# IwoooS Docker / systemd / 主機服務配置只讀清冊

| 項目 | 內容 |
|------|------|
| 日期 | 2026-06-11 |
| 狀態 | `repo_only_inventory_ready` |
| 工具 | `scripts/security/host-service-config-inventory.py` |
| Snapshot | `docs/security/host-service-config-inventory.snapshot.json` |
| Schema | `docs/schemas/host_service_config_inventory_v1.schema.json` |
| runtime gate | `0` |

## 1. 目的

此清冊補齊高價值配置覆蓋矩陣中最低覆蓋的 `docker_compose_systemd_host_config`。本階段只從已提交 repo 檔案整理 Docker Compose、systemd / repair bot 白名單、Ansible service role 與 config backup coverage，不讀 live host，也不執行任何服務操作。

此清冊不是 host truth，也不是重啟批准；它只讓 P1-1 從「尚需 inventory」推進到「repo-only inventory ready」。

## 2. 覆蓋摘要

| 指標 | 目前值 | 說明 |
|------|--------|------|
| repo surface | `9` | 全部來源檔案存在 |
| host scope | `5` | `local_dev_only`、`192.168.0.110`、`192.168.0.188`、`110_188_120_121_cluster`、`multi_host` |
| Docker Compose / reference | `5` | local dev、110 monitoring、188 exporters、110 Sentry reference、110 Langfuse |
| host repair whitelist | `2` | 110 / 188 repair-bot |
| systemd restart surface | `1` | 188 repair-bot 內的 redis / nginx / ollama restart 白名單 |
| write-capable surface | `3` | Ansible docker compose role、110 repair-bot、188 repair-bot |
| owner response required | `9` | 每個 surface 都需要 owner response |
| live evidence required | `8` | local dev compose 之外仍需 owner-provided live hash / disposition |
| owner response received / accepted | `0 / 0` | 不得假性提高 |
| live evidence received | `0` | 不 SSH、不讀 live host |
| restart window / rollback owner accepted | `0 / 0` | 不得重啟 |
| runtime gate / action button | `0 / 0` | 不提供操作入口 |
| Docker/systemd 類別成熟度 | `42% -> 50%` | 只代表 repo-only 清冊完成，不代表 runtime 可執行 |

## 3. 已納入 surface

| Surface | Host scope | 類型 | 下一步 |
|---------|------------|------|--------|
| `local_dev_compose` | `local_dev_only` | local dev compose | 確認不得作 production compose，補 dev secret placeholder policy |
| `monitoring_110_compose` | `192.168.0.110` | Docker Compose | 補 live compose hash、restart window、rollback owner、post-check 指標 |
| `monitoring_exporters_188_compose` | `192.168.0.188` | Docker Compose | 補 live compose hash、env source policy、restart window、rollback owner |
| `sentry_110_reference_compose` | `192.168.0.110` | reference compose | 確認實際 source-of-truth、official revision、backup path、rollback owner |
| `langfuse_110_compose` | `192.168.0.110` | Docker Compose | 補 live compose hash、secret placeholder disposition、restart window、rollback owner |
| `ansible_docker_compose_service_role` | `multi_host` | Ansible executor role | 補使用範圍、allowed service_dir、check-mode、rollback owner、人工 gate |
| `repair_bot_110_whitelist` | `192.168.0.110` | repair whitelist | 補 authorized_keys binding、disable switch、audit log path、rollback owner、post-check |
| `repair_bot_188_whitelist` | `192.168.0.188` | repair whitelist | 補 systemd restart approval gate、sudoers boundary、disable switch、rollback owner、route smoke |
| `config_backup_host_capture` | `110_188_120_121_cluster` | config backup capture | 補 latest backup status、restore drill owner、secret handling proof、retention owner |

## 4. 固定 0 / false 邊界

以下旗標必須維持 `false`：

```text
runtime_execution_authorized=false
host_write_authorized=false
ssh_read_authorized=false
ssh_write_authorized=false
docker_compose_action_authorized=false
systemctl_action_authorized=false
service_restart_authorized=false
sudo_action_authorized=false
live_host_read_authorized=false
secret_value_collection_allowed=false
active_scan_authorized=false
repair_bot_execution_authorized=false
ansible_apply_authorized=false
action_buttons_allowed=false
```

## 5. 判讀規則

1. `source_exists=true` 只代表 repo 內有檔案，不代表 live host 與 repo 一致。
2. `sha256` 是 repo file hash，不是 live file hash。
3. repair-bot 與 Ansible role 可見代表「需被管控」，不是可使用。
4. `docker compose up -d`、`systemctl restart`、`sudo`、repair-bot、Ansible apply 都必須等待 owner response、maintenance window、rollback owner 與 post-check 指標。
5. 此清冊不得收集 secret value；若需要 secret parity，只能收 secret name / owner / injection metadata。

## 6. 指令

```bash
python3 scripts/security/host-service-config-inventory.py \
  --root . \
  --output docs/security/host-service-config-inventory.snapshot.json
```

固定 committed snapshot 時間：

```bash
python3 scripts/security/host-service-config-inventory.py \
  --root . \
  --generated-at 2026-06-11T22:40:00+08:00 \
  --output docs/security/host-service-config-inventory.snapshot.json
```

## 7. 完成度

| 工作 | 完成度 | 說明 |
|------|--------|------|
| repo-only surface 註冊 | `100%` | 9 個 surface 全部納入 snapshot |
| source existence / hash | `100%` | 只讀 SHA256 與 line count 已固定 |
| owner response 收件 | `0%` | 尚未收到或接受任何 owner response |
| live evidence collection | `0%` | 未 SSH、未讀 live host、未 active scan |
| restart / apply gate | `0%` | 未開啟 docker compose / systemctl / Ansible / repair-bot 操作 |