wooo/awoooi

Fork 0

Files

Your Name 118967cabc

CD Pipeline / tests (push) Successful in 1m28s

Details

Code Review / ai-code-review (push) Successful in 14s

Details

CD Pipeline / post-deploy-checks (push) Has been cancelled

Details

CD Pipeline / build-and-deploy (push) Has been cancelled

Details

feat(security): 新增主機服務配置只讀清冊

2026-06-11 21:41:41 +08:00

5.4 KiB

Raw Blame History

IwoooS Docker / systemd / 主機服務配置只讀清冊

項目	內容
日期	2026-06-11
狀態	`repo_only_inventory_ready`
工具	`scripts/security/host-service-config-inventory.py`
Snapshot	`docs/security/host-service-config-inventory.snapshot.json`
Schema	`docs/schemas/host_service_config_inventory_v1.schema.json`
runtime gate	`0`

1. 目的

此清冊補齊高價值配置覆蓋矩陣中最低覆蓋的 docker_compose_systemd_host_config。本階段只從已提交 repo 檔案整理 Docker Compose、systemd / repair bot 白名單、Ansible service role 與 config backup coverage，不讀 live host，也不執行任何服務操作。

此清冊不是 host truth，也不是重啟批准；它只讓 P1-1 從「尚需 inventory」推進到「repo-only inventory ready」。

2. 覆蓋摘要

指標	目前值	說明
repo surface	`9`	全部來源檔案存在
host scope	`5`	`local_dev_only`、`192.168.0.110`、`192.168.0.188`、`110_188_120_121_cluster`、`multi_host`
Docker Compose / reference	`5`	local dev、110 monitoring、188 exporters、110 Sentry reference、110 Langfuse
host repair whitelist	`2`	110 / 188 repair-bot
systemd restart surface	`1`	188 repair-bot 內的 redis / nginx / ollama restart 白名單
write-capable surface	`3`	Ansible docker compose role、110 repair-bot、188 repair-bot
owner response required	`9`	每個 surface 都需要 owner response
live evidence required	`8`	local dev compose 之外仍需 owner-provided live hash / disposition
owner response received / accepted	`0 / 0`	不得假性提高
live evidence received	`0`	不 SSH、不讀 live host
restart window / rollback owner accepted	`0 / 0`	不得重啟
runtime gate / action button	`0 / 0`	不提供操作入口
Docker/systemd 類別成熟度	`42% -> 50%`	只代表 repo-only 清冊完成，不代表 runtime 可執行

3. 已納入 surface

Surface	Host scope	類型	下一步
`local_dev_compose`	`local_dev_only`	local dev compose	確認不得作 production compose，補 dev secret placeholder policy
`monitoring_110_compose`	`192.168.0.110`	Docker Compose	補 live compose hash、restart window、rollback owner、post-check 指標
`monitoring_exporters_188_compose`	`192.168.0.188`	Docker Compose	補 live compose hash、env source policy、restart window、rollback owner
`sentry_110_reference_compose`	`192.168.0.110`	reference compose	確認實際 source-of-truth、official revision、backup path、rollback owner
`langfuse_110_compose`	`192.168.0.110`	Docker Compose	補 live compose hash、secret placeholder disposition、restart window、rollback owner
`ansible_docker_compose_service_role`	`multi_host`	Ansible executor role	補使用範圍、allowed service_dir、check-mode、rollback owner、人工 gate
`repair_bot_110_whitelist`	`192.168.0.110`	repair whitelist	補 authorized_keys binding、disable switch、audit log path、rollback owner、post-check
`repair_bot_188_whitelist`	`192.168.0.188`	repair whitelist	補 systemd restart approval gate、sudoers boundary、disable switch、rollback owner、route smoke
`config_backup_host_capture`	`110_188_120_121_cluster`	config backup capture	補 latest backup status、restore drill owner、secret handling proof、retention owner

4. 固定 0 / false 邊界

以下旗標必須維持 false：

runtime_execution_authorized=false
host_write_authorized=false
ssh_read_authorized=false
ssh_write_authorized=false
docker_compose_action_authorized=false
systemctl_action_authorized=false
service_restart_authorized=false
sudo_action_authorized=false
live_host_read_authorized=false
secret_value_collection_allowed=false
active_scan_authorized=false
repair_bot_execution_authorized=false
ansible_apply_authorized=false
action_buttons_allowed=false

5. 判讀規則

source_exists=true 只代表 repo 內有檔案，不代表 live host 與 repo 一致。
sha256 是 repo file hash，不是 live file hash。
repair-bot 與 Ansible role 可見代表「需被管控」，不是可使用。
docker compose up -d、systemctl restart、sudo、repair-bot、Ansible apply 都必須等待 owner response、maintenance window、rollback owner 與 post-check 指標。
此清冊不得收集 secret value；若需要 secret parity，只能收 secret name / owner / injection metadata。

6. 指令

python3 scripts/security/host-service-config-inventory.py \
  --root . \
  --output docs/security/host-service-config-inventory.snapshot.json

固定 committed snapshot 時間：

python3 scripts/security/host-service-config-inventory.py \
  --root . \
  --generated-at 2026-06-11T22:40:00+08:00 \
  --output docs/security/host-service-config-inventory.snapshot.json

7. 完成度

工作	完成度	說明
repo-only surface 註冊	`100%`	9 個 surface 全部納入 snapshot
source existence / hash	`100%`	只讀 SHA256 與 line count 已固定
owner response 收件	`0%`	尚未收到或接受任何 owner response
live evidence collection	`0%`	未 SSH、未讀 live host、未 active scan
restart / apply gate	`0%`	未開啟 docker compose / systemctl / Ansible / repair-bot 操作

5.4 KiB Raw Blame History Unescape Escape

IwoooS Docker / systemd / 主機服務配置只讀清冊

1. 目的

2. 覆蓋摘要

3. 已納入 surface

4. 固定 0 / false 邊界

5. 判讀規則

6. 指令

7. 完成度

5.4 KiB

Raw Blame History