IwoooS Public Gateway Rendered Diff Gate 草稿
| 項目 |
內容 |
| 日期 |
2026-06-14 |
| 狀態 |
rendered_diff_gate_draft_ready_no_runtime_action |
| 工具 |
scripts/security/public-gateway-rendered-diff-gate-draft.py |
| 輸入 |
docs/security/public-gateway-redacted-export-intake-preflight.snapshot.json |
| Snapshot |
docs/security/public-gateway-rendered-diff-gate-draft.snapshot.json |
| runtime gate |
0 |
1. 目的
P0-16 已建立 redacted export 收件預檢,但即使未來收到並接受脫敏 ref,也不能直接進 nginx -t、reload 或 route smoke。P0-17 的目的,是先把 rendered diff、nginx -t、reload、route smoke、DNS / TLS probe、certbot renew、maintenance window、rollback owner 與 post-check 拆成分階段 gate 草稿。
本文件只定義 future gate draft。它不是 redacted export accepted、不是 rendered diff ready、不是 nginx -t 授權、不是 Nginx reload、不是 route smoke、不是 DNS / TLS probe、不是 certbot renew、不是 host write,也不是 production write 或 runtime gate。
2. 摘要
| 指標 |
值 |
說明 |
| diff gate candidate count |
3 |
對應三份 redacted export intake candidate |
| C0 diff gate candidate count |
2 |
188 all sites、188 internal tools HTTPS |
| diff gate field count |
12 |
每份 diff gate 草稿欄位 |
| preflight stage count |
7 |
redacted export accepted 到 rollback / post-check 的分段 gate |
| blocked action count |
14 |
不可直接執行或不可誤讀的動作 |
| redacted export accepted |
0 |
尚未收到 / 接受 |
| rendered diff candidate / ready |
0 / 0 |
尚未產生 |
| nginx test authorized / executed |
0 / 0 |
尚未批准且未執行 |
| reload authorized / executed |
0 / 0 |
尚未批准且未執行 |
| route smoke authorized / executed |
0 / 0 |
尚未批准且未執行 |
| DNS / TLS probe、certbot renew |
0 / 0 |
尚未批准且未執行 |
| maintenance window / rollback owner |
0 / 0 |
尚未接受 |
| runtime gate / action button |
0 / 0 |
未開啟 |
3. Diff Gate 欄位
| 欄位 |
內容規則 |
diff_gate_id |
固定對應 public gateway rendered diff gate,不建立 runtime action |
intake_id |
對應 P0-16 redacted export intake candidate |
export_request_id |
對應 P0-15 live conf export request |
config_id |
對應 public gateway preflight row |
control_tier |
保留 C0 / C1 風險分級 |
source_config_ref |
指向 repo-only source config snapshot |
redacted_live_conf_ref |
未接受前為空 |
rendered_diff_ref |
未產生前為空 |
nginx_test_plan_ref |
未批准前為空 |
route_smoke_plan_ref |
未批准前為空 |
rollback_owner |
未指定前為 pending_rollback_owner |
not_approval |
必須為 true |
4. Preflight Stages
| Stage |
規則 |
redacted_export_acceptance_required |
必須先有合格 redacted export accepted metadata |
normalize_without_raw_conf_storage |
只可在隔離工作區以脫敏 ref 產生 normalized diff |
rendered_diff_owner_review_required |
rendered diff 只可成為 owner review candidate |
nginx_test_approval_package_required |
nginx -t 必須另有人工批准包、rollback owner 與維護窗口 |
reload_approval_separate |
reload 與 public route change 必須獨立批准 |
route_smoke_matrix_required |
route smoke 需列 affected routes、預期 status、TLS / WebSocket / ACME checks |
postcheck_and_rollback_required |
未來執行前需 rollback owner、post-check 與失敗撤回條件 |
5. Blocked Actions
| Action |
邊界 |
read_live_conf_over_ssh |
未授權不得執行 |
store_raw_live_conf |
不得寫入 repo、LOGBOOK 或前端 |
render_diff_from_unredacted_payload |
必須拒收或隔離 |
nginx_test_without_approval |
不得執行 |
nginx_reload_without_approval |
不得執行 |
route_smoke_without_plan |
不得執行 |
dns_probe_without_approval |
不得執行 |
tls_probe_without_approval |
不得執行 |
certbot_renew_without_approval |
不得執行 |
modify_nginx_conf |
不得改 live conf |
modify_dns_tls_config |
不得改 DNS / TLS / certbot |
change_public_route |
不得變更公開路由 |
write_production_host |
不得主機寫入 |
open_runtime_gate |
不得開 runtime gate |
6. 指令
產生 committed snapshot:
驗證 guard:
7. 完成度
| 工作 |
完成度 |
說明 |
| rendered diff gate draft artifact |
100% |
產生器、snapshot 與文件已固定 |
| redacted export accepted |
0% |
尚未收到 / 接受 |
| rendered diff candidate / ready |
0% |
尚未產生 |
| nginx test / reload / route smoke |
0% |
尚未批准且未執行 |
| DNS / TLS / certbot |
0% |
尚未批准且未執行 |
| runtime reload / host write |
0% |
未授權且未執行 |
