{ "coverage_categories": [ { "action_buttons_allowed": false, "category_id": "nginx_public_gateway", "control_tier": "C0", "coverage_percent": 84, "coverage_status": "repo_only_preflight_contract_ready_needs_owner_live_diff", "current_gap": "已固定 12 個 public gateway preflight gate;owner response、live conf、rendered diff、nginx -t、route smoke、maintenance window 與 rollback owner 仍全部為 0。", "evidence_refs": [ "docs/security/NGINX-CONFIG-DRIFT-DETECTOR.md", "docs/security/nginx-config-drift-repo.snapshot.json", "docs/security/DOMAIN-TLS-CERTBOT-INVENTORY.md", "docs/security/PUBLIC-GATEWAY-PREFLIGHT-INVENTORY.md", "docs/security/public-gateway-preflight-inventory.snapshot.json", "docs/schemas/public_gateway_preflight_inventory_v1.schema.json" ], "label": "Nginx / reverse proxy / public route", "next_owner_action": "補 public gateway owner、owner-provided live conf、source-to-live rendered diff、nginx -t evidence、route smoke、maintenance window 與 rollback owner。", "owner_response_accepted": false, "owner_response_received": false, "owner_response_required": true, "patterns": [ "infra/ansible/roles/nginx/templates/*.j2", "infra/ansible/playbooks/nginx-sync.yml", "ops/nginx/**", "docs/runbooks/disaster-recovery/DR-Nginx.md" ], "priority": "P0", "required_gate": "public_gateway_owner_response_required", "required_validation": [ "rendered_diff", "nginx_t", "affected_route_smoke", "admin_route_smoke_if_affected", "acme_path_smoke_if_affected", "rollback_ref" ], "runtime_gate_open": false }, { "action_buttons_allowed": false, "category_id": "dns_tls_certbot", "control_tier": "C0", "coverage_percent": 74, "coverage_status": "repo_only_inventory_ready", "current_gap": "4 個 certificate path 關係需 owner 確認;live DNS / TLS probe 未執行。", "evidence_refs": [ "docs/security/DOMAIN-TLS-CERTBOT-INVENTORY.md", "docs/security/domain-tls-certbot-inventory.snapshot.json" ], "label": "DNS / TLS / certbot / certificate path", "next_owner_action": "確認 SAN / 共用憑證關係、renewal owner、ACME smoke 與 rollback owner。", "owner_response_accepted": false, "owner_response_received": false, "owner_response_required": true, "patterns": [ "docs/runbooks/REGISTRY-CERTBOT-188.md", "docs/runbooks/**/*CERTBOT*.md", "docs/runbooks/**/*TLS*.md", "ops/**/*cert*", "ops/**/*tls*", "infra/**/*cert*", "infra/**/*tls*", "k8s/**/*tls*" ], "priority": "P0", "required_gate": "domain_tls_owner_response_required", "required_validation": [ "domain_inventory", "certificate_path_check", "renewal_window", "acme_path_smoke", "public_https_smoke", "rollback_ref" ], "runtime_gate_open": false }, { "action_buttons_allowed": false, "category_id": "k8s_production_gitops", "control_tier": "C0", "coverage_percent": 58, "coverage_status": "gate_defined_needs_runtime_evidence", "current_gap": "尚未把 ArgoCD health / sync readback 與 rollback revision 收成 owner packet。", "evidence_refs": [ "docs/security/HIGH-VALUE-CONFIG-CHANGE-GATE.md", "k8s/awoooi-prod", "k8s/argocd" ], "label": "K8s / ArgoCD / production manifests", "next_owner_action": "補 GitOps owner、rollback revision、health readback 與 post-deploy validation plan。", "owner_response_accepted": false, "owner_response_received": false, "owner_response_required": true, "patterns": [ "k8s/awoooi-prod/**", "k8s/argocd/**", "k8s/velero/**", "k8s/monitoring/**" ], "priority": "P0", "required_gate": "gitops_owner_response_required", "required_validation": [ "gitops_diff", "argocd_health_readback", "sync_authorization_check", "rollback_revision", "post_deploy_health_if_executed" ], "runtime_gate_open": false }, { "action_buttons_allowed": false, "category_id": "secret_metadata", "control_tier": "C0", "coverage_percent": 66, "coverage_status": "metadata_policy_ready", "current_gap": "只允許 secret name / metadata;仍缺 owner response 與 parity acceptance。", "evidence_refs": [ "docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-INVENTORY.md", "docs/security/source-control-workflow-secret-name-inventory.snapshot.json", "docs/security/SECRETS_REFERENCE.md" ], "label": "Secret metadata / injection / redaction", "next_owner_action": "只回覆 secret name owner、rotation owner、injection owner 與 redacted evidence refs。", "owner_response_accepted": false, "owner_response_received": false, "owner_response_required": true, "patterns": [ "k8s/**/*secret*", "k8s/**/*Secret*", ".gitea/workflows/*.yml", ".gitea/workflows/*.yaml", ".github/workflows/*.yml", ".github/workflows/*.yaml", "docs/runbooks/SECRETS-MANAGEMENT.md", "docs/security/SECRETS_REFERENCE.md" ], "priority": "P0", "required_gate": "secret_metadata_owner_response_required", "required_validation": [ "secret_name_parity", "metadata_only_check", "no_secret_value_check", "rotation_owner", "injection_readback_if_deployed" ], "runtime_gate_open": false }, { "action_buttons_allowed": false, "category_id": "gitea_workflow_runner_source_control", "control_tier": "C0", "coverage_percent": 70, "coverage_status": "metadata_inventory_ready", "current_gap": "workflow / runner / deploy key / webhook / branch protection 仍待 owner response;不得改 workflow。", "evidence_refs": [ "docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-INVENTORY.md", "docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-OWNER-RESPONSE.md", "docs/security/SOURCE-CONTROL-PRIMARY-READINESS-GATE.md" ], "label": "Gitea workflow / runner / deploy key / webhook / branch protection", "next_owner_action": "補 runner label、webhook、deploy key、branch protection 與 workflow parity owner metadata。", "owner_response_accepted": false, "owner_response_received": false, "owner_response_required": true, "patterns": [ ".gitea/workflows/**", ".github/workflows/**", "ops/runner/**", "scripts/setup-runner*.sh", "scripts/**/*runner*", "docs/security/SOURCE-CONTROL-*", "docs/security/GITEA-*", "docs/security/GITHUB-*" ], "priority": "P0", "required_gate": "workflow_source_control_owner_response_required", "required_validation": [ "workflow_diff", "runner_label_owner", "deploy_key_metadata_only", "webhook_metadata_only", "branch_protection_metadata", "no_token_value_check" ], "runtime_gate_open": false }, { "action_buttons_allowed": false, "category_id": "public_admin_api_runtime_config", "control_tier": "C0", "coverage_percent": 62, "coverage_status": "policy_ready_needs_change_scoped_smoke", "current_gap": "每次產品 route / admin / API / frontend config 變更仍需逐次 smoke 與 owner gate。", "evidence_refs": [ "docs/HARD_RULES.md", "docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md" ], "label": "Public / admin / API / frontend runtime config", "next_owner_action": "補 affected route、admin/auth boundary、CORS/public URL 與 desktop/mobile smoke plan。", "owner_response_accepted": false, "owner_response_received": false, "owner_response_required": true, "patterns": [ "apps/web/next.config.*", "apps/web/src/lib/config.*", "apps/api/src/core/config.py", "apps/api/src/api/v1/monitoring.py", "apps/api/src/middleware/**", "apps/web/src/middleware.*" ], "priority": "P0", "required_gate": "public_runtime_config_owner_response_required", "required_validation": [ "public_url_check", "frontend_internal_ip_ban", "cors_boundary_check", "admin_auth_boundary_check", "desktop_mobile_smoke_if_frontend" ], "runtime_gate_open": false }, { "action_buttons_allowed": false, "category_id": "backup_restore_credential", "control_tier": "C0", "coverage_percent": 58, "coverage_status": "repo_only_inventory_ready_needs_restore_drill_owner", "current_gap": "repo-only 清冊已納入 38 個 backup / restore / escrow / retention surface;restore drill、offsite sync、credential escrow、retention change、live evidence 與 owner response 仍全部為 0。", "evidence_refs": [ "docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md", "docs/security/BACKUP-RESTORE-ESCROW-INVENTORY.md", "docs/security/backup-restore-escrow-inventory.snapshot.json", "docs/schemas/backup_restore_escrow_inventory_v1.schema.json" ], "label": "Backup / restore / escrow / retention", "next_owner_action": "補 restore drill approval package、offsite owner、escrow owner、retention owner、rollback owner 與 no-secret-value evidence。", "owner_response_accepted": false, "owner_response_received": false, "owner_response_required": true, "patterns": [ "scripts/backup/**", "k8s/velero/**", "docs/runbooks/disaster-recovery/**", "docs/runbooks/**/*RESTORE*.md", "docs/runbooks/**/*BACKUP*.md" ], "priority": "P0", "required_gate": "backup_restore_owner_response_required", "required_validation": [ "credential_absence_check", "restore_drill_gate", "retention_policy", "escrow_owner", "rollback_ref" ], "runtime_gate_open": false }, { "action_buttons_allowed": false, "category_id": "agent_bounty_protocol_runtime", "control_tier": "C0", "coverage_percent": 68, "coverage_status": "onboarding_handoff_ready_needs_runtime_owner", "current_gap": "尚未收到 runtime / MCP / A2A / treasury / payout owner response;runtime gate 必須維持 0。", "evidence_refs": [ "docs/security/AGENT-BOUNTY-IWOOOS-ONBOARDING-HANDOFF.md", "docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json", "docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md" ], "label": "agent-bounty-protocol runtime / MCP / A2A / treasury boundary", "next_owner_action": "補 repo owner、external agent owner、treasury owner、runtime gate owner 與 validation plan。", "owner_response_accepted": false, "owner_response_received": false, "owner_response_required": true, "patterns": [ "docs/security/AGENT-BOUNTY-IWOOOS-ONBOARDING-HANDOFF.md", "docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json", "docs/schemas/agent_bounty_iwooos_onboarding_handoff_v1.schema.json", "agent-bounty-protocol/**" ], "priority": "P0", "required_gate": "agent_bounty_owner_response_required", "required_validation": [ "repo_owner_scope", "runtime_gate_false", "no_payout_or_treasury_execution", "no_mcp_a2a_runtime_execution", "redacted_evidence_refs_only" ], "runtime_gate_open": false }, { "action_buttons_allowed": false, "category_id": "monitoring_alerting_observability", "control_tier": "C1", "coverage_percent": 62, "coverage_status": "repo_only_inventory_ready_needs_live_route_evidence", "current_gap": "repo-only 清冊已納入 60 個 monitoring / alerting / observability surface;仍缺 live config hash、rule diff、receiver diff、reload owner、route smoke、receipt proof 與 owner response。", "evidence_refs": [ "docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md", "docs/security/MONITORING-ALERTING-OBSERVABILITY-INVENTORY.md", "docs/security/monitoring-alerting-observability-inventory.snapshot.json", "docs/schemas/monitoring_alerting_observability_inventory_v1.schema.json" ], "label": "Prometheus / Alertmanager / Grafana / SigNoz / Sentry / Langfuse", "next_owner_action": "補 Prometheus / Alertmanager / Grafana / SigNoz / Sentry / Langfuse / Telegram owner、live drift evidence、reload window、receiver owner、rollback owner 與 no-secret-value evidence。", "owner_response_accepted": false, "owner_response_received": false, "owner_response_required": true, "patterns": [ "ops/monitoring/**", "ops/alertmanager/**", "ops/grafana/**", "ops/signoz/**", "ops/sentry-self-hosted/**", "infra/langfuse/**", "k8s/monitoring/**" ], "priority": "P1", "required_gate": "monitoring_observability_owner_response_required", "required_validation": [ "rule_diff", "receiver_diff", "reload_gate", "failure_notification_policy", "public_route_smoke_if_affected" ], "runtime_gate_open": false }, { "action_buttons_allowed": false, "category_id": "docker_compose_systemd_host_config", "control_tier": "C1", "coverage_percent": 50, "coverage_status": "repo_only_inventory_ready_needs_live_owner_evidence", "current_gap": "repo-only 清冊已納入 9 個 surface;仍缺 110 / 188 live hash、restart window、rollback owner 與 post-check 指標。", "evidence_refs": [ "docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md", "docs/security/HOST-SERVICE-CONFIG-INVENTORY.md", "docs/security/host-service-config-inventory.snapshot.json", "docs/security/DEV-HOSTS-112-111-168-OBSERVE-ONLY-MAPPING.md" ], "label": "Docker Compose / systemd / host service config", "next_owner_action": "補 owner-provided live hash / disposition、compose / systemd owner、restart window、rollback owner 與 post-check 指標。", "owner_response_accepted": false, "owner_response_received": false, "owner_response_required": true, "patterns": [ "docker-compose*.yml", "docker-compose*.yaml", "ops/**/docker-compose*.yml", "ops/**/docker-compose*.yaml", "scripts/reboot-recovery/**", "scripts/**/*.service", "ops/**/*.service" ], "priority": "P1", "required_gate": "host_service_owner_response_required", "required_validation": [ "port_conflict_check", "volume_diff", "env_name_diff", "restart_window", "rollback_owner" ], "runtime_gate_open": false }, { "action_buttons_allowed": false, "category_id": "ssh_firewall_network_access", "control_tier": "C1", "coverage_percent": 54, "coverage_status": "repo_only_inventory_ready_needs_live_owner_evidence", "current_gap": "repo-only 清冊已納入 16 個 SSH / network access surface;仍缺 live firewall / sudoers / known_hosts / NetworkPolicy / NodePort / WireGuard evidence、network owner 與 rollback owner。", "evidence_refs": [ "docs/HARD_RULES.md", "docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md", "docs/security/SSH-NETWORK-ACCESS-INVENTORY.md", "docs/security/ssh-network-access-inventory.snapshot.json" ], "label": "SSH / sudoers / known_hosts / firewall / WireGuard / NodePort", "next_owner_action": "補 owner-provided live hash / disposition、host key pinning、firewall owner、NetworkPolicy / NodePort owner、WireGuard owner、maintenance window、rollback owner 與 post-check 指標。", "owner_response_accepted": false, "owner_response_received": false, "owner_response_required": true, "patterns": [ "infra/ansible/inventory/**", "infra/ansible/**/*known_hosts*", "infra/ansible/**/*ssh*", "scripts/**/*ssh*", "scripts/**/*known_hosts*", "ops/**/*wireguard*", "ops/**/*firewall*", "k8s/**/*network*", "k8s/**/*Network*" ], "priority": "P1", "required_gate": "network_access_owner_response_required", "required_validation": [ "target_whitelist", "host_key_policy", "ingress_egress_matrix", "rollback_owner", "maintenance_window" ], "runtime_gate_open": false }, { "action_buttons_allowed": false, "category_id": "ai_provider_model_routing", "control_tier": "C1", "coverage_percent": 60, "coverage_status": "policy_ready_needs_dry_run_pack", "current_gap": "模型 / provider / Ollama proxy 切換需 dry-run、benchmark、成本與 privacy review;目前不切 production。", "evidence_refs": [ "docs/HARD_RULES.md", "docs/ai" ], "label": "AI provider / model routing / Ollama proxy / cost and privacy", "next_owner_action": "補 provider owner、fallback order、cost review、privacy review、benchmark 與 rollback owner。", "owner_response_accepted": false, "owner_response_received": false, "owner_response_required": true, "patterns": [ "apps/api/src/services/ai_providers/**", "apps/api/src/services/**/*model*", "apps/api/src/services/**/*provider*", "infra/ansible/roles/nginx/templates/110-ollama-proxy.conf.j2", "docs/ai/**", "docs/**/*Ollama*" ], "priority": "P1", "required_gate": "ai_provider_owner_response_required", "required_validation": [ "dry_run", "benchmark", "cost_review", "privacy_review", "fallback_order_check" ], "runtime_gate_open": false }, { "action_buttons_allowed": false, "category_id": "product_surface_runtime_routes", "control_tier": "C2", "coverage_percent": 72, "coverage_status": "scope_inventory_ready", "current_gap": "跨產品 owner response 尚未 accepted;產品 route / admin / webhook 仍需逐產品補證。", "evidence_refs": [ "docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md", "docs/security/VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md", "docs/security/AGENT-BOUNTY-IWOOOS-ONBOARDING-HANDOFF.md" ], "label": "AWOOOI / AwoooP / IwoooS / VibeWork / other product runtime routes", "next_owner_action": "補 AWOOOI、AwoooP、IwoooS、VibeWork、agent-bounty-protocol 與公開網站 owner response。", "owner_response_accepted": false, "owner_response_received": false, "owner_response_required": true, "patterns": [ "apps/web/src/app/**", "apps/web/messages/*.json", "docs/security/VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md", "docs/security/vibework-iwooos-onboarding-handoff.snapshot.json" ], "priority": "P2", "required_gate": "product_surface_owner_response_required", "required_validation": [ "product_boundary_check", "i18n_traditional_chinese_check", "no_internal_transcript_check", "desktop_mobile_smoke_if_frontend" ], "runtime_gate_open": false }, { "action_buttons_allowed": false, "category_id": "security_evidence_tooling", "control_tier": "C3", "coverage_percent": 86, "coverage_status": "guard_ready", "current_gap": "guard 已可重跑,但尚未接 blocking CI;本階段刻意維持低摩擦。", "evidence_refs": [ "scripts/security/security-mirror-progress-guard.py", "scripts/security/high-value-config-change-gate.py", "scripts/security/high-value-config-owner-packet.py", "docs/security/high-value-config-change-gate.snapshot.json" ], "label": "Security evidence / snapshot / guard tooling", "next_owner_action": "維持 guard / doc secret sanity;若要 CI blocking 需另開人工批准與 rollout plan。", "owner_response_accepted": false, "owner_response_received": false, "owner_response_required": true, "patterns": [ "docs/security/**", "docs/schemas/**", "scripts/security/**", "docs/LOGBOOK.md" ], "priority": "P3", "required_gate": "security_evidence_owner_review_required", "required_validation": [ "snapshot_parse", "guard_smoke", "doc_secret_sanity", "no_runtime_gate_increase" ], "runtime_gate_open": false } ], "execution_boundaries": { "acme_challenge_change_authorized": false, "action_buttons_allowed": false, "active_scan_authorized": false, "admin_route_change_authorized": false, "agent_bounty_runtime_authorized": false, "alert_chain_smoke_authorized": false, "alertmanager_reload_authorized": false, "argocd_sync_authorized": false, "backup_run_authorized": false, "certbot_renew_authorized": false, "credential_escrow_marker_write_authorized": false, "dns_tls_change_authorized": false, "exporter_deploy_authorized": false, "force_push_authorized": false, "grafana_dashboard_apply_authorized": false, "host_live_conf_read_authorized": false, "host_write_authorized": false, "kubectl_action_authorized": false, "langfuse_config_change_authorized": false, "live_alert_fire_authorized": false, "nginx_reload_authorized": false, "nginx_test_authorized": false, "notification_route_change_authorized": false, "offsite_remote_delete_authorized": false, "offsite_sync_authorized": false, "otel_collector_reload_authorized": false, "payout_or_withdrawal_authorized": false, "prometheus_reload_authorized": false, "public_gateway_reload_authorized": false, "public_route_change_authorized": false, "rclone_config_authorized": false, "receiver_route_change_authorized": false, "refs_sync_authorized": false, "remote_write_change_authorized": false, "restic_prune_authorized": false, "restore_drill_authorized": false, "restore_run_authorized": false, "retention_change_authorized": false, "rollback_executed": false, "route_smoke_authorized": false, "runner_change_authorized": false, "runtime_execution_authorized": false, "secret_value_collection_allowed": false, "sentry_deploy_authorized": false, "signoz_rule_apply_authorized": false, "silence_policy_change_authorized": false, "telegram_send_authorized": false, "velero_restore_authorized": false, "webhook_receiver_change_authorized": false, "websocket_route_change_authorized": false, "workflow_modification_authorized": false }, "generated_at": "2026-06-12T10:35:00+08:00", "git_commit": "e4747722", "lowest_coverage_categories": [ { "category_id": "docker_compose_systemd_host_config", "coverage_percent": 50, "current_gap": "repo-only 清冊已納入 9 個 surface;仍缺 110 / 188 live hash、restart window、rollback owner 與 post-check 指標。", "label": "Docker Compose / systemd / host service config", "next_owner_action": "補 owner-provided live hash / disposition、compose / systemd owner、restart window、rollback owner 與 post-check 指標。" }, { "category_id": "ssh_firewall_network_access", "coverage_percent": 54, "current_gap": "repo-only 清冊已納入 16 個 SSH / network access surface;仍缺 live firewall / sudoers / known_hosts / NetworkPolicy / NodePort / WireGuard evidence、network owner 與 rollback owner。", "label": "SSH / sudoers / known_hosts / firewall / WireGuard / NodePort", "next_owner_action": "補 owner-provided live hash / disposition、host key pinning、firewall owner、NetworkPolicy / NodePort owner、WireGuard owner、maintenance window、rollback owner 與 post-check 指標。" }, { "category_id": "k8s_production_gitops", "coverage_percent": 58, "current_gap": "尚未把 ArgoCD health / sync readback 與 rollback revision 收成 owner packet。", "label": "K8s / ArgoCD / production manifests", "next_owner_action": "補 GitOps owner、rollback revision、health readback 與 post-deploy validation plan。" }, { "category_id": "backup_restore_credential", "coverage_percent": 58, "current_gap": "repo-only 清冊已納入 38 個 backup / restore / escrow / retention surface;restore drill、offsite sync、credential escrow、retention change、live evidence 與 owner response 仍全部為 0。", "label": "Backup / restore / escrow / retention", "next_owner_action": "補 restore drill approval package、offsite owner、escrow owner、retention owner、rollback owner 與 no-secret-value evidence。" } ], "next_collection_order": [ "nginx_public_gateway", "dns_tls_certbot", "secret_metadata", "gitea_workflow_runner_source_control", "agent_bounty_protocol_runtime", "docker_compose_systemd_host_config", "monitoring_alerting_observability", "ssh_firewall_network_access", "backup_restore_credential" ], "operator_interpretation": [ "這是全域配置控管覆蓋矩陣,不是單次 git diff 變更分類。", "所有 category 都已有高價值配置 Gate 註冊與 owner response 欄位,但 owner response received / accepted 仍為 0。", "C0 / C1 coverage percent 只代表只讀框架成熟度,不代表 runtime 可執行。", "缺 live evidence 的項目只能收 owner-provided redacted evidence,不得主動 SSH、reload、scan 或讀 secret value。" ], "schema_version": "high_value_config_control_coverage_v1", "source_category_definition": "scripts/security/high-value-config-change-gate.py", "status": "coverage_matrix_ready", "summary": { "action_button_count": 0, "average_coverage_percent": 66, "c0_category_count": 8, "c1_category_count": 4, "c2_category_count": 1, "c3_category_count": 1, "category_count": 14, "lowest_coverage_category_count": 4, "needs_live_evidence_count": 7, "owner_response_accepted_count": 0, "owner_response_received_count": 0, "owner_response_required_count": 14, "registered_control_count": 14, "runtime_gate_count": 0 } }