112 lines
5.3 KiB
Markdown
112 lines
5.3 KiB
Markdown
# IwoooS Public Gateway Rendered Diff Gate 草稿
|
||
|
||
| 項目 | 內容 |
|
||
|------|------|
|
||
| 日期 | 2026-06-14 |
|
||
| 狀態 | `rendered_diff_gate_draft_ready_no_runtime_action` |
|
||
| 工具 | `scripts/security/public-gateway-rendered-diff-gate-draft.py` |
|
||
| 輸入 | `docs/security/public-gateway-redacted-export-intake-preflight.snapshot.json` |
|
||
| Snapshot | `docs/security/public-gateway-rendered-diff-gate-draft.snapshot.json` |
|
||
| runtime gate | `0` |
|
||
|
||
## 1. 目的
|
||
|
||
P0-16 已建立 redacted export 收件預檢,但即使未來收到並接受脫敏 ref,也不能直接進 `nginx -t`、reload 或 route smoke。P0-17 的目的,是先把 rendered diff、`nginx -t`、reload、route smoke、DNS / TLS probe、certbot renew、maintenance window、rollback owner 與 post-check 拆成分階段 gate 草稿。
|
||
|
||
本文件只定義 future gate draft。它不是 redacted export accepted、不是 rendered diff ready、不是 `nginx -t` 授權、不是 Nginx reload、不是 route smoke、不是 DNS / TLS probe、不是 certbot renew、不是 host write,也不是 production write 或 runtime gate。
|
||
|
||
## 2. 摘要
|
||
|
||
| 指標 | 值 | 說明 |
|
||
|------|----|------|
|
||
| diff gate candidate count | `3` | 對應三份 redacted export intake candidate |
|
||
| C0 diff gate candidate count | `2` | 188 all sites、188 internal tools HTTPS |
|
||
| diff gate field count | `12` | 每份 diff gate 草稿欄位 |
|
||
| preflight stage count | `7` | redacted export accepted 到 rollback / post-check 的分段 gate |
|
||
| blocked action count | `14` | 不可直接執行或不可誤讀的動作 |
|
||
| redacted export accepted | `0` | 尚未收到 / 接受 |
|
||
| rendered diff candidate / ready | `0 / 0` | 尚未產生 |
|
||
| nginx test authorized / executed | `0 / 0` | 尚未批准且未執行 |
|
||
| reload authorized / executed | `0 / 0` | 尚未批准且未執行 |
|
||
| route smoke authorized / executed | `0 / 0` | 尚未批准且未執行 |
|
||
| DNS / TLS probe、certbot renew | `0 / 0` | 尚未批准且未執行 |
|
||
| maintenance window / rollback owner | `0 / 0` | 尚未接受 |
|
||
| runtime gate / action button | `0 / 0` | 未開啟 |
|
||
|
||
## 3. Diff Gate 欄位
|
||
|
||
| 欄位 | 內容規則 |
|
||
|------|----------|
|
||
| `diff_gate_id` | 固定對應 public gateway rendered diff gate,不建立 runtime action |
|
||
| `intake_id` | 對應 P0-16 redacted export intake candidate |
|
||
| `export_request_id` | 對應 P0-15 live conf export request |
|
||
| `config_id` | 對應 public gateway preflight row |
|
||
| `control_tier` | 保留 C0 / C1 風險分級 |
|
||
| `source_config_ref` | 指向 repo-only source config snapshot |
|
||
| `redacted_live_conf_ref` | 未接受前為空 |
|
||
| `rendered_diff_ref` | 未產生前為空 |
|
||
| `nginx_test_plan_ref` | 未批准前為空 |
|
||
| `route_smoke_plan_ref` | 未批准前為空 |
|
||
| `rollback_owner` | 未指定前為 `pending_rollback_owner` |
|
||
| `not_approval` | 必須為 `true` |
|
||
|
||
## 4. Preflight Stages
|
||
|
||
| Stage | 規則 |
|
||
|-------|------|
|
||
| `redacted_export_acceptance_required` | 必須先有合格 redacted export accepted metadata |
|
||
| `normalize_without_raw_conf_storage` | 只可在隔離工作區以脫敏 ref 產生 normalized diff |
|
||
| `rendered_diff_owner_review_required` | rendered diff 只可成為 owner review candidate |
|
||
| `nginx_test_approval_package_required` | `nginx -t` 必須另有人工批准包、rollback owner 與維護窗口 |
|
||
| `reload_approval_separate` | reload 與 public route change 必須獨立批准 |
|
||
| `route_smoke_matrix_required` | route smoke 需列 affected routes、預期 status、TLS / WebSocket / ACME checks |
|
||
| `postcheck_and_rollback_required` | 未來執行前需 rollback owner、post-check 與失敗撤回條件 |
|
||
|
||
## 5. Blocked Actions
|
||
|
||
| Action | 邊界 |
|
||
|--------|------|
|
||
| `read_live_conf_over_ssh` | 未授權不得執行 |
|
||
| `store_raw_live_conf` | 不得寫入 repo、LOGBOOK 或前端 |
|
||
| `render_diff_from_unredacted_payload` | 必須拒收或隔離 |
|
||
| `nginx_test_without_approval` | 不得執行 |
|
||
| `nginx_reload_without_approval` | 不得執行 |
|
||
| `route_smoke_without_plan` | 不得執行 |
|
||
| `dns_probe_without_approval` | 不得執行 |
|
||
| `tls_probe_without_approval` | 不得執行 |
|
||
| `certbot_renew_without_approval` | 不得執行 |
|
||
| `modify_nginx_conf` | 不得改 live conf |
|
||
| `modify_dns_tls_config` | 不得改 DNS / TLS / certbot |
|
||
| `change_public_route` | 不得變更公開路由 |
|
||
| `write_production_host` | 不得主機寫入 |
|
||
| `open_runtime_gate` | 不得開 runtime gate |
|
||
|
||
## 6. 指令
|
||
|
||
產生 committed snapshot:
|
||
|
||
```bash
|
||
python3 scripts/security/public-gateway-rendered-diff-gate-draft.py \
|
||
--root . \
|
||
--intake-preflight-report docs/security/public-gateway-redacted-export-intake-preflight.snapshot.json \
|
||
--output docs/security/public-gateway-rendered-diff-gate-draft.snapshot.json \
|
||
--generated-at 2026-06-14T20:05:00+08:00
|
||
```
|
||
|
||
驗證 guard:
|
||
|
||
```bash
|
||
python3 scripts/security/security-mirror-progress-guard.py --root .
|
||
```
|
||
|
||
## 7. 完成度
|
||
|
||
| 工作 | 完成度 | 說明 |
|
||
|------|--------|------|
|
||
| rendered diff gate draft artifact | `100%` | 產生器、snapshot 與文件已固定 |
|
||
| redacted export accepted | `0%` | 尚未收到 / 接受 |
|
||
| rendered diff candidate / ready | `0%` | 尚未產生 |
|
||
| nginx test / reload / route smoke | `0%` | 尚未批准且未執行 |
|
||
| DNS / TLS / certbot | `0%` | 尚未批准且未執行 |
|
||
| runtime reload / host write | `0%` | 未授權且未執行 |
|