Some checks failed
Code Review / ai-code-review (push) Successful in 13s
CD Pipeline / tests (push) Successful in 1m38s
CD Pipeline / build-and-deploy (push) Successful in 5m32s
CD Pipeline / post-deploy-checks (push) Successful in 1m30s
Ansible / Reboot Recovery Contract / validate (push) Has been cancelled
357 lines
69 KiB
Markdown
357 lines
69 KiB
Markdown
# IwoooS 高價值配置控管清冊
|
||
|
||
| 項目 | 內容 |
|
||
|------|------|
|
||
| 日期 | 2026-06-12 |
|
||
| 狀態 | `inventory_and_classification_gate_ready` |
|
||
| 範圍 | AWOOOI / IwoooS 全產品重要配置 |
|
||
| 本階段模式 | source-control 修補 + 只讀盤點,不做 live reload / restart / sync |
|
||
| 覆蓋矩陣 | `docs/security/HIGH-VALUE-CONFIG-CONTROL-COVERAGE.md` |
|
||
| 覆蓋 snapshot | `docs/security/high-value-config-control-coverage.snapshot.json` |
|
||
| runtime gate | `0` |
|
||
|
||
## 0. 核心結論
|
||
|
||
目前 IwoooS 的資安範圍不能只看程式碼漏洞,必須把「能改變公開入口、部署、憑證、告警、資料、備份、AI provider、agent 行為與跨產品路由」的配置全部納入控管。
|
||
|
||
本次盤點後,配置控管分為四級:
|
||
|
||
| 等級 | 定義 | 處理速度 | 例子 |
|
||
|------|------|----------|------|
|
||
| C0 | 立即影響公開入口、權限、secret、部署或遠端執行 | 立即納管,先止血再補 owner gate | Nginx public gateway、TLS、secret、workflow、runner、K8s prod、ArgoCD、backup credential |
|
||
| C1 | 會影響監控、資料、供應鏈、AI provider 或主機維護 | 近程納管,建立 drift 與維護窗口 | Prometheus、Alertmanager、Docker Compose、PostgreSQL、Redis、MinIO、Ollama、Kali、WireGuard |
|
||
| C2 | 產品 runtime、admin、API、webhook、frontend build 或跨產品 route | 隨產品變更納管 | AWOOOI、AwoooP、IwoooS、VibeWork、agent-bounty-protocol、StockPlatform、Tsenyang、Bitan、VTuber |
|
||
| C3 | 文件、runbook、template、snapshot 與證據索引 | 持續納管,避免範例變成可複製風險 | `SERVICE-ENDPOINTS.md`、DR runbook、owner response template |
|
||
|
||
### 0.1 2026-06-11 覆蓋矩陣狀態
|
||
|
||
`high_value_config_control_coverage_v1` 已把高價值配置控管從文字清冊推進成可重跑 snapshot。這份 snapshot 直接讀取 `scripts/security/high-value-config-change-gate.py` 的 `CATEGORIES`,避免長期清冊與變更 Gate 漂移。
|
||
|
||
| 指標 | 目前值 | 邊界 |
|
||
|------|--------|------|
|
||
| 註冊配置類別 | `14` | 代表已進 Gate 分類,不代表已批准 |
|
||
| C0 類別 | `8` | Nginx、DNS / TLS、K8s、secret、workflow / runner、runtime config、backup、agent-bounty runtime |
|
||
| C1 類別 | `4` | 監控、Docker / systemd、SSH / network、AI provider |
|
||
| 平均只讀控管成熟度 | `71%` | 只代表框架 / evidence / owner packet / acceptance ledger / source guard / post-incident readback 準備度 |
|
||
| 需要 live evidence 類別 | `9` | 只能等 owner-provided redacted evidence 或維護窗口,不主動 SSH、不改 route / CORS / env / backup |
|
||
| owner response required | `14` | owner response received / accepted 仍 `0 / 0` |
|
||
| runtime gate | `0` | 不提供執行按鈕 |
|
||
|
||
低成熟與高風險追蹤優先順序為 Docker Compose / systemd、SSH / network、backup / restore、monitoring / alerting。這些是下一波 owner response / live evidence 收件準備的追蹤順序,不代表可以 restart、reload、scan 或收 secret value。
|
||
|
||
### 0.2 2026-06-11 Docker / systemd repo-only 清冊
|
||
|
||
`host_service_config_inventory_v1` 已把 Docker Compose、systemd / repair-bot、Ansible service role 與 host config backup capture 納入只讀 snapshot。清冊目前共有 `9` 個 surface、`5` 個 host scope、`3` 個 write-capable surface、`2` 個 repair-bot whitelist 與 `1` 個 systemd restart surface,讓 Docker / systemd 類別成熟度從 `42%` 推進到 `50%`。
|
||
|
||
此更新仍不是 live host truth:110 / 188 live hash、restart window、rollback owner、post-check 指標與 owner response received / accepted 全部仍為 `0`,也不得執行 `docker compose`、`systemctl`、repair-bot、Ansible apply 或任何 SSH 讀寫。
|
||
|
||
2026-06-14 已新增 `docs/security/HOST-SERVICE-OWNER-REQUEST-DRAFT.md` 與 `docs/security/host-service-owner-request-draft.snapshot.json`,將 9 個 Docker / systemd / host service surface 轉成人工送件前 owner request draft。固定 `drafts=9`、`write_capable=3`、`live_evidence_required=8`、`owner_fields=12`、`blocked_actions=14`,但 request sent、owner response received / accepted、live evidence、restart window、rollback owner、host write、runtime gate 仍全部為 `0 / false`。
|
||
|
||
### 0.3 2026-06-11 SSH / network access repo-only 清冊
|
||
|
||
`ssh_network_access_inventory_v1` 已把 SSH target、known_hosts workflow、CI deploy SSH、monitoring SSH、backup SSH capture、sudoers wrapper、NetworkPolicy、NodePort、WireGuard runbook 與 alert SSH action catalog 納入只讀 snapshot。清冊目前共有 `16` 個 surface、`11` 個 SSH source surface、`6` 個 write-capable surface、`2` 個 NetworkPolicy、`2` 個 NodePort、`1` 個 sudoers surface 與 `1` 個 WireGuard surface,讓 SSH / network 類別成熟度從 `48%` 推進到 `54%`。
|
||
|
||
2026-06-14 已新增 `docs/security/SSH-NETWORK-OWNER-REQUEST-DRAFT.md` 與 `docs/security/ssh-network-owner-request-draft.snapshot.json`,將 16 個 SSH / network access surface 轉成人工送件前 owner request draft。固定 `drafts=16`、`write_capable=6`、`live_evidence_required=16`、`owner_fields=13`、`blocked_actions=16`,但 request sent、owner response received / accepted、live access state、firewall / port change、NetworkPolicy apply、NodePort change、WireGuard change、host write、runtime gate 仍全部為 `0 / false`。
|
||
|
||
2026-06-15 已新增 `docs/security/SSH-NETWORK-OWNER-RESPONSE-ACCEPTANCE.md` 與 `docs/security/ssh-network-owner-response-acceptance.snapshot.json`,將 16 份 owner request draft 轉成 owner response acceptance 只讀帳本。固定 `candidates=16`、`write_capable=6`、`live_evidence_required=16`、`owner_fields=13`、`reviewer_checks=15`、`outcome_lanes=7`、`blocked_actions=22`,讓 SSH / network 類別成熟度從 `54%` 推進到 `58%`;但 owner response received / accepted、live access state、host key pinning、port policy、firewall owner、NetworkPolicy / NodePort、WireGuard cutover、SSH、keyscan、known_hosts patch、firewall / port 變更、host write、runtime gate 仍全部為 `0 / false`。
|
||
|
||
2026-06-15 再新增 `docs/security/PORT-FIREWALL-CHANGE-EVIDENCE-ACCEPTANCE.md` 與 `docs/security/port-firewall-change-evidence-acceptance.snapshot.json`,將 14 個端口 / 防火牆 / NodePort / NetworkPolicy / WireGuard / deploy SSH / sudo / alert action surface 轉成變更證據驗收只讀帳本。固定 `candidates=14`、`write_capable=6`、`policy_or_exposure=5`、`evidence_fields=40`、`required_evidence_fields=21`、`reviewer_checks=21`、`outcome_lanes=9`、`blocked_actions=28`,並納入事故嚴重度、服務健康影響、通知證據、恢復時間與 break-glass 回補欄位,讓 SSH / network 類別成熟度從 `58%` 推進到 `62%`;但 change evidence received / accepted、actor identified、before / after state、service health impact accepted、operator notification accepted、cross-project sync、post-check evidence、firewall / port 變更、route smoke、host restart、host write、runtime gate 仍全部為 `0 / false`。
|
||
|
||
2026-06-15 再新增 `docs/security/SSH-NETWORK-POST-INCIDENT-READBACK-PLAN.md` 與 `docs/security/ssh-network-post-incident-readback-plan.snapshot.json`,把 14 個端口 / 防火牆事故 surface 補成 post-incident readback plan。固定 `readback_candidates=14`、`write_capable=6`、`policy_or_exposure=5`、`readback_fields=30`、`required_readback_fields=24`、`reviewer_checks=24`、`outcome_lanes=10`、`blocked_actions=34`,並要求 actor、before / after、service / public route / AI provider / monitoring impact、operator notification、cross-project sync、restoration evidence、post-check、recurrence guard 與 no-false-green attestation,讓 SSH / network 類別成熟度從 `62%` 推進到 `64%`;但 readback received / accepted、actor attribution accepted、before / after accepted、impact accepted、notification accepted、cross-project sync accepted、restoration accepted、recurrence guard accepted、host write、runtime gate 仍全部為 `0 / false`。
|
||
|
||
### 0.3a 2026-06-15 K8s / ArgoCD GitOps 變更證據驗收
|
||
|
||
`k8s_argocd_change_evidence_acceptance_v1` 已把 `awoooi_prod`、`argocd`、`velero`、`monitoring` 四個 scan group 轉成 GitOps 變更證據驗收只讀帳本。固定 `candidates=4`、`c0=3`、`write_capable=4`、`required_evidence_fields=18`、`reviewer_checks=18`、`outcome_lanes=8`、`blocked_actions=28`,讓 K8s / ArgoCD 類別成熟度從 `62%` 推進到 `64%`。
|
||
|
||
此更新只表示 proposed commit、rendered manifest diff、ArgoCD app / sync revision、health before / after、rollout status、route smoke、metrics / alert、secret metadata parity、blast radius、maintenance window、rollback revision 與 postcheck owner 已有收件驗收規則;change evidence received / accepted、runtime approval package、ArgoCD API read、ArgoCD sync、kubectl action、Helm upgrade、NetworkPolicy apply、NodePort change、RBAC change、live cluster read、production write、runtime gate 仍全部為 `0 / false`。
|
||
|
||
### 0.3b 2026-06-15 K8s / ArgoCD 事故後回讀計畫
|
||
|
||
`k8s_argocd_post_incident_readback_plan_v1` 已把同一批 `awoooi_prod`、`argocd`、`velero`、`monitoring` 四個 scan group 轉成事故後回讀計畫。固定 `readback_candidates=4`、`c0=3`、`c1=1`、`write_capable=4`、`readback_fields=36`、`required_readback_fields=31`、`reviewer_checks=28`、`outcome_lanes=10`、`blocked_actions=41`,讓 K8s / ArgoCD 類別成熟度從 `64%` 推進到 `66%`。
|
||
|
||
此更新只表示 ArgoCD health / sync、Degraded / Pending、image pull / scheduling、rollout 前後、event / metrics / alert、drift scanner、CronJob、NetworkPolicy / RBAC / Secret metadata、public/admin route、AI provider / monitoring、backup / restore、operator notification、cross-project sync、recovery / still degraded、postcheck、recurrence guard 與 no-false-green 已有脫敏回讀欄位與審查分流;post-incident readback received / accepted、ArgoCD API read、ArgoCD sync、live cluster read、kubectl action、Helm action、NetworkPolicy / NodePort / RBAC 變更、secret value collection、route smoke、production write、runtime gate 仍全部為 `0 / false`。
|
||
|
||
### 0.3c 2026-06-15 CD / Runner / Secret 注入變更證據驗收
|
||
|
||
`cd_runner_secret_injection_change_evidence_acceptance_v1` 已把 CD pipeline、Code Review、Deploy alerts、Runner attestation 與 Repository secret name parity / injection owner 轉成 metadata-only 變更證據驗收只讀帳本。固定 `candidates=5`、`c0=4`、`c1=1`、`write_capable=5`、`workflow_files=33`、`referenced_secret_names=42`、`runner_labels=5`、`required_evidence_fields=19`、`reviewer_checks=19`、`outcome_lanes=8`、`blocked_actions=32`。
|
||
|
||
此更新讓 `secret_metadata` 類別成熟度從 `66%` 推進到 `68%`,讓 `gitea_workflow_runner_source_control` 類別成熟度從 `70%` 推進到 `72%`。它只表示 workflow diff、runner owner attestation、secret name parity、secret injection route、Gitea run readback、guard result、rollback owner 與 post-check evidence 已有收件驗收規則;workflow 修改、workflow dispatch、runner 啟用 / 重啟、GitHub hosted runner、secret value / hash / partial token 收集、secret store read、secret 建立 / 更新 / rotate / 刪除、webhook 修改、deploy key 修改、branch protection / CODEOWNERS 修改、refs sync、force push、GitHub primary switch、Gitea 停用、production deploy、runtime gate 仍全部為 `0 / false`。
|
||
|
||
### 0.3c-1 2026-06-16 CD / Runner / Secret 注入事故後回讀計畫
|
||
|
||
`cd_runner_secret_injection_post_incident_readback_plan_v1` 已把同一批 CD pipeline、Code Review、Deploy alerts、Runner attestation 與 Repository secret name parity / injection owner 轉成事故後回讀計畫。固定 `candidates=5`、`c0=4`、`c1=1`、`write_capable=5`、`readback_fields=44`、`required_readback_fields=33`、`reviewer_checks=30`、`outcome_lanes=11`、`blocked_actions=52`。
|
||
|
||
此更新讓 `secret_metadata` 類別成熟度從 `68%` 推進到 `70%`,讓 `gitea_workflow_runner_source_control` 類別成熟度從 `72%` 推進到 `74%`。它只表示 workflow diff state、runner attestation、executor / host、workspace cleanup、permission scope、secret name parity、secret injection route、step-env secret guard、log redaction、deploy marker / Gitea run、webhook / notification receipt、before / after deploy state、cross-project sync、rollback、post-check、post-change monitoring、recurrence guard 與 no-false-green 已有事故後脫敏回讀欄位;post-incident readback received / accepted、workflow 修改、workflow dispatch、runner 變更、GitHub hosted runner、repo secret 變更、secret value collection、secret injection change、webhook / deploy key / branch protection / CODEOWNERS 變更、Gitea action dispatch、K8s secret injection、ArgoCD sync、production deploy、runtime gate 仍全部為 `0 / false`。
|
||
|
||
### 0.3c-2 2026-06-18 Telegram notification egress 旁路清冊
|
||
|
||
`telegram_notification_egress_inventory_v1` 已把 repo 內 direct Telegram Bot API `sendMessage` 旁路納入只讀清冊。固定 `direct_bot_api_file_count=11`、`direct_bot_api_call_count=18`、`workflow_direct_bot_api_call_count=13`、`ops_script_direct_bot_api_call_count=4`、`api_direct_bot_api_call_count=1`、`gateway_normalized_callsite_count=56`、`gateway_final_exit_formatter_present_count=1`。
|
||
|
||
此更新只表示 `.gitea/workflows`、`scripts/ops` 與 `apps/api/src/services/channel_hub.py` 的 direct egress 已可重跑盤點,不代表已遷移。owner response received / accepted、formatter convergence accepted、redaction contract accepted、delivery receipt accepted、direct Bot API migration authorized、Telegram send、Bot API call、workflow / script modification、secret collection、raw payload storage、production write、runtime gate 仍全部為 `0 / false`。
|
||
|
||
同日再新增 `telegram_notification_egress_owner_request_draft_v1`,將 11 個 direct egress 檔案轉成人工送件前 owner request 草稿。固定 `request_draft_count=11`、`workflow_request_draft_count=6`、`ops_script_request_draft_count=4`、`api_direct_request_draft_count=1`、`required_owner_field_count=19`、`preflight_check_count=16`、`outcome_lane_count=9`、`forbidden_payload_count=14`、`blocked_action_count=26`。request sent、recipient confirmed、audit event emitted、owner response accepted、formatter convergence accepted、break-glass fallback accepted、Telegram send、Bot API call、workflow / script modification、API sender refactor、secret collection、raw payload storage、production write、runtime gate 仍全部為 `0 / false`。
|
||
|
||
同日再新增 `telegram_notification_egress_migration_plan_draft_v1`,將 11 份 owner request 草稿排成 workflow notification wrapper、ops notification wrapper、API sender gateway 三個遷移波次。固定 `migration_candidate_count=11`、`workflow_migration_candidate_count=6`、`ops_script_migration_candidate_count=4`、`api_direct_migration_candidate_count=1`、`proposed_wave_count=3`、`owner_response_required_count=11`、`maintenance_window_required_count=11`、`rollback_owner_required_count=11`。owner response、migration authorized、workflow / script modification、API sender refactor、Telegram send、Bot API call、secret collection、raw payload storage、production write、runtime gate 仍全部為 `0 / false`。
|
||
|
||
2026-06-19 再新增 `telegram_notification_egress_no_new_bypass_guard_v1`,將既有 18 個 direct send 固定成 baseline signature,並掃描 `sendMessage`、`sendDocument`、`sendPhoto`、`sendMediaGroup`、`editMessageText`、`sendAnimation`、`sendVideo`、`sendAudio`、`sendVoice` 等 9 類 Bot API method。固定 `baseline_signature_count=18`、`current_direct_bot_api_call_count=18`、`new_bypass_count=0`、`sendDocument_call_count=0`、`runtime_gate_count=0`。此更新只代表 repo source 目前沒有新增未登記 Telegram 直送旁路;既有 18 個 direct send 仍未遷移,owner response、migration authorized、workflow / script modification、API sender refactor、Telegram send、Bot API call、secret collection、raw payload storage、production write、runtime gate 仍全部為 `0 / false`。
|
||
|
||
同日再新增 `telegram_notification_egress_owner_response_acceptance_v1`,把 11 份 owner request draft 與 11 份 migration candidate 轉成 owner response acceptance 帳本。2026-06-19 已補 `message_readability_guard_ref`,固定指向 `docs/security/telegram-alert-readability-guard.snapshot.json`,讓每個 direct egress candidate 都必須帶告警可讀性、脫敏、`runtime_write_gate=controlled` 事件卡語意、no-false-green guard ref,以及 Telegram send / runtime gate 仍為 `0 / false` 的邊界。固定 `acceptance_candidate_count=11`、workflow `6`、ops script `4`、API direct `1`、`acceptance_field_count=33`、`required_owner_field_count=19`、`reviewer_check_count=23`、`outcome_lane_count=10`、`forbidden_payload_count=14`、`blocked_action_count=35`。owner response received / accepted / rejected / quarantined、supplement requested、formatter convergence accepted、redaction contract accepted、delivery receipt accepted、break-glass fallback accepted、maintenance / rollback / postcheck accepted、migration authorized、workflow / script / API sender modification、Telegram send、Bot API call、workflow dispatch、production deploy、secret collection、raw payload storage、runtime gate 仍全部為 `0 / false`。
|
||
|
||
同日再新增 `telegram_alert_readability_guard_v1`,把 Telegram 告警最後出口可讀性納入高價值配置控管。固定 `source_formatter_marker_count=11`、`final_exit_contract_count=3`、`test_contract_count=11`、`ai_signal_lane_count=7`、`host_resource_lane_count=6`、`blocked_raw_output_marker_count=12`、`required_output_marker_count=7`,並由 `security-mirror-progress-guard.py` 直接呼叫。此 guard 確認 `_send_request()`、`send_alert_notification()` 與 `send_text()` 都會套用 normalizer,且 Prisma / root Node.js / Next build / Wazuh / Kali / Nginx drift 等告警只能變成脫敏 AI 事件卡;Telegram 實發、Bot API call、delivery receipt、direct egress migration、workflow / script / API sender 修改、production write、runtime gate 仍全部為 `0 / false`。
|
||
|
||
### 0.3d 2026-06-15 Public / Admin / API runtime config 變更證據驗收
|
||
|
||
`public_runtime_config_change_evidence_acceptance_v1` 已把公開產品頁、AwoooP 後台、API / CORS、frontend env、Sentry tunnel、webhook / callback 與跨產品 runtime route 轉成 metadata-only 變更證據驗收只讀帳本。固定 `candidates=6`、`c0=5`、`c1=1`、`write_capable=6`、`source_refs=20`、`required_evidence_fields=21`、`reviewer_checks=21`、`outcome_lanes=8`、`blocked_actions=32`。
|
||
|
||
此更新讓 Public / admin / API / frontend runtime config 類別成熟度從 `62%` 推進到 `64%`。它只表示 affected route refs、admin/auth boundary、API contract readback、CORS origin diff、frontend env diff、i18n redaction review、webhook / callback owner、desktop / mobile smoke、sensitive string scan、console error scan、rollback owner 與 post-check evidence 已有收件驗收規則;route 變更、CORS 變更、NEXT_PUBLIC env 變更、middleware auth 變更、callback / webhook 變更、security header / cookie / CSRF / rate limit 變更、database migration、frontend / API deploy、production deploy、runtime gate 仍全部為 `0 / false`。
|
||
|
||
此帳本同時把 raw owner namespace、repo slug、內部狀態碼、內部協作文字、cookie、token、secret value、DSN value、raw payload 與未脫敏截圖列為拒收或隔離條件。AwoooP Tenants、IwoooS、Code Review 或其他公開頁只能顯示脫敏產品 / 專案名稱與控管狀態,不得顯示個人 namespace、內部狀態碼、內部協作內容或抱怨語句。
|
||
|
||
2026-06-15 再新增 `public_frontend_sensitive_surface_guard_v1` snapshot,並將 `scripts/security/public-frontend-env-guard.py` 擴充為 source / messages 防洩漏 guard。固定掃描 `225` 個前端檔案、`12` 類禁字、`2` 個遮罩器 allowlist、`0` 個違規、`0` 個 env violation、`0` 個 runtime gate。此更新讓 Public / admin / API / frontend runtime config 類別成熟度從 `64%` 推進到 `66%`;但 production bundle scan accepted、desktop / mobile production smoke accepted、owner response received / accepted、route / CORS / env / auth / webhook 變更、frontend / API deploy、runtime gate 仍全部為 `0 / false`。
|
||
|
||
`backup_restore_owner_request_draft_v1` 已把 backup、restore、offsite、credential escrow、retention、Velero、alert / health 與 DR runbook 的 38 個 surface 轉成人工送件前 owner request draft。固定 `drafts=38`、`write_capable=27`、`live_evidence_required=38`、`owner_fields=14`、`blocked_actions=18`,但 request sent、owner response received / accepted、live backup evidence、backup run、restore run、offsite sync、remote delete、escrow marker write、retention change、host write、runtime gate 仍全部為 `0 / false`。
|
||
|
||
此更新仍不是 live network truth:live firewall、sudoers、known_hosts、NetworkPolicy、NodePort、WireGuard evidence、network owner、maintenance window、rollback owner 與 owner response received / accepted 全部仍為 `0`,也不得執行 SSH、keyscan、sudo、firewall change、NetworkPolicy apply、NodePort change 或 WireGuard cutover。
|
||
|
||
### 0.4 2026-06-11 Backup / restore / escrow / retention repo-only 清冊
|
||
|
||
`backup_restore_escrow_inventory_v1` 已把 backup orchestration、service backup scripts、restic retention、offsite sync、credential escrow、Velero restore drill、backup health alert 與 cold-start / DR runbook 納入只讀 snapshot。清冊目前共有 `38` 個 surface、`15` 個 backup script surface、`8` 個 offsite / escrow surface、`5` 個 Velero surface、`3` 個 retention surface、`5` 個 credential surface 與 `27` 個 write-capable surface,讓 backup / restore / credential 類別成熟度從 `52%` 推進到 `58%`。
|
||
|
||
2026-06-15 已新增 `backup_restore_owner_response_acceptance_v1`,將 38 份 owner request draft 轉成 owner response acceptance 只讀帳本。固定 `candidates=38`、`write_capable=27`、`live_evidence_required=38`、`owner_fields=14`、`reviewer_checks=13`、`outcome_lanes=7`、`blocked_actions=22`,讓 backup / restore / credential 類別成熟度從 `58%` 推進到 `62%`;但 owner response received / accepted、live backup evidence、backup run、restore run、offsite sync、remote delete、escrow marker write、retention change、host write、runtime gate 仍全部為 `0 / false`。
|
||
|
||
同日再補 restore recovery backfill Gate,將 `backup_restore_owner_response_acceptance_v1` 固定為 `acceptance_fields=33`、`owner_fields=23`、`reviewer_checks=22`、`outcome_lanes=9`、`blocked_actions=31`。新增 freshness SLO、隔離 restore target、backup dependency map、data classification、remote delete guard、retention runway、restore observer / stop condition、credential recovery non-secret proof 與 backup health no-false-green review;讓 backup / restore / credential 類別成熟度從 `62%` 推進到 `64%`。這不代表 owner response received / accepted、live backup evidence、freshness SLO accepted、restore target isolation accepted、remote delete guard accepted、retention runway accepted、credential recovery drill accepted、backup run、restore run、offsite sync、remote delete、retention change、secret collection、host write 或 runtime gate 已授權。
|
||
|
||
2026-06-18 再新增 `backup_restore_post_incident_readback_plan_v1`,將同一批 38 個 backup / restore / escrow / retention surface 補成事故後回讀計畫。固定 `readback_candidates=38`、`write_capable=27`、`live_evidence_required=38`、`restore_drill_required=38`、`offsite_or_escrow_required=20`、`retention_or_remote_delete_required=17`、`required_readback_fields=34`、`reviewer_checks=32`、`outcome_lanes=11`、`blocked_actions=51`,並要求 actor、時間窗、改前改後 freshness、backup status readback、restore drill、隔離 restore target、offsite sync、remote delete guard、credential escrow non-secret proof、credential recovery metadata、retention runway、retention / prune decision、dependency map、data classification、restore observer、alert textfile、cold-start scorecard、cross-project sync、rollback、post-change monitoring、防再發與 no-false-green attestation,讓 backup / restore / credential 類別成熟度從 `64%` 推進到 `66%`。這不代表 post-incident readback received / accepted、backup run、restore run、offsite sync、remote delete、escrow marker write、retention change、secret collection、host write 或 runtime gate 已授權。
|
||
|
||
此更新仍不是 live backup truth:owner response、live evidence、restore drill acceptance、offsite sync acceptance、credential escrow acceptance、retention change acceptance、maintenance window、rollback owner 與 runtime gate 全部仍為 `0`,也不得執行 backup、restore、offsite sync、remote delete、restic prune、escrow marker write、rclone config、Velero restore、kubectl 或 SSH。
|
||
|
||
### 0.5 2026-06-12 Monitoring / alerting / observability repo-only 清冊
|
||
|
||
`monitoring_alerting_observability_inventory_v1` 已把 Prometheus、Alertmanager、Grafana、SigNoz、Sentry、Langfuse、OTEL、Telegram / notification policy、deploy / reload scripts 與 alert chain smoke scripts 納入只讀 snapshot。清冊目前共有 `60` 個 surface、`13` 個 alert rule surface、`6` 個 deploy / reload surface、`11` 個 write-capable surface 與 `1` 個 drift guard surface,讓 monitoring / alerting / observability 類別成熟度從 `56%` 推進到 `62%`。
|
||
|
||
此更新仍不是 live alert chain truth:owner response、live evidence、reload owner、receiver owner、route smoke、maintenance window、rollback owner 與 runtime gate 全部仍為 `0`,也不得執行 Prometheus reload、Alertmanager reload、Grafana import、SigNoz rule apply、Sentry deploy、Langfuse change、OTEL reload、remote write change、silence change、Telegram send、live alert fire、alert chain smoke、SSH 或 kubectl。
|
||
|
||
2026-06-14 已新增 `monitoring_owner_request_draft_v1`,把 60 個 monitoring / alerting / observability surface 轉成人工送件前 owner request draft。固定 `drafts=60`、`write_capable=11`、`live_evidence_required=60`、`owner_fields=14`、`blocked_actions=24`,但 request sent、owner response received / accepted、live evidence、reload、receiver route change、silence change、Telegram send、alert chain smoke、host write、runtime gate 仍全部為 `0 / false`。
|
||
|
||
2026-06-15 已新增 `monitoring_owner_response_acceptance_v1`,將 60 份 owner request draft 轉成 owner response acceptance 只讀帳本。固定 `candidates=60`、`write_capable=11`、`live_evidence_required=60`、`owner_fields=14`、`reviewer_checks=15`、`outcome_lanes=7`、`blocked_actions=28`,讓 monitoring / alerting / observability 類別成熟度從 `62%` 推進到 `66%`;但 owner response received / accepted / rejected、live evidence、reload、receiver route change、silence change、Telegram send、alert chain smoke、host write、runtime gate 仍全部為 `0 / false`。
|
||
|
||
2026-06-15 再補告警鏈路 no-false-green 回補欄位,將 `monitoring_owner_response_acceptance_v1` 固定為 `acceptance_fields=38`、`reviewer_checks=23`、`outcome_lanes=12`、`blocked_actions=34`。新增要求包含 incident context、alert chain health 不能只看 route 200、receiver receipt proof、stale alert review、silence / dedup review、false-green risk review、post-reload readback plan 與 cross-project notification ref,讓 monitoring / alerting / observability 類別成熟度從 `66%` 推進到 `68%`;但 owner response、receiver receipt、stale alert review、silence / dedup review、false-green risk review、post-reload readback、reload、Telegram send、live alert fire、alert chain smoke、host write、runtime gate 仍全部為 `0 / false`。
|
||
|
||
2026-06-15 再新增 `monitoring_post_incident_readback_plan_v1`,將同一批 60 個 monitoring / alerting / observability surface 轉成事故後回讀計畫。固定 `candidates=60`、`write_capable=11`、`live_evidence_required=60`、`alert_rule=13`、`deploy_or_reload=6`、`required_readback_fields=30`、`reviewer_checks=28`、`outcome_lanes=11`、`blocked_actions=53`,讓 monitoring / alerting / observability 類別成熟度從 `68%` 推進到 `70%`;但 post-incident readback received / accepted、receiver receipt、stale / silence review、alert chain health、reload、Telegram send、live alert fire、alert chain smoke、host write、production write、runtime gate 與 action button 仍全部為 `0 / false`。
|
||
|
||
### 0.6 2026-06-12 Public Gateway Preflight repo-only 清冊
|
||
|
||
`public_gateway_preflight_inventory_v1` 已把 Nginx public gateway reload / route change 前置 Gate 固定成只讀 snapshot。清冊目前共有 `3` 份 Nginx source config、`2` 份 C0 source config、`14` 個 route impact、`14` 個 unique upstream、`10` 條 TLS certificate path、`4` 個 certificate owner 確認缺口、`7` 個 ACME challenge domain、`1` 個 admin route domain、`6` 個 WebSocket route domain 與 `12` 個 preflight gate,讓 Nginx public gateway 類別成熟度從 `78%` 推進到 `84%`。
|
||
|
||
此更新仍不是 live gateway truth:owner response、owner-provided live conf、rendered diff、`nginx -t` evidence、route smoke、maintenance window、rollback owner 與 runtime gate 全部仍為 `0`,也不得 SSH、讀 live conf、執行 `nginx -t`、reload Nginx、改 public route、改 admin route、改 WebSocket / API route、改 ACME、做 DNS / TLS probe、執行 certbot renew 或寫入主機。
|
||
|
||
2026-06-14 已新增 `public_gateway_owner_response_acceptance_v1`,把 3 份 Public Gateway config 轉成 owner response acceptance 只讀帳本。2026-06-15 已強化手動 / 緊急 gateway 變更 metadata gate,固定 `candidates=3`、`c0=2`、`owner_fields=22`、`reviewer_checks=22`、`outcome_lanes=8`、`blocked_actions=28`。此更新要求 owner response 必須能提供 change actor/source、change time window、cross-project impact、communication sync、change intent / ticket、pre-change approval 或 break-glass reason、route health impact、rollback validation 與 post-change monitoring window 的脫敏 ref;Nginx public gateway 類別成熟度從 `88%` 推進到 `90%`,因為亂改 Nginx 後不再只看 owner 口頭回覆,而會要求事前意圖或事後 break-glass、健康影響、回滾驗證與監控窗口。不過 owner response received / accepted、redacted export、rendered diff、`nginx -t`、reload、route smoke、DNS / TLS probe、certbot renew、host write、runtime gate 仍全部為 `0 / false`。
|
||
|
||
2026-06-14 再新增 `public_gateway_rendered_diff_acceptance_v1`,把 3 份 Public Gateway config 轉成 rendered diff evidence acceptance 只讀帳本。固定 `candidates=3`、`c0=2`、`required_evidence_fields=14`、`reviewer_checks=15`、`outcome_lanes=8`、`blocked_actions=22`,讓 Nginx public gateway 類別成熟度從 `86%` 推進到 `88%`。此更新只表示未來 owner-provided rendered diff、`nginx -t` readback、route smoke evidence、TLS / ACME impact、maintenance window、rollback owner 與 post-check evidence 有收件驗收規則;owner response accepted、rendered diff accepted、nginx test evidence accepted、route smoke evidence accepted、reload、DNS / TLS probe、certbot renew、host write、runtime gate 仍全部為 `0 / false`。
|
||
|
||
2026-06-15 再新增 `public_gateway_post_incident_readback_plan_v1`,把同一批 3 份 Public Gateway config 補成事故後回讀計畫。固定 `readback_candidates=3`、`c0=2`、`c1=1`、`write_capable=3`、`readback_fields=36`、`required_readback_fields=30`、`reviewer_checks=28`、`outcome_lanes=10`、`blocked_actions=41`,讓 Nginx public gateway 類別成熟度從 `90%` 推進到 `92%`。此更新只表示 actor、變更時間窗、change intent / break-glass、改前改後 route、source-to-live diff、`nginx -t` readback、reload / no-reload、route smoke、TLS / ACME、WebSocket、upstream、AI provider、monitoring、跨專案同步、回滾、防再發與 no-false-green 已有脫敏回讀欄位與審查分流;readback received / accepted、live conf read、`nginx -t`、reload、route smoke、DNS / TLS probe、certbot renew、host write、runtime gate 仍全部為 `0 / false`。
|
||
|
||
### 0.7 2026-06-14 DNS / TLS / certbot owner response acceptance 只讀帳本
|
||
|
||
`domain_tls_certbot_owner_response_acceptance_v1` 已把 4 份 DNS / TLS / certbot owner confirmation request 轉成 owner response acceptance 只讀帳本。固定 `candidates=4`、`c0=4`、`owner_fields=13`、`reviewer_checks=13`、`outcome_lanes=7`、`blocked_actions=20`,讓 DNS / TLS / certbot 類別成熟度從 `74%` 推進到 `78%`。
|
||
|
||
此更新只表示 SAN / wildcard / 共用憑證覆蓋關係、certificate expiry metadata、renewal owner、ACME route owner、maintenance window、rollback owner 與 validation plan 已有收件驗收規則;owner response received / accepted、certificate coverage confirmed、DNS query、TLS probe、certbot renew、Nginx reload、route smoke、DNS record / certificate path / ACME route 變更、host write、runtime gate 仍全部為 `0 / false`。
|
||
|
||
### 0.8 2026-06-14 Docker / systemd / host service owner response acceptance 只讀帳本
|
||
|
||
`host_service_owner_response_acceptance_v1` 已把 9 份 Docker / systemd / host service owner request draft 轉成 owner response acceptance 只讀帳本。固定 `candidates=9`、`write_capable=3`、`live_evidence_required=8`、`owner_fields=18`、`reviewer_checks=21`、`outcome_lanes=8`、`blocked_actions=27`,並追加事故恢復、依賴圖、port binding、cold-start sequence、source-of-truth 與 daemon / runner 競爭回補要求,讓 Docker / systemd / host service 類別成熟度從 `54%` 推進到 `58%`。
|
||
|
||
此更新只表示 live config hash ref、maintenance / restart window、rollback owner、post-check plan、disable switch 與 no-secret-value evidence 已有收件驗收規則;owner response received / accepted、live host read、SSH、Docker Compose、systemctl、repair-bot、Ansible、sudo、host write、runtime gate 仍全部為 `0 / false`。
|
||
|
||
### 0.8a 2026-06-15 Docker / systemd / host service change evidence acceptance 只讀帳本
|
||
|
||
`host_service_change_evidence_acceptance_v1` 已把 9 個 Docker / systemd / host service surface 轉成事故 / 變更證據驗收只讀帳本。固定 `candidates=9`、`write_capable=3`、`live_evidence_required=8`、`evidence_fields=45`、`required_evidence_fields=25`、`reviewer_checks=26`、`outcome_lanes=10`、`blocked_actions=39`,並納入重啟 actor、before / after service state、Docker daemon state、compose / systemd state、failed unit review、port binding、dependency impact、cold-start sequence、route recovery、operator notification、cross-project sync 與 no-false-green service health,讓 Docker / systemd / host service 類別成熟度從 `58%` 推進到 `62%`。
|
||
|
||
此更新只表示未來 host service 事故或變更證據已有收件驗收規則;change evidence received / accepted、Docker daemon state accepted、compose stack state accepted、systemd unit state accepted、failed unit review accepted、port binding accepted、route recovery accepted、operator notification accepted、live host read、SSH、Docker / systemd、repair-bot、Ansible、route smoke、host write、runtime gate 仍全部為 `0 / false`。
|
||
|
||
### 0.8b 2026-06-15 Docker / systemd / host service 事故後回讀計畫
|
||
|
||
`host_service_post_incident_readback_plan_v1` 已把同一批 9 個 Docker / systemd / host service surface 補成 post-incident readback plan。固定 `readback_candidates=9`、`write_capable=3`、`live_evidence_required=8`、`readback_fields=36`、`required_readback_fields=28`、`reviewer_checks=28`、`outcome_lanes=10`、`blocked_actions=41`,並要求 actor、boot time、restart / recovery window、before / after、Docker daemon、compose、systemd、failed unit、port binding、dependency、public/admin route、AI provider、monitoring、operator notification、cross-project sync、restoration evidence、post-check、recurrence guard 與 no-false-green attestation,讓 Docker / systemd / host service 類別成熟度從 `62%` 推進到 `64%`。
|
||
|
||
此更新只表示 110 / 188 類主機服務事故已有事故後回讀收件規則;post-incident readback received / accepted、actor attribution accepted、Docker daemon accepted、compose accepted、systemd accepted、route recovery accepted、monitoring accepted、cross-project sync accepted、recurrence guard accepted、live host read、SSH、Docker / systemd、repair-bot、Ansible、route smoke、host write、production write、runtime gate 仍全部為 `0 / false`。
|
||
|
||
### 0.8c 2026-06-15 AI provider / model routing owner response acceptance 只讀帳本
|
||
|
||
`ai_provider_owner_response_acceptance_v1` 已把 AI router provider policy、Ollama proxy gateway、fallback order / circuit breaker、cost budget / quota、privacy / data egress、benchmark / dry-run、model card / version inventory 與 agent replacement candidate boundary 轉成 metadata-only owner response acceptance 帳本。固定 `candidates=8`、`write_capable=5`、`paid_provider_related=5`、`data_egress=6`、`live_evidence_required=6`、`acceptance_fields=37`、`required_owner_fields=24`、`reviewer_checks=24`、`outcome_lanes=10`、`blocked_actions=38`,讓 AI provider / model routing 類別成熟度從 `60%` 推進到 `64%`。
|
||
|
||
此更新只表示未來 provider、fallback、cost、privacy、benchmark、dry-run、模型卡片與 agent replacement 證據已有收件驗收規則;owner response received / accepted、dry-run accepted、benchmark accepted、cost review accepted、privacy review accepted、fallback order accepted、provider switch、external provider call、paid provider call、prompt send、live endpoint probe、secret collection、SDK install、model download、shadow / canary、production deploy、runtime gate 仍全部為 `0 / false`。
|
||
|
||
## 1. 目前已不符合新要求的項目
|
||
|
||
| 優先 | 項目 | 現況 | 風險 | 本階段處置 |
|
||
|------|------|------|------|------------|
|
||
| P0 | Nginx public gateway | 已有 Ansible source-of-truth、repo-only drift detector、DNS / TLS 清冊、public gateway preflight Gate、owner response acceptance、rendered diff evidence acceptance 與事故後回讀計畫,但尚缺 owner-provided live conf、rendered diff、`nginx -t` evidence、route smoke、maintenance window 與 rollback owner | 手改 live conf 會讓公開網站、admin route、TLS、API、WebSocket 或 ACME 被改壞,且不易追責 | 已新增高價值配置 Hard Rule、drift detector、preflight 清冊、owner response acceptance 與 post-incident readback plan;仍不得 SSH 或 reload |
|
||
| P0 | `docs/runbooks/SECRETS-MANAGEMENT.md` Gitea token 範例 | 文件內存在可疑 token 範例 | 可能造成 Gitea API 權限外洩或複製貼上事故 | 已改為 owner-managed token env,不保存 value |
|
||
| P0 | `k8s/monitoring/docker-compose-110.yml` Grafana admin 密碼 | compose 內有固定密碼常值 | 若被當作 live 密碼或複製使用,會造成監控後台弱控管 | 已改為 `GRAFANA_ADMIN_PASSWORD` owner secret store 注入 |
|
||
| P0 | `ops/monitoring/discover_docker.py` SSH host key 驗證 | 仍使用關閉 host key 驗證的參數 | MITM 或錯誤主機信任風險 | 已改為 `BatchMode=yes` + `accept-new`;後續升級 pinned known_hosts |
|
||
| P0 | `apps/api/src/api/v1/monitoring.py` Grafana 探測認證 | 程式碼內有 Grafana Basic Auth 常值 | API 程式碼保存 credential,且會被複製到後續部署 | 已改為 `settings.GRAFANA_API_KEY` Bearer token;未設定時不送 Authorization header |
|
||
| P1 | Nginx 188 / 110 live conf drift | repo 有 templates 與 drift detector,比對模式需 owner 提供脫敏 live conf;目前 live evidence 仍為 `0` | 手改後 repo 不知道,下一次 Ansible 可能覆蓋或保留錯誤路由 | 下一步收 owner-provided live conf 與 rendered diff,不主動 SSH |
|
||
| P1 | 高價值配置變更 Gate | 已有 C0-C3 清冊與 Hard Rule,但原本缺少可重跑 path 分類 | reviewer 只能靠人工記憶判斷 Nginx、workflow、secret、K8s、DNS、AI provider 是否需 owner gate | 已新增 `scripts/security/high-value-config-change-gate.py`;本階段只分類,不接 CI blocking |
|
||
| P0 | DNS / TLS / certbot | 已有 domain / certificate path 清冊、owner confirmation request 與 owner response acceptance 只讀帳本,但仍缺 owner-provided coverage metadata、expiry metadata、renewal owner、ACME route owner、maintenance window 與 rollback owner | 憑證過期、錯誤 cert path、ACME challenge 被覆蓋會造成公開服務中斷 | 維持 C0;下一步只收脫敏 metadata ref,不做 DNS query、TLS probe、certbot renew 或 reload |
|
||
| P1 | workflow / runner / deploy key / secret name | 已有 Gitea / GitHub readiness 盤點,但尚未把配置變更和 IwoooS 高價值配置共用 gate 合併 | workflow 或 runner 改錯會直接影響部署與 secret 注入 | 納入 C0,維持只讀 owner response,不收 secret value |
|
||
| P1 | Docker Compose / systemd live config | 已有 repo-only inventory、owner request draft、owner response acceptance、change evidence acceptance 與 post-incident readback plan 只讀帳本,但仍缺 owner-provided live hash、事故回讀包、maintenance / restart window、rollback owner、post-check plan、disable switch 與 no-secret-value evidence | restart policy、port、volume、env、daemon / compose / systemd 異動會影響 Harbor、Sentry、Langfuse、Gitea、監控、AI provider 與代理賞金協議 runtime | 下一步只收脫敏 owner response / live hash metadata / 事故回讀 ref,不主動 SSH、不重啟、不跑 repair-bot |
|
||
| P1 | AI provider / Ollama proxy | Nginx proxy template、API provider route、fallback order、模型治理卡與 agent replacement 候選 | provider route drift 會造成成本、可用性、資料外送與模型品質風險 | 納入 C1,owner response acceptance 已固定;任何切換仍需 dry-run / benchmark / cost / privacy / rollback owner gate |
|
||
| P1 | agent-bounty-protocol runtime / treasury / A2A / MCP | 已納入只讀範圍,但尚未有 production host、compose、domain、TLS、rollback owner 完整資料 | 外部 agent、claim / submit、payout 或 webhook 若未控管,風險高於一般網站 | 納入 C2,仍不改該 repo、不讀 `.env`、不部署 |
|
||
|
||
## 2. Nginx 控管機制
|
||
|
||
Nginx 是目前必須最先資安控管的配置,原因是它同時控制公開 domain、TLS、admin route、API / WebSocket、ACME challenge、跨產品 upstream 與內網曝光邊界。
|
||
|
||
### 2.1 Source of truth
|
||
|
||
| 主機 | repo source-of-truth | live path | 涵蓋 |
|
||
|------|----------------------|-----------|------|
|
||
| `192.168.0.188` | `infra/ansible/roles/nginx/templates/188-all-sites.conf.j2` | `/etc/nginx/sites-enabled/all-sites.conf` | `aiops.wooo.work`、`gitlab.wooo.work`、`signoz.wooo.work`、`www.tsenyang.com`、`tsenyang.com`、`stock.wooo.work`、`mo.wooo.work`、`bitan.wooo.work`、`vtuber.wooo.work` |
|
||
| `192.168.0.188` | `infra/ansible/roles/nginx/templates/188-internal-tools-https.conf.j2` | live path 需 owner 確認 | `gitea.wooo.work`、`sentry.wooo.work`、`langfuse.wooo.work`、`harbor.wooo.work`、`registry.wooo.work`、`signoz.wooo.work`、`stock.wooo.work` |
|
||
| `192.168.0.110` | `infra/ansible/roles/nginx/templates/110-ollama-proxy.conf.j2` | `/etc/nginx/sites-enabled/110-ollama-proxy.conf` | Ollama GCP-A `11435`、GCP-B `11436`、local fallback `11437` |
|
||
| 部署入口 | `infra/ansible/playbooks/nginx-sync.yml` | Ansible apply | `nginx -t`、backup、reload handler |
|
||
| 回滾 SOP | `docs/runbooks/disaster-recovery/DR-Nginx.md` | Runbook | 語法錯誤、Git rollback、188 失效接管 |
|
||
|
||
### 2.2 必要 gate
|
||
|
||
| 階段 | 必要資料 | 未滿足時 |
|
||
|------|----------|----------|
|
||
| 變更前 | owner role / team、affected domains、affected paths、upstream、TLS / ACME 影響、rollback owner、maintenance window | 不可 reload,不可部署 |
|
||
| diff | repo diff、rendered diff、live drift evidence refs | 只可進入 owner review |
|
||
| preflight | `nginx -t`、port conflict check、certificate path check | 不可 reload |
|
||
| post-check | public route smoke、API / WebSocket smoke、admin route smoke、ACME path smoke、錯誤率觀察 | 不可宣稱完成 |
|
||
| rollback | 前一份 live backup、Git revert ref、rollback owner、停止條件 | 不可進 production window |
|
||
|
||
### 2.3 Drift 原則
|
||
|
||
1. 偵測到 live Nginx 與 repo template 不一致時,只建立 evidence,不自動覆寫 live。
|
||
2. drift 必須標記受影響 domain、upstream、TLS、admin route、ACME path 與風險等級。
|
||
3. 若 drift 是緊急手改,需補 break-glass owner response、時間、原因、回滾條件與後續 source-of-truth patch。
|
||
4. 若 drift 是未授權變更,列為 P0 config drift,不得等到下一次部署才處理。
|
||
5. IwoooS UI 可顯示 drift,但不能因此提高 runtime gate。
|
||
|
||
## 3. 需要優先納管的配置總清單
|
||
|
||
| 優先 | 配置 | 代表 repo 路徑 | live / owner 來源 | 必要控管 |
|
||
|------|------|----------------|-------------------|----------|
|
||
| P0 | Nginx public gateway | `infra/ansible/roles/nginx/templates/*.j2`、`infra/ansible/playbooks/nginx-sync.yml`、`ops/nginx/*` | 188 / 110 live Nginx | source-of-truth、drift detector、owner gate、`nginx -t`、route smoke、rollback |
|
||
| P0 | DNS / TLS / certbot | Nginx templates、`docs/runbooks/REGISTRY-CERTBOT-188.md`、TLS alert rules、`docs/security/DOMAIN-TLS-CERTBOT-OWNER-CONFIRMATION-REQUEST.md`、`docs/security/DOMAIN-TLS-CERTBOT-OWNER-RESPONSE-ACCEPTANCE.md` | DNS provider、Let's Encrypt、188 / 110 | domain inventory、cert path、owner coverage metadata、renewal owner、ACME path owner、rollback、validation plan;不得 live probe 或 renew |
|
||
| P0 | K8s production manifests | `k8s/awoooi-prod/*`、`k8s/argocd/awoooi-prod-app.yaml` | ArgoCD / K3s | GitOps diff、ArgoCD health / sync readback、rollback revision、no manual kubectl unless approved |
|
||
| P0 | K8s Secret metadata | `k8s/awoooi-prod/03-secrets.example.yaml`、secret templates、workflow injection | Gitea Secrets / K8s Secret names | secret name parity only、no value collection、rotation owner |
|
||
| P0 | Gitea workflows | `.gitea/workflows/*.yaml` | Gitea Actions | self-hosted runner, secret reference guard, deployment verification, no write action without owner |
|
||
| P0 | Runner / deploy key / webhook / branch protection | `ops/runner/*`、source-control snapshots | Gitea / GitHub owner metadata | labels、key names、webhook names、ruleset metadata only;no token / key value |
|
||
| P0 | Public admin / API route config | Nginx templates、`apps/web/src/lib/config.ts`、`apps/api/src/core/config.py`、`docs/security/PUBLIC-RUNTIME-CONFIG-CHANGE-EVIDENCE-ACCEPTANCE.md`、`docs/security/public-runtime-config-change-evidence-acceptance.snapshot.json` | Product owner + runtime owner | auth boundary、CORS、public URL、admin path smoke、frontend internal IP ban、i18n redaction、raw namespace / repo slug / 內部狀態碼 / 內部協作內容外洩阻擋、desktop / mobile smoke |
|
||
| P0 | Backup / restore credential | `scripts/backup/*`、`k8s/velero/*`、DR runbooks、`docs/security/BACKUP-RESTORE-ESCROW-INVENTORY.md`、`docs/security/BACKUP-RESTORE-OWNER-REQUEST-DRAFT.md` | MinIO / restic / offsite escrow | owner request draft 已固定;credential value absent、restore drill gate、offsite owner、escrow owner、retention policy、rollback owner |
|
||
| P0 | agent-bounty-protocol treasury / MCP / A2A | `docs/security/AGENT-BOUNTY-IWOOOS-ONBOARDING-HANDOFF.md`、`docs/security/AGENT-BOUNTY-OWNER-REQUEST-DRAFT.md` | agent-bounty owner response | owner request draft 已固定;no payout / claim / submit / daemon / webhook until explicit runtime approval |
|
||
| P1 | Prometheus / Alertmanager | `k8s/monitoring/*`、`ops/alertmanager/alertmanager.yml`、`ops/monitoring/*`、`docs/security/MONITORING-ALERTING-OBSERVABILITY-INVENTORY.md`、`docs/security/MONITORING-OWNER-REQUEST-DRAFT.md` | 110 monitoring stack | repo-only 清冊與 owner request draft 已固定;仍缺 rule diff、receiver diff、reload owner、receipt proof 與 live evidence |
|
||
| P1 | Grafana / SigNoz / Sentry / Langfuse | `ops/grafana/*`、`ops/signoz/*`、`ops/sentry-self-hosted/*`、`infra/langfuse/*`、`docs/security/MONITORING-ALERTING-OBSERVABILITY-INVENTORY.md`、`docs/security/MONITORING-OWNER-REQUEST-DRAFT.md` | 110 compose / public gateway | owner request draft 已固定;仍缺 admin secret owner、public route proof、backup owner、smoke plan、upgrade window 與 rollback owner |
|
||
| P1 | Harbor / registry | Nginx templates、backup scripts、CD workflows | 110 Harbor / registry domains | robot account owner、image tag immutability、scan policy、TLS |
|
||
| P1 | PostgreSQL / Redis / MinIO | app config、backup scripts、monitoring config | 188 / 110 / K3s | no plaintext DSN, access boundary, backup, restore, metrics auth |
|
||
| P1 | Docker Compose / systemd | `docker-compose.yml`、`ops/*/docker-compose.yml`、`scripts/reboot-recovery/*.service`、`docs/security/HOST-SERVICE-OWNER-REQUEST-DRAFT.md`、`docs/security/HOST-SERVICE-OWNER-RESPONSE-ACCEPTANCE.md` | 110 / 188 / agent-bounty hosts | live hash metadata、port / volume / env diff、maintenance / restart window、rollback owner、post-check plan、disable switch;不得 restart / apply |
|
||
| P1 | SSH / sudoers / known_hosts | Ansible inventory、ops scripts、runner scripts | host owners | owner request draft 已固定;下一步只收脫敏 live access state、known_hosts / host-key policy、target whitelist 與 rollback owner |
|
||
| P1 | Firewall / WireGuard / NodePort / VIP | K8s service / network policy、Kali / wg-easy docs、`docs/security/PORT-FIREWALL-CHANGE-EVIDENCE-ACCEPTANCE.md` | network owner | owner request draft、owner response acceptance 與 change evidence acceptance 已固定;下一步只收 actor、before / after state、impact、cross-project sync、maintenance window、rollback owner 與 post-check evidence;no unreviewed port exposure |
|
||
| P1 | AI provider / model routing | `apps/api/src/services/ai_providers/*`、`apps/api/src/services/ai_router.py`、`docs/ai/AI-MODEL-CARDS.md`、`docs/security/AI-PROVIDER-OWNER-RESPONSE-ACCEPTANCE.md`、`docs/security/ai-provider-owner-response-acceptance.snapshot.json` | AI owner | owner response acceptance、dry-run、benchmark、cost / privacy review、fallback order、prompt redaction、rollback owner;不得 provider switch、外部呼叫、付費呼叫、prompt send 或 live endpoint probe |
|
||
| P1 | Kali 112 scanner config | `docs/security/KALI-112-MAINTENANCE-WINDOW-DRAFT.md`、Kali snapshots | Kali owner | maintenance window、no active scan、no `/execute`、hardening dry-run |
|
||
| P2 | AWOOOI / AwoooP / IwoooS frontend runtime config | `apps/web/next.config.js`、`apps/web/src/lib/config.ts`、i18n | web owner | NEXT_PUBLIC public-domain only、no internal transcript, desktop/mobile smoke |
|
||
| P2 | VibeWork product boundary | VibeWork owner docs / future evidence refs | VibeWork owner | independent product boundary、repo / deploy / admin / backup scope |
|
||
| P2 | StockPlatform / Tsenyang / Bitan / VTuber routes | Nginx templates、product runbooks | product owner | domain / admin / API / backup / owner matrix |
|
||
| P2 | Package / supply-chain baselines | `pnpm-lock.yaml`、`package.json`、`pyproject.toml`、`requirements.txt`、Dockerfiles、docker-compose、`docs/security/PACKAGE-SUPPLY-CHAIN-BASELINE.md`、`docs/security/package-supply-chain-baseline.snapshot.json`、`docs/security/PACKAGE-SUPPLY-CHAIN-OWNER-POLICY-GATE.md`、`docs/security/package-supply-chain-owner-policy-gate.snapshot.json` | repo / registry owner | package manager policy、lockfile owner、Python lock policy、requirements pinning policy、Docker digest pinning policy、compose image digest policy、CVE / license / SBOM window、registry owner、rollback owner |
|
||
| P3 | Runbook / endpoint docs / snapshots | `docs/reference/*`、`docs/runbooks/*`、`docs/security/*.snapshot.json` | doc owner | no secret value, stale endpoint flag, owner-reviewed evidence refs |
|
||
|
||
2026-06-14 P0-20 已新增 `docs/security/K8S-ARGOCD-MANIFEST-INVENTORY.md` 與 `docs/security/k8s-argocd-manifest-inventory.snapshot.json`,把 K8s / ArgoCD / Velero / monitoring repo source 固定為 `files=49`、`c0=36`、`yaml=45`、`unique_kinds=20`、`blocked_actions=13` 的只讀清冊。P0-21 再新增 `docs/security/K8S-ARGOCD-OWNER-REQUEST-DRAFT.md` 與 `docs/security/k8s-argocd-owner-request-draft.snapshot.json`,將四個 scan group 轉成 `drafts=4`、`c0=3`、`owner_fields=11` 的 owner request draft。2026-06-15 P0-25 再新增 `docs/security/K8S-ARGOCD-OWNER-RESPONSE-ACCEPTANCE.md` 與 `docs/security/k8s-argocd-owner-response-acceptance.snapshot.json`,固定 `candidates=4`、`c0=3`、`owner_fields=11`、`reviewer_checks=12`、`outcome_lanes=7`、`blocked_actions=18` 的 owner response acceptance 只讀帳本。2026-06-15 再新增 `docs/security/K8S-ARGOCD-CHANGE-EVIDENCE-ACCEPTANCE.md` 與 `docs/security/k8s-argocd-change-evidence-acceptance.snapshot.json`,固定 `candidates=4`、`c0=3`、`write_capable=4`、`required_evidence_fields=18`、`reviewer_checks=18`、`outcome_lanes=8`、`blocked_actions=28` 的 GitOps 變更證據驗收只讀帳本。這些都不是 live cluster read、ArgoCD API read、ArgoCD sync、kubectl action、Helm upgrade、secret collection、manual pod restart、scale workload、RBAC / NetworkPolicy change、restore backup、production write 或 runtime gate。
|
||
|
||
## 4. 新增規範
|
||
|
||
1. 高價值配置必須先分級:C0 / C1 / C2 / C3。
|
||
2. 所有 C0 配置變更必須有 source-of-truth、owner gate、diff、rollback owner 與驗證點。
|
||
3. Nginx live drift 不得自動覆蓋,只能先形成 P0 evidence 與 owner decision。
|
||
4. 文件與 runbook 的範例不得包含可用 token、password、private key、runner token、webhook secret、cookie、authorization header 或 partial credential。
|
||
5. SSH 類工具不得關閉 host key 驗證;短期可用 `accept-new`,長期要升級 pinned known_hosts。
|
||
6. Grafana / Harbor / MinIO / ArgoCD / Gitea / Telegram / AI provider 等管理面密碼只能由 owner secret store 注入。
|
||
7. agent-bounty-protocol、VibeWork 與其他產品的 route / admin / webhook / payout / deploy config 必須放入 IwoooS 控管,但不能混用 AWOOOI runtime approval。
|
||
8. Backup / restore / offsite / escrow / retention 清冊可見只代表需被控管;不得把 runbook 命令、snapshot、AwoooP approval 或 IwoooS UI 當作 backup run、restore drill、rclone sync、remote delete、restic prune、escrow marker write 或 Velero restore 授權。
|
||
9. DNS / TLS / certbot owner response 只能收脫敏 metadata ref、coverage basis、expiry metadata、renewal owner、ACME route owner、maintenance window、rollback owner 與 validation plan;不得因 owner 回覆而自動做 DNS query、live TLS probe、certbot renew、Nginx reload、route smoke、DNS record 變更、certificate path 變更或 ACME route 變更。
|
||
10. Public / admin / API / frontend runtime config 變更必須先通過 affected route、auth boundary、API readback、CORS diff、frontend env diff、i18n redaction、desktop / mobile smoke、sensitive string scan、rollback owner 與 post-check evidence;前台不得顯示 raw owner namespace、repo slug、內部狀態碼、內部協作內容或未脫敏截圖。
|
||
11. 高價值配置控管必須能由 `scripts/security/iwooos-config-control-guard.py` 集中驗證;guard 通過只代表 repo snapshot 基線完整,不代表 owner response、live evidence、reload、restart、workflow / secret / runner 變更、backup / restore、scan、runtime 或 deploy 授權。
|
||
12. Package / Docker 供應鏈修復前必須先通過 owner policy gate;Python lockfile、requirements pinning、Docker digest pinning、compose digest、CVE / license / SBOM 只能先收脫敏 owner metadata,不得因 baseline 或 gate 通過而 install、upgrade、rewrite lockfile、pull / build / push image、登入 registry、修改 workflow、部署或開 runtime gate。
|
||
13. Public Gateway / Nginx 事故後回讀只能收脫敏 evidence ref,不得保存 raw live conf、完整 diff、secret、憑證內容、cookie、token 或未脫敏截圖;不得把 route 200、Nginx active、dashboard up、CD success 或 UI 可見當成事故已驗收。
|
||
|
||
## 5. 需要調整的既有規範
|
||
|
||
| 規範 | 目前狀態 | 調整方向 |
|
||
|------|----------|----------|
|
||
| IwoooS 初期低摩擦 | 原本偏只讀框架 | 保留只讀框架,但 P0 即時危害可先做 source-control 止血 |
|
||
| Nginx DR runbook | 已寫禁止直接手改 live conf | 補 owner-provided live conf、rendered diff、`nginx -t` evidence、route smoke、跨產品通知、post-check |
|
||
| Secrets 管理手冊 | 有 secret 來源與 CD 注入說明 | 去除可用 token 範例,補「metadata only」與 owner secret store |
|
||
| Gitea / GitHub readiness | 已有 repo / workflow / secret name 盤點 | 與高價值配置分級合併,workflow 變更仍需獨立批准 |
|
||
| Deployment verification | 偏重 Pod / health | 加入 Nginx / DNS / TLS / public route / admin route smoke |
|
||
| AI provider governance | 已有 dry-run / benchmark 邊界 | 加入 Nginx Ollama proxy、GCP fallback、成本與資料外送控管 |
|
||
| Frontend i18n / internal IP | 已有 NEXT_PUBLIC 禁令 | 擴大到 public route / Sentry tunnel / admin path / product domain 一起驗證 |
|
||
|
||
## 6. 階段完成度
|
||
|
||
| 工作 | 完成度 | 說明 |
|
||
|------|--------|------|
|
||
| 重要配置範圍盤點 | `100%` | 已建立 C0-C3 分級與總清單 |
|
||
| Nginx 控管機制定義 | `100%` | 已定義 source-of-truth、live path、gate、drift 原則 |
|
||
| source-control P0 止血 | `100%` | 已清掉本波掃到的 token 範例、Grafana 密碼常值與 SSH host key 關閉 |
|
||
| repo-only Nginx drift detector | `100%` | 已新增 `scripts/security/nginx-config-drift-detector.py` 與 repo source-of-truth snapshot |
|
||
| public gateway preflight 清冊 | `100%` | 已新增 `public_gateway_preflight_inventory_v1`,固定 12 個 reload / route change 前置 Gate;成熟度 `78% -> 84%` |
|
||
| Public Gateway / Nginx 事故後回讀計畫 | `100%` | 已新增 `public_gateway_post_incident_readback_plan_v1`,固定 3 份事故後回讀 candidate、2 份 C0、30 個必填欄位、28 個 reviewer checks、10 條 outcome lanes、41 類 blocked action;成熟度 `90% -> 92%`,readback accepted、`nginx -t`、reload、route smoke 與 runtime gate 仍為 `0` |
|
||
| 高價值配置變更分類 Gate | `100%` | 已新增 `scripts/security/high-value-config-change-gate.py`,可用 git diff 或手動檔案分類 C0/C1/C2/C3 並列出 owner / rollback / evidence / 驗證欄位 |
|
||
| DNS / TLS / certbot owner response acceptance | `100%` | 已新增 `domain_tls_certbot_owner_response_acceptance_v1`,4 個 C0 candidate、13 個 owner 必填欄位、13 個 reviewer checks、7 條 outcome lanes、20 類 blocked action;成熟度 `74% -> 78%` |
|
||
| owner response evidence JSON 欄位檢查 | `70%` | Gate 可檢查必要欄位與 false flags;尚未接正式收件 API 或 AwoooP queue |
|
||
| Gate → owner response packet 草案 | `100%` | 已新增 `scripts/security/high-value-config-owner-packet.py`,可將 impacted category 轉成 canonical owner response packet 草案 |
|
||
| canonical owner 欄位對齊 | `100%` | 高價值配置 Gate 已對齊 S4.9 `owner_role_or_team`,並保留 `owner_role_team` 等 alias 支援 |
|
||
| 全域配置覆蓋矩陣 | `100%` | 已新增 `scripts/security/high-value-config-control-coverage.py`、snapshot 與 schema,14 類高價值配置可重跑檢查 |
|
||
| 高價值配置集中 guard | `100%` | 已新增 `scripts/security/iwooos-config-control-guard.py`,並串接 `security-mirror-progress-guard.py`;14 類配置、主要 owner / change evidence 帳本、supply-chain manifest 與 `0 / false` 邊界可集中驗證 |
|
||
| Backup / restore / escrow 清冊 | `100%` | 已新增 `backup_restore_escrow_inventory_v1`,納入 38 個 repo-only surface;成熟度 `52% -> 58%` |
|
||
| Backup / restore / escrow owner response acceptance | `100%` | 已新增並強化 `backup_restore_owner_response_acceptance_v1`,38 個 candidate、27 個 write-capable、22 個 reviewer checks、9 條 outcome lanes、31 類 blocked action;成熟度 `58% -> 64%` |
|
||
| Backup / restore / escrow 事故後回讀計畫 | `100%` | 已新增 `backup_restore_post_incident_readback_plan_v1`,38 個事故回讀 candidate、27 個 write-capable、34 個必填欄位、32 個 reviewer checks、11 條 outcome lanes、51 類 blocked action;成熟度 `64% -> 66%`,readback accepted 與 runtime gate 仍為 `0` |
|
||
| Monitoring / alerting / observability 清冊 | `100%` | 已新增 `monitoring_alerting_observability_inventory_v1`,納入 60 個 repo-only surface;成熟度 `56% -> 62%` |
|
||
| Monitoring / alerting / observability owner request draft | `100%` | 已將 60 個 monitoring surface 轉成 owner request draft;request sent / received / accepted、reload、receiver route change、Telegram send、alert chain smoke 仍為 0 |
|
||
| Monitoring / alerting / observability owner response acceptance | `100%` | 已新增並強化 `monitoring_owner_response_acceptance_v1`,60 個 candidate、11 個 write-capable、23 個 reviewer checks、12 條 outcome lanes、34 類 blocked action;成熟度 `62% -> 68%` |
|
||
| Monitoring / alerting / observability post-incident readback plan | `100%` | 已新增 `monitoring_post_incident_readback_plan_v1`,60 個事故回讀 candidate、11 個 write-capable、30 個必填欄位、28 個 reviewer checks、11 條 outcome lanes、53 類 blocked action;成熟度 `68% -> 70%`,readback accepted、receiver receipt、stale / silence、alert chain health、reload、Telegram send、alert chain smoke 與 runtime gate 仍為 0 |
|
||
| owner packet 前台只讀接入 | `100%` | `/zh-TW/iwooos` 已顯示高價值配置 owner packet 草案、C0/C1 packet 數、request / received / accepted 仍為 0 與禁止執行邊界 |
|
||
| owner response request / received / accepted | `0%` | Packet 只是草案;尚未送件、尚未收件、尚未 reviewer accepted |
|
||
| agent-bounty-protocol owner request draft | `100%` | 已將 repo / refs、deployment、data classification、external agent / treasury 與 7 個 product surface 轉成 11 份 owner request draft;claim / submit、payout、cron / daemon、runtime gate 仍為 0 |
|
||
| Docker / systemd owner request draft | `100%` | 已將 9 個 host service surface 轉成 owner request draft;request sent / received / accepted 仍為 0 |
|
||
| Docker / systemd owner response acceptance | `100%` | 已新增 `host_service_owner_response_acceptance_v1`,9 個 candidate、3 個 write-capable、8 個需 live evidence、21 個 reviewer checks、8 條 outcome lanes、27 類 blocked action;成熟度 `54% -> 58%` |
|
||
| Docker / systemd change evidence acceptance | `100%` | 已新增 `host_service_change_evidence_acceptance_v1`,9 個 candidate、3 個 write-capable、26 個 reviewer checks、10 條 outcome lanes、39 類 blocked action;成熟度 `58% -> 62%` |
|
||
| Docker / systemd 事故後回讀計畫 | `100%` | 已新增 `host_service_post_incident_readback_plan_v1`,9 個 readback candidate、28 個必填欄位、28 個 reviewer checks、10 條 outcome lanes、41 類 blocked action;成熟度 `62% -> 64%`,readback accepted 與 runtime gate 仍為 `0` |
|
||
| SSH / firewall / network owner request draft | `100%` | 已將 16 個 SSH / network access surface 轉成 owner request draft;request sent / received / accepted、port change、firewall change、NetworkPolicy apply、NodePort change、WireGuard change 仍為 0 |
|
||
| SSH / firewall / network owner response acceptance | `100%` | 已新增 `ssh_network_owner_response_acceptance_v1`,16 個 candidate、6 個 write-capable、15 個 reviewer checks、7 條 outcome lanes、22 類 blocked action;成熟度 `54% -> 58%` |
|
||
| 端口 / 防火牆變更證據驗收 | `100%` | 已新增並強化 `port_firewall_change_evidence_acceptance_v1`,14 個 candidate、6 個 write-capable、21 個 reviewer checks、9 條 outcome lanes、28 類 blocked action;成熟度 `58% -> 62%` |
|
||
| SSH / firewall / network 事故後回讀計畫 | `100%` | 已新增 `ssh_network_post_incident_readback_plan_v1`,14 個 readback candidate、24 個必填欄位、24 個 reviewer checks、10 條 outcome lanes、34 類 blocked action;成熟度 `62% -> 64%`,readback accepted 與 runtime gate 仍為 `0` |
|
||
| K8s / ArgoCD GitOps 變更證據驗收 | `100%` | 已新增 `k8s_argocd_change_evidence_acceptance_v1`,4 個 candidate、3 個 C0、4 個 write-capable、18 個 reviewer checks、8 條 outcome lanes、28 類 blocked action;成熟度 `62% -> 64%` |
|
||
| K8s / ArgoCD 事故後回讀計畫 | `100%` | 已新增 `k8s_argocd_post_incident_readback_plan_v1`,4 個 readback candidate、31 個必填欄位、28 個 reviewer checks、10 條 outcome lanes、41 類 blocked action;成熟度 `64% -> 66%`,readback accepted 與 runtime gate 仍為 `0` |
|
||
| Public / Admin / API runtime config 變更證據驗收 | `100%` | 已新增 `public_runtime_config_change_evidence_acceptance_v1` 與 `public_frontend_sensitive_surface_guard_v1`;6 個 candidate、5 個 C0、21 個 reviewer checks、8 條 outcome lanes、32 類 blocked action,另掃 225 個前端檔案、12 類禁字、違規 0;成熟度 `62% -> 66%`;raw namespace / repo slug / 內部狀態碼 / 內部協作內容外洩列為拒收或隔離條件 |
|
||
| Package / Docker supply-chain repo-only baseline | `100%` | 已新增 `package_supply_chain_baseline_v1`,盤點 `package_json=6`、`pyproject=4`、`requirements=2`、`dockerfiles=2`、`compose=6`、`gaps=5`;不 install、不掃 CVE、不改 image、不部署 |
|
||
| Package / Docker supply-chain owner policy gate | `100%` | 已新增 `package_supply_chain_owner_policy_gate_v1`,6 個 owner policy request、2 個 C0、8 個 owner 欄位、12 個 reviewer checks、20 類 blocked action;request_sent / received / accepted / runtime / action 仍為 `0 / false` |
|
||
| Backup / restore / escrow owner request draft | `100%` | 已將 38 個 backup / restore / escrow surface 轉成 owner request draft;request sent / received / accepted、backup run、restore run、offsite sync、remote delete、escrow marker write、retention change 仍為 0 |
|
||
| CI blocking / workflow gate | `0%` | 本階段刻意不修改 `.gitea/workflows`,避免初期資安流程摩擦過大 |
|
||
| owner-provided live Nginx file compare | `70%` | 工具可吃 owner 匯出的 live conf 檔比較;本階段不主動 SSH 取得 |
|
||
| live Nginx evidence collection | `0%` | 尚未 SSH / Ansible check-mode / live hash;需 owner 與維護窗口規則 |
|
||
| live Nginx reload / restart | `0%` | 未授權,未執行 |
|
||
| DNS / TLS live validation | `0%` | 本階段未跑 live probe;若下一階段改前端或 route,需 desktop / mobile / route smoke |
|
||
| cross-product owner response | `0%` | 尚未收到 VibeWork、agent-bounty-protocol、StockPlatform 等 owner acceptance |
|
||
|
||
## 7. 下一階段優先順序
|
||
|
||
1. P0:將 owner response packet 草案接入 AwoooP 只讀狀態,顯示 request / received / accepted 仍為 0。
|
||
2. P0:由 owner 提供脫敏 live Nginx conf 匯出檔,重跑 compare mode;不自動覆寫、不 reload。
|
||
3. P0:向 owner 收 DNS / TLS / certbot 脫敏 coverage metadata ref、expiry metadata ref、renewal owner、ACME route owner、maintenance window、rollback owner 與 validation plan;不做 DNS query、TLS probe、certbot renew 或 reload。
|
||
4. P0:把 workflow / runner / secret name owner response 與高價值配置 C0 gate 串成同一個 IwoooS 狀態。
|
||
5. P0:收 public / admin / API runtime config 的脫敏變更證據,先補 affected route、auth boundary、API readback、CORS diff、frontend env diff、i18n redaction、desktop / mobile smoke、production bundle sensitive scan、rollback owner 與 post-check evidence;source / messages 防洩漏 guard 已固定違規 0,但仍不改 route / CORS / env。
|
||
6. P0:把 agent-bounty-protocol compose / MCP / A2A / treasury 高價值配置欄位接入同一個 owner packet queue;不啟用 runtime。
|
||
7. P1:向 owner 收 110 / 188 Docker Compose 與 systemd 脫敏 live hash metadata、maintenance / restart window、rollback owner、post-check plan、disable switch 與 no-secret-value evidence;不主動 SSH、不重啟、不跑 repair-bot。
|
||
7. P1:向 owner 收 SSH / firewall / WireGuard / NodePort 脫敏 live access state、allowed source CIDR、change / incident ref、actor、before / after state、cross-project sync、maintenance window、rollback owner 與 validation plan;不主動 keyscan、不改 firewall、不開關端口。
|
||
8. P1:向 owner 收 backup / restore / offsite / escrow 非敏感 evidence id、最新備份狀態、freshness SLO、隔離 restore target、依賴圖、資料分級、remote delete guard、retention runway、restore observer / stop condition、restore drill plan、maintenance window、rollback owner 與 validation plan;驗收前 backup run、restore drill、offsite sync、remote delete、escrow marker write、retention change 全部維持 `0 / false`。
|
||
9. P1:把 Prometheus / Alertmanager / Grafana / SigNoz / Sentry / Langfuse owner request draft 接入 AwoooP 只讀狀態;驗收前 reload、receiver route change、silence change、Telegram send 與 alert chain smoke 全部維持 `0 / false`。
|
||
10. P1:補 Kali 112、111、168 維護窗口 owner 欄位,仍不做 upgrade / restart / scan。
|
||
11. P2:持續精簡 `/zh-TW/iwooos` 配置控管摘要,但不得顯示內部工作對話、token、secret 或可執行按鈕。
|
||
|
||
## 8. 邊界
|
||
|
||
本清冊完成不代表 Nginx reload、DNS 修改、TLS renew、ArgoCD sync、kubectl、SSH 主機修改、workflow 修改、runner 啟用、secret rotation、backup run、restore drill、offsite sync、remote delete、restic prune、escrow marker write、Velero restore、active scan、agent-bounty runtime、payout、withdrawal、deploy 或任何 runtime execution 已授權。
|