awoooi/docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md

IwoooS 高價值配置控管清冊

項目	內容
日期	2026-06-12
狀態	inventory_and_classification_gate_ready
範圍	AWOOOI / IwoooS 全產品重要配置
本階段模式	source-control 修補 + 只讀盤點，不做 live reload / restart / sync
覆蓋矩陣	docs/security/HIGH-VALUE-CONFIG-CONTROL-COVERAGE.md
覆蓋 snapshot	docs/security/high-value-config-control-coverage.snapshot.json
runtime gate	0

0. 核心結論

目前 IwoooS 的資安範圍不能只看程式碼漏洞，必須把「能改變公開入口、部署、憑證、告警、資料、備份、AI provider、agent 行為與跨產品路由」的配置全部納入控管。

本次盤點後，配置控管分為四級：

等級	定義	處理速度	例子
C0	立即影響公開入口、權限、secret、部署或遠端執行	立即納管，先止血再補 owner gate	Nginx public gateway、TLS、secret、workflow、runner、K8s prod、ArgoCD、backup credential
C1	會影響監控、資料、供應鏈、AI provider 或主機維護	近程納管，建立 drift 與維護窗口	Prometheus、Alertmanager、Docker Compose、PostgreSQL、Redis、MinIO、Ollama、Kali、WireGuard
C2	產品 runtime、admin、API、webhook、frontend build 或跨產品 route	隨產品變更納管	AWOOOI、AwoooP、IwoooS、VibeWork、agent-bounty-protocol、StockPlatform、Tsenyang、Bitan、VTuber
C3	文件、runbook、template、snapshot 與證據索引	持續納管，避免範例變成可複製風險	SERVICE-ENDPOINTS.md、DR runbook、owner response template

0.1 2026-06-11 覆蓋矩陣狀態

high_value_config_control_coverage_v1 已把高價值配置控管從文字清冊推進成可重跑 snapshot。這份 snapshot 直接讀取 scripts/security/high-value-config-change-gate.py 的 CATEGORIES，避免長期清冊與變更 Gate 漂移。

指標	目前值	邊界
註冊配置類別	14	代表已進 Gate 分類，不代表已批准
C0 類別	8	Nginx、DNS / TLS、K8s、secret、workflow / runner、runtime config、backup、agent-bounty runtime
C1 類別	4	監控、Docker / systemd、SSH / network、AI provider
平均只讀控管成熟度	71%	只代表框架 / evidence / owner packet / acceptance ledger / source guard / post-incident readback 準備度
需要 live evidence 類別	9	只能等 owner-provided redacted evidence 或維護窗口，不主動 SSH、不改 route / CORS / env / backup
owner response required	14	owner response received / accepted 仍 0 / 0
runtime gate	0	不提供執行按鈕

低成熟與高風險追蹤優先順序為 Docker Compose / systemd、SSH / network、backup / restore、monitoring / alerting。這些是下一波 owner response / live evidence 收件準備的追蹤順序，不代表可以 restart、reload、scan 或收 secret value。

0.2 2026-06-11 Docker / systemd repo-only 清冊

host_service_config_inventory_v1 已把 Docker Compose、systemd / repair-bot、Ansible service role 與 host config backup capture 納入只讀 snapshot。清冊目前共有 9 個 surface、5 個 host scope、3 個 write-capable surface、2 個 repair-bot whitelist 與 1 個 systemd restart surface，讓 Docker / systemd 類別成熟度從 42% 推進到 50%。

此更新仍不是 live host truth：110 / 188 live hash、restart window、rollback owner、post-check 指標與 owner response received / accepted 全部仍為 0，也不得執行 docker compose、systemctl、repair-bot、Ansible apply 或任何 SSH 讀寫。

2026-06-14 已新增 docs/security/HOST-SERVICE-OWNER-REQUEST-DRAFT.md 與 docs/security/host-service-owner-request-draft.snapshot.json，將 9 個 Docker / systemd / host service surface 轉成人工送件前 owner request draft。固定 drafts=9、write_capable=3、live_evidence_required=8、owner_fields=12、blocked_actions=14，但 request sent、owner response received / accepted、live evidence、restart window、rollback owner、host write、runtime gate 仍全部為 0 / false。

0.3 2026-06-11 SSH / network access repo-only 清冊

ssh_network_access_inventory_v1 已把 SSH target、known_hosts workflow、CI deploy SSH、monitoring SSH、backup SSH capture、sudoers wrapper、NetworkPolicy、NodePort、WireGuard runbook 與 alert SSH action catalog 納入只讀 snapshot。清冊目前共有 16 個 surface、11 個 SSH source surface、6 個 write-capable surface、2 個 NetworkPolicy、2 個 NodePort、1 個 sudoers surface 與 1 個 WireGuard surface，讓 SSH / network 類別成熟度從 48% 推進到 54%。

2026-06-14 已新增 docs/security/SSH-NETWORK-OWNER-REQUEST-DRAFT.md 與 docs/security/ssh-network-owner-request-draft.snapshot.json，將 16 個 SSH / network access surface 轉成人工送件前 owner request draft。固定 drafts=16、write_capable=6、live_evidence_required=16、owner_fields=13、blocked_actions=16，但 request sent、owner response received / accepted、live access state、firewall / port change、NetworkPolicy apply、NodePort change、WireGuard change、host write、runtime gate 仍全部為 0 / false。

2026-06-15 已新增 docs/security/SSH-NETWORK-OWNER-RESPONSE-ACCEPTANCE.md 與 docs/security/ssh-network-owner-response-acceptance.snapshot.json，將 16 份 owner request draft 轉成 owner response acceptance 只讀帳本。固定 candidates=16、write_capable=6、live_evidence_required=16、owner_fields=13、reviewer_checks=15、outcome_lanes=7、blocked_actions=22，讓 SSH / network 類別成熟度從 54% 推進到 58%；但 owner response received / accepted、live access state、host key pinning、port policy、firewall owner、NetworkPolicy / NodePort、WireGuard cutover、SSH、keyscan、known_hosts patch、firewall / port 變更、host write、runtime gate 仍全部為 0 / false。

2026-06-15 再新增 docs/security/PORT-FIREWALL-CHANGE-EVIDENCE-ACCEPTANCE.md 與 docs/security/port-firewall-change-evidence-acceptance.snapshot.json，將 14 個端口 / 防火牆 / NodePort / NetworkPolicy / WireGuard / deploy SSH / sudo / alert action surface 轉成變更證據驗收只讀帳本。固定 candidates=14、write_capable=6、policy_or_exposure=5、evidence_fields=40、required_evidence_fields=21、reviewer_checks=21、outcome_lanes=9、blocked_actions=28，並納入事故嚴重度、服務健康影響、通知證據、恢復時間與 break-glass 回補欄位，讓 SSH / network 類別成熟度從 58% 推進到 62%；但 change evidence received / accepted、actor identified、before / after state、service health impact accepted、operator notification accepted、cross-project sync、post-check evidence、firewall / port 變更、route smoke、host restart、host write、runtime gate 仍全部為 0 / false。

2026-06-15 再新增 docs/security/SSH-NETWORK-POST-INCIDENT-READBACK-PLAN.md 與 docs/security/ssh-network-post-incident-readback-plan.snapshot.json，把 14 個端口 / 防火牆事故 surface 補成 post-incident readback plan。固定 readback_candidates=14、write_capable=6、policy_or_exposure=5、readback_fields=30、required_readback_fields=24、reviewer_checks=24、outcome_lanes=10、blocked_actions=34，並要求 actor、before / after、service / public route / AI provider / monitoring impact、operator notification、cross-project sync、restoration evidence、post-check、recurrence guard 與 no-false-green attestation，讓 SSH / network 類別成熟度從 62% 推進到 64%；但 readback received / accepted、actor attribution accepted、before / after accepted、impact accepted、notification accepted、cross-project sync accepted、restoration accepted、recurrence guard accepted、host write、runtime gate 仍全部為 0 / false。

0.3a 2026-06-15 K8s / ArgoCD GitOps 變更證據驗收

k8s_argocd_change_evidence_acceptance_v1 已把 awoooi_prod、argocd、velero、monitoring 四個 scan group 轉成 GitOps 變更證據驗收只讀帳本。固定 candidates=4、c0=3、write_capable=4、required_evidence_fields=18、reviewer_checks=18、outcome_lanes=8、blocked_actions=28，讓 K8s / ArgoCD 類別成熟度從 62% 推進到 64%。

此更新只表示 proposed commit、rendered manifest diff、ArgoCD app / sync revision、health before / after、rollout status、route smoke、metrics / alert、secret metadata parity、blast radius、maintenance window、rollback revision 與 postcheck owner 已有收件驗收規則；change evidence received / accepted、runtime approval package、ArgoCD API read、ArgoCD sync、kubectl action、Helm upgrade、NetworkPolicy apply、NodePort change、RBAC change、live cluster read、production write、runtime gate 仍全部為 0 / false。

0.3b 2026-06-15 K8s / ArgoCD 事故後回讀計畫

k8s_argocd_post_incident_readback_plan_v1 已把同一批 awoooi_prod、argocd、velero、monitoring 四個 scan group 轉成事故後回讀計畫。固定 readback_candidates=4、c0=3、c1=1、write_capable=4、readback_fields=36、required_readback_fields=31、reviewer_checks=28、outcome_lanes=10、blocked_actions=41，讓 K8s / ArgoCD 類別成熟度從 64% 推進到 66%。

此更新只表示 ArgoCD health / sync、Degraded / Pending、image pull / scheduling、rollout 前後、event / metrics / alert、drift scanner、CronJob、NetworkPolicy / RBAC / Secret metadata、public/admin route、AI provider / monitoring、backup / restore、operator notification、cross-project sync、recovery / still degraded、postcheck、recurrence guard 與 no-false-green 已有脫敏回讀欄位與審查分流；post-incident readback received / accepted、ArgoCD API read、ArgoCD sync、live cluster read、kubectl action、Helm action、NetworkPolicy / NodePort / RBAC 變更、secret value collection、route smoke、production write、runtime gate 仍全部為 0 / false。

0.3c 2026-06-15 CD / Runner / Secret 注入變更證據驗收

cd_runner_secret_injection_change_evidence_acceptance_v1 已把 CD pipeline、Code Review、Deploy alerts、Runner attestation 與 Repository secret name parity / injection owner 轉成 metadata-only 變更證據驗收只讀帳本。固定 candidates=5、c0=4、c1=1、write_capable=5、workflow_files=33、referenced_secret_names=42、runner_labels=5、required_evidence_fields=19、reviewer_checks=19、outcome_lanes=8、blocked_actions=32。

此更新讓 secret_metadata 類別成熟度從 66% 推進到 68%，讓 gitea_workflow_runner_source_control 類別成熟度從 70% 推進到 72%。它只表示 workflow diff、runner owner attestation、secret name parity、secret injection route、Gitea run readback、guard result、rollback owner 與 post-check evidence 已有收件驗收規則；workflow 修改、workflow dispatch、runner 啟用 / 重啟、GitHub hosted runner、secret value / hash / partial token 收集、secret store read、secret 建立 / 更新 / rotate / 刪除、webhook 修改、deploy key 修改、branch protection / CODEOWNERS 修改、refs sync、force push、GitHub primary switch、Gitea 停用、production deploy、runtime gate 仍全部為 0 / false。

0.3c-1 2026-06-16 CD / Runner / Secret 注入事故後回讀計畫

cd_runner_secret_injection_post_incident_readback_plan_v1 已把同一批 CD pipeline、Code Review、Deploy alerts、Runner attestation 與 Repository secret name parity / injection owner 轉成事故後回讀計畫。固定 candidates=5、c0=4、c1=1、write_capable=5、readback_fields=44、required_readback_fields=33、reviewer_checks=30、outcome_lanes=11、blocked_actions=52。

此更新讓 secret_metadata 類別成熟度從 68% 推進到 70%，讓 gitea_workflow_runner_source_control 類別成熟度從 72% 推進到 74%。它只表示 workflow diff state、runner attestation、executor / host、workspace cleanup、permission scope、secret name parity、secret injection route、step-env secret guard、log redaction、deploy marker / Gitea run、webhook / notification receipt、before / after deploy state、cross-project sync、rollback、post-check、post-change monitoring、recurrence guard 與 no-false-green 已有事故後脫敏回讀欄位；post-incident readback received / accepted、workflow 修改、workflow dispatch、runner 變更、GitHub hosted runner、repo secret 變更、secret value collection、secret injection change、webhook / deploy key / branch protection / CODEOWNERS 變更、Gitea action dispatch、K8s secret injection、ArgoCD sync、production deploy、runtime gate 仍全部為 0 / false。

0.3c-2 2026-06-18 Telegram notification egress 旁路清冊

telegram_notification_egress_inventory_v1 已把 repo 內 direct Telegram Bot API sendMessage 旁路納入只讀清冊。固定 direct_bot_api_file_count=11、direct_bot_api_call_count=18、workflow_direct_bot_api_call_count=13、ops_script_direct_bot_api_call_count=4、api_direct_bot_api_call_count=1、gateway_normalized_callsite_count=56、gateway_final_exit_formatter_present_count=1。

此更新只表示 .gitea/workflows、scripts/ops 與 apps/api/src/services/channel_hub.py 的 direct egress 已可重跑盤點，不代表已遷移。owner response received / accepted、formatter convergence accepted、redaction contract accepted、delivery receipt accepted、direct Bot API migration authorized、Telegram send、Bot API call、workflow / script modification、secret collection、raw payload storage、production write、runtime gate 仍全部為 0 / false。

同日再新增 telegram_notification_egress_owner_request_draft_v1，將 11 個 direct egress 檔案轉成人工送件前 owner request 草稿。固定 request_draft_count=11、workflow_request_draft_count=6、ops_script_request_draft_count=4、api_direct_request_draft_count=1、required_owner_field_count=19、preflight_check_count=16、outcome_lane_count=9、forbidden_payload_count=14、blocked_action_count=26。request sent、recipient confirmed、audit event emitted、owner response accepted、formatter convergence accepted、break-glass fallback accepted、Telegram send、Bot API call、workflow / script modification、API sender refactor、secret collection、raw payload storage、production write、runtime gate 仍全部為 0 / false。

同日再新增 telegram_notification_egress_migration_plan_draft_v1，將 11 份 owner request 草稿排成 workflow notification wrapper、ops notification wrapper、API sender gateway 三個遷移波次。固定 migration_candidate_count=11、workflow_migration_candidate_count=6、ops_script_migration_candidate_count=4、api_direct_migration_candidate_count=1、proposed_wave_count=3、owner_response_required_count=11、maintenance_window_required_count=11、rollback_owner_required_count=11。owner response、migration authorized、workflow / script modification、API sender refactor、Telegram send、Bot API call、secret collection、raw payload storage、production write、runtime gate 仍全部為 0 / false。

2026-06-19 再新增 telegram_notification_egress_no_new_bypass_guard_v1，將既有 18 個 direct send 固定成 baseline signature，並掃描 sendMessage、sendDocument、sendPhoto、sendMediaGroup、editMessageText、sendAnimation、sendVideo、sendAudio、sendVoice 等 9 類 Bot API method。固定 baseline_signature_count=18、current_direct_bot_api_call_count=18、new_bypass_count=0、sendDocument_call_count=0、runtime_gate_count=0。此更新只代表 repo source 目前沒有新增未登記 Telegram 直送旁路；既有 18 個 direct send 仍未遷移，owner response、migration authorized、workflow / script modification、API sender refactor、Telegram send、Bot API call、secret collection、raw payload storage、production write、runtime gate 仍全部為 0 / false。

同日再新增 telegram_notification_egress_owner_response_acceptance_v1，把 11 份 owner request draft 與 11 份 migration candidate 轉成 owner response acceptance 帳本。2026-06-19 已補 message_readability_guard_ref，固定指向 docs/security/telegram-alert-readability-guard.snapshot.json，讓每個 direct egress candidate 都必須帶告警可讀性、脫敏、runtime_write_gate=controlled 事件卡語意、no-false-green guard ref，以及 Telegram send / runtime gate 仍為 0 / false 的邊界。固定 acceptance_candidate_count=11、workflow 6、ops script 4、API direct 1、acceptance_field_count=33、required_owner_field_count=19、reviewer_check_count=23、outcome_lane_count=10、forbidden_payload_count=14、blocked_action_count=35。owner response received / accepted / rejected / quarantined、supplement requested、formatter convergence accepted、redaction contract accepted、delivery receipt accepted、break-glass fallback accepted、maintenance / rollback / postcheck accepted、migration authorized、workflow / script / API sender modification、Telegram send、Bot API call、workflow dispatch、production deploy、secret collection、raw payload storage、runtime gate 仍全部為 0 / false。

同日再新增 telegram_alert_readability_guard_v1，把 Telegram 告警最後出口可讀性納入高價值配置控管。固定 source_formatter_marker_count=11、final_exit_contract_count=3、test_contract_count=11、ai_signal_lane_count=7、host_resource_lane_count=6、blocked_raw_output_marker_count=12、required_output_marker_count=7，並由 security-mirror-progress-guard.py 直接呼叫。此 guard 確認 _send_request()、send_alert_notification() 與 send_text() 都會套用 normalizer，且 Prisma / root Node.js / Next build / Wazuh / Kali / Nginx drift 等告警只能變成脫敏 AI 事件卡；Telegram 實發、Bot API call、delivery receipt、direct egress migration、workflow / script / API sender 修改、production write、runtime gate 仍全部為 0 / false。

0.3d 2026-06-15 Public / Admin / API runtime config 變更證據驗收

public_runtime_config_change_evidence_acceptance_v1 已把公開產品頁、AwoooP 後台、API / CORS、frontend env、Sentry tunnel、webhook / callback 與跨產品 runtime route 轉成 metadata-only 變更證據驗收只讀帳本。固定 candidates=6、c0=5、c1=1、write_capable=6、source_refs=20、required_evidence_fields=21、reviewer_checks=21、outcome_lanes=8、blocked_actions=32。

此更新讓 Public / admin / API / frontend runtime config 類別成熟度從 62% 推進到 64%。它只表示 affected route refs、admin/auth boundary、API contract readback、CORS origin diff、frontend env diff、i18n redaction review、webhook / callback owner、desktop / mobile smoke、sensitive string scan、console error scan、rollback owner 與 post-check evidence 已有收件驗收規則；route 變更、CORS 變更、NEXT_PUBLIC env 變更、middleware auth 變更、callback / webhook 變更、security header / cookie / CSRF / rate limit 變更、database migration、frontend / API deploy、production deploy、runtime gate 仍全部為 0 / false。

此帳本同時把 raw owner namespace、repo slug、內部狀態碼、內部協作文字、cookie、token、secret value、DSN value、raw payload 與未脫敏截圖列為拒收或隔離條件。AwoooP Tenants、IwoooS、Code Review 或其他公開頁只能顯示脫敏產品 / 專案名稱與控管狀態，不得顯示個人 namespace、內部狀態碼、內部協作內容或抱怨語句。

2026-06-15 再新增 public_frontend_sensitive_surface_guard_v1 snapshot，並將 scripts/security/public-frontend-env-guard.py 擴充為 source / messages 防洩漏 guard。固定掃描 225 個前端檔案、12 類禁字、2 個遮罩器 allowlist、0 個違規、0 個 env violation、0 個 runtime gate。此更新讓 Public / admin / API / frontend runtime config 類別成熟度從 64% 推進到 66%；但 production bundle scan accepted、desktop / mobile production smoke accepted、owner response received / accepted、route / CORS / env / auth / webhook 變更、frontend / API deploy、runtime gate 仍全部為 0 / false。

backup_restore_owner_request_draft_v1 已把 backup、restore、offsite、credential escrow、retention、Velero、alert / health 與 DR runbook 的 38 個 surface 轉成人工送件前 owner request draft。固定 drafts=38、write_capable=27、live_evidence_required=38、owner_fields=14、blocked_actions=18，但 request sent、owner response received / accepted、live backup evidence、backup run、restore run、offsite sync、remote delete、escrow marker write、retention change、host write、runtime gate 仍全部為 0 / false。

此更新仍不是 live network truth：live firewall、sudoers、known_hosts、NetworkPolicy、NodePort、WireGuard evidence、network owner、maintenance window、rollback owner 與 owner response received / accepted 全部仍為 0，也不得執行 SSH、keyscan、sudo、firewall change、NetworkPolicy apply、NodePort change 或 WireGuard cutover。

0.4 2026-06-11 Backup / restore / escrow / retention repo-only 清冊

backup_restore_escrow_inventory_v1 已把 backup orchestration、service backup scripts、restic retention、offsite sync、credential escrow、Velero restore drill、backup health alert 與 cold-start / DR runbook 納入只讀 snapshot。清冊目前共有 38 個 surface、15 個 backup script surface、8 個 offsite / escrow surface、5 個 Velero surface、3 個 retention surface、5 個 credential surface 與 27 個 write-capable surface，讓 backup / restore / credential 類別成熟度從 52% 推進到 58%。

2026-06-15 已新增 backup_restore_owner_response_acceptance_v1，將 38 份 owner request draft 轉成 owner response acceptance 只讀帳本。固定 candidates=38、write_capable=27、live_evidence_required=38、owner_fields=14、reviewer_checks=13、outcome_lanes=7、blocked_actions=22，讓 backup / restore / credential 類別成熟度從 58% 推進到 62%；但 owner response received / accepted、live backup evidence、backup run、restore run、offsite sync、remote delete、escrow marker write、retention change、host write、runtime gate 仍全部為 0 / false。

同日再補 restore recovery backfill Gate，將 backup_restore_owner_response_acceptance_v1 固定為 acceptance_fields=33、owner_fields=23、reviewer_checks=22、outcome_lanes=9、blocked_actions=31。新增 freshness SLO、隔離 restore target、backup dependency map、data classification、remote delete guard、retention runway、restore observer / stop condition、credential recovery non-secret proof 與 backup health no-false-green review；讓 backup / restore / credential 類別成熟度從 62% 推進到 64%。這不代表 owner response received / accepted、live backup evidence、freshness SLO accepted、restore target isolation accepted、remote delete guard accepted、retention runway accepted、credential recovery drill accepted、backup run、restore run、offsite sync、remote delete、retention change、secret collection、host write 或 runtime gate 已授權。

2026-06-18 再新增 backup_restore_post_incident_readback_plan_v1，將同一批 38 個 backup / restore / escrow / retention surface 補成事故後回讀計畫。固定 readback_candidates=38、write_capable=27、live_evidence_required=38、restore_drill_required=38、offsite_or_escrow_required=20、retention_or_remote_delete_required=17、required_readback_fields=34、reviewer_checks=32、outcome_lanes=11、blocked_actions=51，並要求 actor、時間窗、改前改後 freshness、backup status readback、restore drill、隔離 restore target、offsite sync、remote delete guard、credential escrow non-secret proof、credential recovery metadata、retention runway、retention / prune decision、dependency map、data classification、restore observer、alert textfile、cold-start scorecard、cross-project sync、rollback、post-change monitoring、防再發與 no-false-green attestation，讓 backup / restore / credential 類別成熟度從 64% 推進到 66%。這不代表 post-incident readback received / accepted、backup run、restore run、offsite sync、remote delete、escrow marker write、retention change、secret collection、host write 或 runtime gate 已授權。

此更新仍不是 live backup truth：owner response、live evidence、restore drill acceptance、offsite sync acceptance、credential escrow acceptance、retention change acceptance、maintenance window、rollback owner 與 runtime gate 全部仍為 0，也不得執行 backup、restore、offsite sync、remote delete、restic prune、escrow marker write、rclone config、Velero restore、kubectl 或 SSH。

0.5 2026-06-12 Monitoring / alerting / observability repo-only 清冊

monitoring_alerting_observability_inventory_v1 已把 Prometheus、Alertmanager、Grafana、SigNoz、Sentry、Langfuse、OTEL、Telegram / notification policy、deploy / reload scripts 與 alert chain smoke scripts 納入只讀 snapshot。清冊目前共有 60 個 surface、13 個 alert rule surface、6 個 deploy / reload surface、11 個 write-capable surface 與 1 個 drift guard surface，讓 monitoring / alerting / observability 類別成熟度從 56% 推進到 62%。

此更新仍不是 live alert chain truth：owner response、live evidence、reload owner、receiver owner、route smoke、maintenance window、rollback owner 與 runtime gate 全部仍為 0，也不得執行 Prometheus reload、Alertmanager reload、Grafana import、SigNoz rule apply、Sentry deploy、Langfuse change、OTEL reload、remote write change、silence change、Telegram send、live alert fire、alert chain smoke、SSH 或 kubectl。

2026-06-14 已新增 monitoring_owner_request_draft_v1，把 60 個 monitoring / alerting / observability surface 轉成人工送件前 owner request draft。固定 drafts=60、write_capable=11、live_evidence_required=60、owner_fields=14、blocked_actions=24，但 request sent、owner response received / accepted、live evidence、reload、receiver route change、silence change、Telegram send、alert chain smoke、host write、runtime gate 仍全部為 0 / false。

2026-06-15 已新增 monitoring_owner_response_acceptance_v1，將 60 份 owner request draft 轉成 owner response acceptance 只讀帳本。固定 candidates=60、write_capable=11、live_evidence_required=60、owner_fields=14、reviewer_checks=15、outcome_lanes=7、blocked_actions=28，讓 monitoring / alerting / observability 類別成熟度從 62% 推進到 66%；但 owner response received / accepted / rejected、live evidence、reload、receiver route change、silence change、Telegram send、alert chain smoke、host write、runtime gate 仍全部為 0 / false。

2026-06-15 再補告警鏈路 no-false-green 回補欄位，將 monitoring_owner_response_acceptance_v1 固定為 acceptance_fields=38、reviewer_checks=23、outcome_lanes=12、blocked_actions=34。新增要求包含 incident context、alert chain health 不能只看 route 200、receiver receipt proof、stale alert review、silence / dedup review、false-green risk review、post-reload readback plan 與 cross-project notification ref，讓 monitoring / alerting / observability 類別成熟度從 66% 推進到 68%；但 owner response、receiver receipt、stale alert review、silence / dedup review、false-green risk review、post-reload readback、reload、Telegram send、live alert fire、alert chain smoke、host write、runtime gate 仍全部為 0 / false。

2026-06-15 再新增 monitoring_post_incident_readback_plan_v1，將同一批 60 個 monitoring / alerting / observability surface 轉成事故後回讀計畫。固定 candidates=60、write_capable=11、live_evidence_required=60、alert_rule=13、deploy_or_reload=6、required_readback_fields=30、reviewer_checks=28、outcome_lanes=11、blocked_actions=53，讓 monitoring / alerting / observability 類別成熟度從 68% 推進到 70%；但 post-incident readback received / accepted、receiver receipt、stale / silence review、alert chain health、reload、Telegram send、live alert fire、alert chain smoke、host write、production write、runtime gate 與 action button 仍全部為 0 / false。

0.6 2026-06-12 Public Gateway Preflight repo-only 清冊

public_gateway_preflight_inventory_v1 已把 Nginx public gateway reload / route change 前置 Gate 固定成只讀 snapshot。清冊目前共有 3 份 Nginx source config、2 份 C0 source config、14 個 route impact、14 個 unique upstream、10 條 TLS certificate path、4 個 certificate owner 確認缺口、7 個 ACME challenge domain、1 個 admin route domain、6 個 WebSocket route domain 與 12 個 preflight gate，讓 Nginx public gateway 類別成熟度從 78% 推進到 84%。

此更新仍不是 live gateway truth：owner response、owner-provided live conf、rendered diff、nginx -t evidence、route smoke、maintenance window、rollback owner 與 runtime gate 全部仍為 0，也不得 SSH、讀 live conf、執行 nginx -t、reload Nginx、改 public route、改 admin route、改 WebSocket / API route、改 ACME、做 DNS / TLS probe、執行 certbot renew 或寫入主機。

2026-06-14 已新增 public_gateway_owner_response_acceptance_v1，把 3 份 Public Gateway config 轉成 owner response acceptance 只讀帳本。2026-06-15 已強化手動 / 緊急 gateway 變更 metadata gate，固定 candidates=3、c0=2、owner_fields=22、reviewer_checks=22、outcome_lanes=8、blocked_actions=28。此更新要求 owner response 必須能提供 change actor/source、change time window、cross-project impact、communication sync、change intent / ticket、pre-change approval 或 break-glass reason、route health impact、rollback validation 與 post-change monitoring window 的脫敏 ref；Nginx public gateway 類別成熟度從 88% 推進到 90%，因為亂改 Nginx 後不再只看 owner 口頭回覆，而會要求事前意圖或事後 break-glass、健康影響、回滾驗證與監控窗口。不過 owner response received / accepted、redacted export、rendered diff、nginx -t、reload、route smoke、DNS / TLS probe、certbot renew、host write、runtime gate 仍全部為 0 / false。

2026-06-14 再新增 public_gateway_rendered_diff_acceptance_v1，把 3 份 Public Gateway config 轉成 rendered diff evidence acceptance 只讀帳本。固定 candidates=3、c0=2、required_evidence_fields=14、reviewer_checks=15、outcome_lanes=8、blocked_actions=22，讓 Nginx public gateway 類別成熟度從 86% 推進到 88%。此更新只表示未來 owner-provided rendered diff、nginx -t readback、route smoke evidence、TLS / ACME impact、maintenance window、rollback owner 與 post-check evidence 有收件驗收規則；owner response accepted、rendered diff accepted、nginx test evidence accepted、route smoke evidence accepted、reload、DNS / TLS probe、certbot renew、host write、runtime gate 仍全部為 0 / false。

2026-06-15 再新增 public_gateway_post_incident_readback_plan_v1，把同一批 3 份 Public Gateway config 補成事故後回讀計畫。固定 readback_candidates=3、c0=2、c1=1、write_capable=3、readback_fields=36、required_readback_fields=30、reviewer_checks=28、outcome_lanes=10、blocked_actions=41，讓 Nginx public gateway 類別成熟度從 90% 推進到 92%。此更新只表示 actor、變更時間窗、change intent / break-glass、改前改後 route、source-to-live diff、nginx -t readback、reload / no-reload、route smoke、TLS / ACME、WebSocket、upstream、AI provider、monitoring、跨專案同步、回滾、防再發與 no-false-green 已有脫敏回讀欄位與審查分流；readback received / accepted、live conf read、nginx -t、reload、route smoke、DNS / TLS probe、certbot renew、host write、runtime gate 仍全部為 0 / false。

0.7 2026-06-14 DNS / TLS / certbot owner response acceptance 只讀帳本

domain_tls_certbot_owner_response_acceptance_v1 已把 4 份 DNS / TLS / certbot owner confirmation request 轉成 owner response acceptance 只讀帳本。固定 candidates=4、c0=4、owner_fields=13、reviewer_checks=13、outcome_lanes=7、blocked_actions=20，讓 DNS / TLS / certbot 類別成熟度從 74% 推進到 78%。

此更新只表示 SAN / wildcard / 共用憑證覆蓋關係、certificate expiry metadata、renewal owner、ACME route owner、maintenance window、rollback owner 與 validation plan 已有收件驗收規則；owner response received / accepted、certificate coverage confirmed、DNS query、TLS probe、certbot renew、Nginx reload、route smoke、DNS record / certificate path / ACME route 變更、host write、runtime gate 仍全部為 0 / false。

0.8 2026-06-14 Docker / systemd / host service owner response acceptance 只讀帳本

host_service_owner_response_acceptance_v1 已把 9 份 Docker / systemd / host service owner request draft 轉成 owner response acceptance 只讀帳本。固定 candidates=9、write_capable=3、live_evidence_required=8、owner_fields=18、reviewer_checks=21、outcome_lanes=8、blocked_actions=27，並追加事故恢復、依賴圖、port binding、cold-start sequence、source-of-truth 與 daemon / runner 競爭回補要求，讓 Docker / systemd / host service 類別成熟度從 54% 推進到 58%。

此更新只表示 live config hash ref、maintenance / restart window、rollback owner、post-check plan、disable switch 與 no-secret-value evidence 已有收件驗收規則；owner response received / accepted、live host read、SSH、Docker Compose、systemctl、repair-bot、Ansible、sudo、host write、runtime gate 仍全部為 0 / false。

0.8a 2026-06-15 Docker / systemd / host service change evidence acceptance 只讀帳本

host_service_change_evidence_acceptance_v1 已把 9 個 Docker / systemd / host service surface 轉成事故 / 變更證據驗收只讀帳本。固定 candidates=9、write_capable=3、live_evidence_required=8、evidence_fields=45、required_evidence_fields=25、reviewer_checks=26、outcome_lanes=10、blocked_actions=39，並納入重啟 actor、before / after service state、Docker daemon state、compose / systemd state、failed unit review、port binding、dependency impact、cold-start sequence、route recovery、operator notification、cross-project sync 與 no-false-green service health，讓 Docker / systemd / host service 類別成熟度從 58% 推進到 62%。

此更新只表示未來 host service 事故或變更證據已有收件驗收規則；change evidence received / accepted、Docker daemon state accepted、compose stack state accepted、systemd unit state accepted、failed unit review accepted、port binding accepted、route recovery accepted、operator notification accepted、live host read、SSH、Docker / systemd、repair-bot、Ansible、route smoke、host write、runtime gate 仍全部為 0 / false。

0.8b 2026-06-15 Docker / systemd / host service 事故後回讀計畫

host_service_post_incident_readback_plan_v1 已把同一批 9 個 Docker / systemd / host service surface 補成 post-incident readback plan。固定 readback_candidates=9、write_capable=3、live_evidence_required=8、readback_fields=36、required_readback_fields=28、reviewer_checks=28、outcome_lanes=10、blocked_actions=41，並要求 actor、boot time、restart / recovery window、before / after、Docker daemon、compose、systemd、failed unit、port binding、dependency、public/admin route、AI provider、monitoring、operator notification、cross-project sync、restoration evidence、post-check、recurrence guard 與 no-false-green attestation，讓 Docker / systemd / host service 類別成熟度從 62% 推進到 64%。

此更新只表示 110 / 188 類主機服務事故已有事故後回讀收件規則；post-incident readback received / accepted、actor attribution accepted、Docker daemon accepted、compose accepted、systemd accepted、route recovery accepted、monitoring accepted、cross-project sync accepted、recurrence guard accepted、live host read、SSH、Docker / systemd、repair-bot、Ansible、route smoke、host write、production write、runtime gate 仍全部為 0 / false。

0.8c 2026-06-15 AI provider / model routing owner response acceptance 只讀帳本

ai_provider_owner_response_acceptance_v1 已把 AI router provider policy、Ollama proxy gateway、fallback order / circuit breaker、cost budget / quota、privacy / data egress、benchmark / dry-run、model card / version inventory 與 agent replacement candidate boundary 轉成 metadata-only owner response acceptance 帳本。固定 candidates=8、write_capable=5、paid_provider_related=5、data_egress=6、live_evidence_required=6、acceptance_fields=37、required_owner_fields=24、reviewer_checks=24、outcome_lanes=10、blocked_actions=38，讓 AI provider / model routing 類別成熟度從 60% 推進到 64%。

此更新只表示未來 provider、fallback、cost、privacy、benchmark、dry-run、模型卡片與 agent replacement 證據已有收件驗收規則；owner response received / accepted、dry-run accepted、benchmark accepted、cost review accepted、privacy review accepted、fallback order accepted、provider switch、external provider call、paid provider call、prompt send、live endpoint probe、secret collection、SDK install、model download、shadow / canary、production deploy、runtime gate 仍全部為 0 / false。

1. 目前已不符合新要求的項目

優先	項目	現況	風險	本階段處置
P0	Nginx public gateway	已有 Ansible source-of-truth、repo-only drift detector、DNS / TLS 清冊、public gateway preflight Gate、owner response acceptance、rendered diff evidence acceptance 與事故後回讀計畫，但尚缺 owner-provided live conf、rendered diff、nginx -t evidence、route smoke、maintenance window 與 rollback owner	手改 live conf 會讓公開網站、admin route、TLS、API、WebSocket 或 ACME 被改壞，且不易追責	已新增高價值配置 Hard Rule、drift detector、preflight 清冊、owner response acceptance 與 post-incident readback plan；仍不得 SSH 或 reload
P0	docs/runbooks/SECRETS-MANAGEMENT.md Gitea token 範例	文件內存在可疑 token 範例	可能造成 Gitea API 權限外洩或複製貼上事故	已改為 owner-managed token env，不保存 value
P0	k8s/monitoring/docker-compose-110.yml Grafana admin 密碼	compose 內有固定密碼常值	若被當作 live 密碼或複製使用，會造成監控後台弱控管	已改為 GRAFANA_ADMIN_PASSWORD owner secret store 注入
P0	ops/monitoring/discover_docker.py SSH host key 驗證	仍使用關閉 host key 驗證的參數	MITM 或錯誤主機信任風險	已改為 BatchMode=yes + accept-new；後續升級 pinned known_hosts
P0	apps/api/src/api/v1/monitoring.py Grafana 探測認證	程式碼內有 Grafana Basic Auth 常值	API 程式碼保存 credential，且會被複製到後續部署	已改為 settings.GRAFANA_API_KEY Bearer token；未設定時不送 Authorization header
P1	Nginx 188 / 110 live conf drift	repo 有 templates 與 drift detector，比對模式需 owner 提供脫敏 live conf；目前 live evidence 仍為 0	手改後 repo 不知道，下一次 Ansible 可能覆蓋或保留錯誤路由	下一步收 owner-provided live conf 與 rendered diff，不主動 SSH
P1	高價值配置變更 Gate	已有 C0-C3 清冊與 Hard Rule，但原本缺少可重跑 path 分類	reviewer 只能靠人工記憶判斷 Nginx、workflow、secret、K8s、DNS、AI provider 是否需 owner gate	已新增 scripts/security/high-value-config-change-gate.py；本階段只分類，不接 CI blocking
P0	DNS / TLS / certbot	已有 domain / certificate path 清冊、owner confirmation request 與 owner response acceptance 只讀帳本，但仍缺 owner-provided coverage metadata、expiry metadata、renewal owner、ACME route owner、maintenance window 與 rollback owner	憑證過期、錯誤 cert path、ACME challenge 被覆蓋會造成公開服務中斷	維持 C0；下一步只收脫敏 metadata ref，不做 DNS query、TLS probe、certbot renew 或 reload
P1	workflow / runner / deploy key / secret name	已有 Gitea / GitHub readiness 盤點，但尚未把配置變更和 IwoooS 高價值配置共用 gate 合併	workflow 或 runner 改錯會直接影響部署與 secret 注入	納入 C0，維持只讀 owner response，不收 secret value
P1	Docker Compose / systemd live config	已有 repo-only inventory、owner request draft、owner response acceptance、change evidence acceptance 與 post-incident readback plan 只讀帳本，但仍缺 owner-provided live hash、事故回讀包、maintenance / restart window、rollback owner、post-check plan、disable switch 與 no-secret-value evidence	restart policy、port、volume、env、daemon / compose / systemd 異動會影響 Harbor、Sentry、Langfuse、Gitea、監控、AI provider 與代理賞金協議 runtime	下一步只收脫敏 owner response / live hash metadata / 事故回讀 ref，不主動 SSH、不重啟、不跑 repair-bot
P1	AI provider / Ollama proxy	Nginx proxy template、API provider route、fallback order、模型治理卡與 agent replacement 候選	provider route drift 會造成成本、可用性、資料外送與模型品質風險	納入 C1，owner response acceptance 已固定；任何切換仍需 dry-run / benchmark / cost / privacy / rollback owner gate
P1	agent-bounty-protocol runtime / treasury / A2A / MCP	已納入只讀範圍，但尚未有 production host、compose、domain、TLS、rollback owner 完整資料	外部 agent、claim / submit、payout 或 webhook 若未控管，風險高於一般網站	納入 C2，仍不改該 repo、不讀 .env、不部署

2. Nginx 控管機制

Nginx 是目前必須最先資安控管的配置，原因是它同時控制公開 domain、TLS、admin route、API / WebSocket、ACME challenge、跨產品 upstream 與內網曝光邊界。

2.1 Source of truth

主機	repo source-of-truth	live path	涵蓋
192.168.0.188	infra/ansible/roles/nginx/templates/188-all-sites.conf.j2	/etc/nginx/sites-enabled/all-sites.conf	aiops.wooo.work、gitlab.wooo.work、signoz.wooo.work、www.tsenyang.com、tsenyang.com、stock.wooo.work、mo.wooo.work、bitan.wooo.work、vtuber.wooo.work
192.168.0.188	infra/ansible/roles/nginx/templates/188-internal-tools-https.conf.j2	live path 需 owner 確認	gitea.wooo.work、sentry.wooo.work、langfuse.wooo.work、harbor.wooo.work、registry.wooo.work、signoz.wooo.work、stock.wooo.work
192.168.0.110	infra/ansible/roles/nginx/templates/110-ollama-proxy.conf.j2	/etc/nginx/sites-enabled/110-ollama-proxy.conf	Ollama GCP-A 11435、GCP-B 11436、local fallback 11437
部署入口	infra/ansible/playbooks/nginx-sync.yml	Ansible apply	nginx -t、backup、reload handler
回滾 SOP	docs/runbooks/disaster-recovery/DR-Nginx.md	Runbook	語法錯誤、Git rollback、188 失效接管

2.2 必要 gate

階段	必要資料	未滿足時
變更前	owner role / team、affected domains、affected paths、upstream、TLS / ACME 影響、rollback owner、maintenance window	不可 reload，不可部署
diff	repo diff、rendered diff、live drift evidence refs	只可進入 owner review
preflight	nginx -t、port conflict check、certificate path check	不可 reload
post-check	public route smoke、API / WebSocket smoke、admin route smoke、ACME path smoke、錯誤率觀察	不可宣稱完成
rollback	前一份 live backup、Git revert ref、rollback owner、停止條件	不可進 production window

2.3 Drift 原則

1. 偵測到 live Nginx 與 repo template 不一致時，只建立 evidence，不自動覆寫 live。
2. drift 必須標記受影響 domain、upstream、TLS、admin route、ACME path 與風險等級。
3. 若 drift 是緊急手改，需補 break-glass owner response、時間、原因、回滾條件與後續 source-of-truth patch。
4. 若 drift 是未授權變更，列為 P0 config drift，不得等到下一次部署才處理。
5. IwoooS UI 可顯示 drift，但不能因此提高 runtime gate。

3. 需要優先納管的配置總清單

優先	配置	代表 repo 路徑	live / owner 來源	必要控管
P0	Nginx public gateway	infra/ansible/roles/nginx/templates/*.j2、infra/ansible/playbooks/nginx-sync.yml、ops/nginx/*	188 / 110 live Nginx	source-of-truth、drift detector、owner gate、nginx -t、route smoke、rollback
P0	DNS / TLS / certbot	Nginx templates、docs/runbooks/REGISTRY-CERTBOT-188.md、TLS alert rules、docs/security/DOMAIN-TLS-CERTBOT-OWNER-CONFIRMATION-REQUEST.md、docs/security/DOMAIN-TLS-CERTBOT-OWNER-RESPONSE-ACCEPTANCE.md	DNS provider、Let's Encrypt、188 / 110	domain inventory、cert path、owner coverage metadata、renewal owner、ACME path owner、rollback、validation plan；不得 live probe 或 renew
P0	K8s production manifests	k8s/awoooi-prod/*、k8s/argocd/awoooi-prod-app.yaml	ArgoCD / K3s	GitOps diff、ArgoCD health / sync readback、rollback revision、no manual kubectl unless approved
P0	K8s Secret metadata	k8s/awoooi-prod/03-secrets.example.yaml、secret templates、workflow injection	Gitea Secrets / K8s Secret names	secret name parity only、no value collection、rotation owner
P0	Gitea workflows	.gitea/workflows/*.yaml	Gitea Actions	self-hosted runner, secret reference guard, deployment verification, no write action without owner
P0	Runner / deploy key / webhook / branch protection	ops/runner/*、source-control snapshots	Gitea / GitHub owner metadata	labels、key names、webhook names、ruleset metadata only；no token / key value
P0	Public admin / API route config	Nginx templates、apps/web/src/lib/config.ts、apps/api/src/core/config.py、docs/security/PUBLIC-RUNTIME-CONFIG-CHANGE-EVIDENCE-ACCEPTANCE.md、docs/security/public-runtime-config-change-evidence-acceptance.snapshot.json	Product owner + runtime owner	auth boundary、CORS、public URL、admin path smoke、frontend internal IP ban、i18n redaction、raw namespace / repo slug / 內部狀態碼 / 內部協作內容外洩阻擋、desktop / mobile smoke
P0	Backup / restore credential	scripts/backup/*、k8s/velero/*、DR runbooks、docs/security/BACKUP-RESTORE-ESCROW-INVENTORY.md、docs/security/BACKUP-RESTORE-OWNER-REQUEST-DRAFT.md	MinIO / restic / offsite escrow	owner request draft 已固定；credential value absent、restore drill gate、offsite owner、escrow owner、retention policy、rollback owner
P0	agent-bounty-protocol treasury / MCP / A2A	docs/security/AGENT-BOUNTY-IWOOOS-ONBOARDING-HANDOFF.md、docs/security/AGENT-BOUNTY-OWNER-REQUEST-DRAFT.md	agent-bounty owner response	owner request draft 已固定；no payout / claim / submit / daemon / webhook until explicit runtime approval
P1	Prometheus / Alertmanager	k8s/monitoring/*、ops/alertmanager/alertmanager.yml、ops/monitoring/*、docs/security/MONITORING-ALERTING-OBSERVABILITY-INVENTORY.md、docs/security/MONITORING-OWNER-REQUEST-DRAFT.md	110 monitoring stack	repo-only 清冊與 owner request draft 已固定；仍缺 rule diff、receiver diff、reload owner、receipt proof 與 live evidence
P1	Grafana / SigNoz / Sentry / Langfuse	ops/grafana/*、ops/signoz/*、ops/sentry-self-hosted/*、infra/langfuse/*、docs/security/MONITORING-ALERTING-OBSERVABILITY-INVENTORY.md、docs/security/MONITORING-OWNER-REQUEST-DRAFT.md	110 compose / public gateway	owner request draft 已固定；仍缺 admin secret owner、public route proof、backup owner、smoke plan、upgrade window 與 rollback owner
P1	Harbor / registry	Nginx templates、backup scripts、CD workflows	110 Harbor / registry domains	robot account owner、image tag immutability、scan policy、TLS
P1	PostgreSQL / Redis / MinIO	app config、backup scripts、monitoring config	188 / 110 / K3s	no plaintext DSN, access boundary, backup, restore, metrics auth
P1	Docker Compose / systemd	docker-compose.yml、ops/*/docker-compose.yml、scripts/reboot-recovery/*.service、docs/security/HOST-SERVICE-OWNER-REQUEST-DRAFT.md、docs/security/HOST-SERVICE-OWNER-RESPONSE-ACCEPTANCE.md	110 / 188 / agent-bounty hosts	live hash metadata、port / volume / env diff、maintenance / restart window、rollback owner、post-check plan、disable switch；不得 restart / apply
P1	SSH / sudoers / known_hosts	Ansible inventory、ops scripts、runner scripts	host owners	owner request draft 已固定；下一步只收脫敏 live access state、known_hosts / host-key policy、target whitelist 與 rollback owner
P1	Firewall / WireGuard / NodePort / VIP	K8s service / network policy、Kali / wg-easy docs、docs/security/PORT-FIREWALL-CHANGE-EVIDENCE-ACCEPTANCE.md	network owner	owner request draft、owner response acceptance 與 change evidence acceptance 已固定；下一步只收 actor、before / after state、impact、cross-project sync、maintenance window、rollback owner 與 post-check evidence；no unreviewed port exposure
P1	AI provider / model routing	apps/api/src/services/ai_providers/*、apps/api/src/services/ai_router.py、docs/ai/AI-MODEL-CARDS.md、docs/security/AI-PROVIDER-OWNER-RESPONSE-ACCEPTANCE.md、docs/security/ai-provider-owner-response-acceptance.snapshot.json	AI owner	owner response acceptance、dry-run、benchmark、cost / privacy review、fallback order、prompt redaction、rollback owner；不得 provider switch、外部呼叫、付費呼叫、prompt send 或 live endpoint probe
P1	Kali 112 scanner config	docs/security/KALI-112-MAINTENANCE-WINDOW-DRAFT.md、Kali snapshots	Kali owner	maintenance window、no active scan、no /execute、hardening dry-run
P2	AWOOOI / AwoooP / IwoooS frontend runtime config	apps/web/next.config.js、apps/web/src/lib/config.ts、i18n	web owner	NEXT_PUBLIC public-domain only、no internal transcript, desktop/mobile smoke
P2	VibeWork product boundary	VibeWork owner docs / future evidence refs	VibeWork owner	independent product boundary、repo / deploy / admin / backup scope
P2	StockPlatform / Tsenyang / Bitan / VTuber routes	Nginx templates、product runbooks	product owner	domain / admin / API / backup / owner matrix
P2	Package / supply-chain baselines	pnpm-lock.yaml、package.json、pyproject.toml、requirements.txt、Dockerfiles、docker-compose、docs/security/PACKAGE-SUPPLY-CHAIN-BASELINE.md、docs/security/package-supply-chain-baseline.snapshot.json、docs/security/PACKAGE-SUPPLY-CHAIN-OWNER-POLICY-GATE.md、docs/security/package-supply-chain-owner-policy-gate.snapshot.json	repo / registry owner	package manager policy、lockfile owner、Python lock policy、requirements pinning policy、Docker digest pinning policy、compose image digest policy、CVE / license / SBOM window、registry owner、rollback owner
P3	Runbook / endpoint docs / snapshots	docs/reference/*、docs/runbooks/*、docs/security/*.snapshot.json	doc owner	no secret value, stale endpoint flag, owner-reviewed evidence refs

2026-06-14 P0-20 已新增 docs/security/K8S-ARGOCD-MANIFEST-INVENTORY.md 與 docs/security/k8s-argocd-manifest-inventory.snapshot.json，把 K8s / ArgoCD / Velero / monitoring repo source 固定為 files=49、c0=36、yaml=45、unique_kinds=20、blocked_actions=13 的只讀清冊。P0-21 再新增 docs/security/K8S-ARGOCD-OWNER-REQUEST-DRAFT.md 與 docs/security/k8s-argocd-owner-request-draft.snapshot.json，將四個 scan group 轉成 drafts=4、c0=3、owner_fields=11 的 owner request draft。2026-06-15 P0-25 再新增 docs/security/K8S-ARGOCD-OWNER-RESPONSE-ACCEPTANCE.md 與 docs/security/k8s-argocd-owner-response-acceptance.snapshot.json，固定 candidates=4、c0=3、owner_fields=11、reviewer_checks=12、outcome_lanes=7、blocked_actions=18 的 owner response acceptance 只讀帳本。2026-06-15 再新增 docs/security/K8S-ARGOCD-CHANGE-EVIDENCE-ACCEPTANCE.md 與 docs/security/k8s-argocd-change-evidence-acceptance.snapshot.json，固定 candidates=4、c0=3、write_capable=4、required_evidence_fields=18、reviewer_checks=18、outcome_lanes=8、blocked_actions=28 的 GitOps 變更證據驗收只讀帳本。這些都不是 live cluster read、ArgoCD API read、ArgoCD sync、kubectl action、Helm upgrade、secret collection、manual pod restart、scale workload、RBAC / NetworkPolicy change、restore backup、production write 或 runtime gate。

4. 新增規範

1. 高價值配置必須先分級：C0 / C1 / C2 / C3。
2. 所有 C0 配置變更必須有 source-of-truth、owner gate、diff、rollback owner 與驗證點。
3. Nginx live drift 不得自動覆蓋，只能先形成 P0 evidence 與 owner decision。
4. 文件與 runbook 的範例不得包含可用 token、password、private key、runner token、webhook secret、cookie、authorization header 或 partial credential。
5. SSH 類工具不得關閉 host key 驗證；短期可用 accept-new，長期要升級 pinned known_hosts。
6. Grafana / Harbor / MinIO / ArgoCD / Gitea / Telegram / AI provider 等管理面密碼只能由 owner secret store 注入。
7. agent-bounty-protocol、VibeWork 與其他產品的 route / admin / webhook / payout / deploy config 必須放入 IwoooS 控管，但不能混用 AWOOOI runtime approval。
8. Backup / restore / offsite / escrow / retention 清冊可見只代表需被控管；不得把 runbook 命令、snapshot、AwoooP approval 或 IwoooS UI 當作 backup run、restore drill、rclone sync、remote delete、restic prune、escrow marker write 或 Velero restore 授權。
9. DNS / TLS / certbot owner response 只能收脫敏 metadata ref、coverage basis、expiry metadata、renewal owner、ACME route owner、maintenance window、rollback owner 與 validation plan；不得因 owner 回覆而自動做 DNS query、live TLS probe、certbot renew、Nginx reload、route smoke、DNS record 變更、certificate path 變更或 ACME route 變更。
10. Public / admin / API / frontend runtime config 變更必須先通過 affected route、auth boundary、API readback、CORS diff、frontend env diff、i18n redaction、desktop / mobile smoke、sensitive string scan、rollback owner 與 post-check evidence；前台不得顯示 raw owner namespace、repo slug、內部狀態碼、內部協作內容或未脫敏截圖。
11. 高價值配置控管必須能由 scripts/security/iwooos-config-control-guard.py 集中驗證；guard 通過只代表 repo snapshot 基線完整，不代表 owner response、live evidence、reload、restart、workflow / secret / runner 變更、backup / restore、scan、runtime 或 deploy 授權。
12. Package / Docker 供應鏈修復前必須先通過 owner policy gate；Python lockfile、requirements pinning、Docker digest pinning、compose digest、CVE / license / SBOM 只能先收脫敏 owner metadata，不得因 baseline 或 gate 通過而 install、upgrade、rewrite lockfile、pull / build / push image、登入 registry、修改 workflow、部署或開 runtime gate。
13. Public Gateway / Nginx 事故後回讀只能收脫敏 evidence ref，不得保存 raw live conf、完整 diff、secret、憑證內容、cookie、token 或未脫敏截圖；不得把 route 200、Nginx active、dashboard up、CD success 或 UI 可見當成事故已驗收。

5. 需要調整的既有規範

規範	目前狀態	調整方向
IwoooS 初期低摩擦	原本偏只讀框架	保留只讀框架，但 P0 即時危害可先做 source-control 止血
Nginx DR runbook	已寫禁止直接手改 live conf	補 owner-provided live conf、rendered diff、nginx -t evidence、route smoke、跨產品通知、post-check
Secrets 管理手冊	有 secret 來源與 CD 注入說明	去除可用 token 範例，補「metadata only」與 owner secret store
Gitea / GitHub readiness	已有 repo / workflow / secret name 盤點	與高價值配置分級合併，workflow 變更仍需獨立批准
Deployment verification	偏重 Pod / health	加入 Nginx / DNS / TLS / public route / admin route smoke
AI provider governance	已有 dry-run / benchmark 邊界	加入 Nginx Ollama proxy、GCP fallback、成本與資料外送控管
Frontend i18n / internal IP	已有 NEXT_PUBLIC 禁令	擴大到 public route / Sentry tunnel / admin path / product domain 一起驗證

6. 階段完成度

工作	完成度	說明
重要配置範圍盤點	100%	已建立 C0-C3 分級與總清單
Nginx 控管機制定義	100%	已定義 source-of-truth、live path、gate、drift 原則
source-control P0 止血	100%	已清掉本波掃到的 token 範例、Grafana 密碼常值與 SSH host key 關閉
repo-only Nginx drift detector	100%	已新增 scripts/security/nginx-config-drift-detector.py 與 repo source-of-truth snapshot
public gateway preflight 清冊	100%	已新增 public_gateway_preflight_inventory_v1，固定 12 個 reload / route change 前置 Gate；成熟度 78% -> 84%
Public Gateway / Nginx 事故後回讀計畫	100%	已新增 public_gateway_post_incident_readback_plan_v1，固定 3 份事故後回讀 candidate、2 份 C0、30 個必填欄位、28 個 reviewer checks、10 條 outcome lanes、41 類 blocked action；成熟度 90% -> 92%，readback accepted、nginx -t、reload、route smoke 與 runtime gate 仍為 0
高價值配置變更分類 Gate	100%	已新增 scripts/security/high-value-config-change-gate.py，可用 git diff 或手動檔案分類 C0/C1/C2/C3 並列出 owner / rollback / evidence / 驗證欄位
DNS / TLS / certbot owner response acceptance	100%	已新增 domain_tls_certbot_owner_response_acceptance_v1，4 個 C0 candidate、13 個 owner 必填欄位、13 個 reviewer checks、7 條 outcome lanes、20 類 blocked action；成熟度 74% -> 78%
owner response evidence JSON 欄位檢查	70%	Gate 可檢查必要欄位與 false flags；尚未接正式收件 API 或 AwoooP queue
Gate → owner response packet 草案	100%	已新增 scripts/security/high-value-config-owner-packet.py，可將 impacted category 轉成 canonical owner response packet 草案
canonical owner 欄位對齊	100%	高價值配置 Gate 已對齊 S4.9 owner_role_or_team，並保留 owner_role_team 等 alias 支援
全域配置覆蓋矩陣	100%	已新增 scripts/security/high-value-config-control-coverage.py、snapshot 與 schema，14 類高價值配置可重跑檢查
高價值配置集中 guard	100%	已新增 scripts/security/iwooos-config-control-guard.py，並串接 security-mirror-progress-guard.py；14 類配置、主要 owner / change evidence 帳本、supply-chain manifest 與 0 / false 邊界可集中驗證
Backup / restore / escrow 清冊	100%	已新增 backup_restore_escrow_inventory_v1，納入 38 個 repo-only surface；成熟度 52% -> 58%
Backup / restore / escrow owner response acceptance	100%	已新增並強化 backup_restore_owner_response_acceptance_v1，38 個 candidate、27 個 write-capable、22 個 reviewer checks、9 條 outcome lanes、31 類 blocked action；成熟度 58% -> 64%
Backup / restore / escrow 事故後回讀計畫	100%	已新增 backup_restore_post_incident_readback_plan_v1，38 個事故回讀 candidate、27 個 write-capable、34 個必填欄位、32 個 reviewer checks、11 條 outcome lanes、51 類 blocked action；成熟度 64% -> 66%，readback accepted 與 runtime gate 仍為 0
Monitoring / alerting / observability 清冊	100%	已新增 monitoring_alerting_observability_inventory_v1，納入 60 個 repo-only surface；成熟度 56% -> 62%
Monitoring / alerting / observability owner request draft	100%	已將 60 個 monitoring surface 轉成 owner request draft；request sent / received / accepted、reload、receiver route change、Telegram send、alert chain smoke 仍為 0
Monitoring / alerting / observability owner response acceptance	100%	已新增並強化 monitoring_owner_response_acceptance_v1，60 個 candidate、11 個 write-capable、23 個 reviewer checks、12 條 outcome lanes、34 類 blocked action；成熟度 62% -> 68%
Monitoring / alerting / observability post-incident readback plan	100%	已新增 monitoring_post_incident_readback_plan_v1，60 個事故回讀 candidate、11 個 write-capable、30 個必填欄位、28 個 reviewer checks、11 條 outcome lanes、53 類 blocked action；成熟度 68% -> 70%，readback accepted、receiver receipt、stale / silence、alert chain health、reload、Telegram send、alert chain smoke 與 runtime gate 仍為 0
owner packet 前台只讀接入	100%	/zh-TW/iwooos 已顯示高價值配置 owner packet 草案、C0/C1 packet 數、request / received / accepted 仍為 0 與禁止執行邊界
owner response request / received / accepted	0%	Packet 只是草案；尚未送件、尚未收件、尚未 reviewer accepted
agent-bounty-protocol owner request draft	100%	已將 repo / refs、deployment、data classification、external agent / treasury 與 7 個 product surface 轉成 11 份 owner request draft；claim / submit、payout、cron / daemon、runtime gate 仍為 0
Docker / systemd owner request draft	100%	已將 9 個 host service surface 轉成 owner request draft；request sent / received / accepted 仍為 0
Docker / systemd owner response acceptance	100%	已新增 host_service_owner_response_acceptance_v1，9 個 candidate、3 個 write-capable、8 個需 live evidence、21 個 reviewer checks、8 條 outcome lanes、27 類 blocked action；成熟度 54% -> 58%
Docker / systemd change evidence acceptance	100%	已新增 host_service_change_evidence_acceptance_v1，9 個 candidate、3 個 write-capable、26 個 reviewer checks、10 條 outcome lanes、39 類 blocked action；成熟度 58% -> 62%
Docker / systemd 事故後回讀計畫	100%	已新增 host_service_post_incident_readback_plan_v1，9 個 readback candidate、28 個必填欄位、28 個 reviewer checks、10 條 outcome lanes、41 類 blocked action；成熟度 62% -> 64%，readback accepted 與 runtime gate 仍為 0
SSH / firewall / network owner request draft	100%	已將 16 個 SSH / network access surface 轉成 owner request draft；request sent / received / accepted、port change、firewall change、NetworkPolicy apply、NodePort change、WireGuard change 仍為 0
SSH / firewall / network owner response acceptance	100%	已新增 ssh_network_owner_response_acceptance_v1，16 個 candidate、6 個 write-capable、15 個 reviewer checks、7 條 outcome lanes、22 類 blocked action；成熟度 54% -> 58%
端口 / 防火牆變更證據驗收	100%	已新增並強化 port_firewall_change_evidence_acceptance_v1，14 個 candidate、6 個 write-capable、21 個 reviewer checks、9 條 outcome lanes、28 類 blocked action；成熟度 58% -> 62%
SSH / firewall / network 事故後回讀計畫	100%	已新增 ssh_network_post_incident_readback_plan_v1，14 個 readback candidate、24 個必填欄位、24 個 reviewer checks、10 條 outcome lanes、34 類 blocked action；成熟度 62% -> 64%，readback accepted 與 runtime gate 仍為 0
K8s / ArgoCD GitOps 變更證據驗收	100%	已新增 k8s_argocd_change_evidence_acceptance_v1，4 個 candidate、3 個 C0、4 個 write-capable、18 個 reviewer checks、8 條 outcome lanes、28 類 blocked action；成熟度 62% -> 64%
K8s / ArgoCD 事故後回讀計畫	100%	已新增 k8s_argocd_post_incident_readback_plan_v1，4 個 readback candidate、31 個必填欄位、28 個 reviewer checks、10 條 outcome lanes、41 類 blocked action；成熟度 64% -> 66%，readback accepted 與 runtime gate 仍為 0
Public / Admin / API runtime config 變更證據驗收	100%	已新增 public_runtime_config_change_evidence_acceptance_v1 與 public_frontend_sensitive_surface_guard_v1；6 個 candidate、5 個 C0、21 個 reviewer checks、8 條 outcome lanes、32 類 blocked action，另掃 225 個前端檔案、12 類禁字、違規 0；成熟度 62% -> 66%；raw namespace / repo slug / 內部狀態碼 / 內部協作內容外洩列為拒收或隔離條件
Package / Docker supply-chain repo-only baseline	100%	已新增 package_supply_chain_baseline_v1，盤點 package_json=6、pyproject=4、requirements=2、dockerfiles=2、compose=6、gaps=5；不 install、不掃 CVE、不改 image、不部署
Package / Docker supply-chain owner policy gate	100%	已新增 package_supply_chain_owner_policy_gate_v1，6 個 owner policy request、2 個 C0、8 個 owner 欄位、12 個 reviewer checks、20 類 blocked action；request_sent / received / accepted / runtime / action 仍為 0 / false
Backup / restore / escrow owner request draft	100%	已將 38 個 backup / restore / escrow surface 轉成 owner request draft；request sent / received / accepted、backup run、restore run、offsite sync、remote delete、escrow marker write、retention change 仍為 0
CI blocking / workflow gate	0%	本階段刻意不修改 .gitea/workflows，避免初期資安流程摩擦過大
owner-provided live Nginx file compare	70%	工具可吃 owner 匯出的 live conf 檔比較；本階段不主動 SSH 取得
live Nginx evidence collection	0%	尚未 SSH / Ansible check-mode / live hash；需 owner 與維護窗口規則
live Nginx reload / restart	0%	未授權，未執行
DNS / TLS live validation	0%	本階段未跑 live probe；若下一階段改前端或 route，需 desktop / mobile / route smoke
cross-product owner response	0%	尚未收到 VibeWork、agent-bounty-protocol、StockPlatform 等 owner acceptance

7. 下一階段優先順序

1. P0：將 owner response packet 草案接入 AwoooP 只讀狀態，顯示 request / received / accepted 仍為 0。
2. P0：由 owner 提供脫敏 live Nginx conf 匯出檔，重跑 compare mode；不自動覆寫、不 reload。
3. P0：向 owner 收 DNS / TLS / certbot 脫敏 coverage metadata ref、expiry metadata ref、renewal owner、ACME route owner、maintenance window、rollback owner 與 validation plan；不做 DNS query、TLS probe、certbot renew 或 reload。
4. P0：把 workflow / runner / secret name owner response 與高價值配置 C0 gate 串成同一個 IwoooS 狀態。
5. P0：收 public / admin / API runtime config 的脫敏變更證據，先補 affected route、auth boundary、API readback、CORS diff、frontend env diff、i18n redaction、desktop / mobile smoke、production bundle sensitive scan、rollback owner 與 post-check evidence；source / messages 防洩漏 guard 已固定違規 0，但仍不改 route / CORS / env。
6. P0：把 agent-bounty-protocol compose / MCP / A2A / treasury 高價值配置欄位接入同一個 owner packet queue；不啟用 runtime。
7. P1：向 owner 收 110 / 188 Docker Compose 與 systemd 脫敏 live hash metadata、maintenance / restart window、rollback owner、post-check plan、disable switch 與 no-secret-value evidence；不主動 SSH、不重啟、不跑 repair-bot。
8. P1：向 owner 收 SSH / firewall / WireGuard / NodePort 脫敏 live access state、allowed source CIDR、change / incident ref、actor、before / after state、cross-project sync、maintenance window、rollback owner 與 validation plan；不主動 keyscan、不改 firewall、不開關端口。
9. P1：向 owner 收 backup / restore / offsite / escrow 非敏感 evidence id、最新備份狀態、freshness SLO、隔離 restore target、依賴圖、資料分級、remote delete guard、retention runway、restore observer / stop condition、restore drill plan、maintenance window、rollback owner 與 validation plan；驗收前 backup run、restore drill、offsite sync、remote delete、escrow marker write、retention change 全部維持 0 / false。
10. P1：把 Prometheus / Alertmanager / Grafana / SigNoz / Sentry / Langfuse owner request draft 接入 AwoooP 只讀狀態；驗收前 reload、receiver route change、silence change、Telegram send 與 alert chain smoke 全部維持 0 / false。
11. P1：補 Kali 112、111、168 維護窗口 owner 欄位，仍不做 upgrade / restart / scan。
12. P2：持續精簡 /zh-TW/iwooos 配置控管摘要，但不得顯示內部工作對話、token、secret 或可執行按鈕。

8. 邊界

本清冊完成不代表 Nginx reload、DNS 修改、TLS renew、ArgoCD sync、kubectl、SSH 主機修改、workflow 修改、runner 啟用、secret rotation、backup run、restore drill、offsite sync、remote delete、restic prune、escrow marker write、Velero restore、active scan、agent-bounty runtime、payout、withdrawal、deploy 或任何 runtime execution 已授權。