wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 4 Packages Projects Releases Wiki Activity
Files
main
awoooi/docs/security/wazuh-readonly-release-gate.snapshot.json

124 lines
5.4 KiB
JSON
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"execution_boundaries": {
"agent_identity_public_display_allowed": false,
"force_push_allowed": false,
"host_read_authorized": false,
"host_write_authorized": false,
"internal_ip_public_display_allowed": false,
"kali_active_scan_authorized": false,
"not_authorization": true,
"production_deploy_authorized": false,
"raw_wazuh_payload_storage_allowed": false,
"runtime_execution_authorized": false,
"secret_value_collection_allowed": false,
"wazuh_active_response_authorized": false,
"wazuh_api_live_query_authorized": false
},
"generated_at": "2026-06-25T11:19:38+08:00",
"missing_required_source_paths": [],
"mode": "repo_release_gate_no_runtime_no_secret_collection",
"operator_interpretation": [
"此 gate 通過代表 source-side、feature branch、main release、deploy marker 與 production route readback 已完成。",
"production route 回 200 只代表 IwoooS Wazuh read-only route 已部署;目前狀態仍為 disabled_waiting_iwooos_wazuh_owner_gate。",
"不得把 route 200、UI 可見、agent transport 或 service active 當成 Wazuh manager registry 已驗收。",
"live Wazuh metadata query 必須另走 owner gate 與 server-side envactive response、host write、Kali active scan 仍為 0 / false。"
],
"release_gates": [
{
"gate_id": "source_side_fastapi_route",
"required_evidence": "FastAPI /api/iwooos/wazuh 與 /api/v1/iwooos/wazuh source path present",
"runtime_authorized": false,
"status": "passed"
},
{
"gate_id": "source_boundary_guard",
"required_evidence": "wazuh-readonly-route-boundary-guard.py 通過",
"runtime_authorized": false,
"status": "passed"
},
{
"gate_id": "production_readback_script",
"required_evidence": "wazuh-readonly-production-readback.py 可在 release 後不接受 404",
"runtime_authorized": false,
"status": "passed"
},
{
"gate_id": "release_patch_apply_proof",
"required_evidence": "同等 patch 已可乾淨套用到最新 gitea/main 並通過同組 guard",
"runtime_authorized": false,
"status": "passed"
},
{
"gate_id": "gitea_branch_push",
"required_evidence": "codex/iwooos-wazuh-boundary-guard-20260624 feature branch 已可由 git ls-remote 讀回",
"runtime_authorized": false,
"status": "passed_feature_branch_readback"
},
{
"gate_id": "formal_main_release",
"required_evidence": "main 已快轉到包含 Wazuh fix 的 commit不得 force push",
"runtime_authorized": false,
"status": "passed_main_fast_forward_readback"
},
{
"gate_id": "production_deploy",
"required_evidence": "Gitea CD deploy marker 指向已合併 Wazuh fix 的 commit",
"runtime_authorized": false,
"status": "passed_deploy_marker_readback"
},
{
"gate_id": "production_readback",
"required_evidence": "python3 scripts/security/wazuh-readonly-production-readback.py --json 通過且不回 404",
"runtime_authorized": false,
"status": "passed_disabled_owner_gate_readback"
},
{
"gate_id": "wazuh_live_metadata_env",
"required_evidence": "server-side env 與 owner gate不得硬編 secret",
"runtime_authorized": false,
"status": "blocked_owner_gate_required"
}
],
"release_lane_evidence": {
"apply_check_status": "passed_external_readback_required_after_final_commit",
"base_commit_readback": "run git rev-parse gitea/main before release; do not hardcode a moving main commit",
"base_ref": "gitea/main",
"feature_branch_push_status": "completed_readback_required_before_release",
"production_readback_status": "production_readback_passed",
"release_patch_set_readback": "generate with git format-patch gitea/main..HEAD after the final docs commit, then record sha256 outside the committed file",
"source_branch": "codex/iwooos-wazuh-boundary-guard-20260624",
"source_fix_commit_readback": "run git log --oneline gitea/main..HEAD before release; do not hardcode a rebase-sensitive commit hash",
"source_head_readback": "run git rev-parse HEAD after the final docs commit; do not hardcode a self-referential commit hash"
},
"required_source_paths": [
"apps/api/src/api/v1/iwooos.py",
"apps/api/tests/test_iwooos_wazuh_api.py",
"apps/web/src/app/api/iwooos/wazuh/route.ts",
"docs/security/IWOOOS-WAZUH-READONLY-API-RELEASE-HANDOFF.md",
"scripts/security/wazuh-readonly-production-readback.py",
"scripts/security/wazuh-readonly-route-boundary-guard.py"
],
"schema_version": "iwooos_wazuh_readonly_release_gate_v1",
"status": "released_waiting_wazuh_live_metadata_owner_gate",
"summary": {
"active_response_authorized_count": 0,
"formal_main_release_complete_count": 1,
"gitea_push_blocker_observed_count": 0,
"gitea_push_complete_count": 1,
"host_forensics_ref_accepted_count": 0,
"host_write_authorized_count": 0,
"missing_required_source_path_count": 0,
"predeploy_404_observed_count": 0,
"production_deploy_complete_count": 1,
"production_readback_passed_count": 1,
"production_readback_script_complete_count": 1,
"release_handoff_complete_count": 1,
"release_patch_apply_proof_complete_count": 1,
"route_boundary_guard_complete_count": 1,
"runtime_gate_count": 0,
"source_side_fix_complete_count": 1,
"wazuh_event_ref_accepted_count": 0,
"wazuh_server_side_env_enabled_count": 0
}
}
Reference in New Issue View Git Blame Copy Permalink