Files
awoooi/docs/security/public-frontend-sensitive-surface-guard.snapshot.json
Your Name 65f2d50d69
All checks were successful
Code Review / ai-code-review (push) Successful in 13s
CD Pipeline / tests (push) Successful in 1m38s
CD Pipeline / build-and-deploy (push) Successful in 3m44s
CD Pipeline / post-deploy-checks (push) Successful in 1m28s
feat(iwooos): 強化前台敏感資訊防洩漏 guard
2026-06-15 15:46:29 +08:00

82 lines
2.8 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"allowed_matches": [
{
"path": "apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx",
"pattern_id": "work_window_transcript"
},
{
"path": "apps/web/src/lib/api-client.ts",
"pattern_id": "work_window_transcript"
}
],
"env_example_paths": [
"apps/web/.env.example"
],
"execution_boundaries": {
"action_buttons_allowed": false,
"frontend_deploy_authorized": false,
"internal_ip_public_display_allowed": false,
"internal_namespace_public_display_allowed": false,
"not_authorization": true,
"production_deploy_authorized": false,
"raw_payload_storage_allowed": false,
"runtime_execution_authorized": false,
"secret_value_collection_allowed": false,
"work_window_transcript_public_display_allowed": false
},
"forbidden_patterns": [
"raw_personal_owner_namespace",
"raw_external_owner_namespace",
"raw_blocked_waiting_state",
"raw_blockers_counter",
"codex_delegation_payload",
"codex_source_thread_id",
"approval_chat_phrase",
"work_window_plaintext",
"in_app_browser_transcript",
"codex_request_transcript",
"work_window_transcript",
"internal_rfc1918_ip"
],
"generated_at": "2026-06-15T16:40:00+08:00",
"git_commit": "b16f4c73",
"guarded_paths": [
"apps/web/src",
"apps/web/messages"
],
"mode": "repo_source_scan_no_runtime_no_secret_collection",
"operator_interpretation": [
"此 guard 只掃描 repo 內前端 source / messages 與 env example不讀 production bundle、不部署、不收 secret。",
"遮罩器中的 banned phrase 測試 pattern 允許列在 allowlist產品文案、表格、API payload 與 i18n 不允許顯示 raw namespace、工作視窗逐字內容、raw blocker 狀態或內網 IP。",
"violation_count 維持 0 才能視為 source-control 防洩漏檢查通過;仍不代表 production smoke、runtime approval 或 owner response accepted。"
],
"public_surface_matches": [
{
"excerpt": "[/work window transcript/gi, '已遮罩逐字稿'],",
"line": 203,
"path": "apps/web/src/app/[locale]/governance/tabs/automation-inventory-tab.tsx",
"pattern_id": "work_window_transcript"
},
{
"excerpt": "[/work window transcript/gi, '已遮罩逐字稿'],",
"line": 64,
"path": "apps/web/src/lib/api-client.ts",
"pattern_id": "work_window_transcript"
}
],
"public_surface_violations": [],
"schema_version": "public_frontend_sensitive_surface_guard_v1",
"status": "pass",
"summary": {
"action_button_count": 0,
"allowlisted_match_count": 2,
"env_example_file_count": 1,
"env_violation_count": 0,
"forbidden_pattern_count": 12,
"public_surface_file_count": 225,
"raw_match_count": 2,
"runtime_gate_count": 0,
"violation_count": 0
}
}