wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 3 Packages Projects Releases Wiki Activity
Files
main
awoooi/docs/schemas/ssh_network_access_inventory_v1.schema.json
Your Name bc7e5e05ce
All checks were successful
CD Pipeline / tests (push) Successful in 1m31s
Details
Code Review / ai-code-review (push) Successful in 14s
Details
CD Pipeline / build-and-deploy (push) Successful in 4m25s
Details
CD Pipeline / post-deploy-checks (push) Successful in 1m45s
Details
feat(security): 新增 SSH network access 只讀清冊
2026-06-11 22:19:01 +08:00

212 lines
6.6 KiB
JSON
Raw Permalink Blame History

{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://awoooi.wooo.work/schemas/ssh_network_access_inventory_v1.schema.json",
"title": "IwoooS SSH / network access repo-only 清冊",
"type": "object",
"additionalProperties": false,
"required": [
"schema_version",
"generated_at",
"git_commit",
"status",
"source_scope",
"summary",
"execution_boundaries",
"expected_scopes",
"access_surfaces",
"write_capable_surfaces",
"next_collection_order",
"operator_interpretation"
],
"properties": {
"schema_version": {
"const": "ssh_network_access_inventory_v1"
},
"generated_at": {
"type": "string"
},
"git_commit": {
"type": "string"
},
"status": {
"const": "repo_only_inventory_ready"
},
"source_scope": {
"const": "committed_repo_files_only"
},
"summary": {
"type": "object",
"additionalProperties": false,
"required": [
"surface_count",
"source_exists_count",
"expected_scope_count",
"ssh_source_surface_count",
"network_policy_surface_count",
"nodeport_surface_count",
"sudoers_surface_count",
"wireguard_surface_count",
"write_capable_surface_count",
"surfaces_requiring_owner_response_count",
"surfaces_requiring_live_evidence_count",
"owner_response_received_count",
"owner_response_accepted_count",
"live_evidence_received_count",
"maintenance_window_accepted_count",
"rollback_owner_accepted_count",
"runtime_gate_count",
"action_button_count",
"coverage_percent_after_inventory",
"coverage_percent_before_inventory"
],
"properties": {
"surface_count": { "const": 16 },
"source_exists_count": { "const": 16 },
"expected_scope_count": { "const": 16 },
"ssh_source_surface_count": { "const": 11 },
"network_policy_surface_count": { "const": 2 },
"nodeport_surface_count": { "const": 2 },
"sudoers_surface_count": { "const": 1 },
"wireguard_surface_count": { "const": 1 },
"write_capable_surface_count": { "const": 6 },
"surfaces_requiring_owner_response_count": { "const": 16 },
"surfaces_requiring_live_evidence_count": { "const": 16 },
"owner_response_received_count": { "const": 0 },
"owner_response_accepted_count": { "const": 0 },
"live_evidence_received_count": { "const": 0 },
"maintenance_window_accepted_count": { "const": 0 },
"rollback_owner_accepted_count": { "const": 0 },
"runtime_gate_count": { "const": 0 },
"action_button_count": { "const": 0 },
"coverage_percent_after_inventory": { "const": 54 },
"coverage_percent_before_inventory": { "const": 48 }
}
},
"execution_boundaries": {
"type": "object",
"additionalProperties": { "const": false },
"required": [
"runtime_execution_authorized",
"host_write_authorized",
"ssh_read_authorized",
"ssh_write_authorized",
"sudo_action_authorized",
"firewall_change_authorized",
"network_policy_apply_authorized",
"nodeport_change_authorized",
"wireguard_change_authorized",
"known_hosts_patch_authorized",
"host_keyscan_authorized",
"live_host_read_authorized",
"secret_value_collection_allowed",
"ssh_key_collection_allowed",
"active_scan_authorized",
"action_buttons_allowed"
]
},
"expected_scopes": {
"type": "array",
"minItems": 16,
"maxItems": 16,
"items": { "type": "string" }
},
"access_surfaces": {
"type": "array",
"minItems": 16,
"maxItems": 16,
"items": {
"$ref": "#/$defs/access_surface"
}
},
"write_capable_surfaces": {
"type": "array",
"minItems": 6,
"maxItems": 6,
"items": {
"type": "object",
"additionalProperties": false,
"required": [
"surface_id",
"label",
"config_kind",
"expected_scope",
"required_gate"
],
"properties": {
"surface_id": { "type": "string" },
"label": { "type": "string" },
"config_kind": { "type": "string" },
"expected_scope": { "type": "string" },
"required_gate": {
"const": "owner_response_plus_maintenance_window_plus_rollback_owner"
}
}
}
},
"next_collection_order": {
"type": "array",
"minItems": 10,
"items": { "type": "string" }
},
"operator_interpretation": {
"type": "array",
"items": { "type": "string" }
}
},
"$defs": {
"access_surface": {
"type": "object",
"additionalProperties": false,
"required": [
"surface_id",
"label",
"source_path",
"expected_scope",
"config_kind",
"control_tier",
"current_state",
"access_scope",
"requires_live_evidence",
"requires_owner_response",
"next_owner_action",
"source_exists",
"line_count",
"sha256",
"owner_response_received",
"owner_response_accepted",
"live_evidence_received",
"maintenance_window_accepted",
"rollback_owner_accepted",
"runtime_gate_open",
"action_buttons_allowed"
],
"properties": {
"surface_id": { "type": "string" },
"label": { "type": "string" },
"source_path": { "type": "string" },
"expected_scope": { "type": "string" },
"config_kind": { "type": "string" },
"control_tier": { "const": "C1" },
"current_state": { "type": "string" },
"access_scope": {
"type": "array",
"items": { "type": "string" }
},
"requires_live_evidence": { "const": true },
"requires_owner_response": { "const": true },
"next_owner_action": { "type": "string" },
"source_exists": { "const": true },
"line_count": { "type": "integer", "minimum": 1 },
"sha256": { "type": "string", "minLength": 64, "maxLength": 64 },
"owner_response_received": { "const": false },
"owner_response_accepted": { "const": false },
"live_evidence_received": { "const": false },
"maintenance_window_accepted": { "const": false },
"rollback_owner_accepted": { "const": false },
"runtime_gate_open": { "const": false },
"action_buttons_allowed": { "const": false }
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink