成,但仍刻意維持低摩擦,不把 read-only evidence 誤升級成 runtime enforcement。",
|
||||
"not_authorization": true
|
||||
@@ -149,12 +159,13 @@
|
||||
}
|
||||
],
|
||||
"progress_display_policy": {
|
||||
"headline_percent": 58,
|
||||
"headline_status": "holding_until_owner_response_or_runtime_gate",
|
||||
"headline_percent": 61,
|
||||
"headline_status": "reviewed_after_awooop_read_only_production_landing_evidence",
|
||||
"why_headline_is_holding": [
|
||||
"AwoooP production landing evidence 已由 Gitea main commit 9e15fd08b3f8839048d0178c5b38421d35041810、CD run 2149 與正式站 `/zh-TW/iwooos`、`/zh-TW/security`、`/zh-TW/awooop` 只讀驗證納入本次 headline review,因此整體進度從 58% 保守重估為 61%。",
|
||||
"最近完成的是 S4.10 owner response request / status / audit / redaction / collection checks / intake preflight、S4.11 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight、S4.12 request packet / template status ledger / audit event templates / redaction examples / collection checks / intake preflight checks、S4.13 evidence routing rules / display sections / state transition rules / reviewer checklist / reviewer outcome lanes / reviewer audit event templates / reviewer audit display sections / reviewer audit collection checks / reviewer audit redaction examples / reviewer audit retention rules / reviewer audit retention checks / reviewer audit handoff packets / reviewer audit handoff checks / parallel session sync checks / parallel session conflict lanes / parallel session recovery checks / parallel session recovery outcome lanes,以及 S1.3 non-blocking escalation lanes 的框架細節,改善可見性、收件安全、稽核格式、跨 Session 同步、衝突分流、復原前檢查、復原結果分類與低摩擦升級判讀,但 owner response received / accepted 仍為 0。",
|
||||
"overall_percent 只在 owner response、redacted payload ingestion、active runtime gate、GitHub primary readiness 或 AwoooP production ingestion 這些高層 gate 有實質變化時調整。",
|
||||
"維持 58% 是為了避免把 read-only scaffold 誤算成 runtime enforcement、Kali scan、repo migration 或 GitHub primary cutover。"
|
||||
"overall_percent 下一次只在 owner response、redacted payload ingestion、active runtime gate 或 GitHub primary readiness 這些高層 gate 有實質變化時調整。",
|
||||
"維持 61% 是為了避免把 read-only scaffold 誤算成 runtime enforcement、Kali scan、repo migration 或 GitHub primary cutover。"
|
||||
],
|
||||
"recent_micro_progress_visible": true,
|
||||
"headline_can_increase_after": [
|
||||
|
||||
@@ -200,19 +200,19 @@ def validate(root: Path) -> None:
|
||||
assert_contains("intake.contracts", intake_contracts, "iwooos_posture_projection_v1")
|
||||
|
||||
progress = rollup["progress_estimate"]
|
||||
assert_equal("progress.overall_percent", progress["overall_percent"], 58)
|
||||
assert_equal("progress.overall_percent", progress["overall_percent"], 61)
|
||||
assert_equal("progress.framework_percent_min", progress["framework_percent_min"], 86)
|
||||
assert_equal("progress.framework_percent_max", progress["framework_percent_max"], 88)
|
||||
assert_equal("progress.runtime_landing_percent_min", progress["runtime_landing_percent_min"], 35)
|
||||
assert_equal("progress.runtime_landing_percent_max", progress["runtime_landing_percent_max"], 40)
|
||||
assert_equal("progress.runtime_landing_percent_min", progress["runtime_landing_percent_min"], 40)
|
||||
assert_equal("progress.runtime_landing_percent_max", progress["runtime_landing_percent_max"], 45)
|
||||
assert_true("progress.not_authorization", progress["not_authorization"])
|
||||
|
||||
progress_display_policy = rollup["progress_display_policy"]
|
||||
assert_equal("progress_display_policy.headline_percent", progress_display_policy["headline_percent"], 58)
|
||||
assert_equal("progress_display_policy.headline_percent", progress_display_policy["headline_percent"], 61)
|
||||
assert_equal(
|
||||
"progress_display_policy.headline_status",
|
||||
progress_display_policy["headline_status"],
|
||||
"holding_until_owner_response_or_runtime_gate",
|
||||
"reviewed_after_awooop_read_only_production_landing_evidence",
|
||||
)
|
||||
assert_true("progress_display_policy.recent_micro_progress_visible", progress_display_policy["recent_micro_progress_visible"])
|
||||
assert_false(
|
||||
@@ -1791,7 +1791,7 @@ def validate(root: Path) -> None:
|
||||
"ready_for_read_only_intake",
|
||||
"ready_for_read_only_intake",
|
||||
"ready_for_read_only_intake",
|
||||
"pending_production_consumption",
|
||||
"production_read_only_consumption_verified",
|
||||
],
|
||||
)
|
||||
assert_equal(
|
||||
@@ -1807,6 +1807,7 @@ def validate(root: Path) -> None:
|
||||
],
|
||||
)
|
||||
for item in awooop_read_only_landing_items:
|
||||
landing_completed = item["item_id"] == "awooop_landing_production_handoff_pending"
|
||||
assert_equal(
|
||||
f"iwooos_projection.awooop_read_only_landing_readiness_items.{item['item_id']}.display_mode",
|
||||
item["display_mode"],
|
||||
@@ -1815,20 +1816,32 @@ def validate(root: Path) -> None:
|
||||
assert_equal(
|
||||
f"iwooos_projection.awooop_read_only_landing_readiness_items.{item['item_id']}.headline_percent_delta",
|
||||
item["headline_percent_delta"],
|
||||
0,
|
||||
)
|
||||
assert_false(
|
||||
f"iwooos_projection.awooop_read_only_landing_readiness_items.{item['item_id']}.production_landing_enabled",
|
||||
item["production_landing_enabled"],
|
||||
3 if landing_completed else 0,
|
||||
)
|
||||
if landing_completed:
|
||||
assert_true(
|
||||
f"iwooos_projection.awooop_read_only_landing_readiness_items.{item['item_id']}.production_landing_enabled",
|
||||
item["production_landing_enabled"],
|
||||
)
|
||||
else:
|
||||
assert_false(
|
||||
f"iwooos_projection.awooop_read_only_landing_readiness_items.{item['item_id']}.production_landing_enabled",
|
||||
item["production_landing_enabled"],
|
||||
)
|
||||
assert_false(
|
||||
f"iwooos_projection.awooop_read_only_landing_readiness_items.{item['item_id']}.execution_router_linked",
|
||||
item["execution_router_linked"],
|
||||
)
|
||||
assert_false(
|
||||
f"iwooos_projection.awooop_read_only_landing_readiness_items.{item['item_id']}.progress_change_applied",
|
||||
item["progress_change_applied"],
|
||||
)
|
||||
if landing_completed:
|
||||
assert_true(
|
||||
f"iwooos_projection.awooop_read_only_landing_readiness_items.{item['item_id']}.progress_change_applied",
|
||||
item["progress_change_applied"],
|
||||
)
|
||||
else:
|
||||
assert_false(
|
||||
f"iwooos_projection.awooop_read_only_landing_readiness_items.{item['item_id']}.progress_change_applied",
|
||||
item["progress_change_applied"],
|
||||
)
|
||||
assert_false(
|
||||
f"iwooos_projection.awooop_read_only_landing_readiness_items.{item['item_id']}.runtime_execution_authorized",
|
||||
item["runtime_execution_authorized"],
|
||||
@@ -1886,7 +1899,7 @@ def validate(root: Path) -> None:
|
||||
"ready_for_parallel_session_sync",
|
||||
"ready_for_parallel_session_sync",
|
||||
"ready_for_parallel_session_sync",
|
||||
"waiting_external_production_evidence",
|
||||
"production_landing_evidence_recorded_waiting_remaining_gates",
|
||||
],
|
||||
)
|
||||
for item in awooop_cross_session_handoff_packets:
|
||||
@@ -1966,15 +1979,16 @@ def validate(root: Path) -> None:
|
||||
"payloads_ingested",
|
||||
"active_runtime_gate_count",
|
||||
"github_primary_ready_count",
|
||||
"production_landing_enabled",
|
||||
"awooop_read_only_production_landing_evidence_count",
|
||||
],
|
||||
)
|
||||
assert_equal(
|
||||
"iwooos_projection.progress_hold_movement_gates.current_counter_values",
|
||||
[item["current_counter_value"] for item in progress_hold_movement_gates],
|
||||
[0, False, 0, 0, False],
|
||||
[0, False, 0, 0, 1],
|
||||
)
|
||||
for item in progress_hold_movement_gates:
|
||||
awooop_landing_gate = item["gate_id"] == "progress_hold_awooop_read_only_landing"
|
||||
assert_equal(
|
||||
f"iwooos_projection.progress_hold_movement_gates.{item['gate_id']}.display_mode",
|
||||
item["display_mode"],
|
||||
@@ -1983,7 +1997,7 @@ def validate(root: Path) -> None:
|
||||
assert_equal(
|
||||
f"iwooos_projection.progress_hold_movement_gates.{item['gate_id']}.headline_percent_delta",
|
||||
item["headline_percent_delta"],
|
||||
0,
|
||||
3 if awooop_landing_gate else 0,
|
||||
)
|
||||
assert_equal(
|
||||
f"iwooos_projection.progress_hold_movement_gates.{item['gate_id']}.owner_response_received_count",
|
||||
@@ -2009,14 +2023,24 @@ def validate(root: Path) -> None:
|
||||
item["github_primary_ready_count"],
|
||||
0,
|
||||
)
|
||||
assert_false(
|
||||
f"iwooos_projection.progress_hold_movement_gates.{item['gate_id']}.production_landing_enabled",
|
||||
item["production_landing_enabled"],
|
||||
)
|
||||
assert_false(
|
||||
f"iwooos_projection.progress_hold_movement_gates.{item['gate_id']}.progress_change_applied",
|
||||
item["progress_change_applied"],
|
||||
)
|
||||
if awooop_landing_gate:
|
||||
assert_true(
|
||||
f"iwooos_projection.progress_hold_movement_gates.{item['gate_id']}.production_landing_enabled",
|
||||
item["production_landing_enabled"],
|
||||
)
|
||||
assert_true(
|
||||
f"iwooos_projection.progress_hold_movement_gates.{item['gate_id']}.progress_change_applied",
|
||||
item["progress_change_applied"],
|
||||
)
|
||||
else:
|
||||
assert_false(
|
||||
f"iwooos_projection.progress_hold_movement_gates.{item['gate_id']}.production_landing_enabled",
|
||||
item["production_landing_enabled"],
|
||||
)
|
||||
assert_false(
|
||||
f"iwooos_projection.progress_hold_movement_gates.{item['gate_id']}.progress_change_applied",
|
||||
item["progress_change_applied"],
|
||||
)
|
||||
assert_false(
|
||||
f"iwooos_projection.progress_hold_movement_gates.{item['gate_id']}.runtime_execution_authorized",
|
||||
item["runtime_execution_authorized"],
|
||||
@@ -2083,10 +2107,16 @@ def validate(root: Path) -> None:
|
||||
item["github_primary_ready_count"],
|
||||
0,
|
||||
)
|
||||
assert_false(
|
||||
f"iwooos_projection.progress_acceleration_lanes.{item['lane_id']}.production_landing_enabled",
|
||||
item["production_landing_enabled"],
|
||||
)
|
||||
if item["lane_id"] == "progress_acceleration_awooop_landing":
|
||||
assert_true(
|
||||
f"iwooos_projection.progress_acceleration_lanes.{item['lane_id']}.production_landing_enabled",
|
||||
item["production_landing_enabled"],
|
||||
)
|
||||
else:
|
||||
assert_false(
|
||||
f"iwooos_projection.progress_acceleration_lanes.{item['lane_id']}.production_landing_enabled",
|
||||
item["production_landing_enabled"],
|
||||
)
|
||||
assert_false(
|
||||
f"iwooos_projection.progress_acceleration_lanes.{item['lane_id']}.runtime_execution_authorized",
|
||||
item["runtime_execution_authorized"],
|
||||
@@ -5748,7 +5778,7 @@ def validate(root: Path) -> None:
|
||||
assert_text_contains("awooop_home_page.security_mirror_metrics", awooop_home_page, "securityMirrorMetrics")
|
||||
assert_text_contains("awooop_home_page.iwooos_link", awooop_home_page, 'href="/iwooos"')
|
||||
for text in [
|
||||
"production_landing_enabled=false",
|
||||
"read_only_production_landing_evidence_count=1",
|
||||
"execution_router_linked=false",
|
||||
"runtime_execution_authorized=false",
|
||||
"action_buttons_allowed=false",
|
||||
@@ -7621,16 +7651,18 @@ def validate(root: Path) -> None:
|
||||
"HeadlineMovementAcceptanceGateBoard",
|
||||
)
|
||||
for text in [
|
||||
"headline_percent_after_this_stage=58",
|
||||
"headline_movement_signal_count=0",
|
||||
"headline_percent_after_this_stage=61",
|
||||
"headline_movement_signal_count=1",
|
||||
"awooop_read_only_production_landing_evidence_count=1",
|
||||
"owner_response_received_count=0",
|
||||
"owner_response_accepted_count=0",
|
||||
"owner_response_acceptance_gate_open=false",
|
||||
"redacted_payload_ingested=false",
|
||||
"active_runtime_gate_count=0",
|
||||
"github_primary_ready_count=0",
|
||||
"production_landing_enabled=false",
|
||||
"progress_review_authorized=false",
|
||||
"production_landing_enabled=true",
|
||||
"execution_router_linked=false",
|
||||
"progress_review_authorized=true",
|
||||
"runtime_execution_authorized=false",
|
||||
"action_buttons_allowed=false",
|
||||
"not_authorization=true",
|
||||
@@ -8639,13 +8671,13 @@ def validate(root: Path) -> None:
|
||||
)
|
||||
for text in [
|
||||
"iwooos_progress_movement_signal_count=5",
|
||||
"iwooos_progress_current_headline_percent=58",
|
||||
"iwooos_progress_current_headline_percent=61",
|
||||
"iwooos_progress_owner_response_accepted_count=0",
|
||||
"iwooos_progress_redacted_payload_ingested=false",
|
||||
"iwooos_progress_active_runtime_gate_count=0",
|
||||
"iwooos_progress_github_primary_ready_count=0",
|
||||
"iwooos_progress_awooop_landing_evidence_count=0",
|
||||
"iwooos_progress_review_authorized=false",
|
||||
"iwooos_progress_awooop_landing_evidence_count=1",
|
||||
"iwooos_progress_review_authorized=true",
|
||||
"runtime_execution_authorized=false",
|
||||
"active_runtime_gate_count=0",
|
||||
"action_buttons_allowed=false",
|
||||
@@ -9002,16 +9034,16 @@ def validate(root: Path) -> None:
|
||||
"IwoooSThreeAxisProductProgressBoard",
|
||||
)
|
||||
for text in [
|
||||
"iwooos_three_axis_progress_headline_percent=58",
|
||||
"iwooos_three_axis_progress_headline_percent=61",
|
||||
"iwooos_three_axis_progress_framework_percent=86-88",
|
||||
"iwooos_three_axis_progress_runtime_percent=35-40",
|
||||
"iwooos_three_axis_progress_runtime_percent=40-45",
|
||||
"iwooos_three_axis_progress_product_scope_count=6",
|
||||
"iwooos_three_axis_progress_all_products_read_only=true",
|
||||
"iwooos_three_axis_progress_runtime_product_rollout_count=0",
|
||||
"iwooos_three_axis_progress_first_runtime_gate=s4_9_owner_response_accepted",
|
||||
"iwooos_three_axis_progress_owner_response_accepted_count=0",
|
||||
"iwooos_three_axis_progress_active_runtime_gate_count=0",
|
||||
"iwooos_three_axis_progress_production_deploy_count=0",
|
||||
"iwooos_three_axis_progress_production_deploy_count=1",
|
||||
"iwooos_three_axis_progress_kali_execution_authorized=false",
|
||||
"iwooos_three_axis_progress_source_control_mutation_authorized=false",
|
||||
"runtime_execution_authorized=false",
|
||||
|
||||
Reference in New Issue
Block a user