wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 4 Packages Projects Releases Wiki Activity
Files
00a0f1ffc33d0f76d015b7e2bdc82ffb235d8d4d
awoooi/docs/security/security-asset-control-ledger.snapshot.json
Your Name 81a60226bb
Some checks failed
Code Review / ai-code-review (push) Successful in 13s
Details
CD Pipeline / tests (push) Successful in 1m45s
Details
Ansible / Reboot Recovery Contract / validate (push) Has been cancelled
Details
CD Pipeline / post-deploy-checks (push) Has been cancelled
Details
CD Pipeline / build-and-deploy (push) Has been cancelled
Details
feat(iwooos): 新增資安資產控制總帳
2026-06-18 13:56:38 +08:00

824 lines
30 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"asset_groups": [
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/PUBLIC-GATEWAY-PREFLIGHT-INVENTORY.md"
},
{
"exists": true,
"ref": "docs/security/public-gateway-preflight-inventory.snapshot.json"
},
{
"exists": true,
"ref": "docs/security/PUBLIC-GATEWAY-POST-INCIDENT-READBACK-PLAN.md"
},
{
"exists": true,
"ref": "docs/security/public-gateway-post-incident-readback-plan.snapshot.json"
}
],
"evidence_refs": [
"docs/security/PUBLIC-GATEWAY-PREFLIGHT-INVENTORY.md",
"docs/security/public-gateway-preflight-inventory.snapshot.json",
"docs/security/PUBLIC-GATEWAY-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/public-gateway-post-incident-readback-plan.snapshot.json"
],
"group_id": "public_gateway_nginx",
"label": "Nginx / Public Gateway / Route",
"live_evidence_accepted": 0,
"next_owner_action": "補 owner-provided live conf、rendered diff、nginx -t、route smoke、rollback owner。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "公開入口、API、WebSocket、ACME、admin route、Ollama proxy",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/DOMAIN-TLS-CERTBOT-INVENTORY.md"
},
{
"exists": true,
"ref": "docs/security/domain-tls-certbot-inventory.snapshot.json"
},
{
"exists": true,
"ref": "docs/security/DOMAIN-TLS-CERTBOT-OWNER-RESPONSE-ACCEPTANCE.md"
},
{
"exists": true,
"ref": "docs/security/domain-tls-certbot-owner-response-acceptance.snapshot.json"
}
],
"evidence_refs": [
"docs/security/DOMAIN-TLS-CERTBOT-INVENTORY.md",
"docs/security/domain-tls-certbot-inventory.snapshot.json",
"docs/security/DOMAIN-TLS-CERTBOT-OWNER-RESPONSE-ACCEPTANCE.md",
"docs/security/domain-tls-certbot-owner-response-acceptance.snapshot.json"
],
"group_id": "dns_tls_certbot",
"label": "DNS / TLS / Certbot",
"live_evidence_accepted": 0,
"next_owner_action": "補 SAN / wildcard 覆蓋依據、expiry metadata、renewal owner、ACME route owner。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "domain、certificate path、ACME、renewal owner、TLS route",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/HOST-SERVICE-CONFIG-INVENTORY.md"
},
{
"exists": true,
"ref": "docs/security/host-service-config-inventory.snapshot.json"
},
{
"exists": true,
"ref": "docs/security/HOST-SERVICE-POST-INCIDENT-READBACK-PLAN.md"
},
{
"exists": true,
"ref": "docs/security/host-service-post-incident-readback-plan.snapshot.json"
}
],
"evidence_refs": [
"docs/security/HOST-SERVICE-CONFIG-INVENTORY.md",
"docs/security/host-service-config-inventory.snapshot.json",
"docs/security/HOST-SERVICE-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/host-service-post-incident-readback-plan.snapshot.json"
],
"group_id": "host_service_runtime",
"label": "Docker / systemd / Host Service",
"live_evidence_accepted": 0,
"next_owner_action": "補 live hash metadata、incident readback、restart window、rollback owner、post-check。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "Docker Compose、systemd、repair-bot、port binding、process / persistence baseline",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/SSH-NETWORK-ACCESS-INVENTORY.md"
},
{
"exists": true,
"ref": "docs/security/ssh-network-access-inventory.snapshot.json"
},
{
"exists": true,
"ref": "docs/security/SSH-NETWORK-POST-INCIDENT-READBACK-PLAN.md"
},
{
"exists": true,
"ref": "docs/security/ssh-network-post-incident-readback-plan.snapshot.json"
}
],
"evidence_refs": [
"docs/security/SSH-NETWORK-ACCESS-INVENTORY.md",
"docs/security/ssh-network-access-inventory.snapshot.json",
"docs/security/SSH-NETWORK-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/ssh-network-post-incident-readback-plan.snapshot.json"
],
"group_id": "ssh_firewall_network",
"label": "SSH / Firewall / WireGuard / NodePort",
"live_evidence_accepted": 0,
"next_owner_action": "補 actor、before / after state、impact、operator notification、restoration evidence。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "SSH target、known_hosts、sudoers、firewall、WireGuard、NetworkPolicy、NodePort",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/K8S-ARGOCD-MANIFEST-INVENTORY.md"
},
{
"exists": true,
"ref": "docs/security/k8s-argocd-manifest-inventory.snapshot.json"
},
{
"exists": true,
"ref": "docs/security/K8S-ARGOCD-POST-INCIDENT-READBACK-PLAN.md"
},
{
"exists": true,
"ref": "docs/security/k8s-argocd-post-incident-readback-plan.snapshot.json"
}
],
"evidence_refs": [
"docs/security/K8S-ARGOCD-MANIFEST-INVENTORY.md",
"docs/security/k8s-argocd-manifest-inventory.snapshot.json",
"docs/security/K8S-ARGOCD-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/k8s-argocd-post-incident-readback-plan.snapshot.json"
],
"group_id": "k8s_argocd_gitops",
"label": "K8s / ArgoCD / GitOps",
"live_evidence_accepted": 0,
"next_owner_action": "補 ArgoCD revision、health / sync、rendered manifest diff、rollback revision、postcheck owner。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "K8s manifests、ArgoCD app、RBAC、NetworkPolicy、CronJob、Velero",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-INVENTORY.md"
},
{
"exists": true,
"ref": "docs/security/source-control-workflow-secret-name-inventory.snapshot.json"
},
{
"exists": true,
"ref": "docs/security/CD-RUNNER-SECRET-INJECTION-POST-INCIDENT-READBACK-PLAN.md"
},
{
"exists": true,
"ref": "docs/security/cd-runner-secret-injection-post-incident-readback-plan.snapshot.json"
}
],
"evidence_refs": [
"docs/security/SOURCE-CONTROL-WORKFLOW-SECRET-NAME-INVENTORY.md",
"docs/security/source-control-workflow-secret-name-inventory.snapshot.json",
"docs/security/CD-RUNNER-SECRET-INJECTION-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/cd-runner-secret-injection-post-incident-readback-plan.snapshot.json"
],
"group_id": "workflow_runner_secret",
"label": "Gitea Workflow / Runner / Secret Metadata",
"live_evidence_accepted": 0,
"next_owner_action": "補 runner attestation、workspace cleanup、secret injection route、log redaction、Gitea run readback。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "workflow、runner label、deploy key、webhook、secret name parity、redaction guard",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/GITEA-GITHUB-MIGRATION-INVENTORY.md"
},
{
"exists": true,
"ref": "docs/security/SOURCE-CONTROL-PRIMARY-READINESS-GATE.md"
},
{
"exists": true,
"ref": "docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md"
},
{
"exists": true,
"ref": "docs/security/source-control-primary-readiness-gate.snapshot.json"
}
],
"evidence_refs": [
"docs/security/GITEA-GITHUB-MIGRATION-INVENTORY.md",
"docs/security/SOURCE-CONTROL-PRIMARY-READINESS-GATE.md",
"docs/security/GITHUB-TARGET-OWNER-DECISION-RESPONSE.md",
"docs/security/source-control-primary-readiness-gate.snapshot.json"
],
"group_id": "source_control_repo_visibility",
"label": "Gitea / GitHub / Source Control",
"live_evidence_accepted": 0,
"next_owner_action": "補 owner response不得建立 repo、改 visibility、sync refs 或切 primary。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "repo visibility、canonical refs、GitHub primary readiness、branch / tag / workflow boundary",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/WAZUH-IWOOOS-INTRUSION-READBACK-PLAN.md"
},
{
"exists": true,
"ref": "docs/security/wazuh-iwooos-intrusion-readback-plan.snapshot.json"
},
{
"exists": true,
"ref": "docs/security/SOC-SIEM-KALI-WAZUH-INTEGRATION-CONTROL.md"
},
{
"exists": true,
"ref": "docs/security/soc-siem-kali-wazuh-integration-control.snapshot.json"
}
],
"evidence_refs": [
"docs/security/WAZUH-IWOOOS-INTRUSION-READBACK-PLAN.md",
"docs/security/wazuh-iwooos-intrusion-readback-plan.snapshot.json",
"docs/security/SOC-SIEM-KALI-WAZUH-INTEGRATION-CONTROL.md",
"docs/security/soc-siem-kali-wazuh-integration-control.snapshot.json"
],
"group_id": "wazuh_endpoint_siem",
"label": "Wazuh / Endpoint / SIEM",
"live_evidence_accepted": 0,
"next_owner_action": "補 Wazuh health refs、agent refs、event refs、rule / decoder readback 與 no-raw-payload attestation。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "Wazuh manager、agent、FIM、rule / decoder、event ref、active response dry-run boundary",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/KALI-INTEGRATION-STATUS.md"
},
{
"exists": true,
"ref": "docs/security/kali-integration-status.snapshot.json"
},
{
"exists": true,
"ref": "docs/security/KALI-112-MAINTENANCE-WINDOW-DRAFT.md"
},
{
"exists": true,
"ref": "docs/security/kali-112-maintenance-window-draft.snapshot.json"
}
],
"evidence_refs": [
"docs/security/KALI-INTEGRATION-STATUS.md",
"docs/security/kali-integration-status.snapshot.json",
"docs/security/KALI-112-MAINTENANCE-WINDOW-DRAFT.md",
"docs/security/kali-112-maintenance-window-draft.snapshot.json"
],
"group_id": "kali_112_assessment",
"label": "Kali 112 / Assessment Tooling",
"live_evidence_accepted": 0,
"next_owner_action": "補 scope ref、health ref、normalized finding envelopeactive scan 與 /execute 仍獨立批准。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "Kali health、tool version、scope、finding envelope、maintenance window",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/MONITORING-ALERTING-OBSERVABILITY-INVENTORY.md"
},
{
"exists": true,
"ref": "docs/security/monitoring-alerting-observability-inventory.snapshot.json"
},
{
"exists": true,
"ref": "docs/security/MONITORING-POST-INCIDENT-READBACK-PLAN.md"
},
{
"exists": true,
"ref": "docs/security/monitoring-post-incident-readback-plan.snapshot.json"
}
],
"evidence_refs": [
"docs/security/MONITORING-ALERTING-OBSERVABILITY-INVENTORY.md",
"docs/security/monitoring-alerting-observability-inventory.snapshot.json",
"docs/security/MONITORING-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/monitoring-post-incident-readback-plan.snapshot.json"
],
"group_id": "monitoring_alerting_observability",
"label": "Monitoring / Alerting / Observability",
"live_evidence_accepted": 0,
"next_owner_action": "補 route owner、receiver diff、receipt evidence、noise budget、reload owner 與 no-false-green。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "Prometheus、Alertmanager、Telegram route、SigNoz、Sentry、Langfuse、no-false-green",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/BACKUP-RESTORE-ESCROW-INVENTORY.md"
},
{
"exists": true,
"ref": "docs/security/backup-restore-escrow-inventory.snapshot.json"
},
{
"exists": true,
"ref": "docs/security/BACKUP-RESTORE-POST-INCIDENT-READBACK-PLAN.md"
},
{
"exists": true,
"ref": "docs/security/backup-restore-post-incident-readback-plan.snapshot.json"
}
],
"evidence_refs": [
"docs/security/BACKUP-RESTORE-ESCROW-INVENTORY.md",
"docs/security/backup-restore-escrow-inventory.snapshot.json",
"docs/security/BACKUP-RESTORE-POST-INCIDENT-READBACK-PLAN.md",
"docs/security/backup-restore-post-incident-readback-plan.snapshot.json"
],
"group_id": "backup_restore_dr",
"label": "Backup / Restore / DR / Escrow",
"live_evidence_accepted": 0,
"next_owner_action": "補 restore drill、offsite sync ref、escrow non-secret proof、retention runway、DR scorecard。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "backup scripts、restic、offsite、credential escrow、Velero、restore drill、retention",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md"
},
{
"exists": true,
"ref": "docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md"
},
{
"exists": true,
"ref": "docs/security/security-supply-chain-contract-manifest.snapshot.json"
},
{
"exists": true,
"ref": "docs/evaluations/dependency_supply_chain_drift_monitor_2026-06-18.json"
}
],
"evidence_refs": [
"docs/security/SECURITY-SUPPLY-CHAIN-PROGRESS.md",
"docs/security/SECURITY-SUPPLY-CHAIN-CONTRACT-MANIFEST.md",
"docs/security/security-supply-chain-contract-manifest.snapshot.json",
"docs/evaluations/dependency_supply_chain_drift_monitor_2026-06-18.json"
],
"group_id": "container_registry_supply_chain",
"label": "Harbor / Registry / SBOM / Supply Chain",
"live_evidence_accepted": 0,
"next_owner_action": "補 SBOM / VEX / provenance intake、image signing、KEV / EPSS / exposure SLA。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "Harbor、registry、image tag、SBOM、Cosign、SLSA、dependency drift、CVE / KEV",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/PUBLIC-RUNTIME-CONFIG-CHANGE-EVIDENCE-ACCEPTANCE.md"
},
{
"exists": true,
"ref": "docs/security/public-runtime-config-change-evidence-acceptance.snapshot.json"
},
{
"exists": true,
"ref": "docs/security/public-frontend-sensitive-surface-guard.snapshot.json"
},
{
"exists": true,
"ref": "docs/HARD_RULES.md"
}
],
"evidence_refs": [
"docs/security/PUBLIC-RUNTIME-CONFIG-CHANGE-EVIDENCE-ACCEPTANCE.md",
"docs/security/public-runtime-config-change-evidence-acceptance.snapshot.json",
"docs/security/public-frontend-sensitive-surface-guard.snapshot.json",
"docs/HARD_RULES.md"
],
"group_id": "public_admin_api_runtime",
"label": "Public / Admin / API / Frontend Runtime",
"live_evidence_accepted": 0,
"next_owner_action": "補 route owner、API contract readback、CORS diff、desktop / mobile smoke、bundle sensitive scan。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "public URL、CORS、auth boundary、middleware、webhook、frontend env、i18n redaction",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/AI-PROVIDER-OWNER-RESPONSE-ACCEPTANCE.md"
},
{
"exists": true,
"ref": "docs/security/ai-provider-owner-response-acceptance.snapshot.json"
},
{
"exists": true,
"ref": "docs/ai"
},
{
"exists": true,
"ref": "docs/superpowers/specs/2026-04-15-MASTER-ai-autonomous-flywheel-v2.md"
}
],
"evidence_refs": [
"docs/security/AI-PROVIDER-OWNER-RESPONSE-ACCEPTANCE.md",
"docs/security/ai-provider-owner-response-acceptance.snapshot.json",
"docs/ai",
"docs/superpowers/specs/2026-04-15-MASTER-ai-autonomous-flywheel-v2.md"
],
"group_id": "ai_provider_agent_runtime",
"label": "AI Provider / Model Router / Agent Runtime",
"live_evidence_accepted": 0,
"next_owner_action": "補 dry-run、benchmark、cost review、privacy review、fallback order 與 rollback owner。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P0",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "OpenClaw、Ollama、NemoTron、Hermes、Gemini、MCP / A2A、tool allowlist、cost / privacy",
"secret_value_collection_allowed": false,
"tier": "C0"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md"
},
{
"exists": true,
"ref": "docs/security/VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md"
},
{
"exists": true,
"ref": "docs/security/AGENT-BOUNTY-IWOOOS-ONBOARDING-HANDOFF.md"
},
{
"exists": true,
"ref": "docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json"
}
],
"evidence_refs": [
"docs/security/IWOOOS-CONFIG-CONTROL-INVENTORY.md",
"docs/security/VIBEWORK-IWOOOS-ONBOARDING-HANDOFF.md",
"docs/security/AGENT-BOUNTY-IWOOOS-ONBOARDING-HANDOFF.md",
"docs/security/agent-bounty-iwooos-onboarding-handoff.snapshot.json"
],
"group_id": "product_surface_runtime_routes",
"label": "Product Surface / Runtime Route",
"live_evidence_accepted": 0,
"next_owner_action": "補逐產品 owner、route、admin、API、backup、webhook、rollback 與 validation 指標。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P1",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "AWOOOI、AwoooP、IwoooS、VibeWork、agent-bounty-protocol、StockPlatform、Tsenyang、Bitan",
"secret_value_collection_allowed": false,
"tier": "C1"
},
{
"action_button": 0,
"evidence_ref_states": [
{
"exists": true,
"ref": "docs/LOGBOOK.md"
},
{
"exists": true,
"ref": "apps/api/src/services/repair_candidate_service.py"
},
{
"exists": true,
"ref": "apps/api/src/services/telegram_gateway.py"
},
{
"exists": true,
"ref": "apps/web/src/app/[locale]/awooop/work-items/page.tsx"
}
],
"evidence_refs": [
"docs/LOGBOOK.md",
"apps/api/src/services/repair_candidate_service.py",
"apps/api/src/services/telegram_gateway.py",
"apps/web/src/app/[locale]/awooop/work-items/page.tsx"
],
"group_id": "automation_asset_sedimentation",
"label": "KM / PlayBook / Script / Schedule / Verifier",
"live_evidence_accepted": 0,
"next_owner_action": "補 incident / approval / manual handoff writeback contract讓資產總帳從可視化進入可追蹤閉環。",
"owner_packet_status": "waiting_asset_owner_packet",
"owner_response_accepted": 0,
"owner_response_received": 0,
"priority": "P1",
"raw_payload_allowed": false,
"redacted_evidence_refs_required": true,
"runtime_gate": 0,
"scope": "incident、approval、repair candidate、manual handoff 的自動化資產沉澱",
"secret_value_collection_allowed": false,
"tier": "C1"
}
],
"blocked_actions": [
"ssh_to_host",
"read_live_host_log",
"write_host_file",
"nginx_reload",
"certbot_renew",
"dns_change",
"firewall_change",
"wireguard_change",
"nodeport_change",
"networkpolicy_apply",
"kubectl_action",
"argocd_sync",
"helm_upgrade",
"docker_restart",
"docker_compose_up",
"systemctl_restart",
"repair_bot_execute",
"ansible_apply",
"wazuh_active_response",
"wazuh_rule_change",
"kali_active_scan",
"kali_execute",
"nmap_scan",
"nuclei_scan",
"trivy_live_scan",
"package_upgrade",
"workflow_modify",
"workflow_dispatch",
"runner_restart",
"secret_read",
"secret_rotate",
"webhook_modify",
"deploy_key_modify",
"refs_sync",
"force_push",
"github_primary_switch",
"backup_run",
"restore_run",
"offsite_sync",
"remote_delete",
"telegram_send",
"soar_case_create",
"auto_block",
"production_write"
],
"execution_boundaries": {
"action_buttons_allowed": false,
"argocd_sync_authorized": false,
"auto_block_authorized": false,
"firewall_change_authorized": false,
"host_write_authorized": false,
"kali_active_scan_authorized": false,
"kali_execute_authorized": false,
"nginx_reload_authorized": false,
"not_authorization": true,
"production_write_authorized": false,
"runtime_execution_authorized": false,
"secret_value_collection_allowed": false,
"soar_action_authorized": false,
"ssh_read_authorized": false,
"telegram_send_authorized": false,
"wazuh_active_response_authorized": false,
"workflow_modification_authorized": false
},
"generated_at": "2026-06-18T13:44:00+08:00",
"git_commit": "c7597df2",
"outcome_lanes": [
"waiting_asset_owner_packet",
"request_gateway_supplement",
"request_host_service_supplement",
"request_network_supplement",
"request_wazuh_kali_supplement",
"request_backup_restore_supplement",
"request_supply_chain_supplement",
"request_product_surface_supplement",
"quarantine_secret_or_raw_payload",
"ready_for_security_reviewer_review"
],
"required_owner_fields": [
"asset_group_id",
"asset_alias",
"owner_role",
"owner_team",
"business_impact",
"technical_scope",
"affected_routes_or_services",
"data_classification",
"redacted_evidence_refs",
"source_of_truth_ref",
"live_state_ref",
"config_diff_ref",
"monitoring_signal_ref",
"wazuh_or_siem_ref",
"kali_scope_ref",
"backup_restore_ref",
"supply_chain_ref",
"secret_absence_attestation",
"raw_payload_absence_attestation",
"maintenance_window",
"rollback_owner",
"postcheck_owner",
"followup_owner",
"decision_reason"
],
"reviewer_checks": [
"asset alias 不得暴露個人 namespace",
"owner role / team 必填",
"source-of-truth 必須可追溯",
"live evidence 只能收脫敏 ref",
"secret value / hash / partial token 一律拒收",
"raw Wazuh / raw Kali output 一律拒收",
"Nginx / firewall / K8s / workflow 變更需獨立 runtime approval",
"route 200 不得當資安完成",
"dashboard 可見不得當 remediation 完成",
"backup 存在不得當 restore drill 完成",
"Kali 納入範圍不得當 active scan 授權",
"Wazuh event 可見不得當 active response 授權",
"repo snapshot 不得當 live host truth",
"事故後回讀需含 actor、before / after、impact、postcheck",
"no-false-green 必須明確標示",
"owner response received / accepted 必須維持 0除非有實際收件",
"runtime gate 必須維持 0",
"action button 必須維持 0",
"Gitea / GitHub refs 不得自動同步",
"GitHub primary 不得自動切換",
"Telegram 不得實發",
"SOAR 不得 auto block",
"AI agent 不得讀 secret 或 host write",
"LOGBOOK 不得包含內部對話逐字稿"
],
"schema_version": "security_asset_control_ledger_v1",
"status": "security_asset_control_ledger_ready_no_runtime_action",
"summary": {
"action_button_count": 0,
"active_scan_authorized_count": 0,
"asset_group_count": 16,
"auto_block_authorized_count": 0,
"blocked_action_count": 44,
"c0_asset_group_count": 14,
"c1_asset_group_count": 2,
"evidence_ref_count": 64,
"existing_evidence_ref_count": 64,
"host_write_authorized_count": 0,
"iwooos_headline_progress_percent": 64,
"kali_execute_authorized_count": 0,
"live_evidence_accepted_count": 0,
"missing_evidence_ref_count": 0,
"outcome_lane_count": 10,
"owner_packet_required_count": 16,
"owner_response_accepted_count": 0,
"owner_response_received_count": 0,
"p0_asset_group_count": 14,
"p1_asset_group_count": 2,
"raw_payload_stored_count": 0,
"required_owner_field_count": 24,
"reviewer_check_count": 24,
"runtime_gate_count": 0,
"secret_value_collected_count": 0,
"security_asset_control_ledger_completion_percent": 100,
"soar_action_authorized_count": 0,
"wazuh_active_response_authorized_count": 0
}
}
Reference in New Issue View Git Blame Copy Permalink