wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 6 Packages Projects Releases Wiki Activity
Files
2a2cb16c135fd7e5b159d94de9b5ff04f6cf31f5
awoooi/docs/schemas/domain_tls_certbot_inventory_v1.schema.json
Your Name 32b553ee8f
All checks were successful
CD Pipeline / tests (push) Successful in 1m26s
Details
Code Review / ai-code-review (push) Successful in 14s
Details
CD Pipeline / build-and-deploy (push) Successful in 4m23s
Details
CD Pipeline / post-deploy-checks (push) Successful in 1m54s
Details
feat(security): 新增 DNS TLS 只讀清冊
2026-06-11 18:40:54 +08:00

199 lines
7.2 KiB
JSON
Raw Blame History

{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "urn:awoooi:domain-tls-certbot-inventory-v1",
"title": "IwoooS DNS / TLS / certbot 只讀清冊 v1",
"description": "定義從 Nginx source-of-truth 推導出的 domain、TLS certificate path、ACME challenge 與 owner 確認缺口。本契約不授權 DNS 修改、TLS renew、Nginx reload、SSH、host write 或 runtime execution。",
"type": "object",
"required": [
"schema_version",
"generated_at",
"mode",
"git_commit",
"source_nginx_report",
"execution_boundaries",
"summary",
"certificate_paths",
"managed_domains",
"owner_confirmation_required_domains",
"required_owner_fields",
"next_steps"
],
"properties": {
"schema_version": {
"const": "domain_tls_certbot_inventory_v1"
},
"generated_at": {
"type": "string"
},
"mode": {
"const": "repo_only_from_nginx_source_of_truth"
},
"git_commit": {
"type": "string"
},
"source_nginx_report": {
"const": "docs/security/nginx-config-drift-repo.snapshot.json"
},
"execution_boundaries": {
"type": "object",
"required": [
"dns_query_executed",
"live_tls_probe_executed",
"certbot_renew_executed",
"nginx_reload_executed",
"host_write_executed",
"runtime_gate_opened",
"secret_value_collected",
"action_buttons_allowed"
],
"properties": {
"dns_query_executed": { "const": false },
"live_tls_probe_executed": { "const": false },
"certbot_renew_executed": { "const": false },
"nginx_reload_executed": { "const": false },
"host_write_executed": { "const": false },
"runtime_gate_opened": { "const": false },
"secret_value_collected": { "const": false },
"action_buttons_allowed": { "const": false }
},
"additionalProperties": false
},
"summary": {
"type": "object",
"required": [
"source_config_count",
"managed_domain_count",
"unique_certificate_path_count",
"acme_challenge_domain_count",
"certificate_owner_confirmation_required_count",
"admin_route_domain_count",
"websocket_route_domain_count",
"owner_response_request_sent_count",
"owner_response_received_count",
"owner_response_accepted_count",
"runtime_gate_count",
"live_tls_probe_executed",
"dns_change_executed",
"certbot_renew_executed",
"nginx_reload_executed",
"action_buttons_allowed"
],
"properties": {
"source_config_count": { "type": "integer", "const": 3 },
"managed_domain_count": { "type": "integer", "minimum": 1 },
"unique_certificate_path_count": { "type": "integer", "minimum": 1 },
"acme_challenge_domain_count": { "type": "integer", "minimum": 0 },
"certificate_owner_confirmation_required_count": { "type": "integer", "minimum": 0 },
"admin_route_domain_count": { "type": "integer", "minimum": 0 },
"websocket_route_domain_count": { "type": "integer", "minimum": 0 },
"owner_response_request_sent_count": { "const": 0 },
"owner_response_received_count": { "const": 0 },
"owner_response_accepted_count": { "const": 0 },
"runtime_gate_count": { "const": 0 },
"live_tls_probe_executed": { "const": false },
"dns_change_executed": { "const": false },
"certbot_renew_executed": { "const": false },
"nginx_reload_executed": { "const": false },
"action_buttons_allowed": { "const": false }
},
"additionalProperties": false
},
"certificate_paths": {
"type": "array",
"items": { "type": "string" }
},
"managed_domains": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"required": [
"domain",
"hosts",
"config_ids",
"source_paths",
"live_paths",
"control_tier",
"server_block_refs",
"listens",
"tls_certificate_path_present",
"certificate_paths",
"certificate_key_paths",
"certificate_path_domains",
"certificate_owner_confirmation_required",
"acme_challenge_present",
"acme_challenge_roots",
"upstreams",
"admin_route_count",
"websocket_route_count",
"live_tls_probe_status",
"dns_resolution_status",
"certbot_renewal_status",
"owner_review_status"
],
"properties": {
"domain": { "type": "string" },
"hosts": { "type": "array", "items": { "type": "string" } },
"config_ids": { "type": "array", "items": { "type": "string" } },
"source_paths": { "type": "array", "items": { "type": "string" } },
"live_paths": { "type": "array", "items": { "type": "string" } },
"control_tier": { "enum": ["C0", "C1", "C2", "C3"] },
"server_block_refs": { "type": "array", "items": { "type": "string" } },
"listens": { "type": "array", "items": { "type": "string" } },
"tls_certificate_path_present": { "type": "boolean" },
"certificate_paths": { "type": "array", "items": { "type": "string" } },
"certificate_key_paths": { "type": "array", "items": { "type": "string" } },
"certificate_path_domains": { "type": "array", "items": { "type": "string" } },
"certificate_owner_confirmation_required": { "type": "boolean" },
"acme_challenge_present": { "type": "boolean" },
"acme_challenge_roots": { "type": "array", "items": { "type": "string" } },
"upstreams": { "type": "array", "items": { "type": "string" } },
"admin_route_count": { "type": "integer", "minimum": 0 },
"websocket_route_count": { "type": "integer", "minimum": 0 },
"live_tls_probe_status": { "const": "not_executed" },
"dns_resolution_status": { "const": "not_executed" },
"certbot_renewal_status": { "const": "not_executed" },
"owner_review_status": {
"enum": [
"repo_only_ready_for_owner_review",
"repo_only_owner_confirmation_required",
"repo_only_tls_path_missing"
]
}
},
"additionalProperties": false
}
},
"owner_confirmation_required_domains": {
"type": "array",
"items": {
"type": "object",
"required": [
"domain",
"certificate_path_domains",
"tls_certificate_path_present",
"owner_review_status"
],
"properties": {
"domain": { "type": "string" },
"certificate_path_domains": { "type": "array", "items": { "type": "string" } },
"tls_certificate_path_present": { "type": "boolean" },
"owner_review_status": { "type": "string" }
},
"additionalProperties": false
}
},
"required_owner_fields": {
"type": "array",
"minItems": 9,
"items": { "type": "string" }
},
"next_steps": {
"type": "array",
"minItems": 1,
"items": { "type": "string" }
}
},
"additionalProperties": false
}
Reference in New Issue View Git Blame Copy Permalink